From patchwork Thu Mar 27 09:47:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 4197 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:81e:b0:60a:d70a:d3c7 with SMTP id jj30csp3712518mab; Thu, 27 Mar 2025 02:47:39 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVbsFG7K7KXLlElsTZ3FdRkn/WCHJyvfR67vSjm97to4Zcc5lkOfuXqTCVgOLSKvzOeKo43EQDIfE0=@openvpn.net X-Google-Smtp-Source: AGHT+IFC4XQ8g3wBut3Tkesj42tWrrOdc5yqXxsOy6DqsfDy7nsN+zwk5SYtxB6XkX7SFgmookZV X-Received: by 2002:a05:6870:b51f:b0:2c2:cd87:7521 with SMTP id 586e51a60fabf-2c847eebf26mr1477643fac.4.1743068859653; Thu, 27 Mar 2025 02:47:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1743068859; cv=none; d=google.com; s=arc-20240605; b=Hstm4vcxmT/lxzOsIk+BvqA4I45qQB7lI1xV/ylM3+L2g+WQ/d8XuOfttOIP0gEtpM ZoeAhu4/43xBL5autssBnYnUAa0uD2bqkEIfAplU5jUDgvl0LrF2LjbKZ1j6aePeACro /3cLxvut02PVfila7yFQgG438MPtP+6EyxxZqEIxtRQf1/+QlWosZfHFio+YWI8LtOsq E5kPABxhHdk5hfg7FzJXSSPbsrUOyDNgYaqqqPxs/f7haH9xg0Nc7guTf0KTuqLik5/N YfSkA50F4manu1k8xIhVMqQWLUG5HrGXWBin80QepJ5tRniK6Cym3z47+Hfj4/aE5mvS /2KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=nUY4p4+QR6cNdzS7bVu7S5b3kWS9d5/AcxpTZoFDtlM=; fh=nWBpfTx/UUkwTR040LDjfYqpjT3LnZNO0FLrutV44jY=; b=VWeRIODcTEAZj/2u5irt9hP9KacKVXCnvzaas67tiaXqqHIwu2+VfX558dZ+uKRDs2 e/bnlTZxgRn79/a1QD8wWOnwQWtK2wrdSZ5P234VBxBeWsWClLPcWR1YXLMm8dMKzxb7 6V3tdlTw8wMYcFOqlC7ysC6c2VlurJjQ05tK71ILRz+w8FCOtNpNp7mrU12lgnJgnzOd +ksaNm/gocM5q9eY8s+H62vVci4JPhLGkJNAcsJIv3PAnH1szmQvN+sYeQ1U9J/W+AcD WUS3izQGoSKA3j2bB6hoytCtH2sFXetTMLyG0mtVvgSOyXtFGDKAHABm/wo1qLFB0YOI +rZg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YFgGdhSt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=e+O05cHL; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=LZddm++E; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2c77ec56cedsi11279610fac.91.2025.03.27.02.47.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Mar 2025 02:47:39 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YFgGdhSt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=e+O05cHL; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=LZddm++E; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1txjpj-00032S-IQ; Thu, 27 Mar 2025 09:47:32 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1txjpW-00032B-83 for openvpn-devel@lists.sourceforge.net; Thu, 27 Mar 2025 09:47:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BzSJDhCsQZDRQu0SsYdse4Er5kSif2WeajfyoLYH8N8=; b=YFgGdhStWfDzmmvhgT0ECmg1H3 TZD9u5IUzQrmm+cus02l8nPSBFU6dXpFdhY3c5vePM8Dnw4giihCwFpCINrQG1BaFej2w71Vdb1BU mQHAK6jxk4Ywe33cHnvIRMNJnvtJ0ltY9mGFd+TdReoIE2wMlE/NP5zIPObcog0SILvQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=BzSJDhCsQZDRQu0SsYdse4Er5kSif2WeajfyoLYH8N8=; b=e+O05cHLBIgEuiSYh0oD4aPbl1 Q33SVV86Z5+HrX2fFaYulszXrrJBnfUlyL11n3KIbXvvaveldXG1QTrJogGiNJBfb1HyJyTVSXYhL AHTV4Ls7tz5B9ZJgPClC6zEbq3+k1p82/StwDicSayquv/EiJrr5G2/ZC2V6z84eCE64=; Received: from mout-p-201.mailbox.org ([80.241.56.