]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ssl/regressions/SecureTransportTests/STLegacyTests+sslciphers.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.270.3.0.1.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / regressions / SecureTransportTests / STLegacyTests+sslciphers.m
1 /*
2 * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <Security/SecureTransportPriv.h>
28 #include <AssertMacros.h>
29
30 #include "ssl-utils.h"
31
32
33 #include "cipherSpecs.h"
34 #import "STLegacyTests.h"
35
36 @implementation STLegacyTests (sslciphers)
37
38 static int test_GetSupportedCiphers(SSLContextRef ssl, bool server)
39 {
40 size_t max_ciphers = 0;
41 int fail=1;
42 SSLCipherSuite *ciphers = NULL;
43
44 require_noerr(SSLGetNumberSupportedCiphers(ssl, &max_ciphers), out);
45
46 size_t size = max_ciphers * sizeof (SSLCipherSuite);
47 ciphers = (SSLCipherSuite *) malloc(size);
48
49 require_string(ciphers, out, "out of memory");
50 memset(ciphers, 0xff, size);
51
52 size_t num_ciphers = max_ciphers;
53 require_noerr(SSLGetSupportedCiphers(ssl, ciphers, &num_ciphers), out);
54
55 for (size_t i = 0; i < num_ciphers; i++) {
56 require(ciphers[i]!=(SSLCipherSuite)(-1), out);
57 }
58
59 /* Success! */
60 fail=0;
61
62 out:
63 if(ciphers) free(ciphers);
64 return fail;
65 }
66
67
68 static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length)
69 {
70 return errSSLWouldBlock;
71 }
72
73 static OSStatus SocketRead(SSLConnectionRef conn, void *data, size_t *length)
74 {
75 return errSSLWouldBlock;
76 }
77
78
79
80 static const SSLCipherSuite legacy_ciphersuites[] = {
81 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
82 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
83 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
84 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
85 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
86 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
87 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
88 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
89 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
90 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
91 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
92 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
93 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
94 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
95 TLS_RSA_WITH_AES_256_GCM_SHA384,
96 TLS_RSA_WITH_AES_128_GCM_SHA256,
97 TLS_RSA_WITH_AES_256_CBC_SHA256,
98 TLS_RSA_WITH_AES_128_CBC_SHA256,
99 TLS_RSA_WITH_AES_256_CBC_SHA,
100 TLS_RSA_WITH_AES_128_CBC_SHA,
101 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
102 };
103
104 const SSLCipherSuite legacy_DHE_ciphersuites[] = {
105 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
106 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
107 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
108 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
109 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
110 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
111 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
112 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
113 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
114 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
115 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
116 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
117 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
118 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
119 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
120 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
121 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
122 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
123 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
124 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
125 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
126 TLS_RSA_WITH_AES_256_GCM_SHA384,
127 TLS_RSA_WITH_AES_128_GCM_SHA256,
128 TLS_RSA_WITH_AES_256_CBC_SHA256,
129 TLS_RSA_WITH_AES_128_CBC_SHA256,
130 TLS_RSA_WITH_AES_256_CBC_SHA,
131 TLS_RSA_WITH_AES_128_CBC_SHA,
132 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
133 };
134
135
136
137 const SSLCipherSuite standard_ciphersuites[] = {
138 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
139 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
140 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
141 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
142 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
143 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
144 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
145 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
146 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
147 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
148 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
149 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
150 TLS_RSA_WITH_AES_256_GCM_SHA384,
151 TLS_RSA_WITH_AES_128_GCM_SHA256,
152 TLS_RSA_WITH_AES_256_CBC_SHA256,
153 TLS_RSA_WITH_AES_128_CBC_SHA256,
154 TLS_RSA_WITH_AES_256_CBC_SHA,
155 TLS_RSA_WITH_AES_128_CBC_SHA,
156 };
157
158 const SSLCipherSuite default_ciphersuites[] = {
159 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
160 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
161 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
162 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
163 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
164 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
165 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
166 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
167 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
168 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
169 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
