/* * * Embedded Linux library * * Copyright (C) 2015 Intel Corporation. All rights reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * */ #ifdef HAVE_CONFIG_H #include #endif #include #include struct pem_test { const char *input; bool valid; const char *label; size_t decoded_size; }; static const struct pem_test invalid_header1 = { .input = "-----BEGIN FOOBAR -----\r\n" "----END FOOBAR -----\r\n", .valid = false, }; static const struct pem_test invalid_header2 = { .input = "-----BEGIN CERT IFICATE-----\r\n" "-----END CERT IFICATE----\r\n", .valid = false, }; static const struct pem_test empty = { .input = "-----BEGIN CERTIFICATE-----\r\n" "-----END CERTIFICATE-----\r\n", .valid = false, }; static const struct pem_test empty_label = { .input = "-----BEGIN -----\r\n" "U28/PHA+\r\n" "-----END -----\r\n", .valid = true, .label = "", .decoded_size = 6, }; struct pem_from_data_test { const char *list; const char *ca; }; static const struct pem_from_data_test single_line_cert_chain = { /* Copied from cert-chain.pem */ .list = "-----BEGIN CERTIFICATE-----\n" "MIIEXDCCA0SgAwIBAgIJALjNE85c9plgMA0GCSqGSIb3DQEBCwUAMHgxNTAzBgNV\n" "BAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRpb25z\n" "MR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcNAQkB\n" "Fg9jYUBtYWlsLmV4YW1wbGUwHhcNMTkwOTE2MTcxMzAzWhcNNDcwMjAxMTcxMzAz\n" "WjB4MTUwMwYDVQQKDCxJbnRlcm5hdGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3Jn\n" "YW5pemF0aW9uczEfMB0GA1UEAwwWQ2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwG\n" "CSqGSIb3DQEJARYPY2FAbWFpbC5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" "AQ8AMIIBCgKCAQEA7Lft5O6BtUUokuueQ7mBQVzRzPeH0Nl3NjgGnfBYcz7O2Jca\n" "rFSBPsV76reUG4QFQudsdwyaLOpniFFSFaI3GRXMxjwZJJjLqvT0aebTiLUSKseA\n" "QkP/NSITmIljs2yclnPJGIApLuFvykPagx+yc9ckbziEz1PvKB/ukbiU/zt6QCru\n" "BbyCQ1kWBuyrS3RC0/UgmrSbL7YkkmuD2B1vyZLIoPsJijXs2GJQY3a+zpLemTth\n" "i/Vw4AURJS1gfEUDNzf9Y9+o7vWJfzk+g7xm1XpMTsNTd7q6UwHOi1xdiKCEPT+q\n" "c3LXi7qgWqSXeD+F513PM3JMJ3Wk1H8K4VwJwQIDAQABo4HoMIHlMAwGA1UdEwQF\n" "MAMBAf8wHQYDVR0OBBYEFMuhnjqw8YGMg0cyYlQppMncWis/MIG1BgNVHSMEga0w\n" "gaqAFJ75Zb78cte1aqkdBX4EuDcM140noXykejB4MTUwMwYDVQQKDCxJbnRlcm5h\n" "dGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3JnYW5pemF0aW9uczEfMB0GA1UEAwwW\n" "Q2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwGCSqGSIb3DQEJARYPY2FAbWFpbC5l\n" "eGFtcGxlghQog5dBcTIdmw4XD/6KEME0ZNCdZTANBgkqhkiG9w0BAQsFAAOCAQEA\n" "PjX5n/fgkskZmh9aRhX8r9985JtxMdgogJP4uwRbfuQPzAqYyu9QlAOcRl6tNGN7\n" "mztB5RfJ9HDyjS9iGXsvKXS8wT5ELbuATev+C1Ppxakd3gvJMN4ZqYn32JqRYigN\n" "L2V2jo9RzVUuFa3YP6sw0KfZAfHsfUmQCxAm8HAfQg98aYyIXu/OzeVUsAuhfqWN\n" "qvWcOLjTQTn6t10OHHdIYw59EpIEOPD3Opq7pLgIm+EV3eVMWthSLYbEhIavh8Pc\n" "xN9lqCg887kTawbXbXd49Z8jYZxjxQl7IoonvIyrPhhabKjKCpE2bRFzzpia0PkC\n" "fRgh+KB2tqIeAoekDllmbA==\n" "-----END CERTIFICATE-----\n" "-----BEGIN