5123321399

Committed 30 May 2023 04:06PM UTC coverage: 92.213% (+0.004%) from 92.209%

Build # 5123321399

Build Type

Pull #3558

github

Committed by

web-flow

Commit Message

Merge dd72f7389 into 057bcbc35

Pull Request Pull Request #3558: Add braces around all if/else statements

Run Details

75602 of 81986 relevant lines covered (92.21%)

11859779.3 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.16

/src/tests/test_tls.cpp

/*
* (C) 2014,2015,2017,2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"
#include <fstream>
#include <memory>

#if defined(BOTAN_HAS_TLS)
   #include "test_rng.h"

   #include <botan/tls_alert.h>
   #include <botan/tls_policy.h>
   #include <botan/tls_session.h>
   #include <botan/tls_version.h>

   #if defined(BOTAN_HAS_TLS_CBC)
      #include <botan/internal/tls_cbc.h>
   #endif

#endif

namespace Botan_Tests {

#if defined(BOTAN_HAS_TLS)

class TLS_Session_Tests final : public Test {
   public:
      std::vector<Test::Result> run() override {
         Test::Result result("TLS::Session");

         Botan::TLS::Session session(Botan::secure_vector<uint8_t>{0xCC, 0xDD},
                                     Botan::TLS::Protocol_Version::TLS_V12,
                                     0xC02F,
                                     Botan::TLS::Connection_Side::Client,
                                     true,
                                     false,
                                     std::vector<Botan::X509_Certificate>(),
                                     Botan::TLS::Server_Information("server"),
                                     0x0000,
                                     std::chrono::system_clock::now());

         const std::string pem = session.PEM_encode();
         Botan::TLS::Session session_from_pem(pem);
         result.test_eq("Roundtrip from pem", session.DER_encode(), session_from_pem.DER_encode());

         const auto der = session.DER_encode();
         Botan::TLS::Session session_from_der(der);
         result.test_eq("Roundtrip from der", session.DER_encode(), session_from_der.DER_encode());

         const Botan::SymmetricKey key("ABCDEF");
         const std::vector<uint8_t> ctext1 = session.encrypt(key, Test::rng());
         const std::vector<uint8_t> ctext2 = session.encrypt(key, Test::rng());

         result.test_ne(
            "TLS session encryption is non-determinsitic", ctext1.data(), ctext1.size(), ctext2.data(), ctext2.size());

         const std::vector<uint8_t> expected_hdr = Botan::hex_decode("068B5A9D396C0000F2322CAE");

         result.test_eq("tls", "TLS session encryption same header", ctext1.data(), 12, expected_hdr.data(), 12);
         result.test_eq("tls", "TLS session encryption same header", ctext2.data(), 12, expected_hdr.data(), 12);

         Botan::TLS::Session dsession = Botan::TLS::Session::decrypt(ctext1.data(), ctext1.size(), key);

         Fixed_Output_RNG frng1("00112233445566778899AABBCCDDEEFF802802802802802802802802");
         const std::vector<uint8_t> ctextf1 = session.encrypt(key, frng1);
         Fixed_Output_RNG frng2("00112233445566778899AABBCCDDEEFF802802802802802802802802");
         const std::vector<uint8_t> ctextf2 = session.encrypt(key, frng2);

         result.test_eq("Only randomness comes from RNG", ctextf1, ctextf2);

         Botan::TLS::Session session2(Botan::secure_vector<uint8_t>{0xCC, 0xEE},
                                      Botan::TLS::Protocol_Version::TLS_V12,
                                      0xBAAD,  // cipher suite does not exist
                                      Botan::TLS::Connection_Side::Client,
                                      true,
                                      false,
                                      std::vector<Botan::X509_Certificate>(),
                                      Botan::TLS::Server_Information("server"),
                                      0x0000,
                                      std::chrono::system_clock::now());
         const std::string pem_with_unknown_ciphersuite = session2.PEM_encode();

         result.test_throws("unknown ciphersuite during session parsing",
                            "Serialized TLS session contains unknown cipher suite (47789)",
                            [&] { Botan::TLS::Session{pem_with_unknown_ciphersuite}; });

         return {result};
      }
};

BOTAN_REGISTER_TEST("tls", "tls_session", TLS_Session_Tests);

   #if defined(BOTAN_HAS_TLS_CBC)

class TLS_CBC_Padding_Tests final : public Text_Based_Test {
   public:
      TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc_padding.vec", "Record,Output") {}

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         const std::vector<uint8_t> record = vars.get_req_bin("Record");
         const size_t output = vars.get_req_sz("Output");

         uint16_t res = Botan::TLS::check_tls_cbc_padding(record.data(), record.size());

         Test::Result result("TLS CBC padding check");
         result.test_eq("Expected", res, output);
         return result;
      }
};

