Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 2b07fa4b22198ac02e0cee8f37f3337c3dba91bc / . / ssl / test / runner / runner.go
blob: 68bfd5634fac5bc0be273950f8544a579209aeb7 [file] [log] [blame]
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]1package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]30 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]31 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
32 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
33 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
34 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
35 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]36 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
37 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
38 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
39 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]40)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]41
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]42const (
43 rsaCertificateFile = "cert.pem"
44 ecdsaCertificateFile = "ecdsa_cert.pem"
45)
46
47const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]48 rsaKeyFile = "key.pem"
49 ecdsaKeyFile = "ecdsa_key.pem"
50 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]51)
52
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]53var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]54var channelIDKey *ecdsa.PrivateKey
55var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]56
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]57var testOCSPResponse = []byte{1, 2, 3, 4}
58var testSCTList = []byte{5, 6, 7, 8}
59
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]60func initCertificates() {
61 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]62 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]63 if err != nil {
64 panic(err)
65 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]66 rsaCertificate.OCSPStaple = testOCSPResponse
67 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]68
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]69 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]70 if err != nil {
71 panic(err)
72 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]73 ecdsaCertificate.OCSPStaple = testOCSPResponse
74 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]75
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]76 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]77 if err != nil {
78 panic(err)
79 }
80 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
81 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
82 panic("bad key type")
83 }
84 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
85 if err != nil {
86 panic(err)
87 }
88 if channelIDKey.Curve != elliptic.P256() {
89 panic("bad curve")
90 }
91
92 channelIDBytes = make([]byte, 64)
93 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
94 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]95}
96
97var certificateOnce sync.Once
98
99func getRSACertificate() Certificate {
100 certificateOnce.Do(initCertificates)
101 return rsaCertificate
102}
103
104func getECDSACertificate() Certificate {
105 certificateOnce.Do(initCertificates)
106 return ecdsaCertificate
107}
108
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]109type testType int
110
111const (
112 clientTest testType = iota
113 serverTest
114)
115
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]116type protocol int
117
118const (
119 tls protocol = iota
120 dtls
121)
122
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]123const (
124 alpn = 1
125 npn = 2
126)
127
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]128type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]129 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]130 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]131 name string
132 config Config
133 shouldFail bool
134 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]135 // expectedLocalError, if not empty, contains a substring that must be
136 // found in the local error.
137 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]138 // expectedVersion, if non-zero, specifies the TLS version that must be
139 // negotiated.
140 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]141 // expectedResumeVersion, if non-zero, specifies the TLS version that
142 // must be negotiated on resumption. If zero, expectedVersion is used.
143 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]144 // expectedCipher, if non-zero, specifies the TLS cipher suite that
145 // should be negotiated.
146 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]147 // expectChannelID controls whether the connection should have
148 // negotiated a Channel ID with channelIDKey.
149 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]150 // expectedNextProto controls whether the connection should
151 // negotiate a next protocol via NPN or ALPN.
152 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]153 // expectNoNextProto, if true, means that no next protocol should be
154 // negotiated.
155 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]156 // expectedNextProtoType, if non-zero, is the expected next
157 // protocol negotiation mechanism.
158 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]159 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
160 // should be negotiated. If zero, none should be negotiated.
161 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]162 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
163 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]164 // expectedSCTList, if not nil, is the expected SCT list to be received.
165 expectedSCTList []uint8
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]166 // expectedClientCertSignatureHash, if not zero, is the TLS id of the
167 // hash function that the client should have used when signing the
168 // handshake with a client certificate.
169 expectedClientCertSignatureHash uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]170 // messageLen is the length, in bytes, of the test message that will be
171 // sent.
172 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]173 // messageCount is the number of test messages that will be sent.
174 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]175 // digestPrefs is the list of digest preferences from the client.
176 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]177 // certFile is the path to the certificate to use for the server.
178 certFile string
179 // keyFile is the path to the private key to use for the server.
180 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]181 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]182 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]183 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]184 // expectResumeRejected, if true, specifies that the attempted
185 // resumption must be rejected by the client. This is only valid for a
186 // serverTest.
187 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]188 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]189 // resumption. Unless newSessionsOnResume is set,
190 // SessionTicketKey, ServerSessionCache, and
191 // ClientSessionCache are copied from the initial connection's
192 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]193 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]194 // newSessionsOnResume, if true, will cause resumeConfig to
195 // use a different session resumption context.
196 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]197 // noSessionCache, if true, will cause the server to run without a
198 // session cache.
199 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]200 // sendPrefix sends a prefix on the socket before actually performing a
201 // handshake.
202 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]203 // shimWritesFirst controls whether the shim sends an initial "hello"
204 // message before doing a roundtrip with the runner.
205 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]206 // shimShutsDown, if true, runs a test where the shim shuts down the
207 // connection immediately after the handshake rather than echoing
208 // messages from the runner.
209 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]210 // renegotiate indicates the number of times the connection should be
211 // renegotiated during the exchange.
212 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]213 // renegotiateCiphers is a list of ciphersuite ids that will be
214 // switched in just before renegotiation.
215 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]216 // replayWrites, if true, configures the underlying transport
217 // to replay every write it makes in DTLS tests.
218 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]219 // damageFirstWrite, if true, configures the underlying transport to
220 // damage the final byte of the first application data write.
221 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]222 // exportKeyingMaterial, if non-zero, configures the test to exchange
223 // keying material and verify they match.
224 exportKeyingMaterial int
225 exportLabel string
226 exportContext string
227 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]228 // flags, if not empty, contains a list of command-line flags that will
229 // be passed to the shim program.
230 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]231 // testTLSUnique, if true, causes the shim to send the tls-unique value
232 // which will be compared against the expected value.
233 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]234 // sendEmptyRecords is the number of consecutive empty records to send
235 // before and after the test message.
236 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]237 // sendWarningAlerts is the number of consecutive warning alerts to send
238 // before and after the test message.
239 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]240 // expectMessageDropped, if true, means the test message is expected to
241 // be dropped by the client rather than echoed back.
242 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]243}
244
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]245var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]246
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]247func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]248 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]249
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]250 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]251 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
252 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]253 }
254
255 if *flagDebug {
256 local, peer := "client", "server"
257 if test.testType == clientTest {
258 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]259 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]260 connDebug := &recordingConn{
261 Conn: conn,
262 isDatagram: test.protocol == dtls,
263 local: local,
264 peer: peer,
265 }
266 conn = connDebug
267 defer func() {
268 connDebug.WriteTo(os.Stdout)
269 }()
270
271 if config.Bugs.PacketAdaptor != nil {
272 config.Bugs.PacketAdaptor.debug = connDebug
273 }
274 }
275
276 if test.replayWrites {
277 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]278 }
279
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]280 if test.damageFirstWrite {
281 connDamage = newDamageAdaptor(conn)
282 conn = connDamage
283 }
284
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]285 if test.sendPrefix != "" {
286 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
287 return err
288 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]289 }
290
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]291 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]292 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]293 if test.protocol == dtls {
294 tlsConn = DTLSServer(conn, config)
295 } else {
296 tlsConn = Server(conn, config)
297 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]298 } else {
299 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]300 if test.protocol == dtls {
301 tlsConn = DTLSClient(conn, config)
302 } else {
303 tlsConn = Client(conn, config)
304 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]305 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]306 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]307
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]308 if err := tlsConn.Handshake(); err != nil {
309 return err
310 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]311
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]312 // TODO(davidben): move all per-connection expectations into a dedicated
313 // expectations struct that can be specified separately for the two
314 // legs.
315 expectedVersion := test.expectedVersion
316 if isResume && test.expectedResumeVersion != 0 {
317 expectedVersion = test.expectedResumeVersion
318 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]319 connState := tlsConn.ConnectionState()
320 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]321 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]322 }
323
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]324 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]325 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
326 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]327 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
328 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
329 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]330
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]331 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]332 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]333 if channelID == nil {
334 return fmt.Errorf("no channel ID negotiated")
335 }
336 if channelID.Curve != channelIDKey.Curve ||
337 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
338 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
339 return fmt.Errorf("incorrect channel ID")
340 }
341 }
342
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]343 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]344 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]345 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
346 }
347 }
348
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]349 if test.expectNoNextProto {
350 if actual := connState.NegotiatedProtocol; actual != "" {
351 return fmt.Errorf("got unexpected next proto %s", actual)
352 }
353 }
354
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]355 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]356 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]357 return fmt.Errorf("next proto type mismatch")
358 }
359 }
360
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]361 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]362 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
363 }
364
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]365 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
366 return fmt.Errorf("OCSP Response mismatch")
367 }
368
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]369 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
370 return fmt.Errorf("SCT list mismatch")
371 }
372
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]373 if expected := test.expectedClientCertSignatureHash; expected != 0 && expected != connState.ClientCertSignatureHash {
374 return fmt.Errorf("expected client to sign handshake with hash %d, but got %d", expected, connState.ClientCertSignatureHash)
375 }
376
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]377 if test.exportKeyingMaterial > 0 {
378 actual := make([]byte, test.exportKeyingMaterial)
379 if _, err := io.ReadFull(tlsConn, actual); err != nil {
380 return err
381 }
382 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
383 if err != nil {
384 return err
385 }
386 if !bytes.Equal(actual, expected) {
387 return fmt.Errorf("keying material mismatch")
388 }
389 }
390
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]391 if test.testTLSUnique {
392 var peersValue [12]byte
393 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
394 return err
395 }
396 expected := tlsConn.ConnectionState().TLSUnique
397 if !bytes.Equal(peersValue[:], expected) {
398 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
399 }
400 }
401
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]402 if test.shimWritesFirst {
403 var buf [5]byte
404 _, err := io.ReadFull(tlsConn, buf[:])
405 if err != nil {
406 return err
407 }
408 if string(buf[:]) != "hello" {
409 return fmt.Errorf("bad initial message")
410 }
411 }
412
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]413 for i := 0; i < test.sendEmptyRecords; i++ {
414 tlsConn.Write(nil)
415 }
416
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]417 for i := 0; i < test.sendWarningAlerts; i++ {
418 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
419 }
420
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]421 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]422 if test.renegotiateCiphers != nil {
423 config.CipherSuites = test.renegotiateCiphers
424 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]425 for i := 0; i < test.renegotiate; i++ {
426 if err := tlsConn.Renegotiate(); err != nil {
427 return err
428 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]429 }
430 } else if test.renegotiateCiphers != nil {
431 panic("renegotiateCiphers without renegotiate")
432 }
433
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]434 if test.damageFirstWrite {
435 connDamage.setDamage(true)
436 tlsConn.Write([]byte("DAMAGED WRITE"))
437 connDamage.setDamage(false)
438 }
439
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]440 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]441 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]442 if test.protocol == dtls {
443 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
444 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]445 // Read until EOF.
446 _, err := io.Copy(ioutil.Discard, tlsConn)
447 return err
448 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]449 if messageLen == 0 {
450 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]451 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]452
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]453 messageCount := test.messageCount
454 if messageCount == 0 {
455 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]456 }
457
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]458 for j := 0; j < messageCount; j++ {
459 testMessage := make([]byte, messageLen)
460 for i := range testMessage {
461 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]462 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]463 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]464
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]465 for i := 0; i < test.sendEmptyRecords; i++ {
466 tlsConn.Write(nil)
467 }
468
469 for i := 0; i < test.sendWarningAlerts; i++ {
470 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
471 }
472
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]473 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]474 // The shim will not respond.
475 continue
476 }
477
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]478 buf := make([]byte, len(testMessage))
479 if test.protocol == dtls {
480 bufTmp := make([]byte, len(buf)+1)
481 n, err := tlsConn.Read(bufTmp)
482 if err != nil {
483 return err
484 }
485 if n != len(buf) {
486 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
487 }
488 copy(buf, bufTmp)
489 } else {
490 _, err := io.ReadFull(tlsConn, buf)
491 if err != nil {
492 return err
493 }
494 }
495
496 for i, v := range buf {
497 if v != testMessage[i]^0xff {
498 return fmt.Errorf("bad reply contents at byte %d", i)
499 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]500 }
501 }
502
503 return nil
504}
505
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]506func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
507 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]508 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]509 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]510 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]511 valgrindArgs = append(valgrindArgs, path)
512 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]513
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]514 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]515}
516
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]517func gdbOf(path string, args ...string) *exec.Cmd {
518 xtermArgs := []string{"-e", "gdb", "--args"}
519 xtermArgs = append(xtermArgs, path)
520 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]521
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]522 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]523}
524
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]525func lldbOf(path string, args ...string) *exec.Cmd {
526 xtermArgs := []string{"-e", "lldb", "--"}
527 xtermArgs = append(xtermArgs, path)
528 xtermArgs = append(xtermArgs, args...)
529
530 return exec.Command("xterm", xtermArgs...)
531}
532
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]533type moreMallocsError struct{}
534
535func (moreMallocsError) Error() string {
536 return "child process did not exhaust all allocation calls"
537}
538
539var errMoreMallocs = moreMallocsError{}
540
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]541// accept accepts a connection from listener, unless waitChan signals a process
542// exit first.
543func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
544 type connOrError struct {
545 conn net.Conn
546 err error
547 }
548 connChan := make(chan connOrError, 1)
549 go func() {
550 conn, err := listener.Accept()
551 connChan <- connOrError{conn, err}
552 close(connChan)
553 }()
554 select {
555 case result := <-connChan:
556 return result.conn, result.err
557 case childErr := <-waitChan:
558 waitChan <- childErr
559 return nil, fmt.Errorf("child exited early: %s", childErr)
560 }
561}
562
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]563func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]564 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
565 panic("Error expected without shouldFail in " + test.name)
566 }
567
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]568 if test.expectResumeRejected && !test.resumeSession {
569 panic("expectResumeRejected without resumeSession in " + test.name)
570 }
571
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]572 if test.testType != clientTest && test.expectedClientCertSignatureHash != 0 {
573 panic("expectedClientCertSignatureHash non-zero with serverTest in " + test.name)
574 }
575
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]576 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
577 if err != nil {
578 panic(err)
579 }
580 defer func() {
581 if listener != nil {
582 listener.Close()
583 }
584 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]585
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]586 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]587 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]588 flags = append(flags, "-server")
589
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]590 flags = append(flags, "-key-file")
591 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]592 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]593 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]594 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]595 }
596
597 flags = append(flags, "-cert-file")
598 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]599 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]600 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]601 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]602 }
603 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]604
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]605 if test.digestPrefs != "" {
606 flags = append(flags, "-digest-prefs")
607 flags = append(flags, test.digestPrefs)
608 }
609
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]610 if test.protocol == dtls {
611 flags = append(flags, "-dtls")
612 }
613
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]614 if test.resumeSession {
615 flags = append(flags, "-resume")
616 }
617
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]618 if test.shimWritesFirst {
619 flags = append(flags, "-shim-writes-first")
620 }
621
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]622 if test.shimShutsDown {
623 flags = append(flags, "-shim-shuts-down")
624 }
625
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]626 if test.exportKeyingMaterial > 0 {
627 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
628 flags = append(flags, "-export-label", test.exportLabel)
629 flags = append(flags, "-export-context", test.exportContext)
630 if test.useExportContext {
631 flags = append(flags, "-use-export-context")
632 }
633 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]634 if test.expectResumeRejected {
635 flags = append(flags, "-expect-session-miss")
636 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]637
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]638 if test.testTLSUnique {
639 flags = append(flags, "-tls-unique")
640 }
641
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]642 flags = append(flags, test.flags...)
643
644 var shim *exec.Cmd
645 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]646 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]647 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]648 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]649 } else if *useLLDB {
650 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]651 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]652 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]653 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]654 shim.Stdin = os.Stdin
655 var stdoutBuf, stderrBuf bytes.Buffer
656 shim.Stdout = &stdoutBuf
657 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]658 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]659 shim.Env = os.Environ()
660 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]661 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]662 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]663 }
664 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
665 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]666
667 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]668 panic(err)
669 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]670 waitChan := make(chan error, 1)
671 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]672
673 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]674 if !test.noSessionCache {
675 config.ClientSessionCache = NewLRUClientSessionCache(1)
676 config.ServerSessionCache = NewLRUServerSessionCache(1)
677 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]678 if test.testType == clientTest {
679 if len(config.Certificates) == 0 {
680 config.Certificates = []Certificate{getRSACertificate()}
681 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]682 } else {
683 // Supply a ServerName to ensure a constant session cache key,
684 // rather than falling back to net.Conn.RemoteAddr.
