diff options
Diffstat (limited to 'tests/auto/network/ssl')
145 files changed, 2983 insertions, 37 deletions
diff --git a/tests/auto/network/ssl/qdtls/certs/bogus-ca.crt b/tests/auto/network/ssl/qdtls/certs/bogus-ca.crt new file mode 100644 index 0000000000..cf5893e98d --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/bogus-ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCAhugAwIBAgIJAJBdFtmKuuELMA0GCSqGSIb3DQEBCwUAMC8xGjAYBgNV +BAoMEUJvZ3VzIENvcnBvcmF0aW9uMREwDwYDVQQDDAhCb2d1cyBDQTAgFw0xNTAx +MzAxNzM0NDdaGA8yMTE1MDEwNjE3MzQ0N1owLzEaMBgGA1UECgwRQm9ndXMgQ29y +cG9yYXRpb24xETAPBgNVBAMMCEJvZ3VzIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAnXt/X69lmfvWampP88f20yNs1VZroG9VjdR4GaJM6pbWu5Wn +SYBfS81osnHC7dTW2FvKZUGnz7KX+ImkbE2qUvj6yTeFu6ILj3o+8ws7A4iOTkiH +84CHb6T/HxWO5fW6mS5v+tvPDp3rQ7JpPVYvoh7dSv8X1+JCdDmkepRveN6Pzo47 +9VFVC0oscc5I4Y0wPwnaXZ4X26vmRfbhqtoKL57lz1lJ0R6bvLC9mf4DGFPx7WXQ +eOtlKX2dtuKj+Cl3vyHff6gHNMKM0bq3KfsT+vDO6eIs/ayqVRdd0XBIMj+bZYd9 +7QI/+3XTNR3TwTisrjo71XZtHdA1DkcMaSGoJwIDAQABo1AwTjAdBgNVHQ4EFgQU +xVZK4BIjBgmluCLIespCbne4BIUwHwYDVR0jBBgwFoAUxVZK4BIjBgmluCLIespC +bne4BIUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAgZn6odHr2y1G +1OStblBdsXNxmsW7WzhLUYFUhSzBw9KS/O7uG2HAFLwJNM4sQHeuc0JjxqXG5n7s +mGbmWpUYt8+KJDRnUssmKwwg2u6Rqp+0I9leCk9KTtYpXX7d9wprSsgwjQKhTEeQ +fNImbNR6Br7GDO7Om2MnOALvZmp0KJgUFIH0J630LJTrsrTvwfX7wKhYb1wgud5N +SXdGjBuJxKK3Y0VBMsbqwI0y+wHIYE+qLzlFWNRHmKaYeGtg0T8CVK6XWUrLcjcr +rQINqW3rb1OlWF7YZ5dg7vXoZrza6YSQLWha6/FQMCaKtJHxIE1NBw0ZXK6txnkI +f4HXoPvSGg== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qdtls/certs/bogus-ca.key b/tests/auto/network/ssl/qdtls/certs/bogus-ca.key new file mode 100644 index 0000000000..1c2db7932e --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/bogus-ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnXt/X69lmfvWampP88f20yNs1VZroG9VjdR4GaJM6pbWu5Wn +SYBfS81osnHC7dTW2FvKZUGnz7KX+ImkbE2qUvj6yTeFu6ILj3o+8ws7A4iOTkiH +84CHb6T/HxWO5fW6mS5v+tvPDp3rQ7JpPVYvoh7dSv8X1+JCdDmkepRveN6Pzo47 +9VFVC0oscc5I4Y0wPwnaXZ4X26vmRfbhqtoKL57lz1lJ0R6bvLC9mf4DGFPx7WXQ +eOtlKX2dtuKj+Cl3vyHff6gHNMKM0bq3KfsT+vDO6eIs/ayqVRdd0XBIMj+bZYd9 +7QI/+3XTNR3TwTisrjo71XZtHdA1DkcMaSGoJwIDAQABAoIBAGKkKmJq4L8UyXca +ZD4UcHxL4i221e9GDVarURbtXDRMivAwivo1GHvIi93J+Ak0meYniJzoBQ7JlPsu +a/kSpK8YGS3UQ0YF+CvErI1b6XkLHefW8qEJTswVk1+LB1jvFBRCzA1bhVRogiaD +J/wtceSgZIhHRE4LAQj/2hCVzUTtV6Zr0GIJGjB7hdF9MHGlTwkPrkjvERlK/PTc +dVjyNbinYGJNA2i701u/atplH2eSBUresMhHu3AZUUXZKfFQ2m07FDBNAtsoYNnO +d17EXDaoQRDVWSP83GN4b/hpmngvHl1fuFBZ1ms375FNPQo/K33QBaUsLsqiIS/v +k3LBkeECgYEAyqv5dkgte9c2mxT5zUQySr1fDms4nwZTth8477jRnOZND1M9VoIv +1EjBfxq3y7gJVd34VWYeCxNBYwK8C45SDXtlU9X2hLeKWU6yfdegyxv950P5AahT +J80YtYSez+mTLPOC42GeTg7l01NXlTHmPpraIkdNniHc8bqyAEK9w+kCgYEAxuuO +Ln84GkAm1gr6gyFkOMVwVEfszKjRGIqp4BnSwM9bFgWvhyj4jpr+bpe4gQKQQE5q +E/GoxYOtdZ3yYupd2Ki0irGhhm3u0ywgmbomurOw46AInONWcHTU6kZY/dd8wfvW +8YcmFq/LNupwFOEw18mKaQXygMnUYci+uOSw0Y8CgYEAkcX0XjE4FdUL/6usqQme +KsfesR5J0YfZeism5rXGftXfI2C5w5lMEaJrGqL7A9pRTKOlVLdocIrfAvoaiy1I +s03H6e8Bqx/gsK+8DmujybNOgqMPXTPW68/HL/g9ykm0hCZ6RFYYaQiqIb/WRQdp +FiqHLxSeLVkp8+xWz30xxNECgYAA7P23Z64qKRxFKL3ruE8QGJMiQUdv2GVIuPR7 +b4NUlGJ3IsWjWmR1vXDrsNcR+qITOoox15ESgj9facHEBhUzue1FK/h1eLOA1ha8 +wGoHumhbVtZTbJdtZI3NHVCytbsF6Bci/p8FwgGvGr40yquAhZaYUIfFY6sSXW3N +zHqqLwKBgQCUGrePDhjjUZZNQya0TQZ95HL8OQB2e9bx8RwypYdC3pAZ6uDfl+Ne +IZoA8EoDHVbsxDXmLTGil/kyvmYBnzvkVz/yMyFm/7I0zXEOr8bTgqE5wJ8BMGSp +yil5jDoN28KL6D+HsDsWUEOvvHieDYP3cxfpZWiQuWIZ6gfDDVjIwQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qdtls/certs/bogus-client.crt b/tests/auto/network/ssl/qdtls/certs/bogus-client.crt new file mode 100644 index 0000000000..c9d43ce662 --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/bogus-client.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAeegAwIBAgIBADANBgkqhkiG9w0BAQsFADAvMRowGAYDVQQKDBFCb2d1 +cyBDb3Jwb3JhdGlvbjERMA8GA1UEAwwIQm9ndXMgQ0EwIBcNMTUwMTMwMTczNTI0 +WhgPMjExNTAxMDYxNzM1MjRaMDMxGjAYBgNVBAoMEUJvZ3VzIENvcnBvcmF0aW9u +MRUwEwYDVQQDDAxCb2d1cyBDbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDa28y3b2qcrFTjr3GIgjx78qlbRZomBt/A//ZW5qx00+QXT30bu8F0 +jCfHaBTDSnabP86856C/kL1d6oRtc7jmaxNoj39uRh3NcV3VmFEiLI9XmJ0gOIBN +vMQ0voi4gvRBzjFMnVOFML8FePV4OUX1QUZK4eAvZCsDhaJv1cCEERsfcttv7X31 +CT3+a3geZsb0cMDqicq/uaX2IONhqoNYwGlmgF+bWICIxJmEnaK3e/LnKKpvvfTt +n2M0Fx0W4150HSZxQ9Iz6fQQ8oLNn3qNL5i9377XKpck2uxC39yt5WXK2d5m8xBF +5+qwMMqlEW4LoE/dTU9mJ1lZLwV7m7QJAgMBAAGjIDAeMAkGA1UdEwQCMAAwEQYJ +YIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBBeGwXbU/WRLkfxDoI +Js2nPqzpfEXAcrJhurHKlm/wMIHnHHhTM69O7yTl/VUdKIXPzC1bGkAiSBQo+51B +SJkyWo3vt47g8rqAnUs4oM+bPD2t1YkJVeGLu+Nfw5SHlc+HdojdAcpKtnCbqtrd +vnV4QyB70nxKXC3jmWVBu/jeim0RzUacO+lF9vRPqwnlDINopx8ZpEjaXxABtaQA +cVUosFGEPRjOYAbw9j4fK7J7EXh/124j81OfawkfaMMDt2EedmSdlhPy+Io7VaBo +ho+39cX/oO3Ek+C9v+4aGF7rgp3VyKOGtC5rIy+YiwjcI09pRVPuqEqXC6C4nQcS +SjjF +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qdtls/certs/bogus-client.key b/tests/auto/network/ssl/qdtls/certs/bogus-client.key new file mode 100644 index 0000000000..f676af73d4 --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/bogus-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA2tvMt29qnKxU469xiII8e/KpW0WaJgbfwP/2VuasdNPkF099 +G7vBdIwnx2gUw0p2mz/OvOegv5C9XeqEbXO45msTaI9/bkYdzXFd1ZhRIiyPV5id +IDiATbzENL6IuIL0Qc4xTJ1ThTC/BXj1eDlF9UFGSuHgL2QrA4Wib9XAhBEbH3Lb +b+199Qk9/mt4HmbG9HDA6onKv7ml9iDjYaqDWMBpZoBfm1iAiMSZhJ2it3vy5yiq +b7307Z9jNBcdFuNedB0mcUPSM+n0EPKCzZ96jS+Yvd++1yqXJNrsQt/creVlytne +ZvMQRefqsDDKpRFuC6BP3U1PZidZWS8Fe5u0CQIDAQABAoIBAQDOzZlA0CgWiYTh +bLvEOQQ8Pw0msLs7KY2vCm7UqL3W2w4RtMvMM/tWTMWd2EyeSLOQeZe5ysmLmpJF +tz+RSSMzn4REbiwEoH6yzWfUWEx6FU8Rf6UheCJM0o04Jb59U0jJEbRl59eu6GPo +IOcaxkvDtv1b7tnvDiDTACiAsqNqZhs54QlqwpadSYe4QgK9KH0WxqBzLpXr8eEq +ZV1uuuNpaf+mitVaJhXHyVt7Od1yPfohbTYaXjko3xt3BcStt4tzRZkGQk2kjMWd +d53wqcFlc+zxSW9/ogLr+TCDttTEa1oV+JLpXLkV5J0/saf/LYw96r6f98XhLrd1 +5otsbQ+dAoGBAP0nCzd6otnuUsLX+dz0ed61zDzyTVBXLxuOOvDpuPItVUKPI8yZ +mwveIm97/4u50HGSWUgLR5v+ABfMVG/DqkEP50dDbIhQ2uBhkR5xVgSlZSiZ7S03 +1AErADaeViphKjfAuHraGgC6SRv8HBZadbYW+ZQRVTF6IRJmstiLNJIDAoGBAN1S +AYtYhH0tJSQxyL+sdeuPGhY5RDdlSeLRAStpoGjmaOC4Rc8uDsts2xuInkCcTW2y +nogoR5YxFvcly3vGL5kOzLuscLbueqkz/rbTlZPruqL7fMyPI7Y3YgGER5XNwPpE ++DlW1fu2aE42WUU49mkUNaT2WBtOLnbZKShAWKoDAoGAOGZfeF/JMnaHV8OYdmK9 +WCH2u8lb8j9KToBUn2HjA4mYCjkrx6SdR3qY/2+H0pB2YScy3vssXBOt3591XGUi +ZFZvt4/M+V3SNdVm6HplqKlUrUQF9GIQyKXU6VZDajO1nTBBqZU339ug+Cwl8dD7 +krLxrcxix6AnCBt7UwVIlBMCgYEAydQADogxgknKJiC0Vn86pg9BFeUxXWckIxDA +hUt0+lSsbcn993qkCUUC5zAGSRuAzLnoMnixF7k6nTW9Q+mu/GBvufH+dAQ0ndsJ +vMZlEJkXAYxf+dfLFF+bI5DzCxywkEqXJwsWZs6ofjK35BWXOKoyZXY1UOlSHBXb +n5ZWhOsCgYBRLqEjUehkZfqjZj8VClyPQ/6bAgtfjMRqpgsLgvqG9gBraDs4DXJr +K8Ac3+vCP8rqVwIUC0iu/5MFX75WJ7Go7wbAg7m91P9tmzSiLEm5H1toXJpla6nv +oLZW+jN9O1BaVow8f2qIEJMjHnDbuZnMPQlMGUD+g2tNgczfxT3MOA== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qdtls/certs/bogus-server.crt b/tests/auto/network/ssl/qdtls/certs/bogus-server.crt new file mode 100644 index 0000000000..7e59f6128d --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/bogus-server.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADAvMRowGAYDVQQKDBFCb2d1 +cyBDb3Jwb3JhdGlvbjERMA8GA1UEAwwIQm9ndXMgQ0EwIBcNMTUwMTMxMTc0MjI3 +WhgPMjExNTAxMDcxNzQyMjdaMDMxGjAYBgNVBAoMEUJvZ3VzIENvcnBvcmF0aW9u +MRUwEwYDVQQDDAxCb2d1cyBTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCv899JQxy/mpaQzscopmoKOkgbmwGwty1KiTpT09MU1+gtMHCfhmVp +nAiNIlQlDa+5mjhvyy1fSf+mgdjnvT5pdUAro633gfCv318EViwYsvA7/0ZumFqU +UyPWw4/2of/ZfJv2ewzMLoYEDKiLcXxInBsMlt5Lr7IBS8SNitDU+TAM7HLEIkMz +c0JpxY09H707tO8G3e93yfB5l8H+JdeEdPe+7PDfnsZZuMmaImiNYRByPTTuGvrN +I9I+OxcE4ZOMMNb3mzAoEFnyfHiCO2ehHl58y0a49ayAKJdP/FV3n2LtL/Zc5Ilq +b3VJgaShevrfIiItURjOAjDA9B95hYuZAgMBAAGjIDAeMAkGA1UdEwQCMAAwEQYJ +YIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBCwUAA4IBAQBhTqwD3HxamZGopq0K +r8KUdtliiPwo4GBFp0zg6VdSxo01WfpwFGOaeKNmV0JadtJ1DhcsdIUv2OvrxiWQ +1n0IGHULeazQnst1q1t/Vlup3IggKTGCLi8yd3acY8tr2wj9lGjWhsR+BcrCUTEB +BCpIsQiFA8+PTf/8SHuzMokDBP+j02fWCqwR749H4NDQgqrFsgzxLDA69XgvkNM3 ++HOsOR/QxeYIp54mqPnsNVhzV0JbpQpF4j9R5kMI/bsPmWH6W0GbSSyA07o8iVw7 +eqPbwHnIlHXzafvaGmF0QituAzU0nPgMc9OMxuoqacBSmSvmSdMmh///vr7O2KHO +7s+g +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qdtls/certs/bogus-server.key b/tests/auto/network/ssl/qdtls/certs/bogus-server.key new file mode 100644 index 0000000000..bda8dae678 --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/bogus-server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAr/PfSUMcv5qWkM7HKKZqCjpIG5sBsLctSok6U9PTFNfoLTBw +n4ZlaZwIjSJUJQ2vuZo4b8stX0n/poHY570+aXVAK6Ot94Hwr99fBFYsGLLwO/9G +bphalFMj1sOP9qH/2Xyb9nsMzC6GBAyoi3F8SJwbDJbeS6+yAUvEjYrQ1PkwDOxy +xCJDM3NCacWNPR+9O7TvBt3vd8nweZfB/iXXhHT3vuzw357GWbjJmiJojWEQcj00 +7hr6zSPSPjsXBOGTjDDW95swKBBZ8nx4gjtnoR5efMtGuPWsgCiXT/xVd59i7S/2 +XOSJam91SYGkoXr63yIiLVEYzgIwwPQfeYWLmQIDAQABAoIBAHVRJJLjpZp3h2a8 +CHypIND69TM60hCywgcNoo9cEES4hL0ErEMhSCL3f5giyHoAOyeElZasoO8FFuk9 +cJNrUd7c59FxDECYKhQJ2n+4uSQqwxUt6xc4jESTfrTmpemrMD0h4ZehifHmH0M5 +8XMwUs7TDxIA0e0jE4vbqg05/m3RMHoeJ4W5K4dMxkJbjmyjjCr8aT8WP/KSTABS +YQPql0rs6WL5Q2s1I/i3I4qIS4CKk8Ym7O5/Wk1fxbCh2ABL2PhW8PZDzvsFYo2T +cwX0cc0EILBc3tOG11Iua6mK8y9Zz1BpUT02ZvGaPf9R6vI0Shk1yWbZ0NYLx0MH +Zu8HIYECgYEA5awzjNcnDYQY9f6C/0TNj54Z8I7UFmGJX7XhPVVMceNieUiLvrsH +Zmf4Q51PLM1iz0S2qGA/c7lngHDXwFe++MANIK7KNwL2LtPF/83mYgBUxBKJaNHD +4B/6CCitjSwAfMNBnE70zg0F9chqy+9p+fTEwUFW6Y4y9U5jO4kw5HECgYEAxB8+ +YYMUGeIt9TnMKrC2YK/o8jo+5ZEOpEIPwleeAIUMujVVonu3TX2nKos2MgaZg/F0 +OpvDlcQZqb4Em73ctf3ZgBYEs9tt2qdB5qGlg4Hs2wyfgKUPQGLX2RseUQCYsOWT +cPPKvYDTZ6yhW6gGBd5ufl5tnG93CsIpcNV1DakCgYEAwByZhi6V4Q1k36eDpcjE +dWRW6ExghVQS17dIb8hAyGbeAPs4wVKqbvN6y/vytVQbWapta0wO51rng51gKuh6 +upHSqUrrpLZafHLyBPYSxljmjpe+zqnfwUKeH2L/QL3UroeZAwlcZlqoaJ27D1j0 ++XrPdaOU8onagCyQfsVT21ECgYAafW3blezdIiO6/7eH/J5lqNz5+swMDe/AV/vw +8AyzXUU+0X1jmPpFSTePE4aaczHBFJfyYp+kVvxwZO4Say6olkUOe+resEDCS90m +3aaRgLcRTz8sDR9mPvOQq40Iu9/j5N5pX0R/HCtx0WtqCePmXwjloLOFcbjOhzM5 +vls1IQKBgEF8DEk8T4ycjwBXC3U7Duj9jPL815417BAHdGstLP1yNcI05ubN2T56 +ITbf625YS7OdtYfrf1/jBnUVXsJspsQqkOUB97M224CVWI+vJiv8jPX+KCnR7/Zh +A/7OrtZ6FCzLyBeu/2p1NHAttqSUqu9t6wCeeBcelnAUcrjfLmlw +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qdtls/certs/fake-login.live.com.key b/tests/auto/network/ssl/qdtls/certs/fake-login.live.com.key new file mode 100644 index 0000000000..692a7bd85d --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/fake-login.live.com.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDOtxdvMa0VHUQYG5q7Tsi1Jj4qKEJppyZEkmuRXOi0fDbd1SwE +bwHrLGMvDO6OMrYBbq3WDNrtnIfF9CvzUOEch+gjr4hEVQqecU5fb45Wor7yNel3 +/C/gxfbzuXHrsj/gUjNghL2i10+c2NW+hUo/sWO6OusaBT6d6s7ee+YBcQIDAQAB +AoGAb8cVhu0HuLkgjyCuJMbPRRUu3ED02Iin6sB6JhplQuNAD+grayJTmUVhRJnr +jTziqhedLHe7Em1oBaSo92MutfMpXvWiccSlbNygI61VgmrJpVB+qIN5H9cQc9ql +Zymc+nIPa1+i5rsrOzlpUytTh7AsbZ27QG4tQXR/kQejEiECQQD6BgTxBeT8D7x9 +DuukoBaSCkLwx7U7P1NXx15EI3lA1nO51t6UHfvk/jGPp8Sl4wv4alJ7AQxr5uQ/ +vC3kzA/1AkEA06gNu10se8pe3n8qL2RRt+FmVjHkQdD9Mm2Dx9oWCs2A4wOSOrlo +6/nKYF1CaQNYn9HgsNbHVEUpnICVO18qDQJBALEw/uOJ1+TDikPfBSWgxx4s45Ad +GNWqZXh6NNZ5hX9r/IwiOZAjR9fcRmeW8IjYRi2BvH6sGY+HDRAWXzgdXtkCQCma +dOiJTf8fLjqp4E7kdzOfuI/kyqstOze4Uxjrgz2oW1dEEnA8laUcumzqp+0gXUE8 +7d+UuCWWWrGKjMrYz9kCQQDh5E5+b6Djn082Jo6gvyuXWC5eXju6IdmihlJ2SMzD +s2y3IDjOUtTeQQRDymLneteMz0ha79KeUp6VnAvZCOVe +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qdtls/certs/fake-login.live.com.pem b/tests/auto/network/ssl/qdtls/certs/fake-login.live.com.pem new file mode 100644 index 0000000000..429f95187c --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/fake-login.live.com.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDjCCAnegAwIBAgIRALC3Ez7Qlvm1b66RyHS9OsAwDQYJKoZIhvcNAQEFBQAw +XjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMObG9naW4ubGl2ZS5jb20w +HhcNMTEwMzI1MTMyODUwWhcNMTEwNDI0MTMyODUwWjBeMQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRcwFQYDVQQDEw5sb2dpbi5saXZlLmNvbTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAzrcXbzGtFR1EGBuau07ItSY+KihCaacmRJJrkVzotHw23dUs +BG8B6yxjLwzujjK2AW6t1gza7ZyHxfQr81DhHIfoI6+IRFUKnnFOX2+OVqK+8jXp +d/wv4MX287lx67I/4FIzYIS9otdPnNjVvoVKP7FjujrrGgU+nerO3nvmAXECAwEA +AaOByzCByDAdBgNVHQ4EFgQUpSOEcmtkQITvBdM2IDfcXnJ0FCAwgZgGA1UdIwSB +kDCBjYAUpSOEcmtkQITvBdM2IDfcXnJ0FCChYqRgMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMTDmxvZ2luLmxpdmUuY29tghEAsLcTPtCW+bVvrpHIdL06 +wDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAD+2HT4GSHHKCdbl9VkX +zsl+D+drMm2b0ksxz9SgPihP7aW50EEIJDEEihNMTa27mhpeOXHc/sLqDi4ECUao +/0Ns/5uoVuAIrAKCydmtPsonVFh9XWjyrfUzPOHAc9p2bmJ1i9a3kTsLB6jlrVDO +VufGzsowHlHZ0TtKf5omojU5 +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qdtls/certs/fluke.cert b/tests/auto/network/ssl/qdtls/certs/fluke.cert new file mode 100644 index 0000000000..ace4e4f0eb --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/fluke.cert @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=NO, ST=Oslo, L=Nydalen, O=Nokia Corporation and/or its subsidiary(-ies), OU=Development, CN=fluke.troll.no/emailAddress=ahanssen@trolltech.com + Validity + Not Before: Dec 4 01:10:32 2007 GMT + Not After : Apr 21 01:10:32 2035 GMT + Subject: C=NO, ST=Oslo, O=Nokia Corporation and/or its subsidiary(-ies), OU=Development, CN=fluke.troll.no + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:a7:c8:a0:4a:c4:19:05:1b:66:ba:32:e2:d2:f1: + 1c:6f:17:82:e4:39:2e:01:51:90:db:04:34:32:11: + 21:c2:0d:6f:59:d8:53:90:54:3f:83:8f:a9:d3:b3: + d5:ee:1a:9b:80:ae:c3:25:c9:5e:a5:af:4b:60:05: + aa:a0:d1:91:01:1f:ca:04:83:e3:58:1c:99:32:45: + 84:70:72:58:03:98:4a:63:8b:41:f5:08:49:d2:91: + 02:60:6b:e4:64:fe:dd:a0:aa:74:08:e9:34:4c:91: + 5f:12:3d:37:4d:54:2c:ad:7f:5b:98:60:36:02:8c: + 3b:f6:45:f3:27:6a:9b:94:9d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 21:85:04:3D:23:01:66:E5:F7:9F:1A:84:24:8A:AF:0A:79:F4:E5:AC + X509v3 Authority Key Identifier: + DirName:/C=NO/ST=Oslo/L=Nydalen/O=Nokia Corporation and/or its subsidiary(-ies)/OU=Development/CN=fluke.troll.no/emailAddress=ahanssen@trolltech.com + serial:8E:A8:B4:E8:91:B7:54:2E + + Signature Algorithm: sha1WithRSAEncryption + 6d:57:5f:d1:05:43:f0:62:05:ec:2a:71:a5:dc:19:08:f2:c4: + a6:bd:bb:25:d9:ca:89:01:0e:e4:cf:1f:c1:8c:c8:24:18:35: + 53:59:7b:c0:43:b4:32:e6:98:b2:a6:ef:15:05:0b:48:5f:e1: + a0:0c:97:a9:a1:77:d8:35:18:30:bc:a9:8f:d3:b7:54:c7:f1: + a9:9e:5d:e6:19:bf:f6:3c:5b:2b:d8:e4:3e:62:18:88:8b:d3: + 24:e1:40:9b:0c:e6:29:16:62:ab:ea:05:24:70:36:aa:55:93: + ef:02:81:1b:23:10:a2:04:eb:56:95:75:fc:f8:94:b1:5d:42: + c5:3f:36:44:85:5d:3a:2e:90:46:8a:a2:b9:6f:87:ae:0c:15: + 40:19:31:90:fc:3b:25:bb:ae:f1:66:13:0d:85:90:d9:49:34: + 8f:f2:5d:f9:7a:db:4d:5d:27:f6:76:9d:35:8c:06:a6:4c:a3: + b1:b2:b6:6f:1d:d7:a3:00:fd:72:eb:9e:ea:44:a1:af:21:34: + 7d:c7:42:e2:49:91:19:8b:c0:ad:ba:82:80:a8:71:70:f4:35: + 31:91:63:84:20:95:e9:60:af:64:8b:cc:ff:3d:8a:76:74:3d: + c8:55:6d:e4:8e:c3:2b:1c:e8:42:18:ae:9f:e6:6b:9c:34:06: + ec:6a:f2:c3 +-----BEGIN CERTIFICATE----- +MIIEEzCCAvugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnDELMAkGA1UEBhMCTk8x +DTALBgNVBAgTBE9zbG8xEDAOBgNVBAcTB055ZGFsZW4xFjAUBgNVBAoTDVRyb2xs +dGVjaCBBU0ExFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5mbHVrZS50 +cm9sbC5ubzElMCMGCSqGSIb3DQEJARYWYWhhbnNzZW5AdHJvbGx0ZWNoLmNvbTAe +Fw0wNzEyMDQwMTEwMzJaFw0zNTA0MjEwMTEwMzJaMGMxCzAJBgNVBAYTAk5PMQ0w +CwYDVQQIEwRPc2xvMRYwFAYDVQQKEw1Ucm9sbHRlY2ggQVNBMRQwEgYDVQQLEwtE +ZXZlbG9wbWVudDEXMBUGA1UEAxMOZmx1a2UudHJvbGwubm8wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAKfIoErEGQUbZroy4tLxHG8XguQ5LgFRkNsENDIRIcIN +b1nYU5BUP4OPqdOz1e4am4CuwyXJXqWvS2AFqqDRkQEfygSD41gcmTJFhHByWAOY +SmOLQfUISdKRAmBr5GT+3aCqdAjpNEyRXxI9N01ULK1/W5hgNgKMO/ZF8ydqm5Sd +AgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM +IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUIYUEPSMBZuX3nxqEJIqv +Cnn05awwgbsGA1UdIwSBszCBsKGBoqSBnzCBnDELMAkGA1UEBhMCTk8xDTALBgNV +BAgTBE9zbG8xEDAOBgNVBAcTB055ZGFsZW4xFjAUBgNVBAoTDVRyb2xsdGVjaCBB +U0ExFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5mbHVrZS50cm9sbC5u +bzElMCMGCSqGSIb3DQEJARYWYWhhbnNzZW5AdHJvbGx0ZWNoLmNvbYIJAI6otOiR +t1QuMA0GCSqGSIb3DQEBBQUAA4IBAQBtV1/RBUPwYgXsKnGl3BkI8sSmvbsl2cqJ +AQ7kzx/BjMgkGDVTWXvAQ7Qy5piypu8VBQtIX+GgDJepoXfYNRgwvKmP07dUx/Gp +nl3mGb/2PFsr2OQ+YhiIi9Mk4UCbDOYpFmKr6gUkcDaqVZPvAoEbIxCiBOtWlXX8 ++JSxXULFPzZEhV06LpBGiqK5b4euDBVAGTGQ/Dslu67xZhMNhZDZSTSP8l35ettN +XSf2dp01jAamTKOxsrZvHdejAP1y657qRKGvITR9x0LiSZEZi8CtuoKAqHFw9DUx +kWOEIJXpYK9ki8z/PYp2dD3IVW3kjsMrHOhCGK6f5mucNAbsavLD +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qdtls/certs/fluke.key b/tests/auto/network/ssl/qdtls/certs/fluke.key new file mode 100644 index 0000000000..9d1664d609 --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/fluke.