BOTAN_REGISTER_TEST("tls", "tls_cbc_padding", TLS_CBC_Padding_Tests);

class TLS_CBC_Tests final : public Text_Based_Test {
   public:
      class ZeroMac : public Botan::MessageAuthenticationCode {
         public:
            explicit ZeroMac(size_t mac_len) : m_mac_len(mac_len) {}

            void clear() override {}

            std::string name() const override { return "ZeroMac"; }

            size_t output_length() const override { return m_mac_len; }

            void add_data(const uint8_t /*input*/[], size_t /*length*/) override {}

            void final_result(uint8_t out[]) override {
               for(size_t i = 0; i != m_mac_len; ++i) {
                  out[i] = 0;
               }
            }

            bool has_keying_material() const override { return true; }

            Botan::Key_Length_Specification key_spec() const override {
               return Botan::Key_Length_Specification(0, 0, 1);
            }

            std::unique_ptr<MessageAuthenticationCode> new_object() const override {
               return std::make_unique<ZeroMac>(m_mac_len);
            }

         private:
            void key_schedule(const uint8_t /*key*/[], size_t /*length*/) override {}

            size_t m_mac_len;
      };

      class Noop_Block_Cipher : public Botan::BlockCipher {
         public:
            explicit Noop_Block_Cipher(size_t bs) : m_bs(bs) {}

            void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override {
               Botan::copy_mem(out, in, blocks * m_bs);
            }

            void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override {
               Botan::copy_mem(out, in, blocks * m_bs);
            }

            size_t block_size() const override { return m_bs; }

            void clear() override {}

            std::string name() const override { return "noop"; }

            bool has_keying_material() const override { return true; }

            Botan::Key_Length_Specification key_spec() const override {
               return Botan::Key_Length_Specification(0, 0, 1);
            }

            std::unique_ptr<BlockCipher> new_object() const override {
               return std::make_unique<Noop_Block_Cipher>(m_bs);
            }

         private:
            void key_schedule(const uint8_t /*key*/[], size_t /*length*/) override {}

            size_t m_bs;
      };

      TLS_CBC_Tests() : Text_Based_Test("tls_cbc.vec", "Blocksize,MACsize,Record,Valid") {}

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         Test::Result result("TLS CBC");

         const size_t block_size = vars.get_req_sz("Blocksize");
         const size_t mac_len = vars.get_req_sz("MACsize");
         const std::vector<uint8_t> record = vars.get_req_bin("Record");
         const bool is_valid = vars.get_req_sz("Valid") == 1;

         // todo test permutations
         bool encrypt_then_mac = false;

         Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption tls_cbc(std::make_unique<Noop_Block_Cipher>(block_size),
                                                          std::make_unique<ZeroMac>(mac_len),
                                                          0,
                                                          0,
                                                          Botan::TLS::Protocol_Version::TLS_V12,
                                                          encrypt_then_mac);

         tls_cbc.set_key(std::vector<uint8_t>(0));
         std::vector<uint8_t> ad(13);
         tls_cbc.set_associated_data(ad.data(), ad.size());

         Botan::secure_vector<uint8_t> vec(record.begin(), record.end());

         try {
            tls_cbc.finish(vec, 0);
            if(is_valid) {
               result.test_success("Accepted valid TLS-CBC ciphertext");
            } else {
               result.test_failure("Accepted invalid TLS-CBC ciphertext");
            }
         } catch(std::exception&) {
            if(is_valid) {
               result.test_failure("Rejected valid TLS-CBC ciphertext");
            } else {
               result.test_success("Accepted invalid TLS-CBC ciphertext");
            }
         }

         return result;
      }
};

BOTAN_REGISTER_TEST("tls", "tls_cbc", TLS_CBC_Tests);

   #endif

class Test_TLS_Alert_Strings : public Test {
   public:
      std::vector<Test::Result> run() override {
         Test::Result result("TLS::Alert::type_string");

