Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 43c4d17230af10222e09380661308e3a8c72cfbc / . / ssl / test / runner / runner.go
blob: 7ada5f1b3b69a9b7aa37e87ef2b681921cf0a5ce [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1package main
2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
30 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
31 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
32 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
33 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
34 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]35 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
36 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
37 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
38 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]39)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]40
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]41const (
42 rsaCertificateFile = "cert.pem"
43 ecdsaCertificateFile = "ecdsa_cert.pem"
44)
45
46const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]47 rsaKeyFile = "key.pem"
48 ecdsaKeyFile = "ecdsa_key.pem"
49 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]50)
51
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]52var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]53var channelIDKey *ecdsa.PrivateKey
54var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]55
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]56var testOCSPResponse = []byte{1, 2, 3, 4}
57var testSCTList = []byte{5, 6, 7, 8}
58
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]59func initCertificates() {
60 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]61 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]62 if err != nil {
63 panic(err)
64 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]65 rsaCertificate.OCSPStaple = testOCSPResponse
66 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]67
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]68 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]69 if err != nil {
70 panic(err)
71 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]72 ecdsaCertificate.OCSPStaple = testOCSPResponse
73 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]74
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]75 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]76 if err != nil {
77 panic(err)
78 }
79 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
80 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
81 panic("bad key type")
82 }
83 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
84 if err != nil {
85 panic(err)
86 }
87 if channelIDKey.Curve != elliptic.P256() {
88 panic("bad curve")
89 }
90
91 channelIDBytes = make([]byte, 64)
92 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
93 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]94}
95
96var certificateOnce sync.Once
97
98func getRSACertificate() Certificate {
99 certificateOnce.Do(initCertificates)
100 return rsaCertificate
101}
102
103func getECDSACertificate() Certificate {
104 certificateOnce.Do(initCertificates)
105 return ecdsaCertificate
106}
107
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]108type testType int
109
110const (
111 clientTest testType = iota
112 serverTest
113)
114
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]115type protocol int
116
117const (
118 tls protocol = iota
119 dtls
120)
121
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]122const (
123 alpn = 1
124 npn = 2
125)
126
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]127type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]128 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]129 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]130 name string
131 config Config
132 shouldFail bool
133 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]134 // expectedLocalError, if not empty, contains a substring that must be
135 // found in the local error.
136 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]137 // expectedVersion, if non-zero, specifies the TLS version that must be
138 // negotiated.
139 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]140 // expectedResumeVersion, if non-zero, specifies the TLS version that
141 // must be negotiated on resumption. If zero, expectedVersion is used.
142 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]143 // expectedCipher, if non-zero, specifies the TLS cipher suite that
144 // should be negotiated.
145 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]146 // expectChannelID controls whether the connection should have
147 // negotiated a Channel ID with channelIDKey.
148 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]149 // expectedNextProto controls whether the connection should
150 // negotiate a next protocol via NPN or ALPN.
151 expectedNextProto string
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]152 // expectedNextProtoType, if non-zero, is the expected next
153 // protocol negotiation mechanism.
154 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]155 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
156 // should be negotiated. If zero, none should be negotiated.
157 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]158 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
159 expectedOCSPResponse []uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]160 // messageLen is the length, in bytes, of the test message that will be
161 // sent.
162 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]163 // messageCount is the number of test messages that will be sent.
164 messageCount int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]165 // certFile is the path to the certificate to use for the server.
166 certFile string
167 // keyFile is the path to the private key to use for the server.
168 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]169 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]170 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]171 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]172 // expectResumeRejected, if true, specifies that the attempted
173 // resumption must be rejected by the client. This is only valid for a
174 // serverTest.
175 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]176 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]177 // resumption. Unless newSessionsOnResume is set,
178 // SessionTicketKey, ServerSessionCache, and
179 // ClientSessionCache are copied from the initial connection's
180 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]181 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]182 // newSessionsOnResume, if true, will cause resumeConfig to
183 // use a different session resumption context.
184 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]185 // noSessionCache, if true, will cause the server to run without a
186 // session cache.
187 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]188 // sendPrefix sends a prefix on the socket before actually performing a
189 // handshake.
190 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]191 // shimWritesFirst controls whether the shim sends an initial "hello"
192 // message before doing a roundtrip with the runner.
193 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]194 // shimShutsDown, if true, runs a test where the shim shuts down the
195 // connection immediately after the handshake rather than echoing
196 // messages from the runner.
197 shimShutsDown bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]198 // renegotiate indicates the the connection should be renegotiated
199 // during the exchange.
200 renegotiate bool
201 // renegotiateCiphers is a list of ciphersuite ids that will be
202 // switched in just before renegotiation.
203 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]204 // replayWrites, if true, configures the underlying transport
205 // to replay every write it makes in DTLS tests.
206 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]207 // damageFirstWrite, if true, configures the underlying transport to
208 // damage the final byte of the first application data write.
209 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]210 // exportKeyingMaterial, if non-zero, configures the test to exchange
211 // keying material and verify they match.
212 exportKeyingMaterial int
213 exportLabel string
214 exportContext string
215 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]216 // flags, if not empty, contains a list of command-line flags that will
217 // be passed to the shim program.
218 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]219 // testTLSUnique, if true, causes the shim to send the tls-unique value
220 // which will be compared against the expected value.
221 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]222 // sendEmptyRecords is the number of consecutive empty records to send
223 // before and after the test message.
224 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]225 // sendWarningAlerts is the number of consecutive warning alerts to send
226 // before and after the test message.
227 sendWarningAlerts int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]228}
229
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]230var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]231
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]232func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]233 var connDebug *recordingConn
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]234 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]235 if *flagDebug {
236 connDebug = &recordingConn{Conn: conn}
237 conn = connDebug
238 defer func() {
239 connDebug.WriteTo(os.Stdout)
240 }()
241 }
242
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]243 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]244 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
245 conn = config.Bugs.PacketAdaptor
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]246 if test.replayWrites {
247 conn = newReplayAdaptor(conn)
248 }
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]249 }
250
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]251 if test.damageFirstWrite {
252 connDamage = newDamageAdaptor(conn)
253 conn = connDamage
254 }
255
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]256 if test.sendPrefix != "" {
257 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
258 return err
259 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]260 }
261
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]262 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]263 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]264 if test.protocol == dtls {
265 tlsConn = DTLSServer(conn, config)
266 } else {
267 tlsConn = Server(conn, config)
268 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]269 } else {
270 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]271 if test.protocol == dtls {
272 tlsConn = DTLSClient(conn, config)
273 } else {
274 tlsConn = Client(conn, config)
275 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]276 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]277 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]278
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]279 if err := tlsConn.Handshake(); err != nil {
280 return err
281 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]282
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]283 // TODO(davidben): move all per-connection expectations into a dedicated
284 // expectations struct that can be specified separately for the two
285 // legs.
286 expectedVersion := test.expectedVersion
287 if isResume && test.expectedResumeVersion != 0 {
288 expectedVersion = test.expectedResumeVersion
289 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]290 connState := tlsConn.ConnectionState()
291 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]292 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]293 }
294
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]295 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]296 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
297 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]298 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
299 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
300 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]301
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]302 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]303 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]304 if channelID == nil {
305 return fmt.Errorf("no channel ID negotiated")
306 }
307 if channelID.Curve != channelIDKey.Curve ||
308 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
309 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
310 return fmt.Errorf("incorrect channel ID")
311 }
312 }
313
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]314 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]315 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]316 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
317 }
318 }
319
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]320 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]321 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]322 return fmt.Errorf("next proto type mismatch")
323 }
324 }
325
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]326 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]327 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
328 }
329
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]330 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
331 return fmt.Errorf("OCSP Response mismatch")
332 }
333
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]334 if test.exportKeyingMaterial > 0 {
335 actual := make([]byte, test.exportKeyingMaterial)
336 if _, err := io.ReadFull(tlsConn, actual); err != nil {
337 return err
338 }
339 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
340 if err != nil {
341 return err
342 }
343 if !bytes.Equal(actual, expected) {
344 return fmt.Errorf("keying material mismatch")
345 }
346 }
347
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]348 if test.testTLSUnique {
349 var peersValue [12]byte
350 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
351 return err
352 }
353 expected := tlsConn.ConnectionState().TLSUnique
354 if !bytes.Equal(peersValue[:], expected) {
355 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
356 }
357 }
358
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]359 if test.shimWritesFirst {
360 var buf [5]byte
361 _, err := io.ReadFull(tlsConn, buf[:])
362 if err != nil {
363 return err
364 }
365 if string(buf[:]) != "hello" {
366 return fmt.Errorf("bad initial message")
367 }
368 }
369
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]370 for i := 0; i < test.sendEmptyRecords; i++ {
371 tlsConn.Write(nil)
372 }
373
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]374 for i := 0; i < test.sendWarningAlerts; i++ {
375 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
376 }
377
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]378 if test.renegotiate {
379 if test.renegotiateCiphers != nil {
380 config.CipherSuites = test.renegotiateCiphers
381 }
382 if err := tlsConn.Renegotiate(); err != nil {
383 return err
384 }
385 } else if test.renegotiateCiphers != nil {
386 panic("renegotiateCiphers without renegotiate")
387 }
388
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]389 if test.damageFirstWrite {
390 connDamage.setDamage(true)
391 tlsConn.Write([]byte("DAMAGED WRITE"))
392 connDamage.setDamage(false)
393 }
394
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]395 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]396 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]397 if test.protocol == dtls {
398 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
399 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]400 // Read until EOF.
401 _, err := io.Copy(ioutil.Discard, tlsConn)
402 return err
403 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]404 if messageLen == 0 {
405 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]406 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]407
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]408 messageCount := test.messageCount
409 if messageCount == 0 {
410 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]411 }
412
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]413 for j := 0; j < messageCount; j++ {
414 testMessage := make([]byte, messageLen)
415 for i := range testMessage {
416 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]417 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]418 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]419
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]420 for i := 0; i < test.sendEmptyRecords; i++ {
421 tlsConn.Write(nil)
422 }
423
424 for i := 0; i < test.sendWarningAlerts; i++ {
425 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
426 }
427
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]428 if test.shimShutsDown {
429 // The shim will not respond.
430 continue
431 }
432
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]433 buf := make([]byte, len(testMessage))
434 if test.protocol == dtls {
435 bufTmp := make([]byte, len(buf)+1)
436 n, err := tlsConn.Read(bufTmp)
437 if err != nil {
438 return err
439 }
440 if n != len(buf) {
441 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
442 }
443 copy(buf, bufTmp)
444 } else {
445 _, err := io.ReadFull(tlsConn, buf)
446 if err != nil {
447 return err
448 }
449 }
450
451 for i, v := range buf {
452 if v != testMessage[i]^0xff {
453 return fmt.Errorf("bad reply contents at byte %d", i)
454 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]455 }
456 }
457
458 return nil
459}
460
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]461func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
462 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]463 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]464 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]465 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]466 valgrindArgs = append(valgrindArgs, path)
467 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]468
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]469 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]470}
471
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]472func gdbOf(path string, args ...string) *exec.Cmd {
473 xtermArgs := []string{"-e", "gdb", "--args"}
474 xtermArgs = append(xtermArgs, path)
475 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]476
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]477 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]478}
479
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]480type moreMallocsError struct{}
481
482func (moreMallocsError) Error() string {
483 return "child process did not exhaust all allocation calls"
484}
485
486var errMoreMallocs = moreMallocsError{}
487
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]488// accept accepts a connection from listener, unless waitChan signals a process
489// exit first.
490func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
491 type connOrError struct {
492 conn net.Conn
493 err error
494 }
495 connChan := make(chan connOrError, 1)
496 go func() {
497 conn, err := listener.Accept()
498 connChan <- connOrError{conn, err}
499 close(connChan)
500 }()
501 select {
502 case result := <-connChan:
503 return result.conn, result.err
504 case childErr := <-waitChan:
505 waitChan <- childErr
506 return nil, fmt.Errorf("child exited early: %s", childErr)
507 }
508}
509
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]510func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]511 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
512 panic("Error expected without shouldFail in " + test.name)
513 }
514
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]515 if test.expectResumeRejected && !test.resumeSession {
516 panic("expectResumeRejected without resumeSession in " + test.name)
517 }
518
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]519 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
520 if err != nil {
521 panic(err)
522 }
523 defer func() {
524 if listener != nil {
525 listener.Close()
526 }
527 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]528
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]529 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]530 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]531 flags = append(flags, "-server")
532
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]533 flags = append(flags, "-key-file")
534 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]535 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]536 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]537 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]538 }
539
540 flags = append(flags, "-cert-file")
541 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]542 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]543 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]544 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]545 }
546 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]547
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]548 if test.protocol == dtls {
549 flags = append(flags, "-dtls")
550 }
551
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]552 if test.resumeSession {
553 flags = append(flags, "-resume")
554 }
555
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]556 if test.shimWritesFirst {
557 flags = append(flags, "-shim-writes-first")
558 }
559
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]560 if test.shimShutsDown {
561 flags = append(flags, "-shim-shuts-down")
562 }
563
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]564 if test.exportKeyingMaterial > 0 {
565 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
566 flags = append(flags, "-export-label", test.exportLabel)
567 flags = append(flags, "-export-context", test.exportContext)
568 if test.useExportContext {
569 flags = append(flags, "-use-export-context")
570 }
571 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]572 if test.expectResumeRejected {
573 flags = append(flags, "-expect-session-miss")
574 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]575
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]576 if test.testTLSUnique {
577 flags = append(flags, "-tls-unique")
578 }
579
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]580 flags = append(flags, test.flags...)
