gnutls-cli-debug: added tests for supported curves

3 files changed, 56 insertions, 17 deletions

diff --git a/src/cli-debug.c b/src/cli-debug.c
index 0956036079..6f81fd48bf 100644
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -147,9 +147,10 @@ static const TLS_TEST tls_tests[] = {
 	{"for ephemeral EC Diffie-Hellman support", test_ecdhe, "yes",
 	 "no",
 	 "dunno"},
-	{"ephemeral EC Diffie-Hellman group info", test_ecdhe_curve, NULL,
-	 "N/A",
-	 "N/A"},
+	{"for curve SECP256r1 (RFC4492)", test_ecdhe_secp256r1, "yes", "no", "dunno"},
+	{"for curve SECP384r1 (RFC4492)", test_ecdhe_secp384r1, "yes", "no", "dunno"},
+	{"for curve SECP521r1 (RFC4492)", test_ecdhe_secp521r1, "yes", "no", "dunno"},
+	{"for curve X25519 (draft-ietf-tls-rfc4492bis-07)", test_ecdhe_x25519, "yes", "no", "dunno"},
 	{"for AES-128-GCM cipher (RFC5288) support", test_aes_gcm, "yes", "no",
 	 "dunno"},
 	{"for AES-128-CCM cipher (RFC6655) support", test_aes_ccm, "yes", "no",
diff --git a/src/tests.c b/src/tests.c
index fe89372f7d..a03c9d3a48 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -181,8 +181,6 @@ test_code_t test_server(gnutls_session_t session)
 
 static gnutls_datum_t pubkey = { NULL, 0 };
 
-static gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
-
 test_code_t test_dhe(gnutls_session_t session)
 {
 #ifdef ENABLE_DHE
@@ -224,11 +222,57 @@ test_code_t test_ecdhe(gnutls_session_t session)
 	if (ret < 0)
 		return TEST_FAILED;
 
-	curve = gnutls_ecc_curve_get(session);
-
 	return ret;
 }
 
+static
+test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve, unsigned id)
+{
+	int ret;
+
+	if (tls_ext_ok == 0)
+		return TEST_IGNORE;
+
+	/* We always enable all the curves but set our selected as first. That is
+	 * because list of curves may be also used by the server to select a cert. */
+	sprintf(prio_str, INIT_STR
+		ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+		":+ECDHE-RSA:+ECDHE-ECDSA:%s:%s", protocol_all_str, curve, rest);
+	_gnutls_priority_set_direct(session, prio_str);
+
+	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+	ret = do_handshake(session);
+
+	if (ret < 0)
+		return TEST_FAILED;
+
+	if (gnutls_ecc_curve_get(session) != id)
+		return TEST_FAILED;
+
+	return TEST_SUCCEED;
+}
+
+test_code_t test_ecdhe_secp256r1(gnutls_session_t session)
+{
+	return test_ecdhe_curve(session, "+CURVE-SECP256R1", GNUTLS_ECC_CURVE_SECP256R1);
+}
+
+test_code_t test_ecdhe_secp384r1(gnutls_session_t session)
+{
+	return test_ecdhe_curve(session, "+CURVE-SECP384R1", GNUTLS_ECC_CURVE_SECP384R1);
+}
+
+test_code_t test_ecdhe_secp521r1(gnutls_session_t session)
+{
+	return test_ecdhe_curve(session, "+CURVE-SECP521R1", GNUTLS_ECC_CURVE_SECP521R1);
+}
+
+test_code_t test_ecdhe_x25519(gnutls_session_t session)
+{
+	return test_ecdhe_curve(session, "+CURVE-X25519", GNUTLS_ECC_CURVE_X25519);
+}
+
 test_code_t test_rfc7507(gnutls_session_t session)
 {
 	int ret;
@@ -463,15 +507,6 @@ test_code_t test_dhe_group(gnutls_session_t session)
 	return ret;
 }
 
-test_code_t test_ecdhe_curve(gnutls_session_t session)
-{
-	if (curve == GNUTLS_ECC_CURVE_INVALID)
-		return TEST_IGNORE;
-
-	ext_text = gnutls_ecc_curve_get_name(curve);
-	return TEST_SUCCEED;
-}
-
 test_code_t test_ssl3(gnutls_session_t session)
 {
 	int ret;
diff --git a/src/tests.h b/src/tests.h
index f1c9477bbd..3a974aeea0 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -70,7 +70,10 @@ test_code_t test_zlib(gnutls_session_t session);
 int _test_srp_username_callback(gnutls_session_t session,
 				char **username, char **password);
 
-test_code_t test_ecdhe_curve(gnutls_session_t session);
+test_code_t test_ecdhe_x25519(gnutls_session_t session);
+test_code_t test_ecdhe_secp521r1(gnutls_session_t session);
+test_code_t test_ecdhe_secp384r1(gnutls_session_t session);
+test_code_t test_ecdhe_secp256r1(gnutls_session_t session);
 test_code_t test_ecdhe(gnutls_session_t session);
 test_code_t test_aes_gcm(gnutls_session_t session);
 test_code_t test_aes_ccm(gnutls_session_t session);