<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!-- autogenerated by 'erl2html2'. -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
<title>/ldisk/ingela/src/otp/release/tests/ssl_test/ssl_ECC_SUITE.erl</title>
</head>
<body bgcolor="white" text="black" link="blue" vlink="purple" alink="red">
<pre>
<a name="1"/> 1: <i>%%</i>
<a name="2"/> 2: <i>%% %CopyrightBegin%</i>
<a name="3"/> 3: <i>%%</i>
<a name="4"/> 4: <i>%% Copyright Ericsson AB 2007-2013. All Rights Reserved.</i>
<a name="5"/> 5: <i>%%</i>
<a name="6"/> 6: <i>%% The contents of this file are subject to the Erlang Public License,</i>
<a name="7"/> 7: <i>%% Version 1.1, (the "License"); you may not use this file except in</i>
<a name="8"/> 8: <i>%% compliance with the License. You should have received a copy of the</i>
<a name="9"/> 9: <i>%% Erlang Public License along with this software. If not, it can be</i>
<a name="10"/> 10: <i>%% retrieved online at http://www.erlang.org/.2</i>
<a name="11"/> 11: <i>%%</i>
<a name="12"/> 12: <i>%% Software distributed under the License is distributed on an "AS IS"</i>
<a name="13"/> 13: <i>%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See</i>
<a name="14"/> 14: <i>%% the License for the specific language governing rights and limitations</i>
<a name="15"/> 15: <i>%% under the License.</i>
<a name="16"/> 16: <i>%%</i>
<a name="17"/> 17: <i>%% %CopyrightEnd%</i>
<a name="18"/> 18: <i>%%</i>
<a name="19"/> 19:
<a name="20"/> 20: <i>%%</i>
<a name="21"/> 21:
<a name="22"/> 22: <b>-module</b>(ssl_ECC_SUITE).
<a name="23"/> 23:
<a name="24"/> 24: <i>%% Note: This directive should only be used in test suites.</i>
<a name="25"/> 25: <b>-compile</b>(export_all).
<a name="26"/> 26:
<a name="27"/> 27: <b>-include_lib</b>("common_test/include/ct.hrl").
<a name="28"/> 28: <b>-include_lib</b>("public_key/include/public_key.hrl").
<a name="29"/> 29:
<a name="30"/> 30: <i>%%--------------------------------------------------------------------</i>
<a name="31"/> 31: <i>%% Common Test interface functions -----------------------------------</i>
<a name="32"/> 32: <i>%%--------------------------------------------------------------------</i>
<a name="33"/> 33:
<a name="suite-0"/><a name="34"/> 34: <b>suite</b>() -> [{ct_hooks,[ts_install_cth]}].
<a name="35"/> 35:
<a name="all-0"/><a name="36"/> 36: <b>all</b>() ->
<a name="37"/> 37: [
<a name="38"/> 38: {group, 'tlsv1.2'},
<a name="39"/> 39: {group, 'tlsv1.1'},
<a name="40"/> 40: {group, 'tlsv1'}
<a name="41"/> 41: ].
<a name="42"/> 42:
<a name="groups-0"/><a name="43"/> 43: <b>groups</b>() ->
<a name="44"/> 44: [
<a name="45"/> 45: {'tlsv1.2', [], all_versions_groups()},
<a name="46"/> 46: {'tlsv1.1', [], all_versions_groups()},
<a name="47"/> 47: {'tlsv1', [], all_versions_groups()},
<a name="48"/> 48: {'erlang_server', [], key_cert_combinations()},
<a name="49"/> 49: {'erlang_client', [], key_cert_combinations()},
<a name="50"/> 50: {'erlang', [], key_cert_combinations()}
<a name="51"/> 51: ].
<a name="52"/> 52:
<a name="all_versions_groups-0"/><a name="53"/> 53: <b>all_versions_groups </b>()->
<a name="54"/> 54: [{group, 'erlang_server'},
<a name="55"/> 55: {group, 'erlang_client'},
<a name="56"/> 56: {group, 'erlang'}
<a name="57"/> 57: ].