581
582 var shim *exec.Cmd
583 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]584 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]585 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]586 shim = gdbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]587 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]588 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]589 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]590 shim.Stdin = os.Stdin
591 var stdoutBuf, stderrBuf bytes.Buffer
592 shim.Stdout = &stdoutBuf
593 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]594 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]595 shim.Env = os.Environ()
596 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]597 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]598 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]599 }
600 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
601 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]602
603 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]604 panic(err)
605 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]606 waitChan := make(chan error, 1)
607 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]608
609 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]610 if !test.noSessionCache {
611 config.ClientSessionCache = NewLRUClientSessionCache(1)
612 config.ServerSessionCache = NewLRUServerSessionCache(1)
613 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]614 if test.testType == clientTest {
615 if len(config.Certificates) == 0 {
616 config.Certificates = []Certificate{getRSACertificate()}
617 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]618 } else {
619 // Supply a ServerName to ensure a constant session cache key,
620 // rather than falling back to net.Conn.RemoteAddr.
621 if len(config.ServerName) == 0 {
622 config.ServerName = "test"
623 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]624 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]625
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]626 conn, err := acceptOrWait(listener, waitChan)
627 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]628 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]629 conn.Close()
630 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]631
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]632 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]633 var resumeConfig Config
634 if test.resumeConfig != nil {
635 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]636 if len(resumeConfig.ServerName) == 0 {
637 resumeConfig.ServerName = config.ServerName
638 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]639 if len(resumeConfig.Certificates) == 0 {
640 resumeConfig.Certificates = []Certificate{getRSACertificate()}
641 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]642 if test.newSessionsOnResume {
643 if !test.noSessionCache {
644 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
645 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
646 }
647 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]648 resumeConfig.SessionTicketKey = config.SessionTicketKey
649 resumeConfig.ClientSessionCache = config.ClientSessionCache
650 resumeConfig.ServerSessionCache = config.ServerSessionCache
651 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]652 } else {
653 resumeConfig = config
654 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]655 var connResume net.Conn
656 connResume, err = acceptOrWait(listener, waitChan)
657 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]658 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]659 connResume.Close()
660 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]661 }
662
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]663 // Close the listener now. This is to avoid hangs should the shim try to
664 // open more connections than expected.
665 listener.Close()
666 listener = nil
667
668 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]669 if exitError, ok := childErr.(*exec.ExitError); ok {
670 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
671 return errMoreMallocs
672 }
673 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]674
675 stdout := string(stdoutBuf.Bytes())
676 stderr := string(stderrBuf.Bytes())
677 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]678 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]679 localError := "none"
680 if err != nil {
681 localError = err.Error()
682 }
683 if len(test.expectedLocalError) != 0 {
684 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
685 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]686
687 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]688 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689 if childErr != nil {
690 childError = childErr.Error()
691 }
692
693 var msg string
694 switch {
695 case failed && !test.shouldFail:
696 msg = "unexpected failure"
697 case !failed && test.shouldFail:
698 msg = "unexpected success"
699 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]700 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]701 default:
702 panic("internal error")
703 }
704
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]705 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]706 }
707
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]708 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]709 println(stderr)
710 }
711
712 return nil
713}
714
715var tlsVersions = []struct {
716 name string
717 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]718 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]719 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]720}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]721 {"SSL3", VersionSSL30, "-no-ssl3", false},
722 {"TLS1", VersionTLS10, "-no-tls1", true},
723 {"TLS11", VersionTLS11, "-no-tls11", false},
724 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]725}
726
727var testCipherSuites = []struct {
728 name string
729 id uint16
730}{
731 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]732 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]733 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]734 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]735 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]736 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]737 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]738 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
739 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]740 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]741 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
742 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]743 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]744 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
745 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]746 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
747 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]748 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]749 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]750 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]751 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]752 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]753 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]754 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]755 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]756 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]757 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]758 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]759 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]760 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
761 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]762 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
763 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]764 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]765 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]766 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]767}
768
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]769func hasComponent(suiteName, component string) bool {
770 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
771}
772
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]773func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]774 return hasComponent(suiteName, "GCM") ||
775 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]776 hasComponent(suiteName, "SHA384") ||
777 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]778}
779
780func isDTLSCipher(suiteName string) bool {
David Benjamine95d20d2014-12-23 11:16:01 -0500[diff] [blame]781 return !hasComponent(suiteName, "RC4")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]782}
783
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]784func bigFromHex(hex string) *big.Int {
785 ret, ok := new(big.Int).SetString(hex, 16)
786 if !ok {
787 panic("failed to parse hex number 0x" + hex)
788 }
789 return ret
790}
791
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]792func addBasicTests() {
793 basicTests := []testCase{
794 {
795 name: "BadRSASignature",
796 config: Config{
797 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
798 Bugs: ProtocolBugs{
799 InvalidSKXSignature: true,
800 },
801 },
802 shouldFail: true,
803 expectedError: ":BAD_SIGNATURE:",
804 },
805 {
806 name: "BadECDSASignature",
807 config: Config{
808 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
809 Bugs: ProtocolBugs{
810 InvalidSKXSignature: true,
811 },
812 Certificates: []Certificate{getECDSACertificate()},
813 },
814 shouldFail: true,
815 expectedError: ":BAD_SIGNATURE:",
816 },
817 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]818 testType: serverTest,
819 name: "BadRSASignature-ClientAuth",
820 config: Config{
821 Bugs: ProtocolBugs{
822 InvalidCertVerifySignature: true,
823 },
824 Certificates: []Certificate{getRSACertificate()},
825 },
826 shouldFail: true,
827 expectedError: ":BAD_SIGNATURE:",
828 flags: []string{"-require-any-client-certificate"},
829 },
830 {
831 testType: serverTest,
832 name: "BadECDSASignature-ClientAuth",
833 config: Config{
834 Bugs: ProtocolBugs{
835 InvalidCertVerifySignature: true,
836 },
837 Certificates: []Certificate{getECDSACertificate()},
838 },
839 shouldFail: true,
840 expectedError: ":BAD_SIGNATURE:",
841 flags: []string{"-require-any-client-certificate"},
842 },
843 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]844 name: "BadECDSACurve",
845 config: Config{
846 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
847 Bugs: ProtocolBugs{
848 InvalidSKXCurve: true,
849 },
850 Certificates: []Certificate{getECDSACertificate()},
851 },
852 shouldFail: true,
853 expectedError: ":WRONG_CURVE:",
854 },
855 {
856 testType: serverTest,
857 name: "BadRSAVersion",
858 config: Config{
859 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
860 Bugs: ProtocolBugs{
861 RsaClientKeyExchangeVersion: VersionTLS11,
862 },
863 },
864 shouldFail: true,
865 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
866 },
867 {
868 name: "NoFallbackSCSV",
869 config: Config{
870 Bugs: ProtocolBugs{
871 FailIfNotFallbackSCSV: true,
872 },
873 },
874 shouldFail: true,
875 expectedLocalError: "no fallback SCSV found",
876 },
877 {
878 name: "SendFallbackSCSV",
879 config: Config{
880 Bugs: ProtocolBugs{
881 FailIfNotFallbackSCSV: true,
882 },
883 },
884 flags: []string{"-fallback-scsv"},
885 },
886 {
887 name: "ClientCertificateTypes",
888 config: Config{
889 ClientAuth: RequestClientCert,
890 ClientCertificateTypes: []byte{
891 CertTypeDSSSign,
892 CertTypeRSASign,
893 CertTypeECDSASign,
894 },
895 },
896 flags: []string{
897 "-expect-certificate-types",
898 base64.StdEncoding.EncodeToString([]byte{
899 CertTypeDSSSign,
900 CertTypeRSASign,
901 CertTypeECDSASign,
902 }),
903 },
904 },
905 {
906 name: "NoClientCertificate",
907 config: Config{
908 ClientAuth: RequireAnyClientCert,
909 },
910 shouldFail: true,
911 expectedLocalError: "client didn't provide a certificate",
912 },
913 {
914 name: "UnauthenticatedECDH",
915 config: Config{
916 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
917 Bugs: ProtocolBugs{
918 UnauthenticatedECDH: true,
919 },
920 },
921 shouldFail: true,
922 expectedError: ":UNEXPECTED_MESSAGE:",
923 },
924 {
925 name: "SkipCertificateStatus",
926 config: Config{
927 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
928 Bugs: ProtocolBugs{
929 SkipCertificateStatus: true,
930 },
931 },
932 flags: []string{
933 "-enable-ocsp-stapling",
934 },
935 },
936 {
937 name: "SkipServerKeyExchange",
938 config: Config{
939 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
940 Bugs: ProtocolBugs{
941 SkipServerKeyExchange: true,
942 },
943 },
944 shouldFail: true,
945 expectedError: ":UNEXPECTED_MESSAGE:",
946 },
947 {
948 name: "SkipChangeCipherSpec-Client",
949 config: Config{
950 Bugs: ProtocolBugs{
951 SkipChangeCipherSpec: true,
952 },
953 },
954 shouldFail: true,
955 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
956 },
957 {
958 testType: serverTest,
959 name: "SkipChangeCipherSpec-Server",
960 config: Config{
961 Bugs: ProtocolBugs{
962 SkipChangeCipherSpec: true,
963 },
964 },
965 shouldFail: true,
966 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
967 },
968 {
969 testType: serverTest,
970 name: "SkipChangeCipherSpec-Server-NPN",
971 config: Config{
972 NextProtos: []string{"bar"},
973 Bugs: ProtocolBugs{
974 SkipChangeCipherSpec: true,
975 },
976 },
977 flags: []string{
978 "-advertise-npn", "\x03foo\x03bar\x03baz",
979 },
980 shouldFail: true,
981 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
982 },
983 {
984 name: "FragmentAcrossChangeCipherSpec-Client",
985 config: Config{
986 Bugs: ProtocolBugs{
987 FragmentAcrossChangeCipherSpec: true,
988 },
989 },
990 shouldFail: true,
991 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
992 },
993 {
994 testType: serverTest,
995 name: "FragmentAcrossChangeCipherSpec-Server",
996 config: Config{
997 Bugs: ProtocolBugs{
998 FragmentAcrossChangeCipherSpec: true,
999 },
1000 },
1001 shouldFail: true,
1002 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
1003 },
1004 {
1005 testType: serverTest,
1006 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1007 config: Config{
1008 NextProtos: []string{"bar"},
1009 Bugs: ProtocolBugs{
1010 FragmentAcrossChangeCipherSpec: true,
1011 },
1012 },
1013 flags: []string{
1014 "-advertise-npn", "\x03foo\x03bar\x03baz",
1015 },
1016 shouldFail: true,
1017 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
1018 },
1019 {
1020 testType: serverTest,
1021 name: "Alert",
1022 config: Config{
1023 Bugs: ProtocolBugs{
1024 SendSpuriousAlert: alertRecordOverflow,
1025 },
1026 },
1027 shouldFail: true,
1028 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1029 },
1030 {
1031 protocol: dtls,
1032 testType: serverTest,
1033 name: "Alert-DTLS",
