diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-02-15 10:52:55 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-02-15 10:52:55 +0100 |
commit | cc82a0942b1866830541e6b0d874a7c95d091525 (patch) | |
tree | 1899410849376f5fd36a6539c7eef5f1684946b9 /tests/cert-tests | |
parent | 2b6214dd440b50f4488741b186876e0e52d19c2f (diff) | |
download | gnutls-cc82a0942b1866830541e6b0d874a7c95d091525.tar.gz |
tests: added certification generation tests with SHA-3 tests
Diffstat (limited to 'tests/cert-tests')
-rw-r--r-- | tests/cert-tests/Makefile.am | 6 | ||||
-rwxr-xr-x | tests/cert-tests/sha3-test | 163 | ||||
-rw-r--r-- | tests/cert-tests/template-ecdsa-sha3-256.pem | 22 | ||||
-rw-r--r-- | tests/cert-tests/template-ecdsa-sha3-512.pem | 22 | ||||
-rw-r--r-- | tests/cert-tests/template-rsa-sha3-256.pem | 25 | ||||
-rw-r--r-- | tests/cert-tests/template-rsa-sha3-512.pem | 25 | ||||
-rw-r--r-- | tests/cert-tests/template-test-ecc.key | 40 |
7 files changed, 301 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 52ff212065..edcad1322d 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -37,7 +37,9 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \ provable3072.pem provable2048.pem provable-dsa2048.pem provable-dsa2048-fips.pem \ template-unique.tmpl template-unique.pem template-othername.tmpl template-othername.pem \ template-othername-xmpp.tmpl template-othername-xmpp.pem template-krb5name.tmpl \ - template-krb5name.pem template-krb5name-full.pem + template-krb5name.pem template-krb5name-full.pem template-test-ecc.key \ + template-rsa-sha3-256.pem template-rsa-sha3-512.pem template-ecdsa-sha3-256.pem \ + template-ecdsa-sha3-512.pem dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 privkey-import name-constraints certtool-long-cn crl provable-privkey @@ -51,7 +53,7 @@ dist_check_SCRIPTS += crq endif if !WINDOWS -dist_check_SCRIPTS += template-test pem-decoding othername-test krb5-test +dist_check_SCRIPTS += template-test pem-decoding othername-test krb5-test sha3-test endif if ENABLE_DANE diff --git a/tests/cert-tests/sha3-test b/tests/cert-tests/sha3-test new file mode 100755 index 0000000000..5a05ec64d4 --- /dev/null +++ b/tests/cert-tests/sha3-test @@ -0,0 +1,163 @@ +#!/bin/sh + +# Copyright (C) 2006-2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +DIFF="${DIFF:-diff}" +TMPFILE=sha3$$.tmp +export TZ="UTC" + +# Check for datefudge +TSTAMP=`datefudge "2006-09-23" date -u +%s || true` +if test "$TSTAMP" != "1158969600"; then + echo $TSTAMP + echo "You need datefudge to run this test" + exit 77 +fi + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +# Test SHA3 signatures + +rc=1 +counter=1 + +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-test.tmpl" \ + --outfile ${TMPFILE} --hash sha3-256 2>/dev/null + + ${DIFF} "${srcdir}/template-rsa-sha3-256.pem" ${TMPFILE} >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` +done + +# We're done. +if test "${rc}" != "0"; then + echo "Test 10 (RSA-SHA3-256) failed" + exit ${rc} +fi + +datefudge "2007-04-22" \ + "${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 10 (verification of RSA-SHA3-256) failed" + exit ${rc} +fi + + +rc=1 +counter=1 + +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test.key" \ + --template "${srcdir}/template-test.tmpl" \ + --outfile ${TMPFILE} --hash sha3-512 2>/dev/null + + ${DIFF} "${srcdir}/template-rsa-sha3-512.pem" ${TMPFILE} >/dev/null 2>&1 + rc=$? + test ${rc} != 0 && sleep 3 + counter=`expr $counter + 1` +done + +# We're done. +if test "${rc}" != "0"; then + echo "Test 11 (RSA-SHA3-512) failed" + exit ${rc} +fi + +datefudge "2007-04-22" \ + "${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 11 (verification of RSA-SHA3-512) failed" + exit ${rc} +fi + +# Test SHA3 signatures with ECDSA + +rc=1 +counter=1 + +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test-ecc.key" \ + --template "${srcdir}/template-test.tmpl" \ + --outfile ${TMPFILE} --hash sha3-256 2>/dev/null + rc=$? +done + +# We're done. +if test "${rc}" != "0"; then + echo "Test 12 (ECDSA-SHA3-256) failed" + exit ${rc} +fi + +datefudge "2007-04-22" \ + "${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 12 (verification of ECDSA-SHA3-256) failed" + exit ${rc} +fi + + +rc=1 +counter=1 + +while [ "${rc}" != "0" -a $counter -le 3 ]; do + datefudge "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/template-test-ecc.key" \ + --template "${srcdir}/template-test.tmpl" \ + --outfile ${TMPFILE} --hash sha3-512 2>/dev/null + + rc=$? +done + +# We're done. +if test "${rc}" != "0"; then + echo "Test 13 (ECDSA-SHA3-512) failed" + exit ${rc} +fi + +datefudge "2007-04-22" \ + "${CERTTOOL}" --load-ca-certificate ${TMPFILE} --verify --infile ${TMPFILE} >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 13 (verification of ECDSA-SHA3-256) failed" + exit ${rc} +fi + + +rm -f ${TMPFILE} + +exit 0 diff --git a/tests/cert-tests/template-ecdsa-sha3-256.pem b/tests/cert-tests/template-ecdsa-sha3-256.pem new file mode 100644 index 0000000000..38db2d90e4 --- /dev/null +++ b/tests/cert-tests/template-ecdsa-sha3-256.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnTCCA0GgAwIBAgIBBzALBglghkgBZQMEAwowgbgxFTATBgNVBAMTDENpbmR5 +IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVw +aW5nIGRlcHQuMRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTEL +MAkGA1UEBhMCR1IxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJ +KoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUy +NTAwMDAwMFowgbgxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixk +AQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRIwEAYDVQQKEwlL +b2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxDDAKBgNVBAwT +A0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUu +b3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYPDufYAQuQBOtjsBNeo39DXg +foTOHT4Cu+NLt2PPI2rOBwu2YUQexyvWuzdnQ7heyxsNRGSShyy3CJHPiecEQKOC +ATcwggEzMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3Jn +ghN3d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE +wKgBAYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYI +KwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUzFk9cY5EnUKnsrWG +xR8r46kzZegwbwYDVR0fBGgwZjBkoGKgYIYeaHR0cDovL3d3dy5nZXRjcmwuY3Js +L2dldGNybDEvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6 +Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwzLzALBglghkgBZQMEAwoDSQAwRgIhAMJF +N94xGnHyKSK9PBSrUIEqzbyy77OPCPIfqbNHZ2vsAiEAwf9XbjXLDAiYDgEyhDqG +IDNERycbQ88yACp/Sejyv7Q= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/template-ecdsa-sha3-512.pem b/tests/cert-tests/template-ecdsa-sha3-512.pem new file mode 100644 index 0000000000..4bd8de6961 --- /dev/null +++ b/tests/cert-tests/template-ecdsa-sha3-512.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnDCCA0GgAwIBAgIBBzALBglghkgBZQMEAwowgbgxFTATBgNVBAMTDENpbmR5 +IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVw +aW5nIGRlcHQuMRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTEL +MAkGA1UEBhMCR1IxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJ +KoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUy +NTAwMDAwMFowgbgxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixk +AQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRIwEAYDVQQKEwlL +b2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxDDAKBgNVBAwT +A0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUu +b3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYPDufYAQuQBOtjsBNeo39DXg +foTOHT4Cu+NLt2PPI2rOBwu2YUQexyvWuzdnQ7heyxsNRGSShyy3CJHPiecEQKOC +ATcwggEzMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3Jn +ghN3d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE +wKgBAYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYI +KwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUzFk9cY5EnUKnsrWG +xR8r46kzZegwbwYDVR0fBGgwZjBkoGKgYIYeaHR0cDovL3d3dy5nZXRjcmwuY3Js +L2dldGNybDEvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6 +Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwzLzALBglghkgBZQMEAwoDSAAwRQIgXRjA +xrvQ/HQxwxeCMqwT36NVdb3FEbv4QwuvKiL98q4CIQCsqvEhRlZZQL2Zl//7I4bQ +ptOXOX8DRwPFlQJvvvFr/w== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/template-rsa-sha3-256.pem b/tests/cert-tests/template-rsa-sha3-256.pem new file mode 100644 index 0000000000..35a083ac3c --- /dev/null +++ b/tests/cert-tests/template-rsa-sha3-256.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEITCCA4qgAwIBAgIBBzANBglghkgBZQMEAw4FADCBuDEVMBMGA1UEAxMMQ2lu +ZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xl +ZXBpbmcgZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtp +MQswCQYDVQQGEwJHUjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQBgNVBAoT +CUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMH +BAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMG8GA1UdHwRoMGYwZKBi +oGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwxL4YeaHR0cDovL3d3dy5n +ZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3Js +My8wDQYJYIZIAWUDBAMOBQADgYEApWQSGVKFbbUOZVsgXfx978CNxewsZGsNdrAU +X98wxysQGe8tQNvftPRB+NijWo5f49HjAfVhWxCr51f8pat+IPK8U7iRY3Uxxz+G +xRO0qfP0AyAQIYOvWkKi6RqvoVReh+69n2fSTgdhvKJrKITRlPL+kNbYlA2i3v2G +j1AK27Y= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/template-rsa-sha3-512.pem b/tests/cert-tests/template-rsa-sha3-512.pem new file mode 100644 index 0000000000..05a24766a0 --- /dev/null +++ b/tests/cert-tests/template-rsa-sha3-512.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEITCCA4qgAwIBAgIBBzANBglghkgBZQMEAxAFADCBuDEVMBMGA1UEAxMMQ2lu +ZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xl +ZXBpbmcgZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtp +MQswCQYDVQQGEwJHUjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xEjAQBgNVBAoT +CUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE3MIIBMzAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMH +BAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMG8GA1UdHwRoMGYwZKBi +oGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwxL4YeaHR0cDovL3d3dy5n +ZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3Js +My8wDQYJYIZIAWUDBAMQBQADgYEADQwUNzbut+lsgGPm1ELQ+yIzKKUDpiGyUmVY +4DHFKVHKAAM4p6eRY4CQhrGcQIAF/cv7BMlMtXwVPCMGmUiws3RpT5IR5PBU3ppM +CB7kDZ93BwHwXOoURU9wlYcUiRKmbN6rZ5YOUBYwYPZhyPcgnZPO8S7+2fbIo07i +TFELtZ0= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/template-test-ecc.key b/tests/cert-tests/template-test-ecc.key new file mode 100644 index 0000000000..a3cd7c7be8 --- /dev/null +++ b/tests/cert-tests/template-test-ecc.key @@ -0,0 +1,40 @@ +Public Key Info: + Public Key Algorithm: EC + Key Security Level: High (256 bits) + +curve: SECP256R1 +private key: + 00:88:80:ce:07:cb:70:5b:e7:83:f6:fe:dd:b5:2f:16 + 2d:c1:d3:1d:64:a6:3b:f9:56:92:5d:ad:a0:0a:db:23 + 9b: + +x: + 60:f0:ee:7d:80:10:b9:00:4e:b6:3b:01:35:ea:37:f4 + 35:e0:7e:84:ce:1d:3e:02:bb:e3:4b:b7:63:cf:23:6a + + +y: + 00:ce:07:0b:b6:61:44:1e:c7:2b:d6:bb:37:67:43:b8 + 5e:cb:1b:0d:44:64:92:87:2c:b7:08:91:cf:89:e7:04 + 40: + + +Public Key ID: CC:59:3D:71:8E:44:9D:42:A7:B2:B5:86:C5:1F:2B:E3:A9:33:65:E8 +Public key's random art: ++--[SECP256R1]----+ +| o=.o. | +| +.Bo | +| o O.o | +| o o * + o | +| S o.= o | +| .oo+ | +| . oo | +| E. | +| .o | ++-----------------+ + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQCIgM4Hy3Bb54P2/t21LxYtwdMdZKY7+VaSXa2gCtsjm6AKBggqhkjO +PQMBB6FEA0IABGDw7n2AELkATrY7ATXqN/Q14H6Ezh0+ArvjS7djzyNqzgcLtmFE +Hscr1rs3Z0O4XssbDURkkocstwiRz4nnBEA= +-----END EC PRIVATE KEY----- |