ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

libtls: Add unit tests for Ed25519 and Ed448 keys 

TLS 1.0 to TLS 1.3 socket connection tests with each key type.
This commit is contained in:
Pascal Knecht 2020-10-23 22:56:03 +02:00 committed by Tobias Brunner
parent 5e579ebe8f
commit 0aaf1242d9
1 changed files with 144 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
src/libtls/tests/suites/test_socket.c
View File

@ -129,6 +129,28 @@ static char ecdsa[] = {
0xb1,0x47,0xc8,0xf6,0x18,0xbb,0x97,
};
/**
* Ed25519 private key
* pki --gen --type ed25519
*/
static char ed25519[] = {
0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
0x70,0x4b,0xca,0x70,0x1c,0xb1,0x75,0xf1,0xed,0xde,0xf1,0x99,0x8e,0x11,0x32,0x2d,
0x76,0x41,0x01,0x6c,0xd7,0xbc,0x79,0xa2,0x06,0x15,0x7e,0x44,0x28,0xf2,0x49,0x61,
};
/**
* Ed448 private key
* pki --gen --type ed448
*/
static char ed448[] = {
0x30,0x47,0x02,0x01,0x00,0x30,0x05,0x06,0x03,0x2b,0x65,0x71,0x04,0x3b,0x04,0x39,
0xcf,0xb9,0xbe,0x75,0xdf,0x76,0x8b,0x9a,0xdf,0x56,0x52,0x5d,0x37,0x7d,0xb0,0xa8,
0x1f,0x19,0x44,0x30,0xbd,0x9d,0x0e,0xff,0x5f,0xc8,0xc3,0xec,0x60,0xd5,0xf6,0xa4,
0x3d,0x1f,0x0e,0xb5,0x65,0x6e,0xe6,0x62,0x4d,0xb7,0xe7,0x5c,0x88,0x7b,0xe8,0xdd,
0x02,0xd9,0x0f,0xaa,0xe7,0xfb,0x05,0x14,0x41,
};
/**
* TLS certificate for RSA key
* pki --self --in rsa.key --dn "C=CH, O=strongSwan, CN=tls-rsa" --san 127.0.0.1
@ -220,7 +242,68 @@ static char ecdsa_crt[] = {
0xac,0x36,0x08,0x14,0x29,
};
START_SETUP(setup_creds)
/**
* TLS certificate for Ed25519 key
* pki --self --in ed25519.key --dn "C=CH, O=strongSwan, CN=tls-ed25519" \
* --san 127.0.0.1
*/
static char ed25519_crt[] = {
0x30,0x82,0x01,0x38,0x30,0x81,0xeb,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x46,0x41,
0x12,0x0d,0xa4,0xbd,0x00,0x11,0x30,0x05,0x06,0x03,0x2b,0x65,0x70,0x30,0x38,0x31,
0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x13,0x30,0x11,
0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,
0x6e,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x03,0x13,0x0b,0x74,0x6c,0x73,0x2d,
0x65,0x64,0x32,0x35,0x35,0x31,0x39,0x30,0x1e,0x17,0x0d,0x32,0x30,0x31,0x30,0x32,
0x32,0x31,0x34,0x30,0x31,0x30,0x30,0x5a,0x17,0x0d,0x32,0x33,0x31,0x30,0x32,0x32,
0x31,0x34,0x30,0x31,0x30,0x30,0x5a,0x30,0x38,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,
0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x31,0x14,0x30,0x12,0x06,
0x03,0x55,0x04,0x03,0x13,0x0b,0x74,0x6c,0x73,0x2d,0x65,0x64,0x32,0x35,0x35,0x31,
0x39,0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,0x70,0x03,0x21,0x00,0xbd,0xbd,0xd2,
0x9d,0x90,0x2c,0x4f,0xb0,0x0d,0x88,0xe9,0x92,0xba,0x59,0x91,0x6c,0x0a,0x30,0xc3,