685 if len(config.ServerName) == 0 {
686 config.ServerName = "test"
687 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]688 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]690 conn, err := acceptOrWait(listener, waitChan)
691 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]692 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]693 conn.Close()
694 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]695
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]696 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]697 var resumeConfig Config
698 if test.resumeConfig != nil {
699 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]700 if len(resumeConfig.ServerName) == 0 {
701 resumeConfig.ServerName = config.ServerName
702 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]703 if len(resumeConfig.Certificates) == 0 {
704 resumeConfig.Certificates = []Certificate{getRSACertificate()}
705 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]706 if test.newSessionsOnResume {
707 if !test.noSessionCache {
708 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
709 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
710 }
711 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]712 resumeConfig.SessionTicketKey = config.SessionTicketKey
713 resumeConfig.ClientSessionCache = config.ClientSessionCache
714 resumeConfig.ServerSessionCache = config.ServerSessionCache
715 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]716 } else {
717 resumeConfig = config
718 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]719 var connResume net.Conn
720 connResume, err = acceptOrWait(listener, waitChan)
721 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]722 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]723 connResume.Close()
724 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]725 }
726
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]727 // Close the listener now. This is to avoid hangs should the shim try to
728 // open more connections than expected.
729 listener.Close()
730 listener = nil
731
732 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]733 if exitError, ok := childErr.(*exec.ExitError); ok {
734 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
735 return errMoreMallocs
736 }
737 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]738
739 stdout := string(stdoutBuf.Bytes())
740 stderr := string(stderrBuf.Bytes())
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]741
742 // Separate the errors from the shim and those from tools like
743 // AddressSanitizer.
744 var extraStderr string
745 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
746 stderr = stderrParts[0]
747 extraStderr = stderrParts[1]
748 }
749
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]750 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]751 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]752 localError := "none"
753 if err != nil {
754 localError = err.Error()
755 }
756 if len(test.expectedLocalError) != 0 {
757 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
758 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]759
760 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]761 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]762 if childErr != nil {
763 childError = childErr.Error()
764 }
765
766 var msg string
767 switch {
768 case failed && !test.shouldFail:
769 msg = "unexpected failure"
770 case !failed && test.shouldFail:
771 msg = "unexpected success"
772 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]773 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]774 default:
775 panic("internal error")
776 }
777
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]778 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]779 }
780
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]781 if !*useValgrind && (len(extraStderr) > 0 || (!failed && len(stderr) > 0)) {
782 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]783 }
784
785 return nil
786}
787
788var tlsVersions = []struct {
789 name string
790 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]791 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]792 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]793}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]794 {"SSL3", VersionSSL30, "-no-ssl3", false},
795 {"TLS1", VersionTLS10, "-no-tls1", true},
796 {"TLS11", VersionTLS11, "-no-tls11", false},
797 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]798}
799
800var testCipherSuites = []struct {
801 name string
802 id uint16
803}{
804 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]805 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]806 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]807 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]808 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]809 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]810 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]811 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
812 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]813 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]814 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
815 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]816 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]817 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
818 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]819 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
820 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]821 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]822 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]823 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]824 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]825 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]826 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]827 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]828 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]829 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]830 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]831 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]832 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]833 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]834 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]835 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
836 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]837 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
838 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]839 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]840 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]841 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]842 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]843 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]844}
845
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]846func hasComponent(suiteName, component string) bool {
847 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
848}
849
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]850func isTLSOnly(suiteName string) bool {
851 // BoringSSL doesn't support ECDHE without a curves extension, and
852 // SSLv3 doesn't contain extensions.
853 return hasComponent(suiteName, "ECDHE") || isTLS12Only(suiteName)
854}
855
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]856func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]857 return hasComponent(suiteName, "GCM") ||
858 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]859 hasComponent(suiteName, "SHA384") ||
860 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]861}
862
863func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]864 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]865}
866
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]867func bigFromHex(hex string) *big.Int {
868 ret, ok := new(big.Int).SetString(hex, 16)
869 if !ok {
870 panic("failed to parse hex number 0x" + hex)
871 }
872 return ret
873}
874
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]875func addBasicTests() {
876 basicTests := []testCase{
877 {
878 name: "BadRSASignature",
879 config: Config{
880 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
881 Bugs: ProtocolBugs{
882 InvalidSKXSignature: true,
883 },
884 },
885 shouldFail: true,
886 expectedError: ":BAD_SIGNATURE:",
887 },
888 {
889 name: "BadECDSASignature",
890 config: Config{
891 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
892 Bugs: ProtocolBugs{
893 InvalidSKXSignature: true,
894 },
895 Certificates: []Certificate{getECDSACertificate()},
896 },
897 shouldFail: true,
898 expectedError: ":BAD_SIGNATURE:",
899 },
900 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]901 testType: serverTest,
902 name: "BadRSASignature-ClientAuth",
903 config: Config{
904 Bugs: ProtocolBugs{
905 InvalidCertVerifySignature: true,
906 },
907 Certificates: []Certificate{getRSACertificate()},
908 },
909 shouldFail: true,
910 expectedError: ":BAD_SIGNATURE:",
911 flags: []string{"-require-any-client-certificate"},
912 },
913 {
914 testType: serverTest,
915 name: "BadECDSASignature-ClientAuth",
916 config: Config{
917 Bugs: ProtocolBugs{
918 InvalidCertVerifySignature: true,
919 },
920 Certificates: []Certificate{getECDSACertificate()},
921 },
922 shouldFail: true,
923 expectedError: ":BAD_SIGNATURE:",
924 flags: []string{"-require-any-client-certificate"},
925 },
926 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]927 name: "BadECDSACurve",
928 config: Config{
929 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
930 Bugs: ProtocolBugs{
931 InvalidSKXCurve: true,
932 },
933 Certificates: []Certificate{getECDSACertificate()},
934 },
935 shouldFail: true,
936 expectedError: ":WRONG_CURVE:",
937 },
938 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]939 name: "NoFallbackSCSV",
940 config: Config{
941 Bugs: ProtocolBugs{
942 FailIfNotFallbackSCSV: true,
943 },
944 },
945 shouldFail: true,
946 expectedLocalError: "no fallback SCSV found",
947 },
948 {
949 name: "SendFallbackSCSV",
950 config: Config{
951 Bugs: ProtocolBugs{
952 FailIfNotFallbackSCSV: true,
953 },
954 },
955 flags: []string{"-fallback-scsv"},
956 },
957 {
958 name: "ClientCertificateTypes",
959 config: Config{
960 ClientAuth: RequestClientCert,
961 ClientCertificateTypes: []byte{
962 CertTypeDSSSign,
963 CertTypeRSASign,
964 CertTypeECDSASign,
965 },
966 },
967 flags: []string{
968 "-expect-certificate-types",
969 base64.StdEncoding.EncodeToString([]byte{
970 CertTypeDSSSign,
971 CertTypeRSASign,
972 CertTypeECDSASign,
973 }),
974 },
975 },
976 {
977 name: "NoClientCertificate",
978 config: Config{
979 ClientAuth: RequireAnyClientCert,
980 },
981 shouldFail: true,
982 expectedLocalError: "client didn't provide a certificate",
983 },
984 {
985 name: "UnauthenticatedECDH",
986 config: Config{
987 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
988 Bugs: ProtocolBugs{
989 UnauthenticatedECDH: true,
990 },
991 },
992 shouldFail: true,
993 expectedError: ":UNEXPECTED_MESSAGE:",
994 },
995 {
996 name: "SkipCertificateStatus",
997 config: Config{
998 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
999 Bugs: ProtocolBugs{
1000 SkipCertificateStatus: true,
1001 },
1002 },
1003 flags: []string{
1004 "-enable-ocsp-stapling",
1005 },
1006 },
1007 {
1008 name: "SkipServerKeyExchange",
1009 config: Config{
1010 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1011 Bugs: ProtocolBugs{
1012 SkipServerKeyExchange: true,
1013 },
1014 },
1015 shouldFail: true,
1016 expectedError: ":UNEXPECTED_MESSAGE:",
1017 },
1018 {
1019 name: "SkipChangeCipherSpec-Client",
1020 config: Config{
1021 Bugs: ProtocolBugs{
1022 SkipChangeCipherSpec: true,
1023 },
1024 },
1025 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1026 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1027 },
1028 {
1029 testType: serverTest,
1030 name: "SkipChangeCipherSpec-Server",
1031 config: Config{
1032 Bugs: ProtocolBugs{
1033 SkipChangeCipherSpec: true,
1034 },
1035 },
1036 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1037 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1038 },
1039 {
1040 testType: serverTest,
1041 name: "SkipChangeCipherSpec-Server-NPN",
1042 config: Config{
1043 NextProtos: []string{"bar"},
1044 Bugs: ProtocolBugs{
1045 SkipChangeCipherSpec: true,
1046 },
1047 },
1048 flags: []string{
1049 "-advertise-npn", "\x03foo\x03bar\x03baz",
1050 },
1051 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1052 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1053 },
1054 {
1055 name: "FragmentAcrossChangeCipherSpec-Client",
1056 config: Config{
1057 Bugs: ProtocolBugs{
1058 FragmentAcrossChangeCipherSpec: true,
1059 },
1060 },
1061 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1062 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1063 },
1064 {
1065 testType: serverTest,
1066 name: "FragmentAcrossChangeCipherSpec-Server",
1067 config: Config{
1068 Bugs: ProtocolBugs{
1069 FragmentAcrossChangeCipherSpec: true,
1070 },
1071 },
1072 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1073 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1074 },
1075 {
1076 testType: serverTest,
1077 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1078 config: Config{
1079 NextProtos: []string{"bar"},
1080 Bugs: ProtocolBugs{
1081 FragmentAcrossChangeCipherSpec: true,
1082 },
1083 },
1084 flags: []string{
1085 "-advertise-npn", "\x03foo\x03bar\x03baz",
1086 },
1087 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1088 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1089 },
1090 {
1091 testType: serverTest,
1092 name: "Alert",
1093 config: Config{
1094 Bugs: ProtocolBugs{
1095 SendSpuriousAlert: alertRecordOverflow,
1096 },
1097 },
1098 shouldFail: true,
1099 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1100 },
1101 {
1102 protocol: dtls,
1103 testType: serverTest,
1104 name: "Alert-DTLS",
1105 config: Config{
1106 Bugs: ProtocolBugs{
1107 SendSpuriousAlert: alertRecordOverflow,
1108 },
1109 },
1110 shouldFail: true,
1111 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1112 },
1113 {
1114 testType: serverTest,
1115 name: "FragmentAlert",
1116 config: Config{
1117 Bugs: ProtocolBugs{
1118 FragmentAlert: true,
1119 SendSpuriousAlert: alertRecordOverflow,
1120 },
1121 },
1122 shouldFail: true,
1123 expectedError: ":BAD_ALERT:",
1124 },
1125 {
1126 protocol: dtls,
1127 testType: serverTest,
1128 name: "FragmentAlert-DTLS",
1129 config: Config{
1130 Bugs: ProtocolBugs{
1131 FragmentAlert: true,
1132 SendSpuriousAlert: alertRecordOverflow,
1133 },
1134 },
1135 shouldFail: true,
1136 expectedError: ":BAD_ALERT:",
1137 },
1138 {
1139 testType: serverTest,
1140 name: "EarlyChangeCipherSpec-server-1",
1141 config: Config{
1142 Bugs: ProtocolBugs{
1143 EarlyChangeCipherSpec: 1,
1144 },
1145 },
1146 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1147 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1148 },
1149 {
1150 testType: serverTest,
1151 name: "EarlyChangeCipherSpec-server-2",
1152 config: Config{
1153 Bugs: ProtocolBugs{
1154 EarlyChangeCipherSpec: 2,
1155 },
1156 },
1157 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1158 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1159 },
1160 {
1161 name: "SkipNewSessionTicket",
1162 config: Config{
1163 Bugs: ProtocolBugs{
1164 SkipNewSessionTicket: true,
1165 },
1166 },
1167 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1168 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1169 },
1170 {
1171 testType: serverTest,
1172 name: "FallbackSCSV",
1173 config: Config{
1174 MaxVersion: VersionTLS11,
1175 Bugs: ProtocolBugs{
1176 SendFallbackSCSV: true,
1177 },
1178 },
1179 shouldFail: true,
1180 expectedError: ":INAPPROPRIATE_FALLBACK:",
1181 },
1182 {
1183 testType: serverTest,
1184 name: "FallbackSCSV-VersionMatch",
1185 config: Config{
1186 Bugs: ProtocolBugs{
1187 SendFallbackSCSV: true,
1188 },
1189 },
1190 },
1191 {
1192 testType: serverTest,
1193 name: "FragmentedClientVersion",
1194 config: Config{
1195 Bugs: ProtocolBugs{
1196 MaxHandshakeRecordLength: 1,
1197 FragmentClientVersion: true,
1198 },
1199 },
1200 expectedVersion: VersionTLS12,
1201 },
1202 {
1203 testType: serverTest,
1204 name: "MinorVersionTolerance",
1205 config: Config{
1206 Bugs: ProtocolBugs{
1207 SendClientVersion: 0x03ff,
1208 },
1209 },
1210 expectedVersion: VersionTLS12,
1211 },
1212 {
1213 testType: serverTest,
1214 name: "MajorVersionTolerance",
1215 config: Config{
1216 Bugs: ProtocolBugs{
1217 SendClientVersion: 0x0400,
1218 },
1219 },
1220 expectedVersion: VersionTLS12,
1221 },
1222 {
1223 testType: serverTest,
1224 name: "VersionTooLow",
1225 config: Config{
1226 Bugs: ProtocolBugs{
1227 SendClientVersion: 0x0200,
1228 },
1229 },
1230 shouldFail: true,
1231 expectedError: ":UNSUPPORTED_PROTOCOL:",
1232 },
1233 {
1234 testType: serverTest,
1235 name: "HttpGET",
1236 sendPrefix: "GET / HTTP/1.0\n",
1237 shouldFail: true,
1238 expectedError: ":HTTP_REQUEST:",
1239 },
1240 {
1241 testType: serverTest,
1242 name: "HttpPOST",
1243 sendPrefix: "POST / HTTP/1.0\n",
1244 shouldFail: true,
1245 expectedError: ":HTTP_REQUEST:",
1246 },
1247 {
1248 testType: serverTest,
1249 name: "HttpHEAD",
1250 sendPrefix: "HEAD / HTTP/1.0\n",
1251 shouldFail: true,
1252 expectedError: ":HTTP_REQUEST:",
1253 },
1254 {
1255 testType: serverTest,
1256 name: "HttpPUT",
1257 sendPrefix: "PUT / HTTP/1.0\n",
1258 shouldFail: true,
1259 expectedError: ":HTTP_REQUEST:",
1260 },
1261 {
1262 testType: serverTest,
1263 name: "HttpCONNECT",
1264 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1265 shouldFail: true,
1266 expectedError: ":HTTPS_PROXY_REQUEST:",
1267 },
1268 {
1269 testType: serverTest,
1270 name: "Garbage",
1271 sendPrefix: "blah",
1272 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1273 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1274 },
1275 {
1276 name: "SkipCipherVersionCheck",
1277 config: Config{
1278 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1279 MaxVersion: VersionTLS11,
1280 Bugs: ProtocolBugs{
1281 SkipCipherVersionCheck: true,
1282 },
1283 },
1284 shouldFail: true,
1285 expectedError: ":WRONG_CIPHER_RETURNED:",
1286 },
1287 {
1288 name: "RSAEphemeralKey",
1289 config: Config{
1290 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1291 Bugs: ProtocolBugs{
1292 RSAEphemeralKey: true,
1293 },
1294 },
1295 shouldFail: true,
1296 expectedError: ":UNEXPECTED_MESSAGE:",
1297 },
1298 {
1299 name: "DisableEverything",
1300 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1301 shouldFail: true,
1302 expectedError: ":WRONG_SSL_VERSION:",
1303 },
1304 {
1305 protocol: dtls,
1306 name: "DisableEverything-DTLS",
1307 flags: []string{"-no-tls12", "-no-tls1"},
1308 shouldFail: true,
1309 expectedError: ":WRONG_SSL_VERSION:",
1310 },
1311 {
1312 name: "NoSharedCipher",
1313 config: Config{
1314 CipherSuites: []uint16{},
1315 },
1316 shouldFail: true,
1317 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1318 },
1319 {
1320 protocol: dtls,
1321 testType: serverTest,
1322 name: "MTU",
1323 config: Config{
1324 Bugs: ProtocolBugs{
1325 MaxPacketLength: 256,
1326 },
1327 },
1328 flags: []string{"-mtu", "256"},
1329 },
1330 {
1331 protocol: dtls,
1332 testType: serverTest,
1333 name: "MTUExceeded",
1334 config: Config{
1335 Bugs: ProtocolBugs{
1336 MaxPacketLength: 255,
1337 },
1338 },
1339 flags: []string{"-mtu", "256"},
1340 shouldFail: true,
1341 expectedLocalError: "dtls: exceeded maximum packet length",
1342 },
1343 {
1344 name: "CertMismatchRSA",
1345 config: Config{
1346 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1347 Certificates: []Certificate{getECDSACertificate()},
1348 Bugs: ProtocolBugs{
1349 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1350 },
1351 },
1352 shouldFail: true,
1353 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1354 },
1355 {
1356 name: "CertMismatchECDSA",
1357 config: Config{
1358 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1359 Certificates: []Certificate{getRSACertificate()},
1360 Bugs: ProtocolBugs{
1361 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1362 },
1363 },
1364 shouldFail: true,
1365 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1366 },
1367 {
1368 name: "EmptyCertificateList",
1369 config: Config{
1370 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1371 Bugs: ProtocolBugs{
1372 EmptyCertificateList: true,
1373 },
1374 },
1375 shouldFail: true,
1376 expectedError: ":DECODE_ERROR:",
1377 },
1378 {
1379 name: "TLSFatalBadPackets",
1380 damageFirstWrite: true,
1381 shouldFail: true,
1382 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1383 },
1384 {
1385 protocol: dtls,
1386 name: "DTLSIgnoreBadPackets",
1387 damageFirstWrite: true,
1388 },
1389 {
1390 protocol: dtls,
1391 name: "DTLSIgnoreBadPackets-Async",
1392 damageFirstWrite: true,
1393 flags: []string{"-async"},
1394 },
1395 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1396 name: "AppDataBeforeHandshake",
1397 config: Config{
1398 Bugs: ProtocolBugs{
1399 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1400 },
1401 },
1402 shouldFail: true,
1403 expectedError: ":UNEXPECTED_RECORD:",
1404 },
1405 {
1406 name: "AppDataBeforeHandshake-Empty",
1407 config: Config{
1408 Bugs: ProtocolBugs{
1409 AppDataBeforeHandshake: []byte{},
1410 },
1411 },
1412 shouldFail: true,
1413 expectedError: ":UNEXPECTED_RECORD:",
1414 },
1415 {
1416 protocol: dtls,
1417 name: "AppDataBeforeHandshake-DTLS",
1418 config: Config{
1419 Bugs: ProtocolBugs{
1420 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1421 },
1422 },
1423 shouldFail: true,
1424 expectedError: ":UNEXPECTED_RECORD:",
1425 },
1426 {
1427 protocol: dtls,
1428 name: "AppDataBeforeHandshake-DTLS-Empty",
1429 config: Config{
1430 Bugs: ProtocolBugs{
1431 AppDataBeforeHandshake: []byte{},
1432 },
1433 },
1434 shouldFail: true,
1435 expectedError: ":UNEXPECTED_RECORD:",
1436 },
1437 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1438 name: "AppDataAfterChangeCipherSpec",
1439 config: Config{
1440 Bugs: ProtocolBugs{
1441 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1442 },
1443 },
1444 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1445 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1446 },
1447 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1448 name: "AppDataAfterChangeCipherSpec-Empty",
1449 config: Config{
1450 Bugs: ProtocolBugs{
1451 AppDataAfterChangeCipherSpec: []byte{},
1452 },
1453 },
1454 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1455 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1456 },
1457 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1458 protocol: dtls,
1459 name: "AppDataAfterChangeCipherSpec-DTLS",
1460 config: Config{
1461 Bugs: ProtocolBugs{
1462 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1463 },
1464 },
1465 // BoringSSL's DTLS implementation will drop the out-of-order
1466 // application data.
