tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

// Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk>
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only

#include <QTest>

#include <QtNetwork/qtnetworkglobal.h>

#include <QSslDiffieHellmanParameters>
#include <QSslSocket>
#include <QByteArray>

// Default DH parameters, exported by qssldiffiehellmanparameters.cpp.
QT_BEGIN_NAMESPACE
extern Q_AUTOTEST_EXPORT const char *qssl_dhparams_default_base64;
QT_END_NAMESPACE

QT_USE_NAMESPACE

class tst_QSslDiffieHellmanParameters : public QObject
{
    Q_OBJECT

#if QT_CONFIG(ssl)
private Q_SLOTS:
    void initTestCase();
    void constructionEmpty();
    void constructionDefault();
    void constructionDER();
    void constructionPEM();
    void unsafe512Bits();
    void unsafeNonPrime();
    void defaultIsValid();
#endif // Feature 'ssl'.
};

#if QT_CONFIG(ssl)

void tst_QSslDiffieHellmanParameters::initTestCase()
{
    if (QSslSocket::activeBackend() != QStringLiteral("openssl"))
        QSKIP("The active TLS backend does not support QSslDiffieHellmanParameters");
}

void tst_QSslDiffieHellmanParameters::constructionEmpty()
{
    QSslDiffieHellmanParameters dh;

    QCOMPARE(dh.isEmpty(), true);
    QCOMPARE(dh.isValid(), true);
    QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError);
}

void tst_QSslDiffieHellmanParameters::constructionDefault()
{
    QSslDiffieHellmanParameters dh = QSslDiffieHellmanParameters::defaultParameters();

    QCOMPARE(dh.isValid(), true);
    QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError);
}

void tst_QSslDiffieHellmanParameters::constructionDER()
{
    // Uniquely generated with 'openssl dhparam -outform DER -out out.der -check -2 4096'
    const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArray::fromBase64(QByteArrayLiteral(
        "MIICCAKCAgEAsbQYx57ZlyEyWF8jD5WYEswGR2aTVFsHqP3026SdyTwcjY+YlMOae0EagK"
        "jDA0UlPcih1kguQOvOVgyc5gI3YbBb4pCNEdy048xITlsdqG7qC3+2VvFR3vfixEbQQll9"
        "2cGIIneD/36p7KJcDnBNUwwWj/VJKhTwelTfKTj2T39si9xGMkqZiQuCaXRk6vSKZ4ZDPk"
        "jiq5Ti1kHVFbL9SMWRa8zplPtDMrVfhSyw10njgD4qKd1UoUPdmhEPhRZlHaZ/cAHNSHMj"
        "uhDakeMpN+XP2/sl5IpPZ3/vVOk9PhBDFO1NYzKx/b7RQgZCUmXoglKYpfBiz8OheoI0hK"
        "V0fU/OCtHjRrP4hE9vIHA2aE+gaQZiYCciGcR9BjHQ7Y8K9qHyTX8UIz2G4ZKzQZK9G+pA"
        "K0xD+1H3qZ/MaUhzNDQOwwihnTjjXzTjfIGqYDdbouAhw+tX51CsGonI0cL3s3QMa3CwGH"
        "mw+AH2b/Z68dTSy0sC3CYn9cNbrctqyeHwQrsx9FfpOz+Z6sk2WsPgqgSp/pDVVgm5oSfO"
        "2mN7WAWgUlf9TQuj1HIRCTI+PbBq2vYvn+YResMRo+8ng1QptKAAgQoVVGNRYxZ9iAZlvO"
        "52DcHKlsqDuafQ1XVGmzVIrKtBi2gfLtPqY4v6g6v26l8gbzK67PpWstllHiPb4VMCAQI="
    )), QSsl::Der);

    QCOMPARE(dh.isValid(), true);
    QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError);
}

