Line data Source code
1 : /* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
2 : /* unit-test-pkix-parser.c: Test PKIX parser
3 :
4 : Copyright (C) 2007 Stefan Walter
5 :
6 : The Gnome Keyring Library is free software; you can redistribute it and/or
7 : modify it under the terms of the GNU Library General Public License as
8 : published by the Free Software Foundation; either version 2 of the
9 : License, or (at your option) any later version.
10 :
11 : The Gnome Keyring Library is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 : Library General Public License for more details.
15 :
16 : You should have received a copy of the GNU Library General Public
17 : License along with the Gnome Library; see the file COPYING.LIB. If not,
18 : <http://www.gnu.org/licenses/>.
19 :
20 : Author: Stef Walter <stef@memberwebs.com>
21 : */
22 :
23 : #include "config.h"
24 :
25 : #include "gkm/gkm-crypto.h"
26 : #include "gkm/gkm-data-asn1.h"
27 : #include "gkm/gkm-data-der.h"
28 : #include "gkm/gkm-sexp.h"
29 :
30 : #include "egg/egg-armor.h"
31 : #include "egg/egg-asn1x.h"
32 : #include "egg/egg-asn1-defs.h"
33 : #include "egg/egg-openssl.h"
34 : #include "egg/egg-secure-memory.h"
35 :
36 : #include <glib.h>
37 : #include <gcrypt.h>
38 :
39 : #include <stdlib.h>
40 : #include <stdio.h>
41 : #include <string.h>
42 :
43 1012 : EGG_SECURE_DEFINE_GLIB_GLOBALS ();
44 :
45 : typedef struct {
46 : GNode *certificate;
47 : gchar *certificate_data;
48 : gsize n_certificate_data;
49 : GNode *certificate2;
50 : gchar *certificate2_data;
51 : gsize n_certificate2_data;
52 : } Test;
53 :
54 : const gchar *rsapub = "(public-key (rsa" \
55 : " (n #00AE4B381CF43F7DC24CF90827325E2FB2EB57EDDE29562DF391C8942AA8E6423410E2D3FE26381F9DE0395E74BF2D17621AE46992C72CF895F6FA5FBE98054FBF#)" \
56 : " (e #010001#)))";
57 :
58 : const gchar *rsaprv = "(private-key (rsa" \
59 : " (n #00B78758D55EBFFAB61D07D0DC49B5309A6F1DA2AE51C275DFC2370959BB81AC0C39093B1C618E396161A0DECEB8768D0FFB14F197B96C3DA14190EE0F20D51315#)" \
60 : " (e #010001#)" \
61 : " (d #108BCAC5FDD35812981E6EC5957D98E2AB76E4064C47B861D27C2CC322C50792313C852B4164A035B42D261F1A09F9FFE8F477F9F78FF2EABBDA6BA875C671D7#)" \
62 : " (p #00C357F11B19A18C66573D25D1E466D9AB8BCDDCDFE0B2E80BD46712C4BEC18EB7#)" \
63 : " (q #00F0843B90A60EF7034CA4BE80414ED9497CABCC685143B388013FF989CBB0E093#)" \
64 : " (u #12F2555F52EB56329A991CF0404B51C68AC921AD370A797860F550415FF987BD#)))";
65 :
66 : const gchar *dsapub = "(public-key (dsa" \
67 : " (p #0090EC0B60735839C754EAF8F64BB03FC35398D69772BFAE540079DEA2D3A61FAFFB27630A038A01A3D0CD62A10745A574A27ECB462F4F0885B79C61BBE954A60A29668AD54BBA5C07A72FD8B1105249670B339DF2C59E64A47064EFCF0B7236C5C72CD55CEB32917430BEC9A003D4E484FBAA84D79571B38D6B5AC95BB73E3F7B#)" \
68 : " (q #00FA214A1385C21BFEBAADAB240A2430C607D56271#)" \
69 : " (g #2DE05751F5DAEE97F3D43C54595A3E94A080728F0C66C98AEBED5762F6AB155802D8359EAD1DE1EC36A459FBEEEA48E59B9E6A8CB4F5295936B3CC881A5D957C7339175E2CFFE0F30D3711E430DB6648C2EB474AA10A4A3297450531FF2C7C6951220C9D446B6B6B0F00262E1EBEB3CC861476AA518CC555C9ABF9E5F39023FC#)" \
70 : " (y #54734451DB79D4EEDF0BBCEBD43BB6CBB7B8584603B957080075DD318EB5B0266D4B20DC5EFF376BDFC4EA2983B1F7F02A39ED4C619ED68712729FFF3B7C696ADD1B6D748F56A4B4BEC5C4385E528423A3B88AE65E6D5500F97839E7A486255982189C3B4FA8D94338C76F0E5CAFC9A30A1ED728BB9F2091D594E3250A09EA00#)))";
