feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added unit test for using encrypted keys with TLS. Only works with --enable-des3, since the keys are all encrypted with DES3 (also requires either --enable-opensslextra or --enable-enckeys).

Browse Source
This commit is contained in:
David Garske
2018-04-05 12:43:03 -07:00
parent d68a6fb4c7
commit 5a46bdf6f6
4 changed files with 61 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/include.am
View File

@@ -27,5 +27,6 @@ EXTRA_DIST += tests/test.conf \
tests/test-dtls.conf \ tests/test-dtls.conf \
tests/test-sctp.conf \ tests/test-sctp.conf \
tests/test-sig.conf \ tests/test-sig.conf \
tests/test-ed25519.conf tests/test-ed25519.conf \
tests/test-enckeys.conf
DISTCLEANFILES+= tests/.libs/unit.test DISTCLEANFILES+= tests/.libs/unit.test

12
tests/suites.c
View File

@@ -658,7 +658,6 @@ int SuiteTest(void)
goto exit; goto exit;
} }
#endif #endif
#ifndef NO_PSK #ifndef NO_PSK
/* add psk extra suites */ /* add psk extra suites */
strcpy(argv0[1], "tests/test-psk-no-id.conf"); strcpy(argv0[1], "tests/test-psk-no-id.conf");
@@ -670,6 +669,17 @@ int SuiteTest(void)
goto exit; goto exit;
} }
#endif #endif
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3)
/* test encrypted keys */
strcpy(argv0[1], "tests/test-enckeys.conf");
printf("starting encrypted keys extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
exit: exit:
printf(" End Cipher Suite Tests\n"); printf(" End Cipher Suite Tests\n");

42
tests/test-enckeys.conf Normal file
View File

@@ -0,0 +1,42 @@
# server RSA encrypted key
-v 3
-k ./certs/server-keyEnc.pem
# client RSA encrypted key
-v 3
-k ./certs/client-keyEnc.pem
# server RSA encrypted key PKCS8
-v 3
-k ./certs/server-keyPkcs8Enc.pem
# client RSA encrypted key
-v 3
-k ./certs/client-keyEnc.pem
# server RSA encrypted key PKCS8 2
-v 3
-k ./certs/server-keyPkcs8Enc2.pem
# client RSA encrypted key
-v 3
-k ./certs/client-keyEnc.pem
# server RSA encrypted key PKCS8 12
-v 3
-k ./certs/server-keyPkcs8Enc12.pem
# client RSA encrypted key
-v 3
-k ./certs/client-keyEnc.pem
# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-keyPkcs8Enc.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
-v 3
-l ECDHE-ECDSA-AES128-SHA256
-A ./certs/ca-ecc-cert.pem

7
wolfcrypt/src/asn.c
View File

@@ -7636,7 +7636,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
} else } else
#endif #endif
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
if (header == BEGIN_DSA_PRIV) { #ifdef HAVE_ECC
if (header == BEGIN_DSA_PRIV)
#else
if (header == BEGIN_ENC_PRIV_KEY)
#endif
{
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
} else } else
#endif #endif