% TLS session establishment tests # More informations at http://www.secdev.org/projects/UTscapy/ ############ ############ + TLS server automaton tests ### DISCLAIMER: Those tests are slow ### = Load server util functions ~ open_ssl_client import sys, os, re, time, multiprocessing, subprocess sys.path.append(os.path.abspath("./tls")) from travis_test_server import * def test_tls_server(suite="", version=""): msg = "TestS_" + suite + "_data" # Run server q_ = multiprocessing.Manager().Queue() th_ = multiprocessing.Process(target=run_tls_test_server, args=(msg, q_)) th_.start() # Synchronise threads q_.get() time.sleep(1) # Run client CA_f = os.path.abspath("./tls/pki/ca_cert.pem") p = subprocess.Popen("openssl s_client -cipher " + suite + " " + version + " -CAfile " + CA_f, stdout=subprocess.PIPE, universal_newlines=True, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, shell=True) msg += b"\nstop_server" out, err = p.communicate(input=msg) print out if p.returncode != 0: th_.terminate() raise RuntimeError("OpenSSL returned with error code") else: p = re.compile(r'verify return:(\d+)') _failed = False _one_success = False for match in p.finditer(out): if match.group(1).strip() != "1": _failed = True break else: _one_success = True if _failed or not _one_success: th_.terminate() raise RuntimeError("OpenSSL returned unexpected values") # Wait for server th_.join(30) if th_.is_alive(): th_.terminate() raise RuntimeError("Test timed out") # Analyse values print q_.get() assert th_.exitcode == 0 = Testing TLS server with TLS 1.0 and TLS_RSA_WITH_RC4_128_SHA ~ open_ssl_client test_tls_server("RC4-SHA", "-tls1") = Testing TLS server with TLS 1.1 and TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ~ open_ssl_client test_tls_server("EDH-RSA-DES-CBC3-SHA", "-tls1_1") = Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ~ open_ssl_client test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") = Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ~ open_ssl_client test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") + TLS client automaton tests = Load client utils functions import sys, os, threading, Queue sys.path.append(os.path.abspath("./tls")) from travis_test_client import * def perform_tls_client_test(suite, version): # Run test_tls_client in an other thread q = Queue.Queue() p = threading.Thread(target=test_tls_client, args=(suite, version, q)) p.start() # Wait for the function to end p.join() # Analyse data and return if not q.empty(): print q.get() if not q.empty(): assert q.get() == 0 else: print "ERROR: Missing one of the return value detected !" assert False = Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 perform_tls_client_test("0700c0", "0002") = Testing TLS client with SSLv3 and TLS_RSA_EXPORT_WITH_RC4_40_MD5 perform_tls_client_test("0003", "0300") = Testing TLS client with TLS 1.0 and TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA perform_tls_client_test("0088", "0301") = Testing TLS client with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA perform_tls_client_test("c013", "0302") = Testing TLS client with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 perform_tls_client_test("009e", "0303") = Testing TLS client with TLS 1.2 and TLS_ECDH_anon_WITH_RC4_128_SHA perform_tls_client_test("c016", "0303")