diff options
| -rwxr-xr-x | tests/dsa/testdsa | 33 | ||||
| -rw-r--r-- | tests/openpgp-callback.c | 4 | ||||
| -rw-r--r-- | tests/openpgpself.c | 4 | ||||
| -rw-r--r-- | tests/priorities.c | 9 |
4 files changed, 26 insertions, 24 deletions
diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa index ab45cc5b0c..dea42977a6 100755 --- a/tests/dsa/testdsa +++ b/tests/dsa/testdsa @@ -40,28 +40,29 @@ echo "Checking various DSA key sizes (port $PORT)" echo "Checking DSA-1024 with TLS 1.0" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$! wait_server $PID -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +PRIO="--priority NORMAL:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA384:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.0!" echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0" #try with client key of 1024 bits (should succeed) -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.0!" echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0" #try with client key of 2048 bits (should fail) -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null 2>&1 && \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null 2>&1 && \ fail $PID "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!" echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0" #try with client key of 3072 bits (should fail) -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null 2>&1 && \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null 2>&1 && \ fail $PID "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!" kill $PID @@ -71,28 +72,28 @@ wait echo "Checking DSA-1024 with TLS 1.2" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 & PID=$! wait_server $PID -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.2!" echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2" #try with client key of 1024 bits (should succeed) -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem </dev/null >/dev/null || \ fail $PID "Failed connection to a server with DSA 1024 key and TLS 1.2!" echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2" #try with client key of 2048 bits (should succeed) -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null || \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem </dev/null >/dev/null || \ fail $PID "Failed connection to a server with a client DSA 2048 key and TLS 1.2!" echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2" #try with client key of 3072 bits (should succeed) -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null || \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem </dev/null >/dev/null || \ fail $PID "Failed connection to a server with a client DSA 3072 key and TLS 1.2!" @@ -106,7 +107,7 @@ wait #launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$! #wait_server $PID -#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ +#$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ # fail $PID "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" #kill $PID @@ -116,10 +117,10 @@ wait echo "Checking DSA-2048 with TLS 1.2" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile $srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 & PID=$! wait_server $PID -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail $PID "Failed connection to a server with DSA 2048 key and TLS 1.2!" kill $PID @@ -132,7 +133,7 @@ wait #launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$! #wait_server $PID # -#$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ +#$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \ # fail $PID "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!" # #kill $PID @@ -142,10 +143,10 @@ wait echo "Checking DSA-3072 with TLS 1.2" -launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$! +launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile $srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 & PID=$! wait_server $PID -$CLI $DEBUG -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ +$CLI $DEBUG $PRIO -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \ fail $PID "Failed connection to a server with DSA 3072 key and TLS 1.2!" kill $PID diff --git a/tests/openpgp-callback.c b/tests/openpgp-callback.c index c80bdaca91..c3f763bdc3 100644 --- a/tests/openpgp-callback.c +++ b/tests/openpgp-callback.c @@ -162,7 +162,7 @@ static void client(int sd) gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP", NULL); + gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1", NULL); /* put the x509 credentials to the current session */ @@ -385,7 +385,7 @@ const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP:-CTYPE-X509:-RSA", NULL); + gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP:-CTYPE-X509:-RSA:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1", NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, pgp_cred); diff --git a/tests/openpgpself.c b/tests/openpgpself.c index 4fd2522965..52768c6526 100644 --- a/tests/openpgpself.c +++ b/tests/openpgpself.c @@ -174,7 +174,7 @@ static void client(int sds[]) /* Use default priorities */ gnutls_priority_set_direct(session, - "NORMAL:+CTYPE-OPENPGP", NULL); + "NORMAL:+CTYPE-OPENPGP:+DHE-DSS:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256", NULL); /* put the x509 credentials to the current session */ @@ -258,7 +258,7 @@ static gnutls_session_t initialize_tls_session(void) /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP", NULL); + gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256", NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, pgp_cred); diff --git a/tests/priorities.c b/tests/priorities.c index 21fd098d76..9255849b1d 100644 --- a/tests/priorities.c +++ b/tests/priorities.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2012 Free Software Foundation, Inc. + * Copyright (C) 2012-2015 Nikos Mavrogiannopoulos * * Author: Nikos Mavrogiannopoulos * @@ -100,18 +101,18 @@ try_prio(const char *prio, unsigned expected_cs, unsigned expected_ciphers, unsi void doit(void) { - const int normal = 67; + const int normal = 54; const int null = 5; - const int sec128 = 62; + const int sec128 = 50; try_prio("NORMAL", normal, 11, __LINE__); try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 11, __LINE__); try_prio("NORMAL:+CIPHER-ALL", normal, 11, __LINE__); /* all (except null) */ try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1, __LINE__); /* null */ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 12, __LINE__); /* should be null + all */ - try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1, __LINE__); /* should be null + all */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 8, 1, __LINE__); /* should be null + all */ try_prio("PERFORMANCE", normal, 11, __LINE__); - try_prio("SECURE256", 23, 5, __LINE__); + try_prio("SECURE256", 19, 5, __LINE__); try_prio("SECURE128", sec128, 10, __LINE__); try_prio("SECURE128:+SECURE256", sec128, 10, __LINE__); /* should be the same as SECURE128 */ try_prio("SECURE128:+SECURE256:+NORMAL", normal, 11, __LINE__); /* should be the same as NORMAL */ |