1 /* 2 * Copyright (C) 2015 Red Hat, Inc. 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation; either 7 * version 2.1 of the License, or (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public 15 * License along with this library. If not, see 16 * <http://www.gnu.org/licenses/>. 17 * 18 * Author: Daniel P. Berrange <berrange@redhat.com> 19 */ 20 21 #include <gnutls/gnutls.h> 22 #include <gnutls/x509.h> 23 24 #if !(defined WIN32) && \ 25 defined(CONFIG_TASN1) && \ 26 (LIBGNUTLS_VERSION_NUMBER >= 0x020600) 27 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT 28 #endif 29 30 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT 31 # include <libtasn1.h> 32 33 # include "qemu-common.h" 34 35 /* 36 * This contains parameter about how to generate 37 * certificates. 38 */ 39 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq; 40 struct QCryptoTLSTestCertReq { 41 gnutls_x509_crt_t crt; 42 43 const char *filename; 44 45 /* Identifying information */ 46 const char *country; 47 const char *cn; 48 const char *altname1; 49 const char *altname2; 50 const char *ipaddr1; 51 const char *ipaddr2; 52 53 /* Basic constraints */ 54 bool basicConstraintsEnable; 55 bool basicConstraintsCritical; 56 bool basicConstraintsIsCA; 57 58 /* Key usage */ 59 bool keyUsageEnable; 60 bool keyUsageCritical; 61 int keyUsageValue; 62 63 /* Key purpose (aka Extended key usage) */ 64 bool keyPurposeEnable; 65 bool keyPurposeCritical; 66 const char *keyPurposeOID1; 67 const char *keyPurposeOID2; 68 69 /* zero for current time, or non-zero for hours from now */ 70 int start_offset; 71 /* zero for 24 hours from now, or non-zero for hours from now */ 72 int expire_offset; 73 }; 74 75 void test_tls_generate_cert(QCryptoTLSTestCertReq *req, 76 gnutls_x509_crt_t ca); 77 void test_tls_write_cert_chain(const char *filename, 78 gnutls_x509_crt_t *certs, 79 size_t ncerts); 80 void test_tls_discard_cert(QCryptoTLSTestCertReq *req); 81 82 void test_tls_init(const char *keyfile); 83 void test_tls_cleanup(const char *keyfile); 84 85 # define TLS_CERT_REQ(varname, cavarname, \ 86 country, commonname, \ 87 altname1, altname2, \ 88 ipaddr1, ipaddr2, \ 89 basicconsenable, basicconscritical, basicconsca, \ 90 keyusageenable, keyusagecritical, keyusagevalue, \ 91 keypurposeenable, keypurposecritical, \ 92 keypurposeoid1, keypurposeoid2, \ 93 startoffset, endoffset) \ 94 static QCryptoTLSTestCertReq varname = { \ 95 NULL, WORKDIR #varname "-ctx.pem", \ 96 country, commonname, altname1, altname2, \ 97 ipaddr1, ipaddr2, \ 98 basicconsenable, basicconscritical, basicconsca, \ 99 keyusageenable, keyusagecritical, keyusagevalue, \ 100 keypurposeenable, keypurposecritical, \ 101 keypurposeoid1, keypurposeoid2, \ 102 startoffset, endoffset \ 103 }; \ 104 test_tls_generate_cert(&varname, cavarname.crt) 105 106 # define TLS_ROOT_REQ(varname, \ 107 country, commonname, \ 108 altname1, altname2, \ 109 ipaddr1, ipaddr2, \ 110 basicconsenable, basicconscritical, basicconsca, \ 111 keyusageenable, keyusagecritical, keyusagevalue, \ 112 keypurposeenable, keypurposecritical, \ 113 keypurposeoid1, keypurposeoid2, \ 114 startoffset, endoffset) \ 115 static QCryptoTLSTestCertReq varname = { \ 116 NULL, WORKDIR #varname "-ctx.pem", \ 117 country, commonname, altname1, altname2, \ 118 ipaddr1, ipaddr2, \ 119 basicconsenable, basicconscritical, basicconsca, \ 120 keyusageenable, keyusagecritical, keyusagevalue, \ 121 keypurposeenable, keypurposecritical, \ 122 keypurposeoid1, keypurposeoid2, \ 123 startoffset, endoffset \ 124 }; \ 125 test_tls_generate_cert(&varname, NULL) 126 127 extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; 128 129 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */ 130