Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 4c3ddf7ec0b653e959bcdac8f3ce882501b9cc54 / . / ssl / test / runner / runner.go
blob: be88af6e32708edfb0f743641547ad642fe16b04 [file] [log] [blame]
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]1// Copyright (c) 2016, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]15package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]16
17import (
18 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]19 "crypto/ecdsa"
20 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]21 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]22 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]23 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]24 "flag"
25 "fmt"
26 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]27 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]28 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]29 "net"
30 "os"
31 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]32 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]33 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]34 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]35 "strings"
36 "sync"
37 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]38 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]39)
40
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]41var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]42 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
43 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]44 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]45 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
46 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
47 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
48 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
49 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]50 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
51 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
52 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
53 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]54 fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]55 transcriptDir = flag.String("transcript-dir", "", "The directory in which to write transcripts.")
David Benjamin01784b42016-06-07 18:00:52 -0400[diff] [blame]56 idleTimeout = flag.Duration("idle-timeout", 15*time.Second, "The number of seconds to wait for a read or write to bssl_shim.")
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]57 deterministic = flag.Bool("deterministic", false, "If true, uses a deterministic PRNG in the runner.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]58)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]59
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]60const (
61 rsaCertificateFile = "cert.pem"
62 ecdsaCertificateFile = "ecdsa_cert.pem"
63)
64
65const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]66 rsaKeyFile = "key.pem"
67 ecdsaKeyFile = "ecdsa_key.pem"
68 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]69)
70
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]71var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]72var channelIDKey *ecdsa.PrivateKey
73var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]74
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]75var testOCSPResponse = []byte{1, 2, 3, 4}
76var testSCTList = []byte{5, 6, 7, 8}
77
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]78func initCertificates() {
79 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]80 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]81 if err != nil {
82 panic(err)
83 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]84 rsaCertificate.OCSPStaple = testOCSPResponse
85 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]86
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]87 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]88 if err != nil {
89 panic(err)
90 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]91 ecdsaCertificate.OCSPStaple = testOCSPResponse
92 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]93
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]94 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]95 if err != nil {
96 panic(err)
97 }
98 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
99 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
100 panic("bad key type")
101 }
102 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
103 if err != nil {
104 panic(err)
105 }
106 if channelIDKey.Curve != elliptic.P256() {
107 panic("bad curve")
108 }
109
110 channelIDBytes = make([]byte, 64)
111 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
112 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]113}
114
115var certificateOnce sync.Once
116
117func getRSACertificate() Certificate {
118 certificateOnce.Do(initCertificates)
119 return rsaCertificate
120}
121
122func getECDSACertificate() Certificate {
123 certificateOnce.Do(initCertificates)
124 return ecdsaCertificate
125}
126
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]127type testType int
128
129const (
130 clientTest testType = iota
131 serverTest
132)
133
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]134type protocol int
135
136const (
137 tls protocol = iota
138 dtls
139)
140
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]141const (
142 alpn = 1
143 npn = 2
144)
145
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]146type testCert int
147
148const (
149 testCertRSA testCert = iota
150 testCertECDSA
151)
152
153func getRunnerCertificate(t testCert) Certificate {
154 switch t {
155 case testCertRSA:
156 return getRSACertificate()
157 case testCertECDSA:
158 return getECDSACertificate()
159 default:
160 panic("Unknown test certificate")
161 }
162}
163
164func getShimCertificate(t testCert) string {
165 switch t {
166 case testCertRSA:
167 return rsaCertificateFile
168 case testCertECDSA:
169 return ecdsaCertificateFile
170 default:
171 panic("Unknown test certificate")
172 }
173}
174
175func getShimKey(t testCert) string {
176 switch t {
177 case testCertRSA:
178 return rsaKeyFile
179 case testCertECDSA:
180 return ecdsaKeyFile
181 default:
182 panic("Unknown test certificate")
183 }
184}
185
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]186type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]187 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]188 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]189 name string
190 config Config
191 shouldFail bool
192 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]193 // expectedLocalError, if not empty, contains a substring that must be
194 // found in the local error.
195 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]196 // expectedVersion, if non-zero, specifies the TLS version that must be
197 // negotiated.
198 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]199 // expectedResumeVersion, if non-zero, specifies the TLS version that
200 // must be negotiated on resumption. If zero, expectedVersion is used.
201 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]202 // expectedCipher, if non-zero, specifies the TLS cipher suite that
203 // should be negotiated.
204 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]205 // expectChannelID controls whether the connection should have
206 // negotiated a Channel ID with channelIDKey.
