From 7a010aabdeedcc6a676cfe47d8a44c810b5f11d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 12 Jun 2015 11:19:10 +0200 Subject: [PATCH] Add tests for dhm_min_bitlen --- tests/data_files/dh.1000.pem | 34 +++++++++++++++++++++++++++++++++ tests/ssl-opt.sh | 37 ++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 tests/data_files/dh.1000.pem diff --git a/tests/data_files/dh.1000.pem b/tests/data_files/dh.1000.pem new file mode 100644 index 000000000..172f19fb4 --- /dev/null +++ b/tests/data_files/dh.1000.pem @@ -0,0 +1,34 @@ + +Recommended key length: 160 bits + +generator: + 23:84:3c:0d:55:8c:b9:7d:a9:d5:9a:80:82:fb:50: + 89:29:71:8e:8e:a1:29:2e:df:db:01:34:41:e7:66: + fa:60:dc:bc:34:83:45:70:e0:61:e9:a6:25:23:c2: + 77:33:a9:8a:90:94:21:ff:84:d2:7b:36:39:9b:e5: + f0:88:2b:35:98:64:28:58:27:be:fa:bf:e3:60:cc: + c4:61:60:59:78:a7:e1:a3:b3:a7:3e:7e:5b:a8:d7: + b7:ba:25:0e:b1:9e:79:03:b5:83:ba:43:34:b6:c1: + ce:45:66:72:07:64:8a:af:14:d8:ae:18:19:ba:25: + a6:d9:36:f8:8c: + +prime: + 9e:a4:a8:c4:29:fe:76:18:02:4f:76:c9:29:0e:f2: + ba:0d:92:08:9d:d9:b3:28:41:5d:88:4e:fe:3c:ae: + c1:d4:3e:7e:fb:d8:2c:bf:7b:63:70:99:9e:c4:ac: + d0:1e:7c:4e:22:07:d2:b5:f9:9a:9e:52:e2:97:9d: + c3:cb:0d:66:33:75:95:a7:96:6e:69:ec:16:bd:06: + 4a:1a:dc:b2:d4:29:23:ab:2e:8f:7f:6a:84:1d:82: + 23:6e:42:8c:1e:70:3d:21:bb:b9:b9:8f:f9:fd:9c: + 53:08:e4:e8:5a:04:ca:5f:8f:73:55:ac:e1:41:20: + c7:43:fa:8f:99: + + +-----BEGIN DH PARAMETERS----- +MIIBAwJ+AJ6kqMQp/nYYAk92ySkO8roNkgid2bMoQV2ITv48rsHUPn772Cy/e2Nw +mZ7ErNAefE4iB9K1+ZqeUuKXncPLDWYzdZWnlm5p7Ba9Bkoa3LLUKSOrLo9/aoQd +giNuQowecD0hu7m5j/n9nFMI5OhaBMpfj3NVrOFBIMdD+o+ZAn0jhDwNVYy5fanV +moCC+1CJKXGOjqEpLt/bATRB52b6YNy8NINFcOBh6aYlI8J3M6mKkJQh/4TSezY5 +m+XwiCs1mGQoWCe++r/jYMzEYWBZeKfho7OnPn5bqNe3uiUOsZ55A7WDukM0tsHO +RWZyB2SKrxTYrhgZuiWm2Tb4jAICAKA= +-----END DH PARAMETERS----- diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fab278f90..934f77214 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2304,6 +2304,43 @@ run_test "DHM parameters: other parameters" \ -c "value of 'DHM: P ' (1024 bits)" \ -c "value of 'DHM: G ' (2 bits)" +# Tests for DHM client-side size checking + +run_test "DHM size: server default, client default, OK" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1" \ + 0 \ + -C "DHM prime too short:" + +run_test "DHM size: server default, client 2048, OK" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1 dhmlen=2048" \ + 0 \ + -C "DHM prime too short:" + +run_test "DHM size: server 1024, client default, OK" \ + "$P_SRV dhm_file=data_files/dhparams.pem" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1" \ + 0 \ + -C "DHM prime too short:" + +run_test "DHM size: server 1000, client default, rejected" \ + "$P_SRV dhm_file=data_files/dh.1000.pem" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1" \ + 1 \ + -c "DHM prime too short:" + +run_test "DHM size: server default, client 2049, rejected" \ + "$P_SRV" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1 dhmlen=2049" \ + 1 \ + -c "DHM prime too short:" + # Tests for PSK callback run_test "PSK callback: psk, no callback" \