Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 4c60d356a926b68ac20e8090755799e1525874f0 / . / ssl / test / runner / runner.go
blob: 819f1eadd568d34f2763ecb6e221621ca9441a4a [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1package main
2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
30 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
31 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
32 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
33 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
34 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]35 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
36 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
37 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
38 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]39)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]40
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]41const (
42 rsaCertificateFile = "cert.pem"
43 ecdsaCertificateFile = "ecdsa_cert.pem"
44)
45
46const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]47 rsaKeyFile = "key.pem"
48 ecdsaKeyFile = "ecdsa_key.pem"
49 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]50)
51
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]52var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]53var channelIDKey *ecdsa.PrivateKey
54var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]55
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]56var testOCSPResponse = []byte{1, 2, 3, 4}
57var testSCTList = []byte{5, 6, 7, 8}
58
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]59func initCertificates() {
60 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]61 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]62 if err != nil {
63 panic(err)
64 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]65 rsaCertificate.OCSPStaple = testOCSPResponse
66 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]67
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]68 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]69 if err != nil {
70 panic(err)
71 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]72 ecdsaCertificate.OCSPStaple = testOCSPResponse
73 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]74
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]75 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]76 if err != nil {
77 panic(err)
78 }
79 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
80 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
81 panic("bad key type")
82 }
83 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
84 if err != nil {
85 panic(err)
86 }
87 if channelIDKey.Curve != elliptic.P256() {
88 panic("bad curve")
89 }
90
91 channelIDBytes = make([]byte, 64)
92 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
93 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]94}
95
96var certificateOnce sync.Once
97
98func getRSACertificate() Certificate {
99 certificateOnce.Do(initCertificates)
100 return rsaCertificate
101}
102
103func getECDSACertificate() Certificate {
104 certificateOnce.Do(initCertificates)
105 return ecdsaCertificate
106}
107
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]108type testType int
109
110const (
111 clientTest testType = iota
112 serverTest
113)
114
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]115type protocol int
116
117const (
118 tls protocol = iota
119 dtls
120)
121
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]122const (
123 alpn = 1
124 npn = 2
125)
126
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]127type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]128 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]129 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]130 name string
131 config Config
132 shouldFail bool
133 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]134 // expectedLocalError, if not empty, contains a substring that must be
135 // found in the local error.
136 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]137 // expectedVersion, if non-zero, specifies the TLS version that must be
138 // negotiated.
139 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]140 // expectedResumeVersion, if non-zero, specifies the TLS version that
141 // must be negotiated on resumption. If zero, expectedVersion is used.
142 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]143 // expectedCipher, if non-zero, specifies the TLS cipher suite that
144 // should be negotiated.
145 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]146 // expectChannelID controls whether the connection should have
147 // negotiated a Channel ID with channelIDKey.
148 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]149 // expectedNextProto controls whether the connection should
150 // negotiate a next protocol via NPN or ALPN.
151 expectedNextProto string
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]152 // expectedNextProtoType, if non-zero, is the expected next
153 // protocol negotiation mechanism.
154 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]155 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
156 // should be negotiated. If zero, none should be negotiated.
157 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]158 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
159 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]160 // expectedSCTList, if not nil, is the expected SCT list to be received.
161 expectedSCTList []uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]162 // messageLen is the length, in bytes, of the test message that will be
163 // sent.
164 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]165 // messageCount is the number of test messages that will be sent.
166 messageCount int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]167 // certFile is the path to the certificate to use for the server.
168 certFile string
169 // keyFile is the path to the private key to use for the server.
170 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]171 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]172 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]173 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]174 // expectResumeRejected, if true, specifies that the attempted
175 // resumption must be rejected by the client. This is only valid for a
176 // serverTest.
177 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]178 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]179 // resumption. Unless newSessionsOnResume is set,
180 // SessionTicketKey, ServerSessionCache, and
181 // ClientSessionCache are copied from the initial connection's
182 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]183 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]184 // newSessionsOnResume, if true, will cause resumeConfig to
185 // use a different session resumption context.
186 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]187 // noSessionCache, if true, will cause the server to run without a
188 // session cache.
189 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]190 // sendPrefix sends a prefix on the socket before actually performing a
191 // handshake.
192 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]193 // shimWritesFirst controls whether the shim sends an initial "hello"
194 // message before doing a roundtrip with the runner.
195 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]196 // shimShutsDown, if true, runs a test where the shim shuts down the
197 // connection immediately after the handshake rather than echoing
198 // messages from the runner.
199 shimShutsDown bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]200 // renegotiate indicates the the connection should be renegotiated
201 // during the exchange.
202 renegotiate bool
203 // renegotiateCiphers is a list of ciphersuite ids that will be
204 // switched in just before renegotiation.
205 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]206 // replayWrites, if true, configures the underlying transport
207 // to replay every write it makes in DTLS tests.
208 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]209 // damageFirstWrite, if true, configures the underlying transport to
210 // damage the final byte of the first application data write.
211 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]212 // exportKeyingMaterial, if non-zero, configures the test to exchange
213 // keying material and verify they match.
214 exportKeyingMaterial int
215 exportLabel string
216 exportContext string
217 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]218 // flags, if not empty, contains a list of command-line flags that will
219 // be passed to the shim program.
220 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]221 // testTLSUnique, if true, causes the shim to send the tls-unique value
222 // which will be compared against the expected value.
223 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]224 // sendEmptyRecords is the number of consecutive empty records to send
225 // before and after the test message.
226 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]227 // sendWarningAlerts is the number of consecutive warning alerts to send
228 // before and after the test message.
229 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]230 // expectMessageDropped, if true, means the test message is expected to
231 // be dropped by the client rather than echoed back.
232 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]233}
234
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]235var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]236
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]237func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]238 var connDebug *recordingConn
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]239 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]240 if *flagDebug {
241 connDebug = &recordingConn{Conn: conn}
242 conn = connDebug
243 defer func() {
244 connDebug.WriteTo(os.Stdout)
245 }()
246 }
247
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]248 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]249 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
250 conn = config.Bugs.PacketAdaptor
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]251 if test.replayWrites {
252 conn = newReplayAdaptor(conn)
253 }
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]254 }
255
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]256 if test.damageFirstWrite {
257 connDamage = newDamageAdaptor(conn)
258 conn = connDamage
259 }
260
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]261 if test.sendPrefix != "" {
262 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
263 return err
264 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]265 }
266
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]267 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]268 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]269 if test.protocol == dtls {
270 tlsConn = DTLSServer(conn, config)
271 } else {
272 tlsConn = Server(conn, config)
273 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]274 } else {
275 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]276 if test.protocol == dtls {
277 tlsConn = DTLSClient(conn, config)
278 } else {
279 tlsConn = Client(conn, config)
280 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]281 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]282 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]283
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]284 if err := tlsConn.Handshake(); err != nil {
285 return err
286 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]287
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]288 // TODO(davidben): move all per-connection expectations into a dedicated
289 // expectations struct that can be specified separately for the two
290 // legs.
291 expectedVersion := test.expectedVersion
292 if isResume && test.expectedResumeVersion != 0 {
293 expectedVersion = test.expectedResumeVersion
294 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]295 connState := tlsConn.ConnectionState()
296 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]297 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]298 }
299
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]300 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]301 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
302 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]303 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
304 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
305 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]306
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]307 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]308 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]309 if channelID == nil {
310 return fmt.Errorf("no channel ID negotiated")
311 }
312 if channelID.Curve != channelIDKey.Curve ||
313 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
314 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
315 return fmt.Errorf("incorrect channel ID")
316 }
317 }
318
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]319 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]320 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]321 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
322 }
323 }
324
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]325 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]326 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]327 return fmt.Errorf("next proto type mismatch")
328 }
329 }
330
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]331 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]332 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
333 }
334
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]335 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
336 return fmt.Errorf("OCSP Response mismatch")
337 }
338
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]339 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
340 return fmt.Errorf("SCT list mismatch")
341 }
342
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]343 if test.exportKeyingMaterial > 0 {
344 actual := make([]byte, test.exportKeyingMaterial)
345 if _, err := io.ReadFull(tlsConn, actual); err != nil {
346 return err
347 }
348 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
349 if err != nil {
350 return err
351 }
352 if !bytes.Equal(actual, expected) {
353 return fmt.Errorf("keying material mismatch")
354 }
355 }
356
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]357 if test.testTLSUnique {
358 var peersValue [12]byte
359 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
360 return err
361 }
362 expected := tlsConn.ConnectionState().TLSUnique
363 if !bytes.Equal(peersValue[:], expected) {
364 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
365 }
366 }
367
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]368 if test.shimWritesFirst {
369 var buf [5]byte
370 _, err := io.ReadFull(tlsConn, buf[:])
371 if err != nil {
372 return err
373 }
374 if string(buf[:]) != "hello" {
375 return fmt.Errorf("bad initial message")
376 }
377 }
378
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]379 for i := 0; i < test.sendEmptyRecords; i++ {
380 tlsConn.Write(nil)
381 }
382
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]383 for i := 0; i < test.sendWarningAlerts; i++ {
384 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
385 }
386
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]387 if test.renegotiate {
388 if test.renegotiateCiphers != nil {
389 config.CipherSuites = test.renegotiateCiphers
390 }
391 if err := tlsConn.Renegotiate(); err != nil {
392 return err
393 }
394 } else if test.renegotiateCiphers != nil {
395 panic("renegotiateCiphers without renegotiate")
396 }
397
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]398 if test.damageFirstWrite {
399 connDamage.setDamage(true)
400 tlsConn.Write([]byte("DAMAGED WRITE"))
401 connDamage.setDamage(false)
402 }
403
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]404 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]405 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]406 if test.protocol == dtls {
407 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
408 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]409 // Read until EOF.
410 _, err := io.Copy(ioutil.Discard, tlsConn)
411 return err
412 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]413 if messageLen == 0 {
414 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]415 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]416
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]417 messageCount := test.messageCount
418 if messageCount == 0 {
419 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]420 }
421
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]422 for j := 0; j < messageCount; j++ {
423 testMessage := make([]byte, messageLen)
424 for i := range testMessage {
425 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]426 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]427 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]428
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]429 for i := 0; i < test.sendEmptyRecords; i++ {
430 tlsConn.Write(nil)
431 }
432
433 for i := 0; i < test.sendWarningAlerts; i++ {
434 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
435 }
436
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]437 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]438 // The shim will not respond.
439 continue
440 }
441
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]442 buf := make([]byte, len(testMessage))
443 if test.protocol == dtls {
444 bufTmp := make([]byte, len(buf)+1)
445 n, err := tlsConn.Read(bufTmp)
446 if err != nil {
447 return err
448 }
449 if n != len(buf) {
450 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
451 }
452 copy(buf, bufTmp)
453 } else {
454 _, err := io.ReadFull(tlsConn, buf)
455 if err != nil {
456 return err
457 }
458 }
459
460 for i, v := range buf {
461 if v != testMessage[i]^0xff {
462 return fmt.Errorf("bad reply contents at byte %d", i)
463 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]464 }
465 }
466
467 return nil
468}
469
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]470func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
471 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]472 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]473 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]474 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]475 valgrindArgs = append(valgrindArgs, path)
476 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]477
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]478 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]479}
480
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]481func gdbOf(path string, args ...string) *exec.Cmd {
482 xtermArgs := []string{"-e", "gdb", "--args"}
483 xtermArgs = append(xtermArgs, path)
484 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]485
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]486 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]487}
488
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]489type moreMallocsError struct{}
490
491func (moreMallocsError) Error() string {
492 return "child process did not exhaust all allocation calls"
493}
494
495var errMoreMallocs = moreMallocsError{}
496
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]497// accept accepts a connection from listener, unless waitChan signals a process
498// exit first.
499func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
500 type connOrError struct {
501 conn net.Conn
502 err error
503 }
504 connChan := make(chan connOrError, 1)
505 go func() {
506 conn, err := listener.Accept()
507 connChan <- connOrError{conn, err}
508 close(connChan)
509 }()
510 select {
511 case result := <-connChan:
512 return result.conn, result.err
513 case childErr := <-waitChan:
514 waitChan <- childErr
515 return nil, fmt.Errorf("child exited early: %s", childErr)
516 }
517}
518
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]519func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]520 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
521 panic("Error expected without shouldFail in " + test.name)
522 }
523
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]524 if test.expectResumeRejected && !test.resumeSession {
525 panic("expectResumeRejected without resumeSession in " + test.name)
526 }
527
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]528 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
529 if err != nil {
530 panic(err)
531 }
532 defer func() {
533 if listener != nil {
534 listener.Close()
535 }
536 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]537
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]538 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]539 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]540 flags = append(flags, "-server")
541
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]542 flags = append(flags, "-key-file")
543 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]544 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]545 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]546 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]547 }
548
549 flags = append(flags, "-cert-file")
550 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]551 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]552 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]553 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]554 }
555 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]556
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]557 if test.protocol == dtls {
558 flags = append(flags, "-dtls")
559 }
560
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]561 if test.resumeSession {
562 flags = append(flags, "-resume")
563 }
564
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]565 if test.shimWritesFirst {
566 flags = append(flags, "-shim-writes-first")
567 }
568
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]569 if test.shimShutsDown {
570 flags = append(flags, "-shim-shuts-down")
571 }
572
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]573 if test.exportKeyingMaterial > 0 {
574 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
575 flags = append(flags, "-export-label", test.exportLabel)
576 flags = append(flags, "-export-context", test.exportContext)
577 if test.useExportContext {
578 flags = append(flags, "-use-export-context")
579 }
580 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]581 if test.expectResumeRejected {
582 flags = append(flags, "-expect-session-miss")
583 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]584
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]585 if test.testTLSUnique {
586 flags = append(flags, "-tls-unique")
587 }
588
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]589 flags = append(flags, test.flags...)
590
591 var shim *exec.Cmd
592 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]593 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]594 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]595 shim = gdbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]596 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]597 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]598 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]599 shim.Stdin = os.Stdin
600 var stdoutBuf, stderrBuf bytes.Buffer
601 shim.Stdout = &stdoutBuf
602 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]603 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]604 shim.Env = os.Environ()
605 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]606 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]607 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]608 }
609 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
610 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]611
612 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]613 panic(err)
614 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]615 waitChan := make(chan error, 1)
616 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]617
618 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]619 if !test.noSessionCache {
620 config.ClientSessionCache = NewLRUClientSessionCache(1)
621 config.ServerSessionCache = NewLRUServerSessionCache(1)
622 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]623 if test.testType == clientTest {
624 if len(config.Certificates) == 0 {
625 config.Certificates = []Certificate{getRSACertificate()}
626 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]627 } else {
628 // Supply a ServerName to ensure a constant session cache key,
629 // rather than falling back to net.Conn.RemoteAddr.
