1%% 2%% %CopyrightBegin% 3%% 4%% Copyright Ericsson AB 2019-2020. All Rights Reserved. 5%% 6%% Licensed under the Apache License, Version 2.0 (the "License"); 7%% you may not use this file except in compliance with the License. 8%% You may obtain a copy of the License at 9%% 10%% http://www.apache.org/licenses/LICENSE-2.0 11%% 12%% Unless required by applicable law or agreed to in writing, software 13%% distributed under the License is distributed on an "AS IS" BASIS, 14%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15%% See the License for the specific language governing permissions and 16%% limitations under the License. 17%% 18%% %CopyrightEnd% 19%% 20 21%% 22 23-module(ssl_cipher_suite_SUITE). 24 25%% Note: This directive should only be used in test suites. 26-compile(export_all). 27 28-include_lib("common_test/include/ct.hrl"). 29 30%%-------------------------------------------------------------------- 31%% Common Test interface functions ----------------------------------- 32%%-------------------------------------------------------------------- 33all() -> 34 [ 35 {group, 'tlsv1.3'}, 36 {group, 'tlsv1.2'}, 37 {group, 'tlsv1.1'}, 38 {group, 'tlsv1'}, 39 {group, 'sslv3'}, 40 {group, 'dtlsv1.2'}, 41 {group, 'dtlsv1'} 42 ]. 43 44groups() -> 45 [ 46 {'tlsv1.3', [], tls_1_3_kex()}, 47 {'tlsv1.2', [], kex()}, 48 {'tlsv1.1', [], kex()}, 49 {'tlsv1', [], kex()}, 50 {'sslv3', [], ssl3_kex()}, 51 {'dtlsv1.2', [], kex()}, 52 {'dtlsv1', [], kex()}, 53 {dhe_rsa, [],[dhe_rsa_3des_ede_cbc, 54 dhe_rsa_aes_128_cbc, 55 dhe_rsa_aes_256_cbc, 56 dhe_rsa_chacha20_poly1305 57 ]}, 58 {ecdhe_rsa, [], [ecdhe_rsa_3des_ede_cbc, 59 ecdhe_rsa_aes_128_cbc, 60 ecdhe_rsa_aes_128_gcm, 61 ecdhe_rsa_aes_256_cbc, 62 ecdhe_rsa_aes_256_gcm, 63 ecdhe_rsa_chacha20_poly1305 64 ]}, 65 {ecdhe_1_3_rsa_cert, [], tls_1_3_cipher_suites()}, 66 {ecdhe_ecdsa, [],[ecdhe_ecdsa_rc4_128, 67 ecdhe_ecdsa_3des_ede_cbc, 68 ecdhe_ecdsa_aes_128_cbc, 69 ecdhe_ecdsa_aes_128_gcm, 70 ecdhe_ecdsa_aes_256_cbc, 71 ecdhe_ecdsa_aes_256_gcm, 72 ecdhe_ecdsa_chacha20_poly1305 73 ]}, 74 {rsa, [], [rsa_3des_ede_cbc, 75 rsa_aes_128_cbc, 76 rsa_aes_256_cbc, 77 rsa_rc4_128 78 ]}, 79 {dhe_dss, [], [dhe_dss_3des_ede_cbc, 80 dhe_dss_aes_128_cbc, 81 dhe_dss_aes_256_cbc]}, 82 {srp_rsa, [], [srp_rsa_3des_ede_cbc, 83 srp_rsa_aes_128_cbc, 84 srp_rsa_aes_256_cbc]}, 85 {srp_dss, [], [srp_dss_3des_ede_cbc, 86 srp_dss_aes_128_cbc, 87 srp_dss_aes_256_cbc]}, 88 {rsa_psk, [], [rsa_psk_3des_ede_cbc, 89 rsa_psk_rc4_128, 90 rsa_psk_aes_128_cbc, 91 rsa_psk_aes_256_cbc 92 ]}, 93 {dh_anon, [], [dh_anon_rc4_128, 94 dh_anon_3des_ede_cbc, 95 dh_anon_aes_128_cbc, 96 dh_anon_aes_128_gcm, 97 dh_anon_aes_256_cbc, 98 dh_anon_aes_256_gcm]}, 99 {ecdh_anon, [], [ecdh_anon_3des_ede_cbc, 100 ecdh_anon_aes_128_cbc, 101 ecdh_anon_aes_256_cbc 102 ]}, 103 {srp_anon, [], [srp_anon_3des_ede_cbc, 104 srp_anon_aes_128_cbc, 105 srp_anon_aes_256_cbc]}, 106 {psk, [], [psk_3des_ede_cbc, 107 psk_rc4_128, 108 psk_aes_128_cbc, 109 psk_aes_128_ccm, 110 psk_aes_128_ccm_8, 111 psk_aes_256_cbc, 112 psk_aes_256_ccm, 113 psk_aes_256_ccm_8 114 ]}, 115 {dhe_psk, [], [dhe_psk_3des_ede_cbc, 116 dhe_psk_rc4_128, 117 dhe_psk_aes_128_cbc, 118 dhe_psk_aes_128_ccm, 119 dhe_psk_aes_128_ccm_8, 120 dhe_psk_aes_256_cbc, 121 dhe_psk_aes_256_ccm, 122 dhe_psk_aes_256_ccm_8 123 ]}, 124 {ecdhe_psk, [], [ecdhe_psk_3des_ede_cbc, 125 ecdhe_psk_rc4_128, 126 ecdhe_psk_aes_128_cbc, 127 ecdhe_psk_aes_128_ccm, 128 ecdhe_psk_aes_128_ccm_8, 129 ecdhe_psk_aes_256_cbc 130 ]} 131 ]. 132 133 134tls_1_3_kex() -> 135 [{group, ecdhe_1_3_rsa_cert}]. 136 137tls_1_3_cipher_suites() -> 138 [aes_256_gcm_sha384, 139 aes_128_gcm_sha256, 140 chacha20_poly1305_sha256, 141 aes_128_ccm_sha256 142 ]. 143 144kex() -> 145 rsa() ++ ecdsa() ++ dss() ++ anonymous(). 146 147 148ssl3_kex() -> 149 ssl3_rsa() ++ ssl3_dss() ++ ssl3_anonymous(). 150 151 152rsa() -> 153 [{group, dhe_rsa}, 154 {group, ecdhe_rsa}, 155 {group, rsa}, 156 {group, srp_rsa}, 157 {group, rsa_psk} 158 ]. 