From patchwork Wed Mar 15 01:35:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 10 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:2310:b0:9f:bfa4:120f with SMTP id r16csp2700347dye; Tue, 14 Mar 2023 18:36:21 -0700 (PDT) X-Google-Smtp-Source: AK7set9N6hV+Mat+aXgkCd/dLDbmod8zhCVpA4vUdc2hKh9Z8FtrOYjnkuBYUA9y0M6duoy2lDYp X-Received: by 2002:a05:6a20:258c:b0:cd:5334:e25e with SMTP id k12-20020a056a20258c00b000cd5334e25emr39209852pzd.17.1678844181089; Tue, 14 Mar 2023 18:36:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1678844181; cv=none; d=google.com; s=arc-20160816; b=GUH8Ow+EG5nYl6a4IeI0dzkmOBj3HekJTNR6V2EBHH+ju3pH0ztI/hhnilC6R8yMqd MW9gq2+EI5n9gCctuJyxSIG9p4oHoSOBRJJ0seolehqNSLsl7V13LAOarYUEMvMcL8mx 7ltCTFz2izO4eGmJIddn+cdVP+13IsESr69rIYZGHxuoYtiDif08aiLmAi8E6AsoehyN M42y1c8eKSpmaLcZDgHlITrbf+48wZ3mz6in3THrZpprM6m4iMzjxZkdsoUkkxPe8Xkg SN7KUyQxc5M0uxXPtcTRrbfJ65iHWJt2+Hkq+bZ4vdUoUan5GrAlW40tjCw6dwI9T4Fh ZefA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=dYdLQFXnMcwmvfvj+qlZ4zujcYmKNF/qvZCJh3qE3GE=; b=PdR4NvusNsGu7whjjryCyfYZ32P7IoMPR/g1NG2LtmbGGGcTQM1YOnZdOSbD4YJ8lS AavjYO6thgKxxoNOmhpv9FiNqgVr/WIZ7UOpYlzae1TC55zdiOxaZ8sVSDOGhgh/JUX6 4xyIqQYaKKyerUkj8/sctTgNdyFhk8lvWb3siNFq6WA6hIYz4Oeaj8DUJ73E142NpB5i 8Lv4AEd4FX8/L7przRljrerDwXk0wx6aaLy0cFnxjcgm94qUQJbwjKY/z7aLTJHHCamM fbPbL6lx9C8Ks2rKwrvwXfIqgqhyFQG24cu4NAU/Aw2ThuPRnRy+8hi6M3elOuBGA2bl BBXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FHS3lCRl; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BJwBO4dA; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=AkLpq5lB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id b7-20020a656687000000b005033551a700si3554605pgw.438.2023.03.14.18.36.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Mar 2023 18:36:21 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FHS3lCRl; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=BJwBO4dA; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=AkLpq5lB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pcG38-0008O4-VP; Wed, 15 Mar 2023 01:35:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pcG38-0008Ny-0i for openvpn-devel@lists.sourceforge.net; Wed, 15 Mar 2023 01:35:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0aszoWjn4ODqhBLKFFxnNo7R7T+HSwAMwn9OmhdJjM4=; b=FHS3lCRlh3q6mqv7JbiFAPiu/x 6nvvJDhdx+3OGgKUA/DcHN4WKfnlgcUBleMWFWLf6vryWR0ubi61MyQokQb8KA9YXl5bOe2bndAAH 8MzHqbYtVV9D0xjHtmlSbXs5FxDx1u0srMhz6VmKfp4YVxyVZQFap+iO1UG0EdgWh0KE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=0aszoWjn4ODqhBLKFFxnNo7R7T+HSwAMwn9OmhdJjM4=; b=B JwBO4dA+ooW5+JOgFYjytMPUpNF7TgtlflRM+rVzI13ocYb0JmP/UwLvCvB2B0IDWn6VSV4ALAatC 0JHSS87/q0LaJYUojiuk1iJe03T8WY1o/U23erCVjZPMtnqZWjtb/OPJajvu31EfZIFzbrR5/277q a9wNuocnzjIOi9Zo=; Received: from mail-io1-f50.google.com ([209.85.166.50]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pcG35-0004Yg-BG for openvpn-devel@lists.sourceforge.net; Wed, 15 Mar 2023 01:35:30 +0000 Received: by mail-io1-f50.google.com with SMTP id o12so1218974iow.6 for ; Tue, 14 Mar 2023 18:35:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678844121; x=1681436121; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=0aszoWjn4ODqhBLKFFxnNo7R7T+HSwAMwn9OmhdJjM4=; b=AkLpq5lBIgIAADhjLwygt/UnmByPTS8FqN57WvuJFX6jlVGuWe/eLGHECdhbGICO9u 