630 if len(config.ServerName) == 0 {
631 config.ServerName = "test"
632 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]633 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]634
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]635 conn, err := acceptOrWait(listener, waitChan)
636 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]637 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]638 conn.Close()
639 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]640
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]641 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]642 var resumeConfig Config
643 if test.resumeConfig != nil {
644 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]645 if len(resumeConfig.ServerName) == 0 {
646 resumeConfig.ServerName = config.ServerName
647 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]648 if len(resumeConfig.Certificates) == 0 {
649 resumeConfig.Certificates = []Certificate{getRSACertificate()}
650 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]651 if test.newSessionsOnResume {
652 if !test.noSessionCache {
653 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
654 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
655 }
656 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]657 resumeConfig.SessionTicketKey = config.SessionTicketKey
658 resumeConfig.ClientSessionCache = config.ClientSessionCache
659 resumeConfig.ServerSessionCache = config.ServerSessionCache
660 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]661 } else {
662 resumeConfig = config
663 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]664 var connResume net.Conn
665 connResume, err = acceptOrWait(listener, waitChan)
666 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]667 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]668 connResume.Close()
669 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]670 }
671
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]672 // Close the listener now. This is to avoid hangs should the shim try to
673 // open more connections than expected.
674 listener.Close()
675 listener = nil
676
677 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]678 if exitError, ok := childErr.(*exec.ExitError); ok {
679 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
680 return errMoreMallocs
681 }
682 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]683
684 stdout := string(stdoutBuf.Bytes())
685 stderr := string(stderrBuf.Bytes())
686 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]687 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]688 localError := "none"
689 if err != nil {
690 localError = err.Error()
691 }
692 if len(test.expectedLocalError) != 0 {
693 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
694 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]695
696 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]697 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]698 if childErr != nil {
699 childError = childErr.Error()
700 }
701
702 var msg string
703 switch {
704 case failed && !test.shouldFail:
705 msg = "unexpected failure"
706 case !failed && test.shouldFail:
707 msg = "unexpected success"
708 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]709 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]710 default:
711 panic("internal error")
712 }
713
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]714 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]715 }
716
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]717 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]718 println(stderr)
719 }
720
721 return nil
722}
723
724var tlsVersions = []struct {
725 name string
726 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]727 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]728 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]729}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]730 {"SSL3", VersionSSL30, "-no-ssl3", false},
731 {"TLS1", VersionTLS10, "-no-tls1", true},
732 {"TLS11", VersionTLS11, "-no-tls11", false},
733 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]734}
735
736var testCipherSuites = []struct {
737 name string
738 id uint16
739}{
740 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]741 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]742 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]743 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]744 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]745 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]746 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]747 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
748 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]749 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]750 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
751 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]752 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]753 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
754 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]755 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
756 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]757 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]758 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]759 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]760 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]761 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]762 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]763 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]764 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]765 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]766 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]767 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]768 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]769 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
770 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]771 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
772 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]773 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]774 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]775 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]776 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]777}
778
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]779func hasComponent(suiteName, component string) bool {
780 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
781}
782
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]783func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]784 return hasComponent(suiteName, "GCM") ||
785 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]786 hasComponent(suiteName, "SHA384") ||
787 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]788}
789
790func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]791 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]792}
793
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]794func bigFromHex(hex string) *big.Int {
795 ret, ok := new(big.Int).SetString(hex, 16)
796 if !ok {
797 panic("failed to parse hex number 0x" + hex)
798 }
799 return ret
800}
801
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]802func addBasicTests() {
803 basicTests := []testCase{
804 {
805 name: "BadRSASignature",
806 config: Config{
807 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
808 Bugs: ProtocolBugs{
809 InvalidSKXSignature: true,
810 },
811 },
812 shouldFail: true,
813 expectedError: ":BAD_SIGNATURE:",
814 },
815 {
816 name: "BadECDSASignature",
817 config: Config{
818 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
819 Bugs: ProtocolBugs{
820 InvalidSKXSignature: true,
821 },
822 Certificates: []Certificate{getECDSACertificate()},
823 },
824 shouldFail: true,
825 expectedError: ":BAD_SIGNATURE:",
826 },
827 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]828 testType: serverTest,
829 name: "BadRSASignature-ClientAuth",
830 config: Config{
831 Bugs: ProtocolBugs{
832 InvalidCertVerifySignature: true,
833 },
834 Certificates: []Certificate{getRSACertificate()},
835 },
836 shouldFail: true,
837 expectedError: ":BAD_SIGNATURE:",
838 flags: []string{"-require-any-client-certificate"},
839 },
840 {
841 testType: serverTest,
842 name: "BadECDSASignature-ClientAuth",
843 config: Config{
844 Bugs: ProtocolBugs{
845 InvalidCertVerifySignature: true,
846 },
847 Certificates: []Certificate{getECDSACertificate()},
848 },
849 shouldFail: true,
850 expectedError: ":BAD_SIGNATURE:",
851 flags: []string{"-require-any-client-certificate"},
852 },
853 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]854 name: "BadECDSACurve",
855 config: Config{
856 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
857 Bugs: ProtocolBugs{
858 InvalidSKXCurve: true,
859 },
860 Certificates: []Certificate{getECDSACertificate()},
861 },
862 shouldFail: true,
863 expectedError: ":WRONG_CURVE:",
864 },
865 {
866 testType: serverTest,
867 name: "BadRSAVersion",
868 config: Config{
869 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
870 Bugs: ProtocolBugs{
871 RsaClientKeyExchangeVersion: VersionTLS11,
872 },
873 },
874 shouldFail: true,
875 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
876 },
877 {
878 name: "NoFallbackSCSV",
879 config: Config{
880 Bugs: ProtocolBugs{
881 FailIfNotFallbackSCSV: true,
882 },
883 },
884 shouldFail: true,
885 expectedLocalError: "no fallback SCSV found",
886 },
887 {
888 name: "SendFallbackSCSV",
889 config: Config{
890 Bugs: ProtocolBugs{
891 FailIfNotFallbackSCSV: true,
892 },
893 },
894 flags: []string{"-fallback-scsv"},
895 },
896 {
897 name: "ClientCertificateTypes",
898 config: Config{
899 ClientAuth: RequestClientCert,
900 ClientCertificateTypes: []byte{
901 CertTypeDSSSign,
902 CertTypeRSASign,
903 CertTypeECDSASign,
904 },
905 },
906 flags: []string{
907 "-expect-certificate-types",
908 base64.StdEncoding.EncodeToString([]byte{
909 CertTypeDSSSign,
910 CertTypeRSASign,
911 CertTypeECDSASign,
912 }),
913 },
914 },
915 {
916 name: "NoClientCertificate",
917 config: Config{
918 ClientAuth: RequireAnyClientCert,
919 },
920 shouldFail: true,
921 expectedLocalError: "client didn't provide a certificate",
922 },
923 {
924 name: "UnauthenticatedECDH",
925 config: Config{
926 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
927 Bugs: ProtocolBugs{
928 UnauthenticatedECDH: true,
929 },
930 },
931 shouldFail: true,
932 expectedError: ":UNEXPECTED_MESSAGE:",
933 },
934 {
935 name: "SkipCertificateStatus",
936 config: Config{
937 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
938 Bugs: ProtocolBugs{
939 SkipCertificateStatus: true,
940 },
941 },
942 flags: []string{
943 "-enable-ocsp-stapling",
944 },
945 },
946 {
947 name: "SkipServerKeyExchange",
948 config: Config{
949 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
950 Bugs: ProtocolBugs{
951 SkipServerKeyExchange: true,
952 },
953 },
954 shouldFail: true,
955 expectedError: ":UNEXPECTED_MESSAGE:",
956 },
957 {
958 name: "SkipChangeCipherSpec-Client",
959 config: Config{
960 Bugs: ProtocolBugs{
961 SkipChangeCipherSpec: true,
962 },
963 },
964 shouldFail: true,
965 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
966 },
967 {
968 testType: serverTest,
969 name: "SkipChangeCipherSpec-Server",
970 config: Config{
971 Bugs: ProtocolBugs{
972 SkipChangeCipherSpec: true,
973 },
974 },
975 shouldFail: true,
976 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
977 },
978 {
979 testType: serverTest,
980 name: "SkipChangeCipherSpec-Server-NPN",
981 config: Config{
982 NextProtos: []string{"bar"},
983 Bugs: ProtocolBugs{
984 SkipChangeCipherSpec: true,
985 },
986 },
987 flags: []string{
988 "-advertise-npn", "\x03foo\x03bar\x03baz",
989 },
990 shouldFail: true,
991 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
992 },
993 {
994 name: "FragmentAcrossChangeCipherSpec-Client",
995 config: Config{
996 Bugs: ProtocolBugs{
997 FragmentAcrossChangeCipherSpec: true,
998 },
999 },
1000 shouldFail: true,
1001 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
1002 },
1003 {
1004 testType: serverTest,
1005 name: "FragmentAcrossChangeCipherSpec-Server",
1006 config: Config{
1007 Bugs: ProtocolBugs{
1008 FragmentAcrossChangeCipherSpec: true,
1009 },
1010 },
1011 shouldFail: true,
1012 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
1013 },
1014 {
1015 testType: serverTest,
1016 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1017 config: Config{
1018 NextProtos: []string{"bar"},
1019 Bugs: ProtocolBugs{
1020 FragmentAcrossChangeCipherSpec: true,
1021 },
1022 },
1023 flags: []string{
1024 "-advertise-npn", "\x03foo\x03bar\x03baz",
1025 },
1026 shouldFail: true,
1027 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
1028 },
1029 {
1030 testType: serverTest,
1031 name: "Alert",
1032 config: Config{
1033 Bugs: ProtocolBugs{
1034 SendSpuriousAlert: alertRecordOverflow,
1035 },
1036 },
1037 shouldFail: true,
1038 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1039 },
1040 {
1041 protocol: dtls,
1042 testType: serverTest,
1043 name: "Alert-DTLS",
1044 config: Config{
1045 Bugs: ProtocolBugs{
1046 SendSpuriousAlert: alertRecordOverflow,
1047 },
1048 },
1049 shouldFail: true,
1050 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1051 },
1052 {
1053 testType: serverTest,
1054 name: "FragmentAlert",
1055 config: Config{
1056 Bugs: ProtocolBugs{
1057 FragmentAlert: true,
1058 SendSpuriousAlert: alertRecordOverflow,
1059 },
1060 },
1061 shouldFail: true,
1062 expectedError: ":BAD_ALERT:",
1063 },
1064 {
1065 protocol: dtls,
1066 testType: serverTest,
1067 name: "FragmentAlert-DTLS",
1068 config: Config{
1069 Bugs: ProtocolBugs{
1070 FragmentAlert: true,
1071 SendSpuriousAlert: alertRecordOverflow,
1072 },
1073 },
1074 shouldFail: true,
1075 expectedError: ":BAD_ALERT:",
1076 },
1077 {
1078 testType: serverTest,
1079 name: "EarlyChangeCipherSpec-server-1",
1080 config: Config{
1081 Bugs: ProtocolBugs{
1082 EarlyChangeCipherSpec: 1,
1083 },
1084 },
