tests: added certification generation tests with SHA-3 tests

7 files changed, 301 insertions, 2 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 52ff212065..edcad1322d 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -37,7 +37,9 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
 	provable3072.pem provable2048.pem provable-dsa2048.pem provable-dsa2048-fips.pem \
 	template-unique.tmpl template-unique.pem template-othername.tmpl template-othername.pem \
 	template-othername-xmpp.tmpl template-othername-xmpp.pem template-krb5name.tmpl \
-	template-krb5name.pem template-krb5name-full.pem
+	template-krb5name.pem template-krb5name-full.pem template-test-ecc.key \
+	template-rsa-sha3-256.pem template-rsa-sha3-512.pem template-ecdsa-sha3-256.pem \
+	template-ecdsa-sha3-512.pem
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 privkey-import name-constraints certtool-long-cn crl provable-privkey
@@ -51,7 +53,7 @@ dist_check_SCRIPTS += crq
 endif
 
 if !WINDOWS
-dist_check_SCRIPTS += template-test pem-decoding othername-test krb5-test
+dist_check_SCRIPTS += template-test pem-decoding othername-test krb5-test sha3-test
 endif
 
 if ENABLE_DANE
diff --git a/tests/cert-tests/sha3-test b/tests/cert-tests/sha3-test
new file mode 100755
index 0000000000..5a05ec64d4
--- /dev/null
+++ b/tests/cert-tests/sha3-test
@@ -0,0 +1,163 @@
+#!/bin/sh
+
+# Copyright (C) 2006-2012 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff}"
+TMPFILE=sha3$$.tmp
+export TZ="UTC"
+
+# Check for datefudge
+TSTAMP=`datefudge "2006-09-23" date -u +%s || true`
+if test "$TSTAMP" != "1158969600"; then
+	echo $TSTAMP
+	echo "You need datefudge to run this test"
+	exit 77
+fi
+
+# Note that in rare cases this test may fail because the
+# time set using datefudge could have changed since the generation
+# (if example the system was busy)
+
+# Test SHA3 signatures
+
+rc=1
+counter=1
+
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-test.tmpl" \
+		--outfile ${TMPFILE} --hash sha3-256 2>/dev/null
+
+	${DIFF} "${srcdir}/template-rsa-sha3-256.pem" ${TMPFILE} >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
+done
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 10 (RSA-SHA3-256) failed"
+	exit ${rc}
+fi
+
+datefudge "2007-04-22" \
+	"${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test 10 (verification of RSA-SHA3-256) failed"
+	exit ${rc}
+fi
+
+
+rc=1
+counter=1
+
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test.key" \
+		--template "${srcdir}/template-test.tmpl" \
+		--outfile ${TMPFILE} --hash sha3-512 2>/dev/null
+
+	${DIFF} "${srcdir}/template-rsa-sha3-512.pem" ${TMPFILE} >/dev/null 2>&1
+	rc=$?
+	test ${rc} != 0 && sleep 3
+	counter=`expr $counter + 1`
+done
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 11 (RSA-SHA3-512) failed"
+	exit ${rc}
+fi
+
+datefudge "2007-04-22" \
+	"${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test 11 (verification of RSA-SHA3-512) failed"
+	exit ${rc}
+fi
+
+# Test SHA3 signatures with ECDSA
+
+rc=1
+counter=1
+
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test-ecc.key" \
+		--template "${srcdir}/template-test.tmpl" \
+		--outfile ${TMPFILE} --hash sha3-256 2>/dev/null
+	rc=$?
+done
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 12 (ECDSA-SHA3-256) failed"
+	exit ${rc}
+fi
+
+datefudge "2007-04-22" \
+	"${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test 12 (verification of ECDSA-SHA3-256) failed"
+	exit ${rc}
+fi
+
+
+rc=1
+counter=1
+
+while [ "${rc}" != "0" -a $counter -le 3 ]; do
+	datefudge "2007-04-22" \
+	"${CERTTOOL}" --generate-self-signed \
+		--load-privkey "${srcdir}/template-test-ecc.key" \
+		--template "${srcdir}/template-test.tmpl" \
+		--outfile ${TMPFILE} --hash sha3-512 2>/dev/null
+
+	rc=$?
