blob: 17e03cb5cdfcf4422e1844e892c71b864e1f9838 [file] [log] [blame]
Adam Langley7fcfd3b2016-05-20 11:02:50 -07001// Copyright (c) 2016, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
Adam Langleydc7e9c42015-09-29 15:21:04 -070015package runner
Adam Langley95c29f32014-06-20 12:00:00 -070016
17import (
18 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -040019 "crypto/ecdsa"
20 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -040021 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -040022 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -040023 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -070024 "flag"
25 "fmt"
26 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -070027 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -070028 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -070029 "net"
30 "os"
31 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -040032 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -040033 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -080034 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -070035 "strings"
36 "sync"
37 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -050038 "time"
Adam Langley95c29f32014-06-20 12:00:00 -070039)
40
Adam Langley69a01602014-11-17 17:26:55 -080041var (
David Benjamin5f237bc2015-02-11 17:14:15 -050042 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
43 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -050044 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -050045 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
46 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
47 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
48 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
49 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -070050 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
51 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
52 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
53 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
David Benjaminf2b83632016-03-01 22:57:46 -050054 fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
David Benjamin9867b7d2016-03-01 23:25:48 -050055 transcriptDir = flag.String("transcript-dir", "", "The directory in which to write transcripts.")
David Benjamin01784b42016-06-07 18:00:52 -040056 idleTimeout = flag.Duration("idle-timeout", 15*time.Second, "The number of seconds to wait for a read or write to bssl_shim.")
David Benjamin2e045a92016-06-08 13:09:56 -040057 deterministic = flag.Bool("deterministic", false, "If true, uses a deterministic PRNG in the runner.")
Adam Langley69a01602014-11-17 17:26:55 -080058)
Adam Langley95c29f32014-06-20 12:00:00 -070059
David Benjamin025b3d32014-07-01 19:53:04 -040060const (
61 rsaCertificateFile = "cert.pem"
62 ecdsaCertificateFile = "ecdsa_cert.pem"
63)
64
65const (
David Benjamina08e49d2014-08-24 01:46:07 -040066 rsaKeyFile = "key.pem"
67 ecdsaKeyFile = "ecdsa_key.pem"
68 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -040069)
70
Adam Langley95c29f32014-06-20 12:00:00 -070071var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -040072var channelIDKey *ecdsa.PrivateKey
73var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -070074
David Benjamin61f95272014-11-25 01:55:35 -050075var testOCSPResponse = []byte{1, 2, 3, 4}
76var testSCTList = []byte{5, 6, 7, 8}
77
Adam Langley95c29f32014-06-20 12:00:00 -070078func initCertificates() {
79 var err error
Adam Langley7c803a62015-06-15 15:35:05 -070080 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -070081 if err != nil {
82 panic(err)
83 }
David Benjamin61f95272014-11-25 01:55:35 -050084 rsaCertificate.OCSPStaple = testOCSPResponse
85 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -070086
Adam Langley7c803a62015-06-15 15:35:05 -070087 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -070088 if err != nil {
89 panic(err)
90 }
David Benjamin61f95272014-11-25 01:55:35 -050091 ecdsaCertificate.OCSPStaple = testOCSPResponse
92 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -040093
Adam Langley7c803a62015-06-15 15:35:05 -070094 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -040095 if err != nil {
96 panic(err)
97 }
98 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
99 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
100 panic("bad key type")
101 }
102 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
103 if err != nil {
104 panic(err)
105 }
106 if channelIDKey.Curve != elliptic.P256() {
107 panic("bad curve")
108 }
109
110 channelIDBytes = make([]byte, 64)
111 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
112 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700113}
114
115var certificateOnce sync.Once
116
117func getRSACertificate() Certificate {
118 certificateOnce.Do(initCertificates)
119 return rsaCertificate
120}
121
122func getECDSACertificate() Certificate {
123 certificateOnce.Do(initCertificates)
124 return ecdsaCertificate
125}
126
David Benjamin025b3d32014-07-01 19:53:04 -0400127type testType int
128
129const (
130 clientTest testType = iota
131 serverTest
132)
133
David Benjamin6fd297b2014-08-11 18:43:38 -0400134type protocol int
135
136const (
137 tls protocol = iota
138 dtls
139)
140
David Benjaminfc7b0862014-09-06 13:21:53 -0400141const (
142 alpn = 1
143 npn = 2
144)
145
Adam Langley95c29f32014-06-20 12:00:00 -0700146type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400147 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400148 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700149 name string
150 config Config
151 shouldFail bool
152 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700153 // expectedLocalError, if not empty, contains a substring that must be
154 // found in the local error.
155 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400156 // expectedVersion, if non-zero, specifies the TLS version that must be
157 // negotiated.
158 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400159 // expectedResumeVersion, if non-zero, specifies the TLS version that
160 // must be negotiated on resumption. If zero, expectedVersion is used.
161 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400162 // expectedCipher, if non-zero, specifies the TLS cipher suite that
163 // should be negotiated.
164 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400165 // expectChannelID controls whether the connection should have
166 // negotiated a Channel ID with channelIDKey.
167 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400168 // expectedNextProto controls whether the connection should
169 // negotiate a next protocol via NPN or ALPN.
170 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400171 // expectNoNextProto, if true, means that no next protocol should be
172 // negotiated.
173 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400174 // expectedNextProtoType, if non-zero, is the expected next
175 // protocol negotiation mechanism.
176 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500177 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
178 // should be negotiated. If zero, none should be negotiated.
179 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100180 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
181 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100182 // expectedSCTList, if not nil, is the expected SCT list to be received.
183 expectedSCTList []uint8
Steven Valdez0d62f262015-09-04 12:41:04 -0400184 // expectedClientCertSignatureHash, if not zero, is the TLS id of the
185 // hash function that the client should have used when signing the
186 // handshake with a client certificate.
187 expectedClientCertSignatureHash uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700188 // messageLen is the length, in bytes, of the test message that will be
189 // sent.
190 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400191 // messageCount is the number of test messages that will be sent.
192 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400193 // digestPrefs is the list of digest preferences from the client.
194 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400195 // certFile is the path to the certificate to use for the server.
196 certFile string
197 // keyFile is the path to the private key to use for the server.
198 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400199 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400200 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400201 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700202 // expectResumeRejected, if true, specifies that the attempted
203 // resumption must be rejected by the client. This is only valid for a
204 // serverTest.
205 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400206 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500207 // resumption. Unless newSessionsOnResume is set,
208 // SessionTicketKey, ServerSessionCache, and
209 // ClientSessionCache are copied from the initial connection's
210 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400211 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500212 // newSessionsOnResume, if true, will cause resumeConfig to
213 // use a different session resumption context.
214 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400215 // noSessionCache, if true, will cause the server to run without a
216 // session cache.
217 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400218 // sendPrefix sends a prefix on the socket before actually performing a
219 // handshake.
220 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400221 // shimWritesFirst controls whether the shim sends an initial "hello"
222 // message before doing a roundtrip with the runner.
223 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400224 // shimShutsDown, if true, runs a test where the shim shuts down the
225 // connection immediately after the handshake rather than echoing
226 // messages from the runner.
227 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400228 // renegotiate indicates the number of times the connection should be
229 // renegotiated during the exchange.
230 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700231 // renegotiateCiphers is a list of ciphersuite ids that will be
232 // switched in just before renegotiation.
233 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500234 // replayWrites, if true, configures the underlying transport
235 // to replay every write it makes in DTLS tests.
236 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500237 // damageFirstWrite, if true, configures the underlying transport to
238 // damage the final byte of the first application data write.
239 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400240 // exportKeyingMaterial, if non-zero, configures the test to exchange
241 // keying material and verify they match.
242 exportKeyingMaterial int
243 exportLabel string
244 exportContext string
245 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400246 // flags, if not empty, contains a list of command-line flags that will
247 // be passed to the shim program.
248 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700249 // testTLSUnique, if true, causes the shim to send the tls-unique value
250 // which will be compared against the expected value.
251 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400252 // sendEmptyRecords is the number of consecutive empty records to send
253 // before and after the test message.
254 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400255 // sendWarningAlerts is the number of consecutive warning alerts to send
256 // before and after the test message.
257 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400258 // expectMessageDropped, if true, means the test message is expected to
259 // be dropped by the client rather than echoed back.
260 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700261}
262
Adam Langley7c803a62015-06-15 15:35:05 -0700263var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700264
David Benjamin9867b7d2016-03-01 23:25:48 -0500265func writeTranscript(test *testCase, isResume bool, data []byte) {
266 if len(data) == 0 {
267 return
268 }
269
270 protocol := "tls"
271 if test.protocol == dtls {
272 protocol = "dtls"
273 }
274
275 side := "client"
276 if test.testType == serverTest {
277 side = "server"
278 }
279
280 dir := path.Join(*transcriptDir, protocol, side)
281 if err := os.MkdirAll(dir, 0755); err != nil {
282 fmt.Fprintf(os.Stderr, "Error making %s: %s\n", dir, err)
283 return
284 }
285
286 name := test.name
287 if isResume {
288 name += "-Resume"
289 } else {
290 name += "-Normal"
291 }
292
293 if err := ioutil.WriteFile(path.Join(dir, name), data, 0644); err != nil {
294 fmt.Fprintf(os.Stderr, "Error writing %s: %s\n", name, err)
295 }
296}
297
David Benjamin3ed59772016-03-08 12:50:21 -0500298// A timeoutConn implements an idle timeout on each Read and Write operation.
299type timeoutConn struct {
300 net.Conn
301 timeout time.Duration
302}
303
304func (t *timeoutConn) Read(b []byte) (int, error) {
305 if err := t.SetReadDeadline(time.Now().Add(t.timeout)); err != nil {
306 return 0, err
307 }
308 return t.Conn.Read(b)
309}
310
311func (t *timeoutConn) Write(b []byte) (int, error) {
312 if err := t.SetWriteDeadline(time.Now().Add(t.timeout)); err != nil {
313 return 0, err
314 }
315 return t.Conn.Write(b)
316}
317
David Benjamin8e6db492015-07-25 18:29:23 -0400318func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin01784b42016-06-07 18:00:52 -0400319 conn = &timeoutConn{conn, *idleTimeout}
David Benjamin65ea8ff2014-11-23 03:01:00 -0500320
David Benjamin6fd297b2014-08-11 18:43:38 -0400321 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500322 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
323 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500324 }
325
David Benjamin9867b7d2016-03-01 23:25:48 -0500326 if *flagDebug || len(*transcriptDir) != 0 {
David Benjaminebda9b32015-11-02 15:33:18 -0500327 local, peer := "client", "server"
328 if test.testType == clientTest {
329 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500330 }
David Benjaminebda9b32015-11-02 15:33:18 -0500331 connDebug := &recordingConn{
332 Conn: conn,
333 isDatagram: test.protocol == dtls,
334 local: local,
335 peer: peer,
336 }
337 conn = connDebug
David Benjamin9867b7d2016-03-01 23:25:48 -0500338 if *flagDebug {
339 defer connDebug.WriteTo(os.Stdout)
340 }
341 if len(*transcriptDir) != 0 {
342 defer func() {
343 writeTranscript(test, isResume, connDebug.Transcript())
344 }()
345 }
David Benjaminebda9b32015-11-02 15:33:18 -0500346
347 if config.Bugs.PacketAdaptor != nil {
348 config.Bugs.PacketAdaptor.debug = connDebug
349 }
350 }
351
352 if test.replayWrites {
353 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400354 }
355
David Benjamin3ed59772016-03-08 12:50:21 -0500356 var connDamage *damageAdaptor
David Benjamin5fa3eba2015-01-22 16:35:40 -0500357 if test.damageFirstWrite {
358 connDamage = newDamageAdaptor(conn)
359 conn = connDamage
360 }
361
David Benjamin6fd297b2014-08-11 18:43:38 -0400362 if test.sendPrefix != "" {
363 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
364 return err
365 }
David Benjamin98e882e2014-08-08 13:24:34 -0400366 }
367
David Benjamin1d5c83e2014-07-22 19:20:02 -0400368 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400369 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400370 if test.protocol == dtls {
371 tlsConn = DTLSServer(conn, config)
372 } else {
373 tlsConn = Server(conn, config)
374 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400375 } else {
376 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400377 if test.protocol == dtls {
378 tlsConn = DTLSClient(conn, config)
379 } else {
380 tlsConn = Client(conn, config)
381 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400382 }
David Benjamin30789da2015-08-29 22:56:45 -0400383 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400384
Adam Langley95c29f32014-06-20 12:00:00 -0700385 if err := tlsConn.Handshake(); err != nil {
386 return err
387 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700388
David Benjamin01fe8202014-09-24 15:21:44 -0400389 // TODO(davidben): move all per-connection expectations into a dedicated
390 // expectations struct that can be specified separately for the two
391 // legs.
392 expectedVersion := test.expectedVersion
393 if isResume && test.expectedResumeVersion != 0 {
394 expectedVersion = test.expectedResumeVersion
395 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700396 connState := tlsConn.ConnectionState()
397 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400398 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400399 }
400
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700401 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400402 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
403 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700404 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
405 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
406 }
David Benjamin90da8c82015-04-20 14:57:57 -0400407
David Benjamina08e49d2014-08-24 01:46:07 -0400408 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700409 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400410 if channelID == nil {
411 return fmt.Errorf("no channel ID negotiated")
412 }
413 if channelID.Curve != channelIDKey.Curve ||
414 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
415 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
416 return fmt.Errorf("incorrect channel ID")
417 }
418 }
419
David Benjaminae2888f2014-09-06 12:58:58 -0400420 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700421 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400422 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
423 }
424 }
425
David Benjaminc7ce9772015-10-09 19:32:41 -0400426 if test.expectNoNextProto {
427 if actual := connState.NegotiatedProtocol; actual != "" {
428 return fmt.Errorf("got unexpected next proto %s", actual)
429 }
430 }
431
David Benjaminfc7b0862014-09-06 13:21:53 -0400432 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700433 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400434 return fmt.Errorf("next proto type mismatch")
435 }
436 }
437
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700438 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500439 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
440 }
441
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100442 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
443 return fmt.Errorf("OCSP Response mismatch")
444 }
445
Paul Lietar4fac72e2015-09-09 13:44:55 +0100446 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
447 return fmt.Errorf("SCT list mismatch")
448 }
449
Steven Valdez0d62f262015-09-04 12:41:04 -0400450 if expected := test.expectedClientCertSignatureHash; expected != 0 && expected != connState.ClientCertSignatureHash {
451 return fmt.Errorf("expected client to sign handshake with hash %d, but got %d", expected, connState.ClientCertSignatureHash)
452 }
453
David Benjaminc565ebb2015-04-03 04:06:36 -0400454 if test.exportKeyingMaterial > 0 {
455 actual := make([]byte, test.exportKeyingMaterial)
456 if _, err := io.ReadFull(tlsConn, actual); err != nil {
457 return err
458 }
459 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
460 if err != nil {
461 return err
462 }
463 if !bytes.Equal(actual, expected) {
464 return fmt.Errorf("keying material mismatch")
465 }
466 }
467
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700468 if test.testTLSUnique {
469 var peersValue [12]byte
470 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
471 return err
472 }
473 expected := tlsConn.ConnectionState().TLSUnique
474 if !bytes.Equal(peersValue[:], expected) {
475 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
476 }
477 }
478
David Benjamine58c4f52014-08-24 03:47:07 -0400479 if test.shimWritesFirst {
480 var buf [5]byte
481 _, err := io.ReadFull(tlsConn, buf[:])
482 if err != nil {
483 return err
484 }
485 if string(buf[:]) != "hello" {
486 return fmt.Errorf("bad initial message")
487 }
488 }
489
David Benjamina8ebe222015-06-06 03:04:39 -0400490 for i := 0; i < test.sendEmptyRecords; i++ {
491 tlsConn.Write(nil)
492 }
493
David Benjamin24f346d2015-06-06 03:28:08 -0400494 for i := 0; i < test.sendWarningAlerts; i++ {
495 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
496 }
497
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400498 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700499 if test.renegotiateCiphers != nil {
500 config.CipherSuites = test.renegotiateCiphers
501 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400502 for i := 0; i < test.renegotiate; i++ {
503 if err := tlsConn.Renegotiate(); err != nil {
504 return err
505 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700506 }
507 } else if test.renegotiateCiphers != nil {
508 panic("renegotiateCiphers without renegotiate")
509 }
510
David Benjamin5fa3eba2015-01-22 16:35:40 -0500511 if test.damageFirstWrite {
512 connDamage.setDamage(true)
513 tlsConn.Write([]byte("DAMAGED WRITE"))
514 connDamage.setDamage(false)
515 }
516
David Benjamin8e6db492015-07-25 18:29:23 -0400517 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700518 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400519 if test.protocol == dtls {
520 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
521 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700522 // Read until EOF.
523 _, err := io.Copy(ioutil.Discard, tlsConn)
524 return err
525 }
David Benjamin4417d052015-04-05 04:17:25 -0400526 if messageLen == 0 {
527 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700528 }
Adam Langley95c29f32014-06-20 12:00:00 -0700529
David Benjamin8e6db492015-07-25 18:29:23 -0400530 messageCount := test.messageCount
531 if messageCount == 0 {
532 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400533 }
534
David Benjamin8e6db492015-07-25 18:29:23 -0400535 for j := 0; j < messageCount; j++ {
536 testMessage := make([]byte, messageLen)
537 for i := range testMessage {
538 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400539 }
David Benjamin8e6db492015-07-25 18:29:23 -0400540 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700541
David Benjamin8e6db492015-07-25 18:29:23 -0400542 for i := 0; i < test.sendEmptyRecords; i++ {
543 tlsConn.Write(nil)
544 }
545
546 for i := 0; i < test.sendWarningAlerts; i++ {
547 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
548 }
549
David Benjamin4f75aaf2015-09-01 16:53:10 -0400550 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400551 // The shim will not respond.
552 continue
553 }
554
David Benjamin8e6db492015-07-25 18:29:23 -0400555 buf := make([]byte, len(testMessage))
556 if test.protocol == dtls {
557 bufTmp := make([]byte, len(buf)+1)
558 n, err := tlsConn.Read(bufTmp)
559 if err != nil {
560 return err
561 }
562 if n != len(buf) {
563 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
564 }
565 copy(buf, bufTmp)
566 } else {
567 _, err := io.ReadFull(tlsConn, buf)
568 if err != nil {
569 return err
570 }
571 }
572
573 for i, v := range buf {
574 if v != testMessage[i]^0xff {
575 return fmt.Errorf("bad reply contents at byte %d", i)
576 }
Adam Langley95c29f32014-06-20 12:00:00 -0700577 }
578 }
579
580 return nil
581}
582
David Benjamin325b5c32014-07-01 19:40:31 -0400583func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
584 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700585 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400586 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700587 }
David Benjamin325b5c32014-07-01 19:40:31 -0400588 valgrindArgs = append(valgrindArgs, path)
589 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700590
David Benjamin325b5c32014-07-01 19:40:31 -0400591 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700592}
593
David Benjamin325b5c32014-07-01 19:40:31 -0400594func gdbOf(path string, args ...string) *exec.Cmd {
595 xtermArgs := []string{"-e", "gdb", "--args"}
596 xtermArgs = append(xtermArgs, path)
597 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700598
David Benjamin325b5c32014-07-01 19:40:31 -0400599 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700600}
601
David Benjamind16bf342015-12-18 00:53:12 -0500602func lldbOf(path string, args ...string) *exec.Cmd {
603 xtermArgs := []string{"-e", "lldb", "--"}
604 xtermArgs = append(xtermArgs, path)
605 xtermArgs = append(xtermArgs, args...)
606
607 return exec.Command("xterm", xtermArgs...)
608}
609
Adam Langley69a01602014-11-17 17:26:55 -0800610type moreMallocsError struct{}
611
612func (moreMallocsError) Error() string {
613 return "child process did not exhaust all allocation calls"
614}
615
616var errMoreMallocs = moreMallocsError{}
617
David Benjamin87c8a642015-02-21 01:54:29 -0500618// accept accepts a connection from listener, unless waitChan signals a process
619// exit first.