1085 shouldFail: true,
1086 expectedError: ":CCS_RECEIVED_EARLY:",
1087 },
1088 {
1089 testType: serverTest,
1090 name: "EarlyChangeCipherSpec-server-2",
1091 config: Config{
1092 Bugs: ProtocolBugs{
1093 EarlyChangeCipherSpec: 2,
1094 },
1095 },
1096 shouldFail: true,
1097 expectedError: ":CCS_RECEIVED_EARLY:",
1098 },
1099 {
1100 name: "SkipNewSessionTicket",
1101 config: Config{
1102 Bugs: ProtocolBugs{
1103 SkipNewSessionTicket: true,
1104 },
1105 },
1106 shouldFail: true,
1107 expectedError: ":CCS_RECEIVED_EARLY:",
1108 },
1109 {
1110 testType: serverTest,
1111 name: "FallbackSCSV",
1112 config: Config{
1113 MaxVersion: VersionTLS11,
1114 Bugs: ProtocolBugs{
1115 SendFallbackSCSV: true,
1116 },
1117 },
1118 shouldFail: true,
1119 expectedError: ":INAPPROPRIATE_FALLBACK:",
1120 },
1121 {
1122 testType: serverTest,
1123 name: "FallbackSCSV-VersionMatch",
1124 config: Config{
1125 Bugs: ProtocolBugs{
1126 SendFallbackSCSV: true,
1127 },
1128 },
1129 },
1130 {
1131 testType: serverTest,
1132 name: "FragmentedClientVersion",
1133 config: Config{
1134 Bugs: ProtocolBugs{
1135 MaxHandshakeRecordLength: 1,
1136 FragmentClientVersion: true,
1137 },
1138 },
1139 expectedVersion: VersionTLS12,
1140 },
1141 {
1142 testType: serverTest,
1143 name: "MinorVersionTolerance",
1144 config: Config{
1145 Bugs: ProtocolBugs{
1146 SendClientVersion: 0x03ff,
1147 },
1148 },
1149 expectedVersion: VersionTLS12,
1150 },
1151 {
1152 testType: serverTest,
1153 name: "MajorVersionTolerance",
1154 config: Config{
1155 Bugs: ProtocolBugs{
1156 SendClientVersion: 0x0400,
1157 },
1158 },
1159 expectedVersion: VersionTLS12,
1160 },
1161 {
1162 testType: serverTest,
1163 name: "VersionTooLow",
1164 config: Config{
1165 Bugs: ProtocolBugs{
1166 SendClientVersion: 0x0200,
1167 },
1168 },
1169 shouldFail: true,
1170 expectedError: ":UNSUPPORTED_PROTOCOL:",
1171 },
1172 {
1173 testType: serverTest,
1174 name: "HttpGET",
1175 sendPrefix: "GET / HTTP/1.0\n",
1176 shouldFail: true,
1177 expectedError: ":HTTP_REQUEST:",
1178 },
1179 {
1180 testType: serverTest,
1181 name: "HttpPOST",
1182 sendPrefix: "POST / HTTP/1.0\n",
1183 shouldFail: true,
1184 expectedError: ":HTTP_REQUEST:",
1185 },
1186 {
1187 testType: serverTest,
1188 name: "HttpHEAD",
1189 sendPrefix: "HEAD / HTTP/1.0\n",
1190 shouldFail: true,
1191 expectedError: ":HTTP_REQUEST:",
1192 },
1193 {
1194 testType: serverTest,
1195 name: "HttpPUT",
1196 sendPrefix: "PUT / HTTP/1.0\n",
1197 shouldFail: true,
1198 expectedError: ":HTTP_REQUEST:",
1199 },
1200 {
1201 testType: serverTest,
1202 name: "HttpCONNECT",
1203 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1204 shouldFail: true,
1205 expectedError: ":HTTPS_PROXY_REQUEST:",
1206 },
1207 {
1208 testType: serverTest,
1209 name: "Garbage",
1210 sendPrefix: "blah",
1211 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1212 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1213 },
1214 {
1215 name: "SkipCipherVersionCheck",
1216 config: Config{
1217 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1218 MaxVersion: VersionTLS11,
1219 Bugs: ProtocolBugs{
1220 SkipCipherVersionCheck: true,
1221 },
1222 },
1223 shouldFail: true,
1224 expectedError: ":WRONG_CIPHER_RETURNED:",
1225 },
1226 {
1227 name: "RSAEphemeralKey",
1228 config: Config{
1229 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1230 Bugs: ProtocolBugs{
1231 RSAEphemeralKey: true,
1232 },
1233 },
1234 shouldFail: true,
1235 expectedError: ":UNEXPECTED_MESSAGE:",
1236 },
1237 {
1238 name: "DisableEverything",
1239 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1240 shouldFail: true,
1241 expectedError: ":WRONG_SSL_VERSION:",
1242 },
1243 {
1244 protocol: dtls,
1245 name: "DisableEverything-DTLS",
1246 flags: []string{"-no-tls12", "-no-tls1"},
1247 shouldFail: true,
1248 expectedError: ":WRONG_SSL_VERSION:",
1249 },
1250 {
1251 name: "NoSharedCipher",
1252 config: Config{
1253 CipherSuites: []uint16{},
1254 },
1255 shouldFail: true,
1256 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1257 },
1258 {
1259 protocol: dtls,
1260 testType: serverTest,
1261 name: "MTU",
1262 config: Config{
1263 Bugs: ProtocolBugs{
1264 MaxPacketLength: 256,
1265 },
1266 },
1267 flags: []string{"-mtu", "256"},
1268 },
1269 {
1270 protocol: dtls,
1271 testType: serverTest,
1272 name: "MTUExceeded",
1273 config: Config{
1274 Bugs: ProtocolBugs{
1275 MaxPacketLength: 255,
1276 },
1277 },
1278 flags: []string{"-mtu", "256"},
1279 shouldFail: true,
1280 expectedLocalError: "dtls: exceeded maximum packet length",
1281 },
1282 {
1283 name: "CertMismatchRSA",
1284 config: Config{
1285 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1286 Certificates: []Certificate{getECDSACertificate()},
1287 Bugs: ProtocolBugs{
1288 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1289 },
1290 },
1291 shouldFail: true,
1292 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1293 },
1294 {
1295 name: "CertMismatchECDSA",
1296 config: Config{
1297 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1298 Certificates: []Certificate{getRSACertificate()},
1299 Bugs: ProtocolBugs{
1300 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1301 },
1302 },
1303 shouldFail: true,
1304 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1305 },
1306 {
1307 name: "EmptyCertificateList",
1308 config: Config{
1309 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1310 Bugs: ProtocolBugs{
1311 EmptyCertificateList: true,
1312 },
1313 },
1314 shouldFail: true,
1315 expectedError: ":DECODE_ERROR:",
1316 },
1317 {
1318 name: "TLSFatalBadPackets",
1319 damageFirstWrite: true,
1320 shouldFail: true,
1321 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1322 },
1323 {
1324 protocol: dtls,
1325 name: "DTLSIgnoreBadPackets",
1326 damageFirstWrite: true,
1327 },
1328 {
1329 protocol: dtls,
1330 name: "DTLSIgnoreBadPackets-Async",
1331 damageFirstWrite: true,
1332 flags: []string{"-async"},
1333 },
1334 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1335 name: "AppDataBeforeHandshake",
1336 config: Config{
1337 Bugs: ProtocolBugs{
1338 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1339 },
1340 },
1341 shouldFail: true,
1342 expectedError: ":UNEXPECTED_RECORD:",
1343 },
1344 {
1345 name: "AppDataBeforeHandshake-Empty",
1346 config: Config{
1347 Bugs: ProtocolBugs{
1348 AppDataBeforeHandshake: []byte{},
1349 },
1350 },
1351 shouldFail: true,
1352 expectedError: ":UNEXPECTED_RECORD:",
1353 },
1354 {
1355 protocol: dtls,
1356 name: "AppDataBeforeHandshake-DTLS",
1357 config: Config{
1358 Bugs: ProtocolBugs{
1359 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1360 },
1361 },
1362 shouldFail: true,
1363 expectedError: ":UNEXPECTED_RECORD:",
1364 },
1365 {
1366 protocol: dtls,
1367 name: "AppDataBeforeHandshake-DTLS-Empty",
1368 config: Config{
1369 Bugs: ProtocolBugs{
1370 AppDataBeforeHandshake: []byte{},
1371 },
1372 },
1373 shouldFail: true,
1374 expectedError: ":UNEXPECTED_RECORD:",
1375 },
1376 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1377 name: "AppDataAfterChangeCipherSpec",
1378 config: Config{
1379 Bugs: ProtocolBugs{
1380 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1381 },
1382 },
1383 shouldFail: true,
1384 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
1385 },
1386 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1387 name: "AppDataAfterChangeCipherSpec-Empty",
1388 config: Config{
1389 Bugs: ProtocolBugs{
1390 AppDataAfterChangeCipherSpec: []byte{},
1391 },
1392 },
1393 shouldFail: true,
1394 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
1395 },
1396 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1397 protocol: dtls,
1398 name: "AppDataAfterChangeCipherSpec-DTLS",
1399 config: Config{
1400 Bugs: ProtocolBugs{
1401 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1402 },
1403 },
1404 // BoringSSL's DTLS implementation will drop the out-of-order
1405 // application data.
1406 },
1407 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1408 protocol: dtls,
1409 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1410 config: Config{
1411 Bugs: ProtocolBugs{
1412 AppDataAfterChangeCipherSpec: []byte{},
1413 },
1414 },
1415 // BoringSSL's DTLS implementation will drop the out-of-order
1416 // application data.
1417 },
1418 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1419 name: "AlertAfterChangeCipherSpec",
1420 config: Config{
1421 Bugs: ProtocolBugs{
1422 AlertAfterChangeCipherSpec: alertRecordOverflow,
1423 },
1424 },
1425 shouldFail: true,
1426 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1427 },
1428 {
1429 protocol: dtls,
1430 name: "AlertAfterChangeCipherSpec-DTLS",
1431 config: Config{
1432 Bugs: ProtocolBugs{
1433 AlertAfterChangeCipherSpec: alertRecordOverflow,
1434 },
1435 },
1436 shouldFail: true,
1437 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1438 },
1439 {
1440 protocol: dtls,
1441 name: "ReorderHandshakeFragments-Small-DTLS",
1442 config: Config{
1443 Bugs: ProtocolBugs{
1444 ReorderHandshakeFragments: true,
1445 // Small enough that every handshake message is
1446 // fragmented.
1447 MaxHandshakeRecordLength: 2,
1448 },
1449 },
1450 },
1451 {
1452 protocol: dtls,
1453 name: "ReorderHandshakeFragments-Large-DTLS",
1454 config: Config{
1455 Bugs: ProtocolBugs{
1456 ReorderHandshakeFragments: true,
1457 // Large enough that no handshake message is
1458 // fragmented.
1459 MaxHandshakeRecordLength: 2048,
1460 },
1461 },
1462 },
1463 {
1464 protocol: dtls,
1465 name: "MixCompleteMessageWithFragments-DTLS",
1466 config: Config{
1467 Bugs: ProtocolBugs{
1468 ReorderHandshakeFragments: true,
1469 MixCompleteMessageWithFragments: true,
1470 MaxHandshakeRecordLength: 2,
1471 },
1472 },
1473 },
1474 {
1475 name: "SendInvalidRecordType",
1476 config: Config{
1477 Bugs: ProtocolBugs{
1478 SendInvalidRecordType: true,
1479 },
1480 },
1481 shouldFail: true,
1482 expectedError: ":UNEXPECTED_RECORD:",
1483 },
1484 {
1485 protocol: dtls,
1486 name: "SendInvalidRecordType-DTLS",
1487 config: Config{
1488 Bugs: ProtocolBugs{
1489 SendInvalidRecordType: true,
1490 },
1491 },
1492 shouldFail: true,
1493 expectedError: ":UNEXPECTED_RECORD:",
1494 },
1495 {
1496 name: "FalseStart-SkipServerSecondLeg",
1497 config: Config{
1498 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1499 NextProtos: []string{"foo"},
1500 Bugs: ProtocolBugs{
1501 SkipNewSessionTicket: true,
1502 SkipChangeCipherSpec: true,
1503 SkipFinished: true,
1504 ExpectFalseStart: true,
1505 },
1506 },
1507 flags: []string{
1508 "-false-start",
1509 "-handshake-never-done",
1510 "-advertise-alpn", "\x03foo",
1511 },
1512 shimWritesFirst: true,
1513 shouldFail: true,
1514 expectedError: ":UNEXPECTED_RECORD:",
1515 },
1516 {
1517 name: "FalseStart-SkipServerSecondLeg-Implicit",
1518 config: Config{
1519 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1520 NextProtos: []string{"foo"},
1521 Bugs: ProtocolBugs{
1522 SkipNewSessionTicket: true,
1523 SkipChangeCipherSpec: true,
1524 SkipFinished: true,
1525 },
1526 },
1527 flags: []string{
1528 "-implicit-handshake",
1529 "-false-start",
1530 "-handshake-never-done",
1531 "-advertise-alpn", "\x03foo",
1532 },
1533 shouldFail: true,
1534 expectedError: ":UNEXPECTED_RECORD:",
1535 },
1536 {
1537 testType: serverTest,
1538 name: "FailEarlyCallback",
1539 flags: []string{"-fail-early-callback"},
1540 shouldFail: true,
1541 expectedError: ":CONNECTION_REJECTED:",
1542 expectedLocalError: "remote error: access denied",
1543 },
1544 {
1545 name: "WrongMessageType",
1546 config: Config{
1547 Bugs: ProtocolBugs{
1548 WrongCertificateMessageType: true,
1549 },
1550 },
1551 shouldFail: true,
1552 expectedError: ":UNEXPECTED_MESSAGE:",
1553 expectedLocalError: "remote error: unexpected message",
1554 },
1555 {
1556 protocol: dtls,
1557 name: "WrongMessageType-DTLS",
1558 config: Config{
1559 Bugs: ProtocolBugs{
1560 WrongCertificateMessageType: true,
1561 },
1562 },
1563 shouldFail: true,
1564 expectedError: ":UNEXPECTED_MESSAGE:",
1565 expectedLocalError: "remote error: unexpected message",
1566 },
1567 {
1568 protocol: dtls,
1569 name: "FragmentMessageTypeMismatch-DTLS",
1570 config: Config{
1571 Bugs: ProtocolBugs{
1572 MaxHandshakeRecordLength: 2,
1573 FragmentMessageTypeMismatch: true,
1574 },
1575 },
1576 shouldFail: true,
1577 expectedError: ":FRAGMENT_MISMATCH:",
1578 },
1579 {
1580 protocol: dtls,
1581 name: "FragmentMessageLengthMismatch-DTLS",
1582 config: Config{
1583 Bugs: ProtocolBugs{
1584 MaxHandshakeRecordLength: 2,
1585 FragmentMessageLengthMismatch: true,
1586 },
1587 },
1588 shouldFail: true,
1589 expectedError: ":FRAGMENT_MISMATCH:",
1590 },
1591 {
1592 protocol: dtls,
1593 name: "SplitFragments-Header-DTLS",
1594 config: Config{
1595 Bugs: ProtocolBugs{
1596 SplitFragments: 2,
1597 },
1598 },
1599 shouldFail: true,
1600 expectedError: ":UNEXPECTED_MESSAGE:",
1601 },
1602 {
1603 protocol: dtls,
1604 name: "SplitFragments-Boundary-DTLS",
1605 config: Config{
1606 Bugs: ProtocolBugs{
1607 SplitFragments: dtlsRecordHeaderLen,
1608 },
1609 },
1610 shouldFail: true,
1611 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1612 },
1613 {
1614 protocol: dtls,
1615 name: "SplitFragments-Body-DTLS",
1616 config: Config{
1617 Bugs: ProtocolBugs{
1618 SplitFragments: dtlsRecordHeaderLen + 1,
1619 },
1620 },
1621 shouldFail: true,
1622 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1623 },
1624 {
1625 protocol: dtls,
1626 name: "SendEmptyFragments-DTLS",
1627 config: Config{
1628 Bugs: ProtocolBugs{
1629 SendEmptyFragments: true,
1630 },
1631 },
1632 },
1633 {
1634 name: "UnsupportedCipherSuite",
1635 config: Config{
1636 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1637 Bugs: ProtocolBugs{
1638 IgnorePeerCipherPreferences: true,
1639 },
1640 },
1641 flags: []string{"-cipher", "DEFAULT:!RC4"},
1642 shouldFail: true,
1643 expectedError: ":WRONG_CIPHER_RETURNED:",
1644 },
1645 {
1646 name: "UnsupportedCurve",
1647 config: Config{
1648 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1649 // BoringSSL implements P-224 but doesn't enable it by
1650 // default.