CERTIFICATE-----\n" "MIIEajCCA1KgAwIBAgIUKIOXQXEyHZsOFw/+ihDBNGTQnWUwDQYJKoZIhvcNAQEL\n" "BQAweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFtcGxlIE9y\n" "Z2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBndXkxHjAc\n" "BgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZTAeFw0xOTA5MTYxNzEyNThaFw00\n" "NzAyMDExNzEyNThaMHgxNTAzBgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2Yg\n" "RXhhbXBsZSBPcmdhbml6YXRpb25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1\n" "ZXIgZ3V5MR4wHAYJKoZIhvcNAQkBFg9jYUBtYWlsLmV4YW1wbGUwggEiMA0GCSqG\n" "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjovj3aq26sAQ0k5vD/BVp40p0lhz1+Wet\n" "1EcdQa1arVIca9nhfvoHfJAmK+zzqQLbvI0/e2if4X6OKf41g7w7VaYS9qv5jZZ0\n" "v/7aL6PUa2F7C9HG/vuIII/dRvP2uQ43PLxeTeZyj7bBUB9xCFCpzB+7AZuUuH0H\n" "ABaC9CAGZWImBY5NUXST7E/BsvqU80KJglDovcabthvwoekji9DC/wwISLE1e9cO\n" "A9IB0Co0mA1ME6wzrawmuTzxUw9BsmEhbKhFGBRwIrrq0r4GvDmeMFiZjXv+I0vq\n" "wSCyRtgoeBmyemqIEgiN4Z23V7ps3dbYF/tw96Zj7rd5gtjY9VSdAgMBAAGjgesw\n" "gegwDwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUnvllvvxy17VqqR0FfgS4NwzX\n" "jScwgbUGA1UdIwSBrTCBqoAUnvllvvxy17VqqR0FfgS4NwzXjSehfKR6MHgxNTAz\n" "BgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRp\n" "b25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcN\n" "AQkBFg9jYUBtYWlsLmV4YW1wbGWCFCiDl0FxMh2bDhcP/ooQwTRk0J1lMA0GCSqG\n" "SIb3DQEBCwUAA4IBAQBROAyWfQyKXQ007U6ctgihHbg/lsfEEfeNPG+QRVt8/e53\n" "4fH6scuY9bW7CZQSdiBo178ITHrIOo2CuFMa0ysnW3V1M9/s0dUYjBHYdpTEEQ+d\n" "tgm1uRLiTsYeBtueRItEmZU6JjgmvAH8i1UqI0e5iYlfnovPmftpqIwRH7k7A9kS\n" "SehC9QkkrnIttDEoeYTGhLOJu1Fx2cwAodce6VNgz/k1zIXY5Tprg440zrCwc+th\n" "MpX48F31ggg8Wd5N6Xg1nricGwL8K90ts6xvwF1WwKsg6BeYdyC0eYBqQ41MA/7P\n" "DK3OGM6cC5tbQGWaIT0Q407GJBGpaijDicA2YqlK\n" "-----END CERTIFICATE-----\n", /* copied from cert-ca.pem */ .ca = "-----BEGIN CERTIFICATE-----\n" "MIIEajCCA1KgAwIBAgIUKIOXQXEyHZsOFw/+ihDBNGTQnWUwDQYJKoZIhvcNAQEL\n" "BQAweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFtcGxlIE9y\n" "Z2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBndXkxHjAc\n" "BgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZTAeFw0xOTA5MTYxNzEyNThaFw00\n" "NzAyMDExNzEyNThaMHgxNTAzBgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2Yg\n" "RXhhbXBsZSBPcmdhbml6YXRpb25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1\n" "ZXIgZ3V5MR4wHAYJKoZIhvcNAQkBFg9jYUBtYWlsLmV4YW1wbGUwggEiMA0GCSqG\n" "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjovj3aq26sAQ0k5vD/BVp40p0lhz1+Wet\n" "1EcdQa1arVIca9nhfvoHfJAmK+zzqQLbvI0/e2if4X6OKf41g7w7VaYS9qv5jZZ0\n" "v/7aL6PUa2F7C9HG/vuIII/dRvP2uQ43PLxeTeZyj7bBUB9xCFCpzB+7AZuUuH0H\n" "ABaC9CAGZWImBY5NUXST7E/BsvqU80KJglDovcabthvwoekji9DC/wwISLE1e9cO\n" "A9IB0Co0mA1ME6wzrawmuTzxUw9BsmEhbKhFGBRwIrrq0r4GvDmeMFiZjXv+I0vq\n" "wSCyRtgoeBmyemqIEgiN4Z23V7ps3dbYF/tw96Zj7rd5gtjY9VSdAgMBAAGjgesw\n" "gegwDwYDVR0TBAgwBgEB/wIBADAdBgNVHQ4EFgQUnvllvvxy17VqqR0FfgS4NwzX\n" "jScwgbUGA1UdIwSBrTCBqoAUnvllvvxy17VqqR0FfgS4NwzXjSehfKR6MHgxNTAz\n" "BgNVBAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRp\n" "b25zMR