159 160ssl3_rsa() -> 161 [{group, dhe_rsa}, 162 {group, rsa} 163 ]. 164 165ecdsa() -> 166 [{group, ecdhe_ecdsa}]. 167 168dss() -> 169 [{group, dhe_dss}, 170 {group, srp_dss}]. 171 172ssl3_dss() -> 173 [{group, dhe_dss} 174 ]. 175 176anonymous() -> 177 [{group, dh_anon}, 178 {group, ecdh_anon}, 179 {group, psk}, 180 {group, dhe_psk}, 181 {group, ecdhe_psk}, 182 {group, srp_anon} 183 ]. 184 185ssl3_anonymous() -> 186 [{group, dh_anon}]. 187 188 189init_per_suite(Config) -> 190 catch crypto:stop(), 191 try crypto:start() of 192 ok -> 193 ssl_test_lib:clean_start(), 194 Config 195 catch _:_ -> 196 {skip, "Crypto did not start"} 197 end. 198 199end_per_suite(_Config) -> 200 ssl:stop(), 201 application:stop(crypto). 202 203init_per_group(GroupName, Config) when GroupName == ecdhe_1_3_rsa_cert -> 204 case proplists:get_bool(ecdh, proplists:get_value(public_keys, crypto:supports())) of 205 true -> 206 init_certs(GroupName, Config); 207 false -> 208 {skip, "Missing EC crypto support"} 209 end; 210init_per_group(GroupName, Config) when GroupName == ecdh_anon; 211 GroupName == ecdhe_rsa; 212 GroupName == ecdhe_psk -> 213 case proplists:get_bool(ecdh, proplists:get_value(public_keys, crypto:supports())) of 214 true -> 215 init_certs(GroupName, Config); 216 false -> 217 {skip, "Missing EC crypto support"} 218 end; 219init_per_group(ecdhe_ecdsa = GroupName, Config) -> 220 PKAlg = proplists:get_value(public_keys, crypto:supports()), 221 case lists:member(ecdh, PKAlg) andalso lists:member(ecdsa, PKAlg) of 222 true -> 223 init_certs(GroupName, Config); 224 false -> 225 {skip, "Missing EC crypto support"} 226 end; 227init_per_group(dhe_dss = GroupName, Config) -> 228 PKAlg = proplists:get_value(public_keys, crypto:supports()), 229 case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) of 230 true -> 231 init_certs(GroupName, Config); 232 false -> 233 {skip, "Missing DSS crypto support"} 234 end; 235init_per_group(srp_dss = GroupName, Config) -> 236 PKAlg = proplists:get_value(public_keys, crypto:supports()), 237 case lists:member(dss, PKAlg) andalso lists:member(srp, PKAlg) of 238 true -> 239 init_certs(GroupName, Config); 240 false -> 241 {skip, "Missing DSS_SRP crypto support"} 242 end; 243init_per_group(GroupName, Config) when GroupName == srp_anon; 244 GroupName == srp_rsa -> 245 PKAlg = proplists:get_value(public_keys, crypto:supports()), 246 case lists:member(srp, PKAlg) of 247 true -> 248 init_certs(GroupName, Config); 249 false -> 250 {skip, "Missing SRP crypto support"} 251 end; 252init_per_group(dhe_psk = GroupName, Config) -> 253 PKAlg = proplists:get_value(public_keys, crypto:supports()), 254 case lists:member(dh, PKAlg) of 255 true -> 256 init_certs(GroupName, Config); 257 false -> 258 {skip, "Missing SRP crypto support"} 259 end; 260init_per_group(GroupName, Config0) -> 261 case ssl_test_lib:is_tls_version(GroupName) of 262 true -> 263 ssl_test_lib:init_tls_version(GroupName, end_per_group(GroupName, Config0)); 264 false -> 265 init_certs(GroupName, Config0) 266 end. 267 268end_per_group(GroupName, Config) -> 269 case ssl_test_lib:is_tls_version(GroupName) of 270 true -> 271 ssl_test_lib:clean_tls_version(Config); 272 false -> 273 Config 274 end. 275 276init_per_testcase(TestCase, Config) when TestCase == psk_3des_ede_cbc; 277 TestCase == srp_anon_3des_ede_cbc; 278 TestCase == dhe_psk_3des_ede_cbc; 279 TestCase == ecdhe_psk_3des_ede_cbc; 280 TestCase == srp_rsa_3des_ede_cbc; 281 TestCase == srp_dss_3des_ede_cbc; 282 TestCase == rsa_psk_3des_ede_cbc; 283 TestCase == rsa_3des_ede_cbc; 284 TestCase == dhe_rsa_3des_ede_cbc; 285 TestCase == dhe_dss_3des_ede_cbc; 286 TestCase == ecdhe_rsa_3des_ede_cbc; 287 TestCase == srp_anon_dss_3des_ede_cbc; 288 TestCase == dh_anon_3des_ede_cbc; 289 TestCase == ecdh_anon_3des_ede_cbc; 290 TestCase == ecdhe_ecdsa_3des_ede_cbc -> 291 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 