71 :
72 : const gchar *dsaprv = "(private-key (dsa" \
73 : " (p #0090EC0B60735839C754EAF8F64BB03FC35398D69772BFAE540079DEA2D3A61FAFFB27630A038A01A3D0CD62A10745A574A27ECB462F4F0885B79C61BBE954A60A29668AD54BBA5C07A72FD8B1105249670B339DF2C59E64A47064EFCF0B7236C5C72CD55CEB32917430BEC9A003D4E484FBAA84D79571B38D6B5AC95BB73E3F7B#)" \
74 : " (q #00FA214A1385C21BFEBAADAB240A2430C607D56271#)" \
75 : " (g #2DE05751F5DAEE97F3D43C54595A3E94A080728F0C66C98AEBED5762F6AB155802D8359EAD1DE1EC36A459FBEEEA48E59B9E6A8CB4F5295936B3CC881A5D957C7339175E2CFFE0F30D3711E430DB6648C2EB474AA10A4A3297450531FF2C7C6951220C9D446B6B6B0F00262E1EBEB3CC861476AA518CC555C9ABF9E5F39023FC#)" \
76 : " (y #54734451DB79D4EEDF0BBCEBD43BB6CBB7B8584603B957080075DD318EB5B0266D4B20DC5EFF376BDFC4EA2983B1F7F02A39ED4C619ED68712729FFF3B7C696ADD1B6D748F56A4B4BEC5C4385E528423A3B88AE65E6D5500F97839E7A486255982189C3B4FA8D94338C76F0E5CAFC9A30A1ED728BB9F2091D594E3250A09EA00#)" \
77 : " (x #00876F84F709D51108DFB0CBFA1F1C569C09C413EC#)))";
78 :
79 : const gchar *ecdsaprv_256 = "(private-key (ecdsa" \
80 : " (curve \"NIST P-256\")" \
81 : " (q #04A8EB59A5B601D839AC2373C3197440AD2DD72DFE0684E42BE15C5724722FECBF0EC3675695CEFD9D1D864A74B642C5C64559013803C7E5975FBD52EB235CCB9C#)" \
82 : " (d #C616A320E3839BC6946E432E8E849A7CD72B83867E703ED86ACBF69DF17EFBBE#)))";
83 :
84 : const gchar *ecdsapub_256 = "(public-key (ecdsa" \
85 : " (curve \"NIST P-256\")" \
86 : " (q #04A8EB59A5B601D839AC2373C3197440AD2DD72DFE0684E42BE15C5724722FECBF0EC3675695CEFD9D1D864A74B642C5C64559013803C7E5975FBD52EB235CCB9C#)))";
87 :
88 : const gchar *ecdsaprv_384 = "(private-key (ecdsa" \
89 : " (curve \"NIST P-384\")" \
90 : " (q #04686B8127CAEEF00BA418AF03EB3A48539637E67A7FE9176C7B2DFF92942A405F9C3AF4A01771B34F8839DC5E972479C7D0BAC7FF280F4A00C1505DAFDE4265E4C993A38625A414A4F3E139250C5D9E841844F37AE264597E24095A40E70591AD#)" \
91 : " (d #4071072A7E023539CF6591CBAF0FBB505159A3236C35135DB610EEE8969179EB46A5BC093DFE186E7936690209771D1B#)))";
92 :
93 : const gchar *ecdsaprv_521 = "(private-key (ecdsa" \
94 : " (curve \"NIST P-521\")" \
95 : " (q #04012E0837D1EA2ED34C8F7D3DE5FCE5C6C887368EDE1A3FB3D40874021EBADE726EB4D44E00DEA68DC0F8FC472E0030231320B6407AD0755213E34BE3B7B02945923800103F5E970568E9247B5366BB32DE17BE694C39EF6F2D0A3238FD33EA17A00D751C34163023ED0D1242F4D097D0AA056EBC6DE1137015CAF72F18B4EFA91E756660#)" \
96 : " (d #012CB68FE0D0DEEBFA4EEBD6C2F3147329C44A67F1C579B4A797A2187AB481BF5B974AE23084AE6CEB184551F79C502AC899961A0F0168781F296B90FAEAC8AA5ACC#)))";
97 :
98 : static gboolean
99 14 : compare_keys (gcry_sexp_t key, gcry_sexp_t sexp)
100 : {
101 : guchar hash1[20], hash2[20];
102 : guchar *p;
103 :
104 : /* Now compare them */
105 14 : p = gcry_pk_get_keygrip (key, hash1);
106 14 : g_assert ("couldn't get key id for private key" && p == hash1);
107 14 : p = gcry_pk_get_keygrip (sexp, hash2);
108 14 : g_assert ("couldn't get key id for parsed private key" && p == hash2);
109 :
110 14 : return memcmp (hash1, hash2, 20) == 0;
111 : }
112 :
113 : static void
114 3 : test_der_public (gcry_sexp_t key)
115 : {
116 : GBytes *data;
117 : GkmDataResult ret;
118 : gcry_sexp_t sexp;
119 :
120 : /* Encode it */
121 3 : data = gkm_data_der_write_public_key (key);
