diff options
Diffstat (limited to 'tests/key-tests')
-rw-r--r-- | tests/key-tests/Makefile.am | 7 | ||||
-rw-r--r-- | tests/key-tests/data/bad-key.pem | 25 | ||||
-rwxr-xr-x | tests/key-tests/ecdsa | 100 |
3 files changed, 129 insertions, 3 deletions
diff --git a/tests/key-tests/Makefile.am b/tests/key-tests/Makefile.am index b07d872be7..c2a004bb54 100644 --- a/tests/key-tests/Makefile.am +++ b/tests/key-tests/Makefile.am @@ -27,11 +27,12 @@ EXTRA_DIST = README data/key-ca.pem data/key-user.pem \ data/openssl-3des.p8 data/openssl-3des.p8.txt data/openssl-aes128.p8 \ data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \ data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \ - data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem + data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \ + data/bad-key.pem -dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa +dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa -TESTS = key-id pkcs8 pkcs8-decode +TESTS = key-id pkcs8 pkcs8-decode ecdsa if !WINDOWS TESTS += dsa diff --git a/tests/key-tests/data/bad-key.pem b/tests/key-tests/data/bad-key.pem new file mode 100644 index 0000000000..6dfb622dab --- /dev/null +++ b/tests/key-tests/data/bad-key.pem @@ -0,0 +1,25 @@ +Public Key Info: + Public Key Algorithm: ECC + Key Security Level: High + +curve: SECP256R1 +private key: + 00:f4:fa:5f:3e:48:39:dd:4c:d1:24:3f:a1:f5:51: + 49:36:74:c3:2c:ae:ad:d9:96:91:93:da:ec:03:25: + 1f:aa:0b: +x: + 56:d1:7e:b2:c4:f6:bb:02:e2:4a:76:63:14:8c:1a: + c1:eb:12:56:bd:3d:08:66:2f:dc:eb:e5:b9:32:15: + 1e:e7: +y: + 00:88:27:c8:52:8f:a5:9a:3a:bb:20:e6:54:ef:a8: + 7c:50:39:db:af:cf:e4:5e:69:7a:25:20:6d:63:60: + af:29:d5: + +Public Key ID: 5A:37:9C:B2:B2:BA:33:AC:8E:87:7B:63:18:15:99:3F:DF:3A:F3:A3 + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQCIJ8hSj6WaOrsg5lTvqHxQOduvz+ReaXolIG1jYK8p1aAKBggqhkjO +PQMBB6FEA0IABFbRfrLE9rsC4kp2YxSMGsHrEla9PQhmL9zr5bkyFR7niCfIUo+l +mjq7IOZU76h8UDnbr8/kXml6JSBtY2CvKdU= +-----END EC PRIVATE KEY----- diff --git a/tests/key-tests/ecdsa b/tests/key-tests/ecdsa new file mode 100755 index 0000000000..c6e1bd8f7c --- /dev/null +++ b/tests/key-tests/ecdsa @@ -0,0 +1,100 @@ +#!/bin/sh + +# Copyright (C) 2011-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +TMPFILE=ecdsa.$$.tmp +TMPCA=ecdsa-ca.$$.tmp +TMPCAKEY=ecdsa-ca-key.$$.tmp +TMPSUBCA=ecdsa-subca.$$.tmp +TMPSUBCAKEY=ecdsa-subca-key.$$.tmp +TMPKEY=ecdsa-key.$$.tmp +TMPTEMPL=template.$$.tmp +TMPUSER=user.$$.tmp +VERIFYOUT=verify.$$.tmp + +echo ca > $TMPTEMPL +echo "cn = ECDSA SHA 256 CA" >> $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --ecc > $TMPCAKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \ + --load-privkey $TMPCAKEY \ + --outfile $TMPCA \ + --hash sha256 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TMPTEMPL +"${CERTTOOL}" --generate-privkey --ecc > $TMPSUBCAKEY 2>/dev/null +echo "cn = ECDSA SHA 224 Mid CA" >> $TMPTEMPL + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPCAKEY \ + --load-ca-certificate $TMPCA \ + --load-privkey $TMPSUBCAKEY \ + --outfile $TMPSUBCA \ + --hash sha224 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --ecc > $TMPKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + +if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 +fi + +rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE +rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY + +"${CERTTOOL}" -k < "${srcdir}/data/bad-key.pem" | grep "validation failed" >/dev/null 2>&1 +if [ $? != 0 ]; then + echo "certtool didn't detect a bad ECDSA key." + exit 1 +fi + +exit 0 |