292 case lists:member(des_ede3, SupCiphers) of 293 true -> 294 ct:timetrap({seconds, 5}), 295 Config; 296 _ -> 297 {skip, "Missing 3DES crypto support"} 298 end; 299init_per_testcase(TestCase, Config) when TestCase == psk_rc4_128; 300 TestCase == ecdhe_psk_rc4_128; 301 TestCase == dhe_psk_rc4_128; 302 TestCase == rsa_psk_rc4_128; 303 TestCase == rsa_rc4_128; 304 TestCase == ecdhe_rsa_rc4_128; 305 TestCase == ecdhe_ecdsa_rc4_128; 306 TestCase == dh_anon_rc4_128 -> 307 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 308 case lists:member(rc4, SupCiphers) of 309 true -> 310 ct:timetrap({seconds, 5}), 311 Config; 312 _ -> 313 {skip, "Missing RC4 crypto support"} 314 end; 315init_per_testcase(TestCase, Config) when TestCase == psk_aes_128_ccm_8; 316 TestCase == rsa_psk_aes_128_ccm_8; 317 TestCase == psk_aes_128_ccm_8; 318 TestCase == dhe_psk_aes_128_ccm_8; 319 TestCase == ecdhe_psk_aes_128_ccm_8 -> 320 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 321 case lists:member(aes_128_ccm, SupCiphers) of 322 true -> 323 ct:timetrap({seconds, 5}), 324 Config; 325 _ -> 326 {skip, "Missing AES_128_CCM crypto support"} 327 end; 328init_per_testcase(TestCase, Config) when TestCase == psk_aes_256_ccm_8; 329 TestCase == rsa_psk_aes_256_ccm_8; 330 TestCase == psk_aes_256_ccm_8; 331 TestCase == dhe_psk_aes_256_ccm_8; 332 TestCase == ecdhe_psk_aes_256_ccm_8 -> 333 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 334 case lists:member(aes_256_ccm, SupCiphers) of 335 true -> 336 ct:timetrap({seconds, 5}), 337 Config; 338 _ -> 339 {skip, "Missing AES_256_CCM crypto support"} 340 end; 341init_per_testcase(aes_256_gcm_sha384, Config) -> 342 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 343 SupHashs = proplists:get_value(hashs, crypto:supports()), 344 case (lists:member(aes_256_gcm, SupCiphers)) andalso 345 (lists:member(sha384, SupHashs)) 346 of 347 true -> 348 ct:timetrap({seconds, 5}), 349 Config; 350 _ -> 351 {skip, "Missing AES_256_GCM_SHA384 crypto support"} 352 end; 353init_per_testcase(aes_128_gcm_sha256, Config) -> 354 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 355 SupHashs = proplists:get_value(hashs, crypto:supports()), 356 case (lists:member(aes_256_gcm, SupCiphers)) andalso 357 (lists:member(sha256, SupHashs)) 358 of 359 true -> 360 ct:timetrap({seconds, 5}), 361 Config; 362 _ -> 363 {skip, "Missing AES_128_GCM_SHA256 crypto support"} 364 end; 365init_per_testcase(chacha20_poly1305_sha256, Config) -> 366 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 367 SupHashs = proplists:get_value(hashs, crypto:supports()), 368 case (lists:member(chacha20_poly1305, SupCiphers)) andalso 369 (lists:member(sha256, SupHashs)) 370 of 371 true -> 372 ct:timetrap({seconds, 5}), 373 Config; 374 _ -> 375 {skip, "Missing chacha20_poly1305_sha256 crypto support"} 376 end; 377init_per_testcase(aes_128_ccm_sha256, Config) -> 378 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 379 SupHashs = proplists:get_value(hashs, crypto:supports()), 380 case (lists:member(aes_128_ccm, SupCiphers)) andalso 381 (lists:member(sha256, SupHashs)) of 382 true -> 383 ct:timetrap({seconds, 5}), 384 Config; 385 _ -> 386 {skip, "Missing AES_128_CCM_SHA256 crypto support"} 387 end; 388init_per_testcase(TestCase, Config) -> 389 Cipher = ssl_test_lib:test_cipher(TestCase, Config), 390 SupCiphers = proplists:get_value(ciphers, crypto:supports()), 391 case lists:member(Cipher, SupCiphers) of 392 true -> 393 ct:timetrap({seconds, 5}), 394 Config; 395 _ -> 396 {skip, {Cipher, SupCiphers}} 397 end. 398 399end_per_testcase(_TestCase, Config) -> 400 Config. 