1651 CurvePreferences: []CurveID{CurveP224},
1652 Bugs: ProtocolBugs{
1653 IgnorePeerCurvePreferences: true,
1654 },
1655 },
1656 shouldFail: true,
1657 expectedError: ":WRONG_CURVE:",
1658 },
1659 {
1660 name: "BadFinished",
1661 config: Config{
1662 Bugs: ProtocolBugs{
1663 BadFinished: true,
1664 },
1665 },
1666 shouldFail: true,
1667 expectedError: ":DIGEST_CHECK_FAILED:",
1668 },
1669 {
1670 name: "FalseStart-BadFinished",
1671 config: Config{
1672 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1673 NextProtos: []string{"foo"},
1674 Bugs: ProtocolBugs{
1675 BadFinished: true,
1676 ExpectFalseStart: true,
1677 },
1678 },
1679 flags: []string{
1680 "-false-start",
1681 "-handshake-never-done",
1682 "-advertise-alpn", "\x03foo",
1683 },
1684 shimWritesFirst: true,
1685 shouldFail: true,
1686 expectedError: ":DIGEST_CHECK_FAILED:",
1687 },
1688 {
1689 name: "NoFalseStart-NoALPN",
1690 config: Config{
1691 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1692 Bugs: ProtocolBugs{
1693 ExpectFalseStart: true,
1694 AlertBeforeFalseStartTest: alertAccessDenied,
1695 },
1696 },
1697 flags: []string{
1698 "-false-start",
1699 },
1700 shimWritesFirst: true,
1701 shouldFail: true,
1702 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1703 expectedLocalError: "tls: peer did not false start: EOF",
1704 },
1705 {
1706 name: "NoFalseStart-NoAEAD",
1707 config: Config{
1708 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1709 NextProtos: []string{"foo"},
1710 Bugs: ProtocolBugs{
1711 ExpectFalseStart: true,
1712 AlertBeforeFalseStartTest: alertAccessDenied,
1713 },
1714 },
1715 flags: []string{
1716 "-false-start",
1717 "-advertise-alpn", "\x03foo",
1718 },
1719 shimWritesFirst: true,
1720 shouldFail: true,
1721 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1722 expectedLocalError: "tls: peer did not false start: EOF",
1723 },
1724 {
1725 name: "NoFalseStart-RSA",
1726 config: Config{
1727 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1728 NextProtos: []string{"foo"},
1729 Bugs: ProtocolBugs{
1730 ExpectFalseStart: true,
1731 AlertBeforeFalseStartTest: alertAccessDenied,
1732 },
1733 },
1734 flags: []string{
1735 "-false-start",
1736 "-advertise-alpn", "\x03foo",
1737 },
1738 shimWritesFirst: true,
1739 shouldFail: true,
1740 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1741 expectedLocalError: "tls: peer did not false start: EOF",
1742 },
1743 {
1744 name: "NoFalseStart-DHE_RSA",
1745 config: Config{
1746 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1747 NextProtos: []string{"foo"},
1748 Bugs: ProtocolBugs{
1749 ExpectFalseStart: true,
1750 AlertBeforeFalseStartTest: alertAccessDenied,
1751 },
1752 },
1753 flags: []string{
1754 "-false-start",
1755 "-advertise-alpn", "\x03foo",
1756 },
1757 shimWritesFirst: true,
1758 shouldFail: true,
1759 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1760 expectedLocalError: "tls: peer did not false start: EOF",
1761 },
1762 {
1763 testType: serverTest,
1764 name: "NoSupportedCurves",
1765 config: Config{
1766 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1767 Bugs: ProtocolBugs{
1768 NoSupportedCurves: true,
1769 },
1770 },
1771 },
1772 {
1773 testType: serverTest,
1774 name: "NoCommonCurves",
1775 config: Config{
1776 CipherSuites: []uint16{
1777 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1778 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1779 },
1780 CurvePreferences: []CurveID{CurveP224},
1781 },
1782 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1783 },
1784 {
1785 protocol: dtls,
1786 name: "SendSplitAlert-Sync",
1787 config: Config{
1788 Bugs: ProtocolBugs{
1789 SendSplitAlert: true,
1790 },
1791 },
1792 },
1793 {
1794 protocol: dtls,
1795 name: "SendSplitAlert-Async",
1796 config: Config{
1797 Bugs: ProtocolBugs{
1798 SendSplitAlert: true,
1799 },
1800 },
1801 flags: []string{"-async"},
1802 },
1803 {
1804 protocol: dtls,
1805 name: "PackDTLSHandshake",
1806 config: Config{
1807 Bugs: ProtocolBugs{
1808 MaxHandshakeRecordLength: 2,
1809 PackHandshakeFragments: 20,
1810 PackHandshakeRecords: 200,
1811 },
1812 },
1813 },
1814 {
1815 testType: serverTest,
1816 protocol: dtls,
1817 name: "NoRC4-DTLS",
1818 config: Config{
1819 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1820 Bugs: ProtocolBugs{
1821 EnableAllCiphersInDTLS: true,
1822 },
1823 },
1824 shouldFail: true,
1825 expectedError: ":NO_SHARED_CIPHER:",
1826 },
1827 {
1828 name: "SendEmptyRecords-Pass",
1829 sendEmptyRecords: 32,
1830 },
1831 {
1832 name: "SendEmptyRecords",
1833 sendEmptyRecords: 33,
1834 shouldFail: true,
1835 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1836 },
1837 {
1838 name: "SendEmptyRecords-Async",
1839 sendEmptyRecords: 33,
1840 flags: []string{"-async"},
1841 shouldFail: true,
1842 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1843 },
1844 {
1845 name: "SendWarningAlerts-Pass",
1846 sendWarningAlerts: 4,
1847 },
1848 {
1849 protocol: dtls,
1850 name: "SendWarningAlerts-DTLS-Pass",
1851 sendWarningAlerts: 4,
1852 },
1853 {
1854 name: "SendWarningAlerts",
1855 sendWarningAlerts: 5,
1856 shouldFail: true,
1857 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1858 },
1859 {
1860 name: "SendWarningAlerts-Async",
1861 sendWarningAlerts: 5,
1862 flags: []string{"-async"},
1863 shouldFail: true,
1864 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1865 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1866 {
1867 name: "EmptySessionID",
1868 config: Config{
1869 SessionTicketsDisabled: true,
1870 },
1871 noSessionCache: true,
1872 flags: []string{"-expect-no-session"},
1873 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1874 {
1875 name: "Unclean-Shutdown",
1876 config: Config{
1877 Bugs: ProtocolBugs{
1878 NoCloseNotify: true,
1879 ExpectCloseNotify: true,
1880 },
1881 },
1882 shimShutsDown: true,
1883 flags: []string{"-check-close-notify"},
1884 shouldFail: true,
1885 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1886 },
1887 {
1888 name: "Unclean-Shutdown-Ignored",
1889 config: Config{
1890 Bugs: ProtocolBugs{
1891 NoCloseNotify: true,
1892 },
1893 },
1894 shimShutsDown: true,
1895 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]1896 {
1897 name: "LargePlaintext",
1898 config: Config{
1899 Bugs: ProtocolBugs{
1900 SendLargeRecords: true,
1901 },
1902 },
1903 messageLen: maxPlaintext + 1,
1904 shouldFail: true,
1905 expectedError: ":DATA_LENGTH_TOO_LONG:",
1906 },
1907 {
1908 protocol: dtls,
1909 name: "LargePlaintext-DTLS",
1910 config: Config{
1911 Bugs: ProtocolBugs{
1912 SendLargeRecords: true,
1913 },
1914 },
1915 messageLen: maxPlaintext + 1,
1916 shouldFail: true,
1917 expectedError: ":DATA_LENGTH_TOO_LONG:",
1918 },
1919 {
1920 name: "LargeCiphertext",
1921 config: Config{
1922 Bugs: ProtocolBugs{
1923 SendLargeRecords: true,
1924 },
1925 },
1926 messageLen: maxPlaintext * 2,
1927 shouldFail: true,
1928 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
1929 },
1930 {
1931 protocol: dtls,
1932 name: "LargeCiphertext-DTLS",
1933 config: Config{
1934 Bugs: ProtocolBugs{
1935 SendLargeRecords: true,
1936 },
1937 },
1938 messageLen: maxPlaintext * 2,
1939 // Unlike the other four cases, DTLS drops records which
1940 // are invalid before authentication, so the connection
1941 // does not fail.
1942 expectMessageDropped: true,
1943 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1944 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1945 testCases = append(testCases, basicTests...)
1946}
1947
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1948func addCipherSuiteTests() {
1949 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1950 const psk = "12345"
1951 const pskIdentity = "luggage combo"
1952
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1953 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1954 var certFile string
1955 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1956 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1957 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1958 certFile = ecdsaCertificateFile
1959 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1960 } else {
1961 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1962 certFile = rsaCertificateFile
1963 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1964 }
1965
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1966 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1967 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1968 flags = append(flags,
1969 "-psk", psk,
1970 "-psk-identity", pskIdentity)
1971 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1972 if hasComponent(suite.name, "NULL") {
1973 // NULL ciphers must be explicitly enabled.
1974 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
1975 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1976
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1977 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1978 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1979 continue
1980 }
1981
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1982 testCases = append(testCases, testCase{
1983 testType: clientTest,
1984 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1985 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1986 MinVersion: ver.version,
1987 MaxVersion: ver.version,
1988 CipherSuites: []uint16{suite.id},
1989 Certificates: []Certificate{cert},
David Benjamin68793732015-05-04 20:20:48 -0400[diff] [blame]1990 PreSharedKey: []byte(psk),
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1991 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1992 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1993 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1994 resumeSession: true,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1995 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1996
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1997 testCases = append(testCases, testCase{
1998 testType: serverTest,
1999 name: ver.name + "-" + suite.name + "-server",
2000 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2001 MinVersion: ver.version,
2002 MaxVersion: ver.version,
2003 CipherSuites: []uint16{suite.id},
2004 Certificates: []Certificate{cert},
2005 PreSharedKey: []byte(psk),
2006 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2007 },
2008 certFile: certFile,
2009 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2010 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2011 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2012 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2013
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2014 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2015 testCases = append(testCases, testCase{
2016 testType: clientTest,
2017 protocol: dtls,
2018 name: "D" + ver.name + "-" + suite.name + "-client",
2019 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2020 MinVersion: ver.version,
2021 MaxVersion: ver.version,
2022 CipherSuites: []uint16{suite.id},
2023 Certificates: []Certificate{cert},
2024 PreSharedKey: []byte(psk),
2025 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2026 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2027 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2028 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2029 })
2030 testCases = append(testCases, testCase{
2031 testType: serverTest,
2032 protocol: dtls,
2033 name: "D" + ver.name + "-" + suite.name + "-server",
2034 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2035 MinVersion: ver.version,
2036 MaxVersion: ver.version,
2037 CipherSuites: []uint16{suite.id},
2038 Certificates: []Certificate{cert},
2039 PreSharedKey: []byte(psk),
2040 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2041 },
2042 certFile: certFile,
2043 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2044 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2045 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2046 })
2047 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2048 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2049
2050 // Ensure both TLS and DTLS accept their maximum record sizes.
2051 testCases = append(testCases, testCase{
2052 name: suite.name + "-LargeRecord",
2053 config: Config{
2054 CipherSuites: []uint16{suite.id},
2055 Certificates: []Certificate{cert},
2056 PreSharedKey: []byte(psk),
2057 PreSharedKeyIdentity: pskIdentity,
2058 },
2059 flags: flags,
2060 messageLen: maxPlaintext,
2061 })
2062 testCases = append(testCases, testCase{
2063 name: suite.name + "-LargeRecord-Extra",
2064 config: Config{
2065 CipherSuites: []uint16{suite.id},
2066 Certificates: []Certificate{cert},
2067 PreSharedKey: []byte(psk),
2068 PreSharedKeyIdentity: pskIdentity,
2069 Bugs: ProtocolBugs{
2070 SendLargeRecords: true,
2071 },
2072 },
2073 flags: append(flags, "-microsoft-big-sslv3-buffer"),
2074 messageLen: maxPlaintext + 16384,
2075 })
2076 if isDTLSCipher(suite.name) {
2077 testCases = append(testCases, testCase{
2078 protocol: dtls,
2079 name: suite.name + "-LargeRecord-DTLS",
2080 config: Config{
2081 CipherSuites: []uint16{suite.id},
2082 Certificates: []Certificate{cert},
2083 PreSharedKey: []byte(psk),
2084 PreSharedKeyIdentity: pskIdentity,
2085 },
2086 flags: flags,
2087 messageLen: maxPlaintext,
2088 })
2089 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2090 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2091
2092 testCases = append(testCases, testCase{
2093 name: "WeakDH",
2094 config: Config{
2095 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2096 Bugs: ProtocolBugs{
2097 // This is a 1023-bit prime number, generated
2098 // with:
2099 // openssl gendh 1023 | openssl asn1parse -i
2100 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2101 },
2102 },
2103 shouldFail: true,
2104 expectedError: "BAD_DH_P_LENGTH",
2105 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2106
2107 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2108 // 1.1 specific cipher suite settings. A server is setup with the given
2109 // cipher lists and then a connection is made for each member of
2110 // expectations. The cipher suite that the server selects must match
2111 // the specified one.
2112 var versionSpecificCiphersTest = []struct {
2113 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2114 // expectations is a map from TLS version to cipher suite id.
2115 expectations map[uint16]uint16
2116 }{
2117 {
2118 // Test that the null case (where no version-specific ciphers are set)
2119 // works as expected.
2120 "RC4-SHA:AES128-SHA", // default ciphers
2121 "", // no ciphers specifically for TLS ≥ 1.0
2122 "", // no ciphers specifically for TLS ≥ 1.1
2123 map[uint16]uint16{
2124 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2125 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2126 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2127 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2128 },
2129 },
2130 {
2131 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2132 // cipher.
2133 "RC4-SHA:AES128-SHA", // default
2134 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2135 "", // no ciphers specifically for TLS ≥ 1.1
2136 map[uint16]uint16{
2137 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2138 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2139 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2140 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2141 },
2142 },
2143 {
2144 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2145 // cipher.
2146 "RC4-SHA:AES128-SHA", // default
2147 "", // no ciphers specifically for TLS ≥ 1.0
2148 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2149 map[uint16]uint16{
2150 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2151 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2152 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2153 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2154 },
2155 },
2156 {
2157 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2158 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2159 "RC4-SHA:AES128-SHA", // default
2160 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2161 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2162 map[uint16]uint16{
2163 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2164 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2165 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2166 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2167 },
2168 },
2169 }
2170
2171 for i, test := range versionSpecificCiphersTest {
2172 for version, expectedCipherSuite := range test.expectations {
2173 flags := []string{"-cipher", test.ciphersDefault}
2174 if len(test.ciphersTLS10) > 0 {
2175 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2176 }
2177 if len(test.ciphersTLS11) > 0 {
2178 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2179 }
2180
2181 testCases = append(testCases, testCase{
2182 testType: serverTest,
2183 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2184 config: Config{
2185 MaxVersion: version,
2186 MinVersion: version,
2187 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2188 },
2189 flags: flags,
2190 expectedCipher: expectedCipherSuite,
2191 })
2192 }
2193 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2194}
2195
2196func addBadECDSASignatureTests() {
2197 for badR := BadValue(1); badR < NumBadValues; badR++ {
2198 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2199 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2200 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2201 config: Config{
2202 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2203 Certificates: []Certificate{getECDSACertificate()},
2204 Bugs: ProtocolBugs{
2205 BadECDSAR: badR,
2206 BadECDSAS: badS,
2207 },
2208 },
2209 shouldFail: true,
2210 expectedError: "SIGNATURE",
2211 })
2212 }
2213 }
2214}
2215
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2216func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2217 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2218 name: "MaxCBCPadding",
2219 config: Config{
2220 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2221 Bugs: ProtocolBugs{
2222 MaxPadding: true,
2223 },
2224 },
2225 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2226 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2227 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2228 name: "BadCBCPadding",
2229 config: Config{
2230 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2231 Bugs: ProtocolBugs{
2232 PaddingFirstByteBad: true,
2233 },
2234 },
2235 shouldFail: true,
2236 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2237 })
2238 // OpenSSL previously had an issue where the first byte of padding in
2239 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2240 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2241 name: "BadCBCPadding255",
2242 config: Config{
2243 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2244 Bugs: ProtocolBugs{
2245 MaxPadding: true,
2246 PaddingFirstByteBadIf255: true,
2247 },
2248 },
2249 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2250 shouldFail: true,
2251 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2252 })
2253}
2254
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2255func addCBCSplittingTests() {
2256 testCases = append(testCases, testCase{
2257 name: "CBCRecordSplitting",
2258 config: Config{
2259 MaxVersion: VersionTLS10,
2260 MinVersion: VersionTLS10,
2261 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2262 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2263 messageLen: -1, // read until EOF
2264 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2265 flags: []string{
2266 "-async",
2267 "-write-different-record-sizes",
2268 "-cbc-record-splitting",
2269 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2270 })
2271 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2272 name: "CBCRecordSplittingPartialWrite",
2273 config: Config{
2274 MaxVersion: VersionTLS10,
2275 MinVersion: VersionTLS10,
2276 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2277 },
2278 messageLen: -1, // read until EOF
2279 flags: []string{
2280 "-async",
2281 "-write-different-record-sizes",
2282 "-cbc-record-splitting",
2283 "-partial-write",
2284 },
2285 })
2286}
2287
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2288func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2289 // Add a dummy cert pool to stress certificate authority parsing.