620func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
621 type connOrError struct {
622 conn net.Conn
623 err error
624 }
625 connChan := make(chan connOrError, 1)
626 go func() {
627 conn, err := listener.Accept()
628 connChan <- connOrError{conn, err}
629 close(connChan)
630 }()
631 select {
632 case result := <-connChan:
633 return result.conn, result.err
634 case childErr := <-waitChan:
635 waitChan <- childErr
636 return nil, fmt.Errorf("child exited early: %s", childErr)
637 }
638}
639
Adam Langley7c803a62015-06-15 15:35:05 -0700640func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700641 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
642 panic("Error expected without shouldFail in " + test.name)
643 }
644
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700645 if test.expectResumeRejected && !test.resumeSession {
646 panic("expectResumeRejected without resumeSession in " + test.name)
647 }
648
Steven Valdez0d62f262015-09-04 12:41:04 -0400649 if test.testType != clientTest && test.expectedClientCertSignatureHash != 0 {
650 panic("expectedClientCertSignatureHash non-zero with serverTest in " + test.name)
651 }
652
David Benjamin87c8a642015-02-21 01:54:29 -0500653 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
654 if err != nil {
655 panic(err)
656 }
657 defer func() {
658 if listener != nil {
659 listener.Close()
660 }
661 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700662
David Benjamin87c8a642015-02-21 01:54:29 -0500663 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400664 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400665 flags = append(flags, "-server")
666
David Benjamin025b3d32014-07-01 19:53:04 -0400667 flags = append(flags, "-key-file")
668 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700669 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400670 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700671 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400672 }
673
674 flags = append(flags, "-cert-file")
675 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700676 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400677 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700678 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400679 }
680 }
David Benjamin5a593af2014-08-11 19:51:50 -0400681
Steven Valdez0d62f262015-09-04 12:41:04 -0400682 if test.digestPrefs != "" {
683 flags = append(flags, "-digest-prefs")
684 flags = append(flags, test.digestPrefs)
685 }
686
David Benjamin6fd297b2014-08-11 18:43:38 -0400687 if test.protocol == dtls {
688 flags = append(flags, "-dtls")
689 }
690
David Benjamin5a593af2014-08-11 19:51:50 -0400691 if test.resumeSession {
692 flags = append(flags, "-resume")
693 }
694
David Benjamine58c4f52014-08-24 03:47:07 -0400695 if test.shimWritesFirst {
696 flags = append(flags, "-shim-writes-first")
697 }
698
David Benjamin30789da2015-08-29 22:56:45 -0400699 if test.shimShutsDown {
700 flags = append(flags, "-shim-shuts-down")
701 }
702
David Benjaminc565ebb2015-04-03 04:06:36 -0400703 if test.exportKeyingMaterial > 0 {
704 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
705 flags = append(flags, "-export-label", test.exportLabel)
706 flags = append(flags, "-export-context", test.exportContext)
707 if test.useExportContext {
708 flags = append(flags, "-use-export-context")
709 }
710 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700711 if test.expectResumeRejected {
712 flags = append(flags, "-expect-session-miss")
713 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400714
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700715 if test.testTLSUnique {
716 flags = append(flags, "-tls-unique")
717 }
718
David Benjamin025b3d32014-07-01 19:53:04 -0400719 flags = append(flags, test.flags...)
720
721 var shim *exec.Cmd
722 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700723 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700724 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700725 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500726 } else if *useLLDB {
727 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400728 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700729 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400730 }
David Benjamin025b3d32014-07-01 19:53:04 -0400731 shim.Stdin = os.Stdin
732 var stdoutBuf, stderrBuf bytes.Buffer
733 shim.Stdout = &stdoutBuf
734 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800735 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500736 shim.Env = os.Environ()
737 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800738 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400739 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800740 }
741 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
742 }
David Benjamin025b3d32014-07-01 19:53:04 -0400743
744 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700745 panic(err)
746 }
David Benjamin87c8a642015-02-21 01:54:29 -0500747 waitChan := make(chan error, 1)
748 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700749
750 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400751 if !test.noSessionCache {
752 config.ClientSessionCache = NewLRUClientSessionCache(1)
753 config.ServerSessionCache = NewLRUServerSessionCache(1)
754 }
David Benjamin025b3d32014-07-01 19:53:04 -0400755 if test.testType == clientTest {
756 if len(config.Certificates) == 0 {
757 config.Certificates = []Certificate{getRSACertificate()}
758 }
David Benjamin87c8a642015-02-21 01:54:29 -0500759 } else {
760 // Supply a ServerName to ensure a constant session cache key,
761 // rather than falling back to net.Conn.RemoteAddr.
762 if len(config.ServerName) == 0 {
763 config.ServerName = "test"
764 }
David Benjamin025b3d32014-07-01 19:53:04 -0400765 }
David Benjaminf2b83632016-03-01 22:57:46 -0500766 if *fuzzer {
767 config.Bugs.NullAllCiphers = true
768 }
David Benjamin2e045a92016-06-08 13:09:56 -0400769 if *deterministic {
770 config.Rand = &deterministicRand{}
771 }
Adam Langley95c29f32014-06-20 12:00:00 -0700772
David Benjamin87c8a642015-02-21 01:54:29 -0500773 conn, err := acceptOrWait(listener, waitChan)
774 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400775 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500776 conn.Close()
777 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500778
David Benjamin1d5c83e2014-07-22 19:20:02 -0400779 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400780 var resumeConfig Config
781 if test.resumeConfig != nil {
782 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500783 if len(resumeConfig.ServerName) == 0 {
784 resumeConfig.ServerName = config.ServerName
785 }
David Benjamin01fe8202014-09-24 15:21:44 -0400786 if len(resumeConfig.Certificates) == 0 {
787 resumeConfig.Certificates = []Certificate{getRSACertificate()}
788 }
David Benjaminba4594a2015-06-18 18:36:15 -0400789 if test.newSessionsOnResume {
790 if !test.noSessionCache {
791 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
792 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
793 }
794 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500795 resumeConfig.SessionTicketKey = config.SessionTicketKey
796 resumeConfig.ClientSessionCache = config.ClientSessionCache
797 resumeConfig.ServerSessionCache = config.ServerSessionCache
798 }
David Benjaminf2b83632016-03-01 22:57:46 -0500799 if *fuzzer {
800 resumeConfig.Bugs.NullAllCiphers = true
801 }
David Benjamin2e045a92016-06-08 13:09:56 -0400802 resumeConfig.Rand = config.Rand
David Benjamin01fe8202014-09-24 15:21:44 -0400803 } else {
804 resumeConfig = config
805 }
David Benjamin87c8a642015-02-21 01:54:29 -0500806 var connResume net.Conn
807 connResume, err = acceptOrWait(listener, waitChan)
808 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400809 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500810 connResume.Close()
811 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400812 }
813
David Benjamin87c8a642015-02-21 01:54:29 -0500814 // Close the listener now. This is to avoid hangs should the shim try to
815 // open more connections than expected.
816 listener.Close()
817 listener = nil
818
819 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800820 if exitError, ok := childErr.(*exec.ExitError); ok {
821 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
822 return errMoreMallocs
823 }
824 }
Adam Langley95c29f32014-06-20 12:00:00 -0700825
David Benjamin9bea3492016-03-02 10:59:16 -0500826 // Account for Windows line endings.
827 stdout := strings.Replace(string(stdoutBuf.Bytes()), "\r\n", "\n", -1)
828 stderr := strings.Replace(string(stderrBuf.Bytes()), "\r\n", "\n", -1)
David Benjaminff3a1492016-03-02 10:12:06 -0500829
830 // Separate the errors from the shim and those from tools like
831 // AddressSanitizer.
832 var extraStderr string
833 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
834 stderr = stderrParts[0]
835 extraStderr = stderrParts[1]
836 }
837
Adam Langley95c29f32014-06-20 12:00:00 -0700838 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400839 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700840 localError := "none"
841 if err != nil {
842 localError = err.Error()
843 }
844 if len(test.expectedLocalError) != 0 {
845 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
846 }
Adam Langley95c29f32014-06-20 12:00:00 -0700847
848 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700849 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700850 if childErr != nil {
851 childError = childErr.Error()
852 }
853
854 var msg string
855 switch {
856 case failed && !test.shouldFail:
857 msg = "unexpected failure"
858 case !failed && test.shouldFail:
859 msg = "unexpected success"
860 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700861 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700862 default:
863 panic("internal error")
864 }
865
David Benjaminc565ebb2015-04-03 04:06:36 -0400866 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700867 }
868
David Benjaminff3a1492016-03-02 10:12:06 -0500869 if !*useValgrind && (len(extraStderr) > 0 || (!failed && len(stderr) > 0)) {
870 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700871 }
872
873 return nil
874}
875
876var tlsVersions = []struct {
877 name string
878 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400879 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500880 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700881}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500882 {"SSL3", VersionSSL30, "-no-ssl3", false},
883 {"TLS1", VersionTLS10, "-no-tls1", true},
884 {"TLS11", VersionTLS11, "-no-tls11", false},
885 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700886}
887
888var testCipherSuites = []struct {
889 name string
890 id uint16
891}{
892 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400893 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700894 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400895 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400896 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700897 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400898 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400899 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
900 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400901 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400902 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
903 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400904 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700905 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
906 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400907 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
908 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700909 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400910 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500911 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500912 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700913 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700914 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700915 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400916 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400917 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700918 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400919 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500920 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500921 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700922 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Matt Braithwaite053931e2016-05-25 12:06:05 -0700923 {"CECPQ1-RSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256},
924 {"CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
925 {"CECPQ1-RSA-AES256-GCM-SHA384", TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
926 {"CECPQ1-ECDSA-AES256-GCM-SHA384", TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400927 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
928 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700929 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
930 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500931 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
Steven Valdez3084e7b2016-06-02 12:07:20 -0400932 {"ECDHE-PSK-AES128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
933 {"ECDHE-PSK-AES256-GCM-SHA384", TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400934 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700935 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400936 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700937 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700938}
939
David Benjamin8b8c0062014-11-23 02:47:52 -0500940func hasComponent(suiteName, component string) bool {
941 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
942}
943
David Benjaminf7768e42014-08-31 02:06:47 -0400944func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500945 return hasComponent(suiteName, "GCM") ||
946 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400947 hasComponent(suiteName, "SHA384") ||
948 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500949}
950
951func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700952 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400953}
954
Adam Langleya7997f12015-05-14 17:38:50 -0700955func bigFromHex(hex string) *big.Int {
956 ret, ok := new(big.Int).SetString(hex, 16)
957 if !ok {
958 panic("failed to parse hex number 0x" + hex)
959 }
960 return ret
961}
962
Adam Langley7c803a62015-06-15 15:35:05 -0700963func addBasicTests() {
964 basicTests := []testCase{
965 {
966 name: "BadRSASignature",
967 config: Config{
968 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
969 Bugs: ProtocolBugs{
970 InvalidSKXSignature: true,
971 },
972 },
973 shouldFail: true,
974 expectedError: ":BAD_SIGNATURE:",
975 },
976 {
977 name: "BadECDSASignature",
978 config: Config{
979 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
980 Bugs: ProtocolBugs{
981 InvalidSKXSignature: true,
982 },
983 Certificates: []Certificate{getECDSACertificate()},
984 },
985 shouldFail: true,
986 expectedError: ":BAD_SIGNATURE:",
987 },
988 {
David Benjamin6de0e532015-07-28 22:43:19 -0400989 testType: serverTest,
990 name: "BadRSASignature-ClientAuth",
991 config: Config{
992 Bugs: ProtocolBugs{
993 InvalidCertVerifySignature: true,
994 },
995 Certificates: []Certificate{getRSACertificate()},
996 },
997 shouldFail: true,
998 expectedError: ":BAD_SIGNATURE:",
999 flags: []string{"-require-any-client-certificate"},
1000 },
1001 {
1002 testType: serverTest,
1003 name: "BadECDSASignature-ClientAuth",
1004 config: Config{
1005 Bugs: ProtocolBugs{
1006 InvalidCertVerifySignature: true,
1007 },
1008 Certificates: []Certificate{getECDSACertificate()},
1009 },
1010 shouldFail: true,
1011 expectedError: ":BAD_SIGNATURE:",
1012 flags: []string{"-require-any-client-certificate"},
1013 },
1014 {
Adam Langley7c803a62015-06-15 15:35:05 -07001015 name: "BadECDSACurve",
1016 config: Config{
1017 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1018 Bugs: ProtocolBugs{
1019 InvalidSKXCurve: true,
1020 },
1021 Certificates: []Certificate{getECDSACertificate()},
1022 },
1023 shouldFail: true,
1024 expectedError: ":WRONG_CURVE:",
1025 },
1026 {
Adam Langley7c803a62015-06-15 15:35:05 -07001027 name: "NoFallbackSCSV",
1028 config: Config{
1029 Bugs: ProtocolBugs{
1030 FailIfNotFallbackSCSV: true,
1031 },
1032 },
1033 shouldFail: true,
1034 expectedLocalError: "no fallback SCSV found",
1035 },
1036 {
1037 name: "SendFallbackSCSV",
1038 config: Config{
1039 Bugs: ProtocolBugs{
1040 FailIfNotFallbackSCSV: true,
1041 },
1042 },
1043 flags: []string{"-fallback-scsv"},
1044 },
1045 {
1046 name: "ClientCertificateTypes",
1047 config: Config{
1048 ClientAuth: RequestClientCert,
1049 ClientCertificateTypes: []byte{
1050 CertTypeDSSSign,
1051 CertTypeRSASign,
1052 CertTypeECDSASign,
1053 },
1054 },
1055 flags: []string{
1056 "-expect-certificate-types",
1057 base64.StdEncoding.EncodeToString([]byte{
1058 CertTypeDSSSign,
1059 CertTypeRSASign,
1060 CertTypeECDSASign,
1061 }),
1062 },
1063 },
1064 {
1065 name: "NoClientCertificate",
1066 config: Config{
1067 ClientAuth: RequireAnyClientCert,
1068 },
1069 shouldFail: true,
1070 expectedLocalError: "client didn't provide a certificate",
1071 },
1072 {
1073 name: "UnauthenticatedECDH",
1074 config: Config{
1075 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1076 Bugs: ProtocolBugs{
1077 UnauthenticatedECDH: true,
1078 },
1079 },
1080 shouldFail: true,
1081 expectedError: ":UNEXPECTED_MESSAGE:",
1082 },
1083 {
1084 name: "SkipCertificateStatus",
1085 config: Config{
1086 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1087 Bugs: ProtocolBugs{
1088 SkipCertificateStatus: true,
1089 },
1090 },
1091 flags: []string{
1092 "-enable-ocsp-stapling",
1093 },
1094 },
1095 {
1096 name: "SkipServerKeyExchange",
1097 config: Config{
1098 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1099 Bugs: ProtocolBugs{
1100 SkipServerKeyExchange: true,
1101 },
1102 },
1103 shouldFail: true,
1104 expectedError: ":UNEXPECTED_MESSAGE:",
1105 },
1106 {
1107 name: "SkipChangeCipherSpec-Client",
1108 config: Config{
1109 Bugs: ProtocolBugs{
1110 SkipChangeCipherSpec: true,
1111 },
1112 },
1113 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001114 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001115 },
1116 {
1117 testType: serverTest,
1118 name: "SkipChangeCipherSpec-Server",
1119 config: Config{
1120 Bugs: ProtocolBugs{
1121 SkipChangeCipherSpec: true,
1122 },
1123 },
1124 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001125 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001126 },
1127 {
1128 testType: serverTest,
1129 name: "SkipChangeCipherSpec-Server-NPN",
1130 config: Config{
1131 NextProtos: []string{"bar"},
1132 Bugs: ProtocolBugs{
1133 SkipChangeCipherSpec: true,
1134 },
1135 },
1136 flags: []string{
1137 "-advertise-npn", "\x03foo\x03bar\x03baz",
1138 },
1139 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001140 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001141 },
1142 {
1143 name: "FragmentAcrossChangeCipherSpec-Client",
1144 config: Config{
1145 Bugs: ProtocolBugs{
1146 FragmentAcrossChangeCipherSpec: true,
1147 },
1148 },
1149 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001150 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001151 },
1152 {
1153 testType: serverTest,
1154 name: "FragmentAcrossChangeCipherSpec-Server",
1155 config: Config{
1156 Bugs: ProtocolBugs{
1157 FragmentAcrossChangeCipherSpec: true,
1158 },
1159 },
1160 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001161 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001162 },
1163 {
1164 testType: serverTest,
1165 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1166 config: Config{
1167 NextProtos: []string{"bar"},
1168 Bugs: ProtocolBugs{
1169 FragmentAcrossChangeCipherSpec: true,
1170 },
1171 },
1172 flags: []string{
1173 "-advertise-npn", "\x03foo\x03bar\x03baz",
1174 },
1175 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001176 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001177 },
1178 {
1179 testType: serverTest,
1180 name: "Alert",
1181 config: Config{
1182 Bugs: ProtocolBugs{
1183 SendSpuriousAlert: alertRecordOverflow,
1184 },
1185 },
1186 shouldFail: true,
1187 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1188 },
1189 {
1190 protocol: dtls,
1191 testType: serverTest,
1192 name: "Alert-DTLS",
1193 config: Config{
1194 Bugs: ProtocolBugs{
1195 SendSpuriousAlert: alertRecordOverflow,
1196 },
1197 },
1198 shouldFail: true,
1199 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1200 },
1201 {
1202 testType: serverTest,
1203 name: "FragmentAlert",
1204 config: Config{
1205 Bugs: ProtocolBugs{
1206 FragmentAlert: true,
1207 SendSpuriousAlert: alertRecordOverflow,
1208 },
1209 },
1210 shouldFail: true,
1211 expectedError: ":BAD_ALERT:",
1212 },
1213 {
1214 protocol: dtls,
1215 testType: serverTest,
1216 name: "FragmentAlert-DTLS",
1217 config: Config{
1218 Bugs: ProtocolBugs{
1219 FragmentAlert: true,
1220 SendSpuriousAlert: alertRecordOverflow,
1221 },
1222 },
1223 shouldFail: true,
1224 expectedError: ":BAD_ALERT:",
1225 },
1226 {
1227 testType: serverTest,
David Benjamin0d3a8c62016-03-11 22:25:18 -05001228 name: "DoubleAlert",
1229 config: Config{
1230 Bugs: ProtocolBugs{
1231 DoubleAlert: true,
1232 SendSpuriousAlert: alertRecordOverflow,
1233 },
1234 },
1235 shouldFail: true,
1236 expectedError: ":BAD_ALERT:",
1237 },
1238 {
1239 protocol: dtls,
1240 testType: serverTest,
1241 name: "DoubleAlert-DTLS",
1242 config: Config{
1243 Bugs: ProtocolBugs{
1244 DoubleAlert: true,
1245 SendSpuriousAlert: alertRecordOverflow,
1246 },
1247 },
1248 shouldFail: true,
1249 expectedError: ":BAD_ALERT:",
1250 },
1251 {
1252 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -07001253 name: "EarlyChangeCipherSpec-server-1",
1254 config: Config{
1255 Bugs: ProtocolBugs{
1256 EarlyChangeCipherSpec: 1,
1257 },
1258 },
1259 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001260 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001261 },
1262 {
1263 testType: serverTest,
1264 name: "EarlyChangeCipherSpec-server-2",
1265 config: Config{
1266 Bugs: ProtocolBugs{
1267 EarlyChangeCipherSpec: 2,
1268 },
1269 },
1270 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001271 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001272 },
1273 {
1274 name: "SkipNewSessionTicket",
1275 config: Config{
1276 Bugs: ProtocolBugs{
1277 SkipNewSessionTicket: true,
1278 },
1279 },
1280 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001281 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001282 },
1283 {
1284 testType: serverTest,
1285 name: "FallbackSCSV",
1286 config: Config{
1287 MaxVersion: VersionTLS11,
1288 Bugs: ProtocolBugs{
1289 SendFallbackSCSV: true,
1290 },
1291 },
1292 shouldFail: true,
1293 expectedError: ":INAPPROPRIATE_FALLBACK:",
1294 },
1295 {
1296 testType: serverTest,
1297 name: "FallbackSCSV-VersionMatch",
1298 config: Config{
1299 Bugs: ProtocolBugs{
1300 SendFallbackSCSV: true,
1301 },
1302 },
1303 },
1304 {
1305 testType: serverTest,
1306 name: "FragmentedClientVersion",
1307 config: Config{
1308 Bugs: ProtocolBugs{
1309 MaxHandshakeRecordLength: 1,
1310 FragmentClientVersion: true,
1311 },
1312 },
1313 expectedVersion: VersionTLS12,
1314 },
1315 {
1316 testType: serverTest,
1317 name: "MinorVersionTolerance",
1318 config: Config{
1319 Bugs: ProtocolBugs{
1320 SendClientVersion: 0x03ff,
1321 },
1322 },
1323 expectedVersion: VersionTLS12,
1324 },
1325 {
1326 testType: serverTest,
1327 name: "MajorVersionTolerance",
1328 config: Config{
1329 Bugs: ProtocolBugs{
1330 SendClientVersion: 0x0400,
1331 },
1332 },
1333 expectedVersion: VersionTLS12,
1334 },
1335 {
1336 testType: serverTest,
1337 name: "VersionTooLow",
1338 config: Config{
1339 Bugs: ProtocolBugs{
1340 SendClientVersion: 0x0200,
1341 },
1342 },
1343 shouldFail: true,
1344 expectedError: ":UNSUPPORTED_PROTOCOL:",
1345 },
1346 {
1347 testType: serverTest,
1348 name: "HttpGET",
1349 sendPrefix: "GET / HTTP/1.0\n",
1350 shouldFail: true,
1351 expectedError: ":HTTP_REQUEST:",
1352 },
1353 {
1354 testType: serverTest,
1355 name: "HttpPOST",
1356 sendPrefix: "POST / HTTP/1.0\n",
1357 shouldFail: true,
1358 expectedError: ":HTTP_REQUEST:",
1359 },
1360 {
1361 testType: serverTest,
1362 name: "HttpHEAD",
1363 sendPrefix: "HEAD / HTTP/1.0\n",
1364 shouldFail: true,
1365 expectedError: ":HTTP_REQUEST:",
1366 },
1367 {
1368 testType: serverTest,
1369 name: "HttpPUT",
1370 sendPrefix: "PUT / HTTP/1.0\n",
1371 shouldFail: true,
1372 expectedError: ":HTTP_REQUEST:",
1373 },
1374 {
1375 testType: serverTest,
1376 name: "HttpCONNECT",
1377 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1378 shouldFail: true,
1379 expectedError: ":HTTPS_PROXY_REQUEST:",
1380 },
1381 {
1382 testType: serverTest,
1383 name: "Garbage",
1384 sendPrefix: "blah",
1385 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -04001386 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -07001387 },
1388 {
Adam Langley7c803a62015-06-15 15:35:05 -07001389 name: "RSAEphemeralKey",
1390 config: Config{
1391 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1392 Bugs: ProtocolBugs{
1393 RSAEphemeralKey: true,
1394 },
1395 },
1396 shouldFail: true,
1397 expectedError: ":UNEXPECTED_MESSAGE:",
1398 },
1399 {
1400 name: "DisableEverything",
Steven Valdez4f94b1c2016-05-24 12:31:07 -04001401 flags: []string{"-no-tls13", "-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
Adam Langley7c803a62015-06-15 15:35:05 -07001402 shouldFail: true,
1403 expectedError: ":WRONG_SSL_VERSION:",
1404 },
1405 {
1406 protocol: dtls,
1407 name: "DisableEverything-DTLS",
1408 flags: []string{"-no-tls12", "-no-tls1"},
1409 shouldFail: true,
1410 expectedError: ":WRONG_SSL_VERSION:",
1411 },
1412 {
1413 name: "NoSharedCipher",
1414 config: Config{
1415 CipherSuites: []uint16{},
1416 },
1417 shouldFail: true,
1418 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1419 },
1420 {
1421 protocol: dtls,
1422 testType: serverTest,
1423 name: "MTU",
1424 config: Config{
1425 Bugs: ProtocolBugs{
1426 MaxPacketLength: 256,
1427 },
1428 },
1429 flags: []string{"-mtu", "256"},
1430 },
1431 {
1432 protocol: dtls,
1433 testType: serverTest,
1434 name: "MTUExceeded",
1435 config: Config{
1436 Bugs: ProtocolBugs{
1437 MaxPacketLength: 255,
1438 },
1439 },
1440 flags: []string{"-mtu", "256"},
1441 shouldFail: true,
1442 expectedLocalError: "dtls: exceeded maximum packet length",
1443 },
1444 {
1445 name: "CertMismatchRSA",
1446 config: Config{
1447 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1448 Certificates: []Certificate{getECDSACertificate()},
1449 Bugs: ProtocolBugs{
1450 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1451 },
1452 },
1453 shouldFail: true,
1454 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1455 },
1456 {
1457 name: "CertMismatchECDSA",
1458 config: Config{
1459 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1460 Certificates: []Certificate{getRSACertificate()},
1461 Bugs: ProtocolBugs{
1462 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1463 },
1464 },
1465 shouldFail: true,
1466 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1467 },
1468 {
1469 name: "EmptyCertificateList",
1470 config: Config{
1471 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1472 Bugs: ProtocolBugs{
1473 EmptyCertificateList: true,
1474 },
1475 },
1476 shouldFail: true,
1477 expectedError: ":DECODE_ERROR:",
1478 },
1479 {
1480 name: "TLSFatalBadPackets",
1481 damageFirstWrite: true,
1482 shouldFail: true,
1483 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1484 },
1485 {
1486 protocol: dtls,
1487 name: "DTLSIgnoreBadPackets",
1488 damageFirstWrite: true,
1489 },
1490 {
1491 protocol: dtls,
1492 name: "DTLSIgnoreBadPackets-Async",
1493 damageFirstWrite: true,
1494 flags: []string{"-async"},
1495 },
1496 {
David Benjamin4cf369b2015-08-22 01:35:43 -04001497 name: "AppDataBeforeHandshake",
1498 config: Config{
1499 Bugs: ProtocolBugs{
1500 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1501 },
1502 },
1503 shouldFail: true,
1504 expectedError: ":UNEXPECTED_RECORD:",
1505 },
1506 {
1507 name: "AppDataBeforeHandshake-Empty",
1508 config: Config{
1509 Bugs: ProtocolBugs{
1510 AppDataBeforeHandshake: []byte{},
1511 },
1512 },
1513 shouldFail: true,
1514 expectedError: ":UNEXPECTED_RECORD:",
1515 },
1516 {
1517 protocol: dtls,
1518 name: "AppDataBeforeHandshake-DTLS",
1519 config: Config{
1520 Bugs: ProtocolBugs{
1521 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1522 },
1523 },
1524 shouldFail: true,
1525 expectedError: ":UNEXPECTED_RECORD:",
1526 },
1527 {
1528 protocol: dtls,
1529 name: "AppDataBeforeHandshake-DTLS-Empty",
1530 config: Config{
1531 Bugs: ProtocolBugs{
1532 AppDataBeforeHandshake: []byte{},
1533 },
1534 },
1535 shouldFail: true,
1536 expectedError: ":UNEXPECTED_RECORD:",
1537 },
1538 {
Adam Langley7c803a62015-06-15 15:35:05 -07001539 name: "AppDataAfterChangeCipherSpec",
1540 config: Config{
1541 Bugs: ProtocolBugs{
1542 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1543 },
1544 },
1545 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001546 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001547 },
1548 {
David Benjamin4cf369b2015-08-22 01:35:43 -04001549 name: "AppDataAfterChangeCipherSpec-Empty",
1550 config: Config{
1551 Bugs: ProtocolBugs{
1552 AppDataAfterChangeCipherSpec: []byte{},
1553 },
1554 },
1555 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -05001556 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -04001557 },
1558 {
Adam Langley7c803a62015-06-15 15:35:05 -07001559 protocol: dtls,
1560 name: "AppDataAfterChangeCipherSpec-DTLS",
1561 config: Config{
1562 Bugs: ProtocolBugs{
1563 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1564 },
1565 },
1566 // BoringSSL's DTLS implementation will drop the out-of-order
1567 // application data.
