4
* (C) 2016 Juraj Somorovsky
6
* Botan is released under the Simplified BSD License (see license.txt)
11
#if defined(BOTAN_HAS_TLS)
12
#include <botan/tls_policy.h>
13
#include <botan/tls_exceptn.h>
16
#if defined(BOTAN_HAS_RSA)
17
#include <botan/rsa.h>
20
#if defined(BOTAN_HAS_ECDH)
21
#include <botan/ecdh.h>
24
#if defined(BOTAN_HAS_ECDSA)
25
#include <botan/ecdsa.h>
28
#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
32
#if defined(BOTAN_HAS_DSA)
33
#include <botan/dsa.h>
36
namespace Botan_Tests {
40
#if defined(BOTAN_HAS_TLS)
41
class TLS_Policy_Unit_Tests final : public Test
44
std::vector<Test::Result> run() override
46
std::vector<Test::Result> results;
48
results.push_back(test_peer_key_acceptable_rsa());
49
results.push_back(test_peer_key_acceptable_ecdh());
50
results.push_back(test_peer_key_acceptable_ecdsa());
51
results.push_back(test_peer_key_acceptable_dh());
52
results.push_back(test_peer_key_acceptable_dsa());
57
Test::Result test_peer_key_acceptable_rsa()
59
Test::Result result("TLS Policy RSA key verification");
60
#if defined(BOTAN_HAS_RSA)
61
std::unique_ptr<Botan::Private_Key> rsa_key_1024(new Botan::RSA_PrivateKey(Test::rng(), 1024));
62
Botan::TLS::Policy policy;
66
policy.check_peer_key_acceptable(*rsa_key_1024);
67
result.test_failure("Incorrectly accepting 1024 bit RSA keys");
69
catch(Botan::TLS::TLS_Exception&)
71
result.test_success("Correctly rejecting 1024 bit RSA keys");
74
std::unique_ptr<Botan::Private_Key> rsa_key_2048(new Botan::RSA_PrivateKey(Test::rng(), 2048));
75
policy.check_peer_key_acceptable(*rsa_key_2048);
76
result.test_success("Correctly accepting 2048 bit RSA keys");
81
Test::Result test_peer_key_acceptable_ecdh()
83
Test::Result result("TLS Policy ECDH key verification");
84
#if defined(BOTAN_HAS_ECDH)
85
Botan::EC_Group group_192("secp192r1");
86
std::unique_ptr<Botan::Private_Key> ecdh_192(new Botan::ECDH_PrivateKey(Test::rng(), group_192));
88
Botan::TLS::Policy policy;
91
policy.check_peer_key_acceptable(*ecdh_192);
92
result.test_failure("Incorrectly accepting 192 bit EC keys");
94
catch(Botan::TLS::TLS_Exception&)
96
result.test_success("Correctly rejecting 192 bit EC keys");
99
Botan::EC_Group group_256("secp256r1");
100
std::unique_ptr<Botan::Private_Key> ecdh_256(new Botan::ECDH_PrivateKey(Test::rng(), group_256));
101
policy.check_peer_key_acceptable(*ecdh_256);
102
result.test_success("Correctly accepting 256 bit EC keys");
107
Test::Result test_peer_key_acceptable_ecdsa()
109
Test::Result result("TLS Policy ECDSA key verification");
110
#if defined(BOTAN_HAS_ECDSA)
111
Botan::EC_Group group_192("secp192r1");
112
std::unique_ptr<Botan::Private_Key> ecdsa_192(new Botan::ECDSA_PrivateKey(Test::rng(), group_192));
114
Botan::TLS::Policy policy;
117
policy.check_peer_key_acceptable(*ecdsa_192);
118
result.test_failure("Incorrectly accepting 192 bit EC keys");
120
catch(Botan::TLS::TLS_Exception&)
122
result.test_success("Correctly rejecting 192 bit EC keys");
125
Botan::EC_Group group_256("secp256r1");
126
std::unique_ptr<Botan::Private_Key> ecdsa_256(new Botan::ECDSA_PrivateKey(Test::rng(), group_256));
127
policy.check_peer_key_acceptable(*ecdsa_256);
128
result.test_success("Correctly accepting 256 bit EC keys");
133
Test::Result test_peer_key_acceptable_dh()
135
Test::Result result("TLS Policy DH key verification");
136
#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
138
const BigInt p("58458002095536094658683755258523362961421200751439456159756164191494576279467");
139
const Botan::DL_Group grp(p, g);
140
const Botan::BigInt x("46205663093589612668746163860870963912226379131190812163519349848291472898748");
141
std::unique_ptr<Botan::Private_Key> dhkey(new Botan::DH_PrivateKey(Test::rng(), grp, x));
143
Botan::TLS::Policy policy;
146
policy.check_peer_key_acceptable(*dhkey);
147
result.test_failure("Incorrectly accepting short bit DH keys");
149
catch(Botan::TLS::TLS_Exception&)
151
result.test_success("Correctly rejecting short bit DH keys");
157
Test::Result test_peer_key_acceptable_dsa()
159
Test::Result result("TLS Policy DSA key verification");
160
#if defined(BOTAN_HAS_DSA)
161
const Botan::DL_Group grp_1024("modp/ietf/1024");
162
std::unique_ptr<Botan::Private_Key> dsa_1024(new Botan::DSA_PrivateKey(Test::rng(), grp_1024));
164
Botan::TLS::Policy policy;
167
policy.check_peer_key_acceptable(*dsa_1024);
168
result.test_failure("Incorrectly accepting short bit DSA keys");
170
catch(Botan::TLS::TLS_Exception&)
172
result.test_success("Correctly rejecting short bit DSA keys");
175
const Botan::DL_Group grp_2048("modp/ietf/2048");
176
std::unique_ptr<Botan::Private_Key> dsa_2048(new Botan::DSA_PrivateKey(Test::rng(), grp_2048));
177
policy.check_peer_key_acceptable(*dsa_2048);
178
result.test_success("Correctly accepting 2048 bit DSA keys");
186
BOTAN_REGISTER_TEST("tls_policy", TLS_Policy_Unit_Tests);