mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-27 07:33:41 +08:00
Update TLCP test and help
This commit is contained in:
Zhi Guan
@@ -760,8 +760,9 @@ if(ENABLE_TLS AND NOT WIN32)
|
|||||||
else()
|
else()
|
||||||
message(STATUS "OpenSSL TLS interop tests require ENABLE_AES=ON, ENABLE_SHA2=ON and ENABLE_SECP256R1=ON; skipping")
|
message(STATUS "OpenSSL TLS interop tests require ENABLE_AES=ON, ENABLE_SHA2=ON and ENABLE_SECP256R1=ON; skipping")
|
||||||
endif()
|
endif()
|
||||||
add_test(NAME tlcp_sm4_cbc COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_cbc -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
add_test(NAME tlcp_sm4_gcm_sni COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_gcm_sni -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
||||||
add_test(NAME tlcp_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
add_test(NAME tlcp_sm4_cbc_sni COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_cbc_sni -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
||||||
|
add_test(NAME tlcp_sm4_gcm_client_cert COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_gcm_client_cert -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
||||||
add_test(NAME tls12_sm4_cbc COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_cbc -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
add_test(NAME tls12_sm4_cbc COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_cbc -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
||||||
add_test(NAME tls12_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
add_test(NAME tls12_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
||||||
add_test(NAME tls13_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
add_test(NAME tls13_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||||
@@ -770,8 +771,9 @@ if(ENABLE_TLS AND NOT WIN32)
|
|||||||
add_test(NAME tls13_psk_only_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_psk_only_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
add_test(NAME tls13_psk_only_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_psk_only_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||||
add_test(NAME tls13_early_data_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_early_data_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
add_test(NAME tls13_early_data_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_early_data_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||||
set_tests_properties(
|
set_tests_properties(
|
||||||
tlcp_sm4_cbc
|
tlcp_sm4_gcm_sni
|
||||||
tlcp_sm4_gcm
|
tlcp_sm4_cbc_sni
|
||||||
|
tlcp_sm4_gcm_client_cert
|
||||||
tls12_sm4_cbc
|
tls12_sm4_cbc
|
||||||
tls12_sm4_gcm
|
tls12_sm4_gcm
|
||||||
tls13_sm4_gcm
|
tls13_sm4_gcm
|
||||||
@@ -825,7 +827,7 @@ endif()
|
|||||||
#
|
#
|
||||||
set(CPACK_PACKAGE_NAME "GmSSL")
|
set(CPACK_PACKAGE_NAME "GmSSL")
|
||||||
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
||||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1112")
|
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1113")
|
||||||
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
||||||
set(CPACK_NSIS_MODIFY_PATH ON)
|
set(CPACK_NSIS_MODIFY_PATH ON)
|
||||||
include(CPack)
|
include(CPack)
|
||||||
|
|||||||
@@ -3,39 +3,62 @@ include("${CMAKE_CURRENT_LIST_DIR}/tls_command_test.cmake")