2290 // TODO(davidben): Add tests that those values parse out correctly.
2291 certPool := x509.NewCertPool()
2292 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2293 if err != nil {
2294 panic(err)
2295 }
2296 certPool.AddCert(cert)
2297
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2298 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2299 testCases = append(testCases, testCase{
2300 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2301 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2302 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2303 MinVersion: ver.version,
2304 MaxVersion: ver.version,
2305 ClientAuth: RequireAnyClientCert,
2306 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2307 },
2308 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2309 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2310 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2311 },
2312 })
2313 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2314 testType: serverTest,
2315 name: ver.name + "-Server-ClientAuth-RSA",
2316 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2317 MinVersion: ver.version,
2318 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2319 Certificates: []Certificate{rsaCertificate},
2320 },
2321 flags: []string{"-require-any-client-certificate"},
2322 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2323 if ver.version != VersionSSL30 {
2324 testCases = append(testCases, testCase{
2325 testType: serverTest,
2326 name: ver.name + "-Server-ClientAuth-ECDSA",
2327 config: Config{
2328 MinVersion: ver.version,
2329 MaxVersion: ver.version,
2330 Certificates: []Certificate{ecdsaCertificate},
2331 },
2332 flags: []string{"-require-any-client-certificate"},
2333 })
2334 testCases = append(testCases, testCase{
2335 testType: clientTest,
2336 name: ver.name + "-Client-ClientAuth-ECDSA",
2337 config: Config{
2338 MinVersion: ver.version,
2339 MaxVersion: ver.version,
2340 ClientAuth: RequireAnyClientCert,
2341 ClientCAs: certPool,
2342 },
2343 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2344 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2345 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2346 },
2347 })
2348 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2349 }
2350}
2351
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2352func addExtendedMasterSecretTests() {
2353 const expectEMSFlag = "-expect-extended-master-secret"
2354
2355 for _, with := range []bool{false, true} {
2356 prefix := "No"
2357 var flags []string
2358 if with {
2359 prefix = ""
2360 flags = []string{expectEMSFlag}
2361 }
2362
2363 for _, isClient := range []bool{false, true} {
2364 suffix := "-Server"
2365 testType := serverTest
2366 if isClient {
2367 suffix = "-Client"
2368 testType = clientTest
2369 }
2370
2371 for _, ver := range tlsVersions {
2372 test := testCase{
2373 testType: testType,
2374 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2375 config: Config{
2376 MinVersion: ver.version,
2377 MaxVersion: ver.version,
2378 Bugs: ProtocolBugs{
2379 NoExtendedMasterSecret: !with,
2380 RequireExtendedMasterSecret: with,
2381 },
2382 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2383 flags: flags,
2384 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2385 }
2386 if test.shouldFail {
2387 test.expectedLocalError = "extended master secret required but not supported by peer"
2388 }
2389 testCases = append(testCases, test)
2390 }
2391 }
2392 }
2393
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2394 for _, isClient := range []bool{false, true} {
2395 for _, supportedInFirstConnection := range []bool{false, true} {
2396 for _, supportedInResumeConnection := range []bool{false, true} {
2397 boolToWord := func(b bool) string {
2398 if b {
2399 return "Yes"
2400 }
2401 return "No"
2402 }
2403 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2404 if isClient {
2405 suffix += "Client"
2406 } else {
2407 suffix += "Server"
2408 }
2409
2410 supportedConfig := Config{
2411 Bugs: ProtocolBugs{
2412 RequireExtendedMasterSecret: true,
2413 },
2414 }
2415
2416 noSupportConfig := Config{
2417 Bugs: ProtocolBugs{
2418 NoExtendedMasterSecret: true,
2419 },
2420 }
2421
2422 test := testCase{
2423 name: "ExtendedMasterSecret-" + suffix,
2424 resumeSession: true,
2425 }
2426
2427 if !isClient {
2428 test.testType = serverTest
2429 }
2430
2431 if supportedInFirstConnection {
2432 test.config = supportedConfig
2433 } else {
2434 test.config = noSupportConfig
2435 }
2436
2437 if supportedInResumeConnection {
2438 test.resumeConfig = &supportedConfig
2439 } else {
2440 test.resumeConfig = &noSupportConfig
2441 }
2442
2443 switch suffix {
2444 case "YesToYes-Client", "YesToYes-Server":
2445 // When a session is resumed, it should
2446 // still be aware that its master
2447 // secret was generated via EMS and
2448 // thus it's safe to use tls-unique.
2449 test.flags = []string{expectEMSFlag}
2450 case "NoToYes-Server":
2451 // If an original connection did not
2452 // contain EMS, but a resumption
2453 // handshake does, then a server should
2454 // not resume the session.
2455 test.expectResumeRejected = true
2456 case "YesToNo-Server":
2457 // Resuming an EMS session without the
2458 // EMS extension should cause the
2459 // server to abort the connection.
2460 test.shouldFail = true
2461 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2462 case "NoToYes-Client":
2463 // A client should abort a connection
2464 // where the server resumed a non-EMS
2465 // session but echoed the EMS
2466 // extension.
2467 test.shouldFail = true
2468 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2469 case "YesToNo-Client":
2470 // A client should abort a connection
2471 // where the server didn't echo EMS
2472 // when the session used it.
2473 test.shouldFail = true
2474 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2475 }
2476
2477 testCases = append(testCases, test)
2478 }
2479 }
2480 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2481}
2482
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2483// Adds tests that try to cover the range of the handshake state machine, under
2484// various conditions. Some of these are redundant with other tests, but they
2485// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2486func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2487 var tests []testCase
2488
2489 // Basic handshake, with resumption. Client and server,
2490 // session ID and session ticket.
2491 tests = append(tests, testCase{
2492 name: "Basic-Client",
2493 resumeSession: true,
2494 })
2495 tests = append(tests, testCase{
2496 name: "Basic-Client-RenewTicket",
2497 config: Config{
2498 Bugs: ProtocolBugs{
2499 RenewTicketOnResume: true,
2500 },
2501 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2502 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2503 resumeSession: true,
2504 })
2505 tests = append(tests, testCase{
2506 name: "Basic-Client-NoTicket",
2507 config: Config{
2508 SessionTicketsDisabled: true,
2509 },
2510 resumeSession: true,
2511 })
2512 tests = append(tests, testCase{
2513 name: "Basic-Client-Implicit",
2514 flags: []string{"-implicit-handshake"},
2515 resumeSession: true,
2516 })
2517 tests = append(tests, testCase{
2518 testType: serverTest,
2519 name: "Basic-Server",
2520 resumeSession: true,
2521 })
2522 tests = append(tests, testCase{
2523 testType: serverTest,
2524 name: "Basic-Server-NoTickets",
2525 config: Config{
2526 SessionTicketsDisabled: true,
2527 },
2528 resumeSession: true,
2529 })
2530 tests = append(tests, testCase{
2531 testType: serverTest,
2532 name: "Basic-Server-Implicit",
2533 flags: []string{"-implicit-handshake"},
2534 resumeSession: true,
2535 })
2536 tests = append(tests, testCase{
2537 testType: serverTest,
2538 name: "Basic-Server-EarlyCallback",
2539 flags: []string{"-use-early-callback"},
2540 resumeSession: true,
2541 })
2542
2543 // TLS client auth.
2544 tests = append(tests, testCase{
2545 testType: clientTest,
2546 name: "ClientAuth-Client",
2547 config: Config{
2548 ClientAuth: RequireAnyClientCert,
2549 },
2550 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2551 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2552 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2553 },
2554 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2555 if async {
2556 tests = append(tests, testCase{
2557 testType: clientTest,
2558 name: "ClientAuth-Client-AsyncKey",
2559 config: Config{
2560 ClientAuth: RequireAnyClientCert,
2561 },
2562 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2563 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2564 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2565 "-use-async-private-key",
2566 },
2567 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2568 tests = append(tests, testCase{
2569 testType: serverTest,
2570 name: "Basic-Server-RSAAsyncKey",
2571 flags: []string{
2572 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2573 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2574 "-use-async-private-key",
2575 },
2576 })
2577 tests = append(tests, testCase{
2578 testType: serverTest,
2579 name: "Basic-Server-ECDSAAsyncKey",
2580 flags: []string{
2581 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2582 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2583 "-use-async-private-key",
2584 },
2585 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2586 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2587 tests = append(tests, testCase{
2588 testType: serverTest,
2589 name: "ClientAuth-Server",
2590 config: Config{
2591 Certificates: []Certificate{rsaCertificate},
2592 },
2593 flags: []string{"-require-any-client-certificate"},
2594 })
2595
2596 // No session ticket support; server doesn't send NewSessionTicket.
2597 tests = append(tests, testCase{
2598 name: "SessionTicketsDisabled-Client",
2599 config: Config{
2600 SessionTicketsDisabled: true,
2601 },
2602 })
2603 tests = append(tests, testCase{
2604 testType: serverTest,
2605 name: "SessionTicketsDisabled-Server",
2606 config: Config{
2607 SessionTicketsDisabled: true,
2608 },
2609 })
2610
2611 // Skip ServerKeyExchange in PSK key exchange if there's no
2612 // identity hint.
2613 tests = append(tests, testCase{
2614 name: "EmptyPSKHint-Client",
2615 config: Config{
2616 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2617 PreSharedKey: []byte("secret"),
2618 },
2619 flags: []string{"-psk", "secret"},
2620 })
2621 tests = append(tests, testCase{
2622 testType: serverTest,
2623 name: "EmptyPSKHint-Server",
2624 config: Config{
2625 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2626 PreSharedKey: []byte("secret"),
2627 },
2628 flags: []string{"-psk", "secret"},
2629 })
2630
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2631 tests = append(tests, testCase{
2632 testType: clientTest,
2633 name: "OCSPStapling-Client",
2634 flags: []string{
2635 "-enable-ocsp-stapling",
2636 "-expect-ocsp-response",
2637 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2638 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2639 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2640 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2641 })
2642
2643 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2644 testType: serverTest,
2645 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2646 expectedOCSPResponse: testOCSPResponse,
2647 flags: []string{
2648 "-ocsp-response",
2649 base64.StdEncoding.EncodeToString(testOCSPResponse),
2650 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2651 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2652 })
2653
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2654 tests = append(tests, testCase{
2655 testType: clientTest,
2656 name: "CertificateVerificationSucceed",
2657 flags: []string{
2658 "-verify-peer",
2659 },
2660 })
2661
2662 tests = append(tests, testCase{
2663 testType: clientTest,
2664 name: "CertificateVerificationFail",
2665 flags: []string{
2666 "-verify-fail",
2667 "-verify-peer",
2668 },
2669 shouldFail: true,
2670 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
2671 })
2672
2673 tests = append(tests, testCase{
2674 testType: clientTest,
2675 name: "CertificateVerificationSoftFail",
2676 flags: []string{
2677 "-verify-fail",
2678 "-expect-verify-result",
2679 },
2680 })
2681
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2682 if protocol == tls {
2683 tests = append(tests, testCase{
2684 name: "Renegotiate-Client",
2685 renegotiate: true,
2686 })
2687 // NPN on client and server; results in post-handshake message.
2688 tests = append(tests, testCase{
2689 name: "NPN-Client",
2690 config: Config{
2691 NextProtos: []string{"foo"},
2692 },
2693 flags: []string{"-select-next-proto", "foo"},
2694 expectedNextProto: "foo",
2695 expectedNextProtoType: npn,
2696 })
2697 tests = append(tests, testCase{
2698 testType: serverTest,
2699 name: "NPN-Server",
2700 config: Config{
2701 NextProtos: []string{"bar"},
2702 },
2703 flags: []string{
2704 "-advertise-npn", "\x03foo\x03bar\x03baz",
2705 "-expect-next-proto", "bar",
2706 },
2707 expectedNextProto: "bar",
2708 expectedNextProtoType: npn,
2709 })
2710
2711 // TODO(davidben): Add tests for when False Start doesn't trigger.
2712
2713 // Client does False Start and negotiates NPN.
2714 tests = append(tests, testCase{
2715 name: "FalseStart",
2716 config: Config{
2717 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2718 NextProtos: []string{"foo"},
2719 Bugs: ProtocolBugs{
2720 ExpectFalseStart: true,
2721 },
2722 },
2723 flags: []string{
2724 "-false-start",
2725 "-select-next-proto", "foo",
2726 },
2727 shimWritesFirst: true,
2728 resumeSession: true,
2729 })
2730
2731 // Client does False Start and negotiates ALPN.
2732 tests = append(tests, testCase{
2733 name: "FalseStart-ALPN",
2734 config: Config{
2735 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2736 NextProtos: []string{"foo"},
2737 Bugs: ProtocolBugs{
2738 ExpectFalseStart: true,
2739 },
2740 },
2741 flags: []string{
2742 "-false-start",
2743 "-advertise-alpn", "\x03foo",
2744 },
2745 shimWritesFirst: true,
2746 resumeSession: true,
2747 })
2748
2749 // Client does False Start but doesn't explicitly call
2750 // SSL_connect.
2751 tests = append(tests, testCase{
2752 name: "FalseStart-Implicit",
2753 config: Config{
2754 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2755 NextProtos: []string{"foo"},
2756 },
2757 flags: []string{
2758 "-implicit-handshake",
2759 "-false-start",
2760 "-advertise-alpn", "\x03foo",
2761 },
2762 })
2763
2764 // False Start without session tickets.
2765 tests = append(tests, testCase{
2766 name: "FalseStart-SessionTicketsDisabled",
2767 config: Config{
2768 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2769 NextProtos: []string{"foo"},
2770 SessionTicketsDisabled: true,
2771 Bugs: ProtocolBugs{
2772 ExpectFalseStart: true,
2773 },
2774 },
2775 flags: []string{
2776 "-false-start",
2777 "-select-next-proto", "foo",
2778 },
2779 shimWritesFirst: true,
2780 })
2781
2782 // Server parses a V2ClientHello.
2783 tests = append(tests, testCase{
2784 testType: serverTest,
2785 name: "SendV2ClientHello",
2786 config: Config{
2787 // Choose a cipher suite that does not involve
2788 // elliptic curves, so no extensions are
2789 // involved.
