diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-04-03 20:47:39 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-04-03 20:48:24 +0200 |
commit | f8eff0c22d26a06a119e0dd05b5c2ff5e4d27efe (patch) | |
tree | 8b66208c7be305cb8c9ec5c2325165ad920a5638 | |
parent | ed096d0b6968858213e93286cecf88ae7bb705af (diff) | |
download | gnutls-f8eff0c22d26a06a119e0dd05b5c2ff5e4d27efe.tar.gz |
Added self-test for PKCS #8 key conversion and reading
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/key-tests/Makefile.am (renamed from tests/key-id/Makefile.am) | 5 | ||||
-rw-r--r-- | tests/key-tests/README (renamed from tests/key-id/README) | 0 | ||||
-rw-r--r-- | tests/key-tests/ca-gnutls-keyid.pem (renamed from tests/key-id/ca-gnutls-keyid.pem) | 0 | ||||
-rw-r--r-- | tests/key-tests/ca-no-keyid.pem (renamed from tests/key-id/ca-no-keyid.pem) | 0 | ||||
-rw-r--r-- | tests/key-tests/ca-weird-keyid.pem (renamed from tests/key-id/ca-weird-keyid.pem) | 0 | ||||
-rw-r--r-- | tests/key-tests/key-ca-1234.p8 | 10 | ||||
-rw-r--r-- | tests/key-tests/key-ca-empty.p8 | 10 | ||||
-rw-r--r-- | tests/key-tests/key-ca-null.p8 | 10 | ||||
-rw-r--r-- | tests/key-tests/key-ca.pem (renamed from tests/key-id/key-ca.pem) | 0 | ||||
-rwxr-xr-x | tests/key-tests/key-id (renamed from tests/key-id/key-id) | 0 | ||||
-rw-r--r-- | tests/key-tests/key-user.pem (renamed from tests/key-id/key-user.pem) | 0 | ||||
-rwxr-xr-x | tests/key-tests/pkcs8 | 111 |
14 files changed, 146 insertions, 4 deletions
diff --git a/configure.ac b/configure.ac index e3bb3c900f..daa9bd9c6a 100644 --- a/configure.ac +++ b/configure.ac @@ -742,7 +742,7 @@ AC_CONFIG_FILES([ tests/dtls/Makefile tests/srp/Makefile tests/ecdsa/Makefile - tests/key-id/Makefile + tests/key-tests/Makefile tests/openpgp-certs/Makefile tests/pkcs1-padding/Makefile tests/pkcs12-decode/Makefile diff --git a/tests/Makefile.am b/tests/Makefile.am index 04bf44770f..2bb033156f 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -20,7 +20,7 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. SUBDIRS = . rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \ - userid cert-tests key-id sha2 safe-renegotiation dsa scripts ecdsa \ + userid cert-tests key-tests sha2 safe-renegotiation dsa scripts ecdsa \ slow dtls srp if ENABLE_OPENPGP diff --git a/tests/key-id/Makefile.am b/tests/key-tests/Makefile.am index 8f20670b4e..ec0962cc2c 100644 --- a/tests/key-id/Makefile.am +++ b/tests/key-tests/Makefile.am @@ -20,11 +20,12 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. EXTRA_DIST = README key-ca.pem key-user.pem \ - ca-gnutls-keyid.pem ca-no-keyid.pem ca-weird-keyid.pem + ca-gnutls-keyid.pem ca-no-keyid.pem ca-weird-keyid.pem \ + key-ca-1234.p8 key-ca-empty.p8 key-ca-null.p8 dist_check_SCRIPTS = key-id -TESTS = key-id +TESTS = key-id pkcs8 TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ LC_ALL="C" \ diff --git a/tests/key-id/README