1467 },
1468 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1469 protocol: dtls,
1470 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1471 config: Config{
1472 Bugs: ProtocolBugs{
1473 AppDataAfterChangeCipherSpec: []byte{},
1474 },
1475 },
1476 // BoringSSL's DTLS implementation will drop the out-of-order
1477 // application data.
1478 },
1479 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1480 name: "AlertAfterChangeCipherSpec",
1481 config: Config{
1482 Bugs: ProtocolBugs{
1483 AlertAfterChangeCipherSpec: alertRecordOverflow,
1484 },
1485 },
1486 shouldFail: true,
1487 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1488 },
1489 {
1490 protocol: dtls,
1491 name: "AlertAfterChangeCipherSpec-DTLS",
1492 config: Config{
1493 Bugs: ProtocolBugs{
1494 AlertAfterChangeCipherSpec: alertRecordOverflow,
1495 },
1496 },
1497 shouldFail: true,
1498 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1499 },
1500 {
1501 protocol: dtls,
1502 name: "ReorderHandshakeFragments-Small-DTLS",
1503 config: Config{
1504 Bugs: ProtocolBugs{
1505 ReorderHandshakeFragments: true,
1506 // Small enough that every handshake message is
1507 // fragmented.
1508 MaxHandshakeRecordLength: 2,
1509 },
1510 },
1511 },
1512 {
1513 protocol: dtls,
1514 name: "ReorderHandshakeFragments-Large-DTLS",
1515 config: Config{
1516 Bugs: ProtocolBugs{
1517 ReorderHandshakeFragments: true,
1518 // Large enough that no handshake message is
1519 // fragmented.
1520 MaxHandshakeRecordLength: 2048,
1521 },
1522 },
1523 },
1524 {
1525 protocol: dtls,
1526 name: "MixCompleteMessageWithFragments-DTLS",
1527 config: Config{
1528 Bugs: ProtocolBugs{
1529 ReorderHandshakeFragments: true,
1530 MixCompleteMessageWithFragments: true,
1531 MaxHandshakeRecordLength: 2,
1532 },
1533 },
1534 },
1535 {
1536 name: "SendInvalidRecordType",
1537 config: Config{
1538 Bugs: ProtocolBugs{
1539 SendInvalidRecordType: true,
1540 },
1541 },
1542 shouldFail: true,
1543 expectedError: ":UNEXPECTED_RECORD:",
1544 },
1545 {
1546 protocol: dtls,
1547 name: "SendInvalidRecordType-DTLS",
1548 config: Config{
1549 Bugs: ProtocolBugs{
1550 SendInvalidRecordType: true,
1551 },
1552 },
1553 shouldFail: true,
1554 expectedError: ":UNEXPECTED_RECORD:",
1555 },
1556 {
1557 name: "FalseStart-SkipServerSecondLeg",
1558 config: Config{
1559 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1560 NextProtos: []string{"foo"},
1561 Bugs: ProtocolBugs{
1562 SkipNewSessionTicket: true,
1563 SkipChangeCipherSpec: true,
1564 SkipFinished: true,
1565 ExpectFalseStart: true,
1566 },
1567 },
1568 flags: []string{
1569 "-false-start",
1570 "-handshake-never-done",
1571 "-advertise-alpn", "\x03foo",
1572 },
1573 shimWritesFirst: true,
1574 shouldFail: true,
1575 expectedError: ":UNEXPECTED_RECORD:",
1576 },
1577 {
1578 name: "FalseStart-SkipServerSecondLeg-Implicit",
1579 config: Config{
1580 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1581 NextProtos: []string{"foo"},
1582 Bugs: ProtocolBugs{
1583 SkipNewSessionTicket: true,
1584 SkipChangeCipherSpec: true,
1585 SkipFinished: true,
1586 },
1587 },
1588 flags: []string{
1589 "-implicit-handshake",
1590 "-false-start",
1591 "-handshake-never-done",
1592 "-advertise-alpn", "\x03foo",
1593 },
1594 shouldFail: true,
1595 expectedError: ":UNEXPECTED_RECORD:",
1596 },
1597 {
1598 testType: serverTest,
1599 name: "FailEarlyCallback",
1600 flags: []string{"-fail-early-callback"},
1601 shouldFail: true,
1602 expectedError: ":CONNECTION_REJECTED:",
1603 expectedLocalError: "remote error: access denied",
1604 },
1605 {
1606 name: "WrongMessageType",
1607 config: Config{
1608 Bugs: ProtocolBugs{
1609 WrongCertificateMessageType: true,
1610 },
1611 },
1612 shouldFail: true,
1613 expectedError: ":UNEXPECTED_MESSAGE:",
1614 expectedLocalError: "remote error: unexpected message",
1615 },
1616 {
1617 protocol: dtls,
1618 name: "WrongMessageType-DTLS",
1619 config: Config{
1620 Bugs: ProtocolBugs{
1621 WrongCertificateMessageType: true,
1622 },
1623 },
1624 shouldFail: true,
1625 expectedError: ":UNEXPECTED_MESSAGE:",
1626 expectedLocalError: "remote error: unexpected message",
1627 },
1628 {
1629 protocol: dtls,
1630 name: "FragmentMessageTypeMismatch-DTLS",
1631 config: Config{
1632 Bugs: ProtocolBugs{
1633 MaxHandshakeRecordLength: 2,
1634 FragmentMessageTypeMismatch: true,
1635 },
1636 },
1637 shouldFail: true,
1638 expectedError: ":FRAGMENT_MISMATCH:",
1639 },
1640 {
1641 protocol: dtls,
1642 name: "FragmentMessageLengthMismatch-DTLS",
1643 config: Config{
1644 Bugs: ProtocolBugs{
1645 MaxHandshakeRecordLength: 2,
1646 FragmentMessageLengthMismatch: true,
1647 },
1648 },
1649 shouldFail: true,
1650 expectedError: ":FRAGMENT_MISMATCH:",
1651 },
1652 {
1653 protocol: dtls,
1654 name: "SplitFragments-Header-DTLS",
1655 config: Config{
1656 Bugs: ProtocolBugs{
1657 SplitFragments: 2,
1658 },
1659 },
1660 shouldFail: true,
1661 expectedError: ":UNEXPECTED_MESSAGE:",
1662 },
1663 {
1664 protocol: dtls,
1665 name: "SplitFragments-Boundary-DTLS",
1666 config: Config{
1667 Bugs: ProtocolBugs{
1668 SplitFragments: dtlsRecordHeaderLen,
1669 },
1670 },
1671 shouldFail: true,
1672 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1673 },
1674 {
1675 protocol: dtls,
1676 name: "SplitFragments-Body-DTLS",
1677 config: Config{
1678 Bugs: ProtocolBugs{
1679 SplitFragments: dtlsRecordHeaderLen + 1,
1680 },
1681 },
1682 shouldFail: true,
1683 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1684 },
1685 {
1686 protocol: dtls,
1687 name: "SendEmptyFragments-DTLS",
1688 config: Config{
1689 Bugs: ProtocolBugs{
1690 SendEmptyFragments: true,
1691 },
1692 },
1693 },
1694 {
1695 name: "UnsupportedCipherSuite",
1696 config: Config{
1697 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1698 Bugs: ProtocolBugs{
1699 IgnorePeerCipherPreferences: true,
1700 },
1701 },
1702 flags: []string{"-cipher", "DEFAULT:!RC4"},
1703 shouldFail: true,
1704 expectedError: ":WRONG_CIPHER_RETURNED:",
1705 },
1706 {
1707 name: "UnsupportedCurve",
1708 config: Config{
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1709 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1710 CurvePreferences: []CurveID{CurveP256},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1711 Bugs: ProtocolBugs{
1712 IgnorePeerCurvePreferences: true,
1713 },
1714 },
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1715 flags: []string{"-p384-only"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1716 shouldFail: true,
1717 expectedError: ":WRONG_CURVE:",
1718 },
1719 {
1720 name: "BadFinished",
1721 config: Config{
1722 Bugs: ProtocolBugs{
1723 BadFinished: true,
1724 },
1725 },
1726 shouldFail: true,
1727 expectedError: ":DIGEST_CHECK_FAILED:",
1728 },
1729 {
1730 name: "FalseStart-BadFinished",
1731 config: Config{
1732 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1733 NextProtos: []string{"foo"},
1734 Bugs: ProtocolBugs{
1735 BadFinished: true,
1736 ExpectFalseStart: true,
1737 },
1738 },
1739 flags: []string{
1740 "-false-start",
1741 "-handshake-never-done",
1742 "-advertise-alpn", "\x03foo",
1743 },
1744 shimWritesFirst: true,
1745 shouldFail: true,
1746 expectedError: ":DIGEST_CHECK_FAILED:",
1747 },
1748 {
1749 name: "NoFalseStart-NoALPN",
1750 config: Config{
1751 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1752 Bugs: ProtocolBugs{
1753 ExpectFalseStart: true,
1754 AlertBeforeFalseStartTest: alertAccessDenied,
1755 },
1756 },
1757 flags: []string{
1758 "-false-start",
1759 },
1760 shimWritesFirst: true,
1761 shouldFail: true,
1762 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1763 expectedLocalError: "tls: peer did not false start: EOF",
1764 },
1765 {
1766 name: "NoFalseStart-NoAEAD",
1767 config: Config{
1768 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1769 NextProtos: []string{"foo"},
1770 Bugs: ProtocolBugs{
1771 ExpectFalseStart: true,
1772 AlertBeforeFalseStartTest: alertAccessDenied,
1773 },
1774 },
1775 flags: []string{
1776 "-false-start",
1777 "-advertise-alpn", "\x03foo",
1778 },
1779 shimWritesFirst: true,
1780 shouldFail: true,
1781 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1782 expectedLocalError: "tls: peer did not false start: EOF",
1783 },
1784 {
1785 name: "NoFalseStart-RSA",
1786 config: Config{
1787 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1788 NextProtos: []string{"foo"},
1789 Bugs: ProtocolBugs{
1790 ExpectFalseStart: true,
1791 AlertBeforeFalseStartTest: alertAccessDenied,
1792 },
1793 },
1794 flags: []string{
1795 "-false-start",
1796 "-advertise-alpn", "\x03foo",
1797 },
1798 shimWritesFirst: true,
1799 shouldFail: true,
1800 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1801 expectedLocalError: "tls: peer did not false start: EOF",
1802 },
1803 {
1804 name: "NoFalseStart-DHE_RSA",
1805 config: Config{
1806 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1807 NextProtos: []string{"foo"},
1808 Bugs: ProtocolBugs{
1809 ExpectFalseStart: true,
1810 AlertBeforeFalseStartTest: alertAccessDenied,
1811 },
1812 },
1813 flags: []string{
1814 "-false-start",
1815 "-advertise-alpn", "\x03foo",
1816 },
1817 shimWritesFirst: true,
1818 shouldFail: true,
1819 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1820 expectedLocalError: "tls: peer did not false start: EOF",
1821 },
1822 {
1823 testType: serverTest,
1824 name: "NoSupportedCurves",
1825 config: Config{
1826 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1827 Bugs: ProtocolBugs{
1828 NoSupportedCurves: true,
1829 },
1830 },
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]1831 shouldFail: true,
1832 expectedError: ":NO_SHARED_CIPHER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1833 },
1834 {
1835 testType: serverTest,
1836 name: "NoCommonCurves",
1837 config: Config{
1838 CipherSuites: []uint16{
1839 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1840 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1841 },
1842 CurvePreferences: []CurveID{CurveP224},
1843 },
1844 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1845 },
1846 {
1847 protocol: dtls,
1848 name: "SendSplitAlert-Sync",
1849 config: Config{
1850 Bugs: ProtocolBugs{
1851 SendSplitAlert: true,
1852 },
1853 },
1854 },
1855 {
1856 protocol: dtls,
1857 name: "SendSplitAlert-Async",
1858 config: Config{
1859 Bugs: ProtocolBugs{
1860 SendSplitAlert: true,
1861 },
1862 },
1863 flags: []string{"-async"},
1864 },
1865 {
1866 protocol: dtls,
1867 name: "PackDTLSHandshake",
1868 config: Config{
1869 Bugs: ProtocolBugs{
1870 MaxHandshakeRecordLength: 2,
1871 PackHandshakeFragments: 20,
1872 PackHandshakeRecords: 200,
1873 },
1874 },
1875 },
1876 {
1877 testType: serverTest,
1878 protocol: dtls,
1879 name: "NoRC4-DTLS",
1880 config: Config{
1881 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1882 Bugs: ProtocolBugs{
1883 EnableAllCiphersInDTLS: true,
1884 },
1885 },
1886 shouldFail: true,
1887 expectedError: ":NO_SHARED_CIPHER:",
1888 },
1889 {
1890 name: "SendEmptyRecords-Pass",
1891 sendEmptyRecords: 32,
1892 },
1893 {
1894 name: "SendEmptyRecords",
1895 sendEmptyRecords: 33,
1896 shouldFail: true,
1897 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1898 },
1899 {
1900 name: "SendEmptyRecords-Async",
1901 sendEmptyRecords: 33,
1902 flags: []string{"-async"},
1903 shouldFail: true,
1904 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1905 },
1906 {
1907 name: "SendWarningAlerts-Pass",
1908 sendWarningAlerts: 4,
1909 },
1910 {
1911 protocol: dtls,
1912 name: "SendWarningAlerts-DTLS-Pass",
1913 sendWarningAlerts: 4,
1914 },
1915 {
1916 name: "SendWarningAlerts",
1917 sendWarningAlerts: 5,
1918 shouldFail: true,
1919 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1920 },
1921 {
1922 name: "SendWarningAlerts-Async",
1923 sendWarningAlerts: 5,
1924 flags: []string{"-async"},
1925 shouldFail: true,
1926 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1927 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1928 {
1929 name: "EmptySessionID",
1930 config: Config{
1931 SessionTicketsDisabled: true,
1932 },
1933 noSessionCache: true,
1934 flags: []string{"-expect-no-session"},
1935 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1936 {
1937 name: "Unclean-Shutdown",
1938 config: Config{
1939 Bugs: ProtocolBugs{
1940 NoCloseNotify: true,
1941 ExpectCloseNotify: true,
1942 },
1943 },
1944 shimShutsDown: true,
1945 flags: []string{"-check-close-notify"},
1946 shouldFail: true,
1947 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1948 },
1949 {
1950 name: "Unclean-Shutdown-Ignored",
1951 config: Config{
1952 Bugs: ProtocolBugs{
1953 NoCloseNotify: true,
1954 },
1955 },
1956 shimShutsDown: true,
1957 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]1958 {
1959 name: "LargePlaintext",
1960 config: Config{
1961 Bugs: ProtocolBugs{
1962 SendLargeRecords: true,
1963 },
1964 },
1965 messageLen: maxPlaintext + 1,
1966 shouldFail: true,
1967 expectedError: ":DATA_LENGTH_TOO_LONG:",
1968 },
1969 {
1970 protocol: dtls,
1971 name: "LargePlaintext-DTLS",
1972 config: Config{
1973 Bugs: ProtocolBugs{
1974 SendLargeRecords: true,
1975 },
1976 },
1977 messageLen: maxPlaintext + 1,
1978 shouldFail: true,
1979 expectedError: ":DATA_LENGTH_TOO_LONG:",
1980 },
1981 {
1982 name: "LargeCiphertext",
1983 config: Config{
1984 Bugs: ProtocolBugs{
1985 SendLargeRecords: true,
1986 },
1987 },
1988 messageLen: maxPlaintext * 2,
1989 shouldFail: true,
1990 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
1991 },
1992 {
1993 protocol: dtls,
1994 name: "LargeCiphertext-DTLS",
1995 config: Config{
1996 Bugs: ProtocolBugs{
1997 SendLargeRecords: true,
1998 },
1999 },
2000 messageLen: maxPlaintext * 2,
2001 // Unlike the other four cases, DTLS drops records which
2002 // are invalid before authentication, so the connection
2003 // does not fail.