2790 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2791 Bugs: ProtocolBugs{
2792 SendV2ClientHello: true,
2793 },
2794 },
2795 })
2796
2797 // Client sends a Channel ID.
2798 tests = append(tests, testCase{
2799 name: "ChannelID-Client",
2800 config: Config{
2801 RequestChannelID: true,
2802 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2803 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2804 resumeSession: true,
2805 expectChannelID: true,
2806 })
2807
2808 // Server accepts a Channel ID.
2809 tests = append(tests, testCase{
2810 testType: serverTest,
2811 name: "ChannelID-Server",
2812 config: Config{
2813 ChannelID: channelIDKey,
2814 },
2815 flags: []string{
2816 "-expect-channel-id",
2817 base64.StdEncoding.EncodeToString(channelIDBytes),
2818 },
2819 resumeSession: true,
2820 expectChannelID: true,
2821 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2822
2823 // Bidirectional shutdown with the runner initiating.
2824 tests = append(tests, testCase{
2825 name: "Shutdown-Runner",
2826 config: Config{
2827 Bugs: ProtocolBugs{
2828 ExpectCloseNotify: true,
2829 },
2830 },
2831 flags: []string{"-check-close-notify"},
2832 })
2833
2834 // Bidirectional shutdown with the shim initiating. The runner,
2835 // in the meantime, sends garbage before the close_notify which
2836 // the shim must ignore.
2837 tests = append(tests, testCase{
2838 name: "Shutdown-Shim",
2839 config: Config{
2840 Bugs: ProtocolBugs{
2841 ExpectCloseNotify: true,
2842 },
2843 },
2844 shimShutsDown: true,
2845 sendEmptyRecords: 1,
2846 sendWarningAlerts: 1,
2847 flags: []string{"-check-close-notify"},
2848 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2849 } else {
2850 tests = append(tests, testCase{
2851 name: "SkipHelloVerifyRequest",
2852 config: Config{
2853 Bugs: ProtocolBugs{
2854 SkipHelloVerifyRequest: true,
2855 },
2856 },
2857 })
2858 }
2859
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2860 var suffix string
2861 var flags []string
2862 var maxHandshakeRecordLength int
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2863 if protocol == dtls {
2864 suffix = "-DTLS"
2865 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2866 if async {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2867 suffix += "-Async"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2868 flags = append(flags, "-async")
2869 } else {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2870 suffix += "-Sync"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2871 }
2872 if splitHandshake {
2873 suffix += "-SplitHandshakeRecords"
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]2874 maxHandshakeRecordLength = 1
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2875 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2876 for _, test := range tests {
2877 test.protocol = protocol
2878 test.name += suffix
2879 test.config.Bugs.MaxHandshakeRecordLength = maxHandshakeRecordLength
2880 test.flags = append(test.flags, flags...)
2881 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2882 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2883}
2884
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]2885func addDDoSCallbackTests() {
2886 // DDoS callback.
2887
2888 for _, resume := range []bool{false, true} {
2889 suffix := "Resume"
2890 if resume {
2891 suffix = "No" + suffix
2892 }
2893
2894 testCases = append(testCases, testCase{
2895 testType: serverTest,
2896 name: "Server-DDoS-OK-" + suffix,
2897 flags: []string{"-install-ddos-callback"},
2898 resumeSession: resume,
2899 })
2900
2901 failFlag := "-fail-ddos-callback"
2902 if resume {
2903 failFlag = "-fail-second-ddos-callback"
2904 }
2905 testCases = append(testCases, testCase{
2906 testType: serverTest,
2907 name: "Server-DDoS-Reject-" + suffix,
2908 flags: []string{"-install-ddos-callback", failFlag},
2909 resumeSession: resume,
2910 shouldFail: true,
2911 expectedError: ":CONNECTION_REJECTED:",
2912 })
2913 }
2914}
2915
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2916func addVersionNegotiationTests() {
2917 for i, shimVers := range tlsVersions {
2918 // Assemble flags to disable all newer versions on the shim.
2919 var flags []string
2920 for _, vers := range tlsVersions[i+1:] {
2921 flags = append(flags, vers.flag)
2922 }
2923
2924 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2925 protocols := []protocol{tls}
2926 if runnerVers.hasDTLS && shimVers.hasDTLS {
2927 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2928 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2929 for _, protocol := range protocols {
2930 expectedVersion := shimVers.version
2931 if runnerVers.version < shimVers.version {
2932 expectedVersion = runnerVers.version
2933 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2934
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2935 suffix := shimVers.name + "-" + runnerVers.name
2936 if protocol == dtls {
2937 suffix += "-DTLS"
2938 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2939
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2940 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
2941
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2942 clientVers := shimVers.version
2943 if clientVers > VersionTLS10 {
2944 clientVers = VersionTLS10
2945 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2946 testCases = append(testCases, testCase{
2947 protocol: protocol,
2948 testType: clientTest,
2949 name: "VersionNegotiation-Client-" + suffix,
2950 config: Config{
2951 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2952 Bugs: ProtocolBugs{
2953 ExpectInitialRecordVersion: clientVers,
2954 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2955 },
2956 flags: flags,
2957 expectedVersion: expectedVersion,
2958 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2959 testCases = append(testCases, testCase{
2960 protocol: protocol,
2961 testType: clientTest,
2962 name: "VersionNegotiation-Client2-" + suffix,
2963 config: Config{
2964 MaxVersion: runnerVers.version,
2965 Bugs: ProtocolBugs{
2966 ExpectInitialRecordVersion: clientVers,
2967 },
2968 },
2969 flags: []string{"-max-version", shimVersFlag},
2970 expectedVersion: expectedVersion,
2971 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2972
2973 testCases = append(testCases, testCase{
2974 protocol: protocol,
2975 testType: serverTest,
2976 name: "VersionNegotiation-Server-" + suffix,
2977 config: Config{
2978 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2979 Bugs: ProtocolBugs{
2980 ExpectInitialRecordVersion: expectedVersion,
2981 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2982 },
2983 flags: flags,
2984 expectedVersion: expectedVersion,
2985 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2986 testCases = append(testCases, testCase{
2987 protocol: protocol,
2988 testType: serverTest,
2989 name: "VersionNegotiation-Server2-" + suffix,
2990 config: Config{
2991 MaxVersion: runnerVers.version,
2992 Bugs: ProtocolBugs{
2993 ExpectInitialRecordVersion: expectedVersion,
2994 },
2995 },
2996 flags: []string{"-max-version", shimVersFlag},
2997 expectedVersion: expectedVersion,
2998 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2999 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3000 }
3001 }
3002}
3003
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3004func addMinimumVersionTests() {
3005 for i, shimVers := range tlsVersions {
3006 // Assemble flags to disable all older versions on the shim.
3007 var flags []string
3008 for _, vers := range tlsVersions[:i] {
3009 flags = append(flags, vers.flag)
3010 }
3011
3012 for _, runnerVers := range tlsVersions {
3013 protocols := []protocol{tls}
3014 if runnerVers.hasDTLS && shimVers.hasDTLS {
3015 protocols = append(protocols, dtls)
3016 }
3017 for _, protocol := range protocols {
3018 suffix := shimVers.name + "-" + runnerVers.name
3019 if protocol == dtls {
3020 suffix += "-DTLS"
3021 }
3022 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3023
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3024 var expectedVersion uint16
3025 var shouldFail bool
3026 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3027 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3028 if runnerVers.version >= shimVers.version {
3029 expectedVersion = runnerVers.version
3030 } else {
3031 shouldFail = true
3032 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3033 if runnerVers.version > VersionSSL30 {
3034 expectedLocalError = "remote error: protocol version not supported"
3035 } else {
3036 expectedLocalError = "remote error: handshake failure"
3037 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3038 }
3039
3040 testCases = append(testCases, testCase{
3041 protocol: protocol,
3042 testType: clientTest,
3043 name: "MinimumVersion-Client-" + suffix,
3044 config: Config{
3045 MaxVersion: runnerVers.version,
3046 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3047 flags: flags,
3048 expectedVersion: expectedVersion,
3049 shouldFail: shouldFail,
3050 expectedError: expectedError,
3051 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3052 })
3053 testCases = append(testCases, testCase{
3054 protocol: protocol,
3055 testType: clientTest,
3056 name: "MinimumVersion-Client2-" + suffix,
3057 config: Config{
3058 MaxVersion: runnerVers.version,
3059 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3060 flags: []string{"-min-version", shimVersFlag},
3061 expectedVersion: expectedVersion,
3062 shouldFail: shouldFail,
3063 expectedError: expectedError,
3064 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3065 })
3066
3067 testCases = append(testCases, testCase{
3068 protocol: protocol,
3069 testType: serverTest,
3070 name: "MinimumVersion-Server-" + suffix,
3071 config: Config{
3072 MaxVersion: runnerVers.version,
3073 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3074 flags: flags,
3075 expectedVersion: expectedVersion,
3076 shouldFail: shouldFail,
3077 expectedError: expectedError,
3078 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3079 })
3080 testCases = append(testCases, testCase{
3081 protocol: protocol,
3082 testType: serverTest,
3083 name: "MinimumVersion-Server2-" + suffix,
3084 config: Config{
3085 MaxVersion: runnerVers.version,
3086 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3087 flags: []string{"-min-version", shimVersFlag},
3088 expectedVersion: expectedVersion,
3089 shouldFail: shouldFail,
3090 expectedError: expectedError,
3091 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3092 })
3093 }
3094 }
3095 }
3096}
3097
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]3098func addD5BugTests() {
3099 testCases = append(testCases, testCase{
3100 testType: serverTest,
3101 name: "D5Bug-NoQuirk-Reject",
3102 config: Config{
3103 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3104 Bugs: ProtocolBugs{
3105 SSL3RSAKeyExchange: true,
3106 },
3107 },
3108 shouldFail: true,
3109 expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
3110 })
3111 testCases = append(testCases, testCase{
3112 testType: serverTest,
3113 name: "D5Bug-Quirk-Normal",
3114 config: Config{
3115 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3116 },
3117 flags: []string{"-tls-d5-bug"},
3118 })
3119 testCases = append(testCases, testCase{
3120 testType: serverTest,
3121 name: "D5Bug-Quirk-Bug",
3122 config: Config{
3123 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3124 Bugs: ProtocolBugs{
3125 SSL3RSAKeyExchange: true,
3126 },
3127 },
3128 flags: []string{"-tls-d5-bug"},
3129 })
3130}
3131
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3132func addExtensionTests() {
3133 testCases = append(testCases, testCase{
3134 testType: clientTest,
3135 name: "DuplicateExtensionClient",
3136 config: Config{
3137 Bugs: ProtocolBugs{
3138 DuplicateExtension: true,
3139 },
3140 },
3141 shouldFail: true,
3142 expectedLocalError: "remote error: error decoding message",
3143 })
3144 testCases = append(testCases, testCase{
3145 testType: serverTest,
3146 name: "DuplicateExtensionServer",
3147 config: Config{
3148 Bugs: ProtocolBugs{
3149 DuplicateExtension: true,
3150 },
3151 },
3152 shouldFail: true,
3153 expectedLocalError: "remote error: error decoding message",
3154 })
3155 testCases = append(testCases, testCase{
3156 testType: clientTest,
3157 name: "ServerNameExtensionClient",
3158 config: Config{
3159 Bugs: ProtocolBugs{
3160 ExpectServerName: "example.com",
3161 },
3162 },
3163 flags: []string{"-host-name", "example.com"},
3164 })
3165 testCases = append(testCases, testCase{
3166 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3167 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3168 config: Config{
3169 Bugs: ProtocolBugs{
3170 ExpectServerName: "mismatch.com",
3171 },
3172 },
3173 flags: []string{"-host-name", "example.com"},
3174 shouldFail: true,
3175 expectedLocalError: "tls: unexpected server name",
3176 })
3177 testCases = append(testCases, testCase{
3178 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3179 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3180 config: Config{
3181 Bugs: ProtocolBugs{
3182 ExpectServerName: "missing.com",
3183 },
3184 },
3185 shouldFail: true,
3186 expectedLocalError: "tls: unexpected server name",
3187 })
3188 testCases = append(testCases, testCase{
3189 testType: serverTest,
3190 name: "ServerNameExtensionServer",
3191 config: Config{
3192 ServerName: "example.com",
3193 },
3194 flags: []string{"-expect-server-name", "example.com"},
3195 resumeSession: true,
3196 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3197 testCases = append(testCases, testCase{
3198 testType: clientTest,
3199 name: "ALPNClient",
3200 config: Config{
3201 NextProtos: []string{"foo"},
3202 },
3203 flags: []string{
3204 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3205 "-expect-alpn", "foo",
3206 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3207 expectedNextProto: "foo",
3208 expectedNextProtoType: alpn,
3209 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3210 })
3211 testCases = append(testCases, testCase{
3212 testType: serverTest,
3213 name: "ALPNServer",
3214 config: Config{
3215 NextProtos: []string{"foo", "bar", "baz"},
3216 },
3217 flags: []string{
3218 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3219 "-select-alpn", "foo",
3220 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3221 expectedNextProto: "foo",
3222 expectedNextProtoType: alpn,
3223 resumeSession: true,
3224 })
3225 // Test that the server prefers ALPN over NPN.
3226 testCases = append(testCases, testCase{
3227 testType: serverTest,
3228 name: "ALPNServer-Preferred",
3229 config: Config{
3230 NextProtos: []string{"foo", "bar", "baz"},
3231 },
3232 flags: []string{
3233 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3234 "-select-alpn", "foo",
3235 "-advertise-npn", "\x03foo\x03bar\x03baz",
3236 },
3237 expectedNextProto: "foo",
3238 expectedNextProtoType: alpn,
3239 resumeSession: true,
3240 })
3241 testCases = append(testCases, testCase{
3242 testType: serverTest,
3243 name: "ALPNServer-Preferred-Swapped",
3244 config: Config{
3245 NextProtos: []string{"foo", "bar", "baz"},
3246 Bugs: ProtocolBugs{
3247 SwapNPNAndALPN: true,
3248 },
3249 },
3250 flags: []string{
3251 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3252 "-select-alpn", "foo",
3253 "-advertise-npn", "\x03foo\x03bar\x03baz",
3254 },
3255 expectedNextProto: "foo",
3256 expectedNextProtoType: alpn,
3257 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3258 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3259 var emptyString string
3260 testCases = append(testCases, testCase{
3261 testType: clientTest,
3262 name: "ALPNClient-EmptyProtocolName",
3263 config: Config{
3264 NextProtos: []string{""},
3265 Bugs: ProtocolBugs{
3266 // A server returning an empty ALPN protocol
3267 // should be rejected.
