tests: added unit test for the SPKI related functions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

3 files changed, 279 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 687521856f..f0501cc4ae 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -112,7 +112,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred cert certuniqueid	\
 	 tls-rehandshake-cert-2 custom-urls set_x509_key_mem set_x509_key_file \
 	 mini-chain-unsorted x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \
 	 mini-dtls-record-asym key-import-export priority-set priority-set2 \
-	 pubkey-import-export sign-is-secure \
+	 pubkey-import-export sign-is-secure spki \
 	 mini-dtls-fork mini-dtls-pthread mini-key-material x509cert-invalid \
 	 tls-ext-register tls-supplemental mini-dtls0-9 duplicate-extensions \
 	 mini-record-retvals mini-server-name tls-etm x509-cert-callback \
diff --git a/tests/cert-common.h b/tests/cert-common.h
index 151e3c357e..d8106641b2 100644
--- a/tests/cert-common.h
+++ b/tests/cert-common.h
@@ -30,6 +30,7 @@
  * TLS client (RSA PSS): cli_ca3_rsa_pss_cert, cli_ca3_rsa_pss_key
  * IPv4 server (SAN: IPAddr: 127.0.0.1): server_ca3_ipaddr_cert, server_ca3_key
  * IPv4 server (RSA-PSS, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss_cert, server_ca3_rsa_pss_key
+ * IPv4 server (RSA-PSS key, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss2_cert, server_ca3_rsa_pss2_key
  * IPv4 server (EdDSA, SAN: localhost IPAddr: 127.0.0.1): server_ca3_eddsa_cert, server_ca3_eddsa_key
  * IPv6 server: server_ca3_localhost6_cert, server_ca3_key
  * IPv4 server: server_ca3_localhost_cert, server_ca3_key
@@ -854,6 +855,70 @@ const gnutls_datum_t server_ca3_rsa_pss_cert = { (void*)server_ca3_rsa_pss_cert_
 	sizeof(server_ca3_rsa_pss_cert_pem)-1
 };
 
+static char server_ca3_rsa_pss2_key_pem[] =
+	"-----BEGIN PRIVATE KEY-----\n"
+	"MIIE7AIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3\n"
+	"DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKYwggSiAgEAAoIBAQCte+3f4Sgy89/R\n"
+	"LNfx/NazlTgHxL6IXJuL44tutdhxA91vCJt0+ZSShWibsuyF+H09it3G0+3LvE2W\n"
+	"vkU58ha7ljvCWckPf2+YpsFynNQc0Lw6BThRMQdJpJvI54OdxfhoPjhDnTui/EEj\n"
+	"/n9MbLo5rAX5ZDIpWa3Vgpl37Q8czjFINCgQ/f8qsD4WabBSbuSnrYDvuASGez4O\n"
+	"YDAFvM51+4U4GxN7ZKbrDTQcAySU0Fjy+I5eW/BIXd9TeHb6XYJudMQY7rozTijm\n"
+	"6qbZieahke+FUCgm8BnRXghfcVSswUZEJQkCvF+SdUl3iAYlY/UBzVFsGDSFbID2\n"
+	"XRtEvrnvAgMBAAECggEATj8COCL+lZSnU1oNgAiQ8eiQn/heE3TpdzvHLMT5/WdH\n"
+	"3YedTjIvj7J6TxdxVK+SFUrn4oC91VF2EVJ6OLt3A16sT2ldpQ7OT6SOxdn0VZbT\n"
+	"/rtR/lTFu7JxzTiWhXfAJYxCpkRpnIZ3/vsPgXHcwJxVCXnmof3fyNghzhRu54de\n"
