};
/**
- * ECDSA private key
+ * ECDSA256 private key
+ * pki --gen --type ecdsa --size 256
*/
-static char ecdsa[] = {
+static char ecdsa256[] = {
+ 0x30,0x77,0x02,0x01,0x01,0x04,0x20,0x2d,0x01,0x7e,0x5b,0x4a,0x7d,0x78,0xe9,0x23,
+ 0xeb,0xb2,0xac,0x4c,0xf1,0x28,0x3b,0xfa,0x1d,0xa9,0x08,0x5c,0xd0,0x60,0x2a,0xa6,
+ 0x54,0xd3,0x94,0xd4,0x05,0xa1,0x04,0xa0,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
+ 0x03,0x01,0x07,0xa1,0x44,0x03,0x42,0x00,0x04,0x15,0x9c,0xbe,0xdb,0x54,0xa6,0xe7,
+ 0x7f,0x76,0x05,0xa6,0x9d,0xf3,0x41,0x38,0x43,0x98,0xe9,0x0b,0x2b,0x8b,0x02,0xb4,
+ 0x04,0x9b,0x61,0x84,0x65,0x63,0x3b,0x08,0xb2,0x4b,0x1e,0xd0,0x32,0x20,0xe9,0xfc,
+ 0x62,0xa7,0xd0,0x71,0x9e,0xe9,0xf9,0x2d,0x91,0xb8,0xf2,0xa3,0x4d,0x8a,0x78,0xb2,
+ 0x0b,0xfb,0x59,0x7c,0x40,0xbd,0xaf,0xa2,0x07
+};
+
+/**
+ * ECDSA384 private key
+ * pki --gen --type ecdsa --size 384
+ */
+static char ecdsa384[] = {
0x30,0x81,0xa4,0x02,0x01,0x01,0x04,0x30,0xc0,0x1f,0xfd,0x65,0xc6,0xc4,0x4c,0xb8,
0xff,0x56,0x08,0xb5,0xbd,0xb8,0xf5,0x93,0xf7,0x51,0x0e,0x92,0x1f,0x06,0xbf,0xa6,
0xd9,0x1d,0xae,0xa3,0x16,0x0d,0x0f,0xc9,0xd5,0x97,0x90,0x46,0xf1,0x98,0xa8,0x18,
0xb1,0x47,0xc8,0xf6,0x18,0xbb,0x97,
};
+/**
+ * ECDSA521 private key
+ * pki --gen --type ecdsa --size 521
+ */
+static char ecdsa521[] = {
+ 0X30,0x81,0xdc,0x02,0x01,0x01,0x04,0x42,0x01,0x88,0x0f,0x17,0x00,0x2c,0x62,0x5c,
+ 0x3e,0xed,0xe6,0xc8,0x6a,0x12,0x8e,0x09,0x8e,0x4b,0x41,0x8f,0x1a,0xbc,0xf3,0xa4,
+ 0xa6,0xcb,0xd4,0xa5,0x45,0x40,0xc8,0x29,0xc8,0x72,0x49,0x0a,0x04,0x9d,0xb2,0x02,
+ 0xc7,0x6a,0x98,0x3c,0xc9,0x4d,0x87,0x30,0x8b,0x17,0xd8,0x94,0x3d,0x8b,0x88,0xc9,
+ 0xe5,0x17,0x22,0x73,0x41,0x90,0x6d,0x52,0xee,0x11,0xa0,0x07,0x06,0x05,0x2b,0x81,
+ 0X04,0x00,0x23,0xa1,0x81,0x89,0x03,0x81,0x86,0x00,0x04,0x01,0x9a,0x71,0x4e,0x04,
+ 0X42,0xa7,0xdd,0x7c,0xe6,0xdb,0x0d,0x9d,0xe9,0xde,0x21,0x42,0x0b,0x56,0x90,0x7b,
+ 0X5b,0xbc,0x33,0xdf,0x79,0x9a,0xb8,0xf0,0x79,0xad,0x78,0xe2,0x77,0xee,0x62,0x4b,
+ 0Xc5,0x18,0xb8,0x7d,0x86,0x0a,0xb9,0xb4,0x24,0x3f,0x80,0xcf,0x34,0xfd,0x68,0xd0,
+ 0X90,0xd0,0x66,0xe7,0x79,0x30,0x13,0xc7,0x55,0xb3,0x74,0xf7,0xd3,0x01,0x03,0x0c,
+ 0X46,0x89,0xbf,0x7b,0xd6,0x26,0xe9,0xf6,0x50,0x35,0x7c,0x81,0x6f,0xb7,0xa5,0x62,
+ 0Xa9,0xc9,0xba,0x45,0xd7,0xc2,0x09,0xfd,0xc5,0x0b,0x76,0x75,0xe7,0x47,0xa6,0x70,
+ 0X09,0x16,0x14,0xc0,0x7e,0x09,0x3d,0xde,0xd4,0x79,0xa3,0xb6,0x95,0x2a,0xaa,0x5b,
+ 0Xdc,0xd5,0xab,0xdc,0x8a,0xd9,0xf3,0x37,0x96,0xaa,0x84,0xfc,0xae,0x94,0xea
+};
+
/**
* Ed25519 private key
* pki --gen --type ed25519
};
/**
