Commit graph

44 commits

Author SHA1 Message Date
Valerio Setti
18b9b035ad test: add test for a full length serial of 0xFF
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:47:57 +01:00
Valerio Setti
856cec45eb test: x509: add more tests for checking certificate serial
- added 2 new certificates: 1 for testing a serial which is full lenght
  and another one for a serial which starts with 0x80

- added also proper Makefile and openssl configuration file to generate
  these 2 new certificates

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
ea19d2db73 changelog: fixed typos
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
aad8dbd38d test: fix tests for x509write_crt_set_serial(_new)
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Manuel Pégourié-Gonnard
edce0b42fb
Merge pull request #6454 from valeriosetti/issue4577
Adding unit test for mbedtls_x509write_csr_set_extension()
2022-11-15 09:39:07 +01:00
Valerio Setti
48e8fc737a Adding unit test for mbedtls_x509write_csr_set_extension()
The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-14 13:32:07 +01:00
Nicholas Wilson
ca841d32db Add test for mbedtls_x509write_crt_set_ext_key_usage, and fix reversed order
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:43 +01:00
Przemek Stekiel
76b753bbb7 Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files
This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled.
So the build should not attempt to enable pem_pbkdf1.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
050819c19e test_suite_x509write: Move MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA dependency for x509_crt_check to .function file
mbedtls_x509write_crt_set_subject_key_identifier() requires MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
d34f8c36b8 x509 tests: adjust dependencies
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Neil Armstrong
6ce6dd9bd7 Add Test generating certificates using an opaque EC key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:32:03 +02:00
Neil Armstrong
98f899c7a5 Test generating certificates using an opaque RSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:31:38 +02:00
Neil Armstrong
9fb9203182 Test generating CSRs using an opaque RSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:31:08 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Mateusz Starzyk
e3c48b4a88 Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Mateusz Starzyk
3352a53475 Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.

check_config is the only module which enforces that SHA512 is
enabled together with SHA384.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Darren Krahn
e560be3ab4 Mark basic constraints critical as appropriate.
Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension
must be marked critical.

Signed-off-by: Darren Krahn <dkrahn@google.com>
2020-09-21 18:25:35 -07:00
Gilles Peskine
049fefff90 Add dependencies on !MBEDTLS_SHA512_NO_SHA384 to x509/ssl unit tests
Add dependencies on !MBEDTLS_SHA512_NO_SHA384 to X.509 and SSL unit
tests that use SHA-384 (identified based on having a description that
contains "SHA384" or "SHA-384").
2020-03-23 17:55:32 +01:00
Ron Eldor
9eeb8611b1 Update certificates to expire in 2029
Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.
2019-07-10 16:46:34 +03:00
Andres Amaya Garcia
412ddf3812 Fix typo in x509write test data 2019-02-28 09:38:03 +00:00
Andres Amaya Garcia
7067f812f8 Add tests for (named) bitstring to suite_asn1write 2019-02-28 09:36:30 +00:00
Andrzej Kurek
4b11407258 Cosmetic changes
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:05:08 -05:00
Andrzej Kurek
5f7bad34bb Add CSR write testing using opaque keys
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:05:08 -05:00
Hanno Becker
418a62242b Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-09-14 07:51:28 +01:00
Manuel Pégourié-Gonnard
e6028c93f5 Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Paul Bakker
8dcb2d7d7e Support escaping of commas in x509_string_to_names() 2014-08-11 11:59:52 +02:00
Manuel Pégourié-Gonnard
ec4d27398a Fix curve dependencies in *keyusage tests 2014-04-29 15:06:41 +02:00
Manuel Pégourié-Gonnard
6c1a73e061 Improve x509xrite_csr testing: extensions, version 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
c5ce83a3b8 Improve x509xrite_csr testing: extensions, ECDSA 2014-04-04 16:33:01 +02:00
Paul Bakker
c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
0237620a78 Fix some dependencies declaration 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4 Add test for x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e Add EC support to x509write_pubkey 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
33250b0461 Add test for x509write_pubkey_pem() 2013-09-12 11:57:01 +02:00
Paul Bakker
2397cf3ede First certificate writing test. Full server1.crt reconstruction 2013-09-08 15:58:15 +02:00
Paul Bakker
48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker
82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
6d6205091b - First tests for x509_write_cert_req() compat with OpenSSL output 2012-02-16 14:09:13 +00:00