% TLS session establishment tests # More informations at http://www.secdev.org/projects/UTscapy/ ############ ############ + TLS server automaton tests ### DISCLAIMER: Those tests are slow ### = Load server util functions ~ open_ssl_client crypto from __future__ import print_function import sys, os, re, time, multiprocessing, subprocess sys.path.append(os.path.abspath("./tls")) from travis_test_server import * def test_tls_server(suite="", version=""): msg = ("TestS_%s_data" % suite).encode() # Run server q_ = multiprocessing.Manager().Queue() th_ = multiprocessing.Process(target=run_tls_test_server, args=(msg, q_)) th_.start() # Synchronise threads q_.get() time.sleep(1) # Run client CA_f = os.path.abspath("./tls/pki/ca_cert.pem") p = subprocess.Popen( ["openssl", "s_client", "-debug", "-cipher", suite, version, "-CAfile", CA_f], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT ) msg += b"\nstop_server\n" out = p.communicate(input=msg)[0] print(out.decode()) if p.returncode != 0: th_.terminate() raise RuntimeError("OpenSSL returned with error code") else: p = re.compile(b'verify return:(\d+)') _failed = False _one_success = False for match in p.finditer(out): if match.group(1).strip() != b"1": _failed = True break else: _one_success = True if _failed or not _one_success: th_.terminate() raise RuntimeError("OpenSSL returned unexpected values") # Wait for server th_.join(30) if th_.is_alive(): th_.terminate() raise RuntimeError("Test timed out") # Analyse values print(q_.get()) assert th_.exitcode == 0 = Testing TLS server with TLS 1.0 and TLS_RSA_WITH_RC4_128_SHA ~ open_ssl_client crypto test_tls_server("RC4-SHA", "-tls1") = Testing TLS server with TLS 1.1 and TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ~ open_ssl_client crypto test_tls_server("EDH-RSA-DES-CBC3-SHA", "-tls1_1") = Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ~ open_ssl_client crypto test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") = Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ~ open_ssl_client crypto test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") + TLS client automaton tests = Load client utils functions ~ crypto import sys, os, threading from scapy.modules.six.moves.queue import Queue sys.path.append(os.path.abspath("./tls")) from travis_test_client import * def perform_tls_client_test(suite, version): # Run test_tls_client in an other thread q = Queue() p = threading.Thread(target=test_tls_client, args=(suite, version, q)) p.start() # Wait for the function to end p.join() # Analyse data and return if not q.empty(): print(q.get()) if not q.empty(): assert q.get() == 0 else: print("ERROR: Missing one of the return value detected !") assert False = Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 ~ crypto perform_tls_client_test("0700c0", "0002") = Testing TLS client with SSLv3 and TLS_RSA_EXPORT_WITH_RC4_40_MD5 ~ crypto perform_tls_client_test("0003", "0300") = Testing TLS client with TLS 1.0 and TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA ~ crypto perform_tls_client_test("0088", "0301") = Testing TLS client with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ~ crypto perform_tls_client_test("c013", "0302") = Testing TLS client with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ~ crypto perform_tls_client_test("009e", "0303") = Testing TLS client with TLS 1.2 and TLS_ECDH_anon_WITH_RC4_128_SHA ~ crypto perform_tls_client_test("c016", "0303")