- * TLS certificate for ECDSA key
- * pki --self --in ecdsa.key --dn "C=CH, O=strongSwan, CN=tls-ecdsa" --san 127.0.0.1
+ * TLS certificate for ECDSA256 key
+ * pki --self --in ecdsa256.key --dn "C=CH, O=strongSwan, CN=tls-ecdsa" --san 127.0.0.1
*/
-static char ecdsa_crt[] = {
+static char ecdsa256_crt[] = {
+ 0x30,0x82,0x01,0x74,0x30,0x82,0x01,0x1b,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x1e,
+ 0x80,0xe3,0xbb,0xf4,0x6f,0xc5,0xab,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
+ 0x04,0x03,0x02,0x30,0x36,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
+ 0x43,0x48,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,
+ 0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,
+ 0x13,0x09,0x74,0x6c,0x73,0x2d,0x65,0x63,0x64,0x73,0x61,0x30,0x1e,0x17,0x0d,0x32,
+ 0x32,0x30,0x38,0x32,0x33,0x30,0x39,0x31,0x33,0x35,0x34,0x5a,0x17,0x0d,0x32,0x35,
+ 0x30,0x38,0x32,0x32,0x30,0x39,0x31,0x33,0x35,0x34,0x5a,0x30,0x36,0x31,0x0b,0x30,
+ 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x13,0x30,0x11,0x06,0x03,
+ 0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x31,
+ 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x74,0x6c,0x73,0x2d,0x65,0x63,
+ 0x64,0x73,0x61,0x30,0x59,0x30,0x13,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,0x01,
+ 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0x15,0x9c,
+ 0xbe,0xdb,0x54,0xa6,0xe7,0x7f,0x76,0x05,0xa6,0x9d,0xf3,0x41,0x38,0x43,0x98,0xe9,
+ 0x0b,0x2b,0x8b,0x02,0xb4,0x04,0x9b,0x61,0x84,0x65,0x63,0x3b,0x08,0xb2,0x4b,0x1e,
+ 0xd0,0x32,0x20,0xe9,0xfc,0x62,0xa7,0xd0,0x71,0x9e,0xe9,0xf9,0x2d,0x91,0xb8,0xf2,
+ 0xa3,0x4d,0x8a,0x78,0xb2,0x0b,0xfb,0x59,0x7c,0x40,0xbd,0xaf,0xa2,0x07,0xa3,0x13,
+ 0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x11,0x04,0x08,0x30,0x06,0x87,0x04,0x7f,
+ 0x00,0x00,0x01,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02,0x03,
+ 0x47,0x00,0x30,0x44,0x02,0x20,0x3d,0xa0,0x7e,0xff,0xfe,0x38,0xa4,0xfc,0x28,0x7b,
+ 0x6a,0x63,0xea,0xb9,0x04,0x11,0x63,0x98,0x25,0x1f,0x7f,0xc6,0xbc,0xe7,0x2e,0x53,
+ 0xbf,0x4a,0x7c,0x73,0xe9,0xe1,0x02,0x20,0x28,0xec,0x8b,0x84,0xa5,0xa3,0xd1,0xac,
+ 0x92,0x0b,0x9d,0xdc,0xa5,0x59,0xe8,0x64,0xb9,0xd1,0x66,0xe9,0x23,0xca,0x3b,0xee,
+ 0xc8,0x0e,0x08,0x4e,0x8f,0xc7,0xed,0x11
+};
+
+/**
+ * TLS certificate for ECDSA384 key
+ * pki --self --in ecdsa384.key --dn "C=CH, O=strongSwan, CN=tls-ecdsa" --san 127.0.0.1
+ */
+static char ecdsa384_crt[] = {
0x30,0x82,0x01,0xb1,0x30,0x82,0x01,0x38,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x77,
