unit/test-pem.c - pub/scm/libs/ell/ell - Git at Google

 /*
  *
  *  Embedded Linux library
  *
  *  Copyright (C) 2015  Intel Corporation. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
  *  License as published by the Free Software Foundation; either
  *  version 2.1 of the License, or (at your option) any later version.
  *
  *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  *  Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public
  *  License along with this library; if not, write to the Free Software
  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  *
  */

 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif

 #include <assert.h>

 #include <ell/ell.h>

 struct pem_test {
 	const char *input;
 	bool valid;
 	const char *label;
 	size_t decoded_size;
 };

 static const struct pem_test invalid_header1 = {
 	.input = "-----BEGIN FOOBAR -----\r\n"
 			"----END FOOBAR -----\r\n",
 	.valid = false,
 };

 static const struct pem_test invalid_header2 = {
 	.input = "-----BEGIN CERT  IFICATE-----\r\n"
 			"-----END CERT  IFICATE----\r\n",
 	.valid = false,
 };

 static const struct pem_test empty = {
 	.input = "-----BEGIN CERTIFICATE-----\r\n"
 			"-----END CERTIFICATE-----\r\n",
 	.valid = false,
 };

 static const struct pem_test empty_label = {
 	.input = "-----BEGIN -----\r\n"
 			"U28/PHA+\r\n"
 			"-----END -----\r\n",
 	.valid = true,
 	.label = "",
 	.decoded_size = 6,
 };

 static void test_pem(const void *data)
 {
 	const struct pem_test *test = data;
 	uint8_t *decoded;
 	char *label;
 	size_t decoded_size;

 	decoded = l_pem_load_buffer((const uint8_t *) test->input,
 					strlen(test->input), 0,
 					&label, &decoded_size);

 	if (!test->valid) {
 		assert(!decoded);
 		return;
 	}

 	assert(decoded);

 	assert(!strcmp(test->label, label));
 	assert(decoded_size == test->decoded_size);

 	l_free(label);
 	l_free(decoded);
 }

 static void test_encrypted_pkey(const void *data)
 {
 	const char *encrypted_pem = data;
 	const char *plaintext_pem = CERTDIR "cert-client-key-pkcs8.pem";
 	bool is_encrypted;
 	size_t size;
 	uint8_t encrypted1[256], encrypted2[256], plaintext[256];
 	struct l_key *pkey1, *pkey2;
 	bool is_public;

 	is_encrypted = false;
 	assert(!l_pem_load_private_key(encrypted_pem, NULL, &is_encrypted));
 	assert(is_encrypted);

 	is_encrypted = false;
 	assert(!l_pem_load_private_key(encrypted_pem, "wrong-passwd",
 					&is_encrypted));
 	assert(is_encrypted);

 	is_encrypted = false;
 	pkey1 = l_pem_load_private_key(encrypted_pem, "abc", &is_encrypted);
 	assert(pkey1);
 	assert(is_encrypted);

 	pkey2 = l_pem_load_private_key(plaintext_pem, NULL, &is_encrypted);
 	assert(pkey2);
 	assert(!is_encrypted);

 	/*
 	 * l_key_extract doesn't work for private keys so compare encrypt
 	 * results instead of key exponent.
 	 */
 	memset(plaintext, 42, 256);
 	assert(l_key_get_info(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE,
 				&size, &is_public));
 	assert(size == 2048);
 	assert(!is_public);
 	assert(l_key_encrypt(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE,
 				plaintext, encrypted1, 256, 256) == 256);
 	assert(l_key_encrypt(pkey2, L_KEY_RSA_RAW, L_CHECKSUM_NONE,
 				plaintext, encrypted2, 256, 256) == 256);
 	assert(!memcmp(encrypted1, encrypted2, 256));

 	l_key_free(pkey1);
 	l_key_free(pkey2);
 }

 int main(int argc, char *argv[])
 {
 	l_test_init(&argc, &argv);

 	l_test_add("pem/invalid header/test 1", test_pem, &invalid_header1);
 	l_test_add("pem/invalid header/test 2", test_pem, &invalid_header2);

