Add a regress test that covers libtls keypairs.

author: jsing <> 2018-02-08 10:06:52 +0000
committer: jsing <> 2018-02-08 10:06:52 +0000
commit: c7ad994cfcd0b5397342480b627e9e39807037f4 (patch)
tree: 295da15c72846bee9bb67e6f70c9fc2d980f71a7 /src
parent: 986ed8464a25cca0a54fb831bad82ff52c63cb81 (diff)
download: openbsd-c7ad994cfcd0b5397342480b627e9e39807037f4.tar.gz
openbsd-c7ad994cfcd0b5397342480b627e9e39807037f4.tar.bz2
openbsd-c7ad994cfcd0b5397342480b627e9e39807037f4.zip
3 files changed, 248 insertions, 1 deletions
diff --git a/src/regress/lib/libtls/Makefile b/src/regress/lib/libtls/Makefile
index 0e8be3791b..f522605a90 100644
--- a/src/regress/lib/libtls/Makefile
+++ b/src/regress/lib/libtls/Makefile
@@ -1,7 +1,8 @@
-#       $OpenBSD: Makefile,v 1.4 2017/12/09 16:43:09 jsing Exp $
+#       $OpenBSD: Makefile,v 1.5 2018/02/08 10:06:52 jsing Exp $
 SUBDIR= \
        config \
+        keypair \
        gotls \
        tls \
        verify
diff --git a/src/regress/lib/libtls/keypair/Makefile b/src/regress/lib/libtls/keypair/Makefile
new file mode 100644
index 0000000000..d06109a26b
--- /dev/null
+++ b/src/regress/lib/libtls/keypair/Makefile
@@ -0,0 +1,20 @@
+#       $OpenBSD: Makefile,v 1.1 2018/02/08 10:06:52 jsing Exp $
+PROG=   keypairtest
+LDADD=  -lcrypto -lssl ${TLS_INT}
+DPADD=  ${LIBCRYPTO} ${LIBSSL} ${LIBTLS}
+WARNINGS=       Yes
+CFLAGS+=        -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
+CFLAGS+=        -I${.CURDIR}/../../../../lib/libtls
+REGRESS_TARGETS= \
+        regress-keypairtest
+regress-keypairtest: ${PROG}
+        ./keypairtest \
+            ${.CURDIR}/../../libssl/certs/ca.pem \
+            ${.CURDIR}/../../libssl/certs/server.pem \
+            ${.CURDIR}/../../libssl/certs/server.pem
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libtls/keypair/keypairtest.c b/src/regress/lib/libtls/keypair/keypairtest.c
new file mode 100644
index 0000000000..147d088c15
--- /dev/null
+++ b/src/regress/lib/libtls/keypair/keypairtest.c
@@ -0,0 +1,226 @@
+/* $OpenBSD: keypairtest.c,v 1.1 2018/02/08 10:06:52 jsing Exp $ */
+/*
+ * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <sys/stat.h>
+#include <err.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <openssl/x509.h>
+#include <tls.h>
+#include <tls_internal.h>
+#define PUBKEY_HASH \
+    "SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5"
+char *cert_file, *key_file, *ocsp_staple_file;
+static void
+load_file(const char *filename, const uint8_t **data, size_t *data_len)
+{
+        struct stat sb;
+        uint8_t *buf;
+        size_t len;
+        ssize_t n;
+        int fd;
+        if ((fd = open(filename, O_RDONLY)) == -1)
+                err(1, "failed to open '%s'", filename);
+        if ((fstat(fd, &sb)) == -1)
+                err(1, "failed to stat '%s'", filename);
+        if (sb.st_size < 0)
+                err(1, "file size invalid for '%s'", filename);
+        len = (size_t)sb.st_size;
+        if ((buf = malloc(len)) == NULL)
+                err(1, "out of memory");
+        n = read(fd, buf, len);
+        if (n < 0 || (size_t)n != len)
+                err(1, "failed to read '%s'", filename);
+        close(fd);
+        *data = buf;
+        *data_len = len;
+}
+static int
+compare_mem(char *label, const uint8_t *data1, size_t data1_len,
+    const uint8_t *data2, size_t data2_len)
+{
+        if (data1_len != data2_len) {
