Move to DER certificates for new x509 tests

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-04-10 06:44:28 +00:00 · 2023-02-14 05:52:49 -05:00 · 2023-02-14 05:52:49 -05:00 · 570a0f808b
commit 570a0f808b
parent 3e8f65a7e2
8 changed files with 66 additions and 53 deletions
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@ -336,6 +336,12 @@ server5-tricky-ip-san.crt: server5.key
 	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
 all_final += server5-tricky-ip-san.crt

+rsa_single_san_uri.crt.der: rsa_single_san_uri.key
+	$(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
+
+rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key
+	$(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
+
 server10-badsign.crt: server10.crt
 	{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
 all_final += server10-badsign.crt
@ -365,12 +371,6 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
 	$(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
 all_final += rsa_pkcs8_2048_public.der

-rsa_single_san_uri.crt: rsa_single_san_uri.key
-	$(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
-
-rsa_multiple_san_uri.crt: rsa_multiple_san_uri.key
-	$(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
-
 ################################################################
 #### Generate various RSA keys
 ################################################################
--- a/tests/data_files/rsa_multiple_san_uri.crt
+++ b/tests/data_files/rsa_multiple_san_uri.crt
@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDtjCCAp6gAwIBAgIULxROma15QuBZpLSG3KZTtcrOX0AwDQYJKoZIhvcNAQEL
-BQAwOzELMAkGA1UEBhMCVUsxETAPBgNVBAoMCE1iZWQgVExTMRkwFwYDVQQDDBBN
-YmVkIFRMUyBVUkkgU0FOMB4XDTIyMTIyODA4Mzc0NloXDTQyMTIyMzA4Mzc0Nlow
-OzELMAkGA1UEBhMCVUsxETAPBgNVBAoMCE1iZWQgVExTMRkwFwYDVQQDDBBNYmVk
-IFRMUyBVUkkgU0FOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3poS
-TQijviHqJNAdKXN0FJMfgLsP9JZuLJczG0MAQsLaB6jHEdH/mrL3Q/1qZv6I6+5E
-O5mN0fe8V9THT+OzAaxg8SwWvbog94iReK4OvNqbHEHSKZ0Ej2UHsAYBc/y/xzvJ
-UD5QcbjF4g6udumddqA4/MqOSM9KUDufD6rbGhTW2zW8Z/teFW6Y7ucIcyYbS10E
-T+P00ZoQbXGSzdddMy/sF+1YxsENniKUQhooIpNxX/lSCHe/CHMFfaj9HPyJE3ke
-4rZtUAK1rfSmltfbRl7XQdaB1HLQA/oP+sPWp231mp9jhO2DEMYmHQcRREl/0Zrg
-6RKyyIWJabtaF0pPCQIDAQABo4GxMIGuMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg
-MHUGA1UdEQRuMGyGNHVybjpleGFtcGxlLmNvbTo1ZmY0MGY3OC05MjEwLTQ5NGYt
-ODIwNi1jMmMwODJmMDYwOWOGNHVybjpleGFtcGxlLmNvbTo1ZmY0MGY3OC05MjEw
-LTQ5NGYtODIwNi1hYmNkZTEyMzQ1NjcwHQYDVR0OBBYEFKmGzddKZIFyozb1WrKj
-2GXUOg3WMA0GCSqGSIb3DQEBCwUAA4IBAQAV3+vEBnTFcvxSnMSQmNXuSWPaomed
-eoT7p5mbdKBiHGv/XoAaAF/WJUGz3dLKtfg0fPOIDPI/Diuyx2eaVHHzPYRW++W0
-wdx1VyAEfTnPexutol5hYMaSonr6wp6V509utwfXAYm8iMMAcHOpljgiGznY5DoB
-5qykEAt1Y9jsjhf1Ih/7Q6rVc3I+w8AG5nrJ56MZQBjdOa6xV+8++RJwzuhiSb8E
