ciphers.test at [cbbb604ed3]

File tests/ciphers.test artifact cef4d88462 part of check-in cbbb604ed3


# Commands covered:  tls::ciphers
#
# This file contains a collection of tests for one or more of the Tcl
# built-in commands.  Sourcing this file into Tcl runs the tests and
# generates output for errors.  No output means no errors were found.
#

# All rights reserved.
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
#

if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest
    namespace import ::tcltest::*
}

# The build dir is added as the first element of $PATH
package require tls

# One of these should == 1, depending on what type of ssl library
# tls was compiled against. (RSA BSAFE SSL-C or OpenSSL).
#
set ::tcltest::testConstraints(rsabsafe) 0
set ::tcltest::testConstraints(openssl) [string match "OpenSSL*" [tls::version]]

set ::EXPECTEDCIPHERS(rsabsafe) {
    EDH-DSS-RC4-SHA
    EDH-RSA-DES-CBC3-SHA
    EDH-DSS-DES-CBC3-SHA
    DES-CBC3-SHA
    RC4-SHA
    RC4-MD5
    EDH-RSA-DES-CBC-SHA
    EDH-DSS-DES-CBC-SHA
    DES-CBC-SHA
    EXP-EDH-DSS-DES-56-SHA
    EXP-EDH-DSS-RC4-56-SHA
    EXP-DES-56-SHA
    EXP-RC4-56-SHA
    EXP-EDH-RSA-DES-CBC-SHA
    EXP-EDH-DSS-DES-CBC-SHA
    EXP-DES-CBC-SHA
    EXP-RC2-CBC-MD5
    EXP-RC4-MD5
}

set ::EXPECTEDCIPHERS(openssl) {
    ECDHE-RSA-AES256-SHA
    DHE-PSK-AES256-CCM
    DHE-PSK-AES128-GCM-SHA256
    ECDHE-RSA-AES128-SHA256
    DHE-PSK-AES256-GCM-SHA384
    AES256-SHA256
    ECDHE-PSK-CHACHA20-POLY1305
    ECDHE-ECDSA-AES128-SHA256
    AES256-CCM
    ECDHE-RSA-AES128-GCM-SHA256
    DHE-RSA-AES256-SHA
    ECDHE-ECDSA-AES128-GCM-SHA256
    PSK-AES128-GCM-SHA256
    ECDHE-ECDSA-AES256-SHA
    ECDHE-RSA-AES256-GCM-SHA384
    ECDHE-PSK-AES256-CBC-SHA
    ECDHE-ECDSA-AES256-GCM-SHA384
    AES128-SHA
    PSK-AES256-GCM-SHA384
    PSK-AES128-CBC-SHA
    ECDHE-RSA-AES128-SHA
    AES128-GCM-SHA256
    ECDHE-PSK-AES128-CBC-SHA256
    AES256-GCM-SHA384
    TLS_AES_128_GCM_SHA256
    DHE-RSA-AES128-SHA256
    DHE-PSK-CHACHA20-POLY1305
    DHE-PSK-AES128-CCM
    TLS_AES_256_GCM_SHA384
    DHE-RSA-AES256-CCM
    DHE-RSA-AES128-GCM-SHA256
    ECDHE-ECDSA-AES256-CCM
    PSK-AES256-CCM
    DHE-RSA-AES256-GCM-SHA384
    AES128-CCM
    ECDHE-RSA-CHACHA20-POLY1305
    DHE-PSK-AES256-CBC-SHA
    DHE-RSA-AES128-SHA
    ECDHE-ECDSA-CHACHA20-POLY1305
    PSK-CHACHA20-POLY1305
    DHE-PSK-AES128-CBC-SHA256
    ECDHE-ECDSA-AES128-SHA
    ECDHE-PSK-AES128-CBC-SHA
    AES128-SHA256
    PSK-AES128-CBC-SHA256
    DHE-RSA-CHACHA20-POLY1305
    DHE-RSA-AES128-CCM
    DHE-RSA-AES256-SHA256
    ECDHE-ECDSA-AES128-CCM
    PSK-AES128-CCM
    TLS_CHACHA20_POLY1305_SHA256
    DHE-PSK-AES128-CBC-SHA
    AES256-SHA
    PSK-AES256-CBC-SHA
}

set ::EXPECTEDCIPHERS(openssl0.9.8) {
    DHE-RSA-AES256-SHA
    DHE-DSS-AES256-SHA
    AES256-SHA
    EDH-RSA-DES-CBC3-SHA
    EDH-DSS-DES-CBC3-SHA
    DES-CBC3-SHA
    DHE-RSA-AES128-SHA
    DHE-DSS-AES128-SHA
    AES128-SHA
    IDEA-CBC-SHA
    RC4-SHA
    RC4-MD5
    EDH-RSA-DES-CBC-SHA
    EDH-DSS-DES-CBC-SHA
    DES-CBC-SHA
    EXP-EDH-RSA-DES-CBC-SHA
    EXP-EDH-DSS-DES-CBC-SHA
    EXP-DES-CBC-SHA
    EXP-RC2-CBC-MD5
    EXP-RC4-MD5
}

set version ""
if {[string match "OpenSSL*" [tls::version]]} {
   regexp {OpenSSL ([\d\.]+)} [tls::version] -> version
}
if {![info exists ::EXPECTEDCIPHERS(openssl$version)]} {
    set version ""
}

proc listcompare {wants haves} {
    array set want {}
    array set have {}
    foreach item $wants { set want($item) 1 }
    foreach item $haves { set have($item) 1 }
    foreach item [lsort -dictionary [array names have]] {
	if {[info exists want($item)]} {
	    unset want($item) have($item)
	}
    }
    if {[array size want] || [array size have]} {
	return [list MISSING [array names want] UNEXPECTED [array names have]]
    }
}

test ciphers-1.1 {Tls::ciphers for ssl3} {rsabsafe} {
    # This will fail if you compiled against OpenSSL.
    # Change the constraint setting above.
    listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers ssl3]
} {}

test ciphers-1.2 {Tls::ciphers for tls1} {rsabsafe} {
    # This will fail if you compiled against OpenSSL.
    # Change the constraint setting above.
    listcompare $::EXPECTEDCIPHERS(rsabsafe) [tls::ciphers tls1]
} {}

test ciphers-1.3 {Tls::ciphers for ssl3} -constraints openssl -body {
    tls::ciphers ssl3
} -returnCodes 1 -result {ssl3: protocol not supported}

# This version of the test is correct for OpenSSL only.
# An equivalent test for the RSA BSAFE SSL-C is earlier in this file.

test ciphers-1.4 {Tls::ciphers for tls1} {openssl} {
    # This will fail if you compiled against RSA bsafe or with a
    # different set of defines than the default.
    # Change the constraint setting in all.tcl
    listcompare $::EXPECTEDCIPHERS(openssl$version) [tls::ciphers tls1]
} {}


# cleanup
::tcltest::cleanupTests
return