test_code_t test_tls1_1_fallback (gnutls_session session) { int ret; if (tls1_1_ok) return TEST_IGNORE; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_PROTOCOL3 (session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret != TEST_SUCCEED) return TEST_FAILED; if (gnutls_protocol_get_version (session) == GNUTLS_TLS1) return TEST_SUCCEED; else if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) return TEST_UNSURE; return TEST_FAILED; }
test_code_t test_srp (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX (session, GNUTLS_KX_SRP); srp_detected = 0; gnutls_srp_set_client_credentials_function (srp_cred, _test_srp_username_callback); gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred); ret = do_handshake (session); gnutls_srp_set_client_credentials_function (srp_cred, NULL); if (srp_detected != 0) return TEST_SUCCEED; else return TEST_FAILED; }
/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails, * but the previous SSL 3.0 test succeeded then disable TLS 1.0. */ test_code_t test_tls_disable (gnutls_session session) { int ret; if (tls1_ok != 0) return TEST_IGNORE; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) { /* disable TLS 1.0 */ if (ssl3_ok != 0) { protocol_priority[0] = GNUTLS_SSL3; protocol_priority[1] = 0; } } return ret; }
test_code_t test_rsa_pms (gnutls_session session) { int ret; /* here we enable both SSL 3.0 and TLS 1.0 * and try to connect and use rsa authentication. * If the server is old, buggy and only supports * SSL 3.0 then the handshake will fail. */ ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX (session, GNUTLS_KX_RSA); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) return TEST_FAILED; if (gnutls_protocol_get_version (session) == GNUTLS_TLS1) return TEST_SUCCEED; return TEST_UNSURE; }
test_code_t test_version_rollback (gnutls_session session) { int ret; if (tls1_ok == 0) return TEST_IGNORE; /* here we enable both SSL 3.0 and TLS 1.0 * and we connect using a 3.1 client hello version, * and a 3.0 record version. Some implementations * are buggy (and vulnerable to man in the middle * attacks which allow a version downgrade) and this * connection will fail. */ ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_record_set_default_version (session, 3, 0); ret = do_handshake (session); if (ret != TEST_SUCCEED) return ret; if (tls1_ok != 0 && gnutls_protocol_get_version (session) == GNUTLS_SSL3) return TEST_FAILED; return TEST_SUCCEED; }
/* Prints the trusted server's CAs. This is only * if the server sends a certificate request packet. */ test_code_t test_server_cas (gnutls_session session) { int ret; if (verbose == 0) return TEST_IGNORE; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_certificate_client_set_retrieve_function (xcred, cert_callback); ret = do_handshake (session); gnutls_certificate_client_set_retrieve_function (xcred, NULL); if (ret == TEST_FAILED) return ret; return TEST_SUCCEED; }
test_code_t test_certificate (gnutls_session session) { int ret; if (verbose == 0) return TEST_IGNORE; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) return ret; printf ("\n"); print_cert_info (session, hostname); return TEST_SUCCEED; }
test_code_t test_bye (gnutls_session session) { int ret; char data[20]; int old, secs = 6; #ifndef _WIN32 signal (SIGALRM, got_alarm); #endif ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) return ret; ret = gnutls_bye (session, GNUTLS_SHUT_WR); if (ret < 0) return TEST_FAILED; #ifndef _WIN32 old = siginterrupt (SIGALRM, 1); alarm (secs); #else setsockopt (gnutls_transport_get_ptr (session), SOL_SOCKET, SO_RCVTIMEO, (char *) &secs, sizeof (int)); #endif do { ret = gnutls_record_recv (session, data, sizeof (data)); } while (ret > 0); #ifndef _WIN32 siginterrupt (SIGALRM, old); #else if (WSAGetLastError () == WSAETIMEDOUT || WSAGetLastError () == WSAECONNABORTED) alrm = 1; #endif if (ret == 0) return TEST_SUCCEED; if (alrm == 0) return TEST_UNSURE; return TEST_FAILED; }
test_code_t test_export_info (gnutls_session session) { int ret2, ret; gnutls_datum exp2, mod2; const char *print; if (verbose == 0 || export_true == 0) return TEST_IGNORE; ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX (session, GNUTLS_KX_RSA_EXPORT); ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) { ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2); if (ret2 >= 0) { printf ("\n"); print = raw_to_string (exp2.data, exp2.size); if (print) printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print); print = raw_to_string (mod2.data, mod2.size); if (print) printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print); if (mod2.size != mod.size || exp2.size != exp.size || memcmp (mod2.data, mod.data, mod.size) != 0 || memcmp (exp2.data, exp.data, exp.size) != 0) { printf (" (server uses different public keys per connection)\n"); } } } return ret; }
test_code_t test_server (gnutls_session session) { int ret, i = 0; char buf[5 * 1024]; char *p; const char snd_buf[] = "GET / HTTP/1.0\n\n"; if (verbose == 0) return TEST_UNSURE; buf[sizeof (buf) - 1] = 0; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret != TEST_SUCCEED) return TEST_FAILED; gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1); ret = gnutls_record_recv (session, buf, sizeof (buf) - 1); if (ret < 0) return TEST_FAILED; p = strstr (buf, "Server:"); if (p != NULL) p = strchr (p, ':'); if (p != NULL) { p++; while (*p != 0 && *p != '\r' && *p != '\n') { putc (*p, stdout); p++; i++; if (i > 128) break; } } return TEST_SUCCEED; }
