Use openssl bindings instead of builtins crypto/tls for cipher testsuite

This commit is contained in:
nemunaire 2015-07-29 21:19:16 +02:00
parent f322f22d2a
commit 00311952b5

View File

@ -1,8 +1,8 @@
package testsuite
import (
"crypto/tls"
"github.com/nemunaire/eyespot"
"github.com/spacemonkeygo/openssl"
)
type Ciphers struct {}
@ -14,69 +14,43 @@ func (Ciphers) GetTestDescription() string {
func (test Ciphers) Run(protocol string, host string) (map[string]eyespot.Result, error) {
var results = map[string]eyespot.Result{}
for _, c := range []uint16{
tls.TLS_RSA_WITH_RC4_128_SHA,
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
for _, c := range []string{
"RC4-SHA",
"DES-CBC3-SHA",
"AES128-SHA",
"AES256-SHA",
"ECDHE-ECDSA-RC4-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-RC4-SHA",
"ECDHE-RSA-DES-CBC3-SHA",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
} {
if r, err := cipher_test(protocol, host, c); err != nil {
return results, err
} else {
var cstr string
switch c {
case tls.TLS_RSA_WITH_RC4_128_SHA:
cstr = "TLS_RSA_WITH_RC4_128_SHA"
case tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA:
cstr = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
case tls.TLS_RSA_WITH_AES_128_CBC_SHA:
cstr = "TLS_RSA_WITH_AES_128_CBC_SHA"
case tls.TLS_RSA_WITH_AES_256_CBC_SHA:
cstr = "TLS_RSA_WITH_AES_256_CBC_SHA"
case tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
cstr = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
case tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
case tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
cstr = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
cstr = "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
case tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
cstr = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
cstr = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
cstr = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
case tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
cstr = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
case tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
cstr = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
default:
cstr = ""
}
results[cstr] = eyespot.Result{r}
results[c] = eyespot.Result{r}
}
}
return results, nil
}
func cipher_test(protocol string, host string, cipher uint16) (bool, error) {
conn, err := tls.Dial(protocol, host, &tls.Config{
CipherSuites: []uint16{cipher},
InsecureSkipVerify: true,
})
func cipher_test(protocol string, host string, cipher string) (bool, error) {
ctx, err := openssl.NewCtx()
if err != nil {
return false, err
}
if err := ctx.SetCipherList(cipher); err != nil {
return false, err
}
conn, err := openssl.Dial(protocol, host, ctx, openssl.InsecureSkipHostVerification)
if err != nil {
return false, nil
}