[thirdparty/openssl.git] / test / gosttest.c

/*
 * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include "ssltestlib.h"
#include "testutil.h"
#include "internal/nelem.h"

static char *cert1 = NULL;
static char *privkey1 = NULL;
static char *cert2 = NULL;
static char *privkey2 = NULL;

static struct {
    char *cipher;
    int expected_prot;
    int certnum;
} ciphers[] = {
    /* Server doesn't have a cert with appropriate sig algs - should fail */
    {"AES128-SHA", 0, 0},
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
    {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
    {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
    {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
    {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
    {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
};

/* Test that we never negotiate TLSv1.3 if using GOST */
static int test_tls13(int idx)
{
    SSL_CTX *cctx = NULL, *sctx = NULL;
    SSL *clientssl = NULL, *serverssl = NULL;
    int testresult = 0;

    if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
                                       TLS_client_method(),
                                       TLS1_VERSION,
                                       0,
                                       &sctx, &cctx,
                                       ciphers[idx].certnum == 0 ? cert1
                                                                 : cert2,
                                       ciphers[idx].certnum == 0 ? privkey1
                                                                 : privkey2)))
        goto end;

    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
            || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                             NULL, NULL)))
        goto end;

    if (ciphers[idx].expected_prot == 0) {
        if (!TEST_false(create_ssl_connection(serverssl, clientssl,
                                              SSL_ERROR_NONE)))
            goto end;
    } else {
        if (!TEST_true(create_ssl_connection(serverssl, clientssl,
                                             SSL_ERROR_NONE))
                || !TEST_int_eq(SSL_version(clientssl),
                                ciphers[idx].expected_prot))
        goto end;
    }

    testresult = 1;

 end:
    SSL_free(serverssl);
    SSL_free(clientssl);
    SSL_CTX_free(sctx);
    SSL_CTX_free(cctx);

    return testresult;
}

OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")

int setup_tests(void)
{
    if (!test_skip_common_options()) {
        TEST_error("Error parsing test options\n");
        return 0;
    }

    if (!TEST_ptr(cert1 = test_get_argument(0))
            || !TEST_ptr(privkey1 = test_get_argument(1))
            || !TEST_ptr(cert2 = test_get_argument(2))
            || !TEST_ptr(privkey2 = test_get_argument(3)))
        return 0;

    ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
    return 1;
}
Commit	Line	Data
1e839545	1	/*
98278b96	2	* Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
1e839545	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
1e839545 MC	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include "ssltestlib.h"
	11	#include "testutil.h"
	12	#include "internal/nelem.h"
	13
	14	static char *cert1 = NULL;
	15	static char *privkey1 = NULL;
	16	static char *cert2 = NULL;
	17	static char *privkey2 = NULL;
	18
	19	static struct {
	20	char *cipher;
	21	int expected_prot;
	22	int certnum;
	23	} ciphers[] = {
	24	/* Server doesn't have a cert with appropriate sig algs - should fail */
	25	{"AES128-SHA", 0, 0},
	26	/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
	27	{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
	28	/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
	29	{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
	30	/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
98278b96 NM	31	{"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
	32	/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
	33	{"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
	34	/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
	35	{"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
	36	/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
	37	{"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
	38	/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
1e839545 MC	39	{"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
	40	};
	41
	42	/* Test that we never negotiate TLSv1.3 if using GOST */
	43	static int test_tls13(int idx)
	44	{
	45	SSL_CTX cctx = NULL, sctx = NULL;
	46	SSL clientssl = NULL, serverssl = NULL;
	47	int testresult = 0;
	48
5e30f2fd	49	if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
1e839545 MC	50	TLS_client_method(),
1e839545 MC	51	TLS1_VERSION,
5c587fb6	52	0,
1e839545 MC	53	&sctx, &cctx,
	54	ciphers[idx].certnum == 0 ? cert1
	55	: cert2,
	56	ciphers[idx].certnum == 0 ? privkey1
	57	: privkey2)))
	58	goto end;
	59
	60	if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
	61	\|\| !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
	62	\|\| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
	63	NULL, NULL)))
	64	goto end;
	65
	66	if (ciphers[idx].expected_prot == 0) {
	67	if (!TEST_false(create_ssl_connection(serverssl, clientssl,
	68	SSL_ERROR_NONE)))
	69	goto end;
	70	} else {
	71	if (!TEST_true(create_ssl_connection(serverssl, clientssl,
	72	SSL_ERROR_NONE))
	73	\|\| !TEST_int_eq(SSL_version(clientssl),
	74	ciphers[idx].expected_prot))
	75	goto end;
	76	}
	77
	78	testresult = 1;
	79
	80	end:
	81	SSL_free(serverssl);
	82	SSL_free(clientssl);
	83	SSL_CTX_free(sctx);
	84	SSL_CTX_free(cctx);
	85
	86	return testresult;
	87	}
	88
a43ce58f SL	89	OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
a43ce58f SL	90
1e839545 MC	91	int setup_tests(void)
1e839545 MC	92	{
8d242823 MC	93	if (!test_skip_common_options()) {
	94	TEST_error("Error parsing test options\n");
	95	return 0;
	96	}
	97
1e839545 MC	98	if (!TEST_ptr(cert1 = test_get_argument(0))
	99	\|\| !TEST_ptr(privkey1 = test_get_argument(1))
	100	\|\| !TEST_ptr(cert2 = test_get_argument(2))
	101	\|\| !TEST_ptr(privkey2 = test_get_argument(3)))
	102	return 0;
	103
	104	ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
	105	return 1;
	106	}