1 files changed, 162 insertions, 0 deletions

diff --git a/src/tests/unit_tls_policy.cpp b/src/tests/unit_tls_policy.cpp
new file mode 100644
index 000000000..2e5b63f41
--- /dev/null
+++ b/src/tests/unit_tls_policy.cpp
@@ -0,0 +1,162 @@
+/*
+* TLS Policy tests
+*
+* (C) 2016 Juraj Somorovsky
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_TLS)
+  #include <botan/pubkey.h>
+  #include <botan/auto_rng.h>
+  #include <botan/oids.h>
+  #include <botan/tls_policy.h>
+#endif
+
+#if defined(BOTAN_HAS_RSA)
+  #include <botan/rsa.h>
+#endif
+
+#if defined(BOTAN_HAS_ECDH)
+  #include <botan/ecdh.h>
+#endif
+
+#if defined(BOTAN_HAS_ECDSA)
+  #include <botan/ecdsa.h>
+#endif
+
+#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
+  #include <botan/dh.h>
+#endif
+
+namespace Botan_Tests {
+
+namespace {
+
+#if defined(BOTAN_HAS_TLS)
+class TLS_Policy_Unit_Tests : public Test
+   {
+   public:
+      std::vector<Test::Result> run() override
+         {
+         std::vector<Test::Result> results;
+
+         results.push_back(test_peer_key_acceptable_rsa());
+         results.push_back(test_peer_key_acceptable_ecdh());
+         results.push_back(test_peer_key_acceptable_ecdsa());
+         results.push_back(test_peer_key_acceptable_dh());
+
+         return results;
+         }
+   private:
+      Test::Result test_peer_key_acceptable_rsa()
+         {
+         Test::Result result("TLS Policy RSA key verification");
+#if defined(BOTAN_HAS_RSA)
+         std::unique_ptr<Botan::Private_Key> rsa_key_1024 (new Botan::RSA_PrivateKey(Test::rng(), 1024));
+         Botan::TLS::Policy policy;
+         
+         try
+            {
+            policy.check_peer_key_acceptable(*rsa_key_1024);
+            result.test_failure("Incorrectly accepting 1024 bit RSA keys");
+            }
+         catch(std::exception& e)
+            {
+            result.test_success("Correctly rejecting 1024 bit RSA keys");
+            }
+         
+         std::unique_ptr<Botan::Private_Key> rsa_key_2048 (new Botan::RSA_PrivateKey(Test::rng(), 2048));
+         policy.check_peer_key_acceptable(*rsa_key_2048);
+         result.test_success("Correctly accepting 2048 bit RSA keys");
+#endif
+         return result;
+         }
+         
+      Test::Result test_peer_key_acceptable_ecdh()
+         {
+         Test::Result result("TLS Policy ECDH key verification");
+#if defined(BOTAN_HAS_ECDH) 
+         Botan::EC_Group group_192("secp192r1");
+         std::unique_ptr<Botan::Private_Key> ecdh_192 (new Botan::ECDH_PrivateKey(Test::rng(), group_192));
+
+         Botan::TLS::Policy policy;
+         try
+            {
+            policy.check_peer_key_acceptable(*ecdh_192);
+            result.test_failure("Incorrectly accepting 192 bit EC keys");
+            }
+         catch(std::exception& e)
+            {
+            result.test_success("Correctly rejecting 192 bit EC keys");
+            }
+         
+         Botan::EC_Group group_256("secp256r1");
+         std::unique_ptr<Botan::Private_Key> ecdh_256 (new Botan::ECDH_PrivateKey(Test::rng(), group_256));
+         policy.check_peer_key_acceptable(*ecdh_256);
+         result.test_success("Correctly accepting 256 bit EC keys");
+#endif
+         return result;
+         }
+      
+      Test::Result test_peer_key_acceptable_ecdsa()
+         {
+         Test::Result result("TLS Policy ECDSA key verification");
+#if defined(BOTAN_HAS_ECDSA) 
+         Botan::EC_Group group_192("secp192r1");
+         std::unique_ptr<Botan::Private_Key> ecdsa_192 (new Botan::ECDSA_PrivateKey(Test::rng(), group_192));
+
+         Botan::TLS::Policy policy;
+         try
+            {
+            policy.check_peer_key_acceptable(*ecdsa_192);
+            result.test_failure("Incorrectly accepting 192 bit EC keys");
+            }
+         catch(std::exception& e)
+            {
+            result.test_success("Correctly rejecting 192 bit EC keys");
+            }
+         
+         Botan::EC_Group group_256("secp256r1");
+         std::unique_ptr<Botan::Private_Key> ecdsa_256 (new Botan::ECDSA_PrivateKey(Test::rng(), group_256));
+         policy.check_peer_key_acceptable(*ecdsa_256);
+         result.test_success("Correctly accepting 256 bit EC keys");
+#endif
+         return result;
+         }
+      
+      Test::Result test_peer_key_acceptable_dh()
+         {
+         Test::Result result("TLS Policy DH key verification");
+#if defined(BOTAN_HAS_DIFFIE_HELLMAN) 
+         const BigInt g("2");
+         const BigInt p("58458002095536094658683755258523362961421200751439456159756164191494576279467");
+         const Botan::DL_Group grp(p, g);
+         const Botan::BigInt x("46205663093589612668746163860870963912226379131190812163519349848291472898748");
+         std::unique_ptr<Botan::Private_Key> dhkey (new Botan::DH_PrivateKey(Test::rng(), grp, x));
+         
+         Botan::TLS::Policy policy;
+         try
+            {
+            policy.check_peer_key_acceptable(*dhkey);
+            result.test_failure("Incorrectly accepting short bit DH keys");
+            }
+         catch(std::exception& e)
+            {
+            result.test_success("Correctly rejecting short bit DH keys");
+            }
+#endif
+         return result;
+         }
+
+   };
+
+BOTAN_REGISTER_TEST("tls_policy", TLS_Policy_Unit_Tests);
+
+#endif
+
+}
+
+}