Merge branch 'unit-tests-ecdsa'
authorMartin Willi <martin@revosec.ch>
Fri, 21 Jun 2013 08:39:16 +0000 (10:39 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 21 Jun 2013 08:53:23 +0000 (10:53 +0200)
Adds support for testing plugin functionality to test-runner. Introduces some
good/bad tests for ECDSA/RSA which would have caught those RSA/ECDSA signature
vulnerabilities.

17 files changed:
Makefile.am
src/libcharon/plugins/unit_tester/Makefile.am
src/libcharon/plugins/unit_tester/tests.h
src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c [deleted file]
src/libstrongswan/crypto/crypto_factory.c
src/libstrongswan/crypto/crypto_factory.h
src/libstrongswan/plugins/plugin_loader.c
src/libstrongswan/plugins/plugin_loader.h
src/libstrongswan/tests/Makefile.am
src/libstrongswan/tests/test_chunk.c
src/libstrongswan/tests/test_ecdsa.c [new file with mode: 0644]
src/libstrongswan/tests/test_rsa.c [new file with mode: 0644]
src/libstrongswan/tests/test_runner.c
src/libstrongswan/tests/test_runner.h
src/libstrongswan/tests/test_utils.c
src/libstrongswan/tests/test_vectors.c [new file with mode: 0644]
src/libstrongswan/utils/leak_detective.c

index d9bae5f..3a905f2 100644 (file)
@@ -39,7 +39,7 @@ apidoc :      Doxyfile
 
 cov-reset-common:
                @rm -rf $(top_builddir)/coverage
-               @find $(top_builddir) -name "*.gcda" -delete
+               @find $(top_builddir)/{src,scripts} -name "*.gcda" -delete
 
 if COVERAGE
 cov-reset: cov-reset-common
@@ -67,7 +67,7 @@ coverage:
 endif
 
 clean-local: cov-reset-common
-               @find $(top_builddir) -name "*.gcno" -delete
+               @find $(top_builddir)/{src,scripts} -name "*.gcno" -delete
                @rm -rf apidoc
 
 .PHONY: cov-reset-common cov-reset cov-report coverage
\ No newline at end of file
index 84628b5..919c9bc 100644 (file)
@@ -16,7 +16,6 @@ libstrongswan_unit_tester_la_SOURCES = \
        tests/test_curl.c \
        tests/test_mysql.c \
        tests/test_sqlite.c \
-       tests/test_rsa_gen.c \
        tests/test_cert.c \
        tests/test_med_db.c \
        tests/test_pool.c \
index bcb82c3..9466f10 100644 (file)
@@ -22,7 +22,6 @@ DEFINE_TEST("auth cfg", test_auth_cfg, FALSE)
 DEFINE_TEST("CURL get", test_curl_get, FALSE)
 DEFINE_TEST("MySQL operations", test_mysql, FALSE)
 DEFINE_TEST("SQLite operations", test_sqlite, FALSE)
-DEFINE_TEST("RSA key generation", test_rsa_gen, FALSE)
 DEFINE_TEST("RSA subjectPublicKeyInfo loading", test_rsa_load_any, FALSE)
 DEFINE_TEST("X509 certificate", test_cert_x509, FALSE)
 DEFINE_TEST("Mediation database key fetch", test_med_db, FALSE)
diff --git a/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
deleted file mode 100644 (file)
index 6ba5769..0000000
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <library.h>
-#include <daemon.h>
-
-/*******************************************************************************
- * RSA key generation and signature
- ******************************************************************************/
-bool test_rsa_gen()
-{
-       chunk_t data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08);
-       chunk_t sig, crypt, plain;
-       private_key_t *private;
-       public_key_t *public;
-       u_int key_size;
-
-       for (key_size = 512; key_size <= 2048; key_size *= 2)
-       {
-               private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
-                                                                        BUILD_KEY_SIZE, key_size, BUILD_END);
-               if (!private)
-               {
-                       DBG1(DBG_CFG, "generating %d bit RSA key failed");
-                       return FALSE;
-               }
-               public = private->get_public_key(private);
-               if (!public)
-               {
-                       DBG1(DBG_CFG, "generating public from private key failed");
-                       return FALSE;
-               }
-               if (!private->sign(private, SIGN_RSA_EMSA_PKCS1_SHA1, data, &sig))
-               {
-                       DBG1(DBG_CFG, "creating RSA signature failed");
-                       return FALSE;
-               }
-               if (!public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, data, sig))
-               {
-                       DBG1(DBG_CFG, "verifying RSA signature failed");
-                       return FALSE;
-               }
-               sig.ptr[sig.len-1]++;
-               if (public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, data, sig))
-               {
-                       DBG1(DBG_CFG, "verifying faked RSA signature succeeded!");
-                       return FALSE;
-               }
-               free(sig.ptr);
-               if (!public->encrypt(public, ENCRYPT_RSA_PKCS1, data, &crypt))
-               {
-                       DBG1(DBG_CFG, "encrypting data with RSA failed");
-                       return FALSE;
-               }
-               if (!private->decrypt(private, ENCRYPT_RSA_PKCS1, crypt, &plain))
-               {
-                       DBG1(DBG_CFG, "decrypting data with RSA failed");
-                       return FALSE;
-               }
-               if (!chunk_equals(data, plain))
-               {
-                       DBG1(DBG_CFG, "decrpyted data invalid, expected %B, got %B", &
-                                data, &plain);
-                       return FALSE;
-               }
-               chunk_clear(&crypt);
-               chunk_clear(&plain);
-               public->destroy(public);
-               private->destroy(private);
-       }
-       return TRUE;
-}
-
-bool test_rsa_load_any()
-{
-       chunk_t chunk = chunk_from_chars(
-               0x30,0x82,0x01,0x20,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
-               0x01,0x05,0x00,0x03,0x82,0x01,0x0d,0x00,0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01,
-               0x00,0xc6,0x68,0x99,0x1d,0xc8,0x06,0xdb,0xcf,0x1c,0x66,0xbb,0x91,0xc3,0xd4,0x10,
-               0xb2,0x08,0xa9,0xc5,0x71,0x39,0x1c,0xbe,0x5b,0x1d,0xce,0xfd,0x1b,0xfa,0xec,0x04,
-               0x89,0x9f,0x79,0xc8,0x46,0x00,0xd2,0x71,0xfb,0x22,0x16,0x52,0x2f,0xda,0xbf,0x0f,
-               0xe7,0x16,0xb1,0xd7,0x6a,0xa5,0xa5,0xfc,0xee,0xff,0x84,0x4c,0x81,0x3f,0xab,0x84,
-               0x0e,0xed,0x4a,0x26,0x59,0xd0,0x9b,0xb5,0xe1,0xec,0x61,0xc4,0xd3,0x15,0x4c,0x29,
-               0x51,0xa0,0xde,0x33,0x07,0x58,0x6c,0x36,0x1b,0x18,0x61,0xd9,0x56,0x18,0x39,0x54,
-               0x8b,0xd2,0xea,0x4e,0x87,0x28,0x58,0xb9,0x88,0x3d,0x30,0xbc,0xfc,0x6d,0xad,0xab,
-               0x43,0x26,0x09,0x48,0x4e,0x6e,0x8a,0x8b,0x88,0xb3,0xf0,0x29,0x25,0x79,0xb6,0xb6,
-               0x71,0x3c,0x93,0x59,0xd2,0x36,0x94,0xd5,0xfc,0xf3,0x62,0x2b,0x69,0xa3,0x7a,0x47,
-               0x4e,0x53,0xa2,0x35,0x1b,0x26,0x89,0xaa,0x09,0xfd,0x56,0xd7,0x75,0x2a,0xd4,0x91,
-               0xc0,0xf2,0x78,0xd7,0x05,0xca,0x12,0x1d,0xd9,0xd4,0x81,0x23,0xb2,0x3c,0x38,0xd9,
-               0xb4,0xdc,0x21,0xe0,0xe5,0x2d,0xd4,0xbe,0x61,0x39,0x8a,0x46,0x90,0x46,0x73,0x31,
-               0xba,0x48,0xbb,0x51,0xbb,0x91,0xd5,0x62,0xad,0xd1,0x53,0x5b,0x85,0xc9,0x1d,0xa7,
-               0xf6,0xa0,0xe1,0x0e,0x6c,0x22,0x5d,0x29,0x9a,0xe7,0x0f,0xe8,0x0a,0x50,0xa7,0x19,
-               0x11,0xc2,0x8b,0xe0,0x8a,0xfd,0x2b,0x94,0x31,0x7a,0x78,0x9c,0x9b,0x75,0x63,0x49,
-               0xa9,0xe5,0x58,0xe6,0x3a,0x99,0xcb,0x2b,0xdd,0x0e,0xdc,0x7d,0x1b,0x98,0x80,0xc3,
-               0x9f,0x02,0x01,0x23);
-       public_key_t *public;
-
-       public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
-                                                               BUILD_BLOB_ASN1_DER, chunk,
-                                                               BUILD_END);
-       if (!public || public->get_keysize(public) != 2048)
-       {
-               return FALSE;
-       }
-       public->destroy(public);
-       return TRUE;
-}
-
index 5a363e9..b891980 100644 (file)
@@ -129,6 +129,11 @@ struct private_crypto_factory_t {
        bool bench;
 
        /**
+        * Number of failed test vectors during "add".
+        */
+       u_int test_failures;
+
+       /**
         * rwlock to lock access to modules
         */
        rwlock_t *lock;
@@ -435,8 +440,8 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_crypter, void,
-       private_crypto_factory_t *this, encryption_algorithm_t algo,
+METHOD(crypto_factory_t, add_crypter, bool,
+       private_crypto_factory_t *this, encryption_algorithm_t algo,
        const char *plugin_name, crypter_constructor_t create)
 {
        u_int speed = 0;
@@ -446,7 +451,10 @@ METHOD(crypto_factory_t, add_crypter, void,
                                                                   this->bench ? &speed : NULL, plugin_name))
        {
                add_entry(this, this->crypters, algo, plugin_name, speed, create);
+               return TRUE;
        }
+       this->test_failures++;
+       return FALSE;
 }
 