+                fprintf(stderr, "FAIL: %s length mismatch (%zu != %zu)\n",
+                    label, data1_len, data2_len);
+                return -1;
+        }
+        if (data1 == data2) {
+                fprintf(stderr, "FAIL: %s comparing same memory (%p == %p)\n",
+                    label, data1, data2);
+                return -1;
+        }
+        if (memcmp(data1, data2, data1_len) != 0) {
+                fprintf(stderr, "FAIL: %s data mismatch\n", label);
+                return -1;
+        }
+        return 0;
+}
+static int
+do_keypair_tests(void)
+{
+        size_t cert_len, key_len, ocsp_staple_len;
+        const uint8_t *cert, *key, *ocsp_staple;
+        X509 *x509_cert = NULL;
+        struct tls_keypair *kp;
+        struct tls_error err;
+        char *hash = NULL;
+        int failed = 1;
+        load_file(cert_file, &cert, &cert_len);
+        load_file(key_file, &key, &key_len);
+        load_file(ocsp_staple_file, &ocsp_staple, &ocsp_staple_len);
+        if ((kp = tls_keypair_new()) == NULL) {
+                fprintf(stderr, "FAIL: failed to create keypair\n");
+                goto done;
+        }
+        if (tls_keypair_set_cert_file(kp, &err, cert_file) == -1) {
+                fprintf(stderr, "FAIL: failed to load cert file: %s\n",
+                    err.msg);
+                goto done;
+        }
+        if (tls_keypair_set_key_file(kp, &err, key_file) == -1) {
+                fprintf(stderr, "FAIL: failed to load key file: %s\n", err.msg);
+                goto done;
+        }
+        if (tls_keypair_set_ocsp_staple_file(kp, &err, ocsp_staple_file) == -1) {
+                fprintf(stderr, "FAIL: failed to load ocsp staple file: %s\n",
+                    err.msg);
+                goto done;
+        }
+        if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
+            kp->cert_len) == -1)
+                goto done;
+        if (compare_mem("key", key, key_len, kp->key_mem, kp->cert_len) == -1)
+                goto done;
+        if (compare_mem("ocsp staple", ocsp_staple, ocsp_staple_len,
+            kp->ocsp_staple, kp->ocsp_staple_len) == -1)
+                goto done;
+        tls_keypair_clear(kp);
+        if (kp->cert_mem != NULL || kp->cert_len != 0) {
+                fprintf(stderr, "FAIL: cert not cleared (mem %p, len %zu)",
+                    kp->cert_mem, kp->cert_len);
+                goto done;
+        }
+        if (kp->key_mem != NULL || kp->key_len != 0) {
+                fprintf(stderr, "FAIL: key not cleared (mem %p, len %zu)",
+                    kp->key_mem, kp->key_len);
+                goto done;
+        }
+        if (kp->ocsp_staple != NULL || kp->ocsp_staple_len != 0) {
+                fprintf(stderr, "FAIL: ocsp staple not cleared (mem %p, "
+                    "len %zu)", kp->ocsp_staple, kp->ocsp_staple_len);
+                goto done;
+        }
+        if (kp->pubkey_hash != NULL) {
+                fprintf(stderr, "FAIL: pubkey hash not cleared (mem %p)\n",
+                    kp->pubkey_hash);
+                goto done;
+        }
+        if (tls_keypair_set_cert_mem(kp, cert, cert_len) == -1) {
+                fprintf(stderr, "FAIL: failed to load cert: %s\n", err.msg);
+                goto done;
+        }
+        if (tls_keypair_set_key_mem(kp, key, key_len) == -1) {
