diff options
author | Jeremy Lainé <jeremy.laine@m4x.org> | 2014-08-30 12:26:19 +0200 |
---|---|---|
committer | Jeremy Lainé <jeremy.laine@m4x.org> | 2014-08-30 17:24:05 +0200 |
commit | 2fd0afc1f87edf28295caeaeb8a830d888a3e81b (patch) | |
tree | 7fbebfc06d09e41b1aab14784c8f3f9b691d35db /tests/auto/network/ssl | |
parent | 74a7f13ac153fa9c48ee72909ce0b3e4b4e882da (diff) |
ssl: add a test for 3DES encrypted keys
This adds a test for 3DES encrypted keys in addition to the
current DES encrypted keys.
Change-Id: I229e3ef710e9ee23efa2a3275b89d958491de4a2
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'tests/auto/network/ssl')
-rw-r--r-- | tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem | 18 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslkey/rsa-with-passphrase-des.pem (renamed from tests/auto/network/ssl/qsslkey/rsa-with-passphrase.pem) | 0 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp | 139 |
3 files changed, 94 insertions, 63 deletions
diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem new file mode 100644 index 0000000000..6f04c0615a --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,8963B71DA5F406B2 + +95nMwjY/6wRlQU/F09WlGniwxkqct0Kr4/75stXAYJU/i56dyWHN22xJFB2SGaRO +Bi2g+hQnczyQ9qCpdxIzHvTo9Z1yRRdSZxtsdw57ZDYo9xtoRXQdNFCb1gbsSrlf +yZNRKueRCr/TFcxYcrZveUWwEssuZbztNW+deF/NSz35XJrI2C6MwTdm+lDTN6lS +AI/F7bGB0k+9nlIHNVgXPLnGOStIWhbTBbYtGryh0j/y913dtZX1djUHHmGCdEP6 +7WnfoD4v+5ux1YFb051xJJP+3lRE4evXJe0vzZAs5Lqy3qta/uwc3nV2oERursCM +roWkjZkP6TPAMFmkgQu1eHViL1u5CD+mYD/wDj2YwCIh8U2A5BN8KqM0N4bLEoPI +dcW2Pu60VEpMyeSKOSIyJsvT7F9M9/FpyNg5QW4BfrZNkVb/d7NROu/Lg5Oy4uf9 +a38tTgrQFQXcZFHbnTKD6VabCsZnVK0mFsEloUaTYalLTB6+C+jh7q3D08Re2OAB +g9yQshBx5DreOL4Y6rb1N6DqUqem4FqKbPP+x6URSf4SrXvH4jkBkk2AiQjc0oWl +5qvUt11LQOEMdvajlRicjlMm9KtV6+jRuSIeKgZqLpyja/4l+mX+G2X4pCbOiHFV +I5mRLLb3Cn7JEv6XlAZ1sjRZX7iS7sWFi3pzj6/i5JiH6RiQPHRmygrEUPdtD6J7 +d1W+fEh/osK+lB5Faa82oWrwxbdtgrNhKdQp1dkGezHe6WpBv8iMbTqXMBJHH/Pj +/hFc4FkZMYEZwKEVQ2Cyjq9kzKLnAS9s6x6PchagmNL20b5liB7V/w== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-des.pem index cb29becc31..cb29becc31 100644 --- a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase.pem +++ b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-des.pem diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index 445fdc7df4..ebe9f0f4d2 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -87,7 +87,9 @@ private slots: void toEncryptedPemOrDer_data(); void toEncryptedPemOrDer(); + void passphraseChecks_data(); void passphraseChecks(); + void noPassphraseChecks(); #endif private: QString testDataDir; @@ -347,77 +349,88 @@ void tst_QSslKey::toEncryptedPemOrDer() // ### add a test to verify that public keys are _decrypted_ correctly (by the ctor) } +void tst_QSslKey::passphraseChecks_data() +{ + QTest::addColumn<QString>("fileName"); + + QTest::newRow("DES") << QString(testDataDir + "/rsa-with-passphrase-des.pem"); + QTest::newRow("3DES") << QString(testDataDir + "/rsa-with-passphrase-3des.pem"); +} + void tst_QSslKey::passphraseChecks() { + QFETCH(QString, fileName); + + QFile keyFile(fileName); + QVERIFY(keyFile.exists()); { - QString fileName(testDataDir + "/rsa-with-passphrase.pem"); - QFile keyFile(fileName); - QVERIFY(keyFile.exists()); - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); - QVERIFY(key.isNull()); // null passphrase => should not be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); - QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); - QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key - } + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(key.isNull()); // null passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); + QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key + } #ifdef QT_NO_OPENSSL - QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); + QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); #endif - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); - QVERIFY(!key.isNull()); // correct passphrase - } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); + QVERIFY(!key.isNull()); // correct passphrase } +} +void tst_QSslKey::noPassphraseChecks() +{ + // be sure and check a key without passphrase too + QString fileName(testDataDir + "/rsa-without-passphrase.pem"); + QFile keyFile(fileName); { - // be sure and check a key without passphrase too - QString fileName(testDataDir + "/rsa-without-passphrase.pem"); - QFile keyFile(fileName); - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); - QVERIFY(!key.isNull()); // null passphrase => should be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); - QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); - QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work - } + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); // null passphrase => should be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key + } +#ifdef QT_NO_OPENSSL + QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); +#endif + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); + QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work } } |