document the gnutls_pcert_st
[gnutls.git] / src / tests.c
bloba3c5383676067729e06fc4527a8bf30aa60ddab0
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * This file is part of GnuTLS.
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
21 #include <config.h>
22 #include <gnutls/gnutls.h>
23 #include <gnutls/x509.h>
25 #ifndef _WIN32
26 #include <unistd.h>
27 #include <signal.h>
28 #else
29 #include <errno.h>
30 #endif
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <common.h>
36 #include <tests.h>
38 extern gnutls_srp_client_credentials_t srp_cred;
39 extern gnutls_anon_client_credentials_t anon_cred;
40 extern gnutls_certificate_credentials_t xcred;
42 extern int verbose;
44 int tls1_ok = 0;
45 int ssl3_ok = 0;
46 int tls1_1_ok = 0;
47 int tls1_2_ok = 0;
49 /* keep session info */
50 static char *session_data = NULL;
51 static char session_id[32];
52 static size_t session_data_size = 0, session_id_size = 0;
53 static int sfree = 0;
54 static int handshake_output = 0;
56 static int
57 do_handshake (gnutls_session_t session)
59 int ret, alert;
63 ret = gnutls_handshake (session);
65 while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
67 handshake_output = ret;
69 if (ret < 0 && verbose > 1)
71 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
72 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
74 alert = gnutls_alert_get (session);
75 printf ("\n");
76 printf ("*** Received alert [%d]: %s\n",
77 alert, gnutls_alert_get_name (alert));
81 if (ret < 0)
82 return TEST_FAILED;
84 gnutls_session_get_data (session, NULL, &session_data_size);
86 if (sfree != 0)
88 free (session_data);
89 sfree = 0;
91 session_data = malloc (session_data_size);
92 sfree = 1;
93 if (session_data == NULL)
95 fprintf (stderr, "Memory error\n");
96 exit (1);
98 gnutls_session_get_data (session, session_data, &session_data_size);
100 session_id_size = sizeof (session_id);
101 gnutls_session_get_id (session, session_id, &session_id_size);
103 return TEST_SUCCEED;
106 char protocol_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
107 char protocol_all_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
108 char prio_str[512] = "";
110 #define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
111 #define BLOCK_CIPHERS "+3DES-CBC:+AES-128-CBC"
112 #define ALL_COMP "+COMP-NULL"
113 #define ALL_MACS "+SHA1:+MD5"
114 #define ALL_CERTTYPES "+CTYPE-X509"
115 #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+RSA-EXPORT:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH"
116 #define INIT_STR "NONE:"
117 char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+CURVE-ALL";
119 static inline void
120 _gnutls_priority_set_direct (gnutls_session_t session, const char *str)
122 const char *err;
123 int ret = gnutls_priority_set_direct (session, str, &err);
125 if (ret < 0)
127 fprintf (stderr, "Error with string %s\n", str);
128 fprintf (stderr, "Error at %s: %s\n", err, gnutls_strerror (ret));
129 exit (1);
133 test_code_t
134 test_server (gnutls_session_t session)
136 int ret, i = 0;
137 char buf[5 * 1024];
138 char *p;
139 const char snd_buf[] = "GET / HTTP/1.0\n\n";
141 if (verbose == 0)
142 return TEST_UNSURE;
144 buf[sizeof (buf) - 1] = 0;
146 sprintf (prio_str, INIT_STR
147 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
148 ALL_KX ":" "%s", protocol_str, rest);
149 _gnutls_priority_set_direct (session, prio_str);
151 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
153 ret = do_handshake (session);
154 if (ret != TEST_SUCCEED)
155 return TEST_FAILED;
157 gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1);
158 ret = gnutls_record_recv (session, buf, sizeof (buf) - 1);
159 if (ret < 0)
160 return TEST_FAILED;
162 p = strstr (buf, "Server:");
163 if (p != NULL)
164 p = strchr (p, ':');
165 if (p != NULL)
167 p++;
168 while (*p != 0 && *p != '\r' && *p != '\n')
170 putc (*p, stdout);
171 p++;
172 i++;
173 if (i > 128)
174 break;
178 return TEST_SUCCEED;
182 static int export_true = 0;