122 3 : g_assert ("couldn't encode public key" && data != NULL);
123 3 : g_assert ("encoding is empty" && g_bytes_get_size (data) > 0);
124 :
125 : /* Now parse it */
126 3 : ret = gkm_data_der_read_public_key (data, &sexp);
127 3 : g_assert ("couldn't decode public key" && ret == GKM_DATA_SUCCESS);
128 3 : g_assert ("parsed key is empty" && sexp != NULL);
129 :
130 : /* Now compare them */
131 3 : g_assert ("key parsed differently" && compare_keys (key, sexp));
132 :
133 3 : gcry_sexp_release (sexp);
134 3 : g_bytes_unref (data);
135 3 : }
136 :
137 : static void
138 18 : setup (Test *test, gconstpointer unused)
139 : {
140 : GBytes *data;
141 :
142 18 : if (!g_file_get_contents (SRCDIR "/pkcs11/gkm/fixtures/test-certificate-1.der", &test->certificate_data, &test->n_certificate_data, NULL))
143 0 : g_assert_not_reached ();
144 :
145 18 : data = g_bytes_new (test->certificate_data, test->n_certificate_data);
146 18 : test->certificate = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", data);
147 18 : g_assert (test->certificate != NULL);
148 18 : g_bytes_unref (data);
149 :
150 18 : if (!g_file_get_contents (SRCDIR "/pkcs11/gkm/fixtures/test-certificate-2.der", &test->certificate2_data, &test->n_certificate2_data, NULL))
151 0 : g_assert_not_reached ();
152 18 : data = g_bytes_new (test->certificate2_data, test->n_certificate2_data);
153 18 : test->certificate2 = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", data);
154 18 : g_assert (test->certificate2 != NULL);
155 18 : g_bytes_unref (data);
156 18 : }
157 :
158 : static void
159 18 : teardown (Test *test, gconstpointer unused)
160 : {
161 18 : egg_asn1x_destroy (test->certificate);
162 18 : g_free (test->certificate_data);
163 18 : egg_asn1x_destroy (test->certificate2);
164 18 : g_free (test->certificate2_data);
165 18 : }
166 :
167 : static void
168 1 : test_der_rsa_public (Test *test, gconstpointer unused)
169 : {
170 : gcry_sexp_t key;
171 : gcry_error_t gcry;
172 :
173 1 : gcry = gcry_sexp_sscan (&key, NULL, rsapub, strlen (rsapub));
174 1 : g_return_if_fail (gcry == 0);
175 :
176 1 : test_der_public (key);
177 :
178 1 : gcry_sexp_release (key);
179 : }
180 :
181 : static void
182 1 : test_der_dsa_public (Test *test, gconstpointer unused)
183 : {
184 : gcry_sexp_t key;
185 : gcry_error_t gcry;
186 :
187 1 : gcry = gcry_sexp_sscan (&key, NULL, dsapub, strlen (dsapub));
188 1 : g_return_if_fail (gcry == 0);
189 :
190 1 : test_der_public (key);
191 :
192 1 : gcry_sexp_release (key);
193 : }
194 :
195 : static void
196 1 : test_der_ecdsa_public (Test *test, gconstpointer unused)
197 : {
198 : gcry_sexp_t key;
199 : gcry_error_t gcry;
200 :
201 1 : gcry = gcry_sexp_sscan (&key, NULL, ecdsapub_256, strlen (ecdsapub_256));
202 1 : g_return_if_fail (gcry == 0);
203 :
204 1 : test_der_public (key);
205 :
206 1 : gcry_sexp_release (key);
207 : }
208 :
209 : static void
210 3 : test_der_private (gcry_sexp_t key)
211 : {
212 : GBytes *data;
213 : GkmDataResult ret;
214 : gcry_sexp_t sexp;
215 :
216 : /* Encode it */
217 3 : data = gkm_data_der_write_private_key (key);
218 3 : g_assert ("couldn't encode private key" && data != NULL);
219 3 : g_assert ("encoding is empty" && g_bytes_get_size (data) > 0);
220 :
221 : /* Now parse it */
222 3 : ret = gkm_data_der_read_private_key (data, &sexp);
