tests: backported test-ciphersuite-names from master

5 files changed, 107 insertions, 79 deletions

diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index 94d9f00fe3..05ff1a28e8 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -87,10 +87,10 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c			\
 
 nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom \
 	testpkcs11 testpkcs11.pkcs15 testpkcs11.softhsm testpkcs11.sc-hsm \
-	testrng
+	testrng test-ciphersuite-names
 
-TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert \
-	testpkcs11 testrng
+TESTS = test-ciphersuite-names eagain testsrn testcompat chain invalid-cert \
+	testpkcs11 testrng test-ciphersuite-names
 
 if ENABLE_PKCS11
 check_PROGRAMS += pkcs11-chainverify pkcs11-get-issuer pkcs11-is-known pkcs11-combo
diff --git a/tests/suite/ciphersuite/scan-gnutls.sh b/tests/suite/ciphersuite/scan-gnutls.sh
index abcad2364e..1a7b519530 100755
--- a/tests/suite/ciphersuite/scan-gnutls.sh
+++ b/tests/suite/ciphersuite/scan-gnutls.sh
@@ -1,22 +1,27 @@
-#/bin/sh
+#!/bin/sh
 # ./scan-gnutls.sh > gnutls-ciphers.js
 
 echo 'var gnutls_ciphersuites = {'
 
-cd ../../../lib/algorithms/ && gcc -E ciphersuites.c -I../../ -I../../gl/ -I.. -DHAVE_LIBNETTLE  -DENABLE_DHE -DENABLE_ECDHE -DENABLE_PSK -DENABLE_ANON -DENABLE_SRP \
-  | awk '/^static const gnutls_cipher_suite_entry cs_algorithms/, /;/ { print; }' \
-  | grep '{' | head -n-1 | tail -n+2 \
-  | sed -r -e 's#\{ *0x(..), *0x(..) *\}#0x\1\2#;s# *\{ *"#"#;s#\}##;s#, +# #g' \
-        -e 's#GNUTLS_VERSION_UNKNOWN#unknown#' \
-        -e 's#GNUTLS_DTLS_VERSION_MIN#GNUTLS_DTLS1_0#;s#GNUTLS_TLS1 #GNUTLS_TLS1_0 #' \
-        -e 's#TLS([0-9])_([0-9])#TLS\1.\2#g;s#GNUTLS_SSL3#SSL3.0#;s#_#-#g;s#GNUTLS-(CIPHER|KX|MAC)-##g;s#GNUTLS-##g' \
-  | gawk --non-decimal-data '{ if ($5 == "AEAD") { mac = $8; } else { mac = $5; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \
-        cipher = $3; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \
-        kx = $4; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \
-        name = "TLS_" kx "_WITH_" cipher "_" mac; gsub("-", "_", name); printf ("%d#  \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, $1, $3, $4, $5, $6, $7, $8) }' \
-  | sort -n \
-  | cut -d'#' -f2- \
-  | column -t \
-  | sed -e 's#:  #: #g;s#,  #, #g;s#{  #{ #g;s#^#  #'
+srcdir="${srcdir:-.}"
+top_builddir="${top_builddir:-../..}"
 
