From: Daiki Ueno Date: Thu, 1 Jun 2023 14:08:24 +0000 (+0200) Subject: tests: update tests/suite/ciphersuite after a96b04ff X-Git-Tag: 3.8.1~11^2~1 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=89041da247b419ebdb2e7e9d9741e366cf07ca0d;p=thirdparty%2Fgnutls.git tests: update tests/suite/ciphersuite after a96b04ff The commit a96b04ffcf8fd7375dc3c0f90602bf679f5a9791 introduced a new field in gnutls_cipher_suite_entry_st for gnutls_ciphersuite_get. The scan-gnutls.sh script needs to be updated to correctly parse the ciphersuites list. This also fixes the include path so the test doesn't require gnutls to be installed on the system. Signed-off-by: Daiki Ueno --- diff --git a/tests/suite/ciphersuite/scan-gnutls.sh b/tests/suite/ciphersuite/scan-gnutls.sh index e84f04057e..ebce9f3224 100755 --- a/tests/suite/ciphersuite/scan-gnutls.sh +++ b/tests/suite/ciphersuite/scan-gnutls.sh @@ -6,20 +6,19 @@ echo 'var gnutls_ciphersuites = {' : ${srcdir=.} : ${top_builddir=../..} -gcc -E "${srcdir}/../../lib/algorithms/ciphersuites.c" -I"${top_builddir}" -I"${srcdir}/../../lib" -DHAVE_CONFIG_H -DHAVE_LIBNETTLE -I"${srcdir}/../../gl" -I"${srcdir}/../includes" -DENABLE_DHE -DENABLE_ECDHE -DENABLE_PSK -DENABLE_ANON -DENABLE_SRP \ +gcc -E "${srcdir}/../../lib/algorithms/ciphersuites.c" -I"${top_builddir}" -I"${srcdir}/../../lib" -DHAVE_CONFIG_H -DHAVE_LIBNETTLE -I"${srcdir}/../../gl" -I"${srcdir}/../../lib/includes" -DENABLE_DHE -DENABLE_ECDHE -DENABLE_PSK -DENABLE_ANON -DENABLE_SRP \ | awk '/^static const gnutls_cipher_suite_entry_st cs_algorithms/, /;/ { print; }' \ - | sed 's/^\#.*$//g'|sed ':a;N;/}$/!ba;s/\n//g' \ | grep '{' | head -n-1 | tail -n+2 \ | sed -r -e 's#\{ *0x(..), *0x(..) *\}#0x\1\2#;s# *\{ *"#"#;s#\}##;s#, +# #g' \ -e 's#GNUTLS_VERSION_UNKNOWN#unknown#' \ -e 's#GNUTLS_DTLS_VERSION_MIN#GNUTLS_DTLS1_0#;s#GNUTLS_TLS1 #GNUTLS_TLS1_0 #' \ -e 's#TLS([0-9])_([0-9])#TLS\1.\2#g;s#GNUTLS_SSL3#SSL3.0#;s#_#-#g;s#GNUTLS-(CIPHER|KX|MAC)-##g;s#GNUTLS-##g' \ - | gawk --non-decimal-data '{ if ($5 == "AEAD") { mac = $8; } else { mac = $5; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \ - cipher = $3; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \ + | gawk --non-decimal-data '{ if ($6 == "AEAD") { mac = $11; } else { mac = $6; }; sub("UMAC-", "UMAC", mac); sub("DIG-", "", mac); if (mac == "SHA1") { mac = "SHA"; } \ + cipher = $4; sub("ARCFOUR", "RC4", cipher); sub("3DES-CBC", "3DES-EDE-CBC", cipher); \ gnutlsname = $1; sub(",", "", gnutlsname); \ - kx = $4; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \ - if ($5 != "AEAD" || cipher ~ /GCM/) { name = "TLS_" kx "_WITH_" cipher "_" mac; } else { name = "TLS_" kx "_WITH_" cipher }; \ - gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, gnutlsname, $3, $4, $5, $6, $7, $8) }' \ + kx = $5; if (sub("ANON-", "", kx)) { kx = kx "-anon"; }; sub("SRP", "SRP-SHA", kx); \ + if ($6 != "AEAD" || cipher ~ /GCM/) { name = "TLS_" kx "_WITH_" cipher "_" mac; } else { name = "TLS_" kx "_WITH_" cipher }; \ + gsub("-", "_", name); printf ("%d# \"%s\": { id: %s, name: \"%s\", gnutlsname: %s, cipher: \"%s\", kx: \"%s\", mac: \"%s\", min_version: \"%s\", min_dtls_version: \"%s\", prf: \"%s\" },\n", $2, name, $2, name, gnutlsname, $4, $5, $6, $7, $9, $11) }' \ | sort -n \ | cut -d'#' -f2- \ | column -t \ diff --git a/tests/suite/ciphersuite/test-ciphers.js b/tests/suite/ciphersuite/test-ciphers.js index 1985045742..8eb6c9a0f8 100644 --- a/tests/suite/ciphersuite/test-ciphers.js +++ b/tests/suite/ciphersuite/test-ciphers.js @@ -35,17 +35,24 @@ include(srcdir + "/registry-ciphers.js"); var cipher = cs.cipher.replace("3DES-CBC", "3DES-EDE-CBC"); var kx = cs.kx.replace("ANON-DH", "DH-ANON").replace("ANON-ECDH", "ECDH-ANON").replace("SRP", "SRP-SHA"); - if (cs.mac == "AEAD") { - if (kx + "-" + cipher != cs.gnutlsname && kx + "-" + cipher + "-SHA256" != cs.gnutlsname && kx + "-" + cipher + "-SHA384" != cs.gnutlsname) { - console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname); - process.exit(1); - } - } else { - if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) { - console.log("Broken ciphersuite name: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname); - process.exit(1); - } - } + if (cs.min_version !== "TLS1.3") { + if (cs.mac == "AEAD") { + if (kx + "-" + cipher != cs.gnutlsname && kx + "-" + cipher + "-SHA256" != cs.gnutlsname && kx + "-" + cipher + "-SHA384" != cs.gnutlsname) { + console.log("Broken AEAD ciphersuite: ", kx + "-" + cipher, " ", cs.gnutlsname); + process.exit(1); + } + } else if (kx + "-" + cipher + "-" + mac == "VKO-GOST-12-GOST28147-TC26Z-CNT-GOST28147-TC26Z-IMIT") { + if (cs.gnutlsname != "GOSTR341112-256-28147-CNT-IMIT") { + console.log("Broken ciphersuite name: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname); + process.exit(1); + } + } else { + if (kx + "-" + cipher + "-" + mac != cs.gnutlsname) { + console.log("Broken ciphersuite name: ", kx + "-" + cipher + "-" + mac, " ", cs.gnutlsname); + process.exit(1); + } + } + } if (cs.name !== i) { console.log("Name doesn't match index:", cs.name, i); process.exit(1);