Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 13414b3a048f17074253d23d03c0ab97c49b54e2 / . / ssl / test / runner / runner.go
blob: ed4a8b647054900f821b1b082c3ee5fc4c0b8cb3 [file] [log] [blame]
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]1package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
30 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
31 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
32 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
33 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
34 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]35 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
36 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
37 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
38 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]39)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]40
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]41const (
42 rsaCertificateFile = "cert.pem"
43 ecdsaCertificateFile = "ecdsa_cert.pem"
44)
45
46const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]47 rsaKeyFile = "key.pem"
48 ecdsaKeyFile = "ecdsa_key.pem"
49 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]50)
51
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]52var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]53var channelIDKey *ecdsa.PrivateKey
54var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]55
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]56var testOCSPResponse = []byte{1, 2, 3, 4}
57var testSCTList = []byte{5, 6, 7, 8}
58
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]59func initCertificates() {
60 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]61 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]62 if err != nil {
63 panic(err)
64 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]65 rsaCertificate.OCSPStaple = testOCSPResponse
66 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]67
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]68 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]69 if err != nil {
70 panic(err)
71 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]72 ecdsaCertificate.OCSPStaple = testOCSPResponse
73 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]74
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]75 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]76 if err != nil {
77 panic(err)
78 }
79 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
80 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
81 panic("bad key type")
82 }
83 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
84 if err != nil {
85 panic(err)
86 }
87 if channelIDKey.Curve != elliptic.P256() {
88 panic("bad curve")
89 }
90
91 channelIDBytes = make([]byte, 64)
92 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
93 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]94}
95
96var certificateOnce sync.Once
97
98func getRSACertificate() Certificate {
99 certificateOnce.Do(initCertificates)
100 return rsaCertificate
101}
102
103func getECDSACertificate() Certificate {
104 certificateOnce.Do(initCertificates)
105 return ecdsaCertificate
106}
107
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]108type testType int
109
110const (
111 clientTest testType = iota
112 serverTest
113)
114
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]115type protocol int
116
117const (
118 tls protocol = iota
119 dtls
120)
121
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]122const (
123 alpn = 1
124 npn = 2
125)
126
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]127type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]128 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]129 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]130 name string
131 config Config
132 shouldFail bool
133 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]134 // expectedLocalError, if not empty, contains a substring that must be
135 // found in the local error.
136 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]137 // expectedVersion, if non-zero, specifies the TLS version that must be
138 // negotiated.
139 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]140 // expectedResumeVersion, if non-zero, specifies the TLS version that
141 // must be negotiated on resumption. If zero, expectedVersion is used.
142 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]143 // expectedCipher, if non-zero, specifies the TLS cipher suite that
144 // should be negotiated.
145 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]146 // expectChannelID controls whether the connection should have
147 // negotiated a Channel ID with channelIDKey.
148 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]149 // expectedNextProto controls whether the connection should
150 // negotiate a next protocol via NPN or ALPN.
151 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]152 // expectNoNextProto, if true, means that no next protocol should be
153 // negotiated.
154 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]155 // expectedNextProtoType, if non-zero, is the expected next
156 // protocol negotiation mechanism.
157 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]158 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
159 // should be negotiated. If zero, none should be negotiated.
160 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]161 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
162 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]163 // expectedSCTList, if not nil, is the expected SCT list to be received.
164 expectedSCTList []uint8
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]165 // expectedClientCertSignatureHash, if not zero, is the TLS id of the
166 // hash function that the client should have used when signing the
167 // handshake with a client certificate.
168 expectedClientCertSignatureHash uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]169 // messageLen is the length, in bytes, of the test message that will be
170 // sent.
171 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]172 // messageCount is the number of test messages that will be sent.
173 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]174 // digestPrefs is the list of digest preferences from the client.
175 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]176 // certFile is the path to the certificate to use for the server.
177 certFile string
178 // keyFile is the path to the private key to use for the server.
179 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]180 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]181 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]182 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]183 // expectResumeRejected, if true, specifies that the attempted
184 // resumption must be rejected by the client. This is only valid for a
185 // serverTest.
186 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]187 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]188 // resumption. Unless newSessionsOnResume is set,
189 // SessionTicketKey, ServerSessionCache, and
190 // ClientSessionCache are copied from the initial connection's
191 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]192 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]193 // newSessionsOnResume, if true, will cause resumeConfig to
194 // use a different session resumption context.
195 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]196 // noSessionCache, if true, will cause the server to run without a
197 // session cache.
198 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]199 // sendPrefix sends a prefix on the socket before actually performing a
200 // handshake.
201 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]202 // shimWritesFirst controls whether the shim sends an initial "hello"
203 // message before doing a roundtrip with the runner.
204 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]205 // shimShutsDown, if true, runs a test where the shim shuts down the
206 // connection immediately after the handshake rather than echoing
207 // messages from the runner.
208 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]209 // renegotiate indicates the number of times the connection should be
210 // renegotiated during the exchange.
211 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]212 // renegotiateCiphers is a list of ciphersuite ids that will be
213 // switched in just before renegotiation.
214 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]215 // replayWrites, if true, configures the underlying transport
216 // to replay every write it makes in DTLS tests.
217 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]218 // damageFirstWrite, if true, configures the underlying transport to
219 // damage the final byte of the first application data write.
220 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]221 // exportKeyingMaterial, if non-zero, configures the test to exchange
222 // keying material and verify they match.
223 exportKeyingMaterial int
224 exportLabel string
225 exportContext string
226 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]227 // flags, if not empty, contains a list of command-line flags that will
228 // be passed to the shim program.
229 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]230 // testTLSUnique, if true, causes the shim to send the tls-unique value
231 // which will be compared against the expected value.
232 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]233 // sendEmptyRecords is the number of consecutive empty records to send
234 // before and after the test message.
235 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]236 // sendWarningAlerts is the number of consecutive warning alerts to send
237 // before and after the test message.
238 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]239 // expectMessageDropped, if true, means the test message is expected to
240 // be dropped by the client rather than echoed back.
241 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]242}
243
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]244var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]245
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]246func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]247 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]248
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]249 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]250 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
251 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]252 }
253
254 if *flagDebug {
255 local, peer := "client", "server"
256 if test.testType == clientTest {
257 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]258 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]259 connDebug := &recordingConn{
260 Conn: conn,
261 isDatagram: test.protocol == dtls,
262 local: local,
263 peer: peer,
264 }
265 conn = connDebug
266 defer func() {
267 connDebug.WriteTo(os.Stdout)
268 }()
269
270 if config.Bugs.PacketAdaptor != nil {
271 config.Bugs.PacketAdaptor.debug = connDebug
272 }
273 }
274
275 if test.replayWrites {
276 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]277 }
278
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]279 if test.damageFirstWrite {
280 connDamage = newDamageAdaptor(conn)
281 conn = connDamage
282 }
283
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]284 if test.sendPrefix != "" {
285 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
286 return err
287 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]288 }
289
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]290 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]291 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]292 if test.protocol == dtls {
293 tlsConn = DTLSServer(conn, config)
294 } else {
295 tlsConn = Server(conn, config)
296 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]297 } else {
298 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]299 if test.protocol == dtls {
300 tlsConn = DTLSClient(conn, config)
301 } else {
302 tlsConn = Client(conn, config)
303 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]304 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]305 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]306
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]307 if err := tlsConn.Handshake(); err != nil {
308 return err
309 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]310
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]311 // TODO(davidben): move all per-connection expectations into a dedicated
312 // expectations struct that can be specified separately for the two
313 // legs.
314 expectedVersion := test.expectedVersion
315 if isResume && test.expectedResumeVersion != 0 {
316 expectedVersion = test.expectedResumeVersion
317 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]318 connState := tlsConn.ConnectionState()
319 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]320 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]321 }
322
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]323 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]324 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
325 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]326 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
327 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
328 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]329
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]330 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]331 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]332 if channelID == nil {
333 return fmt.Errorf("no channel ID negotiated")
334 }
335 if channelID.Curve != channelIDKey.Curve ||
336 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
337 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
338 return fmt.Errorf("incorrect channel ID")
339 }
340 }
341
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]342 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]343 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]344 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
345 }
346 }
347
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]348 if test.expectNoNextProto {
349 if actual := connState.NegotiatedProtocol; actual != "" {
350 return fmt.Errorf("got unexpected next proto %s", actual)
351 }
352 }
353
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]354 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]355 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]356 return fmt.Errorf("next proto type mismatch")
357 }
358 }
359
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]360 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]361 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
362 }
363
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]364 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
365 return fmt.Errorf("OCSP Response mismatch")
366 }
367
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]368 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
369 return fmt.Errorf("SCT list mismatch")
370 }
371
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]372 if expected := test.expectedClientCertSignatureHash; expected != 0 && expected != connState.ClientCertSignatureHash {
373 return fmt.Errorf("expected client to sign handshake with hash %d, but got %d", expected, connState.ClientCertSignatureHash)
374 }
375
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]376 if test.exportKeyingMaterial > 0 {
377 actual := make([]byte, test.exportKeyingMaterial)
378 if _, err := io.ReadFull(tlsConn, actual); err != nil {
379 return err
380 }
381 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
382 if err != nil {
383 return err
384 }
385 if !bytes.Equal(actual, expected) {
386 return fmt.Errorf("keying material mismatch")
387 }
388 }
389
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]390 if test.testTLSUnique {
391 var peersValue [12]byte
392 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
393 return err
394 }
395 expected := tlsConn.ConnectionState().TLSUnique
396 if !bytes.Equal(peersValue[:], expected) {
397 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
398 }
399 }
400
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]401 if test.shimWritesFirst {
402 var buf [5]byte
403 _, err := io.ReadFull(tlsConn, buf[:])
404 if err != nil {
405 return err
406 }
407 if string(buf[:]) != "hello" {
408 return fmt.Errorf("bad initial message")
409 }
410 }
411
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]412 for i := 0; i < test.sendEmptyRecords; i++ {
413 tlsConn.Write(nil)
414 }
415
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]416 for i := 0; i < test.sendWarningAlerts; i++ {
417 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
418 }
419
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]420 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]421 if test.renegotiateCiphers != nil {
422 config.CipherSuites = test.renegotiateCiphers
423 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]424 for i := 0; i < test.renegotiate; i++ {
425 if err := tlsConn.Renegotiate(); err != nil {
426 return err
427 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]428 }
429 } else if test.renegotiateCiphers != nil {
430 panic("renegotiateCiphers without renegotiate")
431 }
432
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]433 if test.damageFirstWrite {
434 connDamage.setDamage(true)
435 tlsConn.Write([]byte("DAMAGED WRITE"))
436 connDamage.setDamage(false)
437 }
438
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]439 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]440 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]441 if test.protocol == dtls {
442 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
443 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]444 // Read until EOF.
445 _, err := io.Copy(ioutil.Discard, tlsConn)
446 return err
447 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]448 if messageLen == 0 {
449 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]450 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]451
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]452 messageCount := test.messageCount
453 if messageCount == 0 {
454 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]455 }
456
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]457 for j := 0; j < messageCount; j++ {
458 testMessage := make([]byte, messageLen)
459 for i := range testMessage {
460 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]461 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]462 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]463
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]464 for i := 0; i < test.sendEmptyRecords; i++ {
465 tlsConn.Write(nil)
466 }
467
468 for i := 0; i < test.sendWarningAlerts; i++ {
469 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
470 }
471
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]472 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]473 // The shim will not respond.
474 continue
475 }
476
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]477 buf := make([]byte, len(testMessage))
478 if test.protocol == dtls {
479 bufTmp := make([]byte, len(buf)+1)
480 n, err := tlsConn.Read(bufTmp)
481 if err != nil {
482 return err
483 }
484 if n != len(buf) {
485 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
486 }
487 copy(buf, bufTmp)
488 } else {
489 _, err := io.ReadFull(tlsConn, buf)
490 if err != nil {
491 return err
492 }
493 }
494
495 for i, v := range buf {
496 if v != testMessage[i]^0xff {
497 return fmt.Errorf("bad reply contents at byte %d", i)
498 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]499 }
500 }
501
502 return nil
503}
504
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]505func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
506 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]507 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]508 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]509 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]510 valgrindArgs = append(valgrindArgs, path)
511 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]512
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]513 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]514}
515
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]516func gdbOf(path string, args ...string) *exec.Cmd {
517 xtermArgs := []string{"-e", "gdb", "--args"}
518 xtermArgs = append(xtermArgs, path)
519 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]520
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]521 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]522}
523
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]524type moreMallocsError struct{}
525
526func (moreMallocsError) Error() string {
527 return "child process did not exhaust all allocation calls"
528}
529
530var errMoreMallocs = moreMallocsError{}
531
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]532// accept accepts a connection from listener, unless waitChan signals a process
533// exit first.
534func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
535 type connOrError struct {
536 conn net.Conn
537 err error
538 }
539 connChan := make(chan connOrError, 1)
540 go func() {
541 conn, err := listener.Accept()
542 connChan <- connOrError{conn, err}
543 close(connChan)
544 }()
545 select {
546 case result := <-connChan:
547 return result.conn, result.err
548 case childErr := <-waitChan:
549 waitChan <- childErr
550 return nil, fmt.Errorf("child exited early: %s", childErr)
551 }
552}
553
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]554func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]555 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
556 panic("Error expected without shouldFail in " + test.name)
557 }
558
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]559 if test.expectResumeRejected && !test.resumeSession {
560 panic("expectResumeRejected without resumeSession in " + test.name)
561 }
562
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]563 if test.testType != clientTest && test.expectedClientCertSignatureHash != 0 {
564 panic("expectedClientCertSignatureHash non-zero with serverTest in " + test.name)
565 }
566
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]567 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
568 if err != nil {
569 panic(err)
570 }
571 defer func() {
572 if listener != nil {
573 listener.Close()
574 }
575 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]576
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]577 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]578 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]579 flags = append(flags, "-server")
580
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]581 flags = append(flags, "-key-file")
582 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]583 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]584 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]585 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]586 }
587
588 flags = append(flags, "-cert-file")
589 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]590 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]591 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]592 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]593 }
594 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]595
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]596 if test.digestPrefs != "" {
597 flags = append(flags, "-digest-prefs")
598 flags = append(flags, test.digestPrefs)
599 }
600
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]601 if test.protocol == dtls {
602 flags = append(flags, "-dtls")
603 }
604
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]605 if test.resumeSession {
606 flags = append(flags, "-resume")
607 }
608
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]609 if test.shimWritesFirst {
610 flags = append(flags, "-shim-writes-first")
611 }
612
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]613 if test.shimShutsDown {
614 flags = append(flags, "-shim-shuts-down")
615 }
616
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]617 if test.exportKeyingMaterial > 0 {
618 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
619 flags = append(flags, "-export-label", test.exportLabel)
620 flags = append(flags, "-export-context", test.exportContext)
621 if test.useExportContext {
622 flags = append(flags, "-use-export-context")
623 }
624 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]625 if test.expectResumeRejected {
626 flags = append(flags, "-expect-session-miss")
627 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]628
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]629 if test.testTLSUnique {
630 flags = append(flags, "-tls-unique")
631 }
632
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]633 flags = append(flags, test.flags...)
634
635 var shim *exec.Cmd
636 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]637 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]638 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]639 shim = gdbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]640 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]641 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]642 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]643 shim.Stdin = os.Stdin
644 var stdoutBuf, stderrBuf bytes.Buffer
645 shim.Stdout = &stdoutBuf
646 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]647 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]648 shim.Env = os.Environ()
649 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]650 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]651 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]652 }
653 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
654 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]655
656 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]657 panic(err)
658 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]659 waitChan := make(chan error, 1)
660 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]661
662 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]663 if !test.noSessionCache {
664 config.ClientSessionCache = NewLRUClientSessionCache(1)
665 config.ServerSessionCache = NewLRUServerSessionCache(1)
666 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]667 if test.testType == clientTest {
668 if len(config.Certificates) == 0 {
669 config.Certificates = []Certificate{getRSACertificate()}
670 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]671 } else {
672 // Supply a ServerName to ensure a constant session cache key,
673 // rather than falling back to net.Conn.RemoteAddr.