0x8f,0x61,0x26,0xa2,0xae,0xe8,0x6c,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
0x04,0x03,0x03,0x30,0x36,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
0xac,0x36,0x08,0x14,0x29,
};
+/**
+ * TLS certificate for ECDSA521 key
+ * pki --self --in ecdsa521.key --dn "C=CH, O=strongSwan, CN=tls-ecdsa" --san 127.0.0.1
+ */
+static char ecdsa521_crt[] = {
+ 0x30,0x82,0x01,0xfd,0x30,0x82,0x01,0x5e,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x6c,
+ 0x72,0xcb,0x98,0xc7,0x4c,0x46,0xf7,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
+ 0x04,0x03,0x04,0x30,0x36,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
+ 0x43,0x48,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,
+ 0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,
+ 0x13,0x09,0x74,0x6c,0x73,0x2d,0x65,0x63,0x64,0x73,0x61,0x30,0x1e,0x17,0x0d,0x32,
+ 0x32,0x30,0x38,0x32,0x34,0x31,0x32,0x35,0x33,0x31,0x36,0x5a,0x17,0x0d,0x32,0x35,
+ 0x30,0x38,0x32,0x33,0x31,0x32,0x35,0x33,0x31,0x36,0x5a,0x30,0x36,0x31,0x0b,0x30,
+ 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x13,0x30,0x11,0x06,0x03,
+ 0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x31,
+ 0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x74,0x6c,0x73,0x2d,0x65,0x63,
+ 0x64,0x73,0x61,0x30,0x81,0x9b,0x30,0x10,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,
+ 0x01,0x06,0x05,0x2b,0x81,0x04,0x00,0x23,0x03,0x81,0x86,0x00,0x04,0x01,0x9a,0x71,
+ 0x4e,0x04,0x42,0xa7,0xdd,0x7c,0xe6,0xdb,0x0d,0x9d,0xe9,0xde,0x21,0x42,0x0b,0x56,
+ 0x90,0x7b,0x5b,0xbc,0x33,0xdf,0x79,0x9a,0xb8,0xf0,0x79,0xad,0x78,0xe2,0x77,0xee,
+ 0x62,0x4b,0xc5,0x18,0xb8,0x7d,0x86,0x0a,0xb9,0xb4,0x24,0x3f,0x80,0xcf,0x34,0xfd,
+ 0x68,0xd0,0x90,0xd0,0x66,0xe7,0x79,0x30,0x13,0xc7,0x55,0xb3,0x74,0xf7,0xd3,0x01,
+ 0x03,0x0c,0x46,0x89,0xbf,0x7b,0xd6,0x26,0xe9,0xf6,0x50,0x35,0x7c,0x81,0x6f,0xb7,
+ 0xa5,0x62,0xa9,0xc9,0xba,0x45,0xd7,0xc2,0x09,0xfd,0xc5,0x0b,0x76,0x75,0xe7,0x47,
+ 0xa6,0x70,0x09,0x16,0x14,0xc0,0x7e,0x09,0x3d,0xde,0xd4,0x79,0xa3,0xb6,0x95,0x2a,
+ 0xaa,0x5b,0xdc,0xd5,0xab,0xdc,0x8a,0xd9,0xf3,0x37,0x96,0xaa,0x84,0xfc,0xae,0x94,
+ 0xea,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x11,0x04,0x08,0x30,0x06,
+ 0x87,0x04,0x7f,0x00,0x00,0x01,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,
+ 0x03,0x04,0x03,0x81,0x8c,0x00,0x30,0x81,0x88,0x02,0x42,0x01,0x1f,0x37,0x05,0xa6,
+ 0x91,0x84,0x36,0x0f,0x63,0xf1,0x42,0x84,0xc2,0xfc,0xd2,0x4d,0x1e,0x7a,0xfe,0xe9,
+ 0x22,0xc7,0xcf,0x12,0x37,0xdd,0xe7,0xc1,0xce,0xb7,0x92,0x5b,0x15,0xea,0xe5,0x81,