223 3 : g_assert ("couldn't decode private key" && ret == GKM_DATA_SUCCESS);
224 3 : g_assert ("parsed key is empty" && sexp != NULL);
225 :
226 : /* Now compare them */
227 3 : g_assert ("key parsed differently" && compare_keys (key, sexp));
228 :
229 3 : gcry_sexp_release (sexp);
230 3 : g_bytes_unref (data);
231 3 : }
232 :
233 : static void
234 1 : test_der_rsa_private (Test *test, gconstpointer unused)
235 : {
236 : gcry_sexp_t key;
237 : gcry_error_t gcry;
238 :
239 1 : gcry = gcry_sexp_sscan (&key, NULL, rsaprv, strlen (rsaprv));
240 1 : g_return_if_fail (gcry == 0);
241 :
242 1 : test_der_private (key);
243 :
244 1 : gcry_sexp_release (key);
245 : }
246 :
247 : static void
248 1 : test_der_dsa_private (Test *test, gconstpointer unused)
249 : {
250 : gcry_sexp_t key;
251 : gcry_error_t gcry;
252 :
253 1 : gcry = gcry_sexp_sscan (&key, NULL, dsaprv, strlen (dsaprv));
254 1 : g_return_if_fail (gcry == 0);
255 :
256 1 : test_der_private (key);
257 :
258 1 : gcry_sexp_release (key);
259 : }
260 :
261 : static void
262 1 : test_der_dsa_private_parts (Test *test, gconstpointer unused)
263 : {
264 : GBytes *params, *key;
265 : gcry_sexp_t skey, pkey;
266 : gcry_error_t gcry;
267 : GkmDataResult result;
268 :
269 1 : gcry = gcry_sexp_sscan (&skey, NULL, dsaprv, strlen (dsaprv));
270 1 : g_return_if_fail (gcry == 0);
271 :
272 : /* Encode the the dsa key by parts */
273 1 : params = gkm_data_der_write_private_key_dsa_params (skey);
274 1 : g_assert ("didn't encode dsa params" && params != NULL);
275 1 : key = gkm_data_der_write_private_key_dsa_part (skey);
276 1 : g_assert ("didn't encode dsa key" && key != NULL);
277 :
278 : /* Parse the dsa key by parts */
279 1 : result = gkm_data_der_read_private_key_dsa_parts (key, params, &pkey);
280 1 : g_assert ("couldn't parse dsa parts" && result == GKM_DATA_SUCCESS);
281 1 : g_assert ("parsing dsa parts resulted in null key" && pkey != NULL);
282 :
283 : /* Now compare them */
284 1 : g_assert ("key parsed differently" && compare_keys (skey, pkey));
285 :
286 1 : gcry_sexp_release (skey);
287 1 : g_bytes_unref (params);
288 1 : g_bytes_unref (key);
289 : }
290 :
291 : static void
292 1 : test_der_ecdsa_private (Test *test, gconstpointer unused)
293 : {
294 : gcry_sexp_t key;
295 : gcry_error_t gcry;
296 :
297 1 : gcry = gcry_sexp_sscan (&key, NULL, ecdsaprv_256, strlen (ecdsaprv_256));
298 1 : g_return_if_fail (gcry == 0);
299 :
300 1 : test_der_private (key);
301 :
302 1 : gcry_sexp_release (key);
303 : }
304 :
305 : const gchar *certpub = "(public-key (rsa " \
306 : "(n #00C966D9F80744CFB98C2EF0A1EF13456C05DFDE2716513641116C6C3BEDFE107D129EE59B429AFE6031C366B7733A48AE4ED032379488B50DB6D9F3F244D9D58812DD764DF21AFC6F231E7AF1D898454E0710EF1642D043756D4ADEE2AAC931FF1F00707C66CF102508BAFAEE00E94603662711153BAA5BF298DD3642B2DA8875#) " \
307 : "(e #010001#) ) )";
308 :
309 : static void
310 1 : test_read_public_key_info (Test *test, gconstpointer unused)
311 : {
312 : GBytes *data;
313 : guchar hash[20];
314 : GkmDataResult res;
315 : gcry_sexp_t sexp, match;
316 : gcry_error_t gcry;
317 :
318 1 : data = egg_asn1x_get_element_raw (egg_asn1x_node (test->certificate, "tbsCertificate", "subjectPublicKeyInfo", NULL));
319 1 : g_assert (data != NULL);
320 :
