Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 0ea8dda93efadce14f7a95f84d3d9f2509434fb0 / . / ssl / test / runner / runner.go
blob: ef90882776036d67ee135d9466e0d343fa1201fd [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1package main
2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]14 "net"
15 "os"
16 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]17 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]18 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]19 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]20 "strings"
21 "sync"
22 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]23 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]24)
25
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]26var (
27 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
28 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
29 flagDebug *bool = flag.Bool("debug", false, "Hexdump the contents of the connection")
30 mallocTest *int64 = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
31 mallocTestDebug *bool = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
32)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]33
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]34const (
35 rsaCertificateFile = "cert.pem"
36 ecdsaCertificateFile = "ecdsa_cert.pem"
37)
38
39const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]40 rsaKeyFile = "key.pem"
41 ecdsaKeyFile = "ecdsa_key.pem"
42 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]43)
44
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]45var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]46var channelIDKey *ecdsa.PrivateKey
47var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]48
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]49var testOCSPResponse = []byte{1, 2, 3, 4}
50var testSCTList = []byte{5, 6, 7, 8}
51
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]52func initCertificates() {
53 var err error
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]54 rsaCertificate, err = LoadX509KeyPair(rsaCertificateFile, rsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]55 if err != nil {
56 panic(err)
57 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]58 rsaCertificate.OCSPStaple = testOCSPResponse
59 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]60
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]61 ecdsaCertificate, err = LoadX509KeyPair(ecdsaCertificateFile, ecdsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]62 if err != nil {
63 panic(err)
64 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]65 ecdsaCertificate.OCSPStaple = testOCSPResponse
66 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]67
68 channelIDPEMBlock, err := ioutil.ReadFile(channelIDKeyFile)
69 if err != nil {
70 panic(err)
71 }
72 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
73 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
74 panic("bad key type")
75 }
76 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
77 if err != nil {
78 panic(err)
79 }
80 if channelIDKey.Curve != elliptic.P256() {
81 panic("bad curve")
82 }
83
84 channelIDBytes = make([]byte, 64)
85 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
86 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]87}
88
89var certificateOnce sync.Once
90
91func getRSACertificate() Certificate {
92 certificateOnce.Do(initCertificates)
93 return rsaCertificate
94}
95
96func getECDSACertificate() Certificate {
97 certificateOnce.Do(initCertificates)
98 return ecdsaCertificate
99}
100
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]101type testType int
102
103const (
104 clientTest testType = iota
105 serverTest
106)
107
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]108type protocol int
109
110const (
111 tls protocol = iota
112 dtls
113)
114
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]115const (
116 alpn = 1
117 npn = 2
118)
119
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]120type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]121 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]122 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]123 name string
124 config Config
125 shouldFail bool
126 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]127 // expectedLocalError, if not empty, contains a substring that must be
128 // found in the local error.
129 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]130 // expectedVersion, if non-zero, specifies the TLS version that must be
131 // negotiated.
132 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]133 // expectedResumeVersion, if non-zero, specifies the TLS version that
134 // must be negotiated on resumption. If zero, expectedVersion is used.
135 expectedResumeVersion uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]136 // expectChannelID controls whether the connection should have
137 // negotiated a Channel ID with channelIDKey.
138 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]139 // expectedNextProto controls whether the connection should
140 // negotiate a next protocol via NPN or ALPN.
141 expectedNextProto string
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]142 // expectedNextProtoType, if non-zero, is the expected next
143 // protocol negotiation mechanism.
144 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]145 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
146 // should be negotiated. If zero, none should be negotiated.
147 expectedSRTPProtectionProfile uint16
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]148 // messageLen is the length, in bytes, of the test message that will be
149 // sent.
150 messageLen int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]151 // certFile is the path to the certificate to use for the server.
152 certFile string
153 // keyFile is the path to the private key to use for the server.
154 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]155 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]156 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]157 resumeSession bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]158 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]159 // resumption. Unless newSessionsOnResume is set,
160 // SessionTicketKey, ServerSessionCache, and
161 // ClientSessionCache are copied from the initial connection's
162 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]163 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]164 // newSessionsOnResume, if true, will cause resumeConfig to
165 // use a different session resumption context.
166 newSessionsOnResume bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]167 // sendPrefix sends a prefix on the socket before actually performing a
168 // handshake.
169 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]170 // shimWritesFirst controls whether the shim sends an initial "hello"
171 // message before doing a roundtrip with the runner.
172 shimWritesFirst bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]173 // renegotiate indicates the the connection should be renegotiated
174 // during the exchange.
175 renegotiate bool
176 // renegotiateCiphers is a list of ciphersuite ids that will be
177 // switched in just before renegotiation.
178 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]179 // replayWrites, if true, configures the underlying transport
180 // to replay every write it makes in DTLS tests.
181 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]182 // damageFirstWrite, if true, configures the underlying transport to
183 // damage the final byte of the first application data write.
184 damageFirstWrite bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]185 // flags, if not empty, contains a list of command-line flags that will
186 // be passed to the shim program.
187 flags []string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]188}
189
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]190var testCases = []testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]191 {
192 name: "BadRSASignature",
193 config: Config{
194 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
195 Bugs: ProtocolBugs{
196 InvalidSKXSignature: true,
197 },
198 },
199 shouldFail: true,
200 expectedError: ":BAD_SIGNATURE:",
201 },
202 {
203 name: "BadECDSASignature",
204 config: Config{
205 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
206 Bugs: ProtocolBugs{
207 InvalidSKXSignature: true,
208 },
209 Certificates: []Certificate{getECDSACertificate()},
210 },
211 shouldFail: true,
212 expectedError: ":BAD_SIGNATURE:",
213 },
214 {
215 name: "BadECDSACurve",
216 config: Config{
217 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
218 Bugs: ProtocolBugs{
219 InvalidSKXCurve: true,
220 },
221 Certificates: []Certificate{getECDSACertificate()},
222 },
223 shouldFail: true,
224 expectedError: ":WRONG_CURVE:",
225 },
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]226 {
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]227 testType: serverTest,
228 name: "BadRSAVersion",
229 config: Config{
230 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
231 Bugs: ProtocolBugs{
232 RsaClientKeyExchangeVersion: VersionTLS11,
233 },
234 },
235 shouldFail: true,
236 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
237 },
238 {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]239 name: "NoFallbackSCSV",
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]240 config: Config{
241 Bugs: ProtocolBugs{
242 FailIfNotFallbackSCSV: true,
243 },
244 },
245 shouldFail: true,
246 expectedLocalError: "no fallback SCSV found",
247 },
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]248 {
David Benjamin2a0c4962014-08-22 23:46:35 -0400[diff] [blame]249 name: "SendFallbackSCSV",
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]250 config: Config{
251 Bugs: ProtocolBugs{
252 FailIfNotFallbackSCSV: true,
253 },
254 },
255 flags: []string{"-fallback-scsv"},
256 },
David Benjamin197b3ab2014-07-02 18:37:33 -0400[diff] [blame]257 {
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]258 name: "ClientCertificateTypes",
259 config: Config{
260 ClientAuth: RequestClientCert,
261 ClientCertificateTypes: []byte{
262 CertTypeDSSSign,
263 CertTypeRSASign,
264 CertTypeECDSASign,
265 },
266 },
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]267 flags: []string{
268 "-expect-certificate-types",
269 base64.StdEncoding.EncodeToString([]byte{
270 CertTypeDSSSign,
271 CertTypeRSASign,
272 CertTypeECDSASign,
273 }),
274 },
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]275 },
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]276 {
277 name: "NoClientCertificate",
278 config: Config{
279 ClientAuth: RequireAnyClientCert,
280 },
281 shouldFail: true,
282 expectedLocalError: "client didn't provide a certificate",
283 },
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]284 {
285 name: "UnauthenticatedECDH",
286 config: Config{
287 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
288 Bugs: ProtocolBugs{
289 UnauthenticatedECDH: true,