0x8e,0x7d,0x0d,0x55,0x67,0xf7,0xb0,0x37,0x39,0xfa,0x05,0x61,0xc3,0xa3,0x13,0x30,
0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x11,0x04,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,
0x00,0x01,0x30,0x05,0x06,0x03,0x2b,0x65,0x70,0x03,0x41,0x00,0x04,0xc6,0x12,0x57,
0xfa,0x69,0x74,0xd2,0x3a,0x7d,0x1b,0x23,0xde,0x64,0x08,0xa8,0x05,0x75,0xd3,0x15,
0xfb,0xd4,0x46,0xe0,0x4a,0x59,0x48,0x8e,0xee,0x4e,0x4d,0x72,0xbf,0xbc,0xdb,0x36,
0xda,0x39,0x23,0x9a,0x06,0x88,0xee,0x63,0xe5,0xb4,0x23,0xf9,0xa9,0x80,0x41,0x99,
0x3d,0x3f,0xb5,0x39,0x72,0x4b,0x62,0x86,0x4e,0x85,0x61,0x0b,
};
/**
* TLS certificate for Ed448 key
* pki --self --in ed448.key --dn "C=CH, O=strongSwan, CN=tls-ed448" \
* --san 127.0.0.1
*/
static char ed448_crt[] = {
0x30,0x82,0x01,0x80,0x30,0x82,0x01,0x00,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x71,
0xa9,0xa0,0xdd,0x5b,0xee,0xa0,0x5c,0x30,0x05,0x06,0x03,0x2b,0x65,0x71,0x30,0x36,
0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x13,0x30,
0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,
0x61,0x6e,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x74,0x6c,0x73,
0x2d,0x65,0x64,0x34,0x34,0x38,0x30,0x1e,0x17,0x0d,0x32,0x30,0x31,0x30,0x32,0x33,
0x32,0x30,0x34,0x34,0x30,0x35,0x5a,0x17,0x0d,0x32,0x33,0x31,0x30,0x32,0x33,0x32,
0x30,0x34,0x34,0x30,0x35,0x5a,0x30,0x36,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,
0x06,0x13,0x02,0x43,0x48,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,
0x73,0x74,0x72,0x6f,0x6e,0x67,0x53,0x77,0x61,0x6e,0x31,0x12,0x30,0x10,0x06,0x03,
0x55,0x04,0x03,0x13,0x09,0x74,0x6c,0x73,0x2d,0x65,0x64,0x34,0x34,0x38,0x30,0x43,
0x30,0x05,0x06,0x03,0x2b,0x65,0x71,0x03,0x3a,0x00,0xdd,0x5e,0x19,0xc8,0x67,0xa9,
0x93,0x53,0x5f,0x26,0xca,0x6f,0x2f,0xdf,0x9e,0x0f,0x48,0xb6,0x60,0x3e,0x56,0xa5,
0xaf,0xe8,0xf9,0x3f,0xe5,0x1c,0xeb,0xf2,0xf4,0x84,0xd1,0x48,0xa9,0xb1,0x92,0x6b,
0xa1,0x4d,0x47,0x86,0x8e,0xf9,0xcc,0xd2,0x58,0xd4,0x6f,0x8c,0x76,0x59,0xf4,0x77,
0x59,0xc8,0x00,0xa3,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x11,0x04,0x08,
0x30,0x06,0x87,0x04,0x7f,0x00,0x00,0x01,0x30,0x05,0x06,0x03,0x2b,0x65,0x71,0x03,
0x73,0x00,0xc6,0xf0,0x4e,0xf2,0x41,0xe0,0xb4,0xa0,0x0a,0x9f,0x73,0x67,0xcb,0x89,
0x97,0xf0,0x3a,0xfe,0x53,0xb2,0x1b,0x6c,0x37,0x24,0xbe,0x9e,0x2b,0x50,0x0c,0x98,
0xb3,0x15,0x65,0x79,0x37,0xd6,0xc2,0x92,0x89,0x96,0xf3,0x5f,0x2d,0x70,0xa5,0x49,
0xdd,0x7d,0x12,0x3d,0x17,0x28,0xd2,0x56,0x25,0xab,0x80,0x89,0x4d,0x6a,0xfa,0x32,
0x6a,0x16,0x7f,0xd2,0x12,0xb3,0x73,0xf5,0xe7,0x1f,0x89,0x0b,0x5e,0x05,0xbe,0x69,
0xb8,0x11,0x59,0xf9,0xdc,0x9c,0xca,0x68,0xe3,0x1f,0x7a,0x43,0x1a,0x72,0xfa,0x1f,
0x07,0xe0,0x58,0xc2,0x3a,0x18,0xb3,0x01,0x68,0x90,0x40,0x05,0x7d,0x35,0x1a,0x3f,