674 if len(config.ServerName) == 0 {
675 config.ServerName = "test"
676 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]677 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]678
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]679 conn, err := acceptOrWait(listener, waitChan)
680 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]681 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]682 conn.Close()
683 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]684
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]685 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]686 var resumeConfig Config
687 if test.resumeConfig != nil {
688 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]689 if len(resumeConfig.ServerName) == 0 {
690 resumeConfig.ServerName = config.ServerName
691 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]692 if len(resumeConfig.Certificates) == 0 {
693 resumeConfig.Certificates = []Certificate{getRSACertificate()}
694 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]695 if test.newSessionsOnResume {
696 if !test.noSessionCache {
697 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
698 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
699 }
700 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]701 resumeConfig.SessionTicketKey = config.SessionTicketKey
702 resumeConfig.ClientSessionCache = config.ClientSessionCache
703 resumeConfig.ServerSessionCache = config.ServerSessionCache
704 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]705 } else {
706 resumeConfig = config
707 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]708 var connResume net.Conn
709 connResume, err = acceptOrWait(listener, waitChan)
710 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]711 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]712 connResume.Close()
713 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]714 }
715
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]716 // Close the listener now. This is to avoid hangs should the shim try to
717 // open more connections than expected.
718 listener.Close()
719 listener = nil
720
721 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]722 if exitError, ok := childErr.(*exec.ExitError); ok {
723 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
724 return errMoreMallocs
725 }
726 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]727
728 stdout := string(stdoutBuf.Bytes())
729 stderr := string(stderrBuf.Bytes())
730 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]731 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]732 localError := "none"
733 if err != nil {
734 localError = err.Error()
735 }
736 if len(test.expectedLocalError) != 0 {
737 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
738 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]739
740 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]741 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]742 if childErr != nil {
743 childError = childErr.Error()
744 }
745
746 var msg string
747 switch {
748 case failed && !test.shouldFail:
749 msg = "unexpected failure"
750 case !failed && test.shouldFail:
751 msg = "unexpected success"
752 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]753 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]754 default:
755 panic("internal error")
756 }
757
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]758 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]759 }
760
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]761 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]762 println(stderr)
763 }
764
765 return nil
766}
767
768var tlsVersions = []struct {
769 name string
770 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]771 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]772 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]773}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]774 {"SSL3", VersionSSL30, "-no-ssl3", false},
775 {"TLS1", VersionTLS10, "-no-tls1", true},
776 {"TLS11", VersionTLS11, "-no-tls11", false},
777 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]778}
779
780var testCipherSuites = []struct {
781 name string
782 id uint16
783}{
784 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]785 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]786 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]787 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]788 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]789 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]790 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]791 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
792 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]793 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]794 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
795 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]796 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]797 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
798 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]799 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
800 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]801 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]802 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame^]803 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]804 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]805 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]806 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]807 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]808 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]809 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]810 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]811 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame^]812 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]813 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]814 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]815 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
816 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]817 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
818 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame^]819 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]820 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]821 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]822 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]823 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]824}
825
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]826func hasComponent(suiteName, component string) bool {
827 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
828}
829
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]830func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]831 return hasComponent(suiteName, "GCM") ||
832 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]833 hasComponent(suiteName, "SHA384") ||
834 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]835}
836
837func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]838 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]839}
840
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]841func bigFromHex(hex string) *big.Int {
842 ret, ok := new(big.Int).SetString(hex, 16)
843 if !ok {
844 panic("failed to parse hex number 0x" + hex)
845 }
846 return ret
847}
848
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]849func addBasicTests() {
850 basicTests := []testCase{
851 {
852 name: "BadRSASignature",
853 config: Config{
854 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
855 Bugs: ProtocolBugs{
856 InvalidSKXSignature: true,
857 },
858 },
859 shouldFail: true,
860 expectedError: ":BAD_SIGNATURE:",
861 },
862 {
863 name: "BadECDSASignature",
864 config: Config{
865 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
866 Bugs: ProtocolBugs{
867 InvalidSKXSignature: true,
868 },
869 Certificates: []Certificate{getECDSACertificate()},
870 },
871 shouldFail: true,
872 expectedError: ":BAD_SIGNATURE:",
873 },
874 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]875 testType: serverTest,
876 name: "BadRSASignature-ClientAuth",
877 config: Config{
878 Bugs: ProtocolBugs{
879 InvalidCertVerifySignature: true,
880 },
881 Certificates: []Certificate{getRSACertificate()},
882 },
883 shouldFail: true,
884 expectedError: ":BAD_SIGNATURE:",
885 flags: []string{"-require-any-client-certificate"},
886 },
887 {
888 testType: serverTest,
889 name: "BadECDSASignature-ClientAuth",
890 config: Config{
891 Bugs: ProtocolBugs{
892 InvalidCertVerifySignature: true,
893 },
894 Certificates: []Certificate{getECDSACertificate()},
895 },
896 shouldFail: true,
897 expectedError: ":BAD_SIGNATURE:",
898 flags: []string{"-require-any-client-certificate"},
899 },
900 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]901 name: "BadECDSACurve",
902 config: Config{
903 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
904 Bugs: ProtocolBugs{
905 InvalidSKXCurve: true,
906 },
907 Certificates: []Certificate{getECDSACertificate()},
908 },
909 shouldFail: true,
910 expectedError: ":WRONG_CURVE:",
911 },
912 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]913 name: "NoFallbackSCSV",
914 config: Config{
915 Bugs: ProtocolBugs{
916 FailIfNotFallbackSCSV: true,
917 },
918 },
919 shouldFail: true,
920 expectedLocalError: "no fallback SCSV found",
921 },
922 {
923 name: "SendFallbackSCSV",
924 config: Config{
925 Bugs: ProtocolBugs{
926 FailIfNotFallbackSCSV: true,
927 },
928 },
929 flags: []string{"-fallback-scsv"},
930 },
931 {
932 name: "ClientCertificateTypes",
933 config: Config{
934 ClientAuth: RequestClientCert,
935 ClientCertificateTypes: []byte{
936 CertTypeDSSSign,
937 CertTypeRSASign,
938 CertTypeECDSASign,
939 },
940 },
941 flags: []string{
942 "-expect-certificate-types",
943 base64.StdEncoding.EncodeToString([]byte{
944 CertTypeDSSSign,
945 CertTypeRSASign,
946 CertTypeECDSASign,
947 }),
948 },
949 },
950 {
951 name: "NoClientCertificate",
952 config: Config{
953 ClientAuth: RequireAnyClientCert,
954 },
955 shouldFail: true,
956 expectedLocalError: "client didn't provide a certificate",
957 },
958 {
959 name: "UnauthenticatedECDH",
960 config: Config{
961 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
962 Bugs: ProtocolBugs{
963 UnauthenticatedECDH: true,
964 },
965 },
966 shouldFail: true,
967 expectedError: ":UNEXPECTED_MESSAGE:",
968 },
969 {
970 name: "SkipCertificateStatus",
971 config: Config{
972 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
973 Bugs: ProtocolBugs{
974 SkipCertificateStatus: true,
975 },
976 },
977 flags: []string{
978 "-enable-ocsp-stapling",
979 },
980 },
981 {
982 name: "SkipServerKeyExchange",
983 config: Config{
984 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
985 Bugs: ProtocolBugs{
986 SkipServerKeyExchange: true,
987 },
988 },
989 shouldFail: true,
990 expectedError: ":UNEXPECTED_MESSAGE:",
991 },
992 {
993 name: "SkipChangeCipherSpec-Client",
994 config: Config{
995 Bugs: ProtocolBugs{
996 SkipChangeCipherSpec: true,
997 },
998 },
999 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1000 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1001 },
1002 {
1003 testType: serverTest,
1004 name: "SkipChangeCipherSpec-Server",
1005 config: Config{
1006 Bugs: ProtocolBugs{
1007 SkipChangeCipherSpec: true,
1008 },
1009 },
1010 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1011 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1012 },
1013 {
1014 testType: serverTest,
1015 name: "SkipChangeCipherSpec-Server-NPN",
1016 config: Config{
1017 NextProtos: []string{"bar"},
1018 Bugs: ProtocolBugs{
1019 SkipChangeCipherSpec: true,
1020 },
1021 },
1022 flags: []string{
1023 "-advertise-npn", "\x03foo\x03bar\x03baz",
1024 },
1025 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1026 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1027 },
1028 {
1029 name: "FragmentAcrossChangeCipherSpec-Client",
1030 config: Config{
1031 Bugs: ProtocolBugs{
1032 FragmentAcrossChangeCipherSpec: true,
1033 },
1034 },
1035 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1036 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1037 },
1038 {
1039 testType: serverTest,
1040 name: "FragmentAcrossChangeCipherSpec-Server",
1041 config: Config{
1042 Bugs: ProtocolBugs{
1043 FragmentAcrossChangeCipherSpec: true,
1044 },
1045 },
1046 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1047 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1048 },
1049 {
1050 testType: serverTest,
1051 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1052 config: Config{
1053 NextProtos: []string{"bar"},
1054 Bugs: ProtocolBugs{
1055 FragmentAcrossChangeCipherSpec: true,
1056 },
1057 },
1058 flags: []string{
1059 "-advertise-npn", "\x03foo\x03bar\x03baz",
1060 },
1061 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1062 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1063 },
1064 {
1065 testType: serverTest,
1066 name: "Alert",
1067 config: Config{
1068 Bugs: ProtocolBugs{
1069 SendSpuriousAlert: alertRecordOverflow,
1070 },
1071 },
1072 shouldFail: true,
1073 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1074 },
1075 {
1076 protocol: dtls,
1077 testType: serverTest,
1078 name: "Alert-DTLS",
1079 config: Config{
1080 Bugs: ProtocolBugs{
1081 SendSpuriousAlert: alertRecordOverflow,
1082 },
1083 },
1084 shouldFail: true,
1085 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1086 },
1087 {
1088 testType: serverTest,
1089 name: "FragmentAlert",
1090 config: Config{
1091 Bugs: ProtocolBugs{
1092 FragmentAlert: true,
1093 SendSpuriousAlert: alertRecordOverflow,
1094 },
1095 },
1096 shouldFail: true,
1097 expectedError: ":BAD_ALERT:",
1098 },
1099 {
1100 protocol: dtls,
1101 testType: serverTest,
1102 name: "FragmentAlert-DTLS",
1103 config: Config{
1104 Bugs: ProtocolBugs{
1105 FragmentAlert: true,
1106 SendSpuriousAlert: alertRecordOverflow,
1107 },
1108 },
1109 shouldFail: true,
1110 expectedError: ":BAD_ALERT:",
1111 },
1112 {
1113 testType: serverTest,
1114 name: "EarlyChangeCipherSpec-server-1",
1115 config: Config{
1116 Bugs: ProtocolBugs{
1117 EarlyChangeCipherSpec: 1,
1118 },
1119 },
1120 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1121 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1122 },
1123 {
1124 testType: serverTest,
1125 name: "EarlyChangeCipherSpec-server-2",
1126 config: Config{
1127 Bugs: ProtocolBugs{
1128 EarlyChangeCipherSpec: 2,
1129 },
1130 },
1131 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1132 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1133 },
1134 {
1135 name: "SkipNewSessionTicket",
1136 config: Config{
1137 Bugs: ProtocolBugs{
1138 SkipNewSessionTicket: true,
1139 },
1140 },
1141 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1142 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1143 },
1144 {
1145 testType: serverTest,
1146 name: "FallbackSCSV",
1147 config: Config{
1148 MaxVersion: VersionTLS11,
1149 Bugs: ProtocolBugs{
1150 SendFallbackSCSV: true,
1151 },
1152 },
1153 shouldFail: true,
1154 expectedError: ":INAPPROPRIATE_FALLBACK:",
1155 },
1156 {
1157 testType: serverTest,
1158 name: "FallbackSCSV-VersionMatch",
1159 config: Config{
1160 Bugs: ProtocolBugs{
1161 SendFallbackSCSV: true,
1162 },
1163 },
1164 },
1165 {
1166 testType: serverTest,
1167 name: "FragmentedClientVersion",
1168 config: Config{
1169 Bugs: ProtocolBugs{
1170 MaxHandshakeRecordLength: 1,
1171 FragmentClientVersion: true,
1172 },
1173 },
1174 expectedVersion: VersionTLS12,
1175 },
1176 {
1177 testType: serverTest,
1178 name: "MinorVersionTolerance",
1179 config: Config{
1180 Bugs: ProtocolBugs{
1181 SendClientVersion: 0x03ff,
1182 },
1183 },
1184 expectedVersion: VersionTLS12,
1185 },
1186 {
1187 testType: serverTest,
1188 name: "MajorVersionTolerance",
1189 config: Config{
1190 Bugs: ProtocolBugs{
1191 SendClientVersion: 0x0400,
1192 },
1193 },
1194 expectedVersion: VersionTLS12,
1195 },
1196 {
1197 testType: serverTest,
1198 name: "VersionTooLow",
1199 config: Config{
1200 Bugs: ProtocolBugs{
1201 SendClientVersion: 0x0200,
1202 },
1203 },
1204 shouldFail: true,
1205 expectedError: ":UNSUPPORTED_PROTOCOL:",
1206 },
1207 {
1208 testType: serverTest,
1209 name: "HttpGET",
1210 sendPrefix: "GET / HTTP/1.0\n",
1211 shouldFail: true,
1212 expectedError: ":HTTP_REQUEST:",
1213 },
1214 {
1215 testType: serverTest,
1216 name: "HttpPOST",
1217 sendPrefix: "POST / HTTP/1.0\n",
1218 shouldFail: true,
1219 expectedError: ":HTTP_REQUEST:",
1220 },
1221 {
1222 testType: serverTest,
1223 name: "HttpHEAD",
1224 sendPrefix: "HEAD / HTTP/1.0\n",
1225 shouldFail: true,
1226 expectedError: ":HTTP_REQUEST:",
1227 },
1228 {
1229 testType: serverTest,
1230 name: "HttpPUT",
1231 sendPrefix: "PUT / HTTP/1.0\n",
1232 shouldFail: true,
1233 expectedError: ":HTTP_REQUEST:",
1234 },
1235 {
1236 testType: serverTest,
1237 name: "HttpCONNECT",
1238 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1239 shouldFail: true,
1240 expectedError: ":HTTPS_PROXY_REQUEST:",
1241 },
1242 {
1243 testType: serverTest,
1244 name: "Garbage",
1245 sendPrefix: "blah",
1246 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1247 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1248 },
1249 {
1250 name: "SkipCipherVersionCheck",
1251 config: Config{
1252 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1253 MaxVersion: VersionTLS11,
1254 Bugs: ProtocolBugs{
1255 SkipCipherVersionCheck: true,
1256 },
1257 },
1258 shouldFail: true,
1259 expectedError: ":WRONG_CIPHER_RETURNED:",
1260 },
1261 {
1262 name: "RSAEphemeralKey",
1263 config: Config{
1264 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1265 Bugs: ProtocolBugs{
1266 RSAEphemeralKey: true,
1267 },
1268 },
1269 shouldFail: true,
1270 expectedError: ":UNEXPECTED_MESSAGE:",
1271 },
1272 {
1273 name: "DisableEverything",
1274 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1275 shouldFail: true,
1276 expectedError: ":WRONG_SSL_VERSION:",
1277 },
1278 {
1279 protocol: dtls,
1280 name: "DisableEverything-DTLS",
1281 flags: []string{"-no-tls12", "-no-tls1"},
1282 shouldFail: true,
1283 expectedError: ":WRONG_SSL_VERSION:",
1284 },
1285 {
1286 name: "NoSharedCipher",
1287 config: Config{
1288 CipherSuites: []uint16{},
1289 },
1290 shouldFail: true,
1291 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1292 },
1293 {
1294 protocol: dtls,
1295 testType: serverTest,
1296 name: "MTU",
1297 config: Config{
1298 Bugs: ProtocolBugs{
1299 MaxPacketLength: 256,
1300 },
1301 },
1302 flags: []string{"-mtu", "256"},
1303 },
1304 {
1305 protocol: dtls,
1306 testType: serverTest,
1307 name: "MTUExceeded",
1308 config: Config{
1309 Bugs: ProtocolBugs{
1310 MaxPacketLength: 255,
1311 },
1312 },
1313 flags: []string{"-mtu", "256"},
1314 shouldFail: true,
1315 expectedLocalError: "dtls: exceeded maximum packet length",
1316 },
1317 {
1318 name: "CertMismatchRSA",
1319 config: Config{
1320 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1321 Certificates: []Certificate{getECDSACertificate()},
1322 Bugs: ProtocolBugs{
1323 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1324 },
1325 },
1326 shouldFail: true,
1327 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1328 },
1329 {
1330 name: "CertMismatchECDSA",
1331 config: Config{
1332 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1333 Certificates: []Certificate{getRSACertificate()},
1334 Bugs: ProtocolBugs{
1335 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1336 },
1337 },
1338 shouldFail: true,
1339 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1340 },
1341 {
1342 name: "EmptyCertificateList",
1343 config: Config{
1344 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1345 Bugs: ProtocolBugs{
1346 EmptyCertificateList: true,
1347 },
1348 },
1349 shouldFail: true,
1350 expectedError: ":DECODE_ERROR:",
1351 },
1352 {
1353 name: "TLSFatalBadPackets",
1354 damageFirstWrite: true,
1355 shouldFail: true,
1356 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1357 },
1358 {
1359 protocol: dtls,
1360 name: "DTLSIgnoreBadPackets",
1361 damageFirstWrite: true,
1362 },
1363 {
1364 protocol: dtls,
1365 name: "DTLSIgnoreBadPackets-Async",
1366 damageFirstWrite: true,
1367 flags: []string{"-async"},
1368 },
1369 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1370 name: "AppDataBeforeHandshake",
1371 config: Config{
1372 Bugs: ProtocolBugs{
1373 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1374 },
1375 },
1376 shouldFail: true,
1377 expectedError: ":UNEXPECTED_RECORD:",
1378 },
1379 {
1380 name: "AppDataBeforeHandshake-Empty",
1381 config: Config{
1382 Bugs: ProtocolBugs{
1383 AppDataBeforeHandshake: []byte{},
1384 },
1385 },
1386 shouldFail: true,
1387 expectedError: ":UNEXPECTED_RECORD:",
1388 },
1389 {
1390 protocol: dtls,
1391 name: "AppDataBeforeHandshake-DTLS",
1392 config: Config{
1393 Bugs: ProtocolBugs{
1394 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1395 },
1396 },
1397 shouldFail: true,
1398 expectedError: ":UNEXPECTED_RECORD:",
1399 },
1400 {
1401 protocol: dtls,
1402 name: "AppDataBeforeHandshake-DTLS-Empty",
1403 config: Config{
1404 Bugs: ProtocolBugs{
1405 AppDataBeforeHandshake: []byte{},
1406 },
1407 },
1408 shouldFail: true,
1409 expectedError: ":UNEXPECTED_RECORD:",
1410 },
1411 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1412 name: "AppDataAfterChangeCipherSpec",
1413 config: Config{
1414 Bugs: ProtocolBugs{
1415 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1416 },
1417 },
1418 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1419 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1420 },
1421 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1422 name: "AppDataAfterChangeCipherSpec-Empty",
1423 config: Config{
1424 Bugs: ProtocolBugs{
1425 AppDataAfterChangeCipherSpec: []byte{},
1426 },
1427 },
1428 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1429 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1430 },
1431 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1432 protocol: dtls,
1433 name: "AppDataAfterChangeCipherSpec-DTLS",
1434 config: Config{
1435 Bugs: ProtocolBugs{
1436 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1437 },
1438 },
1439 // BoringSSL's DTLS implementation will drop the out-of-order
1440 // application data.
