summaryrefslogtreecommitdiff
path: root/tests/tls13-early-start.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/tls13-early-start.c')
-rw-r--r--tests/tls13-early-start.c131
1 files changed, 74 insertions, 57 deletions
diff --git a/tests/tls13-early-start.c b/tests/tls13-early-start.c
index 3c79dba983..41002668a2 100644
--- a/tests/tls13-early-start.c
+++ b/tests/tls13-early-start.c
@@ -20,7 +20,7 @@
*/
#ifdef HAVE_CONFIG_H
-#include <config.h>
+# include <config.h>
#endif
/* This program tests support for early start in TLS1.3 handshake */
@@ -52,11 +52,10 @@ static void tls_log_func(int level, const char *str)
static
void try_with_key_fail(const char *name, const char *client_prio,
- const gnutls_datum_t *serv_cert,
- const gnutls_datum_t *serv_key,
- const gnutls_datum_t *cli_cert,
- const gnutls_datum_t *cli_key,
- unsigned init_flags)
+ const gnutls_datum_t * serv_cert,
+ const gnutls_datum_t * serv_key,
+ const gnutls_datum_t * cli_cert,
+ const gnutls_datum_t * cli_key, unsigned init_flags)
{
int ret;
char buffer[256];
@@ -83,9 +82,8 @@ void try_with_key_fail(const char *name, const char *client_prio,
if (ret < 0)
fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
- assert(gnutls_init(&server, GNUTLS_SERVER|init_flags)>=0);
- gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
+ assert(gnutls_init(&server, GNUTLS_SERVER | init_flags) >= 0);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0);
@@ -102,7 +100,8 @@ void try_with_key_fail(const char *name, const char *client_prio,
gnutls_certificate_set_x509_key_mem(clientx509cred,
cli_cert, cli_key,
GNUTLS_X509_FMT_PEM);
- gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE);
+ gnutls_certificate_server_set_request(server,
+ GNUTLS_CERT_REQUIRE);
}
ret = gnutls_init(&client, GNUTLS_CLIENT);
@@ -110,7 +109,7 @@ void try_with_key_fail(const char *name, const char *client_prio,
exit(1);
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -135,7 +134,7 @@ void try_with_key_fail(const char *name, const char *client_prio,
assert(version == GNUTLS_TLS1_3);
memset(buffer, 0, sizeof(buffer));
- assert(gnutls_record_send(server, MSG, strlen(MSG))>=0);
+ assert(gnutls_record_send(server, MSG, strlen(MSG)) >= 0);
ret = gnutls_record_recv(client, buffer, sizeof(buffer));
if (ret == 0) {
@@ -147,12 +146,13 @@ void try_with_key_fail(const char *name, const char *client_prio,
}
if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
- fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+ fail("client: Error in data received. Expected %d, got %d\n",
+ (int)strlen(MSG), ret);
exit(1);
}
memset(buffer, 0, sizeof(buffer));
- assert(gnutls_record_send(client, MSG, strlen(MSG))>=0);
+ assert(gnutls_record_send(client, MSG, strlen(MSG)) >= 0);
ret = gnutls_record_recv(server, buffer, sizeof(buffer));
if (ret == 0) {
@@ -162,7 +162,8 @@ void try_with_key_fail(const char *name, const char *client_prio,
}
if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
- fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+ fail("client: Error in data received. Expected %d, got %d\n",
+ (int)strlen(MSG), ret);
exit(1);
}
@@ -175,12 +176,11 @@ void try_with_key_fail(const char *name, const char *client_prio,
static
void try_with_key_ks(const char *name, const char *client_prio,
- const gnutls_datum_t *serv_cert,
- const gnutls_datum_t *serv_key,
- const gnutls_datum_t *client_cert,
- const gnutls_datum_t *client_key,
- unsigned cert_flags,
- unsigned init_flags)
+ const gnutls_datum_t * serv_cert,
+ const gnutls_datum_t * serv_key,
+ const gnutls_datum_t * client_cert,
+ const gnutls_datum_t * client_key,
+ unsigned cert_flags, unsigned init_flags)
{
int ret;
char buffer[256];
@@ -204,20 +204,18 @@ void try_with_key_ks(const char *name, const char *client_prio,
gnutls_certificate_allocate_credentials(&serverx509cred);
ret = gnutls_certificate_set_x509_key_mem(serverx509cred,
- serv_cert, serv_key,
- GNUTLS_X509_FMT_PEM);
+ serv_cert, serv_key,
+ GNUTLS_X509_FMT_PEM);
if (ret < 0) {
fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
}
- assert(gnutls_init(&server, GNUTLS_SERVER|init_flags)>=0);
- gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
- serverx509cred);
-
+ assert(gnutls_init(&server, GNUTLS_SERVER | init_flags) >= 0);
+ gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
assert(gnutls_priority_set_direct(server,
- "NORMAL:-VERS-ALL:+VERS-TLS1.3",
- NULL)>=0);
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3",
+ NULL) >= 0);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
@@ -232,18 +230,19 @@ void try_with_key_ks(const char *name, const char *client_prio,
gnutls_certificate_set_x509_key_mem(clientx509cred,
client_cert, client_key,
GNUTLS_X509_FMT_PEM);
- gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE);
+ gnutls_certificate_server_set_request(server,
+ GNUTLS_CERT_REQUIRE);
} else if (cert_flags == ASK_CERT) {
- gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
