From 4eb094bf6214cd00e02b4e65a658a6aedf48dfe4 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 26 Aug 2024 10:42:46 -0400 Subject: [PATCH] Test token with EC Cert without public key Signed-off-by: Simo Sorce --- tests/meson.build | 1 + tests/tlssetkey.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++ tests/ttls | 8 +++++++ tests/util.c | 46 ++++++++++++++++++++++++++++++++++++++++ tests/util.h | 1 + 5 files changed, 109 insertions(+) create mode 100644 tests/tlssetkey.c diff --git a/tests/meson.build b/tests/meson.build index 5a9022b6..ec686512 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -104,6 +104,7 @@ test_programs = { 'tsession': ['tsession.c'], 'tgenkey': ['tgenkey.c'], 'tlsctx': ['tlsctx.c', 'util.c'], + 'tlssetkey': ['tlssetkey.c', 'util.c'], 'tdigests': ['tdigests.c'], 'treadkeys': ['treadkeys.c'], 'tcmpkeys': ['tcmpkeys.c', 'util.c'], diff --git a/tests/tlssetkey.c b/tests/tlssetkey.c new file mode 100644 index 00000000..c224a261 --- /dev/null +++ b/tests/tlssetkey.c @@ -0,0 +1,53 @@ +/* Copyright (C) 2024 Simo Sorce + SPDX-License-Identifier: Apache-2.0 */ + +#include +#include +#include +#include +#include +#include +#include "util.h" + +int main(int argc, char *argv[]) +{ + EVP_PKEY *pkey = NULL; + X509 *cert = NULL; + SSL_CTX *ctx; + int ret = 0; + + if (argc != 3) { + fprintf(stderr, "Usage: tlssetkey [certuri] [pkeyuri]\n"); + exit(EXIT_FAILURE); + } + cert = load_cert(argv[1]); + pkey = load_key(argv[2]); + + ctx = SSL_CTX_new(TLS_client_method()); + if (!ctx) { + fprintf(stderr, "Failed to create SSL Context\n"); + ossl_err_print(); + exit(EXIT_FAILURE); + } + + ret = SSL_CTX_use_certificate(ctx, cert); + if (ret != 1) { + fprintf(stderr, "Failed to set Certificate"); + ossl_err_print(); + exit(EXIT_FAILURE); + } + + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + if (ret != 1) { + fprintf(stderr, "Failed to set Private Key"); + ossl_err_print(); + exit(EXIT_FAILURE); + } + + fprintf(stderr, "Cert and Key successfully set on TLS Context!\n"); + + SSL_CTX_free(ctx); + EVP_PKEY_free(pkey); + X509_free(cert); + exit(EXIT_SUCCESS); +} diff --git a/tests/ttls b/tests/ttls index e394c7d2..a3ea93f4 100755 --- a/tests/ttls +++ b/tests/ttls @@ -7,6 +7,14 @@ source "${TESTSSRCDIR}/helpers.sh" title PARA "Test SSL_CTX creation" $CHECKER "${TESTBLDDIR}/tlsctx" +title PARA "Test setting cert/keys on TLS Context" +$CHECKER "${TESTBLDDIR}/tlssetkey" "${ECCRTURI}" "${ECPRIURI}" + +if [ -n "$ECBASE2URI" ]; then + title PARA "Test setting cert/keys on TLS Context w/o pub key" + $CHECKER "${TESTBLDDIR}/tlssetkey" "${ECCRT2URI}" "${ECPRI2URI}" +fi + title PARA "Test an actual TLS connection" rm -f "${TMPPDIR}/s_server_output" diff --git a/tests/util.c b/tests/util.c index eedb4cb7..d6d2df5a 100644 --- a/tests/util.c +++ b/tests/util.c @@ -92,3 +92,49 @@ EVP_PKEY *load_key(const char *uri) return key; } + +X509 *load_cert(const char *uri) +{ + OSSL_STORE_CTX *store; + OSSL_STORE_INFO *info; + X509 *cert = NULL; + + if (!uri) { + fprintf(stderr, "Invalid NULL uri"); + ossl_err_print(); + exit(EXIT_FAILURE); + } + + store = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL); + if (store == NULL) { + fprintf(stderr, "Failed to open store: %s\n", uri); + ossl_err_print(); + exit(EXIT_FAILURE); + } + + for (info = OSSL_STORE_load(store); info != NULL; + info = OSSL_STORE_load(store)) { + int type = OSSL_STORE_INFO_get_type(info); + + if (cert != NULL) { + fprintf(stderr, "Multiple certs matching URI: %s\n", uri); + exit(EXIT_FAILURE); + } + + switch (type) { + case OSSL_STORE_INFO_CERT: + cert = OSSL_STORE_INFO_get1_CERT(info); + break; + } + OSSL_STORE_INFO_free(info); + } + + if (cert == NULL) { + fprintf(stderr, "Failed to load cert from URI: %s\n", uri); + ossl_err_print(); + exit(EXIT_FAILURE); + } + OSSL_STORE_close(store); + + return cert; +} diff --git a/tests/util.h b/tests/util.h index 1fdc9a13..b025019e 100644 --- a/tests/util.h +++ b/tests/util.h @@ -3,3 +3,4 @@ void ossl_err_print(void); EVP_PKEY *load_key(const char *uri); +X509 *load_cert(const char *uri);