1441 },
1442 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1443 protocol: dtls,
1444 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1445 config: Config{
1446 Bugs: ProtocolBugs{
1447 AppDataAfterChangeCipherSpec: []byte{},
1448 },
1449 },
1450 // BoringSSL's DTLS implementation will drop the out-of-order
1451 // application data.
1452 },
1453 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1454 name: "AlertAfterChangeCipherSpec",
1455 config: Config{
1456 Bugs: ProtocolBugs{
1457 AlertAfterChangeCipherSpec: alertRecordOverflow,
1458 },
1459 },
1460 shouldFail: true,
1461 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1462 },
1463 {
1464 protocol: dtls,
1465 name: "AlertAfterChangeCipherSpec-DTLS",
1466 config: Config{
1467 Bugs: ProtocolBugs{
1468 AlertAfterChangeCipherSpec: alertRecordOverflow,
1469 },
1470 },
1471 shouldFail: true,
1472 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1473 },
1474 {
1475 protocol: dtls,
1476 name: "ReorderHandshakeFragments-Small-DTLS",
1477 config: Config{
1478 Bugs: ProtocolBugs{
1479 ReorderHandshakeFragments: true,
1480 // Small enough that every handshake message is
1481 // fragmented.
1482 MaxHandshakeRecordLength: 2,
1483 },
1484 },
1485 },
1486 {
1487 protocol: dtls,
1488 name: "ReorderHandshakeFragments-Large-DTLS",
1489 config: Config{
1490 Bugs: ProtocolBugs{
1491 ReorderHandshakeFragments: true,
1492 // Large enough that no handshake message is
1493 // fragmented.
1494 MaxHandshakeRecordLength: 2048,
1495 },
1496 },
1497 },
1498 {
1499 protocol: dtls,
1500 name: "MixCompleteMessageWithFragments-DTLS",
1501 config: Config{
1502 Bugs: ProtocolBugs{
1503 ReorderHandshakeFragments: true,
1504 MixCompleteMessageWithFragments: true,
1505 MaxHandshakeRecordLength: 2,
1506 },
1507 },
1508 },
1509 {
1510 name: "SendInvalidRecordType",
1511 config: Config{
1512 Bugs: ProtocolBugs{
1513 SendInvalidRecordType: true,
1514 },
1515 },
1516 shouldFail: true,
1517 expectedError: ":UNEXPECTED_RECORD:",
1518 },
1519 {
1520 protocol: dtls,
1521 name: "SendInvalidRecordType-DTLS",
1522 config: Config{
1523 Bugs: ProtocolBugs{
1524 SendInvalidRecordType: true,
1525 },
1526 },
1527 shouldFail: true,
1528 expectedError: ":UNEXPECTED_RECORD:",
1529 },
1530 {
1531 name: "FalseStart-SkipServerSecondLeg",
1532 config: Config{
1533 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1534 NextProtos: []string{"foo"},
1535 Bugs: ProtocolBugs{
1536 SkipNewSessionTicket: true,
1537 SkipChangeCipherSpec: true,
1538 SkipFinished: true,
1539 ExpectFalseStart: true,
1540 },
1541 },
1542 flags: []string{
1543 "-false-start",
1544 "-handshake-never-done",
1545 "-advertise-alpn", "\x03foo",
1546 },
1547 shimWritesFirst: true,
1548 shouldFail: true,
1549 expectedError: ":UNEXPECTED_RECORD:",
1550 },
1551 {
1552 name: "FalseStart-SkipServerSecondLeg-Implicit",
1553 config: Config{
1554 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1555 NextProtos: []string{"foo"},
1556 Bugs: ProtocolBugs{
1557 SkipNewSessionTicket: true,
1558 SkipChangeCipherSpec: true,
1559 SkipFinished: true,
1560 },
1561 },
1562 flags: []string{
1563 "-implicit-handshake",
1564 "-false-start",
1565 "-handshake-never-done",
1566 "-advertise-alpn", "\x03foo",
1567 },
1568 shouldFail: true,
1569 expectedError: ":UNEXPECTED_RECORD:",
1570 },
1571 {
1572 testType: serverTest,
1573 name: "FailEarlyCallback",
1574 flags: []string{"-fail-early-callback"},
1575 shouldFail: true,
1576 expectedError: ":CONNECTION_REJECTED:",
1577 expectedLocalError: "remote error: access denied",
1578 },
1579 {
1580 name: "WrongMessageType",
1581 config: Config{
1582 Bugs: ProtocolBugs{
1583 WrongCertificateMessageType: true,
1584 },
1585 },
1586 shouldFail: true,
1587 expectedError: ":UNEXPECTED_MESSAGE:",
1588 expectedLocalError: "remote error: unexpected message",
1589 },
1590 {
1591 protocol: dtls,
1592 name: "WrongMessageType-DTLS",
1593 config: Config{
1594 Bugs: ProtocolBugs{
1595 WrongCertificateMessageType: true,
1596 },
1597 },
1598 shouldFail: true,
1599 expectedError: ":UNEXPECTED_MESSAGE:",
1600 expectedLocalError: "remote error: unexpected message",
1601 },
1602 {
1603 protocol: dtls,
1604 name: "FragmentMessageTypeMismatch-DTLS",
1605 config: Config{
1606 Bugs: ProtocolBugs{
1607 MaxHandshakeRecordLength: 2,
1608 FragmentMessageTypeMismatch: true,
1609 },
1610 },
1611 shouldFail: true,
1612 expectedError: ":FRAGMENT_MISMATCH:",
1613 },
1614 {
1615 protocol: dtls,
1616 name: "FragmentMessageLengthMismatch-DTLS",
1617 config: Config{
1618 Bugs: ProtocolBugs{
1619 MaxHandshakeRecordLength: 2,
1620 FragmentMessageLengthMismatch: true,
1621 },
1622 },
1623 shouldFail: true,
1624 expectedError: ":FRAGMENT_MISMATCH:",
1625 },
1626 {
1627 protocol: dtls,
1628 name: "SplitFragments-Header-DTLS",
1629 config: Config{
1630 Bugs: ProtocolBugs{
1631 SplitFragments: 2,
1632 },
1633 },
1634 shouldFail: true,
1635 expectedError: ":UNEXPECTED_MESSAGE:",
1636 },
1637 {
1638 protocol: dtls,
1639 name: "SplitFragments-Boundary-DTLS",
1640 config: Config{
1641 Bugs: ProtocolBugs{
1642 SplitFragments: dtlsRecordHeaderLen,
1643 },
1644 },
1645 shouldFail: true,
1646 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1647 },
1648 {
1649 protocol: dtls,
1650 name: "SplitFragments-Body-DTLS",
1651 config: Config{
1652 Bugs: ProtocolBugs{
1653 SplitFragments: dtlsRecordHeaderLen + 1,
1654 },
1655 },
1656 shouldFail: true,
1657 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1658 },
1659 {
1660 protocol: dtls,
1661 name: "SendEmptyFragments-DTLS",
1662 config: Config{
1663 Bugs: ProtocolBugs{
1664 SendEmptyFragments: true,
1665 },
1666 },
1667 },
1668 {
1669 name: "UnsupportedCipherSuite",
1670 config: Config{
1671 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1672 Bugs: ProtocolBugs{
1673 IgnorePeerCipherPreferences: true,
1674 },
1675 },
1676 flags: []string{"-cipher", "DEFAULT:!RC4"},
1677 shouldFail: true,
1678 expectedError: ":WRONG_CIPHER_RETURNED:",
1679 },
1680 {
1681 name: "UnsupportedCurve",
1682 config: Config{
1683 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1684 // BoringSSL implements P-224 but doesn't enable it by
1685 // default.
1686 CurvePreferences: []CurveID{CurveP224},
1687 Bugs: ProtocolBugs{
1688 IgnorePeerCurvePreferences: true,
1689 },
1690 },
1691 shouldFail: true,
1692 expectedError: ":WRONG_CURVE:",
1693 },
1694 {
1695 name: "BadFinished",
1696 config: Config{
1697 Bugs: ProtocolBugs{
1698 BadFinished: true,
1699 },
1700 },
1701 shouldFail: true,
1702 expectedError: ":DIGEST_CHECK_FAILED:",
1703 },
1704 {
1705 name: "FalseStart-BadFinished",
1706 config: Config{
1707 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1708 NextProtos: []string{"foo"},
1709 Bugs: ProtocolBugs{
1710 BadFinished: true,
1711 ExpectFalseStart: true,
1712 },
1713 },
1714 flags: []string{
1715 "-false-start",
1716 "-handshake-never-done",
1717 "-advertise-alpn", "\x03foo",
1718 },
1719 shimWritesFirst: true,
1720 shouldFail: true,
1721 expectedError: ":DIGEST_CHECK_FAILED:",
1722 },
1723 {
1724 name: "NoFalseStart-NoALPN",
1725 config: Config{
1726 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1727 Bugs: ProtocolBugs{
1728 ExpectFalseStart: true,
1729 AlertBeforeFalseStartTest: alertAccessDenied,
1730 },
1731 },
1732 flags: []string{
1733 "-false-start",
1734 },
1735 shimWritesFirst: true,
1736 shouldFail: true,
1737 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1738 expectedLocalError: "tls: peer did not false start: EOF",
1739 },
1740 {
1741 name: "NoFalseStart-NoAEAD",
1742 config: Config{
1743 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1744 NextProtos: []string{"foo"},
1745 Bugs: ProtocolBugs{
1746 ExpectFalseStart: true,
1747 AlertBeforeFalseStartTest: alertAccessDenied,
1748 },
1749 },
1750 flags: []string{
1751 "-false-start",
1752 "-advertise-alpn", "\x03foo",
1753 },
1754 shimWritesFirst: true,
1755 shouldFail: true,
1756 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1757 expectedLocalError: "tls: peer did not false start: EOF",
1758 },
1759 {
1760 name: "NoFalseStart-RSA",
1761 config: Config{
1762 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1763 NextProtos: []string{"foo"},
1764 Bugs: ProtocolBugs{
1765 ExpectFalseStart: true,
1766 AlertBeforeFalseStartTest: alertAccessDenied,
1767 },
1768 },
1769 flags: []string{
1770 "-false-start",
1771 "-advertise-alpn", "\x03foo",
1772 },
1773 shimWritesFirst: true,
1774 shouldFail: true,
1775 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1776 expectedLocalError: "tls: peer did not false start: EOF",
1777 },
1778 {
1779 name: "NoFalseStart-DHE_RSA",
1780 config: Config{
1781 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1782 NextProtos: []string{"foo"},
1783 Bugs: ProtocolBugs{
1784 ExpectFalseStart: true,
1785 AlertBeforeFalseStartTest: alertAccessDenied,
1786 },
1787 },
1788 flags: []string{
1789 "-false-start",
1790 "-advertise-alpn", "\x03foo",
1791 },
1792 shimWritesFirst: true,
1793 shouldFail: true,
1794 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1795 expectedLocalError: "tls: peer did not false start: EOF",
1796 },
1797 {
1798 testType: serverTest,
1799 name: "NoSupportedCurves",
1800 config: Config{
1801 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1802 Bugs: ProtocolBugs{
1803 NoSupportedCurves: true,
1804 },
1805 },
1806 },
1807 {
1808 testType: serverTest,
1809 name: "NoCommonCurves",
1810 config: Config{
1811 CipherSuites: []uint16{
1812 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1813 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1814 },
1815 CurvePreferences: []CurveID{CurveP224},
1816 },
1817 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1818 },
1819 {
1820 protocol: dtls,
1821 name: "SendSplitAlert-Sync",
1822 config: Config{
1823 Bugs: ProtocolBugs{
1824 SendSplitAlert: true,
1825 },
1826 },
1827 },
1828 {
1829 protocol: dtls,
1830 name: "SendSplitAlert-Async",
1831 config: Config{
1832 Bugs: ProtocolBugs{
1833 SendSplitAlert: true,
1834 },
1835 },
1836 flags: []string{"-async"},
1837 },
1838 {
1839 protocol: dtls,
1840 name: "PackDTLSHandshake",
1841 config: Config{
1842 Bugs: ProtocolBugs{
1843 MaxHandshakeRecordLength: 2,
1844 PackHandshakeFragments: 20,
1845 PackHandshakeRecords: 200,
1846 },
1847 },
1848 },
1849 {
1850 testType: serverTest,
1851 protocol: dtls,
1852 name: "NoRC4-DTLS",
1853 config: Config{
1854 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1855 Bugs: ProtocolBugs{
1856 EnableAllCiphersInDTLS: true,
1857 },
1858 },
1859 shouldFail: true,
1860 expectedError: ":NO_SHARED_CIPHER:",
1861 },
1862 {
1863 name: "SendEmptyRecords-Pass",
1864 sendEmptyRecords: 32,
1865 },
1866 {
1867 name: "SendEmptyRecords",
1868 sendEmptyRecords: 33,
1869 shouldFail: true,
1870 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1871 },
1872 {
1873 name: "SendEmptyRecords-Async",
1874 sendEmptyRecords: 33,
1875 flags: []string{"-async"},
1876 shouldFail: true,
1877 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1878 },
1879 {
1880 name: "SendWarningAlerts-Pass",
1881 sendWarningAlerts: 4,
1882 },
1883 {
1884 protocol: dtls,
1885 name: "SendWarningAlerts-DTLS-Pass",
1886 sendWarningAlerts: 4,
1887 },
1888 {
1889 name: "SendWarningAlerts",
1890 sendWarningAlerts: 5,
1891 shouldFail: true,
1892 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1893 },
1894 {
1895 name: "SendWarningAlerts-Async",
1896 sendWarningAlerts: 5,
1897 flags: []string{"-async"},
1898 shouldFail: true,
1899 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1900 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1901 {
1902 name: "EmptySessionID",
1903 config: Config{
1904 SessionTicketsDisabled: true,
1905 },
1906 noSessionCache: true,
1907 flags: []string{"-expect-no-session"},
1908 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1909 {
1910 name: "Unclean-Shutdown",
1911 config: Config{
1912 Bugs: ProtocolBugs{
1913 NoCloseNotify: true,
1914 ExpectCloseNotify: true,
1915 },
1916 },
1917 shimShutsDown: true,
1918 flags: []string{"-check-close-notify"},
1919 shouldFail: true,
1920 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1921 },
1922 {
1923 name: "Unclean-Shutdown-Ignored",
1924 config: Config{
1925 Bugs: ProtocolBugs{
1926 NoCloseNotify: true,
1927 },
1928 },
1929 shimShutsDown: true,
1930 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]1931 {
1932 name: "LargePlaintext",
1933 config: Config{
1934 Bugs: ProtocolBugs{
1935 SendLargeRecords: true,
1936 },
1937 },
1938 messageLen: maxPlaintext + 1,
1939 shouldFail: true,
1940 expectedError: ":DATA_LENGTH_TOO_LONG:",
1941 },
1942 {
1943 protocol: dtls,
1944 name: "LargePlaintext-DTLS",
1945 config: Config{
1946 Bugs: ProtocolBugs{
1947 SendLargeRecords: true,
1948 },
1949 },
1950 messageLen: maxPlaintext + 1,
1951 shouldFail: true,
1952 expectedError: ":DATA_LENGTH_TOO_LONG:",
1953 },
1954 {
1955 name: "LargeCiphertext",
1956 config: Config{
1957 Bugs: ProtocolBugs{
1958 SendLargeRecords: true,
1959 },
1960 },
1961 messageLen: maxPlaintext * 2,
1962 shouldFail: true,
1963 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
1964 },
1965 {
1966 protocol: dtls,
1967 name: "LargeCiphertext-DTLS",
1968 config: Config{
1969 Bugs: ProtocolBugs{
1970 SendLargeRecords: true,
1971 },
1972 },
1973 messageLen: maxPlaintext * 2,
1974 // Unlike the other four cases, DTLS drops records which
1975 // are invalid before authentication, so the connection
1976 // does not fail.
