Skip to content

Commit

Permalink
Update keys and provide script to update them in the future
Browse files Browse the repository at this point in the history
as_bytes() needed everywhere since the nightly from CI is too old to have as_bytes() on const in keys.rs
  • Loading branch information
Adrian Cruceru committed Mar 14, 2021
1 parent 7750efa commit be93f8f
Show file tree
Hide file tree
Showing 16 changed files with 281 additions and 299 deletions.
18 changes: 9 additions & 9 deletions ct.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,19 @@ fi
if [ $TRAVIS_RUST_VERSION = "stable" ] || [ $TRAVIS_RUST_VERSION = "beta" ] || [ $TRAVIS_RUST_VERSION = "nightly" ]; then
rustup default $TRAVIS_RUST_VERSION
# make sure that explicitly providing the default target works
cargo test --target x86_64-unknown-linux-gnu
cargo test --features zlib
cargo test --features pkcs12
cargo test --features pkcs12_rc2
cargo test --features force_aesni_support
cargo test --features dsa
cargo test --target x86_64-unknown-linux-gnu -- --nocapture
cargo test --features zlib -- --nocapture
cargo test --features pkcs12 -- --nocapture
cargo test --features pkcs12_rc2 -- --nocapture
cargo test --features force_aesni_support -- --nocapture
cargo test --features dsa -- --nocapture

rustup target add --toolchain $TRAVIS_RUST_VERSION x86_64-fortanix-unknown-sgx
cargo +$TRAVIS_RUST_VERSION test --no-run --target=x86_64-fortanix-unknown-sgx
cargo +$TRAVIS_RUST_VERSION test --no-run --target=x86_64-fortanix-unknown-sgx -- --nocapture

elif [ $TRAVIS_RUST_VERSION = $CORE_IO_NIGHTLY ]; then
cargo +$CORE_IO_NIGHTLY test --no-default-features --features no_std_deps,rdrand,time
cargo +$CORE_IO_NIGHTLY test --no-default-features --features no_std_deps,rdrand
cargo +$CORE_IO_NIGHTLY test --no-default-features --features no_std_deps,rdrand,time -- --nocapture
cargo +$CORE_IO_NIGHTLY test --no-default-features --features no_std_deps,rdrand -- --nocapture

else
echo "Unknown version $TRAVIS_RUST_VERSION"
Expand Down
2 changes: 1 addition & 1 deletion mbedtls/examples/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ use support::keys;
fn result_main(addr: &str) -> TlsResult<()> {
let entropy = Arc::new(entropy_new());
let rng = Arc::new(CtrDrbg::new(entropy, None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT.as_bytes())?);
let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default);
config.set_rng(rng);
config.set_ca_list(cert, None);
Expand Down
4 changes: 2 additions & 2 deletions mbedtls/examples/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ fn listen<E, F: FnMut(TcpStream) -> Result<(), E>>(mut handle_client: F) -> Resu
fn result_main() -> TlsResult<()> {
let entropy = entropy_new();
let rng = Arc::new(CtrDrbg::new(Arc::new(entropy), None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT)?);
let key = Arc::new(Pk::from_private_key(keys::PEM_KEY, None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT.as_bytes())?);
let key = Arc::new(Pk::from_private_key(keys::PEM_KEY.as_bytes(), None)?);
let mut config = Config::new(Endpoint::Server, Transport::Stream, Preset::Default);
config.set_rng(rng);
config.push_cert(cert, key)?;
Expand Down
6 changes: 3 additions & 3 deletions mbedtls/tests/client_server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ fn client(
exp_version: Option<Version>) -> TlsResult<()> {
let entropy = Arc::new(entropy_new());
let rng = Arc::new(CtrDrbg::new(entropy, None)?);
let cacert = Arc::new(Certificate::from_pem_multiple(keys::ROOT_CA_CERT)?);
let cacert = Arc::new(Certificate::from_pem_multiple(keys::ROOT_CA_CERT.as_bytes())?);
let expected_flags = VerifyError::empty();
#[cfg(feature = "time")]
let expected_flags = expected_flags | VerifyError::CERT_EXPIRED;
Expand Down Expand Up @@ -90,8 +90,8 @@ fn server(
) -> TlsResult<()> {
let entropy = entropy_new();
let rng = Arc::new(CtrDrbg::new(Arc::new(entropy), None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::EXPIRED_CERT)?);
let key = Arc::new(Pk::from_private_key(keys::EXPIRED_KEY, None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::EXPIRED_CERT.as_bytes())?);
let key = Arc::new(Pk::from_private_key(keys::EXPIRED_KEY.as_bytes(), None)?);
let mut config = Config::new(Endpoint::Server, Transport::Stream, Preset::Default);
config.set_rng(rng);
config.set_min_version(min_version)?;
Expand Down
87 changes: 3 additions & 84 deletions mbedtls/tests/hyper.rs
Original file line number Diff line number Diff line change
Expand Up @@ -436,88 +436,7 @@ mod tests {
}