 METHOD(crypto_factory_t, remove_crypter, void,
@@ -469,8 +477,8 @@ METHOD(crypto_factory_t, remove_crypter, void,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_aead, void,
-       private_crypto_factory_t *this, encryption_algorithm_t algo,
+METHOD(crypto_factory_t, add_aead, bool,
+       private_crypto_factory_t *this, encryption_algorithm_t algo,
        const char *plugin_name, aead_constructor_t create)
 {
        u_int speed = 0;
@@ -480,7 +488,10 @@ METHOD(crypto_factory_t, add_aead, void,
                                                                this->bench ? &speed : NULL, plugin_name))
        {
                add_entry(this, this->aeads, algo, plugin_name, speed, create);
+               return TRUE;
        }
+       this->test_failures++;
+       return FALSE;
 }
 
 METHOD(crypto_factory_t, remove_aead, void,
@@ -503,8 +514,8 @@ METHOD(crypto_factory_t, remove_aead, void,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_signer, void,
-       private_crypto_factory_t *this, integrity_algorithm_t algo,
+METHOD(crypto_factory_t, add_signer, bool,
+       private_crypto_factory_t *this, integrity_algorithm_t algo,
        const char *plugin_name, signer_constructor_t create)
 {
        u_int speed = 0;
@@ -514,7 +525,10 @@ METHOD(crypto_factory_t, add_signer, void,
                                                                  this->bench ? &speed : NULL, plugin_name))
        {
                add_entry(this, this->signers, algo, plugin_name, speed, create);
+               return TRUE;
        }
+       this->test_failures++;
+       return FALSE;
 }
 
 METHOD(crypto_factory_t, remove_signer, void,
@@ -537,8 +551,8 @@ METHOD(crypto_factory_t, remove_signer, void,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_hasher, void,
-       private_crypto_factory_t *this, hash_algorithm_t algo,
+METHOD(crypto_factory_t, add_hasher, bool,
+       private_crypto_factory_t *this, hash_algorithm_t algo,
        const char *plugin_name, hasher_constructor_t create)
 {
        u_int speed = 0;
@@ -548,7 +562,10 @@ METHOD(crypto_factory_t, add_hasher, void,
                                                                  this->bench ? &speed : NULL, plugin_name))
        {
                add_entry(this, this->hashers, algo, plugin_name, speed, create);
+               return TRUE;
        }
+       this->test_failures++;
+       return FALSE;
 }
 
 METHOD(crypto_factory_t, remove_hasher, void,
@@ -571,8 +588,8 @@ METHOD(crypto_factory_t, remove_hasher, void,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_prf, void,
-       private_crypto_factory_t *this, pseudo_random_function_t algo,
+METHOD(crypto_factory_t, add_prf, bool,
+       private_crypto_factory_t *this, pseudo_random_function_t algo,
        const char *plugin_name, prf_constructor_t create)
 {
        u_int speed = 0;
@@ -582,7 +599,10 @@ METHOD(crypto_factory_t, add_prf, void,
                                                           this->bench ? &speed : NULL, plugin_name))
        {
                add_entry(this, this->prfs, algo, plugin_name, speed, create);
+               return TRUE;
        }
+       this->test_failures++;
+       return FALSE;
 }
 
 METHOD(crypto_factory_t, remove_prf, void,
@@ -605,7 +625,7 @@ METHOD(crypto_factory_t, remove_prf, void,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_rng, void,
+METHOD(crypto_factory_t, add_rng, bool,
        private_crypto_factory_t *this, rng_quality_t quality,
        const char *plugin_name, rng_constructor_t create)
 {
@@ -616,7 +636,10 @@ METHOD(crypto_factory_t, add_rng, void,
                                                           this->bench ? &speed : NULL, plugin_name))
        {
                add_entry(this, this->rngs, quality, plugin_name, speed, create);
+               return TRUE;
        }
+       this->test_failures++;
+       return FALSE;
 }
 
 METHOD(crypto_factory_t, remove_rng, void,
@@ -639,11 +662,12 @@ METHOD(crypto_factory_t, remove_rng, void,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_nonce_gen, void,
+METHOD(crypto_factory_t, add_nonce_gen, bool,
        private_crypto_factory_t *this, const char *plugin_name,
        nonce_gen_constructor_t create)
 {
        add_entry(this, this->nonce_gens, 0, plugin_name, 0, create);
+       return TRUE;
 }
 
 METHOD(crypto_factory_t, remove_nonce_gen, void,
@@ -666,11 +690,12 @@ METHOD(crypto_factory_t, remove_nonce_gen, void,
        this->lock->unlock(this->lock);
 }
 
-METHOD(crypto_factory_t, add_dh, void,
-       private_crypto_factory_t *this, diffie_hellman_group_t group,
-        const char *plugin_name, dh_constructor_t create)
+METHOD(crypto_factory_t, add_dh, bool,
+       private_crypto_factory_t *this, diffie_hellman_group_t group,
+       const char *plugin_name, dh_constructor_t create)
 {
        add_entry(this, this->dhs, group, plugin_name, 0, create);
+       return TRUE;
 }
 
 METHOD(crypto_factory_t, remove_dh, void,
@@ -875,6 +900,12 @@ METHOD(crypto_factory_t, add_test_vector, void,
        }
 }
 
+METHOD(crypto_factory_t, get_test_vector_failures, u_int,
+       private_crypto_factory_t *this)
+{
+       return this->test_failures;
+}
+
 METHOD(crypto_factory_t, destroy, void,
        private_crypto_factory_t *this)
 {
@@ -933,6 +964,7 @@ crypto_factory_t *crypto_factory_create()
                        .create_rng_enumerator = _create_rng_enumerator,
                        .create_nonce_gen_enumerator = _create_nonce_gen_enumerator,
                        .add_test_vector = _add_test_vector,
+                       .get_test_vector_failures = _get_test_vector_failures,
                        .destroy = _destroy,
                },
                .crypters = linked_list_create(),
@@ -955,4 +987,3 @@ crypto_factory_t *crypto_factory_create()
 
        return &this->public;
 }
-
index 5d23c89..256ecec 100644 (file)
@@ -162,9 +162,9 @@ struct crypto_factory_t {
         * @param algo                  algorithm to constructor
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for that algorithm
-        * @return
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo,
+       bool (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo,
                                                const char *plugin_name, crypter_constructor_t create);
 
        /**
@@ -187,9 +187,9 @@ struct crypto_factory_t {
         * @param algo                  algorithm to constructor
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for that algorithm
-        * @return
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo,
+       bool (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo,
                                         const char *plugin_name, aead_constructor_t create);
 
        /**
@@ -198,9 +198,9 @@ struct crypto_factory_t {
         * @param algo                  algorithm to constructor
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for that algorithm
-        * @return
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo,
+       bool (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo,
                                            const char *plugin_name, signer_constructor_t create);
 
        /**
@@ -219,9 +219,9 @@ struct crypto_factory_t {
         * @param algo                  algorithm to constructor
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for that algorithm
-        * @return
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo,
+       bool (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo,
                                           const char *plugin_name, hasher_constructor_t create);
 
        /**
@@ -237,9 +237,9 @@ struct crypto_factory_t {
         * @param algo                  algorithm to constructor
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for that algorithm
-        * @return
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo,
+       bool (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo,
                                        const char *plugin_name, prf_constructor_t create);
 
        /**
@@ -255,8 +255,9 @@ struct crypto_factory_t {
         * @param quality               quality of randomness this RNG serves
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for such a quality
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_rng)(crypto_factory_t *this, rng_quality_t quality,
+       bool (*add_rng)(crypto_factory_t *this, rng_quality_t quality,
                                        const char *plugin_name, rng_constructor_t create);
 
        /**
@@ -271,8 +272,9 @@ struct crypto_factory_t {
         *
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for that nonce generator
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_nonce_gen)(crypto_factory_t *this, const char *plugin_name,
+       bool (*add_nonce_gen)(crypto_factory_t *this, const char *plugin_name,
                                                  nonce_gen_constructor_t create);
 
        /**
@@ -289,9 +291,9 @@ struct crypto_factory_t {
         * @param group                 dh group to constructor
         * @param plugin_name   plugin that registered this algorithm
         * @param create                constructor function for that algorithm
-        * @return
+        * @return                              TRUE if registered, FALSE if test vector failed
         */
-       void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group,
+       bool (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group,
                                   const char *plugin_name, dh_constructor_t create);
 
        /**
@@ -367,6 +369,16 @@ struct crypto_factory_t {
                                                        void *vector);
 
        /**
+        * Get the number of test vector failures encountered during add.
+        *
+        * This counter gets incremented only if transforms get tested during
+        * registration.
+        *
+        * @return                              number of failed test vectors
+        */
+       u_int (*get_test_vector_failures)(crypto_factory_t *this);
+
+       /**
         * Destroy a crypto_factory instance.
         */
        void (*destroy)(crypto_factory_t *this);
index 0549b37..cd5f93f 100644 (file)
@@ -387,6 +387,35 @@ METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*,
                                                        (void*)plugin_filter, NULL, NULL);
 }
 
+METHOD(plugin_loader_t, has_feature, bool,
+       private_plugin_loader_t *this, plugin_feature_t feature)
+{
+       enumerator_t *plugins, *features;
+       plugin_t *plugin;
+       linked_list_t *list;
+       plugin_feature_t *current;
+       bool found = FALSE;
+
+       plugins = create_plugin_enumerator(this);
+       while (plugins->enumerate(plugins, &plugin, &list))
+       {
+               features = list->create_enumerator(list);
+               while (features->enumerate(features, &current))
+               {
+                       if (plugin_feature_matches(&feature, current))
+                       {
+                               found = TRUE;
+                               break;
+                       }
+               }
+               features->destroy(features);
+               list->destroy(list);
+       }
+       plugins->destroy(plugins);
+
+       return found;
+}
+
 /**
  * Create a list of the names of all loaded plugins
  */
@@ -1085,6 +1114,7 @@ plugin_loader_t *plugin_loader_create()
                        .reload = _reload,
                        .unload = _unload,
                        .create_plugin_enumerator = _create_plugin_enumerator,
+                       .has_feature = _has_feature,
                        .loaded_plugins = _loaded_plugins,
                        .destroy = _destroy,
                },
index 857bb2d..6bb9d6e 100644 (file)
@@ -93,6 +93,14 @@ struct plugin_loader_t {
        enumerator_t* (*create_plugin_enumerator)(plugin_loader_t *this);
 