+gcc -E "${srcdir}/../../lib/algorithms/ciphersuites.c" -I"${top_builddir}" -I"${srcdir}/../../lib" -DHAVE_CONFIG_H -DHAVE_LIBNETTLE -I"${srcdir}/../../gl" -I"${srcdir}/../includes" -DENABLE_DHE -DENABLE_ECDHE -DENABLE_PSK -DENABLE_ANON -DENABLE_SRP \
+	| awk '/^static const gnutls_cipher_suite_entry_st cs_algorithms/, /;/ { print; }' \
+	| sed 's/^\#.*$//g'|sed ':a;N;/}$/!ba;s/\n//g' \
+	| grep '{' | head -n-1 | tail -n+2 \
+	| sed -r -e 's#\{ *0x(..), *0x(..) *\}#0x\1\2#;s# *\{ *"#"#;s#\}##;s#, +# #g' \
+		-e 's#GNUTLS_VERSION_UNKNOWN#unknown#' \
+		-e 's#GNUTLS_DTLS_VERSION_MIN#GNUTLS_DTLS1_0#;s#GNUTLS_TLS1 #GNUTLS_TLS1_0 #' \
+		-e 's#TLS([0-9])_([0-9])#TLS\1.\2#g;s#GNUTLS_SSL3#SSL3.0#;s#_#-#g;s#GNUTLS-(CIPHER|KX|MAC)-##g;s#GNUTLS-##g' \
+	| gawk --non-decimal-data '{ if ($5 == "AEAD") { mac = $8; } else { mac = $5; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \
+		cipher = $3; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \
+		gnutlsname = $1; sub(",", "", gnutlsname); \
+		kx = $4; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \
+		if ($5 != "AEAD" || cipher ~ /GCM/) { name = "TLS_" kx "_WITH_" cipher "_" mac; } else { name = "TLS_" kx "_WITH_" cipher }; \
+		gsub("-", "_", name); printf ("%d#  \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, gnutlsname, $3, $4, $5, $6, $7, $8) }' \
+	| sort -n \
+	| cut -d'#' -f2- \
+	| column -t \
+	| sed -e 's#:  #: #g;s#,  #, #g;s#{  #{ #g;s#^#  #'
 echo '};'
diff --git a/tests/suite/ciphersuite/test-ciphers.js b/tests/suite/ciphersuite/test-ciphers.js
index e1bcd51bac..1985045742 100644
--- a/tests/suite/ciphersuite/test-ciphers.js
+++ b/tests/suite/ciphersuite/test-ciphers.js
@@ -4,12 +4,20 @@ var fs = require('fs');
 var vm = require('vm');
 
 function include(path) {
-    var code = fs.readFileSync(path, 'utf-8');
-    vm.runInThisContext(code, path);
+		var code = fs.readFileSync(path, 'utf-8');
+		vm.runInThisContext(code, path);
 }
 
-include('./gnutls-ciphers.js');
-include('./registry-ciphers.js');
+srcdir=process.env["srcdir"];
+if (srcdir == undefined) {
+	srcdir = ".";
+}
+builddir=process.env['builddir']
+if (builddir == undefined) {
+	builddir = ".";
+}
+include(builddir + "/gnutls-ciphers.js");
+include(srcdir + "/registry-ciphers.js");
 
 
 (function() {
@@ -17,39 +25,51 @@ include('./registry-ciphers.js');
 //  console.log("Test: ", require('util').inspect(priority_config(priority(s)), false, 10));
 //  console.log("Test: ", require('util').inspect(priority_ciphersuites(priority(s)), false, 10));
 