1034 config: Config{
1035 Bugs: ProtocolBugs{
1036 SendSpuriousAlert: alertRecordOverflow,
1037 },
1038 },
1039 shouldFail: true,
1040 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1041 },
1042 {
1043 testType: serverTest,
1044 name: "FragmentAlert",
1045 config: Config{
1046 Bugs: ProtocolBugs{
1047 FragmentAlert: true,
1048 SendSpuriousAlert: alertRecordOverflow,
1049 },
1050 },
1051 shouldFail: true,
1052 expectedError: ":BAD_ALERT:",
1053 },
1054 {
1055 protocol: dtls,
1056 testType: serverTest,
1057 name: "FragmentAlert-DTLS",
1058 config: Config{
1059 Bugs: ProtocolBugs{
1060 FragmentAlert: true,
1061 SendSpuriousAlert: alertRecordOverflow,
1062 },
1063 },
1064 shouldFail: true,
1065 expectedError: ":BAD_ALERT:",
1066 },
1067 {
1068 testType: serverTest,
1069 name: "EarlyChangeCipherSpec-server-1",
1070 config: Config{
1071 Bugs: ProtocolBugs{
1072 EarlyChangeCipherSpec: 1,
1073 },
1074 },
1075 shouldFail: true,
1076 expectedError: ":CCS_RECEIVED_EARLY:",
1077 },
1078 {
1079 testType: serverTest,
1080 name: "EarlyChangeCipherSpec-server-2",
1081 config: Config{
1082 Bugs: ProtocolBugs{
1083 EarlyChangeCipherSpec: 2,
1084 },
1085 },
1086 shouldFail: true,
1087 expectedError: ":CCS_RECEIVED_EARLY:",
1088 },
1089 {
1090 name: "SkipNewSessionTicket",
1091 config: Config{
1092 Bugs: ProtocolBugs{
1093 SkipNewSessionTicket: true,
1094 },
1095 },
1096 shouldFail: true,
1097 expectedError: ":CCS_RECEIVED_EARLY:",
1098 },
1099 {
1100 testType: serverTest,
1101 name: "FallbackSCSV",
1102 config: Config{
1103 MaxVersion: VersionTLS11,
1104 Bugs: ProtocolBugs{
1105 SendFallbackSCSV: true,
1106 },
1107 },
1108 shouldFail: true,
1109 expectedError: ":INAPPROPRIATE_FALLBACK:",
1110 },
1111 {
1112 testType: serverTest,
1113 name: "FallbackSCSV-VersionMatch",
1114 config: Config{
1115 Bugs: ProtocolBugs{
1116 SendFallbackSCSV: true,
1117 },
1118 },
1119 },
1120 {
1121 testType: serverTest,
1122 name: "FragmentedClientVersion",
1123 config: Config{
1124 Bugs: ProtocolBugs{
1125 MaxHandshakeRecordLength: 1,
1126 FragmentClientVersion: true,
1127 },
1128 },
1129 expectedVersion: VersionTLS12,
1130 },
1131 {
1132 testType: serverTest,
1133 name: "MinorVersionTolerance",
1134 config: Config{
1135 Bugs: ProtocolBugs{
1136 SendClientVersion: 0x03ff,
1137 },
1138 },
1139 expectedVersion: VersionTLS12,
1140 },
1141 {
1142 testType: serverTest,
1143 name: "MajorVersionTolerance",
1144 config: Config{
1145 Bugs: ProtocolBugs{
1146 SendClientVersion: 0x0400,
1147 },
1148 },
1149 expectedVersion: VersionTLS12,
1150 },
1151 {
1152 testType: serverTest,
1153 name: "VersionTooLow",
1154 config: Config{
1155 Bugs: ProtocolBugs{
1156 SendClientVersion: 0x0200,
1157 },
1158 },
1159 shouldFail: true,
1160 expectedError: ":UNSUPPORTED_PROTOCOL:",
1161 },
1162 {
1163 testType: serverTest,
1164 name: "HttpGET",
1165 sendPrefix: "GET / HTTP/1.0\n",
1166 shouldFail: true,
1167 expectedError: ":HTTP_REQUEST:",
1168 },
1169 {
1170 testType: serverTest,
1171 name: "HttpPOST",
1172 sendPrefix: "POST / HTTP/1.0\n",
1173 shouldFail: true,
1174 expectedError: ":HTTP_REQUEST:",
1175 },
1176 {
1177 testType: serverTest,
1178 name: "HttpHEAD",
1179 sendPrefix: "HEAD / HTTP/1.0\n",
1180 shouldFail: true,
1181 expectedError: ":HTTP_REQUEST:",
1182 },
1183 {
1184 testType: serverTest,
1185 name: "HttpPUT",
1186 sendPrefix: "PUT / HTTP/1.0\n",
1187 shouldFail: true,
1188 expectedError: ":HTTP_REQUEST:",
1189 },
1190 {
1191 testType: serverTest,
1192 name: "HttpCONNECT",
1193 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1194 shouldFail: true,
1195 expectedError: ":HTTPS_PROXY_REQUEST:",
1196 },
1197 {
1198 testType: serverTest,
1199 name: "Garbage",
1200 sendPrefix: "blah",
1201 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1202 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1203 },
1204 {
1205 name: "SkipCipherVersionCheck",
1206 config: Config{
1207 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1208 MaxVersion: VersionTLS11,
1209 Bugs: ProtocolBugs{
1210 SkipCipherVersionCheck: true,
1211 },
1212 },
1213 shouldFail: true,
1214 expectedError: ":WRONG_CIPHER_RETURNED:",
1215 },
1216 {
1217 name: "RSAEphemeralKey",
1218 config: Config{
1219 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1220 Bugs: ProtocolBugs{
1221 RSAEphemeralKey: true,
1222 },
1223 },
1224 shouldFail: true,
1225 expectedError: ":UNEXPECTED_MESSAGE:",
1226 },
1227 {
1228 name: "DisableEverything",
1229 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1230 shouldFail: true,
1231 expectedError: ":WRONG_SSL_VERSION:",
1232 },
1233 {
1234 protocol: dtls,
1235 name: "DisableEverything-DTLS",
1236 flags: []string{"-no-tls12", "-no-tls1"},
1237 shouldFail: true,
1238 expectedError: ":WRONG_SSL_VERSION:",
1239 },
1240 {
1241 name: "NoSharedCipher",
1242 config: Config{
1243 CipherSuites: []uint16{},
1244 },
1245 shouldFail: true,
1246 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1247 },
1248 {
1249 protocol: dtls,
1250 testType: serverTest,
1251 name: "MTU",
1252 config: Config{
1253 Bugs: ProtocolBugs{
1254 MaxPacketLength: 256,
1255 },
1256 },
1257 flags: []string{"-mtu", "256"},
1258 },
1259 {
1260 protocol: dtls,
1261 testType: serverTest,
1262 name: "MTUExceeded",
1263 config: Config{
1264 Bugs: ProtocolBugs{
1265 MaxPacketLength: 255,
1266 },
1267 },
1268 flags: []string{"-mtu", "256"},
1269 shouldFail: true,
1270 expectedLocalError: "dtls: exceeded maximum packet length",
1271 },
1272 {
1273 name: "CertMismatchRSA",
1274 config: Config{
1275 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1276 Certificates: []Certificate{getECDSACertificate()},
1277 Bugs: ProtocolBugs{
1278 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1279 },
1280 },
1281 shouldFail: true,
1282 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1283 },
1284 {
1285 name: "CertMismatchECDSA",
1286 config: Config{
1287 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1288 Certificates: []Certificate{getRSACertificate()},
1289 Bugs: ProtocolBugs{
1290 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1291 },
1292 },
1293 shouldFail: true,
1294 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1295 },
1296 {
1297 name: "EmptyCertificateList",
1298 config: Config{
1299 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1300 Bugs: ProtocolBugs{
1301 EmptyCertificateList: true,
1302 },
1303 },
1304 shouldFail: true,
1305 expectedError: ":DECODE_ERROR:",
1306 },
1307 {
1308 name: "TLSFatalBadPackets",
1309 damageFirstWrite: true,
1310 shouldFail: true,
1311 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1312 },
1313 {
1314 protocol: dtls,
1315 name: "DTLSIgnoreBadPackets",
1316 damageFirstWrite: true,
1317 },
1318 {
1319 protocol: dtls,
1320 name: "DTLSIgnoreBadPackets-Async",
1321 damageFirstWrite: true,
1322 flags: []string{"-async"},
1323 },
1324 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1325 name: "AppDataBeforeHandshake",
1326 config: Config{
1327 Bugs: ProtocolBugs{
1328 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1329 },
1330 },
1331 shouldFail: true,
1332 expectedError: ":UNEXPECTED_RECORD:",
1333 },
1334 {
1335 name: "AppDataBeforeHandshake-Empty",
1336 config: Config{
1337 Bugs: ProtocolBugs{
1338 AppDataBeforeHandshake: []byte{},
1339 },
1340 },
1341 shouldFail: true,
1342 expectedError: ":UNEXPECTED_RECORD:",
1343 },
1344 {
1345 protocol: dtls,
1346 name: "AppDataBeforeHandshake-DTLS",
1347 config: Config{
1348 Bugs: ProtocolBugs{
1349 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1350 },
1351 },
1352 shouldFail: true,
1353 expectedError: ":UNEXPECTED_RECORD:",
1354 },
1355 {
1356 protocol: dtls,
1357 name: "AppDataBeforeHandshake-DTLS-Empty",
1358 config: Config{
1359 Bugs: ProtocolBugs{
1360 AppDataBeforeHandshake: []byte{},
1361 },
1362 },
1363 shouldFail: true,
1364 expectedError: ":UNEXPECTED_RECORD:",
1365 },
1366 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1367 name: "AppDataAfterChangeCipherSpec",
1368 config: Config{
1369 Bugs: ProtocolBugs{
1370 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1371 },
1372 },
1373 shouldFail: true,
1374 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
1375 },
1376 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1377 name: "AppDataAfterChangeCipherSpec-Empty",
1378 config: Config{
1379 Bugs: ProtocolBugs{
1380 AppDataAfterChangeCipherSpec: []byte{},
1381 },
1382 },
1383 shouldFail: true,
1384 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
1385 },
1386 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1387 protocol: dtls,
1388 name: "AppDataAfterChangeCipherSpec-DTLS",
1389 config: Config{
1390 Bugs: ProtocolBugs{
1391 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1392 },
1393 },
1394 // BoringSSL's DTLS implementation will drop the out-of-order
1395 // application data.
1396 },
1397 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1398 protocol: dtls,
1399 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1400 config: Config{
1401 Bugs: ProtocolBugs{
1402 AppDataAfterChangeCipherSpec: []byte{},
1403 },
1404 },
1405 // BoringSSL's DTLS implementation will drop the out-of-order
1406 // application data.
1407 },
1408 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1409 name: "AlertAfterChangeCipherSpec",
1410 config: Config{
1411 Bugs: ProtocolBugs{
1412 AlertAfterChangeCipherSpec: alertRecordOverflow,
1413 },
1414 },
1415 shouldFail: true,
1416 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1417 },
1418 {
1419 protocol: dtls,
1420 name: "AlertAfterChangeCipherSpec-DTLS",
1421 config: Config{
1422 Bugs: ProtocolBugs{
1423 AlertAfterChangeCipherSpec: alertRecordOverflow,
1424 },
1425 },
1426 shouldFail: true,
1427 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1428 },
1429 {
1430 protocol: dtls,
1431 name: "ReorderHandshakeFragments-Small-DTLS",
1432 config: Config{
1433 Bugs: ProtocolBugs{
1434 ReorderHandshakeFragments: true,
1435 // Small enough that every handshake message is
1436 // fragmented.
1437 MaxHandshakeRecordLength: 2,
1438 },
1439 },
1440 },
1441 {
1442 protocol: dtls,
1443 name: "ReorderHandshakeFragments-Large-DTLS",
1444 config: Config{
1445 Bugs: ProtocolBugs{
1446 ReorderHandshakeFragments: true,
1447 // Large enough that no handshake message is
1448 // fragmented.
1449 MaxHandshakeRecordLength: 2048,
1450 },
1451 },
1452 },
1453 {
1454 protocol: dtls,
1455 name: "MixCompleteMessageWithFragments-DTLS",
1456 config: Config{
1457 Bugs: ProtocolBugs{
1458 ReorderHandshakeFragments: true,
1459 MixCompleteMessageWithFragments: true,
1460 MaxHandshakeRecordLength: 2,
1461 },
1462 },
1463 },
1464 {
1465 name: "SendInvalidRecordType",
1466 config: Config{
1467 Bugs: ProtocolBugs{
1468 SendInvalidRecordType: true,
1469 },
1470 },
1471 shouldFail: true,
1472 expectedError: ":UNEXPECTED_RECORD:",
1473 },
1474 {
1475 protocol: dtls,
1476 name: "SendInvalidRecordType-DTLS",
1477 config: Config{
1478 Bugs: ProtocolBugs{
1479 SendInvalidRecordType: true,
1480 },
1481 },
1482 shouldFail: true,
1483 expectedError: ":UNEXPECTED_RECORD:",
1484 },
1485 {
1486 name: "FalseStart-SkipServerSecondLeg",
1487 config: Config{
1488 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1489 NextProtos: []string{"foo"},
1490 Bugs: ProtocolBugs{
1491 SkipNewSessionTicket: true,
1492 SkipChangeCipherSpec: true,
1493 SkipFinished: true,
1494 ExpectFalseStart: true,
1495 },
1496 },
1497 flags: []string{
1498 "-false-start",
1499 "-handshake-never-done",
1500 "-advertise-alpn", "\x03foo",
1501 },
1502 shimWritesFirst: true,
1503 shouldFail: true,
1504 expectedError: ":UNEXPECTED_RECORD:",
1505 },
1506 {
1507 name: "FalseStart-SkipServerSecondLeg-Implicit",
1508 config: Config{
1509 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1510 NextProtos: []string{"foo"},
1511 Bugs: ProtocolBugs{
1512 SkipNewSessionTicket: true,
1513 SkipChangeCipherSpec: true,
1514 SkipFinished: true,
1515 },
1516 },
1517 flags: []string{
1518 "-implicit-handshake",
1519 "-false-start",
1520 "-handshake-never-done",
1521 "-advertise-alpn", "\x03foo",
1522 },
1523 shouldFail: true,
1524 expectedError: ":UNEXPECTED_RECORD:",
1525 },
1526 {
1527 testType: serverTest,
1528 name: "FailEarlyCallback",
1529 flags: []string{"-fail-early-callback"},
1530 shouldFail: true,
1531 expectedError: ":CONNECTION_REJECTED:",
1532 expectedLocalError: "remote error: access denied",
1533 },
1534 {
1535 name: "WrongMessageType",
1536 config: Config{
1537 Bugs: ProtocolBugs{
1538 WrongCertificateMessageType: true,
1539 },
1540 },
1541 shouldFail: true,
1542 expectedError: ":UNEXPECTED_MESSAGE:",
1543 expectedLocalError: "remote error: unexpected message",
1544 },
1545 {
1546 protocol: dtls,
1547 name: "WrongMessageType-DTLS",
1548 config: Config{
1549 Bugs: ProtocolBugs{
1550 WrongCertificateMessageType: true,
1551 },
1552 },
1553 shouldFail: true,
1554 expectedError: ":UNEXPECTED_MESSAGE:",
1555 expectedLocalError: "remote error: unexpected message",
1556 },
1557 {
1558 protocol: dtls,
1559 name: "FragmentMessageTypeMismatch-DTLS",
1560 config: Config{
1561 Bugs: ProtocolBugs{
1562 MaxHandshakeRecordLength: 2,
1563 FragmentMessageTypeMismatch: true,
1564 },
1565 },
1566 shouldFail: true,
1567 expectedError: ":FRAGMENT_MISMATCH:",
1568 },
1569 {
1570 protocol: dtls,
1571 name: "FragmentMessageLengthMismatch-DTLS",
1572 config: Config{
1573 Bugs: ProtocolBugs{
1574 MaxHandshakeRecordLength: 2,
1575 FragmentMessageLengthMismatch: true,
1576 },
1577 },
1578 shouldFail: true,
1579 expectedError: ":FRAGMENT_MISMATCH:",
1580 },
1581 {
1582 protocol: dtls,
1583 name: "SplitFragments-Header-DTLS",
1584 config: Config{
1585 Bugs: ProtocolBugs{
1586 SplitFragments: 2,
1587 },
1588 },
1589 shouldFail: true,
1590 expectedError: ":UNEXPECTED_MESSAGE:",
1591 },
1592 {
1593 protocol: dtls,
1594 name: "SplitFragments-Boundary-DTLS",
1595 config: Config{
1596 Bugs: ProtocolBugs{
1597 SplitFragments: dtlsRecordHeaderLen,
1598 },
1599 },
1600 shouldFail: true,
1601 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1602 },
1603 {
1604 protocol: dtls,
1605 name: "SplitFragments-Body-DTLS",
1606 config: Config{
1607 Bugs: ProtocolBugs{
1608 SplitFragments: dtlsRecordHeaderLen + 1,
1609 },
1610 },
1611 shouldFail: true,
1612 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1613 },
1614 {
1615 protocol: dtls,
1616 name: "SendEmptyFragments-DTLS",
1617 config: Config{
1618 Bugs: ProtocolBugs{
1619 SendEmptyFragments: true,
1620 },
1621 },
1622 },
1623 {
1624 name: "UnsupportedCipherSuite",
1625 config: Config{
1626 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1627 Bugs: ProtocolBugs{
1628 IgnorePeerCipherPreferences: true,
1629 },
1630 },
1631 flags: []string{"-cipher", "DEFAULT:!RC4"},
1632 shouldFail: true,
1633 expectedError: ":WRONG_CIPHER_RETURNED:",
1634 },
1635 {
1636 name: "UnsupportedCurve",
1637 config: Config{
1638 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1639 // BoringSSL implements P-224 but doesn't enable it by
1640 // default.