1568 },
1569 {
David Benjamin4cf369b2015-08-22 01:35:43 -04001570 protocol: dtls,
1571 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1572 config: Config{
1573 Bugs: ProtocolBugs{
1574 AppDataAfterChangeCipherSpec: []byte{},
1575 },
1576 },
1577 // BoringSSL's DTLS implementation will drop the out-of-order
1578 // application data.
1579 },
1580 {
Adam Langley7c803a62015-06-15 15:35:05 -07001581 name: "AlertAfterChangeCipherSpec",
1582 config: Config{
1583 Bugs: ProtocolBugs{
1584 AlertAfterChangeCipherSpec: alertRecordOverflow,
1585 },
1586 },
1587 shouldFail: true,
1588 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1589 },
1590 {
1591 protocol: dtls,
1592 name: "AlertAfterChangeCipherSpec-DTLS",
1593 config: Config{
1594 Bugs: ProtocolBugs{
1595 AlertAfterChangeCipherSpec: alertRecordOverflow,
1596 },
1597 },
1598 shouldFail: true,
1599 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1600 },
1601 {
1602 protocol: dtls,
1603 name: "ReorderHandshakeFragments-Small-DTLS",
1604 config: Config{
1605 Bugs: ProtocolBugs{
1606 ReorderHandshakeFragments: true,
1607 // Small enough that every handshake message is
1608 // fragmented.
1609 MaxHandshakeRecordLength: 2,
1610 },
1611 },
1612 },
1613 {
1614 protocol: dtls,
1615 name: "ReorderHandshakeFragments-Large-DTLS",
1616 config: Config{
1617 Bugs: ProtocolBugs{
1618 ReorderHandshakeFragments: true,
1619 // Large enough that no handshake message is
1620 // fragmented.
1621 MaxHandshakeRecordLength: 2048,
1622 },
1623 },
1624 },
1625 {
1626 protocol: dtls,
1627 name: "MixCompleteMessageWithFragments-DTLS",
1628 config: Config{
1629 Bugs: ProtocolBugs{
1630 ReorderHandshakeFragments: true,
1631 MixCompleteMessageWithFragments: true,
1632 MaxHandshakeRecordLength: 2,
1633 },
1634 },
1635 },
1636 {
1637 name: "SendInvalidRecordType",
1638 config: Config{
1639 Bugs: ProtocolBugs{
1640 SendInvalidRecordType: true,
1641 },
1642 },
1643 shouldFail: true,
1644 expectedError: ":UNEXPECTED_RECORD:",
1645 },
1646 {
1647 protocol: dtls,
1648 name: "SendInvalidRecordType-DTLS",
1649 config: Config{
1650 Bugs: ProtocolBugs{
1651 SendInvalidRecordType: true,
1652 },
1653 },
1654 shouldFail: true,
1655 expectedError: ":UNEXPECTED_RECORD:",
1656 },
1657 {
1658 name: "FalseStart-SkipServerSecondLeg",
1659 config: Config{
1660 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1661 NextProtos: []string{"foo"},
1662 Bugs: ProtocolBugs{
1663 SkipNewSessionTicket: true,
1664 SkipChangeCipherSpec: true,
1665 SkipFinished: true,
1666 ExpectFalseStart: true,
1667 },
1668 },
1669 flags: []string{
1670 "-false-start",
1671 "-handshake-never-done",
1672 "-advertise-alpn", "\x03foo",
1673 },
1674 shimWritesFirst: true,
1675 shouldFail: true,
1676 expectedError: ":UNEXPECTED_RECORD:",
1677 },
1678 {
1679 name: "FalseStart-SkipServerSecondLeg-Implicit",
1680 config: Config{
1681 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1682 NextProtos: []string{"foo"},
1683 Bugs: ProtocolBugs{
1684 SkipNewSessionTicket: true,
1685 SkipChangeCipherSpec: true,
1686 SkipFinished: true,
1687 },
1688 },
1689 flags: []string{
1690 "-implicit-handshake",
1691 "-false-start",
1692 "-handshake-never-done",
1693 "-advertise-alpn", "\x03foo",
1694 },
1695 shouldFail: true,
1696 expectedError: ":UNEXPECTED_RECORD:",
1697 },
1698 {
1699 testType: serverTest,
1700 name: "FailEarlyCallback",
1701 flags: []string{"-fail-early-callback"},
1702 shouldFail: true,
1703 expectedError: ":CONNECTION_REJECTED:",
1704 expectedLocalError: "remote error: access denied",
1705 },
1706 {
1707 name: "WrongMessageType",
1708 config: Config{
1709 Bugs: ProtocolBugs{
1710 WrongCertificateMessageType: true,
1711 },
1712 },
1713 shouldFail: true,
1714 expectedError: ":UNEXPECTED_MESSAGE:",
1715 expectedLocalError: "remote error: unexpected message",
1716 },
1717 {
1718 protocol: dtls,
1719 name: "WrongMessageType-DTLS",
1720 config: Config{
1721 Bugs: ProtocolBugs{
1722 WrongCertificateMessageType: true,
1723 },
1724 },
1725 shouldFail: true,
1726 expectedError: ":UNEXPECTED_MESSAGE:",
1727 expectedLocalError: "remote error: unexpected message",
1728 },
1729 {
1730 protocol: dtls,
1731 name: "FragmentMessageTypeMismatch-DTLS",
1732 config: Config{
1733 Bugs: ProtocolBugs{
1734 MaxHandshakeRecordLength: 2,
1735 FragmentMessageTypeMismatch: true,
1736 },
1737 },
1738 shouldFail: true,
1739 expectedError: ":FRAGMENT_MISMATCH:",
1740 },
1741 {
1742 protocol: dtls,
1743 name: "FragmentMessageLengthMismatch-DTLS",
1744 config: Config{
1745 Bugs: ProtocolBugs{
1746 MaxHandshakeRecordLength: 2,
1747 FragmentMessageLengthMismatch: true,
1748 },
1749 },
1750 shouldFail: true,
1751 expectedError: ":FRAGMENT_MISMATCH:",
1752 },
1753 {
1754 protocol: dtls,
1755 name: "SplitFragments-Header-DTLS",
1756 config: Config{
1757 Bugs: ProtocolBugs{
1758 SplitFragments: 2,
1759 },
1760 },
1761 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -04001762 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001763 },
1764 {
1765 protocol: dtls,
1766 name: "SplitFragments-Boundary-DTLS",
1767 config: Config{
1768 Bugs: ProtocolBugs{
1769 SplitFragments: dtlsRecordHeaderLen,
1770 },
1771 },
1772 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -04001773 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001774 },
1775 {
1776 protocol: dtls,
1777 name: "SplitFragments-Body-DTLS",
1778 config: Config{
1779 Bugs: ProtocolBugs{
1780 SplitFragments: dtlsRecordHeaderLen + 1,
1781 },
1782 },
1783 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -04001784 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -07001785 },
1786 {
1787 protocol: dtls,
1788 name: "SendEmptyFragments-DTLS",
1789 config: Config{
1790 Bugs: ProtocolBugs{
1791 SendEmptyFragments: true,
1792 },
1793 },
1794 },
1795 {
1796 name: "UnsupportedCipherSuite",
1797 config: Config{
1798 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1799 Bugs: ProtocolBugs{
1800 IgnorePeerCipherPreferences: true,
1801 },
1802 },
1803 flags: []string{"-cipher", "DEFAULT:!RC4"},
1804 shouldFail: true,
1805 expectedError: ":WRONG_CIPHER_RETURNED:",
1806 },
1807 {
1808 name: "UnsupportedCurve",
1809 config: Config{
David Benjamin64d92502015-12-19 02:20:57 -05001810 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1811 CurvePreferences: []CurveID{CurveP256},
Adam Langley7c803a62015-06-15 15:35:05 -07001812 Bugs: ProtocolBugs{
1813 IgnorePeerCurvePreferences: true,
1814 },
1815 },
David Benjamin64d92502015-12-19 02:20:57 -05001816 flags: []string{"-p384-only"},
Adam Langley7c803a62015-06-15 15:35:05 -07001817 shouldFail: true,
1818 expectedError: ":WRONG_CURVE:",
1819 },
1820 {
David Benjaminbf82aed2016-03-01 22:57:40 -05001821 name: "BadFinished-Client",
1822 config: Config{
1823 Bugs: ProtocolBugs{
1824 BadFinished: true,
1825 },
1826 },
1827 shouldFail: true,
1828 expectedError: ":DIGEST_CHECK_FAILED:",
1829 },
1830 {
1831 testType: serverTest,
1832 name: "BadFinished-Server",
Adam Langley7c803a62015-06-15 15:35:05 -07001833 config: Config{
1834 Bugs: ProtocolBugs{
1835 BadFinished: true,
1836 },
1837 },
1838 shouldFail: true,
1839 expectedError: ":DIGEST_CHECK_FAILED:",
1840 },
1841 {
1842 name: "FalseStart-BadFinished",
1843 config: Config{
1844 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1845 NextProtos: []string{"foo"},
1846 Bugs: ProtocolBugs{
1847 BadFinished: true,
1848 ExpectFalseStart: true,
1849 },
1850 },
1851 flags: []string{
1852 "-false-start",
1853 "-handshake-never-done",
1854 "-advertise-alpn", "\x03foo",
1855 },
1856 shimWritesFirst: true,
1857 shouldFail: true,
1858 expectedError: ":DIGEST_CHECK_FAILED:",
1859 },
1860 {
1861 name: "NoFalseStart-NoALPN",
1862 config: Config{
1863 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1864 Bugs: ProtocolBugs{
1865 ExpectFalseStart: true,
1866 AlertBeforeFalseStartTest: alertAccessDenied,
1867 },
1868 },
1869 flags: []string{
1870 "-false-start",
1871 },
1872 shimWritesFirst: true,
1873 shouldFail: true,
1874 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1875 expectedLocalError: "tls: peer did not false start: EOF",
1876 },
1877 {
1878 name: "NoFalseStart-NoAEAD",
1879 config: Config{
1880 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1881 NextProtos: []string{"foo"},
1882 Bugs: ProtocolBugs{
1883 ExpectFalseStart: true,
1884 AlertBeforeFalseStartTest: alertAccessDenied,
1885 },
1886 },
1887 flags: []string{
1888 "-false-start",
1889 "-advertise-alpn", "\x03foo",
1890 },
1891 shimWritesFirst: true,
1892 shouldFail: true,
1893 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1894 expectedLocalError: "tls: peer did not false start: EOF",
1895 },
1896 {
1897 name: "NoFalseStart-RSA",
1898 config: Config{
1899 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1900 NextProtos: []string{"foo"},
1901 Bugs: ProtocolBugs{
1902 ExpectFalseStart: true,
1903 AlertBeforeFalseStartTest: alertAccessDenied,
1904 },
1905 },
1906 flags: []string{
1907 "-false-start",
1908 "-advertise-alpn", "\x03foo",
1909 },
1910 shimWritesFirst: true,
1911 shouldFail: true,
1912 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1913 expectedLocalError: "tls: peer did not false start: EOF",
1914 },
1915 {
1916 name: "NoFalseStart-DHE_RSA",
1917 config: Config{
1918 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1919 NextProtos: []string{"foo"},
1920 Bugs: ProtocolBugs{
1921 ExpectFalseStart: true,
1922 AlertBeforeFalseStartTest: alertAccessDenied,
1923 },
1924 },
1925 flags: []string{
1926 "-false-start",
1927 "-advertise-alpn", "\x03foo",
1928 },
1929 shimWritesFirst: true,
1930 shouldFail: true,
1931 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1932 expectedLocalError: "tls: peer did not false start: EOF",
1933 },
1934 {
1935 testType: serverTest,
1936 name: "NoSupportedCurves",
1937 config: Config{
1938 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1939 Bugs: ProtocolBugs{
1940 NoSupportedCurves: true,
1941 },
1942 },
David Benjamin4298d772015-12-19 00:18:25 -05001943 shouldFail: true,
1944 expectedError: ":NO_SHARED_CIPHER:",
Adam Langley7c803a62015-06-15 15:35:05 -07001945 },
1946 {
1947 testType: serverTest,
1948 name: "NoCommonCurves",
1949 config: Config{
1950 CipherSuites: []uint16{
1951 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1952 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1953 },
1954 CurvePreferences: []CurveID{CurveP224},
1955 },
1956 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1957 },
1958 {
1959 protocol: dtls,
1960 name: "SendSplitAlert-Sync",
1961 config: Config{
1962 Bugs: ProtocolBugs{
1963 SendSplitAlert: true,
1964 },
1965 },
1966 },
1967 {
1968 protocol: dtls,
1969 name: "SendSplitAlert-Async",
1970 config: Config{
1971 Bugs: ProtocolBugs{
1972 SendSplitAlert: true,
1973 },
1974 },
1975 flags: []string{"-async"},
1976 },
1977 {
1978 protocol: dtls,
1979 name: "PackDTLSHandshake",
1980 config: Config{
1981 Bugs: ProtocolBugs{
1982 MaxHandshakeRecordLength: 2,
1983 PackHandshakeFragments: 20,
1984 PackHandshakeRecords: 200,
1985 },
1986 },
1987 },
1988 {
Adam Langley7c803a62015-06-15 15:35:05 -07001989 name: "SendEmptyRecords-Pass",
1990 sendEmptyRecords: 32,
1991 },
1992 {
1993 name: "SendEmptyRecords",
1994 sendEmptyRecords: 33,
1995 shouldFail: true,
1996 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1997 },
1998 {
1999 name: "SendEmptyRecords-Async",
2000 sendEmptyRecords: 33,
2001 flags: []string{"-async"},
2002 shouldFail: true,
2003 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2004 },
2005 {
2006 name: "SendWarningAlerts-Pass",
2007 sendWarningAlerts: 4,
2008 },
2009 {
2010 protocol: dtls,
2011 name: "SendWarningAlerts-DTLS-Pass",
2012 sendWarningAlerts: 4,
2013 },
2014 {
2015 name: "SendWarningAlerts",
2016 sendWarningAlerts: 5,
2017 shouldFail: true,
2018 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2019 },
2020 {
2021 name: "SendWarningAlerts-Async",
2022 sendWarningAlerts: 5,
2023 flags: []string{"-async"},
2024 shouldFail: true,
2025 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2026 },
David Benjaminba4594a2015-06-18 18:36:15 -04002027 {
2028 name: "EmptySessionID",
2029 config: Config{
2030 SessionTicketsDisabled: true,
2031 },
2032 noSessionCache: true,
2033 flags: []string{"-expect-no-session"},
2034 },
David Benjamin30789da2015-08-29 22:56:45 -04002035 {
2036 name: "Unclean-Shutdown",
2037 config: Config{
2038 Bugs: ProtocolBugs{
2039 NoCloseNotify: true,
2040 ExpectCloseNotify: true,
2041 },
2042 },
2043 shimShutsDown: true,
2044 flags: []string{"-check-close-notify"},
2045 shouldFail: true,
2046 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
2047 },
2048 {
2049 name: "Unclean-Shutdown-Ignored",
2050 config: Config{
2051 Bugs: ProtocolBugs{
2052 NoCloseNotify: true,
2053 },
2054 },
2055 shimShutsDown: true,
2056 },
David Benjamin4f75aaf2015-09-01 16:53:10 -04002057 {
David Benjaminfa214e42016-05-10 17:03:10 -04002058 name: "Unclean-Shutdown-Alert",
2059 config: Config{
2060 Bugs: ProtocolBugs{
2061 SendAlertOnShutdown: alertDecompressionFailure,
2062 ExpectCloseNotify: true,
2063 },
2064 },
2065 shimShutsDown: true,
2066 flags: []string{"-check-close-notify"},
2067 shouldFail: true,
2068 expectedError: ":SSLV3_ALERT_DECOMPRESSION_FAILURE:",
2069 },
2070 {
David Benjamin4f75aaf2015-09-01 16:53:10 -04002071 name: "LargePlaintext",
2072 config: Config{
2073 Bugs: ProtocolBugs{
2074 SendLargeRecords: true,
2075 },
2076 },
2077 messageLen: maxPlaintext + 1,
2078 shouldFail: true,
2079 expectedError: ":DATA_LENGTH_TOO_LONG:",
2080 },
2081 {
2082 protocol: dtls,
2083 name: "LargePlaintext-DTLS",
2084 config: Config{
2085 Bugs: ProtocolBugs{
2086 SendLargeRecords: true,
2087 },
2088 },
2089 messageLen: maxPlaintext + 1,
2090 shouldFail: true,
2091 expectedError: ":DATA_LENGTH_TOO_LONG:",
2092 },
2093 {
2094 name: "LargeCiphertext",
2095 config: Config{
2096 Bugs: ProtocolBugs{
2097 SendLargeRecords: true,
2098 },
2099 },
2100 messageLen: maxPlaintext * 2,
2101 shouldFail: true,
2102 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
2103 },
2104 {
2105 protocol: dtls,
2106 name: "LargeCiphertext-DTLS",
2107 config: Config{
2108 Bugs: ProtocolBugs{
2109 SendLargeRecords: true,
2110 },
2111 },
2112 messageLen: maxPlaintext * 2,
2113 // Unlike the other four cases, DTLS drops records which
2114 // are invalid before authentication, so the connection
2115 // does not fail.
