mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-24 06:40:46 +00:00

Author	SHA1	Message	Date
Ronald Cron	9785cf1821	Add RSA key certificates Add RSA key certificates using SHA256 instead of SHA1 for the signature algorithm. Those are needed for some TLS 1.3 compatibility tests with OpenSSL 3 to avoid having to enable in OpenSSL 3 the support for the deprecated SHA-1 based signature algorithms. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-02 14:28:35 +02:00
Ryan Everett	791fc2e24c	Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-08 14:26:29 +00:00
Ryan Everett	d00a138075	Change test data for pkparse aes Test data generated using openSSL with: openssl pkcs8 -topk8 -v2 $ENC -v2prf hmacWithSHA384 -inform PEM -in $IN -outform PEM -out $OUT -passout "pass:PolarSSLTest" Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-11 17:23:15 +00:00
Gilles Peskine	885bcfc9d0	Merge pull request #7649 from yuhaoth/pr/add-command-for-server9-bad-saltlen Add command for server9-bad-saltlen	2023-11-20 14:07:19 +00:00
Pengyu Lv	2151ba55f6	test_suite_x509write: use plaintext key file Some test cases are using encrypted key file, thus have dependency on low-level block cipher modules (e.g. AES). This commit adds unencrypted key file so that we could get rid of those dependencies. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-31 18:12:04 +08:00
Jerry Yu	6f21dd5694	move script to `tests/scripts` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-24 15:45:41 +08:00
Jerry Yu	2f3f968033	fix wrong typo and indent issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-18 15:07:10 +08:00
Jerry Yu	ca3790d653	Add server9-bad-saltlen generate command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-18 15:07:09 +08:00
Gilles Peskine	3cea3efc25	Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 Accept numericoid hexstring x509	2023-09-13 08:54:33 +00:00
Gilles Peskine	2e38a0d603	More spelling corrections Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:19:31 +02:00
Agathiyan Bragadeesh	a0ba8aab2e	Add test for non ascii x509 subject name Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh	dba8a641fe	Add and update tests for x509write and x509parse Due to change in handling non-ascii characters, existing tests had to be updated to handle the new implementation. New tests and certificates are added to test the escaping functionality in edge cases. Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-22 10:39:52 +01:00
Gilles Peskine	d686c2a822	Merge pull request #7971 from AgathiyanB/fix-data-files-makefile Fix server1.crt.der in tests/data_files/Makefile	2023-08-21 14:43:07 +00:00
Gilles Peskine	dbd13c3689	Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 Updating crt/crl files due to expiry before 2027-01-01	2023-08-17 15:38:35 +00:00
Gilles Peskine	d370f93898	Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's	2023-08-16 09:19:46 +00:00
Gilles Peskine	a79256472c	Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier Fixed x509 certificate generation to conform to RFCs when using ECC key	2023-08-07 19:14:54 +00:00
Agathiyan Bragadeesh	8dc913899d	Fix server1.crt.der in makefile Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-07-24 10:44:00 +01:00
Andrzej Kurek	34ccd8d0b6	Test x509 csr SAN DN and RFC822 generation Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-07 08:18:43 -04:00
Jerry Yu	4d31022d90	Add missed intermediate file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:16:14 +08:00
Jerry Yu	c5b2e284fa	Remove workaround code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:16:10 +08:00
Jerry Yu	2ef2e78837	Add commands for `test_certs.h` And update target file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-06 10:13:46 +08:00
Pengyu Lv	b687c03183	Fix the command for server9-sha.crt The new command could generate parse_input/server9-sha.crt correctly. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	49c56e651d	Add target for parse_input/cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	19e949e644	Fix typo and long line format Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	59f392cd4d	upgrade server9-bad-saltlen.crt Upgrade scripts ```python import subprocess from asn1crypto import pem, x509,core output_filename="server9-bad-saltlen.crt" tmp_filename="server9-bad-saltlen.crt.tmp" tmp1_filename="server9-bad-saltlen.crt.tmp1" subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \ -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \ -set_serial 24 -days 3650 \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ -sigopt rsa_mgf1_md:sha256 -sha256 \ -in server9.csr -out {output_filename} ''',shell=True) with open(output_filename,'rb') as f: _,_,der_bytes=pem.unarmor(f.read()) target_certificate=x509.Certificate.load(der_bytes) with open(tmp_filename,'wb') as f: f.write(target_certificate['tbs_certificate'].dump()) subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}', shell=True) with open(tmp1_filename,'rb') as f: signature_value= core.OctetBitString(f.read()) with open(output_filename,'wb') as f: target_certificate['signature_value']=signature_value f.write(pem.armor('CERTIFICATE',target_certificate.dump())) ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	8c40c573b2	Add server9-bad-{mgfhash,saltlen}.