1 files changed, 92 insertions, 0 deletions

diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c
index c0c27a4064..de4b57ac4c 100644
--- a/tests/common-cert-key-exchange.c
+++ b/tests/common-cert-key-exchange.c
@@ -137,6 +137,98 @@ void try_with_key_fail(const char *name, const char *client_prio,
 	gnutls_certificate_free_credentials(clientx509cred);
 }
 
+void try_with_rawpk_key_fail(const char *name, const char *client_prio,
+			     int server_err, int client_err,
+			     const gnutls_datum_t *serv_cert,
+			     const gnutls_datum_t *serv_key,
+			     unsigned server_ku,
+			     const gnutls_datum_t *cli_cert,
+			     const gnutls_datum_t *cli_key,
+			     unsigned client_ku)
+{
+	int ret;
+	/* Server stuff. */
+	gnutls_certificate_credentials_t server_cred;
+	gnutls_session_t server;
+	int sret = GNUTLS_E_AGAIN;
+	/* Client stuff. */
+	gnutls_certificate_credentials_t client_cred;
+	gnutls_session_t client;
+	int cret = GNUTLS_E_AGAIN;
+	const char *err;
+
+	/* General init. */
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(6);
+
+	reset_buffers();
+	/* Init server */
+	gnutls_certificate_allocate_credentials(&server_cred);
+
+	ret = gnutls_certificate_set_rawpk_key_mem(server_cred,
+						   serv_cert, serv_key, GNUTLS_X509_FMT_PEM, NULL, server_ku,
+						   NULL, 0, 0);
+	if (ret < 0)
+		fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
+
+	assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK) >= 0);
+	if (server_priority)
+		assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0);
+	else
+		assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0);
+
+	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+			       server_cred);
+
+	gnutls_transport_set_push_function(server, server_push);
+	gnutls_transport_set_pull_function(server, server_pull);
+	gnutls_transport_set_ptr(server, server);
+
+	/* Init client */
+	ret = gnutls_certificate_allocate_credentials(&client_cred);
+	if (ret < 0)
+		exit(1);
+
+	if (cli_cert) {
+		ret = gnutls_certificate_set_rawpk_key_mem(client_cred,
+							   cli_cert, cli_key, GNUTLS_X509_FMT_PEM, NULL, client_ku,
+							   NULL, 0, 0);
+		if (ret < 0)
+			fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
+		gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE);
+	}
+
+	ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_RAWPK);
+	if (ret < 0)
+		exit(1);
+
+	gnutls_transport_set_push_function(client, client_push);
+	gnutls_transport_set_pull_function(client, client_pull);
+	gnutls_transport_set_ptr(client, client);
+
+	ret = gnutls_priority_set_direct(client, client_prio, &err);
+	if (ret < 0) {
+		if (ret == GNUTLS_E_INVALID_REQUEST)
+			fprintf(stderr, "Error in %s\n", err);
+		exit(1);
+	}
+
+	ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+				client_cred);
+	if (ret < 0)
+		exit(1);
+
+	success("negotiating %s\n", name);
+	HANDSHAKE_EXPECT(client, server, client_err, server_err);
+
+	gnutls_deinit(client);
+	gnutls_deinit(server);
+
+	gnutls_certificate_free_credentials(server_cred);
+	gnutls_certificate_free_credentials(client_cred);
+}
+
 void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx,
 		gnutls_sign_algorithm_t server_sign_algo,
 		gnutls_sign_algorithm_t client_sign_algo,