[qemu.git] / tests / crypto-tls-x509-helpers.h

/*
 * Copyright (C) 2015 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
 *
 * Author: Daniel P. Berrange <[email protected]>
 */

#ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H
#define TESTS_CRYPTO_TLS_X509_HELPERS_H

#include <gnutls/gnutls.h>
#include <gnutls/x509.h>

#if !(defined WIN32) && \
    defined(CONFIG_TASN1)
# define QCRYPTO_HAVE_TLS_TEST_SUPPORT
#endif

#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
# include <libtasn1.h>


/*
 * This contains parameter about how to generate
 * certificates.
 */
typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
struct QCryptoTLSTestCertReq {
    gnutls_x509_crt_t crt;

    const char *filename;

    /* Identifying information */
    const char *country;
    const char *cn;
    const char *altname1;
    const char *altname2;
    const char *ipaddr1;
    const char *ipaddr2;

    /* Basic constraints */
    bool basicConstraintsEnable;
    bool basicConstraintsCritical;
    bool basicConstraintsIsCA;

    /* Key usage */
    bool keyUsageEnable;
    bool keyUsageCritical;
    int keyUsageValue;

    /* Key purpose (aka Extended key usage) */
    bool keyPurposeEnable;
    bool keyPurposeCritical;
    const char *keyPurposeOID1;
    const char *keyPurposeOID2;

    /* zero for current time, or non-zero for hours from now */
    int start_offset;
    /* zero for 24 hours from now, or non-zero for hours from now */
    int expire_offset;
};

void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
                            gnutls_x509_crt_t ca);
void test_tls_write_cert_chain(const char *filename,
                               gnutls_x509_crt_t *certs,
                               size_t ncerts);
void test_tls_discard_cert(QCryptoTLSTestCertReq *req);

void test_tls_init(const char *keyfile);
void test_tls_cleanup(const char *keyfile);

# define TLS_CERT_REQ(varname, cavarname,                               \
                      country, commonname,                              \
                      altname1, altname2,                               \
                      ipaddr1, ipaddr2,                                 \
                      basicconsenable, basicconscritical, basicconsca,  \
                      keyusageenable, keyusagecritical, keyusagevalue,  \
                      keypurposeenable, keypurposecritical,             \
                      keypurposeoid1, keypurposeoid2,                   \
                      startoffset, endoffset)                           \
    static QCryptoTLSTestCertReq varname = {                            \
        NULL, WORKDIR #varname "-ctx.pem",                              \
        country, commonname, altname1, altname2,                        \
        ipaddr1, ipaddr2,                                               \
        basicconsenable, basicconscritical, basicconsca,                \
        keyusageenable, keyusagecritical, keyusagevalue,                \
        keypurposeenable, keypurposecritical,                           \
        keypurposeoid1, keypurposeoid2,                                 \
        startoffset, endoffset                                          \
    };                                                                  \
    test_tls_generate_cert(&varname, cavarname.crt)

# define TLS_ROOT_REQ(varname,                                          \
                      country, commonname,                              \
                      altname1, altname2,                               \
                      ipaddr1, ipaddr2,                                 \
                      basicconsenable, basicconscritical, basicconsca,  \
                      keyusageenable, keyusagecritical, keyusagevalue,  \
                      keypurposeenable, keypurposecritical,             \
                      keypurposeoid1, keypurposeoid2,                   \
                      startoffset, endoffset)                           \
    static QCryptoTLSTestCertReq varname = {                            \
        NULL, WORKDIR #varname "-ctx.pem",                              \
        country, commonname, altname1, altname2,                        \
        ipaddr1, ipaddr2,                                               \
        basicconsenable, basicconscritical, basicconsca,                \
        keyusageenable, keyusagecritical, keyusagevalue,                \
        keypurposeenable, keypurposecritical,                           \
        keypurposeoid1, keypurposeoid2,                                 \
        startoffset, endoffset                                          \
    };                                                                  \
    test_tls_generate_cert(&varname, NULL)

extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];

#endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */

#endif
Commit	Line	Data
9a2fd434 DB	1	/*
	2	* Copyright (C) 2015 Red Hat, Inc.
	3	*
	4	* This library is free software; you can redistribute it and/or
	5	* modify it under the terms of the GNU Lesser General Public
	6	* License as published by the Free Software Foundation; either
	7	* version 2.1 of the License, or (at your option) any later version.
	8	*
	9	* This library is distributed in the hope that it will be useful,
	10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	12	* Lesser General Public License for more details.
	13	*
	14	* You should have received a copy of the GNU Lesser General Public
	15	* License along with this library. If not, see
	16	* <http://www.gnu.org/licenses/>.
	17	*
	18	* Author: Daniel P. Berrange <[email protected]>
	19	*/
	20
f91005e1 MA	21	#ifndef TESTS_CRYPTO_TLS_X509_HELPERS_H
	22	#define TESTS_CRYPTO_TLS_X509_HELPERS_H
	23
9a2fd434 DB	24	#include <gnutls/gnutls.h>
	25	#include <gnutls/x509.h>
	26
9a2fd434	27	#if !(defined WIN32) && \
a0722409	28	defined(CONFIG_TASN1)
9a2fd434 DB	29	# define QCRYPTO_HAVE_TLS_TEST_SUPPORT
	30	#endif
	31
	32	#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
	33	# include <libtasn1.h>
	34
9a2fd434 DB	35
	36	/*
	37	* This contains parameter about how to generate
	38	* certificates.
	39	*/
	40	typedef struct QCryptoTLSTestCertReq QCryptoTLSTestCertReq;
	41	struct QCryptoTLSTestCertReq {
	42	gnutls_x509_crt_t crt;
	43
	44	const char *filename;
	45
	46	/* Identifying information */
	47	const char *country;
	48	const char *cn;
	49	const char *altname1;
	50	const char *altname2;
	51	const char *ipaddr1;
	52	const char *ipaddr2;
	53
	54	/* Basic constraints */
	55	bool basicConstraintsEnable;
	56	bool basicConstraintsCritical;
	57	bool basicConstraintsIsCA;
	58
	59	/* Key usage */
	60	bool keyUsageEnable;
	61	bool keyUsageCritical;
	62	int keyUsageValue;
	63
	64	/* Key purpose (aka Extended key usage) */
	65	bool keyPurposeEnable;
	66	bool keyPurposeCritical;
	67	const char *keyPurposeOID1;
	68	const char *keyPurposeOID2;
	69
	70	/* zero for current time, or non-zero for hours from now */
	71	int start_offset;
	72	/* zero for 24 hours from now, or non-zero for hours from now */
	73	int expire_offset;
	74	};
	75
	76	void test_tls_generate_cert(QCryptoTLSTestCertReq *req,
	77	gnutls_x509_crt_t ca);
	78	void test_tls_write_cert_chain(const char *filename,
	79	gnutls_x509_crt_t *certs,
	80	size_t ncerts);
	81	void test_tls_discard_cert(QCryptoTLSTestCertReq *req);
	82
	83	void test_tls_init(const char *keyfile);
	84	void test_tls_cleanup(const char *keyfile);
	85
	86	# define TLS_CERT_REQ(varname, cavarname, \
	87	country, commonname, \
	88	altname1, altname2, \
	89	ipaddr1, ipaddr2, \
	90	basicconsenable, basicconscritical, basicconsca, \
	91	keyusageenable, keyusagecritical, keyusagevalue, \
	92	keypurposeenable, keypurposecritical, \
	93	keypurposeoid1, keypurposeoid2, \
	94	startoffset, endoffset) \
	95	static QCryptoTLSTestCertReq varname = { \
	96	NULL, WORKDIR #varname "-ctx.pem", \
	97	country, commonname, altname1, altname2, \
	98	ipaddr1, ipaddr2, \
99	basicconsenable, basicconscritical, basicconsca, \
100	keyusageenable, keyusagecritical, keyusagevalue, \
101	keypurposeenable, keypurposecritical, \
102	keypurposeoid1, keypurposeoid2, \
103	startoffset, endoffset \
104	}; \
105	test_tls_generate_cert(&varname, cavarname.crt)
106
107	# define TLS_ROOT_REQ(varname, \
108	country, commonname, \
109	altname1, altname2, \
110	ipaddr1, ipaddr2, \
111	basicconsenable, basicconscritical, basicconsca, \
112	keyusageenable, keyusagecritical, keyusagevalue, \
113	keypurposeenable, keypurposecritical, \
114	keypurposeoid1, keypurposeoid2, \
115	startoffset, endoffset) \
116	static QCryptoTLSTestCertReq varname = { \
117	NULL, WORKDIR #varname "-ctx.pem", \
118	country, commonname, altname1, altname2, \
119	ipaddr1, ipaddr2, \
120	basicconsenable, basicconscritical, basicconsca, \
121	keyusageenable, keyusagecritical, keyusagevalue, \
122	keypurposeenable, keypurposecritical, \
123	keypurposeoid1, keypurposeoid2, \
124	startoffset, endoffset \
125	}; \
126	test_tls_generate_cert(&varname, NULL)
127
128	extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
129
130	#endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */
f91005e1 MA	131
f91005e1 MA	132	#endif