321 1 : res = gkm_data_der_read_public_key_info (data, &sexp);
322 1 : g_assert (res == GKM_DATA_SUCCESS);
323 1 : g_assert (sexp != NULL);
324 :
325 1 : if (!gcry_pk_get_keygrip (sexp, hash))
326 0 : g_assert_not_reached ();
327 :
328 1 : gcry = gcry_sexp_sscan (&match, NULL, certpub, strlen (certpub));
329 1 : g_assert (gcry == 0);
330 :
331 1 : g_assert (compare_keys (sexp, match));
332 :
333 1 : gcry_sexp_release (sexp);
334 1 : gcry_sexp_release (match);
335 1 : g_bytes_unref (data);
336 1 : }
337 :
338 : static void
339 1 : test_read_certificate (Test *test, gconstpointer unused)
340 : {
341 1 : GNode *asn = NULL;
342 : GkmDataResult res;
343 : GBytes *data;
344 :
345 1 : data = g_bytes_new (test->certificate_data, test->n_certificate_data);
346 1 : res = gkm_data_der_read_certificate (data, &asn);
347 1 : g_assert (res == GKM_DATA_SUCCESS);
348 1 : g_assert (asn != NULL);
349 :
350 1 : g_bytes_unref (data);
351 1 : egg_asn1x_destroy (asn);
352 1 : }
353 :
354 : static void
355 1 : test_write_certificate (Test *test, gconstpointer unused)
356 : {
357 : GBytes *data;
358 :
359 1 : data = gkm_data_der_write_certificate (test->certificate);
360 1 : g_assert (g_bytes_get_size (data) == test->n_certificate_data);
361 1 : g_assert (memcmp (g_bytes_get_data (data, NULL), test->certificate_data, g_bytes_get_size (data)) == 0);
362 1 : g_bytes_unref (data);
363 1 : }
364 :
365 : static void
366 142 : on_ca_certificate_public_key_info (GQuark type,
367 : GBytes *data,
368 : GBytes *outer,
369 : GHashTable *headers,
370 : gpointer user_data)
371 : {
372 142 : GNode *asn1 = NULL;
373 : GkmDataResult res;
374 : GBytes *keydata;
375 : gcry_sexp_t sexp;
376 :
377 142 : g_assert (g_quark_try_string ("CERTIFICATE") == type);
378 :
379 : /* Parse the ASN1 data */
380 142 : res = gkm_data_der_read_certificate (data, &asn1);
381 142 : g_assert (res == GKM_DATA_SUCCESS);
382 :
383 : /* Generate a raw public key from our test->certificate */
384 142 : keydata = egg_asn1x_encode (egg_asn1x_node (asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL), NULL);
385 142 : g_assert (keydata != NULL);
386 :
387 : /* Now create us a nice public key with that identifier */
388 142 : res = gkm_data_der_read_public_key_info (keydata, &sexp);
389 142 : g_assert (res == GKM_DATA_SUCCESS || res == GKM_DATA_UNRECOGNIZED);
390 :
391 142 : if (res == GKM_DATA_SUCCESS)
392 141 : gcry_sexp_release (sexp);
393 :
394 142 : egg_asn1x_destroy (asn1);
395 142 : g_bytes_unref (keydata);
396 142 : }
397 :
398 : static void
399 1 : test_read_ca_certificates_public_key_info (Test *test, gconstpointer unused)
400 : {
401 : GBytes *bytes;
402 : gchar *data;
403 : gsize n_data;
404 :
405 1 : if (!g_file_get_contents (SRCDIR "/pkcs11/gkm/fixtures/ca-certificates.crt", &data, &n_data, NULL))
406 0 : g_assert_not_reached ();
407 :
408 1 : bytes = g_bytes_new_take (data, n_data);
409 1 : egg_armor_parse (bytes, on_ca_certificate_public_key_info, NULL);
410 1 : g_bytes_unref (bytes);
411 1 : }
412 :
413 : static GBytes *
414 2 : find_extension (GNode *asn,
415 : const gchar *oid)
416 : {
417 : GBytes *value;
418 2 : GNode *node = NULL;
419 : gchar *exoid;
420 : guint index;
421 :
422 2 : for (index = 1; TRUE; ++index) {
423 :
424 : /* Make sure it is present */
425 7 : node = egg_asn1x_node (asn, "tbsCertificate", "extensions", index, "extnID", NULL);
