diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-12-31 13:38:34 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-12-31 14:37:00 +0200 |
commit | b9d0fde4b5702574633d5c6a71681eca20c5327e (patch) | |
tree | 108026571a4a11c74db5483768ce392098d2aae4 | |
parent | d6814307218ce390b0a209d7aee67e0804aa7796 (diff) | |
download | gnutls-b9d0fde4b5702574633d5c6a71681eca20c5327e.tar.gz |
tests: pkcs11-pubkey-import will check both RSA and ECDSA keys
-rw-r--r-- | tests/suite/Makefile.am | 4 | ||||
-rw-r--r-- | tests/suite/pkcs11-pubkey-import-ecdsa.c | 42 | ||||
-rw-r--r-- | tests/suite/pkcs11-pubkey-import-rsa.c | 42 | ||||
-rw-r--r-- | tests/suite/pkcs11-pubkey-import.c | 27 |
4 files changed, 102 insertions, 13 deletions
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 0d82b1580b..6f2c9e8f41 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -90,8 +90,8 @@ nodist_check_SCRIPTS = testsrn.sh chain.sh invalid-cert.sh \ testrandom.sh if ENABLE_PKCS11 -check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import -nodist_check_SCRIPTS += testpkcs11.sh pkcs11-chainverify pkcs11-get-issuer crl-test pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import +check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import-rsa pkcs11-pubkey-import-ecdsa +nodist_check_SCRIPTS += testpkcs11.sh pkcs11-chainverify pkcs11-get-issuer crl-test pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import-ecdsa pkcs11-pubkey-import-rsa endif TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ diff --git a/tests/suite/pkcs11-pubkey-import-ecdsa.c b/tests/suite/pkcs11-pubkey-import-ecdsa.c new file mode 100644 index 0000000000..fb4f8ad5c8 --- /dev/null +++ b/tests/suite/pkcs11-pubkey-import-ecdsa.c @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <unistd.h> + +#define CONFIG_NAME "softhsm-pubkey-import-ecdsa" +#define CONFIG CONFIG_NAME".config" + +#include "pkcs11-pubkey-import.c" + +void doit(void) +{ + success("Testing ECDSA key\n"); + return try(0); +} diff --git a/tests/suite/pkcs11-pubkey-import-rsa.c b/tests/suite/pkcs11-pubkey-import-rsa.c new file mode 100644 index 0000000000..ad0596f3f3 --- /dev/null +++ b/tests/suite/pkcs11-pubkey-import-rsa.c @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <unistd.h> + +#define CONFIG_NAME "softhsm-pubkey-import-rsa" +#define CONFIG CONFIG_NAME".config" + +#include "pkcs11-pubkey-import.c" + +void doit(void) +{ + success("Testing RSA key\n"); + return try(1); +} diff --git a/tests/suite/pkcs11-pubkey-import.c b/tests/suite/pkcs11-pubkey-import.c index a4845302c5..c286652b20 100644 --- a/tests/suite/pkcs11-pubkey-import.c +++ b/tests/suite/pkcs11-pubkey-import.c @@ -40,8 +40,6 @@ /* Tests whether gnutls_pubkey_import_privkey works well for * RSA keys under PKCS #11 */ -#define CONFIG_NAME "softhsm-privkey" -#define CONFIG CONFIG_NAME".config" #include "../cert-common.h" @@ -65,10 +63,9 @@ int pin_func(void* userdata, int attempt, const char* url, const char *label, return -1; } -void doit(void) +void try(int rsa) { char buf[128]; - int exit_val = 0; int ret, pk; const char *lib, *bin; gnutls_x509_crt_t crt; @@ -76,6 +73,7 @@ void doit(void) gnutls_datum_t tmp, sig; gnutls_privkey_t pkey; gnutls_pubkey_t pubkey; + gnutls_pubkey_t pubkey2; bin = softhsm_bin(); @@ -112,7 +110,7 @@ void doit(void) } ret = - gnutls_x509_crt_import(crt, &server_cert, + gnutls_x509_crt_import(crt, rsa?&server_cert:&server_ecc_cert, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, @@ -140,7 +138,7 @@ void doit(void) } ret = - gnutls_x509_privkey_import(key, &server_key, + gnutls_x509_privkey_import(key, rsa?&server_key:&server_ecc_key, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf(stderr, @@ -192,20 +190,27 @@ void doit(void) assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0); pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); - /* check whether privkey and pubkey are operational */ + + /* check whether privkey and pubkey are operational + * by signing and verifying */ assert(gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig) == 0); + + /* verify against the raw pubkey */ + assert(gnutls_pubkey_init(&pubkey2) == 0); + assert(gnutls_pubkey_import_x509_raw(pubkey2, rsa?&server_cert:&server_ecc_cert, GNUTLS_X509_FMT_PEM, 0) == 0); + assert(gnutls_pubkey_verify_data2(pubkey2, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0); + + /* verify against the pubkey in PKCS #11 */ assert(gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0); gnutls_free(sig.data); + gnutls_pubkey_deinit(pubkey2); gnutls_pubkey_deinit(pubkey); gnutls_privkey_deinit(pkey); gnutls_global_deinit(); - if (debug) - printf("Exit status...%d\n", exit_val); remove(CONFIG); - - exit(exit_val); } + |