170 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
171 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
172 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
173 TLS_RSA_WITH_AES_256_GCM_SHA384,
174 TLS_RSA_WITH_AES_128_GCM_SHA256,
175 TLS_RSA_WITH_AES_256_CBC_SHA256,
176 TLS_RSA_WITH_AES_128_CBC_SHA256,
177 TLS_RSA_WITH_AES_256_CBC_SHA,
178 TLS_RSA_WITH_AES_128_CBC_SHA,
179 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
180 };
181
182 const SSLCipherSuite ATSv1_ciphersuites[] = {
183 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
184 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
185 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
186 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
187 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
188 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
189 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
190 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
191 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
192 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
193 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
194 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
195 };
196
197 const SSLCipherSuite ATSv1_noPFS_ciphersuites[] = {
198 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
199 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
200 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
201 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
202 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
203 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
204 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
205 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
206 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
207 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
208 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
209 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
210
211 TLS_RSA_WITH_AES_256_GCM_SHA384,
212 TLS_RSA_WITH_AES_128_GCM_SHA256,
213 TLS_RSA_WITH_AES_256_CBC_SHA256,
214 TLS_RSA_WITH_AES_128_CBC_SHA256,
215 TLS_RSA_WITH_AES_256_CBC_SHA,
216 TLS_RSA_WITH_AES_128_CBC_SHA,
217 };
218
219 const SSLCipherSuite TLSv1_RC4_fallback_ciphersuites[] = {
220 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
221 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
222 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
223 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
224 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
225 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
226 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
227 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
228 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
229 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
230 TLS_RSA_WITH_AES_256_CBC_SHA256,
231 TLS_RSA_WITH_AES_128_CBC_SHA256,
232 TLS_RSA_WITH_AES_256_CBC_SHA,
233 TLS_RSA_WITH_AES_128_CBC_SHA,
234 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
235 };
236
237 const SSLCipherSuite TLSv1_fallback_ciphersuites[] = {
238 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
239 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
240 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
241 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
242 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
243 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
244 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
245 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
246 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
247 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
248 TLS_RSA_WITH_AES_256_CBC_SHA256,
249 TLS_RSA_WITH_AES_128_CBC_SHA256,
250 TLS_RSA_WITH_AES_256_CBC_SHA,
251 TLS_RSA_WITH_AES_128_CBC_SHA,
252 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
253 };
254
255 const SSLCipherSuite anonymous_ciphersuites[] = {
256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
257 TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
258 TLS_DH_anon_WITH_AES_256_CBC_SHA256,
259 TLS_DH_anon_WITH_AES_256_CBC_SHA,
260 TLS_DH_anon_WITH_AES_128_CBC_SHA256,
261 TLS_DH_anon_WITH_AES_128_CBC_SHA
262 };
263
264
265 static int test_GetEnabledCiphers(SSLContextRef ssl, unsigned expected_num_ciphers, const SSLCipherSuite *expected_ciphers)
266 {
267 size_t num_ciphers;
268 size_t size;
269 int fail=1;
270 SSLCipherSuite *ciphers = NULL;
271
272 require_noerr(SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite), out);
273 require_noerr(SSLSetConnection(ssl, NULL), out);
274
275 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
276 require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
277
278 size = num_ciphers * sizeof (SSLCipherSuite);
279 ciphers = (SSLCipherSuite *) malloc(size);
280 require_string(ciphers, out, "out of memory");
281 memset(ciphers, 0xff, size);
282
283 require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
284 require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
285
286 free(ciphers);
287 ciphers = NULL;
288
289 require(SSLHandshake(ssl) == errSSLWouldBlock, out);
290
291 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
292 require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
293
294 size = num_ciphers * sizeof (SSLCipherSuite);
295 ciphers = (SSLCipherSuite *) malloc(size);
296 require_string(ciphers, out, "out of memory");
297 memset(ciphers, 0xff, size);
298
299 require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
300 require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
301
302 /* Success! */
303 fail=0;
304
305 out:
306 free(ciphers);
307 return fail;
308 }
309
310 static int test_SetEnabledCiphers(SSLContextRef ssl)
311 {
312 int fail=1;
313 size_t num_enabled;
314
315 /* This should not fail as long as we have one valid cipher in this table */
316 SSLCipherSuite ciphers[] = {
317 SSL_RSA_WITH_RC2_CBC_MD5, /* unsupported */
318 TLS_RSA_WITH_NULL_SHA, /* supported by not enabled by default */
319 TLS_RSA_WITH_AES_128_CBC_SHA, /* Supported and enabled by default */
320 };
321
322 require_noerr(SSLSetEnabledCiphers(ssl, ciphers, sizeof(ciphers)/sizeof(SSLCipherSuite)), out);
323 require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_enabled), out);
324
325 require(num_enabled==2, out); /* 2 ciphers in the above table are supported */
326
327 /* Success! */
328 fail=0;
329
330 out:
331 return fail;
332 }
333
334
335 - (void)test_dhe: (SSLProtocolSide) side dhe_enabled: (bool) dhe_enabled
336 {
337 SSLContextRef ssl = NULL;
338 bool server = (side == kSSLServerSide);
339
340 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
341 XCTAssert(ssl != NULL, "test_dhe: SSLCreateContext(1) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
342 require(ssl, out);
343
344 XCTAssertEqual(noErr, SSLSetDHEEnabled(ssl, dhe_enabled),"test_dhe: SSLSetDHEEnabled failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
345
346 unsigned num = (dhe_enabled?sizeof(legacy_DHE_ciphersuites):sizeof(legacy_ciphersuites))/sizeof(SSLCipherSuite);
347 const SSLCipherSuite *ciphers = dhe_enabled?legacy_DHE_ciphersuites:legacy_ciphersuites;
348 /* The order of this tests does matter, be careful when adding tests */
349 XCTAssert(!test_GetSupportedCiphers(ssl, server), "test_dhe: GetSupportedCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
350 XCTAssert(!test_GetEnabledCiphers(ssl, num, ciphers), "test_dhe: GetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
351
352 CFRelease(ssl); ssl=NULL;
353
354 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
355 XCTAssert(ssl, "test_dhe: SSLCreateContext(2) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
356 require(ssl, out);
357
358 XCTAssert(!test_SetEnabledCiphers(ssl), "test_dhe: SetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
359
360 out:
361 if(ssl) CFRelease(ssl);
362 }
363
364 -(void) test_config: (SSLProtocolSide) side config: (CFStringRef) config num: (unsigned) num cipherList: (const SSLCipherSuite*) ciphers
365 {
366 SSLContextRef ssl = NULL;
367 bool server = (side == kSSLServerSide);
368
369 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
370 XCTAssert(ssl, "test_config: SSLCreateContext(1) failed (%s,%@)", server?"server":"client", config);
371 require(ssl, out);
372
373 XCTAssertEqual(errSecSuccess, SSLSetSessionConfig(ssl, config), "test_config: SSLSetSessionConfig failed (%s,%@)", server?"server":"client", config);
374
375 /* The order of this tests does matter, be careful when adding tests */
376 XCTAssert(!test_GetSupportedCiphers(ssl, server), "test_config: GetSupportedCiphers test failed (%s,%@)", server?"server":"client", config);
377 XCTAssert(!test_GetEnabledCiphers(ssl, num, ciphers), "test_config: GetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
378
379 CFRelease(ssl); ssl=NULL;
380
381 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
382 XCTAssert(ssl, "test_config: SSLCreateContext(2) failed (%s,%@)", server?"server":"client", config);
383 require(ssl, out);
384
385 XCTAssert(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
386
387 out:
388 if(ssl) CFRelease(ssl);
389 }
390
391 -(void) test_default: (SSLProtocolSide) side
392 {
393 SSLContextRef ssl = NULL;
394 bool server = (side == kSSLServerSide);
395
396 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
397 XCTAssert(ssl!=NULL, "test_config: SSLCreateContext(1) failed (%s)", server?"server":"client");
398 require(ssl, out);
399
400 /* The order of this tests does matter, be careful when adding tests */
401 XCTAssert(!test_GetSupportedCiphers(ssl, server), "test_default: GetSupportedCiphers test failed (%s)", server?"server":"client");
402 XCTAssert(!test_GetEnabledCiphers(ssl, sizeof(default_ciphersuites)/sizeof(SSLCipherSuite), default_ciphersuites), "test_default: GetEnabledCiphers test failed (%s)", server?"server":"client");
403
404 CFRelease(ssl); ssl=NULL;
405
406 ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
407 XCTAssert(ssl, "test_default: SSLCreateContext(2) failed (%s)", server?"server":"client");
408 require(ssl, out);
409
410 XCTAssert(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s)", server?"server":"client");
411
412 out:
413 if(ssl) CFRelease(ssl);
414 }
415
416
417
418
419 -(void) testSSLCiphers
420 {
421 [self test_dhe:kSSLClientSide dhe_enabled:true];
422 [self test_dhe:kSSLServerSide dhe_enabled:true];
423 [self test_dhe:kSSLClientSide dhe_enabled:false];
424 [self test_dhe:kSSLServerSide dhe_enabled:false];
425
426 [self test_default:kSSLClientSide];
427 [self test_default:kSSLServerSide];
428
429 #define TEST_CONFIG(x, y) do { \
430 [self test_config:kSSLClientSide config:x num:sizeof(y)/sizeof(SSLCipherSuite) cipherList:y]; \
431 [self test_config:kSSLServerSide config:x num:sizeof(y)/sizeof(SSLCipherSuite) cipherList:y]; \
432 } while(0)
433
434 TEST_CONFIG(kSSLSessionConfig_ATSv1, ATSv1_ciphersuites);
435 TEST_CONFIG(kSSLSessionConfig_ATSv1_noPFS, ATSv1_noPFS_ciphersuites);
436 TEST_CONFIG(kSSLSessionConfig_legacy, legacy_ciphersuites);
437 TEST_CONFIG(kSSLSessionConfig_legacy_DHE, legacy_DHE_ciphersuites);
438 TEST_CONFIG(kSSLSessionConfig_standard, standard_ciphersuites);
439 TEST_CONFIG(kSSLSessionConfig_RC4_fallback, legacy_ciphersuites);
440 TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, default_ciphersuites);
441 TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback, legacy_ciphersuites);
442 TEST_CONFIG(kSSLSessionConfig_default, default_ciphersuites);
443 TEST_CONFIG(kSSLSessionConfig_anonymous, anonymous_ciphersuites);
444 TEST_CONFIG(kSSLSessionConfig_3DES_fallback, default_ciphersuites);
445 TEST_CONFIG(kSSLSessionConfig_TLSv1_3DES_fallback, default_ciphersuites);
446
447 }
448
449 @end
450
mirror of Security