2116 expectMessageDropped: true,
2117 },
David Benjamindd6fed92015-10-23 17:41:12 -04002118 {
2119 name: "SendEmptySessionTicket",
2120 config: Config{
2121 Bugs: ProtocolBugs{
2122 SendEmptySessionTicket: true,
2123 FailIfSessionOffered: true,
2124 },
2125 },
2126 flags: []string{"-expect-no-session"},
2127 resumeSession: true,
2128 expectResumeRejected: true,
2129 },
David Benjamin99fdfb92015-11-02 12:11:35 -05002130 {
2131 name: "CheckLeafCurve",
2132 config: Config{
2133 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2134 Certificates: []Certificate{getECDSACertificate()},
2135 },
2136 flags: []string{"-p384-only"},
2137 shouldFail: true,
2138 expectedError: ":BAD_ECC_CERT:",
2139 },
David Benjamin8411b242015-11-26 12:07:28 -05002140 {
2141 name: "BadChangeCipherSpec-1",
2142 config: Config{
2143 Bugs: ProtocolBugs{
2144 BadChangeCipherSpec: []byte{2},
2145 },
2146 },
2147 shouldFail: true,
2148 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2149 },
2150 {
2151 name: "BadChangeCipherSpec-2",
2152 config: Config{
2153 Bugs: ProtocolBugs{
2154 BadChangeCipherSpec: []byte{1, 1},
2155 },
2156 },
2157 shouldFail: true,
2158 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2159 },
2160 {
2161 protocol: dtls,
2162 name: "BadChangeCipherSpec-DTLS-1",
2163 config: Config{
2164 Bugs: ProtocolBugs{
2165 BadChangeCipherSpec: []byte{2},
2166 },
2167 },
2168 shouldFail: true,
2169 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2170 },
2171 {
2172 protocol: dtls,
2173 name: "BadChangeCipherSpec-DTLS-2",
2174 config: Config{
2175 Bugs: ProtocolBugs{
2176 BadChangeCipherSpec: []byte{1, 1},
2177 },
2178 },
2179 shouldFail: true,
2180 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2181 },
David Benjaminef5dfd22015-12-06 13:17:07 -05002182 {
2183 name: "BadHelloRequest-1",
2184 renegotiate: 1,
2185 config: Config{
2186 Bugs: ProtocolBugs{
2187 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2188 },
2189 },
2190 flags: []string{
2191 "-renegotiate-freely",
2192 "-expect-total-renegotiations", "1",
2193 },
2194 shouldFail: true,
2195 expectedError: ":BAD_HELLO_REQUEST:",
2196 },
2197 {
2198 name: "BadHelloRequest-2",
2199 renegotiate: 1,
2200 config: Config{
2201 Bugs: ProtocolBugs{
2202 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2203 },
2204 },
2205 flags: []string{
2206 "-renegotiate-freely",
2207 "-expect-total-renegotiations", "1",
2208 },
2209 shouldFail: true,
2210 expectedError: ":BAD_HELLO_REQUEST:",
2211 },
David Benjaminef1b0092015-11-21 14:05:44 -05002212 {
2213 testType: serverTest,
2214 name: "SupportTicketsWithSessionID",
2215 config: Config{
2216 SessionTicketsDisabled: true,
2217 },
2218 resumeConfig: &Config{},
2219 resumeSession: true,
2220 },
David Benjamin2b07fa42016-03-02 00:23:57 -05002221 {
2222 name: "InvalidECDHPoint-Client",
2223 config: Config{
2224 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2225 CurvePreferences: []CurveID{CurveP256},
2226 Bugs: ProtocolBugs{
2227 InvalidECDHPoint: true,
2228 },
2229 },
2230 shouldFail: true,
2231 expectedError: ":INVALID_ENCODING:",
2232 },
2233 {
2234 testType: serverTest,
2235 name: "InvalidECDHPoint-Server",
2236 config: Config{
2237 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2238 CurvePreferences: []CurveID{CurveP256},
2239 Bugs: ProtocolBugs{
2240 InvalidECDHPoint: true,
2241 },
2242 },
2243 shouldFail: true,
2244 expectedError: ":INVALID_ENCODING:",
2245 },
Adam Langley7c803a62015-06-15 15:35:05 -07002246 }
Adam Langley7c803a62015-06-15 15:35:05 -07002247 testCases = append(testCases, basicTests...)
2248}
2249
Adam Langley95c29f32014-06-20 12:00:00 -07002250func addCipherSuiteTests() {
2251 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -04002252 const psk = "12345"
2253 const pskIdentity = "luggage combo"
2254
Adam Langley95c29f32014-06-20 12:00:00 -07002255 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -04002256 var certFile string
2257 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -05002258 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -07002259 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -04002260 certFile = ecdsaCertificateFile
2261 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -07002262 } else {
2263 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -04002264 certFile = rsaCertificateFile
2265 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -07002266 }
2267
David Benjamin48cae082014-10-27 01:06:24 -04002268 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -05002269 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -04002270 flags = append(flags,
2271 "-psk", psk,
2272 "-psk-identity", pskIdentity)
2273 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -07002274 if hasComponent(suite.name, "NULL") {
2275 // NULL ciphers must be explicitly enabled.
2276 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2277 }
Matt Braithwaite053931e2016-05-25 12:06:05 -07002278 if hasComponent(suite.name, "CECPQ1") {
2279 // CECPQ1 ciphers must be explicitly enabled.
2280 flags = append(flags, "-cipher", "DEFAULT:kCECPQ1")
2281 }
David Benjamin48cae082014-10-27 01:06:24 -04002282
Adam Langley95c29f32014-06-20 12:00:00 -07002283 for _, ver := range tlsVersions {
David Benjamin0407e762016-06-17 16:41:18 -04002284 for _, protocol := range []protocol{tls, dtls} {
2285 var prefix string
2286 if protocol == dtls {
2287 if !ver.hasDTLS {
2288 continue
2289 }
2290 prefix = "D"
2291 }
Adam Langley95c29f32014-06-20 12:00:00 -07002292
David Benjamin0407e762016-06-17 16:41:18 -04002293 var shouldServerFail, shouldClientFail bool
2294 if hasComponent(suite.name, "ECDHE") && ver.version == VersionSSL30 {
2295 // BoringSSL clients accept ECDHE on SSLv3, but
2296 // a BoringSSL server will never select it
2297 // because the extension is missing.
2298 shouldServerFail = true
2299 }
2300 if isTLS12Only(suite.name) && ver.version < VersionTLS12 {
2301 shouldClientFail = true
2302 shouldServerFail = true
2303 }
2304 if !isDTLSCipher(suite.name) && protocol == dtls {
2305 shouldClientFail = true
2306 shouldServerFail = true
2307 }
David Benjamin4298d772015-12-19 00:18:25 -05002308
David Benjamin0407e762016-06-17 16:41:18 -04002309 var expectedServerError, expectedClientError string
2310 if shouldServerFail {
2311 expectedServerError = ":NO_SHARED_CIPHER:"
2312 }
2313 if shouldClientFail {
2314 expectedClientError = ":WRONG_CIPHER_RETURNED:"
2315 }
David Benjamin025b3d32014-07-01 19:53:04 -04002316
David Benjamin6fd297b2014-08-11 18:43:38 -04002317 testCases = append(testCases, testCase{
2318 testType: serverTest,
David Benjamin0407e762016-06-17 16:41:18 -04002319 protocol: protocol,
2320
2321 name: prefix + ver.name + "-" + suite.name + "-server",
David Benjamin6fd297b2014-08-11 18:43:38 -04002322 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -04002323 MinVersion: ver.version,
2324 MaxVersion: ver.version,
2325 CipherSuites: []uint16{suite.id},
2326 Certificates: []Certificate{cert},
2327 PreSharedKey: []byte(psk),
2328 PreSharedKeyIdentity: pskIdentity,
David Benjamin0407e762016-06-17 16:41:18 -04002329 Bugs: ProtocolBugs{
2330 EnableAllCiphers: true,
2331 IgnorePeerCipherPreferences: true,
2332 },
David Benjamin6fd297b2014-08-11 18:43:38 -04002333 },
2334 certFile: certFile,
2335 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -04002336 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -05002337 resumeSession: true,
David Benjamin0407e762016-06-17 16:41:18 -04002338 shouldFail: shouldServerFail,
2339 expectedError: expectedServerError,
2340 })
2341
2342 testCases = append(testCases, testCase{
2343 testType: clientTest,
2344 protocol: protocol,
2345 name: prefix + ver.name + "-" + suite.name + "-client",
2346 config: Config{
2347 MinVersion: ver.version,
2348 MaxVersion: ver.version,
2349 CipherSuites: []uint16{suite.id},
2350 Certificates: []Certificate{cert},
2351 PreSharedKey: []byte(psk),
2352 PreSharedKeyIdentity: pskIdentity,
2353 Bugs: ProtocolBugs{
2354 EnableAllCiphers: true,
2355 IgnorePeerCipherPreferences: true,
2356 },
2357 },
2358 flags: flags,
2359 resumeSession: true,
2360 shouldFail: shouldClientFail,
2361 expectedError: expectedClientError,
David Benjamin6fd297b2014-08-11 18:43:38 -04002362 })
2363 }
Adam Langley95c29f32014-06-20 12:00:00 -07002364 }
David Benjamin2c99d282015-09-01 10:23:00 -04002365
2366 // Ensure both TLS and DTLS accept their maximum record sizes.
2367 testCases = append(testCases, testCase{
2368 name: suite.name + "-LargeRecord",
2369 config: Config{
2370 CipherSuites: []uint16{suite.id},
2371 Certificates: []Certificate{cert},
2372 PreSharedKey: []byte(psk),
2373 PreSharedKeyIdentity: pskIdentity,
2374 },
2375 flags: flags,
2376 messageLen: maxPlaintext,
2377 })
David Benjamin2c99d282015-09-01 10:23:00 -04002378 if isDTLSCipher(suite.name) {
2379 testCases = append(testCases, testCase{
2380 protocol: dtls,
2381 name: suite.name + "-LargeRecord-DTLS",
2382 config: Config{
2383 CipherSuites: []uint16{suite.id},
2384 Certificates: []Certificate{cert},
2385 PreSharedKey: []byte(psk),
2386 PreSharedKeyIdentity: pskIdentity,
2387 },
2388 flags: flags,
2389 messageLen: maxPlaintext,
2390 })
2391 }
Adam Langley95c29f32014-06-20 12:00:00 -07002392 }
Adam Langleya7997f12015-05-14 17:38:50 -07002393
2394 testCases = append(testCases, testCase{
2395 name: "WeakDH",
2396 config: Config{
2397 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2398 Bugs: ProtocolBugs{
2399 // This is a 1023-bit prime number, generated
2400 // with:
2401 // openssl gendh 1023 | openssl asn1parse -i
2402 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2403 },
2404 },
2405 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -08002406 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -07002407 })
Adam Langleycef75832015-09-03 14:51:12 -07002408
David Benjamincd24a392015-11-11 13:23:05 -08002409 testCases = append(testCases, testCase{
2410 name: "SillyDH",
2411 config: Config{
2412 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2413 Bugs: ProtocolBugs{
2414 // This is a 4097-bit prime number, generated
2415 // with:
2416 // openssl gendh 4097 | openssl asn1parse -i
2417 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2418 },
2419 },
2420 shouldFail: true,
2421 expectedError: ":DH_P_TOO_LONG:",
2422 })
2423
Adam Langleyc4f25ce2015-11-26 16:39:08 -08002424 // This test ensures that Diffie-Hellman public values are padded with
2425 // zeros so that they're the same length as the prime. This is to avoid
2426 // hitting a bug in yaSSL.
2427 testCases = append(testCases, testCase{
2428 testType: serverTest,
2429 name: "DHPublicValuePadded",
2430 config: Config{
2431 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2432 Bugs: ProtocolBugs{
2433 RequireDHPublicValueLen: (1025 + 7) / 8,
2434 },
2435 },
2436 flags: []string{"-use-sparse-dh-prime"},
2437 })
David Benjamincd24a392015-11-11 13:23:05 -08002438
David Benjamin241ae832016-01-15 03:04:54 -05002439 // The server must be tolerant to bogus ciphers.
2440 const bogusCipher = 0x1234
2441 testCases = append(testCases, testCase{
2442 testType: serverTest,
2443 name: "UnknownCipher",
2444 config: Config{
2445 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2446 },
2447 })
2448
Adam Langleycef75832015-09-03 14:51:12 -07002449 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2450 // 1.1 specific cipher suite settings. A server is setup with the given
2451 // cipher lists and then a connection is made for each member of
2452 // expectations. The cipher suite that the server selects must match
2453 // the specified one.
2454 var versionSpecificCiphersTest = []struct {
2455 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2456 // expectations is a map from TLS version to cipher suite id.
2457 expectations map[uint16]uint16
2458 }{
2459 {
2460 // Test that the null case (where no version-specific ciphers are set)
2461 // works as expected.
2462 "RC4-SHA:AES128-SHA", // default ciphers
2463 "", // no ciphers specifically for TLS ≥ 1.0
2464 "", // no ciphers specifically for TLS ≥ 1.1
2465 map[uint16]uint16{
2466 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2467 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2468 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2469 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2470 },
2471 },
2472 {
2473 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2474 // cipher.
2475 "RC4-SHA:AES128-SHA", // default
2476 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2477 "", // no ciphers specifically for TLS ≥ 1.1
2478 map[uint16]uint16{
2479 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2480 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2481 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2482 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2483 },
2484 },
2485 {
2486 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2487 // cipher.
2488 "RC4-SHA:AES128-SHA", // default
2489 "", // no ciphers specifically for TLS ≥ 1.0
2490 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2491 map[uint16]uint16{
2492 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2493 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2494 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2495 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2496 },
2497 },
2498 {
2499 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2500 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2501 "RC4-SHA:AES128-SHA", // default
2502 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2503 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2504 map[uint16]uint16{
2505 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2506 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2507 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2508 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2509 },
2510 },
2511 }
2512
2513 for i, test := range versionSpecificCiphersTest {
2514 for version, expectedCipherSuite := range test.expectations {
2515 flags := []string{"-cipher", test.ciphersDefault}
2516 if len(test.ciphersTLS10) > 0 {
2517 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2518 }
2519 if len(test.ciphersTLS11) > 0 {
2520 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2521 }
2522
2523 testCases = append(testCases, testCase{
2524 testType: serverTest,
2525 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2526 config: Config{
2527 MaxVersion: version,
2528 MinVersion: version,
2529 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2530 },
2531 flags: flags,
2532 expectedCipher: expectedCipherSuite,
2533 })
2534 }
2535 }
Adam Langley95c29f32014-06-20 12:00:00 -07002536}
2537
2538func addBadECDSASignatureTests() {
2539 for badR := BadValue(1); badR < NumBadValues; badR++ {
2540 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -04002541 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -07002542 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2543 config: Config{
2544 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2545 Certificates: []Certificate{getECDSACertificate()},
2546 Bugs: ProtocolBugs{
2547 BadECDSAR: badR,
2548 BadECDSAS: badS,
2549 },
2550 },
2551 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -05002552 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -07002553 })
2554 }
2555 }
2556}
2557
Adam Langley80842bd2014-06-20 12:00:00 -07002558func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -04002559 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -07002560 name: "MaxCBCPadding",
2561 config: Config{
2562 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2563 Bugs: ProtocolBugs{
2564 MaxPadding: true,
2565 },
2566 },
2567 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2568 })
David Benjamin025b3d32014-07-01 19:53:04 -04002569 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -07002570 name: "BadCBCPadding",
2571 config: Config{
2572 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2573 Bugs: ProtocolBugs{
2574 PaddingFirstByteBad: true,
2575 },
2576 },
2577 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -05002578 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -07002579 })
2580 // OpenSSL previously had an issue where the first byte of padding in
2581 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -04002582 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -07002583 name: "BadCBCPadding255",
2584 config: Config{
2585 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2586 Bugs: ProtocolBugs{
2587 MaxPadding: true,
2588 PaddingFirstByteBadIf255: true,
2589 },
2590 },
2591 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2592 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -05002593 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -07002594 })
2595}
2596
Kenny Root7fdeaf12014-08-05 15:23:37 -07002597func addCBCSplittingTests() {
2598 testCases = append(testCases, testCase{
2599 name: "CBCRecordSplitting",
2600 config: Config{
2601 MaxVersion: VersionTLS10,
2602 MinVersion: VersionTLS10,
2603 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2604 },
David Benjaminac8302a2015-09-01 17:18:15 -04002605 messageLen: -1, // read until EOF
2606 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -07002607 flags: []string{
2608 "-async",
2609 "-write-different-record-sizes",
2610 "-cbc-record-splitting",
2611 },
David Benjamina8e3e0e2014-08-06 22:11:10 -04002612 })
2613 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -07002614 name: "CBCRecordSplittingPartialWrite",
2615 config: Config{
2616 MaxVersion: VersionTLS10,
2617 MinVersion: VersionTLS10,
2618 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2619 },
2620 messageLen: -1, // read until EOF
2621 flags: []string{
2622 "-async",
2623 "-write-different-record-sizes",
2624 "-cbc-record-splitting",
2625 "-partial-write",
2626 },
2627 })
2628}
2629
David Benjamin636293b2014-07-08 17:59:18 -04002630func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -04002631 // Add a dummy cert pool to stress certificate authority parsing.
2632 // TODO(davidben): Add tests that those values parse out correctly.
2633 certPool := x509.NewCertPool()
2634 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2635 if err != nil {
2636 panic(err)
2637 }
2638 certPool.AddCert(cert)
2639
David Benjamin636293b2014-07-08 17:59:18 -04002640 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -04002641 testCases = append(testCases, testCase{
2642 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -04002643 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -04002644 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -04002645 MinVersion: ver.version,
2646 MaxVersion: ver.version,
2647 ClientAuth: RequireAnyClientCert,
2648 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -04002649 },
2650 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -07002651 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2652 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -04002653 },
2654 })
2655 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -04002656 testType: serverTest,
2657 name: ver.name + "-Server-ClientAuth-RSA",
2658 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -04002659 MinVersion: ver.version,
2660 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -04002661 Certificates: []Certificate{rsaCertificate},
2662 },
2663 flags: []string{"-require-any-client-certificate"},
2664 })
David Benjamine098ec22014-08-27 23:13:20 -04002665 if ver.version != VersionSSL30 {
2666 testCases = append(testCases, testCase{
2667 testType: serverTest,
2668 name: ver.name + "-Server-ClientAuth-ECDSA",
2669 config: Config{
2670 MinVersion: ver.version,
2671 MaxVersion: ver.version,
2672 Certificates: []Certificate{ecdsaCertificate},
2673 },
2674 flags: []string{"-require-any-client-certificate"},
2675 })
2676 testCases = append(testCases, testCase{
2677 testType: clientTest,
2678 name: ver.name + "-Client-ClientAuth-ECDSA",
2679 config: Config{
2680 MinVersion: ver.version,
2681 MaxVersion: ver.version,
2682 ClientAuth: RequireAnyClientCert,
2683 ClientCAs: certPool,
2684 },
2685 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -07002686 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2687 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -04002688 },
2689 })
2690 }
David Benjamin636293b2014-07-08 17:59:18 -04002691 }
David Benjamin0b7ca7d2016-03-10 15:44:22 -05002692
2693 testCases = append(testCases, testCase{
2694 testType: serverTest,
2695 name: "RequireAnyClientCertificate",
2696 flags: []string{"-require-any-client-certificate"},
2697 shouldFail: true,
2698 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2699 })
2700
2701 testCases = append(testCases, testCase{
2702 testType: serverTest,
David Benjamindf28c3a2016-03-10 16:11:51 -05002703 name: "RequireAnyClientCertificate-SSL3",
2704 config: Config{
2705 MaxVersion: VersionSSL30,
2706 },
2707 flags: []string{"-require-any-client-certificate"},
2708 shouldFail: true,
2709 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2710 })
2711
2712 testCases = append(testCases, testCase{
2713 testType: serverTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -05002714 name: "SkipClientCertificate",
2715 config: Config{
2716 Bugs: ProtocolBugs{
2717 SkipClientCertificate: true,
2718 },
2719 },
2720 // Setting SSL_VERIFY_PEER allows anonymous clients.
2721 flags: []string{"-verify-peer"},
2722 shouldFail: true,
David Benjamindf28c3a2016-03-10 16:11:51 -05002723 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin0b7ca7d2016-03-10 15:44:22 -05002724 })
David Benjaminc032dfa2016-05-12 14:54:57 -04002725
2726 // Client auth is only legal in certificate-based ciphers.