290 },
291 },
292 shouldFail: true,
David Benjamine8f3d662014-07-12 01:10:19 -0400[diff] [blame]293 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]294 },
David Benjamin9c651c92014-07-12 13:27:45 -0400[diff] [blame]295 {
296 name: "SkipServerKeyExchange",
297 config: Config{
298 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
299 Bugs: ProtocolBugs{
300 SkipServerKeyExchange: true,
301 },
302 },
303 shouldFail: true,
304 expectedError: ":UNEXPECTED_MESSAGE:",
305 },
David Benjamin1f5f62b2014-07-12 16:18:02 -0400[diff] [blame]306 {
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]307 name: "SkipChangeCipherSpec-Client",
308 config: Config{
309 Bugs: ProtocolBugs{
310 SkipChangeCipherSpec: true,
311 },
312 },
313 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]314 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]315 },
316 {
317 testType: serverTest,
318 name: "SkipChangeCipherSpec-Server",
319 config: Config{
320 Bugs: ProtocolBugs{
321 SkipChangeCipherSpec: true,
322 },
323 },
324 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]325 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]326 },
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]327 {
328 testType: serverTest,
329 name: "SkipChangeCipherSpec-Server-NPN",
330 config: Config{
331 NextProtos: []string{"bar"},
332 Bugs: ProtocolBugs{
333 SkipChangeCipherSpec: true,
334 },
335 },
336 flags: []string{
337 "-advertise-npn", "\x03foo\x03bar\x03baz",
338 },
339 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]340 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
341 },
342 {
343 name: "FragmentAcrossChangeCipherSpec-Client",
344 config: Config{
345 Bugs: ProtocolBugs{
346 FragmentAcrossChangeCipherSpec: true,
347 },
348 },
349 shouldFail: true,
350 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
351 },
352 {
353 testType: serverTest,
354 name: "FragmentAcrossChangeCipherSpec-Server",
355 config: Config{
356 Bugs: ProtocolBugs{
357 FragmentAcrossChangeCipherSpec: true,
358 },
359 },
360 shouldFail: true,
361 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
362 },
363 {
364 testType: serverTest,
365 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
366 config: Config{
367 NextProtos: []string{"bar"},
368 Bugs: ProtocolBugs{
369 FragmentAcrossChangeCipherSpec: true,
370 },
371 },
372 flags: []string{
373 "-advertise-npn", "\x03foo\x03bar\x03baz",
374 },
375 shouldFail: true,
376 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]377 },
David Benjaminf3ec83d2014-07-21 22:42:34 -0400[diff] [blame]378 {
379 testType: serverTest,
Alex Chernyakhovsky4cd8c432014-11-01 19:39:08 -0400[diff] [blame]380 name: "FragmentAlert",
381 config: Config{
382 Bugs: ProtocolBugs{
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]383 FragmentAlert: true,
Alex Chernyakhovsky4cd8c432014-11-01 19:39:08 -0400[diff] [blame]384 SendSpuriousAlert: true,
385 },
386 },
387 shouldFail: true,
388 expectedError: ":BAD_ALERT:",
389 },
390 {
David Benjamin0ea8dda2015-01-31 20:33:40 -0500[diff] [blame^]391 protocol: dtls,
392 testType: serverTest,
393 name: "FragmentAlert-DTLS",
394 config: Config{
395 Bugs: ProtocolBugs{
396 FragmentAlert: true,
397 SendSpuriousAlert: true,
398 },
399 },
400 shouldFail: true,
401 expectedError: ":BAD_ALERT:",
402 },
403 {
Alex Chernyakhovsky4cd8c432014-11-01 19:39:08 -0400[diff] [blame]404 testType: serverTest,
David Benjaminf3ec83d2014-07-21 22:42:34 -0400[diff] [blame]405 name: "EarlyChangeCipherSpec-server-1",
406 config: Config{
407 Bugs: ProtocolBugs{
408 EarlyChangeCipherSpec: 1,
409 },
410 },
411 shouldFail: true,
412 expectedError: ":CCS_RECEIVED_EARLY:",
413 },
414 {
415 testType: serverTest,
416 name: "EarlyChangeCipherSpec-server-2",
417 config: Config{
418 Bugs: ProtocolBugs{
419 EarlyChangeCipherSpec: 2,
420 },
421 },
422 shouldFail: true,
423 expectedError: ":CCS_RECEIVED_EARLY:",
424 },
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]425 {
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]426 name: "SkipNewSessionTicket",
427 config: Config{
428 Bugs: ProtocolBugs{
429 SkipNewSessionTicket: true,
430 },
431 },
432 shouldFail: true,
433 expectedError: ":CCS_RECEIVED_EARLY:",
434 },
David Benjamin7e3305e2014-07-28 14:52:32 -0400[diff] [blame]435 {
David Benjamind86c7672014-08-02 04:07:12 -0400[diff] [blame]436 testType: serverTest,
David Benjaminbef270a2014-08-02 04:22:02 -0400[diff] [blame]437 name: "FallbackSCSV",
438 config: Config{
439 MaxVersion: VersionTLS11,
440 Bugs: ProtocolBugs{
441 SendFallbackSCSV: true,
442 },
443 },
444 shouldFail: true,
445 expectedError: ":INAPPROPRIATE_FALLBACK:",
446 },
447 {
448 testType: serverTest,
449 name: "FallbackSCSV-VersionMatch",
450 config: Config{
451 Bugs: ProtocolBugs{
452 SendFallbackSCSV: true,
453 },
454 },
455 },
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]456 {
457 testType: serverTest,
458 name: "FragmentedClientVersion",
459 config: Config{
460 Bugs: ProtocolBugs{
461 MaxHandshakeRecordLength: 1,
462 FragmentClientVersion: true,
463 },
464 },
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]465 expectedVersion: VersionTLS12,
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]466 },
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]467 {
468 testType: serverTest,
469 name: "MinorVersionTolerance",
470 config: Config{
471 Bugs: ProtocolBugs{
472 SendClientVersion: 0x03ff,
473 },
474 },
475 expectedVersion: VersionTLS12,
476 },
477 {
478 testType: serverTest,
479 name: "MajorVersionTolerance",
480 config: Config{
481 Bugs: ProtocolBugs{
482 SendClientVersion: 0x0400,
483 },
484 },
485 expectedVersion: VersionTLS12,
486 },
487 {
488 testType: serverTest,
489 name: "VersionTooLow",
490 config: Config{
491 Bugs: ProtocolBugs{
492 SendClientVersion: 0x0200,
493 },
494 },
495 shouldFail: true,
496 expectedError: ":UNSUPPORTED_PROTOCOL:",
497 },
498 {
499 testType: serverTest,
500 name: "HttpGET",
501 sendPrefix: "GET / HTTP/1.0\n",
502 shouldFail: true,
503 expectedError: ":HTTP_REQUEST:",
504 },
505 {
506 testType: serverTest,
507 name: "HttpPOST",
508 sendPrefix: "POST / HTTP/1.0\n",
509 shouldFail: true,
510 expectedError: ":HTTP_REQUEST:",
511 },
512 {
513 testType: serverTest,
514 name: "HttpHEAD",
515 sendPrefix: "HEAD / HTTP/1.0\n",
516 shouldFail: true,
517 expectedError: ":HTTP_REQUEST:",
518 },
519 {
520 testType: serverTest,
521 name: "HttpPUT",
522 sendPrefix: "PUT / HTTP/1.0\n",
523 shouldFail: true,
524 expectedError: ":HTTP_REQUEST:",
525 },
526 {
527 testType: serverTest,
528 name: "HttpCONNECT",
529 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
530 shouldFail: true,
531 expectedError: ":HTTPS_PROXY_REQUEST:",
532 },
David Benjamin39ebf532014-08-31 02:23:49 -0400[diff] [blame]533 {
David Benjaminf080ecd2014-12-11 18:48:59 -0500[diff] [blame]534 testType: serverTest,
535 name: "Garbage",
536 sendPrefix: "blah",
537 shouldFail: true,
538 expectedError: ":UNKNOWN_PROTOCOL:",
539 },
540 {
David Benjamin39ebf532014-08-31 02:23:49 -0400[diff] [blame]541 name: "SkipCipherVersionCheck",
542 config: Config{
543 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
544 MaxVersion: VersionTLS11,
545 Bugs: ProtocolBugs{
546 SkipCipherVersionCheck: true,
547 },
548 },
549 shouldFail: true,
550 expectedError: ":WRONG_CIPHER_RETURNED:",
551 },
David Benjamin9114fae2014-11-08 11:41:14 -0500[diff] [blame]552 {
553 name: "RSAServerKeyExchange",
554 config: Config{
555 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
556 Bugs: ProtocolBugs{
557 RSAServerKeyExchange: true,
558 },
559 },
560 shouldFail: true,
561 expectedError: ":UNEXPECTED_MESSAGE:",
562 },
David Benjamin128dbc32014-12-01 01:27:42 -0500[diff] [blame]563 {
564 name: "DisableEverything",
565 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
566 shouldFail: true,
567 expectedError: ":WRONG_SSL_VERSION:",
568 },
569 {
570 protocol: dtls,
571 name: "DisableEverything-DTLS",
572 flags: []string{"-no-tls12", "-no-tls1"},
573 shouldFail: true,
574 expectedError: ":WRONG_SSL_VERSION:",
575 },
David Benjamin780d6dd2015-01-06 12:03:19 -0500[diff] [blame]576 {
577 name: "NoSharedCipher",
578 config: Config{
579 CipherSuites: []uint16{},
580 },
581 shouldFail: true,
582 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
583 },
David Benjamin13be1de2015-01-11 16:29:36 -0500[diff] [blame]584 {
585 protocol: dtls,
586 testType: serverTest,
587 name: "MTU",
588 config: Config{
589 Bugs: ProtocolBugs{
590 MaxPacketLength: 256,
591 },
592 },
593 flags: []string{"-mtu", "256"},
594 },
595 {
596 protocol: dtls,
597 testType: serverTest,
598 name: "MTUExceeded",
599 config: Config{
600 Bugs: ProtocolBugs{
601 MaxPacketLength: 255,
602 },
603 },
604 flags: []string{"-mtu", "256"},
605 shouldFail: true,
606 expectedLocalError: "dtls: exceeded maximum packet length",
607 },
David Benjamin6095de82014-12-27 01:50:38 -0500[diff] [blame]608 {
609 name: "CertMismatchRSA",
610 config: Config{
611 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
612 Certificates: []Certificate{getECDSACertificate()},
613 Bugs: ProtocolBugs{
614 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
615 },
616 },
617 shouldFail: true,
618 expectedError: ":WRONG_CERTIFICATE_TYPE:",
619 },
620 {
621 name: "CertMismatchECDSA",
622 config: Config{
623 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
624 Certificates: []Certificate{getRSACertificate()},
625 Bugs: ProtocolBugs{
626 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
627 },
628 },
629 shouldFail: true,
630 expectedError: ":WRONG_CERTIFICATE_TYPE:",
631 },
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]632 {
633 name: "TLSFatalBadPackets",
634 damageFirstWrite: true,
635 shouldFail: true,
636 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
637 },
638 {
639 protocol: dtls,
640 name: "DTLSIgnoreBadPackets",
641 damageFirstWrite: true,
642 },
643 {
644 protocol: dtls,
645 name: "DTLSIgnoreBadPackets-Async",
646 damageFirstWrite: true,
647 flags: []string{"-async"},
648 },
David Benjamin4189bd92015-01-25 23:52:39 -0500[diff] [blame]649 {
650 name: "AppDataAfterChangeCipherSpec",
651 config: Config{
652 Bugs: ProtocolBugs{
653 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
654 },
655 },
656 shouldFail: true,
657 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
658 },
659 {
660 protocol: dtls,
661 name: "AppDataAfterChangeCipherSpec-DTLS",
662 config: Config{
663 Bugs: ProtocolBugs{
664 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
665 },
666 },
667 },
David Benjaminb3774b92015-01-31 17:16:01 -0500[diff] [blame]668 {
669 protocol: dtls,
670 name: "ReorderHandshakeFragments-Small-DTLS",
671 config: Config{
672 Bugs: ProtocolBugs{
673 ReorderHandshakeFragments: true,
674 // Small enough that every handshake message is
675 // fragmented.
676 MaxHandshakeRecordLength: 2,
677 },
678 },
679 },
680 {
681 protocol: dtls,
682 name: "ReorderHandshakeFragments-Large-DTLS",
683 config: Config{
684 Bugs: ProtocolBugs{
685 ReorderHandshakeFragments: true,
686 // Large enough that no handshake message is
687 // fragmented.