 	l_test_add("pem/empty", test_pem, &empty);

 	l_test_add("pem/empty label", test_pem, &empty_label);

 	if (!l_checksum_is_supported(L_CHECKSUM_MD5, false) ||
 			!l_checksum_is_supported(L_CHECKSUM_SHA1, false) ||
 			!l_cipher_is_supported(L_CIPHER_DES_CBC) ||
 			!l_key_is_supported(L_KEY_FEATURE_CRYPTO))
 		goto done;

 	l_test_add("pem/v1 MD5AndDES encrypted Private Key",
 			test_encrypted_pkey,
 			CERTDIR "cert-client-key-md5-des.pem");
 	l_test_add("pem/v1 SHA1AndDES encrypted Private Key",
 			test_encrypted_pkey,
 			CERTDIR "cert-client-key-sha1-des.pem");
 	l_test_add("pem/v2 DES encrypted Private Key", test_encrypted_pkey,
 			CERTDIR "cert-client-key-v2-des.pem");

 	if (l_cipher_is_supported(L_CIPHER_DES3_EDE_CBC) &&
 			l_checksum_is_supported(L_CHECKSUM_SHA224, false))
 		l_test_add("pem/v2 DES EDE3 encrypted Private Key",
 				test_encrypted_pkey,
 				CERTDIR "cert-client-key-v2-des-ede3.pem");

 	if (!l_cipher_is_supported(L_CIPHER_AES))
 		goto done;

 	if (l_checksum_is_supported(L_CHECKSUM_SHA256, false))
 		l_test_add("pem/v2 AES128 encrypted Private Key",
 				test_encrypted_pkey,
 				CERTDIR "cert-client-key-v2-aes128.pem");

 	if (l_checksum_is_supported(L_CHECKSUM_SHA512, false))
 		l_test_add("pem/v2 AES256 encrypted Private Key",
 				test_encrypted_pkey,
 				CERTDIR "cert-client-key-v2-aes256.pem");

 done:
 	return l_test_run();
 }
	/*
	*
	* Embedded Linux library
	*
	* Copyright (C) 2015 Intel Corporation. All rights reserved.
	*
	* This library is free software; you can redistribute it and/or
	* modify it under the terms of the GNU Lesser General Public
	* License as published by the Free Software Foundation; either
	* version 2.1 of the License, or (at your option) any later version.
	*
	* This library is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	* Lesser General Public License for more details.
	*
	* You should have received a copy of the GNU Lesser General Public
	* License along with this library; if not, write to the Free Software
	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	*
	*/

	#ifdef HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <assert.h>

	#include <ell/ell.h>

	struct pem_test {
	const char *input;
	bool valid;
	const char *label;
	size_t decoded_size;
	};

	static const struct pem_test invalid_header1 = {
	.input = "-----BEGIN FOOBAR -----\r\n"
	"----END FOOBAR -----\r\n",
	.valid = false,
	};

	static const struct pem_test invalid_header2 = {
	.input = "-----BEGIN CERT IFICATE-----\r\n"
	"-----END CERT IFICATE----\r\n",
	.valid = false,
	};

	static const struct pem_test empty = {
	.input = "-----BEGIN CERTIFICATE-----\r\n"
	"-----END CERTIFICATE-----\r\n",
	.valid = false,
	};

	static const struct pem_test empty_label = {
	.input = "-----BEGIN -----\r\n"
	"U28/PHA+\r\n"
	"-----END -----\r\n",
	.valid = true,
	.label = "",
	.decoded_size = 6,
	};

	static void test_pem(const void *data)
	{
	const struct pem_test *test = data;
	uint8_t *decoded;
	char *label;
	size_t decoded_size;

	decoded = l_pem_load_buffer((const uint8_t *) test->input,
	strlen(test->input), 0,
	&label, &decoded_size);

	if (!test->valid) {
	assert(!decoded);
	return;
	}

	assert(decoded);

	assert(!strcmp(test->label, label));
	assert(decoded_size == test->decoded_size);

