tests: added test for PKCS#8 encrypted key decoding

This also verifies that the return value when attempting to
decrypt without a password is GNUTLS_E_DECRYPTION_FAILED.

3 files changed, 89 insertions, 8 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8cac65788f..de3f6d9064 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -117,7 +117,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred certder certuniqueid	\
 	 set_known_dh_params_anon set_known_dh_params_psk session-tickets-ok \
 	 session-tickets-missing set_x509_key_file_legacy status-request-ext \
 	 rng-no-onload dtls1-2-mtu-check crl_apis cert_verify_inv_utf8 \
-	 hostname-check-utf8
+	 hostname-check-utf8 pkcs8-key-decode-encrypted
 
 if HAVE_SECCOMP_TESTS
 ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
diff --git a/tests/pkcs8-key-decode-encrypted.c b/tests/pkcs8-key-decode-encrypted.c
new file mode 100644
index 0000000000..48ab9b64dc
--- /dev/null
+++ b/tests/pkcs8-key-decode-encrypted.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * Author: Daniel Berrange
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "utils.h"
+
+#define PRIVATE_KEY \
+	"-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \
+	"MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiebBrnqPv4owICCAAw\n" \
+	"HQYJYIZIAWUDBAEqBBBykFR6i1My/DYFBYrz1lmABIGQ3XGpp3+v/ENC1S+X7Ay6\n" \
+	"JoquYKuMw6yUmWoGFvPIPA9UWqMve2Uj4l2l96Sywd6iNFP63ow6pIq4wUP6REuY\n" \
+	"ZhCgoAOQomeFqhAhkw6QJCygp5vw2rh9OZ5tiP/Ko6IDTA2rSas91nepHpQOb247\n" \
+	"zta5XzXb5TRkBsVU8tAPADP+wS/vBCS05ne1wmhdD6c6\n" \
+	"-----END ENCRYPTED PRIVATE KEY-----\n"
+
+
+static int test_decode(void)
+{
+  gnutls_x509_privkey_t key;
+  const gnutls_datum_t data = {
+    (unsigned char *)PRIVATE_KEY,
+    strlen(PRIVATE_KEY)
+  };
+  int err;
+
+  if ((err = gnutls_x509_privkey_init(&key)) < 0) {
+    fail("Failed to init key %s\n", gnutls_strerror(err));
+  }
+
+  err = gnutls_x509_privkey_import_pkcs8(key, &data,
+					GNUTLS_X509_FMT_PEM, "", 0);
+  if (err != GNUTLS_E_DECRYPTION_FAILED) {
+    fail("Unexpected error code: %s/%d\n", gnutls_strerror(err), err);
+  }
+
+  err = gnutls_x509_privkey_import_pkcs8(key, &data,
+					GNUTLS_X509_FMT_PEM, "password", 0);
+  if (err != 0) {
+    fail("Unexpected error code: %s\n", gnutls_strerror(err));
+  }
+
+  success("Loaded key\n%s", PRIVATE_KEY);
+
+  gnutls_x509_privkey_deinit(key);
+  return 0;
+}
+
+void doit(void)
+{
+	test_decode();
+}
diff --git a/tests/pkcs8-key-decode.c b/tests/pkcs8-key-decode.c
index 1c462abdbe..0f570ac217 100644
--- a/tests/pkcs8-key-decode.c
+++ b/tests/pkcs8-key-decode.c
@@ -26,6 +26,8 @@
 #include <string.h>
 #include <stdlib.h>
 
+#include "utils.h"
+
 # define PRIVATE_KEY					      \
     "-----BEGIN PRIVATE KEY-----\n"				\
     "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n"     \
@@ -46,8 +48,8 @@
     "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n"	 \
     "-----END PRIVATE KEY-----\n"
 
-
-int main(void) {
+static int test_load(void)
+{
   gnutls_x509_privkey_t key;
   const gnutls_datum_t data = {
     (unsigned char *)PRIVATE_KEY,
@@ -56,19 +58,23 @@ int main(void) {
   int err;
 
   if ((err = gnutls_x509_privkey_init(&key)) < 0) {
-    fprintf(stderr, "Failed to init key %s\n", gnutls_strerror(err));
+    fail("Failed to init key %s\n", gnutls_strerror(err));
     exit(1);
   }
 
   if ((err = gnutls_x509_privkey_import(key, &data,
 					GNUTLS_X509_FMT_PEM)) < 0) {
-    fprintf(stderr, "Failed to import key %s\n", gnutls_strerror(err));
+    fail("Failed to import key %s\n", gnutls_strerror(err));
     exit(1);
   }
 
-#if 0
-  fprintf(stderr, "Loaded key\n%s", PRIVATE_KEY);
-#endif
+  success("Loaded key\n%s", PRIVATE_KEY);
+
   gnutls_x509_privkey_deinit(key);
   return 0;
 }
+
+void doit(void)
+{
+	test_load();
+}