leviathan
/
openssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add testcase for TLS1.3 FFDHE

Browse Source 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8178)
master
raja-ashok 4 years ago committed by Matt Caswell
parent 9aaecbfc98
commit 8e63900a71
1 changed files with 104 additions and 0 deletions
Show Stats Download Patch File Download Diff File

104
test/sslapitest.c
Unescape View File

@ -3735,6 +3735,109 @@ static int test_ciphersuite_change(void)
return testresult;
}
/*
* Test TLSv1.3 Key exchange
* Test 0 = Test ECDHE Key exchange
* Test 1 = Test FFDHE Key exchange
* Test 2 = Test ECDHE with TLSv1.2 client and TLSv1.2 server
* Test 3 = Test FFDHE with TLSv1.2 client and TLSv1.2 server
*/
static int test_tls13_key_exchange(int idx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
NID_X25519, NID_X448};
int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
NID_ffdhe6144, NID_ffdhe8192};
int *kexch_groups = NULL;
int kexch_groups_size = 0;
int max_version = TLS1_3_VERSION;
int want_err = SSL_ERROR_NONE;
int expected_err_func = 0;
int expected_err_reason = 0;
switch (idx) {
case 0:
kexch_groups = ecdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
break;
case 1:
kexch_groups = ffdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
break;
case 2:
kexch_groups = ecdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
max_version = TLS1_2_VERSION;
expected_err_func = SSL_F_TLS_POST_PROCESS_CLIENT_HELLO;
expected_err_reason = SSL_R_NO_SHARED_CIPHER;
want_err = SSL_ERROR_SSL;
break;
case 3:
kexch_groups = ffdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
max_version = TLS1_2_VERSION;
want_err = SSL_ERROR_SSL;
expected_err_func = SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS;
expected_err_reason = ERR_R_INTERNAL_ERROR;
break;
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, max_version,
&sctx, &cctx, cert, privkey)))
goto end;
if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, TLS1_3_RFC_AES_128_GCM_SHA256)))
goto end;
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, TLS1_3_RFC_AES_128_GCM_SHA256)))
goto end;
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM)))
goto end;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
if (!TEST_true(SSL_set1_groups(serverssl, kexch_groups, kexch_groups_size))
|| !TEST_true(SSL_set1_groups(clientssl, kexch_groups, kexch_groups_size)))
goto end;
if (!TEST_true(create_ssl_connection(serverssl, clientssl, want_err))) {
/* Fail only if no error is expected in handshake */
if (expected_err_func == 0)
goto end;
}
/* Fail if expected error is not happening for failure testcases */
if (expected_err_func) {
unsigned long err_code = ERR_get_error();
if (TEST_int_eq(ERR_GET_FUNC(err_code), expected_err_func)
&& TEST_int_eq(ERR_GET_REASON(err_code), expected_err_reason))
testresult = 1;
goto end;
}
/* If Handshake succeeds the negotiated kexch alg should the first one in configured */
if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0), kexch_groups[0]))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test TLSv1.3 PSKs
* Test 0 = Test new style callbacks
@ -6536,6 +6639,7 @@ int setup_tests(void)
#else
ADD_ALL_TESTS(test_tls13_psk, 4);
#endif /* OPENSSL_NO_PSK */
ADD_ALL_TESTS(test_tls13_key_exchange, 4);
ADD_ALL_TESTS(test_custom_exts, 5);
ADD_TEST(test_stateless);
ADD_TEST(test_pha_key_update);

Write Preview
Loading…
Cancel
Save