// Copyright (C) 2015 Mikkel Krautz // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include #include #include #include #include // Default DH parameters, exported by qssldiffiehellmanparameters.cpp. QT_BEGIN_NAMESPACE extern Q_AUTOTEST_EXPORT const char *qssl_dhparams_default_base64; QT_END_NAMESPACE QT_USE_NAMESPACE class tst_QSslDiffieHellmanParameters : public QObject { Q_OBJECT #if QT_CONFIG(ssl) private Q_SLOTS: void initTestCase(); void constructionEmpty(); void constructionDefault(); void constructionDER(); void constructionPEM(); void unsafe512Bits(); void unsafeNonPrime(); void defaultIsValid(); #endif // Feature 'ssl'. }; #if QT_CONFIG(ssl) void tst_QSslDiffieHellmanParameters::initTestCase() { if (QSslSocket::activeBackend() != QStringLiteral("openssl")) QSKIP("The active TLS backend does not support QSslDiffieHellmanParameters"); } void tst_QSslDiffieHellmanParameters::constructionEmpty() { QSslDiffieHellmanParameters dh; QCOMPARE(dh.isEmpty(), true); QCOMPARE(dh.isValid(), true); QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); } void tst_QSslDiffieHellmanParameters::constructionDefault() { QSslDiffieHellmanParameters dh = QSslDiffieHellmanParameters::defaultParameters(); QCOMPARE(dh.isValid(), true); QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); } void tst_QSslDiffieHellmanParameters::constructionDER() { // Uniquely generated with 'openssl dhparam -outform DER -out out.der -check -2 4096' const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArray::fromBase64(QByteArrayLiteral( "MIICCAKCAgEAsbQYx57ZlyEyWF8jD5WYEswGR2aTVFsHqP3026SdyTwcjY+YlMOae0EagK" "jDA0UlPcih1kguQOvOVgyc5gI3YbBb4pCNEdy048xITlsdqG7qC3+2VvFR3vfixEbQQll9" "2cGIIneD/36p7KJcDnBNUwwWj/VJKhTwelTfKTj2T39si9xGMkqZiQuCaXRk6vSKZ4ZDPk" "jiq5Ti1kHVFbL9SMWRa8zplPtDMrVfhSyw10njgD4qKd1UoUPdmhEPhRZlHaZ/cAHNSHMj" "uhDakeMpN+XP2/sl5IpPZ3/vVOk9PhBDFO1NYzKx/b7RQgZCUmXoglKYpfBiz8OheoI0hK" "V0fU/OCtHjRrP4hE9vIHA2aE+gaQZiYCciGcR9BjHQ7Y8K9qHyTX8UIz2G4ZKzQZK9G+pA" "K0xD+1H3qZ/MaUhzNDQOwwihnTjjXzTjfIGqYDdbouAhw+tX51CsGonI0cL3s3QMa3CwGH" "mw+AH2b/Z68dTSy0sC3CYn9cNbrctqyeHwQrsx9FfpOz+Z6sk2WsPgqgSp/pDVVgm5oSfO" "2mN7WAWgUlf9TQuj1HIRCTI+PbBq2vYvn+YResMRo+8ng1QptKAAgQoVVGNRYxZ9iAZlvO" "52DcHKlsqDuafQ1XVGmzVIrKtBi2gfLtPqY4v6g6v26l8gbzK67PpWstllHiPb4VMCAQI=" )), QSsl::Der); QCOMPARE(dh.isValid(), true); QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); } void tst_QSslDiffieHellmanParameters::constructionPEM() { // Uniquely generated with 'openssl dhparam -outform PEM -out out.pem -check -2 4096' const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArrayLiteral( "-----BEGIN DH