183 static gnutls_datum_t exp = { NULL, 0 }, mod =
186 NULL, 0};
188 test_code_t
189 test_export (gnutls_session_t session)
191 int ret;
193 sprintf (prio_str, INIT_STR
194 "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
195 ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
196 _gnutls_priority_set_direct (session, prio_str);
198 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
200 ret = do_handshake (session);
202 if (ret == TEST_SUCCEED)
204 export_true = 1;
205 gnutls_rsa_export_get_pubkey (session, &exp, &mod);
208 return ret;
211 test_code_t
212 test_export_info (gnutls_session_t session)
214 int ret2, ret;
215 gnutls_datum_t exp2, mod2;
216 const char *print;
218 if (verbose == 0 || export_true == 0)
219 return TEST_IGNORE;
221 sprintf (prio_str, INIT_STR
222 "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
223 ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
224 _gnutls_priority_set_direct (session, prio_str);
226 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
228 ret = do_handshake (session);
230 if (ret == TEST_SUCCEED)
232 ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2);
233 if (ret2 >= 0)
235 printf ("\n");
237 print = raw_to_string (exp2.data, exp2.size);
238 if (print)
239 printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
241 print = raw_to_string (mod2.data, mod2.size);
242 if (print)
243 printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
245 if (mod2.size != mod.size || exp2.size != exp.size ||
246 memcmp (mod2.data, mod.data, mod.size) != 0 ||
247 memcmp (exp2.data, exp.data, exp.size) != 0)
249 printf
250 (" (server uses different public keys per connection)\n");
255 return ret;
259 static gnutls_datum_t pubkey = { NULL, 0 };
260 static gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
262 test_code_t
263 test_dhe (gnutls_session_t session)
265 int ret;
267 sprintf (prio_str, INIT_STR
268 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
269 ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
270 _gnutls_priority_set_direct (session, prio_str);
272 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
274 ret = do_handshake (session);
276 gnutls_dh_get_pubkey (session, &pubkey);
278 return ret;
281 test_code_t test_ecdhe (gnutls_session_t session)
283 int ret;
285 sprintf (prio_str, INIT_STR
286 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
287 ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str, rest);
288 _gnutls_priority_set_direct (session, prio_str);
290 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
292 ret = do_handshake (session);
294 curve = gnutls_ecc_curve_get(session);
296 return ret;
300 test_code_t
301 test_safe_renegotiation (gnutls_session_t session)
303 int ret;
305 sprintf (prio_str, INIT_STR
306 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
307 ALL_KX ":%%SAFE_RENEGOTIATION", protocol_str);
308 _gnutls_priority_set_direct (session, prio_str);
310 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
312 ret = do_handshake (session);
314 return ret;
317 test_code_t
318 test_safe_renegotiation_scsv (gnutls_session_t session)
320 int ret;
322 sprintf (prio_str, INIT_STR
323 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
324 ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION");
325 _gnutls_priority_set_direct (session, prio_str);
327 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
329 ret = do_handshake (session);
331 return ret;
334 test_code_t
335 test_dhe_group (gnutls_session_t session)
337 int ret, ret2;
338 gnutls_datum_t gen, prime, pubkey2;
339 const char *print;
341 if (verbose == 0 || pubkey.data == NULL)
342 return TEST_IGNORE;
344 sprintf (prio_str, INIT_STR
345 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
346 ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
348 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
350 ret = do_handshake (session);
352 ret2 = gnutls_dh_get_group (session, &gen, &prime);
353 if (ret2 >= 0)
355 printf ("\n");
357 print = raw_to_string (gen.data, gen.size);
