Use openssl bindings instead of builtins crypto/tls for cipher testsuite

2015-07-29 21:19:16 +02:00 · 2015-07-29 21:19:16 +02:00 · 00311952b5
parent f322f22d2a
commit 00311952b5
1 changed files with 28 additions and 54 deletions
--- a/testsuite/ciphers.go
+++ b/testsuite/ciphers.go
@ -1,8 +1,8 @@
 package testsuite

 import (
-	"crypto/tls"
 	"github.com/nemunaire/eyespot"
+	"github.com/spacemonkeygo/openssl"
 )

 type Ciphers struct {}
@ -14,69 +14,43 @@ func (Ciphers) GetTestDescription() string {
 func (test Ciphers) Run(protocol string, host string) (map[string]eyespot.Result, error) {
 	var results = map[string]eyespot.Result{}

-	for _, c := range []uint16{
-		tls.TLS_RSA_WITH_RC4_128_SHA,
-		tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-		tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-		tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-		tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-		tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	for _, c := range []string{
+		"RC4-SHA",
+		"DES-CBC3-SHA",
+		"AES128-SHA",
+		"AES256-SHA",
+		"ECDHE-ECDSA-RC4-SHA",
+		"ECDHE-ECDSA-AES128-SHA",
+		"ECDHE-ECDSA-AES256-SHA",
+		"ECDHE-RSA-RC4-SHA",
+		"ECDHE-RSA-DES-CBC3-SHA",
+		"ECDHE-RSA-AES128-SHA",
+		"ECDHE-RSA-AES256-SHA",
+		"ECDHE-RSA-AES128-GCM-SHA256",
+		"ECDHE-ECDSA-AES128-GCM-SHA256",
 	} {
 		if r, err := cipher_test(protocol, host, c); err != nil {
 			return results, err
 		} else {
-			var cstr string
-
-			switch c {
-			case tls.TLS_RSA_WITH_RC4_128_SHA:
-				cstr = "TLS_RSA_WITH_RC4_128_SHA"
-			case tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
-				cstr = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
-			case tls.TLS_RSA_WITH_AES_128_CBC_SHA:
-				cstr = "TLS_RSA_WITH_AES_128_CBC_SHA"
-			case tls.TLS_RSA_WITH_AES_256_CBC_SHA:
-				cstr = "TLS_RSA_WITH_AES_256_CBC_SHA"
-			case tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
-				cstr = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
-			case tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
-				cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
-			case tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
-				cstr = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
-			case tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
-				cstr = "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
-			case tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
-				cstr = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
-			case tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
-				cstr = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
-			case tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
-				cstr = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
-			case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
-				cstr = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
-			case tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
-				cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
-			default:
-				cstr = ""
-			}
-
-			results[cstr] = eyespot.Result{r}
+			results[c] = eyespot.Result{r}
 		}
 	}

 	return results, nil
 }

-func cipher_test(protocol string, host string, cipher uint16) (bool, error) {
-	conn, err := tls.Dial(protocol, host, &tls.Config{
-		CipherSuites: []uint16{cipher},
-		InsecureSkipVerify: true,
-	})
+func cipher_test(protocol string, host string, cipher string) (bool, error) {
+	ctx, err := openssl.NewCtx()
+
+	if err != nil {
+		return false, err
+	}
+
+	if err := ctx.SetCipherList(cipher); err != nil {
+		return false, err
+	}
+
+	conn, err := openssl.Dial(protocol, host, ctx, openssl.InsecureSkipHostVerification)
 	if err != nil {
 		return false, nil
 	}