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1txjpP-0007Iz-Bg for openvpn-devel@lists.sourceforge.net; Thu, 27 Mar 2025 09:47:18 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4ZNf2G48g3z9tfq; Thu, 27 Mar 2025 10:47:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1743068822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BzSJDhCsQZDRQu0SsYdse4Er5kSif2WeajfyoLYH8N8=; b=LZddm++EUnmiEt6f3CLXVuWmWZXdVkOauNJhdTp8ZgZ2tQUizBJxh+z0cBSCTaKKg871uL 8ypZScQsSM5wL1WbA8ZUkR+5p6osssxQseVHefEU8QCJb9bbc8TX2hVZuPWVMuMSnJIyCT gE358WGeNbzDBkF5uikJeO/849OVVo8ykCiOvSJV8xr4IMhGBwgV4MYV4//3/UJRGAnSTD /ravkC4OdxtHcaIgFvBa/cbwMpM6dYzIuy70S3Vp/n9lErnQH+yKp92VNoXRc9HxqmT3SP piDZFdCvd7WY44Tx0MiLzG9nbi1vaPqfmbPDdho/l8hFWIImT0o78576cgMWvQ== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Thu, 27 Mar 2025 10:47:00 +0100 Message-Id: <20250327094700.305156-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.9 (/) X-Spam-Report: =?unknown-8bit?q?Spam_detection_software=2C_running_on_the_sy?= =?unknown-8bit?q?stem_=22util-spamd-2=2Ev13=2Elw=2Esourceforge=2Ecom=22=2C?= =?unknown-8bit?q?_has_NOT_identified_this_incoming_email_as_spam=2E__The_ori?= =?unknown-8bit?q?ginal?= =?unknown-8bit?q?_message_has_been_attached_to_this_so_you_can_view_it_or_la?= =?unknown-8bit?q?bel?= =?unknown-8bit?q?_similar_future_email=2E__If_you_have_any_questions=2C_see?= =?unknown-8bit?q?_the_administrator_of_that_system_for_details=2E?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_Content_preview=3A__Trying_to_verify_some_of_the_negotiati?= =?unknown-8bit?q?on_parts=2E_Change-Id=3A?= =?unknown-8bit?q?_I47d95eee8a00b9878331fd6cd6a7db12665f5537_Signed-off-by=3A?= =?unknown-8bit?q?_Frank_Lichtenheld?= =?unknown-8bit?q?_=3Cfrank=40lichtenheld=2Ecom=3E_Acked-by=3A_Samuli_Sepp=C3?= =?unknown-8bit?q?=A4nen_=3Csasepp=40proton=2Eme=3E_---?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_Content_analysis_details=3A___=28-0=2E9_points=2C_6=2E0_re?= =?unknown-8bit?q?quired=29?= =?unknown-8bit?q?_?= =?unknown-8bit?q?_pts_rule_name______________description?= =?unknown-8bit?q?_----_----------------------_------------------------------?= =?unknown-8bit?q?--------------------?= =?unknown-8bit?q?_0=2E0_RCVD=5FIN=5FVALIDITY=5FCERTIFIED=5FBLOCKED_RBL=3A_AD?= =?unknown-8bit?q?MINISTRATOR_NOTICE=3A?= =?unknown-8bit?q?_The_query_to_Validity_was_blocked=2E__See?= =?unknown-8bit?q?_https=3A//knowledge=2Evalidity=2Ecom/hc/en-us/articles/209?= =?unknown-8bit?q?61730681243?= =?unknown-8bit?q?_for_more_information=2E?= =?unknown-8bit?q?