diff --git a/apps/emqx_psk/test/emqx_psk_SUITE.erl b/apps/emqx_psk/test/emqx_psk_SUITE.erl index 816562a26..af19cae38 100644 --- a/apps/emqx_psk/test/emqx_psk_SUITE.erl +++ b/apps/emqx_psk/test/emqx_psk_SUITE.erl @@ -24,8 +24,13 @@ -define(CR, 13). -define(LF, 10). -all() -> - emqx_common_test_helpers:all(?MODULE). +all() -> [{group, normal}, {group, ciphers}]. + +groups() -> + [ + {normal, [], emqx_common_test_helpers:all(?MODULE)}, + {ciphers, [], [ciphers_test]} + ]. init_per_suite(Config) -> meck:new(emqx_config, [non_strict, passthrough, no_history, no_link]), @@ -128,3 +133,47 @@ t_trim_crlf(_) -> ?assertEqual(Bin, emqx_psk:trim_crlf(Bin)), ?assertEqual(Bin, emqx_psk:trim_crlf(<>)), ?assertEqual(Bin, emqx_psk:trim_crlf(<>)). + +ciphers_test(Config) -> + Ciphers = [ + "PSK-AES256-GCM-SHA384", + "PSK-AES128-GCM-SHA256", + "PSK-AES256-CBC-SHA384", + "PSK-AES256-CBC-SHA", + "PSK-AES128-CBC-SHA256", + "PSK-AES128-CBC-SHA" + ], + lists:foreach(fun(Cipher) -> cipher_test(Cipher, Config) end, Ciphers). + +cipher_test(Cipher, _) -> + ct:pal("Test PSK with Cipher:~p~n", [Cipher]), + PSKIdentity1 = "myclient1", + SharedSecret1 = <<"8c701116e9127c57a99d5563709af3deaca75563e2c4dd0865701ae839fb6d79">>, + + ClientLookup = fun + (psk, undefined, _) -> {ok, SharedSecret1}; + (psk, _, _) -> error + end, + + ClientTLSOpts = #{ + versions => ['tlsv1.2'], + ciphers => [Cipher], + psk_identity => PSKIdentity1, + verify => verify_none, + user_lookup_fun => {ClientLookup, undefined} + }, + + ServerTLSOpts = #{ + versions => ['tlsv1.2'], + ciphers => [Cipher], + verify => verify_none, + reuseaddr => true, + user_lookup_fun => {fun emqx_tls_psk:lookup/3, undefined} + }, + emqx_config:put([listeners, ssl, default, ssl_options], ServerTLSOpts), + emqx_listeners:restart_listener('ssl:default'), + + {ok, Socket} = ssl:connect("127.0.0.1", 8883, maps:to_list(ClientTLSOpts)), + ssl:close(Socket), + + ok.