2004 expectMessageDropped: true,
2005 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2006 {
2007 name: "SendEmptySessionTicket",
2008 config: Config{
2009 Bugs: ProtocolBugs{
2010 SendEmptySessionTicket: true,
2011 FailIfSessionOffered: true,
2012 },
2013 },
2014 flags: []string{"-expect-no-session"},
2015 resumeSession: true,
2016 expectResumeRejected: true,
2017 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]2018 {
2019 name: "CheckLeafCurve",
2020 config: Config{
2021 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2022 Certificates: []Certificate{getECDSACertificate()},
2023 },
2024 flags: []string{"-p384-only"},
2025 shouldFail: true,
2026 expectedError: ":BAD_ECC_CERT:",
2027 },
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2028 {
2029 name: "BadChangeCipherSpec-1",
2030 config: Config{
2031 Bugs: ProtocolBugs{
2032 BadChangeCipherSpec: []byte{2},
2033 },
2034 },
2035 shouldFail: true,
2036 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2037 },
2038 {
2039 name: "BadChangeCipherSpec-2",
2040 config: Config{
2041 Bugs: ProtocolBugs{
2042 BadChangeCipherSpec: []byte{1, 1},
2043 },
2044 },
2045 shouldFail: true,
2046 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2047 },
2048 {
2049 protocol: dtls,
2050 name: "BadChangeCipherSpec-DTLS-1",
2051 config: Config{
2052 Bugs: ProtocolBugs{
2053 BadChangeCipherSpec: []byte{2},
2054 },
2055 },
2056 shouldFail: true,
2057 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2058 },
2059 {
2060 protocol: dtls,
2061 name: "BadChangeCipherSpec-DTLS-2",
2062 config: Config{
2063 Bugs: ProtocolBugs{
2064 BadChangeCipherSpec: []byte{1, 1},
2065 },
2066 },
2067 shouldFail: true,
2068 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2069 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2070 {
2071 name: "BadHelloRequest-1",
2072 renegotiate: 1,
2073 config: Config{
2074 Bugs: ProtocolBugs{
2075 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2076 },
2077 },
2078 flags: []string{
2079 "-renegotiate-freely",
2080 "-expect-total-renegotiations", "1",
2081 },
2082 shouldFail: true,
2083 expectedError: ":BAD_HELLO_REQUEST:",
2084 },
2085 {
2086 name: "BadHelloRequest-2",
2087 renegotiate: 1,
2088 config: Config{
2089 Bugs: ProtocolBugs{
2090 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2091 },
2092 },
2093 flags: []string{
2094 "-renegotiate-freely",
2095 "-expect-total-renegotiations", "1",
2096 },
2097 shouldFail: true,
2098 expectedError: ":BAD_HELLO_REQUEST:",
2099 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2100 {
2101 testType: serverTest,
2102 name: "SupportTicketsWithSessionID",
2103 config: Config{
2104 SessionTicketsDisabled: true,
2105 },
2106 resumeConfig: &Config{},
2107 resumeSession: true,
2108 },
David Benjamin2b07fa42016-03-02 00:23:57 -0500[diff] [blame^]2109 {
2110 name: "InvalidECDHPoint-Client",
2111 config: Config{
2112 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2113 CurvePreferences: []CurveID{CurveP256},
2114 Bugs: ProtocolBugs{
2115 InvalidECDHPoint: true,
2116 },
2117 },
2118 shouldFail: true,
2119 expectedError: ":INVALID_ENCODING:",
2120 },
2121 {
2122 testType: serverTest,
2123 name: "InvalidECDHPoint-Server",
2124 config: Config{
2125 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2126 CurvePreferences: []CurveID{CurveP256},
2127 Bugs: ProtocolBugs{
2128 InvalidECDHPoint: true,
2129 },
2130 },
2131 shouldFail: true,
2132 expectedError: ":INVALID_ENCODING:",
2133 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2134 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2135 testCases = append(testCases, basicTests...)
2136}
2137
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2138func addCipherSuiteTests() {
2139 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2140 const psk = "12345"
2141 const pskIdentity = "luggage combo"
2142
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2143 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2144 var certFile string
2145 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2146 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2147 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2148 certFile = ecdsaCertificateFile
2149 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2150 } else {
2151 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2152 certFile = rsaCertificateFile
2153 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2154 }
2155
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2156 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2157 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2158 flags = append(flags,
2159 "-psk", psk,
2160 "-psk-identity", pskIdentity)
2161 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2162 if hasComponent(suite.name, "NULL") {
2163 // NULL ciphers must be explicitly enabled.
2164 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2165 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2166
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2167 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]2168 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2169 continue
2170 }
2171
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2172 shouldFail := isTLSOnly(suite.name) && ver.version == VersionSSL30
2173
2174 expectedError := ""
2175 if shouldFail {
2176 expectedError = ":NO_SHARED_CIPHER:"
2177 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2178
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2179 testCases = append(testCases, testCase{
2180 testType: serverTest,
2181 name: ver.name + "-" + suite.name + "-server",
2182 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2183 MinVersion: ver.version,
2184 MaxVersion: ver.version,
2185 CipherSuites: []uint16{suite.id},
2186 Certificates: []Certificate{cert},
2187 PreSharedKey: []byte(psk),
2188 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2189 },
2190 certFile: certFile,
2191 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2192 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2193 resumeSession: true,
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2194 shouldFail: shouldFail,
2195 expectedError: expectedError,
2196 })
2197
2198 if shouldFail {
2199 continue
2200 }
2201
2202 testCases = append(testCases, testCase{
2203 testType: clientTest,
2204 name: ver.name + "-" + suite.name + "-client",
2205 config: Config{
2206 MinVersion: ver.version,
2207 MaxVersion: ver.version,
2208 CipherSuites: []uint16{suite.id},
2209 Certificates: []Certificate{cert},
2210 PreSharedKey: []byte(psk),
2211 PreSharedKeyIdentity: pskIdentity,
2212 },
2213 flags: flags,
2214 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2215 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2216
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2217 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2218 testCases = append(testCases, testCase{
2219 testType: clientTest,
2220 protocol: dtls,
2221 name: "D" + ver.name + "-" + suite.name + "-client",
2222 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2223 MinVersion: ver.version,
2224 MaxVersion: ver.version,
2225 CipherSuites: []uint16{suite.id},
2226 Certificates: []Certificate{cert},
2227 PreSharedKey: []byte(psk),
2228 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2229 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2230 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2231 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2232 })
2233 testCases = append(testCases, testCase{
2234 testType: serverTest,
2235 protocol: dtls,
2236 name: "D" + ver.name + "-" + suite.name + "-server",
2237 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2238 MinVersion: ver.version,
2239 MaxVersion: ver.version,
2240 CipherSuites: []uint16{suite.id},
2241 Certificates: []Certificate{cert},
2242 PreSharedKey: []byte(psk),
2243 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2244 },
2245 certFile: certFile,
2246 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2247 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2248 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2249 })
2250 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2251 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2252
2253 // Ensure both TLS and DTLS accept their maximum record sizes.
2254 testCases = append(testCases, testCase{
2255 name: suite.name + "-LargeRecord",
2256 config: Config{
2257 CipherSuites: []uint16{suite.id},
2258 Certificates: []Certificate{cert},
2259 PreSharedKey: []byte(psk),
2260 PreSharedKeyIdentity: pskIdentity,
2261 },
2262 flags: flags,
2263 messageLen: maxPlaintext,
2264 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2265 if isDTLSCipher(suite.name) {
2266 testCases = append(testCases, testCase{
2267 protocol: dtls,
2268 name: suite.name + "-LargeRecord-DTLS",
2269 config: Config{
2270 CipherSuites: []uint16{suite.id},
2271 Certificates: []Certificate{cert},
2272 PreSharedKey: []byte(psk),
2273 PreSharedKeyIdentity: pskIdentity,
2274 },
2275 flags: flags,
2276 messageLen: maxPlaintext,
2277 })
2278 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2279 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2280
2281 testCases = append(testCases, testCase{
2282 name: "WeakDH",
2283 config: Config{
2284 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2285 Bugs: ProtocolBugs{
2286 // This is a 1023-bit prime number, generated
2287 // with:
2288 // openssl gendh 1023 | openssl asn1parse -i
2289 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2290 },
2291 },
2292 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2293 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2294 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2295
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2296 testCases = append(testCases, testCase{
2297 name: "SillyDH",
2298 config: Config{
2299 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2300 Bugs: ProtocolBugs{
2301 // This is a 4097-bit prime number, generated
2302 // with:
2303 // openssl gendh 4097 | openssl asn1parse -i
2304 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2305 },
2306 },
2307 shouldFail: true,
2308 expectedError: ":DH_P_TOO_LONG:",
2309 })
2310
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2311 // This test ensures that Diffie-Hellman public values are padded with
2312 // zeros so that they're the same length as the prime. This is to avoid
2313 // hitting a bug in yaSSL.
2314 testCases = append(testCases, testCase{
2315 testType: serverTest,
2316 name: "DHPublicValuePadded",
2317 config: Config{
2318 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2319 Bugs: ProtocolBugs{
2320 RequireDHPublicValueLen: (1025 + 7) / 8,
2321 },
2322 },
2323 flags: []string{"-use-sparse-dh-prime"},
2324 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2325
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2326 // The server must be tolerant to bogus ciphers.
2327 const bogusCipher = 0x1234
2328 testCases = append(testCases, testCase{
2329 testType: serverTest,
2330 name: "UnknownCipher",
2331 config: Config{
2332 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2333 },
2334 })
2335
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2336 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2337 // 1.1 specific cipher suite settings. A server is setup with the given
2338 // cipher lists and then a connection is made for each member of
2339 // expectations. The cipher suite that the server selects must match
2340 // the specified one.
2341 var versionSpecificCiphersTest = []struct {
2342 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2343 // expectations is a map from TLS version to cipher suite id.
2344 expectations map[uint16]uint16
2345 }{
2346 {
2347 // Test that the null case (where no version-specific ciphers are set)
2348 // works as expected.
2349 "RC4-SHA:AES128-SHA", // default ciphers
2350 "", // no ciphers specifically for TLS ≥ 1.0
2351 "", // no ciphers specifically for TLS ≥ 1.1
2352 map[uint16]uint16{
2353 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2354 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2355 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2356 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2357 },
2358 },
2359 {
2360 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2361 // cipher.
2362 "RC4-SHA:AES128-SHA", // default
2363 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2364 "", // no ciphers specifically for TLS ≥ 1.1
2365 map[uint16]uint16{
2366 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2367 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2368 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2369 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2370 },
2371 },
2372 {
2373 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2374 // cipher.
2375 "RC4-SHA:AES128-SHA", // default
2376 "", // no ciphers specifically for TLS ≥ 1.0
2377 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2378 map[uint16]uint16{
2379 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2380 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2381 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2382 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2383 },
2384 },
2385 {
2386 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2387 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2388 "RC4-SHA:AES128-SHA", // default
2389 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2390 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2391 map[uint16]uint16{
2392 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2393 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2394 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2395 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2396 },
2397 },
2398 }
2399
2400 for i, test := range versionSpecificCiphersTest {
2401 for version, expectedCipherSuite := range test.expectations {
2402 flags := []string{"-cipher", test.ciphersDefault}
2403 if len(test.ciphersTLS10) > 0 {
2404 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2405 }
2406 if len(test.ciphersTLS11) > 0 {
2407 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2408 }
2409
2410 testCases = append(testCases, testCase{
2411 testType: serverTest,
2412 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2413 config: Config{
2414 MaxVersion: version,
2415 MinVersion: version,
2416 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2417 },
2418 flags: flags,
2419 expectedCipher: expectedCipherSuite,
2420 })
2421 }
2422 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2423}
2424
2425func addBadECDSASignatureTests() {
2426 for badR := BadValue(1); badR < NumBadValues; badR++ {
2427 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2428 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2429 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2430 config: Config{
2431 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2432 Certificates: []Certificate{getECDSACertificate()},
2433 Bugs: ProtocolBugs{
2434 BadECDSAR: badR,
2435 BadECDSAS: badS,
2436 },
2437 },
2438 shouldFail: true,
2439 expectedError: "SIGNATURE",
2440 })
2441 }
2442 }
2443}
2444
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2445func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2446 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2447 name: "MaxCBCPadding",
2448 config: Config{
2449 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2450 Bugs: ProtocolBugs{
2451 MaxPadding: true,
2452 },
2453 },
2454 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2455 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2456 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2457 name: "BadCBCPadding",
2458 config: Config{
2459 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2460 Bugs: ProtocolBugs{
2461 PaddingFirstByteBad: true,
2462 },
2463 },
2464 shouldFail: true,
2465 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2466 })
2467 // OpenSSL previously had an issue where the first byte of padding in
2468 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2469 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2470 name: "BadCBCPadding255",
2471 config: Config{
2472 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2473 Bugs: ProtocolBugs{
2474 MaxPadding: true,
2475 PaddingFirstByteBadIf255: true,
2476 },
2477 },
2478 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2479 shouldFail: true,
2480 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2481 })
2482}
2483
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2484func addCBCSplittingTests() {
2485 testCases = append(testCases, testCase{
2486 name: "CBCRecordSplitting",
2487 config: Config{
2488 MaxVersion: VersionTLS10,
2489 MinVersion: VersionTLS10,
2490 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2491 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2492 messageLen: -1, // read until EOF
2493 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2494 flags: []string{
2495 "-async",
2496 "-write-different-record-sizes",
2497 "-cbc-record-splitting",
2498 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2499 })
2500 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2501 name: "CBCRecordSplittingPartialWrite",
2502 config: Config{
2503 MaxVersion: VersionTLS10,
2504 MinVersion: VersionTLS10,
2505 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2506 },
2507 messageLen: -1, // read until EOF
2508 flags: []string{
2509 "-async",
2510 "-write-different-record-sizes",
2511 "-cbc-record-splitting",
2512 "-partial-write",
2513 },
2514 })
2515}
2516
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2517func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2518 // Add a dummy cert pool to stress certificate authority parsing.
2519 // TODO(davidben): Add tests that those values parse out correctly.
