xref: /qemu/tests/unit/crypto-tls-x509-helpers.h (revision 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03) 
1 /*
2  * Copyright (C) 2015 Red Hat, Inc.
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library.  If not, see
16  * <http://www.gnu.org/licenses/>.
17  *
18  * Author: Daniel P. Berrange <berrange@redhat.com>
19  */
20 
21 #include <gnutls/gnutls.h>
22 #include <gnutls/x509.h>
23 
24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
26 
27 #if !(defined WIN32) && \
28     defined(CONFIG_TASN1) && \
29     defined(LIBGNUTLS_VERSION_NUMBER) && \
30     (LIBGNUTLS_VERSION_NUMBER >= 0x020600)
31 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT
32 #endif
33 
34 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
35 # include <libtasn1.h>
36 
37 # include "qemu-common.h"
38 
39 /*
40  * This contains parameter about how to generate
41  * certificates.
42  */
43 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
44 struct QCryptoTLSTestCertReq {
45     gnutls_x509_crt_t crt;
46 
47     const char *filename;
48 
49     /* Identifying information */
50     const char *country;
51     const char *cn;
52     const char *altname1;
53     const char *altname2;
54     const char *ipaddr1;
55     const char *ipaddr2;
56 
57     /* Basic constraints */
58     bool basicConstraintsEnable;
59     bool basicConstraintsCritical;
60     bool basicConstraintsIsCA;
61 
62     /* Key usage */
63     bool keyUsageEnable;
64     bool keyUsageCritical;
65     int keyUsageValue;
66 
67     /* Key purpose (aka Extended key usage) */
68     bool keyPurposeEnable;
69     bool keyPurposeCritical;
70     const char *keyPurposeOID1;
71     const char *keyPurposeOID2;
72 
73     /* zero for current time, or non-zero for hours from now */
74     int start_offset;
75     /* zero for 24 hours from now, or non-zero for hours from now */
76     int expire_offset;
77 };
78 
79 void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
80                             gnutls_x509_crt_t ca);
81 void test_tls_write_cert_chain(const char *filename,
82                                gnutls_x509_crt_t *certs,
83                                size_t ncerts);
84 void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
85 
86 void test_tls_init(const char *keyfile);
87 void test_tls_cleanup(const char *keyfile);
88 
89 # define TLS_CERT_REQ(varname, cavarname,                               \
90                       country, commonname,                              \
91                       altname1, altname2,                               \
92                       ipaddr1, ipaddr2,                                 \
93                       basicconsenable, basicconscritical, basicconsca,  \
94                       keyusageenable, keyusagecritical, keyusagevalue,  \
95                       keypurposeenable, keypurposecritical,             \
96                       keypurposeoid1, keypurposeoid2,                   \
97                       startoffset, endoffset)                           \
98     static QCryptoTLSTestCertReq varname = {                            \
99         NULL, WORKDIR #varname "-ctx.pem",                              \
100         country, commonname, altname1, altname2,                        \
101         ipaddr1, ipaddr2,                                               \
102         basicconsenable, basicconscritical, basicconsca,                \
103         keyusageenable, keyusagecritical, keyusagevalue,                \
104         keypurposeenable, keypurposecritical,                           \
105         keypurposeoid1, keypurposeoid2,                                 \
106         startoffset, endoffset                                          \
107     };                                                                  \
108     test_tls_generate_cert(&varname, cavarname.crt)
109 
110 # define TLS_ROOT_REQ(varname,                                          \
111                       country, commonname,                              \
112                       altname1, altname2,                               \
113                       ipaddr1, ipaddr2,                                 \
114                       basicconsenable, basicconscritical, basicconsca,  \
115                       keyusageenable, keyusagecritical, keyusagevalue,  \
116                       keypurposeenable, keypurposecritical,             \
117                       keypurposeoid1, keypurposeoid2,                   \
118                       startoffset, endoffset)                           \
119     static QCryptoTLSTestCertReq varname = {                            \
120         NULL, WORKDIR #varname "-ctx.pem",                              \
121         country, commonname, altname1, altname2,                        \
122         ipaddr1, ipaddr2,                                               \
123         basicconsenable, basicconscritical, basicconsca,                \
124         keyusageenable, keyusagecritical, keyusagevalue,                \
125         keypurposeenable, keypurposecritical,                           \
126         keypurposeoid1, keypurposeoid2,                                 \
127         startoffset, endoffset                                          \
128     };                                                                  \
129     test_tls_generate_cert(&varname, NULL)
130 
131 extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
132 
133 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */
134