358 if (print)
359 printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
361 print = raw_to_string (prime.data, prime.size);
362 if (print)
363 printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
365 gnutls_dh_get_pubkey (session, &pubkey2);
366 print = raw_to_string (pubkey2.data, pubkey2.size);
367 if (print)
368 printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
370 if (pubkey2.data && pubkey2.size == pubkey.size &&
371 memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
373 printf (" (public key seems to be static among sessions)\n");
376 return ret;
379 test_code_t
380 test_ecdhe_curve (gnutls_session_t session)
382 if (curve == GNUTLS_ECC_CURVE_INVALID)
383 return TEST_IGNORE;
385 printf ("\n Curve %s", gnutls_ecc_curve_get_name(curve));
387 return TEST_SUCCEED;
390 test_code_t
391 test_ssl3 (gnutls_session_t session)
393 int ret;
394 sprintf (prio_str, INIT_STR
395 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
396 ALL_MACS ":" ALL_KX ":%s", rest);
397 _gnutls_priority_set_direct (session, prio_str);
399 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
401 ret = do_handshake (session);
402 if (ret == TEST_SUCCEED)
403 ssl3_ok = 1;
405 return ret;
408 static int alrm = 0;
409 static void
410 got_alarm (int k)
412 alrm = 1;
415 test_code_t
416 test_bye (gnutls_session_t session)
418 int ret;
419 char data[20];
420 int secs = 6;
421 #ifndef _WIN32
422 int old;
424 signal (SIGALRM, got_alarm);
425 #endif
427 sprintf (prio_str, INIT_STR
428 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
429 ALL_KX ":%s", protocol_str, rest);
430 _gnutls_priority_set_direct (session, prio_str);
432 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
434 ret = do_handshake (session);
435 if (ret == TEST_FAILED)
436 return ret;
438 ret = gnutls_bye (session, GNUTLS_SHUT_WR);
439 if (ret < 0)
440 return TEST_FAILED;
442 #ifndef _WIN32
443 old = siginterrupt (SIGALRM, 1);
444 alarm (secs);
445 #else
446 setsockopt ((int) gnutls_transport_get_ptr (session), SOL_SOCKET,
447 SO_RCVTIMEO, (char *) &secs, sizeof (int));
448 #endif
452 ret = gnutls_record_recv (session, data, sizeof (data));
454 while (ret > 0);
456 #ifndef _WIN32
457 siginterrupt (SIGALRM, old);
458 #else
459 if (WSAGetLastError () == WSAETIMEDOUT ||
460 WSAGetLastError () == WSAECONNABORTED)
461 alrm = 1;
462 #endif
463 if (ret == 0)
464 return TEST_SUCCEED;
466 if (alrm == 0)
467 return TEST_UNSURE;
469 return TEST_FAILED;
474 test_code_t
475 test_aes (gnutls_session_t session)
477 int ret;
479 sprintf (prio_str, INIT_STR
480 "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
481 ":" ALL_KX ":%s", protocol_str, rest);
482 _gnutls_priority_set_direct (session, prio_str);
484 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
486 ret = do_handshake (session);
487 return ret;
490 test_code_t test_aes_gcm (gnutls_session_t session)
492 int ret;
494 sprintf (prio_str, INIT_STR
495 "+AES-128-GCM:+AES-256-GCM:+AEAD:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
496 ":" ALL_KX ":%s", protocol_all_str, rest);
497 _gnutls_priority_set_direct (session, prio_str);
499 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
501 ret = do_handshake (session);
502 return ret;
505 test_code_t
506 test_camellia (gnutls_session_t session)
508 int ret;
510 sprintf (prio_str,
511 INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
512 ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
513 _gnutls_priority_set_direct (session, prio_str);
515 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
517 ret = do_handshake (session);
518 return ret;
521 test_code_t
522 test_openpgp1 (gnutls_session_t session)
524 int ret;
526 sprintf (prio_str,
527 INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS
528 ":" ALL_KX ":%s", protocol_str, rest);
529 _gnutls_priority_set_direct (session, prio_str);
531 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
533 ret = do_handshake (session);
534 if (ret == TEST_FAILED)
535 return ret;
