Skip to content

Commit

Permalink
tests: C API test for CSR generation
Browse files Browse the repository at this point in the history
Fixes: #26
  • Loading branch information
gotthardp committed Nov 11, 2023
1 parent e4bd383 commit 492d8a6
Show file tree
Hide file tree
Showing 3 changed files with 118 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ test/.dirstamp
test/*.o
test/*.trs
test/selftest
test/ec_genpkey_store_load
test/ec_genpkey_x509_csr
test/rsa_genpkey_decrypt
tpm2-openssl-*-coverage.info
tpm2-openssl-*-coverage/
NVChip
Expand Down
10 changes: 9 additions & 1 deletion Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -52,17 +52,25 @@ tpm2_la_LIBADD += $(TSS2_RC_LIBS)
endif
tpm2_la_LDFLAGS = -module -avoid-version -no-undefined -export-symbols-regex 'OSSL_provider_init' $(COMMON_LDFLAGS) $(CODE_COVERAGE_LDFLAGS)

check_PROGRAMS = test/selftest test/ec_genpkey_store_load test/rsa_genpkey_decrypt
check_PROGRAMS = test/selftest
test_selftest_SOURCES = test/selftest.c
test_selftest_CFLAGS = $(COMMON_CFLAGS)
test_selftest_LDADD = $(CRYPTO_LIBS)
test_selftest_LDFLAGS = $(COMMON_LDFLAGS)

check_PROGRAMS += test/ec_genpkey_store_load
test_ec_genpkey_store_load_SOURCES = test/ec_genpkey_store_load.c
test_ec_genpkey_store_load_CFLAGS = $(COMMON_CFLAGS)
test_ec_genpkey_store_load_LDADD = $(CRYPTO_LIBS)
test_ec_genpkey_store_load_LDFLAGS = $(COMMON_LDFLAGS)

check_PROGRAMS += test/ec_genpkey_x509_csr
test_ec_genpkey_x509_csr_SOURCES = test/ec_genpkey_x509_csr.c
test_ec_genpkey_x509_csr_CFLAGS = $(COMMON_CFLAGS)
test_ec_genpkey_x509_csr_LDADD = $(CRYPTO_LIBS)
test_ec_genpkey_x509_csr_LDFLAGS = $(COMMON_LDFLAGS)

check_PROGRAMS += test/rsa_genpkey_decrypt
test_rsa_genpkey_decrypt_SOURCES = test/rsa_genpkey_decrypt.c
test_rsa_genpkey_decrypt_CFLAGS = $(COMMON_CFLAGS)
test_rsa_genpkey_decrypt_LDADD = $(CRYPTO_LIBS)
Expand Down
106 changes: 106 additions & 0 deletions test/ec_genpkey_x509_csr.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
/* SPDX-License-Identifier: BSD-3-Clause */

#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/provider.h>
#include <openssl/x509v3.h>

#define TEST_PASSWORD "secret"
#define TEST_CSR_FILENAME "ec_genpkey_x509_csr.pem"

int generate_csr(const char *password, const char *filename)
{
OSSL_PARAM params[3];
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
X509_REQ *x509 = NULL;
X509_NAME *name;
STACK_OF(X509_EXTENSION) *exts = NULL;
X509_EXTENSION *ex;
FILE *csr_file = NULL;
int ret = 1;

// generate new private key
if (!(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", "provider=tpm2")))
goto error1;

params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, "P-256", 0);
params[1] = OSSL_PARAM_construct_utf8_string("user-auth", (char *)password, 0);
params[2] = OSSL_PARAM_construct_end();

if (EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_params(pctx, params) <= 0
|| EVP_PKEY_generate(pctx, &pkey) <= 0)
goto error1;

// prepare a certificate signing request
if (!(x509 = X509_REQ_new())
|| X509_REQ_set_version(x509, X509_REQ_VERSION_1) != 1
|| X509_REQ_set_pubkey(x509, pkey) != 1)
goto error1;

name = X509_REQ_get_subject_name(x509);
if (!X509_NAME_add_entry_by_NID(name, NID_countryName, MBSTRING_ASC, (unsigned char *)"CZ", -1, -1, 0)
|| !X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, "www.example.com", -1, -1, 0))
goto error1;

// set requested extensions
if (!(exts = sk_X509_EXTENSION_new_null()))
goto error1;

if (!(ex = X509V3_EXT_nconf_nid(NULL, NULL, NID_basic_constraints, "CA:FALSE"))
|| !sk_X509_EXTENSION_push(exts, ex))
goto error1;
if (!(ex = X509V3_EXT_nconf_nid(NULL, NULL, NID_key_usage, "nonRepudiation,digitalSignature,keyEncipherment"))
|| !sk_X509_EXTENSION_push(exts, ex))
goto error1;

if (X509_REQ_add_extensions(x509, exts) != 1)
goto error1;

// sign the request
if (X509_REQ_sign(x509, pkey, EVP_sha256()) <= 0
|| X509_REQ_check_private_key(x509, pkey) != 1)
goto error1;

// save the result
if (!(csr_file = fopen(filename, "w")))
goto error1;
if (PEM_write_X509_REQ(csr_file, x509) != 1)
goto error2;

ret = 0;
error2:
fclose(csr_file);
error1:
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
X509_REQ_free(x509);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}

int main()
{
OSSL_PROVIDER *defprov = NULL, *tpm2prov = NULL;
int ret = 1;

if ((defprov = OSSL_PROVIDER_load(NULL, "default")) == NULL)
goto error;

if ((tpm2prov = OSSL_PROVIDER_load(NULL, "tpm2")) == NULL)
goto error;

if (generate_csr(TEST_PASSWORD, TEST_CSR_FILENAME))
goto error;

ret = 0;
error:
ERR_print_errors_fp(stderr);

remove(TEST_CSR_FILENAME);
OSSL_PROVIDER_unload(tpm2prov);
OSSL_PROVIDER_unload(defprov);
return ret;
}

0 comments on commit 492d8a6

Please sign in to comment.