LXR qemu/tests/crypto-tls-x509-helpers.h

   1/*
   2 * Copyright (C) 2015 Red Hat, Inc.
   3 *
   4 * This library is free software; you can redistribute it and/or
   5 * modify it under the terms of the GNU Lesser General Public
   6 * License as published by the Free Software Foundation; either
   7 * version 2.1 of the License, or (at your option) any later version.
   8 *
   9 * This library is distributed in the hope that it will be useful,
  10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12 * Lesser General Public License for more details.
  13 *
  14 * You should have received a copy of the GNU Lesser General Public
  15 * License along with this library.  If not, see
  16 * <http://www.gnu.org/licenses/>.
  17 *
  18 * Author: Daniel P. Berrange <berrange@redhat.com>
  19 */
  20
  21#include <gnutls/gnutls.h>
  22#include <gnutls/x509.h>
  23
  24#if !(defined WIN32) && \
  25    defined(CONFIG_TASN1)
  26# define QCRYPTO_HAVE_TLS_TEST_SUPPORT
  27#endif
  28
  29#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
  30# include <libtasn1.h>
  31
  32# include "qemu-common.h"
  33
  34/*
  35 * This contains parameter about how to generate
  36 * certificates.
  37 */
  38typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
  39struct QCryptoTLSTestCertReq {
  40    gnutls_x509_crt_t crt;
  41
  42    const char *filename;
  43
  44    /* Identifying information */
  45    const char *country;
  46    const char *cn;
  47    const char *altname1;
  48    const char *altname2;
  49    const char *ipaddr1;
  50    const char *ipaddr2;
  51
  52    /* Basic constraints */
  53    bool basicConstraintsEnable;
  54    bool basicConstraintsCritical;
  55    bool basicConstraintsIsCA;
  56
  57    /* Key usage */
  58    bool keyUsageEnable;
  59    bool keyUsageCritical;
  60    int keyUsageValue;
  61
  62    /* Key purpose (aka Extended key usage) */
  63    bool keyPurposeEnable;
  64    bool keyPurposeCritical;
  65    const char *keyPurposeOID1;
  66    const char *keyPurposeOID2;
  67
  68    /* zero for current time, or non-zero for hours from now */
  69    int start_offset;
  70    /* zero for 24 hours from now, or non-zero for hours from now */
  71    int expire_offset;
  72};
  73
  74void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
  75                            gnutls_x509_crt_t ca);
  76void test_tls_write_cert_chain(const char *filename,
  77                               gnutls_x509_crt_t *certs,
  78                               size_t ncerts);
  79void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
  80
  81void test_tls_init(const char *keyfile);
  82void test_tls_cleanup(const char *keyfile);
  83
  84# define TLS_CERT_REQ(varname, cavarname,                               \
  85                      country, commonname,                              \
  86                      altname1, altname2,                               \
  87                      ipaddr1, ipaddr2,                                 \
  88                      basicconsenable, basicconscritical, basicconsca,  \
  89                      keyusageenable, keyusagecritical, keyusagevalue,  \
  90                      keypurposeenable, keypurposecritical,             \
  91                      keypurposeoid1, keypurposeoid2,                   \
  92                      startoffset, endoffset)                           \
  93    static QCryptoTLSTestCertReq varname = {                            \
  94        NULL, WORKDIR #varname "-ctx.pem",                              \
  95        country, commonname, altname1, altname2,                        \
  96        ipaddr1, ipaddr2,                                               \
  97        basicconsenable, basicconscritical, basicconsca,                \
  98        keyusageenable, keyusagecritical, keyusagevalue,                \
  99        keypurposeenable, keypurposecritical,                           \
 100        keypurposeoid1, keypurposeoid2,                                 \
 101        startoffset, endoffset                                          \
 102    };                                                                  \
 103    test_tls_generate_cert(&varname, cavarname.crt)
 104
 105# define TLS_ROOT_REQ(varname,                                          \
 106                      country, commonname,                              \
 107                      altname1, altname2,                               \
 108                      ipaddr1, ipaddr2,                                 \
 109                      basicconsenable, basicconscritical, basicconsca,  \
 110                      keyusageenable, keyusagecritical, keyusagevalue,  \
 111                      keypurposeenable, keypurposecritical,             \
 112                      keypurposeoid1, keypurposeoid2,                   \
 113                      startoffset, endoffset)                           \
 114    static QCryptoTLSTestCertReq varname = {                            \
 115        NULL, WORKDIR #varname "-ctx.pem",                              \
 116        country, commonname, altname1, altname2,                        \
 117        ipaddr1, ipaddr2,                                               \
 118        basicconsenable, basicconscritical, basicconsca,                \
 119        keyusageenable, keyusagecritical, keyusagevalue,                \
 120        keypurposeenable, keypurposecritical,                           \
 121        keypurposeoid1, keypurposeoid2,                                 \
 122        startoffset, endoffset                                          \
 123    };                                                                  \
 124    test_tls_generate_cert(&varname, NULL)
 125
 126extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
 127
 128#endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */
 129