1977 expectMessageDropped: true,
1978 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]1979 {
1980 name: "SendEmptySessionTicket",
1981 config: Config{
1982 Bugs: ProtocolBugs{
1983 SendEmptySessionTicket: true,
1984 FailIfSessionOffered: true,
1985 },
1986 },
1987 flags: []string{"-expect-no-session"},
1988 resumeSession: true,
1989 expectResumeRejected: true,
1990 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]1991 {
1992 name: "CheckLeafCurve",
1993 config: Config{
1994 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1995 Certificates: []Certificate{getECDSACertificate()},
1996 },
1997 flags: []string{"-p384-only"},
1998 shouldFail: true,
1999 expectedError: ":BAD_ECC_CERT:",
2000 },
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2001 {
2002 name: "BadChangeCipherSpec-1",
2003 config: Config{
2004 Bugs: ProtocolBugs{
2005 BadChangeCipherSpec: []byte{2},
2006 },
2007 },
2008 shouldFail: true,
2009 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2010 },
2011 {
2012 name: "BadChangeCipherSpec-2",
2013 config: Config{
2014 Bugs: ProtocolBugs{
2015 BadChangeCipherSpec: []byte{1, 1},
2016 },
2017 },
2018 shouldFail: true,
2019 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2020 },
2021 {
2022 protocol: dtls,
2023 name: "BadChangeCipherSpec-DTLS-1",
2024 config: Config{
2025 Bugs: ProtocolBugs{
2026 BadChangeCipherSpec: []byte{2},
2027 },
2028 },
2029 shouldFail: true,
2030 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2031 },
2032 {
2033 protocol: dtls,
2034 name: "BadChangeCipherSpec-DTLS-2",
2035 config: Config{
2036 Bugs: ProtocolBugs{
2037 BadChangeCipherSpec: []byte{1, 1},
2038 },
2039 },
2040 shouldFail: true,
2041 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2042 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2043 {
2044 name: "BadHelloRequest-1",
2045 renegotiate: 1,
2046 config: Config{
2047 Bugs: ProtocolBugs{
2048 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2049 },
2050 },
2051 flags: []string{
2052 "-renegotiate-freely",
2053 "-expect-total-renegotiations", "1",
2054 },
2055 shouldFail: true,
2056 expectedError: ":BAD_HELLO_REQUEST:",
2057 },
2058 {
2059 name: "BadHelloRequest-2",
2060 renegotiate: 1,
2061 config: Config{
2062 Bugs: ProtocolBugs{
2063 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2064 },
2065 },
2066 flags: []string{
2067 "-renegotiate-freely",
2068 "-expect-total-renegotiations", "1",
2069 },
2070 shouldFail: true,
2071 expectedError: ":BAD_HELLO_REQUEST:",
2072 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2073 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2074 testCases = append(testCases, basicTests...)
2075}
2076
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2077func addCipherSuiteTests() {
2078 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2079 const psk = "12345"
2080 const pskIdentity = "luggage combo"
2081
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2082 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2083 var certFile string
2084 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2085 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2086 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2087 certFile = ecdsaCertificateFile
2088 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2089 } else {
2090 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2091 certFile = rsaCertificateFile
2092 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2093 }
2094
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2095 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2096 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2097 flags = append(flags,
2098 "-psk", psk,
2099 "-psk-identity", pskIdentity)
2100 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2101 if hasComponent(suite.name, "NULL") {
2102 // NULL ciphers must be explicitly enabled.
2103 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2104 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2105
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2106 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]2107 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2108 continue
2109 }
2110
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2111 testCases = append(testCases, testCase{
2112 testType: clientTest,
2113 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2114 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2115 MinVersion: ver.version,
2116 MaxVersion: ver.version,
2117 CipherSuites: []uint16{suite.id},
2118 Certificates: []Certificate{cert},
David Benjamin68793732015-05-04 20:20:48 -0400[diff] [blame]2119 PreSharedKey: []byte(psk),
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2120 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2121 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2122 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2123 resumeSession: true,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2124 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2125
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2126 testCases = append(testCases, testCase{
2127 testType: serverTest,
2128 name: ver.name + "-" + suite.name + "-server",
2129 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2130 MinVersion: ver.version,
2131 MaxVersion: ver.version,
2132 CipherSuites: []uint16{suite.id},
2133 Certificates: []Certificate{cert},
2134 PreSharedKey: []byte(psk),
2135 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2136 },
2137 certFile: certFile,
2138 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2139 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2140 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2141 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2142
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2143 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2144 testCases = append(testCases, testCase{
2145 testType: clientTest,
2146 protocol: dtls,
2147 name: "D" + ver.name + "-" + suite.name + "-client",
2148 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2149 MinVersion: ver.version,
2150 MaxVersion: ver.version,
2151 CipherSuites: []uint16{suite.id},
2152 Certificates: []Certificate{cert},
2153 PreSharedKey: []byte(psk),
2154 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2155 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2156 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2157 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2158 })
2159 testCases = append(testCases, testCase{
2160 testType: serverTest,
2161 protocol: dtls,
2162 name: "D" + ver.name + "-" + suite.name + "-server",
2163 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2164 MinVersion: ver.version,
2165 MaxVersion: ver.version,
2166 CipherSuites: []uint16{suite.id},
2167 Certificates: []Certificate{cert},
2168 PreSharedKey: []byte(psk),
2169 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2170 },
2171 certFile: certFile,
2172 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2173 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2174 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2175 })
2176 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2177 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2178
2179 // Ensure both TLS and DTLS accept their maximum record sizes.
2180 testCases = append(testCases, testCase{
2181 name: suite.name + "-LargeRecord",
2182 config: Config{
2183 CipherSuites: []uint16{suite.id},
2184 Certificates: []Certificate{cert},
2185 PreSharedKey: []byte(psk),
2186 PreSharedKeyIdentity: pskIdentity,
2187 },
2188 flags: flags,
2189 messageLen: maxPlaintext,
2190 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2191 if isDTLSCipher(suite.name) {
2192 testCases = append(testCases, testCase{
2193 protocol: dtls,
2194 name: suite.name + "-LargeRecord-DTLS",
2195 config: Config{
2196 CipherSuites: []uint16{suite.id},
2197 Certificates: []Certificate{cert},
2198 PreSharedKey: []byte(psk),
2199 PreSharedKeyIdentity: pskIdentity,
2200 },
2201 flags: flags,
2202 messageLen: maxPlaintext,
2203 })
2204 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2205 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2206
2207 testCases = append(testCases, testCase{
2208 name: "WeakDH",
2209 config: Config{
2210 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2211 Bugs: ProtocolBugs{
2212 // This is a 1023-bit prime number, generated
2213 // with:
2214 // openssl gendh 1023 | openssl asn1parse -i
2215 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2216 },
2217 },
2218 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2219 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2220 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2221
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2222 testCases = append(testCases, testCase{
2223 name: "SillyDH",
2224 config: Config{
2225 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2226 Bugs: ProtocolBugs{
2227 // This is a 4097-bit prime number, generated
2228 // with:
2229 // openssl gendh 4097 | openssl asn1parse -i
2230 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2231 },
2232 },
2233 shouldFail: true,
2234 expectedError: ":DH_P_TOO_LONG:",
2235 })
2236
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2237 // This test ensures that Diffie-Hellman public values are padded with
2238 // zeros so that they're the same length as the prime. This is to avoid
2239 // hitting a bug in yaSSL.
2240 testCases = append(testCases, testCase{
2241 testType: serverTest,
2242 name: "DHPublicValuePadded",
2243 config: Config{
2244 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2245 Bugs: ProtocolBugs{
2246 RequireDHPublicValueLen: (1025 + 7) / 8,
2247 },
2248 },
2249 flags: []string{"-use-sparse-dh-prime"},
2250 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2251
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2252 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2253 // 1.1 specific cipher suite settings. A server is setup with the given
2254 // cipher lists and then a connection is made for each member of
2255 // expectations. The cipher suite that the server selects must match
2256 // the specified one.
2257 var versionSpecificCiphersTest = []struct {
2258 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2259 // expectations is a map from TLS version to cipher suite id.
2260 expectations map[uint16]uint16
2261 }{
2262 {
2263 // Test that the null case (where no version-specific ciphers are set)
2264 // works as expected.
2265 "RC4-SHA:AES128-SHA", // default ciphers
2266 "", // no ciphers specifically for TLS ≥ 1.0
2267 "", // no ciphers specifically for TLS ≥ 1.1
2268 map[uint16]uint16{
2269 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2270 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2271 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2272 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2273 },
2274 },
2275 {
2276 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2277 // cipher.
2278 "RC4-SHA:AES128-SHA", // default
2279 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2280 "", // no ciphers specifically for TLS ≥ 1.1
2281 map[uint16]uint16{
2282 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2283 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2284 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2285 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2286 },
2287 },
2288 {
2289 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2290 // cipher.
2291 "RC4-SHA:AES128-SHA", // default
2292 "", // no ciphers specifically for TLS ≥ 1.0
2293 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2294 map[uint16]uint16{
2295 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2296 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2297 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2298 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2299 },
2300 },
2301 {
2302 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2303 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2304 "RC4-SHA:AES128-SHA", // default
2305 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2306 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2307 map[uint16]uint16{
2308 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2309 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2310 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2311 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2312 },
2313 },
2314 }
2315
2316 for i, test := range versionSpecificCiphersTest {
2317 for version, expectedCipherSuite := range test.expectations {
2318 flags := []string{"-cipher", test.ciphersDefault}
2319 if len(test.ciphersTLS10) > 0 {
2320 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2321 }
2322 if len(test.ciphersTLS11) > 0 {
2323 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2324 }
2325
2326 testCases = append(testCases, testCase{
2327 testType: serverTest,
2328 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2329 config: Config{
2330 MaxVersion: version,
2331 MinVersion: version,
2332 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2333 },
2334 flags: flags,
2335 expectedCipher: expectedCipherSuite,
2336 })
2337 }
2338 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2339}
2340
2341func addBadECDSASignatureTests() {
2342 for badR := BadValue(1); badR < NumBadValues; badR++ {
2343 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2344 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2345 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2346 config: Config{
2347 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2348 Certificates: []Certificate{getECDSACertificate()},
2349 Bugs: ProtocolBugs{
2350 BadECDSAR: badR,
2351 BadECDSAS: badS,
2352 },
2353 },
2354 shouldFail: true,
2355 expectedError: "SIGNATURE",
2356 })
2357 }
2358 }
2359}
2360
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2361func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2362 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2363 name: "MaxCBCPadding",
2364 config: Config{
2365 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2366 Bugs: ProtocolBugs{
2367 MaxPadding: true,
2368 },
2369 },
2370 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2371 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2372 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2373 name: "BadCBCPadding",
2374 config: Config{
2375 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2376 Bugs: ProtocolBugs{
2377 PaddingFirstByteBad: true,
2378 },
2379 },
2380 shouldFail: true,
2381 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2382 })
2383 // OpenSSL previously had an issue where the first byte of padding in
2384 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2385 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2386 name: "BadCBCPadding255",
2387 config: Config{
2388 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2389 Bugs: ProtocolBugs{
2390 MaxPadding: true,
2391 PaddingFirstByteBadIf255: true,
2392 },
2393 },
2394 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2395 shouldFail: true,
2396 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2397 })
2398}
2399
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2400func addCBCSplittingTests() {
2401 testCases = append(testCases, testCase{
2402 name: "CBCRecordSplitting",
2403 config: Config{
2404 MaxVersion: VersionTLS10,
2405 MinVersion: VersionTLS10,
2406 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2407 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2408 messageLen: -1, // read until EOF
2409 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2410 flags: []string{
2411 "-async",
2412 "-write-different-record-sizes",
2413 "-cbc-record-splitting",
2414 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2415 })
2416 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2417 name: "CBCRecordSplittingPartialWrite",
2418 config: Config{
2419 MaxVersion: VersionTLS10,
2420 MinVersion: VersionTLS10,
2421 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2422 },
2423 messageLen: -1, // read until EOF
2424 flags: []string{
2425 "-async",
2426 "-write-different-record-sizes",
2427 "-cbc-record-splitting",
2428 "-partial-write",
2429 },
2430 })
2431}
2432
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2433func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2434 // Add a dummy cert pool to stress certificate authority parsing.
2435 // TODO(davidben): Add tests that those values parse out correctly.