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCnyKBKxBkFG2a6MuLS8RxvF4LkOS4BUZDbBDQyESHCDW9Z2FOQ +VD+Dj6nTs9XuGpuArsMlyV6lr0tgBaqg0ZEBH8oEg+NYHJkyRYRwclgDmEpji0H1 +CEnSkQJga+Rk/t2gqnQI6TRMkV8SPTdNVCytf1uYYDYCjDv2RfMnapuUnQIDAQAB +AoGANFzLkanTeSGNFM0uttBipFT9F4a00dqHz6JnO7zXAT26I5r8sU1pqQBb6uLz +/+Qz5Zwk8RUAQcsMRgJetuPQUb0JZjF6Duv24hNazqXBCu7AZzUenjafwmKC/8ri +KpX3fTwqzfzi//FKGgbXQ80yykSSliDL3kn/drATxsLCgQECQQDXhEFWLJ0vVZ1s +1Ekf+3NITE+DR16X+LQ4W6vyEHAjTbaNWtcTKdAWLA2l6N4WAAPYSi6awm+zMxx4 +VomVTsjdAkEAx0z+e7natLeFcrrq8pbU+wa6SAP1VfhQWKitxL1e7u/QO90NCpxE +oQYKzMkmmpOOFjQwEMAy1dvFMbm4LHlewQJAC/ksDBaUcQHHqjktCtrUb8rVjAyW +A8lscckeB2fEYyG5J6dJVaY4ClNOOs5yMDS2Afk1F6H/xKvtQ/5CzInA/QJATDub +K+BPU8jO9q+gpuIi3VIZdupssVGmCgObVCHLakG4uO04y9IyPhV9lA9tALtoIf4c +VIvv5fWGXBrZ48kZAQJBAJmVCdzQxd9LZI5vxijUCj5EI4e+x5DRqVUvyP8KCZrC +AiNyoDP85T+hBZaSXK3aYGpVwelyj3bvo1GrTNwNWLw= +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qdtls/certs/ss-srv-cert.pem b/tests/auto/network/ssl/qdtls/certs/ss-srv-cert.pem new file mode 100644 index 0000000000..2c3d2e180d --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/ss-srv-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAk6gAwIBAgIJAP0E+KApnERsMA0GCSqGSIb3DQEBCwUAMIGJMQswCQYD +VQQGEwJOTzENMAsGA1UECAwET3NsbzENMAsGA1UEBwwET3NsbzELMAkGA1UECgwC +UXQxHzAdBgNVBAsMFlImRCAoQ29yZSBhbmQgTmV0d29yaykxEDAOBgNVBAMMB2Jv +Yi5vcmcxHDAaBgkqhkiG9w0BCQEWDWJvYkBnbWFpbC5jb20wHhcNMTgwNDI2MDgw +NDAxWhcNMjgwNDIzMDgwNDAxWjCBiTELMAkGA1UEBhMCTk8xDTALBgNVBAgMBE9z +bG8xDTALBgNVBAcMBE9zbG8xCzAJBgNVBAoMAlF0MR8wHQYDVQQLDBZSJkQgKENv +cmUgYW5kIE5ldHdvcmspMRAwDgYDVQQDDAdib2Iub3JnMRwwGgYJKoZIhvcNAQkB +Fg1ib2JAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWSh+1 +Xp5l3MgpzfTtiiuT4jMh8uQug/N7fyZlo+obMarT51dYWt1L5yFYyPw92FCtWgTi +rWFUh6Z8O/wIRkLRd/meKAqQsqRMnEVt4WSE9fA41XecWw1FJl2Ehwnl2C3Nj3GF +XonG+4Wg5EzH7JGEUUQIGQnuUTj06BkHLq0R8QIDAQABo1MwUTAdBgNVHQ4EFgQU +TRydf45RdKVcjhzNUYgfNq4f/W8wHwYDVR0jBBgwFoAUTRydf45RdKVcjhzNUYgf +Nq4f/W8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAsn1aZTcZU +4qD+ciziSYFM0Qk1GTCHtWf5nufB35AyuUqOK3h6QgRHovvNm+IMJIPMlnnwj5gF +G8UZ6mCYBUQPBuofZz8+XEL+N0QtvzUXA2/jVKn2TkcSvFXV90juC9KfhGhM93kQ +1R3qNPgxkuQqteffCbUyWnugv3/axNCjsQ== +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qdtls/certs/ss-srv-key.pem b/tests/auto/network/ssl/qdtls/certs/ss-srv-key.pem new file mode 100644 index 0000000000..c2d912bf4d --- /dev/null +++ b/tests/auto/network/ssl/qdtls/certs/ss-srv-key.pem @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIBoCUfXYbG50CAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHsb5ejBIDukBIICgFiMs6LbW0L4 +fxGDVNQWEbWf+1h4HJZsetWVqX5kh+9R3yfvK6vMVI5EQZ3mm8t5NDIKRFON6dN/ +uKGvZA+4vR6Vc5yeOOzL6sC8NsIU6eJOzkxXdyBahBHORm51dJCRtCdsoaWnx00I +jEAIvdv/dWh+kx9iMF6cZeOvIXbdVPuadjeh62cjPU/zyZSKCFd59zqWRMvIMIIM +kUOy2In5dVBb8/W9Zz0S8OG7KRJ+KdxxR5ev324L70XtRbb/tDVnGuMz+K83xbQC +ySJgIEvaz9lmhFeWiJ9HPGqcYtMAUUk4XgF5mcQDete8uCndDnxCy3uCyNxWtIm3 +dXRYzWZh+nbsbjYQWT3Lo3z3zkchB8vNDBfVcp6m0nx7spaUFlptrXujYKU9VQTK +2vAMhT9uUstLaHm+TEI1SuDBeugbvxy1DNI5lEQ3SG50L8r0m/OuQkV9zPVreHLX +nJdx7POS69WW+yac2SJX9mMSXICksLvaSGxSnFf1hMyozIp3xM4jGsxV+ckGw2I/ +CNUW2QHMuJ2/AvZo8cJY5iwbRgCaewAKkUiPZbGMDLeRapm9nrRFyTkLGyjI+4wG +wByzJ8ZZ2IlnZexXbcs0o8qoFmUxgA2R5Q3AvDYAg9/XGWtRcbIOhly4gRv4B/OF +pWfqYrCK6ZbTNSNZNifMDJfjx5T9qSnnLbAZRjuVwOgvqWTcBZpzpn97YS7XnsrU +5qMOiaP+VgpWeO2Fcf5zq9CJaBLO8sBUWWJW7mPgrOpxbBOio6x1GbRMT2niOiPN +wSXWPfw5Kp/P43ORJEttudEGJYpIMAzZ88hmF2j8n3hGC9FHAw5RGaV+3vsonsZq +iwE2rYxs3RI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qdtls/qdtls.pro b/tests/auto/network/ssl/qdtls/qdtls.pro new file mode 100644 index 0000000000..19e13a965c --- /dev/null +++ b/tests/auto/network/ssl/qdtls/qdtls.pro @@ -0,0 +1,16 @@ +CONFIG += testcase + +SOURCES += tst_qdtls.cpp +QT = core network-private testlib + +TARGET = tst_qdtls + +win32 { + CONFIG(debug, debug|release) { + DESTDIR = debug + } else { + DESTDIR = release + } +} + +TESTDATA += certs diff --git a/tests/auto/network/ssl/qdtls/tst_qdtls.cpp b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp new file mode 100644 index 0000000000..6a94eee389 --- /dev/null +++ b/tests/auto/network/ssl/qdtls/tst_qdtls.cpp @@ -0,0 +1,1324 @@ +/**************************************************************************** +** +** Copyright (C) 2018 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the test suite of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:GPL-EXCEPT$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 3 as published by the Free Software +** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include <QtTest/QtTest> + +#include <QtNetwork/qsslpresharedkeyauthenticator.h> +#include <QtNetwork/qsslconfiguration.h> +#include <QtNetwork/qhostaddress.h> +#include <QtNetwork/qsslsocket.h> +#include <QtNetwork/qsslcipher.h> +#include <QtNetwork/qudpsocket.h> +#include <QtNetwork/qsslerror.h> +#include <QtNetwork/qsslkey.h> +#include <QtNetwork/qdtls.h> +#include <QtNetwork/qssl.h> + +#include <QtCore/qcryptographichash.h> +#include <QtCore/qbytearray.h> +#include <QtCore/qvector.h> +#include <QtCore/qstring.h> +#include <QtCore/qobject.h> + +#include <algorithm> + +QT_BEGIN_NAMESPACE + +namespace +{ + +bool dtlsErrorIsCleared(const QDtls &dtls) +{ + return dtls.dtlsError() == QDtlsError::NoError && dtls.dtlsErrorString().isEmpty(); +} + +using DtlsPtr = QScopedPointer<QDtls>; + +bool dtlsErrorIsCleared(DtlsPtr &dtls) +{ + return dtlsErrorIsCleared(*dtls); +} + +} // unnamed namespace + +#define QDTLS_VERIFY_NO_ERROR(obj) QVERIFY(dtlsErrorIsCleared(obj)) + +#define QDTLS_VERIFY_HANDSHAKE_SUCCESS(obj) \ + QVERIFY(obj->isConnectionEncrypted()); \ + QCOMPARE(obj->handshakeState(), QDtls::HandshakeComplete); \ + QDTLS_VERIFY_NO_ERROR(obj); \ + QCOMPARE(obj->peerVerificationErrors().size(), 0) + +class tst_QDtls : public QObject +{ + Q_OBJECT + +public slots: + void initTestCase(); + void init(); + +private slots: + // Tests: + void construction_data(); + void construction(); + void configuration_data(); + void configuration(); + void invalidConfiguration(); + void setPeer_data(); + void setPeer(); + void handshake_data(); + void handshake(); + void handshakeWithRetransmission(); + void sessionCipher(); + void cipherPreferences_data(); + void cipherPreferences(); + void protocolVersionMatching_data(); + void protocolVersionMatching(); + void verificationErrors_data(); + void verificationErrors(); + void presetExpectedErrors_data(); + void presetExpectedErrors(); + void verifyServerCertificate_data(); + void verifyServerCertificate(); + void verifyClientCertificate_data(); + void verifyClientCertificate(); + void blacklistedCerificate(); + void readWriteEncrypted_data(); + void readWriteEncrypted(); + void datagramFragmentation(); + +protected slots: + void handshakeReadyRead(); + void encryptedReadyRead(); + void pskRequested(QSslPreSharedKeyAuthenticator *auth); + void handleHandshakeTimeout(); + +private: + void clientServerData(); + void connectHandshakeReadingSlots(); + void connectEncryptedReadingSlots(); + bool verificationErrorDetected(QSslError::SslError code) const; + + static QHostAddress toNonAny(const QHostAddress &addr); + + QUdpSocket serverSocket; + QHostAddress serverAddress; + quint16 serverPort = 0; + QSslConfiguration defaultServerConfig; + QSslCertificate selfSignedCert; + QString hostName; + QSslKey serverKeySS; + bool serverDropDgram = false; + const QByteArray serverExpectedPlainText = "Hello W ... hmm, I mean DTLS server!"; + QByteArray serverReceivedPlainText; + + QUdpSocket clientSocket; + QHostAddress clientAddress; + quint16 clientPort = 0; + bool clientDropDgram = false; + const QByteArray clientExpectedPlainText = "Hello DTLS client."; + QByteArray clientReceivedPlainText; + + DtlsPtr serverCrypto; + DtlsPtr clientCrypto; + + QTestEventLoop testLoop; + const int handshakeTimeoutMS = 5000; + const int dataExchangeTimeoutMS = 1000; + + const QByteArray presharedKey = "DEADBEEFDEADBEEF"; + QString certDirPath; +}; + +QT_END_NAMESPACE + +Q_DECLARE_METATYPE(QSsl::SslProtocol) +Q_DECLARE_METATYPE(QSslSocket::SslMode) +Q_DECLARE_METATYPE(QSslSocket::PeerVerifyMode) +Q_DECLARE_METATYPE(QList<QSslCertificate>) +Q_DECLARE_METATYPE(QSslKey) +Q_DECLARE_METATYPE(QVector<QSslError>) + +QT_BEGIN_NAMESPACE + +void tst_QDtls::initTestCase() +{ + certDirPath = QFileInfo(QFINDTESTDATA("certs")).absolutePath(); + QVERIFY(certDirPath.size() > 0); + certDirPath += QDir::separator() + QStringLiteral("certs") + QDir::separator(); + + QVERIFY(QSslSocket::supportsSsl()); + + QFile keyFile(certDirPath + QStringLiteral("ss-srv-key.pem")); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); + serverKeySS = QSslKey(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, "foobar"); + QVERIFY(!serverKeySS.isNull()); + + QList<QSslCertificate> certificates = QSslCertificate::fromPath(certDirPath + QStringLiteral("ss-srv-cert.pem")); + QVERIFY(!certificates.isEmpty()); + QVERIFY(!certificates.first().isNull()); + selfSignedCert = certificates.first(); + + defaultServerConfig = QSslConfiguration::defaultDtlsConfiguration(); + defaultServerConfig.setPeerVerifyMode(QSslSocket::VerifyNone); + defaultServerConfig.setDtlsCookieVerificationEnabled(false); + + hostName = QStringLiteral("bob.org"); +} + +void tst_QDtls::init() +{ + if (serverSocket.state() != QAbstractSocket::UnconnectedState) { + serverSocket.close(); + // disconnect signals/slots: + serverSocket.disconnect(); + } + + QVERIFY(serverSocket.bind()); + serverAddress = toNonAny(serverSocket.localAddress()); + serverPort = serverSocket.localPort(); + + if (clientSocket.localPort()) { + clientSocket.close(); + // disconnect signals/slots: + clientSocket.disconnect(); + } + + clientAddress = {}; + clientPort = 0; + + serverCrypto.reset(new QDtls(QSslSocket::SslServerMode)); + serverDropDgram = false; + serverReceivedPlainText.clear(); + + clientCrypto.reset(new QDtls(QSslSocket::SslClientMode)); + clientDropDgram = false; + clientReceivedPlainText.clear(); + + connect(clientCrypto.data(), &QDtls::handshakeTimeout, + this, &tst_QDtls::handleHandshakeTimeout); + connect(serverCrypto.data(), &QDtls::handshakeTimeout, + this, &tst_QDtls::handleHandshakeTimeout); +} + +void tst_QDtls::construction_data() +{ + clientServerData(); +} + +void tst_QDtls::construction() +{ + QFETCH(const QSslSocket::SslMode, mode); + + QDtls dtls(mode); + QCOMPARE(dtls.peerAddress(), QHostAddress()); + QCOMPARE(dtls.peerPort(), quint16()); + QCOMPARE(dtls.peerVerificationName(), QString()); + QCOMPARE(dtls.sslMode(), mode); + + QCOMPARE(dtls.mtuHint(), quint16()); + + const auto params = dtls.cookieGeneratorParameters(); + QVERIFY(params.secret.size() > 0); +#ifdef QT_CRYPTOGRAPHICHASH_ONLY_SHA1 + QCOMPARE(params.hash, QCryptographicHash::Sha1); +#else + QCOMPARE(params.hash, QCryptographicHash::Sha256); +#endif + + QCOMPARE(dtls.dtlsConfiguration(), QSslConfiguration::defaultDtlsConfiguration()); + + QCOMPARE(dtls.handshakeState(), QDtls::HandshakeNotStarted); + QCOMPARE(dtls.isConnectionEncrypted(), false); + QCOMPARE(dtls.sessionCipher(), QSslCipher()); + QCOMPARE(dtls.sessionProtocol(), QSsl::UnknownProtocol); + + QCOMPARE(dtls.dtlsError(), QDtlsError::NoError); + QCOMPARE(dtls.dtlsErrorString(), QString()); + QCOMPARE(dtls.peerVerificationErrors().size(), 0); +} + +void tst_QDtls::configuration_data() +{ + clientServerData(); +} + +void tst_QDtls::configuration() +{ + // There is a proper auto-test for QSslConfiguration in our TLS test suite, + // here we only test several DTLS-related details. + auto config = QSslConfiguration::defaultDtlsConfiguration(); + QCOMPARE(config.protocol(), QSsl::DtlsV1_2OrLater); + + const QList<QSslCipher> ciphers = config.ciphers(); + QVERIFY(ciphers.size() > 0); + for (const auto &cipher : ciphers) + QVERIFY(cipher.usedBits() >= 128); + + QCOMPARE(config.dtlsCookieVerificationEnabled(), true); + + QFETCH(const QSslSocket::SslMode, mode); + QDtls dtls(mode); + QCOMPARE(dtls.dtlsConfiguration(), config); + config.setProtocol(QSsl::DtlsV1_0OrLater); + config.setDtlsCookieVerificationEnabled(false); + QCOMPARE(config.dtlsCookieVerificationEnabled(), false); + + QVERIFY(dtls.setDtlsConfiguration(config)); + QDTLS_VERIFY_NO_ERROR(dtls); + QCOMPARE(dtls.dtlsConfiguration(), config); + + if (mode == QSslSocket::SslClientMode) { + // Testing a DTLS server would be more complicated, we'd need a DTLS + // client sending ClientHello(s), running an event loop etc. - way too + // much dancing for a simple setter/getter test. + QVERIFY(dtls.setPeer(serverAddress, serverPort)); + QDTLS_VERIFY_NO_ERROR(dtls); + + QUdpSocket clientSocket; + QVERIFY(dtls.doHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(dtls); + QCOMPARE(dtls.handshakeState(), QDtls::HandshakeInProgress); + // As soon as handshake started, it's not allowed to change configuration: + QVERIFY(!dtls.setDtlsConfiguration(QSslConfiguration::defaultDtlsConfiguration())); + QCOMPARE(dtls.dtlsError(), QDtlsError::InvalidOperation); + QCOMPARE(dtls.dtlsConfiguration(), config); + } +} + +void tst_QDtls::invalidConfiguration() +{ + QUdpSocket socket; + QDtls crypto(QSslSocket::SslClientMode); + QVERIFY(crypto.setPeer(serverAddress, serverPort)); + // Note: not defaultDtlsConfiguration(), so the protocol is TLS (without D): + QVERIFY(crypto.setDtlsConfiguration(QSslConfiguration::defaultConfiguration())); + QDTLS_VERIFY_NO_ERROR(crypto); + QCOMPARE(crypto.dtlsConfiguration(), QSslConfiguration::defaultConfiguration()); + // Try to start the handshake: + QCOMPARE(crypto.doHandshake(&socket), false); + QCOMPARE(crypto.dtlsError(), QDtlsError::TlsInitializationError); +} + +void tst_QDtls::setPeer_data() +{ + clientServerData(); +} + +void tst_QDtls::setPeer() +{ + static const QHostAddress invalid[] = {QHostAddress(), + QHostAddress(QHostAddress::Broadcast), + QHostAddress(QStringLiteral("224.0.0.0"))}; + static const QString peerName = QStringLiteral("does not matter actually"); + + QFETCH(const QSslSocket::SslMode, mode); + QDtls dtls(mode); + + for (const auto &addr : invalid) { + QCOMPARE(dtls.setPeer(addr, 100, peerName), false); + QCOMPARE(dtls.dtlsError(), QDtlsError::InvalidInputParameters); + QCOMPARE(dtls.peerAddress(), QHostAddress()); + QCOMPARE(dtls.peerPort(), quint16()); + QCOMPARE(dtls.peerVerificationName(), QString()); + } + + QVERIFY(dtls.setPeer(serverAddress, serverPort, peerName)); + QDTLS_VERIFY_NO_ERROR(dtls); + QCOMPARE(dtls.peerAddress(), serverAddress); + QCOMPARE(dtls.peerPort(), serverPort); + QCOMPARE(dtls.peerVerificationName(), peerName); + + if (mode == QSslSocket::SslClientMode) { + // We test for client mode only, for server mode we'd have to run event + // loop etc. too much work for a simple setter/getter test. + QUdpSocket clientSocket; + QVERIFY(dtls.doHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(dtls); + QCOMPARE(dtls.handshakeState(), QDtls::HandshakeInProgress); + QCOMPARE(dtls.setPeer(serverAddress, serverPort), false); + QCOMPARE(dtls.dtlsError(), QDtlsError::InvalidOperation); + } +} + +void tst_QDtls::handshake_data() +{ + QTest::addColumn<bool>("withCertificate"); + + QTest::addRow("no-cert") << false; + QTest::addRow("with-cert") << true; +} + +void tst_QDtls::handshake() +{ + connectHandshakeReadingSlots(); + + QFETCH(const bool, withCertificate); + + auto serverConfig = defaultServerConfig; + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + + if (!withCertificate) { + connect(serverCrypto.data(), &QDtls::pskRequired, this, &tst_QDtls::pskRequested); + connect(clientCrypto.data(), &QDtls::pskRequired, this, &tst_QDtls::pskRequested); + clientConfig.setPeerVerifyMode(QSslSocket::VerifyNone); + QVERIFY(clientConfig.peerCertificate().isNull()); + } else { + serverConfig.setPrivateKey(serverKeySS); + serverConfig.setLocalCertificate(selfSignedCert); + clientConfig.setCaCertificates({selfSignedCert}); + } + + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + + // Some early checks before we run event loop. + // Remote was not set yet: + QVERIFY(!clientCrypto->doHandshake(&clientSocket)); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); + QVERIFY(!serverCrypto->doHandshake(&serverSocket, QByteArray("ClientHello"))); + QCOMPARE(serverCrypto->dtlsError(), QDtlsError::InvalidOperation); + + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, hostName)); + + // Invalid socket: + QVERIFY(!clientCrypto->doHandshake(nullptr)); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidInputParameters); + + // Now we are ready for handshake: + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeInProgress); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!testLoop.timeout()); + + QVERIFY(serverCrypto->isConnectionEncrypted()); + QDTLS_VERIFY_NO_ERROR(serverCrypto); + QCOMPARE(serverCrypto->handshakeState(), QDtls::HandshakeComplete); + QCOMPARE(serverCrypto->peerVerificationErrors().size(), 0); + + QVERIFY(clientCrypto->isConnectionEncrypted()); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeComplete); + QCOMPARE(clientCrypto->peerVerificationErrors().size(), 0); + + if (withCertificate) { + const auto serverCert = clientCrypto->dtlsConfiguration().peerCertificate(); + QVERIFY(!serverCert.isNull()); + QCOMPARE(serverCert, selfSignedCert); + } + + // Already in 'HandshakeComplete' state/encrypted. + QVERIFY(!clientCrypto->doHandshake(&clientSocket)); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); + QVERIFY(!serverCrypto->doHandshake(&serverSocket, {"ServerHello"})); + QCOMPARE(serverCrypto->dtlsError(), QDtlsError::InvalidOperation); + // Cannot change a remote without calling shutdown first. + QVERIFY(!clientCrypto->setPeer(serverAddress, serverPort)); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); + QVERIFY(!serverCrypto->setPeer(clientAddress, clientPort)); + QCOMPARE(serverCrypto->dtlsError(), QDtlsError::InvalidOperation); +} + +void tst_QDtls::handshakeWithRetransmission() +{ + connectHandshakeReadingSlots(); + + auto serverConfig = defaultServerConfig; + serverConfig.setPrivateKey(serverKeySS); + serverConfig.setLocalCertificate(selfSignedCert); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + clientConfig.setCaCertificates({selfSignedCert}); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, hostName)); + + // Now we are ready for handshake: + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeInProgress); + + serverDropDgram = true; + clientDropDgram = true; + // Every failed re-transmission doubles the next timeout. We don't want to + // slow down the test just to check the re-transmission ability, so we'll + // drop only the first 'ClientHello' and 'ServerHello' datagrams. The + // arithmetic is approximately this: the first ClientHello to be dropped - + // client will re-transmit in 1s., the first part of 'ServerHello' to be + // dropped, the client then will re-transmit after another 2 s. Thus it's ~3. + // We err on safe side and double our (already quite generous) 5s. + testLoop.enterLoopMSecs(handshakeTimeoutMS * 2); + + QVERIFY(!testLoop.timeout()); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); +} + +void tst_QDtls::sessionCipher() +{ + connectHandshakeReadingSlots(); + + auto serverConfig = defaultServerConfig; + serverConfig.setPrivateKey(serverKeySS); + serverConfig.setLocalCertificate(selfSignedCert); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + clientConfig.setCaCertificates({selfSignedCert}); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, hostName)); + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!testLoop.timeout()); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + + const auto defaultDtlsConfig = QSslConfiguration::defaultDtlsConfiguration(); + + const auto clCipher = clientCrypto->sessionCipher(); + QVERIFY(!clCipher.isNull()); + QVERIFY(defaultDtlsConfig.ciphers().contains(clCipher)); + + const auto srvCipher = serverCrypto->sessionCipher(); + QVERIFY(!srvCipher.isNull()); + QVERIFY(defaultDtlsConfig.ciphers().contains(srvCipher)); + + QCOMPARE(clCipher, srvCipher); +} + +void tst_QDtls::cipherPreferences_data() +{ + QTest::addColumn<bool>("preferClient"); + + QTest::addRow("prefer-server") << true; + QTest::addRow("prefer-client") << false; +} + +void tst_QDtls::cipherPreferences() +{ + // This test is based on the similar case in tst_QSslSocket. We test it for QDtls + // because it's possible to set ciphers and corresponding ('server preferred') + // options via QSslConfiguration. + const QSslCipher aes128(QStringLiteral("AES128-SHA")); + const QSslCipher aes256(QStringLiteral("AES256-SHA")); + + auto serverConfig = defaultServerConfig; + const QList<QSslCipher> ciphers = serverConfig.ciphers(); + if (!ciphers.contains(aes128) || !ciphers.contains(aes256)) + QSKIP("The ciphers needed by this test were not found in the default DTLS configuration"); + + serverConfig.setCiphers({aes128, aes256}); + serverConfig.setLocalCertificate(selfSignedCert); + serverConfig.setPrivateKey(serverKeySS); + + QFETCH(const bool, preferClient); + if (preferClient) + serverConfig.setSslOption(QSsl::SslOptionDisableServerCipherPreference, true); + + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + QDTLS_VERIFY_NO_ERROR(serverCrypto); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + clientConfig.setPeerVerifyMode(QSslSocket::VerifyNone); + clientConfig.setCiphers({aes256, aes128}); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + + connectHandshakeReadingSlots(); + + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + QVERIFY(!testLoop.timeout()); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + + if (preferClient) { + QCOMPARE(clientCrypto->sessionCipher(), aes256); + QCOMPARE(serverCrypto->sessionCipher(), aes256); + } else { + QCOMPARE(clientCrypto->sessionCipher(), aes128); + QCOMPARE(serverCrypto->sessionCipher(), aes128); + } +} + +void tst_QDtls::protocolVersionMatching_data() +{ + QTest::addColumn<QSsl::SslProtocol>("serverProtocol"); + QTest::addColumn<QSsl::SslProtocol>("clientProtocol"); + QTest::addColumn<bool>("works"); + + QTest::addRow("DtlsV1_0 <-> DtlsV1_0") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0 << true; + QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0 << true; + QTest::addRow("DtlsV1_0 <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_0OrLater << true; + QTest::addRow("DtlsV1_0OrLater <-> DtlsV1_0OrLater") << QSsl::DtlsV1_0OrLater << QSsl::DtlsV1_0OrLater << true; + + QTest::addRow("DtlsV1_2 <-> DtlsV1_2") << QSsl::DtlsV1_2 << QSsl::DtlsV1_2 << true; + QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_2") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_2 << true; + QTest::addRow("DtlsV1_2 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_2 << QSsl::DtlsV1_2OrLater << true; + QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_2OrLater") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_2OrLater << true; + + QTest::addRow("DtlsV1_0 <-> DtlsV1_2") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2 << false; + QTest::addRow("DtlsV1_0 <-> DtlsV1_2OrLater") << QSsl::DtlsV1_0 << QSsl::DtlsV1_2OrLater << false; + QTest::addRow("DtlsV1_2 <-> DtlsV1_0") << QSsl::DtlsV1_2 << QSsl::DtlsV1_0 << false; + QTest::addRow("DtlsV1_2OrLater <-> DtlsV1_0") << QSsl::DtlsV1_2OrLater << QSsl::DtlsV1_0 << false; +} + +void tst_QDtls::protocolVersionMatching() +{ + QFETCH(const QSsl::SslProtocol, serverProtocol); + QFETCH(const QSsl::SslProtocol, clientProtocol); + QFETCH(const bool, works); + + connectHandshakeReadingSlots(); + + connect(serverCrypto.data(), &QDtls::pskRequired, this, &tst_QDtls::pskRequested); + connect(clientCrypto.data(), &QDtls::pskRequired, this, &tst_QDtls::pskRequested); + + auto serverConfig = defaultServerConfig; + serverConfig.setProtocol(serverProtocol); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + clientConfig.setPeerVerifyMode(QSslSocket::VerifyNone); + clientConfig.setProtocol(clientProtocol); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + if (works) { + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + } else { + QCOMPARE(serverCrypto->isConnectionEncrypted(), false); + QVERIFY(serverCrypto->handshakeState() != QDtls::HandshakeComplete); + QCOMPARE(clientCrypto->isConnectionEncrypted(), false); + QVERIFY(clientCrypto->handshakeState() != QDtls::HandshakeComplete); + } +} + +void tst_QDtls::verificationErrors_data() +{ + QTest::addColumn<bool>("abortHandshake"); + + QTest::addRow("abort-handshake") << true; + QTest::addRow("ignore-errors") << false; +} + +void tst_QDtls::verificationErrors() +{ + connectHandshakeReadingSlots(); + + auto serverConfig = defaultServerConfig; + serverConfig.setPrivateKey(serverKeySS); + serverConfig.setLocalCertificate(selfSignedCert); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + // And our client already has the default DTLS configuration. + + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); + // Now we are ready for handshake: + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!testLoop.timeout()); + QDTLS_VERIFY_NO_ERROR(serverCrypto); + + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::PeerVerificationError); + QCOMPARE(clientCrypto->handshakeState(), QDtls::PeerVerificationFailed); + QVERIFY(!clientCrypto->isConnectionEncrypted()); + + QVERIFY(verificationErrorDetected(QSslError::HostNameMismatch)); + QVERIFY(verificationErrorDetected(QSslError::SelfSignedCertificate)); + + const auto serverCert = clientCrypto->dtlsConfiguration().peerCertificate(); + QVERIFY(!serverCert.isNull()); + QCOMPARE(selfSignedCert, serverCert); + + QFETCH(const bool, abortHandshake); + + if (abortHandshake) { + QVERIFY(!clientCrypto->abortHandshake(nullptr)); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidInputParameters); + QVERIFY(clientCrypto->abortHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QVERIFY(!clientCrypto->isConnectionEncrypted()); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeNotStarted); + QCOMPARE(clientCrypto->sessionCipher(), QSslCipher()); + QCOMPARE(clientCrypto->sessionProtocol(), QSsl::UnknownProtocol); + const auto config = clientCrypto->dtlsConfiguration(); + QVERIFY(config.peerCertificate().isNull()); + QCOMPARE(config.peerCertificateChain().size(), 0); + QCOMPARE(clientCrypto->peerVerificationErrors().size(), 0); + } else { + clientCrypto->ignoreVerificationErrors(clientCrypto->peerVerificationErrors()); + QVERIFY(!clientCrypto->resumeHandshake(nullptr)); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidInputParameters); + QVERIFY(clientCrypto->resumeHandshake(&clientSocket)); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + QVERIFY(clientCrypto->isConnectionEncrypted()); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeComplete); + QCOMPARE(clientCrypto->peerVerificationErrors().size(), 0); + } +} + +void tst_QDtls::presetExpectedErrors_data() +{ + QTest::addColumn<QVector<QSslError>>("expectedTlsErrors"); + QTest::addColumn<bool>("works"); + + QVector<QSslError> expectedErrors{{QSslError::HostNameMismatch, selfSignedCert}}; + QTest::addRow("unexpected-self-signed") << expectedErrors << false; + expectedErrors.push_back({QSslError::SelfSignedCertificate, selfSignedCert}); + QTest::addRow("all-errors-ignored") << expectedErrors << true; +} + +void tst_QDtls::presetExpectedErrors() +{ + QFETCH(const QVector<QSslError>, expectedTlsErrors); + QFETCH(const bool, works); + + connectHandshakeReadingSlots(); + + auto serverConfig = defaultServerConfig; + serverConfig.setPrivateKey(serverKeySS); + serverConfig.setLocalCertificate(selfSignedCert); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + clientCrypto->ignoreVerificationErrors(expectedTlsErrors); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!testLoop.timeout()); + + if (works) { + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeComplete); + QVERIFY(clientCrypto->isConnectionEncrypted()); + } else { + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::PeerVerificationError); + QVERIFY(!clientCrypto->isConnectionEncrypted()); + QCOMPARE(clientCrypto->handshakeState(), QDtls::PeerVerificationFailed); + } +} + +void tst_QDtls::verifyServerCertificate_data() +{ + QTest::addColumn<QSslSocket::PeerVerifyMode>("verifyMode"); + QTest::addColumn<QList<QSslCertificate>>("serverCerts"); + QTest::addColumn<QSslKey>("serverKey"); + QTest::addColumn<QString>("peerName"); + QTest::addColumn<bool>("encrypted"); + + { + // A special case - null key (but with certificate): + const auto chain = QSslCertificate::fromPath(certDirPath + QStringLiteral("bogus-server.crt")); + QCOMPARE(chain.size(), 1); + + QSslKey nullKey; + // Only one row - server must fail to start handshake immediately. + QTest::newRow("valid-server-cert-no-key : VerifyPeer") << QSslSocket::VerifyPeer << chain << nullKey << QString() << false; + } + { + // Valid certificate: + auto chain = QSslCertificate::fromPath(certDirPath + QStringLiteral("bogus-server.crt")); + QCOMPARE(chain.size(), 1); + + const auto caCert = QSslCertificate::fromPath(certDirPath + QStringLiteral("bogus-ca.crt")); + QCOMPARE(caCert.size(), 1); + chain += caCert; + + QFile keyFile(certDirPath + QStringLiteral("bogus-server.key")); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); + const QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); + + auto cert = chain.first(); + const QString name(cert.subjectInfo(QSslCertificate::CommonName).first()); + QTest::newRow("valid-server-cert : AutoVerifyPeer") << QSslSocket::AutoVerifyPeer << chain << key << name << true; + QTest::newRow("valid-server-cert : QueryPeer") << QSslSocket::QueryPeer << chain << key << name << true; + QTest::newRow("valid-server-cert : VerifyNone") << QSslSocket::VerifyNone << chain << key << name << true; + QTest::newRow("valid-server-cert : VerifyPeer (add CA)") << QSslSocket::VerifyPeer << chain << key << name << true; + QTest::newRow("valid-server-cert : VerifyPeer (no CA)") << QSslSocket::VerifyPeer << chain << key << name << false; + QTest::newRow("valid-server-cert : VerifyPeer (name mismatch)") << QSslSocket::VerifyPeer << chain << key << QString() << false; + } +} + +void tst_QDtls::verifyServerCertificate() +{ + QFETCH(const QSslSocket::PeerVerifyMode, verifyMode); + QFETCH(const QList<QSslCertificate>, serverCerts); + QFETCH(const QSslKey, serverKey); + QFETCH(const QString, peerName); + QFETCH(const bool, encrypted); + + auto serverConfig = defaultServerConfig; + serverConfig.setLocalCertificateChain(serverCerts); + serverConfig.setPrivateKey(serverKey); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + + if (serverCerts.size() == 2 && encrypted) { + auto caCerts = clientConfig.caCertificates(); + caCerts.append(serverCerts.at(1)); + clientConfig.setCaCertificates(caCerts); + } + + clientConfig.setPeerVerifyMode(verifyMode); + + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, peerName)); + + connectHandshakeReadingSlots(); + + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + QVERIFY(!testLoop.timeout()); + + if (serverKey.isNull() && !serverCerts.isEmpty()) { + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeInProgress); + QCOMPARE(serverCrypto->dtlsError(), QDtlsError::TlsInitializationError); + QCOMPARE(serverCrypto->handshakeState(), QDtls::HandshakeNotStarted); + return; + } + + if (encrypted) { + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + } else { + QVERIFY(!clientCrypto->isConnectionEncrypted()); + QCOMPARE(clientCrypto->handshakeState(), QDtls::PeerVerificationFailed); + QVERIFY(clientCrypto->peerVerificationErrors().size()); + QVERIFY(clientCrypto->writeDatagramEncrypted(&clientSocket, "something") < 0); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); + } +} + +void tst_QDtls::verifyClientCertificate_data() +{ +#if !QT_CONFIG(opensslv11) + QSKIP("This test is not supposed to work with OpenSSL version below 1.1"); +#endif + + QTest::addColumn<QSslSocket::PeerVerifyMode>("verifyMode"); + QTest::addColumn<QList<QSslCertificate>>("clientCerts"); + QTest::addColumn<QSslKey>("clientKey"); + QTest::addColumn<bool>("encrypted"); + { + // No certficates, no key: + QList<QSslCertificate> chain; + QSslKey key; + QTest::newRow("no-cert : AutoVerifyPeer") << QSslSocket::AutoVerifyPeer << chain << key << true; + QTest::newRow("no-cert : QueryPeer") << QSslSocket::QueryPeer << chain << key << true; + QTest::newRow("no-cert : VerifyNone") << QSslSocket::VerifyNone << chain << key << true; + QTest::newRow("no-cert : VerifyPeer") << QSslSocket::VerifyPeer << chain << key << false; + } + { + const auto chain = QSslCertificate::fromPath(certDirPath + QStringLiteral("fluke.cert")); + QCOMPARE(chain.size(), 1); + + QFile keyFile(certDirPath + QStringLiteral("fluke.key")); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); + const QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); + + QTest::newRow("self-signed-cert : AutoVerifyPeer") << QSslSocket::AutoVerifyPeer << chain << key << true; + QTest::newRow("self-signed-cert : QueryPeer") << QSslSocket::QueryPeer << chain << key << true; + QTest::newRow("self-signed-cert : VerifyNone") << QSslSocket::VerifyNone << chain << key << true; + QTest::newRow("self-signed-cert : VerifyPeer") << QSslSocket::VerifyPeer << chain << key << false; + } + { + // Valid certificate, but wrong usage (server certificate): + const auto chain = QSslCertificate::fromPath(certDirPath + QStringLiteral("bogus-server.crt")); + QCOMPARE(chain.size(), 1); + + QFile keyFile(certDirPath + QStringLiteral("bogus-server.key")); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); + const QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); + + QTest::newRow("valid-server-cert : AutoVerifyPeer") << QSslSocket::AutoVerifyPeer << chain << key << true; + QTest::newRow("valid-server-cert : QueryPeer") << QSslSocket::QueryPeer << chain << key << true; + QTest::newRow("valid-server-cert : VerifyNone") << QSslSocket::VerifyNone << chain << key << true; + QTest::newRow("valid-server-cert : VerifyPeer") << QSslSocket::VerifyPeer << chain << key << false; + } + { + // Valid certificate, correct usage (client certificate): + auto chain = QSslCertificate::fromPath(certDirPath + QStringLiteral("bogus-client.crt")); + QCOMPARE(chain.size(), 1); + + QFile keyFile(certDirPath + QStringLiteral("bogus-client.key")); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); + const QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); + + QTest::newRow("valid-client-cert : AutoVerifyPeer") << QSslSocket::AutoVerifyPeer << chain << key << true; + QTest::newRow("valid-client-cert : QueryPeer") << QSslSocket::QueryPeer << chain << key << true; + QTest::newRow("valid-client-cert : VerifyNone") << QSslSocket::VerifyNone << chain << key << true; + QTest::newRow("valid-client-cert : VerifyPeer") << QSslSocket::VerifyPeer << chain << key << true; + + // Valid certificate, correct usage (client certificate), with chain: + chain += QSslCertificate::fromPath(certDirPath + QStringLiteral("bogus-ca.crt")); + QCOMPARE(chain.size(), 2); + + QTest::newRow("valid-client-chain : AutoVerifyPeer") << QSslSocket::AutoVerifyPeer << chain << key << true; + QTest::newRow("valid-client-chain : QueryPeer") << QSslSocket::QueryPeer << chain << key << true; + QTest::newRow("valid-client-chain : VerifyNone") << QSslSocket::VerifyNone << chain << key << true; + QTest::newRow("valid-client-chain : VerifyPeer") << QSslSocket::VerifyPeer << chain << key << true; + } +} + +void tst_QDtls::verifyClientCertificate() +{ + connectHandshakeReadingSlots(); + + QFETCH(const QSslSocket::PeerVerifyMode, verifyMode); + QFETCH(const QList<QSslCertificate>, clientCerts); + QFETCH(const QSslKey, clientKey); + QFETCH(const bool, encrypted); + + QSslConfiguration serverConfig = defaultServerConfig; + serverConfig.setLocalCertificate(selfSignedCert); + serverConfig.setPrivateKey(serverKeySS); + serverConfig.setPeerVerifyMode(verifyMode); + + if (verifyMode == QSslSocket::VerifyPeer && clientCerts.size()) { + // Not always needed even if these conditions met, but does not hurt + // either. + const auto certs = QSslCertificate::fromPath(certDirPath + QStringLiteral("bogus-ca.crt")); + QCOMPARE(certs.size(), 1); + serverConfig.setCaCertificates(serverConfig.caCertificates() + certs); + } + + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + serverConfig = serverCrypto->dtlsConfiguration(); + QVERIFY(serverConfig.peerCertificate().isNull()); + QCOMPARE(serverConfig.peerCertificateChain().size(), 0); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + clientConfig.setLocalCertificateChain(clientCerts); + clientConfig.setPrivateKey(clientKey); + clientConfig.setPeerVerifyMode(QSslSocket::VerifyNone); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); + + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + serverConfig = serverCrypto->dtlsConfiguration(); + + if (verifyMode == QSslSocket::VerifyNone || clientCerts.isEmpty()) { + QVERIFY(serverConfig.peerCertificate().isNull()); + QCOMPARE(serverConfig.peerCertificateChain().size(), 0); + } else { + QCOMPARE(serverConfig.peerCertificate(), clientCerts.first()); + QCOMPARE(serverConfig.peerCertificateChain(), clientCerts); + } + + if (encrypted) { + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + } else { + QVERIFY(!serverCrypto->isConnectionEncrypted()); + QCOMPARE(serverCrypto->handshakeState(), QDtls::PeerVerificationFailed); + QVERIFY(serverCrypto->dtlsErrorString().size() > 0); + QVERIFY(serverCrypto->peerVerificationErrors().size() > 0); + + QVERIFY(!clientCrypto->isConnectionEncrypted()); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QCOMPARE(clientCrypto->handshakeState(), QDtls::HandshakeInProgress); + } +} + +void tst_QDtls::blacklistedCerificate() +{ + const auto serverChain = QSslCertificate::fromPath(certDirPath + QStringLiteral("fake-login.live.com.pem")); + QCOMPARE(serverChain.size(), 1); + + QFile keyFile(certDirPath + QStringLiteral("fake-login.live.com.key")); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); + const QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); + + auto serverConfig = defaultServerConfig; + serverConfig.setLocalCertificateChain(serverChain); + serverConfig.setPrivateKey(key); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + connectHandshakeReadingSlots(); + const QString name(serverChain.first().subjectInfo(QSslCertificate::CommonName).first()); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, name)); + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + QVERIFY(!testLoop.timeout()); + QCOMPARE(clientCrypto->handshakeState(), QDtls::PeerVerificationFailed); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::PeerVerificationError); + QVERIFY(!clientCrypto->isConnectionEncrypted()); + QVERIFY(verificationErrorDetected(QSslError::CertificateBlacklisted)); +} + +void tst_QDtls::readWriteEncrypted_data() +{ + QTest::addColumn<bool>("serverSideShutdown"); + + QTest::addRow("client-shutdown") << false; + QTest::addRow("server-shutdown") << true; +} + +void tst_QDtls::readWriteEncrypted() +{ + connectHandshakeReadingSlots(); + + auto serverConfig = defaultServerConfig; + serverConfig.setLocalCertificate(selfSignedCert); + serverConfig.setPrivateKey(serverKeySS); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + clientConfig.setCaCertificates({selfSignedCert}); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort, hostName)); + + // 0. Verify we cannot write any encrypted message without handshake done + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QVERIFY(clientCrypto->writeDatagramEncrypted(&clientSocket, serverExpectedPlainText) <= 0); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); + QVERIFY(!clientCrypto->shutdown(&clientSocket)); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); + QDTLS_VERIFY_NO_ERROR(serverCrypto); + QVERIFY(serverCrypto->writeDatagramEncrypted(&serverSocket, clientExpectedPlainText) <= 