Merge pull request #7478 from yuhaoth/pr/add-script-for-generating-cert-macros

Add script for generating cert macros

tests/data_files/Makefile

@@ -379,6 +379,7 @@ all_final += server8_int-ca2.crt
 
 cli2.req.sha256: cli2.key
 	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
+all_intermediate += cli2.req.sha256
 
 all_final += server1.req.sha1
 cli2.crt: cli2.req.sha256
@@ -1819,6 +1820,72 @@ pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der
 	dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1
 all_final += pkcs7_data_cert_signeddata_sha256.der
 
+################################################################
+#### Generate C format test certs header
+################################################################
+
+TEST_CERTS_H_INPUT_FILES=test-ca2.crt \
+					test-ca2.crt.der \
+					test-ca2.key.enc \
+					test-ca2.key.der \
+					test-ca-sha256.crt \
+					test-ca-sha256.crt.der \
+					test-ca-sha1.crt \
+					test-ca-sha1.crt.der \
+					test-ca.key \
+					test-ca.key.der \
+					server5.crt \
+					server5.crt.der \
+					server5.key \
+					server5.key.der \
+					server2-sha256.crt \
+					server2-sha256.crt.der \
+					server2.crt \
+					server2.crt.der \
+					server2.key \
+					server2.key.der \
+					cli2.crt \
+					cli2.crt.der \
+					cli2.key \
+					cli2.key.der \
+					cli-rsa-sha256.crt \
+					cli-rsa-sha256.crt.der \
+					cli-rsa.key \
+					cli-rsa.key.der
+../src/test_certs.h: ../scripts/generate_test_cert_macros.py \
+					 $(TEST_CERTS_H_INPUT_FILES)
+	../scripts/generate_test_cert_macros.py --output $@ \
+				--string TEST_CA_CRT_EC_PEM=test-ca2.crt \
+				--binary TEST_CA_CRT_EC_DER=test-ca2.crt.der \
+				--string TEST_CA_KEY_EC_PEM=test-ca2.key.enc \
+				--password TEST_CA_PWD_EC_PEM=PolarSSLTest \
+				--binary TEST_CA_KEY_EC_DER=test-ca2.key.der \
+				--string TEST_CA_CRT_RSA_SHA256_PEM=test-ca-sha256.crt \
+				--binary TEST_CA_CRT_RSA_SHA256_DER=test-ca-sha256.crt.der \
+				--string TEST_CA_CRT_RSA_SHA1_PEM=test-ca-sha1.crt \
+				--binary TEST_CA_CRT_RSA_SHA1_DER=test-ca-sha1.crt.der \
+				--string TEST_CA_KEY_RSA_PEM=test-ca.key \
+				--password TEST_CA_PWD_RSA_PEM=PolarSSLTest \
+				--binary TEST_CA_KEY_RSA_DER=test-ca.key.der \
+				--string TEST_SRV_CRT_EC_PEM=server5.crt \
+				--binary TEST_SRV_CRT_EC_DER=server5.crt.der \
+				--string TEST_SRV_KEY_EC_PEM=server5.key \
+				--binary TEST_SRV_KEY_EC_DER=server5.key.der \
+				--string TEST_SRV_CRT_RSA_SHA256_PEM=server2-sha256.crt \
+				--binary TEST_SRV_CRT_RSA_SHA256_DER=server2-sha256.crt.der \
+				--string TEST_SRV_CRT_RSA_SHA1_PEM=server2.crt \
+				--binary TEST_SRV_CRT_RSA_SHA1_DER=server2.crt.der \
+				--string TEST_SRV_KEY_RSA_PEM=server2.key \
+				--binary TEST_SRV_KEY_RSA_DER=server2.key.der \
+				--string TEST_CLI_CRT_EC_PEM=cli2.crt \
+				--binary TEST_CLI_CRT_EC_DER=cli2.crt.der \
+				--string TEST_CLI_KEY_EC_PEM=cli2.key \
+				--binary TEST_CLI_KEY_EC_DER=cli2.key.der \
+				--string TEST_CLI_CRT_RSA_PEM=cli-rsa-sha256.crt \
+				--binary TEST_CLI_CRT_RSA_DER=cli-rsa-sha256.crt.der \
+				--string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \
+				--binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der
+
 ################################################################
 #### Diffie-Hellman parameters
 ################################################################
@@ -1829,6 +1896,7 @@ dh.998.pem:
 dh.999.pem:
 	$(OPENSSL) dhparam -out $@ -text 999
 
