commit 0b8d5dab1f5a53e7889b276193b7f4970770c3f9
author David Benjamin <davidben@google.com> Fri Jul 15 00:39:56 2016 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Sat Jul 16 08:29:11 2016 +0000
tree 30d7972dee20df732fefbef64078b26109c4c1a0
parent 7964b18da58431cf9b8c2f3b419485c5d4e7e04c

Add much more aggressive WrongMessageType tests.

Not only test that we can enforce the message type correctly (this is
currently in protocol-specific code though really should not be), but
also test that each individual message is checked correctly.

Change-Id: I5ed0f4033f011186f020ea46940160c7639f688b
Reviewed-on: https://boringssl-review.googlesource.com/8793
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/test/runner/runner.go

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index a222021..a0edf77 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1626,41 +1626,6 @@
 			expectedLocalError: "remote error: access denied",
 		},
 		{
-			name: "WrongMessageType",
-			config: Config{
-				MaxVersion: VersionTLS12,
-				Bugs: ProtocolBugs{
-					WrongCertificateMessageType: true,
-				},
-			},
-			shouldFail:         true,
-			expectedError:      ":UNEXPECTED_MESSAGE:",
-			expectedLocalError: "remote error: unexpected message",
-		},
-		{
-			name: "WrongMessageType-TLS13",
-			config: Config{
-				Bugs: ProtocolBugs{
-					WrongCertificateMessageType: true,
-				},
-			},
-			shouldFail:         true,
-			expectedError:      ":UNEXPECTED_MESSAGE:",
-			expectedLocalError: "remote error: unexpected message",
-		},
-		{
-			protocol: dtls,
-			name:     "WrongMessageType-DTLS",
-			config: Config{
-				Bugs: ProtocolBugs{
-					WrongCertificateMessageType: true,
-				},
-			},
-			shouldFail:         true,
-			expectedError:      ":UNEXPECTED_MESSAGE:",
-			expectedLocalError: "remote error: unexpected message",
-		},
-		{
 			protocol: dtls,
 			name:     "FragmentMessageTypeMismatch-DTLS",
 			config: Config{
@@ -6365,6 +6330,265 @@
 	})
 }
 
+func addWrongMessageTypeTests() {
+	for _, protocol := range []protocol{tls, dtls} {
+		var suffix string
+		if protocol == dtls {
+			suffix = "-DTLS"
+		}
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			testType: serverTest,
+			name:     "WrongMessageType-ClientHello" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeClientHello,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		if protocol == dtls {
+			testCases = append(testCases, testCase{
+				protocol: protocol,
+				name:     "WrongMessageType-HelloVerifyRequest" + suffix,
+				config: Config{
+					MaxVersion: VersionTLS12,
+					Bugs: ProtocolBugs{
+						SendWrongMessageType: typeHelloVerifyRequest,
+					},
+				},
+				shouldFail:         true,
+				expectedError:      ":UNEXPECTED_MESSAGE:",
+				expectedLocalError: "remote error: unexpected message",
+			})
+		}
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-ServerHello" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeServerHello,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-ServerCertificate" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeCertificate,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-CertificateStatus" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeCertificateStatus,
+				},
+			},
+			flags:              []string{"-enable-ocsp-stapling"},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-ServerKeyExchange" + suffix,
+			config: Config{
+				MaxVersion:   VersionTLS12,
+				CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeServerKeyExchange,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-CertificateRequest" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				ClientAuth: RequireAnyClientCert,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeCertificateRequest,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-ServerHelloDone" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeServerHelloDone,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			protocol: protocol,
+			name:     "WrongMessageType-ClientCertificate" + suffix,
+			config: Config{
+				Certificates: []Certificate{rsaCertificate},
+				MaxVersion:   VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeCertificate,
+				},
+			},
+			flags:              []string{"-require-any-client-certificate"},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			protocol: protocol,
+			name:     "WrongMessageType-CertificateVerify" + suffix,
+			config: Config{
+				Certificates: []Certificate{rsaCertificate},
+				MaxVersion:   VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeCertificateVerify,
+				},
+			},
+			flags:              []string{"-require-any-client-certificate"},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			protocol: protocol,
+			name:     "WrongMessageType-ClientKeyExchange" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeClientKeyExchange,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		if protocol != dtls {
+			testCases = append(testCases, testCase{
+				testType: serverTest,
+				protocol: protocol,
+				name:     "WrongMessageType-NextProtocol" + suffix,
+				config: Config{
+					MaxVersion: VersionTLS12,
+					NextProtos: []string{"bar"},
+					Bugs: ProtocolBugs{
+						SendWrongMessageType: typeNextProtocol,
+					},
+				},
+				flags:              []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
+				shouldFail:         true,
+				expectedError:      ":UNEXPECTED_MESSAGE:",
+				expectedLocalError: "remote error: unexpected message",
+			})
+
+			testCases = append(testCases, testCase{
+				testType: serverTest,
+				protocol: protocol,
+				name:     "WrongMessageType-ChannelID" + suffix,
+				config: Config{
+					MaxVersion: VersionTLS12,
+					ChannelID:  channelIDKey,
+					Bugs: ProtocolBugs{
+						SendWrongMessageType: typeChannelID,
+					},
+				},
+				flags: []string{
+					"-expect-channel-id",
+					base64.StdEncoding.EncodeToString(channelIDBytes),
+				},
+				shouldFail:         true,
+				expectedError:      ":UNEXPECTED_MESSAGE:",
+				expectedLocalError: "remote error: unexpected message",
+			})
+		}
+
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			protocol: protocol,
+			name:     "WrongMessageType-ClientFinished" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeFinished,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-NewSessionTicket" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeNewSessionTicket,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+		testCases = append(testCases, testCase{
+			protocol: protocol,
+			name:     "WrongMessageType-ServerFinished" + suffix,
+			config: Config{
+				MaxVersion: VersionTLS12,
+				Bugs: ProtocolBugs{
+					SendWrongMessageType: typeFinished,
+				},
+			},
+			shouldFail:         true,
+			expectedError:      ":UNEXPECTED_MESSAGE:",
+			expectedLocalError: "remote error: unexpected message",
+		})
+
+	}
+}
+
 func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
 	defer wg.Done()
 
@@ -6469,6 +6693,7 @@
 	addTLS13RecordTests()
 	addAllStateMachineCoverageTests()
 	addChangeCipherSpecTests()
+	addWrongMessageTypeTests()
 
 	var wg sync.WaitGroup