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcN\n" "AQkBFg9jYUBtYWlsLmV4YW1wbGWCFCiDl0FxMh2bDhcP/ooQwTRk0J1lMA0GCSqG\n" "SIb3DQEBCwUAA4IBAQBROAyWfQyKXQ007U6ctgihHbg/lsfEEfeNPG+QRVt8/e53\n" "4fH6scuY9bW7CZQSdiBo178ITHrIOo2CuFMa0ysnW3V1M9/s0dUYjBHYdpTEEQ+d\n" "tgm1uRLiTsYeBtueRItEmZU6JjgmvAH8i1UqI0e5iYlfnovPmftpqIwRH7k7A9kS\n" "SehC9QkkrnIttDEoeYTGhLOJu1Fx2cwAodce6VNgz/k1zIXY5Tprg440zrCwc+th\n" "MpX48F31ggg8Wd5N6Xg1nricGwL8K90ts6xvwF1WwKsg6BeYdyC0eYBqQ41MA/7P\n" "DK3OGM6cC5tbQGWaIT0Q407GJBGpaijDicA2YqlK\n" "-----END CERTIFICATE-----\n", }; static void destroy_cert(void *cert) { l_cert_free(cert); } static void test_chain_from_data(const void *data) { const struct pem_from_data_test *test = data; struct l_queue *twocas; struct l_certchain *chain; twocas = l_pem_load_certificate_list_from_data(test->list, strlen(test->list)); assert(twocas); chain = l_pem_load_certificate_chain_from_data(test->ca, strlen(test->ca)); assert(chain); assert(l_certchain_verify(chain, twocas, NULL)); l_certchain_free(chain); l_queue_destroy(twocas, destroy_cert); } static void test_priv_key_from_data(const void *data) { bool is_encrypted = false; struct l_key *key; const char *raw_private_key = "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIvjkVXsNnUUgCAggA\n" "MAwGCCqGSIb3DQILBQAwHQYJYIZIAWUDBAEqBBAQfXcH4tJZzrKM0bmpXyQWBIIE\n" "0FwZdv9kfXAZVbPIC2UZLpAqrFqxaaxPMA7FxZrS2sI7QmkXEIfO5TkR8IupYigh\n" "s/41jv7V5Mij1syrSodfiYDq3Y0gb9tF9Cb0FNoJwJ9f29X/h1GgnG5NPQBQEH4d\n" "zkqCA8Q8tzh8UTGXLcPwKYSmsAK9Rq739qre5qwHY0+hcoCtUfrev4twFUSC/PUj\n" "oJDFUxQyVt+WCjcuOG+ugWZSENJJe2O8pAqmt7ChuNKGZTe0UEFn/pxgAAgQYfaz\n" "lH/Nx7OQBSVqxdVkFr03/j8eeBy/SzZubirThd0aehwsQTw5/M9rSX8p2ldyjUWF\n" "Fb+UjXFFWdOs21rZtO0LcbdZlIVK94mswI4zo+Vv3f7DsAZPgW+Y36UJbzZNtxRl\n" "C8t97KH3NozGZIq0znC3CmdYk3EsIlMasp1vgyIpjnsyZcCVtCqbl2+PORv4gZyA\n" "9/PMNDNGambIERa4WCLc+Sx5lTryK6wNzQXCMigrpB7yaD+s2CA4OxvdU99iMQzD\n" "9/7cRvEQn/qFhcdTpz3wt97Gs51A+IleJbj9l/50sEsfQmcLVlUM3VbKtozUkaV1\n" "+5/O15HtMQp0jsjwTlz1AzW5eanPIGoFzLiHKfauzrO5L3i5I2G9GGeCtbUV0+Ts\n" "CTwT2kCUnypaNl4D5qdtxe3h+78uW3Yz0f5t4Yw/RlYVSJQZ7irdi3QTgDEEBrpL\n" "pOXTd8nRNxZ+zJZ5ifnBB0Ed+cMxmyKcliVnVLSV0KseNn3tKZwmRUtMBiPqKUD1\n" "qh8KskfJ0ye8jdcWIubP/gvDh5OgkSz1OdDZKH/RmkktUWCJoyXOMxIz+7GH9u3n\n" "n9Z6uAteNTefTJyawA3dwlGvRhySAI2nMl2Aj0g+6/ztpUUjXVx09oxZqh9Bn9k4\n" "t+gKaf4osH51QcKFs8J2YcYCwEYilzRAUwyw65Bo/k4myNXA5t2xSWfQIYRY+Yob\n" "pmbhOfDMLY1spEVHQ49hXvKE99eP5dyA0CmwZw2gkbXCYBEE1IPthJGYxO4zZdrq\n" "AYZq22L+09o0899pnD+p/eDTwKaFenjHVqO71khXurF6q7EPz9m4SkphDSNe/9Tc\n" "O11yMrQE9OUBTTd3zYuN8KuZpj2aW2p5/Z7pqCYJTDwlV/+HRmS/8aJ/sgHfYXpS\n" "Wpl/SHav6qI7fE5BlKwOwWE6O+vf0Nm9AMsbMErXTFdXe5dAin/uNuFyJM3bTHVO\n" "SR/R7/zsNoMJwsgogGMSiFbG1ebcSTgMNHKMFS8RvCBNX44fErW2r0bfNjHU4GgO\n" "KJFukksz/6tNfpIi9lU0Xojc7W8CJVdA9RTx8+LClM5nwFQlqyfIrtEXUK5BM+Vz\n" "2OI8DlMTpp0+JbSAdE3z1i8cEDFmbfaJ2pNX/1M0JPfcZmZsJiMtNC5Fn6MFBQME\n" "Fu1MyJuUr+maOqPLb6c4aYa7gVWpiRwwK8nTe1FofKeEY7mi7PyNJI7pARIDmoD4\n" "d5yFZ9Itg/5/XK7GfuRdve1m5/YGpV+u3HWqDnk/xBJ5FhyF9aIPzROYhXkRkVZz\n" "rn7DSN3XL2XXtUMle9++kRNmjB8h9GGn4ljunjs9YJBVTb1Y9C9vH1xLh2hknL4M\n" "h+XY4w5Os5FZNEkIQd/0gLUwgQRK5+j3aetp085GutPR\n" "-----END