// Signed by ROOT_CA below
pub const PEM_CERT: &'static [u8] = b"-----BEGIN CERTIFICATE-----
MIIEGzCCAgOgAwIBAgIKElgwWDKDQhBIOTANBgkqhkiG9w0BAQsFADARMQ8wDQYD
VQQDEwZSb290Q0EwIBcNMjAwNTA4MDkxNDMwWhgPMjEwMDA0MTkwOTE0MzBaMBox
GDAWBgNVBAMMD21iZWR0bHMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAN/SZjoB4zxaOxgtCjC6c88Y8twUUtNoNJu+D2X1vjoEEmeh0CCA
x6fvyDbZE7kad5pTVHWdiaepodWzTf4GcuGKa0qP0jwitDuqBoqraDxYT9saQd4I
rh8tPanoDQO2V6iewJT59EFxwC6pry+EWPox1UuKzd66x5a+yTq4d7ybkgBjoico
+0I4m+4BxZNPmZDSdIZpgfMANGvTZCLt/x4gypqotHH//8sssucJJgMwD+YybYis
wtRCt+Atw2YUQe0JhLs8nMTRQXqREBpz250hITpNsior4PhNsjiMElEFqx0ZmT84
tQW6lpJ5Yz297xAeUXrdVl+DrvvdhfrqJJ8CAwEAAaNqMGgwHQYDVR0OBBYEFJvl
m+3MJ2eYR9dGydOY0QNRRMaAMDkGA1UdIwQyMDCAFIkuNd0n1URsu71cJCyBnQwO
MsqLoRWkEzARMQ8wDQYDVQQDEwZSb290Q0GCAQEwDAYDVR0TAQH/BAIwADANBgkq
hkiG9w0BAQsFAAOCAgEAGbkSdZL5BC46GTGSR09lEh+cZ2o4fP6uSbkyT4xEPRWx
fNMLZeEJPVzZkar5tVDnpBb3gAoArHIn6ePPiTssYUD/3yN7ZL6YFn4Bg0VBig8e
ZWzQT6BiAmXKRY7JtDdgnhggxfo1x1bwW0r3qz/BYeC1cdqbC9CRmTPFNIKFhZyY
fC1BQ49dI/prfiBlgGO/bIDZfzMNC9b5b7g5aKVQH1e1ViGkRKL4l6tIKp/pL7Nx
1e1H/f2cl33rm+kTvkH5H02Z+Fg2tVnx2xPxMIkpGOnhtrh5H48xT1oxqcZ/ySmp
W7xiCt4QAW7DafRLwhsMhKSxcBxHEl4mRTX2pz5BV5yyq/rTGDRFQAlzBUEteLh3
fCPsdYOQEQMdPUzx3VAieaHSbR424kcd5Iw3uMBCk2NzyLxbIWKA4Q+9XFIacEdh
TFO2Z/pvkTWMOo1yKzC8NM26QT/o0USgtHBIc2F8FlGEYBLZXvqtOeKJ5mneyLR/
jnAr18OJv+/DPPSv4qB6LpF+CAQFm0pZisqZdwsMBRgWQ3wml/A+lOLmiajNB3gk
XfzmCVga7Kik6cjP0ExV7rRvvQ9akWgsMLYJm28Ck6k3Nl3AsfiAGf5kFj5VlBrd
Ecs4CTdh5ZsL2pDU+QmWsqRNdN+Kz1IVX7fLvR48MgpKZhK+d97/P37e1kEtXoo=
-----END CERTIFICATE-----\0";

