tests: added unit test for gnutls_priority_get_cipher_suite_index

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

8 files changed, 174 insertions, 3 deletions

diff --git a/cfg.mk b/cfg.mk
index 251956d90d..9e2fb99784 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -52,7 +52,7 @@ exclude_file_name_regexp--sc_error_message_uppercase = ^doc/examples/ex-cxx.cpp|
 exclude_file_name_regexp--sc_file_system = ^doc/doxygen/Doxyfile
 exclude_file_name_regexp--sc_prohibit_cvs_keyword = ^lib/nettle/.*$$
 exclude_file_name_regexp--sc_prohibit_undesirable_word_seq = ^tests/nist-pkits/gnutls-nist-tests.html$$
-exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|devel/|tests/suite/x509paths/.*$$
+exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|devel/|tests/suite/x509paths/.*$$
 _makefile_at_at_check_exceptions = ' && !/CODE_COVERAGE_RULES/ && !/VERSION/'
 exclude_file_name_regexp--sc_m4_quote_check='lib/unistring/m4/absolute-header.m4'
 exclude_file_name_regexp--sc_makefile_at_at_check='lib/unistring/Makefile.am'
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 196f3579b6..05041b5342 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -47,7 +47,9 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \
 	ocsp-tests/certs/ca.key ocsp-tests/certs/ca.pem ocsp-tests/certs/ocsp-server.key ocsp-tests/certs/ocsp-server.pem ocsp-tests/response1.der \
 	ocsp-tests/response2.der ocsp-tests/certs/ocsp_index.txt ocsp-tests/certs/ocsp_index.txt.attr \
 	ocsp-tests/certs/server_good.key ocsp-tests/certs/server_bad.key ocsp-tests/certs/server_good.template \
-	ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind
+	ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind \
+	data/listings-DTLS1.0 data/listings-SSL3.0 data/listings-TLS1.0 data/listings-TLS1.1 \
+	data/listings-SSL3.0-TLS1.1
 
 AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
 AM_CPPFLAGS = \
@@ -321,7 +323,7 @@ if !WINDOWS
 dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh starttls-smtp.sh \
 	starttls-lmtp.sh starttls-pop3.sh starttls-nntp.sh starttls-sieve.sh \
 	ocsp-tests/ocsp-tls-connection ocsp-tests/ocsp-must-staple-connection \
-	ocsp-tests/ocsp-test
+	ocsp-tests/ocsp-test cipher-listings.sh
 if ENABLE_DANE
 dist_check_SCRIPTS += danetool.sh
 endif
@@ -354,6 +356,12 @@ if WINDOWS
 TESTS_ENVIRONMENT += WINDOWS=1
 endif
 
+if ENABLE_SSL3
+TESTS_ENVIRONMENT += ENABLE_SSL3=1
+else
+TESTS_ENVIRONMENT += ENABLE_SSL3=0
+endif
+
 if WANT_TEST_SUITE
 
 # These require the devel/fuzz directory which is not available on releases
diff --git a/tests/cipher-listings.sh b/tests/cipher-listings.sh
new file mode 100755
index 0000000000..eb0e330b16
--- /dev/null
+++ b/tests/cipher-listings.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+
+# Copyright (C) 2010-2016 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+CLI="${CLI:-../src/gnutls-cli${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+unset RETCODE
+
+TMPFILE=cipher-listings.$$.tmp
+TMPFILE2=cipher-listings2.$$.tmp
+
+if ! test -x "${CLI}"; then
+	exit 77
+fi
+
+if test "${WINDIR}" != ""; then
+	exit 77
+fi 
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+
+. "${srcdir}/scripts/common.sh"
+
+echo "Checking ciphersuite listings"
+
+check()
+{
+	prio=$2
+	name=$1
+	echo checking $prio
+	"${CLI}" --list --priority $prio|grep -v ^Certificate|grep -v ^Ciphers|grep -v ^MACs|grep -v ^Key|grep -v Compression|grep -v ^Elliptic|sed -e 's/\tSSL3.0$//g' -e 's/\tTLS1.0$//g'|grep -v ^PK>$TMPFILE
+	cat ${srcdir}/data/listings-$name|sed 's/\tSSL3.0$//g' >$TMPFILE2
+	${DIFF} ${TMPFILE} ${TMPFILE2}
+	if test $? != 0;then
+		echo Error checking $prio with $name
+		echo output in ${TMPFILE}
+		exit 1
+	fi
+}
+
+${CLI} --fips140-mode
+if test $? = 0;then
+	echo "Cannot run this test in FIPS140-2 mode"
+	exit 77
+fi
+
+# We check whether the ciphersuites listed by gnutls-cli
+# for specific (legacy) protocols remain constant. We
+# don't check newer protocols as these change more often.
+
+# This is a unit test for gnutls_priority_get_cipher_suite_index
+
+if test "${ENABLE_SSL3}" = "1";then
+check SSL3.0 "NORMAL:-VERS-ALL:+VERS-SSL3.0:+ARCFOUR-128"
+fi
+check TLS1.0 "NORMAL:-VERS-ALL:+VERS-TLS1.0"
+check TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.1"
+check SSL3.0-TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1"
+check DTLS1.0 "NORMAL:-VERS-ALL:+VERS-DTLS1.0"
+
+rm -f ${TMPFILE}
+rm -f ${TMPFILE2}
+exit 0
diff --git a/tests/data/listings-DTLS1.0 b/tests/data/listings-DTLS1.0
new file mode 100644
index 0000000000..f4453f8d5e
--- /dev/null
+++ b/tests/data/listings-DTLS1.0
@@ -0,0 +1,15 @@
+Cipher suites for NORMAL:-VERS-ALL:+VERS-DTLS1.0
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                  	0xc0, 0x0a	SSL3.0
+TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                  	0xc0, 0x09	SSL3.0
+TLS_ECDHE_RSA_AES_256_CBC_SHA1                    	0xc0, 0x14	SSL3.0
+TLS_ECDHE_RSA_AES_128_CBC_SHA1                    	0xc0, 0x13	SSL3.0
+TLS_RSA_AES_256_CBC_SHA1                          	0x00, 0x35	SSL3.0
+TLS_RSA_CAMELLIA_256_CBC_SHA1                     	0x00, 0x84	SSL3.0
+TLS_RSA_AES_128_CBC_SHA1                          	0x00, 0x2f	SSL3.0
+TLS_RSA_CAMELLIA_128_CBC_SHA1                     	0x00, 0x41	SSL3.0
+TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	SSL3.0
+TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                 	0x00, 0x88	SSL3.0
+TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	SSL3.0
+TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                 	0x00, 0x45	SSL3.0
+
+Protocols: VERS-DTLS1.0
diff --git a/tests/data/listings-SSL3.0 b/tests/data/listings-SSL3.0
new file mode 100644
index 0000000000..938b2f63d9
--- /dev/null
+++ b/tests/data/listings-SSL3.0
@@ -0,0 +1,18 @@
+Cipher suites for NORMAL:-VERS-ALL:+VERS-SSL3.0:+ARCFOUR-128
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                  	0xc0, 0x0a	SSL3.0
+TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                  	0xc0, 0x09	SSL3.0
+TLS_ECDHE_ECDSA_ARCFOUR_128_SHA1                  	0xc0, 0x07	SSL3.0
+TLS_ECDHE_RSA_AES_256_CBC_SHA1                    	0xc0, 0x14	SSL3.0
+TLS_ECDHE_RSA_AES_128_CBC_SHA1                    	0xc0, 0x13	SSL3.0
+TLS_ECDHE_RSA_ARCFOUR_128_SHA1                    	0xc0, 0x11	SSL3.0
+TLS_RSA_AES_256_CBC_SHA1                          	0x00, 0x35	SSL3.0
+TLS_RSA_CAMELLIA_256_CBC_SHA1                     	0x00, 0x84	SSL3.0
+TLS_RSA_AES_128_CBC_SHA1                          	0x00, 0x2f	SSL3.0