        /**
+        * Check if the given feature is available and loaded.
+        *
+        * @param feature               feature to check
+        * @return                              TRUE if feature available
+        */
+       bool (*has_feature)(plugin_loader_t *this, struct plugin_feature_t feature);
+
+       /**
         * Get a simple list the names of all loaded plugins.
         *
         * The function returns internal data, do not free.
index 6b4ba2c..ca0a8c1 100644 (file)
@@ -6,14 +6,18 @@ test_runner_SOURCES = \
   test_runner.c test_runner.h test_suite.h \
   test_linked_list.c test_enumerator.c test_linked_list_enumerator.c \
   test_bio_reader.c test_bio_writer.c test_chunk.c test_enum.c test_hashtable.c \
-  test_identification.c test_threading.c test_utils.c
+  test_identification.c test_threading.c test_utils.c test_vectors.c \
+  test_ecdsa.c test_rsa.c
 
 test_runner_CFLAGS = \
   -I$(top_srcdir)/src/libstrongswan \
+  -DPLUGINDIR=\""$(top_builddir)/src/libstrongswan/plugins\"" \
+  -DPLUGINS=\""${s_plugins}\"" \
   @COVERAGE_CFLAGS@ \
   @CHECK_CFLAGS@
 
 test_runner_LDFLAGS = @COVERAGE_LDFLAGS@
 test_runner_LDADD = \
   $(top_builddir)/src/libstrongswan/libstrongswan.la \
+  $(PTHREADLIB) \
   @CHECK_LIBS@
index 5fa1c0b..4f60dab 100644 (file)
@@ -97,6 +97,7 @@ START_TEST(test_chunk_clear)
        chunk_t chunk;
        u_char *ptr;
        int i;
+       bool cleared = TRUE;
 
        chunk = chunk_empty;
        chunk_clear(&chunk);
@@ -109,12 +110,18 @@ START_TEST(test_chunk_clear)
                chunk.ptr[i] = i;
        }
        chunk_clear(&chunk);
-       assert_chunk_empty(chunk);
-       /* check memory area of freed chunk */
+       /* check memory area of freed chunk. We can't use ck_assert() for this
+        * test directly, as it might allocate data at the freed area. */
        for (i = 0; i < 64; i++)
        {
-               ck_assert(ptr[i] == 0 || ptr[i] != i);
+               if (ptr[i] != 0 && ptr[i] == i)
+               {
+                       cleared = FALSE;
+                       break;
+               }
        }
+       assert_chunk_empty(chunk);
+       ck_assert(cleared);
 }
 END_TEST
 