426 7 : if (node == NULL)
427 0 : return NULL;
428 :
429 7 : exoid = egg_asn1x_get_oid_as_string (node);
430 7 : g_assert (exoid);
431 :
432 7 : if (strcmp (exoid, oid) == 0) {
433 2 : g_free (exoid);
434 2 : node = egg_asn1x_node (asn, "tbsCertificate", "extensions", index, "extnValue", NULL);
435 2 : value = egg_asn1x_get_string_as_bytes (node);
436 2 : g_assert (value);
437 2 : return value;
438 : }
439 :
440 5 : g_free (exoid);
441 : }
442 :
443 : g_assert_not_reached ();
444 : }
445 :
446 : static void
447 1 : test_read_basic_constraints (Test *test, gconstpointer unused)
448 : {
449 : GBytes *extension;
450 : gboolean is_ca;
451 : gint path_len;
452 : GkmDataResult res;
453 :
454 1 : extension = egg_asn1x_get_string_as_bytes (egg_asn1x_node (test->certificate, "tbsCertificate", "extensions", 1, "extnValue", NULL));
455 1 : g_assert (extension != NULL);
456 :
457 1 : res = gkm_data_der_read_basic_constraints (extension, &is_ca, &path_len);
458 1 : g_assert (res == GKM_DATA_SUCCESS);
459 1 : g_assert (is_ca == TRUE);
460 1 : g_assert (path_len == -1);
461 :
462 1 : g_bytes_unref (extension);
463 1 : }
464 :
465 : static void
466 1 : test_read_key_usage (Test *test, gconstpointer unused)
467 : {
468 : GBytes *extension;
469 : gulong key_usage;
470 : GkmDataResult res;
471 :
472 1 : extension = find_extension (test->certificate2, "2.5.29.15");
473 1 : g_assert (extension);
474 :
475 1 : res = gkm_data_der_read_key_usage (extension, &key_usage);
476 1 : g_assert (res == GKM_DATA_SUCCESS);
477 1 : g_assert_cmpuint (key_usage, ==, 0x01);
478 :
479 1 : g_bytes_unref (extension);
480 1 : }
481 :
482 : static void
483 1 : test_read_enhanced_usage (Test *test, gconstpointer unused)
484 : {
485 : GBytes *extension;
486 : GQuark *usages;
487 : GkmDataResult res;
488 :
489 1 : extension = find_extension (test->certificate2, "2.5.29.37");
490 1 : g_assert (extension);
491 :
492 1 : res = gkm_data_der_read_enhanced_usage (extension, &usages);
493 1 : g_assert (res == GKM_DATA_SUCCESS);
494 :
495 1 : g_bytes_unref (extension);
496 1 : g_free (usages);
497 1 : }
498 :
499 : static void
500 1 : test_read_all_pkcs8 (Test *test, gconstpointer unused)
501 : {
502 : GBytes *bytes;
503 : gcry_sexp_t sexp;
504 : GkmDataResult res;
505 : GDir *dir;
506 : const gchar *name;
507 : gchar *data;
508 : gsize n_data;
509 : gchar *path;
510 :
511 1 : dir = g_dir_open (SRCDIR "/pkcs11/gkm/fixtures", 0, NULL);
512 1 : g_assert (dir);
513 :
514 : for(;;) {
515 15 : name = g_dir_read_name (dir);
516 15 : if (!name)
517 1 : break;
518 :
519 14 : if (!g_pattern_match_simple ("der-key-*", name))
520 5 : continue;
521 :
522 9 : path = g_build_filename (SRCDIR "/pkcs11/gkm/fixtures", name, NULL);
523 9 : if (!g_file_get_contents (path, &data, &n_data, NULL))
524 0 : g_assert_not_reached ();
525 9 : g_free (path);
526 :
527 9 : bytes = g_bytes_new_take (data, n_data);
528 9 : res = gkm_data_der_read_private_pkcs8 (bytes, "booo", 4, &sexp);
529 9 : g_assert (res == GKM_DATA_SUCCESS);
530 9 : g_bytes_unref (bytes);
531 :
532 9 : g_assert (gkm_sexp_parse_key (sexp, NULL, NULL, NULL));
533 9 : gcry_sexp_release (sexp);
534 : }
535 :
536 1 : g_dir_close (dir);
537 1 : }
538 :
539 : static void
540 1 : test_read_pkcs8_bad_password (Test *test, gconstpointer unused)
