From 2fd0afc1f87edf28295caeaeb8a830d888a3e81b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= Date: Sat, 30 Aug 2014 12:26:19 +0200 Subject: ssl: add a test for 3DES encrypted keys This adds a test for 3DES encrypted keys in addition to the current DES encrypted keys. Change-Id: I229e3ef710e9ee23efa2a3275b89d958491de4a2 Reviewed-by: Richard J. Moore --- tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp | 139 ++++++++++++++----------- 1 file changed, 76 insertions(+), 63 deletions(-) (limited to 'tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp') diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index 445fdc7df4..ebe9f0f4d2 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -87,7 +87,9 @@ private slots: void toEncryptedPemOrDer_data(); void toEncryptedPemOrDer(); + void passphraseChecks_data(); void passphraseChecks(); + void noPassphraseChecks(); #endif private: QString testDataDir; @@ -347,77 +349,88 @@ void tst_QSslKey::toEncryptedPemOrDer() // ### add a test to verify that public keys are _decrypted_ correctly (by the ctor) } +void tst_QSslKey::passphraseChecks_data() +{ + QTest::addColumn("fileName"); + + QTest::newRow("DES") << QString(testDataDir + "/rsa-with-passphrase-des.pem"); + QTest::newRow("3DES") << QString(testDataDir + "/rsa-with-passphrase-3des.pem"); +} + void tst_QSslKey::passphraseChecks() { + QFETCH(QString, fileName); + + QFile keyFile(fileName); + QVERIFY(keyFile.exists()); { - QString fileName(testDataDir + "/rsa-with-passphrase.pem"); - QFile keyFile(fileName); - QVERIFY(keyFile.exists()); - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); - QVERIFY(key.isNull()); // null passphrase => should not be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); - QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); - QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key - } + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(key.isNull()); // null passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); + QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key + } #ifdef QT_NO_OPENSSL - QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); + QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); #endif - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); - QVERIFY(!key.isNull()); // correct passphrase - } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); + QVERIFY(!key.isNull()); // correct passphrase } +} +void tst_QSslKey::noPassphraseChecks() +{ + // be sure and check a key without passphrase too + QString fileName(testDataDir + "/rsa-without-passphrase.pem"); + QFile keyFile(fileName); { - // be sure and check a key without passphrase too - QString fileName(testDataDir + "/rsa-without-passphrase.pem"); - QFile keyFile(fileName); - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); - QVERIFY(!key.isNull()); // null passphrase => should be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); - QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); - QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work - } + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); // null passphrase => should be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key + } +#ifdef QT_NO_OPENSSL + QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); +#endif + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); + QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work } } -- cgit v1.2.3