diff options
author | Sebastian Lösch <sebastian.loesch@governikus.com> | 2015-08-11 10:27:16 +0200 |
---|---|---|
committer | André Klitzing <aklitzing@gmail.com> | 2016-01-04 18:10:14 +0000 |
commit | 73ad2bf32f83a19630ae12845627a33bbb76985d (patch) | |
tree | e9305018a6540a02a592982d769b1280b04a7c81 /tests | |
parent | a9e1fc29cae050d6a2987388af4da13ba3379623 (diff) |
Make ephemeral server key available
When using cipher algorithms with forward secrecy an ephemeral key is
used to generate the symmetric session key. Beside the SSL certificate's
key, this ephemeral key is of cryptographic interest.
The ephemeral key is chosen by the server side - currently statically in
the Qt implementation - so it is only of interest on the client side to
check it. Therefore the ephemeral key is the null key if the connection
is set up in server mode or a cipher without forward secrecy is used.
Change-Id: If241247dbb8490a91233ae47f2b38952c6591bf4
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 3e127e8111..4573de1aab 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -232,6 +232,8 @@ private slots: #ifndef QT_NO_OPENSSL void simplePskConnect_data(); void simplePskConnect(); + void ephemeralServerKey_data(); + void ephemeralServerKey(); #endif static void exitLoop() @@ -3344,6 +3346,40 @@ void tst_QSslSocket::simplePskConnect() QCOMPARE(socket.state(), QAbstractSocket::UnconnectedState); QCOMPARE(disconnectedSpy.count(), 1); } + +void tst_QSslSocket::ephemeralServerKey_data() +{ + QTest::addColumn<QString>("cipher"); + QTest::addColumn<bool>("emptyKey"); + + QTest::newRow("NonForwardSecrecyCipher") << "RC4-SHA" << true; + QTest::newRow("ForwardSecrecyCipher") << "ECDHE-RSA-AES256-SHA" << (QSslSocket::sslLibraryVersionNumber() < 0x10002000L); +} + +void tst_QSslSocket::ephemeralServerKey() +{ + QFETCH_GLOBAL(bool, setProxy); + if (!QSslSocket::supportsSsl() || setProxy) + return; + + QFETCH(QString, cipher); + QFETCH(bool, emptyKey); + SslServer server; + server.config.setCiphers(QList<QSslCipher>() << QSslCipher(cipher)); + QVERIFY(server.listen()); + QSslSocketPtr client = newSocket(); + socket = client.data(); + connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot())); + QSignalSpy spy(client.data(), &QSslSocket::encrypted); + + client->connectToHostEncrypted(QHostAddress(QHostAddress::LocalHost).toString(), server.serverPort()); + spy.wait(); + + QCOMPARE(spy.count(), 1); + QVERIFY(server.config.ephemeralServerKey().isNull()); + QCOMPARE(client->sslConfiguration().ephemeralServerKey().isNull(), emptyKey); +} + #endif // QT_NO_OPENSSL #endif // QT_NO_SSL |