2436 certPool := x509.NewCertPool()
2437 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2438 if err != nil {
2439 panic(err)
2440 }
2441 certPool.AddCert(cert)
2442
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2443 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2444 testCases = append(testCases, testCase{
2445 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2446 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2447 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2448 MinVersion: ver.version,
2449 MaxVersion: ver.version,
2450 ClientAuth: RequireAnyClientCert,
2451 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2452 },
2453 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2454 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2455 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2456 },
2457 })
2458 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2459 testType: serverTest,
2460 name: ver.name + "-Server-ClientAuth-RSA",
2461 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2462 MinVersion: ver.version,
2463 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2464 Certificates: []Certificate{rsaCertificate},
2465 },
2466 flags: []string{"-require-any-client-certificate"},
2467 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2468 if ver.version != VersionSSL30 {
2469 testCases = append(testCases, testCase{
2470 testType: serverTest,
2471 name: ver.name + "-Server-ClientAuth-ECDSA",
2472 config: Config{
2473 MinVersion: ver.version,
2474 MaxVersion: ver.version,
2475 Certificates: []Certificate{ecdsaCertificate},
2476 },
2477 flags: []string{"-require-any-client-certificate"},
2478 })
2479 testCases = append(testCases, testCase{
2480 testType: clientTest,
2481 name: ver.name + "-Client-ClientAuth-ECDSA",
2482 config: Config{
2483 MinVersion: ver.version,
2484 MaxVersion: ver.version,
2485 ClientAuth: RequireAnyClientCert,
2486 ClientCAs: certPool,
2487 },
2488 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2489 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2490 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2491 },
2492 })
2493 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2494 }
2495}
2496
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2497func addExtendedMasterSecretTests() {
2498 const expectEMSFlag = "-expect-extended-master-secret"
2499
2500 for _, with := range []bool{false, true} {
2501 prefix := "No"
2502 var flags []string
2503 if with {
2504 prefix = ""
2505 flags = []string{expectEMSFlag}
2506 }
2507
2508 for _, isClient := range []bool{false, true} {
2509 suffix := "-Server"
2510 testType := serverTest
2511 if isClient {
2512 suffix = "-Client"
2513 testType = clientTest
2514 }
2515
2516 for _, ver := range tlsVersions {
2517 test := testCase{
2518 testType: testType,
2519 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2520 config: Config{
2521 MinVersion: ver.version,
2522 MaxVersion: ver.version,
2523 Bugs: ProtocolBugs{
2524 NoExtendedMasterSecret: !with,
2525 RequireExtendedMasterSecret: with,
2526 },
2527 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2528 flags: flags,
2529 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2530 }
2531 if test.shouldFail {
2532 test.expectedLocalError = "extended master secret required but not supported by peer"
2533 }
2534 testCases = append(testCases, test)
2535 }
2536 }
2537 }
2538
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2539 for _, isClient := range []bool{false, true} {
2540 for _, supportedInFirstConnection := range []bool{false, true} {
2541 for _, supportedInResumeConnection := range []bool{false, true} {
2542 boolToWord := func(b bool) string {
2543 if b {
2544 return "Yes"
2545 }
2546 return "No"
2547 }
2548 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2549 if isClient {
2550 suffix += "Client"
2551 } else {
2552 suffix += "Server"
2553 }
2554
2555 supportedConfig := Config{
2556 Bugs: ProtocolBugs{
2557 RequireExtendedMasterSecret: true,
2558 },
2559 }
2560
2561 noSupportConfig := Config{
2562 Bugs: ProtocolBugs{
2563 NoExtendedMasterSecret: true,
2564 },
2565 }
2566
2567 test := testCase{
2568 name: "ExtendedMasterSecret-" + suffix,
2569 resumeSession: true,
2570 }
2571
2572 if !isClient {
2573 test.testType = serverTest
2574 }
2575
2576 if supportedInFirstConnection {
2577 test.config = supportedConfig
2578 } else {
2579 test.config = noSupportConfig
2580 }
2581
2582 if supportedInResumeConnection {
2583 test.resumeConfig = &supportedConfig
2584 } else {
2585 test.resumeConfig = &noSupportConfig
2586 }
2587
2588 switch suffix {
2589 case "YesToYes-Client", "YesToYes-Server":
2590 // When a session is resumed, it should
2591 // still be aware that its master
2592 // secret was generated via EMS and
2593 // thus it's safe to use tls-unique.
2594 test.flags = []string{expectEMSFlag}
2595 case "NoToYes-Server":
2596 // If an original connection did not
2597 // contain EMS, but a resumption
2598 // handshake does, then a server should
2599 // not resume the session.
2600 test.expectResumeRejected = true
2601 case "YesToNo-Server":
2602 // Resuming an EMS session without the
2603 // EMS extension should cause the
2604 // server to abort the connection.
2605 test.shouldFail = true
2606 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2607 case "NoToYes-Client":
2608 // A client should abort a connection
2609 // where the server resumed a non-EMS
2610 // session but echoed the EMS
2611 // extension.
2612 test.shouldFail = true
2613 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2614 case "YesToNo-Client":
2615 // A client should abort a connection
2616 // where the server didn't echo EMS
2617 // when the session used it.
2618 test.shouldFail = true
2619 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2620 }
2621
2622 testCases = append(testCases, test)
2623 }
2624 }
2625 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2626}
2627
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2628// Adds tests that try to cover the range of the handshake state machine, under
2629// various conditions. Some of these are redundant with other tests, but they
2630// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2631func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2632 var tests []testCase
2633
2634 // Basic handshake, with resumption. Client and server,
2635 // session ID and session ticket.
2636 tests = append(tests, testCase{
2637 name: "Basic-Client",
2638 resumeSession: true,
2639 })
2640 tests = append(tests, testCase{
2641 name: "Basic-Client-RenewTicket",
2642 config: Config{
2643 Bugs: ProtocolBugs{
2644 RenewTicketOnResume: true,
2645 },
2646 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2647 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2648 resumeSession: true,
2649 })
2650 tests = append(tests, testCase{
2651 name: "Basic-Client-NoTicket",
2652 config: Config{
2653 SessionTicketsDisabled: true,
2654 },
2655 resumeSession: true,
2656 })
2657 tests = append(tests, testCase{
2658 name: "Basic-Client-Implicit",
2659 flags: []string{"-implicit-handshake"},
2660 resumeSession: true,
2661 })
2662 tests = append(tests, testCase{
2663 testType: serverTest,
2664 name: "Basic-Server",
2665 resumeSession: true,
2666 })
2667 tests = append(tests, testCase{
2668 testType: serverTest,
2669 name: "Basic-Server-NoTickets",
2670 config: Config{
2671 SessionTicketsDisabled: true,
2672 },
2673 resumeSession: true,
2674 })
2675 tests = append(tests, testCase{
2676 testType: serverTest,
2677 name: "Basic-Server-Implicit",
2678 flags: []string{"-implicit-handshake"},
2679 resumeSession: true,
2680 })
2681 tests = append(tests, testCase{
2682 testType: serverTest,
2683 name: "Basic-Server-EarlyCallback",
2684 flags: []string{"-use-early-callback"},
2685 resumeSession: true,
2686 })
2687
2688 // TLS client auth.
2689 tests = append(tests, testCase{
2690 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2691 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2692 config: Config{
2693 ClientAuth: RequireAnyClientCert,
2694 },
2695 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2696 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2697 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2698 },
2699 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2700 tests = append(tests, testCase{
2701 testType: clientTest,
2702 name: "ClientAuth-ECDSA-Client",
2703 config: Config{
2704 ClientAuth: RequireAnyClientCert,
2705 },
2706 flags: []string{
2707 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2708 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2709 },
2710 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2711 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2712 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2713 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2714 testType: serverTest,
2715 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2716 config: Config{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2717 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2718 },
2719 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2720 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2721 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2722 },
2723 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2724 tests = append(tests, testCase{
2725 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2726 name: "Basic-Server-ECDHE-RSA",
2727 config: Config{
2728 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2729 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2730 flags: []string{
2731 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2732 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2733 },
2734 })
2735 tests = append(tests, testCase{
2736 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2737 name: "Basic-Server-ECDHE-ECDSA",
2738 config: Config{
2739 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2740 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2741 flags: []string{
2742 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2743 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2744 },
2745 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2746 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2747 tests = append(tests, testCase{
2748 testType: serverTest,
2749 name: "ClientAuth-Server",
2750 config: Config{
2751 Certificates: []Certificate{rsaCertificate},
2752 },
2753 flags: []string{"-require-any-client-certificate"},
2754 })
2755
2756 // No session ticket support; server doesn't send NewSessionTicket.
2757 tests = append(tests, testCase{
2758 name: "SessionTicketsDisabled-Client",
2759 config: Config{
2760 SessionTicketsDisabled: true,
2761 },
2762 })
2763 tests = append(tests, testCase{
2764 testType: serverTest,
2765 name: "SessionTicketsDisabled-Server",
2766 config: Config{
2767 SessionTicketsDisabled: true,
2768 },
2769 })
2770
2771 // Skip ServerKeyExchange in PSK key exchange if there's no
2772 // identity hint.
2773 tests = append(tests, testCase{
2774 name: "EmptyPSKHint-Client",
2775 config: Config{
2776 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2777 PreSharedKey: []byte("secret"),
2778 },
2779 flags: []string{"-psk", "secret"},
2780 })
2781 tests = append(tests, testCase{
2782 testType: serverTest,
2783 name: "EmptyPSKHint-Server",
2784 config: Config{
2785 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2786 PreSharedKey: []byte("secret"),
2787 },
2788 flags: []string{"-psk", "secret"},
2789 })
2790
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2791 tests = append(tests, testCase{
2792 testType: clientTest,
2793 name: "OCSPStapling-Client",
2794 flags: []string{
2795 "-enable-ocsp-stapling",
2796 "-expect-ocsp-response",
2797 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2798 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2799 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2800 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2801 })
2802
2803 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2804 testType: serverTest,
2805 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2806 expectedOCSPResponse: testOCSPResponse,
2807 flags: []string{
2808 "-ocsp-response",
2809 base64.StdEncoding.EncodeToString(testOCSPResponse),
2810 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2811 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2812 })
2813
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2814 tests = append(tests, testCase{
2815 testType: clientTest,
2816 name: "CertificateVerificationSucceed",
2817 flags: []string{
2818 "-verify-peer",
2819 },
2820 })
2821
2822 tests = append(tests, testCase{
2823 testType: clientTest,
2824 name: "CertificateVerificationFail",
2825 flags: []string{
2826 "-verify-fail",
2827 "-verify-peer",
2828 },
2829 shouldFail: true,
2830 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
2831 })
2832
2833 tests = append(tests, testCase{
2834 testType: clientTest,
2835 name: "CertificateVerificationSoftFail",
2836 flags: []string{
2837 "-verify-fail",
2838 "-expect-verify-result",
2839 },
2840 })
2841
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2842 if protocol == tls {
2843 tests = append(tests, testCase{
2844 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]2845 renegotiate: 1,
2846 flags: []string{
2847 "-renegotiate-freely",
2848 "-expect-total-renegotiations", "1",
2849 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2850 })
2851 // NPN on client and server; results in post-handshake message.
2852 tests = append(tests, testCase{
2853 name: "NPN-Client",
2854 config: Config{
2855 NextProtos: []string{"foo"},
2856 },
2857 flags: []string{"-select-next-proto", "foo"},
2858 expectedNextProto: "foo",
2859 expectedNextProtoType: npn,
2860 })
2861 tests = append(tests, testCase{
2862 testType: serverTest,
2863 name: "NPN-Server",
2864 config: Config{
2865 NextProtos: []string{"bar"},
2866 },
2867 flags: []string{
2868 "-advertise-npn", "\x03foo\x03bar\x03baz",
2869 "-expect-next-proto", "bar",
2870 },
2871 expectedNextProto: "bar",
2872 expectedNextProtoType: npn,
2873 })
2874
2875 // TODO(davidben): Add tests for when False Start doesn't trigger.
2876
2877 // Client does False Start and negotiates NPN.
2878 tests = append(tests, testCase{
2879 name: "FalseStart",
2880 config: Config{
2881 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2882 NextProtos: []string{"foo"},
2883 Bugs: ProtocolBugs{
2884 ExpectFalseStart: true,
2885 },
2886 },
2887 flags: []string{
2888 "-false-start",
2889 "-select-next-proto", "foo",
2890 },
2891 shimWritesFirst: true,
2892 resumeSession: true,
2893 })
2894
2895 // Client does False Start and negotiates ALPN.
2896 tests = append(tests, testCase{
2897 name: "FalseStart-ALPN",
2898 config: Config{
2899 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2900 NextProtos: []string{"foo"},
2901 Bugs: ProtocolBugs{
2902 ExpectFalseStart: true,
2903 },
2904 },
2905 flags: []string{
2906 "-false-start",
2907 "-advertise-alpn", "\x03foo",
2908 },
2909 shimWritesFirst: true,
2910 resumeSession: true,
2911 })
2912
2913 // Client does False Start but doesn't explicitly call
2914 // SSL_connect.
2915 tests = append(tests, testCase{
2916 name: "FalseStart-Implicit",
2917 config: Config{
2918 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2919 NextProtos: []string{"foo"},
2920 },
2921 flags: []string{
2922 "-implicit-handshake",
2923 "-false-start",
2924 "-advertise-alpn", "\x03foo",
2925 },
2926 })
2927
2928 // False Start without session tickets.
2929 tests = append(tests, testCase{
2930 name: "FalseStart-SessionTicketsDisabled",
2931 config: Config{
2932 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2933 NextProtos: []string{"foo"},
2934 SessionTicketsDisabled: true,
2935 Bugs: ProtocolBugs{
2936 ExpectFalseStart: true,
2937 },
2938 },
2939 flags: []string{
2940 "-false-start",
2941 "-select-next-proto", "foo",
2942 },
2943 shimWritesFirst: true,
2944 })
2945
2946 // Server parses a V2ClientHello.
2947 tests = append(tests, testCase{
2948 testType: serverTest,
2949 name: "SendV2ClientHello",
2950 config: Config{
2951 // Choose a cipher suite that does not involve
2952 // elliptic curves, so no extensions are
2953 // involved.
2954 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2955 Bugs: ProtocolBugs{
2956 SendV2ClientHello: true,
2957 },
2958 },
2959 })
2960
2961 // Client sends a Channel ID.
2962 tests = append(tests, testCase{
2963 name: "ChannelID-Client",
2964 config: Config{
2965 RequestChannelID: true,
2966 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2967 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2968 resumeSession: true,
2969 expectChannelID: true,
2970 })
2971
2972 // Server accepts a Channel ID.
2973 tests = append(tests, testCase{
2974 testType: serverTest,
2975 name: "ChannelID-Server",
2976 config: Config{
2977 ChannelID: channelIDKey,
2978 },
2979 flags: []string{
2980 "-expect-channel-id",
2981 base64.StdEncoding.EncodeToString(channelIDBytes),
2982 },
2983 resumeSession: true,
2984 expectChannelID: true,
2985 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2986
2987 // Bidirectional shutdown with the runner initiating.
2988 tests = append(tests, testCase{
2989 name: "Shutdown-Runner",
2990 config: Config{
2991 Bugs: ProtocolBugs{
2992 ExpectCloseNotify: true,
2993 },
2994 },
2995 flags: []string{"-check-close-notify"},
2996 })
2997
2998 // Bidirectional shutdown with the shim initiating. The runner,
2999 // in the meantime, sends garbage before the close_notify which
3000 // the shim must ignore.
3001 tests = append(tests, testCase{
3002 name: "Shutdown-Shim",
3003 config: Config{
3004 Bugs: ProtocolBugs{
3005 ExpectCloseNotify: true,
3006 },
3007 },
3008 shimShutsDown: true,
3009 sendEmptyRecords: 1,
3010 sendWarningAlerts: 1,
3011 flags: []string{"-check-close-notify"},
3012 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3013 } else {
3014 tests = append(tests, testCase{
3015 name: "SkipHelloVerifyRequest",
3016 config: Config{
3017 Bugs: ProtocolBugs{
3018 SkipHelloVerifyRequest: true,
3019 },
3020 },
3021 })
3022 }
3023
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3024 for _, test := range tests {
3025 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3026 if protocol == dtls {
3027 test.name += "-DTLS"
3028 }
3029 if async {
3030 test.name += "-Async"
3031 test.flags = append(test.flags, "-async")
3032 } else {
3033 test.name += "-Sync"
3034 }
3035 if splitHandshake {
3036 test.name += "-SplitHandshakeRecords"
3037 test.config.Bugs.MaxHandshakeRecordLength = 1
3038 if protocol == dtls {
3039 test.config.Bugs.MaxPacketLength = 256
3040 test.flags = append(test.flags, "-mtu", "256")
3041 }
3042 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3043 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3044 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3045}
3046
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3047func addDDoSCallbackTests() {
3048 // DDoS callback.
