diff --git a/tests/api.c b/tests/api.c index 57455637a..a2cb6a52f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -839,6 +839,173 @@ static int test_for_double_Free(void) #endif +static int test_wolfSSL_CTX_set_cipher_list_bytes(void) +{ +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) + WOLFSSL_CTX* ctx; + + const byte cipherList[] = + { + /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16, + /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x39, + /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x33, + /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0xC0, 0x34, + /* TLS_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x35, + /* TLS_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x2F, + /* TLS_RSA_WITH_NULL_MD5 */ 0xC0, 0x01, + /* TLS_RSA_WITH_NULL_SHA */ 0xC0, 0x02, + /* TLS_PSK_WITH_AES_256_CBC_SHA */ 0xC0, 0x8d, + /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0xae, + /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0xC0, 0xaf, + /* TLS_PSK_WITH_AES_128_CBC_SHA */ 0xC0, 0x8c, + /* TLS_PSK_WITH_NULL_SHA256 */ 0xC0, 0xb0, + /* TLS_PSK_WITH_NULL_SHA384 */ 0xC0, 0xb1, + /* TLS_PSK_WITH_NULL_SHA */ 0xC0, 0x2c, + /* SSL_RSA_WITH_RC4_128_SHA */ 0xC0, 0x05, + /* SSL_RSA_WITH_RC4_128_MD5 */ 0xC0, 0x04, + /* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0A, + + /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ + /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14, + /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x13, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0A, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x09, + /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ 0xC0, 0x11, + /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x07, + /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x12, + /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x08, + /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x27, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256*/ 0xC0, 0x23, + /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x28, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384*/ 0xC0, 0x24, + /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ 0xC0, 0x06, + /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ 0xC0, 0x3a, + /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x37, + + /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ + /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0F, + /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x0E, + /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x05, + /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x04, + /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ 0xC0, 0x0C, + /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x02, + /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0D, + /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x03, + /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x29, + /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x25, + /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x2A, + /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x26, + + /* WDM_WITH_NULL_SHA256 */ 0x00, 0xFE, /* wolfSSL DTLS Multicast */ + + /* SHA256 */ + /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x6b, + /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x67, + /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x3d, + /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x3c, + /* TLS_RSA_WITH_NULL_SHA256 */ 0x00, 0x3b, + /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xb2, + /* TLS_DHE_PSK_WITH_NULL_SHA256 */ 0x00, 0xb4, + + /* SHA384 */ + /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xb3, + /* TLS_DHE_PSK_WITH_NULL_SHA384 */ 0x00, 0xb5, + + /* AES-GCM */ + /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9c, + /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9d, + /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9e, + /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9f, + /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa7, + /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xa8, + /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa9, + /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xaa, + /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xab, + + /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ + /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2b, + /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2c, + /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2d, + /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2e, + /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2f, + /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x30, + /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x31, + /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x32, + + /* AES-CCM, first byte is 0xC0 but isn't ECC, + * also, in some of the other AES-CCM suites + * there will be second byte number conflicts + * with non-ECC AES-GCM */ + /* TLS_RSA_WITH_AES_128_CCM_8 */ 0xC0, 0xa0, + /* TLS_RSA_WITH_AES_256_CCM_8 */ 0xC0, 0xa1, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ 0xC0, 0xac, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ 0xC0, 0xae, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ 0xC0, 0xaf, + /* TLS_PSK_WITH_AES_128_CCM */ 0xC0, 0xa4, + /* TLS_PSK_WITH_AES_256_CCM */ 0xC0, 0xa5, + /* TLS_PSK_WITH_AES_128_CCM_8 */ 0xC0, 0xa8, + /* TLS_PSK_WITH_AES_256_CCM_8 */ 0xC0, 0xa9, + /* TLS_DHE_PSK_WITH_AES_128_CCM */ 0xC0, 0xa6, + /* TLS_DHE_PSK_WITH_AES_256_CCM */ 0xC0, 0xa7, + + /* Camellia */ + /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x41, + /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x84, + /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xba, + /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc0, + /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x45, + /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x88, + /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xbe, + /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc4, + + /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ + /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa8, + /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa9, + /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xaa, + /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xac, + /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xab, + /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xad, + + /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ + /* TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x13, + /* TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x14, + /* TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x15, + + /* ECDHE_PSK RFC8442, first byte is 0xD0 (ECDHE_PSK_BYTE) */ + /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ 0xD0, 0x01, + + /* TLS v1.3 cipher suites */ + /* TLS_AES_128_GCM_SHA256 */ 0x13, 0x01, + /* TLS_AES_256_GCM_SHA384 */ 0x13, 0x02, + /* TLS_CHACHA20_POLY1305_SHA256 */ 0x13, 0x03, + /* TLS_AES_128_CCM_SHA256 */ 0x13, 0x04, + /* TLS_AES_128_CCM_8_SHA256 */ 0x13, 0x05, + + /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */ + /* TLS_SHA256_SHA256 */ 0xC0, 0xB4, + /* TLS_SHA384_SHA384 */ 0xC0, 0xB5 + }; + +#ifndef NO_WOLFSSL_SERVER + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + AssertNotNull(ctx); +#else + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + AssertNotNull(ctx); +#endif + + AssertTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U], + sizeof(cipherList))); + + wolfSSL_CTX_free(ctx); + +#endif /* (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && (!NO_RSA || HAVE_ECC) */ + + return 0; +} + + static int test_wolfSSL_CTX_use_certificate_file(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) @@ -57156,6 +57323,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_EVP_blake2), TEST_DECL(test_EVP_MD_do_all), TEST_DECL(test_OBJ_NAME_do_all), + TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes), TEST_DECL(test_wolfSSL_CTX_use_certificate_file), TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer), TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file),