0); + QCOMPARE(serverCrypto->dtlsError(), QDtlsError::InvalidOperation); + QVERIFY(!serverCrypto->shutdown(&serverSocket)); + QCOMPARE(serverCrypto->dtlsError(), QDtlsError::InvalidOperation); + + // 1. Initiate a handshake: + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + // 1.1 Verify we cannot read yet. What the datagram is - not really important, + // invalid state/operation - is what we verify: + const QByteArray dummy = clientCrypto->decryptDatagram(&clientSocket, "BS dgram"); + QCOMPARE(dummy.size(), 0); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidOperation); + + // 1.2 Finish the handshake: + testLoop.enterLoopMSecs(handshakeTimeoutMS); + QVERIFY(!testLoop.timeout()); + + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + + // 2. Change reading slots: + connectEncryptedReadingSlots(); + + // 3. Test parameter validation: + QVERIFY(clientCrypto->writeDatagramEncrypted(nullptr, serverExpectedPlainText) <= 0); + QCOMPARE(clientCrypto->dtlsError(), QDtlsError::InvalidInputParameters); + // 4. Write the client's message: + qint64 clientBytesWritten = clientCrypto->writeDatagramEncrypted(&clientSocket, serverExpectedPlainText); + QDTLS_VERIFY_NO_ERROR(clientCrypto); + QVERIFY(clientBytesWritten > 0); + + // 5. Exchange client/server messages: + testLoop.enterLoopMSecs(dataExchangeTimeoutMS); + QVERIFY(!testLoop.timeout()); + + QCOMPARE(serverExpectedPlainText, serverReceivedPlainText); + QCOMPARE(clientExpectedPlainText, clientReceivedPlainText); + + QFETCH(const bool, serverSideShutdown); + DtlsPtr &crypto = serverSideShutdown ? serverCrypto : clientCrypto; + QUdpSocket *socket = serverSideShutdown ? &serverSocket : &clientSocket; + // 6. Parameter validation: + QVERIFY(!crypto->shutdown(nullptr)); + QCOMPARE(crypto->dtlsError(), QDtlsError::InvalidInputParameters); + // 7. Send shutdown alert: + QVERIFY(crypto->shutdown(socket)); + QDTLS_VERIFY_NO_ERROR(crypto); + QCOMPARE(crypto->handshakeState(), QDtls::HandshakeNotStarted); + QVERIFY(!crypto->isConnectionEncrypted()); + // 8. Receive this read notification and handle it: + testLoop.enterLoopMSecs(dataExchangeTimeoutMS); + QVERIFY(!testLoop.timeout()); + + DtlsPtr &peerCrypto = serverSideShutdown ? clientCrypto : serverCrypto; + QVERIFY(!peerCrypto->isConnectionEncrypted()); + QCOMPARE(peerCrypto->handshakeState(), QDtls::HandshakeNotStarted); + QCOMPARE(peerCrypto->dtlsError(), QDtlsError::RemoteClosedConnectionError); +} + +void tst_QDtls::datagramFragmentation() +{ + connectHandshakeReadingSlots(); + + auto serverConfig = defaultServerConfig; + serverConfig.setLocalCertificate(selfSignedCert); + serverConfig.setPrivateKey(serverKeySS); + QVERIFY(serverCrypto->setDtlsConfiguration(serverConfig)); + + auto clientConfig = QSslConfiguration::defaultDtlsConfiguration(); + clientConfig.setPeerVerifyMode(QSslSocket::VerifyNone); + QVERIFY(clientCrypto->setDtlsConfiguration(clientConfig)); + QVERIFY(clientCrypto->setPeer(serverAddress, serverPort)); + + QVERIFY(clientCrypto->doHandshake(&clientSocket)); + + testLoop.enterLoopMSecs(handshakeTimeoutMS); + QVERIFY(!testLoop.timeout()); + + QDTLS_VERIFY_HANDSHAKE_SUCCESS(clientCrypto); + QDTLS_VERIFY_HANDSHAKE_SUCCESS(serverCrypto); + + // Done with handshake, reconnect readyRead: + connectEncryptedReadingSlots(); + + // Verify our dgram is not fragmented and some error set (either UnderlyingSocketError + // if OpenSSL somehow had attempted a write or TlsFatalError in case OpenSSL + // noticed how big the chunk is). + QVERIFY(clientCrypto->writeDatagramEncrypted(&clientSocket, QByteArray(1024 * 17, Qt::Uninitialized)) <= 0); + QVERIFY(clientCrypto->dtlsError() != QDtlsError::NoError); + // Error to write does not mean QDtls is broken: + QVERIFY(clientCrypto->isConnectionEncrypted()); + QVERIFY(clientCrypto->writeDatagramEncrypted(&clientSocket, "Hello, I'm a tiny datagram") > 0); + QDTLS_VERIFY_NO_ERROR(clientCrypto); +} + +void tst_QDtls::handshakeReadyRead() +{ + QUdpSocket *socket = qobject_cast<QUdpSocket *>(sender()); + Q_ASSERT(socket); + + if (!socket->pendingDatagramSize()) + return; + + const bool isServer = socket == &serverSocket; + DtlsPtr &crypto = isServer ? serverCrypto : clientCrypto; + DtlsPtr &peerCrypto = isServer ? clientCrypto : serverCrypto; + QHostAddress addr; + quint16 port = 0; + + QByteArray dgram(socket->pendingDatagramSize(), Qt::Uninitialized); + const qint64 size = socket->readDatagram(dgram.data(), dgram.size(), &addr, &port); + if (size != dgram.size()) + return; + + if (isServer) { + if (!clientPort) { + // It's probably an initial 'ClientHello' message. Let's set remote's + // address/port. But first we make sure it is, indeed, 'ClientHello'. + if (int(dgram.constData()[0]) != 22) + return; + + if (addr.isNull() || addr.isBroadcast()) // Could never be us (client), bail out + return; + + if (!crypto->setPeer(addr, port)) + return testLoop.exitLoop(); + + // Check parameter validation: + if (crypto->doHandshake(nullptr, dgram) || crypto->dtlsError() != QDtlsError::InvalidInputParameters) + return testLoop.exitLoop(); + + if (crypto->doHandshake(&serverSocket, {}) || crypto->dtlsError() != QDtlsError::InvalidInputParameters) + return testLoop.exitLoop(); + + // Make sure we cannot decrypt yet: + const QByteArray dummyDgram = crypto->decryptDatagram(&serverSocket, dgram); + if (dummyDgram.size() > 0 || crypto->dtlsError() != QDtlsError::InvalidOperation) + return testLoop.exitLoop(); + + clientAddress = addr; + clientPort = port; + } else if (clientPort != port || clientAddress != addr) { + return; + } + + if (serverDropDgram) { + serverDropDgram = false; + return; + } + } else if (clientDropDgram) { + clientDropDgram = false; + return; + } + + if (!crypto->doHandshake(socket, dgram)) + return testLoop.exitLoop(); + + const auto state = crypto->handshakeState(); + if (state != QDtls::HandshakeInProgress && state != QDtls::HandshakeComplete) + return testLoop.exitLoop(); + + if (state == QDtls::HandshakeComplete && peerCrypto->handshakeState() == QDtls::HandshakeComplete) + testLoop.exitLoop(); +} + +void tst_QDtls::encryptedReadyRead() +{ + QUdpSocket *socket = qobject_cast<QUdpSocket *>(sender()); + Q_ASSERT(socket); + + if (socket->pendingDatagramSize() <= 0) + return; + + QByteArray dtlsMessage(int(socket->pendingDatagramSize()), Qt::Uninitialized); + QHostAddress addr; + quint16 port = 0; + const qint64 bytesRead = socket->readDatagram(dtlsMessage.data(), dtlsMessage.size(), &addr, &port); + if (bytesRead <= 0) + return; + + dtlsMessage.resize(int(bytesRead)); + + if (socket == &serverSocket) { + if (addr != clientAddress || port != clientPort) + return; + + if (serverExpectedPlainText == dtlsMessage) // No way it can happen! + return testLoop.exitLoop(); + + serverReceivedPlainText = serverCrypto->decryptDatagram(nullptr, dtlsMessage); + if (serverReceivedPlainText.size() > 0 || serverCrypto->dtlsError() != QDtlsError::InvalidInputParameters) + return testLoop.exitLoop(); + + serverReceivedPlainText = serverCrypto->decryptDatagram(&serverSocket, dtlsMessage); + + const int messageType = dtlsMessage.data()[0]; + if (serverReceivedPlainText != serverExpectedPlainText + && (messageType == 23 || messageType == 21)) { + // Type 23 is for application data, 21 is shutdown alert. Here we test + // write/read operations and shutdown alerts, not expecting and thus + // ignoring any other types of messages. + return testLoop.exitLoop(); + } + + if (serverCrypto->dtlsError() != QDtlsError::NoError) + return testLoop.exitLoop(); + + // Verify it cannot be done twice: + const QByteArray replayed = serverCrypto->decryptDatagram(&serverSocket, dtlsMessage); + if (replayed.size() > 0) + return testLoop.exitLoop(); + + if (serverCrypto->writeDatagramEncrypted(&serverSocket, clientExpectedPlainText) <= 0) + testLoop.exitLoop(); + } else { + if (port != serverPort) + return; + + if (clientExpectedPlainText == dtlsMessage) // What a disaster! + return testLoop.exitLoop(); + + clientReceivedPlainText = clientCrypto->decryptDatagram(&clientSocket, dtlsMessage); + testLoop.exitLoop(); + } +} + +void tst_QDtls::pskRequested(QSslPreSharedKeyAuthenticator *auth) +{ + Q_ASSERT(auth); + + auth->setPreSharedKey(presharedKey); +} + +void tst_QDtls::handleHandshakeTimeout() +{ + auto crypto = qobject_cast<QDtls *>(sender()); + Q_ASSERT(crypto); + + if (!crypto->handleTimeout(&clientSocket)) + testLoop.exitLoop(); +} + +void tst_QDtls::clientServerData() +{ + QTest::addColumn<QSslSocket::SslMode>("mode"); + + QTest::addRow("client") << QSslSocket::SslClientMode; + QTest::addRow("server") << QSslSocket::SslServerMode; +} + +void tst_QDtls::connectHandshakeReadingSlots() +{ + connect(&serverSocket, &QUdpSocket::readyRead, this, &tst_QDtls::handshakeReadyRead); + connect(&clientSocket, &QUdpSocket::readyRead, this, &tst_QDtls::handshakeReadyRead); +} + +void tst_QDtls::connectEncryptedReadingSlots() +{ + serverSocket.disconnect(); + clientSocket.disconnect(); + connect(&serverSocket, &QUdpSocket::readyRead, this, &tst_QDtls::encryptedReadyRead); + connect(&clientSocket, &QUdpSocket::readyRead, this, &tst_QDtls::encryptedReadyRead); +} + +bool tst_QDtls::verificationErrorDetected(QSslError::SslError code) const +{ + Q_ASSERT(clientCrypto.data()); + + const auto errors = clientCrypto->peerVerificationErrors(); + for (const QSslError &error : errors) { + if (error.error() == code) + return true; + } + + return false; +} + +QHostAddress tst_QDtls::toNonAny(const QHostAddress &addr) +{ + if (addr == QHostAddress::Any || addr == QHostAddress::AnyIPv4) + return QHostAddress::LocalHost; + if (addr == QHostAddress::AnyIPv6) + return QHostAddress::LocalHostIPv6; + return addr; +} + +QT_END_NAMESPACE + +QTEST_MAIN(tst_QDtls) + +#include "tst_qdtls.moc" diff --git a/tests/auto/network/ssl/qdtlscookie/qdtlscookie.pro b/tests/auto/network/ssl/qdtlscookie/qdtlscookie.pro new file mode 100644 index 0000000000..4caa89fe49 --- /dev/null +++ b/tests/auto/network/ssl/qdtlscookie/qdtlscookie.pro @@ -0,0 +1,15 @@ +CONFIG += testcase + +SOURCES += tst_qdtlscookie.cpp +QT = core network-private testlib + +TARGET = tst_qdtlscookie + +win32 { + CONFIG(debug, debug|release) { + DESTDIR = debug + } else { + DESTDIR = release + } +} + diff --git a/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp b/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp new file mode 100644 index 0000000000..c90e9cb2c8 --- /dev/null +++ b/tests/auto/network/ssl/qdtlscookie/tst_qdtlscookie.cpp @@ -0,0 +1,478 @@ +/**************************************************************************** +** +** Copyright (C) 2018 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the test suite of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:GPL-EXCEPT$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 3 as published by the Free Software +** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include <QtTest/QtTest> + +#include <QtNetwork/qhostaddress.h> +#include <QtNetwork/qsslsocket.h> +#include <QtNetwork/qudpsocket.h> +#include <QtNetwork/qdtls.h> + +#include <QtCore/qcryptographichash.h> +#include <QtCore/qsharedpointer.h> +#include <QtCore/qbytearray.h> +#include <QtCore/qstring.h> +#include <QtCore/qobject.h> +#include <QtCore/qtimer.h> +#include <QtCore/qdebug.h> + +#include <utility> +#include <vector> + +QT_BEGIN_NAMESPACE + +#define STOP_ON_FAILURE \ + if (QTest::currentTestFailed()) \ + return; + +class tst_QDtlsCookie : public QObject +{ + Q_OBJECT + +public slots: + void initTestCase(); + void init(); + +private slots: + // Tests: + void construction(); + void validateParameters_data(); + void validateParameters(); + void verifyClient(); + void cookieGeneratorParameters(); + void verifyMultipleClients(); + +protected slots: + // Aux. functions: + void stopLoopOnMessage(); + void serverReadyRead(); + void clientReadyRead(); + void handleClientTimeout(); + void makeNoise(); + void spawnClients(); + +private: + void sendClientHello(QUdpSocket *socket, QDtls *handshake, + const QByteArray &serverMessage = {}); + void receiveMessage(QUdpSocket *socket, QByteArray *message, + QHostAddress *address = nullptr, + quint16 *port = nullptr); + + static QHostAddress toNonAny(const QHostAddress &addr); + + enum AddressType + { + ValidAddress, + NullAddress, + BroadcastAddress, + MulticastAddress + }; + + QUdpSocket serverSocket; + QHostAddress serverAddress; + quint16 serverPort = 0; + + QTestEventLoop testLoop; + int handshakeTimeoutMS = 500; + + QDtlsClientVerifier listener; + using HandshakePtr = QSharedPointer<QDtls>; + HandshakePtr dtls; + + const QCryptographicHash::Algorithm defaultHash = +#ifdef QT_CRYPTOGRAPHICHASH_ONLY_SHA1 + QCryptographicHash::Sha1; +#else + QCryptographicHash::Sha256; +#endif + + using CookieParams = QDtlsClientVerifier::GeneratorParameters; + + QUdpSocket noiseMaker; + QHostAddress spammerAddress; + QTimer noiseTimer; + quint16 spammerPort = 0; + const int noiseTimeoutMS = 5; + + using SocketPtr = QSharedPointer<QUdpSocket>; + using ValidClient = QPair<SocketPtr, HandshakePtr>; + unsigned clientsToWait = 0; + unsigned clientsToAdd = 0; + std::vector<ValidClient> dtlsClients; + QTimer spawnTimer; +}; + +QHostAddress tst_QDtlsCookie::toNonAny(const QHostAddress &addr) +{ + if (addr == QHostAddress::Any || addr == QHostAddress::AnyIPv4) + return QHostAddress::LocalHost; + if (addr == QHostAddress::AnyIPv6) + return QHostAddress::LocalHostIPv6; + return addr; +} + +void tst_QDtlsCookie::initTestCase() +{ + QVERIFY(noiseMaker.bind()); + spammerAddress = toNonAny(noiseMaker.localAddress()); + spammerPort = noiseMaker.localPort(); +} + +void tst_QDtlsCookie::init() +{ + if (serverSocket.state() != QAbstractSocket::UnconnectedState) { + serverSocket.close(); + // Disconnect stopLoopOnMessage or serverReadyRead slots: + serverSocket.disconnect(); + } + + QCOMPARE(serverSocket.state(), QAbstractSocket::UnconnectedState); + QVERIFY(serverSocket.bind()); + + serverAddress = toNonAny(serverSocket.localAddress()); + serverPort = serverSocket.localPort(); + + dtls.reset(new QDtls(QSslSocket::SslClientMode)); + dtls->setPeer(serverAddress, serverPort); +} + +void tst_QDtlsCookie::construction() +{ + QDtlsClientVerifier verifier; + + QCOMPARE(verifier.dtlsError(), QDtlsError::NoError); + QCOMPARE(verifier.dtlsErrorString(), QString()); + QCOMPARE(verifier.verifiedHello(), QByteArray()); + + const auto params = verifier.cookieGeneratorParameters(); + QCOMPARE(params.hash, defaultHash); + QVERIFY(params.secret.size() > 0); +} + +void tst_QDtlsCookie::validateParameters_data() +{ + QTest::addColumn<bool>("invalidSocket"); + QTest::addColumn<bool>("emptyDatagram"); + QTest::addColumn<int>("addressType"); + + QTest::addRow("socket") << true << false << int(ValidAddress); + QTest::addRow("dgram") << false << true << int(ValidAddress); + QTest::addRow("addr(invalid)") << false << false << int(NullAddress); + QTest::addRow("addr(broadcast)") << false << false << int(BroadcastAddress); + QTest::addRow("addr(multicast)") << false << false << int(MulticastAddress); + + QTest::addRow("socket-dgram") << true << true << int(ValidAddress); + QTest::addRow("socket-dgram-addr(invalid)") << true << true << int(NullAddress); + QTest::addRow("socket-dgram-addr(broadcast)") << true << true << int(BroadcastAddress); + QTest::addRow("socket-dgram-addr(multicast)") << true << true << int(MulticastAddress); + + QTest::addRow("dgram-addr(invalid)") << false << true << int(NullAddress); + QTest::addRow("dgram-addr(broadcast)") << false << true << int(BroadcastAddress); + QTest::addRow("dgram-addr(multicast)") << false << true << int(MulticastAddress); + + QTest::addRow("socket-addr(invalid)") << true << false << int(NullAddress); + QTest::addRow("socket-addr(broadcast)") << true << false << int(BroadcastAddress); + QTest::addRow("socket-addr(multicast)") << true << false << int(MulticastAddress); +} + +void tst_QDtlsCookie::validateParameters() +{ + connect(&serverSocket, &QUdpSocket::readyRead, this, + &tst_QDtlsCookie::stopLoopOnMessage); + + QFETCH(const bool, invalidSocket); + QFETCH(const bool, emptyDatagram); + QFETCH(const int, addressType); + + QUdpSocket clientSocket; + QByteArray hello; + QHostAddress clientAddress; + quint16 clientPort = 0; + + sendClientHello(&clientSocket, dtls.data()); + STOP_ON_FAILURE + receiveMessage(&serverSocket, &hello, &clientAddress, &clientPort); + STOP_ON_FAILURE + + switch (addressType) { + case MulticastAddress: + clientAddress.setAddress(QStringLiteral("224.0.0.0")); + break; + case BroadcastAddress: + clientAddress = QHostAddress::Broadcast; + break; + case NullAddress: + clientAddress = {}; + break; + } + + if (emptyDatagram) + hello.clear(); + + QUdpSocket *socket = invalidSocket ? nullptr : &serverSocket; + QCOMPARE(listener.verifyClient(socket, hello, clientAddress, clientPort), false); + QCOMPARE(listener.verifiedHello(), QByteArray()); + QCOMPARE(listener.dtlsError(), QDtlsError::InvalidInputParameters); +} + +void tst_QDtlsCookie::verifyClient() +{ + connect(&serverSocket, &QUdpSocket::readyRead, this, + &tst_QDtlsCookie::stopLoopOnMessage); + + QUdpSocket clientSocket; + connect(&clientSocket, &QUdpSocket::readyRead, this, + &tst_QDtlsCookie::stopLoopOnMessage); + + // Client: send an initial ClientHello message without any cookie: + sendClientHello(&clientSocket, dtls.data()); + STOP_ON_FAILURE + // Server: read the first ClientHello message: + QByteArray dgram; + QHostAddress clientAddress; + quint16 clientPort = 0; + receiveMessage(&serverSocket, &dgram, &clientAddress, &clientPort); + STOP_ON_FAILURE + // Server: reply with a verify hello request (the client is not verified yet): + QCOMPARE(listener.verifyClient(&serverSocket, dgram, clientAddress, clientPort), false); + QCOMPARE(listener.verifiedHello(), QByteArray()); + QCOMPARE(listener.dtlsError(), QDtlsError::NoError); + // Client: read hello verify request: + receiveMessage(&clientSocket, &dgram); + STOP_ON_FAILURE + // Client: send a new hello message, this time with a cookie attached: + sendClientHello(&clientSocket, dtls.data(), dgram); + STOP_ON_FAILURE + // Server: read a client-verified message: + receiveMessage(&serverSocket, &dgram, &clientAddress, &clientPort); + STOP_ON_FAILURE + // Client's readyRead is not interesting anymore: + clientSocket.close(); + + // Verify with the address and port we extracted, do it twice (DTLS "listen" + // must be stateless and work as many times as needed): + for (int i = 0; i < 2; ++i) { + QCOMPARE(listener.verifyClient(&serverSocket, dgram, clientAddress, clientPort), true); + QCOMPARE(listener.verifiedHello(), dgram); + QCOMPARE(listener.dtlsError(), QDtlsError::NoError); + } + + // Test that another freshly created (stateless) verifier can verify: + QDtlsClientVerifier