diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2016-11-17 10:47:16 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-06-23 12:20:16 +0300 |
commit | 997d545253fae46a85d17ddc3e7ebe8686fddc23 (patch) | |
tree | aad45e51d589f6148c394bd699dd2a44830effca | |
parent | d65145ae146b301b34f4c0a3445842226ceef69e (diff) | |
download | gnutls-997d545253fae46a85d17ddc3e7ebe8686fddc23.tar.gz |
Expand x509 sign/verify test with GOST algorithms
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/x509sign-verify-common.h | 39 | ||||
-rw-r--r-- | tests/x509sign-verify-gost.c | 65 |
3 files changed, 106 insertions, 1 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index c0beb5acda..437da63e6e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -159,7 +159,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei client-sign-md5-rep tls12-invalid-key-exchanges session-rdn-read \ tls13-cert-key-exchange x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \ server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \ - x509sign-verify-rsa x509sign-verify-ecdsa mini-alignment oids atfork prf psk-file \ + x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \ + mini-alignment oids atfork prf psk-file \ status-request status-request-ok status-request-missing sign-verify-ext \ fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert \ key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \ diff --git a/tests/x509sign-verify-common.h b/tests/x509sign-verify-common.h index 9f87229403..d7f3b41cfa 100644 --- a/tests/x509sign-verify-common.h +++ b/tests/x509sign-verify-common.h @@ -21,6 +21,39 @@ const gnutls_datum_t sha256_data = { 32 }; +/* gost r 34.11-94 hash of "hello" string */ +const gnutls_datum_t gostr94_data = { + (void *) + "\x92\xea\x6d\xdb\xaf\x40\x02\x0d\xf3\x65" + "\x1f\x27\x8f\xd7\x15\x12\x17\xa2\x4a\xa8" + "\xd2\x2e\xbd\x25\x19\xcf\xd4\xd8\x9e\x64" + "\x50\xea", + 32 +}; + +/* Streebog-256 hash of "hello" string */ +const gnutls_datum_t streebog256_data = { + (void *) + "\x3f\xb0\x70\x0a\x41\xce\x6e\x41\x41\x3b" + "\xa7\x64\xf9\x8b\xf2\x13\x5b\xa6\xde\xd5" + "\x16\xbe\xa2\xfa\xe8\x42\x9c\xc5\xbd\xd4" + "\x6d\x6d", + 32 +}; + +/* Streebog-512 hash of "hello" string */ +const gnutls_datum_t streebog512_data = { + (void *) + "\x8d\xf4\x14\x26\x09\x66\xbe\xb7\xb3\x4d" + "\x92\x07\x63\x07\x9e\x15\xdf\x1f\x63\x29" + "\x7e\xb3\xdd\x43\x11\xe8\xb5\x85\xd4\xbf" + "\x2f\x59\x23\x21\x4f\x1d\xfe\xd3\xfd\xee" + "\x4a\xaf\x01\x83\x30\xa1\x2a\xcd\xe0\xef" + "\xcc\x33\x8e\xb5\x29\x22\xf3\xe5\x71\x21" + "\x2d\x42\xc8\xde", + 64 +}; + const gnutls_datum_t invalid_hash_data = { (void *) "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe" @@ -78,6 +111,12 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits) vflags |= GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1; } else if (hash == GNUTLS_DIG_SHA256) hash_data = &sha256_data; + else if (hash == GNUTLS_DIG_GOSTR_94) + hash_data = &gostr94_data; + else if (hash == GNUTLS_DIG_STREEBOG_256) + hash_data = &streebog256_data; + else if (hash == GNUTLS_DIG_STREEBOG_512) + hash_data = &streebog512_data; else abort(); diff --git a/tests/x509sign-verify-gost.c b/tests/x509sign-verify-gost.c new file mode 100644 index 0000000000..9a5c2eca7e --- /dev/null +++ b/tests/x509sign-verify-gost.c @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2016-2017 Free Software Foundation, Inc. + * + * Author: Dmitry Eremin-Solenikov + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifndef _WIN32 +# include <sys/types.h> +# include <netinet/in.h> +# include <sys/socket.h> +# include <arpa/inet.h> +# include <unistd.h> +#endif +#include <gnutls/gnutls.h> +#include <gnutls/x509.h> +#include <gnutls/abstract.h> + +#include "utils.h" + +#include "x509sign-verify-common.h" + +void doit(void) +{ +#ifndef ENABLE_GOST + exit(77); +#else + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + test_sig(GNUTLS_PK_GOST_01, GNUTLS_DIG_GOSTR_94, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA)); + test_sig(GNUTLS_PK_GOST_12_256, GNUTLS_DIG_STREEBOG_256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA)); + test_sig(GNUTLS_PK_GOST_01, GNUTLS_DIG_GOSTR_94, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPXA)); + test_sig(GNUTLS_PK_GOST_12_256, GNUTLS_DIG_STREEBOG_256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPXA)); + test_sig(GNUTLS_PK_GOST_12_512, GNUTLS_DIG_STREEBOG_512, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A)); + + gnutls_global_deinit(); +#endif +} |