diff options
| author | William Joye <wjoye@cfa.harvard.edu> | 2017-04-21 21:03:18 (GMT) |
|---|---|---|
| committer | William Joye <wjoye@cfa.harvard.edu> | 2017-04-21 21:03:18 (GMT) |
| commit | 73ed1b3d2cdeffe239f2f4b5237cac1a661516b6 (patch) | |
| tree | 2f1e6c13531209667163c9aec4c49b8c4b9c1ba0 /tls/tests/ciphers.test | |
| parent | 027b9ea484ea3067496696cb8fe2cb33eb6c8b7e (diff) | |
| parent | ea8141157cab7d1b2f6cff5463988d1f68f66db3 (diff) | |
| download | blt-73ed1b3d2cdeffe239f2f4b5237cac1a661516b6.zip blt-73ed1b3d2cdeffe239f2f4b5237cac1a661516b6.tar.gz blt-73ed1b3d2cdeffe239f2f4b5237cac1a661516b6.tar.bz2 | |
Merge commit 'ea8141157cab7d1b2f6cff5463988d1f68f66db3' as 'tls'
Diffstat (limited to 'tls/tests/ciphers.test')
| -rw-r--r-- | tls/tests/ciphers.test | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/tls/tests/ciphers.test b/tls/tests/ciphers.test new file mode 100644 index 0000000..f79eec1 --- /dev/null +++ b/tls/tests/ciphers.test @@ -0,0 +1,159 @@ +# Commands covered: tls::ciphers +# +# This file contains a collection of tests for one or more of the Tcl +# built-in commands. Sourcing this file into Tcl runs the tests and +# generates output for errors. No output means no errors were found. +# + +# All rights reserved. +# +# See the file "license.terms" for information on usage and redistribution +# of this file, and for a DISCLAIMER OF ALL WARRANTIES. +# + +if {[lsearch [namespace children] ::tcltest] == -1} { + package require tcltest + namespace import ::tcltest::* +} + +# The build dir is added as the first element of $PATH +set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]] + +package require tls + +# One of these should == 1, depending on what type of ssl library +# tls was compiled against. (RSA BSAFE SSL-C or OpenSSL). +# +set ::tcltest::testConstraints(rsabsafe) 0 +set ::tcltest::testConstraints(openssl) [string match "OpenSSL*" [tls::version]] + +set ::EXPECTEDCIPHERS(rsabsafe) { + EDH-DSS-RC4-SHA + EDH-RSA-DES-CBC3-SHA + EDH-DSS-DES-CBC3-SHA + DES-CBC3-SHA + RC4-SHA + RC4-MD5 + EDH-RSA-DES-CBC-SHA + EDH-DSS-DES-CBC-SHA + DES-CBC-SHA + EXP-EDH-DSS-DES-56-SHA + EXP-EDH-DSS-RC4-56-SHA + EXP-DES-56-SHA + EXP-RC4-56-SHA + EXP-EDH-RSA-DES-CBC-SHA + EXP-EDH-DSS-DES-CBC-SHA + EXP-DES-CBC-SHA + EXP-RC2-CBC-MD5 + EXP-RC4-MD5 +} + +set ::EXPECTEDCIPHERS(openssl) { + AES128-SHA + AES256-SHA + DES-CBC-SHA + DES-CBC3-SHA + DHE-DSS-AES128-SHA + DHE-DSS-AES256-SHA + DHE-DSS-RC4-SHA + DHE-RSA-AES128-SHA + DHE-RSA-AES256-SHA + EDH-DSS-DES-CBC-SHA + EDH-DSS-DES-CBC3-SHA + EDH-RSA-DES-CBC-SHA + EDH-RSA-DES-CBC3-SHA + EXP-DES-CBC-SHA + EXP-EDH-DSS-DES-CBC-SHA + EXP-EDH-RSA-DES-CBC-SHA + EXP-RC2-CBC-MD5 + EXP-RC4-MD5 + EXP1024-DES-CBC-SHA + EXP1024-DHE-DSS-DES-CBC-SHA + EXP1024-DHE-DSS-RC4-SHA + EXP1024-RC2-CBC-MD5 + EXP1024-RC4-MD5 + EXP1024-RC4-SHA + IDEA-CBC-SHA + RC4-MD5 + RC4-SHA +} + +set ::EXPECTEDCIPHERS(openssl0.9.8) { + DHE-RSA-AES256-SHA + DHE-DSS-AES256-SHA + AES256-SHA + EDH-RSA-DES-CBC3-SHA + EDH-DSS-DES-CBC3-SHA + DES-CBC3-SHA + DHE-RSA-AES128-SHA + DHE-DSS-AES128-SHA + AES128-SHA + IDEA-CBC-SHA + RC4-SHA + RC4-MD5 + EDH-RSA-DES-CBC-SHA + EDH-DSS-DES-CBC-SHA + DES-CBC-SHA + EXP-EDH-RSA-DES-CBC-SHA + EXP-EDH-DSS-DES-CBC-SHA + EXP-DES-CBC-SHA + EXP-RC2-CBC-MD5 + EXP-RC4-MD5 +} + +set version "" +if {[string match "OpenSSL*" [tls::version]]} { + regexp {OpenSSL ([\d\.]+)} [tls::version] -> version +} +if {![info exists ::EXPECTEDCIPHERS(openssl$version)]} { + set version "" +} + +proc listcompare {wants haves} { + array set want {} + array set have {} + foreach item $wants { set want($item) 1 } + foreach item $haves { set have($item) 1 } + foreach item [lsort -dictionary [array names have]] { + if {[info exists want($item)]} { + unset want($item) have($item) + } + } + if {[array size want] || [array size have]} { + return [list MISSING [array names want] UNEXPECTED [array names have]] + } +} + +test ciphers-1.1 {Tls::ciphers for ssl3} {rsabsafe} { + # This will fail if you compiled against OpenSSL. + # Change the constraint setting above. + listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers ssl3] +} {} + +test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} { + # This will fail if you compiled against OpenSSL. + # Change the constraint setting above. + listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1] +} {} + +test ciphers-1.3 {Tls::ciphers for ssl3} {openssl} { + # This will fail if you compiled against RSA bsafe or with a + # different set of defines than the default. + # Change the constraint setting above. + listcompare $::EXPECTEDCIPHERS(openssl$version) [tls::ciphers ssl3] +} {} + +# This version of the test is correct for OpenSSL only. +# An equivalent test for the RSA BSAFE SSL-C is earlier in this file. + +test ciphers-1.4 {Tls::ciphers for tls1} {openssl} { + # This will fail if you compiled against RSA bsafe or with a + # different set of defines than the default. + # Change the constraint setting in all.tcl + listcompare $::EXPECTEDCIPHERS(openssl$version) [tls::ciphers tls1] +} {} + + +# cleanup +::tcltest::cleanupTests +return |