<a name="58"/> 58:
<a name="key_cert_combinations-0"/><a name="59"/> 59: <b>key_cert_combinations</b>() ->
<a name="60"/> 60: [client_ec_server_ec,
<a name="61"/> 61: client_rsa_server_ec,
<a name="62"/> 62: client_ec_server_rsa,
<a name="63"/> 63: client_rsa_server_rsa].
<a name="64"/> 64:
<a name="65"/> 65: <i>%%--------------------------------------------------------------------</i>
<a name="init_per_suite-1"/><a name="66"/> 66: <b>init_per_suite</b>(Config) ->
<a name="67"/> 67: catch crypto:stop(),
<a name="68"/> 68: try crypto:start() of
<a name="69"/> 69: ok ->
<a name="70"/> 70: ssl:start(),
<a name="71"/> 71: Config
<a name="72"/> 72: catch _:_ ->
<a name="73"/> 73: {skip, "Crypto did not start"}
<a name="74"/> 74: end.
<a name="75"/> 75:
<a name="end_per_suite-1"/><a name="76"/> 76: <b>end_per_suite</b>(_Config) ->
<a name="77"/> 77: ssl:stop(),
<a name="78"/> 78: application:stop(crypto).
<a name="79"/> 79:
<a name="80"/> 80: <i>%%--------------------------------------------------------------------</i>
<a name="init_per_group-2"/><a name="81"/> 81: <b>init_per_group</b>(erlang_client, Config) ->
<a name="82"/> 82: case ssl_test_lib:is_sane_ecc(openssl) of
<a name="83"/> 83: true ->
<a name="84"/> 84: common_init_per_group(erlang_client, [{server_type, openssl},
<a name="85"/> 85: {client_type, erlang} | Config]);
<a name="86"/> 86: false ->
<a name="87"/> 87: {skip, "Known ECC bug in openssl"}
<a name="88"/> 88: end;
<a name="89"/> 89:
<a name="90"/> 90: <b>init_per_group</b>(erlang_server, Config) ->
<a name="91"/> 91: case ssl_test_lib:is_sane_ecc(openssl) of
<a name="92"/> 92: true ->
<a name="93"/> 93: common_init_per_group(erlang_client, [{server_type, erlang},
<a name="94"/> 94: {client_type, openssl} | Config]);
<a name="95"/> 95: false ->
<a name="96"/> 96: {skip, "Known ECC bug in openssl"}
<a name="97"/> 97: end;
<a name="98"/> 98:
<a name="99"/> 99: <b>init_per_group</b>(erlang = Group, Config) ->
<a name="100"/> 100: case ssl_test_lib:sufficient_crypto_support(Group) of
<a name="101"/> 101: true ->
<a name="102"/> 102: common_init_per_group(erlang, [{server_type, erlang},
<a name="103"/> 103: {client_type, erlang} | Config]);
<a name="104"/> 104: false ->
<a name="105"/> 105: {skip, "Crypto does not support ECC"}
<a name="106"/> 106: end;
<a name="107"/> 107: <b>init_per_group</b>(Group, Config) ->
<a name="108"/> 108: common_init_per_group(Group, Config).
<a name="109"/> 109:
<a name="common_init_per_group-2"/><a name="110"/> 110: <b>common_init_per_group</b>(GroupName, Config) ->
<a name="111"/> 111: case ssl_test_lib:is_tls_version(GroupName) of
<a name="112"/> 112: true ->
<a name="113"/> 113: ssl_test_lib:init_tls_version(GroupName),
<a name="114"/> 114: [{tls_version, GroupName} | Config];
<a name="115"/> 115: _ ->
<a name="116"/> 116: openssl_check(GroupName, Config)
<a name="117"/> 117: end.
<a name="118"/> 118:
<a name="end_per_group-2"/><a name="119"/> 119: <b>end_per_group</b>(_GroupName, Config) ->
<a name="120"/> 120: Config.