-iDEccpYkfrOOsMl5UZIsSm2BtWp4CRSigWgmN+LSpIfm/zYVYoQYrkjdWx3YhGVB
-+xWW1Q/UQhQYtJ8vw9xw/vYWTVWaQDdA22d9XNxLakzwhPDX1OOCJJNy
-----END CERTIFICATE-----
--- a/tests/data_files/rsa_multiple_san_uri.crt.der
+++ b/tests/data_files/rsa_multiple_san_uri.crt.der
--- a/tests/data_files/rsa_multiple_san_uri.key
+++ b/tests/data_files/rsa_multiple_san_uri.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxc5q8z8XR6vH2
+1Ko29Mk3dOKpSOrX9Tb5HtmCQMoKIxnTUQrNkVeOQtiQt6XZo05cbA6Z87kWDgGJ
+P/5Lxofrx13Rp1xZzZ+0AAPfvUCY5tzZwmicQWvu9st6JwTyaLTCzSt0cPTUs5Hi
+hJt9RzSW6GTk5ANjjgoewOMhwh5f84JRURJ2INZjz4namBGe/9f14ZHxKWuxl5in
+z582rSEhLXrPLbaKjT3Jphff51xsusC+pP0xNqkAcrGJ+/Jk0Vk6ClRCd40ZcTB
+4SkOqsZ8/uGWnradkrN74PoMMnSKKOuxlsVMPfzMkrlMbuazO4nK/osTAnoSqMUv
+COBdXkTtAgMBAAECggEANVlTIQa6K3UeD546GlGXmQOcDVbtu8VuJJFgxScjVs7c
+uco4nDrg/tUb9M4xn2/YZDLcZO6AK6BEV/YURsXGIV2L2DcfraQDKoOCpqZoIE/v
+/8vR1YBZqbsqy2ulshdGmPZD5Tr8cGIYLui9MnnQ1rnBc4sVdb3DTyGgZ4rLxP6X
+0BoHw+LQA0wwSbE/NW71qmeDSEDkSkUQISVg6Rp06U0PZaJAWtYoBNKGAsDGAhjc
+vVTXE5B9d+3yOM0InCWFsM/bUvaUv/yxxTcZnVq9Lji3KwDhy63F99pUaFnV6Rf2
+3CKO3VHegWSwMcnYaBbufDqWPHuEDSlZ0nRhrbrKRQKBgQD6dQd0xPHfxIz5l+AC
+1kPHIsUKPEirrJKTVHlxQwT0yVpD+yUkF95HY6NgHVHKnRP9qicqr3raIfA01VQc
+y+lhXo6xUAqYsKvB9m4njERFWMTCVSVU30Klhic/s4R/1abKlvkax1SiQFIRStqC
+onsZ0M1Isw69/I8Yha3mzv/gvwKBgQC1YPXnd5dZmdbe0UibBWjU5X6AQGt+oxL+
+6EP3EfuRmYI3i3r2bdbB3ELd95f8tgV0UagmjQfFoigBsuRfbhrQEPSHMBWYpAV
+TZKxUvmpJXwLEgxcPv7VTTvxw0qL1u1s/dX6WBfEOUgVzPgcp+IJGEr1MZekTqt
+P65coDpZUwKBgAmrLuiBGd1Lly2jgVBauS8c1oJ4pU2LUfVCE5Ydwjk49LUfIuXr
+zfbvj8UMHLY3rifiw7RQJev5124StjaOYKoTnmqV7nLKjzbjroj0T0ZmEOJ3qwNF
+wyrkrOs2oOzWcKPthBxWiZvh48krHJhicWIjv2kJEI6hC10k+/unDhW9AoGAZyRg
+MeRb+OP2wHaapy0IVCi9Kwl3F2h8oOtOx8ooTWNTGq/dxUTlc6pjqnXbyww5vQ5o
+72NBSHxz7SxwDqhDexnsd0tKRNV/wj8ZlKNlah8l9JH568OoR2BI3iF/ZwHPUSCq
+Ax//YZAl+6IbKgOEnNKzP02cEKLdjy+rY5jqFWkCgYEAmEl4mg1IGoVDM6d3iIPP
+JLz5DghV8kP++99vFrJx07D6e/uhzojR73Ye+fq69Vy0yjGXpaRPwwHfvPzDA1hm
+ir7rJWsbbskR+iTn2yKvIpB1wBI1u0SQ4lnJ1ZIVJPVlh4yA29JvPT7/7/2nQ/s6
+v0N2oKrfaiKc7BjCz3eYW4Q=
+-----END PRIVATE KEY-----
--- a/tests/data_files/rsa_single_san_uri.crt
+++ b/tests/data_files/rsa_single_san_uri.crt
@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDfjCCAmagAwIBAgIUWWuPuKBmp/e7Jt4G3JAjp97z0NkwDQYJKoZIhvcNAQEL
-BQAwOzELMAkGA1UEBhMCVUsxETAPBgNVBAoMCE1iZWQgVExTMRkwFwYDVQQDDBBN
-YmVkIFRMUyBVUkkgU0FOMB4XDTIyMTIyNzE3MDUwMVoXDTQyMTIyMjE3MDUwMVow
-OzELMAkGA1UEBhMCVUsxETAPBgNVBAoMCE1iZWQgVExTMRkwFwYDVQQDDBBNYmVk
-IFRMUyBVUkkgU0FOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigYQ
-brVSGf/AyTscC8GSiXPnl0PpJzwvQe0c2oVhX/GB8F++m9FT4msoc6i50KNmcuCO
-l52w0lY1+XWkm6+FoqeOm5Vfj2fLrsDed2jomI6T5n68QOtbWZNluCbBbDpnAZbo
-QCUwHHjrPSc8h76kxEbX7luPOUaG6cyN/eG+HPY6XLRxDUbqFl9q/WsVkAfm5jO5
-7Oa3j4NfnIbFyuHbQXCmCdBq+4sLW3eKAvp2PyKvB601evOMtmUoX4SrWBTI/rfS
