Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 35ac5b7500f4beb3061e6da48adb112e3067501b / . / ssl / test / runner / runner.go
blob: d90485c8f91db896a5adae45a2b19f5fcfeef6ed [file] [log] [blame]
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]1// Copyright (c) 2016, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
David Benjamin0d1b0962016-08-01 09:50:57 -0400[diff] [blame]13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]14
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]15package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]16
17import (
18 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]19 "crypto/ecdsa"
20 "crypto/elliptic"
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]21 "crypto/rand"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]22 "crypto/x509"
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]23 "crypto/x509/pkix"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]24 "encoding/base64"
Adam Langley2ff79332017-02-28 13:45:39 -0800[diff] [blame]25 "encoding/hex"
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]26 "encoding/json"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]27 "encoding/pem"
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]28 "errors"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]29 "flag"
30 "fmt"
31 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]32 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]33 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]34 "net"
35 "os"
36 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]37 "path"
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]38 "path/filepath"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]39 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]40 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]41 "strings"
42 "sync"
43 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]44 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]45)
46
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]47var (
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]48 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
49 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
50 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
51 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
52 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
53 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
54 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
55 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]56 testToRun = flag.String("test", "", "The pattern to filter tests to run, or empty to run all tests")
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]57 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
58 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
59 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
60 fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
61 transcriptDir = flag.String("transcript-dir", "", "The directory in which to write transcripts.")
62 idleTimeout = flag.Duration("idle-timeout", 15*time.Second, "The number of seconds to wait for a read or write to bssl_shim.")
63 deterministic = flag.Bool("deterministic", false, "If true, uses a deterministic PRNG in the runner.")
64 allowUnimplemented = flag.Bool("allow-unimplemented", false, "If true, report pass even if some tests are unimplemented.")
EKR173bf932016-07-29 15:52:49 +0200[diff] [blame]65 looseErrors = flag.Bool("loose-errors", false, "If true, allow shims to report an untranslated error code.")
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]66 shimConfigFile = flag.String("shim-config", "", "A config file to use to configure the tests for this shim.")
67 includeDisabled = flag.Bool("include-disabled", false, "If true, also runs disabled tests.")
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]68 repeatUntilFailure = flag.Bool("repeat-until-failure", false, "If true, the first selected test will be run repeatedly until failure.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]69)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]70
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]71// ShimConfigurations is used with the “json” package and represents a shim
72// config file.
73type ShimConfiguration struct {
74 // DisabledTests maps from a glob-based pattern to a freeform string.
75 // The glob pattern is used to exclude tests from being run and the
76 // freeform string is unparsed but expected to explain why the test is
77 // disabled.
78 DisabledTests map[string]string
79
80 // ErrorMap maps from expected error strings to the correct error
81 // string for the shim in question. For example, it might map
82 // “:NO_SHARED_CIPHER:” (a BoringSSL error string) to something
83 // like “SSL_ERROR_NO_CYPHER_OVERLAP”.
84 ErrorMap map[string]string
85}
86
87var shimConfig ShimConfiguration
88
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]89type testCert int
90
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]91const (
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]92 testCertRSA testCert = iota
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]93 testCertRSA1024
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]94 testCertRSAChain
Adam Langley898be922017-02-27 12:37:59 -0800[diff] [blame]95 testCertECDSAP224
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]96 testCertECDSAP256
97 testCertECDSAP384
98 testCertECDSAP521
99)
100
101const (
102 rsaCertificateFile = "cert.pem"
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]103 rsa1024CertificateFile = "rsa_1024_cert.pem"
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]104 rsaChainCertificateFile = "rsa_chain_cert.pem"
Adam Langley898be922017-02-27 12:37:59 -0800[diff] [blame]105 ecdsaP224CertificateFile = "ecdsa_p224_cert.pem"
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]106 ecdsaP256CertificateFile = "ecdsa_p256_cert.pem"
107 ecdsaP384CertificateFile = "ecdsa_p384_cert.pem"
108 ecdsaP521CertificateFile = "ecdsa_p521_cert.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]109)
110
111const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]112 rsaKeyFile = "key.pem"
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]113 rsa1024KeyFile = "rsa_1024_key.pem"
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]114 rsaChainKeyFile = "rsa_chain_key.pem"
Adam Langley898be922017-02-27 12:37:59 -0800[diff] [blame]115 ecdsaP224KeyFile = "ecdsa_p224_key.pem"
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]116 ecdsaP256KeyFile = "ecdsa_p256_key.pem"
117 ecdsaP384KeyFile = "ecdsa_p384_key.pem"
118 ecdsaP521KeyFile = "ecdsa_p521_key.pem"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]119 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]120)
121
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]122var (
123 rsaCertificate Certificate
124 rsa1024Certificate Certificate
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]125 rsaChainCertificate Certificate
Adam Langley898be922017-02-27 12:37:59 -0800[diff] [blame]126 ecdsaP224Certificate Certificate
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]127 ecdsaP256Certificate Certificate
128 ecdsaP384Certificate Certificate
129 ecdsaP521Certificate Certificate
130)
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]131
132var testCerts = []struct {
133 id testCert
134 certFile, keyFile string
135 cert *Certificate
136}{
137 {
138 id: testCertRSA,
139 certFile: rsaCertificateFile,
140 keyFile: rsaKeyFile,
141 cert: &rsaCertificate,
142 },
143 {
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]144 id: testCertRSA1024,
145 certFile: rsa1024CertificateFile,
146 keyFile: rsa1024KeyFile,
147 cert: &rsa1024Certificate,
148 },
149 {
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]150 id: testCertRSAChain,
151 certFile: rsaChainCertificateFile,
152 keyFile: rsaChainKeyFile,
153 cert: &rsaChainCertificate,
154 },
155 {
Adam Langley898be922017-02-27 12:37:59 -0800[diff] [blame]156 id: testCertECDSAP224,
157 certFile: ecdsaP224CertificateFile,
158 keyFile: ecdsaP224KeyFile,
159 cert: &ecdsaP224Certificate,
160 },
161 {
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]162 id: testCertECDSAP256,
163 certFile: ecdsaP256CertificateFile,
164 keyFile: ecdsaP256KeyFile,
165 cert: &ecdsaP256Certificate,
166 },
167 {
168 id: testCertECDSAP384,
169 certFile: ecdsaP384CertificateFile,
170 keyFile: ecdsaP384KeyFile,
171 cert: &ecdsaP384Certificate,
172 },
173 {
174 id: testCertECDSAP521,
175 certFile: ecdsaP521CertificateFile,
176 keyFile: ecdsaP521KeyFile,
177 cert: &ecdsaP521Certificate,
178 },
179}
180
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]181var channelIDKey *ecdsa.PrivateKey
182var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]183
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]184var testOCSPResponse = []byte{1, 2, 3, 4}
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]185var testSCTList = []byte{0, 6, 0, 4, 5, 6, 7, 8}
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]186
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]187var testOCSPExtension = append([]byte{byte(extensionStatusRequest) >> 8, byte(extensionStatusRequest), 0, 8, statusTypeOCSP, 0, 0, 4}, testOCSPResponse...)
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]188var testSCTExtension = append([]byte{byte(extensionSignedCertificateTimestamp) >> 8, byte(extensionSignedCertificateTimestamp), 0, byte(len(testSCTList))}, testSCTList...)
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]189
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]190func initCertificates() {
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]191 for i := range testCerts {
192 cert, err := LoadX509KeyPair(path.Join(*resourceDir, testCerts[i].certFile), path.Join(*resourceDir, testCerts[i].keyFile))
193 if err != nil {
194 panic(err)
195 }
196 cert.OCSPStaple = testOCSPResponse
197 cert.SignedCertificateTimestampList = testSCTList
198 *testCerts[i].cert = cert
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]199 }
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]200
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]201 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]202 if err != nil {
203 panic(err)
204 }
205 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
206 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
207 panic("bad key type")
208 }
209 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
210 if err != nil {
211 panic(err)
212 }
213 if channelIDKey.Curve != elliptic.P256() {
214 panic("bad curve")
215 }
216
217 channelIDBytes = make([]byte, 64)
218 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
219 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]220}
221
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]222func getRunnerCertificate(t testCert) Certificate {
223 for _, cert := range testCerts {
224 if cert.id == t {
225 return *cert.cert
226 }
227 }
228 panic("Unknown test certificate")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]229}
230
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]231func getShimCertificate(t testCert) string {
232 for _, cert := range testCerts {
233 if cert.id == t {
234 return cert.certFile
235 }
236 }
237 panic("Unknown test certificate")
238}
239
240func getShimKey(t testCert) string {
241 for _, cert := range testCerts {
242 if cert.id == t {
243 return cert.keyFile
244 }
245 }
246 panic("Unknown test certificate")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]247}
248
Adam Langley2ff79332017-02-28 13:45:39 -0800[diff] [blame]249// encodeDERValues encodes a series of bytestrings in comma-separated-hex form.
250func encodeDERValues(values [][]byte) string {
251 var ret string
252 for i, v := range values {
253 if i > 0 {
254 ret += ","
255 }
256 ret += hex.EncodeToString(v)
257 }
258
259 return ret
260}
261
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]262type testType int
263
264const (
265 clientTest testType = iota
266 serverTest
267)
268
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]269type protocol int
270
271const (
272 tls protocol = iota
273 dtls
274)
275
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]276const (
277 alpn = 1
278 npn = 2
279)
280
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]281type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]282 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]283 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]284 name string
285 config Config
286 shouldFail bool
287 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]288 // expectedLocalError, if not empty, contains a substring that must be
289 // found in the local error.
290 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]291 // expectedVersion, if non-zero, specifies the TLS version that must be
292 // negotiated.
293 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]294 // expectedResumeVersion, if non-zero, specifies the TLS version that
295 // must be negotiated on resumption. If zero, expectedVersion is used.
296 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]297 // expectedCipher, if non-zero, specifies the TLS cipher suite that
298 // should be negotiated.
299 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]300 // expectChannelID controls whether the connection should have
301 // negotiated a Channel ID with channelIDKey.
302 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]303 // expectedNextProto controls whether the connection should
304 // negotiate a next protocol via NPN or ALPN.
305 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]306 // expectNoNextProto, if true, means that no next protocol should be
307 // negotiated.
308 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]309 // expectedNextProtoType, if non-zero, is the expected next
310 // protocol negotiation mechanism.
311 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]312 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
313 // should be negotiated. If zero, none should be negotiated.
314 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]315 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
316 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]317 // expectedSCTList, if not nil, is the expected SCT list to be received.
318 expectedSCTList []uint8
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]319 // expectedPeerSignatureAlgorithm, if not zero, is the signature
320 // algorithm that the peer should have used in the handshake.
321 expectedPeerSignatureAlgorithm signatureAlgorithm
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]322 // expectedCurveID, if not zero, is the curve that the handshake should
323 // have used.
324 expectedCurveID CurveID
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]325 // messageLen is the length, in bytes, of the test message that will be
326 // sent.
327 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]328 // messageCount is the number of test messages that will be sent.
329 messageCount int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]330 // certFile is the path to the certificate to use for the server.
331 certFile string
332 // keyFile is the path to the private key to use for the server.
333 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]334 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]335 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]336 resumeSession bool
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]337 // resumeRenewedSession controls whether a third connection should be
338 // tested which attempts to resume the second connection's session.
339 resumeRenewedSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]340 // expectResumeRejected, if true, specifies that the attempted
341 // resumption must be rejected by the client. This is only valid for a
342 // serverTest.
343 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]344 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]345 // resumption. Unless newSessionsOnResume is set,
346 // SessionTicketKey, ServerSessionCache, and
347 // ClientSessionCache are copied from the initial connection's
348 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]349 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]350 // newSessionsOnResume, if true, will cause resumeConfig to
351 // use a different session resumption context.
352 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]353 // noSessionCache, if true, will cause the server to run without a
354 // session cache.
355 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]356 // sendPrefix sends a prefix on the socket before actually performing a
357 // handshake.
358 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]359 // shimWritesFirst controls whether the shim sends an initial "hello"
360 // message before doing a roundtrip with the runner.
361 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]362 // shimShutsDown, if true, runs a test where the shim shuts down the
363 // connection immediately after the handshake rather than echoing
364 // messages from the runner.
365 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]366 // renegotiate indicates the number of times the connection should be
367 // renegotiated during the exchange.
368 renegotiate int
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]369 // sendHalfHelloRequest, if true, causes the server to send half a
370 // HelloRequest when the handshake completes.
371 sendHalfHelloRequest bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]372 // renegotiateCiphers is a list of ciphersuite ids that will be
373 // switched in just before renegotiation.
374 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]375 // replayWrites, if true, configures the underlying transport
376 // to replay every write it makes in DTLS tests.
377 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]378 // damageFirstWrite, if true, configures the underlying transport to
379 // damage the final byte of the first application data write.
380 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]381 // exportKeyingMaterial, if non-zero, configures the test to exchange
382 // keying material and verify they match.
383 exportKeyingMaterial int
384 exportLabel string
385 exportContext string
386 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]387 // flags, if not empty, contains a list of command-line flags that will
388 // be passed to the shim program.
389 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]390 // testTLSUnique, if true, causes the shim to send the tls-unique value
391 // which will be compared against the expected value.
392 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]393 // sendEmptyRecords is the number of consecutive empty records to send
394 // before and after the test message.
395 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]396 // sendWarningAlerts is the number of consecutive warning alerts to send
397 // before and after the test message.
398 sendWarningAlerts int
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]399 // sendKeyUpdates is the number of consecutive key updates to send
400 // before and after the test message.
401 sendKeyUpdates int
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]402 // keyUpdateRequest is the KeyUpdateRequest value to send in KeyUpdate messages.
403 keyUpdateRequest byte
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]404 // expectMessageDropped, if true, means the test message is expected to
405 // be dropped by the client rather than echoed back.
406 expectMessageDropped bool
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]407 // expectPeerCertificate, if not nil, is the certificate chain the peer
408 // is expected to send.
409 expectPeerCertificate *Certificate
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]410}
411
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]412var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]413
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]414func writeTranscript(test *testCase, num int, data []byte) {
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]415 if len(data) == 0 {
416 return
417 }
418
419 protocol := "tls"
420 if test.protocol == dtls {
421 protocol = "dtls"
422 }
423
424 side := "client"
425 if test.testType == serverTest {
426 side = "server"
427 }
428
429 dir := path.Join(*transcriptDir, protocol, side)
430 if err := os.MkdirAll(dir, 0755); err != nil {
431 fmt.Fprintf(os.Stderr, "Error making %s: %s\n", dir, err)
432 return
433 }
434
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]435 name := fmt.Sprintf("%s-%d", test.name, num)
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]436 if err := ioutil.WriteFile(path.Join(dir, name), data, 0644); err != nil {
437 fmt.Fprintf(os.Stderr, "Error writing %s: %s\n", name, err)
438 }
439}
440
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]441// A timeoutConn implements an idle timeout on each Read and Write operation.
442type timeoutConn struct {
443 net.Conn
444 timeout time.Duration
445}
446
447func (t *timeoutConn) Read(b []byte) (int, error) {
448 if err := t.SetReadDeadline(time.Now().Add(t.timeout)); err != nil {
449 return 0, err
450 }
451 return t.Conn.Read(b)
452}
453
454func (t *timeoutConn) Write(b []byte) (int, error) {
455 if err := t.SetWriteDeadline(time.Now().Add(t.timeout)); err != nil {
456 return 0, err
457 }
458 return t.Conn.Write(b)
459}
460
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]461func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, num int) error {
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]462 if !test.noSessionCache {
463 if config.ClientSessionCache == nil {
464 config.ClientSessionCache = NewLRUClientSessionCache(1)
465 }
466 if config.ServerSessionCache == nil {
467 config.ServerSessionCache = NewLRUServerSessionCache(1)
468 }
469 }
470 if test.testType == clientTest {
471 if len(config.Certificates) == 0 {
472 config.Certificates = []Certificate{rsaCertificate}
473 }
474 } else {
475 // Supply a ServerName to ensure a constant session cache key,
476 // rather than falling back to net.Conn.RemoteAddr.
477 if len(config.ServerName) == 0 {
478 config.ServerName = "test"
479 }
480 }
481 if *fuzzer {
482 config.Bugs.NullAllCiphers = true
483 }
David Benjamin01a90572016-09-22 00:11:43 -0400[diff] [blame]484 if *deterministic {
485 config.Time = func() time.Time { return time.Unix(1234, 1234) }
486 }
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]487
David Benjamin01784b42016-06-07 18:00:52 -0400[diff] [blame]488 conn = &timeoutConn{conn, *idleTimeout}
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]489
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]490 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]491 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
492 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]493 }
494
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]495 if *flagDebug || len(*transcriptDir) != 0 {
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]496 local, peer := "client", "server"
497 if test.testType == clientTest {
498 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]499 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]500 connDebug := &recordingConn{
501 Conn: conn,
502 isDatagram: test.protocol == dtls,
503 local: local,
504 peer: peer,
505 }
506 conn = connDebug
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]507 if *flagDebug {
508 defer connDebug.WriteTo(os.Stdout)
509 }
510 if len(*transcriptDir) != 0 {
511 defer func() {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]512 writeTranscript(test, num, connDebug.Transcript())
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]513 }()
514 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]515
516 if config.Bugs.PacketAdaptor != nil {
517 config.Bugs.PacketAdaptor.debug = connDebug
518 }
519 }
520
521 if test.replayWrites {
522 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]523 }
524
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]525 var connDamage *damageAdaptor
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]526 if test.damageFirstWrite {
527 connDamage = newDamageAdaptor(conn)
528 conn = connDamage
529 }
530
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]531 if test.sendPrefix != "" {
532 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
533 return err
534 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]535 }
536
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]537 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]538 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]539 if test.protocol == dtls {
540 tlsConn = DTLSServer(conn, config)
541 } else {
542 tlsConn = Server(conn, config)
543 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]544 } else {
545 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]546 if test.protocol == dtls {
547 tlsConn = DTLSClient(conn, config)
548 } else {
549 tlsConn = Client(conn, config)
550 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]551 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]552 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]553
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]554 if err := tlsConn.Handshake(); err != nil {
555 return err
556 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]557
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]558 // TODO(davidben): move all per-connection expectations into a dedicated
559 // expectations struct that can be specified separately for the two
560 // legs.
561 expectedVersion := test.expectedVersion
562 if isResume && test.expectedResumeVersion != 0 {
563 expectedVersion = test.expectedResumeVersion
564 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]565 connState := tlsConn.ConnectionState()
566 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]567 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]568 }
569
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]570 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]571 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
572 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]573 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
574 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
575 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]576
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]577 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]578 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]579 if channelID == nil {
580 return fmt.Errorf("no channel ID negotiated")
581 }
582 if channelID.Curve != channelIDKey.Curve ||
583 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
584 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
585 return fmt.Errorf("incorrect channel ID")
586 }
587 }
588
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]589 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]590 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]591 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
592 }
593 }
594
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]595 if test.expectNoNextProto {
596 if actual := connState.NegotiatedProtocol; actual != "" {
597 return fmt.Errorf("got unexpected next proto %s", actual)
598 }
599 }
600
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]601 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]602 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]603 return fmt.Errorf("next proto type mismatch")
604 }
605 }
606
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]607 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]608 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
609 }
610
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]611 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]612 return fmt.Errorf("OCSP Response mismatch: got %x, wanted %x", tlsConn.OCSPResponse(), test.expectedOCSPResponse)
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]613 }
614
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]615 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
616 return fmt.Errorf("SCT list mismatch")
617 }
618
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]619 if expected := test.expectedPeerSignatureAlgorithm; expected != 0 && expected != connState.PeerSignatureAlgorithm {
620 return fmt.Errorf("expected peer to use signature algorithm %04x, but got %04x", expected, connState.PeerSignatureAlgorithm)
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]621 }
622
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]623 if expected := test.expectedCurveID; expected != 0 && expected != connState.CurveID {
624 return fmt.Errorf("expected peer to use curve %04x, but got %04x", expected, connState.CurveID)
625 }
626
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]627 if test.expectPeerCertificate != nil {
628 if len(connState.PeerCertificates) != len(test.expectPeerCertificate.Certificate) {
629 return fmt.Errorf("expected peer to send %d certificates, but got %d", len(connState.PeerCertificates), len(test.expectPeerCertificate.Certificate))
630 }
631 for i, cert := range connState.PeerCertificates {
632 if !bytes.Equal(cert.Raw, test.expectPeerCertificate.Certificate[i]) {
633 return fmt.Errorf("peer certificate %d did not match", i+1)
634 }
635 }
636 }
637
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]638 if test.exportKeyingMaterial > 0 {
639 actual := make([]byte, test.exportKeyingMaterial)
640 if _, err := io.ReadFull(tlsConn, actual); err != nil {
641 return err
642 }
643 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
644 if err != nil {
645 return err
646 }
647 if !bytes.Equal(actual, expected) {
648 return fmt.Errorf("keying material mismatch")
649 }
650 }
651
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]652 if test.testTLSUnique {
653 var peersValue [12]byte
654 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
655 return err
656 }
657 expected := tlsConn.ConnectionState().TLSUnique
658 if !bytes.Equal(peersValue[:], expected) {
659 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
660 }
661 }
662
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]663 if test.shimWritesFirst {
664 var buf [5]byte
665 _, err := io.ReadFull(tlsConn, buf[:])
666 if err != nil {
667 return err
668 }
669 if string(buf[:]) != "hello" {
670 return fmt.Errorf("bad initial message")
671 }
672 }
673
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]674 for i := 0; i < test.sendKeyUpdates; i++ {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]675 if err := tlsConn.SendKeyUpdate(test.keyUpdateRequest); err != nil {
David Benjamin7f0965a2016-09-30 15:14:01 -0400[diff] [blame]676 return err
677 }
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]678 }
679
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]680 for i := 0; i < test.sendEmptyRecords; i++ {
681 tlsConn.Write(nil)
682 }
683
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]684 for i := 0; i < test.sendWarningAlerts; i++ {
685 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
686 }
687
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]688 if test.sendHalfHelloRequest {
689 tlsConn.SendHalfHelloRequest()
690 }
691
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]692 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]693 if test.renegotiateCiphers != nil {
694 config.CipherSuites = test.renegotiateCiphers
695 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]696 for i := 0; i < test.renegotiate; i++ {
697 if err := tlsConn.Renegotiate(); err != nil {
698 return err
699 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]700 }
701 } else if test.renegotiateCiphers != nil {
702 panic("renegotiateCiphers without renegotiate")
703 }
704
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]705 if test.damageFirstWrite {
706 connDamage.setDamage(true)
707 tlsConn.Write([]byte("DAMAGED WRITE"))
708 connDamage.setDamage(false)
709 }
710
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]711 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]712 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]713 if test.protocol == dtls {
714 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
715 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]716 // Read until EOF.
717 _, err := io.Copy(ioutil.Discard, tlsConn)
718 return err
719 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]720 if messageLen == 0 {
721 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]722 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]723
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]724 messageCount := test.messageCount
725 if messageCount == 0 {
726 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]727 }
728
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]729 for j := 0; j < messageCount; j++ {
730 testMessage := make([]byte, messageLen)
731 for i := range testMessage {
732 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]733 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]734 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]735
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]736 for i := 0; i < test.sendKeyUpdates; i++ {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]737 tlsConn.SendKeyUpdate(test.keyUpdateRequest)
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]738 }
739
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]740 for i := 0; i < test.sendEmptyRecords; i++ {
741 tlsConn.Write(nil)
742 }
743
744 for i := 0; i < test.sendWarningAlerts; i++ {
745 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
746 }
747
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]748 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]749 // The shim will not respond.
750 continue
751 }
752
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]753 buf := make([]byte, len(testMessage))
754 if test.protocol == dtls {
755 bufTmp := make([]byte, len(buf)+1)
756 n, err := tlsConn.Read(bufTmp)
757 if err != nil {
758 return err
759 }
760 if n != len(buf) {
761 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
762 }
763 copy(buf, bufTmp)
764 } else {
765 _, err := io.ReadFull(tlsConn, buf)
766 if err != nil {
767 return err
768 }
769 }
770
771 for i, v := range buf {
772 if v != testMessage[i]^0xff {
773 return fmt.Errorf("bad reply contents at byte %d", i)
774 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]775 }
776 }
777
778 return nil
779}
780
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]781func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]782 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full", "--quiet"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]783 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]784 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]785 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]786 valgrindArgs = append(valgrindArgs, path)
787 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]788
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]789 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]790}
791
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]792func gdbOf(path string, args ...string) *exec.Cmd {
793 xtermArgs := []string{"-e", "gdb", "--args"}
794 xtermArgs = append(xtermArgs, path)
795 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]796
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]797 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]798}
799
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]800func lldbOf(path string, args ...string) *exec.Cmd {
801 xtermArgs := []string{"-e", "lldb", "--"}
802 xtermArgs = append(xtermArgs, path)
803 xtermArgs = append(xtermArgs, args...)
804
805 return exec.Command("xterm", xtermArgs...)
806}
807
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]808var (
809 errMoreMallocs = errors.New("child process did not exhaust all allocation calls")
810 errUnimplemented = errors.New("child process does not implement needed flags")
811)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]812
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]813// accept accepts a connection from listener, unless waitChan signals a process
814// exit first.
815func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
816 type connOrError struct {
817 conn net.Conn
818 err error
819 }
820 connChan := make(chan connOrError, 1)
821 go func() {
822 conn, err := listener.Accept()
823 connChan <- connOrError{conn, err}
824 close(connChan)
825 }()
826 select {
827 case result := <-connChan:
828 return result.conn, result.err
829 case childErr := <-waitChan:
830 waitChan <- childErr
831 return nil, fmt.Errorf("child exited early: %s", childErr)
832 }
833}
834
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]835func translateExpectedError(errorStr string) string {
836 if translated, ok := shimConfig.ErrorMap[errorStr]; ok {
837 return translated
838 }
839
840 if *looseErrors {
841 return ""
842 }
843
844 return errorStr
845}
846
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]847func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]848 // Help debugging panics on the Go side.
849 defer func() {
850 if r := recover(); r != nil {
851 fmt.Fprintf(os.Stderr, "Test '%s' panicked.\n", test.name)
852 panic(r)
853 }
854 }()
855
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]856 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
857 panic("Error expected without shouldFail in " + test.name)
858 }
859
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]860 if test.expectResumeRejected && !test.resumeSession {
861 panic("expectResumeRejected without resumeSession in " + test.name)
862 }
863
Adam Langley33b1d4f2016-12-07 15:03:45 -0800[diff] [blame]864 for _, ver := range tlsVersions {
865 if !strings.Contains("-"+test.name+"-", "-"+ver.name+"-") {
866 continue
867 }
868
869 if test.config.MaxVersion != 0 || test.config.MinVersion != 0 || test.expectedVersion != 0 {
870 continue
871 }
872
873 panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
874 }
875
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]876 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
877 if err != nil {
878 panic(err)
879 }
880 defer func() {
881 if listener != nil {
882 listener.Close()
883 }
884 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]885
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]886 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]887 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]888 flags = append(flags, "-server")
889
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]890 flags = append(flags, "-key-file")
891 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]892 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]893 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]894 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]895 }
896
897 flags = append(flags, "-cert-file")
898 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]899 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]900 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]901 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]902 }
903 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]904
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]905 if test.protocol == dtls {
906 flags = append(flags, "-dtls")
907 }
908
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]909 var resumeCount int
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]910 if test.resumeSession {
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]911 resumeCount++
912 if test.resumeRenewedSession {
913 resumeCount++
914 }
915 }
916
917 if resumeCount > 0 {
918 flags = append(flags, "-resume-count", strconv.Itoa(resumeCount))
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]919 }
920
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]921 if test.shimWritesFirst {
922 flags = append(flags, "-shim-writes-first")
923 }
924
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]925 if test.shimShutsDown {
926 flags = append(flags, "-shim-shuts-down")
927 }
928
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]929 if test.exportKeyingMaterial > 0 {
930 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
931 flags = append(flags, "-export-label", test.exportLabel)
932 flags = append(flags, "-export-context", test.exportContext)
933 if test.useExportContext {
934 flags = append(flags, "-use-export-context")
935 }
936 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]937 if test.expectResumeRejected {
938 flags = append(flags, "-expect-session-miss")
939 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]940
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]941 if test.testTLSUnique {
942 flags = append(flags, "-tls-unique")
943 }
944
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]945 flags = append(flags, test.flags...)
946
947 var shim *exec.Cmd
948 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]949 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]950 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]951 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]952 } else if *useLLDB {
953 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]954 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]955 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]956 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]957 shim.Stdin = os.Stdin
958 var stdoutBuf, stderrBuf bytes.Buffer
959 shim.Stdout = &stdoutBuf
960 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]961 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]962 shim.Env = os.Environ()
963 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]964 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]965 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]966 }
967 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
968 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]969
970 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]971 panic(err)
972 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]973 waitChan := make(chan error, 1)
974 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]975
976 config := test.config
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]977
David Benjamin7a4aaa42016-09-20 17:58:14 -0400[diff] [blame]978 if *deterministic {
979 config.Rand = &deterministicRand{}
980 }
981
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]982 conn, err := acceptOrWait(listener, waitChan)
983 if err == nil {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]984 err = doExchange(test, &config, conn, false /* not a resumption */, 0)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]985 conn.Close()
986 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]987
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]988 for i := 0; err == nil && i < resumeCount; i++ {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]989 var resumeConfig Config
990 if test.resumeConfig != nil {
991 resumeConfig = *test.resumeConfig
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]992 if !test.newSessionsOnResume {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]993 resumeConfig.SessionTicketKey = config.SessionTicketKey
994 resumeConfig.ClientSessionCache = config.ClientSessionCache
995 resumeConfig.ServerSessionCache = config.ServerSessionCache
996 }
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]997 resumeConfig.Rand = config.Rand
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]998 } else {
999 resumeConfig = config
1000 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1001 var connResume net.Conn
1002 connResume, err = acceptOrWait(listener, waitChan)
1003 if err == nil {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]1004 err = doExchange(test, &resumeConfig, connResume, true /* resumption */, i+1)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1005 connResume.Close()
1006 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1007 }
1008
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1009 // Close the listener now. This is to avoid hangs should the shim try to
1010 // open more connections than expected.
1011 listener.Close()
1012 listener = nil
1013
1014 childErr := <-waitChan
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1015 var isValgrindError bool
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1016 if exitError, ok := childErr.(*exec.ExitError); ok {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]1017 switch exitError.Sys().(syscall.WaitStatus).ExitStatus() {
1018 case 88:
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1019 return errMoreMallocs
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]1020 case 89:
1021 return errUnimplemented
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1022 case 99:
1023 isValgrindError = true
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1024 }
1025 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1026
David Benjamin9bea3492016-03-02 10:59:16 -0500[diff] [blame]1027 // Account for Windows line endings.
1028 stdout := strings.Replace(string(stdoutBuf.Bytes()), "\r\n", "\n", -1)
1029 stderr := strings.Replace(string(stderrBuf.Bytes()), "\r\n", "\n", -1)
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]1030
1031 // Separate the errors from the shim and those from tools like
1032 // AddressSanitizer.
1033 var extraStderr string
1034 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
1035 stderr = stderrParts[0]
1036 extraStderr = stderrParts[1]
1037 }
1038
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1039 failed := err != nil || childErr != nil
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]1040 expectedError := translateExpectedError(test.expectedError)
1041 correctFailure := len(expectedError) == 0 || strings.Contains(stderr, expectedError)
EKR173bf932016-07-29 15:52:49 +0200[diff] [blame]1042
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1043 localError := "none"
1044 if err != nil {
1045 localError = err.Error()
1046 }
1047 if len(test.expectedLocalError) != 0 {
1048 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
1049 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1050
1051 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1052 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1053 if childErr != nil {
1054 childError = childErr.Error()
1055 }
1056
1057 var msg string
1058 switch {
1059 case failed && !test.shouldFail:
1060 msg = "unexpected failure"
1061 case !failed && test.shouldFail:
1062 msg = "unexpected success"
1063 case failed && !correctFailure:
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]1064 msg = "bad error (wanted '" + expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1065 default:
1066 panic("internal error")
1067 }
1068
David Benjamin9aafb642016-09-20 19:36:53 -0400[diff] [blame]1069 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s\n%s", msg, localError, childError, stdout, stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1070 }
1071
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1072 if len(extraStderr) > 0 || (!failed && len(stderr) > 0) {
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]1073 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1074 }
1075
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1076 if *useValgrind && isValgrindError {
1077 return fmt.Errorf("valgrind error:\n%s\n%s", stderr, extraStderr)
1078 }
1079
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1080 return nil
1081}
1082
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1083type tlsVersion struct {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1084 name string
1085 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1086 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1087 hasDTLS bool
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1088}
1089
1090var tlsVersions = []tlsVersion{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1091 {"SSL3", VersionSSL30, "-no-ssl3", false},
1092 {"TLS1", VersionTLS10, "-no-tls1", true},
1093 {"TLS11", VersionTLS11, "-no-tls11", false},
1094 {"TLS12", VersionTLS12, "-no-tls12", true},
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1095 {"TLS13", VersionTLS13, "-no-tls13", false},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1096}
1097
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1098type testCipherSuite struct {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1099 name string
1100 id uint16
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1101}
1102
1103var testCipherSuites = []testCipherSuite{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1104 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1105 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1106 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1107 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1108 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1109 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1110 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1111 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1112 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1113 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1114 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
1115 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1116 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1117 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1118 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1119 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
1120 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1121 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1122 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1123 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1124 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1125 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1126 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1127 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1128 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1129 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1130 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1131 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
1132 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]1133 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
1134 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1135 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1136 {"AEAD-CHACHA20-POLY1305", TLS_CHACHA20_POLY1305_SHA256},
1137 {"AEAD-AES128-GCM-SHA256", TLS_AES_128_GCM_SHA256},
1138 {"AEAD-AES256-GCM-SHA384", TLS_AES_256_GCM_SHA384},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1139 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1140}
1141
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1142func hasComponent(suiteName, component string) bool {
1143 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
1144}
1145
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1146func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1147 return hasComponent(suiteName, "GCM") ||
1148 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]1149 hasComponent(suiteName, "SHA384") ||
1150 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1151}
1152
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1153func isTLS13Suite(suiteName string) bool {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1154 return strings.HasPrefix(suiteName, "AEAD-")
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1155}
1156
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1157func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1158 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1159}
1160
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]1161func bigFromHex(hex string) *big.Int {
1162 ret, ok := new(big.Int).SetString(hex, 16)
1163 if !ok {
1164 panic("failed to parse hex number 0x" + hex)
1165 }
1166 return ret
1167}
1168
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1169func addBasicTests() {
1170 basicTests := []testCase{
1171 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1172 name: "NoFallbackSCSV",
1173 config: Config{
1174 Bugs: ProtocolBugs{
1175 FailIfNotFallbackSCSV: true,
1176 },
1177 },
1178 shouldFail: true,
1179 expectedLocalError: "no fallback SCSV found",
1180 },
1181 {
1182 name: "SendFallbackSCSV",
1183 config: Config{
1184 Bugs: ProtocolBugs{
1185 FailIfNotFallbackSCSV: true,
1186 },
1187 },
1188 flags: []string{"-fallback-scsv"},
1189 },
1190 {
1191 name: "ClientCertificateTypes",
1192 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1193 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1194 ClientAuth: RequestClientCert,
1195 ClientCertificateTypes: []byte{
1196 CertTypeDSSSign,
1197 CertTypeRSASign,
1198 CertTypeECDSASign,
1199 },
1200 },
1201 flags: []string{
1202 "-expect-certificate-types",
1203 base64.StdEncoding.EncodeToString([]byte{
1204 CertTypeDSSSign,
1205 CertTypeRSASign,
1206 CertTypeECDSASign,
1207 }),
1208 },
1209 },
1210 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1211 name: "UnauthenticatedECDH",
1212 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1213 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1214 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1215 Bugs: ProtocolBugs{
1216 UnauthenticatedECDH: true,
1217 },
1218 },
1219 shouldFail: true,
1220 expectedError: ":UNEXPECTED_MESSAGE:",
1221 },
1222 {
1223 name: "SkipCertificateStatus",
1224 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1225 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1226 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1227 Bugs: ProtocolBugs{
1228 SkipCertificateStatus: true,
1229 },
1230 },
1231 flags: []string{
1232 "-enable-ocsp-stapling",
1233 },
1234 },
1235 {
1236 name: "SkipServerKeyExchange",
1237 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1238 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1239 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1240 Bugs: ProtocolBugs{
1241 SkipServerKeyExchange: true,
1242 },
1243 },
1244 shouldFail: true,
1245 expectedError: ":UNEXPECTED_MESSAGE:",
1246 },
1247 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1248 testType: serverTest,
1249 name: "Alert",
1250 config: Config{
1251 Bugs: ProtocolBugs{
1252 SendSpuriousAlert: alertRecordOverflow,
1253 },
1254 },
1255 shouldFail: true,
1256 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1257 },
1258 {
1259 protocol: dtls,
1260 testType: serverTest,
1261 name: "Alert-DTLS",
1262 config: Config{
1263 Bugs: ProtocolBugs{
1264 SendSpuriousAlert: alertRecordOverflow,
1265 },
1266 },
1267 shouldFail: true,
1268 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1269 },
1270 {
1271 testType: serverTest,
1272 name: "FragmentAlert",
1273 config: Config{
1274 Bugs: ProtocolBugs{
1275 FragmentAlert: true,
1276 SendSpuriousAlert: alertRecordOverflow,
1277 },
1278 },
1279 shouldFail: true,
1280 expectedError: ":BAD_ALERT:",
1281 },
1282 {
1283 protocol: dtls,
1284 testType: serverTest,
1285 name: "FragmentAlert-DTLS",
1286 config: Config{
1287 Bugs: ProtocolBugs{
1288 FragmentAlert: true,
1289 SendSpuriousAlert: alertRecordOverflow,
1290 },
1291 },
1292 shouldFail: true,
1293 expectedError: ":BAD_ALERT:",
1294 },
1295 {
1296 testType: serverTest,
David Benjamin0d3a8c62016-03-11 22:25:18 -0500[diff] [blame]1297 name: "DoubleAlert",
1298 config: Config{
1299 Bugs: ProtocolBugs{
1300 DoubleAlert: true,
1301 SendSpuriousAlert: alertRecordOverflow,
1302 },
1303 },
1304 shouldFail: true,
1305 expectedError: ":BAD_ALERT:",
1306 },
1307 {
1308 protocol: dtls,
1309 testType: serverTest,
1310 name: "DoubleAlert-DTLS",
1311 config: Config{
1312 Bugs: ProtocolBugs{
1313 DoubleAlert: true,
1314 SendSpuriousAlert: alertRecordOverflow,
1315 },
1316 },
1317 shouldFail: true,
1318 expectedError: ":BAD_ALERT:",
1319 },
1320 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1321 name: "SkipNewSessionTicket",
1322 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1323 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1324 Bugs: ProtocolBugs{
1325 SkipNewSessionTicket: true,
1326 },
1327 },
1328 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1329 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1330 },
1331 {
1332 testType: serverTest,
1333 name: "FallbackSCSV",
1334 config: Config{
1335 MaxVersion: VersionTLS11,
1336 Bugs: ProtocolBugs{
1337 SendFallbackSCSV: true,
1338 },
1339 },
David Benjamin56cadc32016-12-16 19:54:11 -0500[diff] [blame]1340 shouldFail: true,
1341 expectedError: ":INAPPROPRIATE_FALLBACK:",
1342 expectedLocalError: "remote error: inappropriate fallback",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1343 },
1344 {
1345 testType: serverTest,
David Benjaminb442dee2016-12-19 22:15:08 -0500[diff] [blame]1346 name: "FallbackSCSV-VersionMatch-TLS13",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1347 config: Config{
David Benjaminb442dee2016-12-19 22:15:08 -0500[diff] [blame]1348 MaxVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1349 Bugs: ProtocolBugs{
1350 SendFallbackSCSV: true,
1351 },
1352 },
1353 },
1354 {
1355 testType: serverTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1356 name: "FallbackSCSV-VersionMatch-TLS12",
1357 config: Config{
1358 MaxVersion: VersionTLS12,
1359 Bugs: ProtocolBugs{
1360 SendFallbackSCSV: true,
1361 },
1362 },
1363 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
1364 },
1365 {
1366 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1367 name: "FragmentedClientVersion",
1368 config: Config{
1369 Bugs: ProtocolBugs{
1370 MaxHandshakeRecordLength: 1,
1371 FragmentClientVersion: true,
1372 },
1373 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1374 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1375 },
1376 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1377 testType: serverTest,
1378 name: "HttpGET",
1379 sendPrefix: "GET / HTTP/1.0\n",
1380 shouldFail: true,
1381 expectedError: ":HTTP_REQUEST:",
1382 },
1383 {
1384 testType: serverTest,
1385 name: "HttpPOST",
1386 sendPrefix: "POST / HTTP/1.0\n",
1387 shouldFail: true,
1388 expectedError: ":HTTP_REQUEST:",
1389 },
1390 {
1391 testType: serverTest,
1392 name: "HttpHEAD",
1393 sendPrefix: "HEAD / HTTP/1.0\n",
1394 shouldFail: true,
1395 expectedError: ":HTTP_REQUEST:",
1396 },
1397 {
1398 testType: serverTest,
1399 name: "HttpPUT",
1400 sendPrefix: "PUT / HTTP/1.0\n",
1401 shouldFail: true,
1402 expectedError: ":HTTP_REQUEST:",
1403 },
1404 {
1405 testType: serverTest,
1406 name: "HttpCONNECT",
1407 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1408 shouldFail: true,
1409 expectedError: ":HTTPS_PROXY_REQUEST:",
1410 },
1411 {
1412 testType: serverTest,
1413 name: "Garbage",
1414 sendPrefix: "blah",
1415 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1416 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1417 },
1418 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1419 name: "RSAEphemeralKey",
1420 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1421 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1422 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1423 Bugs: ProtocolBugs{
1424 RSAEphemeralKey: true,
1425 },
1426 },
1427 shouldFail: true,
1428 expectedError: ":UNEXPECTED_MESSAGE:",
1429 },
1430 {
1431 name: "DisableEverything",
Steven Valdez4f94b1c2016-05-24 12:31:07 -0400[diff] [blame]1432 flags: []string{"-no-tls13", "-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1433 shouldFail: true,
1434 expectedError: ":WRONG_SSL_VERSION:",
1435 },
1436 {
1437 protocol: dtls,
1438 name: "DisableEverything-DTLS",
1439 flags: []string{"-no-tls12", "-no-tls1"},
1440 shouldFail: true,
1441 expectedError: ":WRONG_SSL_VERSION:",
1442 },
1443 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1444 protocol: dtls,
1445 testType: serverTest,
1446 name: "MTU",
1447 config: Config{
1448 Bugs: ProtocolBugs{
1449 MaxPacketLength: 256,
1450 },
1451 },
1452 flags: []string{"-mtu", "256"},
1453 },
1454 {
1455 protocol: dtls,
1456 testType: serverTest,
1457 name: "MTUExceeded",
1458 config: Config{
1459 Bugs: ProtocolBugs{
1460 MaxPacketLength: 255,
1461 },
1462 },
1463 flags: []string{"-mtu", "256"},
1464 shouldFail: true,
1465 expectedLocalError: "dtls: exceeded maximum packet length",
1466 },
1467 {
1468 name: "CertMismatchRSA",
1469 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1470 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1471 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]1472 Certificates: []Certificate{ecdsaP256Certificate},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1473 Bugs: ProtocolBugs{
1474 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1475 },
1476 },
1477 shouldFail: true,
1478 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1479 },
1480 {
1481 name: "CertMismatchECDSA",
1482 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1483 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1484 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]1485 Certificates: []Certificate{rsaCertificate},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1486 Bugs: ProtocolBugs{
1487 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1488 },
1489 },
1490 shouldFail: true,
1491 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1492 },
1493 {
1494 name: "EmptyCertificateList",
1495 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1496 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1497 Bugs: ProtocolBugs{
1498 EmptyCertificateList: true,
1499 },
1500 },
1501 shouldFail: true,
1502 expectedError: ":DECODE_ERROR:",
1503 },
1504 {
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1505 name: "EmptyCertificateList-TLS13",
1506 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1507 MaxVersion: VersionTLS13,
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1508 Bugs: ProtocolBugs{
1509 EmptyCertificateList: true,
1510 },
1511 },
1512 shouldFail: true,
David Benjamin4087df92016-08-01 20:16:31 -0400[diff] [blame]1513 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1514 },
1515 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1516 name: "TLSFatalBadPackets",
1517 damageFirstWrite: true,
1518 shouldFail: true,
1519 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1520 },
1521 {
1522 protocol: dtls,
1523 name: "DTLSIgnoreBadPackets",
1524 damageFirstWrite: true,
1525 },
1526 {
1527 protocol: dtls,
1528 name: "DTLSIgnoreBadPackets-Async",
1529 damageFirstWrite: true,
1530 flags: []string{"-async"},
1531 },
1532 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1533 name: "AppDataBeforeHandshake",
1534 config: Config{
1535 Bugs: ProtocolBugs{
1536 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1537 },
1538 },
1539 shouldFail: true,
1540 expectedError: ":UNEXPECTED_RECORD:",
1541 },
1542 {
1543 name: "AppDataBeforeHandshake-Empty",
1544 config: Config{
1545 Bugs: ProtocolBugs{
1546 AppDataBeforeHandshake: []byte{},
1547 },
1548 },
1549 shouldFail: true,
1550 expectedError: ":UNEXPECTED_RECORD:",
1551 },
1552 {
1553 protocol: dtls,
1554 name: "AppDataBeforeHandshake-DTLS",
1555 config: Config{
1556 Bugs: ProtocolBugs{
1557 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1558 },
1559 },
1560 shouldFail: true,
1561 expectedError: ":UNEXPECTED_RECORD:",
1562 },
1563 {
1564 protocol: dtls,
1565 name: "AppDataBeforeHandshake-DTLS-Empty",
1566 config: Config{
1567 Bugs: ProtocolBugs{
1568 AppDataBeforeHandshake: []byte{},
1569 },
1570 },
1571 shouldFail: true,
1572 expectedError: ":UNEXPECTED_RECORD:",
1573 },
1574 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1575 name: "AppDataAfterChangeCipherSpec",
1576 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1577 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1578 Bugs: ProtocolBugs{
1579 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1580 },
1581 },
1582 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1583 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1584 },
1585 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1586 name: "AppDataAfterChangeCipherSpec-Empty",
1587 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1588 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1589 Bugs: ProtocolBugs{
1590 AppDataAfterChangeCipherSpec: []byte{},
1591 },
1592 },
1593 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1594 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1595 },
1596 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1597 protocol: dtls,
1598 name: "AppDataAfterChangeCipherSpec-DTLS",
1599 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1600 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1601 Bugs: ProtocolBugs{
1602 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1603 },
1604 },
1605 // BoringSSL's DTLS implementation will drop the out-of-order
1606 // application data.