688 //
689 // TODO(davidben): Also test interaction of
690 // complete handshake messages with
691 // fragments. The current logic is full of bugs
692 // here, so the reassembly logic needs a rewrite
693 // before those tests will pass.
694 MaxHandshakeRecordLength: 2048,
695 },
696 },
697 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]698}
699
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]700func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]701 var connDebug *recordingConn
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]702 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]703 if *flagDebug {
704 connDebug = &recordingConn{Conn: conn}
705 conn = connDebug
706 defer func() {
707 connDebug.WriteTo(os.Stdout)
708 }()
709 }
710
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]711 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]712 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
713 conn = config.Bugs.PacketAdaptor
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]714 if test.replayWrites {
715 conn = newReplayAdaptor(conn)
716 }
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]717 }
718
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]719 if test.damageFirstWrite {
720 connDamage = newDamageAdaptor(conn)
721 conn = connDamage
722 }
723
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]724 if test.sendPrefix != "" {
725 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
726 return err
727 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]728 }
729
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]730 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]731 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]732 if test.protocol == dtls {
733 tlsConn = DTLSServer(conn, config)
734 } else {
735 tlsConn = Server(conn, config)
736 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]737 } else {
738 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]739 if test.protocol == dtls {
740 tlsConn = DTLSClient(conn, config)
741 } else {
742 tlsConn = Client(conn, config)
743 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]744 }
745
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]746 if err := tlsConn.Handshake(); err != nil {
747 return err
748 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]749
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]750 // TODO(davidben): move all per-connection expectations into a dedicated
751 // expectations struct that can be specified separately for the two
752 // legs.
753 expectedVersion := test.expectedVersion
754 if isResume && test.expectedResumeVersion != 0 {
755 expectedVersion = test.expectedResumeVersion
756 }
757 if vers := tlsConn.ConnectionState().Version; expectedVersion != 0 && vers != expectedVersion {
758 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]759 }
760
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]761 if test.expectChannelID {
762 channelID := tlsConn.ConnectionState().ChannelID
763 if channelID == nil {
764 return fmt.Errorf("no channel ID negotiated")
765 }
766 if channelID.Curve != channelIDKey.Curve ||
767 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
768 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
769 return fmt.Errorf("incorrect channel ID")
770 }
771 }
772
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]773 if expected := test.expectedNextProto; expected != "" {
774 if actual := tlsConn.ConnectionState().NegotiatedProtocol; actual != expected {
775 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
776 }
777 }
778
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]779 if test.expectedNextProtoType != 0 {
780 if (test.expectedNextProtoType == alpn) != tlsConn.ConnectionState().NegotiatedProtocolFromALPN {
781 return fmt.Errorf("next proto type mismatch")
782 }
783 }
784
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]785 if p := tlsConn.ConnectionState().SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
786 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
787 }
788
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]789 if test.shimWritesFirst {
790 var buf [5]byte
791 _, err := io.ReadFull(tlsConn, buf[:])
792 if err != nil {
793 return err
794 }
795 if string(buf[:]) != "hello" {
796 return fmt.Errorf("bad initial message")
797 }
798 }
799
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]800 if test.renegotiate {
801 if test.renegotiateCiphers != nil {
802 config.CipherSuites = test.renegotiateCiphers
803 }
804 if err := tlsConn.Renegotiate(); err != nil {
805 return err
806 }
807 } else if test.renegotiateCiphers != nil {
808 panic("renegotiateCiphers without renegotiate")
809 }
810
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]811 if test.damageFirstWrite {
812 connDamage.setDamage(true)
813 tlsConn.Write([]byte("DAMAGED WRITE"))
814 connDamage.setDamage(false)
815 }
816
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]817 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]818 if test.protocol == dtls {
819 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
820 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]821 // Read until EOF.
822 _, err := io.Copy(ioutil.Discard, tlsConn)
823 return err
824 }
825
David Benjamin4189bd92015-01-25 23:52:39 -0500[diff] [blame]826 var testMessage []byte
827 if config.Bugs.AppDataAfterChangeCipherSpec != nil {
828 // We've already sent a message. Expect the shim to echo it
829 // back.
830 testMessage = config.Bugs.AppDataAfterChangeCipherSpec
831 } else {
832 if messageLen == 0 {
833 messageLen = 32
834 }
835 testMessage = make([]byte, messageLen)
836 for i := range testMessage {
837 testMessage[i] = 0x42
838 }
839 tlsConn.Write(testMessage)
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]840 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]841
842 buf := make([]byte, len(testMessage))
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]843 if test.protocol == dtls {
844 bufTmp := make([]byte, len(buf)+1)
845 n, err := tlsConn.Read(bufTmp)
846 if err != nil {
847 return err
848 }
849 if n != len(buf) {
850 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
851 }
852 copy(buf, bufTmp)
853 } else {
854 _, err := io.ReadFull(tlsConn, buf)
855 if err != nil {
856 return err
857 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]858 }
859
860 for i, v := range buf {
861 if v != testMessage[i]^0xff {
862 return fmt.Errorf("bad reply contents at byte %d", i)
863 }
864 }
865
866 return nil
867}
868
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]869func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
870 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]871 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]872 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]873 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]874 valgrindArgs = append(valgrindArgs, path)
875 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]876
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]877 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]878}
879
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]880func gdbOf(path string, args ...string) *exec.Cmd {
881 xtermArgs := []string{"-e", "gdb", "--args"}
882 xtermArgs = append(xtermArgs, path)
883 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]884
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]885 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]886}
887
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]888func openSocketPair() (shimEnd *os.File, conn net.Conn) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]889 socks, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
890 if err != nil {
891 panic(err)
892 }
893
894 syscall.CloseOnExec(socks[0])
895 syscall.CloseOnExec(socks[1])
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]896 shimEnd = os.NewFile(uintptr(socks[0]), "shim end")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]897 connFile := os.NewFile(uintptr(socks[1]), "our end")
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]898 conn, err = net.FileConn(connFile)
899 if err != nil {
900 panic(err)
901 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]902 connFile.Close()
903 if err != nil {
904 panic(err)
905 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]906 return shimEnd, conn
907}
908
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]909type moreMallocsError struct{}
910
911func (moreMallocsError) Error() string {
912 return "child process did not exhaust all allocation calls"
913}
914
915var errMoreMallocs = moreMallocsError{}
916
917func runTest(test *testCase, buildDir string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]918 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
919 panic("Error expected without shouldFail in " + test.name)
920 }
921
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]922 shimEnd, conn := openSocketPair()
923 shimEndResume, connResume := openSocketPair()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]924
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]925 shim_path := path.Join(buildDir, "ssl/test/bssl_shim")
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]926 var flags []string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]927 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]928 flags = append(flags, "-server")
929
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]930 flags = append(flags, "-key-file")
931 if test.keyFile == "" {
932 flags = append(flags, rsaKeyFile)
933 } else {
934 flags = append(flags, test.keyFile)
935 }
936
937 flags = append(flags, "-cert-file")
938 if test.certFile == "" {
939 flags = append(flags, rsaCertificateFile)
940 } else {
941 flags = append(flags, test.certFile)
942 }
943 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]944
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]945 if test.protocol == dtls {
946 flags = append(flags, "-dtls")
947 }
948
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]949 if test.resumeSession {
950 flags = append(flags, "-resume")
951 }
952
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]953 if test.shimWritesFirst {
954 flags = append(flags, "-shim-writes-first")
955 }
956
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]957 flags = append(flags, test.flags...)
958
959 var shim *exec.Cmd
960 if *useValgrind {
961 shim = valgrindOf(false, shim_path, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]962 } else if *useGDB {
963 shim = gdbOf(shim_path, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]964 } else {
965 shim = exec.Command(shim_path, flags...)
