diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-26 13:19:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 08:41:21 +0200 |
commit | 029ca6ed5e43a8e575688a0abf4c89448d87faf5 (patch) | |
tree | f72e6f0cc7714caa3e92658bd392309f71bca14d /tests | |
parent | 34c4b401d062a83da56c897508a6777032539ec4 (diff) | |
download | gnutls-029ca6ed5e43a8e575688a0abf4c89448d87faf5.tar.gz |
tests: added unit test for gnutls_sign_supports_pk_algorithm()
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/sign-pk-api.c | 68 |
2 files changed, 69 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 310a8d4140..fea0732d65 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -143,7 +143,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred cert certuniqueid \ send-data-before-handshake recv-data-before-handshake crt_inv_write \ x509sign-verify-error rng-op-nonce rng-op-random rng-op-key x509-dn-decode-compat \ ip-check mini-x509-ipaddr trust-store base64-raw random-art dhex509self \ - dss-sig-val + dss-sig-val sign-pk-api if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp diff --git a/tests/sign-pk-api.c b/tests/sign-pk-api.c new file mode 100644 index 0000000000..e07bc5094e --- /dev/null +++ b/tests/sign-pk-api.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <unistd.h> +#include <gnutls/gnutls.h> + +#include "utils.h" + +#define ALGO_MATCHES(sig, pk, val) \ + ret = gnutls_sign_supports_pk_algorithm(sig, pk); \ + if (ret != val) { \ + fail("error testing %s with %s\n", gnutls_sign_get_name(sig), gnutls_pk_get_name(pk)); \ + } + +void doit(void) +{ + int ret; + + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA3_256, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA3_384, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA3_512, GNUTLS_PK_RSA, 1); + + /* TLS 1.3 allows RSA-PSS signatures to be generated by RSA keys */ + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, 1); + + ALGO_MATCHES(GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_PK_RSA_PSS, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_PSS_SHA384, GNUTLS_PK_RSA_PSS, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_PSS_SHA512, GNUTLS_PK_RSA_PSS, 1); + + /* rsa-pss keys shouldn't generate plain signatures */ + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA_PSS, 0); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA_PSS, 0); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA_PSS, 0); + +} |