/* * Copyright (C) 2015 Nikos Mavrogiannopoulos * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * GnuTLS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuTLS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GnuTLS; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ /* This does some basic functionality testing for the system-keys in * windows for CNG keys. * It relies on the ncrypt, and crypt32 replacements found in the dir. */ #ifdef HAVE_CONFIG_H #include #endif #ifndef _WIN32 #include void doit(void) { exit(77); } #else #include #include #include #include #include #include #include #include #include #include #include #include #include #include "../cert-common.h" #include "ncrypt-int.h" static void tls_log_func(int level, const char *str) { fprintf(stderr, "<%d> %s", level, str); } /* sha1 hash of "hello" string */ const gnutls_datum_t sha256_hash_data = { (void *) "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8" "\x3b\x2a\xc5\xb9\xe2\x9e\x1b\x16\x1e\x5c" "\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b" "\x98\x24", 32 }; const gnutls_datum_t md5sha1_hash_data = { (void *) "\x5d\x41\x40\x2a\xbc\x4b\x2a\x76\xb9\x71\x9d\x91\x10\x17\xc5\x92" "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", 36 }; const gnutls_datum_t invalid_hash_data = { (void *) "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe" "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d", 20 }; const gnutls_datum_t raw_data = { (void *)"hello", 5 }; static void test_sig(void) { gnutls_pubkey_t pubkey; gnutls_privkey_t privkey; gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_RSA_SHA256; gnutls_datum_t signature, digest_info; int ret; assert_int_nequal(gnutls_pubkey_init(&pubkey), 0); assert_int_nequal(gnutls_privkey_init(&privkey), 0); assert_int_nequal(gnutls_privkey_import_url(privkey, "system:win:id=123456", 0), 0); assert_int_nequal(gnutls_pubkey_import_x509_raw(pubkey, &cert_dat, GNUTLS_X509_FMT_PEM, 0), 0); assert_int_nequal(gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA256, 0, &sha256_hash_data, &signature), 0); ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0, &sha256_hash_data, &signature); assert(ret >= 0); /* should fail */ ret = gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0, &invalid_hash_data, &signature); assert(ret == GNUTLS_E_PK_SIG_VERIFY_FAILED); gnutls_free(signature.data); signature.data = NULL; /* test the raw interface (MD5+SHA1) */ ret = gnutls_privkey_sign_hash(privkey, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &md5sha1_hash_data, &signature); assert(ret >= 0); ret = gnutls_pubkey_verify_hash2(pubkey, 0, GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, &md5sha1_hash_data, &signature); assert(ret >= 0); gnutls_free(signature.data); signature.data = NULL; /* test the raw interface DigestInfo */ ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info); assert(ret >= 0); ret = gnutls_privkey_sign_hash(privkey, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &digest_info, &signature); assert(ret >= 0); ret = gnutls_pubkey_verify_hash2(pubkey, 0, GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, &digest_info, &signature); assert(ret >= 0); gnutls_free(signature.data); gnutls_free(digest_info.data); gnutls_privkey_deinit(privkey); gnutls_pubkey_deinit(pubkey); } void doit(void) { gnutls_global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); test_sig(); gnutls_global_deinit(); return; } #endif