ENCRYPTED PRIVATE KEY-----\n"; key = l_pem_load_private_key_from_data(raw_private_key, strlen(raw_private_key), "abc", &is_encrypted); if (!key) { l_info("* Some kernel versions do not automatically load\n" "* the pkcs8_key_parser module. If the system running\n" "* test has not loaded this module, a failure here is\n" "* likely. Running \"modprobe pkcs8_key_parser\" may\n" "* correct this issue.\n"); exit(1); } assert(key); assert(is_encrypted); l_key_free(key); } static void test_pem(const void *data) { const struct pem_test *test = data; uint8_t *decoded; char *label = NULL; size_t decoded_size; decoded = l_pem_load_buffer((const uint8_t *) test->input, strlen(test->input), &label, &decoded_size); if (!test->valid) { l_free(label); assert(!decoded); return; } assert(decoded); assert(!strcmp(test->label, label)); assert(decoded_size == test->decoded_size); l_free(label); l_free(decoded); } static void test_unencrypted_pkey(const void *data) { const char *pkcs1_pem = CERTDIR "cert-client-key-pkcs1.pem"; const char *pkcs8_pem = CERTDIR "cert-client-key-pkcs8.pem"; bool is_encrypted; size_t size; uint8_t encrypted1[256], encrypted2[256], plaintext[256]; struct l_key *pkey1, *pkey2; bool is_public; pkey1 = l_pem_load_private_key(pkcs1_pem, NULL, &is_encrypted); assert(pkey1); assert(!is_encrypted); pkey2 = l_pem_load_private_key(pkcs8_pem, NULL, &is_encrypted); assert(pkey2); assert(!is_encrypted); memset(plaintext, 42, 256); assert(l_key_get_info(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE, &size, &is_public)); assert(size == 2048); assert(!is_public); assert(l_key_encrypt(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE, plaintext, encrypted1, 256, 256) == 256); assert(l_key_encrypt(pkey2, L_KEY_RSA_RAW, L_CHECKSUM_NONE, plaintext, encrypted2, 256, 256) == 256); assert(!memcmp(encrypted1, encrypted2, 256)); l_key_free(pkey1); l_key_free(pkey2); } static void test_encrypted_pkey(const void *data) { const char *encrypted_pem = data; const char *plaintext_pem = CERTDIR "cert-client-key-pkcs8.pem"; bool is_encrypted; size_t size; uint8_t encrypted1[256], encrypted2[256], plaintext[256]; struct l_key *pkey1, *pkey2; bool is_public; is_encrypted = false; assert(!l_pem_load_private_key(encrypted_pem, NULL, &is_encrypted)); assert(is_encrypted); is_encrypted = false; assert(!l_pem_load_private_key(encrypted_pem, "wrong-passwd", &is_encrypted)); assert(is_encrypted); is_encrypted = false; pkey1 = l_pem_load_private_key(encrypted_pem, "abc", &is_encrypted); assert(pkey1); assert(is_encrypted); pkey2 = l_pem_load_private_key(plaintext_pem, NULL, &is_encrypted); assert(pkey2); assert(!is_encrypted); /* * l_key_extract doesn't work for private keys so compare encrypt * results instead of key exponent. */ memset(plaintext, 