1% TLS session establishment tests 2 3# More informations at http://www.secdev.org/projects/UTscapy/ 4 5############ 6############ 7+ TLS server automaton tests 8 9### DISCLAIMER: Those tests are slow ### 10 11= Load server util functions 12~ open_ssl_client crypto 13 14from __future__ import print_function 15 16import sys, os, re, time, multiprocessing, subprocess 17 18sys.path.append(os.path.abspath("./tls")) 19 20from travis_test_server import * 21 22def test_tls_server(suite="", version=""): 23 msg = ("TestS_%s_data" % suite).encode() 24 # Run server 25 q_ = multiprocessing.Manager().Queue() 26 th_ = multiprocessing.Process(target=run_tls_test_server, args=(msg, q_)) 27 th_.start() 28 # Synchronise threads 29 q_.get() 30 time.sleep(1) 31 # Run client 32 CA_f = os.path.abspath("./tls/pki/ca_cert.pem") 33 p = subprocess.Popen( 34 ["openssl", "s_client", "-debug", "-cipher", suite, version, "-CAfile", CA_f], 35 stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT 36 ) 37 msg += b"\nstop_server\n" 38 out = p.communicate(input=msg)[0] 39 print(out.decode()) 40 if p.returncode != 0: 41 th_.terminate() 42 raise RuntimeError("OpenSSL returned with error code") 43 else: 44 p = re.compile(b'verify return:(\d+)') 45 _failed = False 46 _one_success = False 47 for match in p.finditer(out): 48 if match.group(1).strip() != b"1": 49 _failed = True 50 break 51 else: 52 _one_success = True 53 if _failed or not _one_success: 54 th_.terminate() 55 raise RuntimeError("OpenSSL returned unexpected values") 56 # Wait for server 57 th_.join(30) 58 if th_.is_alive(): 59 th_.terminate() 60 raise RuntimeError("Test timed out") 61 # Analyse values 62 print(q_.get()) 63 assert th_.exitcode == 0 64 65 66= Testing TLS server with TLS 1.0 and TLS_RSA_WITH_RC4_128_SHA 67~ open_ssl_client crypto 68 69test_tls_server("RC4-SHA", "-tls1") 70 71= Testing TLS server with TLS 1.1 and TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 72~ open_ssl_client crypto 73 74test_tls_server("EDH-RSA-DES-CBC3-SHA", "-tls1_1") 75 76= Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 77~ open_ssl_client crypto 78 79test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") 80 81= Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 82~ open_ssl_client crypto 83 84test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") 85 86+ TLS client automaton tests 87 88= Load client utils functions 89~ crypto 90 91import sys, os, threading 92 93from scapy.modules.six.moves.queue import Queue 94 95sys.path.append(os.path.abspath("./tls")) 96 97from travis_test_client import * 98 99def perform_tls_client_test(suite, version): 100 # Run test_tls_client in an other thread 101 q = Queue() 102 p = threading.Thread(target=test_tls_client, args=(suite, version, q)) 103 p.start() 104 # Wait for the function to end 105 p.join() 106 # Analyse data and return 107 if not q.empty(): 108 print(q.get()) 109 if not q.empty(): 110 assert q.get() == 0 111 else: 112 print("ERROR: Missing one of the return value detected !") 113 assert False 114 115= Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 116~ crypto 117 118perform_tls_client_test("0700c0", "0002") 119 120= Testing TLS client with SSLv3 and TLS_RSA_EXPORT_WITH_RC4_40_MD5 121~ crypto 122 123perform_tls_client_test("0003", "0300") 124 125= Testing TLS client with TLS 1.0 and TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 126~ crypto 127 128perform_tls_client_test("0088", "0301") 129 130= Testing TLS client with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 131~ crypto 132 133perform_tls_client_test("c013", "0302") 134 135= Testing TLS client with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 136~ crypto 137 138perform_tls_client_test("009e", "0303") 139 140= Testing TLS client with TLS 1.2 and TLS_ECDH_anon_WITH_RC4_128_SHA 141~ crypto 142 143perform_tls_client_test("c016", "0303") 144 145