2727 testCases = append(testCases, testCase{
2728 testType: clientTest,
2729 name: "ClientAuth-PSK",
2730 config: Config{
2731 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2732 PreSharedKey: []byte("secret"),
2733 ClientAuth: RequireAnyClientCert,
2734 },
2735 flags: []string{
2736 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2737 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2738 "-psk", "secret",
2739 },
2740 shouldFail: true,
2741 expectedError: ":UNEXPECTED_MESSAGE:",
2742 })
2743 testCases = append(testCases, testCase{
2744 testType: clientTest,
2745 name: "ClientAuth-ECDHE_PSK",
2746 config: Config{
2747 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
2748 PreSharedKey: []byte("secret"),
2749 ClientAuth: RequireAnyClientCert,
2750 },
2751 flags: []string{
2752 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2753 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2754 "-psk", "secret",
2755 },
2756 shouldFail: true,
2757 expectedError: ":UNEXPECTED_MESSAGE:",
2758 })
David Benjamin636293b2014-07-08 17:59:18 -04002759}
2760
Adam Langley75712922014-10-10 16:23:43 -07002761func addExtendedMasterSecretTests() {
2762 const expectEMSFlag = "-expect-extended-master-secret"
2763
2764 for _, with := range []bool{false, true} {
2765 prefix := "No"
2766 var flags []string
2767 if with {
2768 prefix = ""
2769 flags = []string{expectEMSFlag}
2770 }
2771
2772 for _, isClient := range []bool{false, true} {
2773 suffix := "-Server"
2774 testType := serverTest
2775 if isClient {
2776 suffix = "-Client"
2777 testType = clientTest
2778 }
2779
2780 for _, ver := range tlsVersions {
2781 test := testCase{
2782 testType: testType,
2783 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2784 config: Config{
2785 MinVersion: ver.version,
2786 MaxVersion: ver.version,
2787 Bugs: ProtocolBugs{
2788 NoExtendedMasterSecret: !with,
2789 RequireExtendedMasterSecret: with,
2790 },
2791 },
David Benjamin48cae082014-10-27 01:06:24 -04002792 flags: flags,
2793 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -07002794 }
2795 if test.shouldFail {
2796 test.expectedLocalError = "extended master secret required but not supported by peer"
2797 }
2798 testCases = append(testCases, test)
2799 }
2800 }
2801 }
2802
Adam Langleyba5934b2015-06-02 10:50:35 -07002803 for _, isClient := range []bool{false, true} {
2804 for _, supportedInFirstConnection := range []bool{false, true} {
2805 for _, supportedInResumeConnection := range []bool{false, true} {
2806 boolToWord := func(b bool) string {
2807 if b {
2808 return "Yes"
2809 }
2810 return "No"
2811 }
2812 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2813 if isClient {
2814 suffix += "Client"
2815 } else {
2816 suffix += "Server"
2817 }
2818
2819 supportedConfig := Config{
2820 Bugs: ProtocolBugs{
2821 RequireExtendedMasterSecret: true,
2822 },
2823 }
2824
2825 noSupportConfig := Config{
2826 Bugs: ProtocolBugs{
2827 NoExtendedMasterSecret: true,
2828 },
2829 }
2830
2831 test := testCase{
2832 name: "ExtendedMasterSecret-" + suffix,
2833 resumeSession: true,
2834 }
2835
2836 if !isClient {
2837 test.testType = serverTest
2838 }
2839
2840 if supportedInFirstConnection {
2841 test.config = supportedConfig
2842 } else {
2843 test.config = noSupportConfig
2844 }
2845
2846 if supportedInResumeConnection {
2847 test.resumeConfig = &supportedConfig
2848 } else {
2849 test.resumeConfig = &noSupportConfig
2850 }
2851
2852 switch suffix {
2853 case "YesToYes-Client", "YesToYes-Server":
2854 // When a session is resumed, it should
2855 // still be aware that its master
2856 // secret was generated via EMS and
2857 // thus it's safe to use tls-unique.
2858 test.flags = []string{expectEMSFlag}
2859 case "NoToYes-Server":
2860 // If an original connection did not
2861 // contain EMS, but a resumption
2862 // handshake does, then a server should
2863 // not resume the session.
2864 test.expectResumeRejected = true
2865 case "YesToNo-Server":
2866 // Resuming an EMS session without the
2867 // EMS extension should cause the
2868 // server to abort the connection.
2869 test.shouldFail = true
2870 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2871 case "NoToYes-Client":
2872 // A client should abort a connection
2873 // where the server resumed a non-EMS
2874 // session but echoed the EMS
2875 // extension.
2876 test.shouldFail = true
2877 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2878 case "YesToNo-Client":
2879 // A client should abort a connection
2880 // where the server didn't echo EMS
2881 // when the session used it.
2882 test.shouldFail = true
2883 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2884 }
2885
2886 testCases = append(testCases, test)
2887 }
2888 }
2889 }
Adam Langley75712922014-10-10 16:23:43 -07002890}
2891
David Benjamin43ec06f2014-08-05 02:28:57 -04002892// Adds tests that try to cover the range of the handshake state machine, under
2893// various conditions. Some of these are redundant with other tests, but they
2894// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -04002895func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -04002896 var tests []testCase
2897
2898 // Basic handshake, with resumption. Client and server,
2899 // session ID and session ticket.
2900 tests = append(tests, testCase{
2901 name: "Basic-Client",
2902 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -05002903 // Ensure session tickets are used, not session IDs.
2904 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -04002905 })
2906 tests = append(tests, testCase{
2907 name: "Basic-Client-RenewTicket",
2908 config: Config{
2909 Bugs: ProtocolBugs{
2910 RenewTicketOnResume: true,
2911 },
2912 },
David Benjaminba4594a2015-06-18 18:36:15 -04002913 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -04002914 resumeSession: true,
2915 })
2916 tests = append(tests, testCase{
2917 name: "Basic-Client-NoTicket",
2918 config: Config{
2919 SessionTicketsDisabled: true,
2920 },
2921 resumeSession: true,
2922 })
2923 tests = append(tests, testCase{
2924 name: "Basic-Client-Implicit",
2925 flags: []string{"-implicit-handshake"},
2926 resumeSession: true,
2927 })
2928 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -05002929 testType: serverTest,
2930 name: "Basic-Server",
2931 config: Config{
2932 Bugs: ProtocolBugs{
2933 RequireSessionTickets: true,
2934 },
2935 },
David Benjamin760b1dd2015-05-15 23:33:48 -04002936 resumeSession: true,
2937 })
2938 tests = append(tests, testCase{
2939 testType: serverTest,
2940 name: "Basic-Server-NoTickets",
2941 config: Config{
2942 SessionTicketsDisabled: true,
2943 },
2944 resumeSession: true,
2945 })
2946 tests = append(tests, testCase{
2947 testType: serverTest,
2948 name: "Basic-Server-Implicit",
2949 flags: []string{"-implicit-handshake"},
2950 resumeSession: true,
2951 })
2952 tests = append(tests, testCase{
2953 testType: serverTest,
2954 name: "Basic-Server-EarlyCallback",
2955 flags: []string{"-use-early-callback"},
2956 resumeSession: true,
2957 })
2958
2959 // TLS client auth.
2960 tests = append(tests, testCase{
2961 testType: clientTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -05002962 name: "ClientAuth-NoCertificate-Client",
David Benjaminacb6dcc2016-03-10 09:15:01 -05002963 config: Config{
2964 ClientAuth: RequestClientCert,
2965 },
2966 })
2967 tests = append(tests, testCase{
David Benjamin0b7ca7d2016-03-10 15:44:22 -05002968 testType: serverTest,
2969 name: "ClientAuth-NoCertificate-Server",
2970 // Setting SSL_VERIFY_PEER allows anonymous clients.
2971 flags: []string{"-verify-peer"},
2972 })
2973 if protocol == tls {
2974 tests = append(tests, testCase{
2975 testType: clientTest,
2976 name: "ClientAuth-NoCertificate-Client-SSL3",
2977 config: Config{
2978 MaxVersion: VersionSSL30,
2979 ClientAuth: RequestClientCert,
2980 },
2981 })
2982 tests = append(tests, testCase{
2983 testType: serverTest,
2984 name: "ClientAuth-NoCertificate-Server-SSL3",
2985 config: Config{
2986 MaxVersion: VersionSSL30,
2987 },
2988 // Setting SSL_VERIFY_PEER allows anonymous clients.
2989 flags: []string{"-verify-peer"},
2990 })
2991 }
2992 tests = append(tests, testCase{
David Benjaminacb6dcc2016-03-10 09:15:01 -05002993 testType: clientTest,
2994 name: "ClientAuth-NoCertificate-OldCallback",
2995 config: Config{
2996 ClientAuth: RequestClientCert,
2997 },
2998 flags: []string{"-use-old-client-cert-callback"},
2999 })
3000 tests = append(tests, testCase{
3001 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -07003002 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -04003003 config: Config{
3004 ClientAuth: RequireAnyClientCert,
3005 },
3006 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -07003007 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3008 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -04003009 },
3010 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -07003011 tests = append(tests, testCase{
3012 testType: clientTest,
3013 name: "ClientAuth-ECDSA-Client",
3014 config: Config{
3015 ClientAuth: RequireAnyClientCert,
3016 },
3017 flags: []string{
3018 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3019 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
3020 },
3021 })
David Benjaminacb6dcc2016-03-10 09:15:01 -05003022 tests = append(tests, testCase{
3023 testType: clientTest,
3024 name: "ClientAuth-OldCallback",
3025 config: Config{
3026 ClientAuth: RequireAnyClientCert,
3027 },
3028 flags: []string{
3029 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3030 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3031 "-use-old-client-cert-callback",
3032 },
3033 })
3034
David Benjaminb4d65fd2015-05-29 17:11:21 -04003035 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -07003036 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -04003037 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -07003038 testType: serverTest,
3039 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -04003040 config: Config{
nagendra modadugu3398dbf2015-08-07 14:07:52 -07003041 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -04003042 },
3043 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -07003044 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3045 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -04003046 },
3047 })
nagendra modadugu601448a2015-07-24 09:31:31 -07003048 tests = append(tests, testCase{
3049 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -07003050 name: "Basic-Server-ECDHE-RSA",
3051 config: Config{
3052 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3053 },
nagendra modadugu601448a2015-07-24 09:31:31 -07003054 flags: []string{
3055 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3056 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -07003057 },
3058 })
3059 tests = append(tests, testCase{
3060 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -07003061 name: "Basic-Server-ECDHE-ECDSA",
3062 config: Config{
3063 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
3064 },
nagendra modadugu601448a2015-07-24 09:31:31 -07003065 flags: []string{
3066 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3067 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -07003068 },
3069 })
David Benjaminb4d65fd2015-05-29 17:11:21 -04003070 }
David Benjamin760b1dd2015-05-15 23:33:48 -04003071 tests = append(tests, testCase{
3072 testType: serverTest,
3073 name: "ClientAuth-Server",
3074 config: Config{
3075 Certificates: []Certificate{rsaCertificate},
3076 },
3077 flags: []string{"-require-any-client-certificate"},
3078 })
3079
3080 // No session ticket support; server doesn't send NewSessionTicket.
3081 tests = append(tests, testCase{
3082 name: "SessionTicketsDisabled-Client",
3083 config: Config{
3084 SessionTicketsDisabled: true,
3085 },
3086 })
3087 tests = append(tests, testCase{
3088 testType: serverTest,
3089 name: "SessionTicketsDisabled-Server",
3090 config: Config{
3091 SessionTicketsDisabled: true,
3092 },
3093 })
3094
3095 // Skip ServerKeyExchange in PSK key exchange if there's no
3096 // identity hint.
3097 tests = append(tests, testCase{
3098 name: "EmptyPSKHint-Client",
3099 config: Config{
3100 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3101 PreSharedKey: []byte("secret"),
3102 },
3103 flags: []string{"-psk", "secret"},
3104 })
3105 tests = append(tests, testCase{
3106 testType: serverTest,
3107 name: "EmptyPSKHint-Server",
3108 config: Config{
3109 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3110 PreSharedKey: []byte("secret"),
3111 },
3112 flags: []string{"-psk", "secret"},
3113 })
3114
Paul Lietaraeeff2c2015-08-12 11:47:11 +01003115 tests = append(tests, testCase{
3116 testType: clientTest,
3117 name: "OCSPStapling-Client",
3118 flags: []string{
3119 "-enable-ocsp-stapling",
3120 "-expect-ocsp-response",
3121 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +01003122 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +01003123 },
Paul Lietar62be8ac2015-09-16 10:03:30 +01003124 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +01003125 })
3126
3127 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -04003128 testType: serverTest,
3129 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +01003130 expectedOCSPResponse: testOCSPResponse,
3131 flags: []string{
3132 "-ocsp-response",
3133 base64.StdEncoding.EncodeToString(testOCSPResponse),
3134 },
Paul Lietar62be8ac2015-09-16 10:03:30 +01003135 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +01003136 })
3137
Paul Lietar8f1c2682015-08-18 12:21:54 +01003138 tests = append(tests, testCase{
3139 testType: clientTest,
3140 name: "CertificateVerificationSucceed",
3141 flags: []string{
3142 "-verify-peer",
3143 },
3144 })
3145
3146 tests = append(tests, testCase{
3147 testType: clientTest,
3148 name: "CertificateVerificationFail",
3149 flags: []string{
3150 "-verify-fail",
3151 "-verify-peer",
3152 },
3153 shouldFail: true,
3154 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
3155 })
3156
3157 tests = append(tests, testCase{
3158 testType: clientTest,
3159 name: "CertificateVerificationSoftFail",
3160 flags: []string{
3161 "-verify-fail",
3162 "-expect-verify-result",
3163 },
3164 })
3165
David Benjamin760b1dd2015-05-15 23:33:48 -04003166 if protocol == tls {
3167 tests = append(tests, testCase{
3168 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04003169 renegotiate: 1,
3170 flags: []string{
3171 "-renegotiate-freely",
3172 "-expect-total-renegotiations", "1",
3173 },
David Benjamin760b1dd2015-05-15 23:33:48 -04003174 })
3175 // NPN on client and server; results in post-handshake message.
3176 tests = append(tests, testCase{
3177 name: "NPN-Client",
3178 config: Config{
3179 NextProtos: []string{"foo"},
3180 },
3181 flags: []string{"-select-next-proto", "foo"},
David Benjaminf8fcdf32016-06-08 15:56:13 -04003182 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -04003183 expectedNextProto: "foo",
3184 expectedNextProtoType: npn,
3185 })
3186 tests = append(tests, testCase{
3187 testType: serverTest,
3188 name: "NPN-Server",
3189 config: Config{
3190 NextProtos: []string{"bar"},
3191 },
3192 flags: []string{
3193 "-advertise-npn", "\x03foo\x03bar\x03baz",
3194 "-expect-next-proto", "bar",
3195 },
David Benjaminf8fcdf32016-06-08 15:56:13 -04003196 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -04003197 expectedNextProto: "bar",
3198 expectedNextProtoType: npn,
3199 })
3200
3201 // TODO(davidben): Add tests for when False Start doesn't trigger.
3202
3203 // Client does False Start and negotiates NPN.
3204 tests = append(tests, testCase{
3205 name: "FalseStart",
3206 config: Config{
3207 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3208 NextProtos: []string{"foo"},
3209 Bugs: ProtocolBugs{
3210 ExpectFalseStart: true,
3211 },
3212 },
3213 flags: []string{
3214 "-false-start",
3215 "-select-next-proto", "foo",
3216 },
3217 shimWritesFirst: true,
3218 resumeSession: true,
3219 })
3220
3221 // Client does False Start and negotiates ALPN.
3222 tests = append(tests, testCase{
3223 name: "FalseStart-ALPN",
3224 config: Config{
3225 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3226 NextProtos: []string{"foo"},
3227 Bugs: ProtocolBugs{
3228 ExpectFalseStart: true,
3229 },
3230 },
3231 flags: []string{
3232 "-false-start",
3233 "-advertise-alpn", "\x03foo",
3234 },
3235 shimWritesFirst: true,
3236 resumeSession: true,
3237 })
3238
3239 // Client does False Start but doesn't explicitly call
3240 // SSL_connect.
3241 tests = append(tests, testCase{
3242 name: "FalseStart-Implicit",
3243 config: Config{
3244 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3245 NextProtos: []string{"foo"},
3246 },
3247 flags: []string{
3248 "-implicit-handshake",
3249 "-false-start",
3250 "-advertise-alpn", "\x03foo",
3251 },
3252 })
3253
3254 // False Start without session tickets.
3255 tests = append(tests, testCase{
3256 name: "FalseStart-SessionTicketsDisabled",
3257 config: Config{
3258 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3259 NextProtos: []string{"foo"},
3260 SessionTicketsDisabled: true,
3261 Bugs: ProtocolBugs{
3262 ExpectFalseStart: true,
3263 },
3264 },
3265 flags: []string{
3266 "-false-start",
3267 "-select-next-proto", "foo",
3268 },
3269 shimWritesFirst: true,
3270 })
3271
3272 // Server parses a V2ClientHello.
3273 tests = append(tests, testCase{
3274 testType: serverTest,
3275 name: "SendV2ClientHello",
3276 config: Config{
3277 // Choose a cipher suite that does not involve
3278 // elliptic curves, so no extensions are
3279 // involved.
3280 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3281 Bugs: ProtocolBugs{
3282 SendV2ClientHello: true,
3283 },
3284 },
3285 })
3286
3287 // Client sends a Channel ID.
3288 tests = append(tests, testCase{
3289 name: "ChannelID-Client",
3290 config: Config{
3291 RequestChannelID: true,
3292 },
Adam Langley7c803a62015-06-15 15:35:05 -07003293 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -04003294 resumeSession: true,
3295 expectChannelID: true,
3296 })
3297
3298 // Server accepts a Channel ID.
3299 tests = append(tests, testCase{
3300 testType: serverTest,
3301 name: "ChannelID-Server",
3302 config: Config{
3303 ChannelID: channelIDKey,
3304 },
3305 flags: []string{
3306 "-expect-channel-id",
3307 base64.StdEncoding.EncodeToString(channelIDBytes),
3308 },
3309 resumeSession: true,
3310 expectChannelID: true,
3311 })
David Benjamin30789da2015-08-29 22:56:45 -04003312
David Benjaminf8fcdf32016-06-08 15:56:13 -04003313 // Channel ID and NPN at the same time, to ensure their relative
3314 // ordering is correct.
3315 tests = append(tests, testCase{
3316 name: "ChannelID-NPN-Client",
3317 config: Config{
3318 RequestChannelID: true,
3319 NextProtos: []string{"foo"},
3320 },
3321 flags: []string{
3322 "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
3323 "-select-next-proto", "foo",
3324 },
3325 resumeSession: true,
3326 expectChannelID: true,
3327 expectedNextProto: "foo",
3328 expectedNextProtoType: npn,
3329 })
3330 tests = append(tests, testCase{
3331 testType: serverTest,
3332 name: "ChannelID-NPN-Server",
3333 config: Config{
3334 ChannelID: channelIDKey,
3335 NextProtos: []string{"bar"},
3336 },
3337 flags: []string{
3338 "-expect-channel-id",
3339 base64.StdEncoding.EncodeToString(channelIDBytes),
3340 "-advertise-npn", "\x03foo\x03bar\x03baz",
3341 "-expect-next-proto", "bar",
3342 },
3343 resumeSession: true,
3344 expectChannelID: true,
3345 expectedNextProto: "bar",
3346 expectedNextProtoType: npn,
3347 })
3348
David Benjamin30789da2015-08-29 22:56:45 -04003349 // Bidirectional shutdown with the runner initiating.
3350 tests = append(tests, testCase{
3351 name: "Shutdown-Runner",
3352 config: Config{
3353 Bugs: ProtocolBugs{
3354 ExpectCloseNotify: true,
3355 },
3356 },
3357 flags: []string{"-check-close-notify"},
3358 })
3359
3360 // Bidirectional shutdown with the shim initiating. The runner,
3361 // in the meantime, sends garbage before the close_notify which
3362 // the shim must ignore.
3363 tests = append(tests, testCase{
3364 name: "Shutdown-Shim",
3365 config: Config{
3366 Bugs: ProtocolBugs{
3367 ExpectCloseNotify: true,
3368 },
3369 },
3370 shimShutsDown: true,
3371 sendEmptyRecords: 1,
3372 sendWarningAlerts: 1,
3373 flags: []string{"-check-close-notify"},
3374 })
David Benjamin760b1dd2015-05-15 23:33:48 -04003375 } else {
3376 tests = append(tests, testCase{
3377 name: "SkipHelloVerifyRequest",
3378 config: Config{
3379 Bugs: ProtocolBugs{
3380 SkipHelloVerifyRequest: true,
3381 },
3382 },
3383 })
3384 }
3385
David Benjamin760b1dd2015-05-15 23:33:48 -04003386 for _, test := range tests {
3387 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -05003388 if protocol == dtls {
3389 test.name += "-DTLS"
3390 }
3391 if async {
3392 test.name += "-Async"
3393 test.flags = append(test.flags, "-async")
3394 } else {
3395 test.name += "-Sync"
3396 }
3397 if splitHandshake {
3398 test.name += "-SplitHandshakeRecords"
3399 test.config.Bugs.MaxHandshakeRecordLength = 1
3400 if protocol == dtls {
3401 test.config.Bugs.MaxPacketLength = 256
3402 test.flags = append(test.flags, "-mtu", "256")
3403 }
3404 }
David Benjamin760b1dd2015-05-15 23:33:48 -04003405 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -04003406 }
David Benjamin43ec06f2014-08-05 02:28:57 -04003407}
3408
Adam Langley524e7172015-02-20 16:04:00 -08003409func addDDoSCallbackTests() {
3410 // DDoS callback.