+done
+
+# We're done.
+if test "${rc}" != "0"; then
+	echo "Test 13 (ECDSA-SHA3-512) failed"
+	exit ${rc}
+fi
+
+datefudge "2007-04-22" \
+	"${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1
+rc=$?
+if test "${rc}" != "0"; then
+	echo "Test 13 (verification of ECDSA-SHA3-256) failed"
+	exit ${rc}
+fi
+
+
+rm -f ${TMPFILE}
+
+exit 0
diff --git a/tests/cert-tests/template-ecdsa-sha3-256.pem b/tests/cert-tests/template-ecdsa-sha3-256.pem
new file mode 100644
index 0000000000..38db2d90e4
--- /dev/null
+++ b/tests/cert-tests/template-ecdsa-sha3-256.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnTCCA0GgAwIBAgIBBzALBglghkgBZQMEAwowgbgxFTATBgNVBAMTDENpbmR5
+IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVw
+aW5nIGRlcHQuMRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTEL
+MAkGA1UEBhMCR1IxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJ
+KoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUy
+NTAwMDAwMFowgbgxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixk
+AQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRIwEAYDVQQKEwlL
+b2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxDDAKBgNVBAwT
+A0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUu
+b3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYPDufYAQuQBOtjsBNeo39DXg
+foTOHT4Cu+NLt2PPI2rOBwu2YUQexyvWuzdnQ7heyxsNRGSShyy3CJHPiecEQKOC
+ATcwggEzMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3Jn
+ghN3d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE
+wKgBAYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYI
+KwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUzFk9cY5EnUKnsrWG
+xR8r46kzZegwbwYDVR0fBGgwZjBkoGKgYIYeaHR0cDovL3d3dy5nZXRjcmwuY3Js
+L2dldGNybDEvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6
+Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwzLzALBglghkgBZQMEAwoDSQAwRgIhAMJF
+N94xGnHyKSK9PBSrUIEqzbyy77OPCPIfqbNHZ2vsAiEAwf9XbjXLDAiYDgEyhDqG
+IDNERycbQ88yACp/Sejyv7Q=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/template-ecdsa-sha3-512.pem b/tests/cert-tests/template-ecdsa-sha3-512.pem
new file mode 100644
index 0000000000..4bd8de6961
--- /dev/null
+++ b/tests/cert-tests/template-ecdsa-sha3-512.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnDCCA0GgAwIBAgIBBzALBglghkgBZQMEAwowgbgxFTATBgNVBAMTDENpbmR5
+IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVw
+aW5nIGRlcHQuMRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTEL
+MAkGA1UEBhMCR1IxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJ
+KoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUy
+NTAwMDAwMFowgbgxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixk
+AQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRIwEAYDVQQKEwlL
+b2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxDDAKBgNVBAwT
+A0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUu
+b3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYPDufYAQuQBOtjsBNeo39DXg
+foTOHT4Cu+NLt2PPI2rOBwu2YUQexyvWuzdnQ7heyxsNRGSShyy3CJHPiecEQKOC
+ATcwggEzMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3Jn
+ghN3d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE
+wKgBAYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYI
+KwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUzFk9cY5EnUKnsrWG
+xR8r46kzZegwbwYDVR0fBGgwZjBkoGKgYIYeaHR0cDovL3d3dy5nZXRjcmwuY3Js
+L2dldGNybDEvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6
+Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwzLzALBglghkgBZQMEAwoDSAAwRQIgXRjA
+xrvQ/HQxwxeCMqwT36NVdb3FEbv4QwuvKiL98q4CIQCsqvEhRlZZQL2Zl//7I4bQ
+ptOXOX8DRwPFlQJvvvFr/w==
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/template-rsa-sha3-256.pem b/tests/cert-tests/template-rsa-sha3-256.pem
new file mode 100644