2520 certPool := x509.NewCertPool()
2521 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2522 if err != nil {
2523 panic(err)
2524 }
2525 certPool.AddCert(cert)
2526
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2527 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2528 testCases = append(testCases, testCase{
2529 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2530 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2531 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2532 MinVersion: ver.version,
2533 MaxVersion: ver.version,
2534 ClientAuth: RequireAnyClientCert,
2535 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2536 },
2537 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2538 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2539 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2540 },
2541 })
2542 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2543 testType: serverTest,
2544 name: ver.name + "-Server-ClientAuth-RSA",
2545 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2546 MinVersion: ver.version,
2547 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2548 Certificates: []Certificate{rsaCertificate},
2549 },
2550 flags: []string{"-require-any-client-certificate"},
2551 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2552 if ver.version != VersionSSL30 {
2553 testCases = append(testCases, testCase{
2554 testType: serverTest,
2555 name: ver.name + "-Server-ClientAuth-ECDSA",
2556 config: Config{
2557 MinVersion: ver.version,
2558 MaxVersion: ver.version,
2559 Certificates: []Certificate{ecdsaCertificate},
2560 },
2561 flags: []string{"-require-any-client-certificate"},
2562 })
2563 testCases = append(testCases, testCase{
2564 testType: clientTest,
2565 name: ver.name + "-Client-ClientAuth-ECDSA",
2566 config: Config{
2567 MinVersion: ver.version,
2568 MaxVersion: ver.version,
2569 ClientAuth: RequireAnyClientCert,
2570 ClientCAs: certPool,
2571 },
2572 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2573 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2574 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2575 },
2576 })
2577 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2578 }
2579}
2580
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2581func addExtendedMasterSecretTests() {
2582 const expectEMSFlag = "-expect-extended-master-secret"
2583
2584 for _, with := range []bool{false, true} {
2585 prefix := "No"
2586 var flags []string
2587 if with {
2588 prefix = ""
2589 flags = []string{expectEMSFlag}
2590 }
2591
2592 for _, isClient := range []bool{false, true} {
2593 suffix := "-Server"
2594 testType := serverTest
2595 if isClient {
2596 suffix = "-Client"
2597 testType = clientTest
2598 }
2599
2600 for _, ver := range tlsVersions {
2601 test := testCase{
2602 testType: testType,
2603 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2604 config: Config{
2605 MinVersion: ver.version,
2606 MaxVersion: ver.version,
2607 Bugs: ProtocolBugs{
2608 NoExtendedMasterSecret: !with,
2609 RequireExtendedMasterSecret: with,
2610 },
2611 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2612 flags: flags,
2613 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2614 }
2615 if test.shouldFail {
2616 test.expectedLocalError = "extended master secret required but not supported by peer"
2617 }
2618 testCases = append(testCases, test)
2619 }
2620 }
2621 }
2622
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2623 for _, isClient := range []bool{false, true} {
2624 for _, supportedInFirstConnection := range []bool{false, true} {
2625 for _, supportedInResumeConnection := range []bool{false, true} {
2626 boolToWord := func(b bool) string {
2627 if b {
2628 return "Yes"
2629 }
2630 return "No"
2631 }
2632 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2633 if isClient {
2634 suffix += "Client"
2635 } else {
2636 suffix += "Server"
2637 }
2638
2639 supportedConfig := Config{
2640 Bugs: ProtocolBugs{
2641 RequireExtendedMasterSecret: true,
2642 },
2643 }
2644
2645 noSupportConfig := Config{
2646 Bugs: ProtocolBugs{
2647 NoExtendedMasterSecret: true,
2648 },
2649 }
2650
2651 test := testCase{
2652 name: "ExtendedMasterSecret-" + suffix,
2653 resumeSession: true,
2654 }
2655
2656 if !isClient {
2657 test.testType = serverTest
2658 }
2659
2660 if supportedInFirstConnection {
2661 test.config = supportedConfig
2662 } else {
2663 test.config = noSupportConfig
2664 }
2665
2666 if supportedInResumeConnection {
2667 test.resumeConfig = &supportedConfig
2668 } else {
2669 test.resumeConfig = &noSupportConfig
2670 }
2671
2672 switch suffix {
2673 case "YesToYes-Client", "YesToYes-Server":
2674 // When a session is resumed, it should
2675 // still be aware that its master
2676 // secret was generated via EMS and
2677 // thus it's safe to use tls-unique.
2678 test.flags = []string{expectEMSFlag}
2679 case "NoToYes-Server":
2680 // If an original connection did not
2681 // contain EMS, but a resumption
2682 // handshake does, then a server should
2683 // not resume the session.
2684 test.expectResumeRejected = true
2685 case "YesToNo-Server":
2686 // Resuming an EMS session without the
2687 // EMS extension should cause the
2688 // server to abort the connection.
2689 test.shouldFail = true
2690 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2691 case "NoToYes-Client":
2692 // A client should abort a connection
2693 // where the server resumed a non-EMS
2694 // session but echoed the EMS
2695 // extension.
2696 test.shouldFail = true
2697 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2698 case "YesToNo-Client":
2699 // A client should abort a connection
2700 // where the server didn't echo EMS
2701 // when the session used it.
2702 test.shouldFail = true
2703 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2704 }
2705
2706 testCases = append(testCases, test)
2707 }
2708 }
2709 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2710}
2711
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2712// Adds tests that try to cover the range of the handshake state machine, under
2713// various conditions. Some of these are redundant with other tests, but they
2714// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2715func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2716 var tests []testCase
2717
2718 // Basic handshake, with resumption. Client and server,
2719 // session ID and session ticket.
2720 tests = append(tests, testCase{
2721 name: "Basic-Client",
2722 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2723 // Ensure session tickets are used, not session IDs.
2724 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2725 })
2726 tests = append(tests, testCase{
2727 name: "Basic-Client-RenewTicket",
2728 config: Config{
2729 Bugs: ProtocolBugs{
2730 RenewTicketOnResume: true,
2731 },
2732 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2733 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2734 resumeSession: true,
2735 })
2736 tests = append(tests, testCase{
2737 name: "Basic-Client-NoTicket",
2738 config: Config{
2739 SessionTicketsDisabled: true,
2740 },
2741 resumeSession: true,
2742 })
2743 tests = append(tests, testCase{
2744 name: "Basic-Client-Implicit",
2745 flags: []string{"-implicit-handshake"},
2746 resumeSession: true,
2747 })
2748 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2749 testType: serverTest,
2750 name: "Basic-Server",
2751 config: Config{
2752 Bugs: ProtocolBugs{
2753 RequireSessionTickets: true,
2754 },
2755 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2756 resumeSession: true,
2757 })
2758 tests = append(tests, testCase{
2759 testType: serverTest,
2760 name: "Basic-Server-NoTickets",
2761 config: Config{
2762 SessionTicketsDisabled: true,
2763 },
2764 resumeSession: true,
2765 })
2766 tests = append(tests, testCase{
2767 testType: serverTest,
2768 name: "Basic-Server-Implicit",
2769 flags: []string{"-implicit-handshake"},
2770 resumeSession: true,
2771 })
2772 tests = append(tests, testCase{
2773 testType: serverTest,
2774 name: "Basic-Server-EarlyCallback",
2775 flags: []string{"-use-early-callback"},
2776 resumeSession: true,
2777 })
2778
2779 // TLS client auth.
2780 tests = append(tests, testCase{
2781 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2782 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2783 config: Config{
2784 ClientAuth: RequireAnyClientCert,
2785 },
2786 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2787 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2788 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2789 },
2790 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2791 tests = append(tests, testCase{
2792 testType: clientTest,
2793 name: "ClientAuth-ECDSA-Client",
2794 config: Config{
2795 ClientAuth: RequireAnyClientCert,
2796 },
2797 flags: []string{
2798 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2799 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2800 },
2801 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2802 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2803 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2804 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2805 testType: serverTest,
2806 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2807 config: Config{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2808 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2809 },
2810 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2811 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2812 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2813 },
2814 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2815 tests = append(tests, testCase{
2816 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2817 name: "Basic-Server-ECDHE-RSA",
2818 config: Config{
2819 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2820 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2821 flags: []string{
2822 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2823 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2824 },
2825 })
2826 tests = append(tests, testCase{
2827 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2828 name: "Basic-Server-ECDHE-ECDSA",
2829 config: Config{
2830 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2831 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2832 flags: []string{
2833 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2834 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2835 },
2836 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2837 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2838 tests = append(tests, testCase{
2839 testType: serverTest,
2840 name: "ClientAuth-Server",
2841 config: Config{
2842 Certificates: []Certificate{rsaCertificate},
2843 },
2844 flags: []string{"-require-any-client-certificate"},
2845 })
2846
2847 // No session ticket support; server doesn't send NewSessionTicket.
2848 tests = append(tests, testCase{
2849 name: "SessionTicketsDisabled-Client",
2850 config: Config{
2851 SessionTicketsDisabled: true,
2852 },
2853 })
2854 tests = append(tests, testCase{
2855 testType: serverTest,
2856 name: "SessionTicketsDisabled-Server",
2857 config: Config{
2858 SessionTicketsDisabled: true,
2859 },
2860 })
2861
2862 // Skip ServerKeyExchange in PSK key exchange if there's no
2863 // identity hint.
2864 tests = append(tests, testCase{
2865 name: "EmptyPSKHint-Client",
2866 config: Config{
2867 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2868 PreSharedKey: []byte("secret"),
2869 },
2870 flags: []string{"-psk", "secret"},
2871 })
2872 tests = append(tests, testCase{
2873 testType: serverTest,
2874 name: "EmptyPSKHint-Server",
2875 config: Config{
2876 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2877 PreSharedKey: []byte("secret"),
2878 },
2879 flags: []string{"-psk", "secret"},
2880 })
2881
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2882 tests = append(tests, testCase{
2883 testType: clientTest,
2884 name: "OCSPStapling-Client",
2885 flags: []string{
2886 "-enable-ocsp-stapling",
2887 "-expect-ocsp-response",
2888 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2889 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2890 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2891 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2892 })
2893
2894 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2895 testType: serverTest,
2896 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2897 expectedOCSPResponse: testOCSPResponse,
2898 flags: []string{
2899 "-ocsp-response",
2900 base64.StdEncoding.EncodeToString(testOCSPResponse),
2901 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2902 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2903 })
2904
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2905 tests = append(tests, testCase{
2906 testType: clientTest,
2907 name: "CertificateVerificationSucceed",
2908 flags: []string{
2909 "-verify-peer",
2910 },
2911 })
2912
2913 tests = append(tests, testCase{
2914 testType: clientTest,
2915 name: "CertificateVerificationFail",
2916 flags: []string{
2917 "-verify-fail",
2918 "-verify-peer",
2919 },
2920 shouldFail: true,
2921 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
2922 })
2923
2924 tests = append(tests, testCase{
2925 testType: clientTest,
2926 name: "CertificateVerificationSoftFail",
2927 flags: []string{
2928 "-verify-fail",
2929 "-expect-verify-result",
2930 },
2931 })
2932
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2933 if protocol == tls {
2934 tests = append(tests, testCase{
2935 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]2936 renegotiate: 1,
2937 flags: []string{
2938 "-renegotiate-freely",
2939 "-expect-total-renegotiations", "1",
2940 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2941 })
2942 // NPN on client and server; results in post-handshake message.
2943 tests = append(tests, testCase{
2944 name: "NPN-Client",
2945 config: Config{
2946 NextProtos: []string{"foo"},
2947 },
2948 flags: []string{"-select-next-proto", "foo"},
2949 expectedNextProto: "foo",
2950 expectedNextProtoType: npn,
2951 })
2952 tests = append(tests, testCase{
2953 testType: serverTest,
2954 name: "NPN-Server",
2955 config: Config{
2956 NextProtos: []string{"bar"},
2957 },
2958 flags: []string{
2959 "-advertise-npn", "\x03foo\x03bar\x03baz",
2960 "-expect-next-proto", "bar",
2961 },
2962 expectedNextProto: "bar",
2963 expectedNextProtoType: npn,
2964 })
2965
2966 // TODO(davidben): Add tests for when False Start doesn't trigger.
2967
2968 // Client does False Start and negotiates NPN.
2969 tests = append(tests, testCase{
2970 name: "FalseStart",
2971 config: Config{
2972 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2973 NextProtos: []string{"foo"},
2974 Bugs: ProtocolBugs{
2975 ExpectFalseStart: true,
2976 },
2977 },
2978 flags: []string{
2979 "-false-start",
2980 "-select-next-proto", "foo",
2981 },
2982 shimWritesFirst: true,
2983 resumeSession: true,
2984 })
2985
2986 // Client does False Start and negotiates ALPN.
2987 tests = append(tests, testCase{
2988 name: "FalseStart-ALPN",
2989 config: Config{
2990 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2991 NextProtos: []string{"foo"},
2992 Bugs: ProtocolBugs{
2993 ExpectFalseStart: true,
2994 },
2995 },
2996 flags: []string{
2997 "-false-start",
2998 "-advertise-alpn", "\x03foo",
2999 },
3000 shimWritesFirst: true,
3001 resumeSession: true,
3002 })
3003
3004 // Client does False Start but doesn't explicitly call
3005 // SSL_connect.
3006 tests = append(tests, testCase{
3007 name: "FalseStart-Implicit",
3008 config: Config{
3009 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3010 NextProtos: []string{"foo"},
3011 },
3012 flags: []string{
3013 "-implicit-handshake",
3014 "-false-start",
3015 "-advertise-alpn", "\x03foo",
3016 },
3017 })
3018
3019 // False Start without session tickets.
3020 tests = append(tests, testCase{
3021 name: "FalseStart-SessionTicketsDisabled",
3022 config: Config{
3023 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3024 NextProtos: []string{"foo"},
3025 SessionTicketsDisabled: true,
3026 Bugs: ProtocolBugs{
3027 ExpectFalseStart: true,
3028 },
3029 },
3030 flags: []string{
3031 "-false-start",
3032 "-select-next-proto", "foo",
3033 },
3034 shimWritesFirst: true,
3035 })
3036
3037 // Server parses a V2ClientHello.
3038 tests = append(tests, testCase{
3039 testType: serverTest,
3040 name: "SendV2ClientHello",
3041 config: Config{
3042 // Choose a cipher suite that does not involve
3043 // elliptic curves, so no extensions are
3044 // involved.
3045 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3046 Bugs: ProtocolBugs{
3047 SendV2ClientHello: true,
3048 },
3049 },
3050 })
3051
3052 // Client sends a Channel ID.
3053 tests = append(tests, testCase{
3054 name: "ChannelID-Client",
3055 config: Config{
3056 RequestChannelID: true,
3057 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3058 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3059 resumeSession: true,
3060 expectChannelID: true,
3061 })
3062
3063 // Server accepts a Channel ID.
3064 tests = append(tests, testCase{
3065 testType: serverTest,
3066 name: "ChannelID-Server",
3067 config: Config{
3068 ChannelID: channelIDKey,
3069 },
3070 flags: []string{
3071 "-expect-channel-id",
3072 base64.StdEncoding.EncodeToString(channelIDBytes),
3073 },
3074 resumeSession: true,
3075 expectChannelID: true,
3076 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3077
3078 // Bidirectional shutdown with the runner initiating.
3079 tests = append(tests, testCase{
3080 name: "Shutdown-Runner",
3081 config: Config{
3082 Bugs: ProtocolBugs{
3083 ExpectCloseNotify: true,
3084 },
3085 },
3086 flags: []string{"-check-close-notify"},
3087 })
3088
3089 // Bidirectional shutdown with the shim initiating. The runner,
3090 // in the meantime, sends garbage before the close_notify which
3091 // the shim must ignore.
3092 tests = append(tests, testCase{
3093 name: "Shutdown-Shim",
3094 config: Config{
3095 Bugs: ProtocolBugs{
3096 ExpectCloseNotify: true,
3097 },
3098 },
3099 shimShutsDown: true,
3100 sendEmptyRecords: 1,
3101 sendWarningAlerts: 1,
3102 flags: []string{"-check-close-notify"},
3103 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3104 } else {
3105 tests = append(tests, testCase{
3106 name: "SkipHelloVerifyRequest",
3107 config: Config{
3108 Bugs: ProtocolBugs{
3109 SkipHelloVerifyRequest: true,
3110 },
3111 },
3112 })
3113 }
3114
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3115 for _, test := range tests {
3116 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3117 if protocol == dtls {
3118 test.name += "-DTLS"
3119 }
3120 if async {
3121 test.name += "-Async"
3122 test.flags = append(test.flags, "-async")
3123 } else {
3124 test.name += "-Sync"
3125 }
3126 if splitHandshake {
3127 test.name += "-SplitHandshakeRecords"
3128 test.config.Bugs.MaxHandshakeRecordLength = 1
3129 if protocol == dtls {
3130 test.config.Bugs.MaxPacketLength = 256
3131 test.flags = append(test.flags, "-mtu", "256")
3132 }
3133 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3134 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3135 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3136}
3137
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3138func addDDoSCallbackTests() {
3139 // DDoS callback.
3140
3141 for _, resume := range []bool{false, true} {
3142 suffix := "Resume"
3143 if resume {
3144 suffix = "No" + suffix
3145 }
3146
3147 testCases = append(testCases, testCase{
3148 testType: serverTest,
3149 name: "Server-DDoS-OK-" + suffix,
3150 flags: []string{"-install-ddos-callback"},
3151 resumeSession: resume,
3152 })
3153
3154 failFlag := "-fail-ddos-callback"
3155 if resume {
3156 failFlag = "-fail-second-ddos-callback"
3157 }
3158 testCases = append(testCases, testCase{
3159 testType: serverTest,
3160 name: "Server-DDoS-Reject-" + suffix,
3161 flags: []string{"-install-ddos-callback", failFlag},
3162 resumeSession: resume,
3163 shouldFail: true,
3164 expectedError: ":CONNECTION_REJECTED:",
3165 })
3166 }
3167}
3168
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3169func addVersionNegotiationTests() {
3170 for i, shimVers := range tlsVersions {
3171 // Assemble flags to disable all newer versions on the shim.