1607 },
1608 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1609 protocol: dtls,
1610 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1611 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1612 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1613 Bugs: ProtocolBugs{
1614 AppDataAfterChangeCipherSpec: []byte{},
1615 },
1616 },
1617 // BoringSSL's DTLS implementation will drop the out-of-order
1618 // application data.
1619 },
1620 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1621 name: "AlertAfterChangeCipherSpec",
1622 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1623 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1624 Bugs: ProtocolBugs{
1625 AlertAfterChangeCipherSpec: alertRecordOverflow,
1626 },
1627 },
1628 shouldFail: true,
1629 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1630 },
1631 {
1632 protocol: dtls,
1633 name: "AlertAfterChangeCipherSpec-DTLS",
1634 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1635 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1636 Bugs: ProtocolBugs{
1637 AlertAfterChangeCipherSpec: alertRecordOverflow,
1638 },
1639 },
1640 shouldFail: true,
1641 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1642 },
1643 {
1644 protocol: dtls,
1645 name: "ReorderHandshakeFragments-Small-DTLS",
1646 config: Config{
1647 Bugs: ProtocolBugs{
1648 ReorderHandshakeFragments: true,
1649 // Small enough that every handshake message is
1650 // fragmented.
1651 MaxHandshakeRecordLength: 2,
1652 },
1653 },
1654 },
1655 {
1656 protocol: dtls,
1657 name: "ReorderHandshakeFragments-Large-DTLS",
1658 config: Config{
1659 Bugs: ProtocolBugs{
1660 ReorderHandshakeFragments: true,
1661 // Large enough that no handshake message is
1662 // fragmented.
1663 MaxHandshakeRecordLength: 2048,
1664 },
1665 },
1666 },
1667 {
1668 protocol: dtls,
1669 name: "MixCompleteMessageWithFragments-DTLS",
1670 config: Config{
1671 Bugs: ProtocolBugs{
1672 ReorderHandshakeFragments: true,
1673 MixCompleteMessageWithFragments: true,
1674 MaxHandshakeRecordLength: 2,
1675 },
1676 },
1677 },
1678 {
1679 name: "SendInvalidRecordType",
1680 config: Config{
1681 Bugs: ProtocolBugs{
1682 SendInvalidRecordType: true,
1683 },
1684 },
1685 shouldFail: true,
1686 expectedError: ":UNEXPECTED_RECORD:",
1687 },
1688 {
1689 protocol: dtls,
1690 name: "SendInvalidRecordType-DTLS",
1691 config: Config{
1692 Bugs: ProtocolBugs{
1693 SendInvalidRecordType: true,
1694 },
1695 },
1696 shouldFail: true,
1697 expectedError: ":UNEXPECTED_RECORD:",
1698 },
1699 {
1700 name: "FalseStart-SkipServerSecondLeg",
1701 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1702 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1703 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1704 NextProtos: []string{"foo"},
1705 Bugs: ProtocolBugs{
1706 SkipNewSessionTicket: true,
1707 SkipChangeCipherSpec: true,
1708 SkipFinished: true,
1709 ExpectFalseStart: true,
1710 },
1711 },
1712 flags: []string{
1713 "-false-start",
1714 "-handshake-never-done",
1715 "-advertise-alpn", "\x03foo",
1716 },
1717 shimWritesFirst: true,
1718 shouldFail: true,
1719 expectedError: ":UNEXPECTED_RECORD:",
1720 },
1721 {
1722 name: "FalseStart-SkipServerSecondLeg-Implicit",
1723 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1724 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1725 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1726 NextProtos: []string{"foo"},
1727 Bugs: ProtocolBugs{
1728 SkipNewSessionTicket: true,
1729 SkipChangeCipherSpec: true,
1730 SkipFinished: true,
1731 },
1732 },
1733 flags: []string{
1734 "-implicit-handshake",
1735 "-false-start",
1736 "-handshake-never-done",
1737 "-advertise-alpn", "\x03foo",
1738 },
1739 shouldFail: true,
1740 expectedError: ":UNEXPECTED_RECORD:",
1741 },
1742 {
1743 testType: serverTest,
1744 name: "FailEarlyCallback",
1745 flags: []string{"-fail-early-callback"},
1746 shouldFail: true,
1747 expectedError: ":CONNECTION_REJECTED:",
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]1748 expectedLocalError: "remote error: handshake failure",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1749 },
1750 {
David Benjaminb8d74f52016-11-14 22:02:50 +0900[diff] [blame]1751 name: "FailCertCallback-Client-TLS12",
1752 config: Config{
1753 MaxVersion: VersionTLS12,
1754 ClientAuth: RequestClientCert,
1755 },
1756 flags: []string{"-fail-cert-callback"},
1757 shouldFail: true,
1758 expectedError: ":CERT_CB_ERROR:",
1759 expectedLocalError: "remote error: internal error",
1760 },
1761 {
1762 testType: serverTest,
1763 name: "FailCertCallback-Server-TLS12",
1764 config: Config{
1765 MaxVersion: VersionTLS12,
1766 },
1767 flags: []string{"-fail-cert-callback"},
1768 shouldFail: true,
1769 expectedError: ":CERT_CB_ERROR:",
1770 expectedLocalError: "remote error: internal error",
1771 },
1772 {
1773 name: "FailCertCallback-Client-TLS13",
1774 config: Config{
1775 MaxVersion: VersionTLS13,
1776 ClientAuth: RequestClientCert,
1777 },
1778 flags: []string{"-fail-cert-callback"},
1779 shouldFail: true,
1780 expectedError: ":CERT_CB_ERROR:",
1781 expectedLocalError: "remote error: internal error",
1782 },
1783 {
1784 testType: serverTest,
1785 name: "FailCertCallback-Server-TLS13",
1786 config: Config{
1787 MaxVersion: VersionTLS13,
1788 },
1789 flags: []string{"-fail-cert-callback"},
1790 shouldFail: true,
1791 expectedError: ":CERT_CB_ERROR:",
1792 expectedLocalError: "remote error: internal error",
1793 },
1794 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1795 protocol: dtls,
1796 name: "FragmentMessageTypeMismatch-DTLS",
1797 config: Config{
1798 Bugs: ProtocolBugs{
1799 MaxHandshakeRecordLength: 2,
1800 FragmentMessageTypeMismatch: true,
1801 },
1802 },
1803 shouldFail: true,
1804 expectedError: ":FRAGMENT_MISMATCH:",
1805 },
1806 {
1807 protocol: dtls,
1808 name: "FragmentMessageLengthMismatch-DTLS",
1809 config: Config{
1810 Bugs: ProtocolBugs{
1811 MaxHandshakeRecordLength: 2,
1812 FragmentMessageLengthMismatch: true,
1813 },
1814 },
1815 shouldFail: true,
1816 expectedError: ":FRAGMENT_MISMATCH:",
1817 },
1818 {
1819 protocol: dtls,
1820 name: "SplitFragments-Header-DTLS",
1821 config: Config{
1822 Bugs: ProtocolBugs{
1823 SplitFragments: 2,
1824 },
1825 },
1826 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1827 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1828 },
1829 {
1830 protocol: dtls,
1831 name: "SplitFragments-Boundary-DTLS",
1832 config: Config{
1833 Bugs: ProtocolBugs{
1834 SplitFragments: dtlsRecordHeaderLen,
1835 },
1836 },
1837 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1838 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1839 },
1840 {
1841 protocol: dtls,
1842 name: "SplitFragments-Body-DTLS",
1843 config: Config{
1844 Bugs: ProtocolBugs{
1845 SplitFragments: dtlsRecordHeaderLen + 1,
1846 },
1847 },
1848 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1849 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1850 },
1851 {
1852 protocol: dtls,
1853 name: "SendEmptyFragments-DTLS",
1854 config: Config{
1855 Bugs: ProtocolBugs{
1856 SendEmptyFragments: true,
1857 },
1858 },
1859 },
1860 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1861 name: "BadFinished-Client",
1862 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1863 MaxVersion: VersionTLS12,
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1864 Bugs: ProtocolBugs{
1865 BadFinished: true,
1866 },
1867 },
1868 shouldFail: true,
1869 expectedError: ":DIGEST_CHECK_FAILED:",
1870 },
1871 {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1872 name: "BadFinished-Client-TLS13",
1873 config: Config{
1874 MaxVersion: VersionTLS13,
1875 Bugs: ProtocolBugs{
1876 BadFinished: true,
1877 },
1878 },
1879 shouldFail: true,
1880 expectedError: ":DIGEST_CHECK_FAILED:",
1881 },
1882 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1883 testType: serverTest,
1884 name: "BadFinished-Server",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1885 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1886 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1887 Bugs: ProtocolBugs{
1888 BadFinished: true,
1889 },
1890 },
1891 shouldFail: true,
1892 expectedError: ":DIGEST_CHECK_FAILED:",
1893 },
1894 {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1895 testType: serverTest,
1896 name: "BadFinished-Server-TLS13",
1897 config: Config{
1898 MaxVersion: VersionTLS13,
1899 Bugs: ProtocolBugs{
1900 BadFinished: true,
1901 },
1902 },
1903 shouldFail: true,
1904 expectedError: ":DIGEST_CHECK_FAILED:",
1905 },
1906 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1907 name: "FalseStart-BadFinished",
1908 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1909 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1910 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1911 NextProtos: []string{"foo"},
1912 Bugs: ProtocolBugs{
1913 BadFinished: true,
1914 ExpectFalseStart: true,
1915 },
1916 },
1917 flags: []string{
1918 "-false-start",
1919 "-handshake-never-done",
1920 "-advertise-alpn", "\x03foo",
1921 },
1922 shimWritesFirst: true,
1923 shouldFail: true,
1924 expectedError: ":DIGEST_CHECK_FAILED:",
1925 },
1926 {
1927 name: "NoFalseStart-NoALPN",
1928 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1929 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1930 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1931 Bugs: ProtocolBugs{
1932 ExpectFalseStart: true,
1933 AlertBeforeFalseStartTest: alertAccessDenied,
1934 },
1935 },
1936 flags: []string{
1937 "-false-start",
1938 },
1939 shimWritesFirst: true,
1940 shouldFail: true,
1941 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1942 expectedLocalError: "tls: peer did not false start: EOF",
1943 },
1944 {
1945 name: "NoFalseStart-NoAEAD",
1946 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1947 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1948 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1949 NextProtos: []string{"foo"},
1950 Bugs: ProtocolBugs{
1951 ExpectFalseStart: true,
1952 AlertBeforeFalseStartTest: alertAccessDenied,
1953 },
1954 },
1955 flags: []string{
1956 "-false-start",
1957 "-advertise-alpn", "\x03foo",
1958 },
1959 shimWritesFirst: true,
1960 shouldFail: true,
1961 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1962 expectedLocalError: "tls: peer did not false start: EOF",
1963 },
1964 {
1965 name: "NoFalseStart-RSA",
1966 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1967 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1968 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1969 NextProtos: []string{"foo"},
1970 Bugs: ProtocolBugs{
1971 ExpectFalseStart: true,
1972 AlertBeforeFalseStartTest: alertAccessDenied,
1973 },
1974 },
1975 flags: []string{
1976 "-false-start",
1977 "-advertise-alpn", "\x03foo",
1978 },
1979 shimWritesFirst: true,
1980 shouldFail: true,
1981 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1982 expectedLocalError: "tls: peer did not false start: EOF",
1983 },
1984 {
1985 name: "NoFalseStart-DHE_RSA",
1986 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1987 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1988 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1989 NextProtos: []string{"foo"},
1990 Bugs: ProtocolBugs{
1991 ExpectFalseStart: true,
1992 AlertBeforeFalseStartTest: alertAccessDenied,
1993 },
1994 },
1995 flags: []string{
1996 "-false-start",
1997 "-advertise-alpn", "\x03foo",
1998 },
1999 shimWritesFirst: true,
2000 shouldFail: true,
2001 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
2002 expectedLocalError: "tls: peer did not false start: EOF",
2003 },
2004 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2005 protocol: dtls,
2006 name: "SendSplitAlert-Sync",
2007 config: Config{
2008 Bugs: ProtocolBugs{
2009 SendSplitAlert: true,
2010 },
2011 },
2012 },
2013 {
2014 protocol: dtls,
2015 name: "SendSplitAlert-Async",
2016 config: Config{
2017 Bugs: ProtocolBugs{
2018 SendSplitAlert: true,
2019 },
2020 },
2021 flags: []string{"-async"},
2022 },
2023 {
2024 protocol: dtls,
2025 name: "PackDTLSHandshake",
2026 config: Config{
2027 Bugs: ProtocolBugs{
2028 MaxHandshakeRecordLength: 2,
2029 PackHandshakeFragments: 20,
2030 PackHandshakeRecords: 200,
2031 },
2032 },
2033 },
2034 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2035 name: "SendEmptyRecords-Pass",
2036 sendEmptyRecords: 32,
2037 },
2038 {
2039 name: "SendEmptyRecords",
2040 sendEmptyRecords: 33,
2041 shouldFail: true,
2042 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2043 },
2044 {
2045 name: "SendEmptyRecords-Async",
2046 sendEmptyRecords: 33,
2047 flags: []string{"-async"},
2048 shouldFail: true,
2049 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2050 },
2051 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2052 name: "SendWarningAlerts-Pass",
2053 config: Config{
2054 MaxVersion: VersionTLS12,
2055 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2056 sendWarningAlerts: 4,
2057 },
2058 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2059 protocol: dtls,
2060 name: "SendWarningAlerts-DTLS-Pass",
2061 config: Config{
2062 MaxVersion: VersionTLS12,
2063 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2064 sendWarningAlerts: 4,
2065 },
2066 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2067 name: "SendWarningAlerts-TLS13",
2068 config: Config{
2069 MaxVersion: VersionTLS13,
2070 },
2071 sendWarningAlerts: 4,
2072 shouldFail: true,
2073 expectedError: ":BAD_ALERT:",
2074 expectedLocalError: "remote error: error decoding message",
2075 },
2076 {
2077 name: "SendWarningAlerts",
2078 config: Config{
2079 MaxVersion: VersionTLS12,
2080 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2081 sendWarningAlerts: 5,
2082 shouldFail: true,
2083 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2084 },
2085 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2086 name: "SendWarningAlerts-Async",
2087 config: Config{
2088 MaxVersion: VersionTLS12,
2089 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2090 sendWarningAlerts: 5,
2091 flags: []string{"-async"},
2092 shouldFail: true,
2093 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2094 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2095 {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2096 name: "TooManyKeyUpdates",
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]2097 config: Config{
2098 MaxVersion: VersionTLS13,
2099 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2100 sendKeyUpdates: 33,
2101 keyUpdateRequest: keyUpdateNotRequested,
2102 shouldFail: true,
2103 expectedError: ":TOO_MANY_KEY_UPDATES:",
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]2104 },
2105 {
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2106 name: "EmptySessionID",
2107 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2108 MaxVersion: VersionTLS12,
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2109 SessionTicketsDisabled: true,
2110 },
2111 noSessionCache: true,
2112 flags: []string{"-expect-no-session"},
2113 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2114 {
2115 name: "Unclean-Shutdown",
2116 config: Config{
2117 Bugs: ProtocolBugs{
2118 NoCloseNotify: true,
2119 ExpectCloseNotify: true,
2120 },
2121 },
2122 shimShutsDown: true,
2123 flags: []string{"-check-close-notify"},
2124 shouldFail: true,
2125 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
2126 },
2127 {
2128 name: "Unclean-Shutdown-Ignored",
2129 config: Config{
2130 Bugs: ProtocolBugs{
2131 NoCloseNotify: true,
2132 },
2133 },
2134 shimShutsDown: true,
2135 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2136 {
David Benjaminfa214e42016-05-10 17:03:10 -0400[diff] [blame]2137 name: "Unclean-Shutdown-Alert",
2138 config: Config{
2139 Bugs: ProtocolBugs{
2140 SendAlertOnShutdown: alertDecompressionFailure,
2141 ExpectCloseNotify: true,
2142 },
2143 },
2144 shimShutsDown: true,
2145 flags: []string{"-check-close-notify"},
2146 shouldFail: true,
2147 expectedError: ":SSLV3_ALERT_DECOMPRESSION_FAILURE:",
2148 },
2149 {
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2150 name: "LargePlaintext",
2151 config: Config{
2152 Bugs: ProtocolBugs{
2153 SendLargeRecords: true,
2154 },
2155 },
2156 messageLen: maxPlaintext + 1,
2157 shouldFail: true,
2158 expectedError: ":DATA_LENGTH_TOO_LONG:",
2159 },
2160 {
2161 protocol: dtls,
2162 name: "LargePlaintext-DTLS",
2163 config: Config{
2164 Bugs: ProtocolBugs{
2165 SendLargeRecords: true,
2166 },
2167 },
2168 messageLen: maxPlaintext + 1,
2169 shouldFail: true,
2170 expectedError: ":DATA_LENGTH_TOO_LONG:",
2171 },
2172 {
2173 name: "LargeCiphertext",
2174 config: Config{
2175 Bugs: ProtocolBugs{
2176 SendLargeRecords: true,
2177 },
2178 },
2179 messageLen: maxPlaintext * 2,
2180 shouldFail: true,
2181 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
2182 },
2183 {
2184 protocol: dtls,
2185 name: "LargeCiphertext-DTLS",
2186 config: Config{
2187 Bugs: ProtocolBugs{
2188 SendLargeRecords: true,
2189 },
2190 },
2191 messageLen: maxPlaintext * 2,
2192 // Unlike the other four cases, DTLS drops records which
2193 // are invalid before authentication, so the connection
2194 // does not fail.
2195 expectMessageDropped: true,
2196 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2197 {
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2198 name: "BadHelloRequest-1",
2199 renegotiate: 1,
2200 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2201 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2202 Bugs: ProtocolBugs{
2203 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2204 },
2205 },
2206 flags: []string{
2207 "-renegotiate-freely",
2208 "-expect-total-renegotiations", "1",
2209 },
2210 shouldFail: true,
David Benjamin163f29a2016-07-28 11:05:58 -0400[diff] [blame]2211 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2212 },
2213 {
2214 name: "BadHelloRequest-2",
2215 renegotiate: 1,
2216 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2217 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2218 Bugs: ProtocolBugs{
2219 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2220 },
2221 },
2222 flags: []string{
2223 "-renegotiate-freely",
2224 "-expect-total-renegotiations", "1",
2225 },
2226 shouldFail: true,
2227 expectedError: ":BAD_HELLO_REQUEST:",
2228 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2229 {
2230 testType: serverTest,
2231 name: "SupportTicketsWithSessionID",
2232 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2233 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2234 SessionTicketsDisabled: true,
2235 },
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2236 resumeConfig: &Config{
2237 MaxVersion: VersionTLS12,
2238 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2239 resumeSession: true,
2240 },
David Benjamin02edcd02016-07-27 17:40:37 -0400[diff] [blame]2241 {
2242 protocol: dtls,
2243 name: "DTLS-SendExtraFinished",
2244 config: Config{
2245 Bugs: ProtocolBugs{
2246 SendExtraFinished: true,
2247 },
2248 },
2249 shouldFail: true,
2250 expectedError: ":UNEXPECTED_RECORD:",
2251 },
2252 {
2253 protocol: dtls,
2254 name: "DTLS-SendExtraFinished-Reordered",
2255 config: Config{
2256 Bugs: ProtocolBugs{
2257 MaxHandshakeRecordLength: 2,
2258 ReorderHandshakeFragments: true,
2259 SendExtraFinished: true,
2260 },
2261 },
2262 shouldFail: true,
2263 expectedError: ":UNEXPECTED_RECORD:",
2264 },
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2265 {
2266 testType: serverTest,
2267 name: "V2ClientHello-EmptyRecordPrefix",
2268 config: Config{
2269 // Choose a cipher suite that does not involve
2270 // elliptic curves, so no extensions are
2271 // involved.
2272 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]2273 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2274 Bugs: ProtocolBugs{
2275 SendV2ClientHello: true,
2276 },
2277 },
2278 sendPrefix: string([]byte{
2279 byte(recordTypeHandshake),
2280 3, 1, // version
2281 0, 0, // length
2282 }),
2283 // A no-op empty record may not be sent before V2ClientHello.
2284 shouldFail: true,
2285 expectedError: ":WRONG_VERSION_NUMBER:",
2286 },
2287 {
2288 testType: serverTest,
2289 name: "V2ClientHello-WarningAlertPrefix",
2290 config: Config{
2291 // Choose a cipher suite that does not involve
2292 // elliptic curves, so no extensions are
2293 // involved.
2294 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]2295 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2296 Bugs: ProtocolBugs{
2297 SendV2ClientHello: true,
2298 },
2299 },
2300 sendPrefix: string([]byte{
2301 byte(recordTypeAlert),
2302 3, 1, // version
2303 0, 2, // length
2304 alertLevelWarning, byte(alertDecompressionFailure),
2305 }),
2306 // A no-op warning alert may not be sent before V2ClientHello.
2307 shouldFail: true,
2308 expectedError: ":WRONG_VERSION_NUMBER:",
2309 },
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2310 {
David Benjamin7ebe61a2017-02-10 13:14:01 -0500[diff] [blame]2311 name: "KeyUpdate-Client",
2312 config: Config{
2313 MaxVersion: VersionTLS13,
2314 },
2315 sendKeyUpdates: 1,
2316 keyUpdateRequest: keyUpdateNotRequested,
2317 },
2318 {
2319 testType: serverTest,
2320 name: "KeyUpdate-Server",
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2321 config: Config{
2322 MaxVersion: VersionTLS13,
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2323 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2324 sendKeyUpdates: 1,
2325 keyUpdateRequest: keyUpdateNotRequested,
2326 },
2327 {
2328 name: "KeyUpdate-InvalidRequestMode",
2329 config: Config{
2330 MaxVersion: VersionTLS13,
2331 },
2332 sendKeyUpdates: 1,
2333 keyUpdateRequest: 42,
2334 shouldFail: true,
2335 expectedError: ":DECODE_ERROR:",
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2336 },
David Benjaminabe94e32016-09-04 14:18:58 -0400[diff] [blame]2337 {
2338 name: "SendSNIWarningAlert",
2339 config: Config{
2340 MaxVersion: VersionTLS12,
2341 Bugs: ProtocolBugs{
2342 SendSNIWarningAlert: true,
2343 },
2344 },
2345 },
David Benjaminc241d792016-09-09 10:34:20 -0400[diff] [blame]2346 {
2347 testType: serverTest,
2348 name: "ExtraCompressionMethods-TLS12",
2349 config: Config{
2350 MaxVersion: VersionTLS12,
2351 Bugs: ProtocolBugs{
2352 SendCompressionMethods: []byte{1, 2, 3, compressionNone, 4, 5, 6},
2353 },
2354 },
2355 },
2356 {
2357 testType: serverTest,
2358 name: "ExtraCompressionMethods-TLS13",
2359 config: Config{
2360 MaxVersion: VersionTLS13,
2361 Bugs: ProtocolBugs{
2362 SendCompressionMethods: []byte{1, 2, 3, compressionNone, 4, 5, 6},
2363 },
2364 },
2365 shouldFail: true,
2366 expectedError: ":INVALID_COMPRESSION_LIST:",
2367 expectedLocalError: "remote error: illegal parameter",
2368 },
2369 {
2370 testType: serverTest,
2371 name: "NoNullCompression-TLS12",
2372 config: Config{
2373 MaxVersion: VersionTLS12,
2374 Bugs: ProtocolBugs{
2375 SendCompressionMethods: []byte{1, 2, 3, 4, 5, 6},
2376 },
2377 },
2378 shouldFail: true,
David Benjamindaa05392017-02-02 23:33:21 -0500[diff] [blame]2379 expectedError: ":INVALID_COMPRESSION_LIST:",
David Benjaminc241d792016-09-09 10:34:20 -0400[diff] [blame]2380 expectedLocalError: "remote error: illegal parameter",
2381 },
2382 {
2383 testType: serverTest,
2384 name: "NoNullCompression-TLS13",
2385 config: Config{
2386 MaxVersion: VersionTLS13,
2387 Bugs: ProtocolBugs{
2388 SendCompressionMethods: []byte{1, 2, 3, 4, 5, 6},
2389 },
2390 },
2391 shouldFail: true,
2392 expectedError: ":INVALID_COMPRESSION_LIST:",
2393 expectedLocalError: "remote error: illegal parameter",
2394 },
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2395 {
David Benjamin1a5e8ec2016-10-07 15:19:18 -0400[diff] [blame]2396 name: "GREASE-Client-TLS12",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2397 config: Config{
2398 MaxVersion: VersionTLS12,
2399 Bugs: ProtocolBugs{
2400 ExpectGREASE: true,
2401 },
2402 },
2403 flags: []string{"-enable-grease"},
2404 },
2405 {
David Benjamin1a5e8ec2016-10-07 15:19:18 -0400[diff] [blame]2406 name: "GREASE-Client-TLS13",
2407 config: Config{
2408 MaxVersion: VersionTLS13,
2409 Bugs: ProtocolBugs{
2410 ExpectGREASE: true,
2411 },
2412 },
2413 flags: []string{"-enable-grease"},
2414 },
2415 {
2416 testType: serverTest,
2417 name: "GREASE-Server-TLS13",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2418 config: Config{
2419 MaxVersion: VersionTLS13,
2420 Bugs: ProtocolBugs{
David Benjamin079b3942016-10-20 13:19:20 -0400[diff] [blame]2421 // TLS 1.3 servers are expected to
2422 // always enable GREASE. TLS 1.3 is new,
2423 // so there is no existing ecosystem to
2424 // worry about.
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2425 ExpectGREASE: true,
2426 },
2427 },
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2428 },
David Benjamine3fbb362017-01-06 16:19:28 -0500[diff] [blame]2429 {
2430 // Test the server so there is a large certificate as
2431 // well as application data.
2432 testType: serverTest,
2433 name: "MaxSendFragment",
2434 config: Config{
2435 Bugs: ProtocolBugs{
2436 MaxReceivePlaintext: 512,
2437 },
2438 },
2439 messageLen: 1024,
2440 flags: []string{
2441 "-max-send-fragment", "512",
2442 "-read-size", "1024",
2443 },
2444 },
2445 {
2446 // Test the server so there is a large certificate as
2447 // well as application data.
2448 testType: serverTest,
2449 name: "MaxSendFragment-TooLarge",
2450 config: Config{
2451 Bugs: ProtocolBugs{
2452 // Ensure that some of the records are
2453 // 512.
2454 MaxReceivePlaintext: 511,
2455 },
2456 },
2457 messageLen: 1024,
2458 flags: []string{
2459 "-max-send-fragment", "512",
2460 "-read-size", "1024",
2461 },
2462 shouldFail: true,
2463 expectedLocalError: "local error: record overflow",
2464 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2465 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2466 testCases = append(testCases, basicTests...)
David Benjamina252b342016-09-26 19:57:53 -0400[diff] [blame]2467
2468 // Test that very large messages can be received.
2469 cert := rsaCertificate
2470 for i := 0; i < 50; i++ {
2471 cert.Certificate = append(cert.Certificate, cert.Certificate[0])
2472 }
2473 testCases = append(testCases, testCase{
2474 name: "LargeMessage",
2475 config: Config{
2476 Certificates: []Certificate{cert},
2477 },
2478 })
2479 testCases = append(testCases, testCase{
2480 protocol: dtls,
2481 name: "LargeMessage-DTLS",
2482 config: Config{
2483 Certificates: []Certificate{cert},
2484 },
2485 })
2486
2487 // They are rejected if the maximum certificate chain length is capped.
2488 testCases = append(testCases, testCase{
2489 name: "LargeMessage-Reject",
2490 config: Config{
2491 Certificates: []Certificate{cert},
2492 },
2493 flags: []string{"-max-cert-list", "16384"},
2494 shouldFail: true,
2495 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
2496 })
2497 testCases = append(testCases, testCase{
2498 protocol: dtls,
2499 name: "LargeMessage-Reject-DTLS",
2500 config: Config{
2501 Certificates: []Certificate{cert},
2502 },
2503 flags: []string{"-max-cert-list", "16384"},
2504 shouldFail: true,
2505 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
2506 })
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2507}
2508
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2509func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol protocol) {
2510 const psk = "12345"
2511 const pskIdentity = "luggage combo"
2512
2513 var prefix string
2514 if protocol == dtls {
2515 if !ver.hasDTLS {
2516 return
2517 }
2518 prefix = "D"
2519 }
2520
2521 var cert Certificate
2522 var certFile string
2523 var keyFile string
2524 if hasComponent(suite.name, "ECDSA") {
2525 cert = ecdsaP256Certificate
2526 certFile = ecdsaP256CertificateFile
2527 keyFile = ecdsaP256KeyFile
2528 } else {
2529 cert = rsaCertificate
2530 certFile = rsaCertificateFile
2531 keyFile = rsaKeyFile
2532 }
2533
2534 var flags []string
2535 if hasComponent(suite.name, "PSK") {
2536 flags = append(flags,
2537 "-psk", psk,
2538 "-psk-identity", pskIdentity)
2539 }
2540 if hasComponent(suite.name, "NULL") {
2541 // NULL ciphers must be explicitly enabled.
2542 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2543 }
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2544
2545 var shouldServerFail, shouldClientFail bool
2546 if hasComponent(suite.name, "ECDHE") && ver.version == VersionSSL30 {
2547 // BoringSSL clients accept ECDHE on SSLv3, but
2548 // a BoringSSL server will never select it
2549 // because the extension is missing.
2550 shouldServerFail = true
2551 }
2552 if isTLS12Only(suite.name) && ver.version < VersionTLS12 {
2553 shouldClientFail = true
2554 shouldServerFail = true
2555 }
2556 if !isTLS13Suite(suite.name) && ver.version >= VersionTLS13 {
2557 shouldClientFail = true
2558 shouldServerFail = true
2559 }
2560 if isTLS13Suite(suite.name) && ver.version < VersionTLS13 {
2561 shouldClientFail = true
2562 shouldServerFail = true
2563 }
2564 if !isDTLSCipher(suite.name) && protocol == dtls {
2565 shouldClientFail = true
2566 shouldServerFail = true
2567 }
2568
2569 var sendCipherSuite uint16
2570 var expectedServerError, expectedClientError string
2571 serverCipherSuites := []uint16{suite.id}
2572 if shouldServerFail {
2573 expectedServerError = ":NO_SHARED_CIPHER:"
2574 }
2575 if shouldClientFail {
2576 expectedClientError = ":WRONG_CIPHER_RETURNED:"
2577 // Configure the server to select ciphers as normal but
2578 // select an incompatible cipher in ServerHello.
2579 serverCipherSuites = nil
2580 sendCipherSuite = suite.id
2581 }
2582
David Benjamincdb6fe92017-02-07 16:06:48 -0500[diff] [blame]2583 // For cipher suites and versions where exporters are defined, verify
2584 // that they interoperate.
2585 var exportKeyingMaterial int
2586 if ver.version > VersionSSL30 {
2587 exportKeyingMaterial = 1024
2588 }
2589
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2590 testCases = append(testCases, testCase{
2591 testType: serverTest,
2592 protocol: protocol,
2593 name: prefix + ver.name + "-" + suite.name + "-server",
2594 config: Config{
2595 MinVersion: ver.version,
2596 MaxVersion: ver.version,
2597 CipherSuites: []uint16{suite.id},
2598 Certificates: []Certificate{cert},
2599 PreSharedKey: []byte(psk),
2600 PreSharedKeyIdentity: pskIdentity,
2601 Bugs: ProtocolBugs{
2602 AdvertiseAllConfiguredCiphers: true,
2603 },
2604 },
David Benjamincdb6fe92017-02-07 16:06:48 -0500[diff] [blame]2605 certFile: certFile,
2606 keyFile: keyFile,
2607 flags: flags,
2608 resumeSession: true,
2609 shouldFail: shouldServerFail,
2610 expectedError: expectedServerError,
2611 exportKeyingMaterial: exportKeyingMaterial,
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2612 })
2613
2614 testCases = append(testCases, testCase{
2615 testType: clientTest,
2616 protocol: protocol,
2617 name: prefix + ver.name + "-" + suite.name + "-client",
2618 config: Config{
2619 MinVersion: ver.version,
2620 MaxVersion: ver.version,
2621 CipherSuites: serverCipherSuites,
2622 Certificates: []Certificate{cert},
2623 PreSharedKey: []byte(psk),
2624 PreSharedKeyIdentity: pskIdentity,
2625 Bugs: ProtocolBugs{
2626 IgnorePeerCipherPreferences: shouldClientFail,
2627 SendCipherSuite: sendCipherSuite,
2628 },
2629 },
David Benjamincdb6fe92017-02-07 16:06:48 -0500[diff] [blame]2630 flags: flags,
2631 resumeSession: true,
2632 shouldFail: shouldClientFail,
2633 expectedError: expectedClientError,
2634 exportKeyingMaterial: exportKeyingMaterial,
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2635 })
2636
David Benjamin6f600d62016-12-21 16:06:54 -0500[diff] [blame]2637 if shouldClientFail {
2638 return
2639 }
2640
2641 // Ensure the maximum record size is accepted.
2642 testCases = append(testCases, testCase{
2643 protocol: protocol,
2644 name: prefix + ver.name + "-" + suite.name + "-LargeRecord",
2645 config: Config{
2646 MinVersion: ver.version,
2647 MaxVersion: ver.version,
2648 CipherSuites: []uint16{suite.id},
2649 Certificates: []Certificate{cert},
2650 PreSharedKey: []byte(psk),
2651 PreSharedKeyIdentity: pskIdentity,
2652 },
2653 flags: flags,
2654 messageLen: maxPlaintext,
2655 })
2656
2657 // Test bad records for all ciphers. Bad records are fatal in TLS
2658 // and ignored in DTLS.
2659 var shouldFail bool
2660 var expectedError string
2661 if protocol == tls {
2662 shouldFail = true
2663 expectedError = ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:"
2664 }
2665
2666 testCases = append(testCases, testCase{
2667 protocol: protocol,
2668 name: prefix + ver.name + "-" + suite.name + "-BadRecord",
2669 config: Config{
2670 MinVersion: ver.version,
2671 MaxVersion: ver.version,
2672 CipherSuites: []uint16{suite.id},
2673 Certificates: []Certificate{cert},
2674 PreSharedKey: []byte(psk),
2675 PreSharedKeyIdentity: pskIdentity,
2676 },
2677 flags: flags,
2678 damageFirstWrite: true,
2679 messageLen: maxPlaintext,
2680 shouldFail: shouldFail,
2681 expectedError: expectedError,
2682 })
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2683}
2684
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2685func addCipherSuiteTests() {
David Benjamine470e662016-07-18 15:47:32 +0200[diff] [blame]2686 const bogusCipher = 0xfe00
2687
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2688 for _, suite := range testCipherSuites {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2689 for _, ver := range tlsVersions {
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2690 for _, protocol := range []protocol{tls, dtls} {
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2691 addTestForCipherSuite(suite, ver, protocol)
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2692 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2693 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2694 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2695
2696 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2697 name: "NoSharedCipher",
2698 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2699 MaxVersion: VersionTLS12,
2700 CipherSuites: []uint16{},
2701 },
2702 shouldFail: true,
2703 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
2704 })
2705
2706 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]2707 name: "NoSharedCipher-TLS13",
2708 config: Config{
2709 MaxVersion: VersionTLS13,
2710 CipherSuites: []uint16{},
2711 },
2712 shouldFail: true,
2713 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
2714 })
2715
2716 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2717 name: "UnsupportedCipherSuite",
2718 config: Config{
2719 MaxVersion: VersionTLS12,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2720 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2721 Bugs: ProtocolBugs{
2722 IgnorePeerCipherPreferences: true,
2723 },
2724 },
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2725 flags: []string{"-cipher", "DEFAULT:!AES"},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2726 shouldFail: true,
2727 expectedError: ":WRONG_CIPHER_RETURNED:",
2728 })
2729
2730 testCases = append(testCases, testCase{
David Benjamine470e662016-07-18 15:47:32 +0200[diff] [blame]2731 name: "ServerHelloBogusCipher",
2732 config: Config{
2733 MaxVersion: VersionTLS12,
2734 Bugs: ProtocolBugs{
2735 SendCipherSuite: bogusCipher,
2736 },
2737 },
2738 shouldFail: true,
2739 expectedError: ":UNKNOWN_CIPHER_RETURNED:",
2740 })
2741 testCases = append(testCases, testCase{
2742 name: "ServerHelloBogusCipher-TLS13",
2743 config: Config{
2744 MaxVersion: VersionTLS13,
2745 Bugs: ProtocolBugs{
2746 SendCipherSuite: bogusCipher,
2747 },
2748 },
2749 shouldFail: true,
2750 expectedError: ":UNKNOWN_CIPHER_RETURNED:",
2751 })
2752
2753 testCases = append(testCases, testCase{
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2754 name: "WeakDH",
2755 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2756 MaxVersion: VersionTLS12,
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2757 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2758 Bugs: ProtocolBugs{
2759 // This is a 1023-bit prime number, generated
2760 // with:
2761 // openssl gendh 1023 | openssl asn1parse -i
2762 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2763 },
2764 },
2765 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2766 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2767 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2768
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2769 testCases = append(testCases, testCase{
2770 name: "SillyDH",
2771 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2772 MaxVersion: VersionTLS12,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2773 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2774 Bugs: ProtocolBugs{
2775 // This is a 4097-bit prime number, generated
2776 // with:
2777 // openssl gendh 4097 | openssl asn1parse -i
2778 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2779 },
2780 },
2781 shouldFail: true,
2782 expectedError: ":DH_P_TOO_LONG:",
2783 })
2784
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2785 // This test ensures that Diffie-Hellman public values are padded with
2786 // zeros so that they're the same length as the prime. This is to avoid
2787 // hitting a bug in yaSSL.
