mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-19 09:40:29 +00:00

Author	SHA1	Message	Date
Gilles Peskine	0a2d48290b	Add some test RSA keys of sizes 768 and up These are sufficiently large for PKCS#1v1.5 signature with SHA-512 or SHA3-512. Cover some non-word-aligned sizes. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-04-24 18:22:21 +02:00
Gilles Peskine	dfb7afe67e	Cleartext RSA keys: also make DER formats available We can use DER keys in builds without PEM, so it's good to have them around. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-04-24 18:22:19 +02:00
Ronald Cron	0e711e1ac0	Add RSA key certificates Add RSA key certificates using SHA256 instead of SHA1 for the signature algorithm. Those are needed for some TLS 1.3 compatibility tests with OpenSSL 3 to avoid having to enable in OpenSSL 3 the support for the deprecated SHA-1 based signature algorithms. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-12 13:37:22 +02:00
Ryan Everett	791fc2e24c	Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-08 14:26:29 +00:00
Jerry Yu	192e0f9b1d	ssl_server2: Add read early data support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Ryan Everett	a90378c425	Restore previous version of rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-12 10:24:00 +00:00
Ryan Everett	d00a138075	Change test data for pkparse aes Test data generated using openSSL with: openssl pkcs8 -topk8 -v2 $ENC -v2prf hmacWithSHA384 -inform PEM -in $IN -outform PEM -out $OUT -passout "pass:PolarSSLTest" Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-11 17:23:15 +00:00
Ryan Everett	1f935f5027	Add AES tests to test_suite_pkparse Test data generated using openssl: openssl genpkey -algorithm rsa -out $OUT -$ALG Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-10 19:34:18 +00:00
Gilles Peskine	885bcfc9d0	Merge pull request #7649 from yuhaoth/pr/add-command-for-server9-bad-saltlen Add command for server9-bad-saltlen	2023-11-20 14:07:19 +00:00
Manuel Pégourié-Gonnard	964dee6b3f	Merge pull request #8442 from lpy4105/issue/8355/driver-only-cipher_aead-x509 X.509: Support driver-only cipher+aead	2023-11-06 09:10:57 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Pengyu Lv	2151ba55f6	test_suite_x509write: use plaintext key file Some test cases are using encrypted key file, thus have dependency on low-level block cipher modules (e.g. AES). This commit adds unencrypted key file so that we could get rid of those dependencies. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-31 18:12:04 +08:00
Jerry Yu	6f21dd5694	move script to `tests/scripts` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-24 15:45:41 +08:00
Jerry Yu	53a332d970	fix various issues - rename file name from `early_data.txt` to `tls13_early_data.txt` - fix typo issue - remove redundant parameter Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-23 13:52:56 +08:00
Jerry Yu	2f3f968033	fix wrong typo and indent issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-18 15:07:10 +08:00
Jerry Yu	ca3790d653	Add server9-bad-saltlen generate command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-18 15:07:09 +08:00
Jerry Yu	e649cecb43	Add data file for early data input Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:02:01 +08:00
Gilles Peskine	3cea3efc25	Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 Accept numericoid hexstring x509	2023-09-13 08:54:33 +00:00
Gilles Peskine	2e38a0d603	More spelling corrections Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:19:31 +02:00
Agathiyan Bragadeesh	a0ba8aab2e	Add test for non ascii x509 subject name Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	dba8a641fe	Add and update tests for x509write and x509parse Due to change in handling non-ascii characters, existing tests had to be updated to handle the new implementation. New tests and certificates are added to test the escaping functionality in edge cases. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:52 +01:00
Gilles Peskine	d686c2a822	Merge pull request #7971 from AgathiyanB/fix-data-files-makefile Fix server1.crt.der in tests/data_files/Makefile	2023-08-21 14:43:07 +00:00
Gilles Peskine	dbd13c3689	Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 Updating crt/crl files due to expiry before 2027-01-01	2023-08-17 15:38:35 +00:00
Gilles Peskine	d370f93898	Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's	2023-08-16 09:19:46 +00:00
Gilles Peskine	a79256472c	Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier Fixed x509 certificate generation to conform to RFCs when using ECC key	2023-08-07 19:14:54 +00:00
Agathiyan Bragadeesh	8dc913899d	Fix server1.crt.der in makefile Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-07-24 10:44:00 +01:00
Andrzej Kurek	34ccd8d0b6	Test x509 csr SAN DN and RFC822 generation Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-07 08:18:43 -04:00
Jerry Yu	ba3eee7211	Add indent Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:16:15 +08:00
Jerry Yu	4d31022d90	Add missed intermediate file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:16:14 +08:00
Jerry Yu	c5b2e284fa	Remove workaround code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:16:10 +08:00
Jerry Yu	2ef2e78837	Add commands for `test_certs.h` And update target file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:13:46 +08:00
Jerry Yu	5811869311	Add test_certs.h generate script Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:13:46 +08:00
Pengyu Lv	b687c03183	Fix the command for server9-sha.crt The new command could generate parse_input/server9-sha.crt correctly. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	49c56e651d	Add target for parse_input/cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	19e949e644	Fix typo and long line format Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	736d2bb715	Update crl-rsa-pss-*.pem manually The rules will be in a seperate PR. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	59f392cd4d	upgrade server9-bad-saltlen.crt Upgrade scripts ```python import subprocess from asn1crypto import pem, x509,core output_filename="server9-bad-saltlen.crt" tmp_filename="server9-bad-saltlen.crt.tmp" tmp1_filename="server9-bad-saltlen.crt.tmp1" subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \ -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \ -set_serial 24 -days 3650 \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ -sigopt rsa_mgf1_md:sha256 -sha256 \ -in server9.csr -out {output_filename} ''',shell=True) with open(output_filename,'rb') as f: _,_,der_bytes=pem.unarmor(f.read()) target_certificate=x509.Certificate.load(der_bytes) with open(tmp_filename,'wb') as f: f.write(target_certificate['tbs_certificate'].dump()) subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}', shell=True) with open(tmp1_filename,'rb') as f: signature_value= core.OctetBitString(f.read()) with open(output_filename,'wb') as f: target_certificate['signature_value']=signature_value f.write(pem.armor('CERTIFICATE',target_certificate.dump())) ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	4ad45c01b9	Update server9*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	8c40c573b2	Add server9-bad-{mgfhash,saltlen}.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b5ac935e44	Add rules to generate server9*.crt Except for server9-bad-saltlen.crt and server9-bad-mgfhash.crt. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4ca9520582	Update server1-nospace.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0efdfcbfd3	Update v1 crt files Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0d545a1815	Update cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	e025cb2096	Add rules to generate cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	d9ba29733e	Update server5.[e]ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	1ca5c0eae9	Add rules to generate server5.[e]ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5b91dc7265	Update server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0063599e6f	Add rules to generate server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	55ee7f8e13	Add rule for server2-badsign.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0f381fd02f	Update test-ca2.ku-*.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00

1 2 3 4 5 ...

418 Commits