+                fprintf(stderr, "FAIL: failed to load key: %s\n", err.msg);
+                goto done;
+        }
+        if (tls_keypair_set_ocsp_staple_mem(kp, ocsp_staple,
+            ocsp_staple_len) == -1) {
+                fprintf(stderr, "FAIL: failed to load ocsp staple: %s\n", err.msg);
+                goto done;
+        }
+        if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
+            kp->cert_len) == -1)
+                goto done;
+        if (compare_mem("key", key, key_len, kp->key_mem, kp->cert_len) == -1)
+                goto done;
+        if (compare_mem("ocsp staple", ocsp_staple, ocsp_staple_len,
+            kp->ocsp_staple, kp->ocsp_staple_len) == -1)
+                goto done;
+        if (tls_keypair_pubkey_hash(kp, &hash) == -1) {
+                fprintf(stderr, "FAIL: failed to generate keypair hash\n");
+                goto done;
+        }
+        if (strcmp(hash, PUBKEY_HASH) != 0) {
+                fprintf(stderr, "FAIL: got pubkey hash '%s', want '%s'",
+                    hash, PUBKEY_HASH);
+                goto done;
+        }
+        if (tls_keypair_load_cert(kp, &err, &x509_cert) == -1) {
+                fprintf(stderr, "FAIL: failed to load X509 certificate: %s\n",
+                    err.msg);
+                goto done;
+        }
+        tls_keypair_clear(kp);
+        if (kp->key_mem != NULL || kp->key_len != 0) {
+                fprintf(stderr, "FAIL: key not cleared (mem %p, len %zu)",
+                    kp->key_mem, kp->key_len);
+                goto done;
+        }
+        tls_keypair_free(kp);
+        failed = 0;
+ done:
+        X509_free(x509_cert);
+        free(hash);
+        return (failed);
+}
+int
+main(int argc, char **argv)
+{
+        int failure = 0;
+        if (argc != 4) {
+                fprintf(stderr, "usage: %s ocspstaplefile certfile keyfile\n",
+                    argv[0]);
+                return (1);
+        }
+        ocsp_staple_file = argv[1];
+        cert_file = argv[2];
+        key_file = argv[3];
+        failure |= do_keypair_tests();
+        return (failure);
+}
author	jsing <>	2018-02-08 10:06:52 +0000
committer	jsing <>	2018-02-08 10:06:52 +0000
commit	c7ad994cfcd0b5397342480b627e9e39807037f4 (patch)
tree	295da15c72846bee9bb67e6f70c9fc2d980f71a7 /src
parent	986ed8464a25cca0a54fb831bad82ff52c63cb81 (diff)
download	openbsd-c7ad994cfcd0b5397342480b627e9e39807037f4.tar.gz openbsd-c7ad994cfcd0b5397342480b627e9e39807037f4.tar.bz2 openbsd-c7ad994cfcd0b5397342480b627e9e39807037f4.zip

diff --git a/src/regress/lib/libtls/Makefile b/src/regress/lib/libtls/Makefile index 0e8be3791b..f522605a90 100644 --- a/src/regress/lib/libtls/Makefile +++ b/src/regress/lib/libtls/Makefile
@@ -1,7 +1,8 @@
1	# $OpenBSD: Makefile,v 1.4 2017/12/09 16:43:09 jsing Exp $	1	# $OpenBSD: Makefile,v 1.5 2018/02/08 10:06:52 jsing Exp $
2		2
3	SUBDIR= \	3	SUBDIR= \
4	config \	4	config \
		5	keypair \
5	gotls \	6	gotls \
6	tls \	7	tls \
7	verify	8	verify


diff --git a/src/regress/lib/libtls/keypair/Makefile b/src/regress/lib/libtls/keypair/Makefile new file mode 100644 index 0000000000..d06109a26b --- /dev/null +++ b/src/regress/lib/libtls/keypair/Makefile
@@ -0,0 +1,20 @@
		1	# $OpenBSD: Makefile,v 1.1 2018/02/08 10:06:52 jsing Exp $
		2
		3	PROG= keypairtest
		4	LDADD= -lcrypto -lssl ${TLS_INT}
		5	DPADD= ${LIBCRYPTO} ${LIBSSL} ${LIBTLS}
		6
