diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 12:52:12 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-17 17:08:01 +0200 |
| commit | 90d07b2834651c2e4a341a5d78a9996422b9a23d (patch) | |
| tree | 68d01d228e4690239f231fc151d973ac3f33cee1 | |
| parent | 650dad4e18f458f60a2cdb43be32356753ed6518 (diff) | |
| download | gnutls-90d07b2834651c2e4a341a5d78a9996422b9a23d.tar.gz | |
tests: added Ed25519 key and certificate generation tests
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | tests/cert-tests/Makefile.am | 5 | ||||
| -rwxr-xr-x | tests/cert-tests/certtool-eddsa | 119 | ||||
| -rw-r--r-- | tests/cert-tests/data/cert-eddsa.pem | 36 |
3 files changed, 158 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 5487b11045..c5b270f06b 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -73,7 +73,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \ data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \ data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem \ - data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem + data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \ + data/cert-eddsa.pem dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ @@ -98,7 +99,7 @@ if ENABLE_DANE dist_check_SCRIPTS += dane endif -dist_check_SCRIPTS += certtool-rsa-pss +dist_check_SCRIPTS += certtool-rsa-pss certtool-eddsa TESTS = $(dist_check_SCRIPTS) diff --git a/tests/cert-tests/certtool-eddsa b/tests/cert-tests/certtool-eddsa new file mode 100755 index 0000000000..83326427f3 --- /dev/null +++ b/tests/cert-tests/certtool-eddsa @@ -0,0 +1,119 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +DIFF="${DIFF:-diff -b -B}" +KEYFILE=eddsa-privkey.$$.tmp +TMPFILE=eddsa.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + exit 77 +fi + +# Test certificate in internet draft +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-eddsa.pem" --outfile "${TMPFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "There was an issue parsing the certificate" + exit 1 +fi + +$DIFF -I 'Not After:' ${TMPFILE} "${srcdir}/data/cert-eddsa.pem" +if test $? != 0;then + echo "Error in parsing EdDSA cert" + exit 1 +fi + + +# Create an RSA-PSS private key, restricted to the use with RSA-PSS +${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \ + --eddsa --outfile "$KEYFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an EdDSA key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE" +rc=$? +if test "${rc}" != "0"; then + echo "Could not read generated an EdDSA key" + exit 1 +fi + +# Create an EdDSA certificate from an EdDSA private key +${VALGRIND} "${CERTTOOL}" --generate-self-signed \ + --pkcs8 --load-privkey "$KEYFILE" --password '' \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an EdDSA certificate from an EdDSA key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${TMPFILE}" --infile "${TMPFILE}" +rc=$? +if test "${rc}" != "0"; then + echo "There was an issue verifying the generated certificate (1)" + exit 1 +fi + +# Create an EdDSA certificate from an RSA key +${VALGRIND} "${CERTTOOL}" --generate-certificate --eddsa \ + --load-privkey ${KEYFILE} \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an EdDSA certificate $i" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${TMPFILE}" +rc=$? +if test "${rc}" != "0"; then + echo "There was an issue verifying the generated certificate (2)" + exit 1 +fi + + + +rm -f "${TMPFILE}" +rm -f "${KEYFILE}" + +exit 0 diff --git a/tests/cert-tests/data/cert-eddsa.pem b/tests/cert-tests/data/cert-eddsa.pem new file mode 100644 index 0000000000..b402a97042 --- /dev/null +++ b/tests/cert-tests/data/cert-eddsa.pem @@ -0,0 +1,36 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 5601474a2a8dc330 + Issuer: CN=IETF Test Demo + Validity: + Not Before: Mon Aug 01 12:19:24 UTC 2016 + Not After: Mon Dec 31 23:59:59 UTC 2040 + Subject: CN=IETF Test Demo + Subject Public Key Algorithm: ECDH (X25519) + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Usage (not critical): + Key agreement. + Subject Key Identifier (not critical): + 9b1f5eeded043385e4f7bc623c5975b90bc8bb3b + Signature Algorithm: EdDSA-Ed25519 + Signature: + af:23:01:fe:dd:c9:e6:ff:c1:cc:a7:3d:74:d6:48:a4 + 39:80:82:cd:db:69:b1:4e:4d:06:ec:f8:1a:25:ce:50 + d4:c2:c3:eb:74:6c:4e:dd:83:46:85:6e:c8:6f:3d:ce + 1a:18:65:c5:7a:c2:7b:50:a0:c3:50:07:f5:e7:d9:07 +Other Information: + Fingerprint: + sha1:8b011a41d9b72f9848b1dcbd3a038fa8c9d0a536 + sha256:180516f0a03e4893d234a28f3ad28921bc35d1b12bd35134847240dafb715a11 + +-----BEGIN CERTIFICATE----- +MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBU +ZXN0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYD +VQQDDA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oN +vzoNJjga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQE +AwIDCDAgBgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EA +ryMB/t3J5v/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3O +GhhlxXrCe1Cgw1AH9efZBw== +-----END CERTIFICATE----- |