diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-28 13:20:25 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-07-28 18:26:57 +0200 |
| commit | 7a91e420b6291eb76ea6ce3028893c88456992e9 (patch) | |
| tree | e971b9424a1064debca0236e0ada5ec64e702000 | |
| parent | 3e32282a27575680eaccea9a0bec8244545bce16 (diff) | |
| download | gnutls-7a91e420b6291eb76ea6ce3028893c88456992e9.tar.gz | |
tests: moved ecdsa tests to key-tests/
| -rw-r--r-- | tests/Makefile.am | 2 | ||||
| -rw-r--r-- | tests/ecdsa/Makefile.am | 31 | ||||
| -rwxr-xr-x | tests/ecdsa/ecdsa | 91 | ||||
| -rw-r--r-- | tests/key-tests/Makefile.am | 7 | ||||
| -rw-r--r-- | tests/key-tests/data/bad-key.pem (renamed from tests/ecdsa/bad-key.pem) | 0 | ||||
| -rwxr-xr-x | tests/key-tests/ecdsa | 100 |
6 files changed, 105 insertions, 126 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 8db56d0d6c..28bf437270 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -19,7 +19,7 @@ # along with this file; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -SUBDIRS = . cert-tests ocsp-tests key-tests sha2 safe-renegotiation scripts ecdsa \ +SUBDIRS = . cert-tests ocsp-tests key-tests sha2 safe-renegotiation scripts \ slow dtls srp windows if ENABLE_OPENPGP diff --git a/tests/ecdsa/Makefile.am b/tests/ecdsa/Makefile.am deleted file mode 100644 index 2db6c9a1e1..0000000000 --- a/tests/ecdsa/Makefile.am +++ /dev/null @@ -1,31 +0,0 @@ -## Process this file with automake to produce Makefile.in -# Copyright (C) 2007-2008, 2010, 2012 Free Software Foundation, Inc. -# -# Author: Simon Josefsson -# -# This file is part of GnuTLS. -# -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This file is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this file; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -EXTRA_DIST = bad-key.pem - -dist_check_SCRIPTS = ecdsa - -TESTS = ecdsa - -TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ - LC_ALL="C" \ - top_builddir="$(top_builddir)" \ - srcdir="$(srcdir)" diff --git a/tests/ecdsa/ecdsa b/tests/ecdsa/ecdsa deleted file mode 100755 index e5b48b91fa..0000000000 --- a/tests/ecdsa/ecdsa +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2011-2012 Free Software Foundation, Inc. -# -# Author: Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -#set -e - -srcdir="${srcdir:-.}" -CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" - -echo ca > template -echo "cn = ECDSA SHA 256 CA" >> template - -"${CERTTOOL}" --generate-privkey --ecc > key-ca-ecdsa.pem 2>/dev/null - -"${CERTTOOL}" -d 2 --generate-self-signed --template template \ - --load-privkey key-ca-ecdsa.pem \ - --outfile new-ca-ecdsa.pem \ - --hash sha256 >out 2>&1 - -if [ $? != 0 ]; then - cat out - exit 1 -fi - -echo ca > template -"${CERTTOOL}" --generate-privkey --ecc > key-subca-ecdsa.pem 2>/dev/null -echo "cn = ECDSA SHA 224 Mid CA" >> template - -"${CERTTOOL}" -d 2 --generate-certificate --template template \ - --load-ca-privkey key-ca-ecdsa.pem \ - --load-ca-certificate new-ca-ecdsa.pem \ - --load-privkey key-subca-ecdsa.pem \ - --outfile new-subca-ecdsa.pem \ - --hash sha224 >out 2>&1 - -if [ $? != 0 ]; then - cat out - exit 1 -fi - -echo "cn = End-user" > template - -"${CERTTOOL}" --generate-privkey --ecc > key-ecdsa.pem 2>/dev/null - -"${CERTTOOL}" -d 2 --generate-certificate --template template \ - --load-ca-privkey key-subca-ecdsa.pem \ - --load-ca-certificate new-subca-ecdsa.pem \ - --load-privkey key-ecdsa.pem \ - --outfile new-user.pem >out 2>&1 - -if [ $? != 0 ]; then - cat out - exit 1 -fi - -cat new-user.pem new-subca-ecdsa.pem new-ca-ecdsa.pem > out -"${CERTTOOL}" --verify-chain <out > verify - -if [ $? != 0 ]; then - cat verify - exit 1 -fi - -rm -f verify new-user.pem new-ca-ecdsa.pem new-subca-ecdsa.pem template out -rm -f key-subca-ecdsa.pem key-ca-ecdsa.pem key-ecdsa.pem - -"${CERTTOOL}" -k < "${srcdir}/bad-key.pem" | grep "validation failed" >/dev/null 2>&1 -if [ $? != 0 ]; then - echo "certtool didn't detect a bad ECDSA key." - exit 1 -fi - -exit 0 diff --git a/tests/key-tests/Makefile.am b/tests/key-tests/Makefile.am index b07d872be7..c2a004bb54 100644 --- a/tests/key-tests/Makefile.am +++ b/tests/key-tests/Makefile.am @@ -27,11 +27,12 @@ EXTRA_DIST = README data/key-ca.pem data/key-user.pem \ data/openssl-3des.p8 data/openssl-3des.p8.txt data/openssl-aes128.p8 \ data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \ data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \ - data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem + data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \ + data/bad-key.pem -dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa +dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa -TESTS = key-id pkcs8 pkcs8-decode +TESTS = key-id pkcs8 pkcs8-decode ecdsa if !WINDOWS TESTS += dsa diff --git a/tests/ecdsa/bad-key.pem b/tests/key-tests/data/bad-key.pem index 6dfb622dab..6dfb622dab 100644 --- a/tests/ecdsa/bad-key.pem +++ b/tests/key-tests/data/bad-key.pem diff --git a/tests/key-tests/ecdsa b/tests/key-tests/ecdsa new file mode 100755 index 0000000000..c6e1bd8f7c --- /dev/null +++ b/tests/key-tests/ecdsa @@ -0,0 +1,100 @@ +#!/bin/sh + +# Copyright (C) 2011-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +TMPFILE=ecdsa.$$.tmp +TMPCA=ecdsa-ca.$$.tmp +TMPCAKEY=ecdsa-ca-key.$$.tmp +TMPSUBCA=ecdsa-subca.$$.tmp +TMPSUBCAKEY=ecdsa-subca-key.$$.tmp +TMPKEY=ecdsa-key.$$.tmp +TMPTEMPL=template.$$.tmp +TMPUSER=user.$$.tmp +VERIFYOUT=verify.$$.tmp + +echo ca > $TMPTEMPL +echo "cn = ECDSA SHA 256 CA" >> $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --ecc > $TMPCAKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \ + --load-privkey $TMPCAKEY \ + --outfile $TMPCA \ + --hash sha256 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TMPTEMPL +"${CERTTOOL}" --generate-privkey --ecc > $TMPSUBCAKEY 2>/dev/null +echo "cn = ECDSA SHA 224 Mid CA" >> $TMPTEMPL + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPCAKEY \ + --load-ca-certificate $TMPCA \ + --load-privkey $TMPSUBCAKEY \ + --outfile $TMPSUBCA \ + --hash sha224 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --ecc > $TMPKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + +if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 +fi + +rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE +rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY + +"${CERTTOOL}" -k < "${srcdir}/data/bad-key.pem" | grep "validation failed" >/dev/null 2>&1 +if [ $? != 0 ]; then + echo "certtool didn't detect a bad ECDSA key." + exit 1 +fi + +exit 0 |