+	"V5GUwJ6TT3MMYLYKf5ii8Yt9WqeekQF7Hy/kIwz+4CbgR3fDdRXFnRwdNmA4RG3w\n"
+	"TbwvqR9ApyAictYz4HpZWgYL+cXsH6Fm+/ChZiV9/zvdVVOo+dOAcxx2cWahm/NL\n"
+	"tksGD7hI5kqD9moi2wiAsGHPa+/rkLxIBm0xvF1veQKBgQDVFKujtQyfzJw5DUPL\n"
+	"kTCLp+370ZBTK01daKZrpfgw6QrylYljcIq8n1izauElYm5cZ9krMGzvL5ceg49p\n"
+	"obl1tdCOQJQACrJmLZSuvVfw8TSwHPyOGtRWxhF4miX+ym3yMFqRyN2nXx1iAo5I\n"
+	"Cz+aGmTfT1zSZkLnfQSjYWZFgwKBgQDQbX2wPavLI+1yWARStqrwVWO1mU0Nixbo\n"
+	"jHrRlzrKYqtV+0ea6550LtDG5A/zf9MP6439NNHPqs4rnY910odd+xmLdQj2gocB\n"
+	"IS4nPBE4o1k3L9m+bSw9nyDdJWRkASq4uem6QvyVsQpWUoxzmg5/fwRUlOU8X3pP\n"
+	"ZLSSpz06JQKBgF4b6AbAwtedFe54tlWlRWyY+Zn7n6Or/1pfCwmGXwyzEJu9gdWC\n"
+	"cjQGqLVtYg0R4S48y4SwuZwWR8c5UdDUlcWwTHFXgkZWcx5/ySg4BiwrTBrwYncc\n"
+	"0GWWy0aZxmg23cJWqtmyfnsani6YdGDLXwbf22dpdNSUR75X0AGc1f+jAoGADha4\n"
+	"nkcs66hcDpSghi7O0zwSZ14bdUTnoYSNcMl2MeQFjORVbMVsipH3jtovsdf8HmFf\n"
+	"0bPWUuFK2mvmHKLEf7fPfDvHBVLBaXQiuIg46ckw6KgVYefjS68L+6bhaFkj2CTJ\n"
+	"BcwtYrj65+bgk5fgTwH4+vatoC0cCW3XPuqLGvkCgYAj2NGQAEQ4HkmF55otDocZ\n"
+	"SkAJFfibyrkKEK+PsQ7dRR/HEc93hvkI0PHpsLx8A3FZ370FAPtiKmnmfabHxEsK\n"
+	"TWA2DTacq//MzXQrjsx0CpvGId1dOyVZIrwIFM17KmW5HHE37fY4PFZTZVXHAKf6\n"
+	"nQyUF7m3FUJjavm46KJIhw==\n"
+	"-----END PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_ca3_rsa_pss2_key = { (void*)server_ca3_rsa_pss2_key_pem,
+	sizeof(server_ca3_rsa_pss2_key_pem)-1
+};
+
+static char server_ca3_rsa_pss2_cert_pem[] =
+	"-----BEGIN CERTIFICATE-----\n"
+	"MIID0TCCAjmgAwIBAgIIWXYEJjkAauMwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n"
+	"AxMEQ0EtMzAgFw0xNzA3MjQxNDI4NTVaGA85OTk5MTIzMTIzNTk1OVowADCCAVIw\n"
+	"PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ\n"
+	"YIZIAWUDBAIBogMCASADggEPADCCAQoCggEBAK177d/hKDLz39Es1/H81rOVOAfE\n"
+	"vohcm4vji2612HED3W8Im3T5lJKFaJuy7IX4fT2K3cbT7cu8TZa+RTnyFruWO8JZ\n"
+	"yQ9/b5imwXKc1BzQvDoFOFExB0mkm8jng53F+Gg+OEOdO6L8QSP+f0xsujmsBflk\n"
+	"MilZrdWCmXftDxzOMUg0KBD9/yqwPhZpsFJu5KetgO+4BIZ7Pg5gMAW8znX7hTgb\n"
+	"E3tkpusNNBwDJJTQWPL4jl5b8Ehd31N4dvpdgm50xBjuujNOKObqptmJ5qGR74VQ\n"
+	"KCbwGdFeCF9xVKzBRkQlCQK8X5J1SXeIBiVj9QHNUWwYNIVsgPZdG0S+ue8CAwEA\n"
+	"AaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNV\n"
+	"HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQCiLaK\n"
+	"LrqB0vaCnoNP1V8QVLlA8jAfBgNVHSMEGDAWgBT5qIYZY7akFBNgdg8BmjU27/G0\n"
+	"rzANBgkqhkiG9w0BAQsFAAOCAYEANgnTu4nYiv1nH6Iqpnn48CNrGK25ax6FuPvc\n"
+	"HxOyFFa9jomP8KjyNv3EsmmoBcQBkbRdAX8sFdtbyjILqRLoRMFO7D60BmCitGYH\n"
+	"MDjEIkG9QjcCo03YIT93SORwnt1qrWh6paOH7Nme+CsgRyXN7iNNur2LgGSilQ7P\n"
+	"Rs/vr0DdxmlUxUQHDa5GRIvU3FFs4NLC/9sQd3+JGqzDbY7UqLnP5fzn6/PSMKIw\n"
