tests/crypto-tls-x509-helpers.h

   1 /*
   2  * Copyright (C) 2015 Red Hat, Inc.
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library.  If not, see
  16  * <http://www.gnu.org/licenses/>.
  17  *
  18  * Author: Daniel P. Berrange <berrange@redhat.com>
  19  */
  20
  21 #include <gnutls/gnutls.h>
  22 #include <gnutls/x509.h>
  23
  24 #if !(defined WIN32) && \
  25     defined(CONFIG_TASN1)
  26 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT
  27 #endif
  28
  29 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
  30 # include <libtasn1.h>
  31
  32 # include "qemu-common.h"
  33
  34 /*
  35  * This contains parameter about how to generate
  36  * certificates.
  37  */
  38 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
  39 struct QCryptoTLSTestCertReq {
  40     gnutls_x509_crt_t crt;
  41
  42     const char *filename;
  43
  44     /* Identifying information */
  45     const char *country;
  46     const char *cn;
  47     const char *altname1;
  48     const char *altname2;
  49     const char *ipaddr1;
  50     const char *ipaddr2;
  51
  52     /* Basic constraints */
  53     bool basicConstraintsEnable;
  54     bool basicConstraintsCritical;
  55     bool basicConstraintsIsCA;
  56
  57     /* Key usage */
  58     bool keyUsageEnable;
  59     bool keyUsageCritical;
  60     int keyUsageValue;
  61
  62     /* Key purpose (aka Extended key usage) */
  63     bool keyPurposeEnable;
  64     bool keyPurposeCritical;
  65     const char *keyPurposeOID1;
  66     const char *keyPurposeOID2;
  67
  68     /* zero for current time, or non-zero for hours from now */
  69     int start_offset;
  70     /* zero for 24 hours from now, or non-zero for hours from now */
  71     int expire_offset;
  72 };
  73
  74 void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
  75                             gnutls_x509_crt_t ca);
  76 void test_tls_write_cert_chain(const char *filename,
  77                                gnutls_x509_crt_t *certs,
  78                                size_t ncerts);
  79 void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
  80
  81 void test_tls_init(const char *keyfile);
  82 void test_tls_cleanup(const char *keyfile);
  83
  84 # define TLS_CERT_REQ(varname, cavarname,                               \
  85                       country, commonname,                              \
  86                       altname1, altname2,                               \
  87                       ipaddr1, ipaddr2,                                 \
  88                       basicconsenable, basicconscritical, basicconsca,  \
  89                       keyusageenable, keyusagecritical, keyusagevalue,  \
  90                       keypurposeenable, keypurposecritical,             \
  91                       keypurposeoid1, keypurposeoid2,                   \
  92                       startoffset, endoffset)                           \
  93     static QCryptoTLSTestCertReq varname = {                            \
  94         NULL, WORKDIR #varname "-ctx.pem",                              \
  95         country, commonname, altname1, altname2,                        \
  96         ipaddr1, ipaddr2,                                               \
  97         basicconsenable, basicconscritical, basicconsca,                \
  98         keyusageenable, keyusagecritical, keyusagevalue,                \
  99         keypurposeenable, keypurposecritical,                           \
 100         keypurposeoid1, keypurposeoid2,                                 \
 101         startoffset, endoffset                                          \
 102     };                                                                  \
 103     test_tls_generate_cert(&varname, cavarname.crt)
 104
 105 # define TLS_ROOT_REQ(varname,                                          \
 106                       country, commonname,                              \
 107                       altname1, altname2,                               \
 108                       ipaddr1, ipaddr2,                                 \
 109                       basicconsenable, basicconscritical, basicconsca,  \
 110                       keyusageenable, keyusagecritical, keyusagevalue,  \
 111                       keypurposeenable, keypurposecritical,             \
 112                       keypurposeoid1, keypurposeoid2,                   \
 113                       startoffset, endoffset)                           \
 114     static QCryptoTLSTestCertReq varname = {                            \
 115         NULL, WORKDIR #varname "-ctx.pem",                              \
 116         country, commonname, altname1, altname2,                        \
 117         ipaddr1, ipaddr2,                                               \
 118         basicconsenable, basicconscritical, basicconsca,                \
 119         keyusageenable, keyusagecritical, keyusagevalue,                \
 120         keypurposeenable, keypurposecritical,                           \
 121         keypurposeoid1, keypurposeoid2,                                 \
 122         startoffset, endoffset                                          \
 123     };                                                                  \
 124     test_tls_generate_cert(&varname, NULL)
 125
 126 extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
 127
 128 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */