aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/unit_tls_policy.cpp
diff options
context:
space:
mode:
authorJuraj Somorovsky <[email protected]>2016-09-17 14:44:40 +0200
committerJuraj Somorovsky <[email protected]>2016-09-30 00:57:29 +0200
commit863fc12c6ebcc96ed10a7c8896fea033a78fbb5d (patch)
tree129adf63325c4dd6b9ea58b5e397fe3aee28bb41 /src/tests/unit_tls_policy.cpp
parentebe2f21dde0bd26261af633a96867df2372779cb (diff)
New TLS positive and negative tests.
TLS message parsing: - CertificateVerify - HelloVerify - ClientHello (with extensions) - ServerHello (with extensions) - NewSessionTicket - Alert TLS message processing: - HelloVerify TLS Policy tests Unit tests with TLS client authentication Added test_throws method that checks the correct exception message.
Diffstat (limited to 'src/tests/unit_tls_policy.cpp')
-rw-r--r--src/tests/unit_tls_policy.cpp162
1 files changed, 162 insertions, 0 deletions
diff --git a/src/tests/unit_tls_policy.cpp b/src/tests/unit_tls_policy.cpp
new file mode 100644
index 000000000..2e5b63f41
--- /dev/null
+++ b/src/tests/unit_tls_policy.cpp
@@ -0,0 +1,162 @@
+/*
+* TLS Policy tests
+*
+* (C) 2016 Juraj Somorovsky
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_TLS)
+ #include <botan/pubkey.h>
+ #include <botan/auto_rng.h>
+ #include <botan/oids.h>
+ #include <botan/tls_policy.h>
+#endif
+
+#if defined(BOTAN_HAS_RSA)
+ #include <botan/rsa.h>
+#endif
+
+#if defined(BOTAN_HAS_ECDH)
+ #include <botan/ecdh.h>
+#endif
+
+#if defined(BOTAN_HAS_ECDSA)
+ #include <botan/ecdsa.h>
+#endif
+
+#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
+ #include <botan/dh.h>
+#endif
+
+namespace Botan_Tests {
+
+namespace {
+
+#if defined(BOTAN_HAS_TLS)
+class TLS_Policy_Unit_Tests : public Test
+ {
+ public:
+ std::vector<Test::Result> run() override
+ {
+ std::vector<Test::Result> results;
+
+ results.push_back(test_peer_key_acceptable_rsa());
+ results.push_back(test_peer_key_acceptable_ecdh());
+ results.push_back(test_peer_key_acceptable_ecdsa());
+ results.push_back(test_peer_key_acceptable_dh());
+
+ return results;
+ }
+ private:
+ Test::Result test_peer_key_acceptable_rsa()
+ {
+ Test::Result result("TLS Policy RSA key verification");
+#if defined(BOTAN_HAS_RSA)
+ std::unique_ptr<Botan::Private_Key> rsa_key_1024 (new Botan::RSA_PrivateKey(Test::rng(), 1024));
+ Botan::TLS::Policy policy;
+
+ try
+ {
+ policy.check_peer_key_acceptable(*rsa_key_1024);
+ result.test_failure("Incorrectly accepting 1024 bit RSA keys");
+ }
+ catch(std::exception& e)
+ {
+ result.test_success("Correctly rejecting 1024 bit RSA keys");
+ }
+
+ std::unique_ptr<Botan::Private_Key> rsa_key_2048 (new Botan::RSA_PrivateKey(Test::rng(), 2048));
+ policy.check_peer_key_acceptable(*rsa_key_2048);
+ result.test_success("Correctly accepting 2048 bit RSA keys");
+#endif
+ return result;
+ }
+
+ Test::Result test_peer_key_acceptable_ecdh()
+ {
+ Test::Result result("TLS Policy ECDH key verification");
+#if defined(BOTAN_HAS_ECDH)
+ Botan::EC_Group group_192("secp192r1");
+ std::unique_ptr<Botan::Private_Key> ecdh_192 (new Botan::ECDH_PrivateKey(Test::rng(), group_192));
+
+ Botan::TLS::Policy policy;
+ try
+ {
+ policy.check_peer_key_acceptable(*ecdh_192);
+ result.test_failure("Incorrectly accepting 192 bit EC keys");
+ }
+ catch(std::exception& e)
+ {
+ result.test_success("Correctly rejecting 192 bit EC keys");
+ }
+
+ Botan::EC_Group group_256("secp256r1");
+ std::unique_ptr<Botan::Private_Key> ecdh_256 (new Botan::ECDH_PrivateKey(Test::rng(), group_256));
+ policy.check_peer_key_acceptable(*ecdh_256);
+ result.test_success("Correctly accepting 256 bit EC keys");
+#endif
+ return result;
+ }
+
+ Test::Result test_peer_key_acceptable_ecdsa()
+ {
+ Test::Result result("TLS Policy ECDSA key verification");
+#if defined(BOTAN_HAS_ECDSA)
+ Botan::EC_Group group_192("secp192r1");
+ std::unique_ptr<Botan::Private_Key> ecdsa_192 (new Botan::ECDSA_PrivateKey(Test::rng(), group_192));
+
+ Botan::TLS::Policy policy;
+ try
+ {
+ policy.check_peer_key_acceptable(*ecdsa_192);
+ result.test_failure("Incorrectly accepting 192 bit EC keys");
+ }
+ catch(std::exception& e)
+ {
+ result.test_success("Correctly rejecting 192 bit EC keys");
+ }
+
+ Botan::EC_Group group_256("secp256r1");
+ std::unique_ptr<Botan::Private_Key> ecdsa_256 (new Botan::ECDSA_PrivateKey(Test::rng(), group_256));
+ policy.check_peer_key_acceptable(*ecdsa_256);
+ result.test_success("Correctly accepting 256 bit EC keys");
+#endif
+ return result;
+ }
+
+ Test::Result test_peer_key_acceptable_dh()
+ {
+ Test::Result result("TLS Policy DH key verification");
+#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
+ const BigInt g("2");
+ const BigInt p("58458002095536094658683755258523362961421200751439456159756164191494576279467");
+ const Botan::DL_Group grp(p, g);
+ const Botan::BigInt x("46205663093589612668746163860870963912226379131190812163519349848291472898748");
+ std::unique_ptr<Botan::Private_Key> dhkey (new Botan::DH_PrivateKey(Test::rng(), grp, x));
+
+ Botan::TLS::Policy policy;
+ try
+ {
+ policy.check_peer_key_acceptable(*dhkey);
+ result.test_failure("Incorrectly accepting short bit DH keys");
+ }
+ catch(std::exception& e)
+ {
+ result.test_success("Correctly rejecting short bit DH keys");
+ }
+#endif
+ return result;
+ }
+
+ };
+
+BOTAN_REGISTER_TEST("tls_policy", TLS_Policy_Unit_Tests);
+
+#endif
+
+}
+
+}