537 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_OPENPGP)
538 return TEST_SUCCEED;
540 return TEST_FAILED;
543 test_code_t
544 test_unknown_ciphersuites (gnutls_session_t session)
546 int ret;
548 sprintf (prio_str,
549 INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
550 ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
551 _gnutls_priority_set_direct (session, prio_str);
553 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
555 ret = do_handshake (session);
556 return ret;
559 test_code_t
560 test_md5 (gnutls_session_t session)
562 int ret;
564 sprintf (prio_str,
565 INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
566 ":%s:+MD5:" ALL_KX ":%s", protocol_str, rest);
567 _gnutls_priority_set_direct (session, prio_str);
569 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
571 ret = do_handshake (session);
572 return ret;
575 #ifdef HAVE_LIBZ
576 test_code_t
577 test_zlib (gnutls_session_t session)
579 int ret;
581 sprintf (prio_str,
582 INIT_STR ALL_CIPHERS ":+COMP-DEFLATE:" ALL_CERTTYPES ":%s:" ALL_MACS
583 ":" ALL_KX ":%s", protocol_str, rest);
584 _gnutls_priority_set_direct (session, prio_str);
586 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
588 ret = do_handshake (session);
589 return ret;
591 #endif
593 test_code_t
594 test_sha (gnutls_session_t session)
596 int ret;
598 sprintf (prio_str,
599 INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
600 ":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest);
601 _gnutls_priority_set_direct (session, prio_str);
602 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
604 ret = do_handshake (session);
605 return ret;
608 test_code_t
609 test_sha256 (gnutls_session_t session)
611 int ret;
613 sprintf (prio_str,
614 INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
615 ":%s:+SHA256:" ALL_KX ":%s", protocol_all_str, rest);
616 _gnutls_priority_set_direct (session, prio_str);
617 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
619 ret = do_handshake (session);
620 return ret;
623 test_code_t
624 test_3des (gnutls_session_t session)
626 int ret;
628 sprintf (prio_str,
629 INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
630 ":" ALL_KX ":%s", protocol_str, rest);
631 _gnutls_priority_set_direct (session, prio_str);
632 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
634 ret = do_handshake (session);
635 return ret;
638 test_code_t
639 test_arcfour (gnutls_session_t session)
641 int ret;
643 sprintf (prio_str,
644 INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
645 ":" ALL_KX ":%s", protocol_str, rest);
646 _gnutls_priority_set_direct (session, prio_str);
647 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
649 ret = do_handshake (session);
650 return ret;
653 test_code_t
654 test_arcfour_40 (gnutls_session_t session)
656 int ret;
658 sprintf (prio_str,
659 INIT_STR "+ARCFOUR-40:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
660 ":" "+RSA-EXPORT" ":%s", protocol_str, rest);
661 _gnutls_priority_set_direct (session, prio_str);
663 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
665 ret = do_handshake (session);
666 return ret;
669 test_code_t
670 test_tls1 (gnutls_session_t session)
672 int ret;
674 sprintf (prio_str,
675 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
676 ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
677 _gnutls_priority_set_direct (session, prio_str);
679 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
681 ret = do_handshake (session);
682 if (ret == TEST_SUCCEED)
683 tls1_ok = 1;
685 return ret;
689 test_code_t
690 test_record_padding (gnutls_session_t session)
692 int ret;
694 sprintf (prio_str,
695 INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
696 ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
697 _gnutls_priority_set_direct (session, prio_str);
699 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
700 ret = do_handshake (session);
701 if (ret == TEST_SUCCEED)
703 tls1_ok = 1;
705 else
707 strcat (rest, ":%COMPAT");
710 return ret;