diff --git a/src/libstrongswan/tests/test_ecdsa.c b/src/libstrongswan/tests/test_ecdsa.c
new file mode 100644 (file)
index 0000000..2955bae
--- /dev/null
@@ -0,0 +1,237 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <plugins/plugin_feature.h>
+
+/**
+ * Signature schemes to test
+ */
+static struct {
+       /* key size for scheme, 0 for any */
+       int key_size;
+       signature_scheme_t scheme;
+} schemes[] = {
+       { 0, SIGN_ECDSA_WITH_SHA1_DER },
+       { 0, SIGN_ECDSA_WITH_SHA256_DER },
+       { 0, SIGN_ECDSA_WITH_SHA384_DER },
+       { 0, SIGN_ECDSA_WITH_SHA512_DER },
+       { 0, SIGN_ECDSA_WITH_NULL },
+       { 256, SIGN_ECDSA_256 },
+       { 384, SIGN_ECDSA_384 },
+       { 521, SIGN_ECDSA_521 },
+};
+
+/**
+ * Perform a signature verification "good" test having a keypair
+ */
+static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
+{
+       chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+       int i;
+
+       for (i = 0; i < countof(schemes); i++)
+       {
+               if (!lib->plugins->has_feature(lib->plugins,
+                                               PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i].scheme)) ||
+                       !lib->plugins->has_feature(lib->plugins,
+                                               PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i].scheme)))
+               {
+                       continue;
+               }
+               if (schemes[i].key_size != 0 &&
+                       schemes[i].scheme != privkey->get_keysize(privkey))
+               {
+                       continue;
+               }
+               fail_unless(privkey->sign(privkey, schemes[i].scheme, data, &sig),
+                                       "sign %N", signature_scheme_names, schemes[i].scheme);
+               fail_unless(pubkey->verify(pubkey, schemes[i].scheme, data, sig),
+                                       "verify %N", signature_scheme_names, schemes[i].scheme);
+               free(sig.ptr);
+       }
+}
+
+/**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+       chunk_from_chars(),
+       chunk_from_chars(0x00),
+       chunk_from_chars(0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+       chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+       int s, i;
+
+       for (s = 0; s < countof(schemes); s++)
+       {
+               if (schemes[s].key_size != 0 &&
+                       schemes[s].scheme != pubkey->get_keysize(pubkey))
+               {
+                       continue;
+               }
+               if (!lib->plugins->has_feature(lib->plugins,
+                                               PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s].scheme)))
+               {
+                       continue;
+               }
+               for (i = 0; i < countof(invalid_sigs); i++)
+               {
+                       fail_if(
+                               pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]),
+                               "bad %N sig accepted %B",
+                               signature_scheme_names, schemes[s].scheme,
+                               &invalid_sigs[i]);
+               }
+       }
+}
+
+/**
+ * ECDSA key sizes to test
+ */
+static int key_sizes[] = {
+       256, 384, 521,
+};
+
+START_TEST(test_gen)
+{
+       private_key_t *privkey;
+       public_key_t *pubkey;
+
+       privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+                                                                BUILD_KEY_SIZE, key_sizes[_i], BUILD_END);
+       ck_assert(privkey != NULL);
+       pubkey = privkey->get_public_key(privkey);
+       ck_assert(pubkey != NULL);
+
+       test_good_sig(privkey, pubkey);
+
+       test_bad_sigs(pubkey);
+
+       pubkey->destroy(pubkey);
+       privkey->destroy(privkey);
+}
+END_TEST
+
+/**
+ * Private keys to load
+ */
+static chunk_t keys[] = {
+       chunk_from_chars( /* ECDSA-256 */
+               0x30,0x77,0x02,0x01,0x01,0x04,0x20,0x42,0xc6,0x8c,0xff,0x2b,0x8b,0x87,0xa1,0xfb,
+               0x50,0xf6,0xfe,0xd6,0x88,0xb3,0x0a,0x48,0xb2,0xc5,0x8f,0x50,0xe0,0xcf,0x40,0xfa,
+               0x57,0xd1,0xc6,0x6c,0x20,0x64,0xc5,0xa0,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
+               0x03,0x01,0x07,0xa1,0x44,0x03,0x42,0x00,0x04,0x9c,0xb2,0x52,0xcb,0xc0,0x5c,0xcf,
+               0x97,0xdd,0xd6,0xe7,0x49,0x32,0x47,0x0c,0x8e,0xdb,0x6d,0xbf,0xc8,0x1a,0x0a,0x01,
+               0xe8,0x5e,0x3f,0x8e,0x64,0x33,0xb4,0x15,0xbb,0x1b,0xa5,0xed,0xf9,0x4b,0xa7,0xe8,
+               0x5e,0x6f,0x49,0x24,0xf7,0x32,0xf4,0x9b,0x4c,0x47,0xdc,0xf1,0x28,0x44,0x1c,0x37,
+               0xdb,0xee,0xfb,0xd8,0xbd,0x4e,0x5c,0xeb,0x07),
+       chunk_from_chars( /* ECDSA-384 */
+               0x30,0x81,0xa4,0x02,0x01,0x01,0x04,0x30,0x4b,0xbf,0x6c,0xf5,0x24,0x78,0x53,0x4b,
+               0x1a,0x91,0x23,0xae,0x30,0xc8,0xb3,0xc9,0xc2,0x9b,0x23,0x07,0x10,0x6f,0x1b,0x47,
+               0x7c,0xa0,0xd4,0x79,0x3c,0xc4,0x83,0x10,0xd1,0x44,0x07,0xc2,0x1b,0x66,0xff,0xae,
+               0x76,0x57,0x72,0x90,0x53,0xc2,0xf5,0x29,0xa0,0x07,0x06,0x05,0x2b,0x81,0x04,0x00,
+               0x22,0xa1,0x64,0x03,0x62,0x00,0x04,0x1e,0xcf,0x1c,0x85,0x9d,0x06,0xa0,0x54,0xa2,
+               0x24,0x2f,0xd8,0x63,0x56,0x7b,0x70,0x0b,0x7f,0x81,0x96,0xce,0xb9,0x2e,0x35,0x03,
+               0x9c,0xf9,0x0a,0x5d,0x3b,0x10,0xf7,0x13,0x7a,0x0d,0xca,0x56,0xda,0x1d,0x44,0x84,
+               0x07,0x6f,0x58,0xdc,0x34,0x7b,0x1d,0x4c,0xdd,0x28,0x10,0xc0,0xe2,0xae,0xf4,0xd6,
+               0xda,0xea,0xaf,0xfc,0x7a,0xaf,0x59,0x5f,0xbc,0x91,0x65,0xd3,0x21,0x19,0x61,0xbb,
+               0xfe,0x3c,0xdb,0x47,0xcb,0x7a,0xe7,0x5d,0xbd,0x28,0xde,0x25,0x64,0x9e,0x3a,0xa9,
+               0x18,0xed,0x24,0xe1,0x1f,0x73,0xcc),
+       chunk_from_chars( /* ECDSA-521 */
+               0x30,0x81,0xdc,0x02,0x01,0x01,0x04,0x42,0x01,0xcf,0x38,0xaa,0xa7,0x7a,0x79,0x48,
+               0xa9,0x60,0x55,0x24,0xa8,0x7e,0xe1,0xbc,0x45,0x35,0x16,0xff,0x18,0xce,0x44,0xa2,
+               0x0b,0x72,0x6b,0xca,0x0a,0x40,0xb4,0x97,0x13,0x17,0x90,0x50,0x15,0xb9,0xba,0xfc,
+               0x08,0x0e,0xdb,0xf8,0xfc,0x06,0x35,0x37,0xbf,0xfb,0x25,0x74,0xfe,0x0f,0xe1,0x3c,
+               0x3a,0xf0,0x0d,0xe0,0x52,0x15,0xa8,0x07,0x6f,0x3e,0xa0,0x07,0x06,0x05,0x2b,0x81,
+               0x04,0x00,0x23,0xa1,0x81,0x89,0x03,0x81,0x86,0x00,0x04,0x00,0x56,0x81,0x28,0xd6,
+               0xac,0xe9,0xc8,0x82,0x2c,0xac,0x61,0x6d,0xdd,0x88,0x79,0x00,0xe3,0x7a,0x4d,0x25,
+               0xc4,0xea,0x05,0x80,0x75,0x48,0xbc,0x75,0x73,0xc4,0xe9,0x76,0x68,0xba,0x51,0xc3,
+               0x29,0xce,0x7d,0x1b,0xb0,0x8b,0xac,0xc1,0xcc,0x23,0xa7,0x2d,0xa7,0x2c,0x95,0xf6,
+               0x01,0x40,0x26,0x01,0x1c,0x1c,0x9c,0xe7,0xa7,0xb4,0x0f,0x8e,0xba,0x01,0x07,0xb3,
+               0xf7,0xbe,0x45,0x20,0xa9,0x9e,0x70,0xf0,0xcf,0x9b,0xa0,0x91,0xe3,0x88,0x8f,0x04,
+               0x69,0x3d,0x0f,0x2b,0xf3,0xb4,0x03,0x19,0x89,0xcf,0xfa,0x77,0x04,0x15,0xaf,0xdd,
+               0xf7,0x32,0x76,0x25,0x25,0x05,0x8d,0xfd,0x18,0x8a,0xda,0xd6,0xbc,0x71,0xb8,0x9f,
+               0x39,0xb0,0xaf,0xcc,0x54,0xb0,0x9c,0x4d,0x54,0xfb,0x46,0x53,0x5f,0xf8,0x45),
+};
+
+START_TEST(test_load)
+{
+       private_key_t *privkey;
+       public_key_t *pubkey;
+
+       privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+                                                                BUILD_BLOB_ASN1_DER, keys[_i], BUILD_END);
+       ck_assert(privkey != NULL);
+       pubkey = privkey->get_public_key(privkey);
+       ck_assert(pubkey != NULL);
+
+       test_good_sig(privkey, pubkey);
+
+       test_bad_sigs(pubkey);
+
+       pubkey->destroy(pubkey);
+       privkey->destroy(privkey);
+}
+END_TEST
+
+Suite *ecdsa_suite_create()
+{
+       Suite *s;
+       TCase *tc;
+
+       s = suite_create("ecdsa");
+
+       tc = tcase_create("generate");
+       tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes));
+       suite_add_tcase(s, tc);
+
+       tc = tcase_create("load");
+       tcase_add_loop_test(tc, test_load, 0, countof(keys));
