mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 05:18:10 +00:00
Extend tests/data_files/Makefile to include CRT's for CRT write test
This commit is contained in:
parent
6c13d37961
commit
418a62242b
12 changed files with 265 additions and 13 deletions
|
@ -12,6 +12,7 @@
|
||||||
|
|
||||||
## Tools
|
## Tools
|
||||||
OPENSSL ?= openssl
|
OPENSSL ?= openssl
|
||||||
|
MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
|
||||||
|
|
||||||
## Build the generated test data. Note that since the final outputs
|
## Build the generated test data. Note that since the final outputs
|
||||||
## are committed to the repository, this target should do nothing on a
|
## are committed to the repository, this target should do nothing on a
|
||||||
|
@ -30,6 +31,7 @@ all_final := # files used by tests
|
||||||
#### Generate certificates from existing keys
|
#### Generate certificates from existing keys
|
||||||
################################################################
|
################################################################
|
||||||
|
|
||||||
|
test_ca_crt = test-ca.crt
|
||||||
test_ca_key_file_rsa = test-ca.key
|
test_ca_key_file_rsa = test-ca.key
|
||||||
test_ca_pwd_rsa = PolarSSLTest
|
test_ca_pwd_rsa = PolarSSLTest
|
||||||
test_ca_config_file = test-ca.opensslconf
|
test_ca_config_file = test-ca.opensslconf
|
||||||
|
@ -64,7 +66,77 @@ server2-sha256.crt: server2-rsa.csr
|
||||||
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
|
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
|
||||||
all_final += server2-sha256.crt
|
all_final += server2-sha256.crt
|
||||||
|
|
||||||
|
### Generate certificates for CRT write check tests
|
||||||
|
### The test files use the Mbed TLS generated certificates server1*.crt,
|
||||||
|
### but for comparison with OpenSSL also rules for OpenSSL-generated
|
||||||
|
### certificates server1*.crt.openssl are offered.
|
||||||
|
###
|
||||||
|
### Known differences:
|
||||||
|
### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
|
||||||
|
### as unused bits, while Mbed TLS doesn't.
|
||||||
|
|
||||||
|
test_ca_server1_db = test-ca.server1.db
|
||||||
|
test_ca_server1_serial = test-ca.server1.serial
|
||||||
|
test_ca_server1_config_file = test-ca.server1.opensslconf
|
||||||
|
|
||||||
|
server1.csr: server1.key server1_csr.opensslconf
|
||||||
|
$(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
|
||||||
|
all_final += server1.csr
|
||||||
|
|
||||||
|
server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
||||||
|
server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
|
||||||
|
server1.der: server1.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.crt server1.noauthid.crt server1.der
|
||||||
|
|
||||||
|
server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
|
||||||
|
server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
|
||||||
|
server1.key_usage.der: server1.key_usage.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
|
||||||
|
|
||||||
|
server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
|
||||||
|
server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
|
||||||
|
server1.cert_type.der: server1.cert_type.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
|
||||||
|
|
||||||
|
server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
|
||||||
|
server1.v1.der: server1.v1.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.v1.crt server1.v1.der
|
||||||
|
|
||||||
|
# OpenSSL-generated certificates for comparison
|
||||||
|
# Also provide certificates to DER format to allow
|
||||||
|
# direct binary comparison using e.g. dumpasn1
|
||||||
|
server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
||||||
|
echo "01" > $(test_ca_server1_serial)
|
||||||
|
rm -f $(test_ca_server1_db)
|
||||||
|
touch $(test_ca_server1_db)
|
||||||
|
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
|
||||||
|
server1.der.openssl: server1.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
server1.key_usage.der.openssl: server1.key_usage.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
server1.cert_type.der.openssl: server1.cert_type.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
|
||||||
|
server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
||||||
|
echo "01" > $(test_ca_server1_serial)
|
||||||
|
rm -f $(test_ca_server1_db)
|
||||||
|
touch $(test_ca_server1_db)
|
||||||
|
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
|
||||||
|
server1.v1.der.openssl: server1.v1.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
|
||||||
|
server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
|
||||||
|
|
||||||
################################################################
|
################################################################
|
||||||
#### Meta targets
|
#### Meta targets
|
||||||
|
@ -73,7 +145,7 @@ all_final += server2-sha256.crt
|
||||||
all_final: $(all_final)
|
all_final: $(all_final)
|
||||||
all: $(all_intermediate) $(all_final)
|
all: $(all_intermediate) $(all_final)
