|
Packit |
aea12f |
#!/bin/sh
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Copyright (C) 2010-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# This file is part of GnuTLS.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# GnuTLS is free software; you can redistribute it and/or modify it
|
|
Packit |
aea12f |
# under the terms of the GNU General Public License as published by the
|
|
Packit |
aea12f |
# Free Software Foundation; either version 3 of the License, or (at
|
|
Packit |
aea12f |
# your option) any later version.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
# General Public License for more details.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# You should have received a copy of the GNU General Public License
|
|
Packit |
aea12f |
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
Packit |
aea12f |
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
srcdir="${srcdir:-.}"
|
|
Packit |
aea12f |
SERV="${SERV:-../../src/gnutls-serv}"
|
|
Packit |
aea12f |
CLI="${CLI:-../../src/gnutls-cli}"
|
|
Packit |
aea12f |
DEBUG=""
|
|
Packit |
aea12f |
unset RETCODE
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -x "${CERTTOOL}"; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -z "${VALGRIND}"; then
|
|
Packit |
aea12f |
VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${WINDIR}" != ""; then
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SERV="${SERV} -q"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
. "${srcdir}/../scripts/common.sh"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
size=`${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/dsa-pubkey-1018.pem"|grep "Algorithm Secur"|cut -d '(' -f 2|cut -d ' ' -f 1`
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if test "${size}" != "1024"; then
|
|
Packit |
aea12f |
echo "The prime size (${size}) doesn't match the expected: 1024"
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking various DSA key sizes (port ${PORT})"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# DSA 1024 + TLS 1.0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking DSA-1024 with TLS 1.0"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server "${PID}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
PRIO="--priority NORMAL:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA384:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1"
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#try with client key of 1024 bits (should succeed)
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#try with client key of 2048 bits (should fail)
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" </dev/null >/dev/null 2>&1 && \
|
|
Packit |
aea12f |
fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#try with client key of 3072 bits (should fail)
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" </dev/null >/dev/null 2>&1 && \
|
|
Packit |
aea12f |
fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill "${PID}"
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# DSA 1024 + TLS 1.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking DSA-1024 with TLS 1.2"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server "${PID}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#try with client key of 1024 bits (should succeed)
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#try with client key of 2048 bits (should succeed)
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#try with client key of 3072 bits (should succeed)
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill "${PID}"
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# DSA 2048 + TLS 1.0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#echo "Checking DSA-2048 with TLS 1.0"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#eval "${GETPORT}"
|
|
Packit |
aea12f |
#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem"
|
|
Packit |
aea12f |
#PID=$!
|
|
Packit |
aea12f |
#wait_server "${PID}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
|
|
Packit |
aea12f |
# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#kill "${PID}"
|
|
Packit |
aea12f |
#wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# DSA 2048 + TLS 1.2
|
|
Packit |
aea12f |
echo "Checking DSA-2048 with TLS 1.2"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server "${PID}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill "${PID}"
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# DSA 3072 + TLS 1.0
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#echo "Checking DSA-3072 with TLS 1.0"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem"
|
|
Packit |
aea12f |
#PID=$!
|
|
Packit |
aea12f |
#wait_server "${PID}"
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
|
|
Packit |
aea12f |
# fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!"
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
#kill "${PID}"
|
|
Packit |
aea12f |
#wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# DSA 3072 + TLS 1.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
echo "Checking DSA-3072 with TLS 1.2"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
eval "${GETPORT}"
|
|
Packit |
aea12f |
launch_server $$ --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem"
|
|
Packit |
aea12f |
PID=$!
|
|
Packit |
aea12f |
wait_server "${PID}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure </dev/null >/dev/null || \
|
|
Packit |
aea12f |
fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
kill "${PID}"
|
|
Packit |
aea12f |
wait
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
exit 0
|