From 2fd0afc1f87edf28295caeaeb8a830d888a3e81b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= Date: Sat, 30 Aug 2014 12:26:19 +0200 Subject: ssl: add a test for 3DES encrypted keys This adds a test for 3DES encrypted keys in addition to the current DES encrypted keys. Change-Id: I229e3ef710e9ee23efa2a3275b89d958491de4a2 Reviewed-by: Richard J. Moore --- .../ssl/qsslkey/rsa-with-passphrase-3des.pem | 18 +++ .../ssl/qsslkey/rsa-with-passphrase-des.pem | 18 +++ .../network/ssl/qsslkey/rsa-with-passphrase.pem | 18 --- tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp | 139 +++++++++++---------- 4 files changed, 112 insertions(+), 81 deletions(-) create mode 100644 tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem create mode 100644 tests/auto/network/ssl/qsslkey/rsa-with-passphrase-des.pem delete mode 100644 tests/auto/network/ssl/qsslkey/rsa-with-passphrase.pem (limited to 'tests') diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem new file mode 100644 index 0000000000..6f04c0615a --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-3des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,8963B71DA5F406B2 + +95nMwjY/6wRlQU/F09WlGniwxkqct0Kr4/75stXAYJU/i56dyWHN22xJFB2SGaRO +Bi2g+hQnczyQ9qCpdxIzHvTo9Z1yRRdSZxtsdw57ZDYo9xtoRXQdNFCb1gbsSrlf +yZNRKueRCr/TFcxYcrZveUWwEssuZbztNW+deF/NSz35XJrI2C6MwTdm+lDTN6lS +AI/F7bGB0k+9nlIHNVgXPLnGOStIWhbTBbYtGryh0j/y913dtZX1djUHHmGCdEP6 +7WnfoD4v+5ux1YFb051xJJP+3lRE4evXJe0vzZAs5Lqy3qta/uwc3nV2oERursCM +roWkjZkP6TPAMFmkgQu1eHViL1u5CD+mYD/wDj2YwCIh8U2A5BN8KqM0N4bLEoPI +dcW2Pu60VEpMyeSKOSIyJsvT7F9M9/FpyNg5QW4BfrZNkVb/d7NROu/Lg5Oy4uf9 +a38tTgrQFQXcZFHbnTKD6VabCsZnVK0mFsEloUaTYalLTB6+C+jh7q3D08Re2OAB +g9yQshBx5DreOL4Y6rb1N6DqUqem4FqKbPP+x6URSf4SrXvH4jkBkk2AiQjc0oWl +5qvUt11LQOEMdvajlRicjlMm9KtV6+jRuSIeKgZqLpyja/4l+mX+G2X4pCbOiHFV +I5mRLLb3Cn7JEv6XlAZ1sjRZX7iS7sWFi3pzj6/i5JiH6RiQPHRmygrEUPdtD6J7 +d1W+fEh/osK+lB5Faa82oWrwxbdtgrNhKdQp1dkGezHe6WpBv8iMbTqXMBJHH/Pj +/hFc4FkZMYEZwKEVQ2Cyjq9kzKLnAS9s6x6PchagmNL20b5liB7V/w== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-des.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-des.pem new file mode 100644 index 0000000000..cb29becc31 --- /dev/null +++ b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase-des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,36BD1242254C5E1E + +sqt8qlQfkjJiz0djd0WYjhN/IGxA/nU/wVKuf5RWDAghDBrABzJ3dU4Jh1WIsS4+ +f22TBr6fwgjpPxGkt361Z9oxon/QeyBZLFtyUxnFSqZcVMMR3vndtMyYJbVKjRm1 +lvF3BjFWNh6+SZe20cut2GiUJDqhw7RbjaAN6LaCpFqwusY6vbjW6vzB8ezDvLou +5jQAkwArGoI0KqUMwBOYukiWdBA0iERavspKGRnB3mGtgv5ziTEFzx58mn1Lv3Qs +LYQqTYgzpFyAMP9SZaRv4m/y5O9foAXnlh0GhmDWBQ2D5flwZqrIAzoJ5BcZKU6/ +HJCh4snw3kheeE8NhrlzypEONedvu4ifUbqN5idMU7S4t40NAmQ/dF0Z4wDen/M/ +iFbt5tTWh6sXK82XzJtAfprH07odtJHK7CMeurCi5BupmnLtPbUrl6hpKItBzu+g +7MB5AyNk548V9Y8+kKBtEG5EgYZrMYX4yqQ+Z8F1hy0UUMXu9cAnO06OTavxLtWJ +ikmwYJNy421Hj+oZVSagCUILQyUfgx6fXWwDRqy/stlX+hpPPjVmd/A2WBm5x/Sf +5CGfUtddZRuAZpChBXV6a/R+nMzDXhkKl4XTkN8hg3yXLY6xy3CR3RIYDlKkn85y +VziP32V6Bc8ucGifsZLNnvj8CFXTZP+8CWun9yLSkcq+wm4cQOLswztEMA8bbPJQ +g7Gp59BC4ofN5bMZ1R1z+l96x+YMY9btkyjE1uEyRT88dHwxnkhC5AKBx2P6sg0C +doe5Dh8Ny5Ic24ibwyvZbAS46tSVdha7ACGnGXV4Z3iqBfN0b0UNmw== +-----END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase.pem b/tests/auto/network/ssl/qsslkey/rsa-with-passphrase.pem deleted file mode 100644 index cb29becc31..0000000000 --- a/tests/auto/network/ssl/qsslkey/rsa-with-passphrase.