From acfb5cb8f7d4025333cd63ae9cf8422af0c689f3 Mon Sep 17 00:00:00 2001 From: roman Date: Wed, 13 Nov 2024 11:02:53 +0100 Subject: [PATCH] test tls UPDATE add ec key tls test --- tests/data/0b527f1f.0 | 1 + tests/data/ec_server.crt | 53 ++++++++++++++++++++++++++ tests/data/ec_server.key | 5 +++ tests/data/ec_serverca.pem | 78 ++++++++++++++++++++++++++++++++++++++ tests/test_tls.c | 37 +++++++++++++++++- 5 files changed, 173 insertions(+), 1 deletion(-) create mode 120000 tests/data/0b527f1f.0 create mode 100644 tests/data/ec_server.crt create mode 100644 tests/data/ec_server.key create mode 100644 tests/data/ec_serverca.pem diff --git a/tests/data/0b527f1f.0 b/tests/data/0b527f1f.0 new file mode 120000 index 00000000..bb1b82af --- /dev/null +++ b/tests/data/0b527f1f.0 @@ -0,0 +1 @@ +ec_serverca.pem \ No newline at end of file diff --git a/tests/data/ec_server.crt b/tests/data/ec_server.crt new file mode 100644 index 00000000..5b33bfe0 --- /dev/null +++ b/tests/data/ec_server.crt @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CZ, ST=Some-State, O=CESNET, OU=TMC, CN=clientca + Validity + Not Before: Nov 13 09:26:01 2024 GMT + Not After : Nov 11 09:26:01 2034 GMT + Subject: C=CZ, ST=Some-State, O=CESNET, OU=TMC, CN=127.0.0.1 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:21:8f:4c:09:ed:6c:ef:8e:17:09:f6:71:15:df: + 6b:bc:55:ee:62:b8:06:66:b0:83:d0:31:6a:58:eb: + ca:1d:ed:3a:d7:a5:35:f9:c1:83:e7:2a:e7:3a:0b: + a8:0d:8e:d8:48:91:44:f0:33:70:a2:a4:fa:14:b7: + 6e:74:cf:e3:13 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + c1:b3:2c:22:63:44:7e:ed:bc:59:0b:88:36:a6:a3:b5:9c:13: + 25:e9:35:17:a8:ed:51:a6:54:98:46:fa:68:cf:82:af:85:1e: + 66:ff:86:64:f6:b7:cb:2f:2a:7d:f1:f0:f0:5c:85:40:86:99: + 0f:12:2f:7c:14:9b:27:25:ed:6b:5a:a7:80:8b:8e:e0:17:7b: + d0:a0:45:aa:d3:6d:b8:8b:cc:46:c7:b7:01:8b:fa:bc:2e:5d: + 18:77:c0:87:9b:37:16:a1:b0:3c:cc:72:44:4a:3e:c3:0f:6f: + 60:5e:ae:a1:0d:08:54:49:96:f0:aa:84:9a:00:da:63:bd:0a: + fb:d7:93:3e:8a:e5:c0:64:31:01:c7:14:47:0f:94:d4:4e:c9: + c2:3d:28:7b:18:60:64:c7:d1:1f:f8:47:86:f5:68:ea:bf:e6: + b5:f1:43:19:e1:55:c1:20:73:7e:71:9f:9e:08:9b:7c:4c:5c: + 61:62:6f:3f:64:1d:d6:f2:52:42:fe:a6:c9:5d:ce:24:8a:f8: + d7:2b:a6:0f:ca:ec:4a:92:da:31:f3:d3:fd:01:5f:ea:2a:c5: + d6:0e:b0:04:43:f9:60:71:e4:42:6d:43:34:d2:9b:31:59:9e: + c8:b9:6b:b2:67:0a:ff:fb:f4:a7:27:ec:c0:2d:83:b0:1e:03: + 9d:a0:05:f8 +-----BEGIN CERTIFICATE----- +MIICUjCCAToCAQMwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCQ1oxEzARBgNV +BAgMClNvbWUtU3RhdGUxDzANBgNVBAoMBkNFU05FVDEMMAoGA1UECwwDVE1DMREw +DwYDVQQDDAhjbGllbnRjYTAeFw0yNDExMTMwOTI2MDFaFw0zNDExMTEwOTI2MDFa +MFUxCzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZD +RVNORVQxDDAKBgNVBAsMA1RNQzESMBAGA1UEAwwJMTI3LjAuMC4xMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEIY9MCe1s744XCfZxFd9rvFXuYrgGZrCD0DFqWOvK +He0616U1+cGD5yrnOguoDY7YSJFE8DNwoqT6FLdudM/jEzANBgkqhkiG9w0BAQsF +AAOCAQEAwbMsImNEfu28WQuINqajtZwTJek1F6jtUaZUmEb6aM+Cr4UeZv+GZPa3 +yy8qffHw8FyFQIaZDxIvfBSbJyXta1qngIuO4Bd70KBFqtNtuIvMRse3AYv6vC5d +GHfAh5s3FqGwPMxyREo+ww9vYF6uoQ0IVEmW8KqEmgDaY70K+9eTPorlwGQxAccU +Rw+U1E7Jwj0oexhgZMfRH/hHhvVo6r/mtfFDGeFVwSBzfnGfngibfExcYWJvP2Qd +1vJSQv6myV3OJIr41yumD8rsSpLaMfPT/QFf6irF1g6wBEP5YHHkQm1DNNKbMVme +yLlrsmcK//v0pyfswC2DsB4DnaAF+A== +-----END CERTIFICATE----- diff --git a/tests/data/ec_server.key b/tests/data/ec_server.key new file mode 100644 index 00000000..0948c3b4 --- /dev/null +++ b/tests/data/ec_server.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIFIFZl3hkDpo1uqLRK8UeFo9Tm6tfgBjlvM1TcRZixy+oAoGCCqGSM49 +AwEHoUQDQgAEIY9MCe1s744XCfZxFd9rvFXuYrgGZrCD0DFqWOvKHe0616U1+cGD +5yrnOguoDY7YSJFE8DNwoqT6FLdudM/jEw== +-----END EC PRIVATE KEY----- diff --git a/tests/data/ec_serverca.pem b/tests/data/ec_serverca.pem new file mode 100644 index 00000000..48831263 --- /dev/null +++ b/tests/data/ec_serverca.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CZ, ST=Some-State, O=CESNET, OU=TMC, CN=clientca + Validity + Not Before: Oct 25 11:00:37 2024 GMT + Not After : Oct 23 11:00:37 2034 GMT + Subject: C=CZ, ST=Some-State, O=CESNET, OU=TMC, CN=clientca + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d3:59:56:1b:a0:75:ce:50:66:ce:60:77:69:87: + 8f:bc:6a:42:83:6c:64:49:89:10:54:59:2a:cd:c7: + 85:83:a2:dd:66:33:72:e9:2f:46:54:9c:a0:8b:f7: + c7:76:01:d4:be:2a:54:6a:63:24:2a:65:a0:90:fe: + 63:71:33:ce:76:76:37:fa:6f:1c:66:86:d9:19:1f: + 2a:72:a4:ac:f9:56:95:58:d0:f5:c3:1d:c0:a9:c2: + fe:89:cb:ac:04:18:a0:fa:14:eb:18:42:46:7b:fc: + fe:a6:b6:26:70:c0:45:c4:79:9c:53:b9:0b:71:d4: + c8:74:93:86:80:a5:76:38:16:0e:7f:a5:2e:bc:c4: + 4f:e5:7a:cd:ef:41:0b:02:9e:3d:f0:d8:62:aa:2c: + 89:68:51:22:44:6a:c2:2f:bc:77:10:20:38:dd:f0: + 5b:cb:31:a2:3c:9e:27:a2:3f:d1:61:25:14:35:05: + ab:10:0f:f1:f9:49:40:e5:16:8f:e3:69:32:51:f9: + 01:20:ce:b1:18:e7:1f:11:76:ec:3c:74:f7:99:bd: + a1:4e:53:6f:89:a4:95:6a:73:ae:6d:9a:7e:f3:78: + 11:df:bd:89:5b:e6:a1:c1:0b:92:57:ba:ba:6d:b0: + 8e:d7:5c:60:c0:ae:ca:e0:6d:31:6b:07:f1:98:8a: + 66:2f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign + X509v3 Subject Key Identifier: + CD:59:B8:BB:EB:BA:27:B2:66:3C:1C:05:76:9B:71:8A:68:EA:30:FD + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + a6:2d:e1:9e:04:a5:0c:9d:6b:82:b9:f2:59:85:9f:ef:e4:ea: + eb:b9:ab:70:73:50:fa:1d:5d:0b:d7:7f:3e:32:f6:e5:27:01: + 47:69:3a:a2:a2:d2:e0:4d:16:ad:9d:98:3c:ed:81:05:c6:12: + a1:92:85:95:7f:22:e7:d2:77:fe:53:be:fe:2c:74:2c:24:7b: + 66:97:8c:0b:00:88:3e:96:87:1c:6a:0e:70:98:81:10:c1:84: + f4:98:4b:60:77:9c:24:a7:b2:a5:44:e8:05:da:a5:6c:62:77: + 68:f9:2e:73:3c:c6:2c:ad:3a:ff:4a:67:a0:da:23:84:ea:bc: + d9:cb:f9:45:13:e3:38:26:c7:f1:60:95:f3:3f:2f:81:98:0b: + 58:60:72:5f:c9:ef:1f:76:b2:05:03:8d:4f:3a:a8:eb:0a:c5: + a8:fd:a3:5f:a8:29:83:cb:9e:cb:13:24:a6:4a:33:95:22:fc: + 26:90:dc:97:2c:53:ac:24:1a:60:d6:aa:e4:cd:14:12:84:61: + ea:15:28:5a:79:f3:18:1e:bb:77:03:61:2c:b4:b6:d5:c5:99: + 