void tst_QSslDiffieHellmanParameters::constructionPEM()
{
    // Uniquely generated with 'openssl dhparam -outform PEM -out out.pem -check -2 4096'
    const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArrayLiteral(
        "-----BEGIN DH PARAMETERS-----\n"
        "MIICCAKCAgEA9QTdqhQkbGuhWzBsW5X475AjjrITpg1BHX5+mp1sstUd84Lshq1T\n"
        "+S2QQQtdl25EPoUblpyyLAf8krFSH4YwR7jjLWklA8paDOwRYod0zLmVZ1Wx6og3\n"
        "PRc8P+SCs+6gKTXfv//bJJhiJXnM73lDFsGHbSqN+msf20ei/zy5Rwey2t8dPjLC\n"
        "Q+qkb/avlovi2t2rsUWcxMT1875TQ4HuApayqw3R3lTQe9u05b9rTrinmT7AE4mm\n"
        "xGqO9FZJdXYE2sOKwwJkpM48KFyV90uJANmqJnQrkgdukaGTHwxZxgAyO6ur/RWC\n"
        "kzf9STFT6IY4Qy05q+oZVJfh8xPHszKmmC8nWaLfiHMYBnL5fv+1kh/aU11Kz9TG\n"
        "iDXwQ+tzhKAutQPUwe3IGQUYQMZPwZI4vegdU88/7YPXuWt7b/0Il5+2ma5FbtG2\n"
        "u02PMi+J3JZsYi/tEUv1tJBVHGH0kDpgcyOm8rvkCtNbNkETzfwUPoEgA0oPMhVt\n"
        "sFGub1av+jLRyFNGNBJcqXAO+Tq2zXG00DxbGY+aooJ50qU/Lh5gfnCEMDXlMM9P\n"
        "T8JVpWaaNLCC+0Z5txsfYp+FO8mOttIPIF6F8FtmTnm/jhNntvqKvsU+NHylIYzr\n"
        "o42EpiWwS7ktPPUS2GtG+IUdy8rvdO1xJ5kNxs7ZlygY4W1htOhbUusCAQI=\n"
        "-----END DH PARAMETERS-----\n"
    ), QSsl::Pem);

    QCOMPARE(dh.isValid(), true);
    QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError);
}

void tst_QSslDiffieHellmanParameters::unsafe512Bits()
{
    // Uniquely generated with 'openssl dhparam -outform PEM -out out.pem -check -2 512'
    const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArrayLiteral(
        "-----BEGIN DH PARAMETERS-----\n"
        "MEYCQQCf8goDn56akiliAtEL1ZG7VH+9wfLxsv8/B1emTUG+rMKB1yaVAU7HaAiM\n"
        "Gtmo2bAWUqBczUTOTzqmWTm28P6bAgEC\n"
        "-----END DH PARAMETERS-----\n"
    ), QSsl::Pem);

    QCOMPARE(dh.isValid(), false);
    QCOMPARE(dh.error(), QSslDiffieHellmanParameters::UnsafeParametersError);
}

void tst_QSslDiffieHellmanParameters::unsafeNonPrime()
{
    // Uniquely generated with 'openssl dhparam -outform DER -out out.der -check -2 1024'
    // and then modified by hand to make P not be a prime number.
    const auto dh = QSslDiffieHellmanParameters::fromEncoded(QByteArray::fromBase64(QByteArrayLiteral(
        "MIGHAoGBALLcOLg+ow8TMnbCUeNjwys6wUTIH9mn4ZSeIbD6qvCsJgg4cUxXwJQmPY"
        "Xl15AsKXgkXWh0n+/N6tjH0sSRJnzDvN2H3KxFLKkvxmBYrDOJMdCuMgZD50aOsVyd"
        "vholAW9zilkoYkB6sqwxY1Z2dbpTWajCsUAWZQ0AIP4Y5nesAgEC"
    )), QSsl::Der);

    QCOMPARE(dh.isValid(), false);
    QCOMPARE(dh.error(), QSslDiffieHellmanParameters::UnsafeParametersError);
}

void tst_QSslDiffieHellmanParameters::defaultIsValid()
{
    // The QSslDiffieHellmanParameters::defaultParameters() method takes a shortcut,
    // by not verifying the passed-in parameters. Instead, it simply assigns the default
    // DH parameters to the derData field of QSslDiffieHellmanParametersPrivate.
    //
    // This test ensures that our default parameters pass the internal verification tests
    // by constructing, using fromEncoded(), a QSslDiffieHellmanParameters instance that
    // we expect to be equivalent to the one returned by defaultParameters(). By using
    // fromEncoded() we go through the internal verification mechanisms. Finally, to ensure
    // the two instances are equivalent, we compare them.

    const auto dh = QSslDiffieHellmanParameters::fromEncoded(
        QByteArray::fromBase64(QByteArray(qssl_dhparams_default_base64)),
        QSsl::Der
    );

    const auto defaultdh = QSslDiffieHellmanParameters::defaultParameters();

    QCOMPARE(dh.isEmpty(), false);
    QCOMPARE(dh.isValid(), true);
    QCOMPARE(dh.error(), QSslDiffieHellmanParameters::NoError);
    QCOMPARE(dh, defaultdh);
}

#endif // Feature 'ssl'.

QTEST_MAIN(tst_QSslDiffieHellmanParameters)
#include "tst_qssldiffiehellmanparameters.moc"