         const std::vector<Botan::TLS::Alert::Type> alert_types = {
            Botan::TLS::Alert::CloseNotify,
            Botan::TLS::Alert::UnexpectedMessage,
            Botan::TLS::Alert::BadRecordMac,
            Botan::TLS::Alert::DecryptionFailed,
            Botan::TLS::Alert::RecordOverflow,
            Botan::TLS::Alert::DecompressionFailure,
            Botan::TLS::Alert::HandshakeFailure,
            Botan::TLS::Alert::NoCertificate,
            Botan::TLS::Alert::BadCertificate,
            Botan::TLS::Alert::UnsupportedCertificate,
            Botan::TLS::Alert::CertificateRevoked,
            Botan::TLS::Alert::CertificateExpired,
            Botan::TLS::Alert::CertificateUnknown,
            Botan::TLS::Alert::IllegalParameter,
            Botan::TLS::Alert::UnknownCA,
            Botan::TLS::Alert::AccessDenied,
            Botan::TLS::Alert::DecodeError,
            Botan::TLS::Alert::DecryptError,
            Botan::TLS::Alert::ExportRestriction,
            Botan::TLS::Alert::ProtocolVersion,
            Botan::TLS::Alert::InsufficientSecurity,
            Botan::TLS::Alert::InternalError,
            Botan::TLS::Alert::InappropriateFallback,
            Botan::TLS::Alert::UserCanceled,
            Botan::TLS::Alert::NoRenegotiation,
            Botan::TLS::Alert::MissingExtension,
            Botan::TLS::Alert::UnsupportedExtension,
            Botan::TLS::Alert::CertificateUnobtainable,
            Botan::TLS::Alert::UnrecognizedName,
            Botan::TLS::Alert::BadCertificateStatusResponse,
            Botan::TLS::Alert::BadCertificateHashValue,
            Botan::TLS::Alert::UnknownPSKIdentity,
            Botan::TLS::Alert::NoApplicationProtocol,
         };

         std::set<std::string> seen;

         for(auto alert : alert_types) {
            const std::string str = Botan::TLS::Alert(alert).type_string();
            result.test_eq("No duplicate strings", seen.count(str), 0);
            seen.insert(str);
         }

         Botan::TLS::Alert unknown_alert = Botan::TLS::Alert({01, 66});

         result.test_eq("Unknown alert str", unknown_alert.type_string(), "unrecognized_alert_66");

         return {result};
      }
};

BOTAN_REGISTER_TEST("tls", "tls_alert_strings", Test_TLS_Alert_Strings);

class Test_TLS_Policy_Text : public Test {
   public:
      std::vector<Test::Result> run() override {
         Test::Result result("TLS Policy");

         const std::vector<std::string> policies = {"default", "suiteb_128", "suiteb_192", "strict", "datagram", "bsi"};

         for(const std::string& policy : policies) {
            const std::string from_policy_obj = tls_policy_string(policy);
            std::string from_file =
   #if defined(BOTAN_HAS_TLS_13)
               read_tls_policy(policy + (policy == "default" || policy == "strict" ? "_tls13" : ""));
   #else
               read_tls_policy(policy);
   #endif

            result.test_eq("Values for TLS " + policy + " policy", from_file, from_policy_obj);
         }

         return {result};
      }

   private:
      static std::string read_tls_policy(const std::string& policy_str) {
         const std::string fspath = Test::data_file("tls-policy/" + policy_str + ".txt");

         std::ifstream is(fspath.c_str());
         if(!is.good()) {
            throw Test_Error("Missing policy file " + fspath);
         }

         Botan::TLS::Text_Policy policy(is);
         return policy.to_string();
      }

      static std::string tls_policy_string(const std::string& policy_str) {
         std::unique_ptr<Botan::TLS::Policy> policy;
         if(policy_str == "default") {
            policy = std::make_unique<Botan::TLS::Policy>();
         } else if(policy_str == "suiteb_128") {
            policy = std::make_unique<Botan::TLS::NSA_Suite_B_128>();
         } else if(policy_str == "suiteb_192") {
            policy = std::make_unique<Botan::TLS::NSA_Suite_B_192>();
         } else if(policy_str == "bsi") {
            policy = std::make_unique<Botan::TLS::BSI_TR_02102_2>();
         } else if(policy_str == "strict") {
            policy = std::make_unique<Botan::TLS::Strict_Policy>();
         } else if(policy_str == "datagram") {
            policy = std::make_unique<Botan::TLS::Datagram_Policy>();
         } else {
            throw Test_Error("Unknown TLS policy type '" + policy_str + "'");
         }

         return policy->to_string();
      }
};

BOTAN_REGISTER_TEST("tls", "tls_policy_text", Test_TLS_Policy_Text);

class Test_TLS_Ciphersuites : public Test {
   public:
      std::vector<Test::Result> run() override {
         Test::Result result("TLS::Ciphersuite");

         for(size_t csuite_id = 0; csuite_id <= 0xFFFF; ++csuite_id) {
            const uint16_t csuite_id16 = static_cast<uint16_t>(csuite_id);
            auto ciphersuite = Botan::TLS::Ciphersuite::by_id(csuite_id16);

            if(ciphersuite && ciphersuite->valid()) {
               result.test_eq("Valid Ciphersuite is not SCSV", Botan::TLS::Ciphersuite::is_scsv(csuite_id16), false);

               if(ciphersuite->cbc_ciphersuite() == false) {
                  result.test_eq("Expected AEAD ciphersuite", ciphersuite->aead_ciphersuite(), true);
                  result.test_eq("Expected MAC name for AEAD ciphersuites", ciphersuite->mac_algo(), "AEAD");
               } else {
                  result.test_eq("Did not expect AEAD ciphersuite", ciphersuite->aead_ciphersuite(), false);
                  result.test_eq(
                     "MAC algo and PRF algo same for CBC suites", ciphersuite->prf_algo(), ciphersuite->mac_algo());
               }