0xdc,0xc8,0x00,0x00
};
static void setup_credentials(chunk_t key_data, chunk_t cert_data)
{
private_key_t *key;
certificate_t *cert;
@ -233,8 +316,8 @@ START_SETUP(setup_creds)
{
creds->add_key(creds, key);
}
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
BUILD_BLOB, chunk_from_thing(ecdsa), BUILD_END);
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
BUILD_BLOB, key_data, BUILD_END);
if (key)
{
creds->add_key(creds, key);
@ -246,7 +329,7 @@ START_SETUP(setup_creds)
creds->add_cert(creds, TRUE, cert);
}
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB, chunk_from_thing(ecdsa_crt), BUILD_END);
BUILD_BLOB, cert_data, BUILD_END);
if (cert)
{
creds->add_cert(creds, TRUE, cert);
@ -254,6 +337,23 @@ START_SETUP(setup_creds)
lib->credmgr->add_set(lib->credmgr, &creds->set);
}
START_SETUP(setup_creds)
{
setup_credentials(chunk_from_thing(ecdsa), chunk_from_thing(ecdsa_crt));
}
END_SETUP
START_SETUP(setup_ed25519_creds)
{
setup_credentials(chunk_from_thing(ed25519), chunk_from_thing(ed25519_crt));
}
END_SETUP
START_SETUP(setup_ed448_creds)
{
setup_credentials(chunk_from_thing(ed448), chunk_from_thing(ed448_crt));
}
END_SETUP
START_TEARDOWN(teardown_creds)
@ -682,5 +782,45 @@ Suite *socket_suite_create()
add_tls_test(test_tls10_mutual, TLS_1_0);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.3/ed25519");
tcase_add_checked_fixture(tc, setup_ed25519_creds, teardown_creds);
add_tls_test(test_tls13, TLS_1_3);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.2/ed25519");
tcase_add_checked_fixture(tc, setup_ed25519_creds, teardown_creds);
add_tls_test(test_tls12, TLS_1_2);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.1/ed25519");
tcase_add_checked_fixture(tc, setup_ed25519_creds, teardown_creds);
add_tls_test(test_tls11, TLS_1_1);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.0/ed25519");
tcase_add_checked_fixture(tc, setup_ed25519_creds, teardown_creds);
add_tls_test(test_tls10, TLS_1_0);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.3/ed448");
tcase_add_checked_fixture(tc, setup_ed448_creds, teardown_creds);
add_tls_test(test_tls13, TLS_1_3);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.2/ed448");
tcase_add_checked_fixture(tc, setup_ed448_creds, teardown_creds);
add_tls_test(test_tls12, TLS_1_2);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.1/ed448");
tcase_add_checked_fixture(tc, setup_ed448_creds, teardown_creds);
add_tls_test(test_tls11, TLS_1_1);
suite_add_tcase(s, tc);
tc = tcase_create("TLS 1.0/ed448");
tcase_add_checked_fixture(tc, setup_ed448_creds, teardown_creds);
add_tls_test(test_tls10, TLS_1_0);
suite_add_tcase(s, tc);
return s;
}