aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/unit_tls.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Reformat code with astyle + fix code styleTomasz Frydrych2017-05-011-94/+183
|
* Fix botan_privkey_create if the desired algorithm was not available in buildJack Lloyd2017-04-031-0/+2
| | | | | | If DSA was disabled, caused memory corruption/crashes due to combination of uninitialized object and the tests not checking return values as carefully as they should.
* fix mem leak in tls unit testsDaniel Neus2017-03-031-4/+6
|
* Remove std::cout accidentally left from debuggingRené Korthaus2017-02-121-4/+0
|
* Fix compiling TLS tests without DSAJack Lloyd2017-02-111-0/+2
|
* Correct GH #869 for DSS CBC suitesJack Lloyd2017-02-071-2/+2
|
* Use SHA-384 with DHE_DSS_AES_256_CBCRené Korthaus2017-02-061-1/+5
|
* Add tests for DHE_DSS ciphersuitesRené Korthaus2017-02-061-5/+88
| | | | | As long as we support DSS ciphersuites, we should test them, even if they're deprecated.
* Fix various SunCC and Solaris warnings and build problems.Jack Lloyd2017-01-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Based on build output sent by @noloader. If RLIMIT_MEMLOCK is not defined, assume regular user is not able to call mlock. This probably also affected Clang/GCC on Solaris. Work around resolution issue in SIMD_4x32 where it finds ambiguity between arg taking uint32_t and __m128i. This is probably some artifact of how SunCC represents vector types, and seems highly bogus in general but is easy to work around here. Change constructor taking a single value to instead be `SIMD_4x32::splat` function. The SIMD class is internal, so no API implications. Fix various warnings about lambda functions that were missing return types and which were not a single return statement. AIUI C++11 doesn't guarantee that lambda return type will be deduced in that situation, though in practice every compiler including SunCC seems to handle it. Disable AVX2 usage, since SunCC's intrinsics seem to be broken - its _mm_loadu_si256 takes non-const pointer. Rename a few variables in the tests to avoid shadowed var warnings.
* Avoid deprecation warning in TLS testsJack Lloyd2017-01-091-0/+3
|
* Avoid construct in test that causes compilation problem on XCode 6Jack Lloyd2017-01-041-2/+15
| | | | GH #798
* Increase default TLS DH min to 2048 bits, and add BSI policy class.Jack Lloyd2016-12-301-1/+3
| | | | | Moves BSI policy file to test data dir where it can be compared with what the hardcoded class outputs.
* Remove reference to CECPQ1_PSK OCB ciphersuite in test.Jack Lloyd2016-12-301-1/+0
| | | | | Initially planned, then decided to skip because supporting it requires more changes to the TLS handshake code than I want to do right now.
* Add CECPQ1 OCB ciphersuitesJack Lloyd2016-12-301-0/+7
| | | | | | Clean up the ciphersuite generation script a bit. [ci skip]
* One more Camellia TLS test fixJack Lloyd2016-12-281-1/+8
|
* Fix Camellia TLS testsJack Lloyd2016-12-281-2/+9
| | | | | | Disabling SHA-256 in TLS 1.1/1.2 has the effect of disabling the Camellia ECDH ciphersuites. So the test policy ended up with an empty ciphersuite list, when negotiating older versions.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-11/+11
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Fix bad deref when ciphersuite value is larger than largest known idJack Lloyd2016-12-051-0/+25
| | | | Reported by @neverhub in GH #758 found by libFuzzer
* Add tests for TLS policy valuesJack Lloyd2016-11-261-5/+67
|
* Merge GH #653 OCSP and X.509 path validation refactorJack Lloyd2016-11-251-22/+25
|\ | | | | | | | | | | Splits up path validation into several sub-functions for easier testing and creating customized validation code. Much improved OCSP handling and OCSP tests.
| * Fix TLS tests wrt validation changesJack Lloyd2016-11-251-12/+25
| | | | | | | | Create empty CRLs so that revocation information is available.
| * Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-231-10/+0
| | | | | | | | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
* | Add a test of TLS::Alert::type_stringJack Lloyd2016-11-251-5/+61
|/
* Add brainpool test to TLSJack Lloyd2016-11-191-1/+3
|
* Merge GH #729 Add CECPQ1 (x25519+NewHope) TLS ciphersuitesJack Lloyd2016-11-191-0/+4
|\
| * Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* | Fix TLS testJack Lloyd2016-11-181-4/+4
|/ | | | | It is allowable to request the maximum length, just not more than it. Found after about 22K runs of the TLS tests.