401 402%%-------------------------------------------------------------------- 403%% Initializtion ------------------------------------------ 404%%-------------------------------------------------------------------- 405init_certs(srp_rsa, Config) -> 406 DefConf = ssl_test_lib:default_cert_chain_conf(), 407 CertChainConf = ssl_test_lib:gen_conf(rsa, rsa, DefConf, DefConf), 408 #{server_config := ServerOpts, 409 client_config := ClientOpts} 410 = public_key:pkix_test_data(CertChainConf), 411 [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}} | ServerOpts], 412 client_config => [{srp_identity, {"Test-User", "secret"}} | ClientOpts]}} | 413 proplists:delete(tls_config, Config)]; 414init_certs(srp_anon, Config) -> 415 [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}}], 416 client_config => [{srp_identity, {"Test-User", "secret"}}]}} | 417 proplists:delete(tls_config, Config)]; 418init_certs(rsa_psk, Config) -> 419 ClientExt = x509_test:extensions([{key_usage, [digitalSignature, keyEncipherment]}]), 420 {ClientOpts, ServerOpts} = ssl_test_lib:make_rsa_cert_chains([{server_chain, 421 [[],[],[{extensions, ClientExt}]]}], 422 Config, "_peer_keyEncipherment"), 423 PskSharedSecret = <<1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, 424 [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}} | ServerOpts], 425 client_config => [{psk_identity, "Test-User"}, 426 {user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}} | ClientOpts]}} | 427 proplists:delete(tls_config, Config)]; 428init_certs(rsa, Config) -> 429 ClientExt = x509_test:extensions([{key_usage, [digitalSignature, keyEncipherment]}]), 430 {ClientOpts, ServerOpts} = ssl_test_lib:make_rsa_cert_chains([{server_chain, 431 [[],[],[{extensions, ClientExt}]]}], 432 Config, "_peer_keyEncipherment"), 433 [{tls_config, #{server_config => ServerOpts, 434 client_config => ClientOpts}} | 435 proplists:delete(tls_config, Config)]; 436init_certs(ecdhe_1_3_rsa_cert, Config) -> 437 ClientExt = x509_test:extensions([{key_usage, [digitalSignature]}]), 438 {ClientOpts, ServerOpts} = ssl_test_lib:make_rsa_cert_chains([{server_chain, 439 [[],[],[{extensions, ClientExt}]]}], 440 Config, "_peer_rsa_digitalsign"), 441 [{tls_config, #{server_config => ServerOpts, 442 client_config => ClientOpts}} | 443 proplists:delete(tls_config, Config)]; 444init_certs(dhe_dss, Config) -> 445 DefConf = ssl_test_lib:default_cert_chain_conf(), 446 CertChainConf = ssl_test_lib:gen_conf(dsa, dsa, DefConf, DefConf), 447 #{server_config := ServerOpts, 448 client_config := ClientOpts} 449 = public_key:pkix_test_data(CertChainConf), 450 [{tls_config, #{server_config => ServerOpts, 451 client_config => ClientOpts}} | 452 proplists:delete(tls_config, Config)]; 453init_certs(srp_dss, Config) -> 454 DefConf = ssl_test_lib:default_cert_chain_conf(), 455 CertChainConf = ssl_test_lib:gen_conf(dsa, dsa, DefConf, DefConf), 456 #{server_config := ServerOpts, 457 client_config := ClientOpts} 458 = public_key:pkix_test_data(CertChainConf), 459 [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}} | ServerOpts], 460 client_config => [{srp_identity, {"Test-User", "secret"}} | ClientOpts]}} | 461 proplists:delete(tls_config, Config)]; 462init_certs(GroupName, Config) when GroupName == dhe_rsa; 463 GroupName == ecdhe_rsa -> 464 DefConf = ssl_test_lib:default_cert_chain_conf(), 465 CertChainConf = ssl_test_lib:gen_conf(rsa, rsa, DefConf, DefConf), 466 #{server_config := ServerOpts, 467 client_config := ClientOpts} 468 = public_key:pkix_test_data(CertChainConf), 469 [{tls_config, #{server_config => ServerOpts, 470 client_config => ClientOpts}} | 471 proplists:delete(tls_config, Config)]; 472init_certs(GroupName, Config) when GroupName == dhe_ecdsa; 473 GroupName == ecdhe_ecdsa -> 474 DefConf = ssl_test_lib:default_cert_chain_conf(), 475 CertChainConf = ssl_test_lib:gen_conf(ecdsa, ecdsa, DefConf, DefConf), 476 #{server_config := ServerOpts, 477 client_config := ClientOpts} 478 = public_key:pkix_test_data(CertChainConf), 479 [{tls_config, #{server_config => ServerOpts, 480 client_config => ClientOpts}} | 481 proplists:delete(tls_config, Config)]; 482init_certs(GroupName, Config) when GroupName == psk; 483 GroupName == dhe_psk; 484 GroupName == ecdhe_psk -> 485 PskSharedSecret = <<1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, 486 [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}}], 487 client_config => [{psk_identity, "Test-User"}, 488 {user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}}]}} | 489 proplists:delete(tls_config, Config)]; 490init_certs(srp, Config) -> 491 [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}}], 492 client_config => [{srp_identity, {"Test-User", "secret"}}]}} | 493 proplists:delete(tls_config, Config)]; 494init_certs(_GroupName, Config) -> 495 %% Anonymous does not need certs 496 [{tls_config, #{server_config => [], 497 client_config => []}} | 498 proplists:delete(tls_config, Config)]. 499 500%%-------------------------------------------------------------------- 501%% Test Cases -------------------------------------------------------- 502%%-------------------------------------------------------------------- 503 504aes_256_gcm_sha384(Config) when is_list(Config)-> 505 Version = ssl_test_lib:protocol_version(Config), 506 cipher_suite_test(ssl:str_to_suite("TLS_AES_256_GCM_SHA384"), Version, Config). 507 508aes_128_gcm_sha256(Config) when is_list(Config) -> 509 Version = ssl_test_lib:protocol_version(Config), 510 cipher_suite_test(ssl:str_to_suite("TLS_AES_128_GCM_SHA256"), Version, Config). 511 512chacha20_poly1305_sha256(Config) when is_list(Config) -> 513 Version = ssl_test_lib:protocol_version(Config), 514 cipher_suite_test(ssl:str_to_suite("TLS_CHACHA20_POLY1305_SHA256"), Version, Config). 515 516aes_128_ccm_sha256(Config) when is_list(Config) -> 517 Version = ssl_test_lib:protocol_version(Config), 518 cipher_suite_test(ssl:str_to_suite("TLS_AES_128_CCM_SHA256"), Version, Config). 519 520%%-------------------------------------------------------------------- 521%% SRP -------------------------------------------------------- 522%%-------------------------------------------------------------------- 523srp_rsa_3des_ede_cbc(Config) when is_list(Config) -> 524 run_ciphers_test(srp_rsa, '3des_ede_cbc', Config). 525 526srp_rsa_aes_128_cbc(Config) when is_list(Config) -> 527 run_ciphers_test(srp_rsa, 'aes_128_cbc', Config). 528 529srp_rsa_aes_256_cbc(Config) when is_list(Config) -> 530 run_ciphers_test(srp_rsa, 'aes_256_cbc', Config). 531 532srp_dss_3des_ede_cbc(Config) when is_list(Config) -> 533 run_ciphers_test(srp_dss, '3des_ede_cbc', Config). 534 535srp_dss_aes_128_cbc(Config) when is_list(Config) -> 536 run_ciphers_test(srp_dss, 'aes_128_cbc', Config). 537 538srp_dss_aes_256_cbc(Config) when is_list(Config) -> 539 run_ciphers_test(srp_dss, 'aes_256_cbc', Config). 540 541%%-------------------------------------------------------------------- 542%% PSK -------------------------------------------------------- 543%%-------------------------------------------------------------------- 544rsa_psk_3des_ede_cbc(Config) when is_list(Config) -> 545 run_ciphers_test(rsa_psk, '3des_ede_cbc', Config). 546 547rsa_psk_aes_128_cbc(Config) when is_list(Config) -> 548 run_ciphers_test(rsa_psk, 'aes_128_cbc', Config). 549 550rsa_psk_aes_128_ccm(Config) when is_list(Config) -> 551 run_ciphers_test(rsa_psk, 'aes_128_ccm', Config). 552 553rsa_psk_aes_128_ccm_8(Config) when is_list(Config) -> 554 run_ciphers_test(rsa_psk, 'aes_128_ccm_8', Config). 555 556rsa_psk_aes_256_cbc(Config) when is_list(Config) -> 557 run_ciphers_test(rsa_psk, 'aes_256_cbc', Config). 558 559rsa_psk_aes_256_ccm(Config) when is_list(Config) -> 560 run_ciphers_test(rsa_psk, 'aes_256_ccm', Config). 561 562rsa_psk_aes_256_ccm_8(Config) when is_list(Config) -> 563 run_ciphers_test(rsa_psk, 'aes_256_ccm_8', Config). 564 565rsa_psk_rc4_128(Config) when is_list(Config) -> 566 run_ciphers_test(rsa_psk, 'rc4_128', Config). 567 568%%-------------------------------------------------------------------- 569%% RSA -------------------------------------------------------- 570%%-------------------------------------------------------------------- 571rsa_des_cbc(Config) when is_list(Config) -> 572 run_ciphers_test(rsa, 'des_cbc', Config). 