		7	WARNINGS= Yes
		8	CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
		9	CFLAGS+= -I${.CURDIR}/../../../../lib/libtls
		10
		11	REGRESS_TARGETS= \
		12	regress-keypairtest
		13
		14	regress-keypairtest: ${PROG}
		15	./keypairtest \
		16	${.CURDIR}/../../libssl/certs/ca.pem \
		17	${.CURDIR}/../../libssl/certs/server.pem \
		18	${.CURDIR}/../../libssl/certs/server.pem
		19
		20	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libtls/keypair/keypairtest.c b/src/regress/lib/libtls/keypair/keypairtest.c new file mode 100644 index 0000000000..147d088c15 --- /dev/null +++ b/src/regress/lib/libtls/keypair/keypairtest.c
@@ -0,0 +1,226 @@
		1	/* $OpenBSD: keypairtest.c,v 1.1 2018/02/08 10:06:52 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include <sys/stat.h>
		19
		20	#include <err.h>
		21	#include <fcntl.h>
		22	#include <stdio.h>
		23	#include <stdlib.h>
		24	#include <unistd.h>
		25
		26	#include <openssl/x509.h>
		27
		28	#include <tls.h>
		29	#include <tls_internal.h>
		30
		31	#define PUBKEY_HASH \
		32	"SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5"
		33
		34	char cert_file, key_file, *ocsp_staple_file;
		35
		36	static void
		37	load_file(const char filename, const uint8_t data, size_t data_len)
		38	{
		39	struct stat sb;
		40	uint8_t *buf;
		41	size_t len;
		42	ssize_t n;
		43	int fd;
		44
		45	if ((fd = open(filename, O_RDONLY)) == -1)
		46	err(1, "failed to open '%s'", filename);
		47	if ((fstat(fd, &sb)) == -1)
		48	err(1, "failed to stat '%s'", filename);
		49	if (sb.st_size < 0)
		50	err(1, "file size invalid for '%s'", filename);
		51	len = (size_t)sb.st_size;
		52	if ((buf = malloc(len)) == NULL)
		53	err(1, "out of memory");
		54	n = read(fd, buf, len);
		55	if (n < 0 \|\| (size_t)n != len)
		56	err(1, "failed to read '%s'", filename);
		57	close(fd);
		58
		59	*data = buf;
		60	*data_len = len;
		61	}
		62
		63	static int
		64	compare_mem(char label, const uint8_t data1, size_t data1_len,
		65	const uint8_t *data2, size_t data2_len)
		66	{
		67	if (data1_len != data2_len) {
		68	fprintf(stderr, "FAIL: %s length mismatch (%zu != %zu)\n",
		69	label, data1_len, data2_len);
		70	return -1;
		71	}
		72	if (data1 == data2) {
		73	fprintf(stderr, "FAIL: %s comparing same memory (%p == %p)\n",
		74	label, data1, data2);
		75	return -1;
		76	}
		77	if (memcmp(data1, data2, data1_len) != 0) {
		78	fprintf(stderr, "FAIL: %s data mismatch\n", label);
		79	return -1;
		80	}
		81	return 0;
		82	}
		83
		84	static int
		85	do_keypair_tests(void)
		86	{
		87	size_t cert_len, key_len, ocsp_staple_len;
		88	const uint8_t cert, key, *ocsp_staple;
		89	X509 *x509_cert = NULL;
		90	struct tls_keypair *kp;
		91	struct tls_error err;
		92	char *hash = NULL;
		93	int failed = 1;
		94
		95	load_file(cert_file, &cert, &cert_len);
		96	load_file(key_file, &key, &key_len);
		97	load_file(ocsp_staple_file, &ocsp_staple, &ocsp_staple_len);
		98
		99	if ((kp = tls_keypair_new()) == NULL) {
		100	fprintf(stderr, "FAIL: failed to create keypair\n");
		101	goto done;
		102	}
		103
		104	if (tls_keypair_set_cert_file(kp, &err, cert_file) == -1) {
		105	fprintf(stderr, "FAIL: failed to load cert file: %s\n",
		106	err.msg);
		107	goto done;
		108	}
		109	if (tls_keypair_set_key_file(kp, &err, key_file) == -1) {
		110	fprintf(stderr, "FAIL: failed to load key file: %s\n", err.msg);
		111	goto done;
		112	}
