mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

missed SSL ECC test files in last checkin

This commit is contained in:
ian.mcgreer%sun.com 2003-10-17 14:10:18 +00:00
Родитель 2909a7b2e1
Коммит e929b84d2a
4 изменённых файлов: 506 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

349
security/nss/tests/ssl/ecssl.sh Normal file
Просмотреть файл

@ -0,0 +1,349 @@
#! /bin/sh
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
# Sun Microsystems, Inc. All Rights Reserved.
#
# Contributor(s):
# Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
########################################################################
#
# mozilla/security/nss/tests/ssl/ssl.sh
#
# Script to test NSS SSL
#
# needs to work on all Unix and Windows platforms
#
# special strings
# ---------------
# FIXME ... known problems, search for this string
# NOTE .... unexpected behavior
#
########################################################################
############################## ssl_init ################################
# local shell function to initialize this script
########################################################################
ssl_init()
{
SCRIPTNAME=ssl.sh # sourced - $0 would point to all.sh
if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
fi
if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
cd ../common
. ./init.sh
fi
if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
cd ../cert
. ./cert.sh
fi
SCRIPTNAME=ssl.sh
echo "$SCRIPTNAME: SSL tests ==============================="
grep "SUCCESS: SSL passed" $CERT_LOG_FILE >/dev/null || {
html_head "SSL Test failure"
Exit 8 "Fatal - SSL of cert.sh needs to pass first"
}
PORT=${PORT-8443}
# Test case files
SSLCOV=${QADIR}/ssl/sslcov.txt
SSLAUTH=${QADIR}/ssl/sslauth.txt
SSLSTRESS=${QADIR}/ssl/sslstress.txt
REQUEST_FILE=${QADIR}/ssl/sslreq.txt
#temparary files
SERVEROUTFILE=${TMP}/tests_server.$$
SERVERPID=${TMP}/tests_pid.$$
R_SERVERPID=../tests_pid.$$
TEMPFILES="$TMPFILES ${SERVEROUTFILE} ${SERVERPID}"
fileout=0 #FIXME, looks like all.sh tried to turn this on but actually didn't
#fileout=1
#verbose="-v" #FIXME - see where this is usefull
USER_NICKNAME=TestUser
NORM_EXT=""
cd ${CLIENTDIR}
}
########################### is_selfserv_alive ##########################
# local shell function to exit with a fatal error if selfserver is not
# running
########################################################################
is_selfserv_alive()
{
if [ ! -f "${SERVERPID}" ]; then
echo "$SCRIPTNAME: Error - selfserv PID file ${SERVERPID} doesn't exist"
sleep 5
if [ ! -f "${SERVERPID}" ]; then
Exit 9 "Fatal - selfserv pid file ${SERVERPID} does not exist"
fi
fi
PID=`cat ${SERVERPID}`
#if [ "${OS_ARCH}" = "Linux" ]; then
kill -0 $PID >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
#else
#$PS -e | grep $PID >/dev/null || \
#Exit 10 "Fatal - selfserv process not detectable"
#fi
}
########################### wait_for_selfserv ##########################
# local shell function to wait until selfserver is running and initialized
########################################################################
wait_for_selfserv()
{
echo "tstclnt -p ${PORT} -h ${HOST} -q "
echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \\"
#echo "tstclnt -q started at `date`"
tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
if [ $? -ne 0 ]; then
html_failed "<TR><TD> Wait for Server "
echo "RETRY: tstclnt -p ${PORT} -h ${HOST} -q \\"
echo " -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
tstclnt -p ${PORT} -h ${HOST} -q -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}
elif [ sparam = "-c ABCDEFGHIJKLMNOPQRSTabcdefghijklmnvy" ] ; then # "$1" = "cov" ] ; then
html_passed "<TR><TD> Wait for Server"
fi
is_selfserv_alive
}
########################### kill_selfserv ##############################
# local shell function to kill the selfserver after the tests are done
########################################################################
kill_selfserv()
{
${KILL} `cat ${SERVERPID}`
wait `cat ${SERVERPID}`
if [ ${fileout} -eq 1 ]; then
cat ${SERVEROUTFILE}
fi
# On Linux selfserv needs up to 30 seconds to fully die and free
# the port. Wait until the port is free. (Bug 129701)
if [ "${OS_ARCH}" = "Linux" ]; then
until selfserv -b -p ${PORT} 2>/dev/null; do
sleep 1
done
fi
rm ${SERVERPID}
}
########################### start_selfserv #############################
# local shell function to start the selfserver with the parameters required
# for this test and log information (parameters, start time)
# also: wait until the server is up and running
########################################################################
start_selfserv()
{
if [ -n "$testname" ] ; then
echo "$SCRIPTNAME: $testname ----"