index 0000000000..35a083ac3c
--- /dev/null
+++ b/tests/cert-tests/template-rsa-sha3-256.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBBzANBglghkgBZQMEAw4FADCBuDEVMBMGA1UEAxMMQ2lu
+ZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xl
+ZXBpbmcgZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtp
+MQswCQYDVQQGEwJHUjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQBgNVBAoT
+CUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMH
+BAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMG8GA1UdHwRoMGYwZKBi
+oGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwxL4YeaHR0cDovL3d3dy5n
+ZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3Js
+My8wDQYJYIZIAWUDBAMOBQADgYEApWQSGVKFbbUOZVsgXfx978CNxewsZGsNdrAU
+X98wxysQGe8tQNvftPRB+NijWo5f49HjAfVhWxCr51f8pat+IPK8U7iRY3Uxxz+G
+xRO0qfP0AyAQIYOvWkKi6RqvoVReh+69n2fSTgdhvKJrKITRlPL+kNbYlA2i3v2G
+j1AK27Y=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/template-rsa-sha3-512.pem b/tests/cert-tests/template-rsa-sha3-512.pem
new file mode 100644
index 0000000000..05a24766a0
--- /dev/null
+++ b/tests/cert-tests/template-rsa-sha3-512.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBBzANBglghkgBZQMEAxAFADCBuDEVMBMGA1UEAxMMQ2lu
+ZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xl
+ZXBpbmcgZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtp
+MQswCQYDVQQGEwJHUjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw
+NTI1MDAwMDAwWjCBuDEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy
+LGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQBgNVBAoT
+CUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEMMAoGA1UE
+DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED
+Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7
+QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW
+PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/
+MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX
+d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo
+ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMH
+BAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMG8GA1UdHwRoMGYwZKBi
+oGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwxL4YeaHR0cDovL3d3dy5n
+ZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3Js
+My8wDQYJYIZIAWUDBAMQBQADgYEADQwUNzbut+lsgGPm1ELQ+yIzKKUDpiGyUmVY
+4DHFKVHKAAM4p6eRY4CQhrGcQIAF/cv7BMlMtXwVPCMGmUiws3RpT5IR5PBU3ppM
+CB7kDZ93BwHwXOoURU9wlYcUiRKmbN6rZ5YOUBYwYPZhyPcgnZPO8S7+2fbIo07i
+TFELtZ0=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/template-test-ecc.key b/tests/cert-tests/template-test-ecc.key
new file mode 100644
index 0000000000..a3cd7c7be8
--- /dev/null
+++ b/tests/cert-tests/template-test-ecc.key
@@ -0,0 +1,40 @@
+Public Key Info:
+	Public Key Algorithm: EC
+	Key Security Level: High (256 bits)
+
+curve:	SECP256R1
+private key:
+	00:88:80:ce:07:cb:70:5b:e7:83:f6:fe:dd:b5:2f:16
+	2d:c1:d3:1d:64:a6:3b:f9:56:92:5d:ad:a0:0a:db:23
+	9b:
+
+x:
+	60:f0:ee:7d:80:10:b9:00:4e:b6:3b:01:35:ea:37:f4
+	35:e0:7e:84:ce:1d:3e:02:bb:e3:4b:b7:63:cf:23:6a
+	
+
+y:
+	00:ce:07:0b:b6:61:44:1e:c7:2b:d6:bb:37:67:43:b8
+	5e:cb:1b:0d:44:64:92:87:2c:b7:08:91:cf:89:e7:04
+	40:
+
+
+Public Key ID: CC:59:3D:71:8E:44:9D:42:A7:B2:B5:86:C5:1F:2B:E3:A9:33:65:E8
+Public key's random art:
++--[SECP256R1]----+
+|           o=.o. |
+|           +.Bo  |
+|          o O.o  |
+|       o o * + o |
+|        S o.= o  |
+|          .oo+   |
+|         . oo    |
+|          E.     |
+|          .o     |
++-----------------+
+
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEIQCIgM4Hy3Bb54P2/t21LxYtwdMdZKY7+VaSXa2gCtsjm6AKBggqhkjO
+PQMBB6FEA0IABGDw7n2AELkATrY7ATXqN/Q14H6Ezh0+ArvjS7djzyNqzgcLtmFE
+Hscr1rs3Z0O4XssbDURkkocstwiRz4nnBEA=
+-----END EC PRIVATE KEY-----