|
||||||
|
|
||||||
.PHONY: default all_final all
|
.PHONY: default all_final all server1_all
|
||||||
|
|
||||||
# These files should not be committed to the repository.
|
# These files should not be committed to the repository.
|
||||||
list_intermediate:
|
list_intermediate:
|
||||||
|
|
5
tests/data_files/server1.cert_type.crt.openssl.v3_ext
Normal file
5
tests/data_files/server1.cert_type.crt.openssl.v3_ext
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
[v3_ext]
|
||||||
|
basicConstraints = CA:false
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid
|
||||||
|
nsCertType=server
|
20
tests/data_files/server1.cert_type_noauthid.crt
Normal file
20
tests/data_files/server1.cert_type_noauthid.crt
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||||
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||||
|
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||||
|
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||||
|
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||||
|
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||||
|
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||||
|
oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
|
||||||
|
BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz
|
||||||
|
mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9
|
||||||
|
FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy
|
||||||
|
prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv
|
||||||
|
9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS
|
||||||
|
HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x
|
||||||
|
jz0b2l4=
|
||||||
|
-----END CERTIFICATE-----
|
4
tests/data_files/server1.crt.openssl.v3_ext
Normal file
4
tests/data_files/server1.crt.openssl.v3_ext
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
[v3_ext]
|
||||||
|
basicConstraints = CA:false
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid
|
16
tests/data_files/server1.csr
Normal file
16
tests/data_files/server1.csr
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN CERTIFICATE REQUEST-----
|
||||||
|
MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
|
||||||
|
GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||||
|
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
|
||||||
|
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
|
||||||
|
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
|
||||||
|
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
|
||||||
|
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
|
||||||
|
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
|
||||||
|
A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb
|
||||||
|
+OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr
|
||||||
|
eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19
|
||||||
|
3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm
|
||||||
|
TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF
|
||||||
|
ox+ATHKxQ/XpRQP+2OTb9sw1kM59
|
||||||
|
-----END CERTIFICATE REQUEST-----
|
5
tests/data_files/server1.key_usage.crt.openssl.v3_ext
Normal file
5
tests/data_files/server1.key_usage.crt.openssl.v3_ext
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
[v3_ext]
|
||||||
|
basicConstraints = CA:false
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid
|
||||||
|
keyUsage=critical, digitalSignature, nonRepudiation, keyEncipherment
|
20
tests/data_files/server1.key_usage_noauthid.crt
Normal file
20
tests/data_files/server1.key_usage_noauthid.crt
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||||
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||||
|
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||||
|
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||||
|
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||||
|
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||||
|
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||||
|
ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
|
||||||
|
BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43
|
||||||
|
shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+
|
||||||
|
3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg
|
||||||
|
q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o
|
||||||
|
37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ
|
||||||
|
VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF
|
||||||
|
JTo=
|
||||||
|
-----END CERTIFICATE-----
|
19
tests/data_files/server1.noauthid.crt
Normal file
19
tests/data_files/server1.noauthid.crt
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||||
|
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||||
|
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||||
|
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||||
|
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||||
|
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||||
|
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||||
|
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||||
|
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||||
|
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||||
|
oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN
|
||||||
|
BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5
|
||||||
|
UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH
|
||||||
|
5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d
|
||||||
|
avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm
|
||||||
|
q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs
|
||||||
|
1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg==
|
||||||
|
-----END CERTIFICATE-----
|
10
tests/data_files/server1_csr.opensslconf
Normal file
10
tests/data_files/server1_csr.opensslconf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[ req ]