541 : {
542 : gcry_sexp_t sexp;
543 : GkmDataResult res;
544 : GBytes *bytes;
545 : gchar *data;
546 : gsize n_data;
547 :
548 1 : if (!g_file_get_contents (SRCDIR "/pkcs11/gkm/fixtures/der-key-encrypted-pkcs5.p8", &data, &n_data, NULL))
549 0 : g_assert_not_reached ();
550 :
551 1 : bytes = g_bytes_new_take (data, n_data);
552 1 : res = gkm_data_der_read_private_pkcs8 (bytes, "wrong password", 4, &sexp);
553 1 : g_assert (res == GKM_DATA_LOCKED);
554 :
555 1 : g_bytes_unref (bytes);
556 1 : }
557 :
558 : static void
559 1 : test_write_pkcs8_plain (Test *test, gconstpointer unused)
560 : {
561 : gcry_sexp_t sexp, check;
562 : gcry_error_t gcry;
563 : GkmDataResult res;
564 : GBytes *data;
565 :
566 : /* RSA */
567 :
568 1 : gcry = gcry_sexp_sscan (&sexp, NULL, rsaprv, strlen (rsaprv));
569 1 : g_return_if_fail (gcry == 0);
570 :
571 1 : data = gkm_data_der_write_private_pkcs8_plain (sexp);
572 1 : g_assert (data != NULL);
573 :
574 1 : res = gkm_data_der_read_private_pkcs8_plain (data, &check);
575 1 : g_bytes_unref (data);
576 1 : g_assert (res == GKM_DATA_SUCCESS);
577 1 : g_assert (check != NULL);
578 :
579 1 : g_assert (compare_keys (sexp, check));
580 1 : gcry_sexp_release (sexp);
581 1 : gcry_sexp_release (check);
582 :
583 :
584 : /* DSA */
585 :
586 1 : gcry = gcry_sexp_sscan (&sexp, NULL, dsaprv, strlen (dsaprv));
587 1 : g_return_if_fail (gcry == 0);
588 :
589 1 : data = gkm_data_der_write_private_pkcs8_plain (sexp);
590 1 : g_assert (data != NULL);
591 :
592 1 : res = gkm_data_der_read_private_pkcs8_plain (data, &check);
593 1 : g_bytes_unref (data);
594 1 : g_assert (res == GKM_DATA_SUCCESS);
595 1 : g_assert (check != NULL);
596 :
597 1 : g_assert (compare_keys (sexp, check));
598 1 : gcry_sexp_release (sexp);
599 1 : gcry_sexp_release (check);
600 :
601 :
602 : /* ECDSA */
603 :
604 1 : gcry = gcry_sexp_sscan (&sexp, NULL, ecdsaprv_384, strlen (ecdsaprv_384));
605 1 : g_return_if_fail (gcry == 0);
606 :
607 1 : data = gkm_data_der_write_private_pkcs8_plain (sexp);
608 1 : g_assert (data != NULL);
609 :
610 1 : res = gkm_data_der_read_private_pkcs8_plain (data, &check);
611 1 : g_bytes_unref (data);
612 1 : g_assert (res == GKM_DATA_SUCCESS);
613 1 : g_assert (check != NULL);
614 :
615 1 : g_assert (compare_keys (sexp, check));
616 1 : gcry_sexp_release (sexp);
617 1 : gcry_sexp_release (check);
618 : }
619 :
620 :
621 : static void
622 1 : test_write_pkcs8_encrypted (Test *test, gconstpointer unused)
623 : {
624 : gcry_sexp_t sexp, check;
625 : gcry_error_t gcry;
626 : GkmDataResult res;
627 : GBytes *data;
628 :
629 : /* RSA */
630 :
631 1 : gcry = gcry_sexp_sscan (&sexp, NULL, rsaprv, strlen (rsaprv));
632 1 : g_return_if_fail (gcry == 0);
633 :
634 1 : data = gkm_data_der_write_private_pkcs8_crypted (sexp, "testo", 5);
635 1 : g_assert (data != NULL);
636 :
637 1 : res = gkm_data_der_read_private_pkcs8_crypted (data, "testo", 5, &check);
638 1 : g_bytes_unref (data);
639 1 : g_assert (res == GKM_DATA_SUCCESS);
640 1 : g_assert (check != NULL);
641 :
642 1 : g_assert (compare_keys (sexp, check));
643 1 : gcry_sexp_release (sexp);
644 1 : gcry_sexp_release (check);
645 :
646 :
647 : /* DSA */
648 :
649 1 : gcry = gcry_sexp_sscan (&sexp, NULL, dsaprv, strlen (dsaprv));
