1 /* 2 * Copyright (C) 2015 Red Hat, Inc. 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation; either 7 * version 2.1 of the License, or (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public 15 * License along with this library. If not, see 16 * <http://www.gnu.org/licenses/>. 17 * 18 * Author: Daniel P. Berrange <berrange@redhat.com> 19 */ 20 21 #include <gnutls/gnutls.h> 22 #include <gnutls/x509.h> 23 24 #if !(defined WIN32) && \ 25 defined(CONFIG_TASN1) 26 # define QCRYPTO_HAVE_TLS_TEST_SUPPORT 27 #endif 28 29 #ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT 30 # include <libtasn1.h> 31 32 # include "qemu-common.h" 33 34 /* 35 * This contains parameter about how to generate 36 * certificates. 37 */ 38 typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq; 39 struct QCryptoTLSTestCertReq { 40 gnutls_x509_crt_t crt; 41 42 const char *filename; 43 44 /* Identifying information */ 45 const char *country; 46 const char *cn; 47 const char *altname1; 48 const char *altname2; 49 const char *ipaddr1; 50 const char *ipaddr2; 51 52 /* Basic constraints */ 53 bool basicConstraintsEnable; 54 bool basicConstraintsCritical; 55 bool basicConstraintsIsCA; 56 57 /* Key usage */ 58 bool keyUsageEnable; 59 bool keyUsageCritical; 60 int keyUsageValue; 61 62 /* Key purpose (aka Extended key usage) */ 63 bool keyPurposeEnable; 64 bool keyPurposeCritical; 65 const char *keyPurposeOID1; 66 const char *keyPurposeOID2; 67 68 /* zero for current time, or non-zero for hours from now */ 69 int start_offset; 70 /* zero for 24 hours from now, or non-zero for hours from now */ 71 int expire_offset; 72 }; 73 74 void test_tls_generate_cert(QCryptoTLSTestCertReq *req, 75 gnutls_x509_crt_t ca); 76 void test_tls_write_cert_chain(const char *filename, 77 gnutls_x509_crt_t *certs, 78 size_t ncerts); 79 void test_tls_discard_cert(QCryptoTLSTestCertReq *req); 80 81 void test_tls_init(const char *keyfile); 82 void test_tls_cleanup(const char *keyfile); 83 84 # define TLS_CERT_REQ(varname, cavarname, \ 85 country, commonname, \ 86 altname1, altname2, \ 87 ipaddr1, ipaddr2, \ 88 basicconsenable, basicconscritical, basicconsca, \ 89 keyusageenable, keyusagecritical, keyusagevalue, \ 90 keypurposeenable, keypurposecritical, \ 91 keypurposeoid1, keypurposeoid2, \ 92 startoffset, endoffset) \ 93 static QCryptoTLSTestCertReq varname = { \ 94 NULL, WORKDIR #varname "-ctx.pem", \ 95 country, commonname, altname1, altname2, \ 96 ipaddr1, ipaddr2, \ 97 basicconsenable, basicconscritical, basicconsca, \ 98 keyusageenable, keyusagecritical, keyusagevalue, \ 99 keypurposeenable, keypurposecritical, \ 100 keypurposeoid1, keypurposeoid2, \ 101 startoffset, endoffset \ 102 }; \ 103 test_tls_generate_cert(&varname, cavarname.crt) 104 105 # define TLS_ROOT_REQ(varname, \ 106 country, commonname, \ 107 altname1, altname2, \ 108 ipaddr1, ipaddr2, \ 109 basicconsenable, basicconscritical, basicconsca, \ 110 keyusageenable, keyusagecritical, keyusagevalue, \ 111 keypurposeenable, keypurposecritical, \ 112 keypurposeoid1, keypurposeoid2, \ 113 startoffset, endoffset) \ 114 static QCryptoTLSTestCertReq varname = { \ 115 NULL, WORKDIR #varname "-ctx.pem", \ 116 country, commonname, altname1, altname2, \ 117 ipaddr1, ipaddr2, \ 118 basicconsenable, basicconscritical, basicconsca, \ 119 keyusageenable, keyusagecritical, keyusagevalue, \ 120 keypurposeenable, keypurposecritical, \ 121 keypurposeoid1, keypurposeoid2, \ 122 startoffset, endoffset \ 123 }; \ 124 test_tls_generate_cert(&varname, NULL) 125 126 extern const ASN1_ARRAY_TYPE pkix_asn1_tab[]; 127 128 #endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */ 129