search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tests/avocado: Disable the test_sbsaref_edk2_firmware by default
[qemu/kevin.git] / tests / unit / crypto-tls-x509-helpers.h
blob247e7160ebdc6d61ced26371154686c4a73660c1
1 /*
2 * Copyright (C) 2015 Red Hat, Inc.
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library. If not, see
16 * <http://www.gnu.org/licenses/>.
17 *
18 * Author: Daniel P. Berrange <berrange@redhat.com>
19 */
20
21 #ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H
22 #define TESTS_CRYPTO_TLS_X509_HELPERS_H
23
24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
26 #include <libtasn1.h>
27
28
29 #define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client"
30 #define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client"
31
32 /*
33 * This contains parameter about how to generate
34 * certificates.
35 */
36 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
37 struct QCryptoTLSTestCertReq {
38 gnutls_x509_crt_t crt;
39
40 const char *filename;
41
42 /* Identifying information */
43 const char *country;
44 const char *cn;
45 const char *altname1;
46 const char *altname2;
47 const char *ipaddr1;
48 const char *ipaddr2;
49
50 /* Basic constraints */
51 bool basicConstraintsEnable;
52 bool basicConstraintsCritical;
53 bool basicConstraintsIsCA;
54
55 /* Key usage */
56 bool keyUsageEnable;
57 bool keyUsageCritical;
58 int keyUsageValue;
59
60 /* Key purpose (aka Extended key usage) */
61 bool keyPurposeEnable;
62 bool keyPurposeCritical;
63 const char *keyPurposeOID1;
64 const char *keyPurposeOID2;
65
66 /* zero for current time, or non-zero for hours from now */
67 int start_offset;
68 /* zero for 24 hours from now, or non-zero for hours from now */
69 int expire_offset;
70 };
71
72 void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
73 gnutls_x509_crt_t ca);
74 void test_tls_write_cert_chain(const char *filename,
75 gnutls_x509_crt_t *certs,
76 size_t ncerts);
77 void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
78
79 void test_tls_init(const char *keyfile);
80 void test_tls_cleanup(const char *keyfile);
81
82 # define TLS_CERT_REQ(varname, cavarname, \
83 country, commonname, \
84 altname1, altname2, \
85 ipaddr1, ipaddr2, \
86 basicconsenable, basicconscritical, basicconsca, \
87 keyusageenable, keyusagecritical, keyusagevalue, \
88 keypurposeenable, keypurposecritical, \
89 keypurposeoid1, keypurposeoid2, \
90 startoffset, endoffset) \
91 static QCryptoTLSTestCertReq varname = { \
92 NULL, WORKDIR #varname "-ctx.pem", \
93 country, commonname, altname1, altname2, \
94 ipaddr1, ipaddr2, \
95 basicconsenable, basicconscritical, basicconsca, \
96 keyusageenable, keyusagecritical, keyusagevalue, \
97 keypurposeenable, keypurposecritical, \
98 keypurposeoid1, keypurposeoid2, \
99 startoffset, endoffset \
100 }; \
101 test_tls_generate_cert(&varname, cavarname.crt)
102
103 # define TLS_ROOT_REQ(varname, \
104 country, commonname, \
105 altname1, altname2, \
106 ipaddr1, ipaddr2, \
107 basicconsenable, basicconscritical, basicconsca, \
108 keyusageenable, keyusagecritical, keyusagevalue, \
109 keypurposeenable, keypurposecritical, \
110 keypurposeoid1, keypurposeoid2, \
111 startoffset, endoffset) \
112 static QCryptoTLSTestCertReq varname = { \
113 NULL, WORKDIR #varname "-ctx.pem", \
114 country, commonname, altname1, altname2, \
115 ipaddr1, ipaddr2, \
116 basicconsenable, basicconscritical, basicconsca, \
117 keyusageenable, keyusagecritical, keyusagevalue, \
118 keypurposeenable, keypurposecritical, \
119 keypurposeoid1, keypurposeoid2, \
120 startoffset, endoffset \
121 }; \
122 test_tls_generate_cert(&varname, NULL)
123
124 # define TLS_ROOT_REQ_SIMPLE(varname, fname) \
125 QCryptoTLSTestCertReq varname = { \
126 .filename = fname, \
127 .cn = "qemu-CA", \
128 .basicConstraintsEnable = true, \
129 .basicConstraintsCritical = true, \
130 .basicConstraintsIsCA = true, \
131 .keyUsageEnable = true, \
132 .keyUsageCritical = true, \
133 .keyUsageValue = GNUTLS_KEY_KEY_CERT_SIGN, \
134 }; \
135 test_tls_generate_cert(&varname, NULL)
136
137 # define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \
138 QCryptoTLSTestCertReq varname = { \
139 .filename = fname, \
140 .cn = cname, \
141 .basicConstraintsEnable = true, \
142 .basicConstraintsCritical = true, \
143 .basicConstraintsIsCA = false, \
144 .keyUsageEnable = true, \
145 .keyUsageCritical = true, \
146 .keyUsageValue = \
147 GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
148 .keyPurposeEnable = true, \
149 .keyPurposeCritical = true, \
150 .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_CLIENT, \
151 }; \
152 test_tls_generate_cert(&varname, cavarname.crt)
153
154 # define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \
155 hostname, ipaddr) \
156 QCryptoTLSTestCertReq varname = { \
157 .filename = fname, \
158 .cn = hostname ? hostname : ipaddr, \
159 .altname1 = hostname, \
160 .ipaddr1 = ipaddr, \
161 .basicConstraintsEnable = true, \
162 .basicConstraintsCritical = true, \
163 .basicConstraintsIsCA = false, \
164 .keyUsageEnable = true, \
165 .keyUsageCritical = true, \
166 .keyUsageValue = \
167 GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
168 .keyPurposeEnable = true, \
169 .keyPurposeCritical = true, \
170 .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_SERVER, \
171 }; \
172 test_tls_generate_cert(&varname, cavarname.crt)
173
174 extern const asn1_static_node pkix_asn1_tab[];
175
176 #endif
Random patches