573 574rsa_3des_ede_cbc(Config) when is_list(Config) -> 575 run_ciphers_test(rsa, '3des_ede_cbc', Config). 576 577rsa_aes_128_cbc(Config) when is_list(Config) -> 578 run_ciphers_test(rsa, 'aes_128_cbc', Config). 579 580rsa_aes_256_cbc(Config) when is_list(Config) -> 581 run_ciphers_test(rsa, 'aes_256_cbc', Config). 582 583rsa_aes_128_gcm(Config) when is_list(Config) -> 584 run_ciphers_test(rsa, 'aes_128_gcm', Config). 585 586rsa_aes_256_gcm(Config) when is_list(Config) -> 587 run_ciphers_test(rsa, 'aes_256_gcm', Config). 588 589rsa_rc4_128(Config) when is_list(Config) -> 590 run_ciphers_test(rsa, 'rc4_128', Config). 591%%-------------------------------------------------------------------- 592%% DHE_RSA -------------------------------------------------------- 593%%-------------------------------------------------------------------- 594dhe_rsa_3des_ede_cbc(Config) when is_list(Config) -> 595 run_ciphers_test(dhe_rsa, '3des_ede_cbc', Config). 596 597dhe_rsa_aes_128_cbc(Config) when is_list(Config) -> 598 run_ciphers_test(dhe_rsa, 'aes_128_cbc', Config). 599 600dhe_rsa_aes_128_gcm(Config) when is_list(Config) -> 601 run_ciphers_test(dhe_rsa, 'aes_128_gcm', Config). 602 603dhe_rsa_aes_256_cbc(Config) when is_list(Config) -> 604 run_ciphers_test(dhe_rsa, 'aes_256_cbc', Config). 605 606dhe_rsa_aes_256_gcm(Config) when is_list(Config) -> 607 run_ciphers_test(dhe_rsa, 'aes_256_gcm', Config). 608 609dhe_rsa_chacha20_poly1305(Config) when is_list(Config) -> 610 run_ciphers_test(dhe_rsa, 'chacha20_poly1305', Config). 611%%-------------------------------------------------------------------- 612%% ECDHE_RSA -------------------------------------------------------- 613%%-------------------------------------------------------------------- 614ecdhe_rsa_3des_ede_cbc(Config) when is_list(Config) -> 615 run_ciphers_test(ecdhe_rsa, '3des_ede_cbc', Config). 616 617ecdhe_rsa_aes_128_cbc(Config) when is_list(Config) -> 618 run_ciphers_test(ecdhe_rsa, 'aes_128_cbc', Config). 619 620ecdhe_rsa_aes_128_gcm(Config) when is_list(Config) -> 621 run_ciphers_test(ecdhe_rsa, 'aes_128_gcm', Config). 622 623ecdhe_rsa_aes_256_cbc(Config) when is_list(Config) -> 624 run_ciphers_test(ecdhe_rsa, 'aes_256_cbc', Config). 625 626ecdhe_rsa_aes_256_gcm(Config) when is_list(Config) -> 627 run_ciphers_test(ecdhe_rsa, 'aes_256_gcm', Config). 628 629ecdhe_rsa_rc4_128(Config) when is_list(Config) -> 630 run_ciphers_test(ecdhe_rsa, 'rc4_128', Config). 631 632ecdhe_rsa_chacha20_poly1305(Config) when is_list(Config) -> 633 run_ciphers_test(ecdhe_rsa, 'chacha20_poly1305', Config). 634 635%%-------------------------------------------------------------------- 636%% ECDHE_ECDSA -------------------------------------------------------- 637%%-------------------------------------------------------------------- 638ecdhe_ecdsa_rc4_128(Config) when is_list(Config) -> 639 run_ciphers_test(ecdhe_ecdsa, 'rc4_128', Config). 640 641ecdhe_ecdsa_3des_ede_cbc(Config) when is_list(Config) -> 642 run_ciphers_test(ecdhe_ecdsa, '3des_ede_cbc', Config). 643 644ecdhe_ecdsa_aes_128_cbc(Config) when is_list(Config) -> 645 run_ciphers_test(ecdhe_ecdsa, 'aes_128_cbc', Config). 646 647ecdhe_ecdsa_aes_128_gcm(Config) when is_list(Config) -> 648 run_ciphers_test(ecdhe_ecdsa, 'aes_128_gcm', Config). 649 650ecdhe_ecdsa_aes_256_cbc(Config) when is_list(Config) -> 651 run_ciphers_test(ecdhe_ecdsa, 'aes_256_cbc', Config). 652 653ecdhe_ecdsa_aes_256_gcm(Config) when is_list(Config) -> 654 run_ciphers_test(ecdhe_ecdsa, 'aes_256_gcm', Config). 655 656ecdhe_ecdsa_chacha20_poly1305(Config) when is_list(Config) -> 657 run_ciphers_test(ecdhe_ecdsa, 'chacha20_poly1305', Config). 658%%-------------------------------------------------------------------- 659%% DHE_DSS -------------------------------------------------------- 660%%-------------------------------------------------------------------- 661dhe_dss_des_cbc(Config) when is_list(Config) -> 662 run_ciphers_test(dhe_dss, 'des_cbc', Config). 