               // TODO more tests here
            }
         }

         return {result};
      }
};

BOTAN_REGISTER_TEST("tls", "tls_ciphersuites", Test_TLS_Ciphersuites);

class Test_TLS_Algo_Strings : public Test {
   public:
      std::vector<Test::Result> run() override {
         std::vector<Test::Result> results;

         results.push_back(test_auth_method_strings());
         results.push_back(test_kex_algo_strings());
         results.push_back(test_tls_sig_method_strings());

         return results;
      }

   private:
      static Test::Result test_tls_sig_method_strings() {
         Test::Result result("TLS::Signature_Scheme");

         std::vector<Botan::TLS::Signature_Scheme> schemes = Botan::TLS::Signature_Scheme::all_available_schemes();

         std::set<std::string> scheme_strs;
         for(auto scheme : schemes) {
            std::string scheme_str = scheme.to_string();

            result.test_eq("Scheme strings unique", scheme_strs.count(scheme_str), 0);

            scheme_strs.insert(scheme_str);
         }

         return result;
      }

      static Test::Result test_auth_method_strings() {
         Test::Result result("TLS::Auth_Method");

         const std::vector<Botan::TLS::Auth_Method> auth_methods({
            Botan::TLS::Auth_Method::RSA,
            Botan::TLS::Auth_Method::ECDSA,
            Botan::TLS::Auth_Method::IMPLICIT,
         });

         for(Botan::TLS::Auth_Method meth : auth_methods) {
            std::string meth_str = Botan::TLS::auth_method_to_string(meth);
            result.test_ne("Method string is not empty", meth_str, "");
            Botan::TLS::Auth_Method meth2 = Botan::TLS::auth_method_from_string(meth_str);
            result.confirm("Decoded method matches", meth == meth2);
         }

         return result;
      }

      static Test::Result test_kex_algo_strings() {
         Test::Result result("TLS::Kex_Algo");

         const std::vector<Botan::TLS::Kex_Algo> kex_algos({Botan::TLS::Kex_Algo::STATIC_RSA,
                                                            Botan::TLS::Kex_Algo::DH,
                                                            Botan::TLS::Kex_Algo::ECDH,
                                                            Botan::TLS::Kex_Algo::PSK,
                                                            Botan::TLS::Kex_Algo::ECDHE_PSK});

         for(Botan::TLS::Kex_Algo meth : kex_algos) {
            std::string meth_str = Botan::TLS::kex_method_to_string(meth);
            result.test_ne("Method string is not empty", meth_str, "");
            Botan::TLS::Kex_Algo meth2 = Botan::TLS::kex_method_from_string(meth_str);
            result.confirm("Decoded method matches", meth == meth2);
         }

         return result;
      }
};

BOTAN_REGISTER_TEST("tls", "tls_algo_strings", Test_TLS_Algo_Strings);