42, 256); assert(l_key_get_info(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE, &size, &is_public)); assert(size == 2048); assert(!is_public); assert(l_key_encrypt(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE, plaintext, encrypted1, 256, 256) == 256); assert(l_key_encrypt(pkey2, L_KEY_RSA_RAW, L_CHECKSUM_NONE, plaintext, encrypted2, 256, 256) == 256); assert(!memcmp(encrypted1, encrypted2, 256)); l_key_free(pkey1); l_key_free(pkey2); } static bool test_cert_count(struct l_cert *cert, void *user_data) { int *count = user_data; (*count)++; return false; } struct test_load_file_params { const char *path; bool expect_cert; bool expect_certchain; bool expect_privkey; bool expect_encrypted; }; #define TEST_LOAD_PARAMS(fn, cert, certchain, privkey, encrypted) \ (&(struct test_load_file_params) { \ CERTDIR fn, (cert), (certchain), (privkey), (encrypted) }) static void test_load_file(const void *data) { const struct test_load_file_params *params = data; struct l_certchain *certchain; struct l_key *privkey; bool encrypted; assert(l_cert_load_container_file(params->path, NULL, &certchain, &privkey, &encrypted)); assert(encrypted == params->expect_encrypted); if (encrypted) { assert(!certchain && !privkey); assert(l_cert_load_container_file(params->path, "abc", &certchain, &privkey, &encrypted)); assert(encrypted); } assert(!!certchain == params->expect_cert); assert(!!privkey == params->expect_privkey); if (certchain) { int count = 0; l_certchain_walk_from_leaf(certchain, test_cert_count, &count); assert(count == (params->expect_certchain ? 3 : 1)); if (params->expect_certchain) assert(l_certchain_verify(certchain, NULL, NULL)); } if (certchain) l_certchain_free(certchain); if (privkey) l_key_free(privkey); } int main(int argc, char *argv[]) { l_test_init(&argc, &argv); l_test_add("pem/invalid header/test 1", test_pem, &invalid_header1); l_test_add("pem/invalid header/test 2", test_pem, &invalid_header2); l_test_add("pem/empty", test_pem, &empty); l_test_add("pem/empty label", test_pem, &empty_label); l_test_add("pem/cert chain from data", test_chain_from_data, &single_line_cert_chain); l_test_add("pem/private key from data", test_priv_key_from_data, NULL); if (!l_checksum_is_supported(L_CHECKSUM_MD5, false) || !l_checksum_is_supported(L_CHECKSUM_SHA1, false) || !l_cipher_is_supported(L_CIPHER_DES_CBC) || !l_key_is_supported(L_KEY_FEATURE_CRYPTO)) goto done; l_test_add("pem/PKCS#1 vs. PKCS#8 unenecrypted Private Key", test_unencrypted_pkey, NULL); l_test_add("pem/v1 MD5AndDES encrypted Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs8-md5-des.pem"); l_test_add("pem/v1 SHA1AndDES encrypted Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs8-sha1-des.pem"); l_test_add("pem/v2 DES encrypted Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs8-v2-des.pem"); if (l_cipher_is_supported(L_CIPHER_DES3_EDE_CBC) && l_checksum_is_supported(L_CHECKSUM_SHA224, false)) { l_test_add("pem/v2 