|
|||||||
gmssl_require_file(sm2_root_ca_cert.pem)
|
gmssl_require_file(sm2_root_ca_cert.pem)
|
||||||
gmssl_require_file(sm2_tlcp_server_certs.pem)
|
gmssl_require_file(sm2_tlcp_server_certs.pem)
|
||||||
gmssl_require_file(sm2_tlcp_server_keys.pem)
|
gmssl_require_file(sm2_tlcp_server_keys.pem)
|
||||||
|
gmssl_require_file(sm2_tls_client_certs.pem)
|
||||||
|
gmssl_require_file(sm2_tls_client_key.pem)
|
||||||
|
|
||||||
if(NOT DEFINED TEST_CASE)
|
if(NOT DEFINED TEST_CASE)
|
||||||
set(TEST_CASE tlcp_sm4_cbc)
|
set(TEST_CASE tlcp_sm4_gcm_sni)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if(TEST_CASE STREQUAL tlcp_sm4_cbc)
|
if(TEST_CASE STREQUAL tlcp_sm4_gcm_sni)
|
||||||
set(TEST_NAME tlcp_sm4_cbc)
|
set(TEST_NAME tlcp_sm4_gcm_sni)
|
||||||
set(TEST_PORT 4431)
|
|
||||||
set(TEST_CIPHER_SUITE TLS_ECC_SM4_CBC_SM3)
|
|
||||||
elseif(TEST_CASE STREQUAL tlcp_sm4_gcm)
|
|
||||||
set(TEST_NAME tlcp_sm4_gcm)
|
|
||||||
set(TEST_PORT 4435)
|
set(TEST_PORT 4435)
|
||||||
set(TEST_CIPHER_SUITE TLS_ECC_SM4_GCM_SM3)
|
set(TEST_CIPHER_SUITE TLS_ECC_SM4_GCM_SM3)
|
||||||
|
set(TEST_CLIENT_CERT OFF)
|
||||||
|
elseif(TEST_CASE STREQUAL tlcp_sm4_cbc_sni)
|
||||||
|
set(TEST_NAME tlcp_sm4_cbc_sni)
|
||||||
|
set(TEST_PORT 4431)
|
||||||
|
set(TEST_CIPHER_SUITE TLS_ECC_SM4_CBC_SM3)
|
||||||
|
set(TEST_CLIENT_CERT OFF)
|
||||||
|
elseif(TEST_CASE STREQUAL tlcp_sm4_gcm_client_cert)
|
||||||
|
set(TEST_NAME tlcp_sm4_gcm_client_cert)
|
||||||
|
set(TEST_PORT 4436)
|
||||||
|
set(TEST_CIPHER_SUITE TLS_ECC_SM4_GCM_SM3)
|
||||||
|
set(TEST_CLIENT_CERT ON)
|
||||||
else()
|
else()
|
||||||
message(FATAL_ERROR "unknown TLCP test case: ${TEST_CASE}")
|
message(FATAL_ERROR "unknown TLCP test case: ${TEST_CASE}")
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
set(TEST_SERVER_ARGS
|
||||||
|
tlcp_server
|
||||||
|
-port ${TEST_PORT}
|
||||||
|
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||||
|
-cert sm2_tlcp_server_certs.pem
|
||||||
|
-key sm2_tlcp_server_keys.pem
|
||||||
|
-pass P@ssw0rd)
|
||||||
|
|
||||||
|
set(TEST_CLIENT_ARGS
|
||||||
|
tlcp_client
|
||||||
|
-host 127.0.0.1
|
||||||
|
-port ${TEST_PORT}
|
||||||
|
-server_name localhost
|
||||||
|
-cacert sm2_root_ca_cert.pem
|
||||||
|
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||||
|
-in ${TEST_NAME}_message.txt)
|
||||||
|
|
||||||
|
if(TEST_CLIENT_CERT)
|
||||||
|
list(APPEND TEST_SERVER_ARGS
|
||||||
|
-cacert sm2_root_ca_cert.pem
|
||||||
|
-cert_request)
|
||||||
|
list(APPEND TEST_CLIENT_ARGS
|
||||||
|
-cert sm2_tls_client_certs.pem
|
||||||
|
-key sm2_tls_client_key.pem
|
||||||
|
-pass P@ssw0rd)
|
||||||
|
endif()
|
||||||
|
|
||||||
gmssl_run_tls_command_test(
|
gmssl_run_tls_command_test(
|
||||||
TEST_NAME ${TEST_NAME}
|
TEST_NAME ${TEST_NAME}
|
||||||
PORT ${TEST_PORT}
|
PORT ${TEST_PORT}
|
||||||
SERVER_ARGS
|
SERVER_ARGS ${TEST_SERVER_ARGS}
|
||||||
tlcp_server
|
CLIENT_ARGS ${TEST_CLIENT_ARGS}
|
||||||
-port ${TEST_PORT}
|
|
||||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
|
||||||
-cert sm2_tlcp_server_certs.pem
|
|
||||||
-key sm2_tlcp_server_keys.pem
|
|
||||||
-pass P@ssw0rd
|
|
||||||
CLIENT_ARGS
|
|
||||||
tlcp_client
|
|
||||||
-host 127.0.0.1
|
|
||||||
-port ${TEST_PORT}
|
|
||||||
-server_name localhost
|
|
||||||
-cacert sm2_root_ca_cert.pem
|
|