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
prompt = no
|
||||||
|
# Restrict to non-UTF8 PrintableStrings.
|
||||||
|
string_mask = nombstr
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
C = NL
|
||||||
|
O = PolarSSL
|
||||||
|
CN = PolarSSL Server 1
|
18
tests/data_files/test-ca.server1.opensslconf
Normal file
18
tests/data_files/test-ca.server1.opensslconf
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
[ ca ]
|
||||||
|
default_ca = test-ca
|
||||||
|
|
||||||
|
[ test-ca ]
|
||||||
|
certificate = test-ca.crt
|
||||||
|
private_key = test-ca.key
|
||||||
|
serial = test-ca.server1.serial
|
||||||
|
default_md = sha1
|
||||||
|
default_startdate = 110212144406Z
|
||||||
|
default_enddate = 210212144406Z
|
||||||
|
new_certs_dir = ./
|
||||||
|
database = ./test-ca.server1.db
|
||||||
|
policy = policy_match
|
||||||
|
|
||||||
|
[policy_match]
|
||||||
|
countryName = supplied
|
||||||
|
organizationName = supplied
|
||||||
|
commonName = supplied
|
|
@ -44,19 +44,35 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS
|
||||||
|
|
||||||
Certificate write check Server1 SHA1
|
Certificate write check Server1 SHA1
|
||||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:-1:"data_files/server1.crt"
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
|
||||||
|
|
||||||
Certificate write check Server1 SHA1, key_usage
|
Certificate write check Server1 SHA1, key_usage
|
||||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
|
||||||
|
|
||||||
Certificate write check Server1 SHA1, ns_cert_type
|
Certificate write check Server1 SHA1, ns_cert_type
|
||||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
|
||||||
|
|
||||||
Certificate write check Server1 SHA1, version 1
|
Certificate write check Server1 SHA1, version 1
|
||||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt"
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
|
||||||
|
|
||||||
|
Certificate write check Server1 SHA1, RSA_ALT
|
||||||
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1
|
||||||
|
|
||||||
|
Certificate write check Server1 SHA1, RSA_ALT, key_usage
|
||||||
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
|
||||||
|
|
||||||
|
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
|
||||||
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1
|
||||||
|
|
||||||
|
Certificate write check Server1 SHA1, RSA_ALT, version 1
|
||||||
|
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||||
|
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
|
||||||
|
|
||||||
X509 String to Names #1
|
X509 String to Names #1
|
||||||
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
|
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
|
||||||
|
|
|
@ -3,6 +3,30 @@
|
||||||
#include "mbedtls/x509_csr.h"
|
#include "mbedtls/x509_csr.h"
|
||||||
#include "mbedtls/pem.h"
|
#include "mbedtls/pem.h"
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
|
#include "mbedtls/rsa.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_RSA_C)
|
||||||
|
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
|
||||||
|
const unsigned char *input, unsigned char *output,
|
||||||
|
size_t output_max_len )
|
||||||
|
{
|
||||||
|
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
|
||||||
|
input, output, output_max_len ) );
|
||||||
|
}
|
||||||
|
int mbedtls_rsa_sign_func( void *ctx,
|
||||||
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||||
|
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
|
||||||
|
const unsigned char *hash, unsigned char *sig )
|
||||||
|
{
|
||||||
|
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
|
||||||
|
md_alg, hashlen, hash, sig ) );
|
||||||
|
}
|
||||||
|
size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||||
|
{
|
||||||
|
return( ((const mbedtls_rsa_context *) ctx)->len );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
/* END_HEADER */
|
/* END_HEADER */
|
||||||
|
|
||||||
/* BEGIN_DEPENDENCIES
|
/* BEGIN_DEPENDENCIES
|
||||||
|
@ -75,10 +99,12 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
||||||
char *subject_name, char *issuer_key_file,
|
char *subject_name, char *issuer_key_file,
|
||||||
char *issuer_pwd, char *issuer_name,
