diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-06-25 15:32:52 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-07-10 07:25:58 +0000 |
| commit | 11f9f31deb0d43db29ff63a245bcb67ec11dd3c2 (patch) | |
| tree | ff3a0d67c54a6b68ae5f0a96bd59166f580c202a /tests/tls11-cipher-neg.c | |
| parent | 4bfaf67cb04375a51caea3ee5fef55a0c7ba956c (diff) | |
| download | gnutls-11f9f31deb0d43db29ff63a245bcb67ec11dd3c2.tar.gz | |
tests: added unit testing for server/client cipher negotiation
This verifies that the expected algorithm (cipher) is negotiated.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'tests/tls11-cipher-neg.c')
| -rw-r--r-- | tests/tls11-cipher-neg.c | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/tests/tls11-cipher-neg.c b/tests/tls11-cipher-neg.c new file mode 100644 index 0000000000..5ad65217c7 --- /dev/null +++ b/tests/tls11-cipher-neg.c @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <gnutls/gnutls.h> +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "cipher-neg-common.c" + +test_case_st tests[] = { + { + .name = "server TLS 1.1: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC" + }, + { + .name = "both TLS 1.1: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.1" + }, + { + .name = "client TLS 1.1: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "both TLS 1.1: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.1", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "server TLS 1.1: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC" + }, + { + .name = "both TLS 1.1: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.1" + }, + { + .name = "client TLS 1.1: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:+3DES-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "both TLS 1.1: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.1", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "server TLS 1.1: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128" + }, + { + .name = "both TLS 1.1: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.1" + }, + { + .name = "client TLS 1.1: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "both TLS 1.1: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.1", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i<sizeof(tests)/sizeof(tests[0]);i++) { + try(&tests[i]); + } + + gnutls_global_deinit(); +} |