||||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
|
||||||
-in ${TEST_NAME}_message.txt
|
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -1025,7 +1025,7 @@ int tls13_ctx_set_key_update_seq_num_limit(TLS_CTX *ctx, size_t max_seq_num);
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
#define TLS_MAX_CERTIFICATES_SIZE 2048
|
#define TLS_MAX_CERTIFICATES_SIZE 4096
|
||||||
#define TLS_DEFAULT_VERIFY_DEPTH 4
|
#define TLS_DEFAULT_VERIFY_DEPTH 4
|
||||||
#define TLS_MAX_VERIFY_DEPTH 5
|
#define TLS_MAX_VERIFY_DEPTH 5
|
||||||
|
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ extern "C" {
|
|||||||
|
|
||||||
|
|
||||||
#define GMSSL_VERSION_NUM 30200
|
#define GMSSL_VERSION_NUM 30200
|
||||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1112"
|
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1113"
|
||||||
|
|
||||||
int gmssl_version_num(void);
|
int gmssl_version_num(void);
|
||||||
const char *gmssl_version_str(void);
|
const char *gmssl_version_str(void);
|
||||||
|
|||||||
@@ -15,29 +15,57 @@
|
|||||||
"\n"
|
"\n"
|
||||||
"Examples\n"
|
"Examples\n"
|
||||||
"\n"
|
"\n"
|
||||||
" gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n"
|
" gmssl sm2keygen -pass P@ssw0rd -out sm2_root_ca_key.pem\n"
|
||||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
" gmssl certgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 Test Root CA\" \\\n"
|
||||||
" gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n"
|
" -days 3650 -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_root_ca_cert.pem \\\n"
|
||||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n"
|
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||||
" gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 -out sm2cacert.pem\n"
|
|
||||||
"\n"
|
"\n"
|
||||||
" gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n"
|
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tlcp_ca_key.pem\n"
|
||||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n"
|
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLCP CA\" \\\n"
|
||||||
" gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 -out sm2signcert.pem\n"
|
" -key sm2_tlcp_ca_key.pem -pass P@ssw0rd -out sm2_tlcp_ca_req.pem\n"
|
||||||
|
" gmssl reqsign -in sm2_tlcp_ca_req.pem -days 1825 -key_usage keyCertSign \\\n"
|
||||||
|
" -key_usage cRLSign -path_len_constraint 0 -cacert sm2_root_ca_cert.pem \\\n"
|
||||||
|
" -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_tlcp_ca_cert.pem -ca\n"
|
||||||
"\n"
|
"\n"
|
||||||
" gmssl sm2keygen -pass 1234 -out sm2enckey.pem\n"
|
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tlcp_server_sign_key.pem\n"
|
||||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key sm2enckey.pem -pass 1234 -out sm2encreq.pem\n"
|
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLCP Server\" \\\n"
|
||||||
" gmssl reqsign -in sm2encreq.pem -days 365 -key_usage keyEncipherment -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 -out sm2enccert.pem\n"
|
" -key sm2_tlcp_server_sign_key.pem -pass P@ssw0rd -out sm2_tlcp_server_sign_req.pem\n"
|
||||||
|
" gmssl reqsign -in sm2_tlcp_server_sign_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||||
|
" -ext_key_usage serverAuth -subject_dns_name localhost -cacert sm2_tlcp_ca_cert.pem \\\n"
|
||||||
|
