Merge pull request #8480 from yuhaoth/backports/7649/add-command-for-server9-bad-saltlen

Backports for #7649 : add command for server9-bad-saltlen
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index 9b96a8d..e779483 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -12,3 +12,7 @@
 # Use the earliest version of mypy that works with our code base.
 # See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
 mypy >= 0.780
+
+# For building `tests/data_files/server9-bad-saltlen.crt` and check python
+# files.
+asn1crypto
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index f67db07..68bc124 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -151,10 +151,8 @@
 	$(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \
 		-signkey $(test_ca_key_file_ec) -days 3653 -out $@
 
-all_final += test-ca2.ku-crl.crt \
-			 test-ca2.ku-crt.crt \
-			 test-ca2.ku-crt_crl.crt \
-			 test-ca2.ku-ds.crt
+all_final += test-ca2.ku-crl.crt test-ca2.ku-crt.crt test-ca2.ku-crt_crl.crt \
+	     test-ca2.ku-ds.crt
 
 test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
 	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \
@@ -513,10 +511,6 @@
 	cat $^ > $@
 all_final += server9-with-ca.crt
 
-# FIXME: This file needs special sequence. It should be update manually
-server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
-	false
-
 server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
 	$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
 		-passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
@@ -526,6 +520,16 @@
 		-in $< -out $@
 all_final += server9-bad-mgfhash.crt
 
+server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) \
+			 opensslcnf/server9.crt.v3_ext \
+			 ../scripts/generate_server9_bad_saltlen.py
+	../scripts/generate_server9_bad_saltlen.py --ca-name test-ca \
+		--ca-password $(test_ca_pwd_rsa) --csr server9.csr \
+		--openssl-extfile opensslcnf/server9.crt.v3_ext \
+		--anounce_saltlen 0xde --actual_saltlen 0x20 \
+		--output $@
+all_final += server9-bad-saltlen.crt
+
 # server10*
 
 server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
@@ -1362,9 +1366,9 @@
 all_intermediate += server6-ss-child.csr
 server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext
 	$(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \
-				-extfile server6-ss-child.crt.openssl.v3_ext \
-				-set_serial 0x53a2cb5822399474a7ec79ec \
-				-days 3650 -sha256 -in $< -out $@
+		-extfile server6-ss-child.crt.openssl.v3_ext \
+		-set_serial 0x53a2cb5822399474a7ec79ec \
+		-days 3650 -sha256 -in $< -out $@
 all_final += server6-ss-child.crt
 
 
@@ -1501,9 +1505,9 @@
 	$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
 
 crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \
-							  $(test_ca_config_file) 				\
-							  test-ca.server1.future-crl.db  \
-							  test-ca.server1.future-crl.opensslconf
+			      $(test_ca_config_file) \
+			      test-ca.server1.future-crl.db \
+			      test-ca.server1.future-crl.opensslconf
 	$(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \
 		-config test-ca.server1.future-crl.opensslconf -crldays 365 \
 		-passin "pass:$(test_ca_pwd_rsa)" -out $@
diff --git a/tests/data_files/opensslcnf/server9.crt.v3_ext b/tests/data_files/opensslcnf/server9.crt.v3_ext
new file mode 100644
index 0000000..f8d201b
--- /dev/null
+++ b/tests/data_files/opensslcnf/server9.crt.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:false
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
diff --git a/tests/scripts/generate_server9_bad_saltlen.py b/tests/scripts/generate_server9_bad_saltlen.py
new file mode 100755
index 0000000..3668215
--- /dev/null
+++ b/tests/scripts/generate_server9_bad_saltlen.py
@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+"""Generate server9-bad-saltlen.crt
+
+Generate a certificate signed with RSA-PSS, with an incorrect salt length.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import subprocess
+import argparse
+from asn1crypto import pem, x509, core #type: ignore #pylint: disable=import-error
+
+OPENSSL_RSA_PSS_CERT_COMMAND = r'''
+openssl x509 -req -CA {ca_name}.crt -CAkey {ca_name}.key -set_serial 24 {ca_password} \
+    {openssl_extfile} -days 3650 -outform DER -in {csr}  \
+    -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{anounce_saltlen} \
+    -sigopt rsa_mgf1_md:sha256
+'''
+SIG_OPT = \
+    r'-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{saltlen} -sigopt rsa_mgf1_md:sha256'
+OPENSSL_RSA_PSS_DGST_COMMAND = r'''openssl dgst -sign {ca_name}.key {ca_password} \
+    -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{actual_saltlen} \
+    -sigopt rsa_mgf1_md:sha256'''
+
+
+def auto_int(x):
+    return int(x, 0)
+
+
+def build_argparser(parser):
+    """Build argument parser"""
+    parser.description = __doc__
+    parser.add_argument('--ca-name', type=str, required=True,
+                        help='Basename of CA files')
+    parser.add_argument('--ca-password', type=str,
+                        required=True, help='CA key file password')
+    parser.add_argument('--csr', type=str, required=True,
+                        help='CSR file for generating certificate')
+    parser.add_argument('--openssl-extfile', type=str,
+                        required=True, help='X905 v3 extension config file')
+    parser.add_argument('--anounce_saltlen', type=auto_int,
+                        required=True, help='Announced salt length')
+    parser.add_argument('--actual_saltlen', type=auto_int,
+                        required=True, help='Actual salt length')
+    parser.add_argument('--output', type=str, required=True)
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    build_argparser(parser)
+    args = parser.parse_args()
+
+    return generate(**vars(args))
+
+def generate(**kwargs):
+    """Generate different salt length certificate file."""
+    ca_password = kwargs.get('ca_password', '')
+    if ca_password:
+        kwargs['ca_password'] = r'-passin "pass:{ca_password}"'.format(
+            **kwargs)
+    else:
+        kwargs['ca_password'] = ''
+    extfile = kwargs.get('openssl_extfile', '')
+    if extfile:
+        kwargs['openssl_extfile'] = '-extfile {openssl_extfile}'.format(
+            **kwargs)
+    else:
+        kwargs['openssl_extfile'] = ''
+
+    cmd = OPENSSL_RSA_PSS_CERT_COMMAND.format(**kwargs)
+    der_bytes = subprocess.check_output(cmd, shell=True)
+    target_certificate = x509.Certificate.load(der_bytes)
+
+    cmd = OPENSSL_RSA_PSS_DGST_COMMAND.format(**kwargs)
+    #pylint: disable=unexpected-keyword-arg
+    der_bytes = subprocess.check_output(cmd,
+                                        input=target_certificate['tbs_certificate'].dump(),
+                                        shell=True)
+
+    with open(kwargs.get('output'), 'wb') as f:
+        target_certificate['signature_value'] = core.OctetBitString(der_bytes)
+        f.write(pem.armor('CERTIFICATE', target_certificate.dump()))
+
+
+if __name__ == '__main__':
+    main()