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,36BD1242254C5E1E - -sqt8qlQfkjJiz0djd0WYjhN/IGxA/nU/wVKuf5RWDAghDBrABzJ3dU4Jh1WIsS4+ -f22TBr6fwgjpPxGkt361Z9oxon/QeyBZLFtyUxnFSqZcVMMR3vndtMyYJbVKjRm1 -lvF3BjFWNh6+SZe20cut2GiUJDqhw7RbjaAN6LaCpFqwusY6vbjW6vzB8ezDvLou -5jQAkwArGoI0KqUMwBOYukiWdBA0iERavspKGRnB3mGtgv5ziTEFzx58mn1Lv3Qs -LYQqTYgzpFyAMP9SZaRv4m/y5O9foAXnlh0GhmDWBQ2D5flwZqrIAzoJ5BcZKU6/ -HJCh4snw3kheeE8NhrlzypEONedvu4ifUbqN5idMU7S4t40NAmQ/dF0Z4wDen/M/ -iFbt5tTWh6sXK82XzJtAfprH07odtJHK7CMeurCi5BupmnLtPbUrl6hpKItBzu+g -7MB5AyNk548V9Y8+kKBtEG5EgYZrMYX4yqQ+Z8F1hy0UUMXu9cAnO06OTavxLtWJ -ikmwYJNy421Hj+oZVSagCUILQyUfgx6fXWwDRqy/stlX+hpPPjVmd/A2WBm5x/Sf -5CGfUtddZRuAZpChBXV6a/R+nMzDXhkKl4XTkN8hg3yXLY6xy3CR3RIYDlKkn85y -VziP32V6Bc8ucGifsZLNnvj8CFXTZP+8CWun9yLSkcq+wm4cQOLswztEMA8bbPJQ -g7Gp59BC4ofN5bMZ1R1z+l96x+YMY9btkyjE1uEyRT88dHwxnkhC5AKBx2P6sg0C -doe5Dh8Ny5Ic24ibwyvZbAS46tSVdha7ACGnGXV4Z3iqBfN0b0UNmw== ------END RSA PRIVATE KEY----- diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index 445fdc7df4..ebe9f0f4d2 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -87,7 +87,9 @@ private slots: void toEncryptedPemOrDer_data(); void toEncryptedPemOrDer(); + void passphraseChecks_data(); void passphraseChecks(); + void noPassphraseChecks(); #endif private: QString testDataDir; @@ -347,77 +349,88 @@ void tst_QSslKey::toEncryptedPemOrDer() // ### add a test to verify that public keys are _decrypted_ correctly (by the ctor) } +void tst_QSslKey::passphraseChecks_data() +{ + QTest::addColumn("fileName"); + + QTest::newRow("DES") << QString(testDataDir + "/rsa-with-passphrase-des.pem"); + QTest::newRow("3DES") << QString(testDataDir + "/rsa-with-passphrase-3des.pem"); +} + void tst_QSslKey::passphraseChecks() { + QFETCH(QString, fileName); + + QFile keyFile(fileName); + QVERIFY(keyFile.exists()); { - QString fileName(testDataDir + "/rsa-with-passphrase.pem"); - QFile keyFile(fileName); - QVERIFY(keyFile.exists()); - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); - QVERIFY(key.isNull()); // null passphrase => should not be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); - QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); - QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key - } + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(key.isNull()); // null passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(key.isNull()); // empty passphrase => should not be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); + QVERIFY(key.isNull()); // wrong passphrase => should not be able to decode key + } #ifdef QT_NO_OPENSSL - QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); + QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); #endif - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); - QVERIFY(!key.isNull()); // correct passphrase - } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "123"); + QVERIFY(!key.isNull()); // correct passphrase } +} +void tst_QSslKey::noPassphraseChecks() +{ + // be sure and check a key without passphrase too + QString fileName(testDataDir + "/rsa-without-passphrase.pem"); + QFile keyFile(fileName); { - // be sure and check a key without passphrase too - QString fileName(testDataDir + "/rsa-without-passphrase.pem"); - QFile keyFile(fileName); - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); - QVERIFY(!key.isNull()); // null passphrase => should be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); - QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key - } - { - if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); - else - keyFile.reset(); - QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); - QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work - } + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); + QVERIFY(!key.isNull()); // null passphrase => should be able to decode key + } + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); + QVERIFY(!key.isNull()); // empty passphrase => should be able to decode key + } +#ifdef QT_NO_OPENSSL + QEXPECT_FAIL("", "Encrypted keys require support from the SSL backend", Abort); +#endif + { + if (!keyFile.isOpen()) + keyFile.open(QIODevice::ReadOnly); + else + keyFile.reset(); + QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); + QVERIFY(!key.isNull()); // passphrase given but key is not encrypted anyway => should work } } -- cgit v1.2.3