" -key sm2_tlcp_ca_key.pem -pass P@ssw0rd -out sm2_tlcp_server_sign_cert.pem\n"
|
||||||
|
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tlcp_server_enc_key.pem\n"
|
||||||
|
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLCP Server\" \\\n"
|
||||||
|
" -key sm2_tlcp_server_enc_key.pem -pass P@ssw0rd -out sm2_tlcp_server_enc_req.pem\n"
|
||||||
|
" gmssl reqsign -in sm2_tlcp_server_enc_req.pem -days 365 -key_usage keyEncipherment \\\n"
|
||||||
|
" -ext_key_usage serverAuth -subject_dns_name localhost -cacert sm2_tlcp_ca_cert.pem \\\n"
|
||||||
|
" -key sm2_tlcp_ca_key.pem -pass P@ssw0rd -out sm2_tlcp_server_enc_cert.pem\n"
|
||||||
"\n"
|
"\n"
|
||||||
" cat sm2signcert.pem > tlcpcert.pem\n"
|
" cat sm2_tlcp_server_sign_cert.pem > sm2_tlcp_server_certs.pem\n"
|
||||||
" cat sm2enccert.pem >> tlcpcert.pem\n"
|
" cat sm2_tlcp_server_enc_cert.pem >> sm2_tlcp_server_certs.pem\n"
|
||||||
" cat sm2cacert.pem >> tlcpcert.pem\n"
|
" cat sm2_tlcp_ca_cert.pem >> sm2_tlcp_server_certs.pem\n"
|
||||||
" cat sm2signkey.pem > tlcpkey.pem\n"
|
" cat sm2_tlcp_server_sign_key.pem > sm2_tlcp_server_keys.pem\n"
|
||||||
" cat sm2enckey.pem >> tlcpkey.pem\n"
|
" cat sm2_tlcp_server_enc_key.pem >> sm2_tlcp_server_keys.pem\n"
|
||||||
"\n"
|
"\n"
|
||||||
" gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cipher_suite TLS_ECC_SM4_CBC_SM3\n"
|
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_client_key.pem\n"
|
||||||
" gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3\n"
|
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS Client\" \\\n"
|
||||||
|
" -key sm2_tls_client_key.pem -pass P@ssw0rd -out sm2_tls_client_req.pem\n"
|
||||||
|
" gmssl reqsign -in sm2_tls_client_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||||
|
" -ext_key_usage clientAuth -cacert sm2_tlcp_ca_cert.pem -key sm2_tlcp_ca_key.pem \\\n"
|
||||||
|
" -pass P@ssw0rd -out sm2_tls_client_cert.pem\n"
|
||||||
|
" cat sm2_tls_client_cert.pem > sm2_tls_client_certs.pem\n"
|
||||||
|
" cat sm2_tlcp_ca_cert.pem >> sm2_tls_client_certs.pem\n"
|
||||||
"\n"
|
"\n"
|
||||||
" gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cacert sm2cacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3 -cert_request -verbose\n"
|
" printf 'hello tlcp\\n' > message.txt\n"
|
||||||
" gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3 -cert sm2signcert.pem -key sm2signkey.pem -pass 1234 -verbose\n"
|
"\n"
|
||||||
|
" gmssl tlcp_server -port 4431 -cert sm2_tlcp_server_certs.pem -key sm2_tlcp_server_keys.pem -pass P@ssw0rd \\\n"
|
||||||
|
" -cipher_suite TLS_ECC_SM4_CBC_SM3\n"
|
||||||
|
" gmssl tlcp_client -host 127.0.0.1 -port 4431 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||||
|
" -cipher_suite TLS_ECC_SM4_CBC_SM3 -in message.txt\n"
|
||||||
|
"\n"
|
||||||
|
" gmssl tlcp_server -port 4436 -cert sm2_tlcp_server_certs.pem -key sm2_tlcp_server_keys.pem -pass P@ssw0rd \\\n"
|
||||||
|
" -cipher_suite TLS_ECC_SM4_GCM_SM3 -cacert sm2_root_ca_cert.pem -cert_request\n"
|
||||||
|
" gmssl tlcp_client -host 127.0.0.1 -port 4436 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||||
|
" -cipher_suite TLS_ECC_SM4_GCM_SM3 \\\n"
|
||||||
|
" -cert sm2_tls_client_certs.pem -key sm2_tls_client_key.pem -pass P@ssw0rd \\\n"
|
||||||
|
" -in message.txt\n"
|
||||||
"\n"
|
"\n"
|
||||||
|
|||||||
Reference in New Issue
Block a user