3049
3050 for _, resume := range []bool{false, true} {
3051 suffix := "Resume"
3052 if resume {
3053 suffix = "No" + suffix
3054 }
3055
3056 testCases = append(testCases, testCase{
3057 testType: serverTest,
3058 name: "Server-DDoS-OK-" + suffix,
3059 flags: []string{"-install-ddos-callback"},
3060 resumeSession: resume,
3061 })
3062
3063 failFlag := "-fail-ddos-callback"
3064 if resume {
3065 failFlag = "-fail-second-ddos-callback"
3066 }
3067 testCases = append(testCases, testCase{
3068 testType: serverTest,
3069 name: "Server-DDoS-Reject-" + suffix,
3070 flags: []string{"-install-ddos-callback", failFlag},
3071 resumeSession: resume,
3072 shouldFail: true,
3073 expectedError: ":CONNECTION_REJECTED:",
3074 })
3075 }
3076}
3077
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3078func addVersionNegotiationTests() {
3079 for i, shimVers := range tlsVersions {
3080 // Assemble flags to disable all newer versions on the shim.
3081 var flags []string
3082 for _, vers := range tlsVersions[i+1:] {
3083 flags = append(flags, vers.flag)
3084 }
3085
3086 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3087 protocols := []protocol{tls}
3088 if runnerVers.hasDTLS && shimVers.hasDTLS {
3089 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3090 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3091 for _, protocol := range protocols {
3092 expectedVersion := shimVers.version
3093 if runnerVers.version < shimVers.version {
3094 expectedVersion = runnerVers.version
3095 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3096
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3097 suffix := shimVers.name + "-" + runnerVers.name
3098 if protocol == dtls {
3099 suffix += "-DTLS"
3100 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3101
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3102 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3103
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3104 clientVers := shimVers.version
3105 if clientVers > VersionTLS10 {
3106 clientVers = VersionTLS10
3107 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3108 testCases = append(testCases, testCase{
3109 protocol: protocol,
3110 testType: clientTest,
3111 name: "VersionNegotiation-Client-" + suffix,
3112 config: Config{
3113 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3114 Bugs: ProtocolBugs{
3115 ExpectInitialRecordVersion: clientVers,
3116 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3117 },
3118 flags: flags,
3119 expectedVersion: expectedVersion,
3120 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3121 testCases = append(testCases, testCase{
3122 protocol: protocol,
3123 testType: clientTest,
3124 name: "VersionNegotiation-Client2-" + suffix,
3125 config: Config{
3126 MaxVersion: runnerVers.version,
3127 Bugs: ProtocolBugs{
3128 ExpectInitialRecordVersion: clientVers,
3129 },
3130 },
3131 flags: []string{"-max-version", shimVersFlag},
3132 expectedVersion: expectedVersion,
3133 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3134
3135 testCases = append(testCases, testCase{
3136 protocol: protocol,
3137 testType: serverTest,
3138 name: "VersionNegotiation-Server-" + suffix,
3139 config: Config{
3140 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3141 Bugs: ProtocolBugs{
3142 ExpectInitialRecordVersion: expectedVersion,
3143 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3144 },
3145 flags: flags,
3146 expectedVersion: expectedVersion,
3147 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3148 testCases = append(testCases, testCase{
3149 protocol: protocol,
3150 testType: serverTest,
3151 name: "VersionNegotiation-Server2-" + suffix,
3152 config: Config{
3153 MaxVersion: runnerVers.version,
3154 Bugs: ProtocolBugs{
3155 ExpectInitialRecordVersion: expectedVersion,
3156 },
3157 },
3158 flags: []string{"-max-version", shimVersFlag},
3159 expectedVersion: expectedVersion,
3160 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3161 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3162 }
3163 }
3164}
3165
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3166func addMinimumVersionTests() {
3167 for i, shimVers := range tlsVersions {
3168 // Assemble flags to disable all older versions on the shim.
3169 var flags []string
3170 for _, vers := range tlsVersions[:i] {
3171 flags = append(flags, vers.flag)
3172 }
3173
3174 for _, runnerVers := range tlsVersions {
3175 protocols := []protocol{tls}
3176 if runnerVers.hasDTLS && shimVers.hasDTLS {
3177 protocols = append(protocols, dtls)
3178 }
3179 for _, protocol := range protocols {
3180 suffix := shimVers.name + "-" + runnerVers.name
3181 if protocol == dtls {
3182 suffix += "-DTLS"
3183 }
3184 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3185
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3186 var expectedVersion uint16
3187 var shouldFail bool
3188 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3189 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3190 if runnerVers.version >= shimVers.version {
3191 expectedVersion = runnerVers.version
3192 } else {
3193 shouldFail = true
3194 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3195 if runnerVers.version > VersionSSL30 {
3196 expectedLocalError = "remote error: protocol version not supported"
3197 } else {
3198 expectedLocalError = "remote error: handshake failure"
3199 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3200 }
3201
3202 testCases = append(testCases, testCase{
3203 protocol: protocol,
3204 testType: clientTest,
3205 name: "MinimumVersion-Client-" + suffix,
3206 config: Config{
3207 MaxVersion: runnerVers.version,
3208 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3209 flags: flags,
3210 expectedVersion: expectedVersion,
3211 shouldFail: shouldFail,
3212 expectedError: expectedError,
3213 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3214 })
3215 testCases = append(testCases, testCase{
3216 protocol: protocol,
3217 testType: clientTest,
3218 name: "MinimumVersion-Client2-" + suffix,
3219 config: Config{
3220 MaxVersion: runnerVers.version,
3221 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3222 flags: []string{"-min-version", shimVersFlag},
3223 expectedVersion: expectedVersion,
3224 shouldFail: shouldFail,
3225 expectedError: expectedError,
3226 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3227 })
3228
3229 testCases = append(testCases, testCase{
3230 protocol: protocol,
3231 testType: serverTest,
3232 name: "MinimumVersion-Server-" + suffix,
3233 config: Config{
3234 MaxVersion: runnerVers.version,
3235 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3236 flags: flags,
3237 expectedVersion: expectedVersion,
3238 shouldFail: shouldFail,
3239 expectedError: expectedError,
3240 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3241 })
3242 testCases = append(testCases, testCase{
3243 protocol: protocol,
3244 testType: serverTest,
3245 name: "MinimumVersion-Server2-" + suffix,
3246 config: Config{
3247 MaxVersion: runnerVers.version,
3248 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3249 flags: []string{"-min-version", shimVersFlag},
3250 expectedVersion: expectedVersion,
3251 shouldFail: shouldFail,
3252 expectedError: expectedError,
3253 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3254 })
3255 }
3256 }
3257 }
3258}
3259
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3260func addExtensionTests() {
3261 testCases = append(testCases, testCase{
3262 testType: clientTest,
3263 name: "DuplicateExtensionClient",
3264 config: Config{
3265 Bugs: ProtocolBugs{
3266 DuplicateExtension: true,
3267 },
3268 },
3269 shouldFail: true,
3270 expectedLocalError: "remote error: error decoding message",
3271 })
3272 testCases = append(testCases, testCase{
3273 testType: serverTest,
3274 name: "DuplicateExtensionServer",
3275 config: Config{
3276 Bugs: ProtocolBugs{
3277 DuplicateExtension: true,
3278 },
3279 },
3280 shouldFail: true,
3281 expectedLocalError: "remote error: error decoding message",
3282 })
3283 testCases = append(testCases, testCase{
3284 testType: clientTest,
3285 name: "ServerNameExtensionClient",
3286 config: Config{
3287 Bugs: ProtocolBugs{
3288 ExpectServerName: "example.com",
3289 },
3290 },
3291 flags: []string{"-host-name", "example.com"},
3292 })
3293 testCases = append(testCases, testCase{
3294 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3295 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3296 config: Config{
3297 Bugs: ProtocolBugs{
3298 ExpectServerName: "mismatch.com",
3299 },
3300 },
3301 flags: []string{"-host-name", "example.com"},
3302 shouldFail: true,
3303 expectedLocalError: "tls: unexpected server name",
3304 })
3305 testCases = append(testCases, testCase{
3306 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3307 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3308 config: Config{
3309 Bugs: ProtocolBugs{
3310 ExpectServerName: "missing.com",
3311 },
3312 },
3313 shouldFail: true,
3314 expectedLocalError: "tls: unexpected server name",
3315 })
3316 testCases = append(testCases, testCase{
3317 testType: serverTest,
3318 name: "ServerNameExtensionServer",
3319 config: Config{
3320 ServerName: "example.com",
3321 },
3322 flags: []string{"-expect-server-name", "example.com"},
3323 resumeSession: true,
3324 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3325 testCases = append(testCases, testCase{
3326 testType: clientTest,
3327 name: "ALPNClient",
3328 config: Config{
3329 NextProtos: []string{"foo"},
3330 },
3331 flags: []string{
3332 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3333 "-expect-alpn", "foo",
3334 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3335 expectedNextProto: "foo",
3336 expectedNextProtoType: alpn,
3337 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3338 })
3339 testCases = append(testCases, testCase{
3340 testType: serverTest,
3341 name: "ALPNServer",
3342 config: Config{
3343 NextProtos: []string{"foo", "bar", "baz"},
3344 },
3345 flags: []string{
3346 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3347 "-select-alpn", "foo",
3348 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3349 expectedNextProto: "foo",
3350 expectedNextProtoType: alpn,
3351 resumeSession: true,
3352 })
3353 // Test that the server prefers ALPN over NPN.
3354 testCases = append(testCases, testCase{
3355 testType: serverTest,
3356 name: "ALPNServer-Preferred",
3357 config: Config{
3358 NextProtos: []string{"foo", "bar", "baz"},
3359 },
3360 flags: []string{
3361 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3362 "-select-alpn", "foo",
3363 "-advertise-npn", "\x03foo\x03bar\x03baz",
3364 },
3365 expectedNextProto: "foo",
3366 expectedNextProtoType: alpn,
3367 resumeSession: true,
3368 })
3369 testCases = append(testCases, testCase{
3370 testType: serverTest,
3371 name: "ALPNServer-Preferred-Swapped",
3372 config: Config{
3373 NextProtos: []string{"foo", "bar", "baz"},
3374 Bugs: ProtocolBugs{
3375 SwapNPNAndALPN: true,
3376 },
3377 },
3378 flags: []string{
3379 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3380 "-select-alpn", "foo",
3381 "-advertise-npn", "\x03foo\x03bar\x03baz",
3382 },
3383 expectedNextProto: "foo",
3384 expectedNextProtoType: alpn,
3385 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3386 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3387 var emptyString string
3388 testCases = append(testCases, testCase{
3389 testType: clientTest,
3390 name: "ALPNClient-EmptyProtocolName",
3391 config: Config{
3392 NextProtos: []string{""},
3393 Bugs: ProtocolBugs{
3394 // A server returning an empty ALPN protocol
3395 // should be rejected.
3396 ALPNProtocol: &emptyString,
3397 },
3398 },
3399 flags: []string{
3400 "-advertise-alpn", "\x03foo",
3401 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3402 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3403 expectedError: ":PARSE_TLSEXT:",
3404 })
3405 testCases = append(testCases, testCase{
3406 testType: serverTest,
3407 name: "ALPNServer-EmptyProtocolName",
3408 config: Config{
3409 // A ClientHello containing an empty ALPN protocol
3410 // should be rejected.
3411 NextProtos: []string{"foo", "", "baz"},
3412 },
3413 flags: []string{
3414 "-select-alpn", "foo",
3415 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3416 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3417 expectedError: ":PARSE_TLSEXT:",
3418 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3419 // Test that negotiating both NPN and ALPN is forbidden.
3420 testCases = append(testCases, testCase{
3421 name: "NegotiateALPNAndNPN",
3422 config: Config{
3423 NextProtos: []string{"foo", "bar", "baz"},
3424 Bugs: ProtocolBugs{
3425 NegotiateALPNAndNPN: true,
3426 },
3427 },
3428 flags: []string{
3429 "-advertise-alpn", "\x03foo",
3430 "-select-next-proto", "foo",
3431 },
3432 shouldFail: true,
3433 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3434 })
3435 testCases = append(testCases, testCase{
3436 name: "NegotiateALPNAndNPN-Swapped",
3437 config: Config{
3438 NextProtos: []string{"foo", "bar", "baz"},
3439 Bugs: ProtocolBugs{
3440 NegotiateALPNAndNPN: true,
3441 SwapNPNAndALPN: true,
3442 },
3443 },
3444 flags: []string{
3445 "-advertise-alpn", "\x03foo",
3446 "-select-next-proto", "foo",
3447 },
3448 shouldFail: true,
3449 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3450 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3451 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3452 testCases = append(testCases, testCase{
3453 name: "DisableNPN",
3454 config: Config{
3455 NextProtos: []string{"foo"},
3456 },
3457 flags: []string{
3458 "-select-next-proto", "foo",
3459 "-disable-npn",
3460 },
3461 expectNoNextProto: true,
3462 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3463 // Resume with a corrupt ticket.
3464 testCases = append(testCases, testCase{
3465 testType: serverTest,
3466 name: "CorruptTicket",
3467 config: Config{
3468 Bugs: ProtocolBugs{
3469 CorruptTicket: true,
3470 },
3471 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3472 resumeSession: true,
3473 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3474 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3475 // Test the ticket callback, with and without renewal.
3476 testCases = append(testCases, testCase{
3477 testType: serverTest,
3478 name: "TicketCallback",
3479 resumeSession: true,
3480 flags: []string{"-use-ticket-callback"},
3481 })
3482 testCases = append(testCases, testCase{
3483 testType: serverTest,
3484 name: "TicketCallback-Renew",
3485 config: Config{
3486 Bugs: ProtocolBugs{
3487 ExpectNewTicket: true,
3488 },
3489 },
3490 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3491 resumeSession: true,
3492 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3493 // Resume with an oversized session id.
3494 testCases = append(testCases, testCase{
3495 testType: serverTest,
3496 name: "OversizedSessionId",
3497 config: Config{
3498 Bugs: ProtocolBugs{
3499 OversizedSessionId: true,
3500 },
3501 },
3502 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3503 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3504 expectedError: ":DECODE_ERROR:",
3505 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3506 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3507 // are ignored.
3508 testCases = append(testCases, testCase{
3509 protocol: dtls,
3510 name: "SRTP-Client",
3511 config: Config{
3512 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3513 },
3514 flags: []string{
3515 "-srtp-profiles",
3516 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3517 },
3518 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3519 })
3520 testCases = append(testCases, testCase{
3521 protocol: dtls,
3522 testType: serverTest,
3523 name: "SRTP-Server",
3524 config: Config{
3525 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3526 },
3527 flags: []string{
3528 "-srtp-profiles",
3529 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3530 },
3531 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3532 })
3533 // Test that the MKI is ignored.
3534 testCases = append(testCases, testCase{
3535 protocol: dtls,
3536 testType: serverTest,
3537 name: "SRTP-Server-IgnoreMKI",
3538 config: Config{
3539 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3540 Bugs: ProtocolBugs{
3541 SRTPMasterKeyIdentifer: "bogus",
3542 },
3543 },
3544 flags: []string{
3545 "-srtp-profiles",
3546 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3547 },
3548 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3549 })
3550 // Test that SRTP isn't negotiated on the server if there were
3551 // no matching profiles.
3552 testCases = append(testCases, testCase{
3553 protocol: dtls,
3554 testType: serverTest,
3555 name: "SRTP-Server-NoMatch",
3556 config: Config{
3557 SRTPProtectionProfiles: []uint16{100, 101, 102},
3558 },
3559 flags: []string{
3560 "-srtp-profiles",
3561 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3562 },
3563 expectedSRTPProtectionProfile: 0,
3564 })
3565 // Test that the server returning an invalid SRTP profile is
3566 // flagged as an error by the client.