+	"Gc4IzbJrqjFsyfjQkblM2eBwmkUD3SnTFWqYwUsohGlSxBwKSIyVzlyuoD1FXop7\n"
+	"lgG8/a1D/ZFa34q8tj24Wnd9zdr/Jrv2g51OSf0VIbQdP92l2kDouobPS/7DTgPI\n"
+	"D7h52NLVm8cbV1RqxbeS3spZ2OAQn8tLiTwz+abNdsikFjMvfXq61iIv3QASUyUB\n"
+	"VydSB7stwAUd6wys2H7crmeiMMtgxSjZJtB4GDUCb24a+/a4IgpqxFzGDLE9Ur69\n"
+	"D8aQbKGJzzih56a2wwc0ZqA0ilGm\n"
+	"-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_ca3_rsa_pss2_cert = { (void*)server_ca3_rsa_pss2_cert_pem,
+	sizeof(server_ca3_rsa_pss2_cert_pem)-1
+};
+
 static char cli_ca3_rsa_pss_cert_pem[] =
 	"-----BEGIN CERTIFICATE-----\n"
 	"MIIEAjCCAjqgAwIBAgIMWSa+VhOfC8uEpb/cMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n"
diff --git a/tests/spki.c b/tests/spki.c
new file mode 100644
index 0000000000..04b4ef3342
--- /dev/null
+++ b/tests/spki.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
+
+#include "utils.h"
+#include "cert-common.h"
+
+static void crq_check(void)
+{
+	int ret;
+	gnutls_x509_crq_t crq;
+	gnutls_x509_spki_t spki;
+	gnutls_datum_t tmp;
+	gnutls_x509_privkey_t privkey;
+
+	ret = global_init();
+	if (ret != 0) {
+		fail("%d: %s\n", ret, gnutls_strerror(ret));
+		exit(1);
+	}
+
+	assert(gnutls_x509_privkey_init(&privkey)>=0);
+
+	ret =
+	    gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 2048, 0);
+	assert(ret>=0);
+
+	assert(gnutls_x509_spki_init(&spki)>=0);
+
+	gnutls_x509_spki_set_pk_algorithm(spki, GNUTLS_PK_RSA_PSS);
+	gnutls_x509_spki_set_salt_size(spki, 32);
+	gnutls_x509_spki_set_digest_algorithm(spki, GNUTLS_DIG_SHA256);
+
+	ret = gnutls_x509_crq_init(&crq);
+	if (ret < 0) {
+		fprintf(stderr,
+			"gnutls_x509_crq_init: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+
+	assert(gnutls_x509_crq_set_version(crq, 1)>=0);
+	assert(gnutls_x509_crq_set_key(crq, privkey)>=0);
+	assert(gnutls_x509_crq_set_spki(crq, spki, 0)>=0);
+
+	assert(gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME,
+						0, "CN-Test", 7)>=0);
+	gnutls_x509_spki_deinit(spki);
+
+	assert(gnutls_x509_crq_sign2(crq, privkey, GNUTLS_DIG_SHA256, 0)>=0);
+
+	if (debug) {
+		gnutls_x509_crq_print(crq, GNUTLS_CRT_PRINT_ONELINE, &tmp);
+
+		printf("\tCertificate: %.*s\n", tmp.size, tmp.data);
+		gnutls_free(tmp.data);
+	}
+
+	/* read SPKI */
+	assert(gnutls_x509_spki_init(&spki)>=0);
+
+	ret = gnutls_x509_crq_get_spki(crq, spki, 0);
+	assert(ret >= 0);
+
+	assert(gnutls_x509_spki_get_salt_size(spki) == 32);
+	assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA256);
+	assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA_PSS);
+
+	gnutls_x509_crq_deinit(crq);
+	gnutls_x509_spki_deinit(spki);
+	gnutls_x509_privkey_deinit(privkey);