1641 CurvePreferences: []CurveID{CurveP224},
1642 Bugs: ProtocolBugs{
1643 IgnorePeerCurvePreferences: true,
1644 },
1645 },
1646 shouldFail: true,
1647 expectedError: ":WRONG_CURVE:",
1648 },
1649 {
1650 name: "BadFinished",
1651 config: Config{
1652 Bugs: ProtocolBugs{
1653 BadFinished: true,
1654 },
1655 },
1656 shouldFail: true,
1657 expectedError: ":DIGEST_CHECK_FAILED:",
1658 },
1659 {
1660 name: "FalseStart-BadFinished",
1661 config: Config{
1662 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1663 NextProtos: []string{"foo"},
1664 Bugs: ProtocolBugs{
1665 BadFinished: true,
1666 ExpectFalseStart: true,
1667 },
1668 },
1669 flags: []string{
1670 "-false-start",
1671 "-handshake-never-done",
1672 "-advertise-alpn", "\x03foo",
1673 },
1674 shimWritesFirst: true,
1675 shouldFail: true,
1676 expectedError: ":DIGEST_CHECK_FAILED:",
1677 },
1678 {
1679 name: "NoFalseStart-NoALPN",
1680 config: Config{
1681 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1682 Bugs: ProtocolBugs{
1683 ExpectFalseStart: true,
1684 AlertBeforeFalseStartTest: alertAccessDenied,
1685 },
1686 },
1687 flags: []string{
1688 "-false-start",
1689 },
1690 shimWritesFirst: true,
1691 shouldFail: true,
1692 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1693 expectedLocalError: "tls: peer did not false start: EOF",
1694 },
1695 {
1696 name: "NoFalseStart-NoAEAD",
1697 config: Config{
1698 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1699 NextProtos: []string{"foo"},
1700 Bugs: ProtocolBugs{
1701 ExpectFalseStart: true,
1702 AlertBeforeFalseStartTest: alertAccessDenied,
1703 },
1704 },
1705 flags: []string{
1706 "-false-start",
1707 "-advertise-alpn", "\x03foo",
1708 },
1709 shimWritesFirst: true,
1710 shouldFail: true,
1711 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1712 expectedLocalError: "tls: peer did not false start: EOF",
1713 },
1714 {
1715 name: "NoFalseStart-RSA",
1716 config: Config{
1717 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1718 NextProtos: []string{"foo"},
1719 Bugs: ProtocolBugs{
1720 ExpectFalseStart: true,
1721 AlertBeforeFalseStartTest: alertAccessDenied,
1722 },
1723 },
1724 flags: []string{
1725 "-false-start",
1726 "-advertise-alpn", "\x03foo",
1727 },
1728 shimWritesFirst: true,
1729 shouldFail: true,
1730 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1731 expectedLocalError: "tls: peer did not false start: EOF",
1732 },
1733 {
1734 name: "NoFalseStart-DHE_RSA",
1735 config: Config{
1736 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1737 NextProtos: []string{"foo"},
1738 Bugs: ProtocolBugs{
1739 ExpectFalseStart: true,
1740 AlertBeforeFalseStartTest: alertAccessDenied,
1741 },
1742 },
1743 flags: []string{
1744 "-false-start",
1745 "-advertise-alpn", "\x03foo",
1746 },
1747 shimWritesFirst: true,
1748 shouldFail: true,
1749 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1750 expectedLocalError: "tls: peer did not false start: EOF",
1751 },
1752 {
1753 testType: serverTest,
1754 name: "NoSupportedCurves",
1755 config: Config{
1756 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1757 Bugs: ProtocolBugs{
1758 NoSupportedCurves: true,
1759 },
1760 },
1761 },
1762 {
1763 testType: serverTest,
1764 name: "NoCommonCurves",
1765 config: Config{
1766 CipherSuites: []uint16{
1767 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1768 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1769 },
1770 CurvePreferences: []CurveID{CurveP224},
1771 },
1772 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1773 },
1774 {
1775 protocol: dtls,
1776 name: "SendSplitAlert-Sync",
1777 config: Config{
1778 Bugs: ProtocolBugs{
1779 SendSplitAlert: true,
1780 },
1781 },
1782 },
1783 {
1784 protocol: dtls,
1785 name: "SendSplitAlert-Async",
1786 config: Config{
1787 Bugs: ProtocolBugs{
1788 SendSplitAlert: true,
1789 },
1790 },
1791 flags: []string{"-async"},
1792 },
1793 {
1794 protocol: dtls,
1795 name: "PackDTLSHandshake",
1796 config: Config{
1797 Bugs: ProtocolBugs{
1798 MaxHandshakeRecordLength: 2,
1799 PackHandshakeFragments: 20,
1800 PackHandshakeRecords: 200,
1801 },
1802 },
1803 },
1804 {
1805 testType: serverTest,
1806 protocol: dtls,
1807 name: "NoRC4-DTLS",
1808 config: Config{
1809 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1810 Bugs: ProtocolBugs{
1811 EnableAllCiphersInDTLS: true,
1812 },
1813 },
1814 shouldFail: true,
1815 expectedError: ":NO_SHARED_CIPHER:",
1816 },
1817 {
1818 name: "SendEmptyRecords-Pass",
1819 sendEmptyRecords: 32,
1820 },
1821 {
1822 name: "SendEmptyRecords",
1823 sendEmptyRecords: 33,
1824 shouldFail: true,
1825 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1826 },
1827 {
1828 name: "SendEmptyRecords-Async",
1829 sendEmptyRecords: 33,
1830 flags: []string{"-async"},
1831 shouldFail: true,
1832 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1833 },
1834 {
1835 name: "SendWarningAlerts-Pass",
1836 sendWarningAlerts: 4,
1837 },
1838 {
1839 protocol: dtls,
1840 name: "SendWarningAlerts-DTLS-Pass",
1841 sendWarningAlerts: 4,
1842 },
1843 {
1844 name: "SendWarningAlerts",
1845 sendWarningAlerts: 5,
1846 shouldFail: true,
1847 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1848 },
1849 {
1850 name: "SendWarningAlerts-Async",
1851 sendWarningAlerts: 5,
1852 flags: []string{"-async"},
1853 shouldFail: true,
1854 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1855 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1856 {
1857 name: "EmptySessionID",
1858 config: Config{
1859 SessionTicketsDisabled: true,
1860 },
1861 noSessionCache: true,
1862 flags: []string{"-expect-no-session"},
1863 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1864 {
1865 name: "Unclean-Shutdown",
1866 config: Config{
1867 Bugs: ProtocolBugs{
1868 NoCloseNotify: true,
1869 ExpectCloseNotify: true,
1870 },
1871 },
1872 shimShutsDown: true,
1873 flags: []string{"-check-close-notify"},
1874 shouldFail: true,
1875 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1876 },
1877 {
1878 name: "Unclean-Shutdown-Ignored",
1879 config: Config{
1880 Bugs: ProtocolBugs{
1881 NoCloseNotify: true,
1882 },
1883 },
1884 shimShutsDown: true,
1885 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1886 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1887 testCases = append(testCases, basicTests...)
1888}
1889
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1890func addCipherSuiteTests() {
1891 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1892 const psk = "12345"
1893 const pskIdentity = "luggage combo"
1894
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1895 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1896 var certFile string
1897 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1898 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1899 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1900 certFile = ecdsaCertificateFile
1901 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1902 } else {
1903 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1904 certFile = rsaCertificateFile
1905 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1906 }
1907
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1908 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1909 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1910 flags = append(flags,
1911 "-psk", psk,
1912 "-psk-identity", pskIdentity)
1913 }
1914
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1915 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1916 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1917 continue
1918 }
1919
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1920 testCases = append(testCases, testCase{
1921 testType: clientTest,
1922 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1923 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1924 MinVersion: ver.version,
1925 MaxVersion: ver.version,
1926 CipherSuites: []uint16{suite.id},
1927 Certificates: []Certificate{cert},
David Benjamin68793732015-05-04 20:20:48 -0400[diff] [blame]1928 PreSharedKey: []byte(psk),
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1929 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1930 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1931 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1932 resumeSession: true,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1933 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1934
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1935 testCases = append(testCases, testCase{
1936 testType: serverTest,
1937 name: ver.name + "-" + suite.name + "-server",
1938 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1939 MinVersion: ver.version,
1940 MaxVersion: ver.version,
1941 CipherSuites: []uint16{suite.id},
1942 Certificates: []Certificate{cert},
1943 PreSharedKey: []byte(psk),
1944 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1945 },
1946 certFile: certFile,
1947 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1948 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1949 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1950 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1951
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1952 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1953 testCases = append(testCases, testCase{
1954 testType: clientTest,
1955 protocol: dtls,
1956 name: "D" + ver.name + "-" + suite.name + "-client",
1957 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1958 MinVersion: ver.version,
1959 MaxVersion: ver.version,
1960 CipherSuites: []uint16{suite.id},
1961 Certificates: []Certificate{cert},
1962 PreSharedKey: []byte(psk),
1963 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1964 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1965 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1966 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1967 })
1968 testCases = append(testCases, testCase{
1969 testType: serverTest,
1970 protocol: dtls,
1971 name: "D" + ver.name + "-" + suite.name + "-server",
1972 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1973 MinVersion: ver.version,
1974 MaxVersion: ver.version,
1975 CipherSuites: []uint16{suite.id},
1976 Certificates: []Certificate{cert},
1977 PreSharedKey: []byte(psk),
1978 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1979 },
1980 certFile: certFile,
1981 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1982 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1983 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1984 })
1985 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1986 }
1987 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]1988
1989 testCases = append(testCases, testCase{
1990 name: "WeakDH",
1991 config: Config{
1992 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1993 Bugs: ProtocolBugs{
1994 // This is a 1023-bit prime number, generated
1995 // with:
1996 // openssl gendh 1023 | openssl asn1parse -i
1997 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
1998 },
1999 },
2000 shouldFail: true,
2001 expectedError: "BAD_DH_P_LENGTH",
2002 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2003}
2004
2005func addBadECDSASignatureTests() {
2006 for badR := BadValue(1); badR < NumBadValues; badR++ {
2007 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2008 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2009 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2010 config: Config{
2011 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2012 Certificates: []Certificate{getECDSACertificate()},
2013 Bugs: ProtocolBugs{
2014 BadECDSAR: badR,
2015 BadECDSAS: badS,
2016 },
2017 },
2018 shouldFail: true,
2019 expectedError: "SIGNATURE",
2020 })
2021 }
2022 }
2023}
2024
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2025func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2026 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2027 name: "MaxCBCPadding",
2028 config: Config{
2029 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2030 Bugs: ProtocolBugs{
2031 MaxPadding: true,
2032 },
2033 },
2034 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2035 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2036 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2037 name: "BadCBCPadding",
2038 config: Config{
2039 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2040 Bugs: ProtocolBugs{
2041 PaddingFirstByteBad: true,
2042 },
2043 },
2044 shouldFail: true,
2045 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2046 })
2047 // OpenSSL previously had an issue where the first byte of padding in
2048 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2049 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2050 name: "BadCBCPadding255",
2051 config: Config{
2052 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2053 Bugs: ProtocolBugs{
2054 MaxPadding: true,
2055 PaddingFirstByteBadIf255: true,
2056 },
2057 },
2058 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2059 shouldFail: true,
2060 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2061 })
2062}
2063
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2064func addCBCSplittingTests() {
2065 testCases = append(testCases, testCase{
2066 name: "CBCRecordSplitting",
2067 config: Config{
2068 MaxVersion: VersionTLS10,
2069 MinVersion: VersionTLS10,
2070 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2071 },
2072 messageLen: -1, // read until EOF
2073 flags: []string{
2074 "-async",
2075 "-write-different-record-sizes",
2076 "-cbc-record-splitting",
2077 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2078 })
2079 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2080 name: "CBCRecordSplittingPartialWrite",
2081 config: Config{
2082 MaxVersion: VersionTLS10,
2083 MinVersion: VersionTLS10,
2084 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2085 },
2086 messageLen: -1, // read until EOF
2087 flags: []string{
2088 "-async",
2089 "-write-different-record-sizes",
2090 "-cbc-record-splitting",
2091 "-partial-write",
2092 },
2093 })
2094}
2095
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2096func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2097 // Add a dummy cert pool to stress certificate authority parsing.
2098 // TODO(davidben): Add tests that those values parse out correctly.