7k0IIkiJVcEWjm5QzJyWihMvkhndRdgTp96u3HZBDokmGT9BFI4cCiGsjcD3XcglrzZR 5iGrm0TXQu4LmDeRQZSliy4WP9huNFDaino9zI7lNRgBRJ+aGjOj5owSVSdZUBN22eoc tcAvSnZ8Bb6hHTMf7vTbvCACzh28pyUsJnFgIO1NHJWVEmpf6MDI2G+qvpsX72F2jpOf IXzSZRxcqhIxyjOFKnxRWaB5V1YxN3dStsawJeAEuHnmqsV/BMYPi+kr5R9XOGoFa5e8 7B1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678844121; x=1681436121; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0aszoWjn4ODqhBLKFFxnNo7R7T+HSwAMwn9OmhdJjM4=; b=CXqu8hzwv7gQxUWOMYBpwFZTnG8Rc7CtmdrypFK7QuEeNXVICg5yGivRlXoDhsxeqq oIzBdJJEPjuGNqT6XF8HVcGeGlHI64yXTJNemeROwk4GKvlTCwYDu7UuqECXvLoVn7t9 zONzb/wonLYoS1LRfdWJX6o0SuFfOVMtT3jyMVFzqaaEnk1/Eip/2i9L/4zSXhOvFalE czunvWetPtDE9Swz9yci2Ui5no+wOhh9iw5ifKETRIq/75v8PHkpR4APvgh+QMdd7i7x bLruqp36ScZVNnh0GOt850tEkMUqDKw627MwaeBi7WskCTNtMwfb4e4pyta+UQ714Z0P MR0Q== X-Gm-Message-State: AO0yUKWoPyeOURYee4oN+hs/8YzDRpmL7ZLlx4WrOpWrr2B5LA2R93rU tD92C3CyopM+4720jDAO4g3Fn43m0fk= X-Received: by 2002:a6b:f908:0:b0:74c:9cc4:647 with SMTP id j8-20020a6bf908000000b0074c9cc40647mr9211797iog.1.1678844121526; Tue, 14 Mar 2023 18:35:21 -0700 (PDT) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id g2-20020a02c542000000b004054d7eede5sm816709jaj.22.2023.03.14.18.35.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Mar 2023 18:35:21 -0700 (PDT) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Tue, 14 Mar 2023 21:35:12 -0400 Message-Id: <20230315013516.1256700-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Import some sample certificates into Windows store for testing - 4 test certificates&keys imported to user store and removed at the end. Add tests for finding certificates in Windows certficate store - test using SUBJ:, THUMB: and ISSUER: select-strings Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.50 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.50 listed in list.dnswl.org] X-Headers-End: 1pcG35-0004Yg-BG Subject: [Openvpn-devel] [PATCH 0/4] Add some tests for cryptoapi.c functions X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1760395715968303013?= X-GMAIL-MSGID: =?utf-8?q?1760395715968303013?= From: Selva Nair Import some sample certificates into Windows store for testing - 4 test certificates&keys imported to user store and removed at the end. Add tests for finding certificates in Windows certficate store - test using SUBJ:, THUMB: and ISSUER: select-strings Refactor SSL_CTX_use_CryptoAPI_certificate() - A minor reorganization avoids wrapping for the next test Add a test for signing with certificates in Windows store - Test loading keys into xkey-provider and sign a test message. The signature is then verified using OpenSSL. Sample output the test runs: https://github.com/selvanair/openvpn/actions/runs/4418774866/jobs/7746404938#step:8:1 src/openvpn/cryptoapi.c | 63 ++-- tests/unit_tests/openvpn/Makefile.am | 1 + tests/unit_tests/openvpn/cert_data.h | 166 +++++++++ tests/unit_tests/openvpn/test_cryptoapi.c | 429 +++++++++++++++++++++- 4 files changed, 635 insertions(+), 24 deletions(-) create mode 100644 tests/unit_tests/openvpn/cert_data.h