3268 ALPNProtocol: &emptyString,
3269 },
3270 },
3271 flags: []string{
3272 "-advertise-alpn", "\x03foo",
3273 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3274 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3275 expectedError: ":PARSE_TLSEXT:",
3276 })
3277 testCases = append(testCases, testCase{
3278 testType: serverTest,
3279 name: "ALPNServer-EmptyProtocolName",
3280 config: Config{
3281 // A ClientHello containing an empty ALPN protocol
3282 // should be rejected.
3283 NextProtos: []string{"foo", "", "baz"},
3284 },
3285 flags: []string{
3286 "-select-alpn", "foo",
3287 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3288 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3289 expectedError: ":PARSE_TLSEXT:",
3290 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3291 // Test that negotiating both NPN and ALPN is forbidden.
3292 testCases = append(testCases, testCase{
3293 name: "NegotiateALPNAndNPN",
3294 config: Config{
3295 NextProtos: []string{"foo", "bar", "baz"},
3296 Bugs: ProtocolBugs{
3297 NegotiateALPNAndNPN: true,
3298 },
3299 },
3300 flags: []string{
3301 "-advertise-alpn", "\x03foo",
3302 "-select-next-proto", "foo",
3303 },
3304 shouldFail: true,
3305 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3306 })
3307 testCases = append(testCases, testCase{
3308 name: "NegotiateALPNAndNPN-Swapped",
3309 config: Config{
3310 NextProtos: []string{"foo", "bar", "baz"},
3311 Bugs: ProtocolBugs{
3312 NegotiateALPNAndNPN: true,
3313 SwapNPNAndALPN: true,
3314 },
3315 },
3316 flags: []string{
3317 "-advertise-alpn", "\x03foo",
3318 "-select-next-proto", "foo",
3319 },
3320 shouldFail: true,
3321 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3322 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3323 // Resume with a corrupt ticket.
3324 testCases = append(testCases, testCase{
3325 testType: serverTest,
3326 name: "CorruptTicket",
3327 config: Config{
3328 Bugs: ProtocolBugs{
3329 CorruptTicket: true,
3330 },
3331 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3332 resumeSession: true,
3333 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3334 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3335 // Test the ticket callback, with and without renewal.
3336 testCases = append(testCases, testCase{
3337 testType: serverTest,
3338 name: "TicketCallback",
3339 resumeSession: true,
3340 flags: []string{"-use-ticket-callback"},
3341 })
3342 testCases = append(testCases, testCase{
3343 testType: serverTest,
3344 name: "TicketCallback-Renew",
3345 config: Config{
3346 Bugs: ProtocolBugs{
3347 ExpectNewTicket: true,
3348 },
3349 },
3350 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3351 resumeSession: true,
3352 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3353 // Resume with an oversized session id.
3354 testCases = append(testCases, testCase{
3355 testType: serverTest,
3356 name: "OversizedSessionId",
3357 config: Config{
3358 Bugs: ProtocolBugs{
3359 OversizedSessionId: true,
3360 },
3361 },
3362 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3363 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3364 expectedError: ":DECODE_ERROR:",
3365 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3366 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3367 // are ignored.
3368 testCases = append(testCases, testCase{
3369 protocol: dtls,
3370 name: "SRTP-Client",
3371 config: Config{
3372 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3373 },
3374 flags: []string{
3375 "-srtp-profiles",
3376 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3377 },
3378 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3379 })
3380 testCases = append(testCases, testCase{
3381 protocol: dtls,
3382 testType: serverTest,
3383 name: "SRTP-Server",
3384 config: Config{
3385 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3386 },
3387 flags: []string{
3388 "-srtp-profiles",
3389 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3390 },
3391 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3392 })
3393 // Test that the MKI is ignored.
3394 testCases = append(testCases, testCase{
3395 protocol: dtls,
3396 testType: serverTest,
3397 name: "SRTP-Server-IgnoreMKI",
3398 config: Config{
3399 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3400 Bugs: ProtocolBugs{
3401 SRTPMasterKeyIdentifer: "bogus",
3402 },
3403 },
3404 flags: []string{
3405 "-srtp-profiles",
3406 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3407 },
3408 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3409 })
3410 // Test that SRTP isn't negotiated on the server if there were
3411 // no matching profiles.
3412 testCases = append(testCases, testCase{
3413 protocol: dtls,
3414 testType: serverTest,
3415 name: "SRTP-Server-NoMatch",
3416 config: Config{
3417 SRTPProtectionProfiles: []uint16{100, 101, 102},
3418 },
3419 flags: []string{
3420 "-srtp-profiles",
3421 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3422 },
3423 expectedSRTPProtectionProfile: 0,
3424 })
3425 // Test that the server returning an invalid SRTP profile is
3426 // flagged as an error by the client.
3427 testCases = append(testCases, testCase{
3428 protocol: dtls,
3429 name: "SRTP-Client-NoMatch",
3430 config: Config{
3431 Bugs: ProtocolBugs{
3432 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3433 },
3434 },
3435 flags: []string{
3436 "-srtp-profiles",
3437 "SRTP_AES128_CM_SHA1_80",
3438 },
3439 shouldFail: true,
3440 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3441 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3442 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3443 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3444 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3445 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3446 flags: []string{
3447 "-enable-signed-cert-timestamps",
3448 "-expect-signed-cert-timestamps",
3449 base64.StdEncoding.EncodeToString(testSCTList),
3450 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3451 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3452 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3453 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3454 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3455 testType: serverTest,
3456 flags: []string{
3457 "-signed-cert-timestamps",
3458 base64.StdEncoding.EncodeToString(testSCTList),
3459 },
3460 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3461 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3462 })
3463 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3464 testType: clientTest,
3465 name: "ClientHelloPadding",
3466 config: Config{
3467 Bugs: ProtocolBugs{
3468 RequireClientHelloSize: 512,
3469 },
3470 },
3471 // This hostname just needs to be long enough to push the
3472 // ClientHello into F5's danger zone between 256 and 511 bytes
3473 // long.
3474 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3475 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3476}
3477
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3478func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3479 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3480 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3481 protocols := []protocol{tls}
3482 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3483 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3484 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3485 for _, protocol := range protocols {
3486 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3487 if protocol == dtls {
3488 suffix += "-DTLS"
3489 }
3490
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3491 if sessionVers.version == resumeVers.version {
3492 testCases = append(testCases, testCase{
3493 protocol: protocol,
3494 name: "Resume-Client" + suffix,
3495 resumeSession: true,
3496 config: Config{
3497 MaxVersion: sessionVers.version,
3498 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3499 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3500 expectedVersion: sessionVers.version,
3501 expectedResumeVersion: resumeVers.version,
3502 })
3503 } else {
3504 testCases = append(testCases, testCase{
3505 protocol: protocol,
3506 name: "Resume-Client-Mismatch" + suffix,
3507 resumeSession: true,
3508 config: Config{
3509 MaxVersion: sessionVers.version,
3510 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3511 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3512 expectedVersion: sessionVers.version,
3513 resumeConfig: &Config{
3514 MaxVersion: resumeVers.version,
3515 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3516 Bugs: ProtocolBugs{
3517 AllowSessionVersionMismatch: true,
3518 },
3519 },
3520 expectedResumeVersion: resumeVers.version,
3521 shouldFail: true,
3522 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3523 })
3524 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3525
3526 testCases = append(testCases, testCase{
3527 protocol: protocol,
3528 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3529 resumeSession: true,
3530 config: Config{
3531 MaxVersion: sessionVers.version,
3532 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3533 },
3534 expectedVersion: sessionVers.version,
3535 resumeConfig: &Config{
3536 MaxVersion: resumeVers.version,
3537 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3538 },
3539 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3540 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3541 expectedResumeVersion: resumeVers.version,
3542 })
3543
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3544 testCases = append(testCases, testCase{
3545 protocol: protocol,
3546 testType: serverTest,
3547 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3548 resumeSession: true,
3549 config: Config{
3550 MaxVersion: sessionVers.version,
3551 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3552 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3553 expectedVersion: sessionVers.version,
3554 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3555 resumeConfig: &Config{
3556 MaxVersion: resumeVers.version,
3557 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3558 },
3559 expectedResumeVersion: resumeVers.version,
3560 })
3561 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3562 }
3563 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3564
3565 testCases = append(testCases, testCase{
3566 name: "Resume-Client-CipherMismatch",
3567 resumeSession: true,
3568 config: Config{
3569 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3570 },
3571 resumeConfig: &Config{
3572 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3573 Bugs: ProtocolBugs{
3574 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3575 },
3576 },
3577 shouldFail: true,
3578 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3579 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3580}
3581
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3582func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3583 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3584 testCases = append(testCases, testCase{
3585 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3586 name: "Renegotiate-Server-Forbidden",
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3587 renegotiate: true,
3588 flags: []string{"-reject-peer-renegotiations"},
3589 shouldFail: true,
3590 expectedError: ":NO_RENEGOTIATION:",
3591 expectedLocalError: "remote error: no renegotiation",
3592 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3593 // The server shouldn't echo the renegotiation extension unless
3594 // requested by the client.
3595 testCases = append(testCases, testCase{
3596 testType: serverTest,
3597 name: "Renegotiate-Server-NoExt",
3598 config: Config{
3599 Bugs: ProtocolBugs{
3600 NoRenegotiationInfo: true,
3601 RequireRenegotiationInfo: true,
3602 },
3603 },
3604 shouldFail: true,
3605 expectedLocalError: "renegotiation extension missing",
3606 })
3607 // The renegotiation SCSV should be sufficient for the server to echo
3608 // the extension.
3609 testCases = append(testCases, testCase{
3610 testType: serverTest,
3611 name: "Renegotiate-Server-NoExt-SCSV",
3612 config: Config{
3613 Bugs: ProtocolBugs{
3614 NoRenegotiationInfo: true,
3615 SendRenegotiationSCSV: true,
3616 RequireRenegotiationInfo: true,
3617 },
3618 },
3619 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3620 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3621 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3622 config: Config{
3623 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3624 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3625 },
3626 },
3627 renegotiate: true,
3628 })
3629 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3630 name: "Renegotiate-Client-EmptyExt",
3631 renegotiate: true,
3632 config: Config{
3633 Bugs: ProtocolBugs{
3634 EmptyRenegotiationInfo: true,
3635 },
3636 },
3637 shouldFail: true,
3638 expectedError: ":RENEGOTIATION_MISMATCH:",
3639 })
3640 testCases = append(testCases, testCase{
3641 name: "Renegotiate-Client-BadExt",
3642 renegotiate: true,
3643 config: Config{
3644 Bugs: ProtocolBugs{
3645 BadRenegotiationInfo: true,
3646 },
3647 },
3648 shouldFail: true,
3649 expectedError: ":RENEGOTIATION_MISMATCH:",
3650 })
3651 testCases = append(testCases, testCase{
Adam Langleybe9eda42015-06-12 18:01:50 -0700[diff] [blame]3652 name: "Renegotiate-Client-NoExt",
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3653 config: Config{
3654 Bugs: ProtocolBugs{
3655 NoRenegotiationInfo: true,
3656 },
3657 },
3658 shouldFail: true,
3659 expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
3660 flags: []string{"-no-legacy-server-connect"},
3661 })
3662 testCases = append(testCases, testCase{
3663 name: "Renegotiate-Client-NoExt-Allowed",
3664 renegotiate: true,
3665 config: Config{
3666 Bugs: ProtocolBugs{
3667 NoRenegotiationInfo: true,
3668 },
3669 },
3670 })
3671 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3672 name: "Renegotiate-Client-SwitchCiphers",
3673 renegotiate: true,
3674 config: Config{
3675 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3676 },
3677 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3678 })
3679 testCases = append(testCases, testCase{
3680 name: "Renegotiate-Client-SwitchCiphers2",
3681 renegotiate: true,
3682 config: Config{
3683 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3684 },
3685 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3686 })
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3687 testCases = append(testCases, testCase{
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3688 name: "Renegotiate-Client-Forbidden",
3689 renegotiate: true,
3690 flags: []string{"-reject-peer-renegotiations"},
3691 shouldFail: true,
3692 expectedError: ":NO_RENEGOTIATION:",
3693 expectedLocalError: "remote error: no renegotiation",
3694 })
3695 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3696 name: "Renegotiate-SameClientVersion",
3697 renegotiate: true,
3698 config: Config{
3699 MaxVersion: VersionTLS10,
3700 Bugs: ProtocolBugs{
3701 RequireSameRenegoClientVersion: true,
3702 },
3703 },
3704 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3705 testCases = append(testCases, testCase{
3706 name: "Renegotiate-FalseStart",
3707 renegotiate: true,
3708 config: Config{
3709 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3710 NextProtos: []string{"foo"},
3711 },
3712 flags: []string{
3713 "-false-start",
3714 "-select-next-proto", "foo",
3715 },
3716 shimWritesFirst: true,
3717 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3718}
3719
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3720func addDTLSReplayTests() {
3721 // Test that sequence number replays are detected.
3722 testCases = append(testCases, testCase{
3723 protocol: dtls,
3724 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3725 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3726 replayWrites: true,
3727 })
3728
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3729 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3730 // than the retransmit window.
3731 testCases = append(testCases, testCase{
3732 protocol: dtls,
3733 name: "DTLS-Replay-LargeGaps",
3734 config: Config{
3735 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3736 SequenceNumberMapping: func(in uint64) uint64 {
3737 return in * 127
3738 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3739 },
3740 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3741 messageCount: 200,
3742 replayWrites: true,
3743 })
3744
3745 // Test the incoming sequence number changing non-monotonically.
3746 testCases = append(testCases, testCase{
3747 protocol: dtls,
3748 name: "DTLS-Replay-NonMonotonic",
3749 config: Config{
3750 Bugs: ProtocolBugs{
3751 SequenceNumberMapping: func(in uint64) uint64 {
3752 return in ^ 31
3753 },
3754 },
3755 },
3756 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3757 replayWrites: true,
3758 })
3759}
3760
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3761var testHashes = []struct {
3762 name string
3763 id uint8
3764}{
3765 {"SHA1", hashSHA1},
3766 {"SHA224", hashSHA224},
3767 {"SHA256", hashSHA256},
3768 {"SHA384", hashSHA384},
3769 {"SHA512", hashSHA512},
3770}
3771
3772func addSigningHashTests() {
3773 // Make sure each hash works. Include some fake hashes in the list and
3774 // ensure they're ignored.
3775 for _, hash := range testHashes {
3776 testCases = append(testCases, testCase{
3777 name: "SigningHash-ClientAuth-" + hash.name,
3778 config: Config{
3779 ClientAuth: RequireAnyClientCert,
3780 SignatureAndHashes: []signatureAndHash{
3781 {signatureRSA, 42},
3782 {signatureRSA, hash.id},
3783 {signatureRSA, 255},
3784 },
3785 },
3786 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3787 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3788 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3789 },
3790 })
3791
3792 testCases = append(testCases, testCase{
3793 testType: serverTest,
3794 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
3795 config: Config{
3796 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3797 SignatureAndHashes: []signatureAndHash{
3798 {signatureRSA, 42},
3799 {signatureRSA, hash.id},
3800 {signatureRSA, 255},
3801 },
3802 },
3803 })
3804 }
3805
3806 // Test that hash resolution takes the signature type into account.