* Fix TLS corruption tests.Jack Lloyd2016-11-151-4/+4
| | | | | | | | | There is a simple bit flip corruption test for the TLS stack: we shouldn't negotiate correctly if any random bit gets flipped. But it turns out this is not entirely true as the record layer version field is effectively ignored except for distinguishing TLS vs DTLS. So a small bitflip in that field is sometimes ignored, causing the test to fail. Make sure we modify something in the body instead.
* Add an in-house EC curve for TLS at compile-timeRené Korthaus2016-11-031-0/+4
| | | | | | One additional, application-specific curve can be added at compile time, using the new configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
* More tests for session managers.Jack Lloyd2016-10-271-1/+13
| | | | | | Using sqlite3 for one and memory for another meant only half of each implementation was tested. Instead use sqlite3 for a while, then switch to in-memory, to ensure both are covered.
* Test MtE then EtM CBC modesJack Lloyd2016-10-271-1/+1
| | | | | | | | Otherwise we may end up trying to renegotiate EtM to MtE which is an error. Only occured sporadically due to low timeout set on session cache; only if we retried really quickly did it fail. Feels kind of hacky, but disabling EtM is a corner case anyway.
* Fix TLS resumption bugsJack Lloyd2016-10-271-92/+155
| | | | | | | | | | | | | | | | | | | | | The client would attempt to resume a session, even if the session was for a version other than what it wanted to offer. If the server resumed with the original version, the client would then reject the 'incorrect' version. Instead, if the session is for a version other than what we want to offer, just start a fresh handshake. Fix resuming in the EtM case - even if the policy says otherwise, always resume EtM sessions as EtM. Servers are required to reject a MtE resumption on an EtM session. The new client hello already ordered extensions to prevent an empty extension from ever being last (working around a bug in some dumb stack somewhere), but this was not true for the resume case. Fix that. Beef up tests a bit - test ECDSA suites, alerts, and sqlite3 session db. Sharing the session state across all the tests is what tipped me off on the resumption bugs in the first place - as usual, what is not tested does not work correctly.
* Fixes for build without 25519Jack Lloyd2016-10-241-0/+3
|
* X25519 key exchange for TLSJack Lloyd2016-10-211-0/+4
| | | | | Client interops with google.com, server not tested against an independent client yet.
* Merge GH #665 Add IncludeOS target, make filesystem/threads optionalJack Lloyd2016-10-171-1/+0
|\
| * Fix mutex in oids.cppJack Lloyd2016-10-121-1/+0
| | | | | | | | Remove bogus includes for TLS tests
* | Merge GH #659 TLS CBC is optionalJack Lloyd2016-10-131-0/+5
|\ \ | |/ |/|
| * Make TLS CBC optionalJack Lloyd2016-10-081-0/+5
| |
* | Make pk_ops.h internalJack Lloyd2016-10-081-2/+2
| | | | | | | | Some fixes for missing system_rng in ECIES and tests.
* | Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-071-1/+1
|/ | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* TLS: Split CBC+HMAC modes to standalone AEAD_ModeJack Lloyd2016-10-071-116/+167
| | | | | Now record layer only deals with an AEAD, and the weird complications of CBC modes mostly hidden in tls_cbc.cpp
* Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+12
|
* New TLS positive and negative tests.Juraj Somorovsky2016-09-301-4/+10
| | | | | | | | | | | | | | | | | | | TLS message parsing: - CertificateVerify - HelloVerify - ClientHello (with extensions) - ServerHello (with extensions) - NewSessionTicket - Alert TLS message processing: - HelloVerify TLS Policy tests Unit tests with TLS client authentication Added test_throws method that checks the correct exception message.
* Maintainer mode fixes.Jack Lloyd2016-09-211-1/+1
| | | | | | Mostly unused args and missing override notations. Fix DH - load_check calls were commented out for debugging.
* Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-311-240/+346
|\ | | | | | | which recently landed on master.
| * Add a Callbacks function for ALPNJack Lloyd2016-08-161-4/+6
| |
| * Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-34/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
| * Removed TLS::Session::PropertiesMatthias Gierlings2016-06-191-8/+6
| | | | | | | | | | - Removed proposed wrapper class to logically group TLS session properties.
| * Extended TLS Unit TestsMatthias Gierlings2016-06-191-251/+326
| | | | | | | | | | - Modified TLS & DTLS tests to use both, legacy constructor and new virtual callback interface based constructors.
| * Added virtual Callback InterfaceMatthias Gierlings2016-06-191-13/+13
| | | | | | | | | | | | | | | | | | - extracted inner class TLS::Channel::Callbacks to stand-alone class TLS::Callbacks. - provided default implementations for TLS::Callbacks members executing calls to std::function members for backward compatibility. - applied changes to cli, tests and TLS::Channel related classes to be compatible with new interface.