2788 testCases = append(testCases, testCase{
2789 testType: serverTest,
2790 name: "DHPublicValuePadded",
2791 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2792 MaxVersion: VersionTLS12,
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2793 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2794 Bugs: ProtocolBugs{
2795 RequireDHPublicValueLen: (1025 + 7) / 8,
2796 },
2797 },
2798 flags: []string{"-use-sparse-dh-prime"},
2799 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2800
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2801 // The server must be tolerant to bogus ciphers.
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2802 testCases = append(testCases, testCase{
2803 testType: serverTest,
2804 name: "UnknownCipher",
2805 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2806 MaxVersion: VersionTLS12,
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2807 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2808 Bugs: ProtocolBugs{
2809 AdvertiseAllConfiguredCiphers: true,
2810 },
2811 },
2812 })
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2813
2814 // The server must be tolerant to bogus ciphers.
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2815 testCases = append(testCases, testCase{
2816 testType: serverTest,
2817 name: "UnknownCipher-TLS13",
2818 config: Config{
2819 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2820 CipherSuites: []uint16{bogusCipher, TLS_AES_128_GCM_SHA256},
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2821 Bugs: ProtocolBugs{
2822 AdvertiseAllConfiguredCiphers: true,
2823 },
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2824 },
2825 })
2826
David Benjamin78679342016-09-16 19:42:05 -0400[diff] [blame]2827 // Test empty ECDHE_PSK identity hints work as expected.
2828 testCases = append(testCases, testCase{
2829 name: "EmptyECDHEPSKHint",
2830 config: Config{
2831 MaxVersion: VersionTLS12,
2832 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
2833 PreSharedKey: []byte("secret"),
2834 },
2835 flags: []string{"-psk", "secret"},
2836 })
2837
2838 // Test empty PSK identity hints work as expected, even if an explicit
2839 // ServerKeyExchange is sent.
2840 testCases = append(testCases, testCase{
2841 name: "ExplicitEmptyPSKHint",
2842 config: Config{
2843 MaxVersion: VersionTLS12,
2844 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2845 PreSharedKey: []byte("secret"),
2846 Bugs: ProtocolBugs{
2847 AlwaysSendPreSharedKeyIdentityHint: true,
2848 },
2849 },
2850 flags: []string{"-psk", "secret"},
2851 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2852}
2853
2854func addBadECDSASignatureTests() {
2855 for badR := BadValue(1); badR < NumBadValues; badR++ {
2856 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2857 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2858 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2859 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2860 MaxVersion: VersionTLS12,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2861 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]2862 Certificates: []Certificate{ecdsaP256Certificate},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2863 Bugs: ProtocolBugs{
2864 BadECDSAR: badR,
2865 BadECDSAS: badS,
2866 },
2867 },
2868 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2869 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2870 })
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2871 testCases = append(testCases, testCase{
2872 name: fmt.Sprintf("BadECDSA-%d-%d-TLS13", badR, badS),
2873 config: Config{
2874 MaxVersion: VersionTLS13,
2875 Certificates: []Certificate{ecdsaP256Certificate},
2876 Bugs: ProtocolBugs{
2877 BadECDSAR: badR,
2878 BadECDSAS: badS,
2879 },
2880 },
2881 shouldFail: true,
2882 expectedError: ":BAD_SIGNATURE:",
2883 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2884 }
2885 }
2886}
2887
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2888func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2889 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2890 name: "MaxCBCPadding",
2891 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2892 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2893 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2894 Bugs: ProtocolBugs{
2895 MaxPadding: true,
2896 },
2897 },
2898 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2899 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2900 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2901 name: "BadCBCPadding",
2902 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2903 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2904 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2905 Bugs: ProtocolBugs{
2906 PaddingFirstByteBad: true,
2907 },
2908 },
2909 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2910 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2911 })
2912 // OpenSSL previously had an issue where the first byte of padding in
2913 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2914 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2915 name: "BadCBCPadding255",
2916 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2917 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2918 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2919 Bugs: ProtocolBugs{
2920 MaxPadding: true,
2921 PaddingFirstByteBadIf255: true,
2922 },
2923 },
2924 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2925 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2926 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2927 })
2928}
2929
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2930func addCBCSplittingTests() {
2931 testCases = append(testCases, testCase{
2932 name: "CBCRecordSplitting",
2933 config: Config{
2934 MaxVersion: VersionTLS10,
2935 MinVersion: VersionTLS10,
2936 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2937 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2938 messageLen: -1, // read until EOF
2939 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2940 flags: []string{
2941 "-async",
2942 "-write-different-record-sizes",
2943 "-cbc-record-splitting",
2944 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2945 })
2946 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2947 name: "CBCRecordSplittingPartialWrite",
2948 config: Config{
2949 MaxVersion: VersionTLS10,
2950 MinVersion: VersionTLS10,
2951 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2952 },
2953 messageLen: -1, // read until EOF
2954 flags: []string{
2955 "-async",
2956 "-write-different-record-sizes",
2957 "-cbc-record-splitting",
2958 "-partial-write",
2959 },
2960 })
2961}
2962
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2963func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2964 // Add a dummy cert pool to stress certificate authority parsing.
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2965 certPool := x509.NewCertPool()
Adam Langley2ff79332017-02-28 13:45:39 -0800[diff] [blame]2966 for _, cert := range []Certificate{rsaCertificate, rsa1024Certificate} {
2967 cert, err := x509.ParseCertificate(cert.Certificate[0])
2968 if err != nil {
2969 panic(err)
2970 }
2971 certPool.AddCert(cert)
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2972 }
Adam Langley2ff79332017-02-28 13:45:39 -0800[diff] [blame]2973 caNames := certPool.Subjects()
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2974
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2975 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2976 testCases = append(testCases, testCase{
2977 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2978 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2979 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2980 MinVersion: ver.version,
2981 MaxVersion: ver.version,
2982 ClientAuth: RequireAnyClientCert,
2983 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2984 },
2985 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2986 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2987 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2988 },
2989 })
2990 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2991 testType: serverTest,
2992 name: ver.name + "-Server-ClientAuth-RSA",
2993 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2994 MinVersion: ver.version,
2995 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2996 Certificates: []Certificate{rsaCertificate},
2997 },
2998 flags: []string{"-require-any-client-certificate"},
2999 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]3000 if ver.version != VersionSSL30 {
3001 testCases = append(testCases, testCase{
3002 testType: serverTest,
3003 name: ver.name + "-Server-ClientAuth-ECDSA",
3004 config: Config{
3005 MinVersion: ver.version,
3006 MaxVersion: ver.version,
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3007 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]3008 },
3009 flags: []string{"-require-any-client-certificate"},
3010 })
3011 testCases = append(testCases, testCase{
3012 testType: clientTest,
3013 name: ver.name + "-Client-ClientAuth-ECDSA",
3014 config: Config{
3015 MinVersion: ver.version,
3016 MaxVersion: ver.version,
3017 ClientAuth: RequireAnyClientCert,
3018 ClientCAs: certPool,
3019 },
3020 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3021 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3022 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]3023 },
3024 })
3025 }
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]3026
3027 testCases = append(testCases, testCase{
3028 name: "NoClientCertificate-" + ver.name,
3029 config: Config{
3030 MinVersion: ver.version,
3031 MaxVersion: ver.version,
3032 ClientAuth: RequireAnyClientCert,
3033 },
3034 shouldFail: true,
3035 expectedLocalError: "client didn't provide a certificate",
3036 })
3037
3038 testCases = append(testCases, testCase{
3039 // Even if not configured to expect a certificate, OpenSSL will
3040 // return X509_V_OK as the verify_result.
3041 testType: serverTest,
3042 name: "NoClientCertificateRequested-Server-" + ver.name,
3043 config: Config{
3044 MinVersion: ver.version,
3045 MaxVersion: ver.version,
3046 },
3047 flags: []string{
3048 "-expect-verify-result",
3049 },
David Benjamin5d9ba812016-10-07 20:51:20 -0400[diff] [blame]3050 resumeSession: true,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]3051 })
3052
3053 testCases = append(testCases, testCase{
3054 // If a client certificate is not provided, OpenSSL will still
3055 // return X509_V_OK as the verify_result.
3056 testType: serverTest,
3057 name: "NoClientCertificate-Server-" + ver.name,
3058 config: Config{
3059 MinVersion: ver.version,
3060 MaxVersion: ver.version,
3061 },
3062 flags: []string{
3063 "-expect-verify-result",
3064 "-verify-peer",
3065 },
David Benjamin5d9ba812016-10-07 20:51:20 -0400[diff] [blame]3066 resumeSession: true,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]3067 })
3068
David Benjamin1db9e1b2016-10-07 20:51:43 -0400[diff] [blame]3069 certificateRequired := "remote error: certificate required"
3070 if ver.version < VersionTLS13 {
3071 // Prior to TLS 1.3, the generic handshake_failure alert
3072 // was used.
3073 certificateRequired = "remote error: handshake failure"
3074 }
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]3075 testCases = append(testCases, testCase{
3076 testType: serverTest,
3077 name: "RequireAnyClientCertificate-" + ver.name,
3078 config: Config{
3079 MinVersion: ver.version,
3080 MaxVersion: ver.version,
3081 },
David Benjamin1db9e1b2016-10-07 20:51:43 -0400[diff] [blame]3082 flags: []string{"-require-any-client-certificate"},
3083 shouldFail: true,
3084 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
3085 expectedLocalError: certificateRequired,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]3086 })
3087
3088 if ver.version != VersionSSL30 {
3089 testCases = append(testCases, testCase{
3090 testType: serverTest,
3091 name: "SkipClientCertificate-" + ver.name,
3092 config: Config{
3093 MinVersion: ver.version,
3094 MaxVersion: ver.version,
3095 Bugs: ProtocolBugs{
3096 SkipClientCertificate: true,
3097 },
3098 },
3099 // Setting SSL_VERIFY_PEER allows anonymous clients.
3100 flags: []string{"-verify-peer"},
3101 shouldFail: true,
3102 expectedError: ":UNEXPECTED_MESSAGE:",
3103 })
3104 }
Adam Langley2ff79332017-02-28 13:45:39 -0800[diff] [blame]3105
3106 testCases = append(testCases, testCase{
3107 testType: serverTest,
3108 name: ver.name + "-Server-CertReq-CA-List",
3109 config: Config{
3110 MinVersion: ver.version,
3111 MaxVersion: ver.version,
3112 Certificates: []Certificate{rsaCertificate},
3113 Bugs: ProtocolBugs{
3114 ExpectCertificateReqNames: caNames,
3115 },
3116 },
3117 flags: []string{
3118 "-require-any-client-certificate",
3119 "-use-client-ca-list", encodeDERValues(caNames),
3120 },
3121 })
3122
3123 testCases = append(testCases, testCase{
3124 testType: clientTest,
3125 name: ver.name + "-Client-CertReq-CA-List",
3126 config: Config{
3127 MinVersion: ver.version,
3128 MaxVersion: ver.version,
3129 Certificates: []Certificate{rsaCertificate},
3130 ClientAuth: RequireAnyClientCert,
3131 ClientCAs: certPool,
3132 },
3133 flags: []string{
3134 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3135 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3136 "-expect-client-ca-list", encodeDERValues(caNames),
3137 },
3138 })
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]3139 }
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3140
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3141 // Client auth is only legal in certificate-based ciphers.
3142 testCases = append(testCases, testCase{
3143 testType: clientTest,
3144 name: "ClientAuth-PSK",
3145 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3146 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3147 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3148 PreSharedKey: []byte("secret"),
3149 ClientAuth: RequireAnyClientCert,
3150 },
3151 flags: []string{
3152 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3153 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3154 "-psk", "secret",
3155 },
3156 shouldFail: true,
3157 expectedError: ":UNEXPECTED_MESSAGE:",
3158 })
3159 testCases = append(testCases, testCase{
3160 testType: clientTest,
3161 name: "ClientAuth-ECDHE_PSK",
3162 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3163 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3164 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
3165 PreSharedKey: []byte("secret"),
3166 ClientAuth: RequireAnyClientCert,
3167 },
3168 flags: []string{
3169 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3170 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3171 "-psk", "secret",
3172 },
3173 shouldFail: true,
3174 expectedError: ":UNEXPECTED_MESSAGE:",
3175 })
David Benjamin2f8935d2016-07-13 19:47:39 -0400[diff] [blame]3176
3177 // Regression test for a bug where the client CA list, if explicitly
3178 // set to NULL, was mis-encoded.
3179 testCases = append(testCases, testCase{
3180 testType: serverTest,
3181 name: "Null-Client-CA-List",
3182 config: Config{
3183 MaxVersion: VersionTLS12,
3184 Certificates: []Certificate{rsaCertificate},
Adam Langley2ff79332017-02-28 13:45:39 -0800[diff] [blame]3185 Bugs: ProtocolBugs{
3186 ExpectCertificateReqNames: [][]byte{},
3187 },
David Benjamin2f8935d2016-07-13 19:47:39 -0400[diff] [blame]3188 },
3189 flags: []string{
3190 "-require-any-client-certificate",
Adam Langley2ff79332017-02-28 13:45:39 -0800[diff] [blame]3191 "-use-client-ca-list", "<NULL>",
David Benjamin2f8935d2016-07-13 19:47:39 -0400[diff] [blame]3192 },
3193 })
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]3194}
3195
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3196func addExtendedMasterSecretTests() {
3197 const expectEMSFlag = "-expect-extended-master-secret"
3198
3199 for _, with := range []bool{false, true} {
3200 prefix := "No"
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3201 if with {
3202 prefix = ""
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3203 }
3204
3205 for _, isClient := range []bool{false, true} {
3206 suffix := "-Server"
3207 testType := serverTest
3208 if isClient {
3209 suffix = "-Client"
3210 testType = clientTest
3211 }
3212
3213 for _, ver := range tlsVersions {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3214 // In TLS 1.3, the extension is irrelevant and
3215 // always reports as enabled.
3216 var flags []string
3217 if with || ver.version >= VersionTLS13 {
3218 flags = []string{expectEMSFlag}
3219 }
3220
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3221 test := testCase{
3222 testType: testType,
3223 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
3224 config: Config{
3225 MinVersion: ver.version,
3226 MaxVersion: ver.version,
3227 Bugs: ProtocolBugs{
3228 NoExtendedMasterSecret: !with,
3229 RequireExtendedMasterSecret: with,
3230 },
3231 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]3232 flags: flags,
3233 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3234 }
3235 if test.shouldFail {
3236 test.expectedLocalError = "extended master secret required but not supported by peer"
3237 }
3238 testCases = append(testCases, test)
3239 }
3240 }
3241 }
3242
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3243 for _, isClient := range []bool{false, true} {
3244 for _, supportedInFirstConnection := range []bool{false, true} {
3245 for _, supportedInResumeConnection := range []bool{false, true} {
3246 boolToWord := func(b bool) string {
3247 if b {
3248 return "Yes"
3249 }
3250 return "No"
3251 }
3252 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
3253 if isClient {
3254 suffix += "Client"
3255 } else {
3256 suffix += "Server"
3257 }
3258
3259 supportedConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3260 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3261 Bugs: ProtocolBugs{
3262 RequireExtendedMasterSecret: true,
3263 },
3264 }
3265
3266 noSupportConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3267 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3268 Bugs: ProtocolBugs{
3269 NoExtendedMasterSecret: true,
3270 },
3271 }
3272
3273 test := testCase{
3274 name: "ExtendedMasterSecret-" + suffix,
3275 resumeSession: true,
3276 }
3277
3278 if !isClient {
3279 test.testType = serverTest
3280 }
3281
3282 if supportedInFirstConnection {
3283 test.config = supportedConfig
3284 } else {
3285 test.config = noSupportConfig
3286 }
3287
3288 if supportedInResumeConnection {
3289 test.resumeConfig = &supportedConfig
3290 } else {
3291 test.resumeConfig = &noSupportConfig
3292 }
3293
3294 switch suffix {
3295 case "YesToYes-Client", "YesToYes-Server":
3296 // When a session is resumed, it should
3297 // still be aware that its master
3298 // secret was generated via EMS and
3299 // thus it's safe to use tls-unique.
3300 test.flags = []string{expectEMSFlag}
3301 case "NoToYes-Server":
3302 // If an original connection did not
3303 // contain EMS, but a resumption
3304 // handshake does, then a server should
3305 // not resume the session.
3306 test.expectResumeRejected = true
3307 case "YesToNo-Server":
3308 // Resuming an EMS session without the
3309 // EMS extension should cause the
3310 // server to abort the connection.
3311 test.shouldFail = true
3312 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
3313 case "NoToYes-Client":
3314 // A client should abort a connection
3315 // where the server resumed a non-EMS
3316 // session but echoed the EMS
3317 // extension.
3318 test.shouldFail = true
3319 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
3320 case "YesToNo-Client":
3321 // A client should abort a connection
3322 // where the server didn't echo EMS
3323 // when the session used it.
3324 test.shouldFail = true
3325 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
3326 }
3327
3328 testCases = append(testCases, test)
3329 }
3330 }
3331 }
David Benjamin163c9562016-08-29 23:14:17 -0400[diff] [blame]3332
3333 // Switching EMS on renegotiation is forbidden.
3334 testCases = append(testCases, testCase{
3335 name: "ExtendedMasterSecret-Renego-NoEMS",
3336 config: Config{
3337 MaxVersion: VersionTLS12,
3338 Bugs: ProtocolBugs{
3339 NoExtendedMasterSecret: true,
3340 NoExtendedMasterSecretOnRenegotiation: true,
3341 },
3342 },
3343 renegotiate: 1,
3344 flags: []string{
3345 "-renegotiate-freely",
3346 "-expect-total-renegotiations", "1",
3347 },
3348 })
3349
3350 testCases = append(testCases, testCase{
3351 name: "ExtendedMasterSecret-Renego-Upgrade",
3352 config: Config{
3353 MaxVersion: VersionTLS12,
3354 Bugs: ProtocolBugs{
3355 NoExtendedMasterSecret: true,
3356 },
3357 },
3358 renegotiate: 1,
3359 flags: []string{
3360 "-renegotiate-freely",
3361 "-expect-total-renegotiations", "1",
3362 },
3363 shouldFail: true,
3364 expectedError: ":RENEGOTIATION_EMS_MISMATCH:",
3365 })
3366
3367 testCases = append(testCases, testCase{
3368 name: "ExtendedMasterSecret-Renego-Downgrade",
3369 config: Config{
3370 MaxVersion: VersionTLS12,
3371 Bugs: ProtocolBugs{
3372 NoExtendedMasterSecretOnRenegotiation: true,
3373 },
3374 },
3375 renegotiate: 1,
3376 flags: []string{
3377 "-renegotiate-freely",
3378 "-expect-total-renegotiations", "1",
3379 },
3380 shouldFail: true,
3381 expectedError: ":RENEGOTIATION_EMS_MISMATCH:",
3382 })
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3383}
3384
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3385type stateMachineTestConfig struct {
3386 protocol protocol
3387 async bool
3388 splitHandshake, packHandshakeFlight bool
3389}
3390
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3391// Adds tests that try to cover the range of the handshake state machine, under
3392// various conditions. Some of these are redundant with other tests, but they
3393// only cover the synchronous case.
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3394func addAllStateMachineCoverageTests() {
3395 for _, async := range []bool{false, true} {
3396 for _, protocol := range []protocol{tls, dtls} {
3397 addStateMachineCoverageTests(stateMachineTestConfig{
3398 protocol: protocol,
3399 async: async,
3400 })
3401 addStateMachineCoverageTests(stateMachineTestConfig{
3402 protocol: protocol,
3403 async: async,
3404 splitHandshake: true,
3405 })
3406 if protocol == tls {
3407 addStateMachineCoverageTests(stateMachineTestConfig{
3408 protocol: protocol,
3409 async: async,
3410 packHandshakeFlight: true,
3411 })
3412 }
3413 }
3414 }
3415}
3416
3417func addStateMachineCoverageTests(config stateMachineTestConfig) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3418 var tests []testCase
3419
3420 // Basic handshake, with resumption. Client and server,
3421 // session ID and session ticket.
3422 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3423 name: "Basic-Client",
3424 config: Config{
3425 MaxVersion: VersionTLS12,
3426 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3427 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3428 // Ensure session tickets are used, not session IDs.
3429 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3430 })
3431 tests = append(tests, testCase{
3432 name: "Basic-Client-RenewTicket",
3433 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3434 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3435 Bugs: ProtocolBugs{
3436 RenewTicketOnResume: true,
3437 },
3438 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3439 flags: []string{"-expect-ticket-renewal"},
3440 resumeSession: true,
3441 resumeRenewedSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3442 })
3443 tests = append(tests, testCase{
3444 name: "Basic-Client-NoTicket",
3445 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3446 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3447 SessionTicketsDisabled: true,
3448 },
3449 resumeSession: true,
3450 })
3451 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3452 name: "Basic-Client-Implicit",
3453 config: Config{
3454 MaxVersion: VersionTLS12,
3455 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3456 flags: []string{"-implicit-handshake"},
3457 resumeSession: true,
3458 })
3459 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3460 testType: serverTest,
3461 name: "Basic-Server",
3462 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3463 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3464 Bugs: ProtocolBugs{
3465 RequireSessionTickets: true,
3466 },
3467 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3468 resumeSession: true,
David Benjaminb5c58db2017-01-28 01:39:29 -0500[diff] [blame]3469 flags: []string{"-expect-no-session-id"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3470 })
3471 tests = append(tests, testCase{
3472 testType: serverTest,
3473 name: "Basic-Server-NoTickets",
3474 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3475 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3476 SessionTicketsDisabled: true,
3477 },
3478 resumeSession: true,
David Benjaminb5c58db2017-01-28 01:39:29 -0500[diff] [blame]3479 flags: []string{"-expect-session-id"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3480 })
3481 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3482 testType: serverTest,
3483 name: "Basic-Server-Implicit",
3484 config: Config{
3485 MaxVersion: VersionTLS12,
3486 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3487 flags: []string{"-implicit-handshake"},
3488 resumeSession: true,
3489 })
3490 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3491 testType: serverTest,
3492 name: "Basic-Server-EarlyCallback",
3493 config: Config{
3494 MaxVersion: VersionTLS12,
3495 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3496 flags: []string{"-use-early-callback"},
3497 resumeSession: true,
3498 })
3499
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3500 // TLS 1.3 basic handshake shapes.
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3501 if config.protocol == tls {
3502 tests = append(tests, testCase{
3503 name: "TLS13-1RTT-Client",
3504 config: Config{
3505 MaxVersion: VersionTLS13,
3506 MinVersion: VersionTLS13,
3507 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3508 resumeSession: true,
3509 resumeRenewedSession: true,
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3510 })
3511
3512 tests = append(tests, testCase{
3513 testType: serverTest,
3514 name: "TLS13-1RTT-Server",
3515 config: Config{
3516 MaxVersion: VersionTLS13,
3517 MinVersion: VersionTLS13,
3518 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3519 resumeSession: true,
3520 resumeRenewedSession: true,
David Benjaminb5c58db2017-01-28 01:39:29 -0500[diff] [blame]3521 // TLS 1.3 uses tickets, so the session should not be
3522 // cached statefully.
3523 flags: []string{"-expect-no-session-id"},
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3524 })
3525
3526 tests = append(tests, testCase{
3527 name: "TLS13-HelloRetryRequest-Client",
3528 config: Config{
3529 MaxVersion: VersionTLS13,
3530 MinVersion: VersionTLS13,
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]3531 // P-384 requires a HelloRetryRequest against BoringSSL's default
3532 // configuration. Assert this with ExpectMissingKeyShare.
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3533 CurvePreferences: []CurveID{CurveP384},
3534 Bugs: ProtocolBugs{
3535 ExpectMissingKeyShare: true,
3536 },
3537 },
3538 // Cover HelloRetryRequest during an ECDHE-PSK resumption.
3539 resumeSession: true,
3540 })
3541
3542 tests = append(tests, testCase{
3543 testType: serverTest,
3544 name: "TLS13-HelloRetryRequest-Server",
3545 config: Config{
3546 MaxVersion: VersionTLS13,
3547 MinVersion: VersionTLS13,
3548 // Require a HelloRetryRequest for every curve.
3549 DefaultCurves: []CurveID{},
3550 },
3551 // Cover HelloRetryRequest during an ECDHE-PSK resumption.
3552 resumeSession: true,
3553 })
3554 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3555
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3556 // TLS client auth.
3557 tests = append(tests, testCase{
3558 testType: clientTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3559 name: "ClientAuth-NoCertificate-Client",
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3560 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3561 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3562 ClientAuth: RequestClientCert,
3563 },
3564 })
3565 tests = append(tests, testCase{
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3566 testType: serverTest,
3567 name: "ClientAuth-NoCertificate-Server",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3568 config: Config{
3569 MaxVersion: VersionTLS12,
3570 },
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3571 // Setting SSL_VERIFY_PEER allows anonymous clients.
3572 flags: []string{"-verify-peer"},
3573 })
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3574 if config.protocol == tls {
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3575 tests = append(tests, testCase{
3576 testType: clientTest,
3577 name: "ClientAuth-NoCertificate-Client-SSL3",
3578 config: Config{
3579 MaxVersion: VersionSSL30,
3580 ClientAuth: RequestClientCert,
3581 },
3582 })
3583 tests = append(tests, testCase{
3584 testType: serverTest,
3585 name: "ClientAuth-NoCertificate-Server-SSL3",
3586 config: Config{
3587 MaxVersion: VersionSSL30,
3588 },
3589 // Setting SSL_VERIFY_PEER allows anonymous clients.
3590 flags: []string{"-verify-peer"},
3591 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3592 tests = append(tests, testCase{
3593 testType: clientTest,
3594 name: "ClientAuth-NoCertificate-Client-TLS13",
3595 config: Config{
3596 MaxVersion: VersionTLS13,
3597 ClientAuth: RequestClientCert,
3598 },
3599 })
3600 tests = append(tests, testCase{
3601 testType: serverTest,
3602 name: "ClientAuth-NoCertificate-Server-TLS13",
3603 config: Config{
3604 MaxVersion: VersionTLS13,
3605 },
3606 // Setting SSL_VERIFY_PEER allows anonymous clients.
3607 flags: []string{"-verify-peer"},
3608 })
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3609 }
3610 tests = append(tests, testCase{
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3611 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3612 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3613 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3614 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3615 ClientAuth: RequireAnyClientCert,
3616 },
3617 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3618 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3619 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3620 },
3621 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3622 tests = append(tests, testCase{
3623 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3624 name: "ClientAuth-RSA-Client-TLS13",
3625 config: Config{
3626 MaxVersion: VersionTLS13,
3627 ClientAuth: RequireAnyClientCert,
3628 },
3629 flags: []string{
3630 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3631 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3632 },
3633 })
3634 tests = append(tests, testCase{
3635 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3636 name: "ClientAuth-ECDSA-Client",
3637 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3638 MaxVersion: VersionTLS12,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3639 ClientAuth: RequireAnyClientCert,
3640 },
3641 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3642 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3643 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3644 },
3645 })
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3646 tests = append(tests, testCase{
3647 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3648 name: "ClientAuth-ECDSA-Client-TLS13",
3649 config: Config{
3650 MaxVersion: VersionTLS13,
3651 ClientAuth: RequireAnyClientCert,
3652 },
3653 flags: []string{
3654 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3655 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
3656 },
3657 })
3658 tests = append(tests, testCase{
3659 testType: clientTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3660 name: "ClientAuth-NoCertificate-OldCallback",
3661 config: Config{
3662 MaxVersion: VersionTLS12,
3663 ClientAuth: RequestClientCert,
3664 },
3665 flags: []string{"-use-old-client-cert-callback"},
3666 })
3667 tests = append(tests, testCase{
3668 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3669 name: "ClientAuth-NoCertificate-OldCallback-TLS13",
3670 config: Config{
3671 MaxVersion: VersionTLS13,
3672 ClientAuth: RequestClientCert,
3673 },
3674 flags: []string{"-use-old-client-cert-callback"},
3675 })
3676 tests = append(tests, testCase{
3677 testType: clientTest,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3678 name: "ClientAuth-OldCallback",
3679 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3680 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3681 ClientAuth: RequireAnyClientCert,
3682 },
3683 flags: []string{
3684 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3685 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3686 "-use-old-client-cert-callback",
3687 },
3688 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3689 tests = append(tests, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3690 testType: clientTest,
3691 name: "ClientAuth-OldCallback-TLS13",
3692 config: Config{
3693 MaxVersion: VersionTLS13,
3694 ClientAuth: RequireAnyClientCert,
3695 },
3696 flags: []string{
3697 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3698 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3699 "-use-old-client-cert-callback",
3700 },
3701 })
3702 tests = append(tests, testCase{
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3703 testType: serverTest,
3704 name: "ClientAuth-Server",
3705 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3706 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3707 Certificates: []Certificate{rsaCertificate},
3708 },
3709 flags: []string{"-require-any-client-certificate"},
3710 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3711 tests = append(tests, testCase{
3712 testType: serverTest,
3713 name: "ClientAuth-Server-TLS13",
3714 config: Config{
3715 MaxVersion: VersionTLS13,
3716 Certificates: []Certificate{rsaCertificate},
3717 },
3718 flags: []string{"-require-any-client-certificate"},
3719 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3720
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3721 // Test each key exchange on the server side for async keys.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3722 tests = append(tests, testCase{
3723 testType: serverTest,
3724 name: "Basic-Server-RSA",
3725 config: Config{
3726 MaxVersion: VersionTLS12,
3727 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3728 },
3729 flags: []string{
3730 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3731 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3732 },
3733 })
3734 tests = append(tests, testCase{
3735 testType: serverTest,
3736 name: "Basic-Server-ECDHE-RSA",
3737 config: Config{
3738 MaxVersion: VersionTLS12,
3739 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3740 },
3741 flags: []string{
3742 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3743 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3744 },
3745 })
3746 tests = append(tests, testCase{
3747 testType: serverTest,
3748 name: "Basic-Server-ECDHE-ECDSA",
3749 config: Config{
3750 MaxVersion: VersionTLS12,
3751 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
3752 },
3753 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3754 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3755 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3756 },
3757 })
3758
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3759 // No session ticket support; server doesn't send NewSessionTicket.
3760 tests = append(tests, testCase{
3761 name: "SessionTicketsDisabled-Client",
3762 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3763 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3764 SessionTicketsDisabled: true,
3765 },
3766 })
3767 tests = append(tests, testCase{
3768 testType: serverTest,
3769 name: "SessionTicketsDisabled-Server",
3770 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3771 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3772 SessionTicketsDisabled: true,
3773 },
3774 })
3775
3776 // Skip ServerKeyExchange in PSK key exchange if there's no
3777 // identity hint.
3778 tests = append(tests, testCase{
3779 name: "EmptyPSKHint-Client",
3780 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3781 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3782 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3783 PreSharedKey: []byte("secret"),
3784 },
3785 flags: []string{"-psk", "secret"},
3786 })
3787 tests = append(tests, testCase{
3788 testType: serverTest,
3789 name: "EmptyPSKHint-Server",
3790 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3791 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3792 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3793 PreSharedKey: []byte("secret"),
3794 },
3795 flags: []string{"-psk", "secret"},
3796 })
3797
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3798 // OCSP stapling tests.
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3799 tests = append(tests, testCase{
3800 testType: clientTest,
3801 name: "OCSPStapling-Client",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3802 config: Config{
3803 MaxVersion: VersionTLS12,
3804 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3805 flags: []string{
3806 "-enable-ocsp-stapling",
3807 "-expect-ocsp-response",
3808 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3809 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3810 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3811 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3812 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3813 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3814 testType: serverTest,
3815 name: "OCSPStapling-Server",
3816 config: Config{
3817 MaxVersion: VersionTLS12,
3818 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3819 expectedOCSPResponse: testOCSPResponse,
3820 flags: []string{
3821 "-ocsp-response",
3822 base64.StdEncoding.EncodeToString(testOCSPResponse),
3823 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3824 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3825 })
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3826 tests = append(tests, testCase{
3827 testType: clientTest,
3828 name: "OCSPStapling-Client-TLS13",
3829 config: Config{
3830 MaxVersion: VersionTLS13,
3831 },
3832 flags: []string{
3833 "-enable-ocsp-stapling",
3834 "-expect-ocsp-response",
3835 base64.StdEncoding.EncodeToString(testOCSPResponse),
3836 "-verify-peer",
3837 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3838 resumeSession: true,
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3839 })
3840 tests = append(tests, testCase{
3841 testType: serverTest,
3842 name: "OCSPStapling-Server-TLS13",
3843 config: Config{
3844 MaxVersion: VersionTLS13,
3845 },
3846 expectedOCSPResponse: testOCSPResponse,
3847 flags: []string{
3848 "-ocsp-response",
3849 base64.StdEncoding.EncodeToString(testOCSPResponse),
3850 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3851 resumeSession: true,
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3852 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3853
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3854 // Certificate verification tests.
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3855 for _, vers := range tlsVersions {
3856 if config.protocol == dtls && !vers.hasDTLS {
3857 continue
3858 }
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3859 for _, testType := range []testType{clientTest, serverTest} {
3860 suffix := "-Client"
3861 if testType == serverTest {
3862 suffix = "-Server"
3863 }
3864 suffix += "-" + vers.name
3865
3866 flag := "-verify-peer"
3867 if testType == serverTest {
3868 flag = "-require-any-client-certificate"
3869 }
3870
3871 tests = append(tests, testCase{
3872 testType: testType,
3873 name: "CertificateVerificationSucceed" + suffix,
3874 config: Config{
3875 MaxVersion: vers.version,
3876 Certificates: []Certificate{rsaCertificate},
3877 },
3878 flags: []string{
3879 flag,
3880 "-expect-verify-result",
3881 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3882 resumeSession: true,
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3883 })
3884 tests = append(tests, testCase{
3885 testType: testType,
3886 name: "CertificateVerificationFail" + suffix,
3887 config: Config{
3888 MaxVersion: vers.version,
3889 Certificates: []Certificate{rsaCertificate},
3890 },
3891 flags: []string{
3892 flag,
3893 "-verify-fail",
3894 },
3895 shouldFail: true,
3896 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
3897 })
3898 }
3899
3900 // By default, the client is in a soft fail mode where the peer
3901 // certificate is verified but failures are non-fatal.
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3902 tests = append(tests, testCase{
3903 testType: clientTest,
3904 name: "CertificateVerificationSoftFail-" + vers.name,
3905 config: Config{
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3906 MaxVersion: vers.version,
3907 Certificates: []Certificate{rsaCertificate},
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3908 },
3909 flags: []string{
3910 "-verify-fail",
3911 "-expect-verify-result",
3912 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3913 resumeSession: true,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3914 })
3915 }
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3916
David Benjamin1d4f4c02016-07-26 18:03:08 -0400[diff] [blame]3917 tests = append(tests, testCase{
3918 name: "ShimSendAlert",
3919 flags: []string{"-send-alert"},
3920 shimWritesFirst: true,
3921 shouldFail: true,
3922 expectedLocalError: "remote error: decompression failure",
3923 })
3924
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3925 if config.protocol == tls {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3926 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3927 name: "Renegotiate-Client",
3928 config: Config{
3929 MaxVersion: VersionTLS12,
3930 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3931 renegotiate: 1,
3932 flags: []string{
3933 "-renegotiate-freely",
3934 "-expect-total-renegotiations", "1",
3935 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3936 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3937
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]3938 tests = append(tests, testCase{
3939 name: "SendHalfHelloRequest",
3940 config: Config{
3941 MaxVersion: VersionTLS12,
3942 Bugs: ProtocolBugs{
3943 PackHelloRequestWithFinished: config.packHandshakeFlight,
3944 },
3945 },
3946 sendHalfHelloRequest: true,
3947 flags: []string{"-renegotiate-ignore"},
3948 shouldFail: true,
3949 expectedError: ":UNEXPECTED_RECORD:",
3950 })
3951
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3952 // NPN on client and server; results in post-handshake message.
3953 tests = append(tests, testCase{
3954 name: "NPN-Client",
3955 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3956 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3957 NextProtos: []string{"foo"},
3958 },
3959 flags: []string{"-select-next-proto", "foo"},
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3960 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3961 expectedNextProto: "foo",
3962 expectedNextProtoType: npn,
3963 })
3964 tests = append(tests, testCase{
3965 testType: serverTest,
3966 name: "NPN-Server",
3967 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3968 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3969 NextProtos: []string{"bar"},
3970 },
3971 flags: []string{
3972 "-advertise-npn", "\x03foo\x03bar\x03baz",
3973 "-expect-next-proto", "bar",
3974 },
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3975 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3976 expectedNextProto: "bar",
3977 expectedNextProtoType: npn,
3978 })
3979
3980 // TODO(davidben): Add tests for when False Start doesn't trigger.
3981
3982 // Client does False Start and negotiates NPN.
3983 tests = append(tests, testCase{
3984 name: "FalseStart",
3985 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3986 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3987 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3988 NextProtos: []string{"foo"},
3989 Bugs: ProtocolBugs{
3990 ExpectFalseStart: true,
3991 },
3992 },
3993 flags: []string{
3994 "-false-start",
3995 "-select-next-proto", "foo",
3996 },
3997 shimWritesFirst: true,
3998 resumeSession: true,
3999 })
4000
4001 // Client does False Start and negotiates ALPN.
4002 tests = append(tests, testCase{
4003 name: "FalseStart-ALPN",
4004 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4005 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4006 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4007 NextProtos: []string{"foo"},
4008 Bugs: ProtocolBugs{
4009 ExpectFalseStart: true,
4010 },
4011 },
4012 flags: []string{
4013 "-false-start",
4014 "-advertise-alpn", "\x03foo",
4015 },
4016 shimWritesFirst: true,
4017 resumeSession: true,
4018 })
4019
4020 // Client does False Start but doesn't explicitly call
4021 // SSL_connect.
4022 tests = append(tests, testCase{
4023 name: "FalseStart-Implicit",
4024 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4025 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4026 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4027 NextProtos: []string{"foo"},
4028 },
4029 flags: []string{
4030 "-implicit-handshake",
4031 "-false-start",
4032 "-advertise-alpn", "\x03foo",
4033 },
4034 })
4035
4036 // False Start without session tickets.
4037 tests = append(tests, testCase{
4038 name: "FalseStart-SessionTicketsDisabled",
4039 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4040 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4041 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4042 NextProtos: []string{"foo"},
4043 SessionTicketsDisabled: true,
4044 Bugs: ProtocolBugs{
4045 ExpectFalseStart: true,
4046 },
4047 },
4048 flags: []string{
4049 "-false-start",
4050 "-select-next-proto", "foo",
4051 },
4052 shimWritesFirst: true,
4053 })
4054
4055 // Server parses a V2ClientHello.
4056 tests = append(tests, testCase{
4057 testType: serverTest,
4058 name: "SendV2ClientHello",
4059 config: Config{
4060 // Choose a cipher suite that does not involve
4061 // elliptic curves, so no extensions are
4062 // involved.
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4063 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]4064 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4065 Bugs: ProtocolBugs{
4066 SendV2ClientHello: true,
4067 },
4068 },
4069 })
4070
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]4071 // Test Channel ID
4072 for _, ver := range tlsVersions {
Nick Harperc9846112016-10-17 15:05:35 -0700[diff] [blame]4073 if ver.version < VersionTLS10 {
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]4074 continue
4075 }
4076 // Client sends a Channel ID.
4077 tests = append(tests, testCase{
4078 name: "ChannelID-Client-" + ver.name,
4079 config: Config{
4080 MaxVersion: ver.version,
4081 RequestChannelID: true,
4082 },
4083 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
4084 resumeSession: true,
4085 expectChannelID: true,
4086 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4087
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]4088 // Server accepts a Channel ID.
4089 tests = append(tests, testCase{
4090 testType: serverTest,
4091 name: "ChannelID-Server-" + ver.name,
4092 config: Config{
4093 MaxVersion: ver.version,
4094 ChannelID: channelIDKey,
4095 },
4096 flags: []string{
4097 "-expect-channel-id",
4098 base64.StdEncoding.EncodeToString(channelIDBytes),
4099 },
4100 resumeSession: true,
4101 expectChannelID: true,
4102 })
4103
4104 tests = append(tests, testCase{
4105 testType: serverTest,
4106 name: "InvalidChannelIDSignature-" + ver.name,
4107 config: Config{
4108 MaxVersion: ver.version,
4109 ChannelID: channelIDKey,
4110 Bugs: ProtocolBugs{
4111 InvalidChannelIDSignature: true,
4112 },
4113 },
4114 flags: []string{"-enable-channel-id"},
4115 shouldFail: true,
4116 expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:",
4117 })
4118 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4119
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4120 // Channel ID and NPN at the same time, to ensure their relative
4121 // ordering is correct.