|
char *issuer_pwd, char *issuer_name,
|
||||||
char *serial_str, char *not_before, char *not_after,
|
char *serial_str, char *not_before, char *not_after,
|
||||||
int md_type, int key_usage, int cert_type, int ver,
|
int md_type, int key_usage, int cert_type, int auth_ident,
|
||||||
char *cert_check_file )
|
int ver, char *cert_check_file, int rsa_alt )
|
||||||
{
|
{
|
||||||
mbedtls_pk_context subject_key, issuer_key;
|
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
|
||||||
|
mbedtls_pk_context *key = &issuer_key;
|
||||||
|
|
||||||
mbedtls_x509write_cert crt;
|
mbedtls_x509write_cert crt;
|
||||||
unsigned char buf[4096];
|
unsigned char buf[4096];
|
||||||
unsigned char check_buf[5000];
|
unsigned char check_buf[5000];
|
||||||
|
@ -91,18 +117,36 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
||||||
|
|
||||||
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
|
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
|
||||||
mbedtls_mpi_init( &serial );
|
mbedtls_mpi_init( &serial );
|
||||||
|
|
||||||
mbedtls_pk_init( &subject_key );
|
mbedtls_pk_init( &subject_key );
|
||||||
mbedtls_pk_init( &issuer_key );
|
mbedtls_pk_init( &issuer_key );
|
||||||
|
mbedtls_pk_init( &issuer_key_alt );
|
||||||
|
|
||||||
|
mbedtls_x509write_crt_init( &crt );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
|
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
|
||||||
subject_pwd ) == 0 );
|
subject_pwd ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
|
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
|
||||||
issuer_pwd ) == 0 );
|
issuer_pwd ) == 0 );
|
||||||
|
|
||||||
|
/* For RSA PK contexts, create a copy as an alternative RSA context. */
|
||||||
|
if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
|
||||||
|
{
|
||||||
|
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
|
||||||
|
mbedtls_pk_rsa( issuer_key ),
|
||||||
|
mbedtls_rsa_decrypt_func,
|
||||||
|
mbedtls_rsa_sign_func,
|
||||||
|
mbedtls_rsa_key_len_func ) == 0 );
|
||||||
|
|
||||||
|
key = &issuer_key_alt;
|
||||||
|
}
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
|
TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
|
||||||
|
|
||||||
mbedtls_x509write_crt_init( &crt );
|
|
||||||
if( ver != -1 )
|
if( ver != -1 )
|
||||||
mbedtls_x509write_crt_set_version( &crt, ver );
|
mbedtls_x509write_crt_set_version( &crt, ver );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
|
TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
|
TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
|
||||||
not_after ) == 0 );
|
not_after ) == 0 );
|
||||||
|
@ -110,13 +154,15 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
|
TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
|
TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
|
||||||
mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
|
mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
|
||||||
mbedtls_x509write_crt_set_issuer_key( &crt, &issuer_key );
|
|
||||||
|
mbedtls_x509write_crt_set_issuer_key( &crt, key );
|
||||||
|
|
||||||
if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
|
if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
|
||||||
{
|
{
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
|
TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
|
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
|
if( auth_ident )
|
||||||
|
TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
|
||||||
if( key_usage != 0 )
|
if( key_usage != 0 )
|
||||||
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
|
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
|
||||||
if( cert_type != 0 )
|
if( cert_type != 0 )
|
||||||
|
@ -151,8 +197,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_x509write_crt_free( &crt );
|
mbedtls_x509write_crt_free( &crt );
|
||||||
mbedtls_pk_free( &issuer_key );
|
mbedtls_pk_free( &issuer_key_alt );
|
||||||
mbedtls_pk_free( &subject_key );
|
mbedtls_pk_free( &subject_key );
|
||||||
|
mbedtls_pk_free( &issuer_key );
|
||||||
mbedtls_mpi_free( &serial );
|
mbedtls_mpi_free( &serial );
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
Loading…
Reference in a new issue