From 34ccd8d0b6b6fd23361378c19ac5bb419884fd0f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 7 Jul 2023 06:32:17 -0400 Subject: [PATCH] Test x509 csr SAN DN and RFC822 generation Signed-off-by: Andrzej Kurek --- tests/data_files/Makefile | 3 +- tests/data_files/server1.req.sha256.conf | 17 +++++++++ tests/data_files/server1.req.sha256.ext | 22 ++++++----- tests/suites/test_suite_x509write.function | 44 ++++++++++++++++------ 4 files changed, 62 insertions(+), 24 deletions(-) create mode 100644 tests/data_files/server1.req.sha256.conf diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2ad5c2af61..92c0f0b1da 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1303,8 +1303,7 @@ all_final += server1.req.sha256 server1.req.sha256.ext: server1.key # Generating this with OpenSSL as a comparison point to test we're getting the same result - openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth" -addext "subjectAltName=URI:http://pki.example.com/,IP:127.1.1.0,DNS:example.com" -all_final += server1.req.sha256.ext + openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -config server1.req.sha256.conf parse_input/server1.req.sha384 server1.req.sha384: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 diff --git a/tests/data_files/server1.req.sha256.conf b/tests/data_files/server1.req.sha256.conf new file mode 100644 index 0000000000..0d35818c12 --- /dev/null +++ b/tests/data_files/server1.req.sha256.conf @@ -0,0 +1,17 @@ +req_extensions = req_ext + +[req_ext] +extendedKeyUsage = serverAuth +subjectAltName = @alt_names + +[alt_names] +email = mail@example.com +DNS = example.com +dirName = dirname_sect +IP = 127.0.0.1 +URI = http://pki.example.com + +[dirname_sect] +C=UK +O=Mbed TLS +CN=Mbed TLS directoryName SAN diff --git a/tests/data_files/server1.req.sha256.ext b/tests/data_files/server1.req.sha256.ext index c5ff5c5731..1bb05da96a 100644 --- a/tests/data_files/server1.req.sha256.ext +++ b/tests/data_files/server1.req.sha256.ext @@ -1,18 +1,20 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIC3jCCAcYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +MIIDPzCCAicCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ -DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaBdMFsGCSqGSIb3DQEJDjFO -MEwwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNQYDVR0RBC4wLIYXaHR0cDovL3BraS5l -eGFtcGxlLmNvbS+HBH8BAQCCC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB -AQCGmTIXEUvTqwChkzRtxPIQDDchrMnCXgUrTSxre5nvUOpjVlcIIPGWAwxRovfe -pW6OaGZ/3xD0dRAcOW08sTD6GRUazFrubPA1eZiNC7vYdWV59qm84N5yRR/s8Hm+ -okwI47m7W9C0pfaNXchgFUQBn16TrZxPXklbCpBJ/TFV+1ODY0sJPHYiCFpYI+Jz -YuJmadP2BHucl8wv2RyVHywOmV1sDc74i9igVrBCAh8wu+kqImMtrnkGZDxrnj/L -5P1eDfdqG2cN+s40RnMQMosh3UfqpNV/bTgAqBPP2uluT9L1KpWcjZeuvisOgVTq -XwFI5s34fen2DUVw6MWNfbDK +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaCBvTCBugYJKoZIhvcNAQkO +MYGsMIGpMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGRBgNVHREEgYkwgYaBEG1haWxA +ZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tpEcwRTELMAkGA1UEBhMCVUsxETAPBgNV +BAoMCE1iZWQgVExTMSMwIQYDVQQDDBpNYmVkIFRMUyBkaXJlY3RvcnlOYW1lIFNB +TocEfwAAAYYWaHR0cDovL3BraS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOC +AQEAclrNmmgAoa4ctwyBwD1T8jbyBeuxTf+ifc+MQ6pE7YuYSlanHE5l/CoVlW14 +lR5gA01pWJJ7T8RBvo25OqXbvMFSafeGXpSHOG69A6p/7YULtbPuS6uvtdR0m3t+ +2IacL0q5FsSmPw07RNfVGDFniKVqD8eAuYnhFztk0+uZVYD4xGezUckb2wTbzFpu +lUA/NhoWfCyV44TDR5fy23qNXywEhatDU/3nMmSJpBVy4y7J6BQVCl/fbyuKIOqu +0OVP+FvANSO46twA9+38hI+/nPuVwtbBvg1aLBMbLZ3Egi2uozokYFYL22JYNGJo +XORQgR66Sdrvfhiug+F5xmldCg== -----END CERTIFICATE REQUEST----- diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index ab4a2d0d35..b4073eccb8 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -153,24 +153,44 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_x509_san_list san_ip; mbedtls_x509_san_list san_dns; mbedtls_x509_san_list san_uri; + mbedtls_x509_san_list san_mail; + mbedtls_x509_san_list san_dn; mbedtls_x509_san_list *san_list = NULL; - const char san_ip_name[] = { 0x7f, 0x01, 0x01, 0x00 }; // 127.1.1.0 + mbedtls_asn1_named_data *ext_san_dirname = NULL; + + const char san_ip_name[] = { 0x7f, 0x00, 0x00, 0x01 }; // 127.0.0.1 const char *san_dns_name = "example.com"; - const char *san_uri_name = "http://pki.example.com/"; + const char *san_dn_name = "C=UK,O=Mbed TLS,CN=Mbed TLS directoryName SAN"; + const char *san_mail_name = "mail@example.com"; + const char *san_uri_name = "http://pki.example.com"; + + san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; + san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; + san_mail.node.san.unstructured_name.len = strlen(san_mail_name); + san_mail.next = NULL; + + san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; + san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; + san_dns.node.san.unstructured_name.len = strlen(san_dns_name); + san_dns.next = &san_mail; + + san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; + TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, + san_dn_name) == 0); + san_dn.node.san.directory_name = *ext_san_dirname; + san_dn.next = &san_dns; + + san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; + san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; + san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); + san_ip.next = &san_dn; san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; san_uri.node.san.unstructured_name.len = strlen(san_uri_name); - san_uri.next = NULL; - san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; - san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); - san_ip.next = &san_uri; - san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; - san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; - san_dns.node.san.unstructured_name.len = strlen(san_dns_name); - san_dns.next = &san_ip; - san_list = &san_dns; + san_uri.next = &san_ip; + + san_list = &san_uri; memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));