		113	if (tls_keypair_set_ocsp_staple_file(kp, &err, ocsp_staple_file) == -1) {
		114	fprintf(stderr, "FAIL: failed to load ocsp staple file: %s\n",
		115	err.msg);
		116	goto done;
		117	}
		118
		119	if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
		120	kp->cert_len) == -1)
		121	goto done;
		122	if (compare_mem("key", key, key_len, kp->key_mem, kp->cert_len) == -1)
		123	goto done;
		124	if (compare_mem("ocsp staple", ocsp_staple, ocsp_staple_len,
		125	kp->ocsp_staple, kp->ocsp_staple_len) == -1)
		126	goto done;
		127
		128	tls_keypair_clear(kp);
		129
		130	if (kp->cert_mem != NULL \|\| kp->cert_len != 0) {
		131	fprintf(stderr, "FAIL: cert not cleared (mem %p, len %zu)",
		132	kp->cert_mem, kp->cert_len);
		133	goto done;
		134	}
		135	if (kp->key_mem != NULL \|\| kp->key_len != 0) {
		136	fprintf(stderr, "FAIL: key not cleared (mem %p, len %zu)",
		137	kp->key_mem, kp->key_len);
		138	goto done;
		139	}
		140	if (kp->ocsp_staple != NULL \|\| kp->ocsp_staple_len != 0) {
		141	fprintf(stderr, "FAIL: ocsp staple not cleared (mem %p, "
		142	"len %zu)", kp->ocsp_staple, kp->ocsp_staple_len);
		143	goto done;
		144	}
		145	if (kp->pubkey_hash != NULL) {
		146	fprintf(stderr, "FAIL: pubkey hash not cleared (mem %p)\n",
		147	kp->pubkey_hash);
		148	goto done;
		149	}
		150
		151	if (tls_keypair_set_cert_mem(kp, cert, cert_len) == -1) {
		152	fprintf(stderr, "FAIL: failed to load cert: %s\n", err.msg);
		153	goto done;
		154	}
		155	if (tls_keypair_set_key_mem(kp, key, key_len) == -1) {
		156	fprintf(stderr, "FAIL: failed to load key: %s\n", err.msg);
		157	goto done;
		158	}
		159	if (tls_keypair_set_ocsp_staple_mem(kp, ocsp_staple,
		160	ocsp_staple_len) == -1) {
		161	fprintf(stderr, "FAIL: failed to load ocsp staple: %s\n", err.msg);
		162	goto done;
		163	}
		164	if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
		165	kp->cert_len) == -1)
		166	goto done;
		167	if (compare_mem("key", key, key_len, kp->key_mem, kp->cert_len) == -1)
		168	goto done;
		169	if (compare_mem("ocsp staple", ocsp_staple, ocsp_staple_len,
		170	kp->ocsp_staple, kp->ocsp_staple_len) == -1)
		171	goto done;
		172
		173	if (tls_keypair_pubkey_hash(kp, &hash) == -1) {
		174	fprintf(stderr, "FAIL: failed to generate keypair hash\n");
		175	goto done;
		176	}
		177	if (strcmp(hash, PUBKEY_HASH) != 0) {
		178	fprintf(stderr, "FAIL: got pubkey hash '%s', want '%s'",
		179	hash, PUBKEY_HASH);
		180	goto done;
		181	}
		182
		183	if (tls_keypair_load_cert(kp, &err, &x509_cert) == -1) {
		184	fprintf(stderr, "FAIL: failed to load X509 certificate: %s\n",
		185	err.msg);
		186	goto done;
		187	}
		188
		189	tls_keypair_clear(kp);
		190
		191	if (kp->key_mem != NULL \|\| kp->key_len != 0) {
		192	fprintf(stderr, "FAIL: key not cleared (mem %p, len %zu)",
		193	kp->key_mem, kp->key_len);
		194	goto done;
		195	}
		196
		197	tls_keypair_free(kp);
		198
		199	failed = 0;
		200
		201	done:
		202	X509_free(x509_cert);
		203	free(hash);
		204
		205	return (failed);
		206	}
		207
		208	int
		209	main(int argc, char **argv)
		210	{
		211	int failure = 0;
		212
		213	if (argc != 4) {
		214	fprintf(stderr, "usage: %s ocspstaplefile certfile keyfile\n",
		215	argv[0]);
		216	return (1);
		217	}
		218
		219	ocsp_staple_file = argv[1];
		220	cert_file = argv[2];
		221	key_file = argv[3];
		222
		223	failure \|= do_keypair_tests();
		224
		225	return (failure);
		226	}