713 test_code_t
714 test_tls1_2 (gnutls_session_t session)
716 int ret;
718 sprintf (prio_str,
719 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
720 ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest);
721 _gnutls_priority_set_direct (session, prio_str);
723 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
725 ret = do_handshake (session);
726 if (ret == TEST_SUCCEED)
727 tls1_2_ok = 1;
729 return ret;
733 test_code_t
734 test_tls1_1 (gnutls_session_t session)
736 int ret;
738 sprintf (prio_str,
739 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
740 ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest);
741 _gnutls_priority_set_direct (session, prio_str);
743 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
745 ret = do_handshake (session);
746 if (ret == TEST_SUCCEED)
747 tls1_1_ok = 1;
749 return ret;
753 test_code_t
754 test_tls1_1_fallback (gnutls_session_t session)
756 int ret;
757 if (tls1_1_ok)
758 return TEST_IGNORE;
760 sprintf (prio_str,
761 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
762 ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX
763 ":%s", rest);
764 _gnutls_priority_set_direct (session, prio_str);
766 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
768 ret = do_handshake (session);
769 if (ret != TEST_SUCCEED)
770 return TEST_FAILED;
772 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
773 return TEST_SUCCEED;
774 else if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
775 return TEST_UNSURE;
777 return TEST_FAILED;
781 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
782 * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
784 test_code_t
785 test_tls_disable0 (gnutls_session_t session)
787 int ret;
788 if (tls1_ok != 0)
789 return TEST_IGNORE;
791 sprintf (prio_str,
792 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
793 ":" ALL_KX ":%s", protocol_str, rest);
794 _gnutls_priority_set_direct (session, prio_str);
796 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
798 ret = do_handshake (session);
799 if (ret == TEST_FAILED)
801 /* disable TLS 1.0 */
802 if (ssl3_ok != 0)
804 strcpy (protocol_str, "+VERS-SSL3.0");
807 return ret;
811 test_code_t
812 test_tls_disable1 (gnutls_session_t session)
814 int ret;
816 if (tls1_1_ok != 0)
817 return TEST_IGNORE;
819 sprintf (prio_str,
820 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
821 ":" ALL_KX ":%s", protocol_str, rest);
822 _gnutls_priority_set_direct (session, prio_str);
824 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
826 ret = do_handshake (session);
827 if (ret == TEST_FAILED)
829 protocol_str[0] = 0;
830 /* disable TLS 1.1 */
831 if (tls1_ok != 0)
833 strcat (protocol_str, "+VERS-TLS1.0");
835 if (ssl3_ok != 0)
837 if (protocol_str[0] != 0)
838 strcat (protocol_str, ":+VERS-SSL3.0");
839 else
840 strcat (protocol_str, "+VERS-SSL3.0");
843 return ret;
846 test_code_t
847 test_tls_disable2 (gnutls_session_t session)
849 int ret;
851 if (tls1_2_ok != 0)
852 return TEST_IGNORE;
854 sprintf (prio_str,
855 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
856 ":" ALL_KX ":%s", protocol_str, rest);
857 _gnutls_priority_set_direct (session, prio_str);
859 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
861 ret = do_handshake (session);
862 if (ret == TEST_FAILED)
864 /* disable TLS 1.2 */
865 protocol_str[0] = 0;
866 if (tls1_1_ok != 0)
868 strcat (protocol_str, "+VERS-TLS1.1");
870 if (tls1_ok != 0)
872 if (protocol_str[0] != 0)
873 strcat (protocol_str, ":+VERS-TLS1.0");
874 else
875 strcat (protocol_str, "+VERS-TLS1.0");
877 if (ssl3_ok != 0)
879 if (protocol_str[0] != 0)
880 strcat (protocol_str, ":+VERS-SSL3.0");
881 else
882 strcat (protocol_str, "+VERS-SSL3.0");
885 return ret;
889 test_code_t
890 test_rsa_pms (gnutls_session_t session)
892 int ret;
894 /* here we enable both SSL 3.0 and TLS 1.0
895 * and try to connect and use rsa authentication.
896 * If the server is old, buggy and only supports
897 * SSL 3.0 then the handshake will fail.
