crypto: Add test for match_cert_to_template()

Also make test_x509() parametrized and add test_x509_rsa() Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
keylime · Feb 26, 2024 · 977ef7e · 977ef7e
1 parent 03c7164
commit 977ef7e
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 4 deletions.
diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -7,4 +7,6 @@
 [allowlist]
   paths = [
     '''test-data/test-rsa.pem''',
+    '''keylime/test-data/test-rsa.pem''',
+    '''keylime/test-data/prime256v1.pem''',
   ]
diff --git a/keylime/src/crypto.rs b/keylime/src/crypto.rs
@@ -1388,12 +1388,9 @@ mod tests {
         assert_eq!(hex, "db9b1cd3262dee37756a09b9064973589847caa8e53d31a9d142ea2701b1b28abd97838bb9a27068ba305dc8d04a45a1fcf079de54d607666996b3cc54f6b67c");
     }
 
-    #[test]
-    fn test_x509() {
+    fn test_x509(privkey: PKey<Private>, pubkey: PKey<Public>) {
         let tempdir = tempfile::tempdir().unwrap(); //#[allow_ci]
 
-        let (_pubkey, privkey) = rsa_generate_pair(2048).unwrap(); //#[allow_ci]
-
         let r = generate_x509(&privkey, "uuidA");
         assert!(r.is_ok());
         let cert_a = r.unwrap(); //#[allow_ci]
@@ -1466,4 +1463,32 @@ mod tests {
         let r = generate_tls_context(&loaded_a, &privkey, loaded_list);
         assert!(r.is_ok());
     }
+
+    #[test]
+    fn test_x509_rsa() {
+        let (pubkey, privkey) = rsa_generate_pair(2048).unwrap(); //#[allow_ci]
+
+        test_x509(privkey, pubkey);
+    }
+
+    #[test]
+    fn test_match_cert_to_template() {
+        for (file_name, template) in
+            [("test-cert.pem", "H-1"), ("prime256v1.cert.pem", "H-5")]
+        {
+            let cert_path = Path::new(env!("CARGO_MANIFEST_DIR"))
+                .join("test-data")
+                .join(file_name);
+
+            let r = load_x509_pem(&cert_path);
+            assert!(r.is_ok());
+
+            let cert = r.unwrap(); //#[allow_ci]
+
+            let r = match_cert_to_template(&cert);
+            assert!(r.is_ok());
+            let s = r.unwrap(); //#[allow_ci]
+            assert_eq!(s, template);
+        }
+    }
 }
diff --git a/keylime/test-data/prime256v1.cert.pem b/keylime/test-data/prime256v1.cert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFKDCCAxCgAwIBAgICEAIwDQYJKoZIhvcNAQEMBQAwWjELMAkGA1UEBhMCR0Ix
+EDAOBgNVBAgMB0VuZ2xhbmQxFjAUBgNVBAoMDUtleWxpbWUgVGVzdHMxITAfBgNV
+BAsMGEtleWxpbWUgVGVzdHMgSURldklEIElBSzAeFw0yNDAyMDkxNzA1NDNaFw0y
+NjExMDQxNzA1NDNaMIGjMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5nbGFuZDEV
+MBMGA1UEBwwMRGVmYXVsdCBDaXR5MRYwFAYDVQQKDA1LZXlsaW1lIFRlc3RzMSEw
+HwYDVQQLDBhLZXlsaW1lIFRlc3RzIElEZXZJRCBJQUsxEzARBgNVBAMMCnByaW1l
+MjU2djExGzAZBgkqhkiG9w0BCQEWDHByaW1lQDI1Ni52MTBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABP8NOjf+hsV1K4TS4BwiLYsUI6rfGp0gru1hXIztoNRtz8sR
+rSGD+pypc3pp++rsjO+QgtFpk/+Wt12ijWNslaujggF3MIIBczAJBgNVHRMEAjAA
+MBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5l
+cmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTl0udpJzE+J2XwqSLa
+S6Aa1r3FHjBgBgNVHSMEWTBXgBTMmxEZjh+joMUGhuAc0t+rk343y6E7pDkwNzEL
+MAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxFjAUBgNVBAoMDUtleWxpbWUg
+VGVzdHOCAhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATB4
+BgNVHREEcTBvoG0GCCsGAQUFBwgEoGEwXwYFZ4EFAQIEVlNUAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBDAUAA4ICAQCf4u72
+8q+ltmSAcuFSs0slyMdFCI0eRIxzzKxdJDtPgBgNFNZiGlAAaux17k9G5uuLnQ8V
+H/yL0n5CUkW3yNz/9YuT4fGFRoEuSS07SeGlqS5akIeaFFUEH0eO4YMhZ+3sSCZF
+0Glo6urZnT5uTTs9J4DGktRlxeSsANfaKnDb3PUxKgY62ve+F4BvslQK2qTsk1Ve
+vDipLAwvjSPAZug07y7NWCr7p/or5kQq6eV9IWfDI9xYcJNpDEuyYFojZ6+XTQQJ
+nxH/FY2vgjx24Vht+Pz16xSpzOpl/ZNPaCF5pybT91bjB6MyBdfbWrLMjxIDjtPK
+hOqdIDH9sqDDPHgWum6xdYv2RXVNHMLdFxzrvqzN1AInLaFBwgkyhh3nhqhsERAq
+tpDTnOeaIQXCaYezx0A4iKGq4GOssrJx+ebbpRUzpPLT1lAghlEMnRHjZzMAzuJ3
+r+rB9t1eyxKEQMWgC5qIW05ExeIpOn2a16YjkCgW1UUY+SkHpOm19GuGXgau/M3y
+h9RwO9YkDCTfK/O6JhG0QNUGjNBx49VSE/Z+0B5fdmhLDJwjN5ajO6hoy5n3NrEy
+L0VaXwhlOKMnc/C45pOfknz/3rHPv22dazLe5yKht1x6dOUGKmgP9H27naeHYEn8
+d5D/jJkoFFnifMJ8Tji1CsloIcNHnN381tgh2Q==
+-----END CERTIFICATE-----
diff --git a/keylime/test-data/prime256v1.pem b/keylime/test-data/prime256v1.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICJWrrdTKyFA/pCrmbA9rPkmDz/WMBEmwqtxiLA2+8e3oAoGCCqGSM49
+AwEHoUQDQgAE/w06N/6GxXUrhNLgHCItixQjqt8anSCu7WFcjO2g1G3PyxGtIYP6
+nKlzemn76uyM75CC0WmT/5a3XaKNY2yVqw==
+-----END EC PRIVATE KEY-----
diff --git a/keylime/test-data/test-cert.pem b/keylime/test-data/test-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIUMdvVLurhVJw+zgZU+tDkLs5Gzo0wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHa2V5bGltZTAeFw0yMjAxMjYxNjM3NTRaFw0yMzAxMjYx
+NjM3NTRaMBIxEDAOBgNVBAMMB2tleWxpbWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDtx7FvpgAvcF46+UwVoETA+KmWrzPtpzai8BTmF4oOOX3GXMtp
+vtjDFCYVvmbUWeQN8LqMBKoJ0O9mzB82FtXZAggSMoIy8Gimcq0TqSNCWFRs61Ho
+KlkeJk5gcmgG1DiMzQ6Cp+A71aKrgheaxe4t44KkP6YldF6UAWduzUL3oJQ7QsQj
+IWA5i0fZu+ZyTqImo9NzN20KqMCawtvCXjwUmA4qVPGgne6S0GggCnTdd7LAb15/
+XPexmu+OWMH8pcfzp4wTlqar/cfJpKnb5aaemOzwwIhEMfp4gTfXyVKMP+3qCp77
+KwbUyXDIMXBWssig85z7aGwVUmA00rQz5REfAgMBAAGjUzBRMB0GA1UdDgQWBBTw
+nW9LUu8SeBOQJcL0MHkxxiMhejAfBgNVHSMEGDAWgBTwnW9LUu8SeBOQJcL0MHkx
+xiMhejAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB7DSJa3I75
+e4Zgdmvzt9CUqvgxTUb2gzevXBk3QZclBogNXDoQNYYm1eifZ8PGNj14kDBwPWQi
+rt0hB99O0eety5qUj7ro8lRzd7uZ/TrDGyt/mUJt05DU4zeH9mLLspQFfQqq18sO
+5ytnqfrLANV+a8WUgqj/e12pkIvPfzlm8UUKW8qniEdiyVvh1MW8lmnJnlGk0AJn
+fpdJO1jc+1c+MTngHN/K81e8Irn+Z9pR6xOmGpZdypnQfLJpHzCyE5vpLQEVxd28
+3kts+VSvxSz1kaKI15mZHykWZ+L1DGYRG9Oopz49uPb9VjqUrSiWjc2lviLbEPeb
+pJmGJUTwt5ea
+-----END CERTIFICATE-----