pub const PEM_KEY: &'static [u8] = b"-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDf0mY6AeM8WjsY
LQowunPPGPLcFFLTaDSbvg9l9b46BBJnodAggMen78g22RO5GneaU1R1nYmnqaHV
s03+BnLhimtKj9I8IrQ7qgaKq2g8WE/bGkHeCK4fLT2p6A0DtleonsCU+fRBccAu
qa8vhFj6MdVLis3euseWvsk6uHe8m5IAY6InKPtCOJvuAcWTT5mQ0nSGaYHzADRr
02Qi7f8eIMqaqLRx///LLLLnCSYDMA/mMm2IrMLUQrfgLcNmFEHtCYS7PJzE0UF6
kRAac9udISE6TbIqK+D4TbI4jBJRBasdGZk/OLUFupaSeWM9ve8QHlF63VZfg677
3YX66iSfAgMBAAECggEAL/Pq9Picj7yhNo/HxCLeVvt4ZNBx4ltMEiYJNIYO6G0g
6FURuzT8Ea3czmt5v0m9YDIEQWKsMGC2jItq5UbKbCn0zLe9iibBSJsn5aPNpEgj
a8TXYdOoQoO112YhC6+QXk8M4Z4fx7mwPA8cumh3i7sLgLDPZK3Nvy1G/a6x8JVZ
g3W1Oyrbn29z1XANTAj2Q0NrdTogKUgNOLYRWB9SeONCnWQmxtzx3jlUIGSn5J9T
RBQo5ZIhRqOOe8Td3coU+OJ+Z2g7XETTlU3hYmi70/PeXaRxq3k9sX95LtnjgduK
r2H0KNxyhCmC8cdXL5ogBfnnLColW4Ya1/vyN7sAIQKBgQDwPYJcz3636j8xh1Pt
U4kxfA4ozqDOXK6jnl6ujhYfwhAghEEFqV2yWYkQbLkkQu2ewRuQxNYLCT+O6WBH
DF8uoYBtbdH47MLM+TuLUnglHEC1qwwaO62Eb+2cn5f1i5Z/mLQOG3uxlnSPbIC5
2mEpKmWqdFJAGwOF3/rbVr+88QKBgQDugSqpXgIg4RR3rRzUZog/ReieoG+cf2WO
rHfmIXBSACktfoQMlrgO/sD2zq1sjQXSUNbQCzMV7kIrLrb+Y7xtZljFJj3wSG/k
LQBJy1qk7uVfoFfndmYgrkb7+aNkMR0KrqEZPuS3bmXcD2BUzzgYsD9LoC5nD55U
EAnKGRE6jwKBgQCmtpiLnXZbXJQj47xrGig/jc4ppVJUQl7yrkkYKwPRYBNe7UhO
DH038gg6vKgyMLvDClD9woqit/VCUFN+mmhG7M45ohcu/eYk5ePbSAyV/CgvqZZJ
chZ0rFOg9+M1A3wZ6bcxfwL0dutGSE6AKrp4HbLVeclGMTjdo1Pq+CUwkQKBgQDU
MWEGTFgybm4qR38lzY8cVBMwxeZm4sU1GWaW/VsT6Ya5Lh1HofRhiu+c5aZPtGvg
gQGNGNm7gj2mc6plS9DBuFP0GyDyHVBHPm5KOT0NDmpOGLb8fE9Cdis7VQ+0PSns
bg9wCY+tTvAayCdZbP8on+3AV+PQ14lyms5K2uCEKwKBgQCrpoMycTrB2KOczWNp
kZouBK4tU5rGjBj3/0p+wHszyCOtiX5sdBT66eRHYY/t9YcOTWA8w3OO/8sj4X4d
nMsuXM/jD/NWW9JD9+vPUQz4db5evhQBNIkOG4FIRnSh15pDIcEeLxEamNV82fRS
26jlsLNCILTT9RsfswR3U+1GuA==
-----END PRIVATE KEY-----\0";