PARAMETERS-----\n" "MIICCAKCAgEA9QTdqhQkbGuhWzBsW5X475AjjrITpg1BHX5+mp1sstUd84Lshq1T\n" "+S2QQQtdl25EPoUblpyyLAf8krFSH4YwR7jjLWklA8paDOwRYod0zLmVZ1Wx6og3\n" "PRc8P+SCs+6gKTXfv//bJJhiJXnM73lDFsGHbSqN+msf20ei/zy5Rwey2t8dPjLC\n" "Q+qkb/avlovi2t2rsUWcxMT1875TQ4HuApayqw3R3lTQe9u05b9rTrinmT7AE4mm\n" "xGqO9FZJdXYE2sOKwwJkpM48KFyV90uJANmqJnQrkgdukaGTHwxZxgAyO6ur/RWC\n" "kzf9STFT6IY4Qy05q+oZVJfh8xPHszKmmC8nWaLfiHMYBnL5fv+1kh/aU11Kz9TG\n" "iDXwQ+tzhKAutQPUwe3IGQUYQMZPwZI4vegdU88/7YPXuWt7b/0Il5+2ma5FbtG2\n" "u02PMi+J3JZsYi/tEUv1tJBVHGH0kDpgcyOm8rvkCtNbNkETzfwUPoEgA0oPMhVt\n" "sFGub1av+jLRyFNGNBJcqXAO+Tq2zXG00DxbGY+aooJ50qU/Lh5gfnCEMDXlMM9P\n" "T8JVpWaaNLCC+0Z5txsfYp+FO8mOttIPIF6F8FtmTnm/jhNntvqKvsU+NHylIYzr\n" "o42EpiWwS7ktPPUS2GtG+IUdy8rvdO1xJ5kNxs7ZlygY4W1htOhbUusCAQI=\n" "-----END DH PARAMETERS-----\n" ), QSsl::Pem); QCOMPARE(dh.isValid(), true); QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); } void tst_QSslDiffieHellmanParameters::unsafe512Bits() { // Uniquely generated with 'openssl dhparam -outform PEM -out out.pem -check -2 512' const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArrayLiteral( "-----BEGIN DH PARAMETERS-----\n" "MEYCQQCf8goDn56akiliAtEL1ZG7VH+9wfLxsv8/B1emTUG+rMKB1yaVAU7HaAiM\n" "Gtmo2bAWUqBczUTOTzqmWTm28P6bAgEC\n" "-----END DH PARAMETERS-----\n" ), QSsl::Pem); QCOMPARE(dh.isValid(), false); QCOMPARE(dh.error(), QSslDiffieHellmanParameters::UnsafeParametersError); } void tst_QSslDiffieHellmanParameters::unsafeNonPrime() { // Uniquely generated with 'openssl dhparam -outform DER -out out.der -check -2 1024' // and then modified by hand to make P not be a prime number. const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArray::fromBase64(QByteArrayLiteral( "MIGHAoGBALLcOLg+ow8TMnbCUeNjwys6wUTIH9mn4ZSeIbD6qvCsJgg4cUxXwJQmPY" "Xl15AsKXgkXWh0n+/N6tjH0sSRJnzDvN2H3KxFLKkvxmBYrDOJMdCuMgZD50aOsVyd" "vholAW9zilkoYkB6sqwxY1Z2dbpTWajCsUAWZQ0AIP4Y5nesAgEC" )), QSsl::Der); QCOMPARE(dh.isValid(), false); QCOMPARE(dh.error(), QSslDiffieHellmanParameters::UnsafeParametersError); } void tst_QSslDiffieHellmanParameters::defaultIsValid() { // The QSslDiffieHellmanParameters::defaultParameters() method takes a shortcut, // by not verifying the passed-in parameters. Instead, it simply assigns the default // DH parameters to the derData field of QSslDiffieHellmanParametersPrivate. // // This test ensures that our default parameters pass the internal verification tests // by constructing, using fromEncoded(), a QSslDiffieHellmanParameters instance that // we expect to be equivalent to the one returned by defaultParameters(). By using // fromEncoded() we go through the internal verification mechanisms. Finally, to ensure // the two instances are equivalent, we compare them. const auto dh = QSslDiffieHellmanParameters::fromEncoded( QByteArray::fromBase64(QByteArray(qssl_dhparams_default_base64)), QSsl::Der ); const auto defaultdh = QSslDiffieHellmanParameters::defaultParameters(); QCOMPARE(dh.isEmpty(), false); QCOMPARE(dh.isValid(), true); QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError); QCOMPARE(dh, defaultdh); } #endif // Feature 'ssl'. QTEST_MAIN(tst_QSslDiffieHellmanParameters) #include "tst_qssldiffiehellmanparameters.moc"