Commit graph

208 commits

Author SHA1 Message Date
Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile
Fix server1.crt.der in tests/data_files/Makefile
2023-08-21 14:43:07 +00:00
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier
Fixed x509 certificate generation to conform to RFCs when using ECC key
2023-08-07 19:14:54 +00:00
Agathiyan Bragadeesh
8dc913899d Fix server1.crt.der in makefile
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-24 10:44:00 +01:00
Andrzej Kurek
34ccd8d0b6 Test x509 csr SAN DN and RFC822 generation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 08:18:43 -04:00
Jerry Yu
4d31022d90 Add missed intermediate file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:14 +08:00
Jerry Yu
c5b2e284fa Remove workaround code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:10 +08:00
Jerry Yu
2ef2e78837 Add commands for test_certs.h
And update target file

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Pengyu Lv
b687c03183 Fix the command for server9-sha*.crt
The new command could generate
parse_input/server9-sha*.crt correctly.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
49c56e651d Add target for parse_input/cert_example_multi_nocn.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
19e949e644 Fix typo and long line format
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
59f392cd4d upgrade server9-bad-saltlen.crt
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
8c40c573b2 Add server9-bad-{mgfhash,saltlen}.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
b5ac935e44 Add rules to generate server9*.crt
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4ca9520582 Update server1-nospace.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0efdfcbfd3 Update v1 crt files
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
e025cb2096 Add rules to generate cert_example_multi_nocn.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
1ca5c0eae9 Add rules to generate server5.[e]ku-*.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
0063599e6f Add rules to generate server2.ku-*.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
55ee7f8e13 Add rule for server2-badsign.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0f381fd02f Update test-ca2.ku-*.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
5a1dbf3d6e Fix the rule for server5-ss-forgeca.crt
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
affc294dfe Add the rule and update server6-ss-child.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4d69b29076 Update server5-selfsigned.crt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Andrzej Kurek
78ecf41f22 Change spaces to a tab in a makefile recipe
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-30 08:42:05 -04:00
Andrzej Kurek
03478d2b90
Merge branch 'development' into issue/7816/add-commands-for-files-in-parse_input
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-30 14:38:05 +02:00
Pengyu Lv
18730ddbcf fix fragile way to refer to server1.req.sha256
The original varible $< is fragile especially
when there are multiple rules for the same
target.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-30 00:23:13 +08:00
Pengyu Lv
ab266491f0 Make parse_input targets depend on files in parse_input if possible
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-29 13:06:55 +08:00
Pengyu Lv
7d7c208647 fix the command of server5-sha%.crt
This makes the rule could generate
parse_input/server5-sha*.crt correctly.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-29 10:36:44 +08:00
Pengyu Lv
a0350f7304 fix wrong dependency file path
This commit is generated by below script
```
for i in `ls parse_input`; do
    if [ -f $i ]; then
        continue
    fi
    # Add parse_input/ prefix when $i is a dependency.
    sed -i "/:\(.*[^\/]\)$i/,/^$/s/$i/parse_input\/$i/g" Makefile
done
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-06-29 10:36:34 +08:00
Jerry Yu
dfc2e26ddf Short too long lines
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 17:05:51 +08:00
Jerry Yu
8ee086dc50 remove parse input only files from all_final
script
```
for i in `ls parse_input`
do
    if [ -f $i ]
    then
        continue
    fi
    sed -i "/^all_final.*$i\$/d" Makefile
done
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 17:02:45 +08:00
Jerry Yu
7d2a54c04d fix wrong dependency file path
`test_csr_v3_all.csr.der` has been moved to `parse_input`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 16:57:36 +08:00
Jerry Yu
92d1ec6567 Change path for the files only exits in parse_input
This commit is generated by below script
```
for i in `ls parse_input`
do
    if [ -f $i ]
    then
        continue
    fi
    sed -i "s/^$i:/parse_input\/$i:/g" Makefile
done
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 16:53:25 +08:00
Jerry Yu
54e8632ae6 copy command for parse_input/* when it exists in data_files
This commit are generate by below script
```
for i in `ls parse_input`
do
    if [ -f $i ]
    then
        sed -i "s/^$i:/parse_input\/$i $i:/g" Makefile
    fi
done
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-06-27 16:40:00 +08:00
Andrzej Kurek
2016fa35cb Use DER format for x509 SAN tests
This way there's no dependency on PEM parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-20 06:14:49 -04:00
Marek Jansta
8bde649c0b Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate
Signed-off-by: Marek Jansta <jansta@2n.cz>
2023-06-19 12:49:27 +02:00
Gilles Peskine
f22983bd1c
Merge pull request #7411 from mprse/extract-key-ids-test
Improve tests for parsing x509 SubjectKeyId and AuthorityKeyId
2023-06-14 19:16:29 +02:00
Przemek Stekiel
b3eaf8c2ed Use predefined serial numer in certificates
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 14:25:21 +02:00
Gilles Peskine
e5e8ba654e
Merge pull request #7666 from mprse/ip_info
OPC UA: parsing IP's in SubjectAltNames & printing info
2023-06-08 15:23:21 +02:00
Przemek Stekiel
0b683a9a57 Remove redundant test and add tests: keyid only (without issuer)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
05d5c3e734 Further test improvements
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
64a06e48b3 Add more test cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
2c64e90e02 Use RSA keys in generated certificates
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
b1f0b536d7 Add test for invalid KeyIdentifier tag length + adapt error code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
1969f6a453 Test optional fields in authorityKeyId
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Przemek Stekiel
5ff986cb0a Provide makefile rules to generate cerst for authorityKeyId, subjectKeyId tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-07 09:01:29 +02:00
Gilles Peskine
a5cd318137
Merge pull request #7670 from lpy4105/issue/fix-wrong-command-for-ec-key-files
Fix invalid commands for ec_x{25519,448}_{prv,pub}.{der,pem}
2023-06-06 20:56:52 +02:00
Gilles Peskine
259903b179
Merge pull request #7643 from lpy4105/issue/renew_cert_2024-01-01
Updating crt/crl files due to expiry before 2024-01-01
2023-06-06 20:55:23 +02:00