test_code_t test_zlib (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_COMP (session, GNUTLS_COMP_ZLIB); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; }
test_code_t test_3des (gnutls_session_t session) { int ret; ADD_CIPHER (session, GNUTLS_CIPHER_3DES_CBC); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; }
test_code_t test_arcfour_40 (gnutls_session session) { int ret; ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; }
test_code_t test_hello_extension (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_record_set_max_size (session, 512); ret = do_handshake (session); return ret; }
test_code_t test_unknown_ciphersuites (gnutls_session session) { int ret; ADD_CIPHER3 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; }
test_code_t test_dhe_group (gnutls_session session) { int ret, ret2; gnutls_datum gen, prime, pubkey2; const char *print; if (verbose == 0 || pubkey.data == NULL) return TEST_IGNORE; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); ret2 = gnutls_dh_get_group (session, &gen, &prime); if (ret2 >= 0) { printf ("\n"); print = raw_to_string (gen.data, gen.size); if (print) printf (" Generator [%d bits]: %s\n", gen.size * 8, print); print = raw_to_string (prime.data, prime.size); if (print) printf (" Prime [%d bits]: %s\n", prime.size * 8, print); gnutls_dh_get_pubkey (session, &pubkey2); print = raw_to_string (pubkey2.data, pubkey2.size); if (print) printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print); if (pubkey2.data && pubkey2.size == pubkey.size && memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0) { printf (" (public key seems to be static among sessions)\n"); } } return ret; }
test_code_t test_session_resume2 (gnutls_session session) { int ret; char tmp_session_id[32]; int tmp_session_id_size; if (session == NULL) return TEST_IGNORE; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred); gnutls_session_set_data (session, session_data, session_data_size); memcpy (tmp_session_id, session_id, session_id_size); tmp_session_id_size = session_id_size; ret = do_handshake (session); if (ret == TEST_FAILED) return ret; /* check if we actually resumed the previous session */ session_id_size = sizeof (session_id); gnutls_session_get_id (session, session_id, &session_id_size); if (session_id_size == 0) return TEST_FAILED; if (gnutls_session_is_resumed (session)) return TEST_SUCCEED; if (tmp_session_id_size == session_id_size && memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0) return TEST_SUCCEED; else return TEST_FAILED; }
test_code_t test_ssl3 (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_PROTOCOL (session, GNUTLS_SSL3); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) ssl3_ok = 1; return ret; }
test_code_t test_lzo (gnutls_session session) { int ret; gnutls_handshake_set_private_extensions (session, 1); ADD_ALL_CIPHERS (session); ADD_COMP (session, GNUTLS_COMP_LZO); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; }
/* See if the server tolerates out of bounds * record layer versions in the first client hello * message. */ test_code_t test_version_oob (gnutls_session session) { int ret; /* here we enable both SSL 3.0 and TLS 1.0 * and we connect using a 5.5 record version. */ ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_record_set_default_version (session, 5, 5); ret = do_handshake (session); return ret; }
test_code_t test_anonymous (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX (session, GNUTLS_KX_ANON_DH); gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred); ret = do_handshake (session); if (ret == TEST_SUCCEED) gnutls_dh_get_pubkey (session, &pubkey); return ret; }
test_code_t test_dhe (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); gnutls_dh_get_pubkey (session, &pubkey); return ret; }
test_code_t test_unknown_ciphersuites (gnutls_session_t session) { int ret; #ifdef ENABLE_CAMELLIA ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_ARCFOUR_128); #else ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, 0); #endif ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); return ret; }
test_code_t test_openpgp1 (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_CERTTYPE (session, GNUTLS_CRT_OPENPGP); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_FAILED) return ret; if (gnutls_certificate_type_get (session) == GNUTLS_CRT_OPENPGP) return TEST_SUCCEED; return TEST_FAILED; }
test_code_t test_rsa_pms_version_check (gnutls_session session) { int ret; /* here we use an arbitary version in the RSA PMS * to see whether to server will check this version. * * A normal server would abort this handshake. */ ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */ ret = do_handshake (session); return ret; }
test_code_t test_max_record_size (gnutls_session session) { int ret; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_ALL_KX (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_record_set_max_size (session, 512); ret = do_handshake (session); if (ret == TEST_FAILED) return ret; ret = gnutls_record_get_max_size (session); if (ret == 512) return TEST_SUCCEED; return TEST_FAILED; }
test_code_t test_export (gnutls_session session) { int ret; ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX (session, GNUTLS_KX_RSA_EXPORT); ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) { export_true = 1; gnutls_rsa_export_get_pubkey (session, &exp, &mod); } return ret; }