#endif

}  // namespace Botan_Tests

1	/*
2	* (C) 2014,2015,2017,2018 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "tests.h"
8	#include <fstream>
9	#include <memory>
10
11	#if defined(BOTAN_HAS_TLS)
12	#include "test_rng.h"
13
14	#include <botan/tls_alert.h>
15	#include <botan/tls_policy.h>
16	#include <botan/tls_session.h>
17	#include <botan/tls_version.h>
18
19	#if defined(BOTAN_HAS_TLS_CBC)
20	#include <botan/internal/tls_cbc.h>
21	#endif
22
23	#endif
24
25	namespace Botan_Tests {
26
27	#if defined(BOTAN_HAS_TLS)
28
29	class TLS_Session_Tests final : public Test {	×
30	public:
31	std::vector<Test::Result> run() override {	1✔
32	Test::Result result("TLS::Session");	1✔
33
34	Botan::TLS::Session session(Botan::secure_vector<uint8_t>{0xCC, 0xDD},	3✔
35	Botan::TLS::Protocol_Version::TLS_V12,
36	0xC02F,
37	Botan::TLS::Connection_Side::Client,
38	true,
39	false,
40	std::vector<Botan::X509_Certificate>(),	2✔
41	Botan::TLS::Server_Information("server"),	1✔
42	0x0000,
43	std::chrono::system_clock::now());	2✔
44
45	const std::string pem = session.PEM_encode();	1✔
46	Botan::TLS::Session session_from_pem(pem);	1✔
47	result.test_eq("Roundtrip from pem", session.DER_encode(), session_from_pem.DER_encode());	3✔
48
49	const auto der = session.DER_encode();	1✔
50	Botan::TLS::Session session_from_der(der);	1✔
51	result.test_eq("Roundtrip from der", session.DER_encode(), session_from_der.DER_encode());	3✔
52
53	const Botan::SymmetricKey key("ABCDEF");	1✔
54	const std::vector<uint8_t> ctext1 = session.encrypt(key, Test::rng());	1✔
55	const std::vector<uint8_t> ctext2 = session.encrypt(key, Test::rng());	1✔
56
57	result.test_ne(	1✔
58	"TLS session encryption is non-determinsitic", ctext1.data(), ctext1.size(), ctext2.data(), ctext2.size());
59
60	const std::vector<uint8_t> expected_hdr = Botan::hex_decode("068B5A9D396C0000F2322CAE");	1✔
61
62	result.test_eq("tls", "TLS session encryption same header", ctext1.data(), 12, expected_hdr.data(), 12);	1✔
63	result.test_eq("tls", "TLS session encryption same header", ctext2.data(), 12, expected_hdr.data(), 12);	1✔
64
65	Botan::TLS::Session dsession = Botan::TLS::Session::decrypt(ctext1.data(), ctext1.size(), key);	1✔
66
67	Fixed_Output_RNG frng1("00112233445566778899AABBCCDDEEFF802802802802802802802802");	1✔
68	const std::vector<uint8_t> ctextf1 = session.encrypt(key, frng1);	1✔
69	Fixed_Output_RNG frng2("00112233445566778899AABBCCDDEEFF802802802802802802802802");	1✔
70	const std::vector<uint8_t> ctextf2 = session.encrypt(key, frng2);	1✔
71
72	result.test_eq("Only randomness comes from RNG", ctextf1, ctextf2);	1✔
73
74	Botan::TLS::Session session2(Botan::secure_vector<uint8_t>{0xCC, 0xEE},	3✔
75	Botan::TLS::Protocol_Version::TLS_V12,
76	0xBAAD, // cipher suite does not exist
77	Botan::TLS::Connection_Side::Client,
78	true,
79	false,
80	std::vector<Botan::X509_Certificate>(),	2✔
81	Botan::TLS::Server_Information("server"),	1✔
82	0x0000,
83	std::chrono::system_clock::now());	2✔
84	const std::string pem_with_unknown_ciphersuite = session2.PEM_encode();	1✔
85
86	result.test_throws("unknown ciphersuite during session parsing",	3✔
87	"Serialized TLS session contains unknown cipher suite (47789)",
88	[&] { Botan::TLS::Session{pem_with_unknown_ciphersuite}; });	1✔
89
90	return {result};	3✔
91	}	9✔
92	};
93
94	BOTAN_REGISTER_TEST("tls", "tls_session", TLS_Session_Tests);
95
96	#if defined(BOTAN_HAS_TLS_CBC)
97
98	class TLS_CBC_Padding_Tests final : public Text_Based_Test {	×
99	public:
100	TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc_padding.vec", "Record,Output") {}	2✔
101
102	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	22✔
103	const std::vector<uint8_t> record = vars.get_req_bin("Record");	22✔
104	const size_t output = vars.get_req_sz("Output");	22✔
105
106	uint16_t res = Botan::TLS::check_tls_cbc_padding(record.data(), record.size());	22✔
107
108	Test::Result result("TLS CBC padding check");	22✔
109	result.test_eq("Expected", res, output);	22✔