2099 certPool := x509.NewCertPool()
2100 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2101 if err != nil {
2102 panic(err)
2103 }
2104 certPool.AddCert(cert)
2105
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2106 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2107 testCases = append(testCases, testCase{
2108 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2109 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2110 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2111 MinVersion: ver.version,
2112 MaxVersion: ver.version,
2113 ClientAuth: RequireAnyClientCert,
2114 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2115 },
2116 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2117 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2118 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2119 },
2120 })
2121 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2122 testType: serverTest,
2123 name: ver.name + "-Server-ClientAuth-RSA",
2124 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2125 MinVersion: ver.version,
2126 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2127 Certificates: []Certificate{rsaCertificate},
2128 },
2129 flags: []string{"-require-any-client-certificate"},
2130 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2131 if ver.version != VersionSSL30 {
2132 testCases = append(testCases, testCase{
2133 testType: serverTest,
2134 name: ver.name + "-Server-ClientAuth-ECDSA",
2135 config: Config{
2136 MinVersion: ver.version,
2137 MaxVersion: ver.version,
2138 Certificates: []Certificate{ecdsaCertificate},
2139 },
2140 flags: []string{"-require-any-client-certificate"},
2141 })
2142 testCases = append(testCases, testCase{
2143 testType: clientTest,
2144 name: ver.name + "-Client-ClientAuth-ECDSA",
2145 config: Config{
2146 MinVersion: ver.version,
2147 MaxVersion: ver.version,
2148 ClientAuth: RequireAnyClientCert,
2149 ClientCAs: certPool,
2150 },
2151 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2152 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2153 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2154 },
2155 })
2156 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2157 }
2158}
2159
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2160func addExtendedMasterSecretTests() {
2161 const expectEMSFlag = "-expect-extended-master-secret"
2162
2163 for _, with := range []bool{false, true} {
2164 prefix := "No"
2165 var flags []string
2166 if with {
2167 prefix = ""
2168 flags = []string{expectEMSFlag}
2169 }
2170
2171 for _, isClient := range []bool{false, true} {
2172 suffix := "-Server"
2173 testType := serverTest
2174 if isClient {
2175 suffix = "-Client"
2176 testType = clientTest
2177 }
2178
2179 for _, ver := range tlsVersions {
2180 test := testCase{
2181 testType: testType,
2182 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2183 config: Config{
2184 MinVersion: ver.version,
2185 MaxVersion: ver.version,
2186 Bugs: ProtocolBugs{
2187 NoExtendedMasterSecret: !with,
2188 RequireExtendedMasterSecret: with,
2189 },
2190 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2191 flags: flags,
2192 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2193 }
2194 if test.shouldFail {
2195 test.expectedLocalError = "extended master secret required but not supported by peer"
2196 }
2197 testCases = append(testCases, test)
2198 }
2199 }
2200 }
2201
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2202 for _, isClient := range []bool{false, true} {
2203 for _, supportedInFirstConnection := range []bool{false, true} {
2204 for _, supportedInResumeConnection := range []bool{false, true} {
2205 boolToWord := func(b bool) string {
2206 if b {
2207 return "Yes"
2208 }
2209 return "No"
2210 }
2211 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2212 if isClient {
2213 suffix += "Client"
2214 } else {
2215 suffix += "Server"
2216 }
2217
2218 supportedConfig := Config{
2219 Bugs: ProtocolBugs{
2220 RequireExtendedMasterSecret: true,
2221 },
2222 }
2223
2224 noSupportConfig := Config{
2225 Bugs: ProtocolBugs{
2226 NoExtendedMasterSecret: true,
2227 },
2228 }
2229
2230 test := testCase{
2231 name: "ExtendedMasterSecret-" + suffix,
2232 resumeSession: true,
2233 }
2234
2235 if !isClient {
2236 test.testType = serverTest
2237 }
2238
2239 if supportedInFirstConnection {
2240 test.config = supportedConfig
2241 } else {
2242 test.config = noSupportConfig
2243 }
2244
2245 if supportedInResumeConnection {
2246 test.resumeConfig = &supportedConfig
2247 } else {
2248 test.resumeConfig = &noSupportConfig
2249 }
2250
2251 switch suffix {
2252 case "YesToYes-Client", "YesToYes-Server":
2253 // When a session is resumed, it should
2254 // still be aware that its master
2255 // secret was generated via EMS and
2256 // thus it's safe to use tls-unique.
2257 test.flags = []string{expectEMSFlag}
2258 case "NoToYes-Server":
2259 // If an original connection did not
2260 // contain EMS, but a resumption
2261 // handshake does, then a server should
2262 // not resume the session.
2263 test.expectResumeRejected = true
2264 case "YesToNo-Server":
2265 // Resuming an EMS session without the
2266 // EMS extension should cause the
2267 // server to abort the connection.
2268 test.shouldFail = true
2269 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2270 case "NoToYes-Client":
2271 // A client should abort a connection
2272 // where the server resumed a non-EMS
2273 // session but echoed the EMS
2274 // extension.
2275 test.shouldFail = true
2276 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2277 case "YesToNo-Client":
2278 // A client should abort a connection
2279 // where the server didn't echo EMS
2280 // when the session used it.
2281 test.shouldFail = true
2282 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2283 }
2284
2285 testCases = append(testCases, test)
2286 }
2287 }
2288 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2289}
2290
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2291// Adds tests that try to cover the range of the handshake state machine, under
2292// various conditions. Some of these are redundant with other tests, but they
2293// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2294func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2295 var tests []testCase
2296
2297 // Basic handshake, with resumption. Client and server,
2298 // session ID and session ticket.
2299 tests = append(tests, testCase{
2300 name: "Basic-Client",
2301 resumeSession: true,
2302 })
2303 tests = append(tests, testCase{
2304 name: "Basic-Client-RenewTicket",
2305 config: Config{
2306 Bugs: ProtocolBugs{
2307 RenewTicketOnResume: true,
2308 },
2309 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2310 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2311 resumeSession: true,
2312 })
2313 tests = append(tests, testCase{
2314 name: "Basic-Client-NoTicket",
2315 config: Config{
2316 SessionTicketsDisabled: true,
2317 },
2318 resumeSession: true,
2319 })
2320 tests = append(tests, testCase{
2321 name: "Basic-Client-Implicit",
2322 flags: []string{"-implicit-handshake"},
2323 resumeSession: true,
2324 })
2325 tests = append(tests, testCase{
2326 testType: serverTest,
2327 name: "Basic-Server",
2328 resumeSession: true,
2329 })
2330 tests = append(tests, testCase{
2331 testType: serverTest,
2332 name: "Basic-Server-NoTickets",
2333 config: Config{
2334 SessionTicketsDisabled: true,
2335 },
2336 resumeSession: true,
2337 })
2338 tests = append(tests, testCase{
2339 testType: serverTest,
2340 name: "Basic-Server-Implicit",
2341 flags: []string{"-implicit-handshake"},
2342 resumeSession: true,
2343 })
2344 tests = append(tests, testCase{
2345 testType: serverTest,
2346 name: "Basic-Server-EarlyCallback",
2347 flags: []string{"-use-early-callback"},
2348 resumeSession: true,
2349 })
2350
2351 // TLS client auth.
2352 tests = append(tests, testCase{
2353 testType: clientTest,
2354 name: "ClientAuth-Client",
2355 config: Config{
2356 ClientAuth: RequireAnyClientCert,
2357 },
2358 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2359 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2360 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2361 },
2362 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2363 if async {
2364 tests = append(tests, testCase{
2365 testType: clientTest,
2366 name: "ClientAuth-Client-AsyncKey",
2367 config: Config{
2368 ClientAuth: RequireAnyClientCert,
2369 },
2370 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2371 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2372 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2373 "-use-async-private-key",
2374 },
2375 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2376 tests = append(tests, testCase{
2377 testType: serverTest,
2378 name: "Basic-Server-RSAAsyncKey",
2379 flags: []string{
2380 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2381 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2382 "-use-async-private-key",
2383 },
2384 })
2385 tests = append(tests, testCase{
2386 testType: serverTest,
2387 name: "Basic-Server-ECDSAAsyncKey",
2388 flags: []string{
2389 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2390 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2391 "-use-async-private-key",
2392 },
2393 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2394 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2395 tests = append(tests, testCase{
2396 testType: serverTest,
2397 name: "ClientAuth-Server",
2398 config: Config{
2399 Certificates: []Certificate{rsaCertificate},
2400 },
2401 flags: []string{"-require-any-client-certificate"},
2402 })
2403
2404 // No session ticket support; server doesn't send NewSessionTicket.
2405 tests = append(tests, testCase{
2406 name: "SessionTicketsDisabled-Client",
2407 config: Config{
2408 SessionTicketsDisabled: true,
2409 },
2410 })
2411 tests = append(tests, testCase{
2412 testType: serverTest,
2413 name: "SessionTicketsDisabled-Server",
2414 config: Config{
2415 SessionTicketsDisabled: true,
2416 },
2417 })
2418
2419 // Skip ServerKeyExchange in PSK key exchange if there's no
2420 // identity hint.
2421 tests = append(tests, testCase{
2422 name: "EmptyPSKHint-Client",
2423 config: Config{
2424 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2425 PreSharedKey: []byte("secret"),
2426 },
2427 flags: []string{"-psk", "secret"},
2428 })
2429 tests = append(tests, testCase{
2430 testType: serverTest,
2431 name: "EmptyPSKHint-Server",
2432 config: Config{
2433 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2434 PreSharedKey: []byte("secret"),
2435 },
2436 flags: []string{"-psk", "secret"},
2437 })
2438
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2439 tests = append(tests, testCase{
2440 testType: clientTest,
2441 name: "OCSPStapling-Client",
2442 flags: []string{
2443 "-enable-ocsp-stapling",
2444 "-expect-ocsp-response",
2445 base64.StdEncoding.EncodeToString(testOCSPResponse),
2446 },
2447 })
2448
2449 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2450 testType: serverTest,
2451 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2452 expectedOCSPResponse: testOCSPResponse,
2453 flags: []string{
2454 "-ocsp-response",
2455 base64.StdEncoding.EncodeToString(testOCSPResponse),
2456 },
2457 })
2458
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2459 if protocol == tls {
2460 tests = append(tests, testCase{
2461 name: "Renegotiate-Client",
2462 renegotiate: true,
2463 })
2464 // NPN on client and server; results in post-handshake message.
2465 tests = append(tests, testCase{
2466 name: "NPN-Client",
2467 config: Config{
2468 NextProtos: []string{"foo"},
2469 },
2470 flags: []string{"-select-next-proto", "foo"},
2471 expectedNextProto: "foo",
2472 expectedNextProtoType: npn,
2473 })
2474 tests = append(tests, testCase{
2475 testType: serverTest,
2476 name: "NPN-Server",
2477 config: Config{
2478 NextProtos: []string{"bar"},
2479 },
2480 flags: []string{
2481 "-advertise-npn", "\x03foo\x03bar\x03baz",
2482 "-expect-next-proto", "bar",
2483 },
2484 expectedNextProto: "bar",
2485 expectedNextProtoType: npn,
2486 })
2487
2488 // TODO(davidben): Add tests for when False Start doesn't trigger.
2489
2490 // Client does False Start and negotiates NPN.
2491 tests = append(tests, testCase{
2492 name: "FalseStart",
2493 config: Config{
2494 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2495 NextProtos: []string{"foo"},
2496 Bugs: ProtocolBugs{
2497 ExpectFalseStart: true,
2498 },
2499 },
2500 flags: []string{
2501 "-false-start",
2502 "-select-next-proto", "foo",
2503 },
2504 shimWritesFirst: true,
2505 resumeSession: true,
2506 })
2507
2508 // Client does False Start and negotiates ALPN.
2509 tests = append(tests, testCase{
2510 name: "FalseStart-ALPN",
2511 config: Config{
2512 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2513 NextProtos: []string{"foo"},
2514 Bugs: ProtocolBugs{
2515 ExpectFalseStart: true,
2516 },
2517 },
2518 flags: []string{
2519 "-false-start",
2520 "-advertise-alpn", "\x03foo",
2521 },
2522 shimWritesFirst: true,
2523 resumeSession: true,
2524 })
2525
2526 // Client does False Start but doesn't explicitly call
2527 // SSL_connect.
2528 tests = append(tests, testCase{
2529 name: "FalseStart-Implicit",
2530 config: Config{
2531 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2532 NextProtos: []string{"foo"},
2533 },
2534 flags: []string{
2535 "-implicit-handshake",
2536 "-false-start",
2537 "-advertise-alpn", "\x03foo",
2538 },
2539 })
2540
2541 // False Start without session tickets.
2542 tests = append(tests, testCase{
2543 name: "FalseStart-SessionTicketsDisabled",
2544 config: Config{
2545 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2546 NextProtos: []string{"foo"},
2547 SessionTicketsDisabled: true,
2548 Bugs: ProtocolBugs{
2549 ExpectFalseStart: true,
2550 },
2551 },
2552 flags: []string{
2553 "-false-start",
2554 "-select-next-proto", "foo",
2555 },
2556 shimWritesFirst: true,
2557 })
2558
2559 // Server parses a V2ClientHello.
2560 tests = append(tests, testCase{
2561 testType: serverTest,
2562 name: "SendV2ClientHello",
2563 config: Config{
2564 // Choose a cipher suite that does not involve
2565 // elliptic curves, so no extensions are
2566 // involved.
2567 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2568 Bugs: ProtocolBugs{
2569 SendV2ClientHello: true,
2570 },
2571 },
2572 })
2573
2574 // Client sends a Channel ID.
2575 tests = append(tests, testCase{
2576 name: "ChannelID-Client",
2577 config: Config{
2578 RequestChannelID: true,
2579 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2580 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2581 resumeSession: true,
2582 expectChannelID: true,
2583 })
2584
2585 // Server accepts a Channel ID.
2586 tests = append(tests, testCase{
2587 testType: serverTest,
2588 name: "ChannelID-Server",
2589 config: Config{
2590 ChannelID: channelIDKey,
2591 },
2592 flags: []string{
2593 "-expect-channel-id",
2594 base64.StdEncoding.EncodeToString(channelIDBytes),
2595 },
2596 resumeSession: true,
2597 expectChannelID: true,
2598 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2599
2600 // Bidirectional shutdown with the runner initiating.
2601 tests = append(tests, testCase{
2602 name: "Shutdown-Runner",
2603 config: Config{
2604 Bugs: ProtocolBugs{
2605 ExpectCloseNotify: true,
2606 },
2607 },
2608 flags: []string{"-check-close-notify"},
2609 })
2610
2611 // Bidirectional shutdown with the shim initiating. The runner,
2612 // in the meantime, sends garbage before the close_notify which
2613 // the shim must ignore.