966 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]967 shim.ExtraFiles = []*os.File{shimEnd, shimEndResume}
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]968 shim.Stdin = os.Stdin
969 var stdoutBuf, stderrBuf bytes.Buffer
970 shim.Stdout = &stdoutBuf
971 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]972 if mallocNumToFail >= 0 {
973 shim.Env = []string{"MALLOC_NUMBER_TO_FAIL=" + strconv.FormatInt(mallocNumToFail, 10)}
974 if *mallocTestDebug {
975 shim.Env = append(shim.Env, "MALLOC_ABORT_ON_FAIL=1")
976 }
977 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
978 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]979
980 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]981 panic(err)
982 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]983 shimEnd.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]984 shimEndResume.Close()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]985
986 config := test.config
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]987 config.ClientSessionCache = NewLRUClientSessionCache(1)
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]988 config.ServerSessionCache = NewLRUServerSessionCache(1)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]989 if test.testType == clientTest {
990 if len(config.Certificates) == 0 {
991 config.Certificates = []Certificate{getRSACertificate()}
992 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]993 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]994
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]995 err := doExchange(test, &config, conn, test.messageLen,
996 false /* not a resumption */)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]997 conn.Close()
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]998
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]999 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1000 var resumeConfig Config
1001 if test.resumeConfig != nil {
1002 resumeConfig = *test.resumeConfig
1003 if len(resumeConfig.Certificates) == 0 {
1004 resumeConfig.Certificates = []Certificate{getRSACertificate()}
1005 }
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1006 if !test.newSessionsOnResume {
1007 resumeConfig.SessionTicketKey = config.SessionTicketKey
1008 resumeConfig.ClientSessionCache = config.ClientSessionCache
1009 resumeConfig.ServerSessionCache = config.ServerSessionCache
1010 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1011 } else {
1012 resumeConfig = config
1013 }
1014 err = doExchange(test, &resumeConfig, connResume, test.messageLen,
1015 true /* resumption */)
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1016 }
David Benjamin812152a2014-09-06 12:49:07 -0400[diff] [blame]1017 connResume.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1018
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1019 childErr := shim.Wait()
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1020 if exitError, ok := childErr.(*exec.ExitError); ok {
1021 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
1022 return errMoreMallocs
1023 }
1024 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1025
1026 stdout := string(stdoutBuf.Bytes())
1027 stderr := string(stderrBuf.Bytes())
1028 failed := err != nil || childErr != nil
1029 correctFailure := len(test.expectedError) == 0 || strings.Contains(stdout, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1030 localError := "none"
1031 if err != nil {
1032 localError = err.Error()
1033 }
1034 if len(test.expectedLocalError) != 0 {
1035 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
1036 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1037
1038 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1039 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1040 if childErr != nil {
1041 childError = childErr.Error()
1042 }
1043
1044 var msg string
1045 switch {
1046 case failed && !test.shouldFail:
1047 msg = "unexpected failure"
1048 case !failed && test.shouldFail:
1049 msg = "unexpected success"
1050 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1051 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1052 default:
1053 panic("internal error")
1054 }
1055
1056 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, string(stdoutBuf.Bytes()), stderr)
1057 }
1058
1059 if !*useValgrind && len(stderr) > 0 {
1060 println(stderr)
1061 }
1062
1063 return nil
1064}
1065
1066var tlsVersions = []struct {
1067 name string
1068 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1069 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1070 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1071}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1072 {"SSL3", VersionSSL30, "-no-ssl3", false},
1073 {"TLS1", VersionTLS10, "-no-tls1", true},
1074 {"TLS11", VersionTLS11, "-no-tls11", false},
1075 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1076}
1077
1078var testCipherSuites = []struct {
1079 name string
1080 id uint16
1081}{
1082 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1083 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1084 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1085 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1086 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1087 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1088 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1089 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1090 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1091 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1092 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
1093 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1094 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1095 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1096 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1097 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
1098 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1099 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1100 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1101 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
David Benjamin2af684f2014-10-27 02:23:15 -0400[diff] [blame]1102 {"ECDHE-PSK-WITH-AES-128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1103 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1104 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1105 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1106 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1107 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1108 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1109 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1110 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
1111 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
1112 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1113 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1114 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1115}
1116
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1117func hasComponent(suiteName, component string) bool {
1118 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
1119}
1120
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1121func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1122 return hasComponent(suiteName, "GCM") ||
1123 hasComponent(suiteName, "SHA256") ||
1124 hasComponent(suiteName, "SHA384")
1125}
1126
1127func isDTLSCipher(suiteName string) bool {
David Benjamine95d20d2014-12-23 11:16:01 -0500[diff] [blame]1128 return !hasComponent(suiteName, "RC4")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1129}
1130
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1131func addCipherSuiteTests() {
1132 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1133 const psk = "12345"
1134 const pskIdentity = "luggage combo"
1135
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1136 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1137 var certFile string
1138 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1139 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1140 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1141 certFile = ecdsaCertificateFile
1142 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1143 } else {
1144 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1145 certFile = rsaCertificateFile
1146 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1147 }
1148
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1149 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1150 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1151 flags = append(flags,
1152 "-psk", psk,
1153 "-psk-identity", pskIdentity)
1154 }
1155
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1156 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1157 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1158 continue
1159 }
1160
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1161 testCases = append(testCases, testCase{
1162 testType: clientTest,
1163 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1164 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1165 MinVersion: ver.version,
1166 MaxVersion: ver.version,
1167 CipherSuites: []uint16{suite.id},
1168 Certificates: []Certificate{cert},
1169 PreSharedKey: []byte(psk),
1170 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1171 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1172 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1173 resumeSession: true,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1174 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1175
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1176 testCases = append(testCases, testCase{
1177 testType: serverTest,
1178 name: ver.name + "-" + suite.name + "-server",
1179 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1180 MinVersion: ver.version,
1181 MaxVersion: ver.version,
1182 CipherSuites: []uint16{suite.id},
1183 Certificates: []Certificate{cert},
1184 PreSharedKey: []byte(psk),
1185 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1186 },
1187 certFile: certFile,
1188 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1189 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1190 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1191 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1192
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1193 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1194 testCases = append(testCases, testCase{
1195 testType: clientTest,
1196 protocol: dtls,
1197 name: "D" + ver.name + "-" + suite.name + "-client",
1198 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1199 MinVersion: ver.version,
1200 MaxVersion: ver.version,
1201 CipherSuites: []uint16{suite.id},
1202 Certificates: []Certificate{cert},
1203 PreSharedKey: []byte(psk),
1204 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1205 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1206 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1207 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1208 })
1209 testCases = append(testCases, testCase{
1210 testType: serverTest,
1211 protocol: dtls,
1212 name: "D" + ver.name + "-" + suite.name + "-server",
1213 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1214 MinVersion: ver.version,
1215 MaxVersion: ver.version,
1216 CipherSuites: []uint16{suite.id},
1217 Certificates: []Certificate{cert},
1218 PreSharedKey: []byte(psk),
1219 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1220 },
1221 certFile: certFile,
1222 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1223 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1224 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1225 })
1226 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1227 }
1228 }
1229}
1230
1231func addBadECDSASignatureTests() {
1232 for badR := BadValue(1); badR < NumBadValues; badR++ {
1233 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1234 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1235 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
1236 config: Config{
1237 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1238 Certificates: []Certificate{getECDSACertificate()},
1239 Bugs: ProtocolBugs{
1240 BadECDSAR: badR,
1241 BadECDSAS: badS,
1242 },
1243 },
1244 shouldFail: true,
1245 expectedError: "SIGNATURE",
1246 })
1247 }
1248 }
1249}
1250
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1251func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1252 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1253 name: "MaxCBCPadding",
1254 config: Config{
1255 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1256 Bugs: ProtocolBugs{
1257 MaxPadding: true,
1258 },
1259 },
1260 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1261 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1262 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1263 name: "BadCBCPadding",
1264 config: Config{
1265 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1266 Bugs: ProtocolBugs{
1267 PaddingFirstByteBad: true,
1268 },
1269 },
1270 shouldFail: true,
1271 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1272 })
1273 // OpenSSL previously had an issue where the first byte of padding in
1274 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1275 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1276 name: "BadCBCPadding255",
1277 config: Config{
1278 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1279 Bugs: ProtocolBugs{
1280 MaxPadding: true,
1281 PaddingFirstByteBadIf255: true,
1282 },
1283 },
1284 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1285 shouldFail: true,
1286 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1287 })
1288}
1289
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1290func addCBCSplittingTests() {
1291 testCases = append(testCases, testCase{
1292 name: "CBCRecordSplitting",
1293 config: Config{
1294 MaxVersion: VersionTLS10,
1295 MinVersion: VersionTLS10,
1296 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1297 },
1298 messageLen: -1, // read until EOF
1299 flags: []string{
1300 "-async",
1301 "-write-different-record-sizes",
1302 "-cbc-record-splitting",
1303 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]1304 })
1305 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1306 name: "CBCRecordSplittingPartialWrite",
1307 config: Config{
1308 MaxVersion: VersionTLS10,
1309 MinVersion: VersionTLS10,
1310 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1311 },
1312 messageLen: -1, // read until EOF
1313 flags: []string{
1314 "-async",
1315 "-write-different-record-sizes",
1316 "-cbc-record-splitting",
1317 "-partial-write",
1318 },
1319 })
1320}
1321
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1322func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]1323 // Add a dummy cert pool to stress certificate authority parsing.
1324 // TODO(davidben): Add tests that those values parse out correctly.
1325 certPool := x509.NewCertPool()
1326 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
1327 if err != nil {
1328 panic(err)
1329 }
1330 certPool.AddCert(cert)
1331
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1332 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1333 testCases = append(testCases, testCase{
1334 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1335 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1336 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1337 MinVersion: ver.version,
1338 MaxVersion: ver.version,
1339 ClientAuth: RequireAnyClientCert,
1340 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1341 },
1342 flags: []string{
1343 "-cert-file", rsaCertificateFile,
1344 "-key-file", rsaKeyFile,
1345 },
1346 })
1347 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1348 testType: serverTest,
1349 name: ver.name + "-Server-ClientAuth-RSA",
1350 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1351 MinVersion: ver.version,
1352 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1353 Certificates: []Certificate{rsaCertificate},
1354 },
1355 flags: []string{"-require-any-client-certificate"},
1356 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1357 if ver.version != VersionSSL30 {
1358 testCases = append(testCases, testCase{
1359 testType: serverTest,
1360 name: ver.name + "-Server-ClientAuth-ECDSA",
1361 config: Config{
1362 MinVersion: ver.version,
1363 MaxVersion: ver.version,
1364 Certificates: []Certificate{ecdsaCertificate},
1365 },
1366 flags: []string{"-require-any-client-certificate"},
1367 })
1368 testCases = append(testCases, testCase{
1369 testType: clientTest,
1370 name: ver.name + "-Client-ClientAuth-ECDSA",
1371 config: Config{
1372 MinVersion: ver.version,
1373 MaxVersion: ver.version,
1374 ClientAuth: RequireAnyClientCert,
1375 ClientCAs: certPool,
1376 },
1377 flags: []string{
1378 "-cert-file", ecdsaCertificateFile,
1379 "-key-file", ecdsaKeyFile,
1380 },
1381 })
1382 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1383 }
1384}
1385
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1386func addExtendedMasterSecretTests() {
1387 const expectEMSFlag = "-expect-extended-master-secret"
1388
1389 for _, with := range []bool{false, true} {
1390 prefix := "No"
1391 var flags []string
1392 if with {
1393 prefix = ""
1394 flags = []string{expectEMSFlag}
1395 }
1396
1397 for _, isClient := range []bool{false, true} {
1398 suffix := "-Server"
1399 testType := serverTest
1400 if isClient {
1401 suffix = "-Client"
1402 testType = clientTest
1403 }
1404
1405 for _, ver := range tlsVersions {
1406 test := testCase{
1407 testType: testType,
1408 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
1409 config: Config{
1410 MinVersion: ver.version,
1411 MaxVersion: ver.version,
1412 Bugs: ProtocolBugs{
1413 NoExtendedMasterSecret: !with,
1414 RequireExtendedMasterSecret: with,
1415 },
1416 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1417 flags: flags,
1418 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1419 }
1420 if test.shouldFail {
1421 test.expectedLocalError = "extended master secret required but not supported by peer"
1422 }
1423 testCases = append(testCases, test)
1424 }
1425 }
1426 }
1427
1428 // When a session is resumed, it should still be aware that its master
1429 // secret was generated via EMS and thus it's safe to use tls-unique.
