1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <gnutls/gnutls.h>
22#include <gnutls/x509.h>
23
24#if !(defined WIN32) && \
25 defined(CONFIG_TASN1)
26# define QCRYPTO_HAVE_TLS_TEST_SUPPORT
27#endif
28
29#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
30# include <libtasn1.h>
31
32# include "qemu-common.h"
33
34
35
36
37
38typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
39struct QCryptoTLSTestCertReq {
40 gnutls_x509_crt_t crt;
41
42 const char *filename;
43
44
45 const char *country;
46 const char *cn;
47 const char *altname1;
48 const char *altname2;
49 const char *ipaddr1;
50 const char *ipaddr2;
51
52
53 bool basicConstraintsEnable;
54 bool basicConstraintsCritical;
55 bool basicConstraintsIsCA;
56
57
58 bool keyUsageEnable;
59 bool keyUsageCritical;
60 int keyUsageValue;
61
62
63 bool keyPurposeEnable;
64 bool keyPurposeCritical;
65 const char *keyPurposeOID1;
66 const char *keyPurposeOID2;
67
68
69 int start_offset;
70
71 int expire_offset;
72};
73
74void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
75 gnutls_x509_crt_t ca);
76void test_tls_write_cert_chain(const char *filename,
77 gnutls_x509_crt_t *certs,
78 size_t ncerts);
79void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
80
81void test_tls_init(const char *keyfile);
82void test_tls_cleanup(const char *keyfile);
83
84# define TLS_CERT_REQ(varname, cavarname, \
85 country, commonname, \
86 altname1, altname2, \
87 ipaddr1, ipaddr2, \
88 basicconsenable, basicconscritical, basicconsca, \
89 keyusageenable, keyusagecritical, keyusagevalue, \
90 keypurposeenable, keypurposecritical, \
91 keypurposeoid1, keypurposeoid2, \
92 startoffset, endoffset) \
93 static QCryptoTLSTestCertReq varname = { \
94 NULL, WORKDIR #varname "-ctx.pem", \
95 country, commonname, altname1, altname2, \
96 ipaddr1, ipaddr2, \
97 basicconsenable, basicconscritical, basicconsca, \
98 keyusageenable, keyusagecritical, keyusagevalue, \
99 keypurposeenable, keypurposecritical, \
100 keypurposeoid1, keypurposeoid2, \
101 startoffset, endoffset \
102 }; \
103 test_tls_generate_cert(&varname, cavarname.crt)
104
105# define TLS_ROOT_REQ(varname, \
106 country, commonname, \
107 altname1, altname2, \
108 ipaddr1, ipaddr2, \
109 basicconsenable, basicconscritical, basicconsca, \
110 keyusageenable, keyusagecritical, keyusagevalue, \
111 keypurposeenable, keypurposecritical, \
112 keypurposeoid1, keypurposeoid2, \
113 startoffset, endoffset) \
114 static QCryptoTLSTestCertReq varname = { \
115 NULL, WORKDIR #varname "-ctx.pem", \
116 country, commonname, altname1, altname2, \
117 ipaddr1, ipaddr2, \
118 basicconsenable, basicconscritical, basicconsca, \
119 keyusageenable, keyusagecritical, keyusagevalue, \
120 keypurposeenable, keypurposecritical, \
121 keypurposeoid1, keypurposeoid2, \
122 startoffset, endoffset \
123 }; \
124 test_tls_generate_cert(&varname, NULL)
125
126extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
127
128#endif
129