650 1 : g_return_if_fail (gcry == 0);
651 :
652 1 : data = gkm_data_der_write_private_pkcs8_crypted (sexp, "testo", 5);
653 1 : g_assert (data != NULL);
654 :
655 1 : res = gkm_data_der_read_private_pkcs8_crypted (data, "testo", 5, &check);
656 1 : g_bytes_unref (data);
657 1 : g_assert (res == GKM_DATA_SUCCESS);
658 1 : g_assert (check != NULL);
659 :
660 1 : g_assert (compare_keys (sexp, check));
661 1 : gcry_sexp_release (sexp);
662 1 : gcry_sexp_release (check);
663 :
664 :
665 : /* ECDSA */
666 :
667 1 : gcry = gcry_sexp_sscan (&sexp, NULL, ecdsaprv_521, strlen (ecdsaprv_521));
668 1 : g_return_if_fail (gcry == 0);
669 :
670 1 : data = gkm_data_der_write_private_pkcs8_crypted (sexp, "testo", 5);
671 1 : g_assert (data != NULL);
672 :
673 1 : res = gkm_data_der_read_private_pkcs8_crypted (data, "testo", 5, &check);
674 1 : g_bytes_unref (data);
675 1 : g_assert (res == GKM_DATA_SUCCESS);
676 1 : g_assert (check != NULL);
677 :
678 1 : g_assert (compare_keys (sexp, check));
679 1 : gcry_sexp_release (sexp);
680 1 : gcry_sexp_release (check);
681 : }
682 :
683 : int
684 1 : main (int argc, char **argv)
685 : {
686 : #if !GLIB_CHECK_VERSION(2,35,0)
687 : g_type_init ();
688 : #endif
689 1 : g_test_init (&argc, &argv, NULL);
690 :
691 1 : g_test_add ("/gkm/data-der/der_rsa_public", Test, NULL, setup, test_der_rsa_public, teardown);
692 1 : g_test_add ("/gkm/data-der/der_dsa_public", Test, NULL, setup, test_der_dsa_public, teardown);
693 1 : g_test_add ("/gkm/data-der/der_ecdsa_public", Test, NULL, setup, test_der_ecdsa_public, teardown);
694 1 : g_test_add ("/gkm/data-der/der_rsa_private", Test, NULL, setup, test_der_rsa_private, teardown);
695 1 : g_test_add ("/gkm/data-der/der_dsa_private", Test, NULL, setup, test_der_dsa_private, teardown);
696 1 : g_test_add ("/gkm/data-der/der_dsa_private_parts", Test, NULL, setup, test_der_dsa_private_parts, teardown);
697 1 : g_test_add ("/gkm/data-der/der_ecdsa_private", Test, NULL, setup, test_der_ecdsa_private, teardown);
698 1 : g_test_add ("/gkm/data-der/read_public_key_info", Test, NULL, setup, test_read_public_key_info, teardown);
699 1 : g_test_add ("/gkm/data-der/read_certificate", Test, NULL, setup, test_read_certificate, teardown);
700 1 : g_test_add ("/gkm/data-der/write_certificate", Test, NULL, setup, test_write_certificate, teardown);
701 1 : g_test_add ("/gkm/data-der/read_ca_certificates_public_key_info", Test, NULL, setup, test_read_ca_certificates_public_key_info, teardown);
702 1 : g_test_add ("/gkm/data-der/read_basic_constraints", Test, NULL, setup, test_read_basic_constraints, teardown);
703 1 : g_test_add ("/gkm/data-der/read_key_usage", Test, NULL, setup, test_read_key_usage, teardown);
704 1 : g_test_add ("/gkm/data-der/read_enhanced_usage", Test, NULL, setup, test_read_enhanced_usage, teardown);
705 1 : g_test_add ("/gkm/data-der/read_all_pkcs8", Test, NULL, setup, test_read_all_pkcs8, teardown);
706 1 : g_test_add ("/gkm/data-der/read_pkcs8_bad_password", Test, NULL, setup, test_read_pkcs8_bad_password, teardown);
707 1 : g_test_add ("/gkm/data-der/write_pkcs8_plain", Test, NULL, setup, test_write_pkcs8_plain, teardown);
708 1 : g_test_add ("/gkm/data-der/write_pkcs8_encrypted", Test, NULL, setup, test_write_pkcs8_encrypted, teardown);
709 :
710 1 : return g_test_run ();
711 : }
|