	l_free(label);
	l_free(decoded);
	}

	static void test_encrypted_pkey(const void *data)
	{
	const char *encrypted_pem = data;
	const char *plaintext_pem = CERTDIR "cert-client-key-pkcs8.pem";
	bool is_encrypted;
	size_t size;
	uint8_t encrypted1[256], encrypted2[256], plaintext[256];
	struct l_key pkey1, pkey2;
	bool is_public;

	is_encrypted = false;
	assert(!l_pem_load_private_key(encrypted_pem, NULL, &is_encrypted));
	assert(is_encrypted);

	is_encrypted = false;
	assert(!l_pem_load_private_key(encrypted_pem, "wrong-passwd",
	&is_encrypted));
	assert(is_encrypted);

	is_encrypted = false;
	pkey1 = l_pem_load_private_key(encrypted_pem, "abc", &is_encrypted);
	assert(pkey1);
	assert(is_encrypted);

	pkey2 = l_pem_load_private_key(plaintext_pem, NULL, &is_encrypted);
	assert(pkey2);
	assert(!is_encrypted);

	/*
	* l_key_extract doesn't work for private keys so compare encrypt
	* results instead of key exponent.
	*/
	memset(plaintext, 42, 256);
	assert(l_key_get_info(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE,
	&size, &is_public));
	assert(size == 2048);
	assert(!is_public);
	assert(l_key_encrypt(pkey1, L_KEY_RSA_RAW, L_CHECKSUM_NONE,
	plaintext, encrypted1, 256, 256) == 256);
	assert(l_key_encrypt(pkey2, L_KEY_RSA_RAW, L_CHECKSUM_NONE,
	plaintext, encrypted2, 256, 256) == 256);
	assert(!memcmp(encrypted1, encrypted2, 256));

	l_key_free(pkey1);
	l_key_free(pkey2);
	}

	int main(int argc, char *argv[])
	{
	l_test_init(&argc, &argv);

	l_test_add("pem/invalid header/test 1", test_pem, &invalid_header1);
	l_test_add("pem/invalid header/test 2", test_pem, &invalid_header2);

	l_test_add("pem/empty", test_pem, &empty);

	l_test_add("pem/empty label", test_pem, &empty_label);

	if (!l_checksum_is_supported(L_CHECKSUM_MD5, false) \|\|
	!l_checksum_is_supported(L_CHECKSUM_SHA1, false) \|\|
	!l_cipher_is_supported(L_CIPHER_DES_CBC) \|\|
	!l_key_is_supported(L_KEY_FEATURE_CRYPTO))
	goto done;

	l_test_add("pem/v1 MD5AndDES encrypted Private Key",
	test_encrypted_pkey,
	CERTDIR "cert-client-key-md5-des.pem");
	l_test_add("pem/v1 SHA1AndDES encrypted Private Key",
	test_encrypted_pkey,
	CERTDIR "cert-client-key-sha1-des.pem");
	l_test_add("pem/v2 DES encrypted Private Key", test_encrypted_pkey,
	CERTDIR "cert-client-key-v2-des.pem");

	if (l_cipher_is_supported(L_CIPHER_DES3_EDE_CBC) &&
	l_checksum_is_supported(L_CHECKSUM_SHA224, false))
	l_test_add("pem/v2 DES EDE3 encrypted Private Key",
	test_encrypted_pkey,
	CERTDIR "cert-client-key-v2-des-ede3.pem");

	if (!l_cipher_is_supported(L_CIPHER_AES))
	goto done;

	if (l_checksum_is_supported(L_CHECKSUM_SHA256, false))
	l_test_add("pem/v2 AES128 encrypted Private Key",
	test_encrypted_pkey,
	CERTDIR "cert-client-key-v2-aes128.pem");

	if (l_checksum_is_supported(L_CHECKSUM_SHA512, false))
	l_test_add("pem/v2 AES256 encrypted Private Key",
	test_encrypted_pkey,
	CERTDIR "cert-client-key-v2-aes256.pem");

	done:
	return l_test_run();
	}