From 151d85d82cc43e1f6e6d30d84d36dcf151588bd4 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 12 Jan 2023 08:59:37 -0500
Subject: [PATCH] Introduce a test for a malformed directoryname SAN

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 tests/data_files/Makefile                           |  3 +++
 .../server5-second-directoryname-malformed.crt      | 13 +++++++++++++
 tests/suites/test_suite_x509parse.data              |  8 ++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 tests/data_files/server5-second-directoryname-malformed.crt

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 27f2afa91..233a2c781 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -344,6 +344,9 @@ server5-directoryname.crt: server5.key
 server5-two-directorynames.crt: server5.key
 	$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@
 
+server5-second-directoryname-malformed.crt: server5-two-directorynames.crt
+	(head -n1 $<; sed -n '2,12p' $< | base64 --decode | hexdump -ve '1/1 "%.2X"' | sed "s/0355040A0C0A4D414C464F524D5F4D45/1555040A0C0A4D414C464F524D5F4D45/" | xxd -r -p | base64 -w64; tail -n1 $<) > $@
+
 all_final += server5-tricky-ip-san.crt
 
 rsa_single_san_uri.crt.der: rsa_single_san_uri.key
diff --git a/tests/data_files/server5-second-directoryname-malformed.crt b/tests/data_files/server5-second-directoryname-malformed.crt
new file mode 100644
index 000000000..11d439b3e
--- /dev/null
+++ b/tests/data_files/server5-second-directoryname-malformed.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCTCCAa+gAwIBAgIBTTAKBggqhkjOPQQDAjBFMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxIzAhBgNVBAMMGk1iZWQgVExTIGRpcmVjdG9yeU5hbWUg
+U0FOMB4XDTIzMDExMjEwMzQxMVoXDTMzMDEwOTEwMzQxMVowRTELMAkGA1UEBhMC
+VUsxETAPBgNVBAoMCE1iZWQgVExTMSMwIQYDVQQDDBpNYmVkIFRMUyBkaXJlY3Rv
+cnlOYW1lIFNBTjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDfMVtl2CR5acj7H
+WS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76
+Aci07f+jgY8wgYwwawYDVR0RBGQwYqRHMEUxCzAJBgNVBAYTAlVLMREwDwYDVQQK
+DAhNYmVkIFRMUzEjMCEGA1UEAwwaTWJlZCBUTFMgZGlyZWN0b3J5TmFtZSBTQU6k
+FzAVMRMwEQYVVQQKDApNQUxGT1JNX01FMB0GA1UdDgQWBBRQYaWP1AfZ14IBDOVl
+f4xjRqcTvjAKBggqhkjOPQQDAgNIADBFAiAHI/ousygMhcDhAb+bK402vAh4+bGK
+UuwPMpd1XQ2FHAIhAL0uuCTzI72PJLyxB4cFtbmodUejDc+Oa02AUW4Ed8Uu
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 5554c2772..b811314d5 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -98,6 +98,14 @@ X509 CRT information EC, SHA256 Digest, directoryName SAN
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
 x509_cert_info:"data_files/server5-directoryname.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued  on        \: 2023-01-10 16\:59\:29\nexpires on        \: 2033-01-07 16\:59\:29\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n"
 
+X509 CRT information EC, SHA256 Digest, two directoryName SANs
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_cert_info:"data_files/server5-two-directorynames.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued  on        \: 2023-01-12 10\:34\:11\nexpires on        \: 2033-01-09 10\:34\:11\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n    directoryName \: O=MALFORM_ME\n"
+
+X509 CRT information EC, SHA256 Digest, second directoryname malformed
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_cert_info:"data_files/server5-second-directoryname-malformed.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued  on        \: 2023-01-12 10\:34\:11\nexpires on        \: 2033-01-09 10\:34\:11\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\nsubject alt name  \:\n    directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n    <malformed>\n"
+
 X509 CRT information EC, SHA256 Digest, Wisun Fan device
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
 x509_cert_info:"data_files/server5-fan.crt":"cert. version     \: 3\nserial number     \: 4D\nissuer name       \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name      \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued  on        \: 2019-03-25 09\:03\:46\nexpires on        \: 2029-03-22 09\:03\:46\nsigned using      \: ECDSA with SHA256\nEC key size       \: 256 bits\next key usage     \: Wi-SUN Alliance Field Area Network (FAN)\n"