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	b5ac935e44	Add rules to generate server9*.crt Except for server9-bad-saltlen.crt and server9-bad-mgfhash.crt. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4ca9520582	Update server1-nospace.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0efdfcbfd3	Update v1 crt files Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	e025cb2096	Add rules to generate cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	1ca5c0eae9	Add rules to generate server5.[e]ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	0063599e6f	Add rules to generate server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	55ee7f8e13	Add rule for server2-badsign.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	0f381fd02f	Update test-ca2.ku-*.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Pengyu Lv	5a1dbf3d6e	Fix the rule for server5-ss-forgeca.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	affc294dfe	Add the rule and update server6-ss-child.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Jerry Yu	4d69b29076	Update server5-selfsigned.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-07-04 17:30:21 +08:00
Andrzej Kurek	78ecf41f22	Change spaces to a tab in a makefile recipe Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-30 08:42:05 -04:00
Andrzej Kurek	03478d2b90	Merge branch 'development' into issue/7816/add-commands-for-files-in-parse_input Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-30 14:38:05 +02:00
Pengyu Lv	18730ddbcf	fix fragile way to refer to server1.req.sha256 The original varible $< is fragile especially when there are multiple rules for the same target. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-30 00:23:13 +08:00
Pengyu Lv	ab266491f0	Make parse_input targets depend on files in parse_input if possible Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-29 13:06:55 +08:00
Pengyu Lv	7d7c208647	fix the command of server5-sha%.crt This makes the rule could generate parse_input/server5-sha*.crt correctly. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-29 10:36:44 +08:00
Pengyu Lv	a0350f7304	fix wrong dependency file path This commit is generated by below script ``` for i in `ls parse_input`; do if [ -f $i ]; then continue fi # Add parse_input/ prefix when $i is a dependency. sed -i "/:$.*[^\/]$$i/,/^$/s/$i/parse_input\/$i/g" Makefile done ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-29 10:36:34 +08:00
Jerry Yu	dfc2e26ddf	Short too long lines Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-27 17:05:51 +08:00
Jerry Yu	8ee086dc50	remove parse input only files from `all_final` script ``` for i in `ls parse_input` do if [ -f $i ] then continue fi sed -i "/^all_final.*$i\$/d" Makefile done ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-27 17:02:45 +08:00
Jerry Yu	7d2a54c04d	fix wrong dependency file path `test_csr_v3_all.csr.der` has been moved to `parse_input` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-27 16:57:36 +08:00
Jerry Yu	92d1ec6567	Change path for the files only exits in parse_input This commit is generated by below script ``` for i in `ls parse_input` do if [ -f $i ] then continue fi sed -i "s/^$i:/parse_input\/$i:/g" Makefile done ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-27 16:53:25 +08:00
Jerry Yu	54e8632ae6	copy command for parse_input/* when it exists in data_files This commit are generate by below script ``` for i in `ls parse_input` do if [ -f $i ] then sed -i "s/^$i:/parse_input\/$i $i:/g" Makefile fi done ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-27 16:40:00 +08:00
Andrzej Kurek	2016fa35cb	Use DER format for x509 SAN tests This way there's no dependency on PEM parsing. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-20 06:14:49 -04:00
Marek Jansta	8bde649c0b	Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate Signed-off-by: Marek Jansta <jansta@2n.cz>	2023-06-19 12:49:27 +02:00

1 2 3 4 5

220 Commits