4122 tests = append(tests, testCase{
4123 name: "ChannelID-NPN-Client",
4124 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4125 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4126 RequestChannelID: true,
4127 NextProtos: []string{"foo"},
4128 },
4129 flags: []string{
4130 "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
4131 "-select-next-proto", "foo",
4132 },
4133 resumeSession: true,
4134 expectChannelID: true,
4135 expectedNextProto: "foo",
4136 expectedNextProtoType: npn,
4137 })
4138 tests = append(tests, testCase{
4139 testType: serverTest,
4140 name: "ChannelID-NPN-Server",
4141 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4142 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4143 ChannelID: channelIDKey,
4144 NextProtos: []string{"bar"},
4145 },
4146 flags: []string{
4147 "-expect-channel-id",
4148 base64.StdEncoding.EncodeToString(channelIDBytes),
4149 "-advertise-npn", "\x03foo\x03bar\x03baz",
4150 "-expect-next-proto", "bar",
4151 },
4152 resumeSession: true,
4153 expectChannelID: true,
4154 expectedNextProto: "bar",
4155 expectedNextProtoType: npn,
4156 })
4157
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4158 // Bidirectional shutdown with the runner initiating.
4159 tests = append(tests, testCase{
4160 name: "Shutdown-Runner",
4161 config: Config{
4162 Bugs: ProtocolBugs{
4163 ExpectCloseNotify: true,
4164 },
4165 },
4166 flags: []string{"-check-close-notify"},
4167 })
4168
4169 // Bidirectional shutdown with the shim initiating. The runner,
4170 // in the meantime, sends garbage before the close_notify which
4171 // the shim must ignore.
4172 tests = append(tests, testCase{
4173 name: "Shutdown-Shim",
4174 config: Config{
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]4175 MaxVersion: VersionTLS12,
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4176 Bugs: ProtocolBugs{
4177 ExpectCloseNotify: true,
4178 },
4179 },
4180 shimShutsDown: true,
4181 sendEmptyRecords: 1,
4182 sendWarningAlerts: 1,
4183 flags: []string{"-check-close-notify"},
4184 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4185 } else {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4186 // TODO(davidben): DTLS 1.3 will want a similar thing for
4187 // HelloRetryRequest.
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4188 tests = append(tests, testCase{
4189 name: "SkipHelloVerifyRequest",
4190 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4191 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4192 Bugs: ProtocolBugs{
4193 SkipHelloVerifyRequest: true,
4194 },
4195 },
4196 })
4197 }
4198
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4199 for _, test := range tests {
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4200 test.protocol = config.protocol
4201 if config.protocol == dtls {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4202 test.name += "-DTLS"
4203 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4204 if config.async {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4205 test.name += "-Async"
4206 test.flags = append(test.flags, "-async")
4207 } else {
4208 test.name += "-Sync"
4209 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4210 if config.splitHandshake {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4211 test.name += "-SplitHandshakeRecords"
4212 test.config.Bugs.MaxHandshakeRecordLength = 1
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4213 if config.protocol == dtls {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4214 test.config.Bugs.MaxPacketLength = 256
4215 test.flags = append(test.flags, "-mtu", "256")
4216 }
4217 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4218 if config.packHandshakeFlight {
4219 test.name += "-PackHandshakeFlight"
4220 test.config.Bugs.PackHandshakeFlight = true
4221 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4222 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4223 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4224}
4225
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4226func addDDoSCallbackTests() {
4227 // DDoS callback.
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4228 for _, resume := range []bool{false, true} {
4229 suffix := "Resume"
4230 if resume {
4231 suffix = "No" + suffix
4232 }
4233
4234 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4235 testType: serverTest,
4236 name: "Server-DDoS-OK-" + suffix,
4237 config: Config{
4238 MaxVersion: VersionTLS12,
4239 },
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4240 flags: []string{"-install-ddos-callback"},
4241 resumeSession: resume,
4242 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4243 testCases = append(testCases, testCase{
4244 testType: serverTest,
4245 name: "Server-DDoS-OK-" + suffix + "-TLS13",
4246 config: Config{
4247 MaxVersion: VersionTLS13,
4248 },
4249 flags: []string{"-install-ddos-callback"},
4250 resumeSession: resume,
4251 })
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4252
4253 failFlag := "-fail-ddos-callback"
4254 if resume {
4255 failFlag = "-fail-second-ddos-callback"
4256 }
4257 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4258 testType: serverTest,
4259 name: "Server-DDoS-Reject-" + suffix,
4260 config: Config{
4261 MaxVersion: VersionTLS12,
4262 },
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]4263 flags: []string{"-install-ddos-callback", failFlag},
4264 resumeSession: resume,
4265 shouldFail: true,
4266 expectedError: ":CONNECTION_REJECTED:",
4267 expectedLocalError: "remote error: internal error",
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4268 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4269 testCases = append(testCases, testCase{
4270 testType: serverTest,
4271 name: "Server-DDoS-Reject-" + suffix + "-TLS13",
4272 config: Config{
4273 MaxVersion: VersionTLS13,
4274 },
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]4275 flags: []string{"-install-ddos-callback", failFlag},
4276 resumeSession: resume,
4277 shouldFail: true,
4278 expectedError: ":CONNECTION_REJECTED:",
4279 expectedLocalError: "remote error: internal error",
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4280 })
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4281 }
4282}
4283
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4284func addVersionNegotiationTests() {
4285 for i, shimVers := range tlsVersions {
4286 // Assemble flags to disable all newer versions on the shim.
4287 var flags []string
4288 for _, vers := range tlsVersions[i+1:] {
4289 flags = append(flags, vers.flag)
4290 }
4291
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4292 // Test configuring the runner's maximum version.
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4293 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4294 protocols := []protocol{tls}
4295 if runnerVers.hasDTLS && shimVers.hasDTLS {
4296 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4297 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4298 for _, protocol := range protocols {
4299 expectedVersion := shimVers.version
4300 if runnerVers.version < shimVers.version {
4301 expectedVersion = runnerVers.version
4302 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4303
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4304 suffix := shimVers.name + "-" + runnerVers.name
4305 if protocol == dtls {
4306 suffix += "-DTLS"
4307 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4308
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4309 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
4310
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4311 // Determine the expected initial record-layer versions.
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4312 clientVers := shimVers.version
4313 if clientVers > VersionTLS10 {
4314 clientVers = VersionTLS10
4315 }
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4316 clientVers = versionToWire(clientVers, protocol == dtls)
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4317 serverVers := expectedVersion
4318 if expectedVersion >= VersionTLS13 {
4319 serverVers = VersionTLS10
4320 }
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4321 serverVers = versionToWire(serverVers, protocol == dtls)
4322
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4323 testCases = append(testCases, testCase{
4324 protocol: protocol,
4325 testType: clientTest,
4326 name: "VersionNegotiation-Client-" + suffix,
4327 config: Config{
4328 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4329 Bugs: ProtocolBugs{
4330 ExpectInitialRecordVersion: clientVers,
4331 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4332 },
4333 flags: flags,
4334 expectedVersion: expectedVersion,
4335 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4336 testCases = append(testCases, testCase{
4337 protocol: protocol,
4338 testType: clientTest,
4339 name: "VersionNegotiation-Client2-" + suffix,
4340 config: Config{
4341 MaxVersion: runnerVers.version,
4342 Bugs: ProtocolBugs{
4343 ExpectInitialRecordVersion: clientVers,
4344 },
4345 },
4346 flags: []string{"-max-version", shimVersFlag},
4347 expectedVersion: expectedVersion,
4348 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4349
4350 testCases = append(testCases, testCase{
4351 protocol: protocol,
4352 testType: serverTest,
4353 name: "VersionNegotiation-Server-" + suffix,
4354 config: Config{
4355 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4356 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4357 ExpectInitialRecordVersion: serverVers,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4358 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4359 },
4360 flags: flags,
4361 expectedVersion: expectedVersion,
4362 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4363 testCases = append(testCases, testCase{
4364 protocol: protocol,
4365 testType: serverTest,
4366 name: "VersionNegotiation-Server2-" + suffix,
4367 config: Config{
4368 MaxVersion: runnerVers.version,
4369 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4370 ExpectInitialRecordVersion: serverVers,
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4371 },
4372 },
4373 flags: []string{"-max-version", shimVersFlag},
4374 expectedVersion: expectedVersion,
4375 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4376 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4377 }
4378 }
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4379
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4380 // Test the version extension at all versions.
4381 for _, vers := range tlsVersions {
4382 protocols := []protocol{tls}
4383 if vers.hasDTLS {
4384 protocols = append(protocols, dtls)
4385 }
4386 for _, protocol := range protocols {
4387 suffix := vers.name
4388 if protocol == dtls {
4389 suffix += "-DTLS"
4390 }
4391
4392 wireVersion := versionToWire(vers.version, protocol == dtls)
4393 testCases = append(testCases, testCase{
4394 protocol: protocol,
4395 testType: serverTest,
4396 name: "VersionNegotiationExtension-" + suffix,
4397 config: Config{
4398 Bugs: ProtocolBugs{
4399 SendSupportedVersions: []uint16{0x1111, wireVersion, 0x2222},
4400 },
4401 },
4402 expectedVersion: vers.version,
4403 })
4404 }
4405
4406 }
4407
4408 // If all versions are unknown, negotiation fails.
4409 testCases = append(testCases, testCase{
4410 testType: serverTest,
4411 name: "NoSupportedVersions",
4412 config: Config{
4413 Bugs: ProtocolBugs{
4414 SendSupportedVersions: []uint16{0x1111},
4415 },
4416 },
4417 shouldFail: true,
4418 expectedError: ":UNSUPPORTED_PROTOCOL:",
4419 })
4420 testCases = append(testCases, testCase{
4421 protocol: dtls,
4422 testType: serverTest,
4423 name: "NoSupportedVersions-DTLS",
4424 config: Config{
4425 Bugs: ProtocolBugs{
4426 SendSupportedVersions: []uint16{0x1111},
4427 },
4428 },
4429 shouldFail: true,
4430 expectedError: ":UNSUPPORTED_PROTOCOL:",
4431 })
4432
4433 testCases = append(testCases, testCase{
4434 testType: serverTest,
4435 name: "ClientHelloVersionTooHigh",
4436 config: Config{
4437 MaxVersion: VersionTLS13,
4438 Bugs: ProtocolBugs{
4439 SendClientVersion: 0x0304,
4440 OmitSupportedVersions: true,
4441 },
4442 },
4443 expectedVersion: VersionTLS12,
4444 })
4445
4446 testCases = append(testCases, testCase{
4447 testType: serverTest,
4448 name: "ConflictingVersionNegotiation",
4449 config: Config{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4450 Bugs: ProtocolBugs{
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4451 SendClientVersion: VersionTLS12,
4452 SendSupportedVersions: []uint16{VersionTLS11},
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4453 },
4454 },
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4455 // The extension takes precedence over the ClientHello version.
4456 expectedVersion: VersionTLS11,
4457 })
4458
4459 testCases = append(testCases, testCase{
4460 testType: serverTest,
4461 name: "ConflictingVersionNegotiation-2",
4462 config: Config{
4463 Bugs: ProtocolBugs{
4464 SendClientVersion: VersionTLS11,
4465 SendSupportedVersions: []uint16{VersionTLS12},
4466 },
4467 },
4468 // The extension takes precedence over the ClientHello version.
4469 expectedVersion: VersionTLS12,
4470 })
4471
4472 testCases = append(testCases, testCase{
4473 testType: serverTest,
4474 name: "RejectFinalTLS13",
4475 config: Config{
4476 Bugs: ProtocolBugs{
4477 SendSupportedVersions: []uint16{VersionTLS13, VersionTLS12},
4478 },
4479 },
4480 // We currently implement a draft TLS 1.3 version. Ensure that
4481 // the true TLS 1.3 value is ignored for now.
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4482 expectedVersion: VersionTLS12,
4483 })
4484
Brian Smithf85d3232016-10-28 10:34:06 -1000[diff] [blame]4485 // Test that the maximum version is selected regardless of the
4486 // client-sent order.
4487 testCases = append(testCases, testCase{
4488 testType: serverTest,
4489 name: "IgnoreClientVersionOrder",
4490 config: Config{
4491 Bugs: ProtocolBugs{
4492 SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
4493 },
4494 },
4495 expectedVersion: VersionTLS13,
4496 })
4497
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4498 // Test for version tolerance.
4499 testCases = append(testCases, testCase{
4500 testType: serverTest,
4501 name: "MinorVersionTolerance",
4502 config: Config{
4503 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4504 SendClientVersion: 0x03ff,
4505 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4506 },
4507 },
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4508 expectedVersion: VersionTLS12,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4509 })
4510 testCases = append(testCases, testCase{
4511 testType: serverTest,
4512 name: "MajorVersionTolerance",
4513 config: Config{
4514 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4515 SendClientVersion: 0x0400,
4516 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4517 },
4518 },
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4519 // TLS 1.3 must be negotiated with the supported_versions
4520 // extension, not ClientHello.version.
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4521 expectedVersion: VersionTLS12,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4522 })
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4523 testCases = append(testCases, testCase{
4524 testType: serverTest,
4525 name: "VersionTolerance-TLS13",
4526 config: Config{
4527 Bugs: ProtocolBugs{
4528 // Although TLS 1.3 does not use
4529 // ClientHello.version, it still tolerates high
4530 // values there.
4531 SendClientVersion: 0x0400,
4532 },
4533 },
4534 expectedVersion: VersionTLS13,
4535 })
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4536
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4537 testCases = append(testCases, testCase{
4538 protocol: dtls,
4539 testType: serverTest,
4540 name: "MinorVersionTolerance-DTLS",
4541 config: Config{
4542 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4543 SendClientVersion: 0xfe00,
4544 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4545 },
4546 },
4547 expectedVersion: VersionTLS12,
4548 })
4549 testCases = append(testCases, testCase{
4550 protocol: dtls,
4551 testType: serverTest,
4552 name: "MajorVersionTolerance-DTLS",
4553 config: Config{
4554 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4555 SendClientVersion: 0xfdff,
4556 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4557 },
4558 },
4559 expectedVersion: VersionTLS12,
4560 })
4561
4562 // Test that versions below 3.0 are rejected.
4563 testCases = append(testCases, testCase{
4564 testType: serverTest,
4565 name: "VersionTooLow",
4566 config: Config{
4567 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4568 SendClientVersion: 0x0200,
4569 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4570 },
4571 },
4572 shouldFail: true,
4573 expectedError: ":UNSUPPORTED_PROTOCOL:",
4574 })
4575 testCases = append(testCases, testCase{
4576 protocol: dtls,
4577 testType: serverTest,
4578 name: "VersionTooLow-DTLS",
4579 config: Config{
4580 Bugs: ProtocolBugs{
David Benjamin3c6a1ea2016-09-26 18:30:05 -0400[diff] [blame]4581 SendClientVersion: 0xffff,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4582 },
4583 },
4584 shouldFail: true,
4585 expectedError: ":UNSUPPORTED_PROTOCOL:",
4586 })
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4587
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]4588 testCases = append(testCases, testCase{
4589 name: "ServerBogusVersion",
4590 config: Config{
4591 Bugs: ProtocolBugs{
4592 SendServerHelloVersion: 0x1234,
4593 },
4594 },
4595 shouldFail: true,
4596 expectedError: ":UNSUPPORTED_PROTOCOL:",
4597 })
4598
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4599 // Test TLS 1.3's downgrade signal.
4600 testCases = append(testCases, testCase{
4601 name: "Downgrade-TLS12-Client",
4602 config: Config{
4603 Bugs: ProtocolBugs{
4604 NegotiateVersion: VersionTLS12,
4605 },
4606 },
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4607 expectedVersion: VersionTLS12,
David Benjamin55108632016-08-11 22:01:18 -0400[diff] [blame]4608 // TODO(davidben): This test should fail once TLS 1.3 is final
4609 // and the fallback signal restored.
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4610 })
4611 testCases = append(testCases, testCase{
4612 testType: serverTest,
4613 name: "Downgrade-TLS12-Server",
4614 config: Config{
4615 Bugs: ProtocolBugs{
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4616 SendSupportedVersions: []uint16{VersionTLS12},
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4617 },
4618 },
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4619 expectedVersion: VersionTLS12,
David Benjamin55108632016-08-11 22:01:18 -0400[diff] [blame]4620 // TODO(davidben): This test should fail once TLS 1.3 is final
4621 // and the fallback signal restored.
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4622 })
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4623}
4624
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4625func addMinimumVersionTests() {
4626 for i, shimVers := range tlsVersions {
4627 // Assemble flags to disable all older versions on the shim.
4628 var flags []string
4629 for _, vers := range tlsVersions[:i] {
4630 flags = append(flags, vers.flag)
4631 }
4632
4633 for _, runnerVers := range tlsVersions {
4634 protocols := []protocol{tls}
4635 if runnerVers.hasDTLS && shimVers.hasDTLS {
4636 protocols = append(protocols, dtls)
4637 }
4638 for _, protocol := range protocols {
4639 suffix := shimVers.name + "-" + runnerVers.name
4640 if protocol == dtls {
4641 suffix += "-DTLS"
4642 }
4643 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
4644
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4645 var expectedVersion uint16
4646 var shouldFail bool
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4647 var expectedError, expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4648 if runnerVers.version >= shimVers.version {
4649 expectedVersion = runnerVers.version
4650 } else {
4651 shouldFail = true
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4652 expectedError = ":UNSUPPORTED_PROTOCOL:"
4653 expectedLocalError = "remote error: protocol version not supported"
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4654 }
4655
4656 testCases = append(testCases, testCase{
4657 protocol: protocol,
4658 testType: clientTest,
4659 name: "MinimumVersion-Client-" + suffix,
4660 config: Config{
4661 MaxVersion: runnerVers.version,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4662 Bugs: ProtocolBugs{
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4663 // Ensure the server does not decline to
4664 // select a version (versions extension) or
4665 // cipher (some ciphers depend on versions).
4666 NegotiateVersion: runnerVers.version,
4667 IgnorePeerCipherPreferences: shouldFail,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4668 },
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4669 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4670 flags: flags,
4671 expectedVersion: expectedVersion,
4672 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4673 expectedError: expectedError,
4674 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4675 })
4676 testCases = append(testCases, testCase{
4677 protocol: protocol,
4678 testType: clientTest,
4679 name: "MinimumVersion-Client2-" + suffix,
4680 config: Config{
4681 MaxVersion: runnerVers.version,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4682 Bugs: ProtocolBugs{
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4683 // Ensure the server does not decline to
4684 // select a version (versions extension) or
4685 // cipher (some ciphers depend on versions).
4686 NegotiateVersion: runnerVers.version,
4687 IgnorePeerCipherPreferences: shouldFail,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4688 },
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4689 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4690 flags: []string{"-min-version", shimVersFlag},
4691 expectedVersion: expectedVersion,
4692 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4693 expectedError: expectedError,
4694 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4695 })
4696
4697 testCases = append(testCases, testCase{
4698 protocol: protocol,
4699 testType: serverTest,
4700 name: "MinimumVersion-Server-" + suffix,
4701 config: Config{
4702 MaxVersion: runnerVers.version,
4703 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4704 flags: flags,
4705 expectedVersion: expectedVersion,
4706 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4707 expectedError: expectedError,
4708 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4709 })
4710 testCases = append(testCases, testCase{
4711 protocol: protocol,
4712 testType: serverTest,
4713 name: "MinimumVersion-Server2-" + suffix,
4714 config: Config{
4715 MaxVersion: runnerVers.version,
4716 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4717 flags: []string{"-min-version", shimVersFlag},
4718 expectedVersion: expectedVersion,
4719 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4720 expectedError: expectedError,
4721 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4722 })
4723 }
4724 }
4725 }
4726}
4727
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4728func addExtensionTests() {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4729 // TODO(davidben): Extensions, where applicable, all move their server
4730 // halves to EncryptedExtensions in TLS 1.3. Duplicate each of these
4731 // tests for both. Also test interaction with 0-RTT when implemented.
4732
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4733 // Repeat extensions tests all versions except SSL 3.0.
4734 for _, ver := range tlsVersions {
4735 if ver.version == VersionSSL30 {
4736 continue
4737 }
4738
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4739 // Test that duplicate extensions are rejected.
4740 testCases = append(testCases, testCase{
4741 testType: clientTest,
4742 name: "DuplicateExtensionClient-" + ver.name,
4743 config: Config{
4744 MaxVersion: ver.version,
4745 Bugs: ProtocolBugs{
4746 DuplicateExtension: true,
4747 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4748 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4749 shouldFail: true,
4750 expectedLocalError: "remote error: error decoding message",
4751 })
4752 testCases = append(testCases, testCase{
4753 testType: serverTest,
4754 name: "DuplicateExtensionServer-" + ver.name,
4755 config: Config{
4756 MaxVersion: ver.version,
4757 Bugs: ProtocolBugs{
4758 DuplicateExtension: true,
4759 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4760 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4761 shouldFail: true,
4762 expectedLocalError: "remote error: error decoding message",
4763 })
4764
4765 // Test SNI.
4766 testCases = append(testCases, testCase{
4767 testType: clientTest,
4768 name: "ServerNameExtensionClient-" + ver.name,
4769 config: Config{
4770 MaxVersion: ver.version,
4771 Bugs: ProtocolBugs{
4772 ExpectServerName: "example.com",
4773 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4774 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4775 flags: []string{"-host-name", "example.com"},
4776 })
4777 testCases = append(testCases, testCase{
4778 testType: clientTest,
4779 name: "ServerNameExtensionClientMismatch-" + ver.name,
4780 config: Config{
4781 MaxVersion: ver.version,
4782 Bugs: ProtocolBugs{
4783 ExpectServerName: "mismatch.com",
4784 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4785 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4786 flags: []string{"-host-name", "example.com"},
4787 shouldFail: true,
4788 expectedLocalError: "tls: unexpected server name",
4789 })
4790 testCases = append(testCases, testCase{
4791 testType: clientTest,
4792 name: "ServerNameExtensionClientMissing-" + ver.name,
4793 config: Config{
4794 MaxVersion: ver.version,
4795 Bugs: ProtocolBugs{
4796 ExpectServerName: "missing.com",
4797 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4798 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4799 shouldFail: true,
4800 expectedLocalError: "tls: unexpected server name",
4801 })
4802 testCases = append(testCases, testCase{
David Benjamin023d4192017-02-06 13:49:07 -0500[diff] [blame]4803 testType: clientTest,
4804 name: "TolerateServerNameAck-" + ver.name,
4805 config: Config{
4806 MaxVersion: ver.version,
4807 Bugs: ProtocolBugs{
4808 SendServerNameAck: true,
4809 },
4810 },
4811 flags: []string{"-host-name", "example.com"},
4812 resumeSession: true,
4813 })
4814 testCases = append(testCases, testCase{
4815 testType: clientTest,
4816 name: "UnsolicitedServerNameAck-" + ver.name,
4817 config: Config{
4818 MaxVersion: ver.version,
4819 Bugs: ProtocolBugs{
4820 SendServerNameAck: true,
4821 },
4822 },
4823 shouldFail: true,
4824 expectedError: ":UNEXPECTED_EXTENSION:",
4825 expectedLocalError: "remote error: unsupported extension",
4826 })
4827 testCases = append(testCases, testCase{
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4828 testType: serverTest,
4829 name: "ServerNameExtensionServer-" + ver.name,
4830 config: Config{
4831 MaxVersion: ver.version,
4832 ServerName: "example.com",
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]4833 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4834 flags: []string{"-expect-server-name", "example.com"},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4835 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4836 })
4837
4838 // Test ALPN.
4839 testCases = append(testCases, testCase{
4840 testType: clientTest,
4841 name: "ALPNClient-" + ver.name,
4842 config: Config{
4843 MaxVersion: ver.version,
4844 NextProtos: []string{"foo"},
4845 },
4846 flags: []string{
4847 "-advertise-alpn", "\x03foo\x03bar\x03baz",
4848 "-expect-alpn", "foo",
4849 },
4850 expectedNextProto: "foo",
4851 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4852 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4853 })
4854 testCases = append(testCases, testCase{
David Benjamin3e517572016-08-11 11:52:23 -0400[diff] [blame]4855 testType: clientTest,
4856 name: "ALPNClient-Mismatch-" + ver.name,
4857 config: Config{
4858 MaxVersion: ver.version,
4859 Bugs: ProtocolBugs{
4860 SendALPN: "baz",
4861 },
4862 },
4863 flags: []string{
4864 "-advertise-alpn", "\x03foo\x03bar",
4865 },
4866 shouldFail: true,
4867 expectedError: ":INVALID_ALPN_PROTOCOL:",
4868 expectedLocalError: "remote error: illegal parameter",
4869 })
4870 testCases = append(testCases, testCase{
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4871 testType: serverTest,
4872 name: "ALPNServer-" + ver.name,
4873 config: Config{
4874 MaxVersion: ver.version,
4875 NextProtos: []string{"foo", "bar", "baz"},
4876 },
4877 flags: []string{
4878 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4879 "-select-alpn", "foo",
4880 },
4881 expectedNextProto: "foo",
4882 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4883 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4884 })
4885 testCases = append(testCases, testCase{
4886 testType: serverTest,
4887 name: "ALPNServer-Decline-" + ver.name,
4888 config: Config{
4889 MaxVersion: ver.version,
4890 NextProtos: []string{"foo", "bar", "baz"},
4891 },
4892 flags: []string{"-decline-alpn"},
4893 expectNoNextProto: true,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4894 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4895 })
4896
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4897 // Test ALPN in async mode as well to ensure that extensions callbacks are only
4898 // called once.
4899 testCases = append(testCases, testCase{
4900 testType: serverTest,
4901 name: "ALPNServer-Async-" + ver.name,
4902 config: Config{
4903 MaxVersion: ver.version,
4904 NextProtos: []string{"foo", "bar", "baz"},
David Benjamin4eb95cc2016-11-16 17:08:23 +0900[diff] [blame]4905 // Prior to TLS 1.3, exercise the asynchronous session callback.
4906 SessionTicketsDisabled: ver.version < VersionTLS13,
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4907 },
4908 flags: []string{
4909 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4910 "-select-alpn", "foo",
4911 "-async",
4912 },
4913 expectedNextProto: "foo",
4914 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4915 resumeSession: true,
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4916 })
4917
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4918 var emptyString string
4919 testCases = append(testCases, testCase{
4920 testType: clientTest,
4921 name: "ALPNClient-EmptyProtocolName-" + ver.name,
4922 config: Config{
4923 MaxVersion: ver.version,
4924 NextProtos: []string{""},
4925 Bugs: ProtocolBugs{
4926 // A server returning an empty ALPN protocol
4927 // should be rejected.
4928 ALPNProtocol: &emptyString,
4929 },
4930 },
4931 flags: []string{
4932 "-advertise-alpn", "\x03foo",
4933 },
4934 shouldFail: true,
4935 expectedError: ":PARSE_TLSEXT:",
4936 })
4937 testCases = append(testCases, testCase{
4938 testType: serverTest,
4939 name: "ALPNServer-EmptyProtocolName-" + ver.name,
4940 config: Config{
4941 MaxVersion: ver.version,
4942 // A ClientHello containing an empty ALPN protocol
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]4943 // should be rejected.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4944 NextProtos: []string{"foo", "", "baz"},
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]4945 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4946 flags: []string{
4947 "-select-alpn", "foo",
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]4948 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4949 shouldFail: true,
4950 expectedError: ":PARSE_TLSEXT:",
4951 })
4952
4953 // Test NPN and the interaction with ALPN.
4954 if ver.version < VersionTLS13 {
4955 // Test that the server prefers ALPN over NPN.
4956 testCases = append(testCases, testCase{
4957 testType: serverTest,
4958 name: "ALPNServer-Preferred-" + ver.name,
4959 config: Config{
4960 MaxVersion: ver.version,
4961 NextProtos: []string{"foo", "bar", "baz"},
4962 },
4963 flags: []string{
4964 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4965 "-select-alpn", "foo",
4966 "-advertise-npn", "\x03foo\x03bar\x03baz",
4967 },
4968 expectedNextProto: "foo",
4969 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4970 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4971 })
4972 testCases = append(testCases, testCase{
4973 testType: serverTest,
4974 name: "ALPNServer-Preferred-Swapped-" + ver.name,
4975 config: Config{
4976 MaxVersion: ver.version,
4977 NextProtos: []string{"foo", "bar", "baz"},
4978 Bugs: ProtocolBugs{
4979 SwapNPNAndALPN: true,
4980 },
4981 },
4982 flags: []string{
4983 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4984 "-select-alpn", "foo",
4985 "-advertise-npn", "\x03foo\x03bar\x03baz",
4986 },
4987 expectedNextProto: "foo",
4988 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4989 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4990 })
4991
4992 // Test that negotiating both NPN and ALPN is forbidden.
4993 testCases = append(testCases, testCase{
4994 name: "NegotiateALPNAndNPN-" + ver.name,
4995 config: Config{
4996 MaxVersion: ver.version,
4997 NextProtos: []string{"foo", "bar", "baz"},
4998 Bugs: ProtocolBugs{
4999 NegotiateALPNAndNPN: true,
5000 },
5001 },
5002 flags: []string{
5003 "-advertise-alpn", "\x03foo",
5004 "-select-next-proto", "foo",
5005 },
5006 shouldFail: true,
5007 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
5008 })
5009 testCases = append(testCases, testCase{
5010 name: "NegotiateALPNAndNPN-Swapped-" + ver.name,
5011 config: Config{
5012 MaxVersion: ver.version,
5013 NextProtos: []string{"foo", "bar", "baz"},
5014 Bugs: ProtocolBugs{
5015 NegotiateALPNAndNPN: true,
5016 SwapNPNAndALPN: true,
5017 },
5018 },
5019 flags: []string{
5020 "-advertise-alpn", "\x03foo",
5021 "-select-next-proto", "foo",
5022 },
5023 shouldFail: true,
5024 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
5025 })
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5026 }
5027
5028 // Test ticket behavior.
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5029
5030 // Resume with a corrupt ticket.
5031 testCases = append(testCases, testCase{
5032 testType: serverTest,
5033 name: "CorruptTicket-" + ver.name,
5034 config: Config{
5035 MaxVersion: ver.version,
5036 Bugs: ProtocolBugs{
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5037 FilterTicket: func(in []byte) ([]byte, error) {
5038 in[len(in)-1] ^= 1
5039 return in, nil
5040 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5041 },
5042 },
5043 resumeSession: true,
5044 expectResumeRejected: true,
5045 })
5046 // Test the ticket callback, with and without renewal.
5047 testCases = append(testCases, testCase{
5048 testType: serverTest,
5049 name: "TicketCallback-" + ver.name,
5050 config: Config{
5051 MaxVersion: ver.version,
5052 },
5053 resumeSession: true,
5054 flags: []string{"-use-ticket-callback"},
5055 })
5056 testCases = append(testCases, testCase{
5057 testType: serverTest,
5058 name: "TicketCallback-Renew-" + ver.name,
5059 config: Config{
5060 MaxVersion: ver.version,
5061 Bugs: ProtocolBugs{
5062 ExpectNewTicket: true,
5063 },
5064 },
5065 flags: []string{"-use-ticket-callback", "-renew-ticket"},
5066 resumeSession: true,
5067 })
5068
5069 // Test that the ticket callback is only called once when everything before
5070 // it in the ClientHello is asynchronous. This corrupts the ticket so
5071 // certificate selection callbacks run.
5072 testCases = append(testCases, testCase{
5073 testType: serverTest,
5074 name: "TicketCallback-SingleCall-" + ver.name,
5075 config: Config{
5076 MaxVersion: ver.version,
5077 Bugs: ProtocolBugs{
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5078 FilterTicket: func(in []byte) ([]byte, error) {
5079 in[len(in)-1] ^= 1
5080 return in, nil
5081 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5082 },
5083 },
5084 resumeSession: true,
5085 expectResumeRejected: true,
5086 flags: []string{
5087 "-use-ticket-callback",
5088 "-async",
5089 },
5090 })
5091
David Benjamind4c349b2017-02-09 14:07:17 -0500[diff] [blame]5092 // Resume with various lengths of ticket session id.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5093 if ver.version < VersionTLS13 {
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5094 testCases = append(testCases, testCase{
5095 testType: serverTest,
David Benjamind4c349b2017-02-09 14:07:17 -0500[diff] [blame]5096 name: "TicketSessionIDLength-0-" + ver.name,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5097 config: Config{
5098 MaxVersion: ver.version,
5099 Bugs: ProtocolBugs{
David Benjamind4c349b2017-02-09 14:07:17 -0500[diff] [blame]5100 EmptyTicketSessionID: true,
5101 },
5102 },
5103 resumeSession: true,
5104 })
5105 testCases = append(testCases, testCase{
5106 testType: serverTest,
5107 name: "TicketSessionIDLength-16-" + ver.name,
5108 config: Config{
5109 MaxVersion: ver.version,
5110 Bugs: ProtocolBugs{
5111 TicketSessionIDLength: 16,
5112 },
5113 },
5114 resumeSession: true,
5115 })
5116 testCases = append(testCases, testCase{
5117 testType: serverTest,
5118 name: "TicketSessionIDLength-32-" + ver.name,
5119 config: Config{
5120 MaxVersion: ver.version,
5121 Bugs: ProtocolBugs{
5122 TicketSessionIDLength: 32,
5123 },
5124 },
5125 resumeSession: true,
5126 })
5127 testCases = append(testCases, testCase{
5128 testType: serverTest,
5129 name: "TicketSessionIDLength-33-" + ver.name,
5130 config: Config{
5131 MaxVersion: ver.version,
5132 Bugs: ProtocolBugs{
5133 TicketSessionIDLength: 33,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5134 },
5135 },
5136 resumeSession: true,
5137 shouldFail: true,
David Benjamind4c349b2017-02-09 14:07:17 -0500[diff] [blame]5138 // The maximum session ID length is 32.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5139 expectedError: ":DECODE_ERROR:",
5140 })
5141 }
5142
5143 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
5144 // are ignored.
5145 if ver.hasDTLS {
5146 testCases = append(testCases, testCase{
5147 protocol: dtls,
5148 name: "SRTP-Client-" + ver.name,
5149 config: Config{
5150 MaxVersion: ver.version,
5151 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
5152 },
5153 flags: []string{
5154 "-srtp-profiles",
5155 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5156 },
5157 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
5158 })
5159 testCases = append(testCases, testCase{
5160 protocol: dtls,
5161 testType: serverTest,
5162 name: "SRTP-Server-" + ver.name,
5163 config: Config{
5164 MaxVersion: ver.version,
5165 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
5166 },
5167 flags: []string{
5168 "-srtp-profiles",
5169 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5170 },
5171 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
5172 })
5173 // Test that the MKI is ignored.
5174 testCases = append(testCases, testCase{
5175 protocol: dtls,
5176 testType: serverTest,
5177 name: "SRTP-Server-IgnoreMKI-" + ver.name,
5178 config: Config{
5179 MaxVersion: ver.version,
5180 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
5181 Bugs: ProtocolBugs{
5182 SRTPMasterKeyIdentifer: "bogus",
5183 },
5184 },
5185 flags: []string{
5186 "-srtp-profiles",
5187 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5188 },
5189 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
5190 })
5191 // Test that SRTP isn't negotiated on the server if there were
5192 // no matching profiles.
5193 testCases = append(testCases, testCase{
5194 protocol: dtls,
5195 testType: serverTest,
5196 name: "SRTP-Server-NoMatch-" + ver.name,
5197 config: Config{
5198 MaxVersion: ver.version,
5199 SRTPProtectionProfiles: []uint16{100, 101, 102},
5200 },
5201 flags: []string{
5202 "-srtp-profiles",
5203 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5204 },
5205 expectedSRTPProtectionProfile: 0,
5206 })
5207 // Test that the server returning an invalid SRTP profile is
5208 // flagged as an error by the client.
5209 testCases = append(testCases, testCase{
5210 protocol: dtls,
5211 name: "SRTP-Client-NoMatch-" + ver.name,
5212 config: Config{
5213 MaxVersion: ver.version,
5214 Bugs: ProtocolBugs{
5215 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
5216 },
5217 },
5218 flags: []string{
5219 "-srtp-profiles",
5220 "SRTP_AES128_CM_SHA1_80",
5221 },
5222 shouldFail: true,
5223 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
5224 })
5225 }
5226
5227 // Test SCT list.
5228 testCases = append(testCases, testCase{
5229 name: "SignedCertificateTimestampList-Client-" + ver.name,
5230 testType: clientTest,
5231 config: Config{
5232 MaxVersion: ver.version,
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]5233 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5234 flags: []string{
5235 "-enable-signed-cert-timestamps",
5236 "-expect-signed-cert-timestamps",
5237 base64.StdEncoding.EncodeToString(testSCTList),
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]5238 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5239 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5240 })
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5241
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5242 var differentSCTList []byte
5243 differentSCTList = append(differentSCTList, testSCTList...)
5244 differentSCTList[len(differentSCTList)-1] ^= 1
5245
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5246 // The SCT extension did not specify that it must only be sent on resumption as it
5247 // should have, so test that we tolerate but ignore it.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5248 testCases = append(testCases, testCase{
5249 name: "SendSCTListOnResume-" + ver.name,
5250 config: Config{
5251 MaxVersion: ver.version,
5252 Bugs: ProtocolBugs{
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5253 SendSCTListOnResume: differentSCTList,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5254 },
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]5255 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5256 flags: []string{
5257 "-enable-signed-cert-timestamps",
5258 "-expect-signed-cert-timestamps",
5259 base64.StdEncoding.EncodeToString(testSCTList),
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]5260 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5261 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5262 })
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5263
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5264 testCases = append(testCases, testCase{
5265 name: "SignedCertificateTimestampList-Server-" + ver.name,
5266 testType: serverTest,
5267 config: Config{
5268 MaxVersion: ver.version,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]5269 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5270 flags: []string{
5271 "-signed-cert-timestamps",
5272 base64.StdEncoding.EncodeToString(testSCTList),
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]5273 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5274 expectedSCTList: testSCTList,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5275 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5276 })
David Benjamin53210cb2016-11-16 09:01:48 +0900[diff] [blame]5277
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5278 emptySCTListCert := *testCerts[0].cert
5279 emptySCTListCert.SignedCertificateTimestampList = []byte{0, 0}
5280
5281 // Test empty SCT list.
5282 testCases = append(testCases, testCase{
5283 name: "SignedCertificateTimestampListEmpty-Client-" + ver.name,
5284 testType: clientTest,
5285 config: Config{
5286 MaxVersion: ver.version,
5287 Certificates: []Certificate{emptySCTListCert},
5288 },
5289 flags: []string{
5290 "-enable-signed-cert-timestamps",
5291 },
5292 shouldFail: true,
5293 expectedError: ":ERROR_PARSING_EXTENSION:",
5294 })
5295
5296 emptySCTCert := *testCerts[0].cert
5297 emptySCTCert.SignedCertificateTimestampList = []byte{0, 6, 0, 2, 1, 2, 0, 0}
5298
5299 // Test empty SCT in non-empty list.
5300 testCases = append(testCases, testCase{
5301 name: "SignedCertificateTimestampListEmptySCT-Client-" + ver.name,
5302 testType: clientTest,
5303 config: Config{
5304 MaxVersion: ver.version,
5305 Certificates: []Certificate{emptySCTCert},
5306 },
5307 flags: []string{
5308 "-enable-signed-cert-timestamps",
5309 },
5310 shouldFail: true,
5311 expectedError: ":ERROR_PARSING_EXTENSION:",
5312 })
5313
David Benjamin53210cb2016-11-16 09:01:48 +0900[diff] [blame]5314 // Test that certificate-related extensions are not sent unsolicited.
5315 testCases = append(testCases, testCase{
5316 testType: serverTest,
5317 name: "UnsolicitedCertificateExtensions-" + ver.name,
5318 config: Config{
5319 MaxVersion: ver.version,
5320 Bugs: ProtocolBugs{
5321 NoOCSPStapling: true,
5322 NoSignedCertificateTimestamps: true,
5323 },
5324 },
5325 flags: []string{
5326 "-ocsp-response",
5327 base64.StdEncoding.EncodeToString(testOCSPResponse),
5328 "-signed-cert-timestamps",
5329 base64.StdEncoding.EncodeToString(testSCTList),
5330 },
5331 })
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5332 }
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5333
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]5334 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]5335 testType: clientTest,
5336 name: "ClientHelloPadding",
5337 config: Config{
5338 Bugs: ProtocolBugs{
5339 RequireClientHelloSize: 512,
5340 },
5341 },
5342 // This hostname just needs to be long enough to push the
5343 // ClientHello into F5's danger zone between 256 and 511 bytes
5344 // long.
5345 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
5346 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]5347
5348 // Extensions should not function in SSL 3.0.
5349 testCases = append(testCases, testCase{
5350 testType: serverTest,
5351 name: "SSLv3Extensions-NoALPN",
5352 config: Config{
5353 MaxVersion: VersionSSL30,
5354 NextProtos: []string{"foo", "bar", "baz"},
5355 },
5356 flags: []string{
5357 "-select-alpn", "foo",
5358 },
5359 expectNoNextProto: true,
5360 })
5361
5362 // Test session tickets separately as they follow a different codepath.
5363 testCases = append(testCases, testCase{
5364 testType: serverTest,
5365 name: "SSLv3Extensions-NoTickets",
5366 config: Config{
5367 MaxVersion: VersionSSL30,
5368 Bugs: ProtocolBugs{
5369 // Historically, session tickets in SSL 3.0
5370 // failed in different ways depending on whether
5371 // the client supported renegotiation_info.
5372 NoRenegotiationInfo: true,
5373 },
5374 },
5375 resumeSession: true,
5376 })
5377 testCases = append(testCases, testCase{
5378 testType: serverTest,
5379 name: "SSLv3Extensions-NoTickets2",
5380 config: Config{
5381 MaxVersion: VersionSSL30,
5382 },
5383 resumeSession: true,
5384 })
5385
5386 // But SSL 3.0 does send and process renegotiation_info.
