From: Armin Burgmeier Date: Tue, 23 Sep 2014 20:12:38 +0000 (-0400) Subject: Check the credentials getter functions as part of the unit tests X-Git-Tag: gnutls_3_4_0~877 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee8c7e76eeb3f2be3cf5b112fa10a17e8441da4a;p=thirdparty%2Fgnutls.git Check the credentials getter functions as part of the unit tests --- diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c index 67faf73898..82e37126c2 100644 --- a/tests/openpgp-auth.c +++ b/tests/openpgp-auth.c @@ -64,6 +64,49 @@ int key_recv_func(gnutls_session_t session, const unsigned char *keyfpr, return 0; } +void check_loaded_key(gnutls_certificate_credentials_t cred) +{ + int err; + gnutls_openpgp_privkey_t key; + gnutls_openpgp_crt_t *crts; + int n_crts; + gnutls_datum_t datum; + gnutls_openpgp_keyid_t keyid; + int i; + + /* check that the getter functions for openpgp keys of + * gnutls_certificate_credentials_t work and deliver the + * expected key ID. */ + + err = gnutls_certificate_get_openpgp_key(cred, 0, &key); + if (err != 0) + fail("get openpgp key %s\n", + gnutls_strerror(err)); + + gnutls_openpgp_privkey_get_subkey_id(key, 0, keyid); + if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 || + keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba) + fail("incorrect key id (privkey)\n"); + + err = gnutls_certificate_get_openpgp_crt(cred, 0, &crts, &n_crts); + if (err != 0) + fail("get openpgp crts %s\n", + gnutls_strerror(err)); + + if (n_crts != 1) + fail("openpgp n_crts != 1\n"); + + gnutls_openpgp_crt_get_subkey_id(crts[0], 0, keyid); + if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 || keyid[3] != 0x23 || + keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 || keyid[7] != 0xba) + fail("incorrect key id (pubkey)\n"); + + for (i = 0; i < n_crts; ++i) + gnutls_openpgp_crt_deinit(crts[i]); + gnutls_free(crts); + gnutls_openpgp_privkey_deinit(key); +} + void doit() { int err, i; @@ -151,6 +194,8 @@ void doit() fail("client openpgp keys %s\n", gnutls_strerror(err)); + check_loaded_key(cred); + err = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, @@ -230,6 +275,8 @@ void doit() fail("server openpgp keys %s\n", gnutls_strerror(err)); + check_loaded_key(cred); + err = gnutls_dh_params_init(&dh_params); if (err) fail("server DH params init %d\n", err); diff --git a/tests/x509cert.c b/tests/x509cert.c index 853e7e78e7..4e07ae5661 100644 --- a/tests/x509cert.c +++ b/tests/x509cert.c @@ -64,7 +64,7 @@ static unsigned char ca_pem[] = "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n" "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n" "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n"; -const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) }; +const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) - 1}; static unsigned char cert_pem[] = "-----BEGIN CERTIFICATE-----\n" @@ -92,7 +92,7 @@ static unsigned char cert_pem[] = "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n" "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n" "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n"; -const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) }; +const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) - 1}; static unsigned char key_pem[] = "-----BEGIN RSA PRIVATE KEY-----\n" @@ -110,7 +110,7 @@ static unsigned char key_pem[] = "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" "-----END RSA PRIVATE KEY-----\n"; -const gnutls_datum_t key = { key_pem, sizeof(key_pem) }; +const gnutls_datum_t key = { key_pem, sizeof(key_pem) - 1}; static unsigned char server_cert_pem[] = "-----BEGIN CERTIFICATE-----\n" @@ -129,7 +129,7 @@ static unsigned char server_cert_pem[] = "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) + sizeof(server_cert_pem) - 1 }; static unsigned char server_key_pem[] = @@ -150,7 +150,7 @@ static unsigned char server_key_pem[] = "-----END RSA PRIVATE KEY-----\n"; const gnutls_datum_t server_key = { server_key_pem, - sizeof(server_key_pem) + sizeof(server_key_pem) - 1 }; #define LIST_SIZE 3 @@ -165,6 +165,15 @@ void doit(void) size_t dn_size; unsigned int list_size; + gnutls_x509_privkey_t get_key; + gnutls_x509_crt_t *get_crts; + int n_get_crts; + gnutls_datum_t get_datum; + gnutls_x509_trust_list_t trust_list; + gnutls_x509_trust_list_iter_t trust_iter; + gnutls_x509_crt_t get_ca_crt; + int n_get_ca_crts; + /* this must be called once in the program */ global_init(); @@ -203,6 +212,94 @@ void doit(void) if (debug) fprintf(stderr, "Issuer's DN: %s\n", dn); + + /* test the getter functions of gnutls_certificate_credentials_t */ + + ret = + gnutls_certificate_get_x509_key(x509_cred, 0, &get_key); + if (ret < 0) + fail("gnutls_certificate_get_x509_key"); + + ret = + gnutls_x509_privkey_export2(get_key, + GNUTLS_X509_FMT_PEM, + &get_datum); + if (ret < 0) + fail("gnutls_x509_privkey_export2"); + + if (get_datum.size != server_key.size || + memcmp(get_datum.data, server_key.data, get_datum.size) != 0) { + fail( + "exported key %u vs. %u\n\n%s\n\nvs.\n\n%s", + get_datum.size, server_key.size, + get_datum.data, server_key.data); + } + + gnutls_free(get_datum.data); + + ret = + gnutls_certificate_get_x509_crt(x509_cred, 0, &get_crts, &n_get_crts); + if (ret < 0) + fail("gnutls_certificate_get_x509_crt"); + if (n_get_crts != 1) + fail("gnutls_certificate_get_x509_crt: n_crts != 1"); + + ret = + gnutls_x509_crt_export2(get_crts[0], + GNUTLS_X509_FMT_PEM, + &get_datum); + if (ret < 0) + fail("gnutls_x509_crt_export2"); + + if (get_datum.size != server_cert.size || + memcmp(get_datum.data, server_cert.data, get_datum.size) != 0) { + fail( + "exported certificate %u vs. %u\n\n%s\n\nvs.\n\n%s", + get_datum.size, server_cert.size, + get_datum.data, server_cert.data); + } + + gnutls_free(get_datum.data); + + gnutls_certificate_get_trust_list(x509_cred, &trust_list); + + n_get_ca_crts = 0; + trust_iter = NULL; + while (gnutls_x509_trust_list_iter_get_ca(trust_list, + &trust_iter, + &get_ca_crt) != + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + ret = + gnutls_x509_crt_export2(get_ca_crt, + GNUTLS_X509_FMT_PEM, + &get_datum); + if (ret < 0) + fail("gnutls_x509_crt_export2"); + + if (get_datum.size != ca.size || + memcmp(get_datum.data, ca.data, get_datum.size) != 0) { + fail( + "exported CA certificate %u vs. %u\n\n%s\n\nvs.\n\n%s", + get_datum.size, ca.size, + get_datum.data, ca.data); + } + + gnutls_x509_crt_deinit(get_ca_crt); + gnutls_free(get_datum.data); + + ++n_get_ca_crts; + } + + if (n_get_ca_crts != 1) + fail("gnutls_x509_trust_list_iter_get_ca: n_cas != 1"); + if (trust_iter != NULL) + fail("gnutls_x509_trust_list_iter_get_ca: iterator not NULL after iteration"); + + gnutls_x509_privkey_deinit(get_key); + for (i = 0; i < n_get_crts; i++) + gnutls_x509_crt_deinit(get_crts[i]); + gnutls_free(get_crts); + for (i = 0; i < list_size; i++) gnutls_x509_crt_deinit(list[i]); gnutls_certificate_free_credentials(x509_cred);