110	return result;	22✔
111	}	22✔
112	};
113
114	BOTAN_REGISTER_TEST("tls", "tls_cbc_padding", TLS_CBC_Padding_Tests);
115
116	class TLS_CBC_Tests final : public Text_Based_Test {	×
117	public:
118	class ZeroMac : public Botan::MessageAuthenticationCode {
119	public:
120	explicit ZeroMac(size_t mac_len) : m_mac_len(mac_len) {}	10✔
121
122	void clear() override {}	×
123
124	std::string name() const override { return "ZeroMac"; }	16✔
125
126	size_t output_length() const override { return m_mac_len; }	10✔
127
128	void add_data(const uint8_t /input/[], size_t /length/) override {}	26✔
129
130	void final_result(uint8_t out[]) override {	10✔
131	for(size_t i = 0; i != m_mac_len; ++i) {	206✔
132	out[i] = 0;	196✔
133	}
134	}	10✔
135
136	bool has_keying_material() const override { return true; }	×
137
138	Botan::Key_Length_Specification key_spec() const override {	10✔
139	return Botan::Key_Length_Specification(0, 0, 1);	10✔
140	}
141
142	std::unique_ptr<MessageAuthenticationCode> new_object() const override {	×
143	return std::make_unique<ZeroMac>(m_mac_len);	×
144	}
145
146	private:
147	void key_schedule(const uint8_t /key/[], size_t /length/) override {}	10✔
148
149	size_t m_mac_len;
150	};
151
152	class Noop_Block_Cipher : public Botan::BlockCipher {
153	public:
154	explicit Noop_Block_Cipher(size_t bs) : m_bs(bs) {}	10✔
155
156	void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override {	×
157	Botan::copy_mem(out, in, blocks * m_bs);	×
158	}	×
159
160	void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const override {	10✔
161	Botan::copy_mem(out, in, blocks * m_bs);	10✔
162	}	10✔
163
164	size_t block_size() const override { return m_bs; }	40✔
165
166	void clear() override {}	×
167
168	std::string name() const override { return "noop"; }	10✔
169
170	bool has_keying_material() const override { return true; }	×
171
172	Botan::Key_Length_Specification key_spec() const override {	20✔
173	return Botan::Key_Length_Specification(0, 0, 1);	20✔
174	}
175
176	std::unique_ptr<BlockCipher> new_object() const override {	×
177	return std::make_unique<Noop_Block_Cipher>(m_bs);	×
178	}
179
180	private:
181	void key_schedule(const uint8_t /key/[], size_t /length/) override {}	10✔
182
183	size_t m_bs;
184	};
185
186	TLS_CBC_Tests() : Text_Based_Test("tls_cbc.vec", "Blocksize,MACsize,Record,Valid") {}	3✔
187
188	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	10✔
189	Test::Result result("TLS CBC");	10✔
190
191	const size_t block_size = vars.get_req_sz("Blocksize");	10✔
192	const size_t mac_len = vars.get_req_sz("MACsize");	10✔
193	const std::vector<uint8_t> record = vars.get_req_bin("Record");	10✔
194	const bool is_valid = vars.get_req_sz("Valid") == 1;	10✔
195
196	// todo test permutations
197	bool encrypt_then_mac = false;	10✔
198
199	Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption tls_cbc(std::make_unique<Noop_Block_Cipher>(block_size),	20✔
200	std::make_unique<ZeroMac>(mac_len),	10✔
201	0,
202	0,
203	Botan::TLS::Protocol_Version::TLS_V12,
204	encrypt_then_mac);	20✔
205
206	tls_cbc.set_key(std::vector<uint8_t>(0));	10✔
207	std::vector<uint8_t> ad(13);	10✔
208	tls_cbc.set_associated_data(ad.data(), ad.size());	10✔
209
210	Botan::secure_vector<uint8_t> vec(record.begin(), record.end());	10✔
211
212	try {	10✔
213	tls_cbc.finish(vec, 0);	10✔
214	if(is_valid) {	4✔
215	result.test_success("Accepted valid TLS-CBC ciphertext");	8✔
216	} else {
217	result.test_failure("Accepted invalid TLS-CBC ciphertext");	×
218	}
219	} catch(std::exception&) {	6✔
220	if(is_valid) {	6✔
221	result.test_failure("Rejected valid TLS-CBC ciphertext");	×
222	} else {
223	result.test_success("Accepted invalid TLS-CBC ciphertext");	12✔
224	}
225	}	6✔
226
227	return result;	10✔
228	}	30✔
229	};
230
231	BOTAN_REGISTER_TEST("tls", "tls_cbc", TLS_CBC_Tests);
232
233	#endif
234
235	class Test_TLS_Alert_Strings : public Test {	1✔
236	public:
237	std::vector<Test::Result> run() override {	1✔
238	Test::Result result("TLS::Alert::type_string");	1✔