fi
sparam=`echo $sparam | sed -e 's;_; ;g'`
echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \\"
echo " -e ${HOSTADDR}-ec \\"
echo " -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
echo "selfserv started at `date`"
if [ ${fileout} -eq 1 ]; then
selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \
-e ${HOSTADDR}-ec \
-w nss ${sparam} -i ${R_SERVERPID} $verbose \
> ${SERVEROUTFILE} 2>&1 &
else
selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} \
-e ${HOSTADDR}-ec \
-w nss ${sparam} -i ${R_SERVERPID} $verbose &
fi
wait_for_selfserv
}
############################## ssl_cov #################################
# local shell function to perform SSL Cipher Coverage tests
########################################################################
ssl_cov()
{
html_head "SSL Cipher Coverage $NORM_EXT"
testname=""
sparam="-c ABCDEFGHIJKLMNOPQRSTabcdefghijklmnvyz"
start_selfserv # Launch the server
p=""
while read tls param testname
do
p=`echo "$testname" | sed -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS
if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended test" ] ; then
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ "$tls" != "#" ] ; then
echo "$SCRIPTNAME: running $testname ----------------------------"
TLS_FLAG=-T
if [ $tls = "TLS" ]; then
TLS_FLAG=""
fi
is_selfserv_alive
echo "tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} \\"
echo " -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
tstclnt -p ${PORT} -h ${HOST} -c ${param} ${TLS_FLAG} -f \
-d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
cat ${TMP}/$HOST.tmp.$$
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
html_msg $ret 0 "${testname}"
fi
done < ${SSLCOV}
kill_selfserv
html "</TABLE><BR>"
}
############################## ssl_auth ################################
# local shell function to perform SSL Client Authentication tests
########################################################################
ssl_auth()
{
html_head "SSL Client Authentication $NORM_EXT"
while read value sparam cparam testname
do
if [ $value != "#" ]; then
cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
start_selfserv
echo "tstclnt -p ${PORT} -h ${HOST} -f -d ${P_R_CLIENTDIR} \\"
echo " ${cparam} < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
tstclnt -p ${PORT} -h ${HOST} -f ${cparam} \
-d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
cat ${TMP}/$HOST.tmp.$$
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
html_msg $ret $value "${testname}" \
"produced a returncode of $ret, expected is $value"
kill_selfserv
fi
done < ${SSLAUTH}
html "</TABLE><BR>"
}
############################## ssl_stress ##############################
# local shell function to perform SSL stress test
########################################################################
ssl_stress()
{
html_head "SSL Stress Test $NORM_EXT"
while read value sparam cparam testname
do
p=`echo "$testname" | sed -e "s/Stress //" -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS
if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended test" ] ; then
echo "$SCRIPTNAME: skipping $testname for $NORM_EXT"
elif [ $value != "#" ]; then
cparam=`echo $cparam | sed -e 's;_; ;g'`
start_selfserv
if [ `uname -n` = "sjsu" ] ; then
echo "debugging disapering selfserv... ps -ef | grep selfserv"
ps -ef | grep selfserv
fi
echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} -w nss $cparam \\"
echo " $verbose ${HOSTADDR}"
echo "strsclnt started at `date`"
strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} -w nss $cparam \
$verbose ${HOSTADDR}
ret=$?
echo "strsclnt completed at `date`"
html_msg $ret $value "${testname}"
if [ `uname -n` = "sjsu" ] ; then
echo "debugging disapering selfserv... ps -ef | grep selfserv"
ps -ef | grep selfserv
fi
kill_selfserv
fi
done < ${SSLSTRESS}
html "</TABLE><BR>"
}
############################## ssl_cleanup #############################
# local shell function to finish this script (no exit since it might be
# sourced)
########################################################################
ssl_cleanup()
{
rm $SERVERPID 2>/dev/null
cd ${QADIR}
. common/cleanup.sh
}
################## main #################################################
#this script may be sourced from the distributed stress test - in this case do nothing...
if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then
ssl_init
ssl_cov
ssl_auth
ssl_stress
SERVERDIR=$EXT_SERVERDIR
CLIENTDIR=$EXT_CLIENTDIR
R_SERVERDIR=$R_EXT_SERVERDIR
R_CLIENTDIR=$R_EXT_CLIENTDIR
P_R_SERVERDIR=$P_R_EXT_SERVERDIR
P_R_CLIENTDIR=$P_R_EXT_CLIENTDIR
USER_NICKNAME=ExtendedSSLUser
NORM_EXT="Extended test"
cd ${CLIENTDIR}
ssl_cov
ssl_auth
ssl_stress
ssl_cleanup
fi