3567 testCases = append(testCases, testCase{
3568 protocol: dtls,
3569 name: "SRTP-Client-NoMatch",
3570 config: Config{
3571 Bugs: ProtocolBugs{
3572 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3573 },
3574 },
3575 flags: []string{
3576 "-srtp-profiles",
3577 "SRTP_AES128_CM_SHA1_80",
3578 },
3579 shouldFail: true,
3580 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3581 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3582 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3583 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3584 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3585 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3586 flags: []string{
3587 "-enable-signed-cert-timestamps",
3588 "-expect-signed-cert-timestamps",
3589 base64.StdEncoding.EncodeToString(testSCTList),
3590 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3591 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3592 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3593 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3594 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3595 testType: serverTest,
3596 flags: []string{
3597 "-signed-cert-timestamps",
3598 base64.StdEncoding.EncodeToString(testSCTList),
3599 },
3600 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3601 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3602 })
3603 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3604 testType: clientTest,
3605 name: "ClientHelloPadding",
3606 config: Config{
3607 Bugs: ProtocolBugs{
3608 RequireClientHelloSize: 512,
3609 },
3610 },
3611 // This hostname just needs to be long enough to push the
3612 // ClientHello into F5's danger zone between 256 and 511 bytes
3613 // long.
3614 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3615 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]3616
3617 // Extensions should not function in SSL 3.0.
3618 testCases = append(testCases, testCase{
3619 testType: serverTest,
3620 name: "SSLv3Extensions-NoALPN",
3621 config: Config{
3622 MaxVersion: VersionSSL30,
3623 NextProtos: []string{"foo", "bar", "baz"},
3624 },
3625 flags: []string{
3626 "-select-alpn", "foo",
3627 },
3628 expectNoNextProto: true,
3629 })
3630
3631 // Test session tickets separately as they follow a different codepath.
3632 testCases = append(testCases, testCase{
3633 testType: serverTest,
3634 name: "SSLv3Extensions-NoTickets",
3635 config: Config{
3636 MaxVersion: VersionSSL30,
3637 Bugs: ProtocolBugs{
3638 // Historically, session tickets in SSL 3.0
3639 // failed in different ways depending on whether
3640 // the client supported renegotiation_info.
3641 NoRenegotiationInfo: true,
3642 },
3643 },
3644 resumeSession: true,
3645 })
3646 testCases = append(testCases, testCase{
3647 testType: serverTest,
3648 name: "SSLv3Extensions-NoTickets2",
3649 config: Config{
3650 MaxVersion: VersionSSL30,
3651 },
3652 resumeSession: true,
3653 })
3654
3655 // But SSL 3.0 does send and process renegotiation_info.
3656 testCases = append(testCases, testCase{
3657 testType: serverTest,
3658 name: "SSLv3Extensions-RenegotiationInfo",
3659 config: Config{
3660 MaxVersion: VersionSSL30,
3661 Bugs: ProtocolBugs{
3662 RequireRenegotiationInfo: true,
3663 },
3664 },
3665 })
3666 testCases = append(testCases, testCase{
3667 testType: serverTest,
3668 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
3669 config: Config{
3670 MaxVersion: VersionSSL30,
3671 Bugs: ProtocolBugs{
3672 NoRenegotiationInfo: true,
3673 SendRenegotiationSCSV: true,
3674 RequireRenegotiationInfo: true,
3675 },
3676 },
3677 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3678}
3679
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3680func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3681 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3682 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3683 protocols := []protocol{tls}
3684 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3685 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3686 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3687 for _, protocol := range protocols {
3688 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3689 if protocol == dtls {
3690 suffix += "-DTLS"
3691 }
3692
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3693 if sessionVers.version == resumeVers.version {
3694 testCases = append(testCases, testCase{
3695 protocol: protocol,
3696 name: "Resume-Client" + suffix,
3697 resumeSession: true,
3698 config: Config{
3699 MaxVersion: sessionVers.version,
3700 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3701 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3702 expectedVersion: sessionVers.version,
3703 expectedResumeVersion: resumeVers.version,
3704 })
3705 } else {
3706 testCases = append(testCases, testCase{
3707 protocol: protocol,
3708 name: "Resume-Client-Mismatch" + suffix,
3709 resumeSession: true,
3710 config: Config{
3711 MaxVersion: sessionVers.version,
3712 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3713 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3714 expectedVersion: sessionVers.version,
3715 resumeConfig: &Config{
3716 MaxVersion: resumeVers.version,
3717 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3718 Bugs: ProtocolBugs{
3719 AllowSessionVersionMismatch: true,
3720 },
3721 },
3722 expectedResumeVersion: resumeVers.version,
3723 shouldFail: true,
3724 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3725 })
3726 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3727
3728 testCases = append(testCases, testCase{
3729 protocol: protocol,
3730 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3731 resumeSession: true,
3732 config: Config{
3733 MaxVersion: sessionVers.version,
3734 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3735 },
3736 expectedVersion: sessionVers.version,
3737 resumeConfig: &Config{
3738 MaxVersion: resumeVers.version,
3739 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3740 },
3741 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3742 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3743 expectedResumeVersion: resumeVers.version,
3744 })
3745
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3746 testCases = append(testCases, testCase{
3747 protocol: protocol,
3748 testType: serverTest,
3749 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3750 resumeSession: true,
3751 config: Config{
3752 MaxVersion: sessionVers.version,
3753 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3754 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3755 expectedVersion: sessionVers.version,
3756 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3757 resumeConfig: &Config{
3758 MaxVersion: resumeVers.version,
3759 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3760 },
3761 expectedResumeVersion: resumeVers.version,
3762 })
3763 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3764 }
3765 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3766
3767 testCases = append(testCases, testCase{
3768 name: "Resume-Client-CipherMismatch",
3769 resumeSession: true,
3770 config: Config{
3771 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3772 },
3773 resumeConfig: &Config{
3774 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3775 Bugs: ProtocolBugs{
3776 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3777 },
3778 },
3779 shouldFail: true,
3780 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3781 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3782}
3783
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3784func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3785 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3786 testCases = append(testCases, testCase{
3787 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3788 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3789 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3790 shouldFail: true,
3791 expectedError: ":NO_RENEGOTIATION:",
3792 expectedLocalError: "remote error: no renegotiation",
3793 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3794 // The server shouldn't echo the renegotiation extension unless
3795 // requested by the client.
3796 testCases = append(testCases, testCase{
3797 testType: serverTest,
3798 name: "Renegotiate-Server-NoExt",
3799 config: Config{
3800 Bugs: ProtocolBugs{
3801 NoRenegotiationInfo: true,
3802 RequireRenegotiationInfo: true,
3803 },
3804 },
3805 shouldFail: true,
3806 expectedLocalError: "renegotiation extension missing",
3807 })
3808 // The renegotiation SCSV should be sufficient for the server to echo
3809 // the extension.
3810 testCases = append(testCases, testCase{
3811 testType: serverTest,
3812 name: "Renegotiate-Server-NoExt-SCSV",
3813 config: Config{
3814 Bugs: ProtocolBugs{
3815 NoRenegotiationInfo: true,
3816 SendRenegotiationSCSV: true,
3817 RequireRenegotiationInfo: true,
3818 },
3819 },
3820 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3821 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3822 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3823 config: Config{
3824 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3825 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3826 },
3827 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3828 renegotiate: 1,
3829 flags: []string{
3830 "-renegotiate-freely",
3831 "-expect-total-renegotiations", "1",
3832 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3833 })
3834 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3835 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3836 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3837 config: Config{
3838 Bugs: ProtocolBugs{
3839 EmptyRenegotiationInfo: true,
3840 },
3841 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3842 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3843 shouldFail: true,
3844 expectedError: ":RENEGOTIATION_MISMATCH:",
3845 })
3846 testCases = append(testCases, testCase{
3847 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3848 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3849 config: Config{
3850 Bugs: ProtocolBugs{
3851 BadRenegotiationInfo: true,
3852 },
3853 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3854 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3855 shouldFail: true,
3856 expectedError: ":RENEGOTIATION_MISMATCH:",
3857 })
3858 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]3859 name: "Renegotiate-Client-Downgrade",
3860 renegotiate: 1,
3861 config: Config{
3862 Bugs: ProtocolBugs{
3863 NoRenegotiationInfoAfterInitial: true,
3864 },
3865 },
3866 flags: []string{"-renegotiate-freely"},
3867 shouldFail: true,
3868 expectedError: ":RENEGOTIATION_MISMATCH:",
3869 })
3870 testCases = append(testCases, testCase{
3871 name: "Renegotiate-Client-Upgrade",
3872 renegotiate: 1,
3873 config: Config{
3874 Bugs: ProtocolBugs{
3875 NoRenegotiationInfoInInitial: true,
3876 },
3877 },
3878 flags: []string{"-renegotiate-freely"},
3879 shouldFail: true,
3880 expectedError: ":RENEGOTIATION_MISMATCH:",
3881 })
3882 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3883 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3884 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3885 config: Config{
3886 Bugs: ProtocolBugs{
3887 NoRenegotiationInfo: true,
3888 },
3889 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3890 flags: []string{
3891 "-renegotiate-freely",
3892 "-expect-total-renegotiations", "1",
3893 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3894 })
3895 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3896 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3897 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3898 config: Config{
3899 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3900 },
3901 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3902 flags: []string{
3903 "-renegotiate-freely",
3904 "-expect-total-renegotiations", "1",
3905 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3906 })
3907 testCases = append(testCases, testCase{
3908 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3909 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3910 config: Config{
3911 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3912 },
3913 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3914 flags: []string{
3915 "-renegotiate-freely",
3916 "-expect-total-renegotiations", "1",
3917 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3918 })
3919 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3920 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3921 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3922 config: Config{
3923 MaxVersion: VersionTLS10,
3924 Bugs: ProtocolBugs{
3925 RequireSameRenegoClientVersion: true,
3926 },
3927 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3928 flags: []string{
3929 "-renegotiate-freely",
3930 "-expect-total-renegotiations", "1",
3931 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3932 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3933 testCases = append(testCases, testCase{
3934 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3935 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3936 config: Config{
3937 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3938 NextProtos: []string{"foo"},
3939 },
3940 flags: []string{
3941 "-false-start",
3942 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3943 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]3944 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3945 },
3946 shimWritesFirst: true,
3947 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3948
3949 // Client-side renegotiation controls.
3950 testCases = append(testCases, testCase{
3951 name: "Renegotiate-Client-Forbidden-1",
3952 renegotiate: 1,
3953 shouldFail: true,
3954 expectedError: ":NO_RENEGOTIATION:",
3955 expectedLocalError: "remote error: no renegotiation",
3956 })
3957 testCases = append(testCases, testCase{
3958 name: "Renegotiate-Client-Once-1",
3959 renegotiate: 1,
3960 flags: []string{
3961 "-renegotiate-once",
3962 "-expect-total-renegotiations", "1",
3963 },
3964 })
3965 testCases = append(testCases, testCase{
3966 name: "Renegotiate-Client-Freely-1",
3967 renegotiate: 1,
3968 flags: []string{
3969 "-renegotiate-freely",
3970 "-expect-total-renegotiations", "1",
3971 },
3972 })
3973 testCases = append(testCases, testCase{
3974 name: "Renegotiate-Client-Once-2",
3975 renegotiate: 2,
3976 flags: []string{"-renegotiate-once"},
3977 shouldFail: true,
3978 expectedError: ":NO_RENEGOTIATION:",
3979 expectedLocalError: "remote error: no renegotiation",
3980 })
3981 testCases = append(testCases, testCase{
3982 name: "Renegotiate-Client-Freely-2",
3983 renegotiate: 2,
3984 flags: []string{
3985 "-renegotiate-freely",
3986 "-expect-total-renegotiations", "2",
3987 },
3988 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]3989 testCases = append(testCases, testCase{
3990 name: "Renegotiate-Client-NoIgnore",
3991 config: Config{
3992 Bugs: ProtocolBugs{
3993 SendHelloRequestBeforeEveryAppDataRecord: true,
3994 },
3995 },
3996 shouldFail: true,
3997 expectedError: ":NO_RENEGOTIATION:",
3998 })
3999 testCases = append(testCases, testCase{
4000 name: "Renegotiate-Client-Ignore",
4001 config: Config{
4002 Bugs: ProtocolBugs{
4003 SendHelloRequestBeforeEveryAppDataRecord: true,
4004 },
4005 },
4006 flags: []string{
4007 "-renegotiate-ignore",
4008 "-expect-total-renegotiations", "0",
4009 },
4010 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4011}
4012
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4013func addDTLSReplayTests() {
4014 // Test that sequence number replays are detected.
4015 testCases = append(testCases, testCase{
4016 protocol: dtls,
4017 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4018 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4019 replayWrites: true,
4020 })
4021
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4022 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4023 // than the retransmit window.
4024 testCases = append(testCases, testCase{
4025 protocol: dtls,
4026 name: "DTLS-Replay-LargeGaps",
4027 config: Config{
4028 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4029 SequenceNumberMapping: func(in uint64) uint64 {
4030 return in * 127
4031 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4032 },
4033 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4034 messageCount: 200,
4035 replayWrites: true,
4036 })
4037
4038 // Test the incoming sequence number changing non-monotonically.
4039 testCases = append(testCases, testCase{
4040 protocol: dtls,
4041 name: "DTLS-Replay-NonMonotonic",
4042 config: Config{
4043 Bugs: ProtocolBugs{
4044 SequenceNumberMapping: func(in uint64) uint64 {
4045 return in ^ 31
4046 },
4047 },
4048 },
4049 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4050 replayWrites: true,
4051 })
4052}
4053
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4054var testHashes = []struct {
4055 name string
4056 id uint8
4057}{
4058 {"SHA1", hashSHA1},
4059 {"SHA224", hashSHA224},
4060 {"SHA256", hashSHA256},
4061 {"SHA384", hashSHA384},
4062 {"SHA512", hashSHA512},
4063}
4064
4065func addSigningHashTests() {
4066 // Make sure each hash works. Include some fake hashes in the list and
4067 // ensure they're ignored.
4068 for _, hash := range testHashes {
4069 testCases = append(testCases, testCase{
4070 name: "SigningHash-ClientAuth-" + hash.name,
4071 config: Config{
4072 ClientAuth: RequireAnyClientCert,
4073 SignatureAndHashes: []signatureAndHash{
4074 {signatureRSA, 42},
4075 {signatureRSA, hash.id},
4076 {signatureRSA, 255},
4077 },
4078 },
4079 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4080 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4081 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4082 },
4083 })
4084
4085 testCases = append(testCases, testCase{
4086 testType: serverTest,
4087 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
4088 config: Config{
4089 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4090 SignatureAndHashes: []signatureAndHash{
4091 {signatureRSA, 42},
4092 {signatureRSA, hash.id},
4093 {signatureRSA, 255},
4094 },
4095 },
4096 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4097
4098 testCases = append(testCases, testCase{
4099 name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
4100 config: Config{
4101 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4102 SignatureAndHashes: []signatureAndHash{
4103 {signatureRSA, 42},
4104 {signatureRSA, hash.id},
4105 {signatureRSA, 255},
4106 },
4107 },
4108 flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
4109 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4110 }
4111
4112 // Test that hash resolution takes the signature type into account.
4113 testCases = append(testCases, testCase{
4114 name: "SigningHash-ClientAuth-SignatureType",
4115 config: Config{
4116 ClientAuth: RequireAnyClientCert,
4117 SignatureAndHashes: []signatureAndHash{
4118 {signatureECDSA, hashSHA512},
4119 {signatureRSA, hashSHA384},
4120 {signatureECDSA, hashSHA1},
4121 },
4122 },
4123 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4124 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4125 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4126 },
4127 })
4128
4129 testCases = append(testCases, testCase{
4130 testType: serverTest,
4131 name: "SigningHash-ServerKeyExchange-SignatureType",
4132 config: Config{
4133 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4134 SignatureAndHashes: []signatureAndHash{
4135 {signatureECDSA, hashSHA512},
4136 {signatureRSA, hashSHA384},
4137 {signatureECDSA, hashSHA1},
4138 },
4139 },
4140 })
4141
4142 // Test that, if the list is missing, the peer falls back to SHA-1.