899 sprintf (prio_str,
900 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
901 ":+RSA:%s", protocol_str, rest);
902 _gnutls_priority_set_direct (session, prio_str);
903 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
905 ret = do_handshake (session);
906 if (ret == TEST_FAILED)
907 return TEST_FAILED;
909 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
910 return TEST_SUCCEED;
911 return TEST_UNSURE;
914 test_code_t
915 test_max_record_size (gnutls_session_t session)
917 int ret;
918 sprintf (prio_str,
919 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
920 ":" ALL_KX ":%s", protocol_str, rest);
921 _gnutls_priority_set_direct (session, prio_str);
922 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
923 gnutls_record_set_max_size (session, 512);
925 ret = do_handshake (session);
926 if (ret == TEST_FAILED)
927 return ret;
929 ret = gnutls_record_get_max_size (session);
930 if (ret == 512)
931 return TEST_SUCCEED;
933 return TEST_FAILED;
936 test_code_t
937 test_hello_extension (gnutls_session_t session)
939 int ret;
941 sprintf (prio_str,
942 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
943 ":" ALL_KX ":%s", protocol_str, rest);
944 _gnutls_priority_set_direct (session, prio_str);
945 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
946 gnutls_record_set_max_size (session, 4096);
948 ret = do_handshake (session);
949 return ret;
952 test_code_t
953 test_small_records (gnutls_session_t session)
955 int ret;
957 sprintf (prio_str,
958 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
959 ":" ALL_KX ":%s", protocol_str, rest);
960 _gnutls_priority_set_direct (session, prio_str);
961 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
962 gnutls_record_set_max_size (session, 512);
964 ret = do_handshake (session);
965 return ret;
968 void _gnutls_record_set_default_version (gnutls_session_t session,
969 unsigned char major,
970 unsigned char minor);
972 test_code_t
973 test_version_rollback (gnutls_session_t session)
975 int ret;
976 if (tls1_ok == 0)
977 return TEST_IGNORE;
979 /* here we enable both SSL 3.0 and TLS 1.0
980 * and we connect using a 3.1 client hello version,
981 * and a 3.0 record version. Some implementations
982 * are buggy (and vulnerable to man in the middle
983 * attacks which allow a version downgrade) and this
984 * connection will fail.
986 sprintf (prio_str,
987 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
988 ":" ALL_KX ":%s", protocol_str, rest);
989 _gnutls_priority_set_direct (session, prio_str);
990 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
991 _gnutls_record_set_default_version (session, 3, 0);
993 ret = do_handshake (session);
994 if (ret != TEST_SUCCEED)
995 return ret;
997 if (tls1_ok != 0 && gnutls_protocol_get_version (session) == GNUTLS_SSL3)
998 return TEST_FAILED;
1000 return TEST_SUCCEED;
1003 /* See if the server tolerates out of bounds
1004 * record layer versions in the first client hello
1005 * message.
1007 test_code_t
1008 test_version_oob (gnutls_session_t session)
1010 int ret;
1011 /* here we enable both SSL 3.0 and TLS 1.0
1012 * and we connect using a 5.5 record version.
1014 sprintf (prio_str,
1015 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
1016 ":" ALL_KX ":%s", protocol_str, rest);
1017 _gnutls_priority_set_direct (session, prio_str);
1018 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1019 _gnutls_record_set_default_version (session, 5, 5);
1021 ret = do_handshake (session);
1022 return ret;
1025 void _gnutls_rsa_pms_set_version (gnutls_session_t session,
1026 unsigned char major, unsigned char minor);
1028 test_code_t
1029 test_rsa_pms_version_check (gnutls_session_t session)
1031 int ret;
1032 /* here we use an arbitary version in the RSA PMS
1033 * to see whether to server will check this version.
1035 * A normal server would abort this handshake.
