From fd872101dac48fd8451ae8f6c6e21d9ac29a449f Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 29 Jun 2019 21:02:11 +0200
Subject: gnutls-cli-debug: test whether RSA key exchange is supported

Resolves: #449

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 src/cli-debug.c           |  3 +++
 src/tests.c               | 23 +++++++++++++++++++++++
 src/tests.h               |  1 +
 tests/gnutls-cli-debug.sh |  7 +++++--
 4 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/src/cli-debug.c b/src/cli-debug.c
index c1333b1935..cd06d08ae0 100644
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -149,6 +149,9 @@ static const TLS_TEST tls_tests[] = {
 	{"anonymous Diffie-Hellman group info", test_dhe_group, NULL, "N/A",
 	 "N/A"},
 #endif
+	{"for RSA key exchange support", test_rsa, "yes",
+	 "no",
+	 "dunno"},
 	{"for ephemeral Diffie-Hellman support", test_dhe, "yes", "no",
 	 "dunno"},
 	{"for RFC7919 Diffie-Hellman support", test_rfc7919, "yes", "no",
diff --git a/src/tests.c b/src/tests.c
index 115f3ae82b..20438f4d6e 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -249,6 +249,29 @@ test_code_t test_ecdhe(gnutls_session_t session)
 	return ret;
 }
 
+test_code_t test_rsa(gnutls_session_t session)
+{
+	int ret;
+
+	if (tls_ext_ok == 0)
+		return TEST_IGNORE;
+
+	sprintf(prio_str, INIT_STR
+		ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
+		":+RSA:%s", protocol_all_str,
+		rest);
+	_gnutls_priority_set_direct(session, prio_str);
+
+	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+	ret = test_do_handshake(session);
+
+	if (ret < 0)
+		return TEST_FAILED;
+
+	return ret;
+}
+
 static
 test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve, unsigned id)
 {
diff --git a/src/tests.h b/src/tests.h
index 0e6ad1824a..c391d97bfb 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -75,6 +75,7 @@ test_code_t test_send_record_with_allow_small_records(gnutls_session_t session);
 int _test_srp_username_callback(gnutls_session_t session,
 				char **username, char **password);
 
+test_code_t test_rsa(gnutls_session_t session);
 test_code_t test_ecdhe_x25519(gnutls_session_t session);
 test_code_t test_ecdhe_secp521r1(gnutls_session_t session);
 test_code_t test_ecdhe_secp384r1(gnutls_session_t session);
diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh
index 507a9c2088..1f047e870c 100755
--- a/tests/gnutls-cli-debug.sh
+++ b/tests/gnutls-cli-debug.sh
@@ -92,6 +92,7 @@ check_text "for safe renegotiation (RFC5746) support... yes"
 check_text "for encrypt-then-MAC (RFC7366) support... yes"
 check_text "for ext master secret (RFC7627) support... yes"
 check_text "for RFC7919 Diffie-Hellman support... yes"
+check_text "for RSA key exchange support... yes"
 check_text "for curve SECP256r1 (RFC4492)... yes"
 check_text "for AES-GCM cipher (RFC5288) support... yes"
 check_text "for SHA1 MAC support... yes"
@@ -132,6 +133,7 @@ check_text "for ext master secret (RFC7627) support... yes"
 check_text "for RFC7919 Diffie-Hellman support... yes"
 check_text "for curve SECP256r1 (RFC4492)... yes"
 check_text "for AES-GCM cipher (RFC5288) support... yes"
+check_text "for RSA key exchange support... yes"
 check_text "for SHA1 MAC support... yes"
 check_text "whether the server accepts default record size (512 bytes)... yes"
 check_text "whether %ALLOW_SMALL_RECORDS is required... no"
@@ -147,10 +149,10 @@ rm -f ${OUTFILE}
 
 # Small records test
 echo ""
-echo "Checking output of gnutls-cli-debug for small records"
+echo "Checking output of gnutls-cli-debug for small records and no RSA"
 
 eval "${GETPORT}"
-launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \
+launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-RSA:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \
 	--x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} --recordsize=64 >/dev/null 2>&1
 PID=$!
 wait_server ${PID}
@@ -163,6 +165,7 @@ wait
 
 check_text "whether the server accepts default record size (512 bytes)... no"
 check_text "whether %ALLOW_SMALL_RECORDS is required... yes"
+check_text "for RSA key exchange support... no"
 
 rm -f ${OUTFILE}
 
-- 
cgit v1.2.1