diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-28 13:24:55 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-07-28 18:26:57 +0200 |
commit | b8cf82522597a7d85e014c18cf4b60f63fb0640e (patch) | |
tree | 39adf3f30e88569dd74defc81ca75298d19b090b | |
parent | 7a91e420b6291eb76ea6ce3028893c88456992e9 (diff) | |
download | gnutls-b8cf82522597a7d85e014c18cf4b60f63fb0640e.tar.gz |
tests: moved sha2 tests into cert-tests/
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/cert-tests/Makefile.am | 6 | ||||
-rw-r--r-- | tests/cert-tests/data/key-ca-dsa.pem (renamed from tests/sha2/key-ca-dsa.pem) | 0 | ||||
-rw-r--r-- | tests/cert-tests/data/key-ca.pem (renamed from tests/sha2/key-ca.pem) | 0 | ||||
-rw-r--r-- | tests/cert-tests/data/key-dsa.pem (renamed from tests/sha2/key-dsa.pem) | 0 | ||||
-rw-r--r-- | tests/cert-tests/data/key-subca-dsa.pem (renamed from tests/sha2/key-subca-dsa.pem) | 0 | ||||
-rw-r--r-- | tests/cert-tests/data/key-subca.pem (renamed from tests/sha2/key-subca.pem) | 0 | ||||
-rw-r--r-- | tests/cert-tests/data/key-subsubca.pem (renamed from tests/sha2/key-subsubca.pem) | 0 | ||||
-rw-r--r-- | tests/cert-tests/data/key-user.pem (renamed from tests/sha2/key-user.pem) | 0 | ||||
-rwxr-xr-x | tests/cert-tests/sha2-dsa-test | 85 | ||||
-rwxr-xr-x | tests/cert-tests/sha2-test | 101 | ||||
-rw-r--r-- | tests/sha2/Makefile.am | 32 | ||||
-rwxr-xr-x | tests/sha2/sha2 | 94 | ||||
-rwxr-xr-x | tests/sha2/sha2-dsa | 79 |
14 files changed, 191 insertions, 208 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 28bf437270..d43501dc49 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -19,7 +19,7 @@ # along with this file; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -SUBDIRS = . cert-tests ocsp-tests key-tests sha2 safe-renegotiation scripts \ +SUBDIRS = . cert-tests ocsp-tests key-tests safe-renegotiation scripts \ slow dtls srp windows if ENABLE_OPENPGP diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index e9cfa171e8..94349f3bae 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -51,11 +51,13 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/arb-extensions.csr data/pkcs1-pad-ok.pem data/pkcs1-pad-broken.pem \ data/pkcs1-pad-ok2.pem data/pkcs1-pad-broken2.pem data/pkcs1-pad-broken3.pem \ data/client.p12 data/noclient.p12 data/unclient.p12 data/pkcs12_2certs.p12 \ - data/pkcs12_5certs.p12 data/test-null.p12 data/cert-ca.p12 data/sha256.p12 + data/pkcs12_5certs.p12 data/test-null.p12 data/cert-ca.p12 data/sha256.p12 \ + data/key-ca.pem data/key-subca.pem data/key-subsubca.pem data/key-user.pem \ + data/key-dsa.pem data/key-ca-dsa.pem data/key-subca-dsa.pem dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ - provable-dh userid + provable-dh userid sha2-test sha2-dsa-test if !ENABLE_FIPS140 dist_check_SCRIPTS += pkcs12 diff --git a/tests/sha2/key-ca-dsa.pem b/tests/cert-tests/data/key-ca-dsa.pem index 3510e9526c..3510e9526c 100644 --- a/tests/sha2/key-ca-dsa.pem +++ b/tests/cert-tests/data/key-ca-dsa.pem diff --git a/tests/sha2/key-ca.pem b/tests/cert-tests/data/key-ca.pem index 885c32c9ec..885c32c9ec 100644 --- a/tests/sha2/key-ca.pem +++ b/tests/cert-tests/data/key-ca.pem diff --git a/tests/sha2/key-dsa.pem b/tests/cert-tests/data/key-dsa.pem index dcb30ea022..dcb30ea022 100644 --- a/tests/sha2/key-dsa.pem +++ b/tests/cert-tests/data/key-dsa.pem diff --git a/tests/sha2/key-subca-dsa.pem b/tests/cert-tests/data/key-subca-dsa.pem index 98f74e318d..98f74e318d 100644 --- a/tests/sha2/key-subca-dsa.pem +++ b/tests/cert-tests/data/key-subca-dsa.pem diff --git a/tests/sha2/key-subca.pem b/tests/cert-tests/data/key-subca.pem index bf782b5e53..bf782b5e53 100644 --- a/tests/sha2/key-subca.pem +++ b/tests/cert-tests/data/key-subca.pem diff --git a/tests/sha2/key-subsubca.pem b/tests/cert-tests/data/key-subsubca.pem index fca7c9d1d2..fca7c9d1d2 100644 --- a/tests/sha2/key-subsubca.pem +++ b/tests/cert-tests/data/key-subsubca.pem diff --git a/tests/sha2/key-user.pem b/tests/cert-tests/data/key-user.pem index 6b3b30d837..6b3b30d837 100644 --- a/tests/sha2/key-user.pem +++ b/tests/cert-tests/data/key-user.pem diff --git a/tests/cert-tests/sha2-dsa-test b/tests/cert-tests/sha2-dsa-test new file mode 100755 index 0000000000..955d5ae84f --- /dev/null +++ b/tests/cert-tests/sha2-dsa-test @@ -0,0 +1,85 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +TEMPLFILE=template-dsa.