Add tests for (named) bitstring to suite_asn1write

2026-04-05 06:26:52 +00:00 · 2018-09-26 10:51:16 +01:00 · 2018-09-26 10:51:16 +01:00 · abb7622d08
commit abb7622d08
parent 04ee5e0bbd
14 changed files with 241 additions and 80 deletions
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@ -63,7 +63,10 @@ int main( void )
 #define DFL_OUTPUT_FILENAME     "cert.req"
 #define DFL_SUBJECT_NAME        "CN=Cert,O=mbed TLS,C=UK"
 #define DFL_KEY_USAGE           0
+#define DFL_FORCE_KEY_USAGE     0
 #define DFL_NS_CERT_TYPE        0
+#define DFL_FORCE_NS_CERT_TYPE  0
+#define DFL_MD_ALG              MBEDTLS_MD_SHA256

 #define USAGE \
    "\n usage: cert_req param=<>...\n"                  \
@ -81,6 +84,8 @@ int main( void )
    "                          key_agreement\n"         \
    "                          key_cert_sign\n"  \
    "                          crl_sign\n"              \
+    "    force_key_usage=0/1  default: off\n"           \
+    "                          Add KeyUsage even if it is empty\n"  \
    "    ns_cert_type=%%s     default: (empty)\n"       \
    "                        Comma-separated-list of values:\n"     \
    "                          ssl_client\n"            \
@ -90,6 +95,13 @@ int main( void )
    "                          ssl_ca\n"                \
    "                          email_ca\n"              \
    "                          object_signing_ca\n"     \
+    "    force_ns_cert_type=0/1 default: off\n"         \
+    "                          Add NsCertType even if it is empty\n"    \
+    "    md=%%s               default: SHA256\n"       \
+    "                          possible values:\n"     \
+    "                          MD4, MD5, SHA1\n"       \
+    "                          SHA224, SHA256\n"       \
+    "                          SHA384, SHA512\n"       \
    "\n"

 /*
@ -102,7 +114,10 @@ struct options
    const char *output_file;    /* where to store the constructed key file  */
    const char *subject_name;   /* subject name for certificate request */
    unsigned char key_usage;    /* key usage flags                      */
+    int force_key_usage;        /* Force adding the KeyUsage extension  */
    unsigned char ns_cert_type; /* NS cert type                         */
+    int force_ns_cert_type;     /* Force adding NsCertType extension    */
+    mbedtls_md_type_t md_alg;   /* Hash algorithm used for signature.   */
 } opt;

 int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
@ -151,7 +166,6 @@ int main( int argc, char *argv[] )
     * Set to sane values
     */
    mbedtls_x509write_csr_init( &req );
-    mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 );
    mbedtls_pk_init( &key );
    mbedtls_ctr_drbg_init( &ctr_drbg );
    memset( buf, 0, sizeof( buf ) );
@ -168,7 +182,10 @@ int main( int argc, char *argv[] )
    opt.output_file         = DFL_OUTPUT_FILENAME;
    opt.subject_name        = DFL_SUBJECT_NAME;
    opt.key_usage           = DFL_KEY_USAGE;
+    opt.force_key_usage     = DFL_FORCE_KEY_USAGE;
    opt.ns_cert_type        = DFL_NS_CERT_TYPE;
+    opt.force_ns_cert_type  = DFL_FORCE_NS_CERT_TYPE;
+    opt.md_alg              = DFL_MD_ALG;

    for( i = 1; i < argc; i++ )
    {
@ -192,6 +209,54 @@ int main( int argc, char *argv[] )
        {
            opt.subject_name = q;
        }
+        else if( strcmp( p, "md" ) == 0 )
+        {
+            if( strcmp( q, "SHA256" ) == 0 )
+            {
+                opt.md_alg = MBEDTLS_MD_SHA256;
+            }
+            else if( strcmp( q, "SHA224" ) == 0 )
+            {
+                opt.md_alg = MBEDTLS_MD_SHA224;
+            }
+            else
+#if defined(MBEDTLS_MD5_C)
+            if( strcmp( q, "MD5" ) == 0 )
+            {
+                opt.md_alg = MBEDTLS_MD_MD5;
+            }
+            else
+#endif /* MBEDTLS_MD5_C */
+#if defined(MBEDTLS_MD4_C)
+            if( strcmp( q, "MD4" ) == 0 )
+            {
+                opt.md_alg = MBEDTLS_MD_MD4;
+            }
+            else
+#endif /* MBEDTLS_MD5_C */
+#if defined(MBEDTLS_SHA1_C)
+            if( strcmp( q, "SHA1" ) == 0 )
+            {
+                opt.md_alg = MBEDTLS_MD_SHA1;
+            }
+            else
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA512_C)
+            if( strcmp( q, "SHA384" ) == 0 )
+            {
+                opt.md_alg = MBEDTLS_MD_SHA384;
+            }
+            else
+            if( strcmp( q, "SHA512" ) == 0 )
+            {
+                opt.md_alg = MBEDTLS_MD_SHA512;
+            }
+            else
+#endif /* MBEDTLS_SHA512_C */
+            {
+                goto usage;
+            }
+        }
        else if( strcmp( p, "key_usage" ) == 0 )
        {
            while( q != NULL )
@ -219,6 +284,15 @@ int main( int argc, char *argv[] )
                q = r;
            }
        }
+        else if( strcmp( p, "force_key_usage" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0: opt.force_key_usage = 0; break;
+                case 1: opt.force_key_usage = 1; break;
+                default: goto usage;
+            }
+        }
        else if( strcmp( p, "ns_cert_type" ) == 0 )
        {
            while( q != NULL )
@ -246,14 +320,25 @@ int main( int argc, char *argv[] )
                q = r;
            }
        }
+        else if( strcmp( p, "force_ns_cert_type" ) == 0 )
+        {
+            switch( atoi( q ) )
+            {
+                case 0: opt.force_ns_cert_type = 0; break;
+                case 1: opt.force_ns_cert_type = 1; break;
+                default: goto usage;
+            }
+        }
        else
            goto usage;
    }

-    if( opt.key_usage )
+    mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
+
+    if( opt.key_usage || opt.force_key_usage == 1 )
        mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );

-    if( opt.ns_cert_type )
+    if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
        mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );

    /*