2614 tests = append(tests, testCase{
2615 name: "Shutdown-Shim",
2616 config: Config{
2617 Bugs: ProtocolBugs{
2618 ExpectCloseNotify: true,
2619 },
2620 },
2621 shimShutsDown: true,
2622 sendEmptyRecords: 1,
2623 sendWarningAlerts: 1,
2624 flags: []string{"-check-close-notify"},
2625 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2626 } else {
2627 tests = append(tests, testCase{
2628 name: "SkipHelloVerifyRequest",
2629 config: Config{
2630 Bugs: ProtocolBugs{
2631 SkipHelloVerifyRequest: true,
2632 },
2633 },
2634 })
2635 }
2636
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2637 var suffix string
2638 var flags []string
2639 var maxHandshakeRecordLength int
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2640 if protocol == dtls {
2641 suffix = "-DTLS"
2642 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2643 if async {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2644 suffix += "-Async"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2645 flags = append(flags, "-async")
2646 } else {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2647 suffix += "-Sync"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2648 }
2649 if splitHandshake {
2650 suffix += "-SplitHandshakeRecords"
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]2651 maxHandshakeRecordLength = 1
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2652 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2653 for _, test := range tests {
2654 test.protocol = protocol
2655 test.name += suffix
2656 test.config.Bugs.MaxHandshakeRecordLength = maxHandshakeRecordLength
2657 test.flags = append(test.flags, flags...)
2658 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2659 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2660}
2661
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]2662func addDDoSCallbackTests() {
2663 // DDoS callback.
2664
2665 for _, resume := range []bool{false, true} {
2666 suffix := "Resume"
2667 if resume {
2668 suffix = "No" + suffix
2669 }
2670
2671 testCases = append(testCases, testCase{
2672 testType: serverTest,
2673 name: "Server-DDoS-OK-" + suffix,
2674 flags: []string{"-install-ddos-callback"},
2675 resumeSession: resume,
2676 })
2677
2678 failFlag := "-fail-ddos-callback"
2679 if resume {
2680 failFlag = "-fail-second-ddos-callback"
2681 }
2682 testCases = append(testCases, testCase{
2683 testType: serverTest,
2684 name: "Server-DDoS-Reject-" + suffix,
2685 flags: []string{"-install-ddos-callback", failFlag},
2686 resumeSession: resume,
2687 shouldFail: true,
2688 expectedError: ":CONNECTION_REJECTED:",
2689 })
2690 }
2691}
2692
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2693func addVersionNegotiationTests() {
2694 for i, shimVers := range tlsVersions {
2695 // Assemble flags to disable all newer versions on the shim.
2696 var flags []string
2697 for _, vers := range tlsVersions[i+1:] {
2698 flags = append(flags, vers.flag)
2699 }
2700
2701 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2702 protocols := []protocol{tls}
2703 if runnerVers.hasDTLS && shimVers.hasDTLS {
2704 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2705 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2706 for _, protocol := range protocols {
2707 expectedVersion := shimVers.version
2708 if runnerVers.version < shimVers.version {
2709 expectedVersion = runnerVers.version
2710 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2711
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2712 suffix := shimVers.name + "-" + runnerVers.name
2713 if protocol == dtls {
2714 suffix += "-DTLS"
2715 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2716
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2717 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
2718
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2719 clientVers := shimVers.version
2720 if clientVers > VersionTLS10 {
2721 clientVers = VersionTLS10
2722 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2723 testCases = append(testCases, testCase{
2724 protocol: protocol,
2725 testType: clientTest,
2726 name: "VersionNegotiation-Client-" + suffix,
2727 config: Config{
2728 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2729 Bugs: ProtocolBugs{
2730 ExpectInitialRecordVersion: clientVers,
2731 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2732 },
2733 flags: flags,
2734 expectedVersion: expectedVersion,
2735 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2736 testCases = append(testCases, testCase{
2737 protocol: protocol,
2738 testType: clientTest,
2739 name: "VersionNegotiation-Client2-" + suffix,
2740 config: Config{
2741 MaxVersion: runnerVers.version,
2742 Bugs: ProtocolBugs{
2743 ExpectInitialRecordVersion: clientVers,
2744 },
2745 },
2746 flags: []string{"-max-version", shimVersFlag},
2747 expectedVersion: expectedVersion,
2748 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2749
2750 testCases = append(testCases, testCase{
2751 protocol: protocol,
2752 testType: serverTest,
2753 name: "VersionNegotiation-Server-" + suffix,
2754 config: Config{
2755 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2756 Bugs: ProtocolBugs{
2757 ExpectInitialRecordVersion: expectedVersion,
2758 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2759 },
2760 flags: flags,
2761 expectedVersion: expectedVersion,
2762 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2763 testCases = append(testCases, testCase{
2764 protocol: protocol,
2765 testType: serverTest,
2766 name: "VersionNegotiation-Server2-" + suffix,
2767 config: Config{
2768 MaxVersion: runnerVers.version,
2769 Bugs: ProtocolBugs{
2770 ExpectInitialRecordVersion: expectedVersion,
2771 },
2772 },
2773 flags: []string{"-max-version", shimVersFlag},
2774 expectedVersion: expectedVersion,
2775 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2776 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2777 }
2778 }
2779}
2780
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2781func addMinimumVersionTests() {
2782 for i, shimVers := range tlsVersions {
2783 // Assemble flags to disable all older versions on the shim.
2784 var flags []string
2785 for _, vers := range tlsVersions[:i] {
2786 flags = append(flags, vers.flag)
2787 }
2788
2789 for _, runnerVers := range tlsVersions {
2790 protocols := []protocol{tls}
2791 if runnerVers.hasDTLS && shimVers.hasDTLS {
2792 protocols = append(protocols, dtls)
2793 }
2794 for _, protocol := range protocols {
2795 suffix := shimVers.name + "-" + runnerVers.name
2796 if protocol == dtls {
2797 suffix += "-DTLS"
2798 }
2799 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
2800
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2801 var expectedVersion uint16
2802 var shouldFail bool
2803 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2804 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2805 if runnerVers.version >= shimVers.version {
2806 expectedVersion = runnerVers.version
2807 } else {
2808 shouldFail = true
2809 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2810 if runnerVers.version > VersionSSL30 {
2811 expectedLocalError = "remote error: protocol version not supported"
2812 } else {
2813 expectedLocalError = "remote error: handshake failure"
2814 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2815 }
2816
2817 testCases = append(testCases, testCase{
2818 protocol: protocol,
2819 testType: clientTest,
2820 name: "MinimumVersion-Client-" + suffix,
2821 config: Config{
2822 MaxVersion: runnerVers.version,
2823 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2824 flags: flags,
2825 expectedVersion: expectedVersion,
2826 shouldFail: shouldFail,
2827 expectedError: expectedError,
2828 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2829 })
2830 testCases = append(testCases, testCase{
2831 protocol: protocol,
2832 testType: clientTest,
2833 name: "MinimumVersion-Client2-" + suffix,
2834 config: Config{
2835 MaxVersion: runnerVers.version,
2836 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2837 flags: []string{"-min-version", shimVersFlag},
2838 expectedVersion: expectedVersion,
2839 shouldFail: shouldFail,
2840 expectedError: expectedError,
2841 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2842 })
2843
2844 testCases = append(testCases, testCase{
2845 protocol: protocol,
2846 testType: serverTest,
2847 name: "MinimumVersion-Server-" + suffix,
2848 config: Config{
2849 MaxVersion: runnerVers.version,
2850 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2851 flags: flags,
2852 expectedVersion: expectedVersion,
2853 shouldFail: shouldFail,
2854 expectedError: expectedError,
2855 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2856 })
2857 testCases = append(testCases, testCase{
2858 protocol: protocol,
2859 testType: serverTest,
2860 name: "MinimumVersion-Server2-" + suffix,
2861 config: Config{
2862 MaxVersion: runnerVers.version,
2863 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2864 flags: []string{"-min-version", shimVersFlag},
2865 expectedVersion: expectedVersion,
2866 shouldFail: shouldFail,
2867 expectedError: expectedError,
2868 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2869 })
2870 }
2871 }
2872 }
2873}
2874
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]2875func addD5BugTests() {
2876 testCases = append(testCases, testCase{
2877 testType: serverTest,
2878 name: "D5Bug-NoQuirk-Reject",
2879 config: Config{
2880 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2881 Bugs: ProtocolBugs{
2882 SSL3RSAKeyExchange: true,
2883 },
2884 },
2885 shouldFail: true,
2886 expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
2887 })
2888 testCases = append(testCases, testCase{
2889 testType: serverTest,
2890 name: "D5Bug-Quirk-Normal",
2891 config: Config{
2892 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2893 },
2894 flags: []string{"-tls-d5-bug"},
2895 })
2896 testCases = append(testCases, testCase{
2897 testType: serverTest,
2898 name: "D5Bug-Quirk-Bug",
2899 config: Config{
2900 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2901 Bugs: ProtocolBugs{
2902 SSL3RSAKeyExchange: true,
2903 },
2904 },
2905 flags: []string{"-tls-d5-bug"},
2906 })
2907}
2908
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2909func addExtensionTests() {
2910 testCases = append(testCases, testCase{
2911 testType: clientTest,
2912 name: "DuplicateExtensionClient",
2913 config: Config{
2914 Bugs: ProtocolBugs{
2915 DuplicateExtension: true,
2916 },
2917 },
2918 shouldFail: true,
2919 expectedLocalError: "remote error: error decoding message",
2920 })
2921 testCases = append(testCases, testCase{
2922 testType: serverTest,
2923 name: "DuplicateExtensionServer",
2924 config: Config{
2925 Bugs: ProtocolBugs{
2926 DuplicateExtension: true,
2927 },
2928 },
2929 shouldFail: true,
2930 expectedLocalError: "remote error: error decoding message",
2931 })
2932 testCases = append(testCases, testCase{
2933 testType: clientTest,
2934 name: "ServerNameExtensionClient",
2935 config: Config{
2936 Bugs: ProtocolBugs{
2937 ExpectServerName: "example.com",
2938 },
2939 },
2940 flags: []string{"-host-name", "example.com"},
2941 })
2942 testCases = append(testCases, testCase{
2943 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]2944 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2945 config: Config{
2946 Bugs: ProtocolBugs{
2947 ExpectServerName: "mismatch.com",
2948 },
2949 },
2950 flags: []string{"-host-name", "example.com"},
2951 shouldFail: true,
2952 expectedLocalError: "tls: unexpected server name",
2953 })
2954 testCases = append(testCases, testCase{
2955 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]2956 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2957 config: Config{
2958 Bugs: ProtocolBugs{
2959 ExpectServerName: "missing.com",
2960 },
2961 },
2962 shouldFail: true,
2963 expectedLocalError: "tls: unexpected server name",
2964 })
2965 testCases = append(testCases, testCase{
2966 testType: serverTest,
2967 name: "ServerNameExtensionServer",
2968 config: Config{
2969 ServerName: "example.com",
2970 },
2971 flags: []string{"-expect-server-name", "example.com"},
2972 resumeSession: true,
2973 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2974 testCases = append(testCases, testCase{
2975 testType: clientTest,
2976 name: "ALPNClient",
2977 config: Config{
2978 NextProtos: []string{"foo"},
2979 },
2980 flags: []string{
2981 "-advertise-alpn", "\x03foo\x03bar\x03baz",
2982 "-expect-alpn", "foo",
2983 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2984 expectedNextProto: "foo",
2985 expectedNextProtoType: alpn,
2986 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2987 })
2988 testCases = append(testCases, testCase{
2989 testType: serverTest,
2990 name: "ALPNServer",
2991 config: Config{
2992 NextProtos: []string{"foo", "bar", "baz"},
2993 },
2994 flags: []string{
2995 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
2996 "-select-alpn", "foo",
2997 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2998 expectedNextProto: "foo",
2999 expectedNextProtoType: alpn,
3000 resumeSession: true,
3001 })
3002 // Test that the server prefers ALPN over NPN.
3003 testCases = append(testCases, testCase{
3004 testType: serverTest,
3005 name: "ALPNServer-Preferred",
3006 config: Config{
3007 NextProtos: []string{"foo", "bar", "baz"},
3008 },
3009 flags: []string{
3010 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3011 "-select-alpn", "foo",
3012 "-advertise-npn", "\x03foo\x03bar\x03baz",
3013 },
3014 expectedNextProto: "foo",
3015 expectedNextProtoType: alpn,
3016 resumeSession: true,
3017 })
3018 testCases = append(testCases, testCase{
3019 testType: serverTest,
3020 name: "ALPNServer-Preferred-Swapped",
3021 config: Config{
3022 NextProtos: []string{"foo", "bar", "baz"},
3023 Bugs: ProtocolBugs{
3024 SwapNPNAndALPN: true,
3025 },
3026 },
3027 flags: []string{
3028 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3029 "-select-alpn", "foo",
3030 "-advertise-npn", "\x03foo\x03bar\x03baz",
3031 },
3032 expectedNextProto: "foo",
3033 expectedNextProtoType: alpn,
3034 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3035 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3036 var emptyString string
3037 testCases = append(testCases, testCase{
3038 testType: clientTest,
3039 name: "ALPNClient-EmptyProtocolName",
3040 config: Config{
3041 NextProtos: []string{""},
3042 Bugs: ProtocolBugs{
3043 // A server returning an empty ALPN protocol
3044 // should be rejected.
3045 ALPNProtocol: &emptyString,
3046 },
3047 },
3048 flags: []string{
3049 "-advertise-alpn", "\x03foo",
3050 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3051 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3052 expectedError: ":PARSE_TLSEXT:",
3053 })
3054 testCases = append(testCases, testCase{
3055 testType: serverTest,
3056 name: "ALPNServer-EmptyProtocolName",
3057 config: Config{
3058 // A ClientHello containing an empty ALPN protocol
3059 // should be rejected.
3060 NextProtos: []string{"foo", "", "baz"},
3061 },
3062 flags: []string{
3063 "-select-alpn", "foo",
3064 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3065 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3066 expectedError: ":PARSE_TLSEXT:",
3067 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3068 // Resume with a corrupt ticket.
3069 testCases = append(testCases, testCase{
3070 testType: serverTest,
3071 name: "CorruptTicket",
3072 config: Config{
3073 Bugs: ProtocolBugs{
3074 CorruptTicket: true,
3075 },
3076 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3077 resumeSession: true,
3078 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3079 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3080 // Test the ticket callback, with and without renewal.