1430 testCases = append(testCases, testCase{
1431 name: "ExtendedMasterSecret-Resume",
1432 config: Config{
1433 Bugs: ProtocolBugs{
1434 RequireExtendedMasterSecret: true,
1435 },
1436 },
1437 flags: []string{expectEMSFlag},
1438 resumeSession: true,
1439 })
1440}
1441
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1442// Adds tests that try to cover the range of the handshake state machine, under
1443// various conditions. Some of these are redundant with other tests, but they
1444// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1445func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1446 var suffix string
1447 var flags []string
1448 var maxHandshakeRecordLength int
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1449 if protocol == dtls {
1450 suffix = "-DTLS"
1451 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1452 if async {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1453 suffix += "-Async"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1454 flags = append(flags, "-async")
1455 } else {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1456 suffix += "-Sync"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1457 }
1458 if splitHandshake {
1459 suffix += "-SplitHandshakeRecords"
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]1460 maxHandshakeRecordLength = 1
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1461 }
1462
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1463 // Basic handshake, with resumption. Client and server,
1464 // session ID and session ticket.
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1465 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1466 protocol: protocol,
1467 name: "Basic-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1468 config: Config{
1469 Bugs: ProtocolBugs{
1470 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1471 },
1472 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1473 flags: flags,
1474 resumeSession: true,
1475 })
1476 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1477 protocol: protocol,
1478 name: "Basic-Client-RenewTicket" + suffix,
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1479 config: Config{
1480 Bugs: ProtocolBugs{
1481 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1482 RenewTicketOnResume: true,
1483 },
1484 },
1485 flags: flags,
1486 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1487 })
1488 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1489 protocol: protocol,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1490 name: "Basic-Client-NoTicket" + suffix,
1491 config: Config{
1492 SessionTicketsDisabled: true,
1493 Bugs: ProtocolBugs{
1494 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1495 },
1496 },
1497 flags: flags,
1498 resumeSession: true,
1499 })
1500 testCases = append(testCases, testCase{
1501 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1502 testType: serverTest,
1503 name: "Basic-Server" + suffix,
1504 config: Config{
1505 Bugs: ProtocolBugs{
1506 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1507 },
1508 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1509 flags: flags,
1510 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1511 })
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1512 testCases = append(testCases, testCase{
1513 protocol: protocol,
1514 testType: serverTest,
1515 name: "Basic-Server-NoTickets" + suffix,
1516 config: Config{
1517 SessionTicketsDisabled: true,
1518 Bugs: ProtocolBugs{
1519 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1520 },
1521 },
1522 flags: flags,
1523 resumeSession: true,
1524 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1525
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1526 // TLS client auth.
1527 testCases = append(testCases, testCase{
1528 protocol: protocol,
1529 testType: clientTest,
1530 name: "ClientAuth-Client" + suffix,
1531 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1532 ClientAuth: RequireAnyClientCert,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1533 Bugs: ProtocolBugs{
1534 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1535 },
1536 },
1537 flags: append(flags,
1538 "-cert-file", rsaCertificateFile,
1539 "-key-file", rsaKeyFile),
1540 })
1541 testCases = append(testCases, testCase{
1542 protocol: protocol,
1543 testType: serverTest,
1544 name: "ClientAuth-Server" + suffix,
1545 config: Config{
1546 Certificates: []Certificate{rsaCertificate},
1547 },
1548 flags: append(flags, "-require-any-client-certificate"),
1549 })
1550
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1551 // No session ticket support; server doesn't send NewSessionTicket.
1552 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1553 protocol: protocol,
1554 name: "SessionTicketsDisabled-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1555 config: Config{
1556 SessionTicketsDisabled: true,
1557 Bugs: ProtocolBugs{
1558 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1559 },
1560 },
1561 flags: flags,
1562 })
1563 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1564 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1565 testType: serverTest,
1566 name: "SessionTicketsDisabled-Server" + suffix,
1567 config: Config{
1568 SessionTicketsDisabled: true,
1569 Bugs: ProtocolBugs{
1570 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1571 },
1572 },
1573 flags: flags,
1574 })
1575
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1576 // Skip ServerKeyExchange in PSK key exchange if there's no
1577 // identity hint.
1578 testCases = append(testCases, testCase{
1579 protocol: protocol,
1580 name: "EmptyPSKHint-Client" + suffix,
1581 config: Config{
1582 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
1583 PreSharedKey: []byte("secret"),
1584 Bugs: ProtocolBugs{
1585 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1586 },
1587 },
1588 flags: append(flags, "-psk", "secret"),
1589 })
1590 testCases = append(testCases, testCase{
1591 protocol: protocol,
1592 testType: serverTest,
1593 name: "EmptyPSKHint-Server" + suffix,
1594 config: Config{
1595 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
1596 PreSharedKey: []byte("secret"),
1597 Bugs: ProtocolBugs{
1598 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1599 },
1600 },
1601 flags: append(flags, "-psk", "secret"),
1602 })
1603
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1604 if protocol == tls {
1605 // NPN on client and server; results in post-handshake message.
1606 testCases = append(testCases, testCase{
1607 protocol: protocol,
1608 name: "NPN-Client" + suffix,
1609 config: Config{
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1610 NextProtos: []string{"foo"},
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1611 Bugs: ProtocolBugs{
1612 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1613 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1614 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1615 flags: append(flags, "-select-next-proto", "foo"),
1616 expectedNextProto: "foo",
1617 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1618 })
1619 testCases = append(testCases, testCase{
1620 protocol: protocol,
1621 testType: serverTest,
1622 name: "NPN-Server" + suffix,
1623 config: Config{
1624 NextProtos: []string{"bar"},
1625 Bugs: ProtocolBugs{
1626 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1627 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1628 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1629 flags: append(flags,
1630 "-advertise-npn", "\x03foo\x03bar\x03baz",
1631 "-expect-next-proto", "bar"),
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1632 expectedNextProto: "bar",
1633 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1634 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1635
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1636 // Client does False Start and negotiates NPN.
1637 testCases = append(testCases, testCase{
1638 protocol: protocol,
1639 name: "FalseStart" + suffix,
1640 config: Config{
1641 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1642 NextProtos: []string{"foo"},
1643 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1644 ExpectFalseStart: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1645 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1646 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1647 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1648 flags: append(flags,
1649 "-false-start",
1650 "-select-next-proto", "foo"),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1651 shimWritesFirst: true,
1652 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1653 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1654
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1655 // Client does False Start and negotiates ALPN.
1656 testCases = append(testCases, testCase{
1657 protocol: protocol,
1658 name: "FalseStart-ALPN" + suffix,
1659 config: Config{
1660 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1661 NextProtos: []string{"foo"},
1662 Bugs: ProtocolBugs{
1663 ExpectFalseStart: true,
1664 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1665 },
1666 },
1667 flags: append(flags,
1668 "-false-start",
1669 "-advertise-alpn", "\x03foo"),
1670 shimWritesFirst: true,
1671 resumeSession: true,
1672 })
1673
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1674 // False Start without session tickets.
1675 testCases = append(testCases, testCase{
1676 name: "FalseStart-SessionTicketsDisabled",
1677 config: Config{
1678 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1679 NextProtos: []string{"foo"},
1680 SessionTicketsDisabled: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1681 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1682 ExpectFalseStart: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1683 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1684 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1685 },
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1686 flags: append(flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1687 "-false-start",
1688 "-select-next-proto", "foo",
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1689 ),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1690 shimWritesFirst: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1691 })
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]1692
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]1693 // Server parses a V2ClientHello.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1694 testCases = append(testCases, testCase{
1695 protocol: protocol,
1696 testType: serverTest,
1697 name: "SendV2ClientHello" + suffix,
1698 config: Config{
1699 // Choose a cipher suite that does not involve
1700 // elliptic curves, so no extensions are
1701 // involved.
1702 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1703 Bugs: ProtocolBugs{
1704 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1705 SendV2ClientHello: true,
1706 },
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]1707 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1708 flags: flags,
1709 })
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]1710
1711 // Client sends a Channel ID.
1712 testCases = append(testCases, testCase{
1713 protocol: protocol,
1714 name: "ChannelID-Client" + suffix,
1715 config: Config{
1716 RequestChannelID: true,
1717 Bugs: ProtocolBugs{
1718 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1719 },
1720 },
1721 flags: append(flags,
1722 "-send-channel-id", channelIDKeyFile,
1723 ),
1724 resumeSession: true,
1725 expectChannelID: true,
1726 })
1727
1728 // Server accepts a Channel ID.
1729 testCases = append(testCases, testCase{
1730 protocol: protocol,
1731 testType: serverTest,
1732 name: "ChannelID-Server" + suffix,
1733 config: Config{
1734 ChannelID: channelIDKey,
1735 Bugs: ProtocolBugs{
1736 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1737 },
1738 },
1739 flags: append(flags,
1740 "-expect-channel-id",
1741 base64.StdEncoding.EncodeToString(channelIDBytes),
1742 ),
1743 resumeSession: true,
1744 expectChannelID: true,
1745 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1746 } else {
1747 testCases = append(testCases, testCase{
1748 protocol: protocol,
1749 name: "SkipHelloVerifyRequest" + suffix,
1750 config: Config{
1751 Bugs: ProtocolBugs{
1752 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1753 SkipHelloVerifyRequest: true,
1754 },
1755 },
1756 flags: flags,
1757 })
1758
1759 testCases = append(testCases, testCase{
1760 testType: serverTest,
1761 protocol: protocol,
1762 name: "CookieExchange" + suffix,
1763 config: Config{
1764 Bugs: ProtocolBugs{
1765 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1766 },
1767 },
1768 flags: append(flags, "-cookie-exchange"),
1769 })
1770 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1771}
1772
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1773func addVersionNegotiationTests() {
1774 for i, shimVers := range tlsVersions {
1775 // Assemble flags to disable all newer versions on the shim.
