unittest/tls/tlsunittest.cpp

0001 /**
0002  * Copyright (C)  2006  Brad Hards <bradh@frogmouth.net>
0003  *
0004  * Redistribution and use in source and binary forms, with or without
0005  * modification, are permitted provided that the following conditions
0006  * are met:
0007  *
0008  * 1. Redistributions of source code must retain the above copyright
0009  *   notice, this list of conditions and the following disclaimer.
0010  * 2. Redistributions in binary form must reproduce the above copyright
0011  *   notice, this list of conditions and the following disclaimer in the
0012  *   documentation and/or other materials provided with the distribution.
0013  *
0014  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
0015  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
0016  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
0017  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
0018  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
0019  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
0020  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
0021  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
0022  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
0023  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0024  */
0025
0026 #include <QtCrypto>
0027 #include <QtTest/QtTest>
0028
0029 #ifdef QT_STATICPLUGIN
0030 #include "import_plugins.h"
0031 #endif
0032
0033 #include <memory>
0034
0035 class TLSUnitTest : public QObject
0036 {
0037     Q_OBJECT
0038
0039 private Q_SLOTS:
0040     void initTestCase();
0041     void cleanupTestCase();
0042     void testCipherList();
0043
0044 private:
0045     QCA::Initializer *m_init;
0046 };
0047
0048 void TLSUnitTest::initTestCase()
0049 {
0050     m_init = new QCA::Initializer;
0051 }
0052
0053 void TLSUnitTest::cleanupTestCase()
0054 {
0055     delete m_init;
0056 }
0057
0058 void TLSUnitTest::testCipherList()
0059 {
0060     if (!QCA::isSupported("tls", QStringLiteral("qca-ossl")))
0061         QWARN("TLS not supported for qca-ossl");
0062     else {
0063         std::unique_ptr<QCA::TLS> tls(new QCA::TLS(QCA::TLS::Stream, nullptr, QStringLiteral("qca-ossl")));
0064         QStringList               cipherList = tls->supportedCipherSuites(QCA::TLS::TLS_v1);
0065         QVERIFY(cipherList.contains(QStringLiteral("TLS_DHE_RSA_WITH_AES_256_CBC_SHA")));
0066         QVERIFY(cipherList.contains(QStringLiteral("TLS_RSA_WITH_AES_256_CBC_SHA")));
0067         QVERIFY(cipherList.contains(QStringLiteral("TLS_DHE_RSA_WITH_AES_128_CBC_SHA")));
0068
0069         // openSUSE TW OpenSSL 1.1 does not have this
0070         // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
0071         // QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
0072         // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
0073         // QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
0074         // QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
0075         // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
0076
0077         // Fedora 26 openssl has no this cipher suites.
0078         // QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
0079         // QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") );
0080         // QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_SHA") );
0081         // QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );
0082
0083         // Fedora 20 openssl has no this cipher suites.
0084         // I just believe that F20 has the most strict patent rules
0085         // and Fedora list is the minimal default list.
0086         // It should fit for every openssl distribuition.
0087
0088         // QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_DES_CBC_SHA") );
0089         // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_DES_CBC_SHA") );
0090         // QVERIFY( cipherList.contains("TLS_RSA_WITH_DES_CBC_SHA") );
0091         // QVERIFY( cipherList.contains("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA") );
0092         // QVERIFY( cipherList.contains("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA") );
0093         // QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA") );
0094         // QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5") );
0095         // QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC4_40_MD5") );
0096
0097         // OpenSSL 1.1 in openSUSE TW has it disabled by default
0098         // cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
0099         // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
0100         // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
0101         // QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
0102         // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
0103         // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
0104         // QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
0105         // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
0106         // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
0107         // QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
0108
0109         // Fedora 22 has no SSL_RSA_WITH_RC4_128_MD5
0110         // QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );
0111
0112         // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_DES_CBC_SHA") );
0113         // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_DES_CBC_SHA") );
0114         // QVERIFY( cipherList.contains("SSL_RSA_WITH_DES_CBC_SHA") );
0115         // QVERIFY( cipherList.contains("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA") );
0116         // QVERIFY( cipherList.contains("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA") );
0117         // QVERIFY( cipherList.contains("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA") );
0118         // QVERIFY( cipherList.contains("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5") );
0119         // QVERIFY( cipherList.contains("SSL_RSA_EXPORT_WITH_RC4_40_MD5") );
0120
0121         // Debian testing (jessie) has no these ciphers. So disable them.
0122
0123         // cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v2);
0124         // QVERIFY( cipherList.contains("SSL_CK_DES_192_EDE3_CBC_WITH_MD5") );
0125         // QVERIFY( cipherList.contains("SSL_CK_RC4_128_EXPORT40_WITH_MD5") );
0126         // QVERIFY( cipherList.contains("SSL_CK_RC2_128_CBC_WITH_MD5") );
0127         // QVERIFY( cipherList.contains("SSL_CK_RC4_128_WITH_MD5") );
0128         // QVERIFY( cipherList.contains("SSL_CK_DES_64_CBC_WITH_MD5") );
0129         // QVERIFY( cipherList.contains("SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5") );
0130         // QVERIFY( cipherList.contains("SSL_CK_RC4_128_EXPORT40_WITH_MD5") );
0131     }
0132 }
0133
0134 QTEST_MAIN(TLSUnitTest)
0135
0136 #include "tlsunittest.moc"