207 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]208 // expectedNextProto controls whether the connection should
209 // negotiate a next protocol via NPN or ALPN.
210 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]211 // expectNoNextProto, if true, means that no next protocol should be
212 // negotiated.
213 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]214 // expectedNextProtoType, if non-zero, is the expected next
215 // protocol negotiation mechanism.
216 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]217 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
218 // should be negotiated. If zero, none should be negotiated.
219 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]220 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
221 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]222 // expectedSCTList, if not nil, is the expected SCT list to be received.
223 expectedSCTList []uint8
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]224 // expectedPeerSignatureAlgorithm, if not zero, is the signature
225 // algorithm that the peer should have used in the handshake.
226 expectedPeerSignatureAlgorithm signatureAlgorithm
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]227 // messageLen is the length, in bytes, of the test message that will be
228 // sent.
229 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]230 // messageCount is the number of test messages that will be sent.
231 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]232 // digestPrefs is the list of digest preferences from the client.
233 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]234 // certFile is the path to the certificate to use for the server.
235 certFile string
236 // keyFile is the path to the private key to use for the server.
237 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]238 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]239 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]240 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]241 // expectResumeRejected, if true, specifies that the attempted
242 // resumption must be rejected by the client. This is only valid for a
243 // serverTest.
244 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]245 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]246 // resumption. Unless newSessionsOnResume is set,
247 // SessionTicketKey, ServerSessionCache, and
248 // ClientSessionCache are copied from the initial connection's
249 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]250 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]251 // newSessionsOnResume, if true, will cause resumeConfig to
252 // use a different session resumption context.
253 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]254 // noSessionCache, if true, will cause the server to run without a
255 // session cache.
256 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]257 // sendPrefix sends a prefix on the socket before actually performing a
258 // handshake.
259 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]260 // shimWritesFirst controls whether the shim sends an initial "hello"
261 // message before doing a roundtrip with the runner.
262 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]263 // shimShutsDown, if true, runs a test where the shim shuts down the
264 // connection immediately after the handshake rather than echoing
265 // messages from the runner.
266 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]267 // renegotiate indicates the number of times the connection should be
268 // renegotiated during the exchange.
269 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]270 // renegotiateCiphers is a list of ciphersuite ids that will be
271 // switched in just before renegotiation.
272 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]273 // replayWrites, if true, configures the underlying transport
274 // to replay every write it makes in DTLS tests.
275 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]276 // damageFirstWrite, if true, configures the underlying transport to
277 // damage the final byte of the first application data write.
278 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]279 // exportKeyingMaterial, if non-zero, configures the test to exchange
280 // keying material and verify they match.
281 exportKeyingMaterial int
282 exportLabel string
283 exportContext string
284 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]285 // flags, if not empty, contains a list of command-line flags that will
286 // be passed to the shim program.
287 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]288 // testTLSUnique, if true, causes the shim to send the tls-unique value
289 // which will be compared against the expected value.
290 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]291 // sendEmptyRecords is the number of consecutive empty records to send
292 // before and after the test message.
293 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]294 // sendWarningAlerts is the number of consecutive warning alerts to send
295 // before and after the test message.
296 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]297 // expectMessageDropped, if true, means the test message is expected to
298 // be dropped by the client rather than echoed back.
299 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]300}
301
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]302var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]303
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]304func writeTranscript(test *testCase, isResume bool, data []byte) {
305 if len(data) == 0 {
306 return
307 }
308
309 protocol := "tls"
310 if test.protocol == dtls {
311 protocol = "dtls"
312 }
313
314 side := "client"
315 if test.testType == serverTest {
316 side = "server"
317 }
318
319 dir := path.Join(*transcriptDir, protocol, side)
320 if err := os.MkdirAll(dir, 0755); err != nil {
321 fmt.Fprintf(os.Stderr, "Error making %s: %s\n", dir, err)
322 return
323 }
324
325 name := test.name
326 if isResume {
327 name += "-Resume"
328 } else {
329 name += "-Normal"
330 }
331
332 if err := ioutil.WriteFile(path.Join(dir, name), data, 0644); err != nil {
333 fmt.Fprintf(os.Stderr, "Error writing %s: %s\n", name, err)
334 }
335}
336
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]337// A timeoutConn implements an idle timeout on each Read and Write operation.