$$.tmp +CAFILE=ca-dsa.$$.tmp +SUBCAFILE=subca-dsa.$$.tmp +TMPFILE=sha2-dsa.$$.tmp +USERFILE=user-dsa.$$.tmp +VERIFYFILE=verify-dsa.$$.tmp + +echo ca > $TEMPLFILE +echo "cn = SHA 256 CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TEMPLFILE \ + --load-privkey "${srcdir}/data/key-ca-dsa.pem" \ + --outfile $CAFILE \ + --hash sha256 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 224 Mid CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-ca-dsa.pem" \ + --load-ca-certificate $CAFILE \ + --load-privkey "${srcdir}/data/key-subca-dsa.pem" \ + --outfile $SUBCAFILE \ + --hash sha224 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-subca-dsa.pem" \ + --load-ca-certificate $SUBCAFILE \ + --load-privkey "${srcdir}/data/key-dsa.pem" \ + --outfile $USERFILE >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $USERFILE $SUBCAFILE $CAFILE > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYFILE + +if [ $? != 0 ]; then + cat $VERIFYFILE + exit 1 +fi + +rm -f $VERIFYFILE $USERFILE $CAFILE $SUBCAFILE $TEMPLFILE $TMPFILE + +exit 0 diff --git a/tests/cert-tests/sha2-test b/tests/cert-tests/sha2-test new file mode 100755 index 0000000000..9447518b76 --- /dev/null +++ b/tests/cert-tests/sha2-test @@ -0,0 +1,101 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +TEMPLFILE=template.$$.tmp +CAFILE=ca.$$.tmp +SUBCAFILE=subca.$$.tmp +SUBSUBCAFILE=subsubca.$$.tmp +TMPFILE=sha2.$$.tmp +USERFILE=user.$$.tmp +VERIFYFILE=verify.$$.tmp + +echo ca > $TEMPLFILE +echo "cn = SHA 512 CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TEMPLFILE \ + --load-privkey "${srcdir}/data/key-ca.pem" \ + --outfile $CAFILE \ + --hash sha512 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 384 sub-CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-ca.pem" \ + --load-ca-certificate $CAFILE \ + --load-privkey "${srcdir}/data/key-subca.pem" \ + --outfile $SUBCAFILE \ + --hash sha384 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 256 sub-sub-CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-subca.pem" \ + --load-ca-certificate $SUBCAFILE \ + --load-privkey "${srcdir}/data/key-subsubca.pem" \ + --outfile $SUBSUBCAFILE \ + --hash sha256 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-subsubca.pem" \ + --load-ca-certificate $SUBSUBCAFILE \ + --load-privkey "${srcdir}/data/key-user.pem" \ + --outfile $USERFILE >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +num=`cat $USERFILE $SUBSUBCAFILE $SUBCAFILE $CAFILE | "${CERTTOOL}" --verify-chain | tee $VERIFYFILE | grep -c Verified` +#cat verify + +if test "${num}" != "4"; then + echo Verification failure + exit 1 +fi + +rm -f $VERIFYFILE $USERFILE $SUBSUBCAFILE $SUBCAFILE $CAFILE $TEMPLFILE $TMPFILE + +exit 0 diff --git a/tests/sha2/Makefile.am b/tests/sha2/Makefile.am deleted file mode 100644 index 187239f114..0000000000 --- a/tests/sha2/Makefile.am +++ /dev/null @@ -1,32 +0,0 @@ -## Process this file with automake to produce Makefile.in -# Copyright (C) 2007-2008, 2010, 2012 Free Software Foundation, Inc. -# -# Author: Simon Josefsson -# -# This file is part of GnuTLS. -# -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This file is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this file; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -EXTRA_DIST = key-ca.pem key-subca.pem key-subsubca.pem key-user.pem key-dsa.pem \ - key-ca-dsa.pem key-subca-dsa.pem - -dist_check_SCRIPTS = sha2 sha2-dsa - -TESTS = sha2 sha2-dsa - -TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ - LC_ALL="C" \ - top_builddir="$(top_builddir)" \ - srcdir="$(srcdir)" diff --git a/tests/sha2/sha2 b/tests/sha2/sha2 deleted file mode 100755 index 8b77ea4502..0000000000 --- a/tests/sha2/sha2 +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. -# -# Author: Simon Josefsson -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -#set -e - -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" - -echo ca > template-sha2 -echo "cn = SHA 512 CA" >> template-sha2 - -"${CERTTOOL}" -d 2 --generate-self-signed --template template-sha2 \ - --load-privkey "${srcdir}/key-ca.pem" \ - --outfile new-ca.pem \ - --hash sha512 >out 2>&1 - -if [ $? != 0 ]; then - cat out - exit 1 -fi - -echo ca > template-sha2 -echo "cn = SHA 384 sub-CA" >> template-sha2 - -"${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \ - --load-ca-privkey "${srcdir}/key-ca.pem" \ - --load-ca-certificate new-ca.pem \ - --load-privkey "${srcdir}/key-subca.pem" \ - --outfile new-subca.pem \ - --hash sha384 >out 2>&1 - -if [ $? != 0 ]; then - cat out - exit 1 -fi - -echo ca > template-sha2 -echo "cn = SHA 256 sub-sub-CA" >> template-sha2 - -"${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \ - --load-ca-privkey "${srcdir}/key-subca.pem" \ - --load-ca-certificate new-subca.pem \ - --load-privkey "${srcdir}/key-subsubca.pem" \ - --outfile new-subsubca.pem \ - --hash sha256 >out 2>&1 - -if [ $? != 0 ]; then - cat out - exit 1 -fi - -echo "cn = End-user" > template-sha2 - -"${CERTTOOL}" -d 2 --generate-certificate --template template-sha2 \ - --load-ca-privkey "${srcdir}/key-subsubca.pem" \ - --load-ca-certificate new-subsubca.pem \ - --load-privkey "${srcdir}/key-user.pem" \ - --outfile new-user.pem >out 2>&1 - -if [ $? != 0 ]; then - cat out - exit 1 -fi - -num=`cat new-user.pem new-subsubca.pem new-subca.pem new-ca.pem | "${CERTTOOL}" --verify-chain | tee verify-sha2 | grep -c Verified` -#cat verify - -if test "${num}" != "4"; then - echo Verification failure - exit 1 -fi - -rm -f verify-sha2 new-user.pem new-subsubca.pem new-subca.pem new-ca.pem template-sha2 out - -exit 0 diff --git a/tests/sha2/sha2-dsa b/tests/sha2/sha2-dsa deleted file mode 100755 index b2b673f297..0000000000 --- a/tests/sha2/sha2-dsa +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. -# -# Author: Simon Josefsson -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -#set -e - -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" - -echo ca > template-dsa -echo "cn = SHA 256 CA" >> template-dsa - -"${CERTTOOL}" -d 2 --generate-self-signed --template template-dsa \ - --load-privkey "${srcdir}/key-ca-dsa.pem" \ - --outfile new-ca-dsa.pem \ - --hash sha256 >out-dsa 2>&1 - -if [ $? != 0 ]; then - cat out-dsa - exit 1 -fi - -echo ca > template-dsa -echo "cn = SHA 224 Mid CA" >> template-dsa - -"${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \ - --load-ca-privkey "${srcdir}/key-ca-dsa.pem" \ - --load-ca-certificate new-ca-dsa.pem \ - --load-privkey "${srcdir}/key-subca-dsa.pem" \ - --outfile new-subca-dsa.pem \ - --hash sha224 >out-dsa 2>&1 - -if [ $? != 0 ]; then - cat out-dsa - exit 1 -fi - -echo "cn = End-user" > template-dsa - -"${CERTTOOL}" -d 2 --generate-certificate --template template-dsa \ - --load-ca-privkey "${srcdir}/key-subca-dsa.pem" \ - --load-ca-certificate new-subca-dsa.pem \ - --load-privkey "${srcdir}/key-dsa.pem" \ - --outfile new-user-dsa.pem >out-dsa 2>&1 - -if [ $? != 0 ]; then - cat out-dsa - exit 1 -fi - -cat new-user-dsa.pem new-subca-dsa.pem new-ca-dsa.pem > out-dsa -"${CERTTOOL}" --verify-chain <out-dsa > verify-dsa - -if [ $? != 0 ]; then - cat verify-dsa - exit 1 -fi - -rm -f verify-dsa new-user-dsa.pem new-ca-dsa.pem new-subca-dsa.pem template-dsa out-dsa - -exit 0 |