From fa9d49e99e1cf28b8847901a6d9235d1b4d23e61 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 26 Aug 2016 14:23:13 +0200 Subject: tests: added tests for PKCS#12 decoding with UTF8 passwords --- tests/cert-tests/Makefile.am | 4 +- tests/cert-tests/data/key-utf8-1.p12 | Bin 0 -> 2819 bytes tests/cert-tests/data/key-utf8-2.p12 | Bin 0 -> 2819 bytes tests/cert-tests/pkcs12-utf8 | 80 +++++++++++++++++++++++++++++++++++ 4 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 tests/cert-tests/data/key-utf8-1.p12 create mode 100644 tests/cert-tests/data/key-utf8-2.p12 create mode 100755 tests/cert-tests/pkcs12-utf8 diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 968c3f7a27..76fb776a3b 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -58,11 +58,11 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/ca-secret.gpg data/srv-public.gpg data/srv-public-127.0.0.1-signed.gpg \ data/srv-public-localhost-signed.gpg data/selfsigs/alice-mallory-badsig18.pub \ data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \ - data/selfsigs/alice.pub + data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ - provable-dh userid sha2-test sha2-dsa-test + provable-dh userid sha2-test sha2-dsa-test pkcs12-utf8 if !ENABLE_FIPS140 dist_check_SCRIPTS += pkcs12 diff --git a/tests/cert-tests/data/key-utf8-1.p12 b/tests/cert-tests/data/key-utf8-1.p12 new file mode 100644 index 0000000000..d57d12c12e Binary files /dev/null and b/tests/cert-tests/data/key-utf8-1.p12 differ diff --git a/tests/cert-tests/data/key-utf8-2.p12 b/tests/cert-tests/data/key-utf8-2.p12 new file mode 100644 index 0000000000..40f2db6a74 Binary files /dev/null and b/tests/cert-tests/data/key-utf8-2.p12 differ diff --git a/tests/cert-tests/pkcs12-utf8 b/tests/cert-tests/pkcs12-utf8 new file mode 100755 index 0000000000..5c1049ed5c --- /dev/null +++ b/tests/cert-tests/pkcs12-utf8 @@ -0,0 +1,80 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +top_builddir="${top_builddir:-../..}" +CERTTOOL="${CERTTOOL:-${top_builddir}/src/certtool${EXEEXT}}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +DIFF="${DIFF:-diff}" +DEBUG="" + +TMPFILE=pkcs12-utf8.$$.tmp +TMPFILE_PEM=pkcs12-utf8.$$.tmp.pem + +echo "Testing decoding of known keys" +echo "==============================" + +ret=0 +for p12 in "key-utf8-1.p12 ένα-δύο" "key-utf8-2.p12 ένα_δύο_τρία_τέσσερα"; do + set -- ${p12} + file="$1" + passwd="$2" + if test "x$DEBUG" != "x"; then + ${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" + else + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" >/dev/null + fi + rc=$? + if test ${rc} != 0; then + echo "PKCS12 FATAL ${p12}" + exit 1 + fi +done + + +echo "" +echo "Testing encoding/decoding" +echo "=========================" + +${VALGRIND} "${CERTTOOL}" --pkcs-cipher=aes-256 --to-p12 --password "ένα δύο tria" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "ένα δύο tria" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding" + exit 1 +fi + +rm -f "$TMPFILE" "$TMPFILE_PEM" + +exit 0 -- cgit v1.2.1