3172 var flags []string
3173 for _, vers := range tlsVersions[i+1:] {
3174 flags = append(flags, vers.flag)
3175 }
3176
3177 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3178 protocols := []protocol{tls}
3179 if runnerVers.hasDTLS && shimVers.hasDTLS {
3180 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3181 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3182 for _, protocol := range protocols {
3183 expectedVersion := shimVers.version
3184 if runnerVers.version < shimVers.version {
3185 expectedVersion = runnerVers.version
3186 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3187
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3188 suffix := shimVers.name + "-" + runnerVers.name
3189 if protocol == dtls {
3190 suffix += "-DTLS"
3191 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3192
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3193 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3194
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3195 clientVers := shimVers.version
3196 if clientVers > VersionTLS10 {
3197 clientVers = VersionTLS10
3198 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3199 testCases = append(testCases, testCase{
3200 protocol: protocol,
3201 testType: clientTest,
3202 name: "VersionNegotiation-Client-" + suffix,
3203 config: Config{
3204 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3205 Bugs: ProtocolBugs{
3206 ExpectInitialRecordVersion: clientVers,
3207 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3208 },
3209 flags: flags,
3210 expectedVersion: expectedVersion,
3211 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3212 testCases = append(testCases, testCase{
3213 protocol: protocol,
3214 testType: clientTest,
3215 name: "VersionNegotiation-Client2-" + suffix,
3216 config: Config{
3217 MaxVersion: runnerVers.version,
3218 Bugs: ProtocolBugs{
3219 ExpectInitialRecordVersion: clientVers,
3220 },
3221 },
3222 flags: []string{"-max-version", shimVersFlag},
3223 expectedVersion: expectedVersion,
3224 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3225
3226 testCases = append(testCases, testCase{
3227 protocol: protocol,
3228 testType: serverTest,
3229 name: "VersionNegotiation-Server-" + suffix,
3230 config: Config{
3231 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3232 Bugs: ProtocolBugs{
3233 ExpectInitialRecordVersion: expectedVersion,
3234 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3235 },
3236 flags: flags,
3237 expectedVersion: expectedVersion,
3238 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3239 testCases = append(testCases, testCase{
3240 protocol: protocol,
3241 testType: serverTest,
3242 name: "VersionNegotiation-Server2-" + suffix,
3243 config: Config{
3244 MaxVersion: runnerVers.version,
3245 Bugs: ProtocolBugs{
3246 ExpectInitialRecordVersion: expectedVersion,
3247 },
3248 },
3249 flags: []string{"-max-version", shimVersFlag},
3250 expectedVersion: expectedVersion,
3251 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3252 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3253 }
3254 }
3255}
3256
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3257func addMinimumVersionTests() {
3258 for i, shimVers := range tlsVersions {
3259 // Assemble flags to disable all older versions on the shim.
3260 var flags []string
3261 for _, vers := range tlsVersions[:i] {
3262 flags = append(flags, vers.flag)
3263 }
3264
3265 for _, runnerVers := range tlsVersions {
3266 protocols := []protocol{tls}
3267 if runnerVers.hasDTLS && shimVers.hasDTLS {
3268 protocols = append(protocols, dtls)
3269 }
3270 for _, protocol := range protocols {
3271 suffix := shimVers.name + "-" + runnerVers.name
3272 if protocol == dtls {
3273 suffix += "-DTLS"
3274 }
3275 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3276
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3277 var expectedVersion uint16
3278 var shouldFail bool
3279 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3280 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3281 if runnerVers.version >= shimVers.version {
3282 expectedVersion = runnerVers.version
3283 } else {
3284 shouldFail = true
3285 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamina565d292015-12-30 16:51:32 -0500[diff] [blame]3286 expectedLocalError = "remote error: protocol version not supported"
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3287 }
3288
3289 testCases = append(testCases, testCase{
3290 protocol: protocol,
3291 testType: clientTest,
3292 name: "MinimumVersion-Client-" + suffix,
3293 config: Config{
3294 MaxVersion: runnerVers.version,
3295 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3296 flags: flags,
3297 expectedVersion: expectedVersion,
3298 shouldFail: shouldFail,
3299 expectedError: expectedError,
3300 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3301 })
3302 testCases = append(testCases, testCase{
3303 protocol: protocol,
3304 testType: clientTest,
3305 name: "MinimumVersion-Client2-" + suffix,
3306 config: Config{
3307 MaxVersion: runnerVers.version,
3308 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3309 flags: []string{"-min-version", shimVersFlag},
3310 expectedVersion: expectedVersion,
3311 shouldFail: shouldFail,
3312 expectedError: expectedError,
3313 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3314 })
3315
3316 testCases = append(testCases, testCase{
3317 protocol: protocol,
3318 testType: serverTest,
3319 name: "MinimumVersion-Server-" + suffix,
3320 config: Config{
3321 MaxVersion: runnerVers.version,
3322 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3323 flags: flags,
3324 expectedVersion: expectedVersion,
3325 shouldFail: shouldFail,
3326 expectedError: expectedError,
3327 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3328 })
3329 testCases = append(testCases, testCase{
3330 protocol: protocol,
3331 testType: serverTest,
3332 name: "MinimumVersion-Server2-" + suffix,
3333 config: Config{
3334 MaxVersion: runnerVers.version,
3335 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3336 flags: []string{"-min-version", shimVersFlag},
3337 expectedVersion: expectedVersion,
3338 shouldFail: shouldFail,
3339 expectedError: expectedError,
3340 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3341 })
3342 }
3343 }
3344 }
3345}
3346
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3347func addExtensionTests() {
3348 testCases = append(testCases, testCase{
3349 testType: clientTest,
3350 name: "DuplicateExtensionClient",
3351 config: Config{
3352 Bugs: ProtocolBugs{
3353 DuplicateExtension: true,
3354 },
3355 },
3356 shouldFail: true,
3357 expectedLocalError: "remote error: error decoding message",
3358 })
3359 testCases = append(testCases, testCase{
3360 testType: serverTest,
3361 name: "DuplicateExtensionServer",
3362 config: Config{
3363 Bugs: ProtocolBugs{
3364 DuplicateExtension: true,
3365 },
3366 },
3367 shouldFail: true,
3368 expectedLocalError: "remote error: error decoding message",
3369 })
3370 testCases = append(testCases, testCase{
3371 testType: clientTest,
3372 name: "ServerNameExtensionClient",
3373 config: Config{
3374 Bugs: ProtocolBugs{
3375 ExpectServerName: "example.com",
3376 },
3377 },
3378 flags: []string{"-host-name", "example.com"},
3379 })
3380 testCases = append(testCases, testCase{
3381 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3382 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3383 config: Config{
3384 Bugs: ProtocolBugs{
3385 ExpectServerName: "mismatch.com",
3386 },
3387 },
3388 flags: []string{"-host-name", "example.com"},
3389 shouldFail: true,
3390 expectedLocalError: "tls: unexpected server name",
3391 })
3392 testCases = append(testCases, testCase{
3393 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3394 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3395 config: Config{
3396 Bugs: ProtocolBugs{
3397 ExpectServerName: "missing.com",
3398 },
3399 },
3400 shouldFail: true,
3401 expectedLocalError: "tls: unexpected server name",
3402 })
3403 testCases = append(testCases, testCase{
3404 testType: serverTest,
3405 name: "ServerNameExtensionServer",
3406 config: Config{
3407 ServerName: "example.com",
3408 },
3409 flags: []string{"-expect-server-name", "example.com"},
3410 resumeSession: true,
3411 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3412 testCases = append(testCases, testCase{
3413 testType: clientTest,
3414 name: "ALPNClient",
3415 config: Config{
3416 NextProtos: []string{"foo"},
3417 },
3418 flags: []string{
3419 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3420 "-expect-alpn", "foo",
3421 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3422 expectedNextProto: "foo",
3423 expectedNextProtoType: alpn,
3424 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3425 })
3426 testCases = append(testCases, testCase{
3427 testType: serverTest,
3428 name: "ALPNServer",
3429 config: Config{
3430 NextProtos: []string{"foo", "bar", "baz"},
3431 },
3432 flags: []string{
3433 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3434 "-select-alpn", "foo",
3435 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3436 expectedNextProto: "foo",
3437 expectedNextProtoType: alpn,
3438 resumeSession: true,
3439 })
3440 // Test that the server prefers ALPN over NPN.
3441 testCases = append(testCases, testCase{
3442 testType: serverTest,
3443 name: "ALPNServer-Preferred",
3444 config: Config{
3445 NextProtos: []string{"foo", "bar", "baz"},
3446 },
3447 flags: []string{
3448 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3449 "-select-alpn", "foo",
3450 "-advertise-npn", "\x03foo\x03bar\x03baz",
3451 },
3452 expectedNextProto: "foo",
3453 expectedNextProtoType: alpn,
3454 resumeSession: true,
3455 })
3456 testCases = append(testCases, testCase{
3457 testType: serverTest,
3458 name: "ALPNServer-Preferred-Swapped",
3459 config: Config{
3460 NextProtos: []string{"foo", "bar", "baz"},
3461 Bugs: ProtocolBugs{
3462 SwapNPNAndALPN: true,
3463 },
3464 },
3465 flags: []string{
3466 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3467 "-select-alpn", "foo",
3468 "-advertise-npn", "\x03foo\x03bar\x03baz",
3469 },
3470 expectedNextProto: "foo",
3471 expectedNextProtoType: alpn,
3472 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3473 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3474 var emptyString string
3475 testCases = append(testCases, testCase{
3476 testType: clientTest,
3477 name: "ALPNClient-EmptyProtocolName",
3478 config: Config{
3479 NextProtos: []string{""},
3480 Bugs: ProtocolBugs{
3481 // A server returning an empty ALPN protocol
3482 // should be rejected.
3483 ALPNProtocol: &emptyString,
3484 },
3485 },
3486 flags: []string{
3487 "-advertise-alpn", "\x03foo",
3488 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3489 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3490 expectedError: ":PARSE_TLSEXT:",
3491 })
3492 testCases = append(testCases, testCase{
3493 testType: serverTest,
3494 name: "ALPNServer-EmptyProtocolName",
3495 config: Config{
3496 // A ClientHello containing an empty ALPN protocol
3497 // should be rejected.
3498 NextProtos: []string{"foo", "", "baz"},
3499 },
3500 flags: []string{
3501 "-select-alpn", "foo",
3502 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3503 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3504 expectedError: ":PARSE_TLSEXT:",
3505 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3506 // Test that negotiating both NPN and ALPN is forbidden.
3507 testCases = append(testCases, testCase{
3508 name: "NegotiateALPNAndNPN",
3509 config: Config{
3510 NextProtos: []string{"foo", "bar", "baz"},
3511 Bugs: ProtocolBugs{
3512 NegotiateALPNAndNPN: true,
3513 },
3514 },
3515 flags: []string{
3516 "-advertise-alpn", "\x03foo",
3517 "-select-next-proto", "foo",
3518 },
3519 shouldFail: true,
3520 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3521 })
3522 testCases = append(testCases, testCase{
3523 name: "NegotiateALPNAndNPN-Swapped",
3524 config: Config{
3525 NextProtos: []string{"foo", "bar", "baz"},
3526 Bugs: ProtocolBugs{
3527 NegotiateALPNAndNPN: true,
3528 SwapNPNAndALPN: true,
3529 },
3530 },
3531 flags: []string{
3532 "-advertise-alpn", "\x03foo",
3533 "-select-next-proto", "foo",
3534 },
3535 shouldFail: true,
3536 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3537 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3538 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3539 testCases = append(testCases, testCase{
3540 name: "DisableNPN",
3541 config: Config{
3542 NextProtos: []string{"foo"},
3543 },
3544 flags: []string{
3545 "-select-next-proto", "foo",
3546 "-disable-npn",
3547 },
3548 expectNoNextProto: true,
3549 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3550 // Resume with a corrupt ticket.
3551 testCases = append(testCases, testCase{
3552 testType: serverTest,
3553 name: "CorruptTicket",
3554 config: Config{
3555 Bugs: ProtocolBugs{
3556 CorruptTicket: true,
3557 },
3558 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3559 resumeSession: true,
3560 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3561 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3562 // Test the ticket callback, with and without renewal.
3563 testCases = append(testCases, testCase{
3564 testType: serverTest,
3565 name: "TicketCallback",
3566 resumeSession: true,
3567 flags: []string{"-use-ticket-callback"},
3568 })
3569 testCases = append(testCases, testCase{
3570 testType: serverTest,
3571 name: "TicketCallback-Renew",
3572 config: Config{
3573 Bugs: ProtocolBugs{
3574 ExpectNewTicket: true,
3575 },
3576 },
3577 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3578 resumeSession: true,
3579 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3580 // Resume with an oversized session id.
3581 testCases = append(testCases, testCase{
3582 testType: serverTest,
3583 name: "OversizedSessionId",
3584 config: Config{
3585 Bugs: ProtocolBugs{
3586 OversizedSessionId: true,
3587 },
3588 },
3589 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3590 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3591 expectedError: ":DECODE_ERROR:",
3592 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3593 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3594 // are ignored.
3595 testCases = append(testCases, testCase{
3596 protocol: dtls,
3597 name: "SRTP-Client",
3598 config: Config{
3599 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3600 },
3601 flags: []string{
3602 "-srtp-profiles",
3603 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3604 },
3605 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3606 })
3607 testCases = append(testCases, testCase{
3608 protocol: dtls,
3609 testType: serverTest,
3610 name: "SRTP-Server",
3611 config: Config{
3612 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3613 },
3614 flags: []string{
3615 "-srtp-profiles",
3616 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3617 },
3618 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3619 })
3620 // Test that the MKI is ignored.
3621 testCases = append(testCases, testCase{
3622 protocol: dtls,
3623 testType: serverTest,
3624 name: "SRTP-Server-IgnoreMKI",
3625 config: Config{
3626 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3627 Bugs: ProtocolBugs{
3628 SRTPMasterKeyIdentifer: "bogus",
3629 },
3630 },
3631 flags: []string{
3632 "-srtp-profiles",
3633 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3634 },
3635 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3636 })
3637 // Test that SRTP isn't negotiated on the server if there were
3638 // no matching profiles.
3639 testCases = append(testCases, testCase{
3640 protocol: dtls,
3641 testType: serverTest,
3642 name: "SRTP-Server-NoMatch",
3643 config: Config{
3644 SRTPProtectionProfiles: []uint16{100, 101, 102},
3645 },
3646 flags: []string{
3647 "-srtp-profiles",
3648 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3649 },
3650 expectedSRTPProtectionProfile: 0,
3651 })
3652 // Test that the server returning an invalid SRTP profile is
3653 // flagged as an error by the client.
3654 testCases = append(testCases, testCase{
3655 protocol: dtls,
3656 name: "SRTP-Client-NoMatch",
3657 config: Config{
3658 Bugs: ProtocolBugs{
3659 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3660 },
3661 },
3662 flags: []string{
3663 "-srtp-profiles",
3664 "SRTP_AES128_CM_SHA1_80",
3665 },
3666 shouldFail: true,
3667 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3668 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3669 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3670 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3671 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3672 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3673 flags: []string{
3674 "-enable-signed-cert-timestamps",
3675 "-expect-signed-cert-timestamps",
3676 base64.StdEncoding.EncodeToString(testSCTList),
3677 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3678 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3679 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3680 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3681 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3682 testType: serverTest,
3683 flags: []string{
3684 "-signed-cert-timestamps",
3685 base64.StdEncoding.EncodeToString(testSCTList),
3686 },
3687 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3688 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3689 })
3690 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3691 testType: clientTest,
3692 name: "ClientHelloPadding",
3693 config: Config{
3694 Bugs: ProtocolBugs{
3695 RequireClientHelloSize: 512,
3696 },
3697 },
3698 // This hostname just needs to be long enough to push the
3699 // ClientHello into F5's danger zone between 256 and 511 bytes
3700 // long.
3701 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3702 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]3703
3704 // Extensions should not function in SSL 3.0.
3705 testCases = append(testCases, testCase{
3706 testType: serverTest,
3707 name: "SSLv3Extensions-NoALPN",
3708 config: Config{
3709 MaxVersion: VersionSSL30,
3710 NextProtos: []string{"foo", "bar", "baz"},
3711 },
3712 flags: []string{
3713 "-select-alpn", "foo",
3714 },
3715 expectNoNextProto: true,
3716 })
3717
3718 // Test session tickets separately as they follow a different codepath.
3719 testCases = append(testCases, testCase{
3720 testType: serverTest,
3721 name: "SSLv3Extensions-NoTickets",
3722 config: Config{
3723 MaxVersion: VersionSSL30,
3724 Bugs: ProtocolBugs{
3725 // Historically, session tickets in SSL 3.0
3726 // failed in different ways depending on whether
3727 // the client supported renegotiation_info.
3728 NoRenegotiationInfo: true,
3729 },
3730 },
3731 resumeSession: true,
3732 })
3733 testCases = append(testCases, testCase{
3734 testType: serverTest,
3735 name: "SSLv3Extensions-NoTickets2",
3736 config: Config{
3737 MaxVersion: VersionSSL30,
3738 },
3739 resumeSession: true,
3740 })
3741
3742 // But SSL 3.0 does send and process renegotiation_info.
3743 testCases = append(testCases, testCase{
3744 testType: serverTest,
3745 name: "SSLv3Extensions-RenegotiationInfo",
3746 config: Config{
3747 MaxVersion: VersionSSL30,
3748 Bugs: ProtocolBugs{
3749 RequireRenegotiationInfo: true,
3750 },
3751 },
3752 })
3753 testCases = append(testCases, testCase{
3754 testType: serverTest,
3755 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
3756 config: Config{
3757 MaxVersion: VersionSSL30,
3758 Bugs: ProtocolBugs{
3759 NoRenegotiationInfo: true,
3760 SendRenegotiationSCSV: true,
3761 RequireRenegotiationInfo: true,
3762 },
3763 },
3764 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3765}
3766
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3767func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3768 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3769 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3770 protocols := []protocol{tls}
3771 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3772 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3773 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3774 for _, protocol := range protocols {
3775 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3776 if protocol == dtls {
3777 suffix += "-DTLS"
3778 }
3779
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3780 if sessionVers.version == resumeVers.version {
3781 testCases = append(testCases, testCase{
3782 protocol: protocol,
3783 name: "Resume-Client" + suffix,
3784 resumeSession: true,
3785 config: Config{
3786 MaxVersion: sessionVers.version,
3787 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3788 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3789 expectedVersion: sessionVers.version,
3790 expectedResumeVersion: resumeVers.version,
3791 })
3792 } else {
3793 testCases = append(testCases, testCase{
3794 protocol: protocol,
3795 name: "Resume-Client-Mismatch" + suffix,
3796 resumeSession: true,
3797 config: Config{
3798 MaxVersion: sessionVers.version,
3799 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3800 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3801 expectedVersion: sessionVers.version,
3802 resumeConfig: &Config{
3803 MaxVersion: resumeVers.version,
3804 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3805 Bugs: ProtocolBugs{
3806 AllowSessionVersionMismatch: true,
3807 },
3808 },
3809 expectedResumeVersion: resumeVers.version,
3810 shouldFail: true,
3811 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3812 })
3813 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3814
3815 testCases = append(testCases, testCase{
3816 protocol: protocol,
3817 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3818 resumeSession: true,
3819 config: Config{
3820 MaxVersion: sessionVers.version,
3821 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3822 },
3823 expectedVersion: sessionVers.version,
3824 resumeConfig: &Config{
3825 MaxVersion: resumeVers.version,
3826 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3827 },
3828 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3829 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3830 expectedResumeVersion: resumeVers.version,
3831 })
3832
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3833 testCases = append(testCases, testCase{
3834 protocol: protocol,
3835 testType: serverTest,
3836 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3837 resumeSession: true,
3838 config: Config{
3839 MaxVersion: sessionVers.version,
3840 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3841 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3842 expectedVersion: sessionVers.version,
3843 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3844 resumeConfig: &Config{
3845 MaxVersion: resumeVers.version,
3846 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3847 },
3848 expectedResumeVersion: resumeVers.version,
3849 })
3850 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3851 }
3852 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3853
3854 testCases = append(testCases, testCase{
3855 name: "Resume-Client-CipherMismatch",
3856 resumeSession: true,
3857 config: Config{
3858 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3859 },
3860 resumeConfig: &Config{
3861 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3862 Bugs: ProtocolBugs{
3863 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3864 },
3865 },
3866 shouldFail: true,
3867 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3868 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3869}
3870
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3871func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3872 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3873 testCases = append(testCases, testCase{
3874 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3875 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3876 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3877 shouldFail: true,
3878 expectedError: ":NO_RENEGOTIATION:",
3879 expectedLocalError: "remote error: no renegotiation",
3880 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3881 // The server shouldn't echo the renegotiation extension unless
3882 // requested by the client.
3883 testCases = append(testCases, testCase{
3884 testType: serverTest,
3885 name: "Renegotiate-Server-NoExt",
3886 config: Config{
3887 Bugs: ProtocolBugs{
3888 NoRenegotiationInfo: true,
3889 RequireRenegotiationInfo: true,
3890 },
3891 },
3892 shouldFail: true,
3893 expectedLocalError: "renegotiation extension missing",
3894 })
3895 // The renegotiation SCSV should be sufficient for the server to echo
3896 // the extension.
3897 testCases = append(testCases, testCase{
3898 testType: serverTest,
3899 name: "Renegotiate-Server-NoExt-SCSV",
3900 config: Config{
3901 Bugs: ProtocolBugs{
3902 NoRenegotiationInfo: true,
3903 SendRenegotiationSCSV: true,
3904 RequireRenegotiationInfo: true,
3905 },
3906 },
3907 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3908 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3909 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3910 config: Config{
3911 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3912 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3913 },
3914 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3915 renegotiate: 1,
3916 flags: []string{
3917 "-renegotiate-freely",
3918 "-expect-total-renegotiations", "1",
3919 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3920 })
3921 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3922 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3923 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3924 config: Config{
3925 Bugs: ProtocolBugs{
3926 EmptyRenegotiationInfo: true,
3927 },
3928 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3929 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3930 shouldFail: true,
3931 expectedError: ":RENEGOTIATION_MISMATCH:",
3932 })
3933 testCases = append(testCases, testCase{
3934 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3935 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3936 config: Config{
3937 Bugs: ProtocolBugs{
3938 BadRenegotiationInfo: true,
3939 },
3940 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3941 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3942 shouldFail: true,
3943 expectedError: ":RENEGOTIATION_MISMATCH:",
3944 })
3945 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]3946 name: "Renegotiate-Client-Downgrade",
3947 renegotiate: 1,
3948 config: Config{
3949 Bugs: ProtocolBugs{
3950 NoRenegotiationInfoAfterInitial: true,
3951 },
3952 },
3953 flags: []string{"-renegotiate-freely"},
3954 shouldFail: true,
3955 expectedError: ":RENEGOTIATION_MISMATCH:",
3956 })
3957 testCases = append(testCases, testCase{
3958 name: "Renegotiate-Client-Upgrade",
3959 renegotiate: 1,
3960 config: Config{
3961 Bugs: ProtocolBugs{
3962 NoRenegotiationInfoInInitial: true,
3963 },
3964 },
3965 flags: []string{"-renegotiate-freely"},
3966 shouldFail: true,
3967 expectedError: ":RENEGOTIATION_MISMATCH:",
3968 })
3969 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3970 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3971 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3972 config: Config{
3973 Bugs: ProtocolBugs{
3974 NoRenegotiationInfo: true,
3975 },
3976 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3977 flags: []string{
3978 "-renegotiate-freely",
3979 "-expect-total-renegotiations", "1",
3980 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3981 })
3982 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3983 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3984 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3985 config: Config{
3986 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3987 },
3988 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3989 flags: []string{
3990 "-renegotiate-freely",
3991 "-expect-total-renegotiations", "1",
3992 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3993 })
3994 testCases = append(testCases, testCase{
3995 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3996 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3997 config: Config{
3998 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3999 },
4000 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4001 flags: []string{
4002 "-renegotiate-freely",
4003 "-expect-total-renegotiations", "1",
4004 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4005 })
4006 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4007 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4008 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4009 config: Config{
4010 MaxVersion: VersionTLS10,
4011 Bugs: ProtocolBugs{
4012 RequireSameRenegoClientVersion: true,
4013 },
4014 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4015 flags: []string{
4016 "-renegotiate-freely",
4017 "-expect-total-renegotiations", "1",
4018 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4019 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4020 testCases = append(testCases, testCase{
4021 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4022 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4023 config: Config{
4024 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4025 NextProtos: []string{"foo"},
4026 },
4027 flags: []string{
4028 "-false-start",
4029 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4030 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]4031 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4032 },
4033 shimWritesFirst: true,
4034 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4035
4036 // Client-side renegotiation controls.
4037 testCases = append(testCases, testCase{
4038 name: "Renegotiate-Client-Forbidden-1",
4039 renegotiate: 1,
4040 shouldFail: true,
4041 expectedError: ":NO_RENEGOTIATION:",
4042 expectedLocalError: "remote error: no renegotiation",
4043 })
4044 testCases = append(testCases, testCase{
4045 name: "Renegotiate-Client-Once-1",
4046 renegotiate: 1,
4047 flags: []string{
4048 "-renegotiate-once",
4049 "-expect-total-renegotiations", "1",
4050 },
4051 })
4052 testCases = append(testCases, testCase{
4053 name: "Renegotiate-Client-Freely-1",
4054 renegotiate: 1,
4055 flags: []string{
4056 "-renegotiate-freely",
4057 "-expect-total-renegotiations", "1",
4058 },
4059 })
4060 testCases = append(testCases, testCase{
4061 name: "Renegotiate-Client-Once-2",
4062 renegotiate: 2,
4063 flags: []string{"-renegotiate-once"},
4064 shouldFail: true,
4065 expectedError: ":NO_RENEGOTIATION:",
4066 expectedLocalError: "remote error: no renegotiation",
4067 })
4068 testCases = append(testCases, testCase{
4069 name: "Renegotiate-Client-Freely-2",
4070 renegotiate: 2,
4071 flags: []string{
4072 "-renegotiate-freely",
4073 "-expect-total-renegotiations", "2",
4074 },
4075 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4076 testCases = append(testCases, testCase{
4077 name: "Renegotiate-Client-NoIgnore",
4078 config: Config{
4079 Bugs: ProtocolBugs{
4080 SendHelloRequestBeforeEveryAppDataRecord: true,
4081 },
4082 },
4083 shouldFail: true,
4084 expectedError: ":NO_RENEGOTIATION:",
4085 })
4086 testCases = append(testCases, testCase{
4087 name: "Renegotiate-Client-Ignore",
4088 config: Config{
4089 Bugs: ProtocolBugs{
4090 SendHelloRequestBeforeEveryAppDataRecord: true,
4091 },
4092 },
4093 flags: []string{
4094 "-renegotiate-ignore",
4095 "-expect-total-renegotiations", "0",
4096 },
4097 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4098}
4099
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4100func addDTLSReplayTests() {
4101 // Test that sequence number replays are detected.
4102 testCases = append(testCases, testCase{
4103 protocol: dtls,
4104 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4105 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4106 replayWrites: true,
4107 })
4108
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4109 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4110 // than the retransmit window.
4111 testCases = append(testCases, testCase{
4112 protocol: dtls,
4113 name: "DTLS-Replay-LargeGaps",
4114 config: Config{
4115 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4116 SequenceNumberMapping: func(in uint64) uint64 {
4117 return in * 127
4118 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4119 },
4120 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4121 messageCount: 200,
4122 replayWrites: true,
4123 })
4124
4125 // Test the incoming sequence number changing non-monotonically.
4126 testCases = append(testCases, testCase{
4127 protocol: dtls,
4128 name: "DTLS-Replay-NonMonotonic",
4129 config: Config{
4130 Bugs: ProtocolBugs{
4131 SequenceNumberMapping: func(in uint64) uint64 {
4132 return in ^ 31
4133 },
4134 },
4135 },
4136 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4137 replayWrites: true,
4138 })
4139}
4140
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4141var testHashes = []struct {
4142 name string
4143 id uint8
4144}{
4145 {"SHA1", hashSHA1},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4146 {"SHA256", hashSHA256},
4147 {"SHA384", hashSHA384},
4148 {"SHA512", hashSHA512},
4149}
4150
4151func addSigningHashTests() {
4152 // Make sure each hash works. Include some fake hashes in the list and
4153 // ensure they're ignored.
4154 for _, hash := range testHashes {
4155 testCases = append(testCases, testCase{
4156 name: "SigningHash-ClientAuth-" + hash.name,
4157 config: Config{
4158 ClientAuth: RequireAnyClientCert,
4159 SignatureAndHashes: []signatureAndHash{
4160 {signatureRSA, 42},
4161 {signatureRSA, hash.id},
4162 {signatureRSA, 255},
4163 },
4164 },
4165 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4166 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4167 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4168 },
4169 })
4170
4171 testCases = append(testCases, testCase{
4172 testType: serverTest,
4173 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
4174 config: Config{
4175 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4176 SignatureAndHashes: []signatureAndHash{
4177 {signatureRSA, 42},
4178 {signatureRSA, hash.id},
4179 {signatureRSA, 255},
4180 },
4181 },
4182 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4183
4184 testCases = append(testCases, testCase{
4185 name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
4186 config: Config{
4187 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4188 SignatureAndHashes: []signatureAndHash{
4189 {signatureRSA, 42},
4190 {signatureRSA, hash.id},
4191 {signatureRSA, 255},
4192 },
4193 },
4194 flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
4195 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4196 }
4197
4198 // Test that hash resolution takes the signature type into account.
4199 testCases = append(testCases, testCase{
4200 name: "SigningHash-ClientAuth-SignatureType",
4201 config: Config{
4202 ClientAuth: RequireAnyClientCert,
4203 SignatureAndHashes: []signatureAndHash{
4204 {signatureECDSA, hashSHA512},
4205 {signatureRSA, hashSHA384},
4206 {signatureECDSA, hashSHA1},
4207 },
4208 },
4209 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4210 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4211 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4212 },
4213 })
4214
4215 testCases = append(testCases, testCase{
4216 testType: serverTest,
4217 name: "SigningHash-ServerKeyExchange-SignatureType",
4218 config: Config{
4219 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4220 SignatureAndHashes: []signatureAndHash{
4221 {signatureECDSA, hashSHA512},
4222 {signatureRSA, hashSHA384},
4223 {signatureECDSA, hashSHA1},
4224 },
4225 },
4226 })
4227
4228 // Test that, if the list is missing, the peer falls back to SHA-1.
4229 testCases = append(testCases, testCase{
4230 name: "SigningHash-ClientAuth-Fallback",
4231 config: Config{
4232 ClientAuth: RequireAnyClientCert,
4233 SignatureAndHashes: []signatureAndHash{
4234 {signatureRSA, hashSHA1},
4235 },
4236 Bugs: ProtocolBugs{
4237 NoSignatureAndHashes: true,
4238 },
4239 },
4240 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4241 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4242 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4243 },
4244 })
4245
4246 testCases = append(testCases, testCase{
4247 testType: serverTest,
4248 name: "SigningHash-ServerKeyExchange-Fallback",
4249 config: Config{
4250 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4251 SignatureAndHashes: []signatureAndHash{
4252 {signatureRSA, hashSHA1},
4253 },
4254 Bugs: ProtocolBugs{
4255 NoSignatureAndHashes: true,
4256 },
4257 },
4258 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4259
4260 // Test that hash preferences are enforced. BoringSSL defaults to
4261 // rejecting MD5 signatures.
4262 testCases = append(testCases, testCase{
4263 testType: serverTest,
4264 name: "SigningHash-ClientAuth-Enforced",
4265 config: Config{
4266 Certificates: []Certificate{rsaCertificate},
4267 SignatureAndHashes: []signatureAndHash{
4268 {signatureRSA, hashMD5},
4269 // Advertise SHA-1 so the handshake will
4270 // proceed, but the shim's preferences will be
4271 // ignored in CertificateVerify generation, so
4272 // MD5 will be chosen.
4273 {signatureRSA, hashSHA1},
4274 },
4275 Bugs: ProtocolBugs{
4276 IgnorePeerSignatureAlgorithmPreferences: true,
4277 },
4278 },
4279 flags: []string{"-require-any-client-certificate"},
4280 shouldFail: true,
4281 expectedError: ":WRONG_SIGNATURE_TYPE:",
4282 })
4283
4284 testCases = append(testCases, testCase{
4285 name: "SigningHash-ServerKeyExchange-Enforced",
4286 config: Config{
4287 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4288 SignatureAndHashes: []signatureAndHash{
4289 {signatureRSA, hashMD5},
4290 },
4291 Bugs: ProtocolBugs{
4292 IgnorePeerSignatureAlgorithmPreferences: true,
4293 },
4294 },
4295 shouldFail: true,
4296 expectedError: ":WRONG_SIGNATURE_TYPE:",
4297 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4298
4299 // Test that the agreed upon digest respects the client preferences and
4300 // the server digests.