anotherListener; + QCOMPARE(anotherListener.verifyClient(&serverSocket, dgram, clientAddress, + clientPort), true); + QCOMPARE(anotherListener.verifiedHello(), dgram); + QCOMPARE(anotherListener.dtlsError(), QDtlsError::NoError); + // Now let's use a wrong port: + QCOMPARE(listener.verifyClient(&serverSocket, dgram, clientAddress, serverPort), false); + // Invalid cookie, no verified hello message: + QCOMPARE(listener.verifiedHello(), QByteArray()); + // But it's UDP so we ignore this "fishy datagram", no error expected: + QCOMPARE(listener.dtlsError(), QDtlsError::NoError); +} + +void tst_QDtlsCookie::cookieGeneratorParameters() +{ + CookieParams params;// By defualt, 'secret' is empty. + QCOMPARE(listener.setCookieGeneratorParameters(params), false); + QCOMPARE(listener.dtlsError(), QDtlsError::InvalidInputParameters); + params.secret = "abcdefghijklmnopqrstuvwxyz"; + QCOMPARE(listener.setCookieGeneratorParameters(params), true); + QCOMPARE(listener.dtlsError(), QDtlsError::NoError); +} + +void tst_QDtlsCookie::verifyMultipleClients() +{ + // 'verifyClient' above was quite simple - it's like working with blocking + // sockets, step by step - we write, then make sure we read a datagram back + // etc. This test is more asynchronous - we are running an event loop and don't + // stop on the first datagram received, instead, we spawn many clients + // with which to exchange handshake messages and verify requests, while at + // the same time dealing with a 'noise maker' - a fake DTLS client, who keeps + // spamming our server with non-DTLS datagrams and initial ClientHello + // messages, but never replies to client verify requests. + connect(&serverSocket, &QUdpSocket::readyRead, this, &tst_QDtlsCookie::serverReadyRead); + + noiseTimer.setInterval(noiseTimeoutMS); + connect(&noiseTimer, &QTimer::timeout, this, &tst_QDtlsCookie::makeNoise); + + spawnTimer.setInterval(noiseTimeoutMS * 10); + connect(&spawnTimer, &QTimer::timeout, this, &tst_QDtlsCookie::spawnClients); + + noiseTimer.start(); + spawnTimer.start(); + + clientsToAdd = clientsToWait = 100; + + testLoop.enterLoop(handshakeTimeoutMS * clientsToWait); + QVERIFY(!testLoop.timeout()); + QVERIFY(clientsToWait == 0); +} + +void tst_QDtlsCookie::sendClientHello(QUdpSocket *socket, QDtls *dtls, + const QByteArray &serverMessage) +{ + Q_ASSERT(socket && dtls); + dtls->doHandshake(socket, serverMessage); + // We don't really care about QDtls in this auto-test, but must be + // sure that we, indeed, sent our hello and if not - stop early without + // running event loop: + QCOMPARE(dtls->dtlsError(), QDtlsError::NoError); + // We never complete a handshake, so it must be 'HandshakeInProgress': + QCOMPARE(dtls->handshakeState(), QDtls::HandshakeInProgress); +} + +void tst_QDtlsCookie::receiveMessage(QUdpSocket *socket, QByteArray *message, + QHostAddress *address, quint16 *port) +{ + Q_ASSERT(socket && message); + + if (!socket->pendingDatagramSize()) + testLoop.enterLoopMSecs(handshakeTimeoutMS); + + QVERIFY(!testLoop.timeout()); + QVERIFY(socket->pendingDatagramSize()); + + message->resize(socket->pendingDatagramSize()); + const qint64 read = socket->readDatagram(message->data(), message->size(), + address, port); + QVERIFY(read > 0); + + message->resize(read); + if (address) + QVERIFY(!address->isNull()); +} + +void tst_QDtlsCookie::stopLoopOnMessage() +{ + testLoop.exitLoop(); +} + +void tst_QDtlsCookie::serverReadyRead() +{ + Q_ASSERT(clientsToWait); + + if (!serverSocket.pendingDatagramSize()) + return; + + QByteArray hello; + QHostAddress clientAddress; + quint16 clientPort = 0; + + receiveMessage(&serverSocket, &hello, &clientAddress, &clientPort); + if (QTest::currentTestFailed()) + return testLoop.exitLoop(); + + const bool ok = listener.verifyClient(&serverSocket, hello, clientAddress, clientPort); + if (listener.dtlsError() != QDtlsError::NoError) { + // exit early, let the test fail. + return testLoop.exitLoop(); + } + + if (!ok) // not verified yet. + return; + + if (clientAddress == spammerAddress && clientPort == spammerPort) // should never happen + return testLoop.exitLoop(); + + --clientsToWait; + if (!clientsToWait) // done, success. + testLoop.exitLoop(); +} + +void tst_QDtlsCookie::clientReadyRead() +{ + QUdpSocket *clientSocket = qobject_cast<QUdpSocket *>(sender()); + Q_ASSERT(clientSocket); + + if (!clientSocket->pendingDatagramSize()) + return; + + QDtls *handshake = nullptr; + for (ValidClient &client : dtlsClients) { + if (client.first.data() == clientSocket) { + handshake = client.second.data(); + break; + } + } + + Q_ASSERT(handshake); + + QByteArray response; + receiveMessage(clientSocket, &response); + if (QTest::currentTestFailed() || !handshake->doHandshake(clientSocket, response)) + testLoop.exitLoop(); +} + +void tst_QDtlsCookie::makeNoise() +{ + noiseMaker.writeDatagram({"Hello, my little DTLS server, take this useless dgram!"}, + serverAddress, serverPort); + QDtls fakeHandshake(QSslSocket::SslClientMode); + fakeHandshake.setPeer(serverAddress, serverPort); + fakeHandshake.doHandshake(&noiseMaker, {}); +} + +void tst_QDtlsCookie::spawnClients() +{ + for (int i = 0; i < 10 && clientsToAdd; ++i, --clientsToAdd) { + ValidClient newClient; + newClient.first.reset(new QUdpSocket); + connect(newClient.first.data(), &QUdpSocket::readyRead, + this, &tst_QDtlsCookie::clientReadyRead); + newClient.second.reset(new QDtls(QSslSocket::SslClientMode)); + newClient.second->setPeer(serverAddress, serverPort); + connect(newClient.second.data(), &QDtls::handshakeTimeout, + this, &tst_QDtlsCookie::handleClientTimeout); + newClient.second->doHandshake(newClient.first.data(), {}); + dtlsClients.push_back(std::move(newClient)); + } +} + +void tst_QDtlsCookie::handleClientTimeout() +{ + QDtls *handshake = qobject_cast<QDtls *>(sender()); + Q_ASSERT(handshake); + + QUdpSocket *clientSocket = nullptr; + for (ValidClient &client : dtlsClients) { + if (client.second.data() == handshake) { + clientSocket = client.first.data(); + break; + } + } + + Q_ASSERT(clientSocket); + handshake->handleTimeout(clientSocket); +} + +QT_END_NAMESPACE + +QTEST_MAIN(tst_QDtlsCookie) + +#include "tst_qdtlscookie.moc" diff --git a/tests/auto/network/ssl/qpassworddigestor/qpassworddigestor.pro b/tests/auto/network/ssl/qpassworddigestor/qpassworddigestor.pro new file mode 100644 index 0000000000..3e2685f579 --- /dev/null +++ b/tests/auto/network/ssl/qpassworddigestor/qpassworddigestor.pro @@ -0,0 +1,4 @@ +CONFIG += testcase +TARGET = tst_qpassworddigestor +QT = core network testlib +SOURCES = tst_qpassworddigestor.cpp diff --git a/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp b/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp new file mode 100644 index 0000000000..bbd6c72ca8 --- /dev/null +++ b/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor.cpp @@ -0,0 +1,171 @@ +/**************************************************************************** +** +** Copyright (C) 2018 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the test suite of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:GPL-EXCEPT$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 3 as published by the Free Software +** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include <QtTest/QtTest> +#include <QtNetwork/qpassworddigestor.h> +#include <QtCore/QByteArray> + +class tst_QPasswordDigestor : public QObject +{ + Q_OBJECT +private Q_SLOTS: + void pbkdf1Vectors_data(); + void pbkdf1Vectors(); + void pbkdf2Vectors_data(); + void pbkdf2Vectors(); +}; + +void tst_QPasswordDigestor::pbkdf1Vectors_data() +{ + QTest::addColumn<QCryptographicHash::Algorithm>("algorithm"); + QTest::addColumn<QByteArray>("password"); + QTest::addColumn<QByteArray>("salt"); + QTest::addColumn<int>("iterations"); + QTest::addColumn<int>("dkLen"); + QTest::addColumn<QByteArray>("result"); + + // data from + // https://web.archive.org/web/20160912052752/https://www.di-mgt.com.au/cryptoKDFs.html#examplespbkdf + // (Note: this is not official, but at least it's something to compare with.) + QTest::newRow("di-mgt") << QCryptographicHash::Sha1 << QByteArray::fromHex("70617373776F7264") + << QByteArray::fromHex("78578E5A5D63CB06") << 1000 << 16 + << QByteArray::fromHex("DC19847E05C64D2FAF10EBFB4A3D2A20"); +} + +void tst_QPasswordDigestor::pbkdf1Vectors() +{ + QFETCH(QCryptographicHash::Algorithm, algorithm); + QFETCH(QByteArray, password); + QFETCH(QByteArray, salt); + QFETCH(int, iterations); + QFETCH(int, dkLen); + QFETCH(QByteArray, result); + + QCOMPARE(QPasswordDigestor::deriveKeyPbkdf1(algorithm, password, salt, iterations, dkLen), result); +} + +void tst_QPasswordDigestor::pbkdf2Vectors_data() +{ + QTest::addColumn<QCryptographicHash::Algorithm>("algorithm"); + QTest::addColumn<QByteArray>("password"); + QTest::addColumn<QByteArray>("salt"); + QTest::addColumn<int>("iterations"); + QTest::addColumn<int>("dkLen"); + QTest::addColumn<QByteArray>("result"); + + // data from https://tools.ietf.org/html/rfc6070 + auto hash = QCryptographicHash::Sha1; + QTest::newRow("rfc6070-1") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt") + << 1 << 20 + << QByteArray::fromHex("0c60c80f961f0e71f3a9b524af6012062fe037a6"); + QTest::newRow("rfc6070-2") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt") + << 2 << 20 + << QByteArray::fromHex("ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"); + QTest::newRow("rfc6070-3") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt") + << 4096 << 20 + << QByteArray::fromHex("4b007901b765489abead49d926f721d065a429c1"); +#if 0 + // Excluding: takes about 3 minutes to run + QTest::newRow("rfc6070-4") << hash << QByteArrayLiteral("password") << QByteArrayLiteral("salt") + << 16777216 << 20 + << QByteArray::fromHex("eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"); +#endif + QTest::newRow("rfc6070-5") << hash << QByteArrayLiteral("passwordPASSWORDpassword") + << QByteArrayLiteral("saltSALTsaltSALTsaltSALTsaltSALTsalt") << 4096 + << 25 + << QByteArray::fromHex( + "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"); + QTest::newRow("rfc6070-6") << hash << QByteArrayLiteral("pass\0word") + << QByteArrayLiteral("sa\0lt") << 4096 << 16 + << QByteArray::fromHex("56fa6aa75548099dcc37d7f03425e0c3"); + + // the next few bits of data are from https://tools.ietf.org/html/rfc3962#appendix-B + QByteArray password = QByteArrayLiteral("password"); + QByteArray salt = QByteArrayLiteral("ATHENA.MIT.EDUraeburn"); + QTest::newRow("rfc3962-1") << hash << password << salt << 1 << 16 + << QByteArray::fromHex("cdedb5281bb2f801565a1122b2563515"); + QTest::newRow("rfc3962-2") + << hash << password << salt << 1 << 32 + << QByteArray::fromHex("cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837"); + QTest::newRow("rfc3962-3") << hash << password << salt << 2 << 16 + << QByteArray::fromHex("01dbee7f4a9e243e988b62c73cda935d"); + QTest::newRow("rfc3962-4") + << hash << QByteArrayLiteral("password") << salt << 2 << 32 + << QByteArray::fromHex("01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86"); + QTest::newRow("rfc3962-5") << hash << password << salt << 1200 << 16 + << QByteArray::fromHex("5c08eb61fdf71e4e4ec3cf6ba1f5512b"); + QTest::newRow("rfc3962-6") + << hash << password << salt << 1200 << 32 + << QByteArray::fromHex("5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13"); + + salt = QByteArray::fromHex("1234567878563412"); // 0x1234567878563412 + QTest::newRow("rfc3962-7") << hash << password << salt << 5 << 16 + << QByteArray::fromHex("d1daa78615f287e6a1c8b120d7062a49"); + QTest::newRow("rfc3962-8") + << hash << password << salt << 5 << 32 + << QByteArray::fromHex("d1daa78615f287e6a1c8b120d7062a493f98d203e6be49a6adf4fa574b6e64ee"); + + password = QByteArray(64, 'X'); + salt = "pass phrase equals block size"; + QTest::newRow("rfc3962-9") << hash << password << salt << 1200 << 16 + << QByteArray::fromHex("139c30c0966bc32ba55fdbf212530ac9"); + QTest::newRow("rfc3962-10") + << hash << password << salt << 1200 << 32 + << QByteArray::fromHex("139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1"); + + password.append('X'); + salt = "pass phrase exceeds block size"; + QTest::newRow("rfc3962-11") << hash << password << salt << 1200 << 16 + << QByteArray::fromHex("9ccad6d468770cd51b10e6a68721be61"); + QTest::newRow("rfc3962-12") + << hash << password << salt << 1200 << 32 + << QByteArray::fromHex("9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a"); + + password = QByteArray::fromHex("f09d849e"); // 0xf09d849e + salt = "EXAMPLE.COMpianist"; + QTest::newRow("rfc3962-13") << hash << password << salt << 50 << 16 + << QByteArray::fromHex("6b9cf26d45455a43a5b8bb276a403b39"); + QTest::newRow("rfc3962-14") + << hash << password << salt << 50 << 32 + << QByteArray::fromHex("6b9cf26d45455a43a5b8bb276a403b39e7fe37a0c41e02c281ff3069e1e94f52"); +} + +void tst_QPasswordDigestor::pbkdf2Vectors() +{ + QFETCH(QCryptographicHash::Algorithm, algorithm); + QFETCH(QByteArray, password); + QFETCH(QByteArray, salt); + QFETCH(int, iterations); + QFETCH(int, dkLen); + QFETCH(QByteArray, result); + + QCOMPARE(QPasswordDigestor::deriveKeyPbkdf2(algorithm, password, salt, iterations, dkLen), result); +} + +QTEST_MAIN(tst_QPasswordDigestor) +#include "tst_qpassworddigestor.moc" diff --git a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro index 7c1cd5b66b..7e6870f74b 100644 --- a/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro +++ b/tests/auto/network/ssl/qsslcertificate/qsslcertificate.pro @@ -1,7 +1,6 @@ CONFIG += testcase SOURCES += tst_qsslcertificate.cpp -win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslcertificate diff --git a/tests/auto/network/ssl/qsslcipher/qsslcipher.pro b/tests/auto/network/ssl/qsslcipher/qsslcipher.pro index 81ef2d8d9a..392d22c054 100644 --- a/tests/auto/network/ssl/qsslcipher/qsslcipher.pro +++ b/tests/auto/network/ssl/qsslcipher/qsslcipher.pro @@ -1,7 +1,6 @@ CONFIG += testcase SOURCES += tst_qsslcipher.cpp -win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslcipher diff --git a/tests/auto/network/ssl/qssldiffiehellmanparameters/qssldiffiehellmanparameters.pro b/tests/auto/network/ssl/qssldiffiehellmanparameters/qssldiffiehellmanparameters.pro index dee95886e0..2d45f4476c 100644 --- a/tests/auto/network/ssl/qssldiffiehellmanparameters/qssldiffiehellmanparameters.pro +++ b/tests/auto/network/ssl/qssldiffiehellmanparameters/qssldiffiehellmanparameters.pro @@ -2,7 +2,6 @@ CONFIG += testcase CONFIG += parallel_test SOURCES += tst_qssldiffiehellmanparameters.cpp -win32: LIBS += -lws2_32 QT = core network testlib TARGET = tst_qssldiffiehellmanparameters diff --git a/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro b/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro index a180086c5e..7eae6ae864 100644 --- a/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro +++ b/tests/auto/network/ssl/qsslellipticcurve/qsslellipticcurve.pro @@ -1,7 +1,6 @@ CONFIG += testcase SOURCES += tst_qsslellipticcurve.cpp -win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslellipticcurve diff --git a/tests/auto/network/ssl/qsslerror/qsslerror.pro b/tests/auto/network/ssl/qsslerror/qsslerror.pro index 117fd4ac27..83644d093c 100644 --- a/tests/auto/network/ssl/qsslerror/qsslerror.pro +++ b/tests/auto/network/ssl/qsslerror/qsslerror.pro @@ -1,7 +1,6 @@ CONFIG += testcase SOURCES += tst_qsslerror.cpp -win32:LIBS += -lws2_32 QT = core network testlib TARGET = tst_qsslerror diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-DES.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-DES.der Binary files differnew file mode 100644 index 0000000000..e70bde5820 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-DES.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-DES.pem new file mode 100644 index 0000000000..fd62743d94 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-DES.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHwMBsGCSqGSIb3DQEFAzAOBAiBYHv8jvBwMQICCAAEgdCwfamafrN1nvpdnF5t +KCPgBvRGfV9zStK+XItBAe72CZdAy1Jjr2UJHc8Rl3OEo2hmCr+892/lhK7GIugj +oLOvON3VEqrUvrvmH0Qtm+/A/ypq14Lr4sBfq7bViM44bv/DUwHMD5/xmLtSzXlC +AjjioBJ/k4K+6DzD3+eMDNr6Z9rCUcvJP6q8+PPhpIXEJquA3RYuyuDhdIbazO5A +iMts7PbzBzW/4YhENPWaUdviuRZo/ap+WDJ/SdwiNxOxx7KrWgj3y2dAtNnVAv5T +njE4 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-RC2-64.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-RC2-64.der Binary files differnew file mode 100644 index 0000000000..40bbe6a441 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-RC2-64.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-RC2-64.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-RC2-64.pem new file mode 100644 index 0000000000..6a8a8484e0 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-MD5-RC2-64.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHwMBsGCSqGSIb3DQEFBjAOBAga2K6FvYk1ygICCAAEgdCV9m57p+DrBrVafXUq +8pgdr+1FEX9YaFXNRMKyPZ5Ca6t5RsPpWC3RdGlieH4iVp03/rlTttx0rLUWx3IG +gsrd2adrP6Bl/lbEJnZ6lIeZz2KvPbbhfmRMCIhr/h24JSi5lmGl5KzxQXSm9ujb +/5jtN/QtoQ3cLWpNn1SwMNdIAYgEpnCghwqITbBwMovD8yd2YNbNbejG/T+q6bwl +GJE46OSX+IAWQ/wJejdq//ozD3m2PxjK6nktWeqAeoqcycYGYGKvta27lNqyuE3M +BdGT +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-DES.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-DES.der Binary files differnew file mode 100644 index 0000000000..6ebe9c4011 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-DES.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-DES.pem new file mode 100644 index 0000000000..3422931606 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-DES.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHwMBsGCSqGSIb3DQEFCjAOBAjj2EIj8WAOWwICCAAEgdB4G1oLnLtLAGaZtpGb +vU2g4g3pJtQLJX1H0a/cmXO1OrX7YRcESvw8nocZjNKKWCehfQqinRBpVUsoaGUw +QssIDKlWkW3LbM11F6YMI5GCzN5bpWcJazQRyHEnIk/OTQN3aeKjnYQXep1nt7tN +INKsCAVyx1cYfr3izxGRwN2hTraz5fBdeBpEye+Essn5KziwET32EbW+kt+wsule +k4tvnKgCOvbvVzqIdafH/FfP04KRv39O+HR3evoBjhGudUxXJ0OLp8IZkG+34f3P +ZQxC +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-RC2-64.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-RC2-64.der Binary files differnew file mode 100644 index 0000000000..c8ae94c4f8 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-RC2-64.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-RC2-64.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-RC2-64.pem new file mode 100644 index 0000000000..93857f010b --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-PBE-SHA1-RC2-64.