+       suite_add_tcase(s, tc);
+
+       return s;
+}
diff --git a/src/libstrongswan/tests/test_rsa.c b/src/libstrongswan/tests/test_rsa.c
new file mode 100644 (file)
index 0000000..74027a9
--- /dev/null
@@ -0,0 +1,392 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <plugins/plugin_feature.h>
+
+/**
+ * Signature schemes to test
+ */
+static signature_scheme_t schemes[] = {
+       SIGN_RSA_EMSA_PKCS1_NULL,
+       SIGN_RSA_EMSA_PKCS1_MD5,
+       SIGN_RSA_EMSA_PKCS1_SHA1,
+       SIGN_RSA_EMSA_PKCS1_SHA224,
+       SIGN_RSA_EMSA_PKCS1_SHA256,
+       SIGN_RSA_EMSA_PKCS1_SHA384,
+       SIGN_RSA_EMSA_PKCS1_SHA512,
+};
+
+/**
+ * Perform a signature verification "good" test having a keypair
+ */
+static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
+{
+       chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+       int i;
+
+       for (i = 0; i < countof(schemes); i++)
+       {
+               if (!lib->plugins->has_feature(lib->plugins,
+                                               PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i])) ||
+                       !lib->plugins->has_feature(lib->plugins,
+                                               PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i])))
+               {
+                       continue;
+               }
+               fail_unless(privkey->sign(privkey, schemes[i], data, &sig),
+                                       "sign %N", signature_scheme_names, schemes[i]);
+               fail_unless(pubkey->verify(pubkey, schemes[i], data, sig),
+                                       "verify %N", signature_scheme_names, schemes[i]);
+               free(sig.ptr);
+       }
+}
+
+/**
+ * Some special signatures that should never validate successfully
+ */
+static chunk_t invalid_sigs[] = {
+       chunk_from_chars(),
+       chunk_from_chars(0x00),
+       chunk_from_chars(0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+       chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                                        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+};
+
+/**
+ * Check public key that it properly fails against some crafted sigs
+ */
+static void test_bad_sigs(public_key_t *pubkey)
+{
+       chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
+       int s, i;
+
+       for (s = 0; s < countof(schemes); s++)
+       {
+                       if (!lib->plugins->has_feature(lib->plugins,
+                                                       PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s])))
+                       {
+                               continue;
+                       }
+               for (i = 0; i < countof(invalid_sigs); i++)
+               {
+                       fail_if(
+                               pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]),
+                               "bad %N sig accepted %B", signature_scheme_names, schemes[s],
+                               &invalid_sigs[i]);
+               }
+       }
+}
+
+/**
+ * RSA key sizes to test
+ */
+static int key_sizes[] = {
+       786, 1024, 1536, 2048, 3072, 4096,
+};
+
+START_TEST(test_gen)
+{
+       private_key_t *privkey;
+       public_key_t *pubkey;
+
+       privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+                                                                BUILD_KEY_SIZE, key_sizes[_i], BUILD_END);
+       ck_assert(privkey != NULL);
+       pubkey = privkey->get_public_key(privkey);
+       ck_assert(pubkey != NULL);
+
+       test_good_sig(privkey, pubkey);
+
+       test_bad_sigs(pubkey);
+
+       pubkey->destroy(pubkey);
+       privkey->destroy(privkey);
+}
+END_TEST
+
+/**
+ * Private keys to load
+ */
+static chunk_t keys[] = {
+       chunk_from_chars( /* RSA-768 */
+               0x30,0x82,0x01,0xcb,0x02,0x01,0x00,0x02,0x61,0x00,0xd1,0x5d,0x98,0x97,0x95,0x98,
+               0x19,0x87,0x20,0x3f,0x10,0xb0,0x05,0x36,0x1e,0x1b,0xcd,0xc8,0x93,0x66,0xd7,0x43,
+               0xed,0x84,0xb0,0x3e,0x96,0xd3,0xe7,0x27,0x0e,0xc0,0xba,0xdf,0x7e,0x32,0x05,0xd3,
+               0x08,0xd6,0x44,0xd5,0x01,0x2b,0x3e,0x5d,0xc0,0x37,0xae,0x4f,0xe0,0xea,0x8d,0x2c,
+               0x42,0x4c,0xa9,0xa2,0x42,0xbe,0xdd,0xdb,0xf7,0xd3,0x28,0x07,0x10,0x88,0x53,0x15,
+               0xb2,0x4f,0xb5,0x9d,0x47,0x9b,0xd6,0xc8,0xfe,0x5b,0xa2,0xd7,0xe1,0x13,0xca,0x0b,
+               0xce,0x7a,0xed,0xa2,0x3e,0xd5,0x9b,0xb8,0x8b,0x4f,0x02,0x03,0x01,0x00,0x01,0x02,
+               0x60,0x2d,0x83,0x82,0x53,0x99,0xb2,0xaa,0x02,0x05,0x11,0x90,0xa8,0x23,0x49,0xe3,
+               0x7b,0xb9,0xdd,0x9b,0xa5,0xa4,0xb0,0x60,0xa7,0x12,0xc5,0x58,0x76,0x92,0x6e,0x9c,
+               0x37,0x6b,0xa8,0x80,0x3f,0x91,0xa2,0x91,0xee,0x3a,0xa2,0x6f,0x91,0x9e,0x0a,0x35,
+               0x69,0xc0,0xa7,0xdc,0xd8,0x46,0xe4,0x29,0x1c,0x3d,0x34,0x30,0xa2,0xb9,0x0d,0x34,
+               0x94,0xa1,0x12,0xa7,0x85,0xd3,0x2c,0x47,0x1b,0xf0,0x78,0xd5,0x22,0xfc,0xa5,0xe0,
+               0x75,0xac,0x71,0x21,0xe8,0xe8,0x19,0x9f,0xbb,0x98,0x5c,0xa6,0x9d,0x42,0xd7,0x9c,
+               0x89,0x02,0x31,0x00,0xee,0xaa,0x9e,0x82,0xe1,0xb2,0xdd,0x05,0xbc,0x2e,0x53,0xe9,
+               0x64,0x4b,0x48,0x06,0x3a,0xfd,0x9e,0x91,0xce,0x1b,0x7f,0x66,0xbc,0xd2,0xc4,0xab,
+               0xbf,0xc5,0x5d,0x1a,0xbd,0xd6,0xb5,0x9c,0x5c,0x18,0x01,0xe6,0x79,0x19,0xf2,0xc3,
+               0x1d,0x66,0x88,0x2d,0x02,0x31,0x00,0xe0,0x92,0x34,0x1e,0x09,0xf2,0x1b,0xf9,0xbf,
+               0x11,0x65,0x3f,0xc8,0x85,0x5a,0xe6,0xc0,0xcf,0x93,0x44,0xb0,0x50,0xe4,0x8b,0x6f,
+               0x30,0xde,0x42,0x0c,0x8a,0x77,0x0d,0x98,0x7f,0x52,0x59,0x9e,0x87,0xb8,0x6e,0xdc,
+               0xed,0x15,0x80,0xbd,0xbb,0xf2,0xeb,0x02,0x31,0x00,0xb0,0x6b,0x36,0x98,0x90,0xb5,
+               0x62,0x63,0xa6,0xe2,0xa7,0xec,0x51,0xd2,0xc3,0xfe,0xb7,0x04,0x5a,0x7e,0x74,0xd8,
+               0x26,0xa8,0x8e,0xd3,0x4d,0xc5,0x97,0x10,0x10,0xee,0x7f,0x7d,0x82,0xe9,0x7d,0xb9,
+               0xd1,0x4d,0xc8,0x1e,0xc2,0x30,0x30,0x3f,0x66,0x51,0x02,0x31,0x00,0xaa,0x75,0x2f,
+               0x4c,0x11,0xbe,0x8d,0x0f,0x8f,0xc1,0x13,0x7a,0x4b,0xa9,0x35,0x6b,0x6b,0xb4,0xe3,
+               0x92,0xc2,0xc6,0x54,0x03,0xa6,0x5d,0x90,0x86,0xcf,0xe0,0x16,0x27,0xe2,0xb5,0xd9,
+               0xfb,0x1e,0x82,0xe4,0x32,0x7a,0x4d,0x17,0x02,0x46,0x82,0x30,0x0b,0x02,0x30,0x09,
+               0xf3,0xce,0x9b,0x02,0xc5,0x53,0xe9,0xa2,0x89,0xe2,0x3b,0x8c,0x8b,0xe9,0xc2,0xba,
+               0x94,0x76,0x60,0x27,0x2b,0xe9,0x92,0xc1,0x5e,0x3c,0xc3,0x77,0x9b,0xc7,0xce,0xc6,
+               0x67,0xd5,0x20,0x2c,0x54,0xa1,0x5d,0x2a,0x17,0x16,0x66,0xdf,0x5a,0xe9,0x87,
+       ),
+       chunk_from_chars( /* RSA-1024 */
+               0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,0x00,0xc0,0xbd,0x48,0x83,0xbc,
+               0xea,0x0b,0x32,0x06,0x4b,0xf5,0x10,0x54,0x1b,0xba,0x88,0xc4,0x10,0x7e,0x47,0xec,
+               0x0e,0xf9,0xb4,0xcf,0x9a,0x02,0xc6,0xb3,0xaf,0x35,0xc8,0xaf,0x78,0x1a,0xbc,0x37,
+               0x1a,0x25,0x7a,0x37,0x24,0x73,0x53,0x9a,0xf0,0x44,0x64,0x5b,0x6b,0x64,0x4c,0xfa,
+               0x83,0x3a,0x0f,0x77,0x5d,0x7b,0x21,0xa2,0x25,0x00,0x11,0xae,0x72,0x36,0x35,0xd9,
+               0x0d,0xef,0x5a,0xdd,0x98,0x35,0x49,0xaf,0x44,0xa0,0x33,0x29,0xc0,0xca,0xf5,0x6f,
+               0xfe,0xc1,0x06,0x4c,0x80,0x9a,0x54,0xbe,0x46,0x1a,0x96,0xb1,0xf3,0x29,0xb8,0x9d,
+               0x07,0x84,0x03,0x68,0x6b,0x9f,0xbf,0xe5,0xd8,0x14,0x2a,0xe0,0xef,0xbd,0x1a,0x61,
+               0x0d,0x3a,0xc8,0x67,0xcd,0x99,0x90,0xe3,0xe6,0x52,0x83,0x02,0x03,0x01,0x00,0x01,
+               0x02,0x81,0x80,0x13,0xd2,0xa3,0xe5,0xa0,0xb0,0x0a,0xe2,0x0f,0x3c,0x65,0x57,0xa8,
+               0xe9,0x87,0xd5,0x79,0xcc,0xc9,0xca,0xc8,0x8a,0xd5,0xc0,0x74,0x90,0x3e,0x1e,0xda,
+               0x40,0xcd,0x42,0xf7,0x01,0x09,0x9c,0x37,0xfd,0x41,0x6e,0x2b,0x6e,0x5d,0x4a,0x1e,
+               0x52,0x53,0x1b,0xbb,0x3c,0x9f,0xfe,0x91,0x79,0x48,0xfc,0x69,0x90,0xbc,0xbc,0x3d,
+               0xcf,0xee,0x62,0x0a,0xbd,0x57,0x6b,0xa9,0x51,0x3e,0xc2,0x7f,0x26,0xb1,0xaa,0x38,