7c:a7:7c:8a:1b:c8:a0:2c:50:53:5d:fb:b4:81:23:bf:0a:b1: + 9f:f0:b0:d3:ed:08:e2:4d:a7:50:44:be:3a:a0:c0:2c:70:0c: + e4:c8:71:15 +-----BEGIN CERTIFICATE----- +MIIDZTCCAk2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJDWjET +MBEGA1UECAwKU29tZS1TdGF0ZTEPMA0GA1UECgwGQ0VTTkVUMQwwCgYDVQQLDANU +TUMxETAPBgNVBAMMCGNsaWVudGNhMB4XDTI0MTAyNTExMDAzN1oXDTM0MTAyMzEx +MDAzN1owVDELMAkGA1UEBhMCQ1oxEzARBgNVBAgMClNvbWUtU3RhdGUxDzANBgNV +BAoMBkNFU05FVDEMMAoGA1UECwwDVE1DMREwDwYDVQQDDAhjbGllbnRjYTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNZVhugdc5QZs5gd2mHj7xqQoNs +ZEmJEFRZKs3HhYOi3WYzcukvRlScoIv3x3YB1L4qVGpjJCploJD+Y3EzznZ2N/pv +HGaG2RkfKnKkrPlWlVjQ9cMdwKnC/onLrAQYoPoU6xhCRnv8/qa2JnDARcR5nFO5 +C3HUyHSThoCldjgWDn+lLrzET+V6ze9BCwKePfDYYqosiWhRIkRqwi+8dxAgON3w +W8sxojyeJ6I/0WElFDUFqxAP8flJQOUWj+NpMlH5ASDOsRjnHxF27Dx095m9oU5T +b4mklWpzrm2afvN4Ed+9iVvmocELkle6um2wjtdcYMCuyuBtMWsH8ZiKZi8CAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYE +FM1ZuLvruieyZjwcBXabcYpo6jD9MA0GCSqGSIb3DQEBCwUAA4IBAQCmLeGeBKUM +nWuCufJZhZ/v5Orruatwc1D6HV0L138+MvblJwFHaTqiotLgTRatnZg87YEFxhKh +koWVfyLn0nf+U77+LHQsJHtml4wLAIg+loccag5wmIEQwYT0mEtgd5wkp7KlROgF +2qVsYndo+S5zPMYsrTr/Smeg2iOE6rzZy/lFE+M4JsfxYJXzPy+BmAtYYHJfye8f +drIFA41POqjrCsWo/aNfqCmDy57LEySmSjOVIvwmkNyXLFOsJBpg1qrkzRQShGHq +FShaefMYHrt3A2EstLbVxZl8p3yKG8igLFBTXfu0gSO/CrGf8LDT7QjiTadQRL46 +oMAscAzkyHEV +-----END CERTIFICATE----- diff --git a/tests/test_tls.c b/tests/test_tls.c index c6d7c5ee..7fbd354e 100644 --- a/tests/test_tls.c +++ b/tests/test_tls.c @@ -72,6 +72,39 @@ test_nc_tls(void **state) } } +static void +test_nc_tls_ec_key(void **state) +{ + int ret, i; + pthread_t tids[2]; + struct ln2_test_ctx *test_ctx; + + assert_non_null(state); + test_ctx = *state; + + ret = nc_server_config_add_tls_server_cert(test_ctx->ctx, "endpt", TESTS_DIR "/data/ec_server.key", + NULL, TESTS_DIR "/data/ec_server.crt", (struct lyd_node **)&test_ctx->test_data); + assert_int_equal(ret, 0); + + ret = nc_server_config_setup_data(test_ctx->test_data); + assert_int_equal(ret, 0); + + ret = pthread_create(&tids[0], NULL, client_thread, *state); + assert_int_equal(ret, 0); + ret = pthread_create(&tids[1], NULL, ln2_glob_test_server_thread, *state); + assert_int_equal(ret, 0); + + for (i = 0; i < 2; i++) { + pthread_join(tids[i], NULL); + } +} + +static void +test_nc_tls_free_test_data(void *test_data) +{ + lyd_free_all(test_data); +} + static int setup_f(void **state) { @@ -110,7 +143,8 @@ setup_f(void **state) ret = nc_server_config_setup_data(tree); assert_int_equal(ret, 0); - lyd_free_all(tree); + test_ctx->test_data = tree; + test_ctx->free_test_data = test_nc_tls_free_test_data; return 0; } @@ -120,6 +154,7 @@ main(void) { const struct CMUnitTest tests[] = { cmocka_unit_test_setup_teardown(test_nc_tls, setup_f, ln2_glob_test_teardown), + cmocka_unit_test_setup_teardown(test_nc_tls_ec_key, setup_f, ln2_glob_test_teardown) }; /* try to get ports from the environment, otherwise use the default */