Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile
...
Fix server1.crt.der in tests/data_files/Makefile
2023-08-21 14:43:07 +00:00
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
...
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
...
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier
...
Fixed x509 certificate generation to conform to RFCs when using ECC key
2023-08-07 19:14:54 +00:00
Agathiyan Bragadeesh
8dc913899d
Fix server1.crt.der in makefile
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-24 10:44:00 +01:00
Andrzej Kurek
34ccd8d0b6
Test x509 csr SAN DN and RFC822 generation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 08:18:43 -04:00
Jerry Yu
4d31022d90
Add missed intermediate file
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:14 +08:00
Jerry Yu
c5b2e284fa
Remove workaround code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:10 +08:00
Jerry Yu
2ef2e78837
Add commands for test_certs.h
...
And update target file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Pengyu Lv
b687c03183
Fix the command for server9-sha*.crt
...
The new command could generate
parse_input/server9-sha*.crt correctly.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
49c56e651d
Add target for parse_input/cert_example_multi_nocn.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
19e949e644
Fix typo and long line format
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
59f392cd4d
upgrade server9-bad-saltlen.crt
...
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core
output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"
subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
-passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
-set_serial 24 -days 3650 \
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
-sigopt rsa_mgf1_md:sha256 -sha256 \
-in server9.csr -out {output_filename}
''',shell=True)
with open(output_filename,'rb') as f:
_,_,der_bytes=pem.unarmor(f.read())
target_certificate=x509.Certificate.load(der_bytes)
with open(tmp_filename,'wb') as f:
f.write(target_certificate['tbs_certificate'].dump())
subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
-sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
shell=True)
with open(tmp1_filename,'rb') as f:
signature_value= core.OctetBitString(f.read())
with open(output_filename,'wb') as f:
target_certificate['signature_value']=signature_value
f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
8c40c573b2
Add server9-bad-{mgfhash,saltlen}.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
b5ac935e44
Add rules to generate server9*.crt
...
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4ca9520582
Update server1-nospace.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0efdfcbfd3
Update v1 crt files
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
e025cb2096
Add rules to generate cert_example_multi_nocn.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
1ca5c0eae9
Add rules to generate server5.[e]ku-*.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
0063599e6f
Add rules to generate server2.ku-*.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
55ee7f8e13
Add rule for server2-badsign.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0f381fd02f
Update test-ca2.ku-*.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
5a1dbf3d6e
Fix the rule for server5-ss-forgeca.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
affc294dfe
Add the rule and update server6-ss-child.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4d69b29076
Update server5-selfsigned.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Andrzej Kurek
78ecf41f22
Change spaces to a tab in a makefile recipe
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-30 08:42:05 -04:00
Andrzej Kurek
03478d2b90
Merge branch 'development' into issue/7816/add-commands-for-files-in-parse_input
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-30 14:38:05 +02:00
Pengyu Lv
18730ddbcf
fix fragile way to refer to server1.req.sha256
...
The original varible $< is fragile especially
when there are multiple rules for the same
target.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-30 00:23:13 +08:00
Pengyu Lv
ab266491f0
Make parse_input targets depend on files in parse_input if possible
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-29 13:06:55 +08:00
Pengyu Lv
7d7c208647
fix the command of server5-sha%.crt
...
This makes the rule could generate
parse_input/server5-sha*.crt correctly.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-29 10:36:44 +08:00
Pengyu Lv
a0350f7304
fix wrong dependency file path
...
This commit is generated by below script
```
for i in `ls parse_input`; do
if [ -f $i ]; then
continue
fi
# Add parse_input/ prefix when $i is a dependency.
sed -i "/:\(.*[^\/]\)$i/,/^$/s/$i/parse_input\/$i/g" Makefile
done
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-29 10:36:34 +08:00
Jerry Yu
dfc2e26ddf
Short too long lines
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 17:05:51 +08:00
Jerry Yu
8ee086dc50
remove parse input only files from all_final
...
script
```
for i in `ls parse_input`
do
if [ -f $i ]
then
continue
fi
sed -i "/^all_final.*$i\$/d" Makefile
done
```
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 17:02:45 +08:00
Jerry Yu
7d2a54c04d
fix wrong dependency file path
...
`test_csr_v3_all.csr.der` has been moved to `parse_input`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 16:57:36 +08:00
Jerry Yu
92d1ec6567
Change path for the files only exits in parse_input
...
This commit is generated by below script
```
for i in `ls parse_input`
do
if [ -f $i ]
then
continue
fi
sed -i "s/^$i:/parse_input\/$i:/g" Makefile
done
```
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 16:53:25 +08:00
Jerry Yu
54e8632ae6
copy command for parse_input/* when it exists in data_files
...
This commit are generate by below script
```
for i in `ls parse_input`
do
if [ -f $i ]
then
sed -i "s/^$i:/parse_input\/$i $i:/g" Makefile
fi
done
```
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 16:40:00 +08:00
Andrzej Kurek
2016fa35cb
Use DER format for x509 SAN tests
...
This way there's no dependency on PEM parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-20 06:14:49 -04:00
Marek Jansta
8bde649c0b
Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate
...
Signed-off-by: Marek Jansta <jansta@2n.cz>
2023-06-19 12:49:27 +02:00
Gilles Peskine
f22983bd1c
Merge pull request #7411 from mprse/extract-key-ids-test
...
Improve tests for parsing x509 SubjectKeyId and AuthorityKeyId
2023-06-14 19:16:29 +02:00
Przemek Stekiel
b3eaf8c2ed
Use predefined serial numer in certificates
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 14:25:21 +02:00
Gilles Peskine
e5e8ba654e
Merge pull request #7666 from mprse/ip_info
...
OPC UA: parsing IP's in SubjectAltNames & printing info
2023-06-08 15:23:21 +02:00
Przemek Stekiel
0b683a9a57
Remove redundant test and add tests: keyid only (without issuer)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
05d5c3e734
Further test improvements
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
64a06e48b3
Add more test cases
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
2c64e90e02
Use RSA keys in generated certificates
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
b1f0b536d7
Add test for invalid KeyIdentifier tag length + adapt error code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
1969f6a453
Test optional fields in authorityKeyId
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
5ff986cb0a
Provide makefile rules to generate cerst for authorityKeyId, subjectKeyId tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Gilles Peskine
a5cd318137
Merge pull request #7670 from lpy4105/issue/fix-wrong-command-for-ec-key-files
...
Fix invalid commands for ec_x{25519,448}_{prv,pub}.{der,pem}
2023-06-06 20:56:52 +02:00
Gilles Peskine
259903b179
Merge pull request #7643 from lpy4105/issue/renew_cert_2024-01-01
...
Updating crt/crl files due to expiry before 2024-01-01
2023-06-06 20:55:23 +02:00