3081 testCases = append(testCases, testCase{
3082 testType: serverTest,
3083 name: "TicketCallback",
3084 resumeSession: true,
3085 flags: []string{"-use-ticket-callback"},
3086 })
3087 testCases = append(testCases, testCase{
3088 testType: serverTest,
3089 name: "TicketCallback-Renew",
3090 config: Config{
3091 Bugs: ProtocolBugs{
3092 ExpectNewTicket: true,
3093 },
3094 },
3095 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3096 resumeSession: true,
3097 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3098 // Resume with an oversized session id.
3099 testCases = append(testCases, testCase{
3100 testType: serverTest,
3101 name: "OversizedSessionId",
3102 config: Config{
3103 Bugs: ProtocolBugs{
3104 OversizedSessionId: true,
3105 },
3106 },
3107 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3108 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3109 expectedError: ":DECODE_ERROR:",
3110 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3111 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3112 // are ignored.
3113 testCases = append(testCases, testCase{
3114 protocol: dtls,
3115 name: "SRTP-Client",
3116 config: Config{
3117 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3118 },
3119 flags: []string{
3120 "-srtp-profiles",
3121 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3122 },
3123 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3124 })
3125 testCases = append(testCases, testCase{
3126 protocol: dtls,
3127 testType: serverTest,
3128 name: "SRTP-Server",
3129 config: Config{
3130 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3131 },
3132 flags: []string{
3133 "-srtp-profiles",
3134 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3135 },
3136 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3137 })
3138 // Test that the MKI is ignored.
3139 testCases = append(testCases, testCase{
3140 protocol: dtls,
3141 testType: serverTest,
3142 name: "SRTP-Server-IgnoreMKI",
3143 config: Config{
3144 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3145 Bugs: ProtocolBugs{
3146 SRTPMasterKeyIdentifer: "bogus",
3147 },
3148 },
3149 flags: []string{
3150 "-srtp-profiles",
3151 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3152 },
3153 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3154 })
3155 // Test that SRTP isn't negotiated on the server if there were
3156 // no matching profiles.
3157 testCases = append(testCases, testCase{
3158 protocol: dtls,
3159 testType: serverTest,
3160 name: "SRTP-Server-NoMatch",
3161 config: Config{
3162 SRTPProtectionProfiles: []uint16{100, 101, 102},
3163 },
3164 flags: []string{
3165 "-srtp-profiles",
3166 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3167 },
3168 expectedSRTPProtectionProfile: 0,
3169 })
3170 // Test that the server returning an invalid SRTP profile is
3171 // flagged as an error by the client.
3172 testCases = append(testCases, testCase{
3173 protocol: dtls,
3174 name: "SRTP-Client-NoMatch",
3175 config: Config{
3176 Bugs: ProtocolBugs{
3177 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3178 },
3179 },
3180 flags: []string{
3181 "-srtp-profiles",
3182 "SRTP_AES128_CM_SHA1_80",
3183 },
3184 shouldFail: true,
3185 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3186 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3187 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3188 testCases = append(testCases, testCase{
3189 name: "SignedCertificateTimestampList",
3190 flags: []string{
3191 "-enable-signed-cert-timestamps",
3192 "-expect-signed-cert-timestamps",
3193 base64.StdEncoding.EncodeToString(testSCTList),
3194 },
3195 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3196 testCases = append(testCases, testCase{
3197 testType: clientTest,
3198 name: "ClientHelloPadding",
3199 config: Config{
3200 Bugs: ProtocolBugs{
3201 RequireClientHelloSize: 512,
3202 },
3203 },
3204 // This hostname just needs to be long enough to push the
3205 // ClientHello into F5's danger zone between 256 and 511 bytes
3206 // long.
3207 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3208 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3209}
3210
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3211func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3212 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3213 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3214 protocols := []protocol{tls}
3215 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3216 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3217 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3218 for _, protocol := range protocols {
3219 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3220 if protocol == dtls {
3221 suffix += "-DTLS"
3222 }
3223
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3224 if sessionVers.version == resumeVers.version {
3225 testCases = append(testCases, testCase{
3226 protocol: protocol,
3227 name: "Resume-Client" + suffix,
3228 resumeSession: true,
3229 config: Config{
3230 MaxVersion: sessionVers.version,
3231 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3232 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3233 expectedVersion: sessionVers.version,
3234 expectedResumeVersion: resumeVers.version,
3235 })
3236 } else {
3237 testCases = append(testCases, testCase{
3238 protocol: protocol,
3239 name: "Resume-Client-Mismatch" + suffix,
3240 resumeSession: true,
3241 config: Config{
3242 MaxVersion: sessionVers.version,
3243 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3244 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3245 expectedVersion: sessionVers.version,
3246 resumeConfig: &Config{
3247 MaxVersion: resumeVers.version,
3248 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3249 Bugs: ProtocolBugs{
3250 AllowSessionVersionMismatch: true,
3251 },
3252 },
3253 expectedResumeVersion: resumeVers.version,
3254 shouldFail: true,
3255 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3256 })
3257 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3258
3259 testCases = append(testCases, testCase{
3260 protocol: protocol,
3261 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3262 resumeSession: true,
3263 config: Config{
3264 MaxVersion: sessionVers.version,
3265 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3266 },
3267 expectedVersion: sessionVers.version,
3268 resumeConfig: &Config{
3269 MaxVersion: resumeVers.version,
3270 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3271 },
3272 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3273 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3274 expectedResumeVersion: resumeVers.version,
3275 })
3276
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3277 testCases = append(testCases, testCase{
3278 protocol: protocol,
3279 testType: serverTest,
3280 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3281 resumeSession: true,
3282 config: Config{
3283 MaxVersion: sessionVers.version,
3284 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3285 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3286 expectedVersion: sessionVers.version,
3287 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3288 resumeConfig: &Config{
3289 MaxVersion: resumeVers.version,
3290 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3291 },
3292 expectedResumeVersion: resumeVers.version,
3293 })
3294 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3295 }
3296 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3297
3298 testCases = append(testCases, testCase{
3299 name: "Resume-Client-CipherMismatch",
3300 resumeSession: true,
3301 config: Config{
3302 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3303 },
3304 resumeConfig: &Config{
3305 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3306 Bugs: ProtocolBugs{
3307 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3308 },
3309 },
3310 shouldFail: true,
3311 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3312 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3313}
3314
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3315func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3316 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3317 testCases = append(testCases, testCase{
3318 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3319 name: "Renegotiate-Server-Forbidden",
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3320 renegotiate: true,
3321 flags: []string{"-reject-peer-renegotiations"},
3322 shouldFail: true,
3323 expectedError: ":NO_RENEGOTIATION:",
3324 expectedLocalError: "remote error: no renegotiation",
3325 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3326 // The server shouldn't echo the renegotiation extension unless
3327 // requested by the client.
3328 testCases = append(testCases, testCase{
3329 testType: serverTest,
3330 name: "Renegotiate-Server-NoExt",
3331 config: Config{
3332 Bugs: ProtocolBugs{
3333 NoRenegotiationInfo: true,
3334 RequireRenegotiationInfo: true,
3335 },
3336 },
3337 shouldFail: true,
3338 expectedLocalError: "renegotiation extension missing",
3339 })
3340 // The renegotiation SCSV should be sufficient for the server to echo
3341 // the extension.
3342 testCases = append(testCases, testCase{
3343 testType: serverTest,
3344 name: "Renegotiate-Server-NoExt-SCSV",
3345 config: Config{
3346 Bugs: ProtocolBugs{
3347 NoRenegotiationInfo: true,
3348 SendRenegotiationSCSV: true,
3349 RequireRenegotiationInfo: true,
3350 },
3351 },
3352 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3353 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3354 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3355 config: Config{
3356 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3357 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3358 },
3359 },
3360 renegotiate: true,
3361 })
3362 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3363 name: "Renegotiate-Client-EmptyExt",
3364 renegotiate: true,
3365 config: Config{
3366 Bugs: ProtocolBugs{
3367 EmptyRenegotiationInfo: true,
3368 },
3369 },
3370 shouldFail: true,
3371 expectedError: ":RENEGOTIATION_MISMATCH:",
3372 })
3373 testCases = append(testCases, testCase{
3374 name: "Renegotiate-Client-BadExt",
3375 renegotiate: true,
3376 config: Config{
3377 Bugs: ProtocolBugs{
3378 BadRenegotiationInfo: true,
3379 },
3380 },
3381 shouldFail: true,
3382 expectedError: ":RENEGOTIATION_MISMATCH:",
3383 })
3384 testCases = append(testCases, testCase{
Adam Langleybe9eda42015-06-12 18:01:50 -0700[diff] [blame]3385 name: "Renegotiate-Client-NoExt",
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3386 config: Config{
3387 Bugs: ProtocolBugs{
3388 NoRenegotiationInfo: true,
3389 },
3390 },
3391 shouldFail: true,
3392 expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
3393 flags: []string{"-no-legacy-server-connect"},
3394 })
3395 testCases = append(testCases, testCase{
3396 name: "Renegotiate-Client-NoExt-Allowed",
3397 renegotiate: true,
3398 config: Config{
3399 Bugs: ProtocolBugs{
3400 NoRenegotiationInfo: true,
3401 },
3402 },
3403 })
3404 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3405 name: "Renegotiate-Client-SwitchCiphers",
3406 renegotiate: true,
3407 config: Config{
3408 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3409 },
3410 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3411 })
3412 testCases = append(testCases, testCase{
3413 name: "Renegotiate-Client-SwitchCiphers2",
3414 renegotiate: true,
3415 config: Config{
3416 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3417 },
3418 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3419 })
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3420 testCases = append(testCases, testCase{
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3421 name: "Renegotiate-Client-Forbidden",
3422 renegotiate: true,
3423 flags: []string{"-reject-peer-renegotiations"},
3424 shouldFail: true,
3425 expectedError: ":NO_RENEGOTIATION:",
3426 expectedLocalError: "remote error: no renegotiation",
3427 })
3428 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3429 name: "Renegotiate-SameClientVersion",
3430 renegotiate: true,
3431 config: Config{
3432 MaxVersion: VersionTLS10,
3433 Bugs: ProtocolBugs{
3434 RequireSameRenegoClientVersion: true,
3435 },
3436 },
3437 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3438 testCases = append(testCases, testCase{
3439 name: "Renegotiate-FalseStart",
3440 renegotiate: true,
3441 config: Config{
3442 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3443 NextProtos: []string{"foo"},
3444 },
3445 flags: []string{
3446 "-false-start",
3447 "-select-next-proto", "foo",
3448 },
3449 shimWritesFirst: true,
3450 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3451}
3452
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3453func addDTLSReplayTests() {
3454 // Test that sequence number replays are detected.
3455 testCases = append(testCases, testCase{
3456 protocol: dtls,
3457 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3458 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3459 replayWrites: true,
3460 })
3461
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3462 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3463 // than the retransmit window.
3464 testCases = append(testCases, testCase{
3465 protocol: dtls,
3466 name: "DTLS-Replay-LargeGaps",
3467 config: Config{
3468 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3469 SequenceNumberMapping: func(in uint64) uint64 {
3470 return in * 127
3471 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3472 },
3473 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3474 messageCount: 200,
3475 replayWrites: true,
3476 })
3477
3478 // Test the incoming sequence number changing non-monotonically.
3479 testCases = append(testCases, testCase{
3480 protocol: dtls,
3481 name: "DTLS-Replay-NonMonotonic",
3482 config: Config{
3483 Bugs: ProtocolBugs{
3484 SequenceNumberMapping: func(in uint64) uint64 {
3485 return in ^ 31
3486 },
3487 },
3488 },
3489 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3490 replayWrites: true,
3491 })
3492}
3493
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3494var testHashes = []struct {
3495 name string
3496 id uint8
3497}{
3498 {"SHA1", hashSHA1},
3499 {"SHA224", hashSHA224},
3500 {"SHA256", hashSHA256},
3501 {"SHA384", hashSHA384},
3502 {"SHA512", hashSHA512},
3503}
3504
3505func addSigningHashTests() {
3506 // Make sure each hash works. Include some fake hashes in the list and
3507 // ensure they're ignored.
3508 for _, hash := range testHashes {
3509 testCases = append(testCases, testCase{
3510 name: "SigningHash-ClientAuth-" + hash.name,
3511 config: Config{
3512 ClientAuth: RequireAnyClientCert,
3513 SignatureAndHashes: []signatureAndHash{
3514 {signatureRSA, 42},
3515 {signatureRSA, hash.id},
3516 {signatureRSA, 255},
3517 },
3518 },
3519 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3520 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3521 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3522 },
3523 })
3524
3525 testCases = append(testCases, testCase{
3526 testType: serverTest,
3527 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
3528 config: Config{
3529 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3530 SignatureAndHashes: []signatureAndHash{
3531 {signatureRSA, 42},
3532 {signatureRSA, hash.id},
3533 {signatureRSA, 255},
3534 },
3535 },
3536 })
3537 }
3538
3539 // Test that hash resolution takes the signature type into account.
3540 testCases = append(testCases, testCase{
3541 name: "SigningHash-ClientAuth-SignatureType",
3542 config: Config{
3543 ClientAuth: RequireAnyClientCert,
3544 SignatureAndHashes: []signatureAndHash{
3545 {signatureECDSA, hashSHA512},
3546 {signatureRSA, hashSHA384},
3547 {signatureECDSA, hashSHA1},
3548 },
3549 },
3550 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3551 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3552 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3553 },
3554 })
3555
3556 testCases = append(testCases, testCase{
3557 testType: serverTest,
3558 name: "SigningHash-ServerKeyExchange-SignatureType",
3559 config: Config{
3560 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3561 SignatureAndHashes: []signatureAndHash{
3562 {signatureECDSA, hashSHA512},
3563 {signatureRSA, hashSHA384},
3564 {signatureECDSA, hashSHA1},
3565 },
3566 },
3567 })
3568
3569 // Test that, if the list is missing, the peer falls back to SHA-1.