338type timeoutConn struct {
339 net.Conn
340 timeout time.Duration
341}
342
343func (t *timeoutConn) Read(b []byte) (int, error) {
344 if err := t.SetReadDeadline(time.Now().Add(t.timeout)); err != nil {
345 return 0, err
346 }
347 return t.Conn.Read(b)
348}
349
350func (t *timeoutConn) Write(b []byte) (int, error) {
351 if err := t.SetWriteDeadline(time.Now().Add(t.timeout)); err != nil {
352 return 0, err
353 }
354 return t.Conn.Write(b)
355}
356
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]357func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin01784b42016-06-07 18:00:52 -0400[diff] [blame]358 conn = &timeoutConn{conn, *idleTimeout}
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]359
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]360 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]361 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
362 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]363 }
364
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]365 if *flagDebug || len(*transcriptDir) != 0 {
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]366 local, peer := "client", "server"
367 if test.testType == clientTest {
368 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]369 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]370 connDebug := &recordingConn{
371 Conn: conn,
372 isDatagram: test.protocol == dtls,
373 local: local,
374 peer: peer,
375 }
376 conn = connDebug
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]377 if *flagDebug {
378 defer connDebug.WriteTo(os.Stdout)
379 }
380 if len(*transcriptDir) != 0 {
381 defer func() {
382 writeTranscript(test, isResume, connDebug.Transcript())
383 }()
384 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]385
386 if config.Bugs.PacketAdaptor != nil {
387 config.Bugs.PacketAdaptor.debug = connDebug
388 }
389 }
390
391 if test.replayWrites {
392 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]393 }
394
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]395 var connDamage *damageAdaptor
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]396 if test.damageFirstWrite {
397 connDamage = newDamageAdaptor(conn)
398 conn = connDamage
399 }
400
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]401 if test.sendPrefix != "" {
402 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
403 return err
404 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]405 }
406
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]407 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]408 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]409 if test.protocol == dtls {
410 tlsConn = DTLSServer(conn, config)
411 } else {
412 tlsConn = Server(conn, config)
413 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]414 } else {
415 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]416 if test.protocol == dtls {
417 tlsConn = DTLSClient(conn, config)
418 } else {
419 tlsConn = Client(conn, config)
420 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]421 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]422 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]423
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]424 if err := tlsConn.Handshake(); err != nil {
425 return err
426 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]427
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]428 // TODO(davidben): move all per-connection expectations into a dedicated
429 // expectations struct that can be specified separately for the two
430 // legs.
431 expectedVersion := test.expectedVersion
432 if isResume && test.expectedResumeVersion != 0 {
433 expectedVersion = test.expectedResumeVersion
434 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]435 connState := tlsConn.ConnectionState()
436 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]437 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]438 }
439
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]440 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]441 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
442 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]443 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
444 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
445 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]446
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]447 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]448 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]449 if channelID == nil {
450 return fmt.Errorf("no channel ID negotiated")
451 }
452 if channelID.Curve != channelIDKey.Curve ||
453 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
454 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
455 return fmt.Errorf("incorrect channel ID")
456 }
457 }
458
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]459 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]460 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]461 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
462 }
463 }
464
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]465 if test.expectNoNextProto {
466 if actual := connState.NegotiatedProtocol; actual != "" {
467 return fmt.Errorf("got unexpected next proto %s", actual)
468 }
469 }
470
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]471 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]472 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]473 return fmt.Errorf("next proto type mismatch")
474 }
475 }
476
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]477 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]478 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
479 }
480
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]481 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
482 return fmt.Errorf("OCSP Response mismatch")
483 }
484
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]485 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
486 return fmt.Errorf("SCT list mismatch")
487 }
488
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]489 if expected := test.expectedPeerSignatureAlgorithm; expected != 0 && expected != connState.PeerSignatureAlgorithm {
490 return fmt.Errorf("expected peer to use signature algorithm %04x, but got %04x", expected, connState.PeerSignatureAlgorithm)
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]491 }
492
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]493 if test.exportKeyingMaterial > 0 {
494 actual := make([]byte, test.exportKeyingMaterial)
495 if _, err := io.ReadFull(tlsConn, actual); err != nil {
496 return err
497 }
498 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
499 if err != nil {
500 return err
501 }
502 if !bytes.Equal(actual, expected) {
503 return fmt.Errorf("keying material mismatch")
504 }
505 }
506
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]507 if test.testTLSUnique {
508 var peersValue [12]byte
509 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
510 return err
511 }
512 expected := tlsConn.ConnectionState().TLSUnique
513 if !bytes.Equal(peersValue[:], expected) {
514 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
515 }
516 }
517
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]518 if test.shimWritesFirst {
519 var buf [5]byte
520 _, err := io.ReadFull(tlsConn, buf[:])
521 if err != nil {
522 return err
523 }
524 if string(buf[:]) != "hello" {
525 return fmt.Errorf("bad initial message")
526 }
527 }
528
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]529 for i := 0; i < test.sendEmptyRecords; i++ {
530 tlsConn.Write(nil)
531 }
532
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]533 for i := 0; i < test.sendWarningAlerts; i++ {
534 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
535 }
536
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]537 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]538 if test.renegotiateCiphers != nil {
539 config.CipherSuites = test.renegotiateCiphers
540 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]541 for i := 0; i < test.renegotiate; i++ {
542 if err := tlsConn.Renegotiate(); err != nil {
543 return err
544 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]545 }
546 } else if test.renegotiateCiphers != nil {
547 panic("renegotiateCiphers without renegotiate")
548 }
549
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]550 if test.damageFirstWrite {
551 connDamage.setDamage(true)
552 tlsConn.Write([]byte("DAMAGED WRITE"))
553 connDamage.setDamage(false)
554 }
555
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]556 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]557 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]558 if test.protocol == dtls {
559 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
560 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]561 // Read until EOF.