+TLS_RSA_CAMELLIA_128_CBC_SHA1                     	0x00, 0x41	SSL3.0
+TLS_RSA_ARCFOUR_128_SHA1                          	0x00, 0x05	SSL3.0
+TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	SSL3.0
+TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                 	0x00, 0x88	SSL3.0
+TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	SSL3.0
+TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                 	0x00, 0x45	SSL3.0
+
+Protocols: VERS-SSL3.0
diff --git a/tests/data/listings-SSL3.0-TLS1.1 b/tests/data/listings-SSL3.0-TLS1.1
new file mode 100644
index 0000000000..b18c4bf0f3
--- /dev/null
+++ b/tests/data/listings-SSL3.0-TLS1.1
@@ -0,0 +1,15 @@
+Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                  	0xc0, 0x0a	SSL3.0
+TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                  	0xc0, 0x09	SSL3.0
+TLS_ECDHE_RSA_AES_256_CBC_SHA1                    	0xc0, 0x14	SSL3.0
+TLS_ECDHE_RSA_AES_128_CBC_SHA1                    	0xc0, 0x13	SSL3.0
+TLS_RSA_AES_256_CBC_SHA1                          	0x00, 0x35	SSL3.0
+TLS_RSA_CAMELLIA_256_CBC_SHA1                     	0x00, 0x84	SSL3.0
+TLS_RSA_AES_128_CBC_SHA1                          	0x00, 0x2f	SSL3.0
+TLS_RSA_CAMELLIA_128_CBC_SHA1                     	0x00, 0x41	SSL3.0
+TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	SSL3.0
+TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                 	0x00, 0x88	SSL3.0
+TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	SSL3.0
+TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                 	0x00, 0x45	SSL3.0
+
+Protocols: VERS-TLS1.0, VERS-SSL3.0, VERS-TLS1.1
diff --git a/tests/data/listings-TLS1.0 b/tests/data/listings-TLS1.0
new file mode 100644
index 0000000000..6714a20c9a
--- /dev/null
+++ b/tests/data/listings-TLS1.0
@@ -0,0 +1,15 @@
+Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.0
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                  	0xc0, 0x0a	SSL3.0
+TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                  	0xc0, 0x09	SSL3.0
+TLS_ECDHE_RSA_AES_256_CBC_SHA1                    	0xc0, 0x14	SSL3.0
+TLS_ECDHE_RSA_AES_128_CBC_SHA1                    	0xc0, 0x13	SSL3.0
+TLS_RSA_AES_256_CBC_SHA1                          	0x00, 0x35	SSL3.0
+TLS_RSA_CAMELLIA_256_CBC_SHA1                     	0x00, 0x84	SSL3.0
+TLS_RSA_AES_128_CBC_SHA1                          	0x00, 0x2f	SSL3.0
+TLS_RSA_CAMELLIA_128_CBC_SHA1                     	0x00, 0x41	SSL3.0
+TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	SSL3.0
+TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                 	0x00, 0x88	SSL3.0
+TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	SSL3.0
+TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                 	0x00, 0x45	SSL3.0
+
+Protocols: VERS-TLS1.0
diff --git a/tests/data/listings-TLS1.1 b/tests/data/listings-TLS1.1
new file mode 100644
index 0000000000..ce5d3d00aa
--- /dev/null
+++ b/tests/data/listings-TLS1.1
@@ -0,0 +1,15 @@
+Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.1
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                  	0xc0, 0x0a	SSL3.0
+TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                  	0xc0, 0x09	SSL3.0
+TLS_ECDHE_RSA_AES_256_CBC_SHA1                    	0xc0, 0x14	SSL3.0
+TLS_ECDHE_RSA_AES_128_CBC_SHA1                    	0xc0, 0x13	SSL3.0
+TLS_RSA_AES_256_CBC_SHA1                          	0x00, 0x35	SSL3.0
+TLS_RSA_CAMELLIA_256_CBC_SHA1                     	0x00, 0x84	SSL3.0
+TLS_RSA_AES_128_CBC_SHA1                          	0x00, 0x2f	SSL3.0
+TLS_RSA_CAMELLIA_128_CBC_SHA1                     	0x00, 0x41	SSL3.0
+TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	SSL3.0
+TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                 	0x00, 0x88	SSL3.0
+TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	SSL3.0
+TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                 	0x00, 0x45	SSL3.0
+
+Protocols: VERS-TLS1.1