1776 var flags []string
1777 for _, vers := range tlsVersions[i+1:] {
1778 flags = append(flags, vers.flag)
1779 }
1780
1781 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1782 protocols := []protocol{tls}
1783 if runnerVers.hasDTLS && shimVers.hasDTLS {
1784 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1785 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1786 for _, protocol := range protocols {
1787 expectedVersion := shimVers.version
1788 if runnerVers.version < shimVers.version {
1789 expectedVersion = runnerVers.version
1790 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1791
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1792 suffix := shimVers.name + "-" + runnerVers.name
1793 if protocol == dtls {
1794 suffix += "-DTLS"
1795 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1796
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]1797 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
1798
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]1799 clientVers := shimVers.version
1800 if clientVers > VersionTLS10 {
1801 clientVers = VersionTLS10
1802 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1803 testCases = append(testCases, testCase{
1804 protocol: protocol,
1805 testType: clientTest,
1806 name: "VersionNegotiation-Client-" + suffix,
1807 config: Config{
1808 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]1809 Bugs: ProtocolBugs{
1810 ExpectInitialRecordVersion: clientVers,
1811 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1812 },
1813 flags: flags,
1814 expectedVersion: expectedVersion,
1815 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]1816 testCases = append(testCases, testCase{
1817 protocol: protocol,
1818 testType: clientTest,
1819 name: "VersionNegotiation-Client2-" + suffix,
1820 config: Config{
1821 MaxVersion: runnerVers.version,
1822 Bugs: ProtocolBugs{
1823 ExpectInitialRecordVersion: clientVers,
1824 },
1825 },
1826 flags: []string{"-max-version", shimVersFlag},
1827 expectedVersion: expectedVersion,
1828 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1829
1830 testCases = append(testCases, testCase{
1831 protocol: protocol,
1832 testType: serverTest,
1833 name: "VersionNegotiation-Server-" + suffix,
1834 config: Config{
1835 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]1836 Bugs: ProtocolBugs{
1837 ExpectInitialRecordVersion: expectedVersion,
1838 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1839 },
1840 flags: flags,
1841 expectedVersion: expectedVersion,
1842 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]1843 testCases = append(testCases, testCase{
1844 protocol: protocol,
1845 testType: serverTest,
1846 name: "VersionNegotiation-Server2-" + suffix,
1847 config: Config{
1848 MaxVersion: runnerVers.version,
1849 Bugs: ProtocolBugs{
1850 ExpectInitialRecordVersion: expectedVersion,
1851 },
1852 },
1853 flags: []string{"-max-version", shimVersFlag},
1854 expectedVersion: expectedVersion,
1855 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1856 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1857 }
1858 }
1859}
1860
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1861func addMinimumVersionTests() {
1862 for i, shimVers := range tlsVersions {
1863 // Assemble flags to disable all older versions on the shim.
1864 var flags []string
1865 for _, vers := range tlsVersions[:i] {
1866 flags = append(flags, vers.flag)
1867 }
1868
1869 for _, runnerVers := range tlsVersions {
1870 protocols := []protocol{tls}
1871 if runnerVers.hasDTLS && shimVers.hasDTLS {
1872 protocols = append(protocols, dtls)
1873 }
1874 for _, protocol := range protocols {
1875 suffix := shimVers.name + "-" + runnerVers.name
1876 if protocol == dtls {
1877 suffix += "-DTLS"
1878 }
1879 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
1880
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1881 var expectedVersion uint16
1882 var shouldFail bool
1883 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]1884 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1885 if runnerVers.version >= shimVers.version {
1886 expectedVersion = runnerVers.version
1887 } else {
1888 shouldFail = true
1889 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]1890 if runnerVers.version > VersionSSL30 {
1891 expectedLocalError = "remote error: protocol version not supported"
1892 } else {
1893 expectedLocalError = "remote error: handshake failure"
1894 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1895 }
1896
1897 testCases = append(testCases, testCase{
1898 protocol: protocol,
1899 testType: clientTest,
1900 name: "MinimumVersion-Client-" + suffix,
1901 config: Config{
1902 MaxVersion: runnerVers.version,
1903 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]1904 flags: flags,
1905 expectedVersion: expectedVersion,
1906 shouldFail: shouldFail,
1907 expectedError: expectedError,
1908 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1909 })
1910 testCases = append(testCases, testCase{
1911 protocol: protocol,
1912 testType: clientTest,
1913 name: "MinimumVersion-Client2-" + suffix,
1914 config: Config{
1915 MaxVersion: runnerVers.version,
1916 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]1917 flags: []string{"-min-version", shimVersFlag},
1918 expectedVersion: expectedVersion,
1919 shouldFail: shouldFail,
1920 expectedError: expectedError,
1921 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1922 })
1923
1924 testCases = append(testCases, testCase{
1925 protocol: protocol,
1926 testType: serverTest,
1927 name: "MinimumVersion-Server-" + suffix,
1928 config: Config{
1929 MaxVersion: runnerVers.version,
1930 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]1931 flags: flags,
1932 expectedVersion: expectedVersion,
1933 shouldFail: shouldFail,
1934 expectedError: expectedError,
1935 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1936 })
1937 testCases = append(testCases, testCase{
1938 protocol: protocol,
1939 testType: serverTest,
1940 name: "MinimumVersion-Server2-" + suffix,
1941 config: Config{
1942 MaxVersion: runnerVers.version,
1943 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]1944 flags: []string{"-min-version", shimVersFlag},
1945 expectedVersion: expectedVersion,
1946 shouldFail: shouldFail,
1947 expectedError: expectedError,
1948 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]1949 })
1950 }
1951 }
1952 }
1953}
1954
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]1955func addD5BugTests() {
1956 testCases = append(testCases, testCase{
1957 testType: serverTest,
1958 name: "D5Bug-NoQuirk-Reject",
1959 config: Config{
1960 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1961 Bugs: ProtocolBugs{
1962 SSL3RSAKeyExchange: true,
1963 },
1964 },
1965 shouldFail: true,
1966 expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
1967 })
1968 testCases = append(testCases, testCase{
1969 testType: serverTest,
1970 name: "D5Bug-Quirk-Normal",
1971 config: Config{
1972 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1973 },
1974 flags: []string{"-tls-d5-bug"},
1975 })
1976 testCases = append(testCases, testCase{
1977 testType: serverTest,
1978 name: "D5Bug-Quirk-Bug",
1979 config: Config{
1980 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1981 Bugs: ProtocolBugs{
1982 SSL3RSAKeyExchange: true,
1983 },
1984 },
1985 flags: []string{"-tls-d5-bug"},
1986 })
1987}
1988
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]1989func addExtensionTests() {
1990 testCases = append(testCases, testCase{
1991 testType: clientTest,
1992 name: "DuplicateExtensionClient",
1993 config: Config{
1994 Bugs: ProtocolBugs{
1995 DuplicateExtension: true,
1996 },
1997 },
1998 shouldFail: true,
1999 expectedLocalError: "remote error: error decoding message",
2000 })
2001 testCases = append(testCases, testCase{
2002 testType: serverTest,
2003 name: "DuplicateExtensionServer",
2004 config: Config{
2005 Bugs: ProtocolBugs{
2006 DuplicateExtension: true,
2007 },
2008 },
2009 shouldFail: true,
2010 expectedLocalError: "remote error: error decoding message",
2011 })
2012 testCases = append(testCases, testCase{
2013 testType: clientTest,
2014 name: "ServerNameExtensionClient",
2015 config: Config{
2016 Bugs: ProtocolBugs{
2017 ExpectServerName: "example.com",
2018 },
2019 },
2020 flags: []string{"-host-name", "example.com"},
2021 })
2022 testCases = append(testCases, testCase{
2023 testType: clientTest,
2024 name: "ServerNameExtensionClient",
2025 config: Config{
2026 Bugs: ProtocolBugs{
2027 ExpectServerName: "mismatch.com",
2028 },
2029 },
2030 flags: []string{"-host-name", "example.com"},
2031 shouldFail: true,
2032 expectedLocalError: "tls: unexpected server name",
2033 })
2034 testCases = append(testCases, testCase{
2035 testType: clientTest,
2036 name: "ServerNameExtensionClient",
2037 config: Config{
2038 Bugs: ProtocolBugs{
2039 ExpectServerName: "missing.com",
2040 },
2041 },
2042 shouldFail: true,
2043 expectedLocalError: "tls: unexpected server name",
2044 })
2045 testCases = append(testCases, testCase{
2046 testType: serverTest,
2047 name: "ServerNameExtensionServer",
2048 config: Config{
2049 ServerName: "example.com",
2050 },
2051 flags: []string{"-expect-server-name", "example.com"},
2052 resumeSession: true,
2053 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2054 testCases = append(testCases, testCase{
2055 testType: clientTest,
2056 name: "ALPNClient",
2057 config: Config{
2058 NextProtos: []string{"foo"},
2059 },
2060 flags: []string{
2061 "-advertise-alpn", "\x03foo\x03bar\x03baz",
2062 "-expect-alpn", "foo",
2063 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2064 expectedNextProto: "foo",
2065 expectedNextProtoType: alpn,
2066 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2067 })
2068 testCases = append(testCases, testCase{
2069 testType: serverTest,
2070 name: "ALPNServer",
2071 config: Config{
2072 NextProtos: []string{"foo", "bar", "baz"},
2073 },
2074 flags: []string{
2075 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
2076 "-select-alpn", "foo",
2077 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2078 expectedNextProto: "foo",
2079 expectedNextProtoType: alpn,
2080 resumeSession: true,
2081 })
2082 // Test that the server prefers ALPN over NPN.
2083 testCases = append(testCases, testCase{
2084 testType: serverTest,
2085 name: "ALPNServer-Preferred",
2086 config: Config{
2087 NextProtos: []string{"foo", "bar", "baz"},
2088 },
2089 flags: []string{
2090 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
2091 "-select-alpn", "foo",
2092 "-advertise-npn", "\x03foo\x03bar\x03baz",
2093 },
2094 expectedNextProto: "foo",
2095 expectedNextProtoType: alpn,
2096 resumeSession: true,
2097 })
2098 testCases = append(testCases, testCase{
2099 testType: serverTest,
2100 name: "ALPNServer-Preferred-Swapped",
2101 config: Config{
2102 NextProtos: []string{"foo", "bar", "baz"},
2103 Bugs: ProtocolBugs{
2104 SwapNPNAndALPN: true,
2105 },
2106 },
2107 flags: []string{
2108 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
2109 "-select-alpn", "foo",
2110 "-advertise-npn", "\x03foo\x03bar\x03baz",
2111 },
2112 expectedNextProto: "foo",
2113 expectedNextProtoType: alpn,
2114 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2115 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]2116 // Resume with a corrupt ticket.