50
security/nss/tests/ssl/ecsslauth.txt Normal file
Просмотреть файл

@ -0,0 +1,50 @@
#
# This file defines the tests for client auth.
#
# expected
# return server client Test Case name
# value params params
# ------ ------ ------ ---------------
0 -r -w_nss TLS Request don't require client auth (client does not provide auth)
0 -r -w_bogus_-n_TestUser TLS Request don't require client auth (bad password)
0 -r -w_nss_-n_TestUser TLS Request don't require client auth (client auth)
0 -r_-r -w_nss TLS Require client auth (client does not provide auth)
254 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password)
0 -r_-r -w_nss_-n_TestUser_ TLS Require client auth (client auth)
0 -r -T_-w_nss SSL3 Request don't require client auth (client does not provide auth)
0 -r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
0 -r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
0 -r_-r -T_-w_nss SSL3 Require client auth (client does not provide auth)
254 -r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
0 -r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
0 -r_-r_-r -w_nss TLS Request don't require client auth on 2nd hs (client does not provide auth)
0 -r_-r_-r -w_bogus_-n_TestUser TLS Request don't require client auth on 2nd hs (bad password)
0 -r_-r_-r -w_nss_-n_TestUser TLS Request don't require client auth on 2nd hs (client auth)
0 -r_-r_-r_-r -w_nss TLS Require client auth on 2nd hs (client does not provide auth)
1 -r_-r_-r_-r -w_bogus_-n_TestUser TLS Require client auth on 2nd hs (bad password)
0 -r_-r_-r_-r -w_nss_-n_TestUser_ TLS Require client auth on 2nd hs (client auth)
0 -r_-r_-r -T_-w_nss SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
0 -r_-r_-r -T_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
0 -r_-r_-r -T_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
0 -r_-r_-r_-r -T_-w_nss SSL3 Require client auth on 2nd hs (client does not provide auth)
1 -r_-r_-r_-r -T_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
0 -r_-r_-r_-r -T_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
#
# Use EC cert for client authentication
#
0 -r -w_bogus_-n_TestUser-ec TLS Request don't require client auth (EC) (bad password)
0 -r -w_nss_-n_TestUser-ec TLS Request don't require client auth (EC) (client auth)
254 -r_-r -w_bogus_-n_TestUser-ec TLS Require client auth (EC) (bad password)
0 -r_-r -w_nss_-n_TestUser-ec_ TLS Require client auth (EC) (client auth)
0 -r -T_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth (EC) (bad password)
0 -r -T_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth (EC) (client auth)
254 -r_-r -T_-n_TestUser-ec_-w_bogus SSL3 Require client auth (EC) (bad password)
0 -r_-r -T_-n_TestUser-ec_-w_nss SSL3 Require client auth (EC) (client auth)
0 -r_-r_-r -w_bogus_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (bad password)
0 -r_-r_-r -w_nss_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (client auth)
1 -r_-r_-r_-r -w_bogus_-n_TestUser-ec TLS Require client auth on 2nd hs (EC) (bad password)
0 -r_-r_-r_-r -w_nss_-n_TestUser-ec_ TLS Require client auth on 2nd hs (EC) (client auth)
0 -r_-r_-r -T_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
0 -r_-r_-r -T_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
1 -r_-r_-r_-r -T_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password)
0 -r_-r_-r_-r -T_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)

