From 608e3efc477c02f30e2717feaa904b62212b59bd Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 9 Feb 2023 14:47:50 +0100
Subject: [PATCH] Add test for parsing SAN: rfc822Name

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/data_files/Makefile                     |   3 +++
 tests/data_files/test-ca.opensslconf          |   3 +++
 tests/data_files/test_cert_rfc822name.crt.der | Bin 0 -> 677 bytes
 tests/suites/test_suite_x509parse.data        |   4 ++++
 tests/suites/test_suite_x509parse.function    |  13 ++++++++++++-
 5 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 tests/data_files/test_cert_rfc822name.crt.der

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 7f39d318d..01b46f13b 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -140,6 +140,9 @@ test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: te
 test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: test_csr_v3_all.csr.der
 	(hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@
 
+test_cert_rfc822name.crt.der: cert_example_multi.csr
+	$(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
+
 $(test_ca_key_file_rsa_alt):test-ca.opensslconf
 	$(OPENSSL) genrsa -out $@ 2048
 test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index bd127609e..8f8385a48 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -24,6 +24,9 @@ subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
 [dns_alt_names]
 subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org
 
+[rfc822name_names]
+subjectAltName=email:my@other.address,email:second@other.address
+
 [alt_names]
 DNS.1=example.com
 otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
diff --git a/tests/data_files/test_cert_rfc822name.crt.der b/tests/data_files/test_cert_rfc822name.crt.der
new file mode 100644
index 0000000000000000000000000000000000000000..cdc8189d024239e5e5eaf931eb2b9922e62fd54c
GIT binary patch
literal 677
zcmXqLVp?d>#MrrjnTe5!iBZsimyJ`a&7<u*FC!y2D}#ZxA-4f18*?ZNn=q4~kD;Ie
zKZwJ{!x505lUNiS>|-ctAPy2@<`IAiDTJgJmnb+p8pw(B8W|fH8CV(`n;02eMv3zp
zBXbR`2pTS7AO<m<zr4I$FSQ~uw;(4~FF8Ngpm9F3QyEzqm>YW;3>rI`8XFmoTTD87
z_)CERNA?e4(>I?PWx7=Pr#6|%t&*E26e_jmM|G(&cR{%EoSRcW`uez-pV)U~f&G&d
zo6Db1GCA8Gu8HoeT*cY4u1VOOYkzCzUM<t4oQ?mUta;$H$+4#T$y{}j**fgmea^P_
zIb~LEvt$Z*Rp;*EIPUQ029tTx|Jv7obeWhL85kFv8W<ZG0$ndF$f9MS(I}8x>5yNN
zky@men37VIT3p;HQk<HcpO=CvitH<31TZ%-GBP+=W<I)R7H~B;$J+hpipCVrE9@T%
z?|pOGcj%#~p~un}TD4!&iXzu<;&EY<*PFfdtpIn*nul{jAI!hm>%O>dvw!pJ_z=eP
zMVgPD=5bB^8rSslWlW$|$8L_dyO!^4EQx%R%_kG%UvSyt3ZLcz?(NwOEcFR*W9D<8
zcaT5w_IT+bMu}q=BUMtbOV2w|S(%~vQjBL?=)C)%1A4T3=G_0(Yv*HYUK_A?;gjnY
z$&;cFoU3<f_|Z3uMNV{u!R?#UXXE{sWVb$)oIcgg;Iq5plRvjNvhk_<SbMaW)jT+K
s>y7sOq|!;(>n=}tsdHiBg(rR;6I1l`_fGRSTC?1NRqNp&-8TCZ0QQ>vN&o-=

literal 0
HcmV?d00001

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 961b25ac1..48c4fceed 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -206,6 +206,10 @@ X509 SAN parsing, unsupported otherName name
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
 x509_parse_san:"data_files/server5-unsupported_othername.crt":""
 
+X509 SAN parsing rfc822Name
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n"
+
 X509 CRL information #1
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
 mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version   \: 1\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2011-02-20 10\:24\:19\nnext update   \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using  \: RSA with SHA1\n"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 3454da352..f6e4a0625 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -279,7 +279,18 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
                 *p++ = san->san.unstructured_name.p[i];
             }
             break;/* MBEDTLS_X509_SAN_DNS_NAME */
-
+        case (MBEDTLS_X509_SAN_RFC822_NAME):
+            ret = mbedtls_snprintf(p, n, "\nrfc822Name : ");
+            MBEDTLS_X509_SAFE_SNPRINTF;
+            if (san->san.unstructured_name.len >= n) {
+                *p = '\0';
+                return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+            }
+            n -= san->san.unstructured_name.len;
+            for (i = 0; i < san->san.unstructured_name.len; i++) {
+                *p++ = san->san.unstructured_name.p[i];
+            }
+            break;/* MBEDTLS_X509_SAN_RFC822_NAME */
         default:
             /*
              * Should not happen.