2117 testCases = append(testCases, testCase{
2118 testType: serverTest,
2119 name: "CorruptTicket",
2120 config: Config{
2121 Bugs: ProtocolBugs{
2122 CorruptTicket: true,
2123 },
2124 },
2125 resumeSession: true,
2126 flags: []string{"-expect-session-miss"},
2127 })
2128 // Resume with an oversized session id.
2129 testCases = append(testCases, testCase{
2130 testType: serverTest,
2131 name: "OversizedSessionId",
2132 config: Config{
2133 Bugs: ProtocolBugs{
2134 OversizedSessionId: true,
2135 },
2136 },
2137 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2138 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]2139 expectedError: ":DECODE_ERROR:",
2140 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]2141 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
2142 // are ignored.
2143 testCases = append(testCases, testCase{
2144 protocol: dtls,
2145 name: "SRTP-Client",
2146 config: Config{
2147 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
2148 },
2149 flags: []string{
2150 "-srtp-profiles",
2151 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2152 },
2153 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
2154 })
2155 testCases = append(testCases, testCase{
2156 protocol: dtls,
2157 testType: serverTest,
2158 name: "SRTP-Server",
2159 config: Config{
2160 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
2161 },
2162 flags: []string{
2163 "-srtp-profiles",
2164 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2165 },
2166 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
2167 })
2168 // Test that the MKI is ignored.
2169 testCases = append(testCases, testCase{
2170 protocol: dtls,
2171 testType: serverTest,
2172 name: "SRTP-Server-IgnoreMKI",
2173 config: Config{
2174 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
2175 Bugs: ProtocolBugs{
2176 SRTPMasterKeyIdentifer: "bogus",
2177 },
2178 },
2179 flags: []string{
2180 "-srtp-profiles",
2181 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2182 },
2183 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
2184 })
2185 // Test that SRTP isn't negotiated on the server if there were
2186 // no matching profiles.
2187 testCases = append(testCases, testCase{
2188 protocol: dtls,
2189 testType: serverTest,
2190 name: "SRTP-Server-NoMatch",
2191 config: Config{
2192 SRTPProtectionProfiles: []uint16{100, 101, 102},
2193 },
2194 flags: []string{
2195 "-srtp-profiles",
2196 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2197 },
2198 expectedSRTPProtectionProfile: 0,
2199 })
2200 // Test that the server returning an invalid SRTP profile is
2201 // flagged as an error by the client.
2202 testCases = append(testCases, testCase{
2203 protocol: dtls,
2204 name: "SRTP-Client-NoMatch",
2205 config: Config{
2206 Bugs: ProtocolBugs{
2207 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
2208 },
2209 },
2210 flags: []string{
2211 "-srtp-profiles",
2212 "SRTP_AES128_CM_SHA1_80",
2213 },
2214 shouldFail: true,
2215 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
2216 })
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]2217 // Test OCSP stapling and SCT list.
2218 testCases = append(testCases, testCase{
2219 name: "OCSPStapling",
2220 flags: []string{
2221 "-enable-ocsp-stapling",
2222 "-expect-ocsp-response",
2223 base64.StdEncoding.EncodeToString(testOCSPResponse),
2224 },
2225 })
2226 testCases = append(testCases, testCase{
2227 name: "SignedCertificateTimestampList",
2228 flags: []string{
2229 "-enable-signed-cert-timestamps",
2230 "-expect-signed-cert-timestamps",
2231 base64.StdEncoding.EncodeToString(testSCTList),
2232 },
2233 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2234}
2235
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2236func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2237 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2238 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2239 protocols := []protocol{tls}
2240 if sessionVers.hasDTLS && resumeVers.hasDTLS {
2241 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]2242 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2243 for _, protocol := range protocols {
2244 suffix := "-" + sessionVers.name + "-" + resumeVers.name
2245 if protocol == dtls {
2246 suffix += "-DTLS"
2247 }
2248
2249 testCases = append(testCases, testCase{
2250 protocol: protocol,
2251 name: "Resume-Client" + suffix,
2252 resumeSession: true,
2253 config: Config{
2254 MaxVersion: sessionVers.version,
2255 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2256 Bugs: ProtocolBugs{
2257 AllowSessionVersionMismatch: true,
2258 },
2259 },
2260 expectedVersion: sessionVers.version,
2261 resumeConfig: &Config{
2262 MaxVersion: resumeVers.version,
2263 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2264 Bugs: ProtocolBugs{
2265 AllowSessionVersionMismatch: true,
2266 },
2267 },
2268 expectedResumeVersion: resumeVers.version,
2269 })
2270
2271 testCases = append(testCases, testCase{
2272 protocol: protocol,
2273 name: "Resume-Client-NoResume" + suffix,
2274 flags: []string{"-expect-session-miss"},
2275 resumeSession: true,
2276 config: Config{
2277 MaxVersion: sessionVers.version,
2278 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2279 },
2280 expectedVersion: sessionVers.version,
2281 resumeConfig: &Config{
2282 MaxVersion: resumeVers.version,
2283 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2284 },
2285 newSessionsOnResume: true,
2286 expectedResumeVersion: resumeVers.version,
2287 })
2288
2289 var flags []string
2290 if sessionVers.version != resumeVers.version {
2291 flags = append(flags, "-expect-session-miss")
2292 }
2293 testCases = append(testCases, testCase{
2294 protocol: protocol,
2295 testType: serverTest,
2296 name: "Resume-Server" + suffix,
2297 flags: flags,
2298 resumeSession: true,
2299 config: Config{
2300 MaxVersion: sessionVers.version,
2301 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2302 },
2303 expectedVersion: sessionVers.version,
2304 resumeConfig: &Config{
2305 MaxVersion: resumeVers.version,
2306 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2307 },
2308 expectedResumeVersion: resumeVers.version,
2309 })
2310 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2311 }
2312 }
2313}
2314
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2315func addRenegotiationTests() {
2316 testCases = append(testCases, testCase{
2317 testType: serverTest,
2318 name: "Renegotiate-Server",
2319 flags: []string{"-renegotiate"},
2320 shimWritesFirst: true,
2321 })
2322 testCases = append(testCases, testCase{
2323 testType: serverTest,
2324 name: "Renegotiate-Server-EmptyExt",
2325 config: Config{
2326 Bugs: ProtocolBugs{
2327 EmptyRenegotiationInfo: true,
2328 },
2329 },
2330 flags: []string{"-renegotiate"},
2331 shimWritesFirst: true,
2332 shouldFail: true,
2333 expectedError: ":RENEGOTIATION_MISMATCH:",
2334 })
2335 testCases = append(testCases, testCase{
2336 testType: serverTest,
2337 name: "Renegotiate-Server-BadExt",
2338 config: Config{
2339 Bugs: ProtocolBugs{
2340 BadRenegotiationInfo: true,
2341 },
2342 },
2343 flags: []string{"-renegotiate"},
2344 shimWritesFirst: true,
2345 shouldFail: true,
2346 expectedError: ":RENEGOTIATION_MISMATCH:",
2347 })
David Benjaminca6554b2014-11-08 12:31:52 -0500[diff] [blame]2348 testCases = append(testCases, testCase{
2349 testType: serverTest,
2350 name: "Renegotiate-Server-ClientInitiated",
2351 renegotiate: true,
2352 })
2353 testCases = append(testCases, testCase{
2354 testType: serverTest,
2355 name: "Renegotiate-Server-ClientInitiated-NoExt",
2356 renegotiate: true,
2357 config: Config{
2358 Bugs: ProtocolBugs{
2359 NoRenegotiationInfo: true,
2360 },
2361 },
2362 shouldFail: true,
2363 expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
2364 })
2365 testCases = append(testCases, testCase{
2366 testType: serverTest,
2367 name: "Renegotiate-Server-ClientInitiated-NoExt-Allowed",
2368 renegotiate: true,
2369 config: Config{
2370 Bugs: ProtocolBugs{
2371 NoRenegotiationInfo: true,
2372 },
2373 },
2374 flags: []string{"-allow-unsafe-legacy-renegotiation"},
2375 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2376 // TODO(agl): test the renegotiation info SCSV.
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]2377 testCases = append(testCases, testCase{
2378 name: "Renegotiate-Client",
2379 renegotiate: true,
2380 })
2381 testCases = append(testCases, testCase{
2382 name: "Renegotiate-Client-EmptyExt",
2383 renegotiate: true,
2384 config: Config{
2385 Bugs: ProtocolBugs{
2386 EmptyRenegotiationInfo: true,
2387 },
2388 },
2389 shouldFail: true,
2390 expectedError: ":RENEGOTIATION_MISMATCH:",
2391 })
2392 testCases = append(testCases, testCase{
2393 name: "Renegotiate-Client-BadExt",
2394 renegotiate: true,
2395 config: Config{
2396 Bugs: ProtocolBugs{
2397 BadRenegotiationInfo: true,
2398 },
2399 },
2400 shouldFail: true,
2401 expectedError: ":RENEGOTIATION_MISMATCH:",
2402 })
2403 testCases = append(testCases, testCase{
2404 name: "Renegotiate-Client-SwitchCiphers",
2405 renegotiate: true,
2406 config: Config{
2407 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2408 },
2409 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2410 })
2411 testCases = append(testCases, testCase{
2412 name: "Renegotiate-Client-SwitchCiphers2",
2413 renegotiate: true,
2414 config: Config{
2415 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2416 },
2417 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2418 })
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]2419 testCases = append(testCases, testCase{
2420 name: "Renegotiate-SameClientVersion",
2421 renegotiate: true,
2422 config: Config{
2423 MaxVersion: VersionTLS10,
2424 Bugs: ProtocolBugs{
2425 RequireSameRenegoClientVersion: true,
2426 },
2427 },
2428 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2429}
2430
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]2431func addDTLSReplayTests() {
2432 // Test that sequence number replays are detected.
2433 testCases = append(testCases, testCase{
2434 protocol: dtls,
2435 name: "DTLS-Replay",
2436 replayWrites: true,
2437 })
2438
2439 // Test the outgoing sequence number skipping by values larger
2440 // than the retransmit window.
