TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a69934f2490686ad8aa75f7032ca8cd09de4796d^! / . / tests / data_files / Makefile
commita69934f2490686ad8aa75f7032ca8cd09de4796d[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Fri May 19 23:07:09 2023 +0800
committerPengyu Lv <pengyu.lv@arm.com>Mon Jun 19 11:41:12 2023 +0800
treece1be5809e9fee6f8da215d370afd42b700a0510
parent33536d170ef9305c43613a58517eda18476da493 [diff] [blame]
upgrade server9-bad-saltlen.crt

Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index f43b86b..40654a0 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile

@@ -509,15 +509,9 @@
 	cat $^ > $@
 all_final += server9-with-ca.crt
 
-# FIXME: this file expected a bad-saltlen, but it create a good saltlen.
+# FIXME: This file needs special sequence. It should be update manually
 server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
-	$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
-		-passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
-		-set_serial 24 -days 3653 \
-		-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
-		-sigopt rsa_mgf1_md:sha256 -sha256 \
-		-in $< -out $@
-all_final += server9-bad-saltlen.crt
+	false
 
 server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
 	$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \