Added safe renegotiation test cases. Added priority string option to

completely disable renegotiation to assist in testing more cases.

3 files changed, 135 insertions, 0 deletions

diff --git a/tests/safe-renegotiation/Makefile.am b/tests/safe-renegotiation/Makefile.am
new file mode 100644
index 0000000000..651c7e6d2a
--- /dev/null
+++ b/tests/safe-renegotiation/Makefile.am
@@ -0,0 +1,24 @@
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2010 Free Software Foundation
+#
+# This file is part of GNUTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+EXTRA_DIST = params.dh
+
+dist_check_SCRIPTS = testsrn
+TESTS = testsrn
+
diff --git a/tests/safe-renegotiation/params.dh b/tests/safe-renegotiation/params.dh
new file mode 100644
index 0000000000..51185ec3bf
--- /dev/null
+++ b/tests/safe-renegotiation/params.dh
@@ -0,0 +1,35 @@
+
+Generator: 05
+
+Prime: c9:e9:2d:fc:94:15:1a:10:4f:3c:b5:16
+	7e:34:10:7d:eb:3d:d5:7d:61:ff:b0:ce
+	da:7f:6e:0c:ea:db:b4:87:f6:c6:34:a8
+	3c:f8:84:52:14:59:ab:17:5c:d0:f0:86
+	c4:02:93:dc:09:83:57:16:98:21:d0:42
+	8e:33:fc:48:69:e6:04:0d:4e:50:09:33
+	2e:28:60:4f:05:08:7c:ce:2f:a6:1a:4c
+	41:d1:a3:dd:f6:37:56:44:1d:b0:54:af
+	f7:4a:a0:c2:19:5d:ce:62:b0:7a:1b:e1
+	5c:7f:bb:4d:7e:9e:28:48:00:a4:9a:86
+	3e:6e:6e:9c:57:41:c7:ec:bf:7f:09:fc
+	da:25:c2:1e:e0:52:dc:65:8c:40:a3:6e
+	bd:99:4e:0b:1a:04:e0:23:20:46:5a:d0
+	3f:b3:a4:d6:76:73:b7:cc:61:33:11:54
+	a6:32:ff:94:08:d5:66:36:fd:99:69:21
+	cc:28:5d:11:52:32:48:b6:a5:b5:c3:b0
+	21:3f:f9:69:25:83:b1:3d:79:a6:ed:ae
+	db:95:62:fc:72:ca:ad:46:fc:b6:b1:ea
+	98:68:97:ba:f2:54:aa:86:ed:62:b1:78
+	5f:d5:19:80:ce:41:ee:98:a1:71:9f:fa
+	5b:6b:d8:5e:7e:b3:18:0a:f0:4c:96:76
+	6c:0c:b0:a3
+
+
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAyekt/JQVGhBPPLUWfjQQfes91X1h/7DO2n9uDOrbtIf2xjSoPPiE
+UhRZqxdc0PCGxAKT3AmDVxaYIdBCjjP8SGnmBA1OUAkzLihgTwUIfM4vphpMQdGj
+3fY3VkQdsFSv90qgwhldzmKwehvhXH+7TX6eKEgApJqGPm5unFdBx+y/fwn82iXC
+HuBS3GWMQKNuvZlOCxoE4CMgRlrQP7Ok1nZzt8xhMxFUpjL/lAjVZjb9mWkhzChd
+EVIySLaltcOwIT/5aSWDsT15pu2u25Vi/HLKrUb8trHqmGiXuvJUqobtYrF4X9UZ
+gM5B7pihcZ/6W2vYXn6zGArwTJZ2bAywowIBBQ==
+-----END DH PARAMETERS-----
diff --git a/tests/safe-renegotiation/testsrn b/tests/safe-renegotiation/testsrn
new file mode 100755
index 0000000000..a926245c4c
--- /dev/null
+++ b/tests/safe-renegotiation/testsrn
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+srcdir="${srcdir:-.}"
+SERV="${SERV:-../../src/gnutls-serv} -q"
+CLI="${CLI:-../../src/gnutls-cli}"
+PORT="${PORT:-5558}"
+unset RETCODE
+
+fail() {
+   echo "Failure: $1" >&2
+   RETCODE=${RETCODE:-${2:-1}}
+}
+
+echo "Checking Safe renegotiation"
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH --dhparams params.dh >/dev/null 2>&1 & 
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null >/dev/null 2>&1 || \
+  fail "1. Safe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail "2. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail "3. Unsafe negotiation should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+  fail "4. Unsafe renegotiation should have failed!"
+
+kill %1
+wait
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%INITIAL_SAFE_RENEGOTIATION --dhparams params.dh >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null >/dev/null 2>&1 || \
+  fail "5. Safe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail "6. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+  fail "7. Unsafe negotiation should have failed!"
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+  fail "8. Unsafe renegotiation should have failed!"
+
+kill %1
+wait
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams params.dh >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null >/dev/null 2>&1 && \
+  fail "9. Safe rehandshake should have failed!"
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail "10. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail "11. Unsafe negotiation should have succeeded!"
+
+$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+  fail "12. Unsafe renegotiation should have succeeded!"
+
+kill %1
+wait
+
+exit ${RETCODE:-0}