pub const ROOT_CA_CERT: &'static [u8] = b"-----BEGIN CERTIFICATE-----
MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZSb290
Q0EwHhcNMTkwOTA1MTg0NTMyWhcNMjEwMzA1MTg0NTI2WjARMQ8wDQYDVQQDEwZS
b290Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD6AOBz7HbIi8w3
Wjjk16oglHRQcICTkvgfl6gbGuSjOoVHmOAn2EWT9AuXtcyNcVFyk90h0dsadqkJ
Enrk3BkTJQmtGW0u5UvcI+famYjZDvYQpGcgXBFmrH7/g/BN4v5VvdrXxUVy6Uyv
Ql60yG7JxlMY8K2OMV13bOpABXhnG/zNr1hCPLQWu52Mn3M1nudFBZff7tZz4dBo
YoMeXkIWQ3t2wypD3WunlQcuGxNOCcXONZRDzeUidh/Yv/4tTggZe8KAnEngKb86
KwKAhVjinGIN2C+ISpKsDurDxhExA2Na6+EbtLEgkI9AeoBz6tIjt/yv/inil+Du
fEDSmG+P97oY1GNcZMkftjjJd0u57YWz0Ck5bfHdgploh/1VHGdoC677MDWJOb31
O3mGdpTiBHP2Gh6Xwm8NuZc+tQSPVr/GaYg7slLBl/7GWU9QGjr9DGj/qYozD8tT
cazIHFh9zDP4XC+a+D+3lMA5EMfvVmDmr2QZJoiKBrxbNXXZ0QQcc+Wr9jFBBx/i
BRlpnxr+EDG+Q7nFnbG6x1DkvKhc1KDGBhq/HDb5bBVSr7Pjl2FMNh8HVX64mDbA
7clQJHa1rIjB+HxtZB5DNKQbRobyrWgkTpi5XHPhMw966zrhBWgOdAh+PSeq9FEf
Y0w328/EBWGqIg3rRMOvDAQpbojNdwIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUiS413SfVRGy7vVwkLIGdDA4y
yoswDQYJKoZIhvcNAQELBQADggIBAHcRzQhesOTpFG4KINJyzZf7a5lrc8kayTaL
lzSXW1pEl3/OFiMvOayjDq+yVAJB+5j3WZu8AOTFuZ4pBjz2I1hdIt5F2asqnVN3
8ymuC7t4gNAQGhWJldnsL58iTYGlxFciiT/8QSHJJjYRkKxyhF08Oj3Zbs13J4xc
ENLmwCZMFait+qm7aX3idnUa1XMGO26ioQOi0uEVqu9N4p62OQKd/76vmnaqmIAw
5s47DaaUi7DeiBguLZrNzfZcJTAHNM5VxCjsXW4PieN6mJhQSar40794n7HLHxtG
Xc5UdxT3nLclEAviDJFubA1N/szWtu4vdfehdAKCXkIjwoUEVEOpPYEeYr27JFlP
kaxezxswwxY2UD0MZq21FhO7SpVQdmmvfoJvjQwIsiyoa9UNzC6mTqsJPjln+2mK
p6WHzX+E6GeA7Ng6CyvJsHRsqbQdJ0OXHm4GIG2Z05r4AgBtvI6hkhSfAotBt3Xi
lo5BEO6SbUnPYo03zD4x/76c4j/uZLYxy2n+Qrlm2KTQIUu7KEsKdUnLAxjWYePH
VxcYz0/9Z5H4OzhW4J1Qd6OBW0dqETLlMJauPX5DV/slyYQQasPStEJGgiDiKG+B
Jpjv6PefPTqZawP6gPoGmhF4UyMRWZ+NgqLft1uXTHhrHdnrZFag1oPLjxWFs5hx
pElsC4v+
-----END CERTIFICATE-----\0";
pub const PEM_KEY: &'static [u8] = concat!(include_str!("./support/keys/user.key"),"\0").as_bytes();
pub const PEM_CERT: &'static [u8] = concat!(include_str!("./support/keys/user.crt"),"\0").as_bytes();
pub const ROOT_CA_CERT: &'static [u8] = concat!(include_str!("./support/keys/ca.crt"),"\0").as_bytes();
}
8 changes: 4 additions & 4 deletions mbedtls/tests/ssl_conf_ca_cb.rs
Original file line number Diff line number Diff line change
Expand Up @@ -74,10 +74,10 @@ mod test {