+               0xeb,0x40,0x91,0x3a,0x3c,0x80,0x1e,0x4e,0xe2,0xff,0xa2,0x8e,0x56,0xbb,0xb3,0xeb,
+               0x24,0x81,0x4c,0x19,0x2c,0x8f,0x51,0x4c,0x04,0x81,0xaf,0x5e,0xc2,0xa6,0xf9,0xd3,
+               0x48,0xee,0xe9,0x6d,0x9b,0xe1,0xe5,0x17,0x4f,0x07,0x18,0xea,0x96,0xd3,0x2c,0xce,
+               0x44,0x71,0x51,0x02,0x41,0x00,0xe9,0xe9,0x46,0x7e,0xe1,0xc2,0x86,0x94,0x65,0x77,
+               0x9c,0xc7,0x76,0x5d,0xa0,0xd3,0xcc,0x1f,0xa3,0xc7,0xfe,0xbb,0x4e,0x27,0xd6,0x43,
+               0x6b,0xbd,0x0d,0x05,0x7a,0x10,0xe8,0x48,0x97,0x30,0xaa,0x53,0x61,0x57,0x1f,0x8a,
+               0xf7,0x39,0x5e,0xa6,0xfe,0xe9,0x2c,0x19,0x5e,0x53,0xea,0xc2,0xb2,0xc2,0x11,0x3c,
+               0x18,0xab,0xcf,0xc4,0x91,0x1b,0x02,0x41,0x00,0xd2,0xf0,0xb1,0x49,0xa1,0x6f,0xf1,
+               0x83,0xa3,0xd2,0xa1,0x0e,0xb3,0xb3,0x33,0x01,0xed,0xd0,0x28,0xc1,0x2f,0x88,0x80,
+               0x9f,0x43,0x7c,0x7e,0x5d,0x4c,0x15,0x05,0x86,0xff,0x75,0x9b,0xf1,0x64,0xde,0x06,
+               0xbf,0xdd,0x98,0x50,0xd9,0x4a,0x3a,0xd6,0x25,0x1c,0xdd,0xc8,0x56,0x12,0x11,0xb9,
+               0x02,0x42,0xc7,0x1d,0x86,0xeb,0xd9,0xc2,0xb9,0x02,0x41,0x00,0x80,0x25,0x8c,0xb9,
+               0x76,0x75,0x5b,0xc5,0x70,0xd1,0x56,0xd2,0xef,0xc5,0xdb,0x96,0x2c,0xfe,0x28,0x7c,
+               0x28,0xd1,0xf4,0xbf,0x5e,0x63,0x11,0x63,0x40,0xfe,0xff,0x20,0xc4,0x21,0x00,0xb3,
+               0x68,0x9c,0xc5,0x77,0x35,0x90,0xac,0x60,0x81,0xba,0x7b,0x6c,0xc2,0xfc,0x22,0xf1,
+               0x56,0x6b,0xd4,0x02,0xfd,0xee,0x2e,0x95,0xf1,0xfd,0x7e,0x81,0x02,0x40,0x47,0xaf,
+               0x84,0x90,0x81,0x4c,0x89,0xc7,0x32,0xe5,0x61,0xd6,0x9d,0x3b,0x49,0x1a,0x5e,0xb7,
+               0x5f,0x22,0x48,0x05,0x1b,0xb1,0x04,0x3e,0x4a,0xb3,0x6a,0x27,0xba,0xb9,0x26,0x17,
+               0xd1,0xe7,0x37,0x60,0x3c,0xea,0xf7,0x63,0xcc,0x16,0x0c,0x23,0xf2,0xa2,0xaa,0x2c,
+               0xb4,0xe8,0x8b,0x3b,0x7a,0xa4,0x4a,0x0d,0x60,0xfb,0x79,0x2b,0x88,0x01,0x02,0x40,
+               0x42,0xee,0x12,0x91,0xf9,0x80,0x1e,0x60,0x0b,0xaa,0xbe,0xfd,0x09,0x84,0x93,0x0d,
+               0x09,0xd3,0x1e,0x37,0x52,0xb0,0xe8,0x51,0x4f,0xd3,0x9e,0xda,0x32,0x38,0x22,0x35,
+               0xdb,0x25,0x8b,0x9f,0x1a,0xb5,0xf1,0x75,0xfa,0x4d,0x09,0x42,0x01,0x64,0xe6,0xc4,
+               0x6e,0xba,0x2d,0x88,0x92,0xbe,0xa9,0x1f,0x85,0x38,0x10,0xa3,0x0e,0x1a,0x92,0x54,
+       ),
+       chunk_from_chars( /* RSA-1536 */
+               0x30,0x82,0x03,0x7d,0x02,0x01,0x00,0x02,0x81,0xc1,0x00,0xba,0xe3,0x37,0x93,0x7e,
+               0x42,0x13,0x3c,0xba,0x41,0xc1,0x7b,0xf0,0xcc,0x7a,0x44,0xc6,0x54,0xc8,0x77,0x01,
+               0x70,0x2f,0x6e,0x4a,0xcf,0x2d,0x07,0xab,0x01,0xc0,0x43,0xab,0x8d,0x33,0xb3,0xd4,
+               0xeb,0xe3,0x90,0xf6,0x01,0x03,0x75,0x03,0x1d,0xe8,0x06,0x40,0x15,0xfa,0x96,0x0b,
+               0xd5,0x26,0x64,0xea,0x55,0x82,0x16,0x7b,0xd5,0x1e,0xaa,0x08,0xc7,0x30,0x1a,0x59,
+               0xf8,0xd9,0xe3,0x9e,0x89,0xd9,0x92,0x2c,0x32,0x79,0x0e,0xb3,0x25,0xbc,0x1d,0x7c,
+               0x59,0xde,0x05,0x47,0x8f,0x61,0x77,0xf5,0x4f,0xed,0x82,0x2c,0xf8,0x2a,0x3e,0x02,
+               0xf3,0xc0,0x15,0x51,0xde,0x05,0xc4,0xfc,0x80,0x91,0xae,0x06,0x1b,0xd7,0x39,0x8e,
+               0x9a,0x6d,0xb3,0x2f,0xb0,0xd0,0xc8,0x96,0xa6,0x88,0xb3,0x17,0xca,0x58,0xbe,0x38,
+               0x2c,0x64,0x35,0x5a,0x29,0xb7,0xf8,0x74,0x3d,0xbb,0xec,0x90,0x01,0x04,0x64,0x3d,
+               0x38,0x0f,0x87,0xce,0xd7,0xfc,0xd2,0x96,0x93,0x31,0x85,0x0d,0x2d,0xa5,0x91,0xe2,
+               0xfc,0x7b,0xea,0xb0,0x89,0x24,0xaa,0x00,0x29,0x8c,0x26,0x7c,0x94,0x54,0x74,0xe4,
+               0x11,0xa8,0x04,0x6f,0x40,0xeb,0xaf,0xed,0xac,0x75,0x33,0x02,0x03,0x01,0x00,0x01,
+               0x02,0x81,0xc0,0x0a,0x96,0xec,0x63,0xc1,0xa0,0x39,0xd9,0xd3,0x8d,0xfd,0x4a,0x2a,
+               0x13,0x54,0x0c,0x48,0x96,0xae,0x43,0x3c,0x04,0x20,0xd3,0xe5,0x8e,0x46,0xb5,0x6c,
+               0x05,0xad,0xe0,0xc7,0xbc,0x39,0x05,0x44,0x17,0xd7,0xad,0xb3,0x9a,0xcc,0x18,0xd9,
+               0xc3,0xdc,0x8d,0x5a,0x1d,0x44,0xb5,0x32,0xd7,0x71,0x94,0xff,0x48,0x38,0x16,0x51,
+               0x0e,0xfa,0xed,0x54,0x91,0x00,0xd3,0x45,0x6c,0xd9,0xdf,0xd1,0x70,0x6b,0x31,0x22,
+               0xaa,0xfb,0x7c,0x0f,0x3f,0xa0,0xa0,0xa5,0x16,0xac,0x83,0x6d,0x12,0x1d,0x4a,0x40,
+               0x4e,0xb6,0x9c,0xf4,0x67,0xaa,0xa9,0xb0,0xc8,0xb4,0x0a,0xd5,0x3b,0x5c,0x19,0xed,
+               0x86,0x83,0x5a,0x75,0xbc,0xeb,0x17,0xc8,0x16,0xa0,0x60,0x2e,0xb6,0x25,0xc5,0x4d,
+               0x59,0xba,0x62,0xcb,0x3d,0x91,0x7c,0x79,0x6a,0x4b,0x4a,0x54,0xbd,0xb7,0xa3,0x89,
+               0x7f,0xbf,0x0e,0x77,0xe1,0x54,0x29,0x0d,0x45,0x6d,0xa8,0x15,0xa5,0x17,0x8c,0xcf,
+               0x27,0x9e,0x47,0x4e,0x2a,0x91,0x7e,0x4e,0x14,0x59,0x8c,0x62,0x91,0xa3,0x40,0xa5,
+               0x9e,0x67,0xbb,0x02,0x97,0xb4,0xe7,0x06,0x04,0xbc,0x16,0x24,0x3d,0x49,0xb1,0xf0,
+               0xae,0xfc,0x1d,0x02,0x61,0x00,0xde,0x86,0x5d,0x49,0x88,0xeb,0x5c,0xd3,0xe5,0x11,
+               0x48,0x0b,0x1e,0x52,0x95,0xa9,0x65,0x99,0x89,0xcf,0x51,0xb0,0x08,0xdd,0xb5,0x5b,
+               0x64,0x1a,0x34,0xd2,0xee,0x4b,0x2d,0x8b,0xc1,0xd5,0xd6,0x1d,0x6c,0x0c,0x7e,0xa5,
+               0x66,0x12,0xec,0xaf,0x5d,0xe9,0x33,0xd4,0xba,0x18,0x71,0x84,0x97,0xbe,0xc0,0x75,
+               0x63,0x19,0xae,0xc6,0xc7,0x65,0xf3,0xf6,0xda,0x3f,0x91,0xfa,0x5e,0x87,0xf3,0xbc,
+               0xd2,0x64,0x8d,0xcf,0xfb,0xdd,0x7f,0x9b,0x6c,0x81,0xba,0x9b,0x4e,0x94,0x5e,0x83,
+               0xd1,0xcb,0xb9,0xf4,0x39,0x7f,0x02,0x61,0x00,0xd7,0x00,0x6d,0x8e,0x1b,0xa1,0x44,
+               0xd9,0xff,0xe6,0x42,0x72,0x18,0x55,0x26,0x3e,0x87,0x40,0x71,0xb2,0x67,0x37,0x16,
+               0xe9,0xbd,0x51,0x7f,0x0e,0x79,0x0e,0x75,0xa9,0x1f,0x0f,0x6b,0xa5,0x7c,0x5f,0xc8,
+               0xdc,0x17,0xde,0x53,0x88,0x97,0x90,0x88,0xf2,0x4d,0x66,0x5e,0x0e,0x11,0x16,0x92,
+               0x1e,0x61,0x56,0xe6,0xf0,0x74,0x81,0x58,0x95,0x05,0x29,0x71,0x9b,0xa0,0x69,0xed,
+               0x14,0x23,0xf6,0x36,0x9b,0x8f,0x06,0x3a,0x76,0xab,0xeb,0xce,0xe8,0xdc,0x79,0xc1,
+               0x29,0xb9,0xfc,0x49,0x7a,0x26,0x59,0xd6,0x4d,0x02,0x61,0x00,0xaf,0x3c,0xac,0xd6,
+               0x2d,0xe6,0xfb,0x91,0x3a,0xc1,0x23,0x34,0xee,0x4a,0x26,0xe5,0xe1,0xc6,0xc9,0xc9,
+               0xe4,0x10,0x76,0xca,0xf1,0xf8,0xe8,0x99,0xe2,0xa3,0x81,0x58,0xde,0xa3,0x42,0xa0,
+               0x3d,0x1f,0xaa,0x69,0x24,0x8a,0xe8,0x19,0x5b,0x1e,0xb7,0x1b,0xe0,0xdf,0x53,0x35,
+               0xd0,0x9f,0x94,0x48,0x79,0x93,0x77,0xd9,0x4f,0xd3,0xe6,0x4f,0x19,0x92,0x7a,0x48,
+               0xb9,0x92,0xab,0x42,0xf0,0xe4,0xef,0xe2,0x93,0xf3,0x07,0xeb,0x64,0x84,0x67,0x2c,
+               0xba,0x61,0x77,0xbe,0x4b,0xb8,0x0f,0x4d,0x1a,0x41,0x83,0xcd,0x02,0x60,0x56,0xec,
+               0x55,0x5e,0x9e,0xcd,0x14,0x89,0x0e,0x6c,0x89,0x70,0x97,0x65,0xd5,0x90,0x72,0x1e,
+               0x1b,0xd9,0x84,0xe1,0x40,0xe2,0x3f,0x28,0x33,0xb6,0x26,0x3b,0x32,0x56,0xad,0xb8,
+               0x0e,0x4d,0x59,0x7b,0x60,0x39,0x9b,0x6c,0xc7,0x58,0xf1,0xed,0xfd,0x6f,0xf8,0xda,
+               0xea,0x2b,0xc5,0xbc,0xda,0x56,0x6e,0x04,0x34,0x5a,0x02,0xc0,0x48,0x8f,0xf7,0x06,
+               0x4a,0x68,0x20,0xf2,0xb2,0x66,0xf2,0x23,0x18,0xf0,0xcb,0x62,0x39,0x40,0xc1,0x41,
+               0x14,0xe6,0x10,0x3d,0x29,0x5b,0x35,0x56,0x4a,0x5e,0x98,0x22,0xba,0x01,0x02,0x61,
+               0x00,0xcc,0x80,0xb7,0xb9,0xb9,0x4a,0xaf,0x47,0x00,0x3e,0x21,0x0f,0xb8,0x4e,0x7c,
+               0xb1,0xe4,0x25,0xd6,0x19,0x26,0x54,0xc6,0x8c,0x30,0x88,0x54,0x70,0xcf,0x1f,0x62,
+               0x75,0xcb,0x18,0x58,0x6c,0x14,0xb0,0x9b,0x13,0x90,0xa2,0x1a,0x5a,0x79,0xa3,0x82,
+               0xf0,0x9b,0xba,0xf0,0x90,0xaf,0xa1,0xe8,0xa8,0x70,0xef,0x60,0x6a,0x68,0xed,0x5a,
+               0x21,0x77,0x69,0x7a,0xf2,0xee,0x3e,0xe5,0x90,0xd2,0x33,0x71,0x3b,0x82,0x88,0x75,
+               0xdd,0x8e,0x6e,0xbc,0x17,0x83,0xef,0x37,0x82,0x4e,0x83,0x30,0xcb,0x8a,0xbc,0x6c,
+               0x41,
+       ),
+       chunk_from_chars( /* RSA-2048 */
+               0x30,0x82,0x04,0xa2,0x02,0x01,0x00,0x02,0x82,0x01,0x01,0x00,0xba,0xbf,0x27,0x0b,
+               0x22,0x59,0xd8,0x6f,0xff,0x26,0x5d,0x41,0x3d,0xb0,0x94,0x58,0x5d,0xc0,0x46,0xb6,