+ 0x25,0x48,0x29,0x22,0xe2,0xe3,0x3f,0xbb,0xa7,0x3d,0xac,0xa7,0x29,0x0e,0xa6,0xcb,
+ 0xf9,0x6a,0xa8,0x3a,0x33,0x2b,0xbd,0xaa,0x7b,0x81,0x7d,0x87,0x29,0x02,0x42,0x00,
+ 0xcc,0x80,0xb7,0x7c,0xf3,0x04,0x1f,0x0c,0x6f,0xef,0xb3,0x4c,0x7b,0x2d,0x54,0x1f,
+ 0x3d,0xb4,0xdd,0x6f,0x7c,0x2a,0xdb,0xfa,0x3e,0x47,0xa9,0x3a,0xe1,0x68,0x96,0xff,
+ 0xc3,0x42,0xa1,0xd1,0xc3,0xe4,0x03,0xa7,0x33,0x82,0xb2,0x76,0x12,0xeb,0xaa,0xed,
+ 0x00,0x3f,0x1f,0x4a,0xd5,0x1c,0x63,0x50,0xd0,0xae,0xa5,0x58,0xc2,0x16,0x56,0xcd,
+ 0x9b
+};
+
/**
* TLS certificate for Ed25519 key
* pki --self --in ed25519.key --dn "C=CH, O=strongSwan, CN=tls-ed25519" \
lib->credmgr->add_set(lib->credmgr, &creds->set);
}
- key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
- BUILD_BLOB, chunk_from_thing(rsa), BUILD_END);
- if (key)
- {
- creds->add_key(creds, key);
- }
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
BUILD_BLOB, key_data, BUILD_END);
if (key)
{
creds->add_key(creds, key);
}
- cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_BLOB, chunk_from_thing(rsa_crt), BUILD_END);
- if (cert)
- {
- creds->add_cert(creds, TRUE, cert);
- }
+
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB, cert_data, BUILD_END);
if (cert)
}
}
+START_SETUP(setup_rsa_creds)
+{
+ setup_credentials(chunk_from_thing(rsa), chunk_from_thing(rsa_crt));
+}
+END_SETUP
+
START_SETUP(setup_ed25519_creds)
{
+ setup_credentials(chunk_from_thing(rsa), chunk_from_thing(rsa_crt));
setup_credentials(chunk_from_thing(ed25519), chunk_from_thing(ed25519_crt));
}
END_SETUP
START_SETUP(setup_ed448_creds)
{
+
+ setup_credentials(chunk_from_thing(rsa), chunk_from_thing(rsa_crt));
setup_credentials(chunk_from_thing(ed448), chunk_from_thing(ed448_crt));
}
END_SETUP
START_SETUP(setup_all_creds)
{
- setup_credentials(chunk_from_thing(ecdsa), chunk_from_thing(ecdsa_crt));
+ setup_credentials(chunk_from_thing(rsa), chunk_from_thing(rsa_crt));
+ setup_credentials(chunk_from_thing(ecdsa256), chunk_from_thing(ecdsa256_crt));
setup_credentials(chunk_from_thing(ed25519), chunk_from_thing(ed25519_crt));
setup_credentials(chunk_from_thing(ed448), chunk_from_thing(ed448_crt));
}
static void test_tls_signature_schemes(tls_version_t version, uint16_t port,
bool cauth, u_int i)
{
+ chunk_t key_data = chunk_empty, cert_data = chunk_empty;
tls_signature_scheme_t *schemes;
char signature[128];
int count;
+ /* config used for both TLS server and client */
server_config = create_config(version, port, cauth);
+ /* start TLS server */
start_echo_server(server_config);
+ /* configure signature scheme */