_=5B80=2E241=2E56=2E171_listed_in_sa-accredit=2Ehabeas=2Eco?= =?unknown-8bit?q?m=5D?= =?unknown-8bit?q?_0=2E0_RCVD=5FIN=5FVALIDITY=5FRPBL=5FBLOCKED_RBL=3A_ADMINIS?= =?unknown-8bit?q?TRATOR_NOTICE=3A_The?= =?unknown-8bit?q?_query_to_Validity_was_blocked=2E__See?= =?unknown-8bit?q?_https=3A//knowledge=2Evalidity=2Ecom/hc/en-us/articles/209?= =?unknown-8bit?q?61730681243?= =?unknown-8bit?q?_for_more_information=2E?= =?unknown-8bit?q?_=5B80=2E241=2E56=2E171_listed_in_bl=2Escore=2Esenderscore?= =?unknown-8bit?q?=2Ecom=5D?= =?unknown-8bit?q?_0=2E0_RCVD=5FIN=5FMSPIKE=5FH2______RBL=3A_Average_reputati?= =?unknown-8bit?q?on_=28+2=29?= =?unknown-8bit?q?_=5B80=2E241=2E56=2E171_listed_in_wl=2Emailspike=2Enet=5D?= =?unknown-8bit?q?_0=2E0_SPF=5FHELO=5FNONE__________SPF=3A_HELO_does_not_publ?= =?unknown-8bit?q?ish_an_SPF_Record?= =?unknown-8bit?q?_-0=2E0_SPF=5FPASS_______________SPF=3A_sender_matches_SPF_?= =?unknown-8bit?q?record?= =?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FAU__________Message_has_a_valid_DKIM?= =?unknown-8bit?q?_or_DK_signature_from?= =?unknown-8bit?q?_author=27s_domain?= =?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FEF__________Message_has_a_valid_DKIM?= =?unknown-8bit?q?_or_DK_signature_from?= =?unknown-8bit?q?_envelope-from_domain?= =?unknown-8bit?q?_-0=2E1_DKIM=5FVALID_____________Message_has_at_least_one_v?= =?unknown-8bit?q?alid_DKIM_or_DK_signature?= =?unknown-8bit?q?_0=2E1_DKIM=5FSIGNED____________Message_has_a_DKIM_or_DK_si?= =?unknown-8bit?q?gnature=2C_not_necessarily?= =?unknown-8bit?q?_valid?= =?unknown-8bit?q?_-0=2E7_RCVD=5FIN=5FDNSWL=5FLOW______RBL=3A_Sender_listed_a?= =?unknown-8bit?q?t_https=3A//www=2Ednswl=2Eorg/=2C?= =?unknown-8bit?q?_low_trust?= =?unknown-8bit?q?_=5B80=2E241=2E56=2E171_listed_in_list=2Ednswl=2Eorg=5D?= X-Headers-End: 1txjpP-0007Iz-Bg Subject: [Openvpn-devel] [PATCH v2] t_server_null_default.rc: Add some tests with --data-ciphers X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Samuli_Sepp=C3=A4nen?= Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1827740172793306596?= X-GMAIL-MSGID: =?utf-8?q?1827740172793306596?= Trying to verify some of the negotiation parts. Change-Id: I47d95eee8a00b9878331fd6cd6a7db12665f5537 Signed-off-by: Frank Lichtenheld Acked-by: Samuli Seppänen --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/847 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Samuli Seppänen diff --git a/tests/t_server_null_default.rc b/tests/t_server_null_default.rc index e7bf5bc..ca8004a 100755 --- a/tests/t_server_null_default.rc +++ b/tests/t_server_null_default.rc @@ -1,3 +1,4 @@ +# -*- shell-script -*- # Notes regarding --dev null server and client configurations: # # The t_server_null_server.sh exits when all client pid files have gone @@ -42,7 +43,7 @@ SERVER_CERT_OPTS="--ca ${CA} --dh ${DH} --cert ${SERVER_CERT} --key ${SERVER_KEY} --tls-auth ${TA} 0" SERVER_CONF_BASE="${SERVER_BASE_OPTS} ${SERVER_CIPHER_OPTS} ${SERVER_CERT_OPTS}" -TEST_SERVER_LIST="1 2" +TEST_SERVER_LIST="1 2 3" SERVER_NAME_1="t_server_null_server-1194_udp" SERVER_SERVER_1="--server 10.29.41.0 255.255.255.0" @@ -56,6 +57,12 @@ SERVER_EXEC_2="${SERVER_EXEC}" SERVER_CONF_2="${SERVER_CONF_BASE} ${SERVER_SERVER_2} --lport 1195 --proto tcp --management 127.0.0.1 ${SERVER_MGMT_PORT_2}" +SERVER_NAME_3="t_server_null_server-1196_udp" +SERVER_SERVER_3="--server 10.29.43.0 255.255.255.0" +SERVER_MGMT_PORT_3="11196" +SERVER_EXEC_3="${SERVER_EXEC}" +SERVER_CONF_3="${SERVER_CONF_BASE} ${SERVER_SERVER_3} --lport 1196 --proto udp --management 127.0.0.1 ${SERVER_MGMT_PORT_3} --cipher AES-192-CBC --data-ciphers DEFAULT:AES-192-CBC" + # Test client configurations CLIENT_EXEC="${top_builddir}/src/openvpn/openvpn" CLIENT_BASE_OPTS="--client --nobind --remote-cert-tls server --persist-tun --verb 3 --resolv-retry infinite --connect-retry-max 3 --server-poll-timeout 5 --explicit-exit-notify 3 --script-security 2" @@ -65,7 +72,7 @@ CLIENT_CIPHER_OPTS="" CLIENT_CERT_OPTS="--ca ${CA} --cert ${CLIENT_CERT} --key ${CLIENT_KEY} --tls-auth ${TA} 1" -TEST_RUN_LIST="1 1L 2 2L 3" +TEST_RUN_LIST="1 1L 2 2L 3 4a 4b 4c" CLIENT_CONF_BASE="${CLIENT_NULL_OPTS} ${CLIENT_BASE_OPTS} ${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}" CLIENT_CONF_BASE_LWIP="${CLIENT_LWIP_OPTS} ${CLIENT_BASE_OPTS} ${CLIENT_CIPHER_OPTS} ${CLIENT_CERT_OPTS}" @@ -93,3 +100,24 @@ SHOULD_PASS_3="no" CLIENT_EXEC_3="${CLIENT_EXEC}" CLIENT_CONF_3="${CLIENT_CONF_BASE} --remote 127.0.0.1 11194 udp --proto udp" + +# --data-cipher list against server with defaults +# --cipher ignored +TEST_NAME_4a="t_server_null_client.sh-openvpn_current_udp_dc1" +SHOULD_PASS_4a="yes" +CLIENT_EXEC_4a="${CLIENT_EXEC}" +CLIENT_CONF_4a="${CLIENT_CONF_BASE} --remote 127.0.0.1 1194 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC:DEFAULT" + +# specific --data-cipher against server that supports that cipher +# --cipher ignored +TEST_NAME_4b="t_server_null_client.sh-openvpn_current_udp_dc3" +SHOULD_PASS_4b="yes" +CLIENT_EXEC_4b="${CLIENT_EXEC}" +CLIENT_CONF_4b="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-128-CBC --data-ciphers AES-192-CBC" + +# specific --data-cipher against server that doesn't support that cipher +# --cipher ignored +TEST_NAME_4c="t_server_null_client.sh-openvpn_current_udp_dc3_fail" +SHOULD_PASS_4c="no" +CLIENT_EXEC_4c="${CLIENT_EXEC}" +CLIENT_CONF_4c="${CLIENT_CONF_BASE} --remote 127.0.0.1 1196 udp --proto udp --cipher AES-192-CBC --data-ciphers AES-128-CBC"