+	gnutls_global_deinit();
+}
+
+
+static void cert_check(void)
+{
+	int ret;
+	gnutls_x509_crt_t crt;
+	gnutls_x509_spki_t spki;
+	gnutls_datum_t tmp;
+
+	ret = global_init();
+	if (ret != 0) {
+		fail("%d: %s\n", ret, gnutls_strerror(ret));
+		exit(1);
+	}
+
+	ret = gnutls_x509_spki_init(&spki);
+	assert(ret>=0);
+
+	ret = gnutls_x509_crt_init(&crt);
+	if (ret < 0) {
+		fprintf(stderr,
+			"gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+
+	ret =
+	    gnutls_x509_crt_import(crt, &server_ca3_rsa_pss2_cert,
+				   GNUTLS_X509_FMT_PEM);
+	if (ret < 0) {
+		fprintf(stderr,
+			"gnutls_x509_crt_import: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+
+	if (debug) {
+		gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp);
+
+		printf("\tCertificate: %.*s\n", tmp.size, tmp.data);
+		gnutls_free(tmp.data);
+	}
+
+	ret = gnutls_x509_crt_get_spki(crt, spki, 0);
+	assert(ret >= 0);
+
+	assert(gnutls_x509_spki_get_salt_size(spki) == 32);
+	assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA256);
+	assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA_PSS);
+
+	gnutls_x509_crt_deinit(crt);
+	gnutls_x509_spki_deinit(spki);
+	gnutls_global_deinit();
+}
+
+static void key_check(void)
+{
+	int ret;
+	gnutls_x509_privkey_t key;
+	gnutls_x509_spki_t spki;
+
+	ret = global_init();
+	if (ret != 0) {
+		fail("%d: %s\n", ret, gnutls_strerror(ret));
+		exit(1);
+	}
+
+	ret = gnutls_x509_spki_init(&spki);
+	assert(ret>=0);
+
+	ret = gnutls_x509_privkey_init(&key);
+	if (ret < 0) {
+		fprintf(stderr,
+			"gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+
+	ret =
+	    gnutls_x509_privkey_import(key, &server_ca3_rsa_pss2_key,
+				       GNUTLS_X509_FMT_PEM);
+	if (ret < 0) {
+		fprintf(stderr,
+			"gnutls_x509_privkey_import: %s\n",
+			gnutls_strerror(ret));
+		exit(1);
+	}
+
+	ret = gnutls_x509_privkey_get_spki(key, spki, 0);
+	assert(ret >= 0);
+
+	assert(gnutls_x509_spki_get_salt_size(spki) == 32);
+	assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA256);
+	assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA_PSS);
+
+	/* set and get */
+	gnutls_x509_spki_set_pk_algorithm(spki, GNUTLS_PK_RSA);
+	gnutls_x509_spki_set_digest_algorithm(spki, GNUTLS_DIG_SHA1);
+	gnutls_x509_spki_set_salt_size(spki, 64);
+	assert(gnutls_x509_spki_get_salt_size(spki) == 64);
+	assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA1);
+	assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA);
+
+	gnutls_x509_privkey_deinit(key);
+	gnutls_x509_spki_deinit(spki);
+}
+
+void doit(void)
+{
+	cert_check();
+	key_check();
+	crq_check();
+}