diff options
author | Juraj Somorovsky <[email protected]> | 2016-09-17 14:44:40 +0200 |
---|---|---|
committer | Juraj Somorovsky <[email protected]> | 2016-09-30 00:57:29 +0200 |
commit | 863fc12c6ebcc96ed10a7c8896fea033a78fbb5d (patch) | |
tree | 129adf63325c4dd6b9ea58b5e397fe3aee28bb41 /src/tests/unit_tls_policy.cpp | |
parent | ebe2f21dde0bd26261af633a96867df2372779cb (diff) |
New TLS positive and negative tests.
TLS message parsing:
- CertificateVerify
- HelloVerify
- ClientHello (with extensions)
- ServerHello (with extensions)
- NewSessionTicket
- Alert
TLS message processing:
- HelloVerify
TLS Policy tests
Unit tests with TLS client authentication
Added test_throws method that checks the correct exception message.
Diffstat (limited to 'src/tests/unit_tls_policy.cpp')
-rw-r--r-- | src/tests/unit_tls_policy.cpp | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/src/tests/unit_tls_policy.cpp b/src/tests/unit_tls_policy.cpp new file mode 100644 index 000000000..2e5b63f41 --- /dev/null +++ b/src/tests/unit_tls_policy.cpp @@ -0,0 +1,162 @@ +/* +* TLS Policy tests +* +* (C) 2016 Juraj Somorovsky +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_TLS) + #include <botan/pubkey.h> + #include <botan/auto_rng.h> + #include <botan/oids.h> + #include <botan/tls_policy.h> +#endif + +#if defined(BOTAN_HAS_RSA) + #include <botan/rsa.h> +#endif + +#if defined(BOTAN_HAS_ECDH) + #include <botan/ecdh.h> +#endif + +#if defined(BOTAN_HAS_ECDSA) + #include <botan/ecdsa.h> +#endif + +#if defined(BOTAN_HAS_DIFFIE_HELLMAN) + #include <botan/dh.h> +#endif + +namespace Botan_Tests { + +namespace { + +#if defined(BOTAN_HAS_TLS) +class TLS_Policy_Unit_Tests : public Test + { + public: + std::vector<Test::Result> run() override + { + std::vector<Test::Result> results; + + results.push_back(test_peer_key_acceptable_rsa()); + results.push_back(test_peer_key_acceptable_ecdh()); + results.push_back(test_peer_key_acceptable_ecdsa()); + results.push_back(test_peer_key_acceptable_dh()); + + return results; + } + private: + Test::Result test_peer_key_acceptable_rsa() + { + Test::Result result("TLS Policy RSA key verification"); +#if defined(BOTAN_HAS_RSA) + std::unique_ptr<Botan::Private_Key> rsa_key_1024 (new Botan::RSA_PrivateKey(Test::rng(), 1024)); + Botan::TLS::Policy policy; + + try + { + policy.check_peer_key_acceptable(*rsa_key_1024); + result.test_failure("Incorrectly accepting 1024 bit RSA keys"); + } + catch(std::exception& e) + { + result.test_success("Correctly rejecting 1024 bit RSA keys"); + } + + std::unique_ptr<Botan::Private_Key> rsa_key_2048 (new Botan::RSA_PrivateKey(Test::rng(), 2048)); + policy.check_peer_key_acceptable(*rsa_key_2048); + result.test_success("Correctly accepting 2048 bit RSA keys"); +#endif + return result; + } + + Test::Result test_peer_key_acceptable_ecdh() + { + Test::Result result("TLS Policy ECDH key verification"); +#if defined(BOTAN_HAS_ECDH) + Botan::EC_Group group_192("secp192r1"); + std::unique_ptr<Botan::Private_Key> ecdh_192 (new Botan::ECDH_PrivateKey(Test::rng(), group_192)); + + Botan::TLS::Policy policy; + try + { + policy.check_peer_key_acceptable(*ecdh_192); + result.test_failure("Incorrectly accepting 192 bit EC keys"); + } + catch(std::exception& e) + { + result.test_success("Correctly rejecting 192 bit EC keys"); + } + + Botan::EC_Group group_256("secp256r1"); + std::unique_ptr<Botan::Private_Key> ecdh_256 (new Botan::ECDH_PrivateKey(Test::rng(), group_256)); + policy.check_peer_key_acceptable(*ecdh_256); + result.test_success("Correctly accepting 256 bit EC keys"); +#endif + return result; + } + + Test::Result test_peer_key_acceptable_ecdsa() + { + Test::Result result("TLS Policy ECDSA key verification"); +#if defined(BOTAN_HAS_ECDSA) + Botan::EC_Group group_192("secp192r1"); + std::unique_ptr<Botan::Private_Key> ecdsa_192 (new Botan::ECDSA_PrivateKey(Test::rng(), group_192)); + + Botan::TLS::Policy policy; + try + { + policy.check_peer_key_acceptable(*ecdsa_192); + result.test_failure("Incorrectly accepting 192 bit EC keys"); + } + catch(std::exception& e) + { + result.test_success("Correctly rejecting 192 bit EC keys"); + } + + Botan::EC_Group group_256("secp256r1"); + std::unique_ptr<Botan::Private_Key> ecdsa_256 (new Botan::ECDSA_PrivateKey(Test::rng(), group_256)); + policy.check_peer_key_acceptable(*ecdsa_256); + result.test_success("Correctly accepting 256 bit EC keys"); +#endif + return result; + } + + Test::Result test_peer_key_acceptable_dh() + { + Test::Result result("TLS Policy DH key verification"); +#if defined(BOTAN_HAS_DIFFIE_HELLMAN) + const BigInt g("2"); + const BigInt p("58458002095536094658683755258523362961421200751439456159756164191494576279467"); + const Botan::DL_Group grp(p, g); + const Botan::BigInt x("46205663093589612668746163860870963912226379131190812163519349848291472898748"); + std::unique_ptr<Botan::Private_Key> dhkey (new Botan::DH_PrivateKey(Test::rng(), grp, x)); + + Botan::TLS::Policy policy; + try + { + policy.check_peer_key_acceptable(*dhkey); + result.test_failure("Incorrectly accepting short bit DH keys"); + } + catch(std::exception& e) + { + result.test_success("Correctly rejecting short bit DH keys"); + } +#endif + return result; + } + + }; + +BOTAN_REGISTER_TEST("tls_policy", TLS_Policy_Unit_Tests); + +#endif + +} + +} |