<a name="121"/> 121:
<a name="122"/> 122: <i>%%--------------------------------------------------------------------</i>
<a name="123"/> 123:
<a name="init_per_testcase-2"/><a name="124"/> 124: <b>init_per_testcase</b>(_TestCase, Config) ->
<a name="125"/> 125: ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
<a name="126"/> 126: ct:log("Ciphers: ~p~n ", [ ssl:cipher_suites()]),
<a name="127"/> 127: Config.
<a name="128"/> 128:
<a name="end_per_testcase-2"/><a name="129"/> 129: <b>end_per_testcase</b>(_TestCase, Config) ->
<a name="130"/> 130: Config.
<a name="131"/> 131:
<a name="132"/> 132: <i>%%--------------------------------------------------------------------</i>
<a name="133"/> 133: <i>%% Test Cases --------------------------------------------------------</i>
<a name="134"/> 134: <i>%%--------------------------------------------------------------------</i>
<a name="135"/> 135:
<a name="client_ec_server_ec-1"/><a name="136"/> 136: <b>client_ec_server_ec</b>(Config) when is_list(Config) ->
<a name="137"/> 137: basic_test("ec1.crt", "ec1.key", "ec2.crt", "ec2.key", Config).
<a name="138"/> 138:
<a name="client_ec_server_rsa-1"/><a name="139"/> 139: <b>client_ec_server_rsa</b>(Config) when is_list(Config) ->
<a name="140"/> 140: basic_test("ec1.crt", "ec1.key", "rsa1.crt", "rsa1.key", Config).
<a name="141"/> 141:
<a name="client_rsa_server_ec-1"/><a name="142"/> 142: <b>client_rsa_server_ec</b>(Config) when is_list(Config) ->
<a name="143"/> 143: basic_test("rsa1.crt", "rsa1.key", "ec2.crt", "ec2.key", Config).
<a name="144"/> 144:
<a name="client_rsa_server_rsa-1"/><a name="145"/> 145: <b>client_rsa_server_rsa</b>(Config) when is_list(Config) ->
<a name="146"/> 146: basic_test("rsa1.crt", "rsa1.key", "rsa2.crt", "rsa2.key", Config).
<a name="147"/> 147:
<a name="148"/> 148: <i>%%--------------------------------------------------------------------</i>
<a name="149"/> 149: <i>%% Internal functions ------------------------------------------------</i>
<a name="150"/> 150: <i>%%--------------------------------------------------------------------</i>
<a name="basic_test-5"/><a name="151"/> 151: <b>basic_test</b>(ClientCert, ClientKey, ServerCert, ServerKey, Config) ->
<a name="152"/> 152: DataDir = ?config(data_dir, Config),
<a name="153"/> 153: SType = ?config(server_type, Config),
<a name="154"/> 154: CType = ?config(client_type, Config),
<a name="155"/> 155: {Server, Port} = start_server(SType,
<a name="156"/> 156: filename:join(DataDir, "CA.pem"),
<a name="157"/> 157: filename:join(DataDir, ServerCert),
<a name="158"/> 158: filename:join(DataDir, ServerKey),
<a name="159"/> 159: Config),
<a name="160"/> 160: Client = start_client(CType, Port, filename:join(DataDir, "CA.pem"),
<a name="161"/> 161: filename:join(DataDir, ClientCert),
<a name="162"/> 162: filename:join(DataDir, ClientKey), Config),
<a name="163"/> 163: check_result(Server, SType, Client, CType).
