xref: /aosp_15_r20/external/scapy/test/tls/tests_tls_netaccess.uts (revision 7dc08ffc4802948ccbc861daaf1e81c405c2c4bd) 
1*7dc08ffcSJunyu Lai% TLS session establishment tests
2*7dc08ffcSJunyu Lai
3*7dc08ffcSJunyu Lai# More informations at http://www.secdev.org/projects/UTscapy/
4*7dc08ffcSJunyu Lai
5*7dc08ffcSJunyu Lai############
6*7dc08ffcSJunyu Lai############
7*7dc08ffcSJunyu Lai+ TLS server automaton tests
8*7dc08ffcSJunyu Lai
9*7dc08ffcSJunyu Lai### DISCLAIMER: Those tests are slow ###
10*7dc08ffcSJunyu Lai
11*7dc08ffcSJunyu Lai= Load server util functions
12*7dc08ffcSJunyu Lai~ open_ssl_client crypto
13*7dc08ffcSJunyu Lai
14*7dc08ffcSJunyu Laifrom __future__ import print_function
15*7dc08ffcSJunyu Lai
16*7dc08ffcSJunyu Laiimport sys, os, re, time, multiprocessing, subprocess
17*7dc08ffcSJunyu Lai
18*7dc08ffcSJunyu Laisys.path.append(os.path.abspath("./tls"))
19*7dc08ffcSJunyu Lai
20*7dc08ffcSJunyu Laifrom travis_test_server import *
21*7dc08ffcSJunyu Lai
22*7dc08ffcSJunyu Laidef test_tls_server(suite="", version=""):
23*7dc08ffcSJunyu Lai    msg = ("TestS_%s_data" % suite).encode()
24*7dc08ffcSJunyu Lai    # Run server
25*7dc08ffcSJunyu Lai    q_ = multiprocessing.Manager().Queue()
26*7dc08ffcSJunyu Lai    th_ = multiprocessing.Process(target=run_tls_test_server, args=(msg, q_))
27*7dc08ffcSJunyu Lai    th_.start()
28*7dc08ffcSJunyu Lai    # Synchronise threads
29*7dc08ffcSJunyu Lai    q_.get()
30*7dc08ffcSJunyu Lai    time.sleep(1)
31*7dc08ffcSJunyu Lai    # Run client
32*7dc08ffcSJunyu Lai    CA_f = os.path.abspath("./tls/pki/ca_cert.pem")
33*7dc08ffcSJunyu Lai    p = subprocess.Popen(
34*7dc08ffcSJunyu Lai        ["openssl", "s_client", "-debug", "-cipher", suite, version, "-CAfile", CA_f],
35*7dc08ffcSJunyu Lai        stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT
36*7dc08ffcSJunyu Lai    )
37*7dc08ffcSJunyu Lai    msg += b"\nstop_server\n"
38*7dc08ffcSJunyu Lai    out = p.communicate(input=msg)[0]
39*7dc08ffcSJunyu Lai    print(out.decode())
40*7dc08ffcSJunyu Lai    if p.returncode != 0:
41*7dc08ffcSJunyu Lai        th_.terminate()
42*7dc08ffcSJunyu Lai        raise RuntimeError("OpenSSL returned with error code")
43*7dc08ffcSJunyu Lai    else:
44*7dc08ffcSJunyu Lai        p = re.compile(b'verify return:(\d+)')
45*7dc08ffcSJunyu Lai        _failed = False
46*7dc08ffcSJunyu Lai        _one_success = False
47*7dc08ffcSJunyu Lai        for match in p.finditer(out):
48*7dc08ffcSJunyu Lai            if match.group(1).strip() != b"1":
49*7dc08ffcSJunyu Lai                _failed = True
50*7dc08ffcSJunyu Lai                break
51*7dc08ffcSJunyu Lai            else:
52*7dc08ffcSJunyu Lai                _one_success = True
53*7dc08ffcSJunyu Lai        if _failed or not _one_success:
54*7dc08ffcSJunyu Lai            th_.terminate()
55*7dc08ffcSJunyu Lai            raise RuntimeError("OpenSSL returned unexpected values")
56*7dc08ffcSJunyu Lai    # Wait for server
57*7dc08ffcSJunyu Lai    th_.join(30)
58*7dc08ffcSJunyu Lai    if th_.is_alive():
59*7dc08ffcSJunyu Lai        th_.terminate()
60*7dc08ffcSJunyu Lai        raise RuntimeError("Test timed out")
61*7dc08ffcSJunyu Lai    # Analyse values
62*7dc08ffcSJunyu Lai    print(q_.get())
63*7dc08ffcSJunyu Lai    assert th_.exitcode == 0
64*7dc08ffcSJunyu Lai
65*7dc08ffcSJunyu Lai
66*7dc08ffcSJunyu Lai= Testing TLS server with TLS 1.0 and TLS_RSA_WITH_RC4_128_SHA
67*7dc08ffcSJunyu Lai~ open_ssl_client crypto
68*7dc08ffcSJunyu Lai
69*7dc08ffcSJunyu Laitest_tls_server("RC4-SHA", "-tls1")