+               0x77,0xa9,0x78,0x10,0x6d,0xe9,0xbf,0xca,0x6f,0x04,0xe1,0xda,0x85,0x12,0x1e,0xe0,
+               0xa6,0xc7,0xa2,0x71,0x04,0x8b,0x6e,0x84,0xf9,0x86,0x2b,0xeb,0x72,0x01,0x72,0xc8,
+               0x0a,0x83,0xa6,0xf7,0xc0,0xd6,0x76,0x1d,0x28,0x38,0xb5,0x7e,0x6c,0x8c,0x6a,0x13,
+               0xf4,0xf1,0x7f,0xf2,0x79,0xae,0x73,0xba,0x1a,0x3f,0x30,0x65,0xb6,0x23,0xa7,0x94,
+               0x34,0x29,0x87,0xce,0x06,0x99,0xee,0x85,0x10,0xce,0x08,0xe2,0x8d,0xd5,0x47,0xf3,
+               0xc8,0xf0,0x18,0x41,0xc0,0x59,0x66,0x06,0xda,0xb6,0x18,0xd2,0xa3,0xa0,0xbd,0x3a,
+               0x90,0x7f,0x37,0x39,0xdf,0x98,0x55,0xa2,0x19,0x5e,0x37,0xbc,0x86,0xf3,0x02,0xf8,
+               0x68,0x49,0x53,0xf2,0x4b,0x3d,0x7a,0xe3,0x1d,0xa4,0x15,0x10,0xa6,0xce,0x8c,0xb8,
+               0xfd,0x95,0x54,0xa2,0x50,0xa2,0xd9,0x35,0x12,0x56,0xae,0xbc,0x51,0x33,0x6d,0xb8,
+               0x63,0x7c,0x26,0xab,0x19,0x01,0xa5,0xda,0xfa,0x4b,0xb6,0x57,0xd3,0x4b,0xdd,0xc0,
+               0x62,0xc5,0x05,0xb7,0xc3,0x2e,0x1f,0x17,0xc8,0x09,0x87,0x12,0x37,0x21,0xd7,0x7a,
+               0x53,0xb0,0x47,0x60,0xa2,0xb5,0x23,0x3b,0x99,0xdf,0xea,0x8b,0x94,0xea,0x9d,0x53,
+               0x5d,0x02,0x52,0xf7,0x29,0xfb,0x63,0xb0,0xff,0x27,0x5e,0xde,0x54,0x7d,0x95,0xd6,
+               0x4e,0x58,0x12,0x06,0x60,0x22,0x33,0xf2,0x19,0x67,0x65,0xdd,0xf3,0x42,0xb5,0x00,
+               0x51,0x35,0xe5,0x62,0x4d,0x90,0x44,0xfb,0x7f,0x5b,0xb5,0xe5,0x02,0x03,0x01,0x00,
+               0x01,0x02,0x82,0x01,0x00,0x1c,0xf5,0x66,0xf5,0xce,0x4c,0x1d,0xe8,0xd2,0x29,0x6e,
+               0x15,0x1f,0x9e,0x9a,0x06,0x70,0xf5,0x4f,0xd1,0xdc,0x51,0x02,0x8e,0x13,0xa9,0x47,
+               0x85,0x39,0xfd,0x89,0x13,0x74,0x86,0xb8,0x94,0x90,0x30,0x4d,0x73,0x96,0xa7,0x93,
+               0x8a,0x19,0xd2,0x91,0x4d,0x77,0xb6,0x9b,0x48,0xc3,0x7e,0xa2,0x5d,0xf1,0x80,0xa0,
+               0x3c,0xc9,0xbf,0xaf,0x7f,0x4d,0x10,0x62,0x23,0xb9,0x9c,0x58,0x81,0xae,0x96,0x5b,
+               0x9a,0x4c,0x97,0x27,0x67,0x62,0x5c,0xf9,0x8f,0xdd,0x1d,0xe2,0x92,0x13,0x8a,0x7b,
+               0xc7,0x15,0x31,0xca,0x05,0x6d,0xc6,0x98,0xdb,0x88,0x39,0x99,0x1d,0x5b,0x19,0x51,
+               0xdd,0xb6,0xbd,0x3d,0xb0,0xae,0x50,0x8e,0xff,0x7d,0xa8,0x48,0x95,0x58,0x23,0xbc,
+               0x85,0xc0,0x46,0xd0,0xc0,0x0e,0xda,0xdd,0xa4,0x8e,0x8d,0x31,0x8b,0x89,0x0f,0x8b,
+               0x76,0x9a,0xb5,0x99,0x56,0x5e,0xd3,0x0c,0x88,0x0b,0x03,0xf1,0xc9,0xe3,0x05,0x05,
+               0x08,0x75,0xce,0x35,0x52,0xa0,0xc0,0xf2,0xf4,0xb9,0x87,0x22,0x21,0x3f,0x61,0xd6,
+               0x99,0xae,0x0e,0x76,0x5d,0x9c,0x16,0xa3,0xe9,0xde,0x2d,0x2a,0x46,0xf7,0x89,0xbf,
+               0x0d,0xb1,0x60,0xad,0xbc,0x24,0xe2,0xe5,0xb1,0xc1,0x1c,0x00,0x40,0x1c,0xbd,0xfa,
+               0x6e,0xc7,0x0d,0xc1,0xda,0x4d,0x54,0x45,0x96,0xac,0xf7,0xfe,0x1b,0xf2,0x47,0x1e,
+               0xf7,0x8b,0xcf,0x27,0xcc,0xe7,0x08,0xd6,0x43,0x60,0xea,0xda,0x19,0xd7,0x98,0x17,
+               0x7c,0xab,0x0c,0x90,0x60,0x75,0x9f,0x8b,0xaa,0x13,0x63,0x98,0x9e,0xc6,0x41,0x9f,
+               0xd4,0x85,0xa3,0xb2,0xb9,0x02,0x81,0x81,0x00,0xe1,0x20,0xf6,0xac,0xa9,0x01,0xbd,
+               0x31,0xe6,0xb2,0x4e,0xcf,0x66,0xc3,0x11,0x0e,0x5b,0xfe,0x58,0x6b,0xc6,0x2d,0x7a,
+               0x05,0x30,0x9a,0x6f,0xcc,0xcc,0xdf,0xd2,0x2c,0xe1,0x47,0x39,0x9e,0xf3,0x0c,0x81,
+               0xd9,0x76,0x00,0xe2,0xb1,0x08,0x91,0xfb,0x12,0x04,0xf6,0x1f,0xea,0xff,0x82,0xe5,
+               0x64,0x64,0x6f,0x14,0xbe,0x33,0x5f,0x41,0x5f,0x73,0x1f,0xa2,0x32,0xec,0x75,0xb3,
+               0x98,0x4b,0x88,0x4d,0x1e,0xec,0x78,0xda,0x4c,0x2d,0xf8,0xbb,0xcf,0x0e,0x8f,0x2f,
+               0x23,0xae,0xcd,0xe0,0x4c,0x13,0x1c,0x1c,0x16,0x8e,0xb9,0x9f,0x02,0x12,0x12,0xa5,
+               0xf4,0x21,0xfe,0x57,0x08,0x7a,0xe8,0xbe,0x15,0xe9,0xdd,0x2a,0xd1,0x7b,0x39,0xd6,
+               0x4f,0x70,0x74,0x7d,0xfd,0x39,0x97,0x80,0x8d,0x02,0x81,0x81,0x00,0xd4,0x5a,0xce,
+               0x05,0x93,0x51,0x15,0x44,0xdd,0x4d,0x79,0x92,0x04,0xe6,0x64,0x7e,0x6c,0xb5,0x61,
+               0x6b,0xc3,0xb3,0xae,0x4f,0x0a,0x75,0xbf,0x6c,0xec,0x47,0xf2,0xbc,0xea,0x76,0xc4,
+               0xc2,0xe7,0xd2,0x50,0xc4,0xe0,0xaf,0x56,0x05,0x72,0x3c,0x34,0x8c,0x5b,0xae,0xb8,
+               0x0e,0xfb,0x83,0x27,0xcf,0x61,0x05,0x44,0x97,0x3f,0x66,0x6d,0x26,0x7d,0xed,0xcd,
+               0x5a,0x87,0x04,0xbc,0xb3,0x70,0x75,0x15,0x51,0xe9,0x18,0x85,0xf7,0x2a,0x45,0xd5,
+               0xc7,0x93,0x32,0x07,0x2e,0x26,0x34,0x2d,0x18,0x63,0x45,0x06,0x6f,0xa9,0x75,0x5d,
+               0x20,0x6b,0x0b,0x13,0x45,0x81,0x7e,0x5c,0xc5,0x48,0x16,0x4b,0x82,0x7c,0xad,0xbe,
+               0xfd,0xa5,0x0a,0xd6,0xc2,0x21,0xfc,0xa5,0x84,0xaf,0xf3,0x10,0xb9,0x02,0x81,0x80,
+               0x29,0x20,0x20,0x6f,0xc2,0x1f,0xf3,0x33,0xde,0x74,0xcc,0x38,0xcf,0x08,0xeb,0x60,
+               0xb8,0x25,0x6a,0x79,0xa5,0xa6,0x41,0x18,0x19,0x9c,0xdc,0xb7,0x88,0xe5,0x8a,0x3b,
+               0x70,0x9b,0xd6,0x46,0xd7,0x17,0x7d,0xd0,0xff,0xe1,0x81,0x87,0xdd,0x8c,0xed,0x54,
+               0x89,0x5b,0x7c,0xd1,0x2d,0x03,0xf8,0x6b,0xb2,0x7d,0x28,0x48,0xe6,0x91,0x8c,0x1b,
+               0xa7,0xa8,0x2b,0xb5,0x29,0xc5,0x06,0x9d,0xd7,0x8e,0x7a,0xa8,0x1f,0x82,0xa4,0x3e,
+               0x2e,0x57,0xb5,0xd7,0x49,0x4d,0x96,0xca,0xe9,0xef,0xe9,0xfd,0x7b,0xb0,0x32,0xe1,
+               0x5c,0x09,0x44,0xa6,0xd8,0x2e,0x57,0xea,0x95,0x1b,0x25,0x43,0x03,0x50,0xe9,0x08,
+               0x8f,0xc4,0x3b,0x42,0x31,0x44,0x8b,0x85,0xcf,0x81,0x38,0x52,0xbd,0xe6,0x93,0x31,
+               0x02,0x81,0x80,0x18,0x3d,0x79,0x51,0x07,0x9c,0xf4,0xd9,0x94,0x8d,0x78,0x78,0x23,
+               0x99,0x0d,0x15,0xa5,0x61,0x1b,0x0a,0xcb,0x1f,0x22,0xa1,0xa1,0x27,0x09,0xbf,0xec,
+               0x44,0xd6,0x3f,0x9c,0x60,0x0c,0x5b,0xd7,0x4c,0x99,0xad,0xaf,0x9c,0x34,0x2c,0x90,
+               0xfa,0xb0,0x60,0xe9,0x42,0x4b,0x7e,0x62,0x55,0x79,0x60,0xe1,0xc9,0x51,0x28,0x16,
+               0xb3,0xa1,0x78,0x08,0x5d,0xf1,0xd8,0x08,0x9b,0x90,0xd2,0xc6,0xde,0x86,0x9d,0x80,
+               0x07,0x2d,0x9b,0xa6,0x36,0xac,0x8d,0x88,0x8e,0xe8,0x64,0xeb,0x35,0x7f,0x84,0x4e,
+               0x28,0x9d,0xf0,0x77,0x1e,0x8f,0x8f,0xd8,0xc8,0x3d,0xdd,0xec,0x47,0x39,0x5d,0xc7,
+               0xb9,0xcb,0xca,0xcc,0x62,0xa4,0xef,0x9d,0x3c,0x5c,0x81,0x72,0x91,0xbd,0x6f,0x25,
+               0x0a,0x90,0xf9,0x02,0x81,0x80,0x51,0x42,0x23,0x64,0x3d,0xbc,0xcb,0xcb,0x77,0xd4,
+               0x5c,0x6b,0xf4,0x16,0x3a,0x6b,0x05,0x5f,0xd4,0xf8,0x59,0xe6,0x98,0x0c,0x43,0x7e,
+               0x6b,0x17,0x0d,0x01,0x23,0x6e,0x4c,0xff,0x35,0xe4,0xc5,0xba,0xe8,0x9e,0x12,0x94,
+               0x34,0x78,0xe4,0x3d,0x35,0xa1,0xd4,0xa9,0xa3,0x7e,0xe4,0x57,0xef,0xa4,0x9a,0x6a,
+               0x32,0xb3,0x9f,0xf8,0x3a,0xcf,0xea,0xf4,0xc7,0x59,0x92,0xd4,0x2a,0x5b,0x26,0x83,
+               0x78,0x30,0x5f,0xdf,0x46,0xa6,0xb0,0x28,0x37,0x2b,0x55,0x08,0x4c,0xb6,0x6b,0xb8,
+               0xa9,0x11,0x7d,0x0b,0xab,0x97,0x4d,0x8c,0xc3,0xbf,0x3b,0xcd,0x3e,0xad,0x80,0xce,
+               0xe8,0xc6,0x01,0x35,0xd2,0x3e,0x31,0xdc,0x96,0xd7,0xc3,0xab,0x65,0xd1,0xc4,0xa3,
+               0x47,0x14,0xa9,0xba,0xd0,0x30,
+       ),
+};
+
+START_TEST(test_load)
+{
+       private_key_t *privkey;
+       public_key_t *pubkey;
+
+       privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+                                                                BUILD_BLOB_ASN1_DER, keys[_i], BUILD_END);
+       ck_assert(privkey != NULL);
+       pubkey = privkey->get_public_key(privkey);
+       ck_assert(pubkey != NULL);
+
+       test_good_sig(privkey, pubkey);
+
+       test_bad_sigs(pubkey);
+
+       pubkey->destroy(pubkey);
+       privkey->destroy(privkey);
+}
+END_TEST
+
+Suite *rsa_suite_create()
+{
+       Suite *s;
+       TCase *tc;
+
+       s = suite_create("rsa");
+
+       tc = tcase_create("generate");
+       tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes));
+       suite_add_tcase(s, tc);
+
+       tc = tcase_create("load");
+       tcase_add_loop_test(tc, test_load, 0, countof(keys));
+       suite_add_tcase(s, tc);
+
+       return s;
+}
index 2cce42b..c80f9fc 100644 (file)
 #include "test_runner.h"
 