<a name="164"/> 164:
<a name="start_client-6"/><a name="165"/> 165: <b>start_client</b>(openssl, Port, CA, Cert, Key, _) ->
<a name="166"/> 166: Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
<a name="167"/> 167: Cmd = "openssl s_client -port " ++ integer_to_list(Port) ++ ssl_test_lib:version_flag(Version) ++
<a name="168"/> 168: " -cert " ++ Cert ++ " -CAfile " ++ CA
<a name="169"/> 169: ++ " -key " ++ Key ++ " -host localhost -msg",
<a name="170"/> 170: OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
<a name="171"/> 171: true = port_command(OpenSslPort, "Hello world"),
<a name="172"/> 172: OpenSslPort;
<a name="173"/> 173: <b>start_client</b>(erlang, Port, CA, Cert, Key, Config) ->
<a name="174"/> 174: {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
<a name="175"/> 175: ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
<a name="176"/> 176: {host, Hostname},
<a name="177"/> 177: {from, self()},
<a name="178"/> 178: {mfa, {ssl_test_lib, send_recv_result_active, []}},
<a name="179"/> 179: {options, [{verify, verify_peer}, {cacertfile, CA},
<a name="180"/> 180: {certfile, Cert}, {keyfile, Key}]}]).
<a name="181"/> 181:
<a name="start_server-5"/><a name="182"/> 182: <b>start_server</b>(openssl, CA, Cert, Key, _) ->
<a name="183"/> 183: Port = ssl_test_lib:inet_port(node()),
<a name="184"/> 184: Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
<a name="185"/> 185: Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++ ssl_test_lib:version_flag(Version) ++
<a name="186"/> 186: " -cert " ++ Cert ++ " -CAfile " ++ CA
<a name="187"/> 187: ++ " -key " ++ Key ++ " -Verify 2 -msg",
<a name="188"/> 188: OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
<a name="189"/> 189: ssl_test_lib:wait_for_openssl_server(),
<a name="190"/> 190: true = port_command(OpenSslPort, "Hello world"),
<a name="191"/> 191: {OpenSslPort, Port};
<a name="192"/> 192:
<a name="193"/> 193: <b>start_server</b>(erlang, CA, Cert, Key, Config) ->
<a name="194"/> 194: {_, ServerNode, _} = ssl_test_lib:run_where(Config),
<a name="195"/> 195: Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
<a name="196"/> 196: {from, self()},
<a name="197"/> 197: {mfa, {ssl_test_lib,
<a name="198"/> 198: send_recv_result_active,
<a name="199"/> 199: []}},
<a name="200"/> 200: {options,
<a name="201"/> 201: [{verify, verify_peer}, {cacertfile, CA},
<a name="202"/> 202: {certfile, Cert}, {keyfile, Key}]}]),
<a name="203"/> 203: {Server, ssl_test_lib:inet_port(Server)}.
<a name="204"/> 204:
<a name="check_result-4"/><a name="205"/> 205: <b>check_result</b>(Server, erlang, Client, erlang) ->
<a name="206"/> 206: ssl_test_lib:check_result(Server, ok, Client, ok);
<a name="207"/> 207: <b>check_result</b>(Server, erlang, _, _) ->
<a name="208"/> 208: ssl_test_lib:check_result(Server, ok);
<a name="209"/> 209: <b>check_result</b>(_, _, Client, erlang) ->
<a name="210"/> 210: ssl_test_lib:check_result(Client, ok);
<a name="211"/> 211: <b>check_result</b>(_,openssl, _, openssl) ->
<a name="212"/> 212: ok.
<a name="213"/> 213:
<a name="openssl_check-2"/><a name="214"/> 214: <b>openssl_check</b>(erlang, Config) ->
<a name="215"/> 215: Config;
<a name="216"/> 216: <b>openssl_check</b>(_, Config) ->
<a name="217"/> 217: TLSVersion = ?config(tls_version, Config),
<a name="218"/> 218: case ssl_test_lib:check_sane_openssl_version(TLSVersion) of
<a name="219"/> 219: true ->
<a name="220"/> 220: ssl:start(),
<a name="221"/> 221: Config;
<a name="222"/> 222: false ->
<a name="223"/> 223: {skip, "TLS version not supported by openssl"}
<a name="224"/> 224: end.
<a name="225"/> 225:
</pre>
</body>
</html>