count = tls_crypto_get_supported_signatures(version, &schemes);
ck_assert(i < count);
snprintf(signature, sizeof(signature), "%N", tls_signature_scheme_names,
schemes[i]);
lib->settings->set_str(lib->settings, "%s.tls.signature", signature, lib->ns);
+ /* depending on the signature scheme load a second set of credentials */
+ switch (schemes[i])
+ {
+ case TLS_SIG_ECDSA_SHA256:
+ case TLS_SIG_ECDSA_SHA1:
+ key_data = chunk_from_thing(ecdsa256);
+ cert_data = chunk_from_thing(ecdsa256_crt);
+ break;
+ case TLS_SIG_ECDSA_SHA384:
+ key_data = chunk_from_thing(ecdsa384);
+ cert_data = chunk_from_thing(ecdsa384_crt);
+ break;
+ case TLS_SIG_ECDSA_SHA512:
+ key_data = chunk_from_thing(ecdsa521);
+ cert_data = chunk_from_thing(ecdsa521_crt);
+ break;
+ case TLS_SIG_ED25519:
+ key_data = chunk_from_thing(ed25519);
+ cert_data = chunk_from_thing(ed25519_crt);
+ break;
+ case TLS_SIG_ED448:
+ key_data = chunk_from_thing(ed448);
+ cert_data = chunk_from_thing(ed448_crt);
+ break;
+ default:
+ break;
+ }
+ if (key_data.len > 0 || cert_data.len > 0)
+ {
+ setup_credentials(key_data, cert_data);
+ }
+
+ /* run TLS client */
run_echo_client(server_config);
free(schemes);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.3/signature schemes");
- tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
+ tcase_add_checked_fixture(tc, setup_rsa_creds, teardown_creds);
tcase_add_loop_test(tc, test_tls13_signature_schemes, 0,
tls_crypto_get_supported_signatures(TLS_1_3, NULL));
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.2/signature schemes");
- tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
+ tcase_add_checked_fixture(tc, setup_rsa_creds, teardown_creds);
tcase_add_loop_test(tc, test_tls12_signature_schemes, 0,
tls_crypto_get_supported_signatures(TLS_1_2, NULL));
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.1/signature schemes");
- tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
+ tcase_add_checked_fixture(tc, setup_rsa_creds, teardown_creds);
tcase_add_loop_test(tc, test_tls11_signature_schemes, 0,
tls_crypto_get_supported_signatures(TLS_1_1, NULL));
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.0/signature schemes");
- tcase_add_checked_fixture(tc, setup_all_creds, teardown_creds);
+ tcase_add_checked_fixture(tc, setup_rsa_creds, teardown_creds);
tcase_add_loop_test(tc, test_tls10_signature_schemes, 0,
tls_crypto_get_supported_signatures(TLS_1_0, NULL));
suite_add_tcase(s, tc);
projects / thirdparty / strongswan.git / commitdiff
