From 27f9e7815cd5df022cc73250793e07b394bc5506 Mon Sep 17 00:00:00 2001 From: toth92g Date: Mon, 22 Feb 2021 13:17:32 +0100 Subject: [PATCH] Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates Signed-off-by: toth92g --- ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt | 2 ++ programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- tests/data_files/Makefile | 9 +++++++++ tests/data_files/authorityKeyId_subjectKeyId.conf | 9 +++++++++ 5 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId.conf diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt new file mode 100644 index 0000000000..cf4c9e9531 --- /dev/null +++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt @@ -0,0 +1,2 @@ +API changes + * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 13edf46d7e..2a9a7fe84e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -41,7 +41,7 @@ int main(void) /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 +#define MEMORY_HEAP_SIZE 180000 #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b2bd8b8ca8..916a581085 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -73,7 +73,7 @@ int main(void) /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 +#define MEMORY_HEAP_SIZE 180000 #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 4228f45822..3a2fca5a18 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -389,6 +389,15 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der +authorityKeyId_subjectKeyId.crt: + $(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout authorityKeyId_subjectKeyId.crt -out authorityKeyId_subjectKeyId.crt -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' +# The listed certificates are the copies of authorityKeyId_subjectKeyId.crt with error injections +# authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt The TAG marking the beginning of SubjectKeyId is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt The TAG marking the beginning of AuthorityKeyId field is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt The TAG marking that AuthorityKeyId is a sequence is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_IssuerN.crt There are 5 different TAGs based on the x509 doc under AuthorityKeyId(keyId, Dir, Seqence of Dir, serial) +# Each test inject error to one of these + ################################################################ #### Generate various RSA keys ################################################################ diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf new file mode 100644 index 0000000000..d875c6ffe0 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId.conf @@ -0,0 +1,9 @@ +[req] +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no +[req_distinguished_name] +CN = MBEDTLS +[v3_req] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always