3411
3412 for _, resume := range []bool{false, true} {
3413 suffix := "Resume"
3414 if resume {
3415 suffix = "No" + suffix
3416 }
3417
3418 testCases = append(testCases, testCase{
3419 testType: serverTest,
3420 name: "Server-DDoS-OK-" + suffix,
3421 flags: []string{"-install-ddos-callback"},
3422 resumeSession: resume,
3423 })
3424
3425 failFlag := "-fail-ddos-callback"
3426 if resume {
3427 failFlag = "-fail-second-ddos-callback"
3428 }
3429 testCases = append(testCases, testCase{
3430 testType: serverTest,
3431 name: "Server-DDoS-Reject-" + suffix,
3432 flags: []string{"-install-ddos-callback", failFlag},
3433 resumeSession: resume,
3434 shouldFail: true,
3435 expectedError: ":CONNECTION_REJECTED:",
3436 })
3437 }
3438}
3439
David Benjamin7e2e6cf2014-08-07 17:44:24 -04003440func addVersionNegotiationTests() {
3441 for i, shimVers := range tlsVersions {
3442 // Assemble flags to disable all newer versions on the shim.
3443 var flags []string
3444 for _, vers := range tlsVersions[i+1:] {
3445 flags = append(flags, vers.flag)
3446 }
3447
3448 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -05003449 protocols := []protocol{tls}
3450 if runnerVers.hasDTLS && shimVers.hasDTLS {
3451 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -04003452 }
David Benjamin8b8c0062014-11-23 02:47:52 -05003453 for _, protocol := range protocols {
3454 expectedVersion := shimVers.version
3455 if runnerVers.version < shimVers.version {
3456 expectedVersion = runnerVers.version
3457 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -04003458
David Benjamin8b8c0062014-11-23 02:47:52 -05003459 suffix := shimVers.name + "-" + runnerVers.name
3460 if protocol == dtls {
3461 suffix += "-DTLS"
3462 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -04003463
David Benjamin1eb367c2014-12-12 18:17:51 -05003464 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3465
David Benjamin1e29a6b2014-12-10 02:27:24 -05003466 clientVers := shimVers.version
3467 if clientVers > VersionTLS10 {
3468 clientVers = VersionTLS10
3469 }
David Benjamin8b8c0062014-11-23 02:47:52 -05003470 testCases = append(testCases, testCase{
3471 protocol: protocol,
3472 testType: clientTest,
3473 name: "VersionNegotiation-Client-" + suffix,
3474 config: Config{
3475 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -05003476 Bugs: ProtocolBugs{
3477 ExpectInitialRecordVersion: clientVers,
3478 },
David Benjamin8b8c0062014-11-23 02:47:52 -05003479 },
3480 flags: flags,
3481 expectedVersion: expectedVersion,
3482 })
David Benjamin1eb367c2014-12-12 18:17:51 -05003483 testCases = append(testCases, testCase{
3484 protocol: protocol,
3485 testType: clientTest,
3486 name: "VersionNegotiation-Client2-" + suffix,
3487 config: Config{
3488 MaxVersion: runnerVers.version,
3489 Bugs: ProtocolBugs{
3490 ExpectInitialRecordVersion: clientVers,
3491 },
3492 },
3493 flags: []string{"-max-version", shimVersFlag},
3494 expectedVersion: expectedVersion,
3495 })
David Benjamin8b8c0062014-11-23 02:47:52 -05003496
3497 testCases = append(testCases, testCase{
3498 protocol: protocol,
3499 testType: serverTest,
3500 name: "VersionNegotiation-Server-" + suffix,
3501 config: Config{
3502 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -05003503 Bugs: ProtocolBugs{
3504 ExpectInitialRecordVersion: expectedVersion,
3505 },
David Benjamin8b8c0062014-11-23 02:47:52 -05003506 },
3507 flags: flags,
3508 expectedVersion: expectedVersion,
3509 })
David Benjamin1eb367c2014-12-12 18:17:51 -05003510 testCases = append(testCases, testCase{
3511 protocol: protocol,
3512 testType: serverTest,
3513 name: "VersionNegotiation-Server2-" + suffix,
3514 config: Config{
3515 MaxVersion: runnerVers.version,
3516 Bugs: ProtocolBugs{
3517 ExpectInitialRecordVersion: expectedVersion,
3518 },
3519 },
3520 flags: []string{"-max-version", shimVersFlag},
3521 expectedVersion: expectedVersion,
3522 })
David Benjamin8b8c0062014-11-23 02:47:52 -05003523 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -04003524 }
3525 }
3526}
3527
David Benjaminaccb4542014-12-12 23:44:33 -05003528func addMinimumVersionTests() {
3529 for i, shimVers := range tlsVersions {
3530 // Assemble flags to disable all older versions on the shim.
3531 var flags []string
3532 for _, vers := range tlsVersions[:i] {
3533 flags = append(flags, vers.flag)
3534 }
3535
3536 for _, runnerVers := range tlsVersions {
3537 protocols := []protocol{tls}
3538 if runnerVers.hasDTLS && shimVers.hasDTLS {
3539 protocols = append(protocols, dtls)
3540 }
3541 for _, protocol := range protocols {
3542 suffix := shimVers.name + "-" + runnerVers.name
3543 if protocol == dtls {
3544 suffix += "-DTLS"
3545 }
3546 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3547
David Benjaminaccb4542014-12-12 23:44:33 -05003548 var expectedVersion uint16
3549 var shouldFail bool
3550 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -05003551 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -05003552 if runnerVers.version >= shimVers.version {
3553 expectedVersion = runnerVers.version
3554 } else {
3555 shouldFail = true
3556 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamina565d292015-12-30 16:51:32 -05003557 expectedLocalError = "remote error: protocol version not supported"
David Benjaminaccb4542014-12-12 23:44:33 -05003558 }
3559
3560 testCases = append(testCases, testCase{
3561 protocol: protocol,
3562 testType: clientTest,
3563 name: "MinimumVersion-Client-" + suffix,
3564 config: Config{
3565 MaxVersion: runnerVers.version,
3566 },
David Benjamin87909c02014-12-13 01:55:01 -05003567 flags: flags,
3568 expectedVersion: expectedVersion,
3569 shouldFail: shouldFail,
3570 expectedError: expectedError,
3571 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -05003572 })
3573 testCases = append(testCases, testCase{
3574 protocol: protocol,
3575 testType: clientTest,
3576 name: "MinimumVersion-Client2-" + suffix,
3577 config: Config{
3578 MaxVersion: runnerVers.version,
3579 },
David Benjamin87909c02014-12-13 01:55:01 -05003580 flags: []string{"-min-version", shimVersFlag},
3581 expectedVersion: expectedVersion,
3582 shouldFail: shouldFail,
3583 expectedError: expectedError,
3584 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -05003585 })
3586
3587 testCases = append(testCases, testCase{
3588 protocol: protocol,
3589 testType: serverTest,
3590 name: "MinimumVersion-Server-" + suffix,
3591 config: Config{
3592 MaxVersion: runnerVers.version,
3593 },
David Benjamin87909c02014-12-13 01:55:01 -05003594 flags: flags,
3595 expectedVersion: expectedVersion,
3596 shouldFail: shouldFail,
3597 expectedError: expectedError,
3598 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -05003599 })
3600 testCases = append(testCases, testCase{
3601 protocol: protocol,
3602 testType: serverTest,
3603 name: "MinimumVersion-Server2-" + suffix,
3604 config: Config{
3605 MaxVersion: runnerVers.version,
3606 },
David Benjamin87909c02014-12-13 01:55:01 -05003607 flags: []string{"-min-version", shimVersFlag},
3608 expectedVersion: expectedVersion,
3609 shouldFail: shouldFail,
3610 expectedError: expectedError,
3611 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -05003612 })
3613 }
3614 }
3615 }
3616}
3617
David Benjamine78bfde2014-09-06 12:45:15 -04003618func addExtensionTests() {
3619 testCases = append(testCases, testCase{
3620 testType: clientTest,
3621 name: "DuplicateExtensionClient",
3622 config: Config{
3623 Bugs: ProtocolBugs{
3624 DuplicateExtension: true,
3625 },
3626 },
3627 shouldFail: true,
3628 expectedLocalError: "remote error: error decoding message",
3629 })
3630 testCases = append(testCases, testCase{
3631 testType: serverTest,
3632 name: "DuplicateExtensionServer",
3633 config: Config{
3634 Bugs: ProtocolBugs{
3635 DuplicateExtension: true,
3636 },
3637 },
3638 shouldFail: true,
3639 expectedLocalError: "remote error: error decoding message",
3640 })
3641 testCases = append(testCases, testCase{
3642 testType: clientTest,
3643 name: "ServerNameExtensionClient",
3644 config: Config{
3645 Bugs: ProtocolBugs{
3646 ExpectServerName: "example.com",
3647 },
3648 },
3649 flags: []string{"-host-name", "example.com"},
3650 })
3651 testCases = append(testCases, testCase{
3652 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -05003653 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -04003654 config: Config{
3655 Bugs: ProtocolBugs{
3656 ExpectServerName: "mismatch.com",
3657 },
3658 },
3659 flags: []string{"-host-name", "example.com"},
3660 shouldFail: true,
3661 expectedLocalError: "tls: unexpected server name",
3662 })
3663 testCases = append(testCases, testCase{
3664 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -05003665 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -04003666 config: Config{
3667 Bugs: ProtocolBugs{
3668 ExpectServerName: "missing.com",
3669 },
3670 },
3671 shouldFail: true,
3672 expectedLocalError: "tls: unexpected server name",
3673 })
3674 testCases = append(testCases, testCase{
3675 testType: serverTest,
3676 name: "ServerNameExtensionServer",
3677 config: Config{
3678 ServerName: "example.com",
3679 },
3680 flags: []string{"-expect-server-name", "example.com"},
3681 resumeSession: true,
3682 })
David Benjaminae2888f2014-09-06 12:58:58 -04003683 testCases = append(testCases, testCase{
3684 testType: clientTest,
3685 name: "ALPNClient",
3686 config: Config{
3687 NextProtos: []string{"foo"},
3688 },
3689 flags: []string{
3690 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3691 "-expect-alpn", "foo",
3692 },
David Benjaminfc7b0862014-09-06 13:21:53 -04003693 expectedNextProto: "foo",
3694 expectedNextProtoType: alpn,
3695 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -04003696 })
3697 testCases = append(testCases, testCase{
3698 testType: serverTest,
3699 name: "ALPNServer",
3700 config: Config{
3701 NextProtos: []string{"foo", "bar", "baz"},
3702 },
3703 flags: []string{
3704 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3705 "-select-alpn", "foo",
3706 },
David Benjaminfc7b0862014-09-06 13:21:53 -04003707 expectedNextProto: "foo",
3708 expectedNextProtoType: alpn,
3709 resumeSession: true,
3710 })
David Benjamin594e7d22016-03-17 17:49:56 -04003711 testCases = append(testCases, testCase{
3712 testType: serverTest,
3713 name: "ALPNServer-Decline",
3714 config: Config{
3715 NextProtos: []string{"foo", "bar", "baz"},
3716 },
3717 flags: []string{"-decline-alpn"},
3718 expectNoNextProto: true,
3719 resumeSession: true,
3720 })
David Benjaminfc7b0862014-09-06 13:21:53 -04003721 // Test that the server prefers ALPN over NPN.
3722 testCases = append(testCases, testCase{
3723 testType: serverTest,
3724 name: "ALPNServer-Preferred",
3725 config: Config{
3726 NextProtos: []string{"foo", "bar", "baz"},
3727 },
3728 flags: []string{
3729 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3730 "-select-alpn", "foo",
3731 "-advertise-npn", "\x03foo\x03bar\x03baz",
3732 },
3733 expectedNextProto: "foo",
3734 expectedNextProtoType: alpn,
3735 resumeSession: true,
3736 })
3737 testCases = append(testCases, testCase{
3738 testType: serverTest,
3739 name: "ALPNServer-Preferred-Swapped",
3740 config: Config{
3741 NextProtos: []string{"foo", "bar", "baz"},
3742 Bugs: ProtocolBugs{
3743 SwapNPNAndALPN: true,
3744 },
3745 },
3746 flags: []string{
3747 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3748 "-select-alpn", "foo",
3749 "-advertise-npn", "\x03foo\x03bar\x03baz",
3750 },
3751 expectedNextProto: "foo",
3752 expectedNextProtoType: alpn,
3753 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -04003754 })
Adam Langleyefb0e162015-07-09 11:35:04 -07003755 var emptyString string
3756 testCases = append(testCases, testCase{
3757 testType: clientTest,
3758 name: "ALPNClient-EmptyProtocolName",
3759 config: Config{
3760 NextProtos: []string{""},
3761 Bugs: ProtocolBugs{
3762 // A server returning an empty ALPN protocol
3763 // should be rejected.
3764 ALPNProtocol: &emptyString,
3765 },
3766 },
3767 flags: []string{
3768 "-advertise-alpn", "\x03foo",
3769 },
Doug Hoganecdf7f92015-07-09 18:27:28 -07003770 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -07003771 expectedError: ":PARSE_TLSEXT:",
3772 })
3773 testCases = append(testCases, testCase{
3774 testType: serverTest,
3775 name: "ALPNServer-EmptyProtocolName",
3776 config: Config{
3777 // A ClientHello containing an empty ALPN protocol
3778 // should be rejected.
3779 NextProtos: []string{"foo", "", "baz"},
3780 },
3781 flags: []string{
3782 "-select-alpn", "foo",
3783 },
Doug Hoganecdf7f92015-07-09 18:27:28 -07003784 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -07003785 expectedError: ":PARSE_TLSEXT:",
3786 })
David Benjamin76c2efc2015-08-31 14:24:29 -04003787 // Test that negotiating both NPN and ALPN is forbidden.
3788 testCases = append(testCases, testCase{
3789 name: "NegotiateALPNAndNPN",
3790 config: Config{
3791 NextProtos: []string{"foo", "bar", "baz"},
3792 Bugs: ProtocolBugs{
3793 NegotiateALPNAndNPN: true,
3794 },
3795 },
3796 flags: []string{
3797 "-advertise-alpn", "\x03foo",
3798 "-select-next-proto", "foo",
3799 },
3800 shouldFail: true,
3801 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3802 })
3803 testCases = append(testCases, testCase{
3804 name: "NegotiateALPNAndNPN-Swapped",
3805 config: Config{
3806 NextProtos: []string{"foo", "bar", "baz"},
3807 Bugs: ProtocolBugs{
3808 NegotiateALPNAndNPN: true,
3809 SwapNPNAndALPN: true,
3810 },
3811 },
3812 flags: []string{
3813 "-advertise-alpn", "\x03foo",
3814 "-select-next-proto", "foo",
3815 },
3816 shouldFail: true,
3817 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3818 })
David Benjamin091c4b92015-10-26 13:33:21 -04003819 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3820 testCases = append(testCases, testCase{
3821 name: "DisableNPN",
3822 config: Config{
3823 NextProtos: []string{"foo"},
3824 },
3825 flags: []string{
3826 "-select-next-proto", "foo",
3827 "-disable-npn",
3828 },
3829 expectNoNextProto: true,
3830 })
Adam Langley38311732014-10-16 19:04:35 -07003831 // Resume with a corrupt ticket.
3832 testCases = append(testCases, testCase{
3833 testType: serverTest,
3834 name: "CorruptTicket",
3835 config: Config{
3836 Bugs: ProtocolBugs{
3837 CorruptTicket: true,
3838 },
3839 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -07003840 resumeSession: true,
3841 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -07003842 })
David Benjamind98452d2015-06-16 14:16:23 -04003843 // Test the ticket callback, with and without renewal.
3844 testCases = append(testCases, testCase{
3845 testType: serverTest,
3846 name: "TicketCallback",
3847 resumeSession: true,
3848 flags: []string{"-use-ticket-callback"},
3849 })
3850 testCases = append(testCases, testCase{
3851 testType: serverTest,
3852 name: "TicketCallback-Renew",
3853 config: Config{
3854 Bugs: ProtocolBugs{
3855 ExpectNewTicket: true,
3856 },
3857 },
3858 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3859 resumeSession: true,
3860 })
Adam Langley38311732014-10-16 19:04:35 -07003861 // Resume with an oversized session id.
3862 testCases = append(testCases, testCase{
3863 testType: serverTest,
3864 name: "OversizedSessionId",
3865 config: Config{
3866 Bugs: ProtocolBugs{
3867 OversizedSessionId: true,
3868 },
3869 },
3870 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -07003871 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -07003872 expectedError: ":DECODE_ERROR:",
3873 })
David Benjaminca6c8262014-11-15 19:06:08 -05003874 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3875 // are ignored.
3876 testCases = append(testCases, testCase{
3877 protocol: dtls,
3878 name: "SRTP-Client",
3879 config: Config{
3880 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3881 },
3882 flags: []string{
3883 "-srtp-profiles",
3884 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3885 },
3886 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3887 })
3888 testCases = append(testCases, testCase{
3889 protocol: dtls,
3890 testType: serverTest,
3891 name: "SRTP-Server",
3892 config: Config{
3893 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3894 },
3895 flags: []string{
3896 "-srtp-profiles",
3897 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3898 },
3899 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3900 })
3901 // Test that the MKI is ignored.
3902 testCases = append(testCases, testCase{
3903 protocol: dtls,
3904 testType: serverTest,
3905 name: "SRTP-Server-IgnoreMKI",
3906 config: Config{
3907 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3908 Bugs: ProtocolBugs{
3909 SRTPMasterKeyIdentifer: "bogus",
3910 },
3911 },
3912 flags: []string{
3913 "-srtp-profiles",
3914 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3915 },
3916 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3917 })
3918 // Test that SRTP isn't negotiated on the server if there were
3919 // no matching profiles.
3920 testCases = append(testCases, testCase{
3921 protocol: dtls,
3922 testType: serverTest,
3923 name: "SRTP-Server-NoMatch",
3924 config: Config{
3925 SRTPProtectionProfiles: []uint16{100, 101, 102},
3926 },
3927 flags: []string{
3928 "-srtp-profiles",
3929 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3930 },
3931 expectedSRTPProtectionProfile: 0,
3932 })
3933 // Test that the server returning an invalid SRTP profile is
3934 // flagged as an error by the client.
3935 testCases = append(testCases, testCase{
3936 protocol: dtls,
3937 name: "SRTP-Client-NoMatch",
3938 config: Config{
3939 Bugs: ProtocolBugs{
3940 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3941 },
3942 },
3943 flags: []string{
3944 "-srtp-profiles",
3945 "SRTP_AES128_CM_SHA1_80",
3946 },
3947 shouldFail: true,
3948 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3949 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +01003950 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -05003951 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -04003952 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +01003953 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -05003954 flags: []string{
3955 "-enable-signed-cert-timestamps",
3956 "-expect-signed-cert-timestamps",
3957 base64.StdEncoding.EncodeToString(testSCTList),
3958 },
Paul Lietar62be8ac2015-09-16 10:03:30 +01003959 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -05003960 })
Adam Langley33ad2b52015-07-20 17:43:53 -07003961 testCases = append(testCases, testCase{
David Benjamin80d1b352016-05-04 19:19:06 -04003962 name: "SendSCTListOnResume",
3963 config: Config{
3964 Bugs: ProtocolBugs{
3965 SendSCTListOnResume: []byte("bogus"),
3966 },
3967 },
3968 flags: []string{
3969 "-enable-signed-cert-timestamps",
3970 "-expect-signed-cert-timestamps",
3971 base64.StdEncoding.EncodeToString(testSCTList),
3972 },
3973 resumeSession: true,
3974 })
3975 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -04003976 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +01003977 testType: serverTest,
3978 flags: []string{
3979 "-signed-cert-timestamps",
3980 base64.StdEncoding.EncodeToString(testSCTList),
3981 },
3982 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +01003983 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +01003984 })
3985 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -07003986 testType: clientTest,
3987 name: "ClientHelloPadding",
3988 config: Config{
3989 Bugs: ProtocolBugs{
3990 RequireClientHelloSize: 512,
3991 },
3992 },
3993 // This hostname just needs to be long enough to push the
3994 // ClientHello into F5's danger zone between 256 and 511 bytes
3995 // long.
3996 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3997 })
David Benjaminc7ce9772015-10-09 19:32:41 -04003998
3999 // Extensions should not function in SSL 3.0.
4000 testCases = append(testCases, testCase{
4001 testType: serverTest,
4002 name: "SSLv3Extensions-NoALPN",
4003 config: Config{
4004 MaxVersion: VersionSSL30,
4005 NextProtos: []string{"foo", "bar", "baz"},
4006 },
4007 flags: []string{
4008 "-select-alpn", "foo",
4009 },
4010 expectNoNextProto: true,
4011 })
4012
4013 // Test session tickets separately as they follow a different codepath.
4014 testCases = append(testCases, testCase{
4015 testType: serverTest,
4016 name: "SSLv3Extensions-NoTickets",
4017 config: Config{
4018 MaxVersion: VersionSSL30,
4019 Bugs: ProtocolBugs{
4020 // Historically, session tickets in SSL 3.0
4021 // failed in different ways depending on whether
4022 // the client supported renegotiation_info.
4023 NoRenegotiationInfo: true,
4024 },
4025 },
4026 resumeSession: true,
4027 })
4028 testCases = append(testCases, testCase{
4029 testType: serverTest,
4030 name: "SSLv3Extensions-NoTickets2",
4031 config: Config{
4032 MaxVersion: VersionSSL30,
4033 },
4034 resumeSession: true,
4035 })
4036
4037 // But SSL 3.0 does send and process renegotiation_info.
