GNOME.org
 

[xmlsec] add better tests

commit 5e1a4f89dbd0b6c058960a762919303f57e0b4c8
Author: Aleksey Sanin <aleksey aleksey com>
Date:   Sat Apr 24 20:26:28 2010 -0700

    add better tests

 src/mscrypto/certkeys.c |    8 ++++----
 src/mscrypto/ciphers.c  |    2 +-
 tests/keys/README       |   20 ++++++++++++++++++++
 tests/testDSig.sh       |   23 +++++++++++++++++++----
 4 files changed, 44 insertions(+), 9 deletions(-)
---
diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c
index fd50709..bfed954 100644
--- a/src/mscrypto/certkeys.c
+++ b/src/mscrypto/certkeys.c
@@ -1221,7 +1221,7 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
     memcpy(modulusBlob, xmlSecBnGetData(&modulus), xmlSecBnGetSize(&modulus));
 
     /* Now that we have the blob, import */
-    hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Rsa, NULL, 0, TRUE);
+    hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Rsa, NULL, CRYPT_VERIFYCONTEXT, TRUE);
     if(hProv == 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
@@ -1484,7 +1484,7 @@ xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
     xmlSecAssert2(ctx != NULL, -1);
 
     /* get provider */
-    hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Rsa, NULL, 0, TRUE);
+    hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
     if(hProv == 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
@@ -2061,7 +2061,7 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
     memset(seed, 0, sizeof(*seed));
     seed->counter = 0xFFFFFFFF; /* SEED Counter set to 0xFFFFFFFF will cause seed to be ignored */
 
-    hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Dss, NULL, 0, TRUE);
+    hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Dss, NULL, CRYPT_VERIFYCONTEXT, TRUE);
     if(hProv == 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
@@ -2382,7 +2382,7 @@ xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xml
 
     ctx = xmlSecMSCryptoKeyDataGetCtx(data);
 
-    hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, 0, TRUE);
+    hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
     if(hProv == 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c
index 66d10d5..b4601aa 100644
--- a/src/mscrypto/ciphers.c
+++ b/src/mscrypto/ciphers.c
@@ -557,7 +557,7 @@ xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
         return(-1);
     }
 
-    ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, 0, TRUE);
+    ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
     if(ctx->cryptProvider == 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
diff --git a/tests/keys/README b/tests/keys/README
index 555fe51..1451502 100644
--- a/tests/keys/README
+++ b/tests/keys/README
@@ -181,3 +181,23 @@ README
        # (used in above step)
        > pk12util -d <nss_config_dir> -i keycert.p12
     
+6. On Windows, one needs to specify Crypto Service Provider (CSP) in the 
+pkcs12 file to ensure it is loaded correctly to be used with SHA2 algorithms. 
+Worse, the CSP is different for XP and older versions
+
+
+   Input: DSA/RSA private key in PEM or DER format
+   Output: A PKCS12 file containing the private key, and a self-signed 
+           certificate with the corresponding public key. Plus the CSP 
+           name to be used for this key/cert.
+
+
+    > cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem
+    > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+    > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+
+
+    > cat largersakey.pem largersacert.pem ca2cert.pem cacert.pem > alllargersa.pem
+    > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+    > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index 1f86f8e..a32ed17 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -1,6 +1,7 @@
 #!/bin/sh 
 
 OS_ARCH=`uname -o`
+OS_KERNEL=`uname -s`
 
 if [ "z$OS_ARCH" = "zCygwin" ] ; then
 	topfolder=`cygpath -wa $2`
@@ -17,6 +18,20 @@ cert_format=$file_format
 priv_key_option="--pkcs12"
 priv_key_format="p12"
 
+# On Windows, one needs to specify Crypto Service Provider (CSP)
+# in the pkcs12 file to ensure it is loaded correctly to be used
+# with SHA2 algorithms. Worse, the CSP is different for XP and older 
+# versions
+if [ "z$OS_ARCH" = "zCygwin" ] ; then
+	if [ "z$OS_KERNEL" = "zCYGWIN_NT-5.1" ] ; then
+		priv_key_suffix="-winxp"
+	else
+		priv_key_suffix="-win"
+	fi
+else
+	priv_key_suffix=""
+fi
+
 if [ "z$TMPFOLDER" = "z" ] ; then
     TMPFOLDER=/tmp
 fi
@@ -313,25 +328,25 @@ execDSigTest "" "aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \
 execDSigTest "" "aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \
     "sha224 rsa-sha224" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
-    "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+    "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
 
 execDSigTest "" "aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \
     "sha256 rsa-sha256" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
-    "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+    "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
 
 execDSigTest "" "aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \
     "sha384 rsa-sha384" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
-    "$priv_key_option $topfolder/keys/largersakey.$priv_key_format --pwd secret" \
+    "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
 
 execDSigTest "" "aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \
     "sha512 rsa-sha512" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
-    "$priv_key_option $topfolder/keys/largersakey.$priv_key_format --pwd secret" \
+    "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
     "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
 
 #
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]