3807 testCases = append(testCases, testCase{
3808 name: "SigningHash-ClientAuth-SignatureType",
3809 config: Config{
3810 ClientAuth: RequireAnyClientCert,
3811 SignatureAndHashes: []signatureAndHash{
3812 {signatureECDSA, hashSHA512},
3813 {signatureRSA, hashSHA384},
3814 {signatureECDSA, hashSHA1},
3815 },
3816 },
3817 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3818 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3819 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3820 },
3821 })
3822
3823 testCases = append(testCases, testCase{
3824 testType: serverTest,
3825 name: "SigningHash-ServerKeyExchange-SignatureType",
3826 config: Config{
3827 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3828 SignatureAndHashes: []signatureAndHash{
3829 {signatureECDSA, hashSHA512},
3830 {signatureRSA, hashSHA384},
3831 {signatureECDSA, hashSHA1},
3832 },
3833 },
3834 })
3835
3836 // Test that, if the list is missing, the peer falls back to SHA-1.
3837 testCases = append(testCases, testCase{
3838 name: "SigningHash-ClientAuth-Fallback",
3839 config: Config{
3840 ClientAuth: RequireAnyClientCert,
3841 SignatureAndHashes: []signatureAndHash{
3842 {signatureRSA, hashSHA1},
3843 },
3844 Bugs: ProtocolBugs{
3845 NoSignatureAndHashes: true,
3846 },
3847 },
3848 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3849 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3850 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3851 },
3852 })
3853
3854 testCases = append(testCases, testCase{
3855 testType: serverTest,
3856 name: "SigningHash-ServerKeyExchange-Fallback",
3857 config: Config{
3858 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3859 SignatureAndHashes: []signatureAndHash{
3860 {signatureRSA, hashSHA1},
3861 },
3862 Bugs: ProtocolBugs{
3863 NoSignatureAndHashes: true,
3864 },
3865 },
3866 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]3867
3868 // Test that hash preferences are enforced. BoringSSL defaults to
3869 // rejecting MD5 signatures.
3870 testCases = append(testCases, testCase{
3871 testType: serverTest,
3872 name: "SigningHash-ClientAuth-Enforced",
3873 config: Config{
3874 Certificates: []Certificate{rsaCertificate},
3875 SignatureAndHashes: []signatureAndHash{
3876 {signatureRSA, hashMD5},
3877 // Advertise SHA-1 so the handshake will
3878 // proceed, but the shim's preferences will be
3879 // ignored in CertificateVerify generation, so
3880 // MD5 will be chosen.
3881 {signatureRSA, hashSHA1},
3882 },
3883 Bugs: ProtocolBugs{
3884 IgnorePeerSignatureAlgorithmPreferences: true,
3885 },
3886 },
3887 flags: []string{"-require-any-client-certificate"},
3888 shouldFail: true,
3889 expectedError: ":WRONG_SIGNATURE_TYPE:",
3890 })
3891
3892 testCases = append(testCases, testCase{
3893 name: "SigningHash-ServerKeyExchange-Enforced",
3894 config: Config{
3895 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3896 SignatureAndHashes: []signatureAndHash{
3897 {signatureRSA, hashMD5},
3898 },
3899 Bugs: ProtocolBugs{
3900 IgnorePeerSignatureAlgorithmPreferences: true,
3901 },
3902 },
3903 shouldFail: true,
3904 expectedError: ":WRONG_SIGNATURE_TYPE:",
3905 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3906}
3907
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3908// timeouts is the retransmit schedule for BoringSSL. It doubles and
3909// caps at 60 seconds. On the 13th timeout, it gives up.
3910var timeouts = []time.Duration{
3911 1 * time.Second,
3912 2 * time.Second,
3913 4 * time.Second,
3914 8 * time.Second,
3915 16 * time.Second,
3916 32 * time.Second,
3917 60 * time.Second,
3918 60 * time.Second,
3919 60 * time.Second,
3920 60 * time.Second,
3921 60 * time.Second,
3922 60 * time.Second,
3923 60 * time.Second,
3924}
3925
3926func addDTLSRetransmitTests() {
3927 // Test that this is indeed the timeout schedule. Stress all
3928 // four patterns of handshake.
3929 for i := 1; i < len(timeouts); i++ {
3930 number := strconv.Itoa(i)
3931 testCases = append(testCases, testCase{
3932 protocol: dtls,
3933 name: "DTLS-Retransmit-Client-" + number,
3934 config: Config{
3935 Bugs: ProtocolBugs{
3936 TimeoutSchedule: timeouts[:i],
3937 },
3938 },
3939 resumeSession: true,
3940 flags: []string{"-async"},
3941 })
3942 testCases = append(testCases, testCase{
3943 protocol: dtls,
3944 testType: serverTest,
3945 name: "DTLS-Retransmit-Server-" + number,
3946 config: Config{
3947 Bugs: ProtocolBugs{
3948 TimeoutSchedule: timeouts[:i],
3949 },
3950 },
3951 resumeSession: true,
3952 flags: []string{"-async"},
3953 })
3954 }
3955
3956 // Test that exceeding the timeout schedule hits a read
3957 // timeout.
3958 testCases = append(testCases, testCase{
3959 protocol: dtls,
3960 name: "DTLS-Retransmit-Timeout",
3961 config: Config{
3962 Bugs: ProtocolBugs{
3963 TimeoutSchedule: timeouts,
3964 },
3965 },
3966 resumeSession: true,
3967 flags: []string{"-async"},
3968 shouldFail: true,
3969 expectedError: ":READ_TIMEOUT_EXPIRED:",
3970 })
3971
3972 // Test that timeout handling has a fudge factor, due to API
3973 // problems.
3974 testCases = append(testCases, testCase{
3975 protocol: dtls,
3976 name: "DTLS-Retransmit-Fudge",
3977 config: Config{
3978 Bugs: ProtocolBugs{
3979 TimeoutSchedule: []time.Duration{
3980 timeouts[0] - 10*time.Millisecond,
3981 },
3982 },
3983 },
3984 resumeSession: true,
3985 flags: []string{"-async"},
3986 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]3987
3988 // Test that the final Finished retransmitting isn't
3989 // duplicated if the peer badly fragments everything.
3990 testCases = append(testCases, testCase{
3991 testType: serverTest,
3992 protocol: dtls,
3993 name: "DTLS-Retransmit-Fragmented",
3994 config: Config{
3995 Bugs: ProtocolBugs{
3996 TimeoutSchedule: []time.Duration{timeouts[0]},
3997 MaxHandshakeRecordLength: 2,
3998 },
3999 },
4000 flags: []string{"-async"},
4001 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4002}
4003
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4004func addExportKeyingMaterialTests() {
4005 for _, vers := range tlsVersions {
4006 if vers.version == VersionSSL30 {
4007 continue
4008 }
4009 testCases = append(testCases, testCase{
4010 name: "ExportKeyingMaterial-" + vers.name,
4011 config: Config{
4012 MaxVersion: vers.version,
4013 },
4014 exportKeyingMaterial: 1024,
4015 exportLabel: "label",
4016 exportContext: "context",
4017 useExportContext: true,
4018 })
4019 testCases = append(testCases, testCase{
4020 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4021 config: Config{
4022 MaxVersion: vers.version,
4023 },
4024 exportKeyingMaterial: 1024,
4025 })
4026 testCases = append(testCases, testCase{
4027 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4028 config: Config{
4029 MaxVersion: vers.version,
4030 },
4031 exportKeyingMaterial: 1024,
4032 useExportContext: true,
4033 })
4034 testCases = append(testCases, testCase{
4035 name: "ExportKeyingMaterial-Small-" + vers.name,
4036 config: Config{
4037 MaxVersion: vers.version,
4038 },
4039 exportKeyingMaterial: 1,
4040 exportLabel: "label",
4041 exportContext: "context",
4042 useExportContext: true,
4043 })
4044 }
4045 testCases = append(testCases, testCase{
4046 name: "ExportKeyingMaterial-SSL3",
4047 config: Config{
4048 MaxVersion: VersionSSL30,
4049 },
4050 exportKeyingMaterial: 1024,
4051 exportLabel: "label",
4052 exportContext: "context",
4053 useExportContext: true,
4054 shouldFail: true,
4055 expectedError: "failed to export keying material",
4056 })
4057}
4058
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4059func addTLSUniqueTests() {
4060 for _, isClient := range []bool{false, true} {
4061 for _, isResumption := range []bool{false, true} {
4062 for _, hasEMS := range []bool{false, true} {
4063 var suffix string
4064 if isResumption {
4065 suffix = "Resume-"
4066 } else {
4067 suffix = "Full-"
4068 }
4069
4070 if hasEMS {
4071 suffix += "EMS-"
4072 } else {
4073 suffix += "NoEMS-"
4074 }
4075
4076 if isClient {
4077 suffix += "Client"
4078 } else {
4079 suffix += "Server"
4080 }
4081
4082 test := testCase{
4083 name: "TLSUnique-" + suffix,
4084 testTLSUnique: true,
4085 config: Config{
4086 Bugs: ProtocolBugs{
4087 NoExtendedMasterSecret: !hasEMS,
4088 },
4089 },
4090 }
4091
4092 if isResumption {
4093 test.resumeSession = true
4094 test.resumeConfig = &Config{
4095 Bugs: ProtocolBugs{
4096 NoExtendedMasterSecret: !hasEMS,
4097 },
4098 }
4099 }
4100
4101 if isResumption && !hasEMS {
4102 test.shouldFail = true
4103 test.expectedError = "failed to get tls-unique"
4104 }
4105
4106 testCases = append(testCases, test)
4107 }
4108 }
4109 }
4110}
4111
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4112func addCustomExtensionTests() {
4113 expectedContents := "custom extension"
4114 emptyString := ""
4115
4116 for _, isClient := range []bool{false, true} {
4117 suffix := "Server"
4118 flag := "-enable-server-custom-extension"
4119 testType := serverTest
4120 if isClient {
4121 suffix = "Client"
4122 flag = "-enable-client-custom-extension"
4123 testType = clientTest
4124 }
4125
4126 testCases = append(testCases, testCase{
4127 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4128 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4129 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4130 Bugs: ProtocolBugs{
4131 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4132 ExpectedCustomExtension: &expectedContents,
4133 },
4134 },
4135 flags: []string{flag},
4136 })
4137
4138 // If the parse callback fails, the handshake should also fail.
4139 testCases = append(testCases, testCase{
4140 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4141 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4142 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4143 Bugs: ProtocolBugs{
4144 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4145 ExpectedCustomExtension: &expectedContents,
4146 },
4147 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4148 flags: []string{flag},
4149 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4150 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4151 })
4152
4153 // If the add callback fails, the handshake should also fail.
4154 testCases = append(testCases, testCase{
4155 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4156 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4157 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4158 Bugs: ProtocolBugs{
4159 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4160 ExpectedCustomExtension: &expectedContents,
4161 },
4162 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4163 flags: []string{flag, "-custom-extension-fail-add"},
4164 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4165 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4166 })
4167
4168 // If the add callback returns zero, no extension should be
4169 // added.
4170 skipCustomExtension := expectedContents
4171 if isClient {
4172 // For the case where the client skips sending the
4173 // custom extension, the server must not “echo” it.
4174 skipCustomExtension = ""
4175 }
4176 testCases = append(testCases, testCase{
4177 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4178 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4179 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4180 Bugs: ProtocolBugs{
4181 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4182 ExpectedCustomExtension: &emptyString,
4183 },
4184 },
4185 flags: []string{flag, "-custom-extension-skip"},
4186 })
4187 }
4188
4189 // The custom extension add callback should not be called if the client
4190 // doesn't send the extension.
4191 testCases = append(testCases, testCase{
4192 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4193 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4194 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4195 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4196 ExpectedCustomExtension: &emptyString,
4197 },
4198 },
4199 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
4200 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]4201
4202 // Test an unknown extension from the server.
4203 testCases = append(testCases, testCase{
4204 testType: clientTest,
4205 name: "UnknownExtension-Client",
4206 config: Config{
4207 Bugs: ProtocolBugs{
4208 CustomExtension: expectedContents,
4209 },
4210 },
4211 shouldFail: true,
4212 expectedError: ":UNEXPECTED_EXTENSION:",
4213 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4214}
4215
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4216func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4217 defer wg.Done()
4218
4219 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4220 var err error
4221
4222 if *mallocTest < 0 {
4223 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4224 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4225 } else {
4226 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
4227 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4228 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4229 if err != nil {
4230 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
4231 }
4232 break
4233 }
4234 }
4235 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4236 statusChan <- statusMsg{test: test, err: err}
4237 }
4238}
4239
4240type statusMsg struct {
4241 test *testCase
4242 started bool
4243 err error
4244}
4245
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4246func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4247 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4248
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4249 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4250 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4251 if !*pipe {
4252 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]4253 var erase string
4254 for i := 0; i < lineLen; i++ {
4255 erase += "\b \b"
4256 }
4257 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4258 }
4259
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4260 if msg.started {
4261 started++
4262 } else {
4263 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4264
4265 if msg.err != nil {
4266 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4267 failed++
4268 testOutput.addResult(msg.test.name, "FAIL")
4269 } else {
4270 if *pipe {
4271 // Print each test instead of a status line.
4272 fmt.Printf("PASSED (%s)\n", msg.test.name)
4273 }
4274 testOutput.addResult(msg.test.name, "PASS")
4275 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4276 }
4277
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4278 if !*pipe {
4279 // Print a new status line.
4280 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4281 lineLen = len(line)
4282 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4283 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4284 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4285
4286 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4287}
4288
4289func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4290 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4291 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4292
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4293 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4294 addCipherSuiteTests()
4295 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4296 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4297 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4298 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4299 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4300 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4301 addMinimumVersionTests()
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]4302 addD5BugTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4303 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4304 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4305 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4306 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4307 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4308 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4309 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4310 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4311 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4312 addCustomExtensionTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4313 for _, async := range []bool{false, true} {
4314 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4315 for _, protocol := range []protocol{tls, dtls} {
4316 addStateMachineCoverageTests(async, splitHandshake, protocol)
4317 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4318 }
4319 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4320
4321 var wg sync.WaitGroup
4322
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4323 statusChan := make(chan statusMsg, *numWorkers)
4324 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4325 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4326
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4327 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4328
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4329 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4330 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4331 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4332 }
4333
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4334 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4335 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4336 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4337 }
4338 }
4339
4340 close(testChan)
4341 wg.Wait()
4342 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4343 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4344
4345 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4346
4347 if *jsonOutput != "" {
4348 if err := testOutput.writeTo(*jsonOutput); err != nil {
4349 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4350 }
4351 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4352
4353 if !testOutput.allPassed {
4354 os.Exit(1)
4355 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4356}