4038 testCases = append(testCases, testCase{
4039 testType: serverTest,
4040 name: "SSLv3Extensions-RenegotiationInfo",
4041 config: Config{
4042 MaxVersion: VersionSSL30,
4043 Bugs: ProtocolBugs{
4044 RequireRenegotiationInfo: true,
4045 },
4046 },
4047 })
4048 testCases = append(testCases, testCase{
4049 testType: serverTest,
4050 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
4051 config: Config{
4052 MaxVersion: VersionSSL30,
4053 Bugs: ProtocolBugs{
4054 NoRenegotiationInfo: true,
4055 SendRenegotiationSCSV: true,
4056 RequireRenegotiationInfo: true,
4057 },
4058 },
4059 })
David Benjamine78bfde2014-09-06 12:45:15 -04004060}
4061
David Benjamin01fe8202014-09-24 15:21:44 -04004062func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -04004063 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -04004064 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -05004065 protocols := []protocol{tls}
4066 if sessionVers.hasDTLS && resumeVers.hasDTLS {
4067 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -05004068 }
David Benjamin8b8c0062014-11-23 02:47:52 -05004069 for _, protocol := range protocols {
4070 suffix := "-" + sessionVers.name + "-" + resumeVers.name
4071 if protocol == dtls {
4072 suffix += "-DTLS"
4073 }
4074
David Benjaminece3de92015-03-16 18:02:20 -04004075 if sessionVers.version == resumeVers.version {
4076 testCases = append(testCases, testCase{
4077 protocol: protocol,
4078 name: "Resume-Client" + suffix,
4079 resumeSession: true,
4080 config: Config{
4081 MaxVersion: sessionVers.version,
4082 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -05004083 },
David Benjaminece3de92015-03-16 18:02:20 -04004084 expectedVersion: sessionVers.version,
4085 expectedResumeVersion: resumeVers.version,
4086 })
4087 } else {
4088 testCases = append(testCases, testCase{
4089 protocol: protocol,
4090 name: "Resume-Client-Mismatch" + suffix,
4091 resumeSession: true,
4092 config: Config{
4093 MaxVersion: sessionVers.version,
4094 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -05004095 },
David Benjaminece3de92015-03-16 18:02:20 -04004096 expectedVersion: sessionVers.version,
4097 resumeConfig: &Config{
4098 MaxVersion: resumeVers.version,
4099 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4100 Bugs: ProtocolBugs{
4101 AllowSessionVersionMismatch: true,
4102 },
4103 },
4104 expectedResumeVersion: resumeVers.version,
4105 shouldFail: true,
4106 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
4107 })
4108 }
David Benjamin8b8c0062014-11-23 02:47:52 -05004109
4110 testCases = append(testCases, testCase{
4111 protocol: protocol,
4112 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -05004113 resumeSession: true,
4114 config: Config{
4115 MaxVersion: sessionVers.version,
4116 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4117 },
4118 expectedVersion: sessionVers.version,
4119 resumeConfig: &Config{
4120 MaxVersion: resumeVers.version,
4121 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4122 },
4123 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -07004124 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -05004125 expectedResumeVersion: resumeVers.version,
4126 })
4127
David Benjamin8b8c0062014-11-23 02:47:52 -05004128 testCases = append(testCases, testCase{
4129 protocol: protocol,
4130 testType: serverTest,
4131 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -05004132 resumeSession: true,
4133 config: Config{
4134 MaxVersion: sessionVers.version,
4135 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4136 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -07004137 expectedVersion: sessionVers.version,
4138 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -05004139 resumeConfig: &Config{
4140 MaxVersion: resumeVers.version,
4141 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4142 },
4143 expectedResumeVersion: resumeVers.version,
4144 })
4145 }
David Benjamin01fe8202014-09-24 15:21:44 -04004146 }
4147 }
David Benjaminece3de92015-03-16 18:02:20 -04004148
4149 testCases = append(testCases, testCase{
4150 name: "Resume-Client-CipherMismatch",
4151 resumeSession: true,
4152 config: Config{
4153 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4154 },
4155 resumeConfig: &Config{
4156 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4157 Bugs: ProtocolBugs{
4158 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
4159 },
4160 },
4161 shouldFail: true,
4162 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
4163 })
David Benjamin01fe8202014-09-24 15:21:44 -04004164}
4165
Adam Langley2ae77d22014-10-28 17:29:33 -07004166func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -04004167 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -04004168 testCases = append(testCases, testCase{
4169 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -04004170 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004171 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -04004172 shouldFail: true,
4173 expectedError: ":NO_RENEGOTIATION:",
4174 expectedLocalError: "remote error: no renegotiation",
4175 })
Adam Langley5021b222015-06-12 18:27:58 -07004176 // The server shouldn't echo the renegotiation extension unless
4177 // requested by the client.
4178 testCases = append(testCases, testCase{
4179 testType: serverTest,
4180 name: "Renegotiate-Server-NoExt",
4181 config: Config{
4182 Bugs: ProtocolBugs{
4183 NoRenegotiationInfo: true,
4184 RequireRenegotiationInfo: true,
4185 },
4186 },
4187 shouldFail: true,
4188 expectedLocalError: "renegotiation extension missing",
4189 })
4190 // The renegotiation SCSV should be sufficient for the server to echo
4191 // the extension.
4192 testCases = append(testCases, testCase{
4193 testType: serverTest,
4194 name: "Renegotiate-Server-NoExt-SCSV",
4195 config: Config{
4196 Bugs: ProtocolBugs{
4197 NoRenegotiationInfo: true,
4198 SendRenegotiationSCSV: true,
4199 RequireRenegotiationInfo: true,
4200 },
4201 },
4202 })
Adam Langleycf2d4f42014-10-28 19:06:14 -07004203 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -04004204 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -04004205 config: Config{
4206 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -04004207 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -04004208 },
4209 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004210 renegotiate: 1,
4211 flags: []string{
4212 "-renegotiate-freely",
4213 "-expect-total-renegotiations", "1",
4214 },
David Benjamincdea40c2015-03-19 14:09:43 -04004215 })
4216 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -07004217 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004218 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -07004219 config: Config{
4220 Bugs: ProtocolBugs{
4221 EmptyRenegotiationInfo: true,
4222 },
4223 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004224 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -07004225 shouldFail: true,
4226 expectedError: ":RENEGOTIATION_MISMATCH:",
4227 })
4228 testCases = append(testCases, testCase{
4229 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004230 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -07004231 config: Config{
4232 Bugs: ProtocolBugs{
4233 BadRenegotiationInfo: true,
4234 },
4235 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004236 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -07004237 shouldFail: true,
4238 expectedError: ":RENEGOTIATION_MISMATCH:",
4239 })
4240 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -05004241 name: "Renegotiate-Client-Downgrade",
4242 renegotiate: 1,
4243 config: Config{
4244 Bugs: ProtocolBugs{
4245 NoRenegotiationInfoAfterInitial: true,
4246 },
4247 },
4248 flags: []string{"-renegotiate-freely"},
4249 shouldFail: true,
4250 expectedError: ":RENEGOTIATION_MISMATCH:",
4251 })
4252 testCases = append(testCases, testCase{
4253 name: "Renegotiate-Client-Upgrade",
4254 renegotiate: 1,
4255 config: Config{
4256 Bugs: ProtocolBugs{
4257 NoRenegotiationInfoInInitial: true,
4258 },
4259 },
4260 flags: []string{"-renegotiate-freely"},
4261 shouldFail: true,
4262 expectedError: ":RENEGOTIATION_MISMATCH:",
4263 })
4264 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -04004265 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004266 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -04004267 config: Config{
4268 Bugs: ProtocolBugs{
4269 NoRenegotiationInfo: true,
4270 },
4271 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004272 flags: []string{
4273 "-renegotiate-freely",
4274 "-expect-total-renegotiations", "1",
4275 },
David Benjamincff0b902015-05-15 23:09:47 -04004276 })
4277 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -07004278 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004279 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -07004280 config: Config{
4281 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4282 },
4283 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004284 flags: []string{
4285 "-renegotiate-freely",
4286 "-expect-total-renegotiations", "1",
4287 },
Adam Langleycf2d4f42014-10-28 19:06:14 -07004288 })
4289 testCases = append(testCases, testCase{
4290 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004291 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -07004292 config: Config{
4293 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4294 },
4295 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004296 flags: []string{
4297 "-renegotiate-freely",
4298 "-expect-total-renegotiations", "1",
4299 },
David Benjaminb16346b2015-04-08 19:16:58 -04004300 })
4301 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -05004302 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004303 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -05004304 config: Config{
4305 MaxVersion: VersionTLS10,
4306 Bugs: ProtocolBugs{
4307 RequireSameRenegoClientVersion: true,
4308 },
4309 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004310 flags: []string{
4311 "-renegotiate-freely",
4312 "-expect-total-renegotiations", "1",
4313 },
David Benjaminc44b1df2014-11-23 12:11:01 -05004314 })
Adam Langleyb558c4c2015-07-08 12:16:38 -07004315 testCases = append(testCases, testCase{
4316 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004317 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -07004318 config: Config{
4319 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4320 NextProtos: []string{"foo"},
4321 },
4322 flags: []string{
4323 "-false-start",
4324 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004325 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -04004326 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -07004327 },
4328 shimWritesFirst: true,
4329 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -04004330
4331 // Client-side renegotiation controls.
4332 testCases = append(testCases, testCase{
4333 name: "Renegotiate-Client-Forbidden-1",
4334 renegotiate: 1,
4335 shouldFail: true,
4336 expectedError: ":NO_RENEGOTIATION:",
4337 expectedLocalError: "remote error: no renegotiation",
4338 })
4339 testCases = append(testCases, testCase{
4340 name: "Renegotiate-Client-Once-1",
4341 renegotiate: 1,
4342 flags: []string{
4343 "-renegotiate-once",
4344 "-expect-total-renegotiations", "1",
4345 },
4346 })
4347 testCases = append(testCases, testCase{
4348 name: "Renegotiate-Client-Freely-1",
4349 renegotiate: 1,
4350 flags: []string{
4351 "-renegotiate-freely",
4352 "-expect-total-renegotiations", "1",
4353 },
4354 })
4355 testCases = append(testCases, testCase{
4356 name: "Renegotiate-Client-Once-2",
4357 renegotiate: 2,
4358 flags: []string{"-renegotiate-once"},
4359 shouldFail: true,
4360 expectedError: ":NO_RENEGOTIATION:",
4361 expectedLocalError: "remote error: no renegotiation",
4362 })
4363 testCases = append(testCases, testCase{
4364 name: "Renegotiate-Client-Freely-2",
4365 renegotiate: 2,
4366 flags: []string{
4367 "-renegotiate-freely",
4368 "-expect-total-renegotiations", "2",
4369 },
4370 })
Adam Langley27a0d082015-11-03 13:34:10 -08004371 testCases = append(testCases, testCase{
4372 name: "Renegotiate-Client-NoIgnore",
4373 config: Config{
4374 Bugs: ProtocolBugs{
4375 SendHelloRequestBeforeEveryAppDataRecord: true,
4376 },
4377 },
4378 shouldFail: true,
4379 expectedError: ":NO_RENEGOTIATION:",
4380 })
4381 testCases = append(testCases, testCase{
4382 name: "Renegotiate-Client-Ignore",
4383 config: Config{
4384 Bugs: ProtocolBugs{
4385 SendHelloRequestBeforeEveryAppDataRecord: true,
4386 },
4387 },
4388 flags: []string{
4389 "-renegotiate-ignore",
4390 "-expect-total-renegotiations", "0",
4391 },
4392 })
Adam Langley2ae77d22014-10-28 17:29:33 -07004393}
4394
David Benjamin5e961c12014-11-07 01:48:35 -05004395func addDTLSReplayTests() {
4396 // Test that sequence number replays are detected.
4397 testCases = append(testCases, testCase{
4398 protocol: dtls,
4399 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -04004400 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -05004401 replayWrites: true,
4402 })
4403
David Benjamin8e6db492015-07-25 18:29:23 -04004404 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -05004405 // than the retransmit window.
4406 testCases = append(testCases, testCase{
4407 protocol: dtls,
4408 name: "DTLS-Replay-LargeGaps",
4409 config: Config{
4410 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -04004411 SequenceNumberMapping: func(in uint64) uint64 {
4412 return in * 127
4413 },
David Benjamin5e961c12014-11-07 01:48:35 -05004414 },
4415 },
David Benjamin8e6db492015-07-25 18:29:23 -04004416 messageCount: 200,
4417 replayWrites: true,
4418 })
4419
4420 // Test the incoming sequence number changing non-monotonically.
4421 testCases = append(testCases, testCase{
4422 protocol: dtls,
4423 name: "DTLS-Replay-NonMonotonic",
4424 config: Config{
4425 Bugs: ProtocolBugs{
4426 SequenceNumberMapping: func(in uint64) uint64 {
4427 return in ^ 31
4428 },
4429 },
4430 },
4431 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -05004432 replayWrites: true,
4433 })
4434}
4435
David Benjamin000800a2014-11-14 01:43:59 -05004436var testHashes = []struct {
4437 name string
4438 id uint8
4439}{
4440 {"SHA1", hashSHA1},
David Benjamin000800a2014-11-14 01:43:59 -05004441 {"SHA256", hashSHA256},
4442 {"SHA384", hashSHA384},
4443 {"SHA512", hashSHA512},
4444}
4445
4446func addSigningHashTests() {
4447 // Make sure each hash works. Include some fake hashes in the list and
4448 // ensure they're ignored.
4449 for _, hash := range testHashes {
4450 testCases = append(testCases, testCase{
4451 name: "SigningHash-ClientAuth-" + hash.name,
4452 config: Config{
4453 ClientAuth: RequireAnyClientCert,
4454 SignatureAndHashes: []signatureAndHash{
4455 {signatureRSA, 42},
4456 {signatureRSA, hash.id},
4457 {signatureRSA, 255},
4458 },
4459 },
4460 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -07004461 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4462 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -05004463 },
4464 })
4465
4466 testCases = append(testCases, testCase{
4467 testType: serverTest,
4468 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
4469 config: Config{
4470 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4471 SignatureAndHashes: []signatureAndHash{
4472 {signatureRSA, 42},
4473 {signatureRSA, hash.id},
4474 {signatureRSA, 255},
4475 },
4476 },
4477 })
David Benjamin6e807652015-11-02 12:02:20 -05004478
4479 testCases = append(testCases, testCase{
4480 name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
4481 config: Config{
4482 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4483 SignatureAndHashes: []signatureAndHash{
4484 {signatureRSA, 42},
4485 {signatureRSA, hash.id},
4486 {signatureRSA, 255},
4487 },
4488 },
4489 flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
4490 })
David Benjamin000800a2014-11-14 01:43:59 -05004491 }
4492
4493 // Test that hash resolution takes the signature type into account.
4494 testCases = append(testCases, testCase{
4495 name: "SigningHash-ClientAuth-SignatureType",
4496 config: Config{
4497 ClientAuth: RequireAnyClientCert,
4498 SignatureAndHashes: []signatureAndHash{
4499 {signatureECDSA, hashSHA512},
4500 {signatureRSA, hashSHA384},
4501 {signatureECDSA, hashSHA1},
4502 },
4503 },
4504 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -07004505 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4506 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -05004507 },
4508 })
4509
4510 testCases = append(testCases, testCase{
4511 testType: serverTest,
4512 name: "SigningHash-ServerKeyExchange-SignatureType",
4513 config: Config{
4514 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4515 SignatureAndHashes: []signatureAndHash{
4516 {signatureECDSA, hashSHA512},
4517 {signatureRSA, hashSHA384},
4518 {signatureECDSA, hashSHA1},
4519 },
4520 },
4521 })
4522
4523 // Test that, if the list is missing, the peer falls back to SHA-1.
4524 testCases = append(testCases, testCase{
4525 name: "SigningHash-ClientAuth-Fallback",
4526 config: Config{
4527 ClientAuth: RequireAnyClientCert,
4528 SignatureAndHashes: []signatureAndHash{
4529 {signatureRSA, hashSHA1},
4530 },
4531 Bugs: ProtocolBugs{
4532 NoSignatureAndHashes: true,
4533 },
4534 },
4535 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -07004536 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4537 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -05004538 },
4539 })
4540
4541 testCases = append(testCases, testCase{
4542 testType: serverTest,
4543 name: "SigningHash-ServerKeyExchange-Fallback",
4544 config: Config{
4545 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4546 SignatureAndHashes: []signatureAndHash{
4547 {signatureRSA, hashSHA1},
4548 },
4549 Bugs: ProtocolBugs{
4550 NoSignatureAndHashes: true,
4551 },
4552 },
4553 })
David Benjamin72dc7832015-03-16 17:49:43 -04004554
4555 // Test that hash preferences are enforced. BoringSSL defaults to
4556 // rejecting MD5 signatures.
4557 testCases = append(testCases, testCase{
4558 testType: serverTest,
4559 name: "SigningHash-ClientAuth-Enforced",
4560 config: Config{
4561 Certificates: []Certificate{rsaCertificate},
4562 SignatureAndHashes: []signatureAndHash{
4563 {signatureRSA, hashMD5},
4564 // Advertise SHA-1 so the handshake will
4565 // proceed, but the shim's preferences will be
4566 // ignored in CertificateVerify generation, so
4567 // MD5 will be chosen.
4568 {signatureRSA, hashSHA1},
4569 },
4570 Bugs: ProtocolBugs{
4571 IgnorePeerSignatureAlgorithmPreferences: true,
4572 },
4573 },
4574 flags: []string{"-require-any-client-certificate"},
4575 shouldFail: true,
4576 expectedError: ":WRONG_SIGNATURE_TYPE:",
4577 })
4578
4579 testCases = append(testCases, testCase{
4580 name: "SigningHash-ServerKeyExchange-Enforced",
4581 config: Config{
4582 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4583 SignatureAndHashes: []signatureAndHash{
4584 {signatureRSA, hashMD5},
4585 },
4586 Bugs: ProtocolBugs{
4587 IgnorePeerSignatureAlgorithmPreferences: true,
4588 },
4589 },
4590 shouldFail: true,
4591 expectedError: ":WRONG_SIGNATURE_TYPE:",
4592 })
Steven Valdez0d62f262015-09-04 12:41:04 -04004593
4594 // Test that the agreed upon digest respects the client preferences and
4595 // the server digests.
4596 testCases = append(testCases, testCase{
4597 name: "Agree-Digest-Fallback",
4598 config: Config{
4599 ClientAuth: RequireAnyClientCert,
4600 SignatureAndHashes: []signatureAndHash{
4601 {signatureRSA, hashSHA512},
4602 {signatureRSA, hashSHA1},
4603 },
4604 },
4605 flags: []string{
4606 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4607 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4608 },
4609 digestPrefs: "SHA256",
4610 expectedClientCertSignatureHash: hashSHA1,
4611 })
4612 testCases = append(testCases, testCase{
4613 name: "Agree-Digest-SHA256",
4614 config: Config{
4615 ClientAuth: RequireAnyClientCert,
4616 SignatureAndHashes: []signatureAndHash{
4617 {signatureRSA, hashSHA1},
4618 {signatureRSA, hashSHA256},
4619 },
4620 },
4621 flags: []string{
4622 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4623 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4624 },
4625 digestPrefs: "SHA256,SHA1",
4626 expectedClientCertSignatureHash: hashSHA256,
4627 })
4628 testCases = append(testCases, testCase{
4629 name: "Agree-Digest-SHA1",
4630 config: Config{
4631 ClientAuth: RequireAnyClientCert,
4632 SignatureAndHashes: []signatureAndHash{
4633 {signatureRSA, hashSHA1},
4634 },
4635 },
4636 flags: []string{
4637 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4638 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4639 },
4640 digestPrefs: "SHA512,SHA256,SHA1",
4641 expectedClientCertSignatureHash: hashSHA1,
4642 })
4643 testCases = append(testCases, testCase{
4644 name: "Agree-Digest-Default",
4645 config: Config{
4646 ClientAuth: RequireAnyClientCert,
4647 SignatureAndHashes: []signatureAndHash{
4648 {signatureRSA, hashSHA256},
4649 {signatureECDSA, hashSHA256},
4650 {signatureRSA, hashSHA1},
4651 {signatureECDSA, hashSHA1},
4652 },
4653 },
4654 flags: []string{
4655 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4656 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4657 },
4658 expectedClientCertSignatureHash: hashSHA256,
4659 })
David Benjamin000800a2014-11-14 01:43:59 -05004660}
4661
David Benjamin83f90402015-01-27 01:09:43 -05004662// timeouts is the retransmit schedule for BoringSSL. It doubles and
4663// caps at 60 seconds. On the 13th timeout, it gives up.
4664var timeouts = []time.Duration{
4665 1 * time.Second,
4666 2 * time.Second,
4667 4 * time.Second,
4668 8 * time.Second,
4669 16 * time.Second,
4670 32 * time.Second,
4671 60 * time.Second,
4672 60 * time.Second,
4673 60 * time.Second,
4674 60 * time.Second,
4675 60 * time.Second,
4676 60 * time.Second,
4677 60 * time.Second,
4678}
4679
Taylor Brandstetter376a0fe2016-05-10 19:30:28 -07004680// shortTimeouts is an alternate set of timeouts which would occur if the
4681// initial timeout duration was set to 250ms.
4682var shortTimeouts = []time.Duration{
4683 250 * time.Millisecond,
4684 500 * time.Millisecond,
4685 1 * time.Second,
4686 2 * time.Second,
4687 4 * time.Second,
4688 8 * time.Second,
4689 16 * time.Second,
4690 32 * time.Second,
4691 60 * time.Second,
4692 60 * time.Second,
4693 60 * time.Second,
4694 60 * time.Second,
4695 60 * time.Second,
4696}
4697
David Benjamin83f90402015-01-27 01:09:43 -05004698func addDTLSRetransmitTests() {
David Benjamin585d7a42016-06-02 14:58:00 -04004699 // These tests work by coordinating some behavior on both the shim and
4700 // the runner.