+
 ################################################################
 #### Meta targets
 ################################################################

tests/data_files/test_certs.h.jinja2

@@ -0,0 +1,54 @@
+/*
+ *  X.509 test certificates
+ *
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */
+/* *INDENT-OFF* */
+
+{% for mode, name, value in macros %}
+    {% if mode == 'string' %}
+/* This is taken from {{value}}. */
+/* BEGIN FILE string macro {{name}} {{value}} */
+#define {{name}}{{ '\\' | put_to_column(position=80-9-name|length)}}
+        {% for line in value | read_lines %}
+    "{{line}}\r\n"{% if not loop.last %}{{ '\\' | put_to_column(position=80-10-1-line|length)}}
+        {% endif %}
+        {% endfor %}
+
+/* END FILE */
+    {% endif %}
+    {% if mode == 'binary' %}
+/* This is generated from {{value}}. */
+/* BEGIN FILE binary macro {{name}} {{value}} */
+#define {{name}} {% raw -%} { {%- endraw %} {{ '\\' | put_to_column(position=80-11-name|length)}}
+        {% for line in value | read_as_c_array %}
+            {% if not loop.last %}
+        {{line}},{{ '\\' | put_to_column(position=80-9-line|length)}}
+            {% else %}
+        {{line}}{{ '\\' | put_to_column(position=80-8-line|length)}}
+            {% endif %}
+        {% endfor %}
+{% raw -%} } {%- endraw %}
+
+/* END FILE */
+    {% endif %}
+    {% if mode == 'password' %}
+#define {{name}} "{{value}}"
+    {% endif %}
+
+{% endfor %}

tests/scripts/generate_test_cert_macros.py

@@ -0,0 +1,107 @@
+#!/usr/bin/env python3
+
+"""
+Generate `tests/src/test_certs.h` which includes certficaties/keys/certificate list for testing.
+"""
+
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import sys
+import argparse
+import jinja2
+
+class MacroDefineAction(argparse.Action):
+    #pylint: disable=signature-differs, too-few-public-methods
+    def __call__(self, parser, namespace, values, option_string):
+        if not hasattr(namespace, 'values'):
+            setattr(namespace, 'values', [])
+        macro_name, filename = values
+        if self.dest in ('string', 'binary') and not os.path.exists(filename):
+            raise argparse.ArgumentError(
+                None, '`{}`: Input file does not exist.'.format(filename))
+        namespace.values.append((self.dest, macro_name, filename))
+
+
+def macro_define_type(value):
+    ret = value.split('=', 1)
+    if len(ret) != 2:
+        raise argparse.ArgumentTypeError(
+            '`{}` is not MACRO=value format'.format(value))
+    return ret
+
+
+def build_argparser(parser):
+    parser.description = __doc__
+    parser.add_argument('--string', type=macro_define_type, action=MacroDefineAction,
+                        metavar='MACRO_NAME=path/to/file', help='PEM to C string. ')
+    parser.add_argument('--binary', type=macro_define_type, action=MacroDefineAction,
+                        metavar='MACRO_NAME=path/to/file',
+                        help='DER to C arrary.')
+    parser.add_argument('--password', type=macro_define_type, action=MacroDefineAction,
+                        metavar='MACRO_NAME=password', help='Password to C string.')
+    parser.add_argument('--output', type=str, required=True)
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    build_argparser(parser)
+    args = parser.parse_args()
+    return generate(**vars(args))
+
+#pylint: disable=dangerous-default-value, unused-argument
+def generate(values=[], output=None, **kwargs):
+    """Generate C header file.
+    """
+    this_dir = os.path.dirname(os.path.abspath(__file__))
+    template_loader = jinja2.FileSystemLoader(
+        searchpath=os.path.join(this_dir, '..', 'data_files'))
+    template_env = jinja2.Environment(
+        loader=template_loader, lstrip_blocks=True, trim_blocks=True)
+
+    def read_as_c_array(filename):
+        with open(filename, 'rb') as f:
+            data = f.read(12)
+            while data:
+                yield ', '.join(['{:#04x}'.format(b) for b in data])
+                data = f.read(12)
+
+    def read_lines(filename):
+        with open(filename) as f:
+            try:
+                for line in f:
+                    yield line.strip()
+            except:
+                print(filename)
+                raise
+
+    def put_to_column(value, position=0):
+        return ' '*position + value
+
+    template_env.filters['read_as_c_array'] = read_as_c_array
+    template_env.filters['read_lines'] = read_lines
+    template_env.filters['put_to_column'] = put_to_column
+
+    template = template_env.get_template('test_certs.h.jinja2')
+
+    with open(output, 'w') as f:
+        f.write(template.render(macros=values))
+
+
+if __name__ == '__main__':
+    sys.exit(main())