5387 testCases = append(testCases, testCase{
5388 testType: serverTest,
5389 name: "SSLv3Extensions-RenegotiationInfo",
5390 config: Config{
5391 MaxVersion: VersionSSL30,
5392 Bugs: ProtocolBugs{
5393 RequireRenegotiationInfo: true,
5394 },
5395 },
David Benjamind2610042017-01-03 10:49:28 -0500[diff] [blame]5396 flags: []string{"-expect-secure-renegotiation"},
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]5397 })
5398 testCases = append(testCases, testCase{
5399 testType: serverTest,
5400 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
5401 config: Config{
5402 MaxVersion: VersionSSL30,
5403 Bugs: ProtocolBugs{
5404 NoRenegotiationInfo: true,
5405 SendRenegotiationSCSV: true,
5406 RequireRenegotiationInfo: true,
5407 },
5408 },
David Benjamind2610042017-01-03 10:49:28 -0500[diff] [blame]5409 flags: []string{"-expect-secure-renegotiation"},
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]5410 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5411
5412 // Test that illegal extensions in TLS 1.3 are rejected by the client if
5413 // in ServerHello.
5414 testCases = append(testCases, testCase{
5415 name: "NPN-Forbidden-TLS13",
5416 config: Config{
5417 MaxVersion: VersionTLS13,
5418 NextProtos: []string{"foo"},
5419 Bugs: ProtocolBugs{
5420 NegotiateNPNAtAllVersions: true,
5421 },
5422 },
5423 flags: []string{"-select-next-proto", "foo"},
5424 shouldFail: true,
5425 expectedError: ":ERROR_PARSING_EXTENSION:",
5426 })
5427 testCases = append(testCases, testCase{
5428 name: "EMS-Forbidden-TLS13",
5429 config: Config{
5430 MaxVersion: VersionTLS13,
5431 Bugs: ProtocolBugs{
5432 NegotiateEMSAtAllVersions: true,
5433 },
5434 },
5435 shouldFail: true,
5436 expectedError: ":ERROR_PARSING_EXTENSION:",
5437 })
5438 testCases = append(testCases, testCase{
5439 name: "RenegotiationInfo-Forbidden-TLS13",
5440 config: Config{
5441 MaxVersion: VersionTLS13,
5442 Bugs: ProtocolBugs{
5443 NegotiateRenegotiationInfoAtAllVersions: true,
5444 },
5445 },
5446 shouldFail: true,
5447 expectedError: ":ERROR_PARSING_EXTENSION:",
5448 })
5449 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5450 name: "Ticket-Forbidden-TLS13",
5451 config: Config{
5452 MaxVersion: VersionTLS12,
5453 },
5454 resumeConfig: &Config{
5455 MaxVersion: VersionTLS13,
5456 Bugs: ProtocolBugs{
5457 AdvertiseTicketExtension: true,
5458 },
5459 },
5460 resumeSession: true,
5461 shouldFail: true,
5462 expectedError: ":ERROR_PARSING_EXTENSION:",
5463 })
5464
5465 // Test that illegal extensions in TLS 1.3 are declined by the server if
5466 // offered in ClientHello. The runner's server will fail if this occurs,
5467 // so we exercise the offering path. (EMS and Renegotiation Info are
5468 // implicit in every test.)
5469 testCases = append(testCases, testCase{
5470 testType: serverTest,
David Benjamin73647192016-09-22 16:24:04 -0400[diff] [blame]5471 name: "NPN-Declined-TLS13",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5472 config: Config{
5473 MaxVersion: VersionTLS13,
5474 NextProtos: []string{"bar"},
5475 },
5476 flags: []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
5477 })
David Benjamin196df5b2016-09-21 16:23:27 -0400[diff] [blame]5478
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5479 // OpenSSL sends the status_request extension on resumption in TLS 1.2. Test that this is
5480 // tolerated.
5481 testCases = append(testCases, testCase{
5482 name: "SendOCSPResponseOnResume-TLS12",
5483 config: Config{
5484 MaxVersion: VersionTLS12,
5485 Bugs: ProtocolBugs{
5486 SendOCSPResponseOnResume: []byte("bogus"),
5487 },
5488 },
5489 flags: []string{
5490 "-enable-ocsp-stapling",
5491 "-expect-ocsp-response",
5492 base64.StdEncoding.EncodeToString(testOCSPResponse),
5493 },
5494 resumeSession: true,
5495 })
5496
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5497 testCases = append(testCases, testCase{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5498 name: "SendUnsolicitedOCSPOnCertificate-TLS13",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5499 config: Config{
5500 MaxVersion: VersionTLS13,
5501 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5502 SendExtensionOnCertificate: testOCSPExtension,
5503 },
5504 },
5505 shouldFail: true,
5506 expectedError: ":UNEXPECTED_EXTENSION:",
5507 })
5508
5509 testCases = append(testCases, testCase{
5510 name: "SendUnsolicitedSCTOnCertificate-TLS13",
5511 config: Config{
5512 MaxVersion: VersionTLS13,
5513 Bugs: ProtocolBugs{
5514 SendExtensionOnCertificate: testSCTExtension,
5515 },
5516 },
5517 shouldFail: true,
5518 expectedError: ":UNEXPECTED_EXTENSION:",
5519 })
5520
5521 // Test that extensions on client certificates are never accepted.
5522 testCases = append(testCases, testCase{
5523 name: "SendExtensionOnClientCertificate-TLS13",
5524 testType: serverTest,
5525 config: Config{
5526 MaxVersion: VersionTLS13,
5527 Certificates: []Certificate{rsaCertificate},
5528 Bugs: ProtocolBugs{
5529 SendExtensionOnCertificate: testOCSPExtension,
5530 },
5531 },
5532 flags: []string{
5533 "-enable-ocsp-stapling",
5534 "-require-any-client-certificate",
5535 },
5536 shouldFail: true,
5537 expectedError: ":UNEXPECTED_EXTENSION:",
5538 })
5539
5540 testCases = append(testCases, testCase{
5541 name: "SendUnknownExtensionOnCertificate-TLS13",
5542 config: Config{
5543 MaxVersion: VersionTLS13,
5544 Bugs: ProtocolBugs{
5545 SendExtensionOnCertificate: []byte{0x00, 0x7f, 0, 0},
5546 },
5547 },
5548 shouldFail: true,
5549 expectedError: ":UNEXPECTED_EXTENSION:",
5550 })
5551
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5552 var differentSCTList []byte
5553 differentSCTList = append(differentSCTList, testSCTList...)
5554 differentSCTList[len(differentSCTList)-1] ^= 1
5555
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5556 // Test that extensions on intermediates are allowed but ignored.
5557 testCases = append(testCases, testCase{
5558 name: "IgnoreExtensionsOnIntermediates-TLS13",
5559 config: Config{
5560 MaxVersion: VersionTLS13,
5561 Certificates: []Certificate{rsaChainCertificate},
5562 Bugs: ProtocolBugs{
5563 // Send different values on the intermediate. This tests
5564 // the intermediate's extensions do not override the
5565 // leaf's.
5566 SendOCSPOnIntermediates: []byte{1, 3, 3, 7},
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5567 SendSCTOnIntermediates: differentSCTList,
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5568 },
5569 },
5570 flags: []string{
5571 "-enable-ocsp-stapling",
5572 "-expect-ocsp-response",
5573 base64.StdEncoding.EncodeToString(testOCSPResponse),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5574 "-enable-signed-cert-timestamps",
5575 "-expect-signed-cert-timestamps",
5576 base64.StdEncoding.EncodeToString(testSCTList),
5577 },
5578 resumeSession: true,
5579 })
5580
5581 // Test that extensions are not sent on intermediates when configured
5582 // only for a leaf.
5583 testCases = append(testCases, testCase{
5584 testType: serverTest,
5585 name: "SendNoExtensionsOnIntermediate-TLS13",
5586 config: Config{
5587 MaxVersion: VersionTLS13,
5588 Bugs: ProtocolBugs{
5589 ExpectNoExtensionsOnIntermediate: true,
5590 },
5591 },
5592 flags: []string{
5593 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
5594 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
5595 "-ocsp-response",
5596 base64.StdEncoding.EncodeToString(testOCSPResponse),
5597 "-signed-cert-timestamps",
5598 base64.StdEncoding.EncodeToString(testSCTList),
5599 },
5600 })
5601
5602 // Test that extensions are not sent on client certificates.
5603 testCases = append(testCases, testCase{
5604 name: "SendNoClientCertificateExtensions-TLS13",
5605 config: Config{
5606 MaxVersion: VersionTLS13,
5607 ClientAuth: RequireAnyClientCert,
5608 },
5609 flags: []string{
5610 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
5611 "-key-file", path.Join(*resourceDir, rsaKeyFile),
5612 "-ocsp-response",
5613 base64.StdEncoding.EncodeToString(testOCSPResponse),
5614 "-signed-cert-timestamps",
5615 base64.StdEncoding.EncodeToString(testSCTList),
5616 },
5617 })
5618
5619 testCases = append(testCases, testCase{
5620 name: "SendDuplicateExtensionsOnCerts-TLS13",
5621 config: Config{
5622 MaxVersion: VersionTLS13,
5623 Bugs: ProtocolBugs{
5624 SendDuplicateCertExtensions: true,
5625 },
5626 },
5627 flags: []string{
5628 "-enable-ocsp-stapling",
5629 "-enable-signed-cert-timestamps",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5630 },
5631 resumeSession: true,
5632 shouldFail: true,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5633 expectedError: ":DUPLICATE_EXTENSION:",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5634 })
Adam Langley9b885c52016-11-18 14:21:03 -0800[diff] [blame]5635
5636 testCases = append(testCases, testCase{
5637 name: "SignedCertificateTimestampListInvalid-Server",
5638 testType: serverTest,
5639 flags: []string{
5640 "-signed-cert-timestamps",
5641 base64.StdEncoding.EncodeToString([]byte{0, 0}),
5642 },
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]5643 shouldFail: true,
Adam Langley9b885c52016-11-18 14:21:03 -0800[diff] [blame]5644 expectedError: ":INVALID_SCT_LIST:",
5645 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]5646}
5647
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5648func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5649 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5650 for _, resumeVers := range tlsVersions {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5651 // SSL 3.0 does not have tickets and TLS 1.3 does not
5652 // have session IDs, so skip their cross-resumption
5653 // tests.
5654 if (sessionVers.version >= VersionTLS13 && resumeVers.version == VersionSSL30) ||
5655 (resumeVers.version >= VersionTLS13 && sessionVers.version == VersionSSL30) {
5656 continue
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5657 }
5658
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5659 protocols := []protocol{tls}
5660 if sessionVers.hasDTLS && resumeVers.hasDTLS {
5661 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]5662 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5663 for _, protocol := range protocols {
5664 suffix := "-" + sessionVers.name + "-" + resumeVers.name
5665 if protocol == dtls {
5666 suffix += "-DTLS"
5667 }
5668
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5669 if sessionVers.version == resumeVers.version {
5670 testCases = append(testCases, testCase{
5671 protocol: protocol,
5672 name: "Resume-Client" + suffix,
5673 resumeSession: true,
5674 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5675 MaxVersion: sessionVers.version,
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5676 Bugs: ProtocolBugs{
5677 ExpectNoTLS12Session: sessionVers.version >= VersionTLS13,
5678 ExpectNoTLS13PSK: sessionVers.version < VersionTLS13,
5679 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5680 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5681 expectedVersion: sessionVers.version,
5682 expectedResumeVersion: resumeVers.version,
5683 })
5684 } else {
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5685 error := ":OLD_SESSION_VERSION_NOT_RETURNED:"
5686
5687 // Offering a TLS 1.3 session sends an empty session ID, so
5688 // there is no way to convince a non-lookahead client the
5689 // session was resumed. It will appear to the client that a
5690 // stray ChangeCipherSpec was sent.
5691 if resumeVers.version < VersionTLS13 && sessionVers.version >= VersionTLS13 {
5692 error = ":UNEXPECTED_RECORD:"
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5693 }
5694
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5695 testCases = append(testCases, testCase{
5696 protocol: protocol,
5697 name: "Resume-Client-Mismatch" + suffix,
5698 resumeSession: true,
5699 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5700 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5701 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5702 expectedVersion: sessionVers.version,
5703 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5704 MaxVersion: resumeVers.version,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5705 Bugs: ProtocolBugs{
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5706 AcceptAnySession: true,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5707 },
5708 },
5709 expectedResumeVersion: resumeVers.version,
5710 shouldFail: true,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5711 expectedError: error,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5712 })
5713 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5714
5715 testCases = append(testCases, testCase{
5716 protocol: protocol,
5717 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5718 resumeSession: true,
5719 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5720 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5721 },
5722 expectedVersion: sessionVers.version,
5723 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5724 MaxVersion: resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5725 },
5726 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]5727 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5728 expectedResumeVersion: resumeVers.version,
5729 })
5730
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5731 testCases = append(testCases, testCase{
5732 protocol: protocol,
5733 testType: serverTest,
5734 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5735 resumeSession: true,
5736 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5737 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5738 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]5739 expectedVersion: sessionVers.version,
5740 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5741 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5742 MaxVersion: resumeVers.version,
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5743 Bugs: ProtocolBugs{
5744 SendBothTickets: true,
5745 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5746 },
5747 expectedResumeVersion: resumeVers.version,
5748 })
5749 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5750 }
5751 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5752
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5753 // Make sure shim ticket mutations are functional.
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5754 testCases = append(testCases, testCase{
5755 testType: serverTest,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5756 name: "ShimTicketRewritable",
5757 resumeSession: true,
5758 config: Config{
5759 MaxVersion: VersionTLS12,
5760 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5761 Bugs: ProtocolBugs{
5762 FilterTicket: func(in []byte) ([]byte, error) {
5763 in, err := SetShimTicketVersion(in, VersionTLS12)
5764 if err != nil {
5765 return nil, err
5766 }
5767 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
5768 },
5769 },
5770 },
5771 flags: []string{
5772 "-ticket-key",
5773 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5774 },
5775 })
5776
5777 // Resumptions are declined if the version does not match.
5778 testCases = append(testCases, testCase{
5779 testType: serverTest,
5780 name: "Resume-Server-DeclineCrossVersion",
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5781 resumeSession: true,
5782 config: Config{
5783 MaxVersion: VersionTLS12,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5784 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5785 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5786 FilterTicket: func(in []byte) ([]byte, error) {
5787 return SetShimTicketVersion(in, VersionTLS13)
5788 },
5789 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5790 },
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5791 flags: []string{
5792 "-ticket-key",
5793 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5794 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5795 expectResumeRejected: true,
5796 })
5797
5798 testCases = append(testCases, testCase{
5799 testType: serverTest,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5800 name: "Resume-Server-DeclineCrossVersion-TLS13",
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5801 resumeSession: true,
5802 config: Config{
5803 MaxVersion: VersionTLS13,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5804 Bugs: ProtocolBugs{
5805 FilterTicket: func(in []byte) ([]byte, error) {
5806 return SetShimTicketVersion(in, VersionTLS12)
5807 },
5808 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5809 },
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5810 flags: []string{
5811 "-ticket-key",
5812 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5813 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5814 expectResumeRejected: true,
5815 })
5816
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5817 // Resumptions are declined if the cipher is invalid or disabled.
5818 testCases = append(testCases, testCase{
5819 testType: serverTest,
5820 name: "Resume-Server-DeclineBadCipher",
5821 resumeSession: true,
5822 config: Config{
5823 MaxVersion: VersionTLS12,
5824 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5825 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5826 FilterTicket: func(in []byte) ([]byte, error) {
5827 return SetShimTicketCipherSuite(in, TLS_AES_128_GCM_SHA256)
5828 },
5829 },
5830 },
5831 flags: []string{
5832 "-ticket-key",
5833 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5834 },
5835 expectResumeRejected: true,
5836 })
5837
5838 testCases = append(testCases, testCase{
5839 testType: serverTest,
5840 name: "Resume-Server-DeclineBadCipher-2",
5841 resumeSession: true,
5842 config: Config{
5843 MaxVersion: VersionTLS12,
5844 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5845 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5846 FilterTicket: func(in []byte) ([]byte, error) {
5847 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
5848 },
5849 },
5850 },
5851 flags: []string{
5852 "-cipher", "AES128",
5853 "-ticket-key",
5854 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5855 },
5856 expectResumeRejected: true,
5857 })
5858
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5859 // Sessions are not resumed if they do not use the preferred cipher.
5860 testCases = append(testCases, testCase{
5861 testType: serverTest,
5862 name: "Resume-Server-CipherNotPreferred",
5863 resumeSession: true,
5864 config: Config{
5865 MaxVersion: VersionTLS12,
5866 Bugs: ProtocolBugs{
5867 ExpectNewTicket: true,
5868 FilterTicket: func(in []byte) ([]byte, error) {
5869 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
5870 },
5871 },
5872 },
5873 flags: []string{
5874 "-ticket-key",
5875 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5876 },
5877 shouldFail: false,
5878 expectResumeRejected: true,
5879 })
5880
5881 // TLS 1.3 allows sessions to be resumed at a different cipher if their
5882 // PRF hashes match, but BoringSSL will always decline such resumptions.
5883 testCases = append(testCases, testCase{
5884 testType: serverTest,
5885 name: "Resume-Server-CipherNotPreferred-TLS13",
5886 resumeSession: true,
5887 config: Config{
5888 MaxVersion: VersionTLS13,
5889 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256},
5890 Bugs: ProtocolBugs{
5891 FilterTicket: func(in []byte) ([]byte, error) {
5892 // If the client (runner) offers ChaCha20-Poly1305 first, the
5893 // server (shim) always prefers it. Switch it to AES-GCM.
5894 return SetShimTicketCipherSuite(in, TLS_AES_128_GCM_SHA256)
5895 },
5896 },
5897 },
5898 flags: []string{
5899 "-ticket-key",
5900 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5901 },
5902 shouldFail: false,
5903 expectResumeRejected: true,
5904 })
5905
5906 // Sessions may not be resumed if they contain another version's cipher.
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5907 testCases = append(testCases, testCase{
5908 testType: serverTest,
5909 name: "Resume-Server-DeclineBadCipher-TLS13",
5910 resumeSession: true,
5911 config: Config{
5912 MaxVersion: VersionTLS13,
5913 Bugs: ProtocolBugs{
5914 FilterTicket: func(in []byte) ([]byte, error) {
5915 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
5916 },
5917 },
5918 },
5919 flags: []string{
5920 "-ticket-key",
5921 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5922 },
5923 expectResumeRejected: true,
5924 })
5925
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5926 // If the client does not offer the cipher from the session, decline to
5927 // resume. Clients are forbidden from doing this, but BoringSSL selects
5928 // the cipher first, so we only decline.
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5929 testCases = append(testCases, testCase{
5930 testType: serverTest,
5931 name: "Resume-Server-UnofferedCipher",
5932 resumeSession: true,
5933 config: Config{
5934 MaxVersion: VersionTLS12,
5935 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
5936 },
5937 resumeConfig: &Config{
5938 MaxVersion: VersionTLS12,
5939 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
5940 Bugs: ProtocolBugs{
5941 SendCipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5942 },
5943 },
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5944 expectResumeRejected: true,
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5945 })
5946
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5947 // In TLS 1.3, clients may advertise a cipher list which does not
5948 // include the selected cipher. Test that we tolerate this. Servers may
5949 // resume at another cipher if the PRF matches, but BoringSSL will
5950 // always decline.
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5951 testCases = append(testCases, testCase{
5952 testType: serverTest,
5953 name: "Resume-Server-UnofferedCipher-TLS13",
5954 resumeSession: true,
5955 config: Config{
5956 MaxVersion: VersionTLS13,
5957 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5958 },
5959 resumeConfig: &Config{
5960 MaxVersion: VersionTLS13,
5961 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5962 Bugs: ProtocolBugs{
5963 SendCipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
5964 },
5965 },
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5966 expectResumeRejected: true,
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5967 })
5968
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5969 // Sessions may not be resumed at a different cipher.
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5970 testCases = append(testCases, testCase{
5971 name: "Resume-Client-CipherMismatch",
5972 resumeSession: true,
5973 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5974 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5975 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5976 },
5977 resumeConfig: &Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5978 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5979 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5980 Bugs: ProtocolBugs{
5981 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
5982 },
5983 },
5984 shouldFail: true,
5985 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
5986 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5987
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5988 // Session resumption in TLS 1.3 may change the cipher suite if the PRF
5989 // matches.
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5990 testCases = append(testCases, testCase{
5991 name: "Resume-Client-CipherMismatch-TLS13",
5992 resumeSession: true,
5993 config: Config{
5994 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5995 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5996 },
5997 resumeConfig: &Config{
5998 MaxVersion: VersionTLS13,
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5999 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
6000 },
6001 })
6002
6003 // Session resumption in TLS 1.3 is forbidden if the PRF does not match.
6004 testCases = append(testCases, testCase{
6005 name: "Resume-Client-PRFMismatch-TLS13",
6006 resumeSession: true,
6007 config: Config{
6008 MaxVersion: VersionTLS13,
6009 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
6010 },
6011 resumeConfig: &Config{
6012 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6013 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]6014 Bugs: ProtocolBugs{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6015 SendCipherSuite: TLS_AES_256_GCM_SHA384,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]6016 },
6017 },
6018 shouldFail: true,
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]6019 expectedError: ":OLD_SESSION_PRF_HASH_MISMATCH:",
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]6020 })
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]6021
6022 testCases = append(testCases, testCase{
6023 testType: serverTest,
6024 name: "Resume-Server-BinderWrongLength",
6025 resumeSession: true,
6026 config: Config{
6027 MaxVersion: VersionTLS13,
6028 Bugs: ProtocolBugs{
6029 SendShortPSKBinder: true,
6030 },
6031 },
6032 shouldFail: true,
6033 expectedLocalError: "remote error: error decrypting message",
6034 expectedError: ":DIGEST_CHECK_FAILED:",
6035 })
6036
6037 testCases = append(testCases, testCase{
6038 testType: serverTest,
6039 name: "Resume-Server-NoPSKBinder",
6040 resumeSession: true,
6041 config: Config{
6042 MaxVersion: VersionTLS13,
6043 Bugs: ProtocolBugs{
6044 SendNoPSKBinder: true,
6045 },
6046 },
6047 shouldFail: true,
6048 expectedLocalError: "remote error: error decoding message",
6049 expectedError: ":DECODE_ERROR:",
6050 })
6051
6052 testCases = append(testCases, testCase{
6053 testType: serverTest,
David Benjaminaedf3032016-12-01 16:47:56 -0500[diff] [blame]6054 name: "Resume-Server-ExtraPSKBinder",
6055 resumeSession: true,
6056 config: Config{
6057 MaxVersion: VersionTLS13,
6058 Bugs: ProtocolBugs{
6059 SendExtraPSKBinder: true,
6060 },
6061 },
6062 shouldFail: true,
6063 expectedLocalError: "remote error: illegal parameter",
6064 expectedError: ":PSK_IDENTITY_BINDER_COUNT_MISMATCH:",
6065 })
6066
6067 testCases = append(testCases, testCase{
6068 testType: serverTest,
6069 name: "Resume-Server-ExtraIdentityNoBinder",
6070 resumeSession: true,
6071 config: Config{
6072 MaxVersion: VersionTLS13,
6073 Bugs: ProtocolBugs{
6074 ExtraPSKIdentity: true,
6075 },
6076 },
6077 shouldFail: true,
6078 expectedLocalError: "remote error: illegal parameter",
6079 expectedError: ":PSK_IDENTITY_BINDER_COUNT_MISMATCH:",
6080 })
6081
6082 testCases = append(testCases, testCase{
6083 testType: serverTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]6084 name: "Resume-Server-InvalidPSKBinder",
6085 resumeSession: true,
6086 config: Config{
6087 MaxVersion: VersionTLS13,
6088 Bugs: ProtocolBugs{
6089 SendInvalidPSKBinder: true,
6090 },
6091 },
6092 shouldFail: true,
6093 expectedLocalError: "remote error: error decrypting message",
6094 expectedError: ":DIGEST_CHECK_FAILED:",
6095 })
6096
6097 testCases = append(testCases, testCase{
6098 testType: serverTest,
6099 name: "Resume-Server-PSKBinderFirstExtension",
6100 resumeSession: true,
6101 config: Config{
6102 MaxVersion: VersionTLS13,
6103 Bugs: ProtocolBugs{
6104 PSKBinderFirst: true,
6105 },
6106 },
6107 shouldFail: true,
6108 expectedLocalError: "remote error: illegal parameter",
6109 expectedError: ":PRE_SHARED_KEY_MUST_BE_LAST:",
6110 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]6111}
6112
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]6113func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]6114 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6115 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6116 testType: serverTest,
6117 name: "Renegotiate-Server-Forbidden",
6118 config: Config{
6119 MaxVersion: VersionTLS12,
6120 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6121 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6122 shouldFail: true,
6123 expectedError: ":NO_RENEGOTIATION:",
6124 expectedLocalError: "remote error: no renegotiation",
6125 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]6126 // The server shouldn't echo the renegotiation extension unless
6127 // requested by the client.
6128 testCases = append(testCases, testCase{
6129 testType: serverTest,
6130 name: "Renegotiate-Server-NoExt",
6131 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6132 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]6133 Bugs: ProtocolBugs{
6134 NoRenegotiationInfo: true,
6135 RequireRenegotiationInfo: true,
6136 },
6137 },
6138 shouldFail: true,
6139 expectedLocalError: "renegotiation extension missing",
6140 })
6141 // The renegotiation SCSV should be sufficient for the server to echo
6142 // the extension.
6143 testCases = append(testCases, testCase{
6144 testType: serverTest,
6145 name: "Renegotiate-Server-NoExt-SCSV",
6146 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6147 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]6148 Bugs: ProtocolBugs{
6149 NoRenegotiationInfo: true,
6150 SendRenegotiationSCSV: true,
6151 RequireRenegotiationInfo: true,
6152 },
6153 },
6154 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6155 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]6156 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]6157 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6158 MaxVersion: VersionTLS12,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]6159 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]6160 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]6161 },
6162 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6163 renegotiate: 1,
6164 flags: []string{
6165 "-renegotiate-freely",
6166 "-expect-total-renegotiations", "1",
David Benjamind2610042017-01-03 10:49:28 -0500[diff] [blame]6167 "-expect-secure-renegotiation",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6168 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]6169 })
6170 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6171 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6172 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6173 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6174 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6175 Bugs: ProtocolBugs{
6176 EmptyRenegotiationInfo: true,
6177 },
6178 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6179 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6180 shouldFail: true,
6181 expectedError: ":RENEGOTIATION_MISMATCH:",
6182 })
6183 testCases = append(testCases, testCase{
6184 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6185 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6186 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6187 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6188 Bugs: ProtocolBugs{
6189 BadRenegotiationInfo: true,
6190 },
6191 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6192 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6193 shouldFail: true,
6194 expectedError: ":RENEGOTIATION_MISMATCH:",
6195 })
6196 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6197 name: "Renegotiate-Client-Downgrade",
6198 renegotiate: 1,
6199 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6200 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6201 Bugs: ProtocolBugs{
6202 NoRenegotiationInfoAfterInitial: true,
6203 },
6204 },
6205 flags: []string{"-renegotiate-freely"},
6206 shouldFail: true,
6207 expectedError: ":RENEGOTIATION_MISMATCH:",
6208 })
6209 testCases = append(testCases, testCase{
6210 name: "Renegotiate-Client-Upgrade",
6211 renegotiate: 1,
6212 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6213 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6214 Bugs: ProtocolBugs{
6215 NoRenegotiationInfoInInitial: true,
6216 },
6217 },
6218 flags: []string{"-renegotiate-freely"},
6219 shouldFail: true,
6220 expectedError: ":RENEGOTIATION_MISMATCH:",
6221 })
6222 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6223 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6224 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6225 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6226 MaxVersion: VersionTLS12,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6227 Bugs: ProtocolBugs{
6228 NoRenegotiationInfo: true,
6229 },
6230 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6231 flags: []string{
6232 "-renegotiate-freely",
6233 "-expect-total-renegotiations", "1",
David Benjamind2610042017-01-03 10:49:28 -0500[diff] [blame]6234 "-expect-no-secure-renegotiation",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6235 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6236 })
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6237
6238 // Test that the server may switch ciphers on renegotiation without
6239 // problems.
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6240 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6241 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6242 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6243 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6244 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]6245 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6246 },
6247 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6248 flags: []string{
6249 "-renegotiate-freely",
6250 "-expect-total-renegotiations", "1",
6251 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6252 })
6253 testCases = append(testCases, testCase{
6254 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6255 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6256 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6257 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6258 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
6259 },
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]6260 renegotiateCiphers: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6261 flags: []string{
6262 "-renegotiate-freely",
6263 "-expect-total-renegotiations", "1",
6264 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6265 })
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6266
6267 // Test that the server may not switch versions on renegotiation.
6268 testCases = append(testCases, testCase{
6269 name: "Renegotiate-Client-SwitchVersion",
6270 config: Config{
6271 MaxVersion: VersionTLS12,
6272 // Pick a cipher which exists at both versions.
6273 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
6274 Bugs: ProtocolBugs{
6275 NegotiateVersionOnRenego: VersionTLS11,
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]6276 // Avoid failing early at the record layer.
6277 SendRecordVersion: VersionTLS12,
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6278 },
6279 },
6280 renegotiate: 1,
6281 flags: []string{
6282 "-renegotiate-freely",
6283 "-expect-total-renegotiations", "1",
6284 },
6285 shouldFail: true,
6286 expectedError: ":WRONG_SSL_VERSION:",
6287 })
6288
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6289 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6290 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6291 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6292 config: Config{
6293 MaxVersion: VersionTLS10,
6294 Bugs: ProtocolBugs{
6295 RequireSameRenegoClientVersion: true,
6296 },
6297 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6298 flags: []string{
6299 "-renegotiate-freely",
6300 "-expect-total-renegotiations", "1",
6301 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6302 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6303 testCases = append(testCases, testCase{
6304 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6305 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6306 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6307 MaxVersion: VersionTLS12,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6308 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
6309 NextProtos: []string{"foo"},
6310 },
6311 flags: []string{
6312 "-false-start",
6313 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6314 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]6315 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6316 },
6317 shimWritesFirst: true,
6318 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6319
6320 // Client-side renegotiation controls.
6321 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6322 name: "Renegotiate-Client-Forbidden-1",
6323 config: Config{
6324 MaxVersion: VersionTLS12,
6325 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6326 renegotiate: 1,
6327 shouldFail: true,
6328 expectedError: ":NO_RENEGOTIATION:",
6329 expectedLocalError: "remote error: no renegotiation",
6330 })
6331 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6332 name: "Renegotiate-Client-Once-1",
6333 config: Config{
6334 MaxVersion: VersionTLS12,
6335 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6336 renegotiate: 1,
6337 flags: []string{
6338 "-renegotiate-once",
6339 "-expect-total-renegotiations", "1",
6340 },
6341 })
6342 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6343 name: "Renegotiate-Client-Freely-1",
6344 config: Config{
6345 MaxVersion: VersionTLS12,
6346 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6347 renegotiate: 1,
6348 flags: []string{
6349 "-renegotiate-freely",
6350 "-expect-total-renegotiations", "1",
6351 },
6352 })
6353 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6354 name: "Renegotiate-Client-Once-2",
6355 config: Config{
6356 MaxVersion: VersionTLS12,
6357 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6358 renegotiate: 2,
6359 flags: []string{"-renegotiate-once"},
6360 shouldFail: true,
6361 expectedError: ":NO_RENEGOTIATION:",
6362 expectedLocalError: "remote error: no renegotiation",
6363 })
6364 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6365 name: "Renegotiate-Client-Freely-2",
6366 config: Config{
6367 MaxVersion: VersionTLS12,
6368 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6369 renegotiate: 2,
6370 flags: []string{
6371 "-renegotiate-freely",
6372 "-expect-total-renegotiations", "2",
6373 },
6374 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6375 testCases = append(testCases, testCase{
6376 name: "Renegotiate-Client-NoIgnore",
6377 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6378 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6379 Bugs: ProtocolBugs{
6380 SendHelloRequestBeforeEveryAppDataRecord: true,
6381 },
6382 },
6383 shouldFail: true,
6384 expectedError: ":NO_RENEGOTIATION:",
6385 })
6386 testCases = append(testCases, testCase{
6387 name: "Renegotiate-Client-Ignore",
6388 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6389 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6390 Bugs: ProtocolBugs{
6391 SendHelloRequestBeforeEveryAppDataRecord: true,
6392 },
6393 },
6394 flags: []string{
6395 "-renegotiate-ignore",
6396 "-expect-total-renegotiations", "0",
6397 },
6398 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6399
David Benjamin34941c02016-10-08 11:45:31 -0400[diff] [blame]6400 // Renegotiation is not allowed at SSL 3.0.
6401 testCases = append(testCases, testCase{
6402 name: "Renegotiate-Client-SSL3",
6403 config: Config{
6404 MaxVersion: VersionSSL30,
6405 },
6406 renegotiate: 1,
6407 flags: []string{
6408 "-renegotiate-freely",
6409 "-expect-total-renegotiations", "1",
6410 },
6411 shouldFail: true,
6412 expectedError: ":NO_RENEGOTIATION:",
6413 expectedLocalError: "remote error: no renegotiation",
6414 })
6415
David Benjamina1eaba12017-01-01 23:19:22 -0500[diff] [blame]6416 // Renegotiation is not allowed when there is an unfinished write.
6417 testCases = append(testCases, testCase{
6418 name: "Renegotiate-Client-UnfinishedWrite",
6419 config: Config{
6420 MaxVersion: VersionTLS12,
6421 },
6422 renegotiate: 1,
6423 flags: []string{
6424 "-async",
6425 "-renegotiate-freely",
6426 "-read-with-unfinished-write",
6427 },
6428 shouldFail: true,
6429 expectedError: ":NO_RENEGOTIATION:",
6430 // We do not successfully send the no_renegotiation alert in
6431 // this case. https://crbug.com/boringssl/130
6432 })
6433
David Benjamin07ab5d42017-02-09 20:11:41 -0500[diff] [blame]6434 // We reject stray HelloRequests during the handshake in TLS 1.2.
David Benjamin71dd6662016-07-08 14:10:48 -0700[diff] [blame]6435 testCases = append(testCases, testCase{
6436 name: "StrayHelloRequest",
6437 config: Config{
6438 MaxVersion: VersionTLS12,
6439 Bugs: ProtocolBugs{
6440 SendHelloRequestBeforeEveryHandshakeMessage: true,
6441 },
6442 },
David Benjamin07ab5d42017-02-09 20:11:41 -0500[diff] [blame]6443 shouldFail: true,
6444 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin71dd6662016-07-08 14:10:48 -0700[diff] [blame]6445 })
6446 testCases = append(testCases, testCase{
6447 name: "StrayHelloRequest-Packed",
6448 config: Config{
6449 MaxVersion: VersionTLS12,
6450 Bugs: ProtocolBugs{
6451 PackHandshakeFlight: true,
6452 SendHelloRequestBeforeEveryHandshakeMessage: true,
6453 },
6454 },
David Benjamin07ab5d42017-02-09 20:11:41 -0500[diff] [blame]6455 shouldFail: true,
6456 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin71dd6662016-07-08 14:10:48 -0700[diff] [blame]6457 })
6458
David Benjamin12d2c482016-07-24 10:56:51 -0400[diff] [blame]6459 // Test renegotiation works if HelloRequest and server Finished come in
6460 // the same record.
6461 testCases = append(testCases, testCase{
6462 name: "Renegotiate-Client-Packed",
6463 config: Config{
6464 MaxVersion: VersionTLS12,
6465 Bugs: ProtocolBugs{
6466 PackHandshakeFlight: true,
6467 PackHelloRequestWithFinished: true,
6468 },
6469 },
6470 renegotiate: 1,
6471 flags: []string{
6472 "-renegotiate-freely",
6473 "-expect-total-renegotiations", "1",
6474 },
6475 })
6476
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6477 // Renegotiation is forbidden in TLS 1.3.
6478 testCases = append(testCases, testCase{
6479 name: "Renegotiate-Client-TLS13",
6480 config: Config{
6481 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6482 Bugs: ProtocolBugs{
6483 SendHelloRequestBeforeEveryAppDataRecord: true,
6484 },
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6485 },
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6486 flags: []string{
6487 "-renegotiate-freely",
6488 },
Steven Valdez8e1c7be2016-07-26 12:39:22 -0400[diff] [blame]6489 shouldFail: true,
6490 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6491 })
6492
6493 // Stray HelloRequests during the handshake are forbidden in TLS 1.3.
6494 testCases = append(testCases, testCase{
6495 name: "StrayHelloRequest-TLS13",
6496 config: Config{
6497 MaxVersion: VersionTLS13,
6498 Bugs: ProtocolBugs{
6499 SendHelloRequestBeforeEveryHandshakeMessage: true,
6500 },
6501 },
6502 shouldFail: true,
6503 expectedError: ":UNEXPECTED_MESSAGE:",
6504 })
David Benjamind2610042017-01-03 10:49:28 -0500[diff] [blame]6505
6506 // The renegotiation_info extension is not sent in TLS 1.3, but TLS 1.3
6507 // always reads as supporting it, regardless of whether it was
6508 // negotiated.
6509 testCases = append(testCases, testCase{
6510 name: "AlwaysReportRenegotiationInfo-TLS13",
6511 config: Config{
6512 MaxVersion: VersionTLS13,
6513 Bugs: ProtocolBugs{
6514 NoRenegotiationInfo: true,
6515 },
6516 },
6517 flags: []string{
6518 "-expect-secure-renegotiation",
6519 },
6520 })
David Benjamina58baaf2017-02-28 20:54:28 -0500[diff] [blame]6521
6522 // Certificates may not change on renegotiation.
6523 testCases = append(testCases, testCase{
6524 name: "Renegotiation-CertificateChange",
6525 config: Config{
6526 MaxVersion: VersionTLS12,
6527 Certificates: []Certificate{rsaCertificate},
6528 Bugs: ProtocolBugs{
6529 RenegotiationCertificate: &rsaChainCertificate,
6530 },
6531 },
6532 renegotiate: 1,
6533 flags: []string{"-renegotiate-freely"},
6534 shouldFail: true,
6535 expectedError: ":SERVER_CERT_CHANGED:",
6536 })
6537 testCases = append(testCases, testCase{
6538 name: "Renegotiation-CertificateChange-2",
6539 config: Config{
6540 MaxVersion: VersionTLS12,
6541 Certificates: []Certificate{rsaCertificate},
6542 Bugs: ProtocolBugs{
6543 RenegotiationCertificate: &rsa1024Certificate,
6544 },
6545 },
6546 renegotiate: 1,
6547 flags: []string{"-renegotiate-freely"},
6548 shouldFail: true,
6549 expectedError: ":SERVER_CERT_CHANGED:",
6550 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]6551}
6552
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6553func addDTLSReplayTests() {
6554 // Test that sequence number replays are detected.
6555 testCases = append(testCases, testCase{
6556 protocol: dtls,
6557 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6558 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6559 replayWrites: true,
6560 })
6561
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6562 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6563 // than the retransmit window.
6564 testCases = append(testCases, testCase{
6565 protocol: dtls,
6566 name: "DTLS-Replay-LargeGaps",
6567 config: Config{
6568 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6569 SequenceNumberMapping: func(in uint64) uint64 {
6570 return in * 127
6571 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6572 },
6573 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6574 messageCount: 200,
6575 replayWrites: true,
6576 })
6577
6578 // Test the incoming sequence number changing non-monotonically.
6579 testCases = append(testCases, testCase{
6580 protocol: dtls,
6581 name: "DTLS-Replay-NonMonotonic",
6582 config: Config{
6583 Bugs: ProtocolBugs{
6584 SequenceNumberMapping: func(in uint64) uint64 {
6585 return in ^ 31
6586 },
6587 },
6588 },
6589 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6590 replayWrites: true,
6591 })
6592}
6593
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6594var testSignatureAlgorithms = []struct {
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6595 name string
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6596 id signatureAlgorithm
6597 cert testCert
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6598}{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6599 {"RSA-PKCS1-SHA1", signatureRSAPKCS1WithSHA1, testCertRSA},
6600 {"RSA-PKCS1-SHA256", signatureRSAPKCS1WithSHA256, testCertRSA},
6601 {"RSA-PKCS1-SHA384", signatureRSAPKCS1WithSHA384, testCertRSA},
6602 {"RSA-PKCS1-SHA512", signatureRSAPKCS1WithSHA512, testCertRSA},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]6603 {"ECDSA-SHA1", signatureECDSAWithSHA1, testCertECDSAP256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]6604 {"ECDSA-P256-SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP256},
6605 {"ECDSA-P384-SHA384", signatureECDSAWithP384AndSHA384, testCertECDSAP384},
6606 {"ECDSA-P521-SHA512", signatureECDSAWithP521AndSHA512, testCertECDSAP521},
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6607 {"RSA-PSS-SHA256", signatureRSAPSSWithSHA256, testCertRSA},
6608 {"RSA-PSS-SHA384", signatureRSAPSSWithSHA384, testCertRSA},
6609 {"RSA-PSS-SHA512", signatureRSAPSSWithSHA512, testCertRSA},
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6610 // Tests for key types prior to TLS 1.2.
6611 {"RSA", 0, testCertRSA},
6612 {"ECDSA", 0, testCertECDSAP256},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6613}
6614
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6615const fakeSigAlg1 signatureAlgorithm = 0x2a01
6616const fakeSigAlg2 signatureAlgorithm = 0xff01
6617
6618func addSignatureAlgorithmTests() {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6619 // Not all ciphers involve a signature. Advertise a list which gives all
6620 // versions a signing cipher.