663 664dhe_dss_3des_ede_cbc(Config) when is_list(Config) -> 665 run_ciphers_test(dhe_dss, '3des_ede_cbc', Config). 666 667dhe_dss_aes_128_cbc(Config) when is_list(Config) -> 668 run_ciphers_test(dhe_dss, 'aes_128_cbc', Config). 669 670dhe_dss_aes_256_cbc(Config) when is_list(Config) -> 671 run_ciphers_test(dhe_dss, 'aes_256_cbc', Config). 672 673dhe_dss_aes_128_gcm(Config) when is_list(Config) -> 674 run_ciphers_test(dhe_dss, 'aes_128_gcm', Config). 675 676dhe_dss_aes_256_gcm(Config) when is_list(Config) -> 677 run_ciphers_test(dhe_dss, 'aes_256_gcm', Config). 678 679%%-------------------------------------------------------------------- 680%% Anonymous -------------------------------------------------------- 681%%-------------------------------------------------------------------- 682dh_anon_3des_ede_cbc(Config) when is_list(Config) -> 683 run_ciphers_test(dh_anon, '3des_ede_cbc', Config). 684 685dh_anon_aes_128_cbc(Config) when is_list(Config) -> 686 run_ciphers_test(dh_anon, 'aes_128_cbc', Config). 687 688dh_anon_aes_128_gcm(Config) when is_list(Config) -> 689 run_ciphers_test(dh_anon, 'aes_128_gcm', Config). 690 691dh_anon_aes_256_cbc(Config) when is_list(Config) -> 692 run_ciphers_test(dh_anon, 'aes_256_cbc', Config). 693 694dh_anon_aes_256_gcm(Config) when is_list(Config) -> 695 run_ciphers_test(dh_anon, 'aes_256_gcm', Config). 696 697dh_anon_rc4_128(Config) when is_list(Config) -> 698 run_ciphers_test(dh_anon, 'rc4_128', Config). 699 700ecdh_anon_3des_ede_cbc(Config) when is_list(Config) -> 701 run_ciphers_test(ecdh_anon, '3des_ede_cbc', Config). 702 703ecdh_anon_aes_128_cbc(Config) when is_list(Config) -> 704 run_ciphers_test(ecdh_anon, 'aes_128_cbc', Config). 705 706ecdh_anon_aes_256_cbc(Config) when is_list(Config) -> 707 run_ciphers_test(ecdh_anon, 'aes_256_cbc', Config). 708 709srp_anon_3des_ede_cbc(Config) when is_list(Config) -> 710 run_ciphers_test(srp_anon, '3des_ede_cbc', Config). 711 712srp_anon_aes_128_cbc(Config) when is_list(Config) -> 713 run_ciphers_test(srp_anon, 'aes_128_cbc', Config). 714 715srp_anon_aes_256_cbc(Config) when is_list(Config) -> 716 run_ciphers_test(srp_anon, 'aes_256_cbc', Config). 717 718dhe_psk_des_cbc(Config) when is_list(Config) -> 719 run_ciphers_test(dhe_psk, 'des_cbc', Config). 720 721dhe_psk_rc4_128(Config) when is_list(Config) -> 722 run_ciphers_test(dhe_psk, 'rc4_128', Config). 723 724dhe_psk_3des_ede_cbc(Config) when is_list(Config) -> 725 run_ciphers_test(dhe_psk, '3des_ede_cbc', Config). 726 727dhe_psk_aes_128_cbc(Config) when is_list(Config) -> 728 run_ciphers_test(dhe_psk, 'aes_128_cbc', Config). 729 730dhe_psk_aes_256_cbc(Config) when is_list(Config) -> 731 run_ciphers_test(dhe_psk, 'aes_256_cbc', Config). 732 733dhe_psk_aes_128_gcm(Config) when is_list(Config) -> 734 run_ciphers_test(dhe_psk, 'aes_128_gcm', Config). 735 736dhe_psk_aes_256_gcm(Config) when is_list(Config) -> 737 run_ciphers_test(dhe_psk, 'aes_256_gcm', Config). 738 739dhe_psk_aes_128_ccm(Config) when is_list(Config) -> 740 run_ciphers_test(dhe_psk, 'aes_128_ccm', Config). 741 742dhe_psk_aes_256_ccm(Config) when is_list(Config) -> 743 run_ciphers_test(dhe_psk, 'aes_256_ccm', Config). 744 745dhe_psk_aes_128_ccm_8(Config) when is_list(Config) -> 746 run_ciphers_test(dhe_psk, 'aes_128_ccm_8', Config). 747 748dhe_psk_aes_256_ccm_8(Config) when is_list(Config) -> 749 run_ciphers_test(dhe_psk, 'aes_256_ccm_8', Config). 750 751ecdhe_psk_des_cbc(Config) when is_list(Config) -> 752 run_ciphers_test(ecdhe_psk, 'des_cbc', Config). 753 754ecdhe_psk_rc4_128(Config) when is_list(Config) -> 755 run_ciphers_test(ecdhe_psk, 'rc4_128', Config). 756 757ecdhe_psk_3des_ede_cbc(Config) when is_list(Config) -> 758 run_ciphers_test(ecdhe_psk, '3des_ede_cbc', Config). 759 760ecdhe_psk_aes_128_cbc(Config) when is_list(Config) -> 761 run_ciphers_test(ecdhe_psk, 'aes_128_cbc', Config). 