2441 testCases = append(testCases, testCase{
2442 protocol: dtls,
2443 name: "DTLS-Replay-LargeGaps",
2444 config: Config{
2445 Bugs: ProtocolBugs{
2446 SequenceNumberIncrement: 127,
2447 },
2448 },
2449 replayWrites: true,
2450 })
2451}
2452
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]2453func addFastRadioPaddingTests() {
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2454 testCases = append(testCases, testCase{
2455 protocol: tls,
2456 name: "FastRadio-Padding",
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]2457 config: Config{
2458 Bugs: ProtocolBugs{
2459 RequireFastradioPadding: true,
2460 },
2461 },
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2462 flags: []string{"-fastradio-padding"},
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]2463 })
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2464 testCases = append(testCases, testCase{
2465 protocol: dtls,
2466 name: "FastRadio-Padding",
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]2467 config: Config{
2468 Bugs: ProtocolBugs{
2469 RequireFastradioPadding: true,
2470 },
2471 },
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2472 flags: []string{"-fastradio-padding"},
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]2473 })
2474}
2475
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]2476var testHashes = []struct {
2477 name string
2478 id uint8
2479}{
2480 {"SHA1", hashSHA1},
2481 {"SHA224", hashSHA224},
2482 {"SHA256", hashSHA256},
2483 {"SHA384", hashSHA384},
2484 {"SHA512", hashSHA512},
2485}
2486
2487func addSigningHashTests() {
2488 // Make sure each hash works. Include some fake hashes in the list and
2489 // ensure they're ignored.
2490 for _, hash := range testHashes {
2491 testCases = append(testCases, testCase{
2492 name: "SigningHash-ClientAuth-" + hash.name,
2493 config: Config{
2494 ClientAuth: RequireAnyClientCert,
2495 SignatureAndHashes: []signatureAndHash{
2496 {signatureRSA, 42},
2497 {signatureRSA, hash.id},
2498 {signatureRSA, 255},
2499 },
2500 },
2501 flags: []string{
2502 "-cert-file", rsaCertificateFile,
2503 "-key-file", rsaKeyFile,
2504 },
2505 })
2506
2507 testCases = append(testCases, testCase{
2508 testType: serverTest,
2509 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
2510 config: Config{
2511 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2512 SignatureAndHashes: []signatureAndHash{
2513 {signatureRSA, 42},
2514 {signatureRSA, hash.id},
2515 {signatureRSA, 255},
2516 },
2517 },
2518 })
2519 }
2520
2521 // Test that hash resolution takes the signature type into account.
2522 testCases = append(testCases, testCase{
2523 name: "SigningHash-ClientAuth-SignatureType",
2524 config: Config{
2525 ClientAuth: RequireAnyClientCert,
2526 SignatureAndHashes: []signatureAndHash{
2527 {signatureECDSA, hashSHA512},
2528 {signatureRSA, hashSHA384},
2529 {signatureECDSA, hashSHA1},
2530 },
2531 },
2532 flags: []string{
2533 "-cert-file", rsaCertificateFile,
2534 "-key-file", rsaKeyFile,
2535 },
2536 })
2537
2538 testCases = append(testCases, testCase{
2539 testType: serverTest,
2540 name: "SigningHash-ServerKeyExchange-SignatureType",
2541 config: Config{
2542 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2543 SignatureAndHashes: []signatureAndHash{
2544 {signatureECDSA, hashSHA512},
2545 {signatureRSA, hashSHA384},
2546 {signatureECDSA, hashSHA1},
2547 },
2548 },
2549 })
2550
2551 // Test that, if the list is missing, the peer falls back to SHA-1.
2552 testCases = append(testCases, testCase{
2553 name: "SigningHash-ClientAuth-Fallback",
2554 config: Config{
2555 ClientAuth: RequireAnyClientCert,
2556 SignatureAndHashes: []signatureAndHash{
2557 {signatureRSA, hashSHA1},
2558 },
2559 Bugs: ProtocolBugs{
2560 NoSignatureAndHashes: true,
2561 },
2562 },
2563 flags: []string{
2564 "-cert-file", rsaCertificateFile,
2565 "-key-file", rsaKeyFile,
2566 },
2567 })
2568
2569 testCases = append(testCases, testCase{
2570 testType: serverTest,
2571 name: "SigningHash-ServerKeyExchange-Fallback",
2572 config: Config{
2573 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2574 SignatureAndHashes: []signatureAndHash{
2575 {signatureRSA, hashSHA1},
2576 },
2577 Bugs: ProtocolBugs{
2578 NoSignatureAndHashes: true,
2579 },
2580 },
2581 })
2582}
2583
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]2584// timeouts is the retransmit schedule for BoringSSL. It doubles and
2585// caps at 60 seconds. On the 13th timeout, it gives up.
2586var timeouts = []time.Duration{
2587 1 * time.Second,
2588 2 * time.Second,
2589 4 * time.Second,
2590 8 * time.Second,
2591 16 * time.Second,
2592 32 * time.Second,
2593 60 * time.Second,
2594 60 * time.Second,
2595 60 * time.Second,
2596 60 * time.Second,
2597 60 * time.Second,
2598 60 * time.Second,
2599 60 * time.Second,
2600}
2601
2602func addDTLSRetransmitTests() {
2603 // Test that this is indeed the timeout schedule. Stress all
2604 // four patterns of handshake.
2605 for i := 1; i < len(timeouts); i++ {
2606 number := strconv.Itoa(i)
2607 testCases = append(testCases, testCase{
2608 protocol: dtls,
2609 name: "DTLS-Retransmit-Client-" + number,
2610 config: Config{
2611 Bugs: ProtocolBugs{
2612 TimeoutSchedule: timeouts[:i],
2613 },
2614 },
2615 resumeSession: true,
2616 flags: []string{"-async"},
2617 })
2618 testCases = append(testCases, testCase{
2619 protocol: dtls,
2620 testType: serverTest,
2621 name: "DTLS-Retransmit-Server-" + number,
2622 config: Config{
2623 Bugs: ProtocolBugs{
2624 TimeoutSchedule: timeouts[:i],
2625 },
2626 },
2627 resumeSession: true,
2628 flags: []string{"-async"},
2629 })
2630 }
2631
2632 // Test that exceeding the timeout schedule hits a read
2633 // timeout.
2634 testCases = append(testCases, testCase{
2635 protocol: dtls,
2636 name: "DTLS-Retransmit-Timeout",
2637 config: Config{
2638 Bugs: ProtocolBugs{
2639 TimeoutSchedule: timeouts,
2640 },
2641 },
2642 resumeSession: true,
2643 flags: []string{"-async"},
2644 shouldFail: true,
2645 expectedError: ":READ_TIMEOUT_EXPIRED:",
2646 })
2647
2648 // Test that timeout handling has a fudge factor, due to API
2649 // problems.
2650 testCases = append(testCases, testCase{
2651 protocol: dtls,
2652 name: "DTLS-Retransmit-Fudge",
2653 config: Config{
2654 Bugs: ProtocolBugs{
2655 TimeoutSchedule: []time.Duration{
2656 timeouts[0] - 10*time.Millisecond,
2657 },
2658 },
2659 },
2660 resumeSession: true,
2661 flags: []string{"-async"},
2662 })
2663}
2664
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]2665func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2666 defer wg.Done()
2667
2668 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]2669 var err error
2670
2671 if *mallocTest < 0 {
2672 statusChan <- statusMsg{test: test, started: true}
2673 err = runTest(test, buildDir, -1)
2674 } else {
2675 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
2676 statusChan <- statusMsg{test: test, started: true}
2677 if err = runTest(test, buildDir, mallocNumToFail); err != errMoreMallocs {
2678 if err != nil {
2679 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
2680 }
2681 break
2682 }
2683 }
2684 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2685 statusChan <- statusMsg{test: test, err: err}
2686 }
2687}
2688
2689type statusMsg struct {
2690 test *testCase
2691 started bool
2692 err error
2693}
2694
2695func statusPrinter(doneChan chan struct{}, statusChan chan statusMsg, total int) {
2696 var started, done, failed, lineLen int
2697 defer close(doneChan)
2698
2699 for msg := range statusChan {
2700 if msg.started {
2701 started++
2702 } else {
2703 done++
2704 }
2705
2706 fmt.Printf("\x1b[%dD\x1b[K", lineLen)
2707
2708 if msg.err != nil {
2709 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
2710 failed++
2711 }
2712 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
2713 lineLen = len(line)
2714 os.Stdout.WriteString(line)
2715 }
2716}
2717
2718func main() {
2719 var flagTest *string = flag.String("test", "", "The name of a test to run, or empty to run all tests")
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]2720 var flagNumWorkers *int = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]2721 var flagBuildDir *string = flag.String("build-dir", "../../../build", "The build directory to run the shim from.")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2722
2723 flag.Parse()
2724
2725 addCipherSuiteTests()
2726 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2727 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2728 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2729 addClientAuthTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2730 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2731 addMinimumVersionTests()
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]2732 addD5BugTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2733 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2734 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2735 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2736 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]2737 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]2738 addSigningHashTests()
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]2739 addFastRadioPaddingTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]2740 addDTLSRetransmitTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2741 for _, async := range []bool{false, true} {
2742 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2743 for _, protocol := range []protocol{tls, dtls} {
2744 addStateMachineCoverageTests(async, splitHandshake, protocol)
2745 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2746 }
2747 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2748
2749 var wg sync.WaitGroup
2750
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]2751 numWorkers := *flagNumWorkers
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2752
2753 statusChan := make(chan statusMsg, numWorkers)
2754 testChan := make(chan *testCase, numWorkers)
2755 doneChan := make(chan struct{})
2756
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2757 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2758
2759 for i := 0; i < numWorkers; i++ {
2760 wg.Add(1)
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]2761 go worker(statusChan, testChan, *flagBuildDir, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2762 }
2763
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2764 for i := range testCases {
2765 if len(*flagTest) == 0 || *flagTest == testCases[i].name {
2766 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2767 }
2768 }
2769
2770 close(testChan)
2771 wg.Wait()
2772 close(statusChan)
2773 <-doneChan
2774
2775 fmt.Printf("\n")
2776}