239
240	const std::vector<Botan::TLS::Alert::Type> alert_types = {	1✔
241	Botan::TLS::Alert::CloseNotify,
242	Botan::TLS::Alert::UnexpectedMessage,
243	Botan::TLS::Alert::BadRecordMac,
244	Botan::TLS::Alert::DecryptionFailed,
245	Botan::TLS::Alert::RecordOverflow,
246	Botan::TLS::Alert::DecompressionFailure,
247	Botan::TLS::Alert::HandshakeFailure,
248	Botan::TLS::Alert::NoCertificate,
249	Botan::TLS::Alert::BadCertificate,
250	Botan::TLS::Alert::UnsupportedCertificate,
251	Botan::TLS::Alert::CertificateRevoked,
252	Botan::TLS::Alert::CertificateExpired,
253	Botan::TLS::Alert::CertificateUnknown,
254	Botan::TLS::Alert::IllegalParameter,
255	Botan::TLS::Alert::UnknownCA,
256	Botan::TLS::Alert::AccessDenied,
257	Botan::TLS::Alert::DecodeError,
258	Botan::TLS::Alert::DecryptError,
259	Botan::TLS::Alert::ExportRestriction,
260	Botan::TLS::Alert::ProtocolVersion,
261	Botan::TLS::Alert::InsufficientSecurity,
262	Botan::TLS::Alert::InternalError,
263	Botan::TLS::Alert::InappropriateFallback,
264	Botan::TLS::Alert::UserCanceled,
265	Botan::TLS::Alert::NoRenegotiation,
266	Botan::TLS::Alert::MissingExtension,
267	Botan::TLS::Alert::UnsupportedExtension,
268	Botan::TLS::Alert::CertificateUnobtainable,
269	Botan::TLS::Alert::UnrecognizedName,
270	Botan::TLS::Alert::BadCertificateStatusResponse,
271	Botan::TLS::Alert::BadCertificateHashValue,
272	Botan::TLS::Alert::UnknownPSKIdentity,
273	Botan::TLS::Alert::NoApplicationProtocol,
274	};	1✔
275
276	std::set<std::string> seen;	1✔
277
278	for(auto alert : alert_types) {	34✔
279	const std::string str = Botan::TLS::Alert(alert).type_string();	33✔
280	result.test_eq("No duplicate strings", seen.count(str), 0);	33✔
281	seen.insert(str);	33✔
282	}	33✔
283
284	Botan::TLS::Alert unknown_alert = Botan::TLS::Alert({01, 66});	1✔
285
286	result.test_eq("Unknown alert str", unknown_alert.type_string(), "unrecognized_alert_66");	3✔
287
288	return {result};	3✔
289	}	2✔
290	};
291
292	BOTAN_REGISTER_TEST("tls", "tls_alert_strings", Test_TLS_Alert_Strings);
293
294	class Test_TLS_Policy_Text : public Test {	1✔
295	public:
296	std::vector<Test::Result> run() override {	1✔
297	Test::Result result("TLS Policy");	1✔
298
299	const std::vector<std::string> policies = {"default", "suiteb_128", "suiteb_192", "strict", "datagram", "bsi"};	7✔
300
301	for(const std::string& policy : policies) {	7✔
302	const std::string from_policy_obj = tls_policy_string(policy);	6✔
303	std::string from_file =	6✔
304	#if defined(BOTAN_HAS_TLS_13)
305	read_tls_policy(policy + (policy == "default" \|\| policy == "strict" ? "_tls13" : ""));	7✔
306	#else
307	read_tls_policy(policy);
308	#endif
309
310	result.test_eq("Values for TLS " + policy + " policy", from_file, from_policy_obj);	12✔
311	}	12✔
312
313	return {result};	3✔
314	}	1✔
315
316	private:
317	static std::string read_tls_policy(const std::string& policy_str) {	6✔
318	const std::string fspath = Test::data_file("tls-policy/" + policy_str + ".txt");	12✔
319
320	std::ifstream is(fspath.c_str());	6✔
321	if(!is.good()) {	6✔
322	throw Test_Error("Missing policy file " + fspath);	×
323	}
324
325	Botan::TLS::Text_Policy policy(is);	6✔
326	return policy.to_string();	6✔
327	}	12✔
328
329	static std::string tls_policy_string(const std::string& policy_str) {	6✔
330	std::unique_ptr<Botan::TLS::Policy> policy;	6✔
331	if(policy_str == "default") {	6✔
332	policy = std::make_unique<Botan::TLS::Policy>();	1✔
333	} else if(policy_str == "suiteb_128") {	5✔
334	policy = std::make_unique<Botan::TLS::NSA_Suite_B_128>();	1✔
335	} else if(policy_str == "suiteb_192") {	4✔
336	policy = std::make_unique<Botan::TLS::NSA_Suite_B_192>();	1✔
337	} else if(policy_str == "bsi") {	3✔
338	policy = std::make_unique<Botan::TLS::BSI_TR_02102_2>();	1✔
339	} else if(policy_str == "strict") {	2✔
340	policy = std::make_unique<Botan::TLS::Strict_Policy>();	1✔
341	} else if(policy_str == "datagram") {	1✔
342	policy = std::make_unique<Botan::TLS::Datagram_Policy>();	1✔
343	} else {