4701 //
4702 // TimeoutSchedule configures the runner to send a series of timeout
4703 // opcodes to the shim (see packetAdaptor) immediately before reading
4704 // each peer handshake flight N. The timeout opcode both simulates a
4705 // timeout in the shim and acts as a synchronization point to help the
4706 // runner bracket each handshake flight.
4707 //
4708 // We assume the shim does not read from the channel eagerly. It must
4709 // first wait until it has sent flight N and is ready to receive
4710 // handshake flight N+1. At this point, it will process the timeout
4711 // opcode. It must then immediately respond with a timeout ACK and act
4712 // as if the shim was idle for the specified amount of time.
4713 //
4714 // The runner then drops all packets received before the ACK and
4715 // continues waiting for flight N. This ordering results in one attempt
4716 // at sending flight N to be dropped. For the test to complete, the
4717 // shim must send flight N again, testing that the shim implements DTLS
4718 // retransmit on a timeout.
4719
4720 for _, async := range []bool{true, false} {
4721 var tests []testCase
4722
4723 // Test that this is indeed the timeout schedule. Stress all
4724 // four patterns of handshake.
4725 for i := 1; i < len(timeouts); i++ {
4726 number := strconv.Itoa(i)
4727 tests = append(tests, testCase{
4728 protocol: dtls,
4729 name: "DTLS-Retransmit-Client-" + number,
4730 config: Config{
4731 Bugs: ProtocolBugs{
4732 TimeoutSchedule: timeouts[:i],
4733 },
4734 },
4735 resumeSession: true,
4736 })
4737 tests = append(tests, testCase{
4738 protocol: dtls,
4739 testType: serverTest,
4740 name: "DTLS-Retransmit-Server-" + number,
4741 config: Config{
4742 Bugs: ProtocolBugs{
4743 TimeoutSchedule: timeouts[:i],
4744 },
4745 },
4746 resumeSession: true,
4747 })
4748 }
4749
4750 // Test that exceeding the timeout schedule hits a read
4751 // timeout.
4752 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -05004753 protocol: dtls,
David Benjamin585d7a42016-06-02 14:58:00 -04004754 name: "DTLS-Retransmit-Timeout",
David Benjamin83f90402015-01-27 01:09:43 -05004755 config: Config{
4756 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -04004757 TimeoutSchedule: timeouts,
David Benjamin83f90402015-01-27 01:09:43 -05004758 },
4759 },
4760 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -04004761 shouldFail: true,
4762 expectedError: ":READ_TIMEOUT_EXPIRED:",
David Benjamin83f90402015-01-27 01:09:43 -05004763 })
David Benjamin585d7a42016-06-02 14:58:00 -04004764
4765 if async {
4766 // Test that timeout handling has a fudge factor, due to API
4767 // problems.
4768 tests = append(tests, testCase{
4769 protocol: dtls,
4770 name: "DTLS-Retransmit-Fudge",
4771 config: Config{
4772 Bugs: ProtocolBugs{
4773 TimeoutSchedule: []time.Duration{
4774 timeouts[0] - 10*time.Millisecond,
4775 },
4776 },
4777 },
4778 resumeSession: true,
4779 })
4780 }
4781
4782 // Test that the final Finished retransmitting isn't
4783 // duplicated if the peer badly fragments everything.
4784 tests = append(tests, testCase{
4785 testType: serverTest,
4786 protocol: dtls,
4787 name: "DTLS-Retransmit-Fragmented",
4788 config: Config{
4789 Bugs: ProtocolBugs{
4790 TimeoutSchedule: []time.Duration{timeouts[0]},
4791 MaxHandshakeRecordLength: 2,
4792 },
4793 },
4794 })
4795
4796 // Test the timeout schedule when a shorter initial timeout duration is set.
4797 tests = append(tests, testCase{
4798 protocol: dtls,
4799 name: "DTLS-Retransmit-Short-Client",
4800 config: Config{
4801 Bugs: ProtocolBugs{
4802 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
4803 },
4804 },
4805 resumeSession: true,
4806 flags: []string{"-initial-timeout-duration-ms", "250"},
4807 })
4808 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -05004809 protocol: dtls,
4810 testType: serverTest,
David Benjamin585d7a42016-06-02 14:58:00 -04004811 name: "DTLS-Retransmit-Short-Server",
David Benjamin83f90402015-01-27 01:09:43 -05004812 config: Config{
4813 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -04004814 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
David Benjamin83f90402015-01-27 01:09:43 -05004815 },
4816 },
4817 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -04004818 flags: []string{"-initial-timeout-duration-ms", "250"},
David Benjamin83f90402015-01-27 01:09:43 -05004819 })
David Benjamin585d7a42016-06-02 14:58:00 -04004820
4821 for _, test := range tests {
4822 if async {
4823 test.name += "-Async"
4824 test.flags = append(test.flags, "-async")
4825 }
4826
4827 testCases = append(testCases, test)
4828 }
David Benjamin83f90402015-01-27 01:09:43 -05004829 }
David Benjamin83f90402015-01-27 01:09:43 -05004830}
4831
David Benjaminc565ebb2015-04-03 04:06:36 -04004832func addExportKeyingMaterialTests() {
4833 for _, vers := range tlsVersions {
4834 if vers.version == VersionSSL30 {
4835 continue
4836 }
4837 testCases = append(testCases, testCase{
4838 name: "ExportKeyingMaterial-" + vers.name,
4839 config: Config{
4840 MaxVersion: vers.version,
4841 },
4842 exportKeyingMaterial: 1024,
4843 exportLabel: "label",
4844 exportContext: "context",
4845 useExportContext: true,
4846 })
4847 testCases = append(testCases, testCase{
4848 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4849 config: Config{
4850 MaxVersion: vers.version,
4851 },
4852 exportKeyingMaterial: 1024,
4853 })
4854 testCases = append(testCases, testCase{
4855 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4856 config: Config{
4857 MaxVersion: vers.version,
4858 },
4859 exportKeyingMaterial: 1024,
4860 useExportContext: true,
4861 })
4862 testCases = append(testCases, testCase{
4863 name: "ExportKeyingMaterial-Small-" + vers.name,
4864 config: Config{
4865 MaxVersion: vers.version,
4866 },
4867 exportKeyingMaterial: 1,
4868 exportLabel: "label",
4869 exportContext: "context",
4870 useExportContext: true,
4871 })
4872 }
4873 testCases = append(testCases, testCase{
4874 name: "ExportKeyingMaterial-SSL3",
4875 config: Config{
4876 MaxVersion: VersionSSL30,
4877 },
4878 exportKeyingMaterial: 1024,
4879 exportLabel: "label",
4880 exportContext: "context",
4881 useExportContext: true,
4882 shouldFail: true,
4883 expectedError: "failed to export keying material",
4884 })
4885}
4886
Adam Langleyaf0e32c2015-06-03 09:57:23 -07004887func addTLSUniqueTests() {
4888 for _, isClient := range []bool{false, true} {
4889 for _, isResumption := range []bool{false, true} {
4890 for _, hasEMS := range []bool{false, true} {
4891 var suffix string
4892 if isResumption {
4893 suffix = "Resume-"
4894 } else {
4895 suffix = "Full-"
4896 }
4897
4898 if hasEMS {
4899 suffix += "EMS-"
4900 } else {
4901 suffix += "NoEMS-"
4902 }
4903
4904 if isClient {
4905 suffix += "Client"
4906 } else {
4907 suffix += "Server"
4908 }
4909
4910 test := testCase{
4911 name: "TLSUnique-" + suffix,
4912 testTLSUnique: true,
4913 config: Config{
4914 Bugs: ProtocolBugs{
4915 NoExtendedMasterSecret: !hasEMS,
4916 },
4917 },
4918 }
4919
4920 if isResumption {
4921 test.resumeSession = true
4922 test.resumeConfig = &Config{
4923 Bugs: ProtocolBugs{
4924 NoExtendedMasterSecret: !hasEMS,
4925 },
4926 }
4927 }
4928
4929 if isResumption && !hasEMS {
4930 test.shouldFail = true
4931 test.expectedError = "failed to get tls-unique"
4932 }
4933
4934 testCases = append(testCases, test)
4935 }
4936 }
4937 }
4938}
4939
Adam Langley09505632015-07-30 18:10:13 -07004940func addCustomExtensionTests() {
4941 expectedContents := "custom extension"
4942 emptyString := ""
4943
4944 for _, isClient := range []bool{false, true} {
4945 suffix := "Server"
4946 flag := "-enable-server-custom-extension"
4947 testType := serverTest
4948 if isClient {
4949 suffix = "Client"
4950 flag = "-enable-client-custom-extension"
4951 testType = clientTest
4952 }
4953
4954 testCases = append(testCases, testCase{
4955 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -04004956 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -07004957 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -04004958 Bugs: ProtocolBugs{
4959 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -07004960 ExpectedCustomExtension: &expectedContents,
4961 },
4962 },
4963 flags: []string{flag},
4964 })
4965
4966 // If the parse callback fails, the handshake should also fail.
4967 testCases = append(testCases, testCase{
4968 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -04004969 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -07004970 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -04004971 Bugs: ProtocolBugs{
4972 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -07004973 ExpectedCustomExtension: &expectedContents,
4974 },
4975 },
David Benjamin399e7c92015-07-30 23:01:27 -04004976 flags: []string{flag},
4977 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -07004978 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4979 })
4980
4981 // If the add callback fails, the handshake should also fail.
4982 testCases = append(testCases, testCase{
4983 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -04004984 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -07004985 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -04004986 Bugs: ProtocolBugs{
4987 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -07004988 ExpectedCustomExtension: &expectedContents,
4989 },
4990 },
David Benjamin399e7c92015-07-30 23:01:27 -04004991 flags: []string{flag, "-custom-extension-fail-add"},
4992 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -07004993 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4994 })
4995
4996 // If the add callback returns zero, no extension should be
4997 // added.
4998 skipCustomExtension := expectedContents
4999 if isClient {
5000 // For the case where the client skips sending the
5001 // custom extension, the server must not “echo” it.
5002 skipCustomExtension = ""
5003 }
5004 testCases = append(testCases, testCase{
5005 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -04005006 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -07005007 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -04005008 Bugs: ProtocolBugs{
5009 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -07005010 ExpectedCustomExtension: &emptyString,
5011 },
5012 },
5013 flags: []string{flag, "-custom-extension-skip"},
5014 })
5015 }
5016
5017 // The custom extension add callback should not be called if the client
5018 // doesn't send the extension.
5019 testCases = append(testCases, testCase{
5020 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -04005021 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -07005022 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -04005023 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -07005024 ExpectedCustomExtension: &emptyString,
5025 },
5026 },
5027 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
5028 })
Adam Langley2deb9842015-08-07 11:15:37 -07005029
5030 // Test an unknown extension from the server.
5031 testCases = append(testCases, testCase{
5032 testType: clientTest,
5033 name: "UnknownExtension-Client",
5034 config: Config{
5035 Bugs: ProtocolBugs{
5036 CustomExtension: expectedContents,
5037 },
5038 },
5039 shouldFail: true,
5040 expectedError: ":UNEXPECTED_EXTENSION:",
5041 })
Adam Langley09505632015-07-30 18:10:13 -07005042}
5043
David Benjaminb36a3952015-12-01 18:53:13 -05005044func addRSAClientKeyExchangeTests() {
5045 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
5046 testCases = append(testCases, testCase{
5047 testType: serverTest,
5048 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
5049 config: Config{
5050 // Ensure the ClientHello version and final
5051 // version are different, to detect if the
5052 // server uses the wrong one.
5053 MaxVersion: VersionTLS11,
5054 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
5055 Bugs: ProtocolBugs{
5056 BadRSAClientKeyExchange: bad,
5057 },
5058 },
5059 shouldFail: true,
5060 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5061 })
5062 }
5063}
5064
David Benjamin8c2b3bf2015-12-18 20:55:44 -05005065var testCurves = []struct {
5066 name string
5067 id CurveID
5068}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -05005069 {"P-256", CurveP256},
5070 {"P-384", CurveP384},
5071 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -05005072 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -05005073}
5074
5075func addCurveTests() {
5076 for _, curve := range testCurves {
5077 testCases = append(testCases, testCase{
5078 name: "CurveTest-Client-" + curve.name,
5079 config: Config{
5080 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5081 CurvePreferences: []CurveID{curve.id},
5082 },
5083 flags: []string{"-enable-all-curves"},
5084 })
5085 testCases = append(testCases, testCase{
5086 testType: serverTest,
5087 name: "CurveTest-Server-" + curve.name,
5088 config: Config{
5089 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5090 CurvePreferences: []CurveID{curve.id},
5091 },
5092 flags: []string{"-enable-all-curves"},
5093 })
5094 }
David Benjamin241ae832016-01-15 03:04:54 -05005095
5096 // The server must be tolerant to bogus curves.
5097 const bogusCurve = 0x1234
5098 testCases = append(testCases, testCase{
5099 testType: serverTest,
5100 name: "UnknownCurve",
5101 config: Config{
5102 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5103 CurvePreferences: []CurveID{bogusCurve, CurveP256},
5104 },
5105 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -05005106}
5107
Matt Braithwaite54217e42016-06-13 13:03:47 -07005108func addCECPQ1Tests() {
5109 testCases = append(testCases, testCase{
5110 testType: clientTest,
5111 name: "CECPQ1-Client-BadX25519Part",
5112 config: Config{
5113 MinVersion: VersionTLS12,
5114 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5115 Bugs: ProtocolBugs{
5116 CECPQ1BadX25519Part: true,
5117 },
5118 },
5119 flags: []string{"-cipher", "kCECPQ1"},
5120 shouldFail: true,
5121 expectedLocalError: "local error: bad record MAC",
5122 })
5123 testCases = append(testCases, testCase{
5124 testType: clientTest,
5125 name: "CECPQ1-Client-BadNewhopePart",
5126 config: Config{
5127 MinVersion: VersionTLS12,
5128 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5129 Bugs: ProtocolBugs{
5130 CECPQ1BadNewhopePart: true,
5131 },
5132 },
5133 flags: []string{"-cipher", "kCECPQ1"},
5134 shouldFail: true,
5135 expectedLocalError: "local error: bad record MAC",
5136 })
5137 testCases = append(testCases, testCase{
5138 testType: serverTest,
5139 name: "CECPQ1-Server-BadX25519Part",
5140 config: Config{
5141 MinVersion: VersionTLS12,
5142 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5143 Bugs: ProtocolBugs{
5144 CECPQ1BadX25519Part: true,
5145 },
5146 },
5147 flags: []string{"-cipher", "kCECPQ1"},
5148 shouldFail: true,
5149 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5150 })
5151 testCases = append(testCases, testCase{
5152 testType: serverTest,
5153 name: "CECPQ1-Server-BadNewhopePart",
5154 config: Config{
5155 MinVersion: VersionTLS12,
5156 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5157 Bugs: ProtocolBugs{
5158 CECPQ1BadNewhopePart: true,
5159 },
5160 },
5161 flags: []string{"-cipher", "kCECPQ1"},
5162 shouldFail: true,
5163 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5164 })
5165}
5166
David Benjamin4cc36ad2015-12-19 14:23:26 -05005167func addKeyExchangeInfoTests() {
5168 testCases = append(testCases, testCase{
5169 name: "KeyExchangeInfo-RSA-Client",
5170 config: Config{
5171 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5172 },
5173 // key.pem is a 1024-bit RSA key.
5174 flags: []string{"-expect-key-exchange-info", "1024"},
5175 })
5176 // TODO(davidben): key_exchange_info doesn't work for plain RSA on the
5177 // server. Either fix this or change the API as it's not very useful in
5178 // this case.
5179
5180 testCases = append(testCases, testCase{
5181 name: "KeyExchangeInfo-DHE-Client",
5182 config: Config{
5183 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5184 Bugs: ProtocolBugs{
5185 // This is a 1234-bit prime number, generated
5186 // with:
5187 // openssl gendh 1234 | openssl asn1parse -i
5188 DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
5189 },
5190 },
5191 flags: []string{"-expect-key-exchange-info", "1234"},
5192 })
5193 testCases = append(testCases, testCase{
5194 testType: serverTest,
5195 name: "KeyExchangeInfo-DHE-Server",
5196 config: Config{
5197 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5198 },
5199 // bssl_shim as a server configures a 2048-bit DHE group.
5200 flags: []string{"-expect-key-exchange-info", "2048"},
5201 })
5202
5203 testCases = append(testCases, testCase{
5204 name: "KeyExchangeInfo-ECDHE-Client",
5205 config: Config{
5206 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5207 CurvePreferences: []CurveID{CurveX25519},
5208 },
5209 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
5210 })
5211 testCases = append(testCases, testCase{
5212 testType: serverTest,
5213 name: "KeyExchangeInfo-ECDHE-Server",
5214 config: Config{
5215 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5216 CurvePreferences: []CurveID{CurveX25519},
5217 },
5218 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
5219 })
5220}
5221
Adam Langley7c803a62015-06-15 15:35:05 -07005222func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -07005223 defer wg.Done()
5224
5225 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -08005226 var err error
5227
5228 if *mallocTest < 0 {
5229 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -07005230 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -08005231 } else {
5232 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
5233 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -07005234 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -08005235 if err != nil {
5236 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
5237 }
5238 break
5239 }
5240 }
5241 }
Adam Langley95c29f32014-06-20 12:00:00 -07005242 statusChan <- statusMsg{test: test, err: err}
5243 }
5244}
5245
5246type statusMsg struct {
5247 test *testCase
5248 started bool
5249 err error
5250}
5251
David Benjamin5f237bc2015-02-11 17:14:15 -05005252func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -07005253 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -07005254
David Benjamin5f237bc2015-02-11 17:14:15 -05005255 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -07005256 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -05005257 if !*pipe {
5258 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -05005259 var erase string
5260 for i := 0; i < lineLen; i++ {
5261 erase += "\b \b"
5262 }
5263 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -05005264 }
5265
Adam Langley95c29f32014-06-20 12:00:00 -07005266 if msg.started {
5267 started++
5268 } else {
5269 done++
David Benjamin5f237bc2015-02-11 17:14:15 -05005270
5271 if msg.err != nil {
5272 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
5273 failed++
5274 testOutput.addResult(msg.test.name, "FAIL")
5275 } else {
5276 if *pipe {
5277 // Print each test instead of a status line.
5278 fmt.Printf("PASSED (%s)\n", msg.test.name)
5279 }
5280 testOutput.addResult(msg.test.name, "PASS")
5281 }
Adam Langley95c29f32014-06-20 12:00:00 -07005282 }
5283
David Benjamin5f237bc2015-02-11 17:14:15 -05005284 if !*pipe {
5285 // Print a new status line.
5286 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
5287 lineLen = len(line)
5288 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -07005289 }
Adam Langley95c29f32014-06-20 12:00:00 -07005290 }
David Benjamin5f237bc2015-02-11 17:14:15 -05005291
5292 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -07005293}
5294
5295func main() {
Adam Langley95c29f32014-06-20 12:00:00 -07005296 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -07005297 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -07005298
Adam Langley7c803a62015-06-15 15:35:05 -07005299 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -07005300 addCipherSuiteTests()
5301 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -07005302 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -07005303 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -04005304 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -08005305 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -04005306 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -05005307 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -04005308 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -04005309 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -07005310 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -07005311 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -05005312 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -05005313 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -05005314 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -04005315 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -07005316 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -07005317 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -05005318 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -05005319 addCurveTests()
Matt Braithwaite54217e42016-06-13 13:03:47 -07005320 addCECPQ1Tests()
David Benjamin4cc36ad2015-12-19 14:23:26 -05005321 addKeyExchangeInfoTests()
David Benjamin43ec06f2014-08-05 02:28:57 -04005322 for _, async := range []bool{false, true} {
5323 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -04005324 for _, protocol := range []protocol{tls, dtls} {
5325 addStateMachineCoverageTests(async, splitHandshake, protocol)
5326 }
David Benjamin43ec06f2014-08-05 02:28:57 -04005327 }
5328 }
Adam Langley95c29f32014-06-20 12:00:00 -07005329
5330 var wg sync.WaitGroup
5331
Adam Langley7c803a62015-06-15 15:35:05 -07005332 statusChan := make(chan statusMsg, *numWorkers)
5333 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -05005334 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -07005335
David Benjamin025b3d32014-07-01 19:53:04 -04005336 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -07005337
Adam Langley7c803a62015-06-15 15:35:05 -07005338 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -07005339 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -07005340 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -07005341 }
5342
David Benjamin270f0a72016-03-17 14:41:36 -04005343 var foundTest bool
David Benjamin025b3d32014-07-01 19:53:04 -04005344 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -07005345 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin270f0a72016-03-17 14:41:36 -04005346 foundTest = true
David Benjamin025b3d32014-07-01 19:53:04 -04005347 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -07005348 }
5349 }
David Benjamin270f0a72016-03-17 14:41:36 -04005350 if !foundTest {
5351 fmt.Fprintf(os.Stderr, "No test named '%s'\n", *testToRun)
5352 os.Exit(1)
5353 }
Adam Langley95c29f32014-06-20 12:00:00 -07005354
5355 close(testChan)
5356 wg.Wait()
5357 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -05005358 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -07005359
5360 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -05005361
5362 if *jsonOutput != "" {
5363 if err := testOutput.writeTo(*jsonOutput); err != nil {
5364 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
5365 }
5366 }
David Benjamin2ab7a862015-04-04 17:02:18 -04005367
5368 if !testOutput.allPassed {
5369 os.Exit(1)
5370 }
Adam Langley95c29f32014-06-20 12:00:00 -07005371}