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHwMBsGCSqGSIb3DQEFCzAOBAgrv/kKBXNFAwICCAAEgdAFpWxMmQygufWZpeAI +heJ3uqyb5bnahW75t2HWQZTb1qEqp62/iLr1IlbHmZAQbJc0+VLhXz/2QtK3q/BB +bHpa9cWGFi2HVgO4dFjSI7X68QrM93GPGHqwtnVZnlo2aPHgA6BzotEEwklXl4Db +BbPKo0vBUVA9ZKaN0lH+Pzj/Rb37kC6xRWBjNd87jaszykcNFYkTNrrG8nESHJAw +fTeHwrsGsmIz8FfOxRfqXrPwOiA5AZZ/S/8Jt2gtoOW5ydY6/Bfp0aEwAIhwxjFJ +cy6N +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..2c2caa0665 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA1.pem new file mode 100644 index 0000000000..0797d9167f --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA1.pem @@ -0,0 +1,9 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBHjBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI8mhki8A7ijgCAggA +MB0GCWCGSAFlAwQBAgQQbVjLreAybYGwsnk4ZMQUIgSB0Ozr2DfP+rkb58tT748m ++7xe+bhpT3xrrSpUsB2RXUH/6M7hVjb+XZ/JSAegqkuZq08df+ezpHjWX/W+IVL4 +Sx0wZWNW51TiwGymNFuBwSVliqCvndAaY+EIY3bsME5RFik86R4iAbtrxalWPFoR +jscLkGtNstQR5JQCOccTN7h5jRBwEFrArqfPv+XZb5ysy9FjFnVDuspFg/CysIJD +V7WEJcxOzEIk2bbxY4UEpLhfFv8RHrV8M7jmjVRC+mN094zMnzBVSv8KIjk0Ljff +ysY= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..3f3bd2e8ea --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA256.pem new file mode 100644 index 0000000000..e78d69ae8a --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes128-hmacWithSHA256.pem @@ -0,0 +1,9 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBLDBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQICIPD0G0X/sECAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDSrIv/kITtQ/RL5j675WqsBIHQ +oSiQJLyXPOmnNYmWLw4Biom8Utn/I8109mUujVPhUA63njp0I/jGwNn4FcdilZlO +TTCKIxlzG3zhztS5xqxQFuzWNQdTgfqzO7DSi/ZtGErvZi+ShaiQU7ri7LYRIw8C +7YtXiPrfPSKpfyU0adD2socAa1OlnvinoaHYd/QNs4EEv3hahIiq/nHpzRkb2qdX +XIruJhlvF4B07aYfmRvMK4CVd6VGXfGfGXECFqMk5b7HwJzkMTbtB2bsMTNguGxK +o1+Hf3PHRst6q1776z8ENw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..f078644544 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA1.pem new file mode 100644 index 0000000000..9a6b147602 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA1.pem @@ -0,0 +1,9 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBHjBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIdlQB+08q40gCAggA +MB0GCWCGSAFlAwQBKgQQ3dY2cSZfdPyeYlHRO+M63wSB0DjoR/cQ2rLkW1Ur8V1q +LG/0nv0O1mVK8Sj+BcOje/nqMU67lRdkXVI1yICmpwrwFEkwIV6zHIx+Dwriliel +h0yXsTLaBmMQeJo17J6kOyuW+C0Mr8CqlnAVEoEQI7FPes7rtw6W0wkuuPPw3vEs +RKB8xwdfS5t5ot5DtKZ5rN+6XbtRA/jdfi1O6ekKzeT0fpRGP+ppTEmCh77+8Ity +/BwPKGXepZpHkOcDOvWGdDiuy7vhA5gaYyzpXPD2Fo3V5cobFzgLzT3in+b6YtV4 +s/4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..618be6ad9c --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA256.pem new file mode 100644 index 0000000000..a82c2fbc94 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-aes256-hmacWithSHA256.pem @@ -0,0 +1,9 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBLDBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIVsIsQ3kPm5gCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAOdrxyNKYeoKCTuDXeYiwpBIHQ +DheVgnsmJ7bYb5Y02qOdCjfYEUje8bvendhIsG41recaNjdHcWQB1JOV8anmZPJ+ +4buMQhE9Lfw5Hvg2x0pqkvQCV0aUWUwwybnoQ9T8z0z67WJG6f03m9eE+Mzw9Q0D +wavghqO/lnh9uGd4Tdfzuj0NWHbrey7ags81fZ9jWOdX/M5LywFr7oThokfq6LlH +rpnK13j9MUVrmmSvsjVXGjWErEaTXbJOpCeyDn1510iI5pyGRZpicmfHzE6YNHvF +dKSlxRWO+cOxE9Ax9dm5mg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..33ca45e2c9 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA1.pem new file mode 100644 index 0000000000..ec276fd807 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA1.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBFTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIwE9ZHpXAOK8CAggA +MBQGCCqGSIb3DQMHBAgOtF6y98HdvQSB0KtvnVtpFqjG8OLzPyZrugisgiYBgvoU +62D+rfO5Ji4cbWwuQEeS3ywI7rHH6BG8+mxcVeQHSmGZi336M/j0erO/yo6MnkrU +a8pfrqfPvLJPa+2FPSWlM/+ppj+kcaZa0B8pF/mioBThID8KhDFm8CG4UwP4P2Kn +GUUGmM9cyNdPFWuVg8PyY1zHcx2GNiL4XZcKp1qsGf75uso8DmgrvI+c9yDD+5ag +rPmsgFSy3XtlNmYGyLq1pW4rQ6ivLknZc5oweqjISVT3jKjJqowgJYo= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..6d23cd3604 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA256.pem new file mode 100644 index 0000000000..f33f0dc4c4 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-des3-hmacWithSHA256.pem @@ -0,0 +1,9 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBIzBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI584onGZg/sMCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMEvKBdjD2B+BIHQlCNsdhKhN8ce +l73RzS4AUNbPamaLPV+l+vy8F4jjziCux0RwS/83ju/XlD/TntSYH4RYx/2vNHo5 +/YVGinOSTHZD7BqHHOxTjMqlVY4uFU2oJcGQ2VIsbVuPiL78Tq6XcuaIy5ElXjte +g/qa8y9/cJM9wm6O1XMfIIL6AboBdbVloStvij3HOOOOlZp6161+QlmADdo2yJJ2 +byP7SoC4I6fLDrKZub8+AEcPFCjvLZ6a9HmCF8aw/rvVqOZ91YJOxgsPYYmOXJtG +sYzN48y81w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.der Binary files differnew file mode 100644 index 0000000000..f195c03e3b --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.pem new file mode 100644 index 0000000000..d317c53836 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHxMBwGCiqGSIb3DQEMAQQwDgQIcCYglgSeP+sCAggABIHQXnZlcc/CDvsT/3aQ +o2E6AgnJgaq6P2l41yQ6BuomXRSI+KoP+nYWC2fAtb/URgdoNstrflNjTGysSdyl +CU7A1FnrQkoSvvLElcy25/ttuH9LE4adbhCiKgv2NQXXY/2Lzeeq1e3iqLg7/5wx +7B2XmgQvMV3EHN1uJWVDKuevOOJ5ULKYONELDaicrlm8IumdhWMvp3ypUrHe6hSD +i2YYZf8eXfCY0NIRFeXluEgK4MFz/iEkl7aYpNDSA9F7Uk6TC3IRQu3yFs0GR37b +4fDtpg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.der Binary files differnew file mode 100644 index 0000000000..96b54c3f5d --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.pem new file mode 100644 index 0000000000..2fe8300613 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHxMBwGCiqGSIb3DQEMAQMwDgQIwZ3Xa+/tptsCAggABIHQmdPeV+Zd96TBIGM+ +kYRNqxckxWbVWE8EBWzJOwjlvrOxhVi3hbSl4QM3cMyNFv0ssyuJiXGQQ7+6/dkp +UxPWigaSJkemDMtDTQNpHcK/4Ekao+PlAvzgi6wG0lUfL4ioSiEqrE5DlcdfctdR +Nj9mF4u0rekPWthXhfHcmDxQKSORDi8gYfyQUaV59niKQGIYMsVz4Bu2fwrrTLFn +NjzyHhYsva2GLAfEWNB13/VtIv4gJaB5mZpzLf81VWe52rR7rZWb3R/rWEz9FFQm +vrgagw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.der Binary files differnew file mode 100644 index 0000000000..7fd85f55db --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem new file mode 100644 index 0000000000..e9faf30e61 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHxMBwGCiqGSIb3DQEMAQUwDgQIMLBXkL2mR68CAggABIHQkquhoK6Ep0EtnjC7 +V2FbRzYrFSvOakBOGuU6U6p+JeStbTRp4gLQ9hY/8xG7l0GrzM8dlcrO5QnI9Ypk +zw6a/9FTE+ROpQYGiRjnhdegRguIn6aaCdejfu5s4g09kz/Y6saM1LBkA/hby0m9 +YWB8IFg+/B8qLScjnhn7UOBm4HAW/UywXGH7IFH87ml1g87xlDu88GhcP8iqenco +TrfPCQDoa+C0EBLV8yTR5aG66kK6BrWXNkyZgUiuhUF1TYmZhZDaiUJ4Er4gMlgA +C8o6qw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.der Binary files differnew file mode 100644 index 0000000000..c0d8b9bb3f --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem new file mode 100644 index 0000000000..a1d968b912 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHxMBwGCiqGSIb3DQEMAQYwDgQI3y3PINAU1csCAggABIHQEPD8M7YheSdikqwW +tem/Oz+CZxAXWCBYokpxSeGexFR85Ni2bd/wr8tT4Mv5nNrPLlcNMrKLYCTWryEu +PtW1XtMp881xmPM9QMgrFRfhiGeVfveEmKZzdGrXN5RRqa20Xa0ufEqaJpvfJHIz +meWfNkAUtr0RhwK1tMfjxg3CvnSXG1l/cegvUgsc5Nq4VfCOwLYAPY24ltYIZrAp +JKuc9XkbBx+Uow4kOVpOBTA28giB9gywSbpn1/bCgrm1iBltlrC1bOI2UEYLXAK8 +S8kOew== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.der Binary files differnew file mode 100644 index 0000000000..59f01c9057 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem new file mode 100644 index 0000000000..29da203ac1 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHqMBwGCiqGSIb3DQEMAQEwDgQIS1fq1s4wBy4CAggABIHJsEjsk3aow+m3DXPe +1KCnwl0qXzzh96JCrtAa+2pWytp52+mZphUgnNXYkIoj0rdqJbr1y4/3t73ffVFG +TU/4401k2QTSKo2mObTxY811fnWImBbNG3BJVmoq8zvJuHrctfVQuKBQb9UFA7RF +E5WrYwkNXfRxgSsuUgtMvklHyxeAjxdZ0vWennUuPkJIa4XQhIY5gqMiume8dCGl +mDujTHUPhBjRKifaGQv2hvc8l7FgjUlUY1DcZIl0AapzF3jEXS/Se90FOE2M +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.der Binary files differnew file mode 100644 index 0000000000..f185d58b51 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem new file mode 100644 index 0000000000..3dd08fd969 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHqMBwGCiqGSIb3DQEMAQIwDgQICCPn/nJOcwECAggABIHJY1EqBsfnKkOsytQR +ujblH/MciuYQ5PIkhS+rfEyYvNaQAM4ELbZjBOhqhPxpWgV/nwzl5lbjGHGaBojp +uH6Tm9L/J/DUVXt5U6i0bmuJ3vUQL9t8WlLwWKEUbszMOJfzgn+q7pr2AViOwcgA +kL9JD3fTL7KspScIvYo8JD5YomwzDTMyhJFtkvKpjDtBsBkZxvmDRtBnjYYDAvie +ICGKQ5ojeZD2p2v69ra9bhAOXi/wz+AMotLVWa8myrOb7B+X/b0xEnoOqxKL +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..a3d1fa4c9b --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA1.pem new file mode 100644 index 0000000000..9adf8802c3 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA1.pem @@ -0,0 +1,9 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBHTBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQI7hWoVS10HvICAggA +AgEQMBkGCCqGSIb3DQMCMA0CAToECLPHM3qUvtYPBIHQl36zBfnW7J89+Kl+tLa4 +rm9Iu8KpMNJm2bnuLptltF/e5Vyp92xRvuCoaAVQka0dq4jKOVOkruMfHHHOf22g +mxpwtJfYvKqqjW2KH2FE0Y3l1XPV6o4Of5FbhvcULDmNtCoFlme0hoAoHm1kUUzS +Ed4CJqc6VpYpHGCv8X6k+0j274XnPqRJaY8KizrD0+/i6vS/nu/srxLqt9COT9nS +tVTQL/CRmmXf8/jSdVLDMKjjboFU1FtVZnOq4yAAuJiBZFtfmIF5+EI1dbXMbMdF +MA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..398d47b4c4 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA256.pem new file mode 100644 index 0000000000..de0d9179a2 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8-rc2-hmacWithSHA256.pem @@ -0,0 +1,9 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBKzBWBgkqhkiG9w0BBQ0wSTAsBgkqhkiG9w0BBQwwHwQIysmtT0sgtmsCAggA +AgEQMAwGCCqGSIb3DQIJBQAwGQYIKoZIhvcNAwIwDQIBOgQI3Lf5sOaUEmsEgdDE +0UkzkZdDMLBn9gGk9plFNb+2QKT2l0M1byplj92l8+eSv9stLTSf3v9STP7c/plJ +PMj4RUym4W7URvFhIEicyLDYNL7nD9JELC2i7E6S3NaSAZVeOxSl4gxEVtOPC00i +Dy/AISKSeNNBJkdUwT+m7as8Uc4+M1eitfMBQFUjRWQONpzw/2NtIeqI14VKPAM0 +1kVQTsO7TLEAwj7Jd1iscGakz+Ib7zMl1pCbVHrlh6nHrKvF+gvMDw5eC952CbpD +XCcPq3tU2j6KGGzK3ksd +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8.der b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8.der Binary files differnew file mode 100644 index 0000000000..ecd0670072 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8.der diff --git a/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8.pem b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8.pem new file mode 100644 index 0000000000..a6f6f734eb --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/dsa-pri-512-pkcs8.pem @@ -0,0 +1,7 @@ +-----BEGIN PRIVATE KEY----- +MIHIAgEAMIGpBgcqhkjOOAQBMIGdAkEA+7WshnhYKUIf+71hYgDUGQcSk2JxzOw6 +rpKt3fkIafnkm6KnXeTIPrWlSLAhtHpsCX56HDzYu69BRyVjuYiFxwIVAJljwa1Y +uxEZ/+w73/UFLgvb0juZAkEAhk+R4vDxKY6w78hLyCfhSwnT4L3BWn6pINaAM4NU +lVzsYP6ye4R9vCvc2h+254GszhsjvKrCzl1RDI3UyJenAgQXAhUAl95kGzNYPVm5 +Y+2jpGA9N2PkcCU= +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-DES.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-DES.der Binary files differnew file mode 100644 index 0000000000..7af45943cb --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-DES.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-DES.pem new file mode 100644 index 0000000000..91874a9b29 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-DES.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGgMBsGCSqGSIb3DQEFAzAOBAihGk2iurZE8wICCAAEgYCaneaK9dlMsDGD11jl +F5etfmvAbUbpzVmooM4ORHweCnP/DiwJVyQ02dU3PlB0teLCG6DyJCl6CaOhZjRc +cDE4fYIBBVtLlcqwr8oc73DWi3azJ+/KdkuUQyHZEkzNo9Thi1owDI6XMlWbFZwd +wSlfuk9AghDAN8/n3iMu87veSQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-RC2-64.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-RC2-64.der Binary files differnew file mode 100644 index 0000000000..14bb01d10d --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-RC2-64.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-RC2-64.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-RC2-64.pem new file mode 100644 index 0000000000..30b186b796 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-MD5-RC2-64.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGgMBsGCSqGSIb3DQEFBjAOBAgQKZdqJ6i7cQICCAAEgYCfJQJakYch640S/EA0 +tLuO7xxLgeI9gxeooy0GM9FeHiDencz9BXJrFFpXLs8J5IgVuj2zjfMDOuf/3zCa +gn1itwByKWPLXHx5vRUAT5zds2F3uBo7RCQj+FlR3xv4Xuqwx34qfYJpafORpi7/ +eO6M4V2BnAkws1b5UK0WDjFfSQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-DES.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-DES.der Binary files differnew file mode 100644 index 0000000000..689780f8a1 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-DES.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-DES.pem new file mode 100644 index 0000000000..1f737d9803 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-DES.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGgMBsGCSqGSIb3DQEFCjAOBAjruvWW+JZt7wICCAAEgYAgvrADpBoAMNrS8uYX +9FTnHUsGr5Sg3e2ueEwMUGsnGliJJTa58r9634RffN6uyB8jBihCdQw5iBbzLkC2 +ltEVcOR8pNQvprGXX4X/jwOY4RhyKrb89YdZ2BZ4orzY5cL+6nGYQKEm3WlrXW+a +Ncq6UvRpVmHqQ0OW+zuCbi5/nA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-RC2-64.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-RC2-64.der Binary files differnew file mode 100644 index 0000000000..a06790a254 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-RC2-64.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-RC2-64.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-RC2-64.pem new file mode 100644 index 0000000000..814c341760 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-PBE-SHA1-RC2-64.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGgMBsGCSqGSIb3DQEFCzAOBAg95ivo7up6egICCAAEgYDAMawlX0a61+iLgab0 +Zi62Ef7g0Jdj0KG4NeKmWrmuCXI3HBiAVv878vWkL8cMx5DqhBDw8A14aOxCkIm9 +uZ5twNwunINclMQtYxL7mtQLjUr50sFFY/Dd2PH669Qb6dqZC6efO7y31n93+fUI +gyntTIXfeuUSg8uw/qG9Vfa6oQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..fe071489cb --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA1.pem new file mode 100644 index 0000000000..d7c41b121d --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA1.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHOMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAhC3xITYW8eRQICCAAw +HQYJYIZIAWUDBAECBBDUQa3ddOnliyQ/qIYEFmK2BIGASDcmbEFHEwmV9uJzQEI4 +hfZTOVaR0lYHCTTnJjEsbM8oyvVvMxJkefNqPVkBF1Oc4nHaN6LEPIZRpHYJxjDH +tk7RFlcvSlS2Dcv41y+2Bcj1dMtocXM1t6jxo5nioeBnHCUQr3VsDT9+eJvithY9 +UyUqUt+P5f1H1LCpqD3BYcc= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..62113a1e6b --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA256.pem new file mode 100644 index 0000000000..83e58214fb --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes128-hmacWithSHA256.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHcMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjv/NQpQZwZbgICCAAw +DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEPMGCKos4+H6cwxOhDR8UbQEgYC6 +01v9qHJnnFkHBbQ7L4xpWY3RVHTalKfCfLQErqwPx1akV7BPdCZmjd4rAdIGLImy +kaaAPVrJ3GVjF6fW+E9UIGoDEbFeZ1hlnTzhOTqUwGiBrCM0SY3XDyBxSdqv/Pk/ +M4Ibk/lDycV/kWm26j2I9OYPxedj4vdPgXPxEi7FeQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..232a6cf2cd --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA1.pem new file mode 100644 index 0000000000..294278ea44 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA1.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHOMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAgYx6Cuor4IHQICCAAw +HQYJYIZIAWUDBAEqBBDc1FODsp0BBJI/EOjU/nA1BIGAUIe6lzmR2cWVQUAW6gF8 +UdykIWS5E4AnbPtaiVdFNmhyjtUq10gf67jX3/hfA3QXwDCTT1aot+5Vjrb57M8S +hjxrs871w0UvzBmrTLJA2/BWPz5gni72fj1N5JGYUKI4MFKHGhv53iUzW/E8KiRW +ab4KY+hUF9zFcXOBwOGvG7E= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..0f4075965a --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA256.pem new file mode 100644 index 0000000000..90ab751415 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-aes256-hmacWithSHA256.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHcMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAg+0vyp4rA5hgICCAAw +DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEDlKgIIcdKfiQcsZLfQt97cEgYAD +TrjldhQKT8SjAnmChT/knsUeJzThLxKpdpRwbr8qYTZbCmngbb2oYBkrNzAwGoVM ++cj+6p3EgP7T/zjJYj7EArRvs7FM0spxqre2bQY3GG5E3PDGyR/h4nwdVTzorqNw +/35Dtl8ifbnVI4SCwTtifnCDsz9TjIXszixrCm354g== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..669cb1f9cc --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA1.pem new file mode 100644 index 0000000000..233dd94a18 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA1.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHFMEAGCSqGSIb3DQEFDTAzMBsGCSqGSIb3DQEFDDAOBAjU9TMJNWzzUAICCAAw +FAYIKoZIhvcNAwcECEd8I4R+1rlZBIGABNupNKmIR5j2lAyQAbDjXX2PtpOGH0+k +KXnS7i6rmseQFjwDiF+xMefhj9ZamEgypDjyWaYz/EwV7dP0dUzZuQpzGsN/JLZS +i1IhRV9sVABs4SbCn/KZsy8bLW/7/3e5qloRkXskB6dR4nVrq4kz1qMmQVO+9Ojo +Td+SUeCdhd0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..9f444d6350 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA256.pem new file mode 100644 index 0000000000..29f17933bd --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-des3-hmacWithSHA256.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHTME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAgf2AMm0URGvQICCAAw +DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI/4fa6rbvznsEgYBImRLhwGbEgcLm ++yHcsohX1uQyqPfP8PVHGtM6ITaAJ16djxQKfXRoffS4DSTnhFgHnXm42V7epgJO +ZHRe0dVbKynbp1ZCnNIXsvsgyP4ghfw70j2u+45fiBK2ZqhVaQns/1t02eIa7Kud +308ffy9xR8xbCV9H1hu978sWDPRgmA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-2DES.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-2DES.der Binary files differnew file mode 100644 index 0000000000..e7939899c8 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-2DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-2DES.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-2DES.pem new file mode 100644 index 0000000000..eba00a5597 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-2DES.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGhMBwGCiqGSIb3DQEMAQQwDgQIASNN5nArudcCAggABIGAsi5Ta25v+vkS7qc0 +b10/Hv1H2SVhhOA4iYMdjB2XgpRFXBduYIFfROdAT8pJvspZ2EIJGu975H+SKeJ3 +ndULrOFmaDknlsAyVW8HslnOiuQVpNE0vTWWJYVg1xq9Hwg5YU7C1PsCMy8f5g4O +gbsHxVy7AGF2FSrJqy2PVdoEADI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-3DES.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-3DES.der Binary files differnew file mode 100644 index 0000000000..9dd3f9d42c --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-3DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-3DES.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-3DES.pem new file mode 100644 index 0000000000..01f62cf5f2 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-3DES.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGhMBwGCiqGSIb3DQEMAQMwDgQINArkfLom3CoCAggABIGAaqrWHE+VgTLr/TQk +x86KYu88/eiO5jxGUxbFwUCOtTbw8g40MY4tuXNhhm9lQ5zVSrC7fdjagqr6Flz5 +YV8NWpURbA4CKXgX+JKUMzZclHUwfe/M/CI5tKIU8vu7O2jl8gL5mOAFagLmFUld +iS5+KYtWvuOy1jQd9Cn4pOrF0yA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-128.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-128.der Binary files differnew file mode 100644 index 0000000000..2f1148d1ea --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-128.