diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-12-05 09:52:14 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-12-05 09:52:14 +0100 |
commit | 9fcfe39befbd0bfc24ba8b7cd765524e3159610b (patch) | |
tree | 337c503b227ccc012708c7b126d5690ae46c3d4d /tests/suite | |
parent | 62aa22dfd7782041902f3b49009294b6cc5d7e99 (diff) | |
download | gnutls-9fcfe39befbd0bfc24ba8b7cd765524e3159610b.tar.gz |
ciphersuite test: enhanced check for correct ciphersuites
Diffstat (limited to 'tests/suite')
-rwxr-xr-x | tests/suite/ciphersuite/scan-gnutls.sh | 3 | ||||
-rw-r--r-- | tests/suite/ciphersuite/test-ciphers.js | 13 |
2 files changed, 13 insertions, 3 deletions
diff --git a/tests/suite/ciphersuite/scan-gnutls.sh b/tests/suite/ciphersuite/scan-gnutls.sh index b1724f5a08..beb4db9eb2 100755 --- a/tests/suite/ciphersuite/scan-gnutls.sh +++ b/tests/suite/ciphersuite/scan-gnutls.sh @@ -13,7 +13,8 @@ cd ../../../lib/algorithms/ && gcc -E ciphersuites.c -I.. -I../../ -DHAVE_CONFIG | gawk --non-decimal-data '{ if ($5 == "AEAD") { mac = $8; } else { mac = $5; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \ cipher = $3; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \ kx = $4; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \ - name = "TLS_" kx "_WITH_" cipher "_" mac; gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, $1, $3, $4, $5, $6, $7, $8) }' \ + if ($5 != "AEAD" || cipher ~ /GCM/) { name = "TLS_" kx "_WITH_" cipher "_" mac; } else { name = "TLS_" kx "_WITH_" cipher }; \ + gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, $1, $3, $4, $5, $6, $7, $8) }' \ | sort -n \ | cut -d'#' -f2- \ | column -t \ diff --git a/tests/suite/ciphersuite/test-ciphers.js b/tests/suite/ciphersuite/test-ciphers.js index e1bcd51bac..c5bff1f35d 100644 --- a/tests/suite/ciphersuite/test-ciphers.js +++ b/tests/suite/ciphersuite/test-ciphers.js @@ -26,8 +26,17 @@ include('./registry-ciphers.js'); mac = mac.replace("UMAC-", "UMAC"); var cipher = cs.cipher.replace("3DES-CBC", "3DES-EDE-CBC"); var kx = cs.kx.replace("ANON-DH", "DH-ANON").replace("ANON-ECDH", "ECDH-ANON").replace("SRP", "SRP-SHA"); - if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) { - console.log("Broken: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname); + + if (cs.mac == "AEAD" && cipher.indexOf("GCM") == -1) { + if (kx + "-" + cipher != cs.gnutlsname) { + console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname); + process.exit(1); + } + } else { + if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) { + console.log("Broken ciphersuite: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname); + process.exit(1); + } } if (cs.name !== i) { console.log("Name doesn't match index:", cs.name, i); |