diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2020-03-20 12:37:16 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2020-03-20 12:37:16 +0000 |
| commit | 2bc4d444a309278a3aaea6eaeb05ce48ac99d3c1 (patch) | |
| tree | 39e02ae8c8e3f27768798735c0f087998021800c /tests | |
| parent | 90466c8542849843821e42bc6fe443b9dea3bf79 (diff) | |
| parent | 36fd86a5043cdd5bfaddd8da24c19226e5b9bef1 (diff) | |
| download | gnutls-2bc4d444a309278a3aaea6eaeb05ce48ac99d3c1.tar.gz | |
Merge branch 'eddsa-pkcs11' into 'master'
Add support for loading Ed25519 keys from PKCS#11 and using them
Closes #946
See merge request gnutls/gnutls!1200
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/pkcs11/pkcs11-ec-privkey-test.c | 42 | ||||
| -rw-r--r-- | tests/pkcs11/pkcs11-eddsa-privkey-test.c | 43 |
2 files changed, 85 insertions, 0 deletions
diff --git a/tests/pkcs11/pkcs11-ec-privkey-test.c b/tests/pkcs11/pkcs11-ec-privkey-test.c index c256e6b0d9..1b24c8150f 100644 --- a/tests/pkcs11/pkcs11-ec-privkey-test.c +++ b/tests/pkcs11/pkcs11-ec-privkey-test.c @@ -79,6 +79,8 @@ void doit(void) gnutls_privkey_t pkey; gnutls_pubkey_t pubkey; gnutls_pubkey_t pubkey2; + gnutls_pubkey_t pubkey3; + gnutls_pubkey_t pubkey4; unsigned i; bin = softhsm_bin(); @@ -180,8 +182,21 @@ void doit(void) exit(1); } + /* Write pubkey to the card too */ + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_x509(pubkey, crt, 0) == 0); + + ret = gnutls_pkcs11_copy_pubkey(SOFTHSM_URL, pubkey, "cert", NULL, + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, 0); + if (ret < 0) { + fail("gnutls_pkcs11_copy_pubkey: %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_crt_deinit(crt); gnutls_x509_privkey_deinit(key); + gnutls_pubkey_deinit(pubkey); gnutls_pkcs11_set_pin_function(NULL, NULL); assert(gnutls_privkey_init(&pkey) == 0); @@ -192,6 +207,31 @@ void doit(void) exit(1); } + /* Try to read the public key with public key URI */ + assert(gnutls_pubkey_init(&pubkey3) == 0); + + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey3, + SOFTHSM_URL + ";object=cert;object-type=public;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + + /* Try to read the public key with certificate URI */ + assert(gnutls_pubkey_init(&pubkey4) == 0); + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey4, + SOFTHSM_URL + ";object=cert;object-type=cert;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + assert(gnutls_pubkey_init(&pubkey) == 0); assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0); @@ -228,6 +268,8 @@ void doit(void) gnutls_free(s.data); } + gnutls_pubkey_deinit(pubkey4); + gnutls_pubkey_deinit(pubkey3); gnutls_pubkey_deinit(pubkey2); gnutls_pubkey_deinit(pubkey); gnutls_privkey_deinit(pkey); diff --git a/tests/pkcs11/pkcs11-eddsa-privkey-test.c b/tests/pkcs11/pkcs11-eddsa-privkey-test.c index 5bc653e029..44515da3f4 100644 --- a/tests/pkcs11/pkcs11-eddsa-privkey-test.c +++ b/tests/pkcs11/pkcs11-eddsa-privkey-test.c @@ -94,6 +94,8 @@ void doit(void) gnutls_privkey_t pkey; gnutls_pubkey_t pubkey; gnutls_pubkey_t pubkey2; + gnutls_pubkey_t pubkey3; + gnutls_pubkey_t pubkey4; unsigned i, sigalgo; bin = softhsm_bin(); @@ -188,8 +190,21 @@ void doit(void) gnutls_strerror(ret)); } + /* Write pubkey to the card too */ + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_x509(pubkey, crt, 0) == 0); + + ret = gnutls_pkcs11_copy_pubkey(SOFTHSM_URL, pubkey, "cert", NULL, + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, 0); + if (ret < 0) { + fail("gnutls_pkcs11_copy_pubkey: %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_crt_deinit(crt); gnutls_x509_privkey_deinit(key); + gnutls_pubkey_deinit(pubkey); gnutls_pkcs11_set_pin_function(NULL, NULL); assert(gnutls_privkey_init(&pkey) == 0); @@ -203,6 +218,31 @@ void doit(void) fail("error in gnutls_privkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); } + /* Try to read the public key with public key URI */ + assert(gnutls_pubkey_init(&pubkey3) == 0); + + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey3, + SOFTHSM_URL + ";object=cert;object-type=public;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + + /* Try to read the public key with certificate URI */ + assert(gnutls_pubkey_init(&pubkey4) == 0); + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey4, + SOFTHSM_URL + ";object=cert;object-type=cert;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + assert(gnutls_pubkey_init(&pubkey) == 0); assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0); @@ -241,6 +281,9 @@ void doit(void) gnutls_free(sig.data); } + /* TODO is there any sensible way to check the pubkeys are the same? */ + gnutls_pubkey_deinit(pubkey4); + gnutls_pubkey_deinit(pubkey3); gnutls_pubkey_deinit(pubkey2); gnutls_pubkey_deinit(pubkey); gnutls_privkey_deinit(pkey); |