Grcov report - dtls_pki_client_server

1

// SPDX-License-Identifier: BSD-2-Clause

2

/*

3

 * dtls_rpk_client_server_test.rs - Tests for DTLS RPK clients+servers.

4

 * This file is part of the libcoap-rs crate, see the README and LICENSE files for

5

 * more information and terms of use.

6

 * Copyright © 2021-2024 The NAMIB Project Developers, all rights reserved.

7

 * See the README as well as the LICENSE file for more information.

8

*/

9

10

#![cfg(feature = "dtls-pki")]

11

12

use crate::common::dtls::dtls_client_server_request_common;

13

use libcoap_rs::crypto::pki_rpk::{Asn1PrivateKeyType, DerFileKeyComponent, NonCertVerifying, PkiRpkContextBuilder};

14

use libcoap_rs::crypto::pki_rpk::{Pki, PkiKeyDef};

15

use std::path::PathBuf;

16

17

mod common;

18

19

#[test]

20

3

pub fn dtls_pki_pem_file_client_server_request() {

21

3

    let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));

22

3

    let key_storage = manifest_dir.join("./resources/test-keys");

23

3

    let client_key = PkiKeyDef::with_pem_files(

24

3

        Some(key_storage.join("./ca/ca.crt.pem")),

25

3

        key_storage.join("./client/client.crt.pem"),

26

3

        key_storage.join("./client/client.key.pem"),

27

3

);

28

3

    let server_key = PkiKeyDef::with_pem_files(

29

3

        Some(key_storage.join("./ca/ca.crt.pem")),

30

3

        key_storage.join("./server/server.crt.pem"),

31

3

        key_storage.join("./server/server.key.pem"),

32

3

);

33

3

34

6

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

35

6

        ctx.verify_peer_cert().check_common_ca(true).build()

36

6

};

37

3

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

38

3

39

40

#[test]

41

3

pub fn dtls_pki_pem_memory_client_server_request() {

42

    const PEM_CA_CERT: &str = include_str!("../resources/test-keys/ca/ca.crt.pem");

43

    const PEM_CLIENT_PUBLIC_CERT: &str = include_str!("../resources/test-keys/client/client.crt.pem");

44

    const PEM_SERVER_PUBLIC_CERT: &str = include_str!("../resources/test-keys/server/server.crt.pem");

45

    const PEM_CLIENT_PRIVATE_KEY: &str = include_str!("../resources/test-keys/client/client.key.pem");

46

    const PEM_SERVER_PRIVATE_KEY: &str = include_str!("../resources/test-keys/server/server.key.pem");

47

3

    let client_key = PkiKeyDef::with_pem_memory(

48

3

        Some(Vec::from(PEM_CA_CERT)),

49

3

        Vec::from(PEM_CLIENT_PUBLIC_CERT),

50

3

        Vec::from(PEM_CLIENT_PRIVATE_KEY),

51

3

);

52

3

    let server_key = PkiKeyDef::with_pem_memory(

53

3

        Some(Vec::from(PEM_CA_CERT)),

54

3

        Vec::from(PEM_SERVER_PUBLIC_CERT),

55

3

        Vec::from(PEM_SERVER_PRIVATE_KEY),

56

3

);

57

3

58

6

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

59

6

        ctx.verify_peer_cert().check_common_ca(true).build()

60

6

};

61

3

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

62

3

63

64

#[test]

65

3

pub fn dtls_pki_asn1_file_client_server_request() {

66

3

    let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));

67

3

    let key_storage = manifest_dir.join("./resources/test-keys");

68

3

    let client_key = PkiKeyDef::with_asn1_files(

69

3

        None::<DerFileKeyComponent>,

70

3

        key_storage.join("./client/client.crt.der"),

71

3

        key_storage.join("./client/client.key.der"),

72

3

        Asn1PrivateKeyType::Ec,

73

3

);

74

3

    let server_key = PkiKeyDef::with_asn1_files(

75

3

        // For some inexplicable reason, setting the CA cert fails _only_ with ASN1 files using the

76

3

        // OpenSSL library.

77

3

        // I'm pretty sure this is a libcoap issue, so we'll not set the CA cert there for now.

78

3

        #[cfg(not(feature = "dtls_openssl"))]

79

3

        Some(key_storage.join("./ca/ca.crt.der")),

80

3

        #[cfg(feature = "dtls_openssl")]

81

3

        None::<DerFileKeyComponent>,

82

3

        key_storage.join("./server/server.crt.der"),

83

3

        key_storage.join("./server/server.key.der"),

84

3

        Asn1PrivateKeyType::Ec,

85

3

);

86

3

87

6

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

88

6

        ctx.verify_peer_cert().check_common_ca(true).build()

89

6

};

90

3

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

91

3

92

93

#[test]

94

// GnuTLS does not like DER-encoded EC keys from memory (for some reason. Loading them from files as

95

// done in the test above works fine).

96

#[cfg(not(feature = "dtls_gnutls"))]

97

2

pub fn dtls_pki_asn1_memory_client_server_request() {

98

    const DER_CA_CERT: &[u8] = include_bytes!("../resources/test-keys/ca/ca.crt.der");

99

    const DER_CLIENT_PUBLIC_CERT: &[u8] = include_bytes!("../resources/test-keys/client/client.crt.der");

100

    const DER_SERVER_PUBLIC_CERT: &[u8] = include_bytes!("../resources/test-keys/server/server.crt.der");

101

    const DER_CLIENT_PRIVATE_KEY: &[u8] = include_bytes!("../resources/test-keys/client/client.key.der");

102

    const DER_SERVER_PRIVATE_KEY: &[u8] = include_bytes!("../resources/test-keys/server/server.key.der");

103

2

    let client_key = PkiKeyDef::with_asn1_memory(

104

2

        Some(Vec::from(DER_CA_CERT)),

105

2

        Vec::from(DER_CLIENT_PUBLIC_CERT),

106

2

        Vec::from(DER_CLIENT_PRIVATE_KEY),

107

2

        Asn1PrivateKeyType::Ec,

108

2

);

109

2

    let server_key = PkiKeyDef::with_asn1_memory(

110

2

        Some(Vec::from(DER_CA_CERT)),

111

2

        Vec::from(DER_SERVER_PUBLIC_CERT),

112

2

        Vec::from(DER_SERVER_PRIVATE_KEY),

113

2

        Asn1PrivateKeyType::Ec,

114

2

);

115

2

116

4

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

117

4

        ctx.verify_peer_cert().check_common_ca(true).build()

118

4

};

119

2

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

120

2