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem new file mode 100644 index 0000000000..fdddcfb02c --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGhMBwGCiqGSIb3DQEMAQUwDgQIBOJoKaHoCH8CAggABIGA5ekhEhokinZUh8Su +FU9XT9TmpJI6+uSUnV6dCI5F7jxUC4BKYUDLQ/wjassasP/z7NYgIUFXiSsx8+u9 +rIOd83qJly/QL3MI8HA/gwrUOK1mcQCdHM7WcDxgTDfA8iXvE7ipxkqWWh+vjWVg +QIBy+Mik4f8m6qRJtHvkn1+QVUQ= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-40.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-40.der Binary files differnew file mode 100644 index 0000000000..f8a47e1127 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-40.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem new file mode 100644 index 0000000000..368b1d9fd7 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGhMBwGCiqGSIb3DQEMAQYwDgQIYoqh4a7jy44CAggABIGAhOjw9xEXhMSaBJM6 +Opu29QK4+h7/RJJ+NcrzFBPV5p6t0bjqONRxdq8LwXA5nimlUq3ZbRqjhu0BCKh5 ++jvfjs0R9qD2cAv3QXjk6eh2YEx+wuDbc50SSL1Y826sLD06V4KThrQwfaLHE7r1 +mjx5N5Jg5rPFdTGe4umThyGlGPo= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-128.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-128.der Binary files differnew file mode 100644 index 0000000000..a2e71ed488 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-128.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem new file mode 100644 index 0000000000..91c71a3df0 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGaMBwGCiqGSIb3DQEMAQEwDgQIvutMegO9IYICAggABHoRfn/sZK/NRxF7jwF2 ++/0zh3Y/8cCm4xeGaCP7NOcJoJXOisXXxT05tgQEa5mfymOFK1PYjnHHVVLGs6CQ +TDPI2kb6XteXjkzR8Q0WQUtLSgAQ9/uEMmr43jAabaw+qnIcJrjaTt3rlbezZioR +Q3xbb38W5QBFcUIpCg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-40.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-40.der Binary files differnew file mode 100644 index 0000000000..cf6373b642 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-40.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem new file mode 100644 index 0000000000..cc5ec63996 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIGaMBwGCiqGSIb3DQEMAQIwDgQIGgo8eWJg23YCAggABHp/EXYSQmp35zzgLl8l +paNqOjR3Ku19rhrN9QiW1dagTztFuqzezlZC7WjbycWz9qRZeQFLLAEi/DIipIAf +sLsnbtfBypqcUCoO2AysmI31hPSaXSsHDH4cJ5LH+1DK6KVeQoVGJw/xTvrmaBD8 +lD9zOO313VgMIGe7wg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..be137430e6 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA1.pem new file mode 100644 index 0000000000..b52d270e42 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA1.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHNMEgGCSqGSIb3DQEFDTA7MB4GCSqGSIb3DQEFDDARBAjwbKdmEddIYQICCAAC +ARAwGQYIKoZIhvcNAwIwDQIBOgQIvopesgNCATUEgYDQ7uOTZ+cUnxDAVh3z845L +QyZ2KkSbna0NmiKZGy9e1kh5iAQ1RhZ2iKaTTyGlpCi4i2mlZo3gvJbEHp+Do2vc +nq9g57AP6dU9+1LsLsTeVFbdJ7OymlcwUoSfF723g9IGlQa0D5K4RTR3y34lHMNC +NmrOwaAH4DPKDyC5EWYV0Q== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..fecff8a2bd --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA256.pem new file mode 100644 index 0000000000..67931bbbac --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8-rc2-hmacWithSHA256.pem @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHbMFYGCSqGSIb3DQEFDTBJMCwGCSqGSIb3DQEFDDAfBAhdjCzod22WFQICCAAC +ARAwDAYIKoZIhvcNAgkFADAZBggqhkiG9w0DAjANAgE6BAj2j6TpIIho6QSBgK4/ +Kgspc57C+rWNbf3c0+o/bJ7ga3tTfq0iw8TYqZ8jV9+FZGjS4NVvh9EK8+L6f2w1 +NuyiGbKfsq7Lf1O1dlHNu2TagxYAWbJUwzoy0uUkfpRnfe5M/dl/l5Gx0cR4y9SH +yKOhuX3YxUvOtkwxEb6iyNg8vaq0yRG/1F5O2jI3 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8.der b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8.der Binary files differnew file mode 100644 index 0000000000..c8e51cc01b --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8.der diff --git a/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8.pem b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8.pem new file mode 100644 index 0000000000..741f007304 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/ec-pri-224-secp224r1-pkcs8.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MHgCAQAwEAYHKoZIzj0CAQYFK4EEACEEYTBfAgEBBBxr31AB6pNVnFUfX9rNKpZc +Ps+RbUj5PYdpHLtIoTwDOgAEg7Qj4reRDs3ot/r/rp2orzU/g07BIYsZCsLLrf8j +8wq50FHUIdwDRZEfpfGBPBXGgd/9DS9T7hU= +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/genkeys.sh b/tests/auto/network/ssl/qsslkey/keys/genkeys.sh index 7fb15e91ee..6210b42ab4 100755 --- a/tests/auto/network/ssl/qsslkey/keys/genkeys.sh +++ b/tests/auto/network/ssl/qsslkey/keys/genkeys.sh @@ -87,3 +87,58 @@ do echo -e "\ngenerating EC public key to DER file ..." openssl ec -in ec-pri-$size-$curve.pem -pubout -out ec-pub-$size-$curve.der -outform DER done + +#--- PKCS#8 ------------------------------------------------------------------------ +# Note: We'll just grab some of the keys generated earlier and convert those +# https://www.openssl.org/docs/manmaster/man1/pkcs8.html#PKCS-5-v1.5-and-PKCS-12-algorithms +echo -e "\ngenerating unencrypted PKCS#8-format RSA PEM file ..." +openssl pkcs8 -topk8 -nocrypt -in rsa-pri-512.pem -out rsa-pri-512-pkcs8.pem +echo -e "\ngenerating unencrypted PKCS#8-format RSA DER file ..." +openssl pkcs8 -topk8 -nocrypt -in rsa-pri-512.pem -outform DER -out rsa-pri-512-pkcs8.der + +echo -e "\ngenerating unencrypted PKCS#8-format DSA PEM file ..." +openssl pkcs8 -topk8 -nocrypt -in dsa-pri-512.pem -out dsa-pri-512-pkcs8.pem +echo -e "\ngenerating unencrypted PKCS#8-format DSA DER file ..." +openssl pkcs8 -topk8 -nocrypt -in dsa-pri-512.pem -outform DER -out dsa-pri-512-pkcs8.der + +echo -e "\ngenerating unencrypted PKCS#8-format EC PEM file ..." +openssl pkcs8 -topk8 -nocrypt -in ec-pri-224-secp224r1.pem -out ec-pri-224-secp224r1-pkcs8.pem +echo -e "\ngenerating unencrypted PKCS#8-format EC DER file ..." +openssl pkcs8 -topk8 -nocrypt -in ec-pri-224-secp224r1.pem -outform DER -out ec-pri-224-secp224r1-pkcs8.der + +for pkey in rsa-pri-512 dsa-pri-512 ec-pri-224-secp224r1 +do + pkeystem=`echo "$pkey" | cut -d- -f 1` + # List: https://www.openssl.org/docs/manmaster/man1/pkcs8.html#PKCS-5-v1.5-and-PKCS-12-algorithms + # These are technically supported, but fail to generate. Probably because MD2 is deprecated/removed + # PBE-MD2-DES PBE-MD2-RC2-64 + for algorithm in PBE-MD5-DES PBE-SHA1-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES + do + echo -e "\ngenerating encrypted PKCS#8-format (v1) PEM-encoded $pkeystem key using $algorithm ..." + openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -out $pkey-pkcs8-$algorithm.pem -passout pass:1234 + + echo -e "\ngenerating encrypted PKCS#8-format (v1) DER-encoded $pkeystem key using $algorithm ..." + openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -outform DER -out $pkey-pkcs8-$algorithm.der -passout pass:1234 + done + + for algorithm in PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40 + do + echo -e "\ngenerating encrypted PKCS#8-format (v1 PKCS#12) PEM-encoded $pkeystem key using $algorithm ..." + openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -out $pkey-pkcs8-pkcs12-$algorithm.pem -passout pass:1234 + + echo -e "\ngenerating encrypted PKCS#8-format (v1 PKCS#12) DER-encoded $pkeystem key using $algorithm ..." + openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -outform DER -out $pkey-pkcs8-pkcs12-$algorithm.der -passout pass:1234 + done + + for algorithm in des3 aes128 aes256 rc2 + do + for prf in hmacWithSHA1 hmacWithSHA256 + do + echo -e "\ngenerating encrypted PKCS#8-format (v2) PEM-encoded $pkeystem key using $algorithm and $prf ..." + openssl pkcs8 -topk8 -in $pkey.pem -v2 $algorithm -v2prf $prf -out $pkey-pkcs8-$algorithm-$prf.pem -passout pass:1234 + + echo -e "\ngenerating encrypted PKCS#8-format (v2) DER-encoded $pkeystem key using $algorithm and $prf ..." + openssl pkcs8 -topk8 -in $pkey.pem -v2 $algorithm -v2prf $prf -outform DER -out $pkey-pkcs8-$algorithm-$prf.der -passout pass:1234 + done + done +done diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-DES.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-DES.der Binary files differnew file mode 100644 index 0000000000..293001c629 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-DES.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-DES.pem new file mode 100644 index 0000000000..e9aa918a11 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-DES.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgTAbBgkqhkiG9w0BBQMwDgQIbdPEAuKuoSgCAggABIIBYAo3BSb8H60g9eyM +2QajPdxRT5RJBQeSmlYCG4NEhiXYCXkGx2btS20w7yeX2ESqKPTSTMTB6XY1o44x +DLnDF2FEjvrk89ADZraMaOKnUxcZiawXOi9chNf+S6PclRC+ZRMRfbCxTnqb6y8q +42aD4oMmHv48f+/27/kFVwj4o/5ls6Hfwc6/YpXZXfT/8hIrkVaPd8QErhY+pAau +H/ObrYXu7Hm1deBLdZD1+u19yFv/uGRg7E7S7/Ku2GSe0i9DpYlYpsz1lydubAp1 +RfxAARfMjEoo0gwUfGCvP6drh16fnLcu9GnxuPKacUTCRd3Pk6hm59TXdcLtXB+W +tzQ/TpPY4u0oL2NU/aF9jqZuDWW89TAjvwekYpqrtq5cbU4VHpFLLc2yO1n4flRm +pfHP4BXjW8D9frPMyLiOSJAdKoJnHfM4y9bG8SHbukmTaJCOUD2MJ5uXW8pVejxU +gnYbceU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-RC2-64.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-RC2-64.der Binary files differnew file mode 100644 index 0000000000..3bb492bc5e --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-RC2-64.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-RC2-64.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-RC2-64.pem new file mode 100644 index 0000000000..08115431df --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-MD5-RC2-64.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgTAbBgkqhkiG9w0BBQYwDgQIHQKYle7B6TECAggABIIBYP7M3ZLd+cmLd7HG +avwLJdK7dq1hUxdpDMYIIHXQMqR7yhrr271v6Sqlkq8i97CrdlmzWgWNiv8uok88 +z9CxT79Y6/sLcvKVfCkoI7Z/p86Pc2/P7otvhoc9GlRNIvU8r/nMtigf3FZDQWrp +3XmBSabIERSQZxNwVjmSQzAVFd+SgfcqrNpKD0kErrphcySF7M4SfyTm3/dfFbrO +gUdg0ULs0rbKbTpYyBgVhrdCXYFAQLajHlE6UVIAK21Ifq2EvJ3LQDUEXg6RADbf +s2easyTlKfssoRzTDkBo60J2OsgmS5ls7fxOBndjxMZYPJI55k/ct4FPJraXPIsj +j5iBIOJBdW7Fi42O/ezaLtSFC/TUwZf+rgsVQaqpz67ynp3V7K/wJqdR0P3WmO3T +XkL3quUX+GFtm1htiqT9EGX6c1UZFfqmTJ3juLP4YpgOgUVLSIrOPauk2txH9E/R +JATHbjg= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-DES.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-DES.der Binary files differnew file mode 100644 index 0000000000..82e2f79cd8 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-DES.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-DES.pem new file mode 100644 index 0000000000..82b997804a --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-DES.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgTAbBgkqhkiG9w0BBQowDgQIQPSp44KDjkUCAggABIIBYLdDgiRyUnAkUhLW +pqaNMqrK0iaSKpwHvsw1S4PhOQdFclVUEZKs+2oBedtrr3VysWRg/ZKNBdBAnzLi +E3nw7RubL4WH2y3QNx6eLsMJsI1thF9pK0yWWfy+zQP3+oZVG+JTmctCLQDAToCa +1OoRGnaHrZxcGzg/B1yI2hRSDdcuFCelMTIG4fGJ3dyrQHR/Gyxr4m27kV25H4t2 +Vxc6DSb1qWmSgauvUKLMlnvqtFVJ/OxjTz3BWPKUJqOyDd80PdfX8t5ttdK9Ebca +DwIUHvAmblES9mknhUwJUym/JGQFd3GXPc7WNyTsqwV4x9xp/8WTmJvM8qPk8fNz +x5kj3+VZgcAIh0ePKdF0TBAaAz5nKg611UwIOI/ShdMeyc1B3iWA71Y+uPElPEf+ +6+Zp8DwJNaOZ1SEqfNyB6aNMuYlTmbwctEKjokaIvyakSI6nFs63ycq5/s+HrMHT +KHF9A4Q= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-RC2-64.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-RC2-64.der Binary files differnew file mode 100644 index 0000000000..ea6b0d6134 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-RC2-64.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-RC2-64.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-RC2-64.pem new file mode 100644 index 0000000000..14edbd1f09 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-PBE-SHA1-RC2-64.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgTAbBgkqhkiG9w0BBQswDgQI+m9oVxROlkYCAggABIIBYBRYVJdSaW3fR2zh +t/s5PFJ+9ebZUxhSRoc7lxk5LU76xJIH6EUa5k2sPH2WnWfu/V0Hi6t7FC0wkPLZ +QUNcr8VPESfjDkzqmU9H+37mfrUG63P5hGgyoWzMEaok2uFfjt1e1XVfVLe8P1Z+ +zxy4+BNoLzWQ/Wb/gTwVVc0kkttmjUiRIqSQLCEh8ntWF2ws0JS+ihiR9NUdPdEe +niQWskeAxWvO758m6kfTQeRY7WnVWPaqoosH1+uC8UZ2TmuWqTxJlHTvqEJzjPTK +n7EzwIFHhZVJ+p+IT/6SvwL5i1h0dtlNwOfTlcU6W//U76cYmwwtrzjwVsKJNbBw +vuPboJ2asZSzXa8887zI8O3+5ClkTCvJpk46QJHuNTQhJc1/R7aXgWbpiGu8CBCo +PNB1OEbs+lTU8DYp8cIxdc/aTKnSxPm4d73jCaOEJ1Sj4tA97rPQVEFu0w/HLtP+ +6MxHjI0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..a42fb92161 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA1.pem new file mode 100644 index 0000000000..11b1032852 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA1.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQINZqXAZw29eMCAggA +MB0GCWCGSAFlAwQBAgQQMN7uviOQj5Hdt8Zb9sCtrQSCAWCsMtmLiGbnaleRuRh5 +mRWDqJ0PYXNaaTwQ24WKjl8dquPPJZz0QU2hDZGtuhBL90A2lqvG9oHJmFBpMg4E +RPHS33R04BtCTdpfCUziKcBomHbrh8ttQ/Y1UA9OgSgob3GQIDxwNS+0p0wApyWC +InPBE4DXByp9o1lQxNZj2wkmWLfkXCT75aMxevM30lf33SOCXDPTvtHlz/YcB6Yh +i/b31YUAEOilXaqaCu427BMPKCanshJAjX3wwOROQ+yh8R8HiSPu+x55gJlU+yCn +9S/oNwtTMimpI21cZTUIOkIRYyKJhgvUxjlQ0CjcMOjJvDms2rRgNhD6IFZrXoks +FRF/Z9pUH0n/m3208uckyPkilwoFNoYLec0lq1SdtBq2LOBV0hgCmR0J0Fokpo/p +8T/rzlb48JowOfZLnLqMtC6uqccQWmiEY3691exhFf5muUYsd8uOVkeWgMTfVnua +jwVr +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..74b870d490 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA256.pem new file mode 100644 index 0000000000..371448ae69 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes128-hmacWithSHA256.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIadJLdxsx0GsCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDc7IW9CVmuaaYtM4KFXpsUBIIB +YC1qJ4WQa6f2uxeaojvzpgYHmrh4gR9gXa2cNwCNQir557amVsPqiXEiSYmqrCy/ +Y9tN5ubLxu3z5TtscC1Y9bqP8oY3bQj+AleqzmywVI7dJhwGoTaM9lD574cknKVo +Fn5oe6a4dTTg8wxcic+zWFc5EPi3g3swu3jqmjrLaOM8gd0RlWkAFmM60F8LX9G1 +mxnNZXHcRmkpugpICwaNYhROlzVfvLQvqtlJNccGc6QvYq/zY0nX6R3ISkbW/Bzn +kadVaA4hNrao9RA9TT61v4H95+BGF6CLDTyU1z3jtaEvm4ihygeA5mS/pjBd7lAi +V9YCNazgfMlgNv1ynwU67e8to89SFvzrv2sjUEDEAx1cN6zLGl42dz7ZDk1ytmsO +grVc9vON+HhwrVIZiu8bMjj4lSD6E1XqsffpNzEhOAy2INp9ArvakCVP4mE06dv4 +4LHAAqaYj8jIHSBDPYw3F7w= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..112aca5d9f --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA1.pem new file mode 100644 index 0000000000..74aa2eb50a --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA1.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBrzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQILWdaWkH3cTMCAggA +MB0GCWCGSAFlAwQBKgQQSj7y41B6JDjCn6mV9g3/EgSCAWBipZOOZk5C6IuwElK6 +1aGy8r4cmh6hbJ+IJIj5pNphE3IeLXfBQAUzJCD2wKKzgkL4bofdZYndIGqdBU/1 +0P27kCYKDIN0iixPr+gW6N0yEmD+R0v8fUFyQF+RiiZ0lCznAmKhc5d8C5r4zE5y +QN4E6RTAoiaTGM85jEpb2qP0Ju/2lhFJ85z0Dn2xXtH/y4O2UYQklufYpPxDX9xQ +DdgDPgdBXj7nH2a165CqFhA5b9PXCVjzSG8+u/PlWkO0UOCobL7YTlg0z88iAkWx +VWX6DG7UJovp8boqJ6CL8AeroSKDsNRzO5inROWeanj8t00vsSadXUtKTlFRBSaM +1Gzn81X5EZnhPzCkrmOmmK8+DZwgncRhLk6voFBfga9lSt9PZaDNEeNrVLixQvbc +fc5nAIp4SwkFbo/n11YRjHyBZsYqm1ugQIaEW0jGsQxGxKAzeN342emBm0KHBqr6 +liGH +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..45ebba1975 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA256.pem new file mode 100644 index 0000000000..ecf4acf311 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-aes256-hmacWithSHA256.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBvTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQINZe2ZZmkA6ECAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBBrqs2JUotuTr374kCzYAyoBIIB +YDqyE1zTjItA+UhQ2jZ53NnaTCWTccqSVtb11jizZCOSvVEN0vayyr2OoQKsOw1y +Uane3niV4MX8H98u5Vz+ijHuebBTiSbtSAlEqeeWTtzNfsQa4PN633n4ov1Ybn2+ +ZiW2n5d3cbC+bqPGs5cjTA6GPxLsojx6ZZEQBAyiUZ8Ikn2UsLxBV7RMiS1MK+wg +1cvtOzDuA1SbAtLbv4GOFTYrZZrzrmtIJvxD9C0Nlsa4ci9PkVclE/tzTQxqHOq6 +DLC7LErqrWfZI3KNlw4c33CV3VaXiB1dFHcTohlYhYbrJZPz6wiKN5c1IxxD0fj8 +2BseKG3iV3jrp0yt9zSgquJL3OOAHk1rG4zvjQySJ29SVEH0TyvsLSPiV87U5u64 +rpHC8yRNz3ut//ZVPQKnz/dftFw5b80vXT2UT0BZQTzj4HHDkIBKDc8USteag91O +SBmhwK5Vuuph6o8ILY3YoUA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..4f07e0cb50 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA1.pem new file mode 100644 index 0000000000..8040f68152 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA1.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIjA3V6epUyL4CAggA +MBQGCCqGSIb3DQMHBAin4GYIwaJohQSCAWC1BTA4MHvRL83mHd6lFsC/UgvGf5/4 +csPetxLj+foMBL9A6rspxB07WxB929Ayxy5rRWq4jeYhPCAg46PL+Ne5MYp9PnDm +OjYIJjLNPk8wDuDYMDyMYH8+U4o+WaSz612YpcHIM5GEJ2TD0ngx6LctBNRtyWsR +9Ehn2/NLxrBI0MS93gUxFA/8XkYsQp569kITAfomEjvlsJaNVI+h98cNYdD8Oi0d +tveEPLh3xHYhNCRYpx34a/RaoAAP7KTGXXR6rjVjPWnNzG9sICBvLOve8Ro/c1cs +EFynJ56Xd2UJCS/yMnIhlRehVl9IhN5XJ+7Dv0JKHx2BG6N+ME7YZMM9jDZb0WzH +2+YJqPx99ERnDsRTIdQYgShWsTbMHTdz7MNzox/Zz6l4p7kipQOZLrknoNMb2hy8 +xh1f4SPT9kHwCV/obKSYzv7bGCYjBraetyBavIwl5LjlUySKQ+HC4zFS +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..764d2f68ca --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA256.pem new file mode 100644 index 0000000000..4327d31f43 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-des3-hmacWithSHA256.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBtDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFcxat+WIQSYCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHOnq5nGmYd0BIIBYNxOhizI4irA +fq63+fV0k/C2HYCN7TEexoU+PiJlIm2/vlusPrTl6LnJqXTA6Y+iVelTWynnkKws +c13oHCPMTx702JwzNntsLlQo+w8cShjc02SdbJrPUxE/RCtqWo85sEZTYteGk/Lr +8GnPR3iDhB+m456PgdatqdpEsmy5EGcL3UT0kWmM5knVZfqHkx03kNxtMLV4rkcO +SPsnezcI2MjyfC4DhXGBBaso48RYZ/905INvmLIRbBX1MHeYtRDpKQlyGQZiSyew +TqyougDnYqSUs8yKhSsdHqUwltnZmIuJXEtcvtiA/Wmpt4fxxiPtJ8XYWyHreEMf +w1CevyEbkUdOWsa7zsW10337Lr8DY4Ax/tOTqtARioOBSYdRwlhluBuh91bK5eBt +ABidgQolNZ3SqIaBV+sEOX+gBDtpu/Lg4jAUO4eokKbhOlKL5YwueiSVrj/cWuKe +6Js/MZGBcX0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.der Binary files differnew file mode 100644 index 0000000000..c89a60b8ef --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.pem new file mode 100644 index 0000000000..46a31fa316 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-2DES.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgjAcBgoqhkiG9w0BDAEEMA4ECEOdj9GT2jg/AgIIAASCAWARTCBBDzPLkY0e +Y60arOJ+bkKuaJJ/OX0IGH3znnFQ5ZmtoToZtoNOaNXG0rAc3PVmkGOW6Uh5nIp8 +D5DrESPzbxltyONQb1TGW5InZKGpO/Vajqy6gDQ/QMR3eXDJsnvSvQ/eCEwqNHXA +64V1A7Nw0Wfcv6M9qnFMB1LJmcC6Jpt3GTJeoqq+OlsUWqlUWfgIAdOng0ouvVJ0 +u04hGbOJyd5Ejov3PxWc7uXT1X4kcqUNiWFYwvjGocDByzFrW9tmoxyU3ESULdP2 +Fx910xvZnalZBFHQFIOufim/eHKdpND/c4YohgaTULsDwH4EAuZGyqB5kfP0lt8R +gx3I3jpHiRZXTdzZW7LWIXqGYF+2AaQMTU7qNiNrgWCQ7k8h9YzM1Upzk6YLYsZ9 +UhlbbzkSbJOhlU/1Rce2q0Y7Fsi3bbJqZZ9o0xBK2aP3ApBau9/+ErNtAmuB6EXh +aKIfeqqn +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.der Binary files differnew file mode 100644 index 0000000000..cf1811f406 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.pem new file mode 100644 index 0000000000..492b530b00 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-3DES.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgjAcBgoqhkiG9w0BDAEDMA4ECEil5BSrj6LeAgIIAASCAWC/kwcthGmbTuVE +ebfLDlGvn4tnSHzINEquDg3nz555OHreT0DDj0OWtsUY9IqVv/OrukJUXfQnj+jk +j1TfMi0/MHRRbjmSHf3wGl8LUBtYzn0tmhfvoBtlCt7v3+VQo6QY/hXWbQmOopmx +vNb8OfRWj0uLjGxeJpaOqsj0gZjbXUQcSXwaZyAG74qNCQMHs6Y/h93Xu9dVhe5h +B+PtPgT4kFAHV72wiWkxZlyDkonAlhX4wpoEuzYFl+Mc+IZ0ss/bvhswVjjBYx5d +v1fpOQcVPvjOFPdlm67WYfPyXWgIwP69JSwi7ywyg8GABPfgsNL4Kz9VhH/tanZL +ZCFnZvHUAX12x39F6RAWxSw8r22jDtsDQQ9sO39PleIhtvfndquEQVx9rswrqKXD +PxYTOiZ5fEoCxQb1/p9SBMC3rvVotMyuHueLyRYdxwYQOqagRwikJuYLYUK9ibMU +bBDHp4Mc +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.der Binary files differnew file mode 100644 index 0000000000..0cb3d5c28e --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem new file mode 100644 index 0000000000..e74b99eb29 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-128.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgjAcBgoqhkiG9w0BDAEFMA4ECC8vkmUmfY3WAgIIAASCAWDzODlrgQ+L8c/5 +YMHk8uVGYRK2cmFRVUIgHz8pnxx7BPnR3mb2igUVk55fi74bIgmk+KGnoRhG2jsq +dXV2rfTHGZ/AdjwgwA1yLNinhy0BUObMQ4QOrtkNpq4K2MUK8fcvLNRvEhMni0dx +r41Q4C+bnnx70td2iT7/0efgs4YfT2uxQq//MvI5vfyvCSx71GY6xJdc1wwGbqT7 +KoY5ARvL78Tb1wi6UmdsJza+DU1yO5z1TPAu+a0bawT4LWWAOj2+x/cglsq/La0g +lJ797NBFWI0Uq5YCMBGzwv3RY2fHtVbt/TSav2Q4oIuaoxLkYRZ2HwUDseMJ4O5A +46QZqHZyKSQX25pm/gq7kr6bbX/JrGVoWD5ynlaUiVBxyoKHaHRojlbyQTASxjMb +XZG7jUDpcM4JQ1LKtrNmU72YYGyfrNZhr1TFmSw5ayVfw8vgO4U3Y+JeHXKZOqW/ +QTisuu3L +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.der Binary files differnew file mode 100644 index 0000000000..404b593068 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem new file mode 100644 index 0000000000..ddd0106a71 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC2-40.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgjAcBgoqhkiG9w0BDAEGMA4ECAicFoXG2QPWAgIIAASCAWB0Uk5k6u0IoN6G +CB6y4EpIc8lgEGIxO0iAMGYdQd/b/yYVSH5yWBJTM/WJCtIx0GPSYQUjnFh9IQOr +AAimL90mlzCfdYHAJ7kS2rNCTWJeqXwPeOJmFpmI8oySUE6uflu16ZHXLuZoDIrZ +O8JZnKF7KlQLIgFn5qiqRuuQrDKiildLChXtsU8nW1B+xBy89qkqWekw7nyN4J68 +3wsm7gzrT7PUNFl9XnWFw+FmSZag8sdqgvDZ0RiFdMAYeFWfTx70KY3PnSYOzoSw +kYVgviMhcLFxulMsvIsVPaG4cr9JX/eNZfVFH8jnkm3Nqtdl647oO3LfwkXPKz/W +1JNyd3/p2IOPnkMi8KMFvuhce3zoD77wZJ85PhbsW4YEsB+hxfk8N5ILJysrMf7J +4BDxc4yYmV4mWna6aUiWnn4gD5ux1qxTUUGWf3tgnyHRGYS0d0xQUQzbCffeW7vj +PDGpGqbl +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.der Binary files differnew file mode 100644 index 0000000000..4d13899e1b --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem new file mode 100644 index 0000000000..a9939f278c --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-128.pem @@ -0,0 +1,10 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBfDAcBgoqhkiG9w0BDAEBMA4ECJJ4g6/+vh0mAgIIAASCAVo/PESsuYWux3ET +RNX7Hk3fhm/ZFx5/lvpTFqRy1hMpA6i9liFeLpI13FHarasc92chFLhj+s5JZ+Qg +WMlDz1nQf4c79dTxVpXGjf4pByXpqr+ksyb0Wo1/NayhjurqrVDpQf0kOdlCNKqn +8IW2CB5zftsOn8PVkPF3/riUih4xYwvW2w+8rs8RRN0vX9PUsYjtqmq0KnpiWzut +Tt/D0WJhJTlWVb5dp3nYXEZPM3IOHzvmqBDgbv66JgofpiKn7YXmDUx+edNuWwX2 ++GTih5yaRp2IqGbVYT/3eeiyJCpeNLlHJdUDui7zWkiTKpL+RU5VsV4DSjVT7SGV +tpMQM6HnaCDEr+y4GxUB3/2w8Ua9vZwJ/DRa0vS+N6N+gZfrD78j511h1JOl5EbD +35P6xNWZBeQbO6pJMKGq5qj/IBgbOQp9xpRtmdTezcY/lys27qN+35vhJSTQy7XG +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.der Binary files differnew file mode 100644 index 0000000000..cec667ea89 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem new file mode 100644 index 0000000000..22667c1d9c --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-pkcs12-PBE-SHA1-RC4-40.pem @@ -0,0 +1,10 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBfDAcBgoqhkiG9w0BDAECMA4ECE5xFtUDnxEJAgIIAASCAVri1/I0SyDAH3Zf +N4WTxaXJj94JqNOrHC07kckm23evvqGtINC141iSUuPz+zInB0wd0IyDZj+v8ExB +eFwKOblHhr7ZRCR0zN9IT0CHxjIVmU5W50lpJWTXcALgH+SW97K6jCjVdfAwSEkW +8X5/iiuhbNXu/8BTy+CBfsiVl8R4CMGhAxD922JoiQqSFA1HzrcxZiIUJ+etN6BF +YmiF5sCEhiMYMd7FbTDZ3u20dnNPu5Fn+L31aioZ+jtSyRNglVwWYZrdqGyZLlFO +QAx3AlQdiiqOPJ5rwnezTWdjac9luxhhIFFFq14b02QPu7SeYG56MvruWkwM3raf +73qbwtNE19yZ9DiWVXaeXpI84tL38E8sIQ1vthVuHtJ+6U1HUgPafVYZn+eKqiPz +UrJYbJTPL27GS2zXJnr9OrwRlGpKHQGjHo6hyg0UmZ71xuurVuHPty00Oap1CV13 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA1.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA1.der Binary files differnew file mode 100644 index 0000000000..3860600474 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA1.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA1.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA1.pem new file mode 100644 index 0000000000..61de0e9893 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA1.pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIQYOeTgwR/LsCAggA +AgEQMBkGCCqGSIb3DQMCMA0CAToECMd9tvoaH7I8BIIBWNGNJ3RipB+HrN0t6rsA +C3iOTcc4LEo03gguQ4Uxf0KyDMt7fyLpo/77m0QXLVBMW7mDjDASsaFWDzqM1OxZ +3kmV2+thdyLfnnA2l6tCDdImKWrNBYK2ogmpkJy15piwFZ/XUBrm63zP/NYCyRsF +jXOzy0FGv/xxaw9RAiGJMsvdoopHr2Lo37DeeBoXCR6gzfvyyuqzr5fbrV7agk5i +pGMAbJNKtbbCrzXOKCBDTGDUFiOtxNoDEsJy2Tx6YqotNJedyMzhZAatcL5h0a9w +r4jRLSWmHqo9WTFgcibhcXuy6cko3/wGov0Z2Pq1bPga8tWeuta74IaGLCuVWwHE +ze2nii7RWIU1oQ9ZgD6CuZnggyRT8b3/TYTQ6pra+yp99lvH48MySVJU5QEdpoOq +tUU+7z0BdEl5SALfBlQhBCEP13KhPitKcppVphxMv1cAidIHBne1YGKo +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA256.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA256.der Binary files differnew file mode 100644 index 0000000000..f4ca23ba74 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA256.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA256.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA256.pem new file mode 100644 index 0000000000..c09da71121 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8-rc2-hmacWithSHA256.pem @@ -0,0 +1,12 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBtDBWBgkqhkiG9w0BBQ0wSTAsBgkqhkiG9w0BBQwwHwQIi1jllb1PqZcCAggA +AgEQMAwGCCqGSIb3DQIJBQAwGQYIKoZIhvcNAwIwDQIBOgQIQDijmMtzY+UEggFY +gItLu4+5cGLUWeqbt9L7tKBoLpMSYGScvjcPwiKX1tygqg1lD9saeOqSZFx3AEyd +3AlEpZSPaQpAqp61zrKV1cSYzafRyYV2R6NArgWpSZP3LggquoQHnZN/8hRtbidC +7KgB/kXP7sCWKiUj4Smh/HhkS/w0K5doxt34VicijP4q29NZ0UDQDGABC1gA7L5l +FvZrZJi6laawHJbZDb6zaHVbvL2OMclXrzLpHF269H/NYwE+3/xtUa8AhTYVRRq/ +oOByi++ap2QL32IyHbdgNEj7a9WGM58iWVW+jS9G45ChylIDG9oCg4KeHp+5sjPv +rkDsXdzXeCwFQuJ1nj/pRVR6aI3qUMM1jjQFoOQ/XrPWIBvVzXC8eYRud/rHaOdV +IH7B9kFFqwSAzzi9GtTNj1hfQ8adm54N+qq2c4JRKN/a6cSRAlwtoI344OO20ejv +2RO9QGJkkSU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8.der b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8.der Binary files differnew file mode 100644 index 0000000000..b6ef9a15a2 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8.der diff --git a/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8.pem b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8.pem new file mode 100644 index 0000000000..2a71a861bf --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/keys/rsa-pri-512-pkcs8.pem @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAwDsb+Kv6gzwj4qqN +kD5pZigHwVq+TgsAua++RsXnaWGiOWA2m2a5vM+TC9trcIAHHU2xaGjxt2UGi9b9 +mPNMoQIDAQABAkB64062Yfr7+m5WcQGevMdUbzLGAOS3r4D/M8JILCwLySrni0rV +sti1UF1X2ypna24tsRKN0CD/a8111k+yZXeBAiEA4ats1RjWHIA9tIimdi3Qj9LO +BtBs5wBaaryExZyQDFUCIQDaESne8AcqQ08gst1Ykyj0bKwl+ybSWxAzSb/52fFL +HQIgKFX9s/EmhB2f6d7q8gCqYKqrTKiAbqGvh5h+mturG6kCIQDYAeRt92nBjYcW +JtdnY+5PoE4uGUhtWtMDWuyVfDOuaQIgU9/flj81ZByBxXk5sULHUa3+eqfQKSgi +xYZorAtL3xg= +-----END PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/qsslkey.pro b/tests/auto/network/ssl/qsslkey/qsslkey.pro index 0074513878..8ed65e68ad 100644 --- a/tests/auto/network/ssl/qsslkey/qsslkey.pro +++ b/tests/auto/network/ssl/qsslkey/qsslkey.pro @@ -1,7 +1,6 @@ CONFIG += testcase SOURCES += tst_qsslkey.cpp -win32:LIBS += -lws2_32 QT = core network testlib qtConfig(private_tests) { QT += core-private network-private diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index 27d92db3bf..ddfe52c5e4 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -110,10 +110,10 @@ void tst_QSslKey::initTestCase() testDataDir += QLatin1String("/"); QDir dir(testDataDir + "keys"); - QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); - QRegExp rx(QLatin1String("^(rsa|dsa|ec)-(pub|pri)-(\\d+)-?\\w*\\.(pem|der)$")); - foreach (QFileInfo fileInfo, fileInfoList) { - if (rx.indexIn(fileInfo.fileName()) >= 0) + const QFileInfoList fileInfoList = dir.entryInfoList(QDir::Files | QDir::Readable); + QRegExp rx(QLatin1String("^(rsa|dsa|ec)-(pub|pri)-(\\d+)-?[\\w-]*\\.(pem|der)$")); + for (const QFileInfo &fileInfo : fileInfoList) { + if (rx.indexIn(fileInfo.fileName()) >= 0) { keyInfoList << KeyInfo( fileInfo, rx.cap(1) == QLatin1String("rsa") ? QSsl::Rsa : @@ -121,6 +121,7 @@ void tst_QSslKey::initTestCase() rx.cap(2) == QLatin1String("pub") ? QSsl::PublicKey : QSsl::PrivateKey, rx.cap(3).toInt(), rx.cap(4) == QLatin1String("pem") ? QSsl::Pem : QSsl::Der); + } } } @@ -163,6 +164,16 @@ void tst_QSslKey::createPlainTestRows(bool filter, QSsl::EncodingFormat format) foreach (KeyInfo keyInfo, keyInfoList) { if (filter && keyInfo.format != format) continue; +#ifdef Q_OS_WINRT + if (keyInfo.fileInfo.fileName().contains("RC2-64")) + continue; // WinRT treats RC2 as 128 bit +#endif +#if !defined(QT_NO_SSL) && defined(QT_NO_OPENSSL) // generic backend + if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-"))) + continue; // No AES support in the generic back-end + if (keyInfo.fileInfo.fileName().contains("pkcs8-pkcs12")) + continue; // The generic back-end doesn't support PKCS#12 algorithms +#endif QTest::newRow(keyInfo.fileInfo.fileName().toLatin1()) << keyInfo.fileInfo.absoluteFilePath() << keyInfo.algorithm << keyInfo.type @@ -186,7 +197,10 @@ void tst_QSslKey::constructor() QFETCH(QSsl::EncodingFormat, format); QByteArray encoded = readFile(absFilePath); - QSslKey key(encoded, algorithm, format, type); + QByteArray passphrase; + if (QByteArray(QTest::currentDataTag()).contains("-pkcs8-")) + passphrase = QByteArray("1234"); + QSslKey key(encoded, algorithm, format, type, passphrase); QVERIFY(!key.isNull()); } @@ -215,9 +229,12 @@ void tst_QSslKey::constructorHandle() ? q_PEM_read_bio_PUBKEY : q_PEM_read_bio_PrivateKey); + QByteArray passphrase; + if (QByteArray(QTest::currentDataTag()).contains("-pkcs8-")) + passphrase = "1234"; BIO* bio = q_BIO_new(q_BIO_s_mem()); q_BIO_write(bio, pem.constData(), pem.length()); - QSslKey key(func(bio, nullptr, nullptr, nullptr), type); + QSslKey key(func(bio, nullptr, nullptr, static_cast<void *>(passphrase.data())), type); q_BIO_free(bio); QVERIFY(!key.isNull()); @@ -245,7 +262,10 @@ void tst_QSslKey::copyAndAssign() QFETCH(QSsl::EncodingFormat, format); QByteArray encoded = readFile(absFilePath); - QSslKey key(encoded, algorithm, format, type); + QByteArray passphrase; + if (QByteArray(QTest::currentDataTag()).contains("-pkcs8-")) + passphrase = QByteArray("1234"); + QSslKey key(encoded, algorithm, format, type, passphrase); QSslKey copied(key); QCOMPARE(key, copied); @@ -286,7 +306,10 @@ void tst_QSslKey::length() QFETCH(QSsl::EncodingFormat, format); QByteArray encoded = readFile(absFilePath); - QSslKey key(encoded, algorithm, format, type); + QByteArray passphrase; + if (QByteArray(QTest::currentDataTag()).contains("-pkcs8-")) + passphrase = QByteArray("1234"); + QSslKey key(encoded, algorithm, format, type, passphrase); QVERIFY(!key.isNull()); QCOMPARE(key.length(), length); } @@ -306,6 +329,17 @@ void tst_QSslKey::toPemOrDer() QFETCH(QSsl::KeyType, type); QFETCH(QSsl::EncodingFormat, format); + QByteArray dataTag = QByteArray(QTest::currentDataTag()); + if (dataTag.contains("-pkcs8-")) // these are encrypted + QSKIP("Encrypted PKCS#8 keys gets decrypted when loaded. So we can't compare it to the encrypted version."); +#ifndef QT_NO_OPENSSL + if (dataTag.contains("pkcs8")) + QSKIP("OpenSSL converts PKCS#8 keys to other formats, invalidating comparisons."); +#else // !openssl + if (dataTag.contains("pkcs8") && dataTag.contains("rsa")) + QSKIP("PKCS#8 RSA keys are changed into a different format in the generic back-end, meaning the comparison fails."); +#endif // openssl + QByteArray encoded = readFile(absFilePath); QSslKey key(encoded, algorithm, format, type); QVERIFY(!key.isNull()); @@ -326,6 +360,8 @@ void tst_QSslKey::toEncryptedPemOrDer_data() passwords << " " << "foobar" << "foo bar" << "aAzZ`1234567890-=~!@#$%^&*()_+[]{}\\|;:'\",.<>/?"; // ### add more (?) foreach (KeyInfo keyInfo, keyInfoList) { + if (keyInfo.fileInfo.fileName().contains("pkcs8")) + continue; // pkcs8 keys are encrypted in a different way than the other keys foreach (QString password, passwords) { const QByteArray testName = keyInfo.fileInfo.fileName().toLatin1() + '-' + (keyInfo.algorithm == QSsl::Rsa ? "RSA" : diff --git a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro index f45857b02d..1260dc9410 100644 --- a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro +++ b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro @@ -1,7 +1,6 @@ CONFIG += testcase SOURCES += tst_qsslsocket.cpp -win32:LIBS += -lws2_32 QT = core core-private network-private testlib TARGET = tst_qsslsocket diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index e32fa7c724..b759aed074 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -202,6 +202,9 @@ private slots: void verifyDepth(); void disconnectFromHostWhenConnecting(); void disconnectFromHostWhenConnected(); +#ifndef QT_NO_OPENSSL + void closeWhileEmittingSocketError(); +#endif void resetProxy(); void ignoreSslErrorsList_data(); void ignoreSslErrorsList(); @@ -2336,6 +2339,66 @@ void tst_QSslSocket::disconnectFromHostWhenConnected() QCOMPARE(socket->bytesToWrite(), qint64(0)); } +#ifndef QT_NO_OPENSSL + +class BrokenPskHandshake : public QTcpServer +{ +public: + void socketError(QAbstractSocket::SocketError error) + { + Q_UNUSED(error); + QSslSocket *clientSocket = qobject_cast<QSslSocket *>(sender()); + Q_ASSERT(clientSocket); + clientSocket->close(); + QTestEventLoop::instance().exitLoop(); + } +private: + + void incomingConnection(qintptr handle) override + { + if (!socket.setSocketDescriptor(handle)) + return; + + QSslConfiguration serverConfig(QSslConfiguration::defaultConfiguration()); + serverConfig.setPreSharedKeyIdentityHint("abcdefghijklmnop"); + socket.setSslConfiguration(serverConfig); + socket.startServerEncryption(); + } + + QSslSocket socket; +}; + +void tst_QSslSocket::closeWhileEmittingSocketError() +{ + QFETCH_GLOBAL(bool, setProxy); + if (setProxy) + return; + + BrokenPskHandshake handshake; + if (!handshake.listen()) + QSKIP("failed to start TLS server"); + + QSslSocket clientSocket; + QSslConfiguration clientConfig(QSslConfiguration::defaultConfiguration()); + clientConfig.setPeerVerifyMode(QSslSocket::VerifyNone); + clientSocket.setSslConfiguration(clientConfig); + + QSignalSpy socketErrorSpy(&clientSocket, SIGNAL(error(QAbstractSocket::SocketError))); + void (QSslSocket::*errorSignal)(QAbstractSocket::SocketError) = &QSslSocket::error; + connect(&clientSocket, errorSignal, &handshake, &BrokenPskHandshake::socketError); + + clientSocket.connectToHostEncrypted(QStringLiteral("127.0.0.1"), handshake.serverPort()); + // Make sure we have some data buffered so that close will try to flush: + clientSocket.write(QByteArray(1000000, Qt::Uninitialized)); + + QTestEventLoop::instance().enterLoopMSecs(1000); + QVERIFY(!QTestEventLoop::instance().timeout()); + + QCOMPARE(socketErrorSpy.count(), 1); +} + +#endif // QT_NO_OPENSSL + void tst_QSslSocket::resetProxy() { #ifndef QT_NO_NETWORKPROXY @@ -2809,13 +2872,13 @@ class SslServer4 : public QTcpServer { Q_OBJECT public: - SslServer4() : socket(0) {} - WebSocket *socket; + + QScopedPointer<WebSocket> socket; protected: - void incomingConnection(qintptr socketDescriptor) + void incomingConnection(qintptr socketDescriptor) override { - socket = new WebSocket(socketDescriptor); + socket.reset(new WebSocket(socketDescriptor)); } }; @@ -2829,38 +2892,36 @@ void tst_QSslSocket::qtbug18498_peek() return; SslServer4 server; - QSslSocket *client = new QSslSocket(this); - QVERIFY(server.listen(QHostAddress::LocalHost)); - client->connectToHost("127.0.0.1", server.serverPort()); - QVERIFY(client->waitForConnected(5000)); + + QSslSocket client; + client.connectToHost("127.0.0.1", server.serverPort()); + QVERIFY(client.waitForConnected(5000)); QVERIFY(server.waitForNewConnection(1000)); - client->setObjectName("client"); - client->ignoreSslErrors(); + client.ignoreSslErrors(); int encryptedCounter = 2; - connect(client, &QSslSocket::encrypted, this, [&encryptedCounter, this](){ + connect(&client, &QSslSocket::encrypted, this, [&encryptedCounter](){ if (!--encryptedCounter) exitLoop(); }); - WebSocket *serversocket = server.socket; - connect(serversocket, &QSslSocket::encrypted, this, [&encryptedCounter, this](){ + WebSocket *serversocket = server.socket.data(); + connect(serversocket, &QSslSocket::encrypted, this, [&encryptedCounter](){ if (!--encryptedCounter) exitLoop(); }); - connect(client, SIGNAL(disconnected()), this, SLOT(exitLoop())); + connect(&client, SIGNAL(disconnected()), this, SLOT(exitLoop())); - client->startClientEncryption(); + client.startClientEncryption(); QVERIFY(serversocket); - serversocket->setObjectName("server"); enterLoop(1); QVERIFY(!timeout()); QVERIFY(serversocket->isEncrypted()); - QVERIFY(client->isEncrypted()); + QVERIFY(client.isEncrypted()); QByteArray data("abc123"); - client->write(data.data()); + client.write(data.data()); connect(serversocket, SIGNAL(readyRead()), this, SLOT(exitLoop())); enterLoop(1); diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro index c862b3d3ae..05755ff606 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/qsslsocket_onDemandCertificates_member.pro @@ -2,7 +2,6 @@ CONFIG += testcase testcase.timeout = 300 # this test is slow SOURCES += tst_qsslsocket_onDemandCertificates_member.cpp -win32:LIBS += -lws2_32 QT = core core-private network-private testlib TARGET = tst_qsslsocket_onDemandCertificates_member diff --git a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro index c27a58fcd2..c345d7379f 100644 --- a/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro +++ b/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/qsslsocket_onDemandCertificates_static.pro @@ -1,7 +1,6 @@ CONFIG += testcase SOURCES += tst_qsslsocket_onDemandCertificates_static.cpp -win32:LIBS += -lws2_32 QT = core core-private network-private testlib TARGET = tst_qsslsocket_onDemandCertificates_static diff --git a/tests/auto/network/ssl/ssl.pro b/tests/auto/network/ssl/ssl.pro index 175f361071..a2d9159579 100644 --- a/tests/auto/network/ssl/ssl.pro +++ b/tests/auto/network/ssl/ssl.pro @@ -1,7 +1,8 @@ TEMPLATE=subdirs -QT_FOR_CONFIG += network +QT_FOR_CONFIG += network-private SUBDIRS=\ + qpassworddigestor \ qsslcertificate \ qsslcipher \ qsslellipticcurve \ @@ -13,7 +14,13 @@ qtConfig(ssl) { SUBDIRS += \ qsslsocket \ qsslsocket_onDemandCertificates_member \ - qsslsocket_onDemandCertificates_static \ + qsslsocket_onDemandCertificates_static + + qtConfig(openssl) { + SUBDIRS += \ + qdtlscookie \ + qdtls + } } } |