diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-24 16:35:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-03 11:57:52 +0200 |
commit | 7784a7d2921d4316c11164e27b82e3ac930d959f (patch) | |
tree | 0e3c66f7fe9098ba097b41aa08f4209cb1ba085f | |
parent | 66cb33d888428312c5f11f3e9e1d1b9adeb431e8 (diff) | |
download | gnutls-7784a7d2921d4316c11164e27b82e3ac930d959f.tar.gz |
tests: added unit test for the SPKI related functions
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/cert-common.h | 65 | ||||
-rw-r--r-- | tests/spki.c | 213 |
3 files changed, 279 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 687521856f..f0501cc4ae 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -112,7 +112,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred cert certuniqueid \ tls-rehandshake-cert-2 custom-urls set_x509_key_mem set_x509_key_file \ mini-chain-unsorted x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \ mini-dtls-record-asym key-import-export priority-set priority-set2 \ - pubkey-import-export sign-is-secure \ + pubkey-import-export sign-is-secure spki \ mini-dtls-fork mini-dtls-pthread mini-key-material x509cert-invalid \ tls-ext-register tls-supplemental mini-dtls0-9 duplicate-extensions \ mini-record-retvals mini-server-name tls-etm x509-cert-callback \ diff --git a/tests/cert-common.h b/tests/cert-common.h index 151e3c357e..d8106641b2 100644 --- a/tests/cert-common.h +++ b/tests/cert-common.h @@ -30,6 +30,7 @@ * TLS client (RSA PSS): cli_ca3_rsa_pss_cert, cli_ca3_rsa_pss_key * IPv4 server (SAN: IPAddr: 127.0.0.1): server_ca3_ipaddr_cert, server_ca3_key * IPv4 server (RSA-PSS, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss_cert, server_ca3_rsa_pss_key + * IPv4 server (RSA-PSS key, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss2_cert, server_ca3_rsa_pss2_key * IPv4 server (EdDSA, SAN: localhost IPAddr: 127.0.0.1): server_ca3_eddsa_cert, server_ca3_eddsa_key * IPv6 server: server_ca3_localhost6_cert, server_ca3_key * IPv4 server: server_ca3_localhost_cert, server_ca3_key @@ -854,6 +855,70 @@ const gnutls_datum_t server_ca3_rsa_pss_cert = { (void*)server_ca3_rsa_pss_cert_ sizeof(server_ca3_rsa_pss_cert_pem)-1 }; +static char server_ca3_rsa_pss2_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MIIE7AIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3\n" + "DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKYwggSiAgEAAoIBAQCte+3f4Sgy89/R\n" + "LNfx/NazlTgHxL6IXJuL44tutdhxA91vCJt0+ZSShWibsuyF+H09it3G0+3LvE2W\n" + "vkU58ha7ljvCWckPf2+YpsFynNQc0Lw6BThRMQdJpJvI54OdxfhoPjhDnTui/EEj\n" + "/n9MbLo5rAX5ZDIpWa3Vgpl37Q8czjFINCgQ/f8qsD4WabBSbuSnrYDvuASGez4O\n" + "YDAFvM51+4U4GxN7ZKbrDTQcAySU0Fjy+I5eW/BIXd9TeHb6XYJudMQY7rozTijm\n" + "6qbZieahke+FUCgm8BnRXghfcVSswUZEJQkCvF+SdUl3iAYlY/UBzVFsGDSFbID2\n" + "XRtEvrnvAgMBAAECggEATj8COCL+lZSnU1oNgAiQ8eiQn/heE3TpdzvHLMT5/WdH\n" + "3YedTjIvj7J6TxdxVK+SFUrn4oC91VF2EVJ6OLt3A16sT2ldpQ7OT6SOxdn0VZbT\n" + "/rtR/lTFu7JxzTiWhXfAJYxCpkRpnIZ3/vsPgXHcwJxVCXnmof3fyNghzhRu54de\n" + "V5GUwJ6TT3MMYLYKf5ii8Yt9WqeekQF7Hy/kIwz+4CbgR3fDdRXFnRwdNmA4RG3w\n" + "TbwvqR9ApyAictYz4HpZWgYL+cXsH6Fm+/ChZiV9/zvdVVOo+dOAcxx2cWahm/NL\n" + "tksGD7hI5kqD9moi2wiAsGHPa+/rkLxIBm0xvF1veQKBgQDVFKujtQyfzJw5DUPL\n" + "kTCLp+370ZBTK01daKZrpfgw6QrylYljcIq8n1izauElYm5cZ9krMGzvL5ceg49p\n" + "obl1tdCOQJQACrJmLZSuvVfw8TSwHPyOGtRWxhF4miX+ym3yMFqRyN2nXx1iAo5I\n" + "Cz+aGmTfT1zSZkLnfQSjYWZFgwKBgQDQbX2wPavLI+1yWARStqrwVWO1mU0Nixbo\n" + "jHrRlzrKYqtV+0ea6550LtDG5A/zf9MP6439NNHPqs4rnY910odd+xmLdQj2gocB\n" + "IS4nPBE4o1k3L9m+bSw9nyDdJWRkASq4uem6QvyVsQpWUoxzmg5/fwRUlOU8X3pP\n" + "ZLSSpz06JQKBgF4b6AbAwtedFe54tlWlRWyY+Zn7n6Or/1pfCwmGXwyzEJu9gdWC\n" + "cjQGqLVtYg0R4S48y4SwuZwWR8c5UdDUlcWwTHFXgkZWcx5/ySg4BiwrTBrwYncc\n" + "0GWWy0aZxmg23cJWqtmyfnsani6YdGDLXwbf22dpdNSUR75X0AGc1f+jAoGADha4\n" + "nkcs66hcDpSghi7O0zwSZ14bdUTnoYSNcMl2MeQFjORVbMVsipH3jtovsdf8HmFf\n" + "0bPWUuFK2mvmHKLEf7fPfDvHBVLBaXQiuIg46ckw6KgVYefjS68L+6bhaFkj2CTJ\n" + "BcwtYrj65+bgk5fgTwH4+vatoC0cCW3XPuqLGvkCgYAj2NGQAEQ4HkmF55otDocZ\n" + "SkAJFfibyrkKEK+PsQ7dRR/HEc93hvkI0PHpsLx8A3FZ370FAPtiKmnmfabHxEsK\n" + "TWA2DTacq//MzXQrjsx0CpvGId1dOyVZIrwIFM17KmW5HHE37fY4PFZTZVXHAKf6\n" + "nQyUF7m3FUJjavm46KJIhw==\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_rsa_pss2_key = { (void*)server_ca3_rsa_pss2_key_pem, + sizeof(server_ca3_rsa_pss2_key_pem)-1 +}; + +static char server_ca3_rsa_pss2_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIID0TCCAjmgAwIBAgIIWXYEJjkAauMwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNzA3MjQxNDI4NTVaGA85OTk5MTIzMTIzNTk1OVowADCCAVIw\n" + "PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ\n" + "YIZIAWUDBAIBogMCASADggEPADCCAQoCggEBAK177d/hKDLz39Es1/H81rOVOAfE\n" + "vohcm4vji2612HED3W8Im3T5lJKFaJuy7IX4fT2K3cbT7cu8TZa+RTnyFruWO8JZ\n" + "yQ9/b5imwXKc1BzQvDoFOFExB0mkm8jng53F+Gg+OEOdO6L8QSP+f0xsujmsBflk\n" + "MilZrdWCmXftDxzOMUg0KBD9/yqwPhZpsFJu5KetgO+4BIZ7Pg5gMAW8znX7hTgb\n" + "E3tkpusNNBwDJJTQWPL4jl5b8Ehd31N4dvpdgm50xBjuujNOKObqptmJ5qGR74VQ\n" + "KCbwGdFeCF9xVKzBRkQlCQK8X5J1SXeIBiVj9QHNUWwYNIVsgPZdG0S+ue8CAwEA\n" + "AaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNV\n" + "HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQCiLaK\n" + "LrqB0vaCnoNP1V8QVLlA8jAfBgNVHSMEGDAWgBT5qIYZY7akFBNgdg8BmjU27/G0\n" + "rzANBgkqhkiG9w0BAQsFAAOCAYEANgnTu4nYiv1nH6Iqpnn48CNrGK25ax6FuPvc\n" + "HxOyFFa9jomP8KjyNv3EsmmoBcQBkbRdAX8sFdtbyjILqRLoRMFO7D60BmCitGYH\n" + "MDjEIkG9QjcCo03YIT93SORwnt1qrWh6paOH7Nme+CsgRyXN7iNNur2LgGSilQ7P\n" + "Rs/vr0DdxmlUxUQHDa5GRIvU3FFs4NLC/9sQd3+JGqzDbY7UqLnP5fzn6/PSMKIw\n" + "Gc4IzbJrqjFsyfjQkblM2eBwmkUD3SnTFWqYwUsohGlSxBwKSIyVzlyuoD1FXop7\n" + "lgG8/a1D/ZFa34q8tj24Wnd9zdr/Jrv2g51OSf0VIbQdP92l2kDouobPS/7DTgPI\n" + "D7h52NLVm8cbV1RqxbeS3spZ2OAQn8tLiTwz+abNdsikFjMvfXq61iIv3QASUyUB\n" + "VydSB7stwAUd6wys2H7crmeiMMtgxSjZJtB4GDUCb24a+/a4IgpqxFzGDLE9Ur69\n" + "D8aQbKGJzzih56a2wwc0ZqA0ilGm\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_rsa_pss2_cert = { (void*)server_ca3_rsa_pss2_cert_pem, + sizeof(server_ca3_rsa_pss2_cert_pem)-1 +}; + static char cli_ca3_rsa_pss_cert_pem[] = "-----BEGIN CERTIFICATE-----\n" "MIIEAjCCAjqgAwIBAgIMWSa+VhOfC8uEpb/cMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" diff --git a/tests/spki.c b/tests/spki.c new file mode 100644 index 0000000000..04b4ef3342 --- /dev/null +++ b/tests/spki.c @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <unistd.h> + +#include <gnutls/gnutls.h> +#include <gnutls/x509.h> +#include <gnutls/abstract.h> + +#include "utils.h" +#include "cert-common.h" + +static void crq_check(void) +{ + int ret; + gnutls_x509_crq_t crq; + gnutls_x509_spki_t spki; + gnutls_datum_t tmp; + gnutls_x509_privkey_t privkey; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_x509_privkey_init(&privkey)>=0); + + ret = + gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 2048, 0); + assert(ret>=0); + + assert(gnutls_x509_spki_init(&spki)>=0); + + gnutls_x509_spki_set_pk_algorithm(spki, GNUTLS_PK_RSA_PSS); + gnutls_x509_spki_set_salt_size(spki, 32); + gnutls_x509_spki_set_digest_algorithm(spki, GNUTLS_DIG_SHA256); + + ret = gnutls_x509_crq_init(&crq); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crq_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_x509_crq_set_version(crq, 1)>=0); + assert(gnutls_x509_crq_set_key(crq, privkey)>=0); + assert(gnutls_x509_crq_set_spki(crq, spki, 0)>=0); + + assert(gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, + 0, "CN-Test", 7)>=0); + gnutls_x509_spki_deinit(spki); + + assert(gnutls_x509_crq_sign2(crq, privkey, GNUTLS_DIG_SHA256, 0)>=0); + + if (debug) { + gnutls_x509_crq_print(crq, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + /* read SPKI */ + assert(gnutls_x509_spki_init(&spki)>=0); + + ret = gnutls_x509_crq_get_spki(crq, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_salt_size(spki) == 32); + assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA256); + assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA_PSS); + + gnutls_x509_crq_deinit(crq); + gnutls_x509_spki_deinit(spki); + gnutls_x509_privkey_deinit(privkey); + gnutls_global_deinit(); +} + + +static void cert_check(void) +{ + int ret; + gnutls_x509_crt_t crt; + gnutls_x509_spki_t spki; + gnutls_datum_t tmp; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_spki_init(&spki); + assert(ret>=0); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &server_ca3_rsa_pss2_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_crt_get_spki(crt, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_salt_size(spki) == 32); + assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA256); + assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA_PSS); + + gnutls_x509_crt_deinit(crt); + gnutls_x509_spki_deinit(spki); + gnutls_global_deinit(); +} + +static void key_check(void) +{ + int ret; + gnutls_x509_privkey_t key; + gnutls_x509_spki_t spki; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_spki_init(&spki); + assert(ret>=0); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(key, &server_ca3_rsa_pss2_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_get_spki(key, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_salt_size(spki) == 32); + assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA256); + assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA_PSS); + + /* set and get */ + gnutls_x509_spki_set_pk_algorithm(spki, GNUTLS_PK_RSA); + gnutls_x509_spki_set_digest_algorithm(spki, GNUTLS_DIG_SHA1); + gnutls_x509_spki_set_salt_size(spki, 64); + assert(gnutls_x509_spki_get_salt_size(spki) == 64); + assert(gnutls_x509_spki_get_digest_algorithm(spki) == GNUTLS_DIG_SHA1); + assert(gnutls_x509_spki_get_pk_algorithm(spki) == GNUTLS_PK_RSA); + + gnutls_x509_privkey_deinit(key); + gnutls_x509_spki_deinit(spki); +} + +void doit(void) +{ + cert_check(); + key_check(); + crq_check(); +} |