nemunaire
/
eyespot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use openssl bindings instead of builtins crypto/tls for cipher testsuite

This commit is contained in:
nemunaire 2015-07-29 21:19:16 +02:00
parent f322f22d2a
commit 00311952b5
1 changed files with 28 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
testsuite/ciphers.go
View File

@ -1,8 +1,8 @@
package testsuite package testsuite
import ( import (
"crypto/tls"
"github.com/nemunaire/eyespot" "github.com/nemunaire/eyespot"
"github.com/spacemonkeygo/openssl"
) )
type Ciphers struct {} type Ciphers struct {}
@ -14,69 +14,43 @@ func (Ciphers) GetTestDescription() string {
func (test Ciphers) Run(protocol string, host string) (map[string]eyespot.Result, error) { func (test Ciphers) Run(protocol string, host string) (map[string]eyespot.Result, error) {
var results = map[string]eyespot.Result{} var results = map[string]eyespot.Result{}
for _, c := range []uint16{ for _, c := range []string{
tls.TLS_RSA_WITH_RC4_128_SHA, "RC4-SHA",
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, "DES-CBC3-SHA",
tls.TLS_RSA_WITH_AES_128_CBC_SHA, "AES128-SHA",
tls.TLS_RSA_WITH_AES_256_CBC_SHA, "AES256-SHA",
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "ECDHE-ECDSA-RC4-SHA",
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "ECDHE-ECDSA-AES128-SHA",
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "ECDHE-ECDSA-AES256-SHA",
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "ECDHE-RSA-RC4-SHA",
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "ECDHE-RSA-DES-CBC3-SHA",
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "ECDHE-RSA-AES128-SHA",
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "ECDHE-RSA-AES256-SHA",
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "ECDHE-RSA-AES128-GCM-SHA256",
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "ECDHE-ECDSA-AES128-GCM-SHA256",
} { } {
if r, err := cipher_test(protocol, host, c); err != nil { if r, err := cipher_test(protocol, host, c); err != nil {
return results, err return results, err
} else { } else {
var cstr string results[c] = eyespot.Result{r}
switch c {
case tls.TLS_RSA_WITH_RC4_128_SHA:
cstr = "TLS_RSA_WITH_RC4_128_SHA"
case tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
cstr = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
case tls.TLS_RSA_WITH_AES_128_CBC_SHA:
cstr = "TLS_RSA_WITH_AES_128_CBC_SHA"
case tls.TLS_RSA_WITH_AES_256_CBC_SHA:
cstr = "TLS_RSA_WITH_AES_256_CBC_SHA"
case tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
cstr = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
case tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
case tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
cstr = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
cstr = "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
case tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
cstr = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
cstr = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
cstr = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
cstr = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
case tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
default:
cstr = ""
}
results[cstr] = eyespot.Result{r}
} }
} }
return results, nil return results, nil
} }
func cipher_test(protocol string, host string, cipher uint16) (bool, error) { func cipher_test(protocol string, host string, cipher string) (bool, error) {
conn, err := tls.Dial(protocol, host, &tls.Config{ ctx, err := openssl.NewCtx()
CipherSuites: []uint16{cipher},
InsecureSkipVerify: true, if err != nil {
}) return false, err
}
if err := ctx.SetCipherList(cipher); err != nil {
return false, err
}
conn, err := openssl.Dial(protocol, host, ctx, openssl.InsecureSkipHostVerification)
if err != nil { if err != nil {
return false, nil return false, nil
} }