4301 testCases = append(testCases, testCase{
4302 name: "Agree-Digest-Fallback",
4303 config: Config{
4304 ClientAuth: RequireAnyClientCert,
4305 SignatureAndHashes: []signatureAndHash{
4306 {signatureRSA, hashSHA512},
4307 {signatureRSA, hashSHA1},
4308 },
4309 },
4310 flags: []string{
4311 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4312 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4313 },
4314 digestPrefs: "SHA256",
4315 expectedClientCertSignatureHash: hashSHA1,
4316 })
4317 testCases = append(testCases, testCase{
4318 name: "Agree-Digest-SHA256",
4319 config: Config{
4320 ClientAuth: RequireAnyClientCert,
4321 SignatureAndHashes: []signatureAndHash{
4322 {signatureRSA, hashSHA1},
4323 {signatureRSA, hashSHA256},
4324 },
4325 },
4326 flags: []string{
4327 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4328 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4329 },
4330 digestPrefs: "SHA256,SHA1",
4331 expectedClientCertSignatureHash: hashSHA256,
4332 })
4333 testCases = append(testCases, testCase{
4334 name: "Agree-Digest-SHA1",
4335 config: Config{
4336 ClientAuth: RequireAnyClientCert,
4337 SignatureAndHashes: []signatureAndHash{
4338 {signatureRSA, hashSHA1},
4339 },
4340 },
4341 flags: []string{
4342 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4343 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4344 },
4345 digestPrefs: "SHA512,SHA256,SHA1",
4346 expectedClientCertSignatureHash: hashSHA1,
4347 })
4348 testCases = append(testCases, testCase{
4349 name: "Agree-Digest-Default",
4350 config: Config{
4351 ClientAuth: RequireAnyClientCert,
4352 SignatureAndHashes: []signatureAndHash{
4353 {signatureRSA, hashSHA256},
4354 {signatureECDSA, hashSHA256},
4355 {signatureRSA, hashSHA1},
4356 {signatureECDSA, hashSHA1},
4357 },
4358 },
4359 flags: []string{
4360 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4361 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4362 },
4363 expectedClientCertSignatureHash: hashSHA256,
4364 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4365}
4366
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4367// timeouts is the retransmit schedule for BoringSSL. It doubles and
4368// caps at 60 seconds. On the 13th timeout, it gives up.
4369var timeouts = []time.Duration{
4370 1 * time.Second,
4371 2 * time.Second,
4372 4 * time.Second,
4373 8 * time.Second,
4374 16 * time.Second,
4375 32 * time.Second,
4376 60 * time.Second,
4377 60 * time.Second,
4378 60 * time.Second,
4379 60 * time.Second,
4380 60 * time.Second,
4381 60 * time.Second,
4382 60 * time.Second,
4383}
4384
4385func addDTLSRetransmitTests() {
4386 // Test that this is indeed the timeout schedule. Stress all
4387 // four patterns of handshake.
4388 for i := 1; i < len(timeouts); i++ {
4389 number := strconv.Itoa(i)
4390 testCases = append(testCases, testCase{
4391 protocol: dtls,
4392 name: "DTLS-Retransmit-Client-" + number,
4393 config: Config{
4394 Bugs: ProtocolBugs{
4395 TimeoutSchedule: timeouts[:i],
4396 },
4397 },
4398 resumeSession: true,
4399 flags: []string{"-async"},
4400 })
4401 testCases = append(testCases, testCase{
4402 protocol: dtls,
4403 testType: serverTest,
4404 name: "DTLS-Retransmit-Server-" + number,
4405 config: Config{
4406 Bugs: ProtocolBugs{
4407 TimeoutSchedule: timeouts[:i],
4408 },
4409 },
4410 resumeSession: true,
4411 flags: []string{"-async"},
4412 })
4413 }
4414
4415 // Test that exceeding the timeout schedule hits a read
4416 // timeout.
4417 testCases = append(testCases, testCase{
4418 protocol: dtls,
4419 name: "DTLS-Retransmit-Timeout",
4420 config: Config{
4421 Bugs: ProtocolBugs{
4422 TimeoutSchedule: timeouts,
4423 },
4424 },
4425 resumeSession: true,
4426 flags: []string{"-async"},
4427 shouldFail: true,
4428 expectedError: ":READ_TIMEOUT_EXPIRED:",
4429 })
4430
4431 // Test that timeout handling has a fudge factor, due to API
4432 // problems.
4433 testCases = append(testCases, testCase{
4434 protocol: dtls,
4435 name: "DTLS-Retransmit-Fudge",
4436 config: Config{
4437 Bugs: ProtocolBugs{
4438 TimeoutSchedule: []time.Duration{
4439 timeouts[0] - 10*time.Millisecond,
4440 },
4441 },
4442 },
4443 resumeSession: true,
4444 flags: []string{"-async"},
4445 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]4446
4447 // Test that the final Finished retransmitting isn't
4448 // duplicated if the peer badly fragments everything.
4449 testCases = append(testCases, testCase{
4450 testType: serverTest,
4451 protocol: dtls,
4452 name: "DTLS-Retransmit-Fragmented",
4453 config: Config{
4454 Bugs: ProtocolBugs{
4455 TimeoutSchedule: []time.Duration{timeouts[0]},
4456 MaxHandshakeRecordLength: 2,
4457 },
4458 },
4459 flags: []string{"-async"},
4460 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4461}
4462
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4463func addExportKeyingMaterialTests() {
4464 for _, vers := range tlsVersions {
4465 if vers.version == VersionSSL30 {
4466 continue
4467 }
4468 testCases = append(testCases, testCase{
4469 name: "ExportKeyingMaterial-" + vers.name,
4470 config: Config{
4471 MaxVersion: vers.version,
4472 },
4473 exportKeyingMaterial: 1024,
4474 exportLabel: "label",
4475 exportContext: "context",
4476 useExportContext: true,
4477 })
4478 testCases = append(testCases, testCase{
4479 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4480 config: Config{
4481 MaxVersion: vers.version,
4482 },
4483 exportKeyingMaterial: 1024,
4484 })
4485 testCases = append(testCases, testCase{
4486 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4487 config: Config{
4488 MaxVersion: vers.version,
4489 },
4490 exportKeyingMaterial: 1024,
4491 useExportContext: true,
4492 })
4493 testCases = append(testCases, testCase{
4494 name: "ExportKeyingMaterial-Small-" + vers.name,
4495 config: Config{
4496 MaxVersion: vers.version,
4497 },
4498 exportKeyingMaterial: 1,
4499 exportLabel: "label",
4500 exportContext: "context",
4501 useExportContext: true,
4502 })
4503 }
4504 testCases = append(testCases, testCase{
4505 name: "ExportKeyingMaterial-SSL3",
4506 config: Config{
4507 MaxVersion: VersionSSL30,
4508 },
4509 exportKeyingMaterial: 1024,
4510 exportLabel: "label",
4511 exportContext: "context",
4512 useExportContext: true,
4513 shouldFail: true,
4514 expectedError: "failed to export keying material",
4515 })
4516}
4517
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4518func addTLSUniqueTests() {
4519 for _, isClient := range []bool{false, true} {
4520 for _, isResumption := range []bool{false, true} {
4521 for _, hasEMS := range []bool{false, true} {
4522 var suffix string
4523 if isResumption {
4524 suffix = "Resume-"
4525 } else {
4526 suffix = "Full-"
4527 }
4528
4529 if hasEMS {
4530 suffix += "EMS-"
4531 } else {
4532 suffix += "NoEMS-"
4533 }
4534
4535 if isClient {
4536 suffix += "Client"
4537 } else {
4538 suffix += "Server"
4539 }
4540
4541 test := testCase{
4542 name: "TLSUnique-" + suffix,
4543 testTLSUnique: true,
4544 config: Config{
4545 Bugs: ProtocolBugs{
4546 NoExtendedMasterSecret: !hasEMS,
4547 },
4548 },
4549 }
4550
4551 if isResumption {
4552 test.resumeSession = true
4553 test.resumeConfig = &Config{
4554 Bugs: ProtocolBugs{
4555 NoExtendedMasterSecret: !hasEMS,
4556 },
4557 }
4558 }
4559
4560 if isResumption && !hasEMS {
4561 test.shouldFail = true
4562 test.expectedError = "failed to get tls-unique"
4563 }
4564
4565 testCases = append(testCases, test)
4566 }
4567 }
4568 }
4569}
4570
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4571func addCustomExtensionTests() {
4572 expectedContents := "custom extension"
4573 emptyString := ""
4574
4575 for _, isClient := range []bool{false, true} {
4576 suffix := "Server"
4577 flag := "-enable-server-custom-extension"
4578 testType := serverTest
4579 if isClient {
4580 suffix = "Client"
4581 flag = "-enable-client-custom-extension"
4582 testType = clientTest
4583 }
4584
4585 testCases = append(testCases, testCase{
4586 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4587 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4588 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4589 Bugs: ProtocolBugs{
4590 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4591 ExpectedCustomExtension: &expectedContents,
4592 },
4593 },
4594 flags: []string{flag},
4595 })
4596
4597 // If the parse callback fails, the handshake should also fail.
4598 testCases = append(testCases, testCase{
4599 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4600 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4601 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4602 Bugs: ProtocolBugs{
4603 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4604 ExpectedCustomExtension: &expectedContents,
4605 },
4606 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4607 flags: []string{flag},
4608 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4609 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4610 })
4611
4612 // If the add callback fails, the handshake should also fail.
4613 testCases = append(testCases, testCase{
4614 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4615 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4616 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4617 Bugs: ProtocolBugs{
4618 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4619 ExpectedCustomExtension: &expectedContents,
4620 },
4621 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4622 flags: []string{flag, "-custom-extension-fail-add"},
4623 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4624 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4625 })
4626
4627 // If the add callback returns zero, no extension should be
4628 // added.
4629 skipCustomExtension := expectedContents
4630 if isClient {
4631 // For the case where the client skips sending the
4632 // custom extension, the server must not “echo” it.
4633 skipCustomExtension = ""
4634 }
4635 testCases = append(testCases, testCase{
4636 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4637 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4638 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4639 Bugs: ProtocolBugs{
4640 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4641 ExpectedCustomExtension: &emptyString,
4642 },
4643 },
4644 flags: []string{flag, "-custom-extension-skip"},
4645 })
4646 }
4647
4648 // The custom extension add callback should not be called if the client
4649 // doesn't send the extension.
4650 testCases = append(testCases, testCase{
4651 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4652 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4653 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4654 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4655 ExpectedCustomExtension: &emptyString,
4656 },
4657 },
4658 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
4659 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]4660
4661 // Test an unknown extension from the server.
4662 testCases = append(testCases, testCase{
4663 testType: clientTest,
4664 name: "UnknownExtension-Client",
4665 config: Config{
4666 Bugs: ProtocolBugs{
4667 CustomExtension: expectedContents,
4668 },
4669 },
4670 shouldFail: true,
4671 expectedError: ":UNEXPECTED_EXTENSION:",
4672 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4673}
4674
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4675func addRSAClientKeyExchangeTests() {
4676 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
4677 testCases = append(testCases, testCase{
4678 testType: serverTest,
4679 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
4680 config: Config{
4681 // Ensure the ClientHello version and final
4682 // version are different, to detect if the
4683 // server uses the wrong one.
4684 MaxVersion: VersionTLS11,
4685 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4686 Bugs: ProtocolBugs{
4687 BadRSAClientKeyExchange: bad,
4688 },
4689 },
4690 shouldFail: true,
4691 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
4692 })
4693 }
4694}
4695
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4696var testCurves = []struct {
4697 name string
4698 id CurveID
4699}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4700 {"P-256", CurveP256},
4701 {"P-384", CurveP384},
4702 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]4703 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4704}
4705
4706func addCurveTests() {
4707 for _, curve := range testCurves {
4708 testCases = append(testCases, testCase{
4709 name: "CurveTest-Client-" + curve.name,
4710 config: Config{
4711 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4712 CurvePreferences: []CurveID{curve.id},
4713 },
4714 flags: []string{"-enable-all-curves"},
4715 })
4716 testCases = append(testCases, testCase{
4717 testType: serverTest,
4718 name: "CurveTest-Server-" + curve.name,
4719 config: Config{
4720 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4721 CurvePreferences: []CurveID{curve.id},
4722 },
4723 flags: []string{"-enable-all-curves"},
4724 })
4725 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]4726
4727 // The server must be tolerant to bogus curves.
4728 const bogusCurve = 0x1234
4729 testCases = append(testCases, testCase{
4730 testType: serverTest,
4731 name: "UnknownCurve",
4732 config: Config{
4733 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4734 CurvePreferences: []CurveID{bogusCurve, CurveP256},
4735 },
4736 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4737}
4738
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]4739func addKeyExchangeInfoTests() {
4740 testCases = append(testCases, testCase{
4741 name: "KeyExchangeInfo-RSA-Client",
4742 config: Config{
4743 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4744 },
4745 // key.pem is a 1024-bit RSA key.
4746 flags: []string{"-expect-key-exchange-info", "1024"},
4747 })
4748 // TODO(davidben): key_exchange_info doesn't work for plain RSA on the
4749 // server. Either fix this or change the API as it's not very useful in
4750 // this case.
4751
4752 testCases = append(testCases, testCase{
4753 name: "KeyExchangeInfo-DHE-Client",
4754 config: Config{
4755 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
4756 Bugs: ProtocolBugs{
4757 // This is a 1234-bit prime number, generated
4758 // with:
4759 // openssl gendh 1234 | openssl asn1parse -i
4760 DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
4761 },
4762 },
4763 flags: []string{"-expect-key-exchange-info", "1234"},
4764 })
4765 testCases = append(testCases, testCase{
4766 testType: serverTest,
4767 name: "KeyExchangeInfo-DHE-Server",
4768 config: Config{
4769 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
4770 },
4771 // bssl_shim as a server configures a 2048-bit DHE group.
4772 flags: []string{"-expect-key-exchange-info", "2048"},
4773 })
4774
4775 testCases = append(testCases, testCase{
4776 name: "KeyExchangeInfo-ECDHE-Client",
4777 config: Config{
4778 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4779 CurvePreferences: []CurveID{CurveX25519},
4780 },
4781 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
4782 })
4783 testCases = append(testCases, testCase{
4784 testType: serverTest,
4785 name: "KeyExchangeInfo-ECDHE-Server",
4786 config: Config{
4787 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4788 CurvePreferences: []CurveID{CurveX25519},
4789 },
4790 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
4791 })
4792}
4793
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4794func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4795 defer wg.Done()
4796
4797 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4798 var err error
4799
4800 if *mallocTest < 0 {
4801 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4802 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4803 } else {
4804 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
4805 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4806 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4807 if err != nil {
4808 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
4809 }
4810 break
4811 }
4812 }
4813 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4814 statusChan <- statusMsg{test: test, err: err}
4815 }
4816}
4817
4818type statusMsg struct {
4819 test *testCase
4820 started bool
4821 err error
4822}
4823
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4824func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4825 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4826
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4827 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4828 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4829 if !*pipe {
4830 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]4831 var erase string
4832 for i := 0; i < lineLen; i++ {
4833 erase += "\b \b"
4834 }
4835 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4836 }
4837
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4838 if msg.started {
4839 started++
4840 } else {
4841 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4842
4843 if msg.err != nil {
4844 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4845 failed++
4846 testOutput.addResult(msg.test.name, "FAIL")
4847 } else {
4848 if *pipe {
4849 // Print each test instead of a status line.
4850 fmt.Printf("PASSED (%s)\n", msg.test.name)
4851 }
4852 testOutput.addResult(msg.test.name, "PASS")
4853 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4854 }
4855
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4856 if !*pipe {
4857 // Print a new status line.
4858 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4859 lineLen = len(line)
4860 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4861 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4862 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4863
4864 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4865}
4866
4867func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4868 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4869 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4870
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4871 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4872 addCipherSuiteTests()
4873 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4874 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4875 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4876 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4877 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4878 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4879 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4880 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4881 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4882 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4883 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4884 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4885 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4886 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4887 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4888 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4889 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4890 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4891 addCurveTests()
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]4892 addKeyExchangeInfoTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4893 for _, async := range []bool{false, true} {
4894 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4895 for _, protocol := range []protocol{tls, dtls} {
4896 addStateMachineCoverageTests(async, splitHandshake, protocol)
4897 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4898 }
4899 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4900
4901 var wg sync.WaitGroup
4902
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4903 statusChan := make(chan statusMsg, *numWorkers)
4904 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4905 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4906
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4907 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4908
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4909 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4910 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4911 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4912 }
4913
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4914 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4915 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4916 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4917 }
4918 }
4919
4920 close(testChan)
4921 wg.Wait()
4922 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4923 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4924
4925 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4926
4927 if *jsonOutput != "" {
4928 if err := testOutput.writeTo(*jsonOutput); err != nil {
4929 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4930 }
4931 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4932
4933 if !testOutput.allPassed {
4934 os.Exit(1)
4935 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4936}