762 763ecdhe_psk_aes_256_cbc(Config) when is_list(Config) -> 764 run_ciphers_test(ecdhe_psk, 'aes_256_cbc', Config). 765 766ecdhe_psk_aes_128_gcm(Config) when is_list(Config) -> 767 run_ciphers_test(ecdhe_psk, 'aes_128_gcm', Config). 768 769ecdhe_psk_aes_256_gcm(Config) when is_list(Config) -> 770 run_ciphers_test(ecdhe_psk, 'aes_256_gcm', Config). 771 772ecdhe_psk_aes_128_ccm(Config) when is_list(Config) -> 773 run_ciphers_test(ecdhe_psk, 'aes_128_ccm', Config). 774 775ecdhe_psk_aes_128_ccm_8(Config) when is_list(Config) -> 776 run_ciphers_test(ecdhe_psk, 'aes_128_ccm_8', Config). 777 778psk_des_cbc(Config) when is_list(Config) -> 779 run_ciphers_test(psk, 'des_cbc', Config). 780 781psk_rc4_128(Config) when is_list(Config) -> 782 run_ciphers_test(psk, 'rc4_128', Config). 783 784psk_3des_ede_cbc(Config) when is_list(Config) -> 785 run_ciphers_test(psk, '3des_ede_cbc', Config). 786 787psk_aes_128_cbc(Config) when is_list(Config) -> 788 run_ciphers_test(psk, 'aes_128_cbc', Config). 789 790psk_aes_256_cbc(Config) when is_list(Config) -> 791 run_ciphers_test(psk, 'aes_256_cbc', Config). 792 793psk_aes_128_gcm(Config) when is_list(Config) -> 794 run_ciphers_test(psk, 'aes_128_gcm', Config). 795 796psk_aes_256_gcm(Config) when is_list(Config) -> 797 run_ciphers_test(psk, 'aes_256_gcm', Config). 798 799psk_aes_128_ccm(Config) when is_list(Config) -> 800 run_ciphers_test(psk, 'aes_128_ccm', Config). 801 802psk_aes_256_ccm(Config) when is_list(Config) -> 803 run_ciphers_test(psk, 'aes_256_ccm', Config). 804 805psk_aes_128_ccm_8(Config) when is_list(Config) -> 806 run_ciphers_test(psk, 'aes_128_ccm_8', Config). 807 808psk_aes_256_ccm_8(Config) when is_list(Config) -> 809 run_ciphers_test(psk, 'aes_256_ccm_8', Config). 810 811%%-------------------------------------------------------------------- 812%% Internal functions ---------------------------------------------- 813%%-------------------------------------------------------------------- 814run_ciphers_test(Kex, Cipher, Config) -> 815 Version = ssl_test_lib:protocol_version(Config), 816 TestCiphers = test_ciphers(Kex, Cipher, Version), 817 818 case TestCiphers of 819 [_|_] -> 820 lists:foreach(fun(TestCipher) -> 821 cipher_suite_test(TestCipher, Version, Config) 822 end, TestCiphers); 823 [] -> 824 {skip, {not_sup, Kex, Cipher, Version}} 825 end. 826 827cipher_suite_test(ErlangCipherSuite, Version, Config) -> 828 #{server_config := SOpts, 829 client_config := COpts} = proplists:get_value(tls_config, Config), 830 ServerOpts = ssl_test_lib:ssl_options(SOpts, Config), 831 ClientOpts = ssl_test_lib:ssl_options(COpts, Config), 832 ct:log("Testing CipherSuite ~p~n", [ErlangCipherSuite]), 833 ct:log("Server Opts ~p~n", [ServerOpts]), 834 ct:log("Client Opts ~p~n", [ClientOpts]), 835 {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), 836 837 ConnectionInfo = {ok, {Version, ErlangCipherSuite}}, 838 839 Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 840 {from, self()}, 841 {mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}}, 842 {options, [{versions, [Version]}, {ciphers, [ErlangCipherSuite]} | ServerOpts]}]), 843 Port = ssl_test_lib:inet_port(Server), 844 Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 845 {host, Hostname}, 846 {from, self()}, 847 {mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}}, 848 {options, [{versions, [Version]}, {ciphers, [ErlangCipherSuite]} | 849 ClientOpts]}]), 850 851 ssl_test_lib:check_result(Server, ok, Client, ok), 852 853 ssl_test_lib:close(Server), 854 ssl_test_lib:close(Client). 855 856 857test_ciphers(Kex, Cipher, Version) -> 858 ssl:filter_cipher_suites(ssl:cipher_suites(all, Version) ++ ssl:cipher_suites(anonymous, Version), 859 [{key_exchange, 860 fun(Kex0) when Kex0 == Kex -> true; 861 (_) -> false 862 end}, 863 {cipher, 864 fun(Cipher0) when Cipher0 == Cipher -> true; 865 (_) -> false 866 end}]). 867 868 869