diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-06 09:42:22 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-17 17:08:01 +0200 |
| commit | 96573d79e159a9a5748e2c525618700c44d9787c (patch) | |
| tree | a21b0a840feb45ca1697059968349d04c9425a72 | |
| parent | c7882d14411b5f24d859283c3c930fdf295eadd5 (diff) | |
| download | gnutls-96573d79e159a9a5748e2c525618700c44d9787c.tar.gz | |
tests: pkcs7: added ed25519 basic signing and verification checks
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | tests/Makefile.am | 1 | ||||
| -rw-r--r-- | tests/cert-tests/Makefile.am | 4 | ||||
| -rw-r--r-- | tests/cert-tests/data/pkcs7-eddsa-sig.p7s | bin | 0 -> 776 bytes | |||
| -rwxr-xr-x | tests/cert-tests/pkcs7 | 6 | ||||
| -rwxr-xr-x | tests/cert-tests/pkcs7-eddsa | 124 | ||||
| -rw-r--r-- | tests/certs/cert-ed25519.pem | 12 | ||||
| -rw-r--r-- | tests/certs/ed25519.pem | 25 |
7 files changed, 169 insertions, 3 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 4d1553f672..46fa9a553f 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -30,6 +30,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ certs/cert-rsa-2432.pem certs/ecc384.pem certs/ecc.pem hex.h \ certs/ca-ecc.pem certs/cert-ecc384.pem certs/cert-ecc.pem certs/ecc256.pem \ certs/ecc521.pem certs/rsa-2432.pem x509cert-dir/ca.pem psk.passwd \ + certs/ed25519.pem certs/cert-ed25519.pem \ system.prio pkcs11/softhsm.h pkcs11/pkcs11-pubkey-import.c gnutls-asan.supp \ rsa-md5-collision/README safe-renegotiation/README starttls-smtp.txt starttls-ftp.txt \ starttls-lmtp.txt starttls-pop3.txt starttls-nntp.txt starttls-sieve.txt \ diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 8c1b508827..7b630f48f5 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -74,7 +74,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \ data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem \ data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \ - data/cert-eddsa.pem data/pubkey-eddsa.pem + data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ @@ -82,7 +82,7 @@ dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \ pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity cert-critical \ pkcs12 certtool-crl-decoding pkcs12-encode pkcs12-corner-cases inhibit-anypolicy \ - smime cert-time alt-chain pkcs7-list-sign + smime cert-time alt-chain pkcs7-list-sign pkcs7-eddsa if WANT_TEST_SUITE dist_check_SCRIPTS += provable-dh-default diff --git a/tests/cert-tests/data/pkcs7-eddsa-sig.p7s b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s Binary files differnew file mode 100644 index 0000000000..911b8c17ea --- /dev/null +++ b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index f32dc46766..77726d7829 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -142,7 +142,11 @@ fi # Test cert combination FILE="p7-combined" -cat "${srcdir}/../certs"/cert*.pem >"${OUTFILE2}" + +rm -f "${OUTFILE2}" +for i in cert-ecc256.pem cert-ecc521.pem cert-ecc384.pem cert-ecc.pem cert-rsa-2432.pem;do + cat "${srcdir}/../certs"/$i >>"${OUTFILE2}" +done ${VALGRIND} "${CERTTOOL}" --p7-generate --load-certificate "${OUTFILE2}" >"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/pkcs7-eddsa b/tests/cert-tests/pkcs7-eddsa new file mode 100755 index 0000000000..ea61227399 --- /dev/null +++ b/tests/cert-tests/pkcs7-eddsa @@ -0,0 +1,124 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/> + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +DIFF="${DIFF:-diff -b -B}" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp +OUTFILE2=out2-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +check_for_datefudge + +KEY="${srcdir}/../certs/ed25519.pem" +CERT="${srcdir}/../certs/cert-ed25519.pem" + +# Test verification of saved file +FILE="${srcdir}/data/pkcs7-eddsa-sig.p7s" +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-certificate "${CERT}" --infile "${FILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct verification failed" + exit ${rc} +fi + +# Test signing +FILE="signing" +${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} +fi + +FILE="signing-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} +fi + +#check extraction of embedded data in signature +FILE="signing-verify-data" +${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${CERT}" --outfile "${OUTFILE2}" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification with data" + exit ${rc} +fi + +cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt" +rc=$? +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 data detaching failed" + exit ${rc} +fi + +FILE="signing-time" +${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}" +grep '1.2.840.113549.1.9.3: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1 +if test $? != 0;then + echo "Content-Type was not set in attributes" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1 +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed. No time was found." + exit ${rc} +fi + +FILE="signing-time-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed verification" + exit ${rc} +fi + +rm -f "${OUTFILE}" +rm -f "${OUTFILE2}" + +exit 0 diff --git a/tests/certs/cert-ed25519.pem b/tests/certs/cert-ed25519.pem new file mode 100644 index 0000000000..8d6283df15 --- /dev/null +++ b/tests/certs/cert-ed25519.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwTCCAWagAwIBAgIIWTZasQWGNVEwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMC +QkUxDzANBgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRl +IGF1dGhvcml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2Vy +dGlmaWNhdGUgYXV0aG9yaXR5MCAXDTE3MDYwNjA3MzMwNVoYDzk5OTkxMjMxMjM1 +OTU5WjAZMRcwFQYDVQQDEw5FZDI1NTE5IHNpZ25lcjAqMAUGAytlcAMhAPMF++lz +LIzfyCX0v0B7LIabZWZ/dePW9HexIbW3tYmHo2EwXzAMBgNVHRMBAf8EAjAAMA8G +A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFONSSnOdGLzpv3xNcci8ZiKKqzyqMB8G +A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0kAMEYC +IQDHGfSgM44DVZfrP5CF8LSNlFN55ti3Z69YJ0SK8Fy9eQIhAN2UKeX3l8A9Ckcm +7barRoh+qx7ZVYpe+5w3JYuxy16w +-----END CERTIFICATE----- diff --git a/tests/certs/ed25519.pem b/tests/certs/ed25519.pem new file mode 100644 index 0000000000..7fedbd79bd --- /dev/null +++ b/tests/certs/ed25519.pem @@ -0,0 +1,25 @@ +Public Key Info: + Public Key Algorithm: EdDSA (Ed25519) + Key Security Level: High (256 bits) + +curve: Ed25519 +private key: + e5:c3:25:73:94:e8:9e:97:75:7c:78:59:f7:32:3c:82 + cf:60:90:c7:e5:b4:5f:9b:d7:a6:f8:36:0c:92:59:70 + + +x: + f3:05:fb:e9:73:2c:8c:df:c8:25:f4:bf:40:7b:2c:86 + 9b:65:66:7f:75:e3:d6:f4:77:b1:21:b5:b7:b5:89:87 + + + +Public Key PIN: + pin-sha256:7DW50qkZrEKqSrB29HkLvRoiuQAtHaaLAZKLE9s/VZ4= +Public Key ID: + sha256:ec35b9d2a919ac42aa4ab076f4790bbd1a22b9002d1da68b01928b13db3f559e + sha1:e3524a739d18bce9bf7c4d71c8bc66228aab3caa + +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIOXDJXOU6J6XdXx4WfcyPILPYJDH5bRfm9em+DYMkllw +-----END PRIVATE KEY----- |