70*7dc08ffcSJunyu Lai
71*7dc08ffcSJunyu Lai= Testing TLS server with TLS 1.1 and TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
72*7dc08ffcSJunyu Lai~ open_ssl_client crypto
73*7dc08ffcSJunyu Lai
74*7dc08ffcSJunyu Laitest_tls_server("EDH-RSA-DES-CBC3-SHA", "-tls1_1")
75*7dc08ffcSJunyu Lai
76*7dc08ffcSJunyu Lai= Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
77*7dc08ffcSJunyu Lai~ open_ssl_client crypto
78*7dc08ffcSJunyu Lai
79*7dc08ffcSJunyu Laitest_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2")
80*7dc08ffcSJunyu Lai
81*7dc08ffcSJunyu Lai= Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
82*7dc08ffcSJunyu Lai~ open_ssl_client crypto
83*7dc08ffcSJunyu Lai
84*7dc08ffcSJunyu Laitest_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2")
85*7dc08ffcSJunyu Lai
86*7dc08ffcSJunyu Lai+ TLS client automaton tests
87*7dc08ffcSJunyu Lai
88*7dc08ffcSJunyu Lai= Load client utils functions
89*7dc08ffcSJunyu Lai~ crypto
90*7dc08ffcSJunyu Lai
91*7dc08ffcSJunyu Laiimport sys, os, threading
92*7dc08ffcSJunyu Lai
93*7dc08ffcSJunyu Laifrom scapy.modules.six.moves.queue import Queue
94*7dc08ffcSJunyu Lai
95*7dc08ffcSJunyu Laisys.path.append(os.path.abspath("./tls"))
96*7dc08ffcSJunyu Lai
97*7dc08ffcSJunyu Laifrom travis_test_client import *
98*7dc08ffcSJunyu Lai
99*7dc08ffcSJunyu Laidef perform_tls_client_test(suite, version):
100*7dc08ffcSJunyu Lai    # Run test_tls_client in an other thread
101*7dc08ffcSJunyu Lai    q = Queue()
102*7dc08ffcSJunyu Lai    p = threading.Thread(target=test_tls_client, args=(suite, version, q))
103*7dc08ffcSJunyu Lai    p.start()
104*7dc08ffcSJunyu Lai    # Wait for the function to end
105*7dc08ffcSJunyu Lai    p.join()
106*7dc08ffcSJunyu Lai    # Analyse data and return
107*7dc08ffcSJunyu Lai    if not q.empty():
108*7dc08ffcSJunyu Lai        print(q.get())
109*7dc08ffcSJunyu Lai    if not q.empty():
110*7dc08ffcSJunyu Lai        assert q.get() == 0
111*7dc08ffcSJunyu Lai    else:
112*7dc08ffcSJunyu Lai        print("ERROR: Missing one of the return value detected !")
113*7dc08ffcSJunyu Lai        assert False
114*7dc08ffcSJunyu Lai
115*7dc08ffcSJunyu Lai= Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5
116*7dc08ffcSJunyu Lai~ crypto
117*7dc08ffcSJunyu Lai
118*7dc08ffcSJunyu Laiperform_tls_client_test("0700c0", "0002")
119*7dc08ffcSJunyu Lai
120*7dc08ffcSJunyu Lai= Testing TLS client with SSLv3 and TLS_RSA_EXPORT_WITH_RC4_40_MD5
121*7dc08ffcSJunyu Lai~ crypto
122*7dc08ffcSJunyu Lai
123*7dc08ffcSJunyu Laiperform_tls_client_test("0003", "0300")
124*7dc08ffcSJunyu Lai
125*7dc08ffcSJunyu Lai= Testing TLS client with TLS 1.0 and TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
126*7dc08ffcSJunyu Lai~ crypto
127*7dc08ffcSJunyu Lai
128*7dc08ffcSJunyu Laiperform_tls_client_test("0088", "0301")
129*7dc08ffcSJunyu Lai
130*7dc08ffcSJunyu Lai= Testing TLS client with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
131*7dc08ffcSJunyu Lai~ crypto
132*7dc08ffcSJunyu Lai
133*7dc08ffcSJunyu Laiperform_tls_client_test("c013", "0302")
134*7dc08ffcSJunyu Lai
135*7dc08ffcSJunyu Lai= Testing TLS client with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
136*7dc08ffcSJunyu Lai~ crypto
137*7dc08ffcSJunyu Lai
138*7dc08ffcSJunyu Laiperform_tls_client_test("009e", "0303")
139*7dc08ffcSJunyu Lai
140*7dc08ffcSJunyu Lai= Testing TLS client with TLS 1.2 and TLS_ECDH_anon_WITH_RC4_128_SHA
141*7dc08ffcSJunyu Lai~ crypto
142*7dc08ffcSJunyu Lai
143*7dc08ffcSJunyu Laiperform_tls_client_test("c016", "0303")
144*7dc08ffcSJunyu Lai
145