6621 signingCiphers := []uint16{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6622 TLS_AES_128_GCM_SHA256,
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6623 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
6624 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
6625 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
6626 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
6627 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
6628 }
6629
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6630 var allAlgorithms []signatureAlgorithm
6631 for _, alg := range testSignatureAlgorithms {
6632 if alg.id != 0 {
6633 allAlgorithms = append(allAlgorithms, alg.id)
6634 }
6635 }
6636
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6637 // Make sure each signature algorithm works. Include some fake values in
6638 // the list and ensure they're ignored.
6639 for _, alg := range testSignatureAlgorithms {
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6640 for _, ver := range tlsVersions {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6641 if (ver.version < VersionTLS12) != (alg.id == 0) {
6642 continue
6643 }
6644
6645 // TODO(davidben): Support ECDSA in SSL 3.0 in Go for testing
6646 // or remove it in C.
6647 if ver.version == VersionSSL30 && alg.cert != testCertRSA {
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6648 continue
6649 }
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6650
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6651 var shouldSignFail, shouldVerifyFail bool
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6652 // ecdsa_sha1 does not exist in TLS 1.3.
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6653 if ver.version >= VersionTLS13 && alg.id == signatureECDSAWithSHA1 {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6654 shouldSignFail = true
6655 shouldVerifyFail = true
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6656 }
Steven Valdez54ed58e2016-08-18 14:03:49 -0400[diff] [blame]6657 // RSA-PKCS1 does not exist in TLS 1.3.
6658 if ver.version == VersionTLS13 && hasComponent(alg.name, "PKCS1") {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6659 shouldSignFail = true
6660 shouldVerifyFail = true
6661 }
6662
6663 // BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.
6664 if alg.id == signatureECDSAWithSHA1 || alg.id == signatureECDSAWithP521AndSHA512 {
6665 shouldVerifyFail = true
Steven Valdez54ed58e2016-08-18 14:03:49 -0400[diff] [blame]6666 }
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6667
6668 var signError, verifyError string
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6669 if shouldSignFail {
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6670 signError = ":NO_COMMON_SIGNATURE_ALGORITHMS:"
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6671 }
6672 if shouldVerifyFail {
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6673 verifyError = ":WRONG_SIGNATURE_TYPE:"
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6674 }
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6675
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6676 suffix := "-" + alg.name + "-" + ver.name
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]6677
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6678 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6679 name: "ClientAuth-Sign" + suffix,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6680 config: Config{
6681 MaxVersion: ver.version,
6682 ClientAuth: RequireAnyClientCert,
6683 VerifySignatureAlgorithms: []signatureAlgorithm{
6684 fakeSigAlg1,
6685 alg.id,
6686 fakeSigAlg2,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6687 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6688 },
6689 flags: []string{
6690 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6691 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6692 "-enable-all-curves",
6693 },
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6694 shouldFail: shouldSignFail,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6695 expectedError: signError,
6696 expectedPeerSignatureAlgorithm: alg.id,
6697 })
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6698
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6699 testCases = append(testCases, testCase{
6700 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6701 name: "ClientAuth-Verify" + suffix,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6702 config: Config{
6703 MaxVersion: ver.version,
6704 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6705 SignSignatureAlgorithms: []signatureAlgorithm{
6706 alg.id,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6707 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6708 Bugs: ProtocolBugs{
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6709 SkipECDSACurveCheck: shouldVerifyFail,
6710 IgnoreSignatureVersionChecks: shouldVerifyFail,
6711 // Some signature algorithms may not be advertised.
6712 IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6713 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6714 },
6715 flags: []string{
6716 "-require-any-client-certificate",
6717 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
6718 "-enable-all-curves",
6719 },
David Benjaminf1050fd2016-12-13 20:05:36 -0500[diff] [blame]6720 // Resume the session to assert the peer signature
6721 // algorithm is reported on both handshakes.
6722 resumeSession: !shouldVerifyFail,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6723 shouldFail: shouldVerifyFail,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6724 expectedError: verifyError,
6725 })
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6726
6727 testCases = append(testCases, testCase{
6728 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6729 name: "ServerAuth-Sign" + suffix,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6730 config: Config{
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6731 MaxVersion: ver.version,
6732 CipherSuites: signingCiphers,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6733 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6734 fakeSigAlg1,
6735 alg.id,
6736 fakeSigAlg2,
6737 },
6738 },
6739 flags: []string{
6740 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6741 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6742 "-enable-all-curves",
6743 },
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6744 shouldFail: shouldSignFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6745 expectedError: signError,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6746 expectedPeerSignatureAlgorithm: alg.id,
6747 })
6748
6749 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6750 name: "ServerAuth-Verify" + suffix,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6751 config: Config{
6752 MaxVersion: ver.version,
6753 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6754 CipherSuites: signingCiphers,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6755 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6756 alg.id,
6757 },
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6758 Bugs: ProtocolBugs{
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6759 SkipECDSACurveCheck: shouldVerifyFail,
6760 IgnoreSignatureVersionChecks: shouldVerifyFail,
6761 // Some signature algorithms may not be advertised.
6762 IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6763 },
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6764 },
6765 flags: []string{
6766 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
6767 "-enable-all-curves",
6768 },
David Benjaminf1050fd2016-12-13 20:05:36 -0500[diff] [blame]6769 // Resume the session to assert the peer signature
6770 // algorithm is reported on both handshakes.
6771 resumeSession: !shouldVerifyFail,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6772 shouldFail: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6773 expectedError: verifyError,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6774 })
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6775
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6776 if !shouldVerifyFail {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6777 testCases = append(testCases, testCase{
6778 testType: serverTest,
6779 name: "ClientAuth-InvalidSignature" + suffix,
6780 config: Config{
6781 MaxVersion: ver.version,
6782 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6783 SignSignatureAlgorithms: []signatureAlgorithm{
6784 alg.id,
6785 },
6786 Bugs: ProtocolBugs{
6787 InvalidSignature: true,
6788 },
6789 },
6790 flags: []string{
6791 "-require-any-client-certificate",
6792 "-enable-all-curves",
6793 },
6794 shouldFail: true,
6795 expectedError: ":BAD_SIGNATURE:",
6796 })
6797
6798 testCases = append(testCases, testCase{
6799 name: "ServerAuth-InvalidSignature" + suffix,
6800 config: Config{
6801 MaxVersion: ver.version,
6802 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6803 CipherSuites: signingCiphers,
6804 SignSignatureAlgorithms: []signatureAlgorithm{
6805 alg.id,
6806 },
6807 Bugs: ProtocolBugs{
6808 InvalidSignature: true,
6809 },
6810 },
6811 flags: []string{"-enable-all-curves"},
6812 shouldFail: true,
6813 expectedError: ":BAD_SIGNATURE:",
6814 })
6815 }
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6816
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6817 if ver.version >= VersionTLS12 && !shouldSignFail {
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6818 testCases = append(testCases, testCase{
6819 name: "ClientAuth-Sign-Negotiate" + suffix,
6820 config: Config{
6821 MaxVersion: ver.version,
6822 ClientAuth: RequireAnyClientCert,
6823 VerifySignatureAlgorithms: allAlgorithms,
6824 },
6825 flags: []string{
6826 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6827 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6828 "-enable-all-curves",
6829 "-signing-prefs", strconv.Itoa(int(alg.id)),
6830 },
6831 expectedPeerSignatureAlgorithm: alg.id,
6832 })
6833
6834 testCases = append(testCases, testCase{
6835 testType: serverTest,
6836 name: "ServerAuth-Sign-Negotiate" + suffix,
6837 config: Config{
6838 MaxVersion: ver.version,
6839 CipherSuites: signingCiphers,
6840 VerifySignatureAlgorithms: allAlgorithms,
6841 },
6842 flags: []string{
6843 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6844 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6845 "-enable-all-curves",
6846 "-signing-prefs", strconv.Itoa(int(alg.id)),
6847 },
6848 expectedPeerSignatureAlgorithm: alg.id,
6849 })
6850 }
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6851 }
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6852 }
6853
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6854 // Test that algorithm selection takes the key type into account.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6855 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6856 name: "ClientAuth-SignatureType",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6857 config: Config{
6858 ClientAuth: RequireAnyClientCert,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6859 MaxVersion: VersionTLS12,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6860 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6861 signatureECDSAWithP521AndSHA512,
6862 signatureRSAPKCS1WithSHA384,
6863 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6864 },
6865 },
6866 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]6867 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6868 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6869 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6870 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6871 })
6872
6873 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6874 name: "ClientAuth-SignatureType-TLS13",
6875 config: Config{
6876 ClientAuth: RequireAnyClientCert,
6877 MaxVersion: VersionTLS13,
6878 VerifySignatureAlgorithms: []signatureAlgorithm{
6879 signatureECDSAWithP521AndSHA512,
6880 signatureRSAPKCS1WithSHA384,
6881 signatureRSAPSSWithSHA384,
6882 signatureECDSAWithSHA1,
6883 },
6884 },
6885 flags: []string{
6886 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6887 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6888 },
6889 expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384,
6890 })
6891
6892 testCases = append(testCases, testCase{
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6893 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6894 name: "ServerAuth-SignatureType",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6895 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6896 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6897 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6898 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6899 signatureECDSAWithP521AndSHA512,
6900 signatureRSAPKCS1WithSHA384,
6901 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6902 },
6903 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6904 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6905 })
6906
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6907 testCases = append(testCases, testCase{
6908 testType: serverTest,
6909 name: "ServerAuth-SignatureType-TLS13",
6910 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6911 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6912 VerifySignatureAlgorithms: []signatureAlgorithm{
6913 signatureECDSAWithP521AndSHA512,
6914 signatureRSAPKCS1WithSHA384,
6915 signatureRSAPSSWithSHA384,
6916 signatureECDSAWithSHA1,
6917 },
6918 },
6919 expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384,
6920 })
6921
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6922 // Test that signature verification takes the key type into account.
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6923 testCases = append(testCases, testCase{
6924 testType: serverTest,
6925 name: "Verify-ClientAuth-SignatureType",
6926 config: Config{
6927 MaxVersion: VersionTLS12,
6928 Certificates: []Certificate{rsaCertificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6929 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6930 signatureRSAPKCS1WithSHA256,
6931 },
6932 Bugs: ProtocolBugs{
6933 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6934 },
6935 },
6936 flags: []string{
6937 "-require-any-client-certificate",
6938 },
6939 shouldFail: true,
6940 expectedError: ":WRONG_SIGNATURE_TYPE:",
6941 })
6942
6943 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6944 testType: serverTest,
6945 name: "Verify-ClientAuth-SignatureType-TLS13",
6946 config: Config{
6947 MaxVersion: VersionTLS13,
6948 Certificates: []Certificate{rsaCertificate},
6949 SignSignatureAlgorithms: []signatureAlgorithm{
6950 signatureRSAPSSWithSHA256,
6951 },
6952 Bugs: ProtocolBugs{
6953 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6954 },
6955 },
6956 flags: []string{
6957 "-require-any-client-certificate",
6958 },
6959 shouldFail: true,
6960 expectedError: ":WRONG_SIGNATURE_TYPE:",
6961 })
6962
6963 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6964 name: "Verify-ServerAuth-SignatureType",
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6965 config: Config{
6966 MaxVersion: VersionTLS12,
6967 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6968 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6969 signatureRSAPKCS1WithSHA256,
6970 },
6971 Bugs: ProtocolBugs{
6972 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6973 },
6974 },
6975 shouldFail: true,
6976 expectedError: ":WRONG_SIGNATURE_TYPE:",
6977 })
6978
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6979 testCases = append(testCases, testCase{
6980 name: "Verify-ServerAuth-SignatureType-TLS13",
6981 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6982 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6983 SignSignatureAlgorithms: []signatureAlgorithm{
6984 signatureRSAPSSWithSHA256,
6985 },
6986 Bugs: ProtocolBugs{
6987 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6988 },
6989 },
6990 shouldFail: true,
6991 expectedError: ":WRONG_SIGNATURE_TYPE:",
6992 })
6993
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6994 // Test that, if the list is missing, the peer falls back to SHA-1 in
6995 // TLS 1.2, but not TLS 1.3.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6996 testCases = append(testCases, testCase{
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6997 name: "ClientAuth-SHA1-Fallback-RSA",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6998 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6999 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7000 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7001 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7002 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7003 },
7004 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7005 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7006 },
7007 },
7008 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]7009 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7010 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7011 },
7012 })
7013
7014 testCases = append(testCases, testCase{
7015 testType: serverTest,
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]7016 name: "ServerAuth-SHA1-Fallback-RSA",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7017 config: Config{
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]7018 MaxVersion: VersionTLS12,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7019 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7020 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7021 },
7022 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7023 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7024 },
7025 },
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]7026 flags: []string{
7027 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7028 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7029 },
7030 })
7031
7032 testCases = append(testCases, testCase{
7033 name: "ClientAuth-SHA1-Fallback-ECDSA",
7034 config: Config{
7035 MaxVersion: VersionTLS12,
7036 ClientAuth: RequireAnyClientCert,
7037 VerifySignatureAlgorithms: []signatureAlgorithm{
7038 signatureECDSAWithSHA1,
7039 },
7040 Bugs: ProtocolBugs{
7041 NoSignatureAlgorithms: true,
7042 },
7043 },
7044 flags: []string{
7045 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
7046 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
7047 },
7048 })
7049
7050 testCases = append(testCases, testCase{
7051 testType: serverTest,
7052 name: "ServerAuth-SHA1-Fallback-ECDSA",
7053 config: Config{
7054 MaxVersion: VersionTLS12,
7055 VerifySignatureAlgorithms: []signatureAlgorithm{
7056 signatureECDSAWithSHA1,
7057 },
7058 Bugs: ProtocolBugs{
7059 NoSignatureAlgorithms: true,
7060 },
7061 },
7062 flags: []string{
7063 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
7064 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
7065 },
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7066 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7067
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]7068 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]7069 name: "ClientAuth-NoFallback-TLS13",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]7070 config: Config{
7071 MaxVersion: VersionTLS13,
7072 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7073 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]7074 signatureRSAPKCS1WithSHA1,
7075 },
7076 Bugs: ProtocolBugs{
7077 NoSignatureAlgorithms: true,
7078 },
7079 },
7080 flags: []string{
7081 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7082 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7083 },
David Benjamin48901652016-08-01 12:12:47 -0400[diff] [blame]7084 shouldFail: true,
7085 // An empty CertificateRequest signature algorithm list is a
7086 // syntax error in TLS 1.3.
7087 expectedError: ":DECODE_ERROR:",
7088 expectedLocalError: "remote error: error decoding message",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]7089 })
7090
7091 testCases = append(testCases, testCase{
7092 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]7093 name: "ServerAuth-NoFallback-TLS13",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]7094 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7095 MaxVersion: VersionTLS13,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7096 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]7097 signatureRSAPKCS1WithSHA1,
7098 },
7099 Bugs: ProtocolBugs{
7100 NoSignatureAlgorithms: true,
7101 },
7102 },
7103 shouldFail: true,
7104 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
7105 })
7106
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]7107 // Test that hash preferences are enforced. BoringSSL does not implement
7108 // MD5 signatures.
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7109 testCases = append(testCases, testCase{
7110 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]7111 name: "ClientAuth-Enforced",
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7112 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7113 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7114 Certificates: []Certificate{rsaCertificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7115 SignSignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7116 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7117 },
7118 Bugs: ProtocolBugs{
7119 IgnorePeerSignatureAlgorithmPreferences: true,
7120 },
7121 },
7122 flags: []string{"-require-any-client-certificate"},
7123 shouldFail: true,
7124 expectedError: ":WRONG_SIGNATURE_TYPE:",
7125 })
7126
7127 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]7128 name: "ServerAuth-Enforced",
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7129 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7130 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7131 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7132 SignSignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7133 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]7134 },
7135 Bugs: ProtocolBugs{
7136 IgnorePeerSignatureAlgorithmPreferences: true,
7137 },
7138 },
7139 shouldFail: true,
7140 expectedError: ":WRONG_SIGNATURE_TYPE:",
7141 })
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]7142 testCases = append(testCases, testCase{
7143 testType: serverTest,
7144 name: "ClientAuth-Enforced-TLS13",
7145 config: Config{
7146 MaxVersion: VersionTLS13,
7147 Certificates: []Certificate{rsaCertificate},
7148 SignSignatureAlgorithms: []signatureAlgorithm{
7149 signatureRSAPKCS1WithMD5,
7150 },
7151 Bugs: ProtocolBugs{
7152 IgnorePeerSignatureAlgorithmPreferences: true,
7153 IgnoreSignatureVersionChecks: true,
7154 },
7155 },
7156 flags: []string{"-require-any-client-certificate"},
7157 shouldFail: true,
7158 expectedError: ":WRONG_SIGNATURE_TYPE:",
7159 })
7160
7161 testCases = append(testCases, testCase{
7162 name: "ServerAuth-Enforced-TLS13",
7163 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7164 MaxVersion: VersionTLS13,
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]7165 SignSignatureAlgorithms: []signatureAlgorithm{
7166 signatureRSAPKCS1WithMD5,
7167 },
7168 Bugs: ProtocolBugs{
7169 IgnorePeerSignatureAlgorithmPreferences: true,
7170 IgnoreSignatureVersionChecks: true,
7171 },
7172 },
7173 shouldFail: true,
7174 expectedError: ":WRONG_SIGNATURE_TYPE:",
7175 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7176
7177 // Test that the agreed upon digest respects the client preferences and
7178 // the server digests.
7179 testCases = append(testCases, testCase{
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7180 name: "NoCommonAlgorithms-Digests",
7181 config: Config{
7182 MaxVersion: VersionTLS12,
7183 ClientAuth: RequireAnyClientCert,
7184 VerifySignatureAlgorithms: []signatureAlgorithm{
7185 signatureRSAPKCS1WithSHA512,
7186 signatureRSAPKCS1WithSHA1,
7187 },
7188 },
7189 flags: []string{
7190 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7191 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7192 "-digest-prefs", "SHA256",
7193 },
7194 shouldFail: true,
7195 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
7196 })
7197 testCases = append(testCases, testCase{
David Benjaminea9a0d52016-07-08 15:52:59 -0700[diff] [blame]7198 name: "NoCommonAlgorithms",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7199 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7200 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7201 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7202 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7203 signatureRSAPKCS1WithSHA512,
7204 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7205 },
7206 },
7207 flags: []string{
7208 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7209 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7210 "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)),
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7211 },
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7212 shouldFail: true,
7213 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
7214 })
7215 testCases = append(testCases, testCase{
7216 name: "NoCommonAlgorithms-TLS13",
7217 config: Config{
7218 MaxVersion: VersionTLS13,
7219 ClientAuth: RequireAnyClientCert,
7220 VerifySignatureAlgorithms: []signatureAlgorithm{
7221 signatureRSAPSSWithSHA512,
7222 signatureRSAPSSWithSHA384,
7223 },
7224 },
7225 flags: []string{
7226 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7227 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7228 "-signing-prefs", strconv.Itoa(int(signatureRSAPSSWithSHA256)),
7229 },
David Benjaminea9a0d52016-07-08 15:52:59 -0700[diff] [blame]7230 shouldFail: true,
7231 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7232 })
7233 testCases = append(testCases, testCase{
7234 name: "Agree-Digest-SHA256",
7235 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7236 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7237 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7238 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7239 signatureRSAPKCS1WithSHA1,
7240 signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7241 },
7242 },
7243 flags: []string{
7244 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7245 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7246 "-digest-prefs", "SHA256,SHA1",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7247 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7248 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7249 })
7250 testCases = append(testCases, testCase{
7251 name: "Agree-Digest-SHA1",
7252 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7253 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7254 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7255 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7256 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7257 },
7258 },
7259 flags: []string{
7260 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7261 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7262 "-digest-prefs", "SHA512,SHA256,SHA1",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7263 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7264 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7265 })
7266 testCases = append(testCases, testCase{
7267 name: "Agree-Digest-Default",
7268 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7269 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7270 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7271 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7272 signatureRSAPKCS1WithSHA256,
7273 signatureECDSAWithP256AndSHA256,
7274 signatureRSAPKCS1WithSHA1,
7275 signatureECDSAWithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7276 },
7277 },
7278 flags: []string{
7279 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7280 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7281 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7282 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7283 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7284
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7285 // Test that the signing preference list may include extra algorithms
7286 // without negotiation problems.
7287 testCases = append(testCases, testCase{
7288 testType: serverTest,
7289 name: "FilterExtraAlgorithms",
7290 config: Config{
7291 MaxVersion: VersionTLS12,
7292 VerifySignatureAlgorithms: []signatureAlgorithm{
7293 signatureRSAPKCS1WithSHA256,
7294 },
7295 },
7296 flags: []string{
7297 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7298 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7299 "-signing-prefs", strconv.Itoa(int(fakeSigAlg1)),
7300 "-signing-prefs", strconv.Itoa(int(signatureECDSAWithP256AndSHA256)),
7301 "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)),
7302 "-signing-prefs", strconv.Itoa(int(fakeSigAlg2)),
7303 },
7304 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
7305 })
7306
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7307 // In TLS 1.2 and below, ECDSA uses the curve list rather than the
7308 // signature algorithms.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7309 testCases = append(testCases, testCase{
7310 name: "CheckLeafCurve",
7311 config: Config{
7312 MaxVersion: VersionTLS12,
7313 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]7314 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7315 },
7316 flags: []string{"-p384-only"},
7317 shouldFail: true,
7318 expectedError: ":BAD_ECC_CERT:",
7319 })
David Benjamin75ea5bb2016-07-08 17:43:29 -0700[diff] [blame]7320
7321 // In TLS 1.3, ECDSA does not use the ECDHE curve list.
7322 testCases = append(testCases, testCase{
7323 name: "CheckLeafCurve-TLS13",
7324 config: Config{
7325 MaxVersion: VersionTLS13,
David Benjamin75ea5bb2016-07-08 17:43:29 -0700[diff] [blame]7326 Certificates: []Certificate{ecdsaP256Certificate},
7327 },
7328 flags: []string{"-p384-only"},
7329 })
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7330
7331 // In TLS 1.2, the ECDSA curve is not in the signature algorithm.
7332 testCases = append(testCases, testCase{
7333 name: "ECDSACurveMismatch-Verify-TLS12",
7334 config: Config{
7335 MaxVersion: VersionTLS12,
7336 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
7337 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7338 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7339 signatureECDSAWithP384AndSHA384,
7340 },
7341 },
7342 })
7343
7344 // In TLS 1.3, the ECDSA curve comes from the signature algorithm.
7345 testCases = append(testCases, testCase{
7346 name: "ECDSACurveMismatch-Verify-TLS13",
7347 config: Config{
7348 MaxVersion: VersionTLS13,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7349 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7350 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7351 signatureECDSAWithP384AndSHA384,
7352 },
7353 Bugs: ProtocolBugs{
7354 SkipECDSACurveCheck: true,
7355 },
7356 },
7357 shouldFail: true,
7358 expectedError: ":WRONG_SIGNATURE_TYPE:",
7359 })
7360
7361 // Signature algorithm selection in TLS 1.3 should take the curve into
7362 // account.
7363 testCases = append(testCases, testCase{
7364 testType: serverTest,
7365 name: "ECDSACurveMismatch-Sign-TLS13",
7366 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7367 MaxVersion: VersionTLS13,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7368 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7369 signatureECDSAWithP384AndSHA384,
7370 signatureECDSAWithP256AndSHA256,
7371 },
7372 },
7373 flags: []string{
7374 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
7375 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
7376 },
7377 expectedPeerSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
7378 })
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]7379
7380 // RSASSA-PSS with SHA-512 is too large for 1024-bit RSA. Test that the
7381 // server does not attempt to sign in that case.
7382 testCases = append(testCases, testCase{
7383 testType: serverTest,
7384 name: "RSA-PSS-Large",
7385 config: Config{
7386 MaxVersion: VersionTLS13,
7387 VerifySignatureAlgorithms: []signatureAlgorithm{
7388 signatureRSAPSSWithSHA512,
7389 },
7390 },
7391 flags: []string{
7392 "-cert-file", path.Join(*resourceDir, rsa1024CertificateFile),
7393 "-key-file", path.Join(*resourceDir, rsa1024KeyFile),
7394 },
7395 shouldFail: true,
7396 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
7397 })
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]7398
7399 // Test that RSA-PSS is enabled by default for TLS 1.2.
7400 testCases = append(testCases, testCase{
7401 testType: clientTest,
7402 name: "RSA-PSS-Default-Verify",
7403 config: Config{
7404 MaxVersion: VersionTLS12,
7405 SignSignatureAlgorithms: []signatureAlgorithm{
7406 signatureRSAPSSWithSHA256,
7407 },
7408 },
7409 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7410 })
7411
7412 testCases = append(testCases, testCase{
7413 testType: serverTest,
7414 name: "RSA-PSS-Default-Sign",
7415 config: Config{
7416 MaxVersion: VersionTLS12,
7417 VerifySignatureAlgorithms: []signatureAlgorithm{
7418 signatureRSAPSSWithSHA256,
7419 },
7420 },
7421 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7422 })
Adam Langley898be922017-02-27 12:37:59 -0800[diff] [blame]7423
7424 // A server certificate with a P-224 key will only work up to TLS 1.2
7425 // and we only test it with BoringSSL acting as a server because that's
7426 // all Alphabet requires with it.
7427 testCases = append(testCases, testCase{
7428 testType: serverTest,
7429 name: "P224-Server",
7430 config: Config{
7431 VerifySignatureAlgorithms: []signatureAlgorithm{
7432 // TLS 1.2 does not require that the curve
7433 // match the hash, thus P-256 with SHA-256 is
7434 // the same signature algorithm value as P-224
7435 // with SHA-256.
7436 signatureECDSAWithP256AndSHA256,
7437 },
7438 // P-256 must be offered as well because ECDHE requires
7439 // it.
7440 CurvePreferences: []CurveID{CurveP224, CurveP256},
7441 },
7442 flags: []string{
7443 "-max-version", strconv.Itoa(VersionTLS12),
7444 "-cert-file", path.Join(*resourceDir, ecdsaP224CertificateFile),
7445 "-key-file", path.Join(*resourceDir, ecdsaP224KeyFile),
7446 },
7447 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7448}
7449
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7450// timeouts is the retransmit schedule for BoringSSL. It doubles and
7451// caps at 60 seconds. On the 13th timeout, it gives up.
7452var timeouts = []time.Duration{
7453 1 * time.Second,
7454 2 * time.Second,
7455 4 * time.Second,
7456 8 * time.Second,
7457 16 * time.Second,
7458 32 * time.Second,
7459 60 * time.Second,
7460 60 * time.Second,
7461 60 * time.Second,
7462 60 * time.Second,
7463 60 * time.Second,
7464 60 * time.Second,
7465 60 * time.Second,
7466}
7467
Taylor Brandstetter376a0fe2016-05-10 19:30:28 -0700[diff] [blame]7468// shortTimeouts is an alternate set of timeouts which would occur if the
7469// initial timeout duration was set to 250ms.
7470var shortTimeouts = []time.Duration{
7471 250 * time.Millisecond,
7472 500 * time.Millisecond,
7473 1 * time.Second,
7474 2 * time.Second,
7475 4 * time.Second,
7476 8 * time.Second,
7477 16 * time.Second,
7478 32 * time.Second,
7479 60 * time.Second,
7480 60 * time.Second,
7481 60 * time.Second,
7482 60 * time.Second,
7483 60 * time.Second,
7484}
7485
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7486func addDTLSRetransmitTests() {
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7487 // These tests work by coordinating some behavior on both the shim and
7488 // the runner.
7489 //
7490 // TimeoutSchedule configures the runner to send a series of timeout
7491 // opcodes to the shim (see packetAdaptor) immediately before reading
7492 // each peer handshake flight N. The timeout opcode both simulates a
7493 // timeout in the shim and acts as a synchronization point to help the
7494 // runner bracket each handshake flight.
7495 //
7496 // We assume the shim does not read from the channel eagerly. It must
7497 // first wait until it has sent flight N and is ready to receive
7498 // handshake flight N+1. At this point, it will process the timeout
7499 // opcode. It must then immediately respond with a timeout ACK and act
7500 // as if the shim was idle for the specified amount of time.
7501 //
7502 // The runner then drops all packets received before the ACK and
7503 // continues waiting for flight N. This ordering results in one attempt
7504 // at sending flight N to be dropped. For the test to complete, the
7505 // shim must send flight N again, testing that the shim implements DTLS
7506 // retransmit on a timeout.
7507
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7508 // TODO(davidben): Add DTLS 1.3 versions of these tests. There will
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7509 // likely be more epochs to cross and the final message's retransmit may
7510 // be more complex.
7511
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7512 // Test that this is indeed the timeout schedule. Stress all
7513 // four patterns of handshake.
7514 for i := 1; i < len(timeouts); i++ {
7515 number := strconv.Itoa(i)
7516 testCases = append(testCases, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7517 protocol: dtls,
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7518 name: "DTLS-Retransmit-Client-" + number,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7519 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7520 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7521 Bugs: ProtocolBugs{
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7522 TimeoutSchedule: timeouts[:i],
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7523 },
7524 },
7525 resumeSession: true,
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7526 flags: []string{"-async"},
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7527 })
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7528 testCases = append(testCases, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7529 protocol: dtls,
7530 testType: serverTest,
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7531 name: "DTLS-Retransmit-Server-" + number,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7532 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7533 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7534 Bugs: ProtocolBugs{
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7535 TimeoutSchedule: timeouts[:i],
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7536 },
7537 },
7538 resumeSession: true,
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7539 flags: []string{"-async"},
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7540 })
7541 }
David Benjamin11c82892017-02-23 20:40:31 -0500[diff] [blame]7542
7543 // Test that exceeding the timeout schedule hits a read
7544 // timeout.
7545 testCases = append(testCases, testCase{
7546 protocol: dtls,
7547 name: "DTLS-Retransmit-Timeout",
7548 config: Config{
7549 MaxVersion: VersionTLS12,
7550 Bugs: ProtocolBugs{
7551 TimeoutSchedule: timeouts,
7552 },
7553 },
7554 resumeSession: true,
7555 flags: []string{"-async"},
7556 shouldFail: true,
7557 expectedError: ":READ_TIMEOUT_EXPIRED:",
7558 })
7559
7560 // Test that timeout handling has a fudge factor, due to API
7561 // problems.
7562 testCases = append(testCases, testCase{
7563 protocol: dtls,
7564 name: "DTLS-Retransmit-Fudge",
7565 config: Config{
7566 MaxVersion: VersionTLS12,
7567 Bugs: ProtocolBugs{
7568 TimeoutSchedule: []time.Duration{
7569 timeouts[0] - 10*time.Millisecond,
7570 },
7571 },
7572 },
7573 resumeSession: true,
7574 flags: []string{"-async"},
7575 })
7576
7577 // Test that the final Finished retransmitting isn't
7578 // duplicated if the peer badly fragments everything.
7579 testCases = append(testCases, testCase{
7580 testType: serverTest,
7581 protocol: dtls,
7582 name: "DTLS-Retransmit-Fragmented",
7583 config: Config{
7584 MaxVersion: VersionTLS12,
7585 Bugs: ProtocolBugs{
7586 TimeoutSchedule: []time.Duration{timeouts[0]},
7587 MaxHandshakeRecordLength: 2,
7588 },
7589 },
7590 flags: []string{"-async"},
7591 })
7592
7593 // Test the timeout schedule when a shorter initial timeout duration is set.
7594 testCases = append(testCases, testCase{
7595 protocol: dtls,
7596 name: "DTLS-Retransmit-Short-Client",
7597 config: Config{
7598 MaxVersion: VersionTLS12,
7599 Bugs: ProtocolBugs{
7600 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
7601 },
7602 },
7603 resumeSession: true,
7604 flags: []string{
7605 "-async",
7606 "-initial-timeout-duration-ms", "250",
7607 },
7608 })
7609 testCases = append(testCases, testCase{
7610 protocol: dtls,
7611 testType: serverTest,
7612 name: "DTLS-Retransmit-Short-Server",
7613 config: Config{
7614 MaxVersion: VersionTLS12,
7615 Bugs: ProtocolBugs{
7616 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
7617 },
7618 },
7619 resumeSession: true,
7620 flags: []string{
7621 "-async",
7622 "-initial-timeout-duration-ms", "250",
7623 },
7624 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7625}
7626
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7627func addExportKeyingMaterialTests() {
7628 for _, vers := range tlsVersions {
7629 if vers.version == VersionSSL30 {
7630 continue
7631 }
7632 testCases = append(testCases, testCase{
7633 name: "ExportKeyingMaterial-" + vers.name,
7634 config: Config{
7635 MaxVersion: vers.version,
7636 },
7637 exportKeyingMaterial: 1024,
7638 exportLabel: "label",
7639 exportContext: "context",
7640 useExportContext: true,
7641 })
7642 testCases = append(testCases, testCase{
7643 name: "ExportKeyingMaterial-NoContext-" + vers.name,
7644 config: Config{
7645 MaxVersion: vers.version,
7646 },
7647 exportKeyingMaterial: 1024,
7648 })
7649 testCases = append(testCases, testCase{
7650 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
7651 config: Config{
7652 MaxVersion: vers.version,
7653 },
7654 exportKeyingMaterial: 1024,
7655 useExportContext: true,
7656 })
7657 testCases = append(testCases, testCase{
7658 name: "ExportKeyingMaterial-Small-" + vers.name,
7659 config: Config{
7660 MaxVersion: vers.version,
7661 },
7662 exportKeyingMaterial: 1,
7663 exportLabel: "label",
7664 exportContext: "context",
7665 useExportContext: true,
7666 })
7667 }
David Benjamin7bb1d292016-11-01 19:45:06 -0400[diff] [blame]7668
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7669 testCases = append(testCases, testCase{
7670 name: "ExportKeyingMaterial-SSL3",
7671 config: Config{
7672 MaxVersion: VersionSSL30,
7673 },
7674 exportKeyingMaterial: 1024,
7675 exportLabel: "label",
7676 exportContext: "context",
7677 useExportContext: true,
7678 shouldFail: true,
7679 expectedError: "failed to export keying material",
7680 })
David Benjamin7bb1d292016-11-01 19:45:06 -0400[diff] [blame]7681
7682 // Exporters work during a False Start.
7683 testCases = append(testCases, testCase{
7684 name: "ExportKeyingMaterial-FalseStart",
7685 config: Config{
7686 MaxVersion: VersionTLS12,
7687 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7688 NextProtos: []string{"foo"},
7689 Bugs: ProtocolBugs{
7690 ExpectFalseStart: true,
7691 },
7692 },
7693 flags: []string{
7694 "-false-start",
7695 "-advertise-alpn", "\x03foo",
7696 },
7697 shimWritesFirst: true,
7698 exportKeyingMaterial: 1024,
7699 exportLabel: "label",
7700 exportContext: "context",
7701 useExportContext: true,
7702 })
7703
7704 // Exporters do not work in the middle of a renegotiation. Test this by
7705 // triggering the exporter after every SSL_read call and configuring the
7706 // shim to run asynchronously.
7707 testCases = append(testCases, testCase{
7708 name: "ExportKeyingMaterial-Renegotiate",
7709 config: Config{
7710 MaxVersion: VersionTLS12,
7711 },
7712 renegotiate: 1,
7713 flags: []string{
7714 "-async",
7715 "-use-exporter-between-reads",
7716 "-renegotiate-freely",
7717 "-expect-total-renegotiations", "1",
7718 },
7719 shouldFail: true,
7720 expectedError: "failed to export keying material",
7721 })
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7722}
7723
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7724func addTLSUniqueTests() {
7725 for _, isClient := range []bool{false, true} {
7726 for _, isResumption := range []bool{false, true} {
7727 for _, hasEMS := range []bool{false, true} {
7728 var suffix string
7729 if isResumption {
7730 suffix = "Resume-"
7731 } else {
7732 suffix = "Full-"
7733 }
7734
7735 if hasEMS {
7736 suffix += "EMS-"
7737 } else {
7738 suffix += "NoEMS-"
7739 }
7740
7741 if isClient {
7742 suffix += "Client"
7743 } else {
7744 suffix += "Server"
7745 }
7746
7747 test := testCase{
7748 name: "TLSUnique-" + suffix,
7749 testTLSUnique: true,
7750 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7751 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7752 Bugs: ProtocolBugs{
7753 NoExtendedMasterSecret: !hasEMS,
7754 },
7755 },
7756 }
7757
7758 if isResumption {
7759 test.resumeSession = true
7760 test.resumeConfig = &Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7761 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7762 Bugs: ProtocolBugs{
7763 NoExtendedMasterSecret: !hasEMS,
7764 },
7765 }
7766 }
7767
7768 if isResumption && !hasEMS {
7769 test.shouldFail = true
7770 test.expectedError = "failed to get tls-unique"
7771 }
7772
7773 testCases = append(testCases, test)
7774 }
7775 }
7776 }
7777}
7778
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7779func addCustomExtensionTests() {
7780 expectedContents := "custom extension"
7781 emptyString := ""
7782
7783 for _, isClient := range []bool{false, true} {
7784 suffix := "Server"
7785 flag := "-enable-server-custom-extension"
7786 testType := serverTest
7787 if isClient {
7788 suffix = "Client"
7789 flag = "-enable-client-custom-extension"
7790 testType = clientTest
7791 }
7792
7793 testCases = append(testCases, testCase{
7794 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7795 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7796 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7797 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7798 Bugs: ProtocolBugs{
7799 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7800 ExpectedCustomExtension: &expectedContents,
7801 },
7802 },
7803 flags: []string{flag},
7804 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7805 testCases = append(testCases, testCase{
7806 testType: testType,
7807 name: "CustomExtensions-" + suffix + "-TLS13",
7808 config: Config{
7809 MaxVersion: VersionTLS13,
7810 Bugs: ProtocolBugs{
7811 CustomExtension: expectedContents,
7812 ExpectedCustomExtension: &expectedContents,
7813 },
7814 },
7815 flags: []string{flag},
7816 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7817
7818 // If the parse callback fails, the handshake should also fail.
7819 testCases = append(testCases, testCase{
7820 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7821 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7822 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7823 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7824 Bugs: ProtocolBugs{
7825 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7826 ExpectedCustomExtension: &expectedContents,
7827 },
7828 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7829 flags: []string{flag},
7830 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7831 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7832 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7833 testCases = append(testCases, testCase{
7834 testType: testType,
7835 name: "CustomExtensions-ParseError-" + suffix + "-TLS13",
7836 config: Config{
7837 MaxVersion: VersionTLS13,
7838 Bugs: ProtocolBugs{
7839 CustomExtension: expectedContents + "foo",
7840 ExpectedCustomExtension: &expectedContents,
7841 },
7842 },
7843 flags: []string{flag},
7844 shouldFail: true,
7845 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7846 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7847
7848 // If the add callback fails, the handshake should also fail.
7849 testCases = append(testCases, testCase{
7850 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7851 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7852 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7853 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7854 Bugs: ProtocolBugs{
7855 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7856 ExpectedCustomExtension: &expectedContents,
7857 },
7858 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7859 flags: []string{flag, "-custom-extension-fail-add"},
7860 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7861 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7862 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7863 testCases = append(testCases, testCase{
7864 testType: testType,
7865 name: "CustomExtensions-FailAdd-" + suffix + "-TLS13",
7866 config: Config{
7867 MaxVersion: VersionTLS13,
7868 Bugs: ProtocolBugs{
7869 CustomExtension: expectedContents,
7870 ExpectedCustomExtension: &expectedContents,
7871 },
7872 },
7873 flags: []string{flag, "-custom-extension-fail-add"},
7874 shouldFail: true,
7875 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7876 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7877
7878 // If the add callback returns zero, no extension should be
7879 // added.
7880 skipCustomExtension := expectedContents
7881 if isClient {
7882 // For the case where the client skips sending the
7883 // custom extension, the server must not “echo” it.
7884 skipCustomExtension = ""
7885 }
7886 testCases = append(testCases, testCase{
7887 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7888 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7889 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7890 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7891 Bugs: ProtocolBugs{
7892 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7893 ExpectedCustomExtension: &emptyString,
7894 },
7895 },
7896 flags: []string{flag, "-custom-extension-skip"},
7897 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7898 testCases = append(testCases, testCase{
7899 testType: testType,
7900 name: "CustomExtensions-Skip-" + suffix + "-TLS13",
7901 config: Config{
7902 MaxVersion: VersionTLS13,
7903 Bugs: ProtocolBugs{
7904 CustomExtension: skipCustomExtension,
7905 ExpectedCustomExtension: &emptyString,
7906 },
7907 },
7908 flags: []string{flag, "-custom-extension-skip"},
7909 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7910 }
7911
7912 // The custom extension add callback should not be called if the client
7913 // doesn't send the extension.
7914 testCases = append(testCases, testCase{
7915 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7916 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7917 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7918 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7919 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7920 ExpectedCustomExtension: &emptyString,
7921 },
7922 },
7923 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
7924 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7925
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7926 testCases = append(testCases, testCase{
7927 testType: serverTest,
7928 name: "CustomExtensions-NotCalled-Server-TLS13",
7929 config: Config{
7930 MaxVersion: VersionTLS13,
7931 Bugs: ProtocolBugs{
7932 ExpectedCustomExtension: &emptyString,
7933 },
7934 },
7935 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
7936 })
7937
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7938 // Test an unknown extension from the server.