DES EDE3 encrypted Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs8-v2-des-ede3.pem"); } if (l_cipher_is_supported(L_CIPHER_AES)) { if (l_checksum_is_supported(L_CHECKSUM_SHA256, false)) l_test_add("pem/v2 AES128-encrypted Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs8-v2-aes128.pem"); if (l_checksum_is_supported(L_CHECKSUM_SHA512, false)) l_test_add("pem/v2 AES256-encrypted Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs8-v2-aes256.pem"); } l_test_add("pem/PKCS#1 DES-encrypted RSA Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs1-des.pem"); if (l_cipher_is_supported(L_CIPHER_DES3_EDE_CBC)) l_test_add("pem/PKCS#1 DES-EDE3-encrypted RSA Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs1-des3.pem"); if (l_cipher_is_supported(L_CIPHER_AES_CBC)) { l_test_add("pem/PKCS#1 AES128-encrypted RSA Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs1-aes128.pem"); l_test_add("pem/PKCS#1 AES192-encrypted RSA Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs1-aes192.pem"); l_test_add("pem/PKCS#1 AES256-encrypted RSA Private Key", test_encrypted_pkey, CERTDIR "cert-client-key-pkcs1-aes256.pem"); } l_test_add("detect-format/PEM PKCS#1 unencrypted private key", test_load_file, TEST_LOAD_PARAMS("cert-client-key-pkcs1.pem", false, false, true, false)); l_test_add("detect-format/PEM PKCS#1 encrypted private key", test_load_file, TEST_LOAD_PARAMS("cert-client-key-pkcs1-des.pem", false, false, true, true)); l_test_add("detect-format/PEM PKCS#8 unencrypted private key", test_load_file, TEST_LOAD_PARAMS("cert-client-key-pkcs8.pem", false, false, true, false)); l_test_add("detect-format/PEM PKCS#8 encrypted private key", test_load_file, TEST_LOAD_PARAMS("cert-client-key-pkcs8-sha1-des.pem", false, false, true, true)); l_test_add("detect-format/PEM X.509 certificate", test_load_file, TEST_LOAD_PARAMS("cert-client.pem", true, false, false, false)); l_test_add("detect-format/DER X.509 certificate", test_load_file, TEST_LOAD_PARAMS("cert-client.crt", true, false, false, false)); l_test_add("detect-format/PEM combined", test_load_file, TEST_LOAD_PARAMS("cert-entity-combined.pem", true, true, true, true)); l_test_add("detect-format/DER PKCS#12 combined", test_load_file, TEST_LOAD_PARAMS("cert-entity-pkcs12-nomac.p12", true, false, true, true)); l_test_add("pkcs#12/Combined RC2-based ciphers + SHA1", test_load_file, TEST_LOAD_PARAMS("cert-entity-pkcs12-rc2-sha1.p12", true, true, true, true)); l_test_add("pkcs#12/Combined DES-based ciphers + SHA256", test_load_file, TEST_LOAD_PARAMS("cert-entity-pkcs12-des-sha256.p12", true, true, true, true)); l_test_add("pkcs#12/Combined RC4-based ciphers + SHA384", test_load_file, TEST_LOAD_PARAMS("cert-entity-pkcs12-rc4-sha384.p12", true, true, true, true)); l_test_add("pkcs#12/Combined PKCS#5 ciphers + SHA512", test_load_file, TEST_LOAD_PARAMS("cert-entity-pkcs12-pkcs5-sha512.p12", true, true, true, true)); done: return l_test_run(); }