344	throw Test_Error("Unknown TLS policy type '" + policy_str + "'");	×
345	}
346
347	return policy->to_string();	6✔
348	}	6✔
349	};
350
351	BOTAN_REGISTER_TEST("tls", "tls_policy_text", Test_TLS_Policy_Text);
352
353	class Test_TLS_Ciphersuites : public Test {	1✔
354	public:
355	std::vector<Test::Result> run() override {	1✔
356	Test::Result result("TLS::Ciphersuite");	1✔
357
358	for(size_t csuite_id = 0; csuite_id <= 0xFFFF; ++csuite_id) {	65,537✔
359	const uint16_t csuite_id16 = static_cast<uint16_t>(csuite_id);	65,536✔
360	auto ciphersuite = Botan::TLS::Ciphersuite::by_id(csuite_id16);	65,536✔
361
362	if(ciphersuite && ciphersuite->valid()) {	65,536✔
363	result.test_eq("Valid Ciphersuite is not SCSV", Botan::TLS::Ciphersuite::is_scsv(csuite_id16), false);	94✔
364
365	if(ciphersuite->cbc_ciphersuite() == false) {	94✔
366	result.test_eq("Expected AEAD ciphersuite", ciphersuite->aead_ciphersuite(), true);	64✔
367	result.test_eq("Expected MAC name for AEAD ciphersuites", ciphersuite->mac_algo(), "AEAD");	128✔
368	} else {
369	result.test_eq("Did not expect AEAD ciphersuite", ciphersuite->aead_ciphersuite(), false);	30✔
370	result.test_eq(	90✔
371	"MAC algo and PRF algo same for CBC suites", ciphersuite->prf_algo(), ciphersuite->mac_algo());	60✔
372	}
373
374	// TODO more tests here
375	}
376	}
377
378	return {result};	3✔
379	}	1✔
380	};
381
382	BOTAN_REGISTER_TEST("tls", "tls_ciphersuites", Test_TLS_Ciphersuites);
383
384	class Test_TLS_Algo_Strings : public Test {	1✔
385	public:
386	std::vector<Test::Result> run() override {	1✔
387	std::vector<Test::Result> results;	1✔
388
389	results.push_back(test_auth_method_strings());	2✔
390	results.push_back(test_kex_algo_strings());	2✔
391	results.push_back(test_tls_sig_method_strings());	2✔
392
393	return results;	1✔
394	}	×
395
396	private:
397	static Test::Result test_tls_sig_method_strings() {	1✔
398	Test::Result result("TLS::Signature_Scheme");	1✔
399
400	std::vector<Botan::TLS::Signature_Scheme> schemes = Botan::TLS::Signature_Scheme::all_available_schemes();	1✔
401
402	std::set<std::string> scheme_strs;	1✔
403	for(auto scheme : schemes) {	10✔
404	std::string scheme_str = scheme.to_string();	9✔
405
406	result.test_eq("Scheme strings unique", scheme_strs.count(scheme_str), 0);	9✔
407
408	scheme_strs.insert(scheme_str);	9✔
409	}	9✔
410
411	return result;	1✔
412	}	2✔
413
414	static Test::Result test_auth_method_strings() {	1✔
415	Test::Result result("TLS::Auth_Method");	1✔
416
417	const std::vector<Botan::TLS::Auth_Method> auth_methods({	1✔
418	Botan::TLS::Auth_Method::RSA,
419	Botan::TLS::Auth_Method::ECDSA,
420	Botan::TLS::Auth_Method::IMPLICIT,
421	});	1✔
422
423	for(Botan::TLS::Auth_Method meth : auth_methods) {	4✔
424	std::string meth_str = Botan::TLS::auth_method_to_string(meth);	3✔
425	result.test_ne("Method string is not empty", meth_str, "");	6✔
426	Botan::TLS::Auth_Method meth2 = Botan::TLS::auth_method_from_string(meth_str);	3✔
427	result.confirm("Decoded method matches", meth == meth2);	9✔
428	}	3✔
429
430	return result;	1✔
431	}	1✔
432
433	static Test::Result test_kex_algo_strings() {	1✔
434	Test::Result result("TLS::Kex_Algo");	1✔
435
436	const std::vector<Botan::TLS::Kex_Algo> kex_algos({Botan::TLS::Kex_Algo::STATIC_RSA,	1✔
437	Botan::TLS::Kex_Algo::DH,
438	Botan::TLS::Kex_Algo::ECDH,
439	Botan::TLS::Kex_Algo::PSK,
440	Botan::TLS::Kex_Algo::ECDHE_PSK});	1✔
441
442	for(Botan::TLS::Kex_Algo meth : kex_algos) {	6✔
443	std::string meth_str = Botan::TLS::kex_method_to_string(meth);	5✔
444	result.test_ne("Method string is not empty", meth_str, "");	10✔
445	Botan::TLS::Kex_Algo meth2 = Botan::TLS::kex_method_from_string(meth_str);	5✔
446	result.confirm("Decoded method matches", meth == meth2);	15✔
447	}	5✔
448
449	return result;	1✔
450	}	1✔
451	};
452
453	BOTAN_REGISTER_TEST("tls", "tls_algo_strings", Test_TLS_Algo_Strings);
454
455	#endif
456
457	} // namespace Botan_Tests

randombit / botan / 5123321399

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous