| % TLS session establishment tests |
| |
| # More informations at http://www.secdev.org/projects/UTscapy/ |
| |
| ############ |
| ############ |
| + TLS server automaton tests |
| |
| ### DISCLAIMER: Those tests are slow ### |
| |
| = Load server util functions |
| ~ open_ssl_client |
| |
| from __future__ import print_function |
| |
| import sys, os, re, time, multiprocessing, subprocess |
| |
| sys.path.append(os.path.abspath("./tls")) |
| |
| from travis_test_server import * |
| |
| def test_tls_server(suite="", version=""): |
| msg = ("TestS_%s_data" % suite).encode() |
| # Run server |
| q_ = multiprocessing.Manager().Queue() |
| th_ = multiprocessing.Process(target=run_tls_test_server, args=(msg, q_)) |
| th_.start() |
| # Synchronise threads |
| q_.get() |
| time.sleep(1) |
| # Run client |
| CA_f = os.path.abspath("./tls/pki/ca_cert.pem") |
| p = subprocess.Popen( |
| ["openssl", "s_client", "-debug", "-cipher", suite, version, "-CAfile", CA_f], |
| stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT |
| ) |
| msg += b"\nstop_server\n" |
| out = p.communicate(input=msg)[0] |
| print(out.decode()) |
| if p.returncode != 0: |
| th_.terminate() |
| raise RuntimeError("OpenSSL returned with error code") |
| else: |
| p = re.compile(b'verify return:(\d+)') |
| _failed = False |
| _one_success = False |
| for match in p.finditer(out): |
| if match.group(1).strip() != b"1": |
| _failed = True |
| break |
| else: |
| _one_success = True |
| if _failed or not _one_success: |
| th_.terminate() |
| raise RuntimeError("OpenSSL returned unexpected values") |
| # Wait for server |
| th_.join(30) |
| if th_.is_alive(): |
| th_.terminate() |
| raise RuntimeError("Test timed out") |
| # Analyse values |
| print(q_.get()) |
| assert th_.exitcode == 0 |
| |
| |
| = Testing TLS server with TLS 1.0 and TLS_RSA_WITH_RC4_128_SHA |
| ~ open_ssl_client FIXME_py3 |
| |
| test_tls_server("RC4-SHA", "-tls1") |
| |
| = Testing TLS server with TLS 1.1 and TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
| ~ open_ssl_client FIXME_py3 |
| |
| test_tls_server("EDH-RSA-DES-CBC3-SHA", "-tls1_1") |
| |
| = Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| ~ open_ssl_client FIXME_py3 |
| |
| test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") |
| |
| = Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| ~ open_ssl_client FIXME_py3 |
| |
| test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") |
| |
| + TLS client automaton tests |
| |
| = Load client utils functions |
| |
| import sys, os, threading |
| |
| from scapy.modules.six.moves.queue import Queue |
| |
| sys.path.append(os.path.abspath("./tls")) |
| |
| from travis_test_client import * |
| |
| def perform_tls_client_test(suite, version): |
| # Run test_tls_client in an other thread |
| q = Queue() |
| p = threading.Thread(target=test_tls_client, args=(suite, version, q)) |
| p.start() |
| # Wait for the function to end |
| p.join() |
| # Analyse data and return |
| if not q.empty(): |
| print(q.get()) |
| if not q.empty(): |
| assert q.get() == 0 |
| else: |
| print("ERROR: Missing one of the return value detected !") |
| assert False |
| |
| = Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
| |
| perform_tls_client_test("0700c0", "0002") |
| |
| = Testing TLS client with SSLv3 and TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
| |
| perform_tls_client_test("0003", "0300") |
| |
| = Testing TLS client with TLS 1.0 and TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
| ~ FIXME_py3 |
| |
| perform_tls_client_test("0088", "0301") |
| |
| = Testing TLS client with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| ~ FIXME_py3 |
| |
| perform_tls_client_test("c013", "0302") |
| |
| = Testing TLS client with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| ~ FIXME_py3 |
| |
| perform_tls_client_test("009e", "0303") |
| |
| = Testing TLS client with TLS 1.2 and TLS_ECDH_anon_WITH_RC4_128_SHA |
| ~ FIXME_py3 |
| |
| perform_tls_client_test("c016", "0303") |
| |