4143 testCases = append(testCases, testCase{
4144 name: "SigningHash-ClientAuth-Fallback",
4145 config: Config{
4146 ClientAuth: RequireAnyClientCert,
4147 SignatureAndHashes: []signatureAndHash{
4148 {signatureRSA, hashSHA1},
4149 },
4150 Bugs: ProtocolBugs{
4151 NoSignatureAndHashes: true,
4152 },
4153 },
4154 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4155 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4156 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4157 },
4158 })
4159
4160 testCases = append(testCases, testCase{
4161 testType: serverTest,
4162 name: "SigningHash-ServerKeyExchange-Fallback",
4163 config: Config{
4164 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4165 SignatureAndHashes: []signatureAndHash{
4166 {signatureRSA, hashSHA1},
4167 },
4168 Bugs: ProtocolBugs{
4169 NoSignatureAndHashes: true,
4170 },
4171 },
4172 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4173
4174 // Test that hash preferences are enforced. BoringSSL defaults to
4175 // rejecting MD5 signatures.
4176 testCases = append(testCases, testCase{
4177 testType: serverTest,
4178 name: "SigningHash-ClientAuth-Enforced",
4179 config: Config{
4180 Certificates: []Certificate{rsaCertificate},
4181 SignatureAndHashes: []signatureAndHash{
4182 {signatureRSA, hashMD5},
4183 // Advertise SHA-1 so the handshake will
4184 // proceed, but the shim's preferences will be
4185 // ignored in CertificateVerify generation, so
4186 // MD5 will be chosen.
4187 {signatureRSA, hashSHA1},
4188 },
4189 Bugs: ProtocolBugs{
4190 IgnorePeerSignatureAlgorithmPreferences: true,
4191 },
4192 },
4193 flags: []string{"-require-any-client-certificate"},
4194 shouldFail: true,
4195 expectedError: ":WRONG_SIGNATURE_TYPE:",
4196 })
4197
4198 testCases = append(testCases, testCase{
4199 name: "SigningHash-ServerKeyExchange-Enforced",
4200 config: Config{
4201 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4202 SignatureAndHashes: []signatureAndHash{
4203 {signatureRSA, hashMD5},
4204 },
4205 Bugs: ProtocolBugs{
4206 IgnorePeerSignatureAlgorithmPreferences: true,
4207 },
4208 },
4209 shouldFail: true,
4210 expectedError: ":WRONG_SIGNATURE_TYPE:",
4211 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4212
4213 // Test that the agreed upon digest respects the client preferences and
4214 // the server digests.
4215 testCases = append(testCases, testCase{
4216 name: "Agree-Digest-Fallback",
4217 config: Config{
4218 ClientAuth: RequireAnyClientCert,
4219 SignatureAndHashes: []signatureAndHash{
4220 {signatureRSA, hashSHA512},
4221 {signatureRSA, hashSHA1},
4222 },
4223 },
4224 flags: []string{
4225 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4226 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4227 },
4228 digestPrefs: "SHA256",
4229 expectedClientCertSignatureHash: hashSHA1,
4230 })
4231 testCases = append(testCases, testCase{
4232 name: "Agree-Digest-SHA256",
4233 config: Config{
4234 ClientAuth: RequireAnyClientCert,
4235 SignatureAndHashes: []signatureAndHash{
4236 {signatureRSA, hashSHA1},
4237 {signatureRSA, hashSHA256},
4238 },
4239 },
4240 flags: []string{
4241 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4242 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4243 },
4244 digestPrefs: "SHA256,SHA1",
4245 expectedClientCertSignatureHash: hashSHA256,
4246 })
4247 testCases = append(testCases, testCase{
4248 name: "Agree-Digest-SHA1",
4249 config: Config{
4250 ClientAuth: RequireAnyClientCert,
4251 SignatureAndHashes: []signatureAndHash{
4252 {signatureRSA, hashSHA1},
4253 },
4254 },
4255 flags: []string{
4256 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4257 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4258 },
4259 digestPrefs: "SHA512,SHA256,SHA1",
4260 expectedClientCertSignatureHash: hashSHA1,
4261 })
4262 testCases = append(testCases, testCase{
4263 name: "Agree-Digest-Default",
4264 config: Config{
4265 ClientAuth: RequireAnyClientCert,
4266 SignatureAndHashes: []signatureAndHash{
4267 {signatureRSA, hashSHA256},
4268 {signatureECDSA, hashSHA256},
4269 {signatureRSA, hashSHA1},
4270 {signatureECDSA, hashSHA1},
4271 },
4272 },
4273 flags: []string{
4274 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4275 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4276 },
4277 expectedClientCertSignatureHash: hashSHA256,
4278 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4279}
4280
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4281// timeouts is the retransmit schedule for BoringSSL. It doubles and
4282// caps at 60 seconds. On the 13th timeout, it gives up.
4283var timeouts = []time.Duration{
4284 1 * time.Second,
4285 2 * time.Second,
4286 4 * time.Second,
4287 8 * time.Second,
4288 16 * time.Second,
4289 32 * time.Second,
4290 60 * time.Second,
4291 60 * time.Second,
4292 60 * time.Second,
4293 60 * time.Second,
4294 60 * time.Second,
4295 60 * time.Second,
4296 60 * time.Second,
4297}
4298
4299func addDTLSRetransmitTests() {
4300 // Test that this is indeed the timeout schedule. Stress all
4301 // four patterns of handshake.
4302 for i := 1; i < len(timeouts); i++ {
4303 number := strconv.Itoa(i)
4304 testCases = append(testCases, testCase{
4305 protocol: dtls,
4306 name: "DTLS-Retransmit-Client-" + number,
4307 config: Config{
4308 Bugs: ProtocolBugs{
4309 TimeoutSchedule: timeouts[:i],
4310 },
4311 },
4312 resumeSession: true,
4313 flags: []string{"-async"},
4314 })
4315 testCases = append(testCases, testCase{
4316 protocol: dtls,
4317 testType: serverTest,
4318 name: "DTLS-Retransmit-Server-" + number,
4319 config: Config{
4320 Bugs: ProtocolBugs{
4321 TimeoutSchedule: timeouts[:i],
4322 },
4323 },
4324 resumeSession: true,
4325 flags: []string{"-async"},
4326 })
4327 }
4328
4329 // Test that exceeding the timeout schedule hits a read
4330 // timeout.
4331 testCases = append(testCases, testCase{
4332 protocol: dtls,
4333 name: "DTLS-Retransmit-Timeout",
4334 config: Config{
4335 Bugs: ProtocolBugs{
4336 TimeoutSchedule: timeouts,
4337 },
4338 },
4339 resumeSession: true,
4340 flags: []string{"-async"},
4341 shouldFail: true,
4342 expectedError: ":READ_TIMEOUT_EXPIRED:",
4343 })
4344
4345 // Test that timeout handling has a fudge factor, due to API
4346 // problems.
4347 testCases = append(testCases, testCase{
4348 protocol: dtls,
4349 name: "DTLS-Retransmit-Fudge",
4350 config: Config{
4351 Bugs: ProtocolBugs{
4352 TimeoutSchedule: []time.Duration{
4353 timeouts[0] - 10*time.Millisecond,
4354 },
4355 },
4356 },
4357 resumeSession: true,
4358 flags: []string{"-async"},
4359 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]4360
4361 // Test that the final Finished retransmitting isn't
4362 // duplicated if the peer badly fragments everything.
4363 testCases = append(testCases, testCase{
4364 testType: serverTest,
4365 protocol: dtls,
4366 name: "DTLS-Retransmit-Fragmented",
4367 config: Config{
4368 Bugs: ProtocolBugs{
4369 TimeoutSchedule: []time.Duration{timeouts[0]},
4370 MaxHandshakeRecordLength: 2,
4371 },
4372 },
4373 flags: []string{"-async"},
4374 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4375}
4376
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4377func addExportKeyingMaterialTests() {
4378 for _, vers := range tlsVersions {
4379 if vers.version == VersionSSL30 {
4380 continue
4381 }
4382 testCases = append(testCases, testCase{
4383 name: "ExportKeyingMaterial-" + vers.name,
4384 config: Config{
4385 MaxVersion: vers.version,
4386 },
4387 exportKeyingMaterial: 1024,
4388 exportLabel: "label",
4389 exportContext: "context",
4390 useExportContext: true,
4391 })
4392 testCases = append(testCases, testCase{
4393 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4394 config: Config{
4395 MaxVersion: vers.version,
4396 },
4397 exportKeyingMaterial: 1024,
4398 })
4399 testCases = append(testCases, testCase{
4400 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4401 config: Config{
4402 MaxVersion: vers.version,
4403 },
4404 exportKeyingMaterial: 1024,
4405 useExportContext: true,
4406 })
4407 testCases = append(testCases, testCase{
4408 name: "ExportKeyingMaterial-Small-" + vers.name,
4409 config: Config{
4410 MaxVersion: vers.version,
4411 },
4412 exportKeyingMaterial: 1,
4413 exportLabel: "label",
4414 exportContext: "context",
4415 useExportContext: true,
4416 })
4417 }
4418 testCases = append(testCases, testCase{
4419 name: "ExportKeyingMaterial-SSL3",
4420 config: Config{
4421 MaxVersion: VersionSSL30,
4422 },
4423 exportKeyingMaterial: 1024,
4424 exportLabel: "label",
4425 exportContext: "context",
4426 useExportContext: true,
4427 shouldFail: true,
4428 expectedError: "failed to export keying material",
4429 })
4430}
4431
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4432func addTLSUniqueTests() {
4433 for _, isClient := range []bool{false, true} {
4434 for _, isResumption := range []bool{false, true} {
4435 for _, hasEMS := range []bool{false, true} {
4436 var suffix string
4437 if isResumption {
4438 suffix = "Resume-"
4439 } else {
4440 suffix = "Full-"
4441 }
4442
4443 if hasEMS {
4444 suffix += "EMS-"
4445 } else {
4446 suffix += "NoEMS-"
4447 }
4448
4449 if isClient {
4450 suffix += "Client"
4451 } else {
4452 suffix += "Server"
4453 }
4454
4455 test := testCase{
4456 name: "TLSUnique-" + suffix,
4457 testTLSUnique: true,
4458 config: Config{
4459 Bugs: ProtocolBugs{
4460 NoExtendedMasterSecret: !hasEMS,
4461 },
4462 },
4463 }
4464
4465 if isResumption {
4466 test.resumeSession = true
4467 test.resumeConfig = &Config{
4468 Bugs: ProtocolBugs{
4469 NoExtendedMasterSecret: !hasEMS,
4470 },
4471 }
4472 }
4473
4474 if isResumption && !hasEMS {
4475 test.shouldFail = true
4476 test.expectedError = "failed to get tls-unique"
4477 }
4478
4479 testCases = append(testCases, test)
4480 }
4481 }
4482 }
4483}
4484
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4485func addCustomExtensionTests() {
4486 expectedContents := "custom extension"
4487 emptyString := ""
4488
4489 for _, isClient := range []bool{false, true} {
4490 suffix := "Server"
4491 flag := "-enable-server-custom-extension"
4492 testType := serverTest
4493 if isClient {
4494 suffix = "Client"
4495 flag = "-enable-client-custom-extension"
4496 testType = clientTest
4497 }
4498
4499 testCases = append(testCases, testCase{
4500 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4501 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4502 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4503 Bugs: ProtocolBugs{
4504 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4505 ExpectedCustomExtension: &expectedContents,
4506 },
4507 },
4508 flags: []string{flag},
4509 })
4510
4511 // If the parse callback fails, the handshake should also fail.
4512 testCases = append(testCases, testCase{
4513 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4514 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4515 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4516 Bugs: ProtocolBugs{
4517 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4518 ExpectedCustomExtension: &expectedContents,
4519 },
4520 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4521 flags: []string{flag},
4522 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4523 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4524 })
4525
4526 // If the add callback fails, the handshake should also fail.
4527 testCases = append(testCases, testCase{
4528 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4529 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4530 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4531 Bugs: ProtocolBugs{
4532 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4533 ExpectedCustomExtension: &expectedContents,
4534 },
4535 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4536 flags: []string{flag, "-custom-extension-fail-add"},
4537 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4538 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4539 })
4540
4541 // If the add callback returns zero, no extension should be
4542 // added.
4543 skipCustomExtension := expectedContents
4544 if isClient {
4545 // For the case where the client skips sending the
4546 // custom extension, the server must not “echo” it.
4547 skipCustomExtension = ""
4548 }
4549 testCases = append(testCases, testCase{
4550 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4551 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4552 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4553 Bugs: ProtocolBugs{
4554 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4555 ExpectedCustomExtension: &emptyString,
4556 },
4557 },
4558 flags: []string{flag, "-custom-extension-skip"},
4559 })
4560 }
4561
4562 // The custom extension add callback should not be called if the client
4563 // doesn't send the extension.
4564 testCases = append(testCases, testCase{
4565 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4566 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4567 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4568 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4569 ExpectedCustomExtension: &emptyString,
4570 },
4571 },
4572 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
4573 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]4574
4575 // Test an unknown extension from the server.
4576 testCases = append(testCases, testCase{
4577 testType: clientTest,
4578 name: "UnknownExtension-Client",
4579 config: Config{
4580 Bugs: ProtocolBugs{
4581 CustomExtension: expectedContents,
4582 },
4583 },
4584 shouldFail: true,
4585 expectedError: ":UNEXPECTED_EXTENSION:",
4586 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4587}
4588
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4589func addRSAClientKeyExchangeTests() {
4590 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
4591 testCases = append(testCases, testCase{
4592 testType: serverTest,
4593 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
4594 config: Config{
4595 // Ensure the ClientHello version and final
4596 // version are different, to detect if the
4597 // server uses the wrong one.
4598 MaxVersion: VersionTLS11,
4599 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4600 Bugs: ProtocolBugs{
4601 BadRSAClientKeyExchange: bad,
4602 },
4603 },
4604 shouldFail: true,
4605 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
4606 })
4607 }
4608}
4609
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4610func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4611 defer wg.Done()
4612
4613 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4614 var err error
4615
4616 if *mallocTest < 0 {
4617 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4618 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4619 } else {
4620 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
4621 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4622 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4623 if err != nil {
4624 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
4625 }
4626 break
4627 }
4628 }
4629 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4630 statusChan <- statusMsg{test: test, err: err}
4631 }
4632}
4633
4634type statusMsg struct {
4635 test *testCase
4636 started bool
4637 err error
4638}
4639
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4640func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4641 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4642
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4643 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4644 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4645 if !*pipe {
4646 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]4647 var erase string
4648 for i := 0; i < lineLen; i++ {
4649 erase += "\b \b"
4650 }
4651 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4652 }
4653
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4654 if msg.started {
4655 started++
4656 } else {
4657 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4658
4659 if msg.err != nil {
4660 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4661 failed++
4662 testOutput.addResult(msg.test.name, "FAIL")
4663 } else {
4664 if *pipe {
4665 // Print each test instead of a status line.
4666 fmt.Printf("PASSED (%s)\n", msg.test.name)
4667 }
4668 testOutput.addResult(msg.test.name, "PASS")
4669 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4670 }
4671
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4672 if !*pipe {
4673 // Print a new status line.
4674 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4675 lineLen = len(line)
4676 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4677 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4678 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4679
4680 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4681}
4682
4683func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4684 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4685 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4686
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4687 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4688 addCipherSuiteTests()
4689 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4690 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4691 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4692 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4693 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4694 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4695 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4696 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4697 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4698 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4699 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4700 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4701 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4702 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4703 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4704 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4705 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4706 addRSAClientKeyExchangeTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4707 for _, async := range []bool{false, true} {
4708 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4709 for _, protocol := range []protocol{tls, dtls} {
4710 addStateMachineCoverageTests(async, splitHandshake, protocol)
4711 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4712 }
4713 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4714
4715 var wg sync.WaitGroup
4716
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4717 statusChan := make(chan statusMsg, *numWorkers)
4718 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4719 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4720
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4721 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4722
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4723 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4724 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4725 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4726 }
4727
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4728 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4729 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4730 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4731 }
4732 }
4733
4734 close(testChan)
4735 wg.Wait()
4736 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4737 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4738
4739 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4740
4741 if *jsonOutput != "" {
4742 if err := testOutput.writeTo(*jsonOutput); err != nil {
4743 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4744 }
4745 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4746
4747 if !testOutput.allPassed {
4748 os.Exit(1)
4749 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4750}