+ gnutls_certificate_server_set_request(server,
+ GNUTLS_CERT_REQUEST);
}
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
-
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
- clientx509cred);
+ clientx509cred);
if (ret < 0)
exit(1);
@@ -267,7 +266,7 @@ void try_with_key_ks(const char *name, const char *client_prio,
assert(version == GNUTLS_TLS1_3);
memset(buffer, 0, sizeof(buffer));
- assert(gnutls_record_send(server, MSG, strlen(MSG))>=0);
+ assert(gnutls_record_send(server, MSG, strlen(MSG)) >= 0);
ret = gnutls_record_recv(client, buffer, sizeof(buffer));
if (ret == 0) {
@@ -279,12 +278,13 @@ void try_with_key_ks(const char *name, const char *client_prio,
}
if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
- fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+ fail("client: Error in data received. Expected %d, got %d\n",
+ (int)strlen(MSG), ret);
exit(1);
}
memset(buffer, 0, sizeof(buffer));
- assert(gnutls_record_send(client, MSG, strlen(MSG))>=0);
+ assert(gnutls_record_send(client, MSG, strlen(MSG)) >= 0);
ret = gnutls_record_recv(server, buffer, sizeof(buffer));
if (ret == 0) {
@@ -294,7 +294,8 @@ void try_with_key_ks(const char *name, const char *client_prio,
}
if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
- fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+ fail("client: Error in data received. Expected %d, got %d\n",
+ (int)strlen(MSG), ret);
exit(1);
}
@@ -310,14 +311,14 @@ void try_with_key_ks(const char *name, const char *client_prio,
static
void try_with_key(const char *name, const char *client_prio,
- const gnutls_datum_t *serv_cert,
- const gnutls_datum_t *serv_key,
- const gnutls_datum_t *cli_cert,
- const gnutls_datum_t *cli_key,
- unsigned cert_flags)
+ const gnutls_datum_t * serv_cert,
+ const gnutls_datum_t * serv_key,
+ const gnutls_datum_t * cli_cert,
+ const gnutls_datum_t * cli_key, unsigned cert_flags)
{
return try_with_key_ks(name, client_prio,
- serv_cert, serv_key, cli_cert, cli_key, cert_flags, GNUTLS_ENABLE_EARLY_START);
+ serv_cert, serv_key, cli_cert, cli_key,
+ cert_flags, GNUTLS_ENABLE_EARLY_START);
}
#include "cert-common.h"
@@ -325,22 +326,38 @@ void try_with_key(const char *name, const char *client_prio,
void doit(void)
{
/* TLS 1.3 no client cert: early start expected */
- try_ok("TLS 1.3 with ffdhe2048 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048");
- try_ok("TLS 1.3 with secp256r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1");
- try_ok("TLS 1.3 with x25519 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519");
-
- try_with_key_ks("TLS 1.3 with secp256r1 ecdsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1",
- &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_ENABLE_EARLY_START);
+ try_ok("TLS 1.3 with ffdhe2048 rsa no-cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048");
+ try_ok("TLS 1.3 with secp256r1 rsa no-cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1");
+ try_ok("TLS 1.3 with x25519 rsa no-cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519");
+
+ try_with_key_ks("TLS 1.3 with secp256r1 ecdsa no-cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1",
+ &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key,
+ NULL, NULL, 0, GNUTLS_ENABLE_EARLY_START);
/* client authentication: no early start possible */
- try_with_key_fail("TLS 1.3 with rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
- &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, GNUTLS_ENABLE_EARLY_START);
- try_with_key_fail("TLS 1.3 with rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
- &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, GNUTLS_ENABLE_EARLY_START);
- try_with_key_fail("TLS 1.3 with ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
- &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, GNUTLS_ENABLE_EARLY_START);
+ try_with_key_fail("TLS 1.3 with rsa-pss cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+ &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key,
+ &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key,
+ GNUTLS_ENABLE_EARLY_START);
+ try_with_key_fail("TLS 1.3 with rsa cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+ &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key,
+ &cli_ca3_cert, &cli_ca3_key,
+ GNUTLS_ENABLE_EARLY_START);
+ try_with_key_fail("TLS 1.3 with ecdsa cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+ &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key,
+ &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key,
+ GNUTLS_ENABLE_EARLY_START);
/* TLS 1.3 no client cert: no early start flag specified */
- try_with_key_fail("TLS 1.3 with rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
- &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0);
+ try_with_key_fail("TLS 1.3 with rsa-pss cli-cert",
+ "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+ &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key,
+ NULL, NULL, 0);
}
View Lorry Controller Status