diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-07-19 15:40:46 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-12-20 01:46:00 +0300 |
commit | 2a6e87081ab811812f51ead52c4eef29baa6ba43 (patch) | |
tree | c114e9cf2f194e4c2af68f71ac9bd674c382d1d0 /src | |
parent | 8d81203c987e717031a6ecfa0a25983f4471d3fc (diff) | |
download | gnutls-2a6e87081ab811812f51ead52c4eef29baa6ba43.tar.gz |
gnutls-cli-debug: add GOST_CNT-related KX/cipher/MAC tests
Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT
support by the server.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/cli-debug.c | 10 | ||||
-rw-r--r-- | src/tests.c | 86 | ||||
-rw-r--r-- | src/tests.h | 6 |
3 files changed, 97 insertions, 5 deletions
diff --git a/src/cli-debug.c b/src/cli-debug.c index 4a90edd2e2..06e47fd55e 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -159,6 +159,9 @@ static const TLS_TEST tls_tests[] = { {"for ephemeral EC Diffie-Hellman support", test_ecdhe, "yes", "no", "dunno"}, +#ifdef ENABLE_GOST + {"for VKO GOST-2012 (draft-smyshlyaev-tls12-gost-suites) support", test_vko_gost_12, "yes", "no", "dunno"}, +#endif {"for curve SECP256r1 (RFC4492)", test_ecdhe_secp256r1, "yes", "no", "dunno"}, {"for curve SECP384r1 (RFC4492)", test_ecdhe_secp384r1, "yes", "no", "dunno"}, {"for curve SECP521r1 (RFC4492)", test_ecdhe_secp521r1, "yes", "no", "dunno"}, @@ -180,9 +183,16 @@ static const TLS_TEST tls_tests[] = { "dunno"}, {"for CHACHA20-POLY1305 cipher (RFC7905) support", test_chacha20, "yes", "no", "dunno"}, +#ifdef ENABLE_GOST + {"for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support", test_gost_cnt, "yes", "no", + "dunno"}, +#endif {"for MD5 MAC support", test_md5, "yes", "no", "dunno"}, {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"}, {"for SHA256 MAC support", test_sha256, "yes", "no", "dunno"}, +#ifdef ENABLE_GOST + {"for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support", test_gost_imit, "yes", "no", "dunno"}, +#endif {"for max record size (RFC6066) support", test_max_record_size, "yes", "no", "dunno"}, #ifdef ENABLE_OCSP diff --git a/src/tests.c b/src/tests.c index e73372f7af..9b608119f5 100644 --- a/src/tests.c +++ b/src/tests.c @@ -112,15 +112,27 @@ char protocol_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0"; char protocol_all_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0"; -char prio_str[512] = ""; +char prio_str[768] = ""; -#define ALL_CIPHERS "+CIPHER-ALL:+ARCFOUR-128:+3DES-CBC" +#ifdef ENABLE_GOST +#define GOST_CIPHERS ":+GOST28147-TC26Z-CNT" +#define GOST_MACS ":+GOST28147-TC26Z-IMIT" +#define GOST_KX ":+VKO-GOST-12" +#define GOST_REST ":+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+GROUP-GOST-ALL" +#else +#define GOST_CIPHERS +#define GOST_MACS +#define GOST_KX +#define GOST_REST +#endif + +#define ALL_CIPHERS "+CIPHER-ALL:+ARCFOUR-128:+3DES-CBC" GOST_CIPHERS #define BLOCK_CIPHERS "+3DES-CBC:+AES-128-CBC:+CAMELLIA-128-CBC:+AES-256-CBC:+CAMELLIA-256-CBC" #define ALL_COMP "+COMP-NULL" -#define ALL_MACS "+MAC-ALL:+MD5:+SHA1" -#define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" +#define ALL_MACS "+MAC-ALL:+MD5:+SHA1" GOST_MACS +#define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" GOST_KX #define INIT_STR "NONE:" -char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; +char rest[384] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL" GOST_REST; #define _gnutls_priority_set_direct(s, str) __gnutls_priority_set_direct(s, str, __LINE__) @@ -249,6 +261,31 @@ test_code_t test_ecdhe(gnutls_session_t session) return ret; } +#ifdef ENABLE_GOST +test_code_t test_vko_gost_12(gnutls_session_t session) +{ + int ret; + + if (tls_ext_ok == 0) + return TEST_IGNORE; + + sprintf(prio_str, INIT_STR + ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS + ":+VKO-GOST-12:%s", protocol_all_str, + rest); + _gnutls_priority_set_direct(session, prio_str); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + ret = test_do_handshake(session); + + if (ret < 0) + return TEST_FAILED; + + return ret; +} +#endif + test_code_t test_rsa(gnutls_session_t session) { int ret; @@ -801,6 +838,26 @@ test_code_t test_sha256(gnutls_session_t session) return ret; } +#ifdef ENABLE_GOST +test_code_t test_gost_imit(gnutls_session_t session) +{ + int ret; + + if (gnutls_fips140_mode_enabled()) + return TEST_IGNORE; + + sprintf(prio_str, + INIT_STR ALL_CIPHERS ":" ALL_COMP + ":%s:+GOST28147-TC26Z-IMIT:" ALL_KX ":%s", + protocol_all_str, rest); + _gnutls_priority_set_direct(session, prio_str); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + ret = test_do_handshake(session); + return ret; +} +#endif + test_code_t test_3des(gnutls_session_t session) { int ret; @@ -849,6 +906,25 @@ test_code_t test_chacha20(gnutls_session_t session) return ret; } +#ifdef ENABLE_GOST +test_code_t test_gost_cnt(gnutls_session_t session) +{ + int ret; + + if (gnutls_fips140_mode_enabled()) + return TEST_IGNORE; + + sprintf(prio_str, + INIT_STR "+GOST28147-TC26Z-CNT:" ALL_COMP ":%s:" + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); + _gnutls_priority_set_direct(session, prio_str); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + ret = test_do_handshake(session); + return ret; +} +#endif + test_code_t test_tls1(gnutls_session_t session) { int ret; diff --git a/src/tests.h b/src/tests.h index 80c590585d..a8326019ca 100644 --- a/src/tests.h +++ b/src/tests.h @@ -87,4 +87,10 @@ test_code_t test_aes_ccm(gnutls_session_t session); test_code_t test_aes_ccm_8(gnutls_session_t session); test_code_t test_sha256(gnutls_session_t session); +#ifdef ENABLE_GOST +test_code_t test_vko_gost_12(gnutls_session_t session); +test_code_t test_gost_cnt(gnutls_session_t session); +test_code_t test_gost_imit(gnutls_session_t session); +#endif + #endif /* GNUTLS_SRC_TESTS_H */ |