83
security/nss/tests/ssl/ecsslcov.txt Normal file
Просмотреть файл

@ -0,0 +1,83 @@
#
# This file enables test coverage of the various SSL ciphers
#
# NOTE: SSL2 ciphers are independent of whether TLS is enabled or not. We
# mix up the enable functions so we can tests boths paths.
#
# Enable Cipher Test Name
# TLS
#
noTLS A SSL2 RC4 128 WITH MD5
TLS B SSL2 RC4 128 EXPORT40 WITH MD5
TLS C SSL2 RC2 128 CBC WITH MD5
noTLS D SSL2 RC2 128 CBC EXPORT40 WITH MD5
TLS E SSL2 DES 64 CBC WITH MD5
noTLS F SSL2 DES 192 EDE3 CBC WITH MD5
#
# ECC ciphers (SSL3)
#
noTLS G SSL3 ECDH ECDSA WITH NULL SHA
noTLS H SSL3 ECDH ECDSA WITH RC4 128 SHA
noTLS I SSL3 ECDH ECDSA WITH DES CBC SHA
noTLS J SSL3 ECDH ECDSA WITH 3DES EDE CBC SHA
noTLS K SSL3 ECDH ECDSA WITH AES 128 CBC SHA
noTLS L SSL3 ECDH ECDSA WITH AES 256 CBC SHA
noTLS M SSL3 ECDH RSA WITH NULL SHA
noTLS N SSL3 ECDH RSA WITH RC4 128 SHA
noTLS O SSL3 ECDH RSA WITH DES CBC SHA
noTLS P SSL3 ECDH RSA WITH 3DES EDE CBC SHA
noTLS Q SSL3 ECDH RSA WITH AES 128 CBC SHA
noTLS R SSL3 ECDH RSA WITH AES 256 CBC SHA
noTLS S SSL3 ECDHE ECDSA WITH AES 128 CBC SHA
noTLS T SSL3 ECDHE RSA WITH AES 128 CBC SHA
#
# ECC ciphers (TLS)
#
TLS G TLS ECDH ECDSA WITH NULL SHA
TLS H TLS ECDH ECDSA WITH RC4 128 SHA
TLS I TLS ECDH ECDSA WITH DES CBC SHA
TLS J TLS ECDH ECDSA WITH 3DES EDE CBC SHA
TLS K TLS ECDH ECDSA WITH AES 128 CBC SHA
TLS L TLS ECDH ECDSA WITH AES 256 CBC SHA
TLS M TLS ECDH RSA WITH NULL SHA
TLS N TLS ECDH RSA WITH RC4 128 SHA
TLS O TLS ECDH RSA WITH DES CBC SHA
TLS P TLS ECDH RSA WITH 3DES EDE CBC SHA
TLS Q TLS ECDH RSA WITH AES 128 CBC SHA
TLS R TLS ECDH RSA WITH AES 256 CBC SHA
TLS S TLS ECDHE ECDSA WITH AES 128 CBC SHA
TLS T TLS ECDHE RSA WITH AES 128 CBC SHA
#
#
# noTLS a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA
# noTLS b SSL3 FORTEZZA DMS WITH RC4 128 SHA
noTLS c SSL3 RSA WITH RC4 128 MD5
noTLS d SSL3 RSA WITH 3DES EDE CBC SHA
noTLS e SSL3 RSA WITH DES CBC SHA
noTLS f SSL3 RSA EXPORT WITH RC4 40 MD5
noTLS g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5
# noTLS h SSL3 FORTEZZA DMS WITH NULL SHA
noTLS i SSL3 RSA WITH NULL MD5
noTLS j SSL3 RSA FIPS WITH 3DES EDE CBC SHA
noTLS k SSL3 RSA FIPS WITH DES CBC SHA
noTLS l SSL3 RSA EXPORT WITH DES CBC SHA (new)
noTLS m SSL3 RSA EXPORT WITH RC4 56 SHA (new)
noTLS n SSL3 RSA WITH RC4 128 SHA
noTLS v SSL3 RSA WITH AES 128 CBC SHA
noTLS y SSL3 RSA WITH AES 256 CBC SHA
noTLS z SSL3 RSA WITH NULL SHA
#
TLS c TLS RSA WITH RC4 128 MD5
TLS d TLS RSA WITH 3DES EDE CBC SHA
TLS e TLS RSA WITH DES CBC SHA
TLS f TLS RSA EXPORT WITH RC4 40 MD5
TLS g TLS RSA EXPORT WITH RC2 CBC 40 MD5
TLS i TLS RSA WITH NULL MD5
TLS j TLS RSA FIPS WITH 3DES EDE CBC SHA
TLS k TLS RSA FIPS WITH DES CBC SHA
TLS l TLS RSA EXPORT WITH DES CBC SHA (new)
TLS m TLS RSA EXPORT WITH RC4 56 SHA (new)
TLS n TLS RSA WITH RC4 128 SHA
TLS v TLS RSA WITH AES 128 CBC SHA
TLS y TLS RSA WITH AES 256 CBC SHA
TLS z TLS RSA WITH NULL SHA

24
security/nss/tests/ssl/ecsslstress.txt Normal file
Просмотреть файл

@ -0,0 +1,24 @@
#
# This file defines the tests for client auth.
#
# expected
# return server client Test Case name
# value params params
# ------ ------ ------ ---------------
0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5
0 _ -c_1000_-C_c Stress SSL3 RC4 128 with MD5
0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5
#
# ECC ciphers
# XXX Session reuse does not seem to work for ECDH-ECDSA, ECDHE-ECDSA ciphers
# but works ok for ECDHE-RSA ciphers. With session reuse turned off
# setting up 1000 connections would take too long so use only 10 connections
#
0 -c_H -c_10_-C_H_-N Stress TLS ECDH-ECDSA RC4 128 with SHA (no reuse)
0 -c_S -c_10_-C_S_-N Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
0 -c_T -c_1000_-C_T Stress TLS ECDHE-RSA AES 128 CBC with SHA
#
# add client auth versions here...
#
# 0 -r -w_bogus_-n_"Test_User" TLS Request don't require client auth (bad password)