Go to the documentation of this file.
43 const char *
aes_chacha =
"AES-128-CBC:CHACHA20-POLY1305";
51 const char *label,
size_t label_size,
52 void *ekm,
size_t ekm_size)
75 if (have_chacha && have_blowfish)
108 bool have_chacha_mixed_case =
cipher_valid(
"ChaCha20-Poly1305");
109 if (have_chacha_mixed_case)
120 "ChaCha20-Poly1305:ChaCha20-Poly1305:ChaCha20-Poly1305:"
121 "ChaCha20-Poly1305:ChaCha20-Poly1305:ChaCha20-Poly1305:"
122 "ChaCha20-Poly1305", &gc), NULL);
124 #ifdef ENABLE_CRYPTO_OPENSSL
126 &gc),
"AES-128-GCM:AES-256-GCM");
141 const char *client_peer_info;
142 const char *peer_list;
144 client_peer_info =
"foo=bar\nIV_foo=y\nIV_NCP=2";
149 client_peer_info =
"foo=bar\nIV_foo=y\nIV_NCP=2\nIV_CIPHERS=BF-CBC";
151 assert_string_equal(
"BF-CBC", peer_list);
154 client_peer_info =
"IV_NCP=2\nIV_CIPHERS=BF-CBC:FOO-BAR\nIV_BAR=7";
156 assert_string_equal(
"BF-CBC:FOO-BAR", peer_list);
159 client_peer_info =
"IV_CIPHERS=BF-CBC:FOO-BAR\nIV_BAR=7";
161 assert_string_equal(
"BF-CBC:FOO-BAR", peer_list);
164 client_peer_info =
"IV_YOLO=NO\nIV_BAR=7";
166 assert_string_equal(
"", peer_list);
170 assert_string_equal(
"", peer_list);
182 const char *serverlist =
"CHACHA20_POLY1305:AES-128-GCM";
183 const char *serverlistbfcbc =
"CHACHA20_POLY1305:AES-128-GCM:BF-CBC:none";
186 "IV_YOLO=NO\nIV_BAR=7",
189 assert_ptr_equal(best_cipher, NULL);
193 "IV_YOLO=NO\nIV_BAR=7",
196 assert_string_equal(best_cipher,
"BF-CBC");
200 "IV_NCP=1\nIV_BAR=7",
203 assert_string_equal(best_cipher,
"AES-128-GCM");
208 assert_string_equal(best_cipher,
"AES-128-GCM");
212 assert_ptr_equal(best_cipher, NULL);
216 assert_string_equal(best_cipher,
"none");
219 assert_ptr_equal(best_cipher, NULL);
231 const char *serverlist =
"CHACHA20_POLY1305:AES-128-GCM:AES-256-GCM";
234 "IV_YOLO=NO\nIV_NCP=2\nIV_BAR=7",
237 assert_string_equal(best_cipher,
"AES-128-GCM");
241 "CHACHA20_POLY1305", &gc);
243 assert_string_equal(best_cipher,
"CHACHA20_POLY1305");
250 assert_string_equal(best_cipher,
"AES-128-GCM");
254 "IV_FOO=7\nIV_CIPHERS=AES-256-GCM\nIV_NCP=2",
257 assert_string_equal(best_cipher,
"AES-256-GCM");
277 #if defined(ENABLE_CRYPTO_OPENSSL)
278 OpenSSL_add_all_algorithms();
280 return cmocka_run_group_tests(
ncp_tests, NULL, NULL);
static void test_poor_man(void **state)
static bool cipher_valid(const char *ciphername)
Returns if the cipher is valid, based on the given cipher name.
static struct gc_arena gc_new(void)
char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
Check whether the ciphers in the supplied list are supported.
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
const char * tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
Returns the support cipher list from the peer according to the IV_NCP and IV_CIPHER values in peer_in...
static void test_check_ncp_ciphers_list(void **state)
bool tls_peer_supports_ncp(const char *peer_info)
Returns whether the client supports NCP either by announcing IV_NCP>=2 or the IV_CIPHERS list.
Security parameter state of a single session within a VPN tunnel.
static void test_ncp_best(void **state)
Garbage collection arena used to keep track of dynamically allocated memory.
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
char * ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *remote_cipher, struct gc_arena *gc)
Iterates through the ciphers in server_list and return the first cipher that is also supported by the...
static void test_extract_client_ciphers(void **state)
static void gc_free(struct gc_arena *a)
const struct CMUnitTest ncp_tests[]