let ca_callback =
|_: &MbedtlsList<Certificate>| -> TlsResult<MbedtlsList<Certificate>> {
Ok(Certificate::from_pem_multiple(keys::ROOT_CA_CERT).unwrap())
Ok(Certificate::from_pem_multiple(keys::ROOT_CA_CERT.as_bytes()).unwrap())
};
let c = thread::spawn(move || super::client(c, ca_callback).unwrap());
let s = thread::spawn(move || super::server(s, keys::PEM_CERT, keys::PEM_KEY).unwrap());
let s = thread::spawn(move || super::server(s, keys::PEM_CERT.as_bytes(), keys::PEM_KEY.as_bytes()).unwrap());
c.join().unwrap();
s.join().unwrap();
}
Expand All @@ -93,7 +93,7 @@ mod test {
let result = super::client(c, ca_callback);
assert_eq!(result, Err(Error::X509CertVerifyFailed));
});
let s = thread::spawn(move || super::server(s, keys::PEM_CERT, keys::PEM_KEY).unwrap());
let s = thread::spawn(move || super::server(s, keys::PEM_CERT.as_bytes(), keys::PEM_KEY.as_bytes()).unwrap());
c.join().unwrap();
s.join().unwrap();
}
Expand All @@ -116,7 +116,7 @@ mod test {
let result = super::client(c, self_signed_ca_callback);
assert_eq!(result, Err(Error::X509CertVerifyFailed));
});
let s = thread::spawn(move || super::server(s, keys::PEM_CERT, keys::PEM_KEY).unwrap());
let s = thread::spawn(move || super::server(s, keys::PEM_CERT.as_bytes(), keys::PEM_KEY.as_bytes()).unwrap());
c.join().unwrap();
s.join().unwrap();
}
Expand Down
6 changes: 3 additions & 3 deletions mbedtls/tests/ssl_conf_verify.rs
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ enum Test {
fn client(conn: TcpStream, test: Test) -> TlsResult<()> {
let entropy = entropy_new();
let rng = Arc::new(CtrDrbg::new(Arc::new(entropy), None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT.as_bytes())?);

let verify_test = test.clone();
let verify_callback = move |_crt: &Certificate, _depth: i32, verify_flags: &mut VerifyError| {
Expand Down Expand Up @@ -76,8 +76,8 @@ fn client(conn: TcpStream, test: Test) -> TlsResult<()> {
fn server(conn: TcpStream) -> TlsResult<()> {
let entropy = entropy_new();
let rng = Arc::new(CtrDrbg::new(Arc::new(entropy), None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT)?);
let key = Arc::new(Pk::from_private_key(keys::PEM_KEY, None)?);
let cert = Arc::new(Certificate::from_pem_multiple(keys::PEM_CERT.as_bytes())?);
let key = Arc::new(Pk::from_private_key(keys::PEM_KEY.as_bytes(), None)?);
let mut config = Config::new(Endpoint::Server, Transport::Stream, Preset::Default);
config.set_rng(rng);
config.push_cert(cert, key)?;
Expand Down
Loading

0 comments on commit be93f8f

Please sign in to comment.