From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Juan Quintela" <quintela@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Peter Xu" <peterx@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: [PATCH v2 05/18] tests: add more helper macros for creating TLS x509 certs
Date: Thu, 10 Mar 2022 17:18:08 +0000 [thread overview]
Message-ID: <20220310171821.3724080-6-berrange@redhat.com> (raw)
In-Reply-To: <20220310171821.3724080-1-berrange@redhat.com>
These macros are more suited to the general consumers of certs in the
test suite, where we don't need to exercise every single possible
permutation.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/unit/crypto-tls-x509-helpers.h | 53 ++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/tests/unit/crypto-tls-x509-helpers.h b/tests/unit/crypto-tls-x509-helpers.h
index cf6329e653..247e7160eb 100644
--- a/tests/unit/crypto-tls-x509-helpers.h
+++ b/tests/unit/crypto-tls-x509-helpers.h
@@ -26,6 +26,9 @@
#include <libtasn1.h>
+#define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client"
+#define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client"
+
/*
* This contains parameter about how to generate
* certificates.
@@ -118,6 +121,56 @@ void test_tls_cleanup(const char *keyfile);
}; \
test_tls_generate_cert(&varname, NULL)
+# define TLS_ROOT_REQ_SIMPLE(varname, fname) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = "qemu-CA", \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = true, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = GNUTLS_KEY_KEY_CERT_SIGN, \
+ }; \
+ test_tls_generate_cert(&varname, NULL)
+
+# define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = cname, \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = false, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = \
+ GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
+ .keyPurposeEnable = true, \
+ .keyPurposeCritical = true, \
+ .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_CLIENT, \
+ }; \
+ test_tls_generate_cert(&varname, cavarname.crt)
+
+# define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \
+ hostname, ipaddr) \
+ QCryptoTLSTestCertReq varname = { \
+ .filename = fname, \
+ .cn = hostname ? hostname : ipaddr, \
+ .altname1 = hostname, \
+ .ipaddr1 = ipaddr, \
+ .basicConstraintsEnable = true, \
+ .basicConstraintsCritical = true, \
+ .basicConstraintsIsCA = false, \
+ .keyUsageEnable = true, \
+ .keyUsageCritical = true, \
+ .keyUsageValue = \
+ GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \
+ .keyPurposeEnable = true, \
+ .keyPurposeCritical = true, \
+ .keyPurposeOID1 = GNUTLS_KP_TLS_WWW_SERVER, \
+ }; \
+ test_tls_generate_cert(&varname, cavarname.crt)
+
extern const asn1_static_node pkix_asn1_tab[];
#endif
--
2.34.1
next prev parent reply other threads:[~2022-03-10 17:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-10 17:18 [PATCH v2 00/18] tests: introduce testing coverage for TLS with migration Daniel P. Berrangé
2022-03-10 17:18 ` [PATCH v2 01/18] tests: fix encoding of IP addresses in x509 certs Daniel P. Berrangé
2022-03-10 17:18 ` [PATCH v2 02/18] tests: improve error message when saving TLS PSK file fails Daniel P. Berrangé
2022-03-10 17:18 ` [PATCH v2 03/18] tests: support QTEST_TRACE env variable Daniel P. Berrangé
2022-03-11 10:04 ` Juan Quintela
2022-03-10 17:18 ` [PATCH v2 04/18] tests: print newline after QMP response in qtest logs Daniel P. Berrangé
2022-03-11 1:48 ` Peter Xu
2022-03-11 10:05 ` Juan Quintela
2022-03-10 17:18 ` Daniel P. Berrangé [this message]
2022-03-10 17:18 ` [PATCH v2 06/18 for-7.0] migration: fix use of TLS PSK credentials with a UNIX socket Daniel P. Berrangé
2022-03-11 10:07 ` Juan Quintela
2022-03-10 17:18 ` [PATCH v2 07/18] tests: switch MigrateStart struct to be stack allocated Daniel P. Berrangé
2022-03-11 1:48 ` Peter Xu
2022-03-10 17:18 ` [PATCH v2 08/18] tests: merge code for UNIX and TCP migration pre-copy tests Daniel P. Berrangé
2022-03-11 1:48 ` Peter Xu
2022-03-10 17:18 ` [PATCH v2 09/18] tests: introduce ability to provide hooks for migration precopy test Daniel P. Berrangé
2022-03-11 1:49 ` Peter Xu
2022-03-10 17:18 ` [PATCH v2 10/18] tests: switch migration FD passing test to use common precopy helper Daniel P. Berrangé
2022-03-11 1:49 ` Peter Xu
2022-03-10 17:18 ` [PATCH v2 11/18] tests: expand the migration precopy helper to support failures Daniel P. Berrangé
2022-03-11 1:50 ` Peter Xu
2022-03-10 17:18 ` [PATCH v2 12/18] tests: add migration tests of TLS with PSK credentials Daniel P. Berrangé
2022-03-10 17:18 ` [PATCH v2 13/18] tests: add migration tests of TLS with x509 credentials Daniel P. Berrangé
2022-11-11 7:56 ` Thomas Huth
2022-11-11 9:12 ` Daniel P. Berrangé
2022-03-10 17:18 ` [PATCH v2 14/18] tests: convert XBZRLE migration test to use common helper Daniel P. Berrangé
2022-03-11 1:50 ` Peter Xu
2022-03-10 17:18 ` [PATCH v2 15/18] tests: convert multifd migration tests " Daniel P. Berrangé
2022-03-11 1:50 ` Peter Xu
2022-03-10 17:18 ` [PATCH v2 16/18] tests: add multifd migration tests of TLS with PSK credentials Daniel P. Berrangé
2022-03-10 17:18 ` [PATCH v2 17/18] tests: add multifd migration tests of TLS with x509 credentials Daniel P. Berrangé
2022-03-10 17:18 ` [PATCH v2 18/18] tests: ensure migration status isn't reported as failed Daniel P. Berrangé
2022-03-11 1:58 ` [PATCH v2 00/18] tests: introduce testing coverage for TLS with migration Peter Xu
2022-03-30 17:17 ` Daniel P. Berrangé
2022-03-30 19:40 ` Juan Quintela
2022-04-21 11:25 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220310171821.3724080-6-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).