-  // check whether gnutls ciphersuite names match the kx/cipher/mac/prf combination
-  for (var i in gnutls_ciphersuites) {
-    if (!gnutls_ciphersuites.hasOwnProperty(i)) continue;
-    var cs = gnutls_ciphersuites[i];
-    var mac = cs.mac;
-    if (mac == "AEAD") mac = cs.prf.replace("DIG-", "");
-    mac = mac.replace("UMAC-", "UMAC");
-    var cipher = cs.cipher.replace("3DES-CBC", "3DES-EDE-CBC");
-    var kx = cs.kx.replace("ANON-DH", "DH-ANON").replace("ANON-ECDH", "ECDH-ANON").replace("SRP", "SRP-SHA");
-    if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) {
-      console.log("Broken: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname);
-    }
-    if (cs.name !== i) {
-      console.log("Name doesn't match index:", cs.name, i);
-      process.exit(1);
-    }
-    if (!registry_ciphersuites[cs.id]) {
-      if (cipher.match(/SALSA20/)) {
-        var warned_salsa20;
-        if (!warned_salsa20) {
-          /* warn only once */
-          console.log("Unofficial SALSA20 ciphers");
-          warned_salsa20 = 1;
-        }
-      } else {
-        console.log("Unofficial cipher:", cs.name, cs.id);
-      }
-    } else if (registry_ciphersuites[cs.id] !== cs.name) {
-      console.log("Name doesn't match official name for id:", cs.name, registry_ciphersuites[cs.id], cs.id);
-      process.exit(1);
-    }
-  }
-  
-  process.exit(0);
+	// check whether gnutls ciphersuite names match the kx/cipher/mac/prf combination
+	for (var i in gnutls_ciphersuites) {
+		if (!gnutls_ciphersuites.hasOwnProperty(i)) continue;
+		var cs = gnutls_ciphersuites[i];
+		var mac = cs.mac;
+		if (mac == "AEAD") mac = cs.prf.replace("DIG-", "");
+		mac = mac.replace("UMAC-", "UMAC");
+		var cipher = cs.cipher.replace("3DES-CBC", "3DES-EDE-CBC");
+		var kx = cs.kx.replace("ANON-DH", "DH-ANON").replace("ANON-ECDH", "ECDH-ANON").replace("SRP", "SRP-SHA");
+
+		if (cs.mac == "AEAD") {
+			if (kx + "-" + cipher != cs.gnutlsname && kx + "-" + cipher + "-SHA256" != cs.gnutlsname && kx + "-" + cipher + "-SHA384" != cs.gnutlsname) {
+				console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname);
+				process.exit(1);
+			}
+		} else {
+			if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) {
+				console.log("Broken ciphersuite name: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname);
+				process.exit(1);
+			}
+		}
+		if (cs.name !== i) {
+			console.log("Name doesn't match index:", cs.name, i);
+			process.exit(1);
+		}
+		if (!registry_ciphersuites[cs.id]) {
+			if (cipher.match(/SALSA20/)) {
+				var warned_salsa20;
+				if (!warned_salsa20) {
+					/* warn only once */
+					console.log("Unofficial SALSA20 ciphers");
+					warned_salsa20 = 1;
+				}
+			} else {
+				console.log("Unofficial cipher:", cs.name, cs.id);
+			}
+		} else if (registry_ciphersuites[cs.id] !== cs.name) {
+			if (cs.name !== "TLS_DHE_PSK_WITH_AES_128_CCM_8" &&
+					cs.name !== "TLS_DHE_PSK_WITH_AES_256_CCM_8") {
+				console.log("Name doesn't match official name for id:", cs.name, registry_ciphersuites[cs.id], cs.id);
+				process.exit(1);
+			}
+		}
+	}
+
+	process.exit(0);
 
 })();
diff --git a/tests/suite/ciphersuite/test-ciphersuites.sh b/tests/suite/ciphersuite/test-ciphersuites.sh
deleted file mode 100755
index 028a92f8e7..0000000000
--- a/tests/suite/ciphersuite/test-ciphersuites.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#! /bin/sh
-
-nodejs --help >/dev/null 2>&1
-if test $? = 0;then
-NODEJS=nodejs
-else
-  node --help >/dev/null 2>&1
-  if test $? = 0;then
-  NODEJS=node
-  fi
-fi
-
-if test "z$NODEJS" = "z";then
-	echo "You need nodejs to run this test"
-	exit 77
-fi
-
-set -e
-
-cd ciphersuite && ( \
-./scan-gnutls.sh > gnutls-ciphers.js && \
-$NODEJS test-ciphers.js )
diff --git a/tests/suite/test-ciphersuite-names b/tests/suite/test-ciphersuite-names
new file mode 100755
index 0000000000..a00fa482de
--- /dev/null
+++ b/tests/suite/test-ciphersuite-names
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+srcdir="${srcdir:-.}"
+top_builddir="${top_builddir:-../..}"
+
+nodejs --help >/dev/null 2>&1
+if test $? = 0; then
+	NODEJS=nodejs
+else
+	node --help >/dev/null 2>&1
+	if test $? = 0; then
+		NODEJS=node
+	fi
+fi
+
+if test -z "${NODEJS}"; then
+	echo "You need nodejs to run this test"
+	exit 77
+fi
+
+set -e
+
+mkdir -p "${top_builddir}/tests/suite/ciphersuite"
+"${srcdir}/ciphersuite/scan-gnutls.sh" > "${top_builddir}/tests/suite/ciphersuite/gnutls-ciphers.js"
+srcdir="${srcdir}/ciphersuite" builddir="${top_builddir}/tests/suite/ciphersuite" ${NODEJS} "${srcdir}/ciphersuite/test-ciphers.js"