1037 sprintf (prio_str,
1038 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
1039 ":" ALL_KX ":%s", protocol_str, rest);
1040 _gnutls_priority_set_direct (session, prio_str);
1041 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1042 _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
1044 ret = do_handshake (session);
1045 return ret;
1049 #ifdef ENABLE_ANON
1050 test_code_t
1051 test_anonymous (gnutls_session_t session)
1053 int ret;
1055 sprintf (prio_str,
1056 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
1057 ":+ANON-DH:+ANON-ECDH:+CURVE-ALL:%s", protocol_str, rest);
1058 _gnutls_priority_set_direct (session, prio_str);
1059 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1061 ret = do_handshake (session);
1063 if (ret == TEST_SUCCEED)
1064 gnutls_dh_get_pubkey (session, &pubkey);
1066 return ret;
1068 #endif
1070 test_code_t
1071 test_session_resume2 (gnutls_session_t session)
1073 int ret;
1074 char tmp_session_id[32];
1075 size_t tmp_session_id_size;
1077 if (session == NULL)
1078 return TEST_IGNORE;
1080 sprintf (prio_str,
1081 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
1082 ":" ALL_KX ":%s", protocol_str, rest);
1083 _gnutls_priority_set_direct (session, prio_str);
1085 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1086 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1088 gnutls_session_set_data (session, session_data, session_data_size);
1090 memcpy (tmp_session_id, session_id, session_id_size);
1091 tmp_session_id_size = session_id_size;
1093 ret = do_handshake (session);
1094 if (ret == TEST_FAILED)
1095 return ret;
1097 /* check if we actually resumed the previous session */
1099 session_id_size = sizeof (session_id);
1100 gnutls_session_get_id (session, session_id, &session_id_size);
1102 if (session_id_size == 0)
1103 return TEST_FAILED;
1105 if (gnutls_session_is_resumed (session))
1106 return TEST_SUCCEED;
1108 if (tmp_session_id_size == session_id_size &&
1109 memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0)
1110 return TEST_SUCCEED;
1111 else
1112 return TEST_FAILED;
1115 extern char *hostname;
1117 test_code_t
1118 test_certificate (gnutls_session_t session)
1120 int ret;
1122 if (verbose == 0)
1123 return TEST_IGNORE;
1125 sprintf (prio_str,
1126 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
1127 ":" ALL_KX ":%s", protocol_str, rest);
1128 _gnutls_priority_set_direct (session, prio_str);
1130 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1132 ret = do_handshake (session);
1133 if (ret == TEST_FAILED)
1134 return ret;
1136 printf ("\n");
1137 print_cert_info (session, GNUTLS_CRT_PRINT_FULL, verbose);
1139 return TEST_SUCCEED;
1142 /* A callback function to be used at the certificate selection time.
1144 static int
1145 cert_callback (gnutls_session_t session,
1146 const gnutls_datum_t * req_ca_rdn, int nreqs,
1147 const gnutls_pk_algorithm_t * sign_algos,
1148 int sign_algos_length, gnutls_retr2_st * st)
1150 char issuer_dn[256];
1151 int i, ret;
1152 size_t len;
1154 if (verbose == 0)
1155 return -1;
1157 /* Print the server's trusted CAs
1159 printf ("\n");
1160 if (nreqs > 0)
1161 printf ("- Server's trusted authorities:\n");
1162 else
1163 printf ("- Server did not send us any trusted authorities names.\n");
1165 /* print the names (if any) */
1166 for (i = 0; i < nreqs; i++)
1168 len = sizeof (issuer_dn);
1169 ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
1170 if (ret >= 0)
1172 printf (" [%d]: ", i);
1173 printf ("%s\n", issuer_dn);
1177 return -1;
1181 /* Prints the trusted server's CAs. This is only
1182 * if the server sends a certificate request packet.
1184 test_code_t
1185 test_server_cas (gnutls_session_t session)
1187 int ret;
1189 if (verbose == 0)
1190 return TEST_IGNORE;
1192 sprintf (prio_str,
1193 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
1194 ":" ALL_KX ":%s", protocol_str, rest);
1195 _gnutls_priority_set_direct (session, prio_str);
1197 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1198 gnutls_certificate_set_retrieve_function (xcred, cert_callback);
1200 ret = do_handshake (session);
1201 gnutls_certificate_set_retrieve_function (xcred, NULL);
1203 if (ret == TEST_FAILED)
1204 return ret;
1205 return TEST_SUCCEED;