]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
tests: pkcs11-pubkey-import will check both RSA and ECDSA keys
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 31 Dec 2015 11:38:34 +0000 (13:38 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 31 Dec 2015 11:52:27 +0000 (13:52 +0200)
tests/suite/Makefile.am
tests/suite/pkcs11-pubkey-import-ecdsa.c [new file with mode: 0644]
tests/suite/pkcs11-pubkey-import-rsa.c [new file with mode: 0644]
tests/suite/pkcs11-pubkey-import.c

index 0d82b1580b17f60fa07e7783d53859968a6868fa..6f2c9e8f4148793cf08cd63f41421bc3400848fd 100644 (file)
@@ -90,8 +90,8 @@ nodist_check_SCRIPTS = testsrn.sh chain.sh invalid-cert.sh \
        testrandom.sh
 
 if ENABLE_PKCS11
-check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import
-nodist_check_SCRIPTS += testpkcs11.sh pkcs11-chainverify pkcs11-get-issuer crl-test pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import
+check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import-rsa pkcs11-pubkey-import-ecdsa
+nodist_check_SCRIPTS += testpkcs11.sh pkcs11-chainverify pkcs11-get-issuer crl-test pkcs11-is-known pkcs11-combo pkcs11-privkey pkcs11-pubkey-import-ecdsa pkcs11-pubkey-import-rsa
 endif
 
 TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
diff --git a/tests/suite/pkcs11-pubkey-import-ecdsa.c b/tests/suite/pkcs11-pubkey-import-ecdsa.c
new file mode 100644 (file)
index 0000000..fb4f8ad
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2015 Nikos Mavrogiannopoulos
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <unistd.h>
+
+#define CONFIG_NAME "softhsm-pubkey-import-ecdsa"
+#define CONFIG CONFIG_NAME".config"
+
+#include "pkcs11-pubkey-import.c"
+
+void doit(void)
+{
+       success("Testing ECDSA key\n");
+       return try(0);
+}
diff --git a/tests/suite/pkcs11-pubkey-import-rsa.c b/tests/suite/pkcs11-pubkey-import-rsa.c
new file mode 100644 (file)
index 0000000..ad0596f
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2015 Nikos Mavrogiannopoulos
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <unistd.h>
+
+#define CONFIG_NAME "softhsm-pubkey-import-rsa"
+#define CONFIG CONFIG_NAME".config"
+
+#include "pkcs11-pubkey-import.c"
+
+void doit(void)
+{
+       success("Testing RSA key\n");
+       return try(1);
+}
index a4845302c54f34abfe7324365ae587fbfbb238c2..c286652b20177d9d3c5c99e70b1660dd39bf621a 100644 (file)
@@ -40,8 +40,6 @@
 /* Tests whether gnutls_pubkey_import_privkey works well for 
  * RSA keys under PKCS #11 */
 
-#define CONFIG_NAME "softhsm-privkey"
-#define CONFIG CONFIG_NAME".config"
 
 #include "../cert-common.h"
 
@@ -65,10 +63,9 @@ int pin_func(void* userdata, int attempt, const char* url, const char *label,
        return -1;
 }
 
-void doit(void)
+void try(int rsa)
 {
        char buf[128];
-       int exit_val = 0;
        int ret, pk;
        const char *lib, *bin;
        gnutls_x509_crt_t crt;
@@ -76,6 +73,7 @@ void doit(void)
        gnutls_datum_t tmp, sig;
        gnutls_privkey_t pkey;
        gnutls_pubkey_t pubkey;
+       gnutls_pubkey_t pubkey2;
 
        bin = softhsm_bin();
 
@@ -112,7 +110,7 @@ void doit(void)
        }
 
        ret =
-           gnutls_x509_crt_import(crt, &server_cert,
+           gnutls_x509_crt_import(crt, rsa?&server_cert:&server_ecc_cert,
                                   GNUTLS_X509_FMT_PEM);
        if (ret < 0) {
                fprintf(stderr,
@@ -140,7 +138,7 @@ void doit(void)
        }
 
        ret =
-           gnutls_x509_privkey_import(key, &server_key,
+           gnutls_x509_privkey_import(key, rsa?&server_key:&server_ecc_key,
                                   GNUTLS_X509_FMT_PEM);
        if (ret < 0) {
                fprintf(stderr,
@@ -192,20 +190,27 @@ void doit(void)
        assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0);
 
        pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
-       /* check whether privkey and pubkey are operational */
+
+       /* check whether privkey and pubkey are operational
+        * by signing and verifying */
        assert(gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig) == 0);
+
+       /* verify against the raw pubkey */
+       assert(gnutls_pubkey_init(&pubkey2) == 0);
+       assert(gnutls_pubkey_import_x509_raw(pubkey2, rsa?&server_cert:&server_ecc_cert, GNUTLS_X509_FMT_PEM, 0) == 0);
+       assert(gnutls_pubkey_verify_data2(pubkey2, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0);
+
+       /* verify against the pubkey in PKCS #11 */
        assert(gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0);
 
        gnutls_free(sig.data);
 
+       gnutls_pubkey_deinit(pubkey2);
        gnutls_pubkey_deinit(pubkey);
        gnutls_privkey_deinit(pkey);
 
        gnutls_global_deinit();
 
-       if (debug)
-               printf("Exit status...%d\n", exit_val);
        remove(CONFIG);
-
-       exit(exit_val);
 }
+