b/tests/key-tests/README index 9f1322791d..9f1322791d 100644 --- a/tests/key-id/README +++ b/tests/key-tests/README diff --git a/tests/key-id/ca-gnutls-keyid.pem b/tests/key-tests/ca-gnutls-keyid.pem index fdb7520a48..fdb7520a48 100644 --- a/tests/key-id/ca-gnutls-keyid.pem +++ b/tests/key-tests/ca-gnutls-keyid.pem diff --git a/tests/key-id/ca-no-keyid.pem b/tests/key-tests/ca-no-keyid.pem index 50675e420b..50675e420b 100644 --- a/tests/key-id/ca-no-keyid.pem +++ b/tests/key-tests/ca-no-keyid.pem diff --git a/tests/key-id/ca-weird-keyid.pem b/tests/key-tests/ca-weird-keyid.pem index 6ecfef4231..6ecfef4231 100644 --- a/tests/key-id/ca-weird-keyid.pem +++ b/tests/key-tests/ca-weird-keyid.pem diff --git a/tests/key-tests/key-ca-1234.p8 b/tests/key-tests/key-ca-1234.p8 new file mode 100644 index 0000000000..dc6b1daf9a --- /dev/null +++ b/tests/key-tests/key-ca-1234.p8 @@ -0,0 +1,10 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBfDAcBgoqhkiG9w0BDAEBMA4ECPvbksad11k/AgIBYASCAVqpBTCoK88VT4i2 +SP14VJrMGLz/QfnwH0MYpfPqCfYKy7GF7mF0LOV4KIG98J0l14R0sgS7666CAxvV +ByvdGafE77C2NdxoIzVwdC+wXISj8weztvOu8rkHizzouw0UYeoZgvcRg1TO1EUq +CnFRf4Ksmo47n6Pkz0OsyNFqXZEgC0E5ymu8frQtTlV30UPgzSMiPbP1aK45H7uc +7ccpXL+bZ1ycYyyVv1WLxHl8G65CUtEcDMMGSnSbSkId4EE2Obmwhy00FfvS4w8o +BugeBJhFpF8TnyyChoBDzXKerpiY934zNhUuk3B3Ayz2JHLJ6tSCwvdMEKaLDLl5 +4iLxuVNPpavBlIvsq9zHELfVjuYV4ZPEv2eHzEzgyUgtGRdmuL1TvsM3kOG4Beo3 +/9MAiJDmvY3CuzkqfFqdeJd6VzO3Z66Cqydvy3NnlmfpQarE2+6qi7CcQ5tvhW/I +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/key-tests/key-ca-empty.p8 b/tests/key-tests/key-ca-empty.p8 new file mode 100644 index 0000000000..f86433fa65 --- /dev/null +++ b/tests/key-tests/key-ca-empty.p8 @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAxpQGKKdRJDmxWgFU +m1DUFwxN36xCAAflcjDciC2CFoDaI0eoRnzIiE8PatK0hpfblIeFNS9R5xwzfmsc +AAcbuwIDAQABAkA/9SUWqu0jccGBb7REYgAtfDUIuX54bBKmeL5Ozfl8LWoRgKyN +LADN425xXm6tedNOaxugc0iKDngyfBsvVKdhAiEAy12kK1sWKVx2J1gF6AJrcAyu +TFB82yLyTV+6FhcRhmUCIQD5+SyPI0fK26dGOfBboQhE0JZ+LKd89aiJmFtg4Kpn +nwIhAKQL+5xFs9DVlzIRnWIUYZpXgFprKuySeibUK4YaQbbJAiEAqdMq/qPNZngM +EJ3UOawRXg8H7viPYUnUEoa7rfl0S6kCIQC2sU2pHtU6b2S36aNyx6dTMldpqsWd +GiD8T2oCOC5T9Q== +-----END PRIVATE KEY----- diff --git a/tests/key-tests/key-ca-null.p8 b/tests/key-tests/key-ca-null.p8 new file mode 100644 index 0000000000..e58483e952 --- /dev/null +++ b/tests/key-tests/key-ca-null.p8 @@ -0,0 +1,10 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBfDAcBgoqhkiG9w0BDAEBMA4ECOxO+XewS2/+AgIBBQSCAVqE1UFN8VmjMRbS +BNL/J+bUCtOy/4i14m5MBzCTlPqx/Fs2ecD1VoaLJof0qO/v6YBhGEJeTi2v9Xld +5mXzUBjCKC7ETdfWkUhzdX2rGc1pe9sMMpNFD3UK92QG5KUBFZ32MBdBmb/RGmNW +Z3zM6JEZwkTP9drrZRyQSsCTkjRcRODsv6sS+ftWljDteeQaWFDQhxz+kKN7BDpa +jxYLBoM330OB8wwa4NxPNa9GhtASpxgHuE0crViXh3rR30VF5HNcyQwT3jZW69CB +szFuV2n53WowjhgkUAXx+EQCxlTREoIX7FxZofl/IVtZNkfzXTZ9MT3yZxW1EDkO +B2RhEDbEEv1A4k073xmmFZMEP0lDgy+ufLFfDjJZoacq1lcWpySQBbIDCta3s1Tz +GbPRkJGGAIVa8O+T6O++rcI7o/kRZMr9B3/hvOemFcWxx0RZzMP870x83xLBmcyM +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/key-id/key-ca.pem b/tests/key-tests/key-ca.pem index 88e775c78c..88e775c78c 100644 --- a/tests/key-id/key-ca.pem +++ b/tests/key-tests/key-ca.pem diff --git a/tests/key-id/key-id b/tests/key-tests/key-id index 9bad211b26..9bad211b26 100755 --- a/tests/key-id/key-id +++ b/tests/key-tests/key-id diff --git a/tests/key-id/key-user.pem b/tests/key-tests/key-user.pem index e375860987..e375860987 100644 --- a/tests/key-id/key-user.pem +++ b/tests/key-tests/key-user.pem diff --git a/tests/key-tests/pkcs8 b/tests/key-tests/pkcs8 new file mode 100755 index 0000000000..05f82c797b --- /dev/null +++ b/tests/key-tests/pkcs8 @@ -0,0 +1,111 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir=${srcdir:-.} +CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} +GREP=${GREP:-grep} + +# check keys with password +$CERTTOOL --to-p8 --load-privkey $srcdir/key-ca.pem --password "1234" \ + --outfile tmp-key-ca.p8 2>/dev/null + +$GREP "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in converting key to PKCS #8 with password" + exit $rc +fi + +$CERTTOOL -k --pkcs8 --infile $srcdir/key-ca.pem --password "1234" >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in reading PKCS #8 key with password" + exit $rc +fi + +$CERTTOOL -k --pkcs8 --infile $srcdir/key-ca-1234.p8 --password "1234" >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in reading saved PKCS #8 key with password" + exit $rc +fi + +#keys encrypted with empty password +$CERTTOOL --to-p8 --load-privkey $srcdir/key-ca.pem --password "" \ + --outfile tmp-key-ca.p8 2>/dev/null + +$GREP "BEGIN PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in converting key to PKCS #8 with empty password" + exit $rc +fi + +$CERTTOOL -k --pkcs8 --infile $srcdir/key-ca.pem --password "" >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in reading PKCS #8 key with empty password" + exit $rc +fi + +$CERTTOOL -k --pkcs8 --infile $srcdir/key-ca-empty.p8 --password "" >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in reading saved PKCS #8 key with empty password" + exit $rc +fi + +#keys encrypted with null password +$CERTTOOL --to-p8 --load-privkey $srcdir/key-ca.pem --null-password \ + --outfile tmp-key-ca.p8 2>/dev/null + +$GREP "BEGIN ENCRYPTED PRIVATE KEY" tmp-key-ca.p8 >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in converting key to PKCS #8 with null password" + exit $rc +fi + +$CERTTOOL -k --pkcs8 --infile $srcdir/key-ca.pem --null-password >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in reading PKCS #8 key with null password" + exit $rc +fi + +$CERTTOOL -k --pkcs8 --infile $srcdir/key-ca-null.p8 --null-password >/dev/null 2>&1 +rc=$? +# We're done. +if test "$rc" != "0"; then + echo "Error in reading saved PKCS #8 key with null password" + exit $rc +fi + +rm -f tmp-key-ca.p8 + +exit 0 |