7939 testCases = append(testCases, testCase{
7940 testType: clientTest,
7941 name: "UnknownExtension-Client",
7942 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7943 MaxVersion: VersionTLS12,
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7944 Bugs: ProtocolBugs{
7945 CustomExtension: expectedContents,
7946 },
7947 },
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7948 shouldFail: true,
7949 expectedError: ":UNEXPECTED_EXTENSION:",
7950 expectedLocalError: "remote error: unsupported extension",
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7951 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7952 testCases = append(testCases, testCase{
7953 testType: clientTest,
7954 name: "UnknownExtension-Client-TLS13",
7955 config: Config{
7956 MaxVersion: VersionTLS13,
7957 Bugs: ProtocolBugs{
7958 CustomExtension: expectedContents,
7959 },
7960 },
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7961 shouldFail: true,
7962 expectedError: ":UNEXPECTED_EXTENSION:",
7963 expectedLocalError: "remote error: unsupported extension",
7964 })
David Benjamin490469f2016-10-05 22:44:38 -0400[diff] [blame]7965 testCases = append(testCases, testCase{
7966 testType: clientTest,
7967 name: "UnknownUnencryptedExtension-Client-TLS13",
7968 config: Config{
7969 MaxVersion: VersionTLS13,
7970 Bugs: ProtocolBugs{
7971 CustomUnencryptedExtension: expectedContents,
7972 },
7973 },
7974 shouldFail: true,
7975 expectedError: ":UNEXPECTED_EXTENSION:",
7976 // The shim must send an alert, but alerts at this point do not
7977 // get successfully decrypted by the runner.
7978 expectedLocalError: "local error: bad record MAC",
7979 })
7980 testCases = append(testCases, testCase{
7981 testType: clientTest,
7982 name: "UnexpectedUnencryptedExtension-Client-TLS13",
7983 config: Config{
7984 MaxVersion: VersionTLS13,
7985 Bugs: ProtocolBugs{
7986 SendUnencryptedALPN: "foo",
7987 },
7988 },
7989 flags: []string{
7990 "-advertise-alpn", "\x03foo\x03bar",
7991 },
7992 shouldFail: true,
7993 expectedError: ":UNEXPECTED_EXTENSION:",
7994 // The shim must send an alert, but alerts at this point do not
7995 // get successfully decrypted by the runner.
7996 expectedLocalError: "local error: bad record MAC",
7997 })
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7998
7999 // Test a known but unoffered extension from the server.
8000 testCases = append(testCases, testCase{
8001 testType: clientTest,
8002 name: "UnofferedExtension-Client",
8003 config: Config{
8004 MaxVersion: VersionTLS12,
8005 Bugs: ProtocolBugs{
8006 SendALPN: "alpn",
8007 },
8008 },
8009 shouldFail: true,
8010 expectedError: ":UNEXPECTED_EXTENSION:",
8011 expectedLocalError: "remote error: unsupported extension",
8012 })
8013 testCases = append(testCases, testCase{
8014 testType: clientTest,
8015 name: "UnofferedExtension-Client-TLS13",
8016 config: Config{
8017 MaxVersion: VersionTLS13,
8018 Bugs: ProtocolBugs{
8019 SendALPN: "alpn",
8020 },
8021 },
8022 shouldFail: true,
8023 expectedError: ":UNEXPECTED_EXTENSION:",
8024 expectedLocalError: "remote error: unsupported extension",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8025 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]8026}
8027
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]8028func addRSAClientKeyExchangeTests() {
8029 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
8030 testCases = append(testCases, testCase{
8031 testType: serverTest,
8032 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
8033 config: Config{
8034 // Ensure the ClientHello version and final
8035 // version are different, to detect if the
8036 // server uses the wrong one.
8037 MaxVersion: VersionTLS11,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]8038 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]8039 Bugs: ProtocolBugs{
8040 BadRSAClientKeyExchange: bad,
8041 },
8042 },
8043 shouldFail: true,
8044 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8045 })
8046 }
David Benjamine63d9d72016-09-19 18:27:34 -0400[diff] [blame]8047
8048 // The server must compare whatever was in ClientHello.version for the
8049 // RSA premaster.
8050 testCases = append(testCases, testCase{
8051 testType: serverTest,
8052 name: "SendClientVersion-RSA",
8053 config: Config{
8054 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
8055 Bugs: ProtocolBugs{
8056 SendClientVersion: 0x1234,
8057 },
8058 },
8059 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
8060 })
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]8061}
8062
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8063var testCurves = []struct {
8064 name string
8065 id CurveID
8066}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8067 {"P-256", CurveP256},
8068 {"P-384", CurveP384},
8069 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]8070 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8071}
8072
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]8073const bogusCurve = 0x1234
8074
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8075func addCurveTests() {
8076 for _, curve := range testCurves {
8077 testCases = append(testCases, testCase{
8078 name: "CurveTest-Client-" + curve.name,
8079 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8080 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8081 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8082 CurvePreferences: []CurveID{curve.id},
8083 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]8084 flags: []string{
8085 "-enable-all-curves",
8086 "-expect-curve-id", strconv.Itoa(int(curve.id)),
8087 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]8088 expectedCurveID: curve.id,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8089 })
8090 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8091 name: "CurveTest-Client-" + curve.name + "-TLS13",
8092 config: Config{
8093 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8094 CurvePreferences: []CurveID{curve.id},
8095 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]8096 flags: []string{
8097 "-enable-all-curves",
8098 "-expect-curve-id", strconv.Itoa(int(curve.id)),
8099 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]8100 expectedCurveID: curve.id,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8101 })
8102 testCases = append(testCases, testCase{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8103 testType: serverTest,
8104 name: "CurveTest-Server-" + curve.name,
8105 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8106 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8107 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8108 CurvePreferences: []CurveID{curve.id},
8109 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]8110 flags: []string{
8111 "-enable-all-curves",
8112 "-expect-curve-id", strconv.Itoa(int(curve.id)),
8113 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]8114 expectedCurveID: curve.id,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8115 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8116 testCases = append(testCases, testCase{
8117 testType: serverTest,
8118 name: "CurveTest-Server-" + curve.name + "-TLS13",
8119 config: Config{
8120 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8121 CurvePreferences: []CurveID{curve.id},
8122 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]8123 flags: []string{
8124 "-enable-all-curves",
8125 "-expect-curve-id", strconv.Itoa(int(curve.id)),
8126 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]8127 expectedCurveID: curve.id,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8128 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8129 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]8130
8131 // The server must be tolerant to bogus curves.
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]8132 testCases = append(testCases, testCase{
8133 testType: serverTest,
8134 name: "UnknownCurve",
8135 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8136 MaxVersion: VersionTLS12,
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]8137 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8138 CurvePreferences: []CurveID{bogusCurve, CurveP256},
8139 },
8140 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8141
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8142 // The server must be tolerant to bogus curves.
8143 testCases = append(testCases, testCase{
8144 testType: serverTest,
8145 name: "UnknownCurve-TLS13",
8146 config: Config{
8147 MaxVersion: VersionTLS13,
8148 CurvePreferences: []CurveID{bogusCurve, CurveP256},
8149 },
8150 })
8151
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8152 // The server must not consider ECDHE ciphers when there are no
8153 // supported curves.
8154 testCases = append(testCases, testCase{
8155 testType: serverTest,
8156 name: "NoSupportedCurves",
8157 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8158 MaxVersion: VersionTLS12,
8159 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8160 Bugs: ProtocolBugs{
8161 NoSupportedCurves: true,
8162 },
8163 },
8164 shouldFail: true,
8165 expectedError: ":NO_SHARED_CIPHER:",
8166 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8167 testCases = append(testCases, testCase{
8168 testType: serverTest,
8169 name: "NoSupportedCurves-TLS13",
8170 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8171 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8172 Bugs: ProtocolBugs{
8173 NoSupportedCurves: true,
8174 },
8175 },
8176 shouldFail: true,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8177 expectedError: ":NO_SHARED_GROUP:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8178 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8179
8180 // The server must fall back to another cipher when there are no
8181 // supported curves.
8182 testCases = append(testCases, testCase{
8183 testType: serverTest,
8184 name: "NoCommonCurves",
8185 config: Config{
8186 MaxVersion: VersionTLS12,
8187 CipherSuites: []uint16{
8188 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
8189 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
8190 },
8191 CurvePreferences: []CurveID{CurveP224},
8192 },
8193 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
8194 })
8195
8196 // The client must reject bogus curves and disabled curves.
8197 testCases = append(testCases, testCase{
8198 name: "BadECDHECurve",
8199 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8200 MaxVersion: VersionTLS12,
8201 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8202 Bugs: ProtocolBugs{
8203 SendCurve: bogusCurve,
8204 },
8205 },
8206 shouldFail: true,
8207 expectedError: ":WRONG_CURVE:",
8208 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8209 testCases = append(testCases, testCase{
8210 name: "BadECDHECurve-TLS13",
8211 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8212 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8213 Bugs: ProtocolBugs{
8214 SendCurve: bogusCurve,
8215 },
8216 },
8217 shouldFail: true,
8218 expectedError: ":WRONG_CURVE:",
8219 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8220
8221 testCases = append(testCases, testCase{
8222 name: "UnsupportedCurve",
8223 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8224 MaxVersion: VersionTLS12,
8225 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8226 CurvePreferences: []CurveID{CurveP256},
8227 Bugs: ProtocolBugs{
8228 IgnorePeerCurvePreferences: true,
8229 },
8230 },
8231 flags: []string{"-p384-only"},
8232 shouldFail: true,
8233 expectedError: ":WRONG_CURVE:",
8234 })
8235
David Benjamin4f921572016-07-17 14:20:10 +0200[diff] [blame]8236 testCases = append(testCases, testCase{
8237 // TODO(davidben): Add a TLS 1.3 version where
8238 // HelloRetryRequest requests an unsupported curve.
8239 name: "UnsupportedCurve-ServerHello-TLS13",
8240 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8241 MaxVersion: VersionTLS13,
David Benjamin4f921572016-07-17 14:20:10 +0200[diff] [blame]8242 CurvePreferences: []CurveID{CurveP384},
8243 Bugs: ProtocolBugs{
8244 SendCurve: CurveP256,
8245 },
8246 },
8247 flags: []string{"-p384-only"},
8248 shouldFail: true,
8249 expectedError: ":WRONG_CURVE:",
8250 })
8251
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8252 // Test invalid curve points.
8253 testCases = append(testCases, testCase{
8254 name: "InvalidECDHPoint-Client",
8255 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8256 MaxVersion: VersionTLS12,
8257 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8258 CurvePreferences: []CurveID{CurveP256},
8259 Bugs: ProtocolBugs{
8260 InvalidECDHPoint: true,
8261 },
8262 },
8263 shouldFail: true,
8264 expectedError: ":INVALID_ENCODING:",
8265 })
8266 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8267 name: "InvalidECDHPoint-Client-TLS13",
8268 config: Config{
8269 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8270 CurvePreferences: []CurveID{CurveP256},
8271 Bugs: ProtocolBugs{
8272 InvalidECDHPoint: true,
8273 },
8274 },
8275 shouldFail: true,
8276 expectedError: ":INVALID_ENCODING:",
8277 })
8278 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8279 testType: serverTest,
8280 name: "InvalidECDHPoint-Server",
8281 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8282 MaxVersion: VersionTLS12,
8283 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8284 CurvePreferences: []CurveID{CurveP256},
8285 Bugs: ProtocolBugs{
8286 InvalidECDHPoint: true,
8287 },
8288 },
8289 shouldFail: true,
8290 expectedError: ":INVALID_ENCODING:",
8291 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8292 testCases = append(testCases, testCase{
8293 testType: serverTest,
8294 name: "InvalidECDHPoint-Server-TLS13",
8295 config: Config{
8296 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8297 CurvePreferences: []CurveID{CurveP256},
8298 Bugs: ProtocolBugs{
8299 InvalidECDHPoint: true,
8300 },
8301 },
8302 shouldFail: true,
8303 expectedError: ":INVALID_ENCODING:",
8304 })
David Benjamin8a55ce42016-12-11 03:03:42 -0500[diff] [blame]8305
8306 // The previous curve ID should be reported on TLS 1.2 resumption.
8307 testCases = append(testCases, testCase{
8308 name: "CurveID-Resume-Client",
8309 config: Config{
8310 MaxVersion: VersionTLS12,
8311 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8312 CurvePreferences: []CurveID{CurveX25519},
8313 },
8314 flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
8315 resumeSession: true,
8316 })
8317 testCases = append(testCases, testCase{
8318 testType: serverTest,
8319 name: "CurveID-Resume-Server",
8320 config: Config{
8321 MaxVersion: VersionTLS12,
8322 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8323 CurvePreferences: []CurveID{CurveX25519},
8324 },
8325 flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
8326 resumeSession: true,
8327 })
8328
8329 // TLS 1.3 allows resuming at a differet curve. If this happens, the new
8330 // one should be reported.
8331 testCases = append(testCases, testCase{
8332 name: "CurveID-Resume-Client-TLS13",
8333 config: Config{
8334 MaxVersion: VersionTLS13,
8335 CurvePreferences: []CurveID{CurveX25519},
8336 },
8337 resumeConfig: &Config{
8338 MaxVersion: VersionTLS13,
8339 CurvePreferences: []CurveID{CurveP256},
8340 },
8341 flags: []string{
8342 "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
8343 "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
8344 },
8345 resumeSession: true,
8346 })
8347 testCases = append(testCases, testCase{
8348 testType: serverTest,
8349 name: "CurveID-Resume-Server-TLS13",
8350 config: Config{
8351 MaxVersion: VersionTLS13,
8352 CurvePreferences: []CurveID{CurveX25519},
8353 },
8354 resumeConfig: &Config{
8355 MaxVersion: VersionTLS13,
8356 CurvePreferences: []CurveID{CurveP256},
8357 },
8358 flags: []string{
8359 "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
8360 "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
8361 },
8362 resumeSession: true,
8363 })
David Benjamina81967b2016-12-22 09:16:57 -0500[diff] [blame]8364
8365 // Server-sent point formats are legal in TLS 1.2, but not in TLS 1.3.
8366 testCases = append(testCases, testCase{
8367 name: "PointFormat-ServerHello-TLS12",
8368 config: Config{
8369 MaxVersion: VersionTLS12,
8370 Bugs: ProtocolBugs{
8371 SendSupportedPointFormats: []byte{pointFormatUncompressed},
8372 },
8373 },
8374 })
8375 testCases = append(testCases, testCase{
8376 name: "PointFormat-EncryptedExtensions-TLS13",
8377 config: Config{
8378 MaxVersion: VersionTLS13,
8379 Bugs: ProtocolBugs{
8380 SendSupportedPointFormats: []byte{pointFormatUncompressed},
8381 },
8382 },
8383 shouldFail: true,
8384 expectedError: ":ERROR_PARSING_EXTENSION:",
8385 })
8386
8387 // Test that we tolerate unknown point formats, as long as
8388 // pointFormatUncompressed is present. Limit ciphers to ECDHE ciphers to
8389 // check they are still functional.
8390 testCases = append(testCases, testCase{
8391 name: "PointFormat-Client-Tolerance",
8392 config: Config{
8393 MaxVersion: VersionTLS12,
8394 Bugs: ProtocolBugs{
8395 SendSupportedPointFormats: []byte{42, pointFormatUncompressed, 99, pointFormatCompressedPrime},
8396 },
8397 },
8398 })
8399 testCases = append(testCases, testCase{
8400 testType: serverTest,
8401 name: "PointFormat-Server-Tolerance",
8402 config: Config{
8403 MaxVersion: VersionTLS12,
8404 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
8405 Bugs: ProtocolBugs{
8406 SendSupportedPointFormats: []byte{42, pointFormatUncompressed, 99, pointFormatCompressedPrime},
8407 },
8408 },
8409 })
8410
8411 // Test TLS 1.2 does not require the point format extension to be
8412 // present.
8413 testCases = append(testCases, testCase{
8414 name: "PointFormat-Client-Missing",
8415 config: Config{
8416 MaxVersion: VersionTLS12,
8417 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
8418 Bugs: ProtocolBugs{
8419 SendSupportedPointFormats: []byte{},
8420 },
8421 },
8422 })
8423 testCases = append(testCases, testCase{
8424 testType: serverTest,
8425 name: "PointFormat-Server-Missing",
8426 config: Config{
8427 MaxVersion: VersionTLS12,
8428 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
8429 Bugs: ProtocolBugs{
8430 SendSupportedPointFormats: []byte{},
8431 },
8432 },
8433 })
8434
8435 // If the point format extension is present, uncompressed points must be
8436 // offered. BoringSSL requires this whether or not ECDHE is used.
8437 testCases = append(testCases, testCase{
8438 name: "PointFormat-Client-MissingUncompressed",
8439 config: Config{
8440 MaxVersion: VersionTLS12,
8441 Bugs: ProtocolBugs{
8442 SendSupportedPointFormats: []byte{pointFormatCompressedPrime},
8443 },
8444 },
8445 shouldFail: true,
8446 expectedError: ":ERROR_PARSING_EXTENSION:",
8447 })
8448 testCases = append(testCases, testCase{
8449 testType: serverTest,
8450 name: "PointFormat-Server-MissingUncompressed",
8451 config: Config{
8452 MaxVersion: VersionTLS12,
8453 Bugs: ProtocolBugs{
8454 SendSupportedPointFormats: []byte{pointFormatCompressedPrime},
8455 },
8456 },
8457 shouldFail: true,
8458 expectedError: ":ERROR_PARSING_EXTENSION:",
8459 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8460}
8461
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]8462func addTLS13RecordTests() {
8463 testCases = append(testCases, testCase{
8464 name: "TLS13-RecordPadding",
8465 config: Config{
8466 MaxVersion: VersionTLS13,
8467 MinVersion: VersionTLS13,
8468 Bugs: ProtocolBugs{
8469 RecordPadding: 10,
8470 },
8471 },
8472 })
8473
8474 testCases = append(testCases, testCase{
8475 name: "TLS13-EmptyRecords",
8476 config: Config{
8477 MaxVersion: VersionTLS13,
8478 MinVersion: VersionTLS13,
8479 Bugs: ProtocolBugs{
8480 OmitRecordContents: true,
8481 },
8482 },
8483 shouldFail: true,
8484 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8485 })
8486
8487 testCases = append(testCases, testCase{
8488 name: "TLS13-OnlyPadding",
8489 config: Config{
8490 MaxVersion: VersionTLS13,
8491 MinVersion: VersionTLS13,
8492 Bugs: ProtocolBugs{
8493 OmitRecordContents: true,
8494 RecordPadding: 10,
8495 },
8496 },
8497 shouldFail: true,
8498 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8499 })
8500
8501 testCases = append(testCases, testCase{
8502 name: "TLS13-WrongOuterRecord",
8503 config: Config{
8504 MaxVersion: VersionTLS13,
8505 MinVersion: VersionTLS13,
8506 Bugs: ProtocolBugs{
8507 OuterRecordType: recordTypeHandshake,
8508 },
8509 },
8510 shouldFail: true,
8511 expectedError: ":INVALID_OUTER_RECORD_TYPE:",
8512 })
8513}
8514
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8515func addSessionTicketTests() {
8516 testCases = append(testCases, testCase{
8517 // In TLS 1.2 and below, empty NewSessionTicket messages
8518 // mean the server changed its mind on sending a ticket.
8519 name: "SendEmptySessionTicket",
8520 config: Config{
8521 MaxVersion: VersionTLS12,
8522 Bugs: ProtocolBugs{
8523 SendEmptySessionTicket: true,
8524 },
8525 },
8526 flags: []string{"-expect-no-session"},
8527 })
8528
8529 // Test that the server ignores unknown PSK modes.
8530 testCases = append(testCases, testCase{
8531 testType: serverTest,
8532 name: "TLS13-SendUnknownModeSessionTicket-Server",
8533 config: Config{
8534 MaxVersion: VersionTLS13,
8535 Bugs: ProtocolBugs{
8536 SendPSKKeyExchangeModes: []byte{0x1a, pskDHEKEMode, 0x2a},
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8537 },
8538 },
8539 resumeSession: true,
8540 expectedResumeVersion: VersionTLS13,
8541 })
8542
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8543 // Test that the server does not send session tickets with no matching key exchange mode.
8544 testCases = append(testCases, testCase{
8545 testType: serverTest,
8546 name: "TLS13-ExpectNoSessionTicketOnBadKEMode-Server",
8547 config: Config{
8548 MaxVersion: VersionTLS13,
8549 Bugs: ProtocolBugs{
8550 SendPSKKeyExchangeModes: []byte{0x1a},
8551 ExpectNoNewSessionTicket: true,
8552 },
8553 },
8554 })
8555
8556 // Test that the server does not accept a session with no matching key exchange mode.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8557 testCases = append(testCases, testCase{
8558 testType: serverTest,
8559 name: "TLS13-SendBadKEModeSessionTicket-Server",
8560 config: Config{
8561 MaxVersion: VersionTLS13,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8562 },
8563 resumeConfig: &Config{
8564 MaxVersion: VersionTLS13,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8565 Bugs: ProtocolBugs{
8566 SendPSKKeyExchangeModes: []byte{0x1a},
8567 },
8568 },
8569 resumeSession: true,
8570 expectResumeRejected: true,
8571 })
8572
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8573 // Test that the client ticket age is sent correctly.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8574 testCases = append(testCases, testCase{
8575 testType: clientTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8576 name: "TLS13-TestValidTicketAge-Client",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8577 config: Config{
8578 MaxVersion: VersionTLS13,
8579 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8580 ExpectTicketAge: 10 * time.Second,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8581 },
8582 },
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8583 resumeSession: true,
8584 flags: []string{
8585 "-resumption-delay", "10",
8586 },
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8587 })
8588
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8589 // Test that the client ticket age is enforced.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8590 testCases = append(testCases, testCase{
8591 testType: clientTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8592 name: "TLS13-TestBadTicketAge-Client",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8593 config: Config{
8594 MaxVersion: VersionTLS13,
8595 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8596 ExpectTicketAge: 1000 * time.Second,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8597 },
8598 },
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8599 resumeSession: true,
8600 shouldFail: true,
8601 expectedLocalError: "tls: invalid ticket age",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8602 })
8603
David Benjamin35ac5b72017-03-03 15:05:56 -0500[diff] [blame^]8604 // Test that the server's ticket age skew reporting works.
8605 testCases = append(testCases, testCase{
8606 testType: serverTest,
8607 name: "TLS13-TicketAgeSkew-Forward",
8608 config: Config{
8609 MaxVersion: VersionTLS13,
8610 Bugs: ProtocolBugs{
8611 SendTicketAge: 15 * time.Second,
8612 },
8613 },
8614 resumeSession: true,
8615 flags: []string{
8616 "-resumption-delay", "10",
8617 "-expect-ticket-age-skew", "5",
8618 },
8619 })
8620 testCases = append(testCases, testCase{
8621 testType: serverTest,
8622 name: "TLS13-TicketAgeSkew-Backward",
8623 config: Config{
8624 MaxVersion: VersionTLS13,
8625 Bugs: ProtocolBugs{
8626 SendTicketAge: 5 * time.Second,
8627 },
8628 },
8629 resumeSession: true,
8630 flags: []string{
8631 "-resumption-delay", "10",
8632 "-expect-ticket-age-skew", "-5",
8633 },
8634 })
8635
Steven Valdez08b65f42016-12-07 15:29:45 -0500[diff] [blame]8636 testCases = append(testCases, testCase{
8637 testType: clientTest,
8638 name: "TLS13-SendTicketEarlyDataInfo",
8639 config: Config{
Nick Harperab20cec2016-12-19 17:38:41 -0800[diff] [blame]8640 MaxVersion: VersionTLS13,
8641 MaxEarlyDataSize: 16384,
Steven Valdez08b65f42016-12-07 15:29:45 -0500[diff] [blame]8642 },
8643 flags: []string{
David Benjamin9b160662017-01-25 19:53:43 -0500[diff] [blame]8644 "-enable-early-data",
Steven Valdez08b65f42016-12-07 15:29:45 -0500[diff] [blame]8645 "-expect-early-data-info",
8646 },
8647 })
8648
David Benjamin9b160662017-01-25 19:53:43 -0500[diff] [blame]8649 // Test that 0-RTT tickets are ignored in clients unless opted in.
8650 testCases = append(testCases, testCase{
8651 testType: clientTest,
8652 name: "TLS13-SendTicketEarlyDataInfo-Disabled",
8653 config: Config{
Nick Harperab20cec2016-12-19 17:38:41 -0800[diff] [blame]8654 MaxVersion: VersionTLS13,
8655 MaxEarlyDataSize: 16384,
David Benjamin9b160662017-01-25 19:53:43 -0500[diff] [blame]8656 },
8657 })
8658
Steven Valdez08b65f42016-12-07 15:29:45 -0500[diff] [blame]8659 testCases = append(testCases, testCase{
David Benjamin9c33ae82017-01-08 06:04:43 -0500[diff] [blame]8660 testType: clientTest,
8661 name: "TLS13-DuplicateTicketEarlyDataInfo",
8662 config: Config{
Nick Harperab20cec2016-12-19 17:38:41 -0800[diff] [blame]8663 MaxVersion: VersionTLS13,
8664 MaxEarlyDataSize: 16384,
David Benjamin9c33ae82017-01-08 06:04:43 -0500[diff] [blame]8665 Bugs: ProtocolBugs{
David Benjamin9c33ae82017-01-08 06:04:43 -0500[diff] [blame]8666 DuplicateTicketEarlyDataInfo: true,
8667 },
8668 },
8669 shouldFail: true,
8670 expectedError: ":DUPLICATE_EXTENSION:",
8671 expectedLocalError: "remote error: illegal parameter",
8672 })
8673
8674 testCases = append(testCases, testCase{
Steven Valdez08b65f42016-12-07 15:29:45 -0500[diff] [blame]8675 testType: serverTest,
8676 name: "TLS13-ExpectTicketEarlyDataInfo",
8677 config: Config{
8678 MaxVersion: VersionTLS13,
8679 Bugs: ProtocolBugs{
8680 ExpectTicketEarlyDataInfo: true,
8681 },
8682 },
8683 flags: []string{
8684 "-enable-early-data",
8685 },
8686 })
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]8687
8688 // Test that, in TLS 1.3, the server-offered NewSessionTicket lifetime
8689 // is honored.
8690 testCases = append(testCases, testCase{
8691 testType: clientTest,
8692 name: "TLS13-HonorServerSessionTicketLifetime",
8693 config: Config{
8694 MaxVersion: VersionTLS13,
8695 Bugs: ProtocolBugs{
8696 SendTicketLifetime: 20 * time.Second,
8697 },
8698 },
8699 flags: []string{
8700 "-resumption-delay", "19",
8701 },
8702 resumeSession: true,
8703 })
8704 testCases = append(testCases, testCase{
8705 testType: clientTest,
8706 name: "TLS13-HonorServerSessionTicketLifetime-2",
8707 config: Config{
8708 MaxVersion: VersionTLS13,
8709 Bugs: ProtocolBugs{
8710 SendTicketLifetime: 20 * time.Second,
8711 // The client should not offer the expired session.
8712 ExpectNoTLS13PSK: true,
8713 },
8714 },
8715 flags: []string{
8716 "-resumption-delay", "21",
8717 },
David Benjamin023d4192017-02-06 13:49:07 -0500[diff] [blame]8718 resumeSession: true,
David Benjamin17b30832017-01-28 14:00:32 -0500[diff] [blame]8719 expectResumeRejected: true,
8720 })
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8721}
8722
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8723func addChangeCipherSpecTests() {
8724 // Test missing ChangeCipherSpecs.
8725 testCases = append(testCases, testCase{
8726 name: "SkipChangeCipherSpec-Client",
8727 config: Config{
8728 MaxVersion: VersionTLS12,
8729 Bugs: ProtocolBugs{
8730 SkipChangeCipherSpec: true,
8731 },
8732 },
8733 shouldFail: true,
8734 expectedError: ":UNEXPECTED_RECORD:",
8735 })
8736 testCases = append(testCases, testCase{
8737 testType: serverTest,
8738 name: "SkipChangeCipherSpec-Server",
8739 config: Config{
8740 MaxVersion: VersionTLS12,
8741 Bugs: ProtocolBugs{
8742 SkipChangeCipherSpec: true,
8743 },
8744 },
8745 shouldFail: true,
8746 expectedError: ":UNEXPECTED_RECORD:",
8747 })
8748 testCases = append(testCases, testCase{
8749 testType: serverTest,
8750 name: "SkipChangeCipherSpec-Server-NPN",
8751 config: Config{
8752 MaxVersion: VersionTLS12,
8753 NextProtos: []string{"bar"},
8754 Bugs: ProtocolBugs{
8755 SkipChangeCipherSpec: true,
8756 },
8757 },
8758 flags: []string{
8759 "-advertise-npn", "\x03foo\x03bar\x03baz",
8760 },
8761 shouldFail: true,
8762 expectedError: ":UNEXPECTED_RECORD:",
8763 })
8764
8765 // Test synchronization between the handshake and ChangeCipherSpec.
8766 // Partial post-CCS handshake messages before ChangeCipherSpec should be
8767 // rejected. Test both with and without handshake packing to handle both
8768 // when the partial post-CCS message is in its own record and when it is
8769 // attached to the pre-CCS message.
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8770 for _, packed := range []bool{false, true} {
8771 var suffix string
8772 if packed {
8773 suffix = "-Packed"
8774 }
8775
8776 testCases = append(testCases, testCase{
8777 name: "FragmentAcrossChangeCipherSpec-Client" + suffix,
8778 config: Config{
8779 MaxVersion: VersionTLS12,
8780 Bugs: ProtocolBugs{
8781 FragmentAcrossChangeCipherSpec: true,
8782 PackHandshakeFlight: packed,
8783 },
8784 },
8785 shouldFail: true,
8786 expectedError: ":UNEXPECTED_RECORD:",
8787 })
8788 testCases = append(testCases, testCase{
8789 name: "FragmentAcrossChangeCipherSpec-Client-Resume" + suffix,
8790 config: Config{
8791 MaxVersion: VersionTLS12,
8792 },
8793 resumeSession: true,
8794 resumeConfig: &Config{
8795 MaxVersion: VersionTLS12,
8796 Bugs: ProtocolBugs{
8797 FragmentAcrossChangeCipherSpec: true,
8798 PackHandshakeFlight: packed,
8799 },
8800 },
8801 shouldFail: true,
8802 expectedError: ":UNEXPECTED_RECORD:",
8803 })
8804 testCases = append(testCases, testCase{
8805 testType: serverTest,
8806 name: "FragmentAcrossChangeCipherSpec-Server" + suffix,
8807 config: Config{
8808 MaxVersion: VersionTLS12,
8809 Bugs: ProtocolBugs{
8810 FragmentAcrossChangeCipherSpec: true,
8811 PackHandshakeFlight: packed,
8812 },
8813 },
8814 shouldFail: true,
8815 expectedError: ":UNEXPECTED_RECORD:",
8816 })
8817 testCases = append(testCases, testCase{
8818 testType: serverTest,
8819 name: "FragmentAcrossChangeCipherSpec-Server-Resume" + suffix,
8820 config: Config{
8821 MaxVersion: VersionTLS12,
8822 },
8823 resumeSession: true,
8824 resumeConfig: &Config{
8825 MaxVersion: VersionTLS12,
8826 Bugs: ProtocolBugs{
8827 FragmentAcrossChangeCipherSpec: true,
8828 PackHandshakeFlight: packed,
8829 },
8830 },
8831 shouldFail: true,
8832 expectedError: ":UNEXPECTED_RECORD:",
8833 })
8834 testCases = append(testCases, testCase{
8835 testType: serverTest,
8836 name: "FragmentAcrossChangeCipherSpec-Server-NPN" + suffix,
8837 config: Config{
8838 MaxVersion: VersionTLS12,
8839 NextProtos: []string{"bar"},
8840 Bugs: ProtocolBugs{
8841 FragmentAcrossChangeCipherSpec: true,
8842 PackHandshakeFlight: packed,
8843 },
8844 },
8845 flags: []string{
8846 "-advertise-npn", "\x03foo\x03bar\x03baz",
8847 },
8848 shouldFail: true,
8849 expectedError: ":UNEXPECTED_RECORD:",
8850 })
8851 }
8852
David Benjamin61672812016-07-14 23:10:43 -0400[diff] [blame]8853 // Test that, in DTLS, ChangeCipherSpec is not allowed when there are
8854 // messages in the handshake queue. Do this by testing the server
8855 // reading the client Finished, reversing the flight so Finished comes
8856 // first.
8857 testCases = append(testCases, testCase{
8858 protocol: dtls,
8859 testType: serverTest,
8860 name: "SendUnencryptedFinished-DTLS",
8861 config: Config{
8862 MaxVersion: VersionTLS12,
8863 Bugs: ProtocolBugs{
8864 SendUnencryptedFinished: true,
8865 ReverseHandshakeFragments: true,
8866 },
8867 },
8868 shouldFail: true,
8869 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8870 })
8871
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8872 // Test synchronization between encryption changes and the handshake in
8873 // TLS 1.3, where ChangeCipherSpec is implicit.
8874 testCases = append(testCases, testCase{
8875 name: "PartialEncryptedExtensionsWithServerHello",
8876 config: Config{
8877 MaxVersion: VersionTLS13,
8878 Bugs: ProtocolBugs{
8879 PartialEncryptedExtensionsWithServerHello: true,
8880 },
8881 },
8882 shouldFail: true,
8883 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8884 })
8885 testCases = append(testCases, testCase{
8886 testType: serverTest,
8887 name: "PartialClientFinishedWithClientHello",
8888 config: Config{
8889 MaxVersion: VersionTLS13,
8890 Bugs: ProtocolBugs{
8891 PartialClientFinishedWithClientHello: true,
8892 },
8893 },
8894 shouldFail: true,
8895 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8896 })
8897
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8898 // Test that early ChangeCipherSpecs are handled correctly.
8899 testCases = append(testCases, testCase{
8900 testType: serverTest,
8901 name: "EarlyChangeCipherSpec-server-1",
8902 config: Config{
8903 MaxVersion: VersionTLS12,
8904 Bugs: ProtocolBugs{
8905 EarlyChangeCipherSpec: 1,
8906 },
8907 },
8908 shouldFail: true,
8909 expectedError: ":UNEXPECTED_RECORD:",
8910 })
8911 testCases = append(testCases, testCase{
8912 testType: serverTest,
8913 name: "EarlyChangeCipherSpec-server-2",
8914 config: Config{
8915 MaxVersion: VersionTLS12,
8916 Bugs: ProtocolBugs{
8917 EarlyChangeCipherSpec: 2,
8918 },
8919 },
8920 shouldFail: true,
8921 expectedError: ":UNEXPECTED_RECORD:",
8922 })
8923 testCases = append(testCases, testCase{
8924 protocol: dtls,
8925 name: "StrayChangeCipherSpec",
8926 config: Config{
8927 // TODO(davidben): Once DTLS 1.3 exists, test
8928 // that stray ChangeCipherSpec messages are
8929 // rejected.
8930 MaxVersion: VersionTLS12,
8931 Bugs: ProtocolBugs{
8932 StrayChangeCipherSpec: true,
8933 },
8934 },
8935 })
8936
8937 // Test that the contents of ChangeCipherSpec are checked.
8938 testCases = append(testCases, testCase{
8939 name: "BadChangeCipherSpec-1",
8940 config: Config{
8941 MaxVersion: VersionTLS12,
8942 Bugs: ProtocolBugs{
8943 BadChangeCipherSpec: []byte{2},
8944 },
8945 },
8946 shouldFail: true,
8947 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8948 })
8949 testCases = append(testCases, testCase{
8950 name: "BadChangeCipherSpec-2",
8951 config: Config{
8952 MaxVersion: VersionTLS12,
8953 Bugs: ProtocolBugs{
8954 BadChangeCipherSpec: []byte{1, 1},
8955 },
8956 },
8957 shouldFail: true,
8958 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8959 })
8960 testCases = append(testCases, testCase{
8961 protocol: dtls,
8962 name: "BadChangeCipherSpec-DTLS-1",
8963 config: Config{
8964 MaxVersion: VersionTLS12,
8965 Bugs: ProtocolBugs{
8966 BadChangeCipherSpec: []byte{2},
8967 },
8968 },
8969 shouldFail: true,
8970 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8971 })
8972 testCases = append(testCases, testCase{
8973 protocol: dtls,
8974 name: "BadChangeCipherSpec-DTLS-2",
8975 config: Config{
8976 MaxVersion: VersionTLS12,
8977 Bugs: ProtocolBugs{
8978 BadChangeCipherSpec: []byte{1, 1},
8979 },
8980 },
8981 shouldFail: true,
8982 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8983 })
8984}
8985
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8986type perMessageTest struct {
8987 messageType uint8
8988 test testCase
8989}
8990
8991// makePerMessageTests returns a series of test templates which cover each
8992// message in the TLS handshake. These may be used with bugs like
8993// WrongMessageType to fully test a per-message bug.
8994func makePerMessageTests() []perMessageTest {
8995 var ret []perMessageTest
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8996 for _, protocol := range []protocol{tls, dtls} {
8997 var suffix string
8998 if protocol == dtls {
8999 suffix = "-DTLS"
9000 }
9001
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9002 ret = append(ret, perMessageTest{
9003 messageType: typeClientHello,
9004 test: testCase{
9005 protocol: protocol,
9006 testType: serverTest,
9007 name: "ClientHello" + suffix,
9008 config: Config{
9009 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9010 },
9011 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9012 })
9013
9014 if protocol == dtls {
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9015 ret = append(ret, perMessageTest{
9016 messageType: typeHelloVerifyRequest,
9017 test: testCase{
9018 protocol: protocol,
9019 name: "HelloVerifyRequest" + suffix,
9020 config: Config{
9021 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9022 },
9023 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9024 })
9025 }
9026
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9027 ret = append(ret, perMessageTest{
9028 messageType: typeServerHello,
9029 test: testCase{
9030 protocol: protocol,
9031 name: "ServerHello" + suffix,
9032 config: Config{
9033 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9034 },
9035 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9036 })
9037
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9038 ret = append(ret, perMessageTest{
9039 messageType: typeCertificate,
9040 test: testCase{
9041 protocol: protocol,
9042 name: "ServerCertificate" + suffix,
9043 config: Config{
9044 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9045 },
9046 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9047 })
9048
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9049 ret = append(ret, perMessageTest{
9050 messageType: typeCertificateStatus,
9051 test: testCase{
9052 protocol: protocol,
9053 name: "CertificateStatus" + suffix,
9054 config: Config{
9055 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9056 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9057 flags: []string{"-enable-ocsp-stapling"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9058 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9059 })
9060
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9061 ret = append(ret, perMessageTest{
9062 messageType: typeServerKeyExchange,
9063 test: testCase{
9064 protocol: protocol,
9065 name: "ServerKeyExchange" + suffix,
9066 config: Config{
9067 MaxVersion: VersionTLS12,
9068 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9069 },
9070 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9071 })
9072
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9073 ret = append(ret, perMessageTest{
9074 messageType: typeCertificateRequest,
9075 test: testCase{
9076 protocol: protocol,
9077 name: "CertificateRequest" + suffix,
9078 config: Config{
9079 MaxVersion: VersionTLS12,
9080 ClientAuth: RequireAnyClientCert,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9081 },
9082 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9083 })
9084
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9085 ret = append(ret, perMessageTest{
9086 messageType: typeServerHelloDone,
9087 test: testCase{
9088 protocol: protocol,
9089 name: "ServerHelloDone" + suffix,
9090 config: Config{
9091 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9092 },
9093 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9094 })
9095
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9096 ret = append(ret, perMessageTest{
9097 messageType: typeCertificate,
9098 test: testCase{
9099 testType: serverTest,
9100 protocol: protocol,
9101 name: "ClientCertificate" + suffix,
9102 config: Config{
9103 Certificates: []Certificate{rsaCertificate},
9104 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9105 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9106 flags: []string{"-require-any-client-certificate"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9107 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9108 })
9109
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9110 ret = append(ret, perMessageTest{
9111 messageType: typeCertificateVerify,
9112 test: testCase{
9113 testType: serverTest,
9114 protocol: protocol,
9115 name: "CertificateVerify" + suffix,
9116 config: Config{
9117 Certificates: []Certificate{rsaCertificate},
9118 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9119 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9120 flags: []string{"-require-any-client-certificate"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9121 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9122 })
9123
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9124 ret = append(ret, perMessageTest{
9125 messageType: typeClientKeyExchange,
9126 test: testCase{
9127 testType: serverTest,
9128 protocol: protocol,
9129 name: "ClientKeyExchange" + suffix,
9130 config: Config{
9131 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9132 },
9133 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9134 })
9135
9136 if protocol != dtls {
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9137 ret = append(ret, perMessageTest{
9138 messageType: typeNextProtocol,
9139 test: testCase{
9140 testType: serverTest,
9141 protocol: protocol,
9142 name: "NextProtocol" + suffix,
9143 config: Config{
9144 MaxVersion: VersionTLS12,
9145 NextProtos: []string{"bar"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9146 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9147 flags: []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9148 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9149 })
9150
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9151 ret = append(ret, perMessageTest{
9152 messageType: typeChannelID,
9153 test: testCase{
9154 testType: serverTest,
9155 protocol: protocol,
9156 name: "ChannelID" + suffix,
9157 config: Config{
9158 MaxVersion: VersionTLS12,
9159 ChannelID: channelIDKey,
9160 },
9161 flags: []string{
9162 "-expect-channel-id",
9163 base64.StdEncoding.EncodeToString(channelIDBytes),
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9164 },
9165 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9166 })
9167 }
9168
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9169 ret = append(ret, perMessageTest{
9170 messageType: typeFinished,
9171 test: testCase{
9172 testType: serverTest,
9173 protocol: protocol,
9174 name: "ClientFinished" + suffix,
9175 config: Config{
9176 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9177 },
9178 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9179 })
9180
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9181 ret = append(ret, perMessageTest{
9182 messageType: typeNewSessionTicket,
9183 test: testCase{
9184 protocol: protocol,
9185 name: "NewSessionTicket" + suffix,
9186 config: Config{
9187 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9188 },
9189 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9190 })
9191
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9192 ret = append(ret, perMessageTest{
9193 messageType: typeFinished,
9194 test: testCase{
9195 protocol: protocol,
9196 name: "ServerFinished" + suffix,
9197 config: Config{
9198 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9199 },
9200 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9201 })
9202
9203 }
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9204
9205 ret = append(ret, perMessageTest{
9206 messageType: typeClientHello,
9207 test: testCase{
9208 testType: serverTest,
9209 name: "TLS13-ClientHello",
9210 config: Config{
9211 MaxVersion: VersionTLS13,
9212 },
9213 },
9214 })
9215
9216 ret = append(ret, perMessageTest{
9217 messageType: typeServerHello,
9218 test: testCase{
9219 name: "TLS13-ServerHello",
9220 config: Config{
9221 MaxVersion: VersionTLS13,
9222 },
9223 },
9224 })
9225
9226 ret = append(ret, perMessageTest{
9227 messageType: typeEncryptedExtensions,
9228 test: testCase{
9229 name: "TLS13-EncryptedExtensions",
9230 config: Config{
9231 MaxVersion: VersionTLS13,
9232 },
9233 },
9234 })
9235
9236 ret = append(ret, perMessageTest{
9237 messageType: typeCertificateRequest,
9238 test: testCase{
9239 name: "TLS13-CertificateRequest",
9240 config: Config{
9241 MaxVersion: VersionTLS13,
9242 ClientAuth: RequireAnyClientCert,
9243 },
9244 },
9245 })
9246
9247 ret = append(ret, perMessageTest{
9248 messageType: typeCertificate,
9249 test: testCase{
9250 name: "TLS13-ServerCertificate",
9251 config: Config{
9252 MaxVersion: VersionTLS13,
9253 },
9254 },
9255 })
9256
9257 ret = append(ret, perMessageTest{
9258 messageType: typeCertificateVerify,
9259 test: testCase{
9260 name: "TLS13-ServerCertificateVerify",
9261 config: Config{
9262 MaxVersion: VersionTLS13,
9263 },
9264 },
9265 })
9266
9267 ret = append(ret, perMessageTest{
9268 messageType: typeFinished,
9269 test: testCase{
9270 name: "TLS13-ServerFinished",
9271 config: Config{
9272 MaxVersion: VersionTLS13,
9273 },
9274 },
9275 })
9276
9277 ret = append(ret, perMessageTest{
9278 messageType: typeCertificate,
9279 test: testCase{
9280 testType: serverTest,
9281 name: "TLS13-ClientCertificate",
9282 config: Config{
9283 Certificates: []Certificate{rsaCertificate},
9284 MaxVersion: VersionTLS13,
9285 },
9286 flags: []string{"-require-any-client-certificate"},
9287 },
9288 })
9289
9290 ret = append(ret, perMessageTest{
9291 messageType: typeCertificateVerify,
9292 test: testCase{
9293 testType: serverTest,
9294 name: "TLS13-ClientCertificateVerify",
9295 config: Config{
9296 Certificates: []Certificate{rsaCertificate},
9297 MaxVersion: VersionTLS13,
9298 },
9299 flags: []string{"-require-any-client-certificate"},
9300 },
9301 })
9302
9303 ret = append(ret, perMessageTest{
9304 messageType: typeFinished,
9305 test: testCase{
9306 testType: serverTest,
9307 name: "TLS13-ClientFinished",
9308 config: Config{
9309 MaxVersion: VersionTLS13,
9310 },
9311 },
9312 })
9313
9314 return ret
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9315}
9316
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9317func addWrongMessageTypeTests() {
9318 for _, t := range makePerMessageTests() {
9319 t.test.name = "WrongMessageType-" + t.test.name
9320 t.test.config.Bugs.SendWrongMessageType = t.messageType
9321 t.test.shouldFail = true
9322 t.test.expectedError = ":UNEXPECTED_MESSAGE:"
9323 t.test.expectedLocalError = "remote error: unexpected message"
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9324
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9325 if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
9326 // In TLS 1.3, a bad ServerHello means the client sends
9327 // an unencrypted alert while the server expects
9328 // encryption, so the alert is not readable by runner.