-8Z6DqJN+V2afOameP/JiuQbc8GvKwOYLRKjdH8bJZ3GUdxTdOAvFhxfUxQIo7aup
-nlLGHLdJUPUurV6dywIDAQABo3oweDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DA/
-BgNVHREEODA2hjR1cm46ZXhhbXBsZS5jb206NWZmNDBmNzgtOTIxMC00OTRmLTgy
-MDYtYzJjMDgyZjA2MDljMB0GA1UdDgQWBBSDgDX0Y5xPkSAbqVeJ491MzU9jZDAN
-BgkqhkiG9w0BAQsFAAOCAQEAFYXiBh3La7vmEj3uTpzGvNBMtJdiXK6C5IgRnARI
-5jye0m3AMK9EJEKrE0144PWOKahirxgznCbPPxL86xfC552Wzu2+ARlXBs+XVQnh
-c/IQ7NzCw6Pwtg8hFP0Qhjmp4rMvVjbHH8uPBaefx0wDO80f/VOC3xIPqVHA8U9X
-Q8+dBPcv1iHaZ8gBx+lTZVaRSzAciNkPFRv5X/GAcnhIWQFBJD0XTlH4SgdsW4O6
-0Oqo4qbHPxPf5zx3ZtX0zG13+/wiPAMvZyjemCMtsentiJt0+a5n+9X3b2lhEq58
-yy5d8aax9EXT5TAguKP7kV1sglSlJcIzmKXb4MCdTYfdfg==
-----END CERTIFICATE-----
--- a/tests/data_files/rsa_single_san_uri.crt.der
+++ b/tests/data_files/rsa_single_san_uri.crt.der
--- a/tests/data_files/rsa_single_san_uri.key
+++ b/tests/data_files/rsa_single_san_uri.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCng06zdlkhYiBK
+43H+cK+vkHYvvRA2RtWbLMw+9rV9IrdGQ+iQQ/X1SZfDl2hWUiKTpabcuGYzY38H
+lXW4UXwTB36KEe7G3yF/fbvYzNsdUCAVOzNs/0EMvXJeD/Dm5CBMEsG6V0ovHmkc
+c80fQYQiSxgjpWyRpKdP+z/2imGph9onuu7EWOpAXGArozlLL5OixQ2dmutsc5ap
+hfgwq6za00uKsFifolRtAhiH86N0vjiAJkzZR83uBlI285sj5+EzRrtjVv+kgsLW
+gLDlj3bgsuKQDfxWhe+mpy2PIJ41kqktCz1qew3wyHI2ysE+6htHYQMNbCtkRMdX
+/4t1yx95AgMBAAECggEAIIhn6IK7nLgp/WFe6kOIW1h7G5pkY6YuJgz1PeU8Kilr
+3sGhkSMhyZmZV+s34EvjWzl4xrUpZCGWsipcyodIyYlTEg2ZihYbs17/9IMUqwS8
+tmLhAfIw+ABzDcGaz7zOaPfbmA0L40rMrzHuTHu05dQfxAyEoWSQ+f+Z1I/bl8jy
+GdXQVtqZzqJcWXbXt+3+B4f2/d7K5xzb7lv/8zhAf/zoG9srMByPa6/Do5rVas5Q
+NmzJPwXngxE5dJcHsWU4FkHbSbJj0khW858MJ4o5Ddw5ZOPimqlcmpClb01wCdXf
+13o2ozKGE/xq3InU7MA4ad0tLMdEM8R7yhUZ9Xe/gQKBgQDYXt4BhiamnSl1tHR8
+MiiyzkcZuVH04/A6FsnUhcbQF9iCqO9szw50k0z7DVIGS9dSY9kmMdEcpsX6m2XC
+XfEsxHBm0wmJqLUGq3UzM6oDsyZG1fkTg+eMzbVO0sv4xdhJLPpmsck5yJ8t0TxB
+8gIS9yNEw7+w6rZhgSRsMT+WhQKBgQDGMZ0qIdFi1Ae7ueTcBCe+cjgmTG9nXq6+
+qRokU63rPP9y8XTVD6hRmviMRl4skt0F39yGJ7janIQnOBrf2DVEX4Mcf0sY4vDJ
+msDV5jkbzgbAEas0ejO4h+dpRqa4mUiU1JR/Pb1jZHNOg7ZfTw45WPqBGsLTEpAt
+OsKVUgbZZQKBgCIe+8WjwS6fNC2SspfvVQm1i/Lbjbgfxf9zHor8ObkROZyJRZCU
+KoRpwkcI97l0dlVQ16q1SnPJPQljPi3joKfdppggia2CxGFz4nybliEVPGEJV0kj
+kP1cZ04x4eauVIhdpnNRcBlDsQ6Jo4YGwxr4jEBI2k7tBKvlsLe7IHr9AoGAeJmi
+IAwaBIAvAH16lKL2qD2Ki0uBkq4buSrfHHHK59TjQEdLJ4byjk21pm3/SjJHyhZR
+c1TieCw7gj3ypHlE2IkiGAohYVBe4t6HLuF7qL6yfteBjVo69LPGDdqPAs9LSj0c
+61xfTQbH32PoapCJgD3zmPH20Ud/cfZKh2A1iL0CgYEAwQgGxHVo+/d3BhLQvQHt
+64fE+qrZA5oWWwBh8EzR+98eOnDCF3Gm6chrEs9boOzlwxr9LU4TgiBnpyYrQCEw
+AdOA9dhYz91d+chJZjKo635Y9byN9rutr3/EfqZLxWL73k1y5LNAYL+jyAab0Jsw
+l2xG6PNj5rItkgO3j50qA7s=
+-----END PRIVATE KEY-----
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@ -123,12 +123,12 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA
 x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version     \: 3\nserial number     \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name       \: C=NL\nsubject name      \: C=NL\nissued  on        \: 2014-01-22 10\:04\:33\nexpires on        \: 2024-01-22 10\:04\:33\nsigned using      \: RSA with SHA1\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name  \:\n    dNSName \: www.shotokan-braunschweig.de\n    dNSName \: www.massimo-abate.eu\n    <unsupported>\n    <unsupported>\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\n"

 X509 CRT information, Subject Alt Name with uniformResourceIdentifier
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_cert_info:"data_files/rsa_single_san_uri.crt":"cert. version     \: 3\nserial number     \: 59\:6B\:8F\:B8\:A0\:66\:A7\:F7\:BB\:26\:DE\:06\:DC\:90\:23\:A7\:DE\:F3\:D0\:D9\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued  on        \: 2022-12-27 17\:05\:01\nexpires on        \: 2042-12-22 17\:05\:01\nsigned using      \: RSA with SHA-256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name  \:\n    uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\n"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_cert_info:"data_files/rsa_single_san_uri.crt.der":"cert. version     \: 3\nserial number     \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued  on        \: 2023-02-14 10\:38\:05\nexpires on        \: 2043-02-09 10\:38\:05\nsigned using      \: RSA with SHA-256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name  \:\n    uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\n"

 X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_cert_info:"data_files/rsa_multiple_san_uri.crt":"cert. version     \: 3\nserial number     \: 2F\:14\:4E\:99\:AD\:79\:42\:E0\:59\:A4\:B4\:86\:DC\:A6\:53\:B5\:CA\:CE\:5F\:40\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued  on        \: 2022-12-28 08\:37\:46\nexpires on        \: 2042-12-23 08\:37\:46\nsigned using      \: RSA with SHA-256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name  \:\n    uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n    uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\n"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_cert_info:"data_files/rsa_multiple_san_uri.crt.der":"cert. version     \: 3\nserial number     \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued  on        \: 2023-02-14 10\:37\:50\nexpires on        \: 2043-02-09 10\:37\:50\nsigned using      \: RSA with SHA-256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name  \:\n    uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n    uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage         \: Digital Signature, Non Repudiation, Key Encipherment\n"

 X509 CRT information, RSA Certificate Policy any
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA