Grcov report - dtls_pki_client_server

1

// SPDX-License-Identifier: BSD-2-Clause

2

/*

3

 * Copyright © The libcoap-rs Contributors, all rights reserved.

4

 * This file is part of the libcoap-rs project, see the README file for

5

 * general information on this project and the NOTICE.md and LICENSE files

6

 * for information regarding copyright ownership and terms of use.

7

8

 * tests/dtls_rpk_client_server_test.rs - Tests for DTLS PKI clients+servers.

9

*/

10

11

#![cfg(feature = "dtls-pki")]

12

13

use std::path::PathBuf;

14

15

use libcoap_rs::crypto::pki_rpk::{

16

    Asn1PrivateKeyType, DerFileKeyComponent, NonCertVerifying, Pki, PkiKeyDef, PkiRpkContextBuilder,

17

};

18

19

use crate::common::dtls::dtls_client_server_request_common;

20

21

mod common;

22

23

#[test]

24

3

pub fn dtls_pki_pem_file_client_server_request() {

25

3

    let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));

26

3

    let key_storage = manifest_dir.join("./resources/test-keys");

27

3

    let client_key = PkiKeyDef::with_pem_files(

28

3

        Some(key_storage.join("./ca/ca.crt.pem")),

29

3

        key_storage.join("./client/client.crt.pem"),

30

3

        key_storage.join("./client/client.key.pem"),

31

3

);

32

3

    let server_key = PkiKeyDef::with_pem_files(

33

3

        Some(key_storage.join("./ca/ca.crt.pem")),

34

3

        key_storage.join("./server/server.crt.pem"),

35

3

        key_storage.join("./server/server.key.pem"),

36

3

);

37

3

38

6

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

39

6

        ctx.verify_peer_cert().check_common_ca(true).build()

40

6

};

41

3

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

42

3

43

44

#[test]

45

3

pub fn dtls_pki_pem_memory_client_server_request() {

46

    const PEM_CA_CERT: &str = include_str!("../resources/test-keys/ca/ca.crt.pem");

47

    const PEM_CLIENT_PUBLIC_CERT: &str = include_str!("../resources/test-keys/client/client.crt.pem");

48

    const PEM_SERVER_PUBLIC_CERT: &str = include_str!("../resources/test-keys/server/server.crt.pem");

49

    const PEM_CLIENT_PRIVATE_KEY: &str = include_str!("../resources/test-keys/client/client.key.pem");

50

    const PEM_SERVER_PRIVATE_KEY: &str = include_str!("../resources/test-keys/server/server.key.pem");

51

3

    let client_key = PkiKeyDef::with_pem_memory(

52

3

        Some(Vec::from(PEM_CA_CERT)),

53

3

        Vec::from(PEM_CLIENT_PUBLIC_CERT),

54

3

        Vec::from(PEM_CLIENT_PRIVATE_KEY),

55

3

);

56

3

    let server_key = PkiKeyDef::with_pem_memory(

57

3

        Some(Vec::from(PEM_CA_CERT)),

58

3

        Vec::from(PEM_SERVER_PUBLIC_CERT),

59

3

        Vec::from(PEM_SERVER_PRIVATE_KEY),

60

3

);

61

3

62

6

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

63

6

        ctx.verify_peer_cert().check_common_ca(true).build()

64

6

};

65

3

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

66

3

67

68

#[test]

69

3

pub fn dtls_pki_asn1_file_client_server_request() {

70

3

    let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));

71

3

    let key_storage = manifest_dir.join("./resources/test-keys");

72

3

    let client_key = PkiKeyDef::with_asn1_files(

73

3

        None::<DerFileKeyComponent>,

74

3

        key_storage.join("./client/client.crt.der"),

75

3

        key_storage.join("./client/client.key.der"),

76

3

        Asn1PrivateKeyType::Ec,

77

3

);

78

3

    let server_key = PkiKeyDef::with_asn1_files(

79

3

        // For some inexplicable reason, setting the CA cert fails _only_ with ASN1 files using the

80

3

        // OpenSSL library.

81

3

        // I'm pretty sure this is a libcoap issue, so we'll not set the CA cert there for now.

82

3

        #[cfg(not(dtls_backend = "openssl"))]

83

3

        Some(key_storage.join("./ca/ca.crt.der")),

84

3

        #[cfg(dtls_backend = "openssl")]

85

3

        None::<DerFileKeyComponent>,

86

3

        key_storage.join("./server/server.crt.der"),

87

3

        key_storage.join("./server/server.key.der"),

88

3

        Asn1PrivateKeyType::Ec,

89

3

);

90

3

91

6

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

92

6

        ctx.verify_peer_cert().check_common_ca(true).build()

93

6

};

94

3

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

95

3

96

97

#[test]

98

// GnuTLS does not like DER-encoded EC keys from memory (for some reason. Loading them from files as

99

// done in the test above works fine).

100

#[cfg_attr(dtls_backend = "gnutls", ignore)]

101

2

pub fn dtls_pki_asn1_memory_client_server_request() {

102

    const DER_CA_CERT: &[u8] = include_bytes!("../resources/test-keys/ca/ca.crt.der");

103

    const DER_CLIENT_PUBLIC_CERT: &[u8] = include_bytes!("../resources/test-keys/client/client.crt.der");

104

    const DER_SERVER_PUBLIC_CERT: &[u8] = include_bytes!("../resources/test-keys/server/server.crt.der");

105

    const DER_CLIENT_PRIVATE_KEY: &[u8] = include_bytes!("../resources/test-keys/client/client.key.der");

106

    const DER_SERVER_PRIVATE_KEY: &[u8] = include_bytes!("../resources/test-keys/server/server.key.der");

107

2

    let client_key = PkiKeyDef::with_asn1_memory(

108

2

        Some(Vec::from(DER_CA_CERT)),

109

2

        Vec::from(DER_CLIENT_PUBLIC_CERT),

110

2

        Vec::from(DER_CLIENT_PRIVATE_KEY),

111

2

        Asn1PrivateKeyType::Ec,

112

2

);

113

2

    let server_key = PkiKeyDef::with_asn1_memory(

114

2

        Some(Vec::from(DER_CA_CERT)),

115

2

        Vec::from(DER_SERVER_PUBLIC_CERT),

116

2

        Vec::from(DER_SERVER_PRIVATE_KEY),

117

2

        Asn1PrivateKeyType::Ec,

118

2

);

119

2

120

4

    let ctx_configurator = |ctx: PkiRpkContextBuilder<'static, Pki, NonCertVerifying>| {

121

4

        ctx.verify_peer_cert().check_common_ca(true).build()

122

4

};

123

2

    dtls_client_server_request_common(client_key, server_key, ctx_configurator, ctx_configurator)

124

2