 #include <library.h>
+#include <plugins/plugin_feature.h>
+
+#include <dirent.h>
+
+/**
+ * Load plugins from builddir
+ */
+static bool load_plugins()
+{
+       enumerator_t *enumerator;
+       char *name, path[PATH_MAX], dir[64];
+       bool success = TRUE;
+
+       enumerator = enumerator_create_token(PLUGINS, " ", "");
+       while (enumerator->enumerate(enumerator, &name))
+       {
+               snprintf(dir, sizeof(dir), "%s", name);
+               translate(dir, "-", "_");
+               snprintf(path, sizeof(path), "%s/%s/.libs", PLUGINDIR, dir);
+               if (!lib->plugins->load(lib->plugins, path, name))
+               {
+                       success = FALSE;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       return success;
+}
 
 int main()
 {
@@ -32,6 +61,18 @@ int main()
 
        library_init(NULL);
 
+       /* use non-blocking RNG to generate keys fast */
+       lib->settings->set_default_str(lib->settings,
+                       "libstrongswan.plugins.random.random",
+                       lib->settings->get_str(lib->settings,
+                               "libstrongswan.plugins.random.urandom", "/dev/urandom"));
+
+       if (!load_plugins())
+       {
+               library_deinit();
+               return EXIT_FAILURE;
+       }
+
        sr = srunner_create(NULL);
        srunner_add_suite(sr, bio_reader_suite_create());
        srunner_add_suite(sr, bio_writer_suite_create());
@@ -44,6 +85,17 @@ int main()
        srunner_add_suite(sr, identification_suite_create());
        srunner_add_suite(sr, threading_suite_create());
        srunner_add_suite(sr, utils_suite_create());
+       srunner_add_suite(sr, vectors_suite_create());
+       if (lib->plugins->has_feature(lib->plugins,
+                                                                 PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_RSA)))
+       {
+               srunner_add_suite(sr, rsa_suite_create());
+       }
+       if (lib->plugins->has_feature(lib->plugins,
+                                                                 PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_ECDSA)))
+       {
+               srunner_add_suite(sr, ecdsa_suite_create());
+       }
 
        srunner_run_all(sr, CK_NORMAL);
        nf = srunner_ntests_failed(sr);
index 1fc9851..5c60588 100644 (file)
@@ -29,5 +29,8 @@ Suite *hashtable_suite_create();
 Suite *identification_suite_create();
 Suite *threading_suite_create();
 Suite *utils_suite_create();
+Suite *vectors_suite_create();
+Suite *ecdsa_suite_create();
+Suite *rsa_suite_create();
 
 #endif /** TEST_RUNNER_H_ */
index f7cb605..811882e 100644 (file)
@@ -18,6 +18,8 @@
 #include <library.h>
 #include <utils/utils.h>
 
+#include <time.h>
+
 /*******************************************************************************
  * object storage on lib
  */
@@ -119,7 +121,7 @@ START_TEST(test_htoun)
        chunk_t net64, expected;
        u_int16_t host16 = 513;
        u_int32_t net16 = 0, host32 = 67305985;
-       u_int64_t net32 = 0, host64 = 578437695752307201;
+       u_int64_t net32 = 0, host64 = 578437695752307201ULL;
 
        net64 = chunk_alloca(16);
        memset(net64.ptr, 0, net64.len);
@@ -159,7 +161,7 @@ START_TEST(test_untoh)
        net = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x08, 0x07, 0x06, 0x05,
                                                   0x04, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00, 0x00);
        host64 = untoh64(net.ptr + 4);
-       ck_assert(host64 == 578437695752307201);
+       ck_assert(host64 == 578437695752307201ULL);
 }
 END_TEST
 
@@ -391,6 +393,10 @@ Suite *utils_suite_create()
        Suite *s;
        TCase *tc;
 
+       /* force a timezone to match non-UTC conversions */
+       setenv("TZ", "Europe/Zurich", 1);
+       tzset();
+
        s = suite_create("utils");
 
        tc = tcase_create("objects");
diff --git a/src/libstrongswan/tests/test_vectors.c b/src/libstrongswan/tests/test_vectors.c
new file mode 100644 (file)
index 0000000..f2817d3
--- /dev/null
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2013 Martin Willi
+ * Copyright (C) 2013 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+/*******************************************************************************
+ * Check if test vectors have been successful during transform registration
+ */
+
+START_TEST(test_vectors)
+{
+       fail_if(lib->crypto->get_test_vector_failures(lib->crypto));
+}
+END_TEST
+
+
+Suite *vectors_suite_create()
+{
+       Suite *s;
+       TCase *tc;
+
+       s = suite_create("vectors");
+
+       tc = tcase_create("failures");
+       tcase_add_test(tc, test_vectors);
+       suite_add_tcase(s, tc);
+
+       return s;
+}
index a245163..9a4f07e 100644 (file)
@@ -483,6 +483,11 @@ char *whitelist[] = {
        "gcry_check_version",
        "gcry_randomize",
        "gcry_create_nonce",
+       /* OpenSSL: These are needed for unit-tests only, the openssl plugin
+        * does properly clean up any memory during destroy(). */
+       "ECDSA_do_sign_ex",
+       "ECDSA_verify",
+       "RSA_new_method",
        /* NSPR */
        "PR_CallOnce",
        /* libapr */