9329 t.test.expectedLocalError = "local error: bad record MAC"
9330 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9331
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]9332 testCases = append(testCases, t.test)
9333 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9334}
9335
David Benjamin639846e2016-09-09 11:41:18 -0400[diff] [blame]9336func addTrailingMessageDataTests() {
9337 for _, t := range makePerMessageTests() {
9338 t.test.name = "TrailingMessageData-" + t.test.name
9339 t.test.config.Bugs.SendTrailingMessageData = t.messageType
9340 t.test.shouldFail = true
9341 t.test.expectedError = ":DECODE_ERROR:"
9342 t.test.expectedLocalError = "remote error: error decoding message"
9343
9344 if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
9345 // In TLS 1.3, a bad ServerHello means the client sends
9346 // an unencrypted alert while the server expects
9347 // encryption, so the alert is not readable by runner.
9348 t.test.expectedLocalError = "local error: bad record MAC"
9349 }
9350
9351 if t.messageType == typeFinished {
9352 // Bad Finished messages read as the verify data having
9353 // the wrong length.
9354 t.test.expectedError = ":DIGEST_CHECK_FAILED:"
9355 t.test.expectedLocalError = "remote error: error decrypting message"
9356 }
9357
9358 testCases = append(testCases, t.test)
9359 }
9360}
9361
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9362func addTLS13HandshakeTests() {
9363 testCases = append(testCases, testCase{
9364 testType: clientTest,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]9365 name: "NegotiatePSKResumption-TLS13",
9366 config: Config{
9367 MaxVersion: VersionTLS13,
9368 Bugs: ProtocolBugs{
9369 NegotiatePSKResumption: true,
9370 },
9371 },
9372 resumeSession: true,
9373 shouldFail: true,
David Benjamindb5bd722016-12-08 18:21:27 -0500[diff] [blame]9374 expectedError: ":MISSING_KEY_SHARE:",
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]9375 })
9376
9377 testCases = append(testCases, testCase{
9378 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9379 name: "MissingKeyShare-Client",
9380 config: Config{
9381 MaxVersion: VersionTLS13,
9382 Bugs: ProtocolBugs{
9383 MissingKeyShare: true,
9384 },
9385 },
9386 shouldFail: true,
David Benjamindb5bd722016-12-08 18:21:27 -0500[diff] [blame]9387 expectedError: ":MISSING_KEY_SHARE:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9388 })
9389
9390 testCases = append(testCases, testCase{
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9391 testType: serverTest,
9392 name: "MissingKeyShare-Server",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9393 config: Config{
9394 MaxVersion: VersionTLS13,
9395 Bugs: ProtocolBugs{
9396 MissingKeyShare: true,
9397 },
9398 },
9399 shouldFail: true,
9400 expectedError: ":MISSING_KEY_SHARE:",
9401 })
9402
9403 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9404 testType: serverTest,
9405 name: "DuplicateKeyShares",
9406 config: Config{
9407 MaxVersion: VersionTLS13,
9408 Bugs: ProtocolBugs{
9409 DuplicateKeyShares: true,
9410 },
9411 },
David Benjamin7e1f9842016-09-20 19:24:40 -0400[diff] [blame]9412 shouldFail: true,
9413 expectedError: ":DUPLICATE_KEY_SHARE:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9414 })
9415
9416 testCases = append(testCases, testCase{
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9417 testType: serverTest,
9418 name: "SkipEarlyData",
9419 config: Config{
9420 MaxVersion: VersionTLS13,
9421 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9422 SendFakeEarlyDataLength: 4,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9423 },
9424 },
9425 })
9426
9427 testCases = append(testCases, testCase{
9428 testType: serverTest,
9429 name: "SkipEarlyData-OmitEarlyDataExtension",
9430 config: Config{
9431 MaxVersion: VersionTLS13,
9432 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9433 SendFakeEarlyDataLength: 4,
9434 OmitEarlyDataExtension: true,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9435 },
9436 },
9437 shouldFail: true,
9438 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
9439 })
9440
9441 testCases = append(testCases, testCase{
9442 testType: serverTest,
9443 name: "SkipEarlyData-TooMuchData",
9444 config: Config{
9445 MaxVersion: VersionTLS13,
9446 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9447 SendFakeEarlyDataLength: 16384 + 1,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9448 },
9449 },
9450 shouldFail: true,
9451 expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
9452 })
9453
9454 testCases = append(testCases, testCase{
9455 testType: serverTest,
9456 name: "SkipEarlyData-Interleaved",
9457 config: Config{
9458 MaxVersion: VersionTLS13,
9459 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9460 SendFakeEarlyDataLength: 4,
9461 InterleaveEarlyData: true,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9462 },
9463 },
9464 shouldFail: true,
9465 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
9466 })
9467
9468 testCases = append(testCases, testCase{
9469 testType: serverTest,
9470 name: "SkipEarlyData-EarlyDataInTLS12",
9471 config: Config{
9472 MaxVersion: VersionTLS13,
9473 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9474 SendFakeEarlyDataLength: 4,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9475 },
9476 },
9477 shouldFail: true,
9478 expectedError: ":UNEXPECTED_RECORD:",
9479 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
9480 })
9481
9482 testCases = append(testCases, testCase{
9483 testType: serverTest,
9484 name: "SkipEarlyData-HRR",
9485 config: Config{
9486 MaxVersion: VersionTLS13,
9487 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9488 SendFakeEarlyDataLength: 4,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9489 },
9490 DefaultCurves: []CurveID{},
9491 },
9492 })
9493
9494 testCases = append(testCases, testCase{
9495 testType: serverTest,
9496 name: "SkipEarlyData-HRR-Interleaved",
9497 config: Config{
9498 MaxVersion: VersionTLS13,
9499 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9500 SendFakeEarlyDataLength: 4,
9501 InterleaveEarlyData: true,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9502 },
9503 DefaultCurves: []CurveID{},
9504 },
9505 shouldFail: true,
9506 expectedError: ":UNEXPECTED_RECORD:",
9507 })
9508
9509 testCases = append(testCases, testCase{
9510 testType: serverTest,
9511 name: "SkipEarlyData-HRR-TooMuchData",
9512 config: Config{
9513 MaxVersion: VersionTLS13,
9514 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9515 SendFakeEarlyDataLength: 16384 + 1,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9516 },
9517 DefaultCurves: []CurveID{},
9518 },
9519 shouldFail: true,
9520 expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
9521 })
9522
9523 // Test that skipping early data looking for cleartext correctly
9524 // processes an alert record.
9525 testCases = append(testCases, testCase{
9526 testType: serverTest,
9527 name: "SkipEarlyData-HRR-FatalAlert",
9528 config: Config{
9529 MaxVersion: VersionTLS13,
9530 Bugs: ProtocolBugs{
Nick Harperf2511f12016-12-06 16:02:31 -0800[diff] [blame]9531 SendEarlyAlert: true,
9532 SendFakeEarlyDataLength: 4,
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]9533 },
9534 DefaultCurves: []CurveID{},
9535 },
9536 shouldFail: true,
9537 expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:",
9538 })
9539
9540 testCases = append(testCases, testCase{
9541 testType: serverTest,
9542 name: "SkipEarlyData-SecondClientHelloEarlyData",
9543 config: Config{
9544 MaxVersion: VersionTLS13,
9545 Bugs: ProtocolBugs{
9546 SendEarlyDataOnSecondClientHello: true,
9547 },
9548 DefaultCurves: []CurveID{},
9549 },
9550 shouldFail: true,
9551 expectedLocalError: "remote error: bad record MAC",
9552 })
9553
9554 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9555 testType: clientTest,
9556 name: "EmptyEncryptedExtensions",
9557 config: Config{
9558 MaxVersion: VersionTLS13,
9559 Bugs: ProtocolBugs{
9560 EmptyEncryptedExtensions: true,
9561 },
9562 },
9563 shouldFail: true,
9564 expectedLocalError: "remote error: error decoding message",
9565 })
9566
9567 testCases = append(testCases, testCase{
9568 testType: clientTest,
9569 name: "EncryptedExtensionsWithKeyShare",
9570 config: Config{
9571 MaxVersion: VersionTLS13,
9572 Bugs: ProtocolBugs{
9573 EncryptedExtensionsWithKeyShare: true,
9574 },
9575 },
9576 shouldFail: true,
9577 expectedLocalError: "remote error: unsupported extension",
9578 })
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9579
9580 testCases = append(testCases, testCase{
9581 testType: serverTest,
9582 name: "SendHelloRetryRequest",
9583 config: Config{
9584 MaxVersion: VersionTLS13,
9585 // Require a HelloRetryRequest for every curve.
9586 DefaultCurves: []CurveID{},
9587 },
9588 expectedCurveID: CurveX25519,
9589 })
9590
9591 testCases = append(testCases, testCase{
9592 testType: serverTest,
9593 name: "SendHelloRetryRequest-2",
9594 config: Config{
9595 MaxVersion: VersionTLS13,
9596 DefaultCurves: []CurveID{CurveP384},
9597 },
9598 // Although the ClientHello did not predict our preferred curve,
9599 // we always select it whether it is predicted or not.
9600 expectedCurveID: CurveX25519,
9601 })
9602
9603 testCases = append(testCases, testCase{
9604 name: "UnknownCurve-HelloRetryRequest",
9605 config: Config{
9606 MaxVersion: VersionTLS13,
9607 // P-384 requires HelloRetryRequest in BoringSSL.
9608 CurvePreferences: []CurveID{CurveP384},
9609 Bugs: ProtocolBugs{
9610 SendHelloRetryRequestCurve: bogusCurve,
9611 },
9612 },
9613 shouldFail: true,
9614 expectedError: ":WRONG_CURVE:",
9615 })
9616
9617 testCases = append(testCases, testCase{
9618 name: "DisabledCurve-HelloRetryRequest",
9619 config: Config{
9620 MaxVersion: VersionTLS13,
9621 CurvePreferences: []CurveID{CurveP256},
9622 Bugs: ProtocolBugs{
9623 IgnorePeerCurvePreferences: true,
9624 },
9625 },
9626 flags: []string{"-p384-only"},
9627 shouldFail: true,
9628 expectedError: ":WRONG_CURVE:",
9629 })
9630
9631 testCases = append(testCases, testCase{
9632 name: "UnnecessaryHelloRetryRequest",
9633 config: Config{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9634 MaxVersion: VersionTLS13,
9635 CurvePreferences: []CurveID{CurveX25519},
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9636 Bugs: ProtocolBugs{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9637 SendHelloRetryRequestCurve: CurveX25519,
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9638 },
9639 },
9640 shouldFail: true,
9641 expectedError: ":WRONG_CURVE:",
9642 })
9643
9644 testCases = append(testCases, testCase{
9645 name: "SecondHelloRetryRequest",
9646 config: Config{
9647 MaxVersion: VersionTLS13,
9648 // P-384 requires HelloRetryRequest in BoringSSL.
9649 CurvePreferences: []CurveID{CurveP384},
9650 Bugs: ProtocolBugs{
9651 SecondHelloRetryRequest: true,
9652 },
9653 },
9654 shouldFail: true,
9655 expectedError: ":UNEXPECTED_MESSAGE:",
9656 })
9657
9658 testCases = append(testCases, testCase{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9659 name: "HelloRetryRequest-Empty",
9660 config: Config{
9661 MaxVersion: VersionTLS13,
9662 Bugs: ProtocolBugs{
9663 AlwaysSendHelloRetryRequest: true,
9664 },
9665 },
9666 shouldFail: true,
9667 expectedError: ":DECODE_ERROR:",
9668 })
9669
9670 testCases = append(testCases, testCase{
9671 name: "HelloRetryRequest-DuplicateCurve",
9672 config: Config{
9673 MaxVersion: VersionTLS13,
9674 // P-384 requires a HelloRetryRequest against BoringSSL's default
9675 // configuration. Assert this ExpectMissingKeyShare.
9676 CurvePreferences: []CurveID{CurveP384},
9677 Bugs: ProtocolBugs{
9678 ExpectMissingKeyShare: true,
9679 DuplicateHelloRetryRequestExtensions: true,
9680 },
9681 },
9682 shouldFail: true,
9683 expectedError: ":DUPLICATE_EXTENSION:",
9684 expectedLocalError: "remote error: illegal parameter",
9685 })
9686
9687 testCases = append(testCases, testCase{
9688 name: "HelloRetryRequest-Cookie",
9689 config: Config{
9690 MaxVersion: VersionTLS13,
9691 Bugs: ProtocolBugs{
9692 SendHelloRetryRequestCookie: []byte("cookie"),
9693 },
9694 },
9695 })
9696
9697 testCases = append(testCases, testCase{
9698 name: "HelloRetryRequest-DuplicateCookie",
9699 config: Config{
9700 MaxVersion: VersionTLS13,
9701 Bugs: ProtocolBugs{
9702 SendHelloRetryRequestCookie: []byte("cookie"),
9703 DuplicateHelloRetryRequestExtensions: true,
9704 },
9705 },
9706 shouldFail: true,
9707 expectedError: ":DUPLICATE_EXTENSION:",
9708 expectedLocalError: "remote error: illegal parameter",
9709 })
9710
9711 testCases = append(testCases, testCase{
9712 name: "HelloRetryRequest-EmptyCookie",
9713 config: Config{
9714 MaxVersion: VersionTLS13,
9715 Bugs: ProtocolBugs{
9716 SendHelloRetryRequestCookie: []byte{},
9717 },
9718 },
9719 shouldFail: true,
9720 expectedError: ":DECODE_ERROR:",
9721 })
9722
9723 testCases = append(testCases, testCase{
9724 name: "HelloRetryRequest-Cookie-Curve",
9725 config: Config{
9726 MaxVersion: VersionTLS13,
9727 // P-384 requires HelloRetryRequest in BoringSSL.
9728 CurvePreferences: []CurveID{CurveP384},
9729 Bugs: ProtocolBugs{
9730 SendHelloRetryRequestCookie: []byte("cookie"),
9731 ExpectMissingKeyShare: true,
9732 },
9733 },
9734 })
9735
9736 testCases = append(testCases, testCase{
9737 name: "HelloRetryRequest-Unknown",
9738 config: Config{
9739 MaxVersion: VersionTLS13,
9740 Bugs: ProtocolBugs{
9741 CustomHelloRetryRequestExtension: "extension",
9742 },
9743 },
9744 shouldFail: true,
9745 expectedError: ":UNEXPECTED_EXTENSION:",
9746 expectedLocalError: "remote error: unsupported extension",
9747 })
9748
9749 testCases = append(testCases, testCase{
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9750 testType: serverTest,
9751 name: "SecondClientHelloMissingKeyShare",
9752 config: Config{
9753 MaxVersion: VersionTLS13,
9754 DefaultCurves: []CurveID{},
9755 Bugs: ProtocolBugs{
9756 SecondClientHelloMissingKeyShare: true,
9757 },
9758 },
9759 shouldFail: true,
9760 expectedError: ":MISSING_KEY_SHARE:",
9761 })
9762
9763 testCases = append(testCases, testCase{
9764 testType: serverTest,
9765 name: "SecondClientHelloWrongCurve",
9766 config: Config{
9767 MaxVersion: VersionTLS13,
9768 DefaultCurves: []CurveID{},
9769 Bugs: ProtocolBugs{
9770 MisinterpretHelloRetryRequestCurve: CurveP521,
9771 },
9772 },
9773 shouldFail: true,
9774 expectedError: ":WRONG_CURVE:",
9775 })
9776
9777 testCases = append(testCases, testCase{
9778 name: "HelloRetryRequestVersionMismatch",
9779 config: Config{
9780 MaxVersion: VersionTLS13,
9781 // P-384 requires HelloRetryRequest in BoringSSL.
9782 CurvePreferences: []CurveID{CurveP384},
9783 Bugs: ProtocolBugs{
9784 SendServerHelloVersion: 0x0305,
9785 },
9786 },
9787 shouldFail: true,
9788 expectedError: ":WRONG_VERSION_NUMBER:",
9789 })
9790
9791 testCases = append(testCases, testCase{
9792 name: "HelloRetryRequestCurveMismatch",
9793 config: Config{
9794 MaxVersion: VersionTLS13,
9795 // P-384 requires HelloRetryRequest in BoringSSL.
9796 CurvePreferences: []CurveID{CurveP384},
9797 Bugs: ProtocolBugs{
9798 // Send P-384 (correct) in the HelloRetryRequest.
9799 SendHelloRetryRequestCurve: CurveP384,
9800 // But send P-256 in the ServerHello.
9801 SendCurve: CurveP256,
9802 },
9803 },
9804 shouldFail: true,
9805 expectedError: ":WRONG_CURVE:",
9806 })
9807
9808 // Test the server selecting a curve that requires a HelloRetryRequest
9809 // without sending it.
9810 testCases = append(testCases, testCase{
9811 name: "SkipHelloRetryRequest",
9812 config: Config{
9813 MaxVersion: VersionTLS13,
9814 // P-384 requires HelloRetryRequest in BoringSSL.
9815 CurvePreferences: []CurveID{CurveP384},
9816 Bugs: ProtocolBugs{
9817 SkipHelloRetryRequest: true,
9818 },
9819 },
9820 shouldFail: true,
9821 expectedError: ":WRONG_CURVE:",
9822 })
David Benjamin8a8349b2016-08-18 02:32:23 -0400[diff] [blame]9823
9824 testCases = append(testCases, testCase{
9825 name: "TLS13-RequestContextInHandshake",
9826 config: Config{
9827 MaxVersion: VersionTLS13,
9828 MinVersion: VersionTLS13,
9829 ClientAuth: RequireAnyClientCert,
9830 Bugs: ProtocolBugs{
9831 SendRequestContext: []byte("request context"),
9832 },
9833 },
9834 flags: []string{
9835 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
9836 "-key-file", path.Join(*resourceDir, rsaKeyFile),
9837 },
9838 shouldFail: true,
9839 expectedError: ":DECODE_ERROR:",
9840 })
David Benjamin7e1f9842016-09-20 19:24:40 -0400[diff] [blame]9841
9842 testCases = append(testCases, testCase{
9843 testType: serverTest,
9844 name: "TLS13-TrailingKeyShareData",
9845 config: Config{
9846 MaxVersion: VersionTLS13,
9847 Bugs: ProtocolBugs{
9848 TrailingKeyShareData: true,
9849 },
9850 },
9851 shouldFail: true,
9852 expectedError: ":DECODE_ERROR:",
9853 })
David Benjamin7f78df42016-10-05 22:33:19 -0400[diff] [blame]9854
9855 testCases = append(testCases, testCase{
9856 name: "TLS13-AlwaysSelectPSKIdentity",
9857 config: Config{
9858 MaxVersion: VersionTLS13,
9859 Bugs: ProtocolBugs{
9860 AlwaysSelectPSKIdentity: true,
9861 },
9862 },
9863 shouldFail: true,
9864 expectedError: ":UNEXPECTED_EXTENSION:",
9865 })
9866
9867 testCases = append(testCases, testCase{
9868 name: "TLS13-InvalidPSKIdentity",
9869 config: Config{
9870 MaxVersion: VersionTLS13,
9871 Bugs: ProtocolBugs{
9872 SelectPSKIdentityOnResume: 1,
9873 },
9874 },
9875 resumeSession: true,
9876 shouldFail: true,
9877 expectedError: ":PSK_IDENTITY_NOT_FOUND:",
9878 })
David Benjamin1286bee2016-10-07 15:25:06 -0400[diff] [blame]9879
Steven Valdezaf3b8a92016-11-01 12:49:22 -0400[diff] [blame]9880 testCases = append(testCases, testCase{
9881 testType: serverTest,
9882 name: "TLS13-ExtraPSKIdentity",
9883 config: Config{
9884 MaxVersion: VersionTLS13,
9885 Bugs: ProtocolBugs{
David Benjaminaedf3032016-12-01 16:47:56 -0500[diff] [blame]9886 ExtraPSKIdentity: true,
9887 SendExtraPSKBinder: true,
Steven Valdezaf3b8a92016-11-01 12:49:22 -0400[diff] [blame]9888 },
9889 },
9890 resumeSession: true,
9891 })
9892
David Benjamin1286bee2016-10-07 15:25:06 -0400[diff] [blame]9893 // Test that unknown NewSessionTicket extensions are tolerated.
9894 testCases = append(testCases, testCase{
9895 name: "TLS13-CustomTicketExtension",
9896 config: Config{
9897 MaxVersion: VersionTLS13,
9898 Bugs: ProtocolBugs{
9899 CustomTicketExtension: "1234",
9900 },
9901 },
9902 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9903}
9904
David Benjaminabbbee12016-10-31 19:20:42 -0400[diff] [blame]9905func addTLS13CipherPreferenceTests() {
9906 // Test that client preference is honored if the shim has AES hardware
9907 // and ChaCha20-Poly1305 is preferred otherwise.
9908 testCases = append(testCases, testCase{
9909 testType: serverTest,
9910 name: "TLS13-CipherPreference-Server-ChaCha20-AES",
9911 config: Config{
9912 MaxVersion: VersionTLS13,
9913 CipherSuites: []uint16{
9914 TLS_CHACHA20_POLY1305_SHA256,
9915 TLS_AES_128_GCM_SHA256,
9916 },
9917 },
9918 flags: []string{
9919 "-expect-cipher-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9920 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9921 },
9922 })
9923
9924 testCases = append(testCases, testCase{
9925 testType: serverTest,
9926 name: "TLS13-CipherPreference-Server-AES-ChaCha20",
9927 config: Config{
9928 MaxVersion: VersionTLS13,
9929 CipherSuites: []uint16{
9930 TLS_AES_128_GCM_SHA256,
9931 TLS_CHACHA20_POLY1305_SHA256,
9932 },
9933 },
9934 flags: []string{
9935 "-expect-cipher-aes", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)),
9936 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9937 },
9938 })
9939
9940 // Test that the client orders ChaCha20-Poly1305 and AES-GCM based on
9941 // whether it has AES hardware.
9942 testCases = append(testCases, testCase{
9943 name: "TLS13-CipherPreference-Client",
9944 config: Config{
9945 MaxVersion: VersionTLS13,
9946 // Use the client cipher order. (This is the default but
9947 // is listed to be explicit.)
9948 PreferServerCipherSuites: false,
9949 },
9950 flags: []string{
9951 "-expect-cipher-aes", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)),
9952 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9953 },
9954 })
9955}
9956
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9957func addPeekTests() {
9958 // Test SSL_peek works, including on empty records.
9959 testCases = append(testCases, testCase{
9960 name: "Peek-Basic",
9961 sendEmptyRecords: 1,
9962 flags: []string{"-peek-then-read"},
9963 })
9964
9965 // Test SSL_peek can drive the initial handshake.
9966 testCases = append(testCases, testCase{
9967 name: "Peek-ImplicitHandshake",
9968 flags: []string{
9969 "-peek-then-read",
9970 "-implicit-handshake",
9971 },
9972 })
9973
9974 // Test SSL_peek can discover and drive a renegotiation.
9975 testCases = append(testCases, testCase{
9976 name: "Peek-Renegotiate",
9977 config: Config{
9978 MaxVersion: VersionTLS12,
9979 },
9980 renegotiate: 1,
9981 flags: []string{
9982 "-peek-then-read",
9983 "-renegotiate-freely",
9984 "-expect-total-renegotiations", "1",
9985 },
9986 })
9987
9988 // Test SSL_peek can discover a close_notify.
9989 testCases = append(testCases, testCase{
9990 name: "Peek-Shutdown",
9991 config: Config{
9992 Bugs: ProtocolBugs{
9993 ExpectCloseNotify: true,
9994 },
9995 },
9996 flags: []string{
9997 "-peek-then-read",
9998 "-check-close-notify",
9999 },
10000 })
10001
10002 // Test SSL_peek can discover an alert.
10003 testCases = append(testCases, testCase{
10004 name: "Peek-Alert",
10005 config: Config{
10006 Bugs: ProtocolBugs{
10007 SendSpuriousAlert: alertRecordOverflow,
10008 },
10009 },
10010 flags: []string{"-peek-then-read"},
10011 shouldFail: true,
10012 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
10013 })
10014
10015 // Test SSL_peek can handle KeyUpdate.
10016 testCases = append(testCases, testCase{
10017 name: "Peek-KeyUpdate",
10018 config: Config{
10019 MaxVersion: VersionTLS13,
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]10020 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]10021 sendKeyUpdates: 1,
10022 keyUpdateRequest: keyUpdateNotRequested,
10023 flags: []string{"-peek-then-read"},
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]10024 })
10025}
10026
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]10027func addRecordVersionTests() {
10028 for _, ver := range tlsVersions {
10029 // Test that the record version is enforced.
10030 testCases = append(testCases, testCase{
10031 name: "CheckRecordVersion-" + ver.name,
10032 config: Config{
10033 MinVersion: ver.version,
10034 MaxVersion: ver.version,
10035 Bugs: ProtocolBugs{
10036 SendRecordVersion: 0x03ff,
10037 },
10038 },
10039 shouldFail: true,
10040 expectedError: ":WRONG_VERSION_NUMBER:",
10041 })
10042
10043 // Test that the ClientHello may use any record version, for
10044 // compatibility reasons.
10045 testCases = append(testCases, testCase{
10046 testType: serverTest,
10047 name: "LooseInitialRecordVersion-" + ver.name,
10048 config: Config{
10049 MinVersion: ver.version,
10050 MaxVersion: ver.version,
10051 Bugs: ProtocolBugs{
10052 SendInitialRecordVersion: 0x03ff,
10053 },
10054 },
10055 })
10056
10057 // Test that garbage ClientHello record versions are rejected.
10058 testCases = append(testCases, testCase{
10059 testType: serverTest,
10060 name: "GarbageInitialRecordVersion-" + ver.name,
10061 config: Config{
10062 MinVersion: ver.version,
10063 MaxVersion: ver.version,
10064 Bugs: ProtocolBugs{
10065 SendInitialRecordVersion: 0xffff,
10066 },
10067 },
10068 shouldFail: true,
10069 expectedError: ":WRONG_VERSION_NUMBER:",
10070 })
10071 }
10072}
10073
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]10074func addCertificateTests() {
10075 // Test that a certificate chain with intermediate may be sent and
10076 // received as both client and server.
10077 for _, ver := range tlsVersions {
10078 testCases = append(testCases, testCase{
10079 testType: clientTest,
10080 name: "SendReceiveIntermediate-Client-" + ver.name,
10081 config: Config{
Adam Langleycd6cfb02016-12-06 15:11:00 -0800[diff] [blame]10082 MinVersion: ver.version,
10083 MaxVersion: ver.version,
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]10084 Certificates: []Certificate{rsaChainCertificate},
10085 ClientAuth: RequireAnyClientCert,
10086 },
10087 expectPeerCertificate: &rsaChainCertificate,
10088 flags: []string{
10089 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
10090 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
10091 "-expect-peer-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
10092 },
10093 })
10094
10095 testCases = append(testCases, testCase{
10096 testType: serverTest,
10097 name: "SendReceiveIntermediate-Server-" + ver.name,
10098 config: Config{
Adam Langleycd6cfb02016-12-06 15:11:00 -0800[diff] [blame]10099 MinVersion: ver.version,
10100 MaxVersion: ver.version,
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]10101 Certificates: []Certificate{rsaChainCertificate},
10102 },
10103 expectPeerCertificate: &rsaChainCertificate,
10104 flags: []string{
10105 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
10106 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
10107 "-require-any-client-certificate",
10108 "-expect-peer-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
10109 },
10110 })
10111 }
10112}
10113
David Benjaminbbaf3672016-11-17 10:53:09 +0900[diff] [blame]10114func addRetainOnlySHA256ClientCertTests() {
10115 for _, ver := range tlsVersions {
10116 // Test that enabling
10117 // SSL_CTX_set_retain_only_sha256_of_client_certs without
10118 // actually requesting a client certificate is a no-op.
10119 testCases = append(testCases, testCase{
10120 testType: serverTest,
10121 name: "RetainOnlySHA256-NoCert-" + ver.name,
10122 config: Config{
10123 MinVersion: ver.version,
10124 MaxVersion: ver.version,
10125 },
10126 flags: []string{
10127 "-retain-only-sha256-client-cert-initial",
10128 "-retain-only-sha256-client-cert-resume",
10129 },
10130 resumeSession: true,
10131 })
10132
10133 // Test that when retaining only a SHA-256 certificate is
10134 // enabled, the hash appears as expected.
10135 testCases = append(testCases, testCase{
10136 testType: serverTest,
10137 name: "RetainOnlySHA256-Cert-" + ver.name,
10138 config: Config{
10139 MinVersion: ver.version,
10140 MaxVersion: ver.version,
10141 Certificates: []Certificate{rsaCertificate},
10142 },
10143 flags: []string{
10144 "-verify-peer",
10145 "-retain-only-sha256-client-cert-initial",
10146 "-retain-only-sha256-client-cert-resume",
10147 "-expect-sha256-client-cert-initial",
10148 "-expect-sha256-client-cert-resume",
10149 },
10150 resumeSession: true,
10151 })
10152
10153 // Test that when the config changes from on to off, a
10154 // resumption is rejected because the server now wants the full
10155 // certificate chain.
10156 testCases = append(testCases, testCase{
10157 testType: serverTest,
10158 name: "RetainOnlySHA256-OnOff-" + ver.name,
10159 config: Config{
10160 MinVersion: ver.version,
10161 MaxVersion: ver.version,
10162 Certificates: []Certificate{rsaCertificate},
10163 },
10164 flags: []string{
10165 "-verify-peer",
10166 "-retain-only-sha256-client-cert-initial",
10167 "-expect-sha256-client-cert-initial",
10168 },
10169 resumeSession: true,
10170 expectResumeRejected: true,
10171 })
10172
10173 // Test that when the config changes from off to on, a
10174 // resumption is rejected because the server now wants just the
10175 // hash.
10176 testCases = append(testCases, testCase{
10177 testType: serverTest,
10178 name: "RetainOnlySHA256-OffOn-" + ver.name,
10179 config: Config{
10180 MinVersion: ver.version,
10181 MaxVersion: ver.version,
10182 Certificates: []Certificate{rsaCertificate},
10183 },
10184 flags: []string{
10185 "-verify-peer",
10186 "-retain-only-sha256-client-cert-resume",
10187 "-expect-sha256-client-cert-resume",
10188 },
10189 resumeSession: true,
10190 expectResumeRejected: true,
10191 })
10192 }
10193}
10194
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]10195func addECDSAKeyUsageTests() {
10196 p256 := elliptic.P256()
10197 priv, err := ecdsa.GenerateKey(p256, rand.Reader)
10198 if err != nil {
10199 panic(err)
10200 }
10201
10202 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
10203 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
10204 if err != nil {
10205 panic(err)
10206 }
10207
10208 template := x509.Certificate{
10209 SerialNumber: serialNumber,
10210 Subject: pkix.Name{
10211 Organization: []string{"Acme Co"},
10212 },
10213 NotBefore: time.Now(),
10214 NotAfter: time.Now(),
10215
10216 // An ECC certificate with only the keyAgreement key usgae may
10217 // be used with ECDH, but not ECDSA.
10218 KeyUsage: x509.KeyUsageKeyAgreement,
10219 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
10220 BasicConstraintsValid: true,
10221 }
10222
10223 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
10224 if err != nil {
10225 panic(err)
10226 }
10227
10228 cert := Certificate{
10229 Certificate: [][]byte{derBytes},
10230 PrivateKey: priv,
10231 }
10232
10233 for _, ver := range tlsVersions {
10234 if ver.version < VersionTLS12 {
10235 continue
10236 }
10237
10238 testCases = append(testCases, testCase{
10239 testType: clientTest,
10240 name: "ECDSAKeyUsage-" + ver.name,
10241 config: Config{
10242 MinVersion: ver.version,
10243 MaxVersion: ver.version,
10244 Certificates: []Certificate{cert},
10245 },
10246 shouldFail: true,
10247 expectedError: ":ECC_CERT_NOT_FOR_SIGNING:",
10248 })
10249 }
10250}
10251
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]10252func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10253 defer wg.Done()
10254
10255 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]10256 var err error
10257
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]10258 if *mallocTest >= 0 {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]10259 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
10260 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]10261 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]10262 if err != nil {
10263 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
10264 }
10265 break
10266 }
10267 }
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]10268 } else if *repeatUntilFailure {
10269 for err == nil {
10270 statusChan <- statusMsg{test: test, started: true}
10271 err = runTest(test, shimPath, -1)
10272 }
10273 } else {
10274 statusChan <- statusMsg{test: test, started: true}
10275 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]10276 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10277 statusChan <- statusMsg{test: test, err: err}
10278 }
10279}
10280
10281type statusMsg struct {
10282 test *testCase
10283 started bool
10284 err error
10285}
10286
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10287func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]10288 var started, done, failed, unimplemented, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10289
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10290 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10291 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10292 if !*pipe {
10293 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]10294 var erase string
10295 for i := 0; i < lineLen; i++ {
10296 erase += "\b \b"
10297 }
10298 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10299 }
10300
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10301 if msg.started {
10302 started++
10303 } else {
10304 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10305
10306 if msg.err != nil {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]10307 if msg.err == errUnimplemented {
10308 if *pipe {
10309 // Print each test instead of a status line.
10310 fmt.Printf("UNIMPLEMENTED (%s)\n", msg.test.name)
10311 }
10312 unimplemented++
10313 testOutput.addResult(msg.test.name, "UNIMPLEMENTED")
10314 } else {
10315 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
10316 failed++
10317 testOutput.addResult(msg.test.name, "FAIL")
10318 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10319 } else {
10320 if *pipe {
10321 // Print each test instead of a status line.
10322 fmt.Printf("PASSED (%s)\n", msg.test.name)
10323 }
10324 testOutput.addResult(msg.test.name, "PASS")
10325 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10326 }
10327
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10328 if !*pipe {
10329 // Print a new status line.
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]10330 line := fmt.Sprintf("%d/%d/%d/%d/%d", failed, unimplemented, done, started, total)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10331 lineLen = len(line)
10332 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10333 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10334 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10335
10336 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10337}
10338
10339func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10340 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]10341 *resourceDir = path.Clean(*resourceDir)
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]10342 initCertificates()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10343
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]10344 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10345 addCipherSuiteTests()
10346 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]10347 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]10348 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]10349 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]10350 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]10351 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]10352 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]10353 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]10354 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]10355 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]10356 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]10357 addDTLSReplayTests()
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]10358 addSignatureAlgorithmTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]10359 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]10360 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]10361 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]10362 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]10363 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]10364 addCurveTests()
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]10365 addSessionTicketTests()
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]10366 addTLS13RecordTests()
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]10367 addAllStateMachineCoverageTests()
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]10368 addChangeCipherSpecTests()
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]10369 addWrongMessageTypeTests()
David Benjamin639846e2016-09-09 11:41:18 -0400[diff] [blame]10370 addTrailingMessageDataTests()
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]10371 addTLS13HandshakeTests()
David Benjaminabbbee12016-10-31 19:20:42 -0400[diff] [blame]10372 addTLS13CipherPreferenceTests()
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]10373 addPeekTests()
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]10374 addRecordVersionTests()
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]10375 addCertificateTests()
David Benjaminbbaf3672016-11-17 10:53:09 +0900[diff] [blame]10376 addRetainOnlySHA256ClientCertTests()
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]10377 addECDSAKeyUsageTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10378
10379 var wg sync.WaitGroup
10380
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]10381 statusChan := make(chan statusMsg, *numWorkers)
10382 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10383 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10384
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]10385 if len(*shimConfigFile) != 0 {
10386 encoded, err := ioutil.ReadFile(*shimConfigFile)
10387 if err != nil {
10388 fmt.Fprintf(os.Stderr, "Couldn't read config file %q: %s\n", *shimConfigFile, err)
10389 os.Exit(1)
10390 }
10391
10392 if err := json.Unmarshal(encoded, &shimConfig); err != nil {
10393 fmt.Fprintf(os.Stderr, "Couldn't decode config file %q: %s\n", *shimConfigFile, err)
10394 os.Exit(1)
10395 }
10396 }
10397
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]10398 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10399
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]10400 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10401 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]10402 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10403 }
10404
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]10405 var foundTest bool
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]10406 for i := range testCases {
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]10407 matched := true
10408 if len(*testToRun) != 0 {
10409 var err error
10410 matched, err = filepath.Match(*testToRun, testCases[i].name)
10411 if err != nil {
10412 fmt.Fprintf(os.Stderr, "Error matching pattern: %s\n", err)
10413 os.Exit(1)
10414 }
10415 }
10416
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]10417 if !*includeDisabled {
10418 for pattern := range shimConfig.DisabledTests {
10419 isDisabled, err := filepath.Match(pattern, testCases[i].name)
10420 if err != nil {
10421 fmt.Fprintf(os.Stderr, "Error matching pattern %q from config file: %s\n", pattern, err)
10422 os.Exit(1)
10423 }
10424
10425 if isDisabled {
10426 matched = false
10427 break
10428 }
10429 }
10430 }
10431
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]10432 if matched {
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]10433 foundTest = true
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]10434 testChan <- &testCases[i]
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]10435
10436 // Only run one test if repeating until failure.
10437 if *repeatUntilFailure {
10438 break
10439 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10440 }
10441 }
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]10442
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]10443 if !foundTest {
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]10444 fmt.Fprintf(os.Stderr, "No tests run\n")
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]10445 os.Exit(1)
10446 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10447
10448 close(testChan)
10449 wg.Wait()
10450 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10451 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10452
10453 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]10454
10455 if *jsonOutput != "" {
10456 if err := testOutput.writeTo(*jsonOutput); err != nil {
10457 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
10458 }
10459 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]10460
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]10461 if !*allowUnimplemented && testOutput.NumFailuresByType["UNIMPLEMENTED"] > 0 {
10462 os.Exit(1)
10463 }
10464
10465 if !testOutput.noneFailed {
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]10466 os.Exit(1)
10467 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10468}