3570 testCases = append(testCases, testCase{
3571 name: "SigningHash-ClientAuth-Fallback",
3572 config: Config{
3573 ClientAuth: RequireAnyClientCert,
3574 SignatureAndHashes: []signatureAndHash{
3575 {signatureRSA, hashSHA1},
3576 },
3577 Bugs: ProtocolBugs{
3578 NoSignatureAndHashes: true,
3579 },
3580 },
3581 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3582 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3583 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3584 },
3585 })
3586
3587 testCases = append(testCases, testCase{
3588 testType: serverTest,
3589 name: "SigningHash-ServerKeyExchange-Fallback",
3590 config: Config{
3591 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3592 SignatureAndHashes: []signatureAndHash{
3593 {signatureRSA, hashSHA1},
3594 },
3595 Bugs: ProtocolBugs{
3596 NoSignatureAndHashes: true,
3597 },
3598 },
3599 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]3600
3601 // Test that hash preferences are enforced. BoringSSL defaults to
3602 // rejecting MD5 signatures.
3603 testCases = append(testCases, testCase{
3604 testType: serverTest,
3605 name: "SigningHash-ClientAuth-Enforced",
3606 config: Config{
3607 Certificates: []Certificate{rsaCertificate},
3608 SignatureAndHashes: []signatureAndHash{
3609 {signatureRSA, hashMD5},
3610 // Advertise SHA-1 so the handshake will
3611 // proceed, but the shim's preferences will be
3612 // ignored in CertificateVerify generation, so
3613 // MD5 will be chosen.
3614 {signatureRSA, hashSHA1},
3615 },
3616 Bugs: ProtocolBugs{
3617 IgnorePeerSignatureAlgorithmPreferences: true,
3618 },
3619 },
3620 flags: []string{"-require-any-client-certificate"},
3621 shouldFail: true,
3622 expectedError: ":WRONG_SIGNATURE_TYPE:",
3623 })
3624
3625 testCases = append(testCases, testCase{
3626 name: "SigningHash-ServerKeyExchange-Enforced",
3627 config: Config{
3628 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3629 SignatureAndHashes: []signatureAndHash{
3630 {signatureRSA, hashMD5},
3631 },
3632 Bugs: ProtocolBugs{
3633 IgnorePeerSignatureAlgorithmPreferences: true,
3634 },
3635 },
3636 shouldFail: true,
3637 expectedError: ":WRONG_SIGNATURE_TYPE:",
3638 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3639}
3640
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3641// timeouts is the retransmit schedule for BoringSSL. It doubles and
3642// caps at 60 seconds. On the 13th timeout, it gives up.
3643var timeouts = []time.Duration{
3644 1 * time.Second,
3645 2 * time.Second,
3646 4 * time.Second,
3647 8 * time.Second,
3648 16 * time.Second,
3649 32 * time.Second,
3650 60 * time.Second,
3651 60 * time.Second,
3652 60 * time.Second,
3653 60 * time.Second,
3654 60 * time.Second,
3655 60 * time.Second,
3656 60 * time.Second,
3657}
3658
3659func addDTLSRetransmitTests() {
3660 // Test that this is indeed the timeout schedule. Stress all
3661 // four patterns of handshake.
3662 for i := 1; i < len(timeouts); i++ {
3663 number := strconv.Itoa(i)
3664 testCases = append(testCases, testCase{
3665 protocol: dtls,
3666 name: "DTLS-Retransmit-Client-" + number,
3667 config: Config{
3668 Bugs: ProtocolBugs{
3669 TimeoutSchedule: timeouts[:i],
3670 },
3671 },
3672 resumeSession: true,
3673 flags: []string{"-async"},
3674 })
3675 testCases = append(testCases, testCase{
3676 protocol: dtls,
3677 testType: serverTest,
3678 name: "DTLS-Retransmit-Server-" + number,
3679 config: Config{
3680 Bugs: ProtocolBugs{
3681 TimeoutSchedule: timeouts[:i],
3682 },
3683 },
3684 resumeSession: true,
3685 flags: []string{"-async"},
3686 })
3687 }
3688
3689 // Test that exceeding the timeout schedule hits a read
3690 // timeout.
3691 testCases = append(testCases, testCase{
3692 protocol: dtls,
3693 name: "DTLS-Retransmit-Timeout",
3694 config: Config{
3695 Bugs: ProtocolBugs{
3696 TimeoutSchedule: timeouts,
3697 },
3698 },
3699 resumeSession: true,
3700 flags: []string{"-async"},
3701 shouldFail: true,
3702 expectedError: ":READ_TIMEOUT_EXPIRED:",
3703 })
3704
3705 // Test that timeout handling has a fudge factor, due to API
3706 // problems.
3707 testCases = append(testCases, testCase{
3708 protocol: dtls,
3709 name: "DTLS-Retransmit-Fudge",
3710 config: Config{
3711 Bugs: ProtocolBugs{
3712 TimeoutSchedule: []time.Duration{
3713 timeouts[0] - 10*time.Millisecond,
3714 },
3715 },
3716 },
3717 resumeSession: true,
3718 flags: []string{"-async"},
3719 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]3720
3721 // Test that the final Finished retransmitting isn't
3722 // duplicated if the peer badly fragments everything.
3723 testCases = append(testCases, testCase{
3724 testType: serverTest,
3725 protocol: dtls,
3726 name: "DTLS-Retransmit-Fragmented",
3727 config: Config{
3728 Bugs: ProtocolBugs{
3729 TimeoutSchedule: []time.Duration{timeouts[0]},
3730 MaxHandshakeRecordLength: 2,
3731 },
3732 },
3733 flags: []string{"-async"},
3734 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3735}
3736
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]3737func addExportKeyingMaterialTests() {
3738 for _, vers := range tlsVersions {
3739 if vers.version == VersionSSL30 {
3740 continue
3741 }
3742 testCases = append(testCases, testCase{
3743 name: "ExportKeyingMaterial-" + vers.name,
3744 config: Config{
3745 MaxVersion: vers.version,
3746 },
3747 exportKeyingMaterial: 1024,
3748 exportLabel: "label",
3749 exportContext: "context",
3750 useExportContext: true,
3751 })
3752 testCases = append(testCases, testCase{
3753 name: "ExportKeyingMaterial-NoContext-" + vers.name,
3754 config: Config{
3755 MaxVersion: vers.version,
3756 },
3757 exportKeyingMaterial: 1024,
3758 })
3759 testCases = append(testCases, testCase{
3760 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
3761 config: Config{
3762 MaxVersion: vers.version,
3763 },
3764 exportKeyingMaterial: 1024,
3765 useExportContext: true,
3766 })
3767 testCases = append(testCases, testCase{
3768 name: "ExportKeyingMaterial-Small-" + vers.name,
3769 config: Config{
3770 MaxVersion: vers.version,
3771 },
3772 exportKeyingMaterial: 1,
3773 exportLabel: "label",
3774 exportContext: "context",
3775 useExportContext: true,
3776 })
3777 }
3778 testCases = append(testCases, testCase{
3779 name: "ExportKeyingMaterial-SSL3",
3780 config: Config{
3781 MaxVersion: VersionSSL30,
3782 },
3783 exportKeyingMaterial: 1024,
3784 exportLabel: "label",
3785 exportContext: "context",
3786 useExportContext: true,
3787 shouldFail: true,
3788 expectedError: "failed to export keying material",
3789 })
3790}
3791
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]3792func addTLSUniqueTests() {
3793 for _, isClient := range []bool{false, true} {
3794 for _, isResumption := range []bool{false, true} {
3795 for _, hasEMS := range []bool{false, true} {
3796 var suffix string
3797 if isResumption {
3798 suffix = "Resume-"
3799 } else {
3800 suffix = "Full-"
3801 }
3802
3803 if hasEMS {
3804 suffix += "EMS-"
3805 } else {
3806 suffix += "NoEMS-"
3807 }
3808
3809 if isClient {
3810 suffix += "Client"
3811 } else {
3812 suffix += "Server"
3813 }
3814
3815 test := testCase{
3816 name: "TLSUnique-" + suffix,
3817 testTLSUnique: true,
3818 config: Config{
3819 Bugs: ProtocolBugs{
3820 NoExtendedMasterSecret: !hasEMS,
3821 },
3822 },
3823 }
3824
3825 if isResumption {
3826 test.resumeSession = true
3827 test.resumeConfig = &Config{
3828 Bugs: ProtocolBugs{
3829 NoExtendedMasterSecret: !hasEMS,
3830 },
3831 }
3832 }
3833
3834 if isResumption && !hasEMS {
3835 test.shouldFail = true
3836 test.expectedError = "failed to get tls-unique"
3837 }
3838
3839 testCases = append(testCases, test)
3840 }
3841 }
3842 }
3843}
3844
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3845func addCustomExtensionTests() {
3846 expectedContents := "custom extension"
3847 emptyString := ""
3848
3849 for _, isClient := range []bool{false, true} {
3850 suffix := "Server"
3851 flag := "-enable-server-custom-extension"
3852 testType := serverTest
3853 if isClient {
3854 suffix = "Client"
3855 flag = "-enable-client-custom-extension"
3856 testType = clientTest
3857 }
3858
3859 testCases = append(testCases, testCase{
3860 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3861 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3862 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3863 Bugs: ProtocolBugs{
3864 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3865 ExpectedCustomExtension: &expectedContents,
3866 },
3867 },
3868 flags: []string{flag},
3869 })
3870
3871 // If the parse callback fails, the handshake should also fail.
3872 testCases = append(testCases, testCase{
3873 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3874 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3875 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3876 Bugs: ProtocolBugs{
3877 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3878 ExpectedCustomExtension: &expectedContents,
3879 },
3880 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3881 flags: []string{flag},
3882 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3883 expectedError: ":CUSTOM_EXTENSION_ERROR:",
3884 })
3885
3886 // If the add callback fails, the handshake should also fail.
3887 testCases = append(testCases, testCase{
3888 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3889 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3890 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3891 Bugs: ProtocolBugs{
3892 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3893 ExpectedCustomExtension: &expectedContents,
3894 },
3895 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3896 flags: []string{flag, "-custom-extension-fail-add"},
3897 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3898 expectedError: ":CUSTOM_EXTENSION_ERROR:",
3899 })
3900
3901 // If the add callback returns zero, no extension should be
3902 // added.
3903 skipCustomExtension := expectedContents
3904 if isClient {
3905 // For the case where the client skips sending the
3906 // custom extension, the server must not “echo” it.
3907 skipCustomExtension = ""
3908 }
3909 testCases = append(testCases, testCase{
3910 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3911 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3912 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3913 Bugs: ProtocolBugs{
3914 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3915 ExpectedCustomExtension: &emptyString,
3916 },
3917 },
3918 flags: []string{flag, "-custom-extension-skip"},
3919 })
3920 }
3921
3922 // The custom extension add callback should not be called if the client
3923 // doesn't send the extension.
3924 testCases = append(testCases, testCase{
3925 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3926 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3927 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3928 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3929 ExpectedCustomExtension: &emptyString,
3930 },
3931 },
3932 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
3933 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]3934
3935 // Test an unknown extension from the server.
3936 testCases = append(testCases, testCase{
3937 testType: clientTest,
3938 name: "UnknownExtension-Client",
3939 config: Config{
3940 Bugs: ProtocolBugs{
3941 CustomExtension: expectedContents,
3942 },
3943 },
3944 shouldFail: true,
3945 expectedError: ":UNEXPECTED_EXTENSION:",
3946 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3947}
3948
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3949func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3950 defer wg.Done()
3951
3952 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]3953 var err error
3954
3955 if *mallocTest < 0 {
3956 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3957 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]3958 } else {
3959 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
3960 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3961 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]3962 if err != nil {
3963 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
3964 }
3965 break
3966 }
3967 }
3968 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3969 statusChan <- statusMsg{test: test, err: err}
3970 }
3971}
3972
3973type statusMsg struct {
3974 test *testCase
3975 started bool
3976 err error
3977}
3978
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3979func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3980 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3981
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3982 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3983 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3984 if !*pipe {
3985 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]3986 var erase string
3987 for i := 0; i < lineLen; i++ {
3988 erase += "\b \b"
3989 }
3990 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3991 }
3992
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3993 if msg.started {
3994 started++
3995 } else {
3996 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3997
3998 if msg.err != nil {
3999 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4000 failed++
4001 testOutput.addResult(msg.test.name, "FAIL")
4002 } else {
4003 if *pipe {
4004 // Print each test instead of a status line.
4005 fmt.Printf("PASSED (%s)\n", msg.test.name)
4006 }
4007 testOutput.addResult(msg.test.name, "PASS")
4008 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4009 }
4010
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4011 if !*pipe {
4012 // Print a new status line.
4013 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4014 lineLen = len(line)
4015 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4016 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4017 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4018
4019 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4020}
4021
4022func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4023 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4024 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4025
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4026 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4027 addCipherSuiteTests()
4028 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4029 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4030 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4031 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4032 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4033 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4034 addMinimumVersionTests()
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]4035 addD5BugTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4036 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4037 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4038 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4039 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4040 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4041 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4042 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4043 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4044 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4045 addCustomExtensionTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4046 for _, async := range []bool{false, true} {
4047 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4048 for _, protocol := range []protocol{tls, dtls} {
4049 addStateMachineCoverageTests(async, splitHandshake, protocol)
4050 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4051 }
4052 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4053
4054 var wg sync.WaitGroup
4055
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4056 statusChan := make(chan statusMsg, *numWorkers)
4057 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4058 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4059
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4060 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4061
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4062 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4063 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4064 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4065 }
4066
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4067 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4068 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4069 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4070 }
4071 }
4072
4073 close(testChan)
4074 wg.Wait()
4075 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4076 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4077
4078 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4079
4080 if *jsonOutput != "" {
4081 if err := testOutput.writeTo(*jsonOutput); err != nil {
4082 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4083 }
4084 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4085
4086 if !testOutput.allPassed {
4087 os.Exit(1)
4088 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4089}