From: Wilfred Mallawa Date: Tue, 19 Aug 2025 04:59:21 +0000 (+1000) Subject: tests/psk-file: Add testing for _credentials2 functions X-Git-Tag: 3.8.11~16^2~1 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=bbce45d7b7fb94de46db9504b56800d70b1822d7;p=thirdparty%2Fgnutls.git tests/psk-file: Add testing for _credentials2 functions Adds testing for gnutls_psk_allocate_X_credentials2() functions for server and client. Signed-off-by: Wilfred Mallawa Modified-by: Daiki Ueno --- diff --git a/tests/psk-file.c b/tests/psk-file.c index 248928b8ea..f3a7121204 100644 --- a/tests/psk-file.c +++ b/tests/psk-file.c @@ -99,7 +99,8 @@ static void tls_log_func(int level, const char *str) static void client(int sd, const char *prio, const gnutls_datum_t *user, const gnutls_datum_t *key, unsigned expect_hint, - int expect_fail, int exp_kx, unsigned binary_user) + int expect_fail, int exp_kx, unsigned binary_user, + gnutls_mac_algorithm_t mac) { int ret, ii, kx; gnutls_session_t session; @@ -114,7 +115,12 @@ static void client(int sd, const char *prio, const gnutls_datum_t *user, side = "client"; - gnutls_psk_allocate_client_credentials(&pskcred); + /* gnutls_psk_allocate_client_credentials calls _credentials2 + * with GNUTLS_MAC_SHA256 */ + if (mac != GNUTLS_MAC_SHA256) + gnutls_psk_allocate_client_credentials2(&pskcred, mac); + else + gnutls_psk_allocate_client_credentials(&pskcred); if (binary_user) { gnutls_psk_set_client_credentials2(pskcred, user, key, @@ -214,7 +220,7 @@ end: static void server(int sd, const char *prio, const gnutls_datum_t *user, bool no_cred, int expect_fail, int exp_kx, - unsigned binary_user) + unsigned binary_user, gnutls_mac_algorithm_t mac) { gnutls_psk_server_credentials_t server_pskcred; int ret, kx; @@ -237,7 +243,13 @@ static void server(int sd, const char *prio, const gnutls_datum_t *user, if (psk_file == NULL) psk_file = (char *)"psk.passwd"; - gnutls_psk_allocate_server_credentials(&server_pskcred); + /* gnutls_psk_allocate_server_credentials calls _credentials2 + * with GNUTLS_MAC_SHA256 */ + if (mac != GNUTLS_MAC_SHA256) + gnutls_psk_allocate_server_credentials2(&server_pskcred, mac); + else + gnutls_psk_allocate_server_credentials(&server_pskcred); + gnutls_psk_set_server_credentials_hint(server_pskcred, "hint"); ret = gnutls_psk_set_server_credentials_file(server_pskcred, psk_file); if (ret < 0) { @@ -378,11 +390,12 @@ static void print_user(const char *caption, const char *prio, (const char *)user->data); } -static void run_test3(const char *prio, const char *sprio, +static void run_test4(const char *prio, const char *sprio, const gnutls_datum_t *user, const gnutls_datum_t *key, bool no_cred, unsigned expect_hint, int exp_kx, int expect_fail_cli, int expect_fail_serv, - unsigned binary_user) + unsigned binary_user, gnutls_mac_algorithm_t mac_cli, + gnutls_mac_algorithm_t mac_serv) { pid_t child; int err; @@ -414,17 +427,28 @@ static void run_test3(const char *prio, const char *sprio, int status; /* parent */ server(sockets[0], sprio ? sprio : prio, user, no_cred, - expect_fail_serv, exp_kx, binary_user); + expect_fail_serv, exp_kx, binary_user, mac_serv); wait(&status); check_wait_status(status); } else { close(sockets[0]); client(sockets[1], prio, user, key, expect_hint, - expect_fail_cli, exp_kx, binary_user); + expect_fail_cli, exp_kx, binary_user, mac_cli); exit(0); } } +static void run_test3(const char *prio, const char *sprio, + const gnutls_datum_t *user, const gnutls_datum_t *key, + bool no_cred, unsigned expect_hint, int exp_kx, + int expect_fail_cli, int expect_fail_serv, + unsigned binary_user) +{ + run_test4(prio, sprio, user, key, no_cred, expect_hint, exp_kx, + expect_fail_cli, expect_fail_serv, binary_user, + GNUTLS_MAC_SHA256, GNUTLS_MAC_SHA256); +} + static void run_test2(const char *prio, const char *sprio, const gnutls_datum_t *user, const gnutls_datum_t *key, unsigned expect_hint, int exp_kx, int expect_fail_cli, @@ -714,6 +738,15 @@ void doit(void) run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_null_2, &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1); + + /* try with different PSK binder algorithms, where the server + * should auto-detect */ + run_test4("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", NULL, &user_jas, &key, + 0, 0, GNUTLS_KX_PSK, 0, 0, 0, GNUTLS_MAC_SHA256, + GNUTLS_MAC_UNKNOWN); + run_test4("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", NULL, &user_jas, &key, + 0, 0, GNUTLS_KX_PSK, 0, 0, 0, GNUTLS_MAC_SHA384, + GNUTLS_MAC_UNKNOWN); } #endif /* _WIN32 */