562 _, err := io.Copy(ioutil.Discard, tlsConn)
563 return err
564 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]565 if messageLen == 0 {
566 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]567 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]568
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]569 messageCount := test.messageCount
570 if messageCount == 0 {
571 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]572 }
573
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]574 for j := 0; j < messageCount; j++ {
575 testMessage := make([]byte, messageLen)
576 for i := range testMessage {
577 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]578 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]579 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]580
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]581 for i := 0; i < test.sendEmptyRecords; i++ {
582 tlsConn.Write(nil)
583 }
584
585 for i := 0; i < test.sendWarningAlerts; i++ {
586 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
587 }
588
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]589 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]590 // The shim will not respond.
591 continue
592 }
593
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]594 buf := make([]byte, len(testMessage))
595 if test.protocol == dtls {
596 bufTmp := make([]byte, len(buf)+1)
597 n, err := tlsConn.Read(bufTmp)
598 if err != nil {
599 return err
600 }
601 if n != len(buf) {
602 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
603 }
604 copy(buf, bufTmp)
605 } else {
606 _, err := io.ReadFull(tlsConn, buf)
607 if err != nil {
608 return err
609 }
610 }
611
612 for i, v := range buf {
613 if v != testMessage[i]^0xff {
614 return fmt.Errorf("bad reply contents at byte %d", i)
615 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]616 }
617 }
618
619 return nil
620}
621
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]622func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
623 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]624 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]625 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]626 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]627 valgrindArgs = append(valgrindArgs, path)
628 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]629
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]630 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]631}
632
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]633func gdbOf(path string, args ...string) *exec.Cmd {
634 xtermArgs := []string{"-e", "gdb", "--args"}
635 xtermArgs = append(xtermArgs, path)
636 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]637
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]638 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]639}
640
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]641func lldbOf(path string, args ...string) *exec.Cmd {
642 xtermArgs := []string{"-e", "lldb", "--"}
643 xtermArgs = append(xtermArgs, path)
644 xtermArgs = append(xtermArgs, args...)
645
646 return exec.Command("xterm", xtermArgs...)
647}
648
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]649type moreMallocsError struct{}
650
651func (moreMallocsError) Error() string {
652 return "child process did not exhaust all allocation calls"
653}
654
655var errMoreMallocs = moreMallocsError{}
656
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]657// accept accepts a connection from listener, unless waitChan signals a process
658// exit first.
659func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
660 type connOrError struct {
661 conn net.Conn
662 err error
663 }
664 connChan := make(chan connOrError, 1)
665 go func() {
666 conn, err := listener.Accept()
667 connChan <- connOrError{conn, err}
668 close(connChan)
669 }()
670 select {
671 case result := <-connChan:
672 return result.conn, result.err
673 case childErr := <-waitChan:
674 waitChan <- childErr
675 return nil, fmt.Errorf("child exited early: %s", childErr)
676 }
677}
678
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]679func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]680 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
681 panic("Error expected without shouldFail in " + test.name)
682 }
683
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]684 if test.expectResumeRejected && !test.resumeSession {
685 panic("expectResumeRejected without resumeSession in " + test.name)
686 }
687
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]688 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
689 if err != nil {
690 panic(err)
691 }
692 defer func() {
693 if listener != nil {
694 listener.Close()
695 }
696 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]697
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]698 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]699 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]700 flags = append(flags, "-server")
701
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]702 flags = append(flags, "-key-file")
703 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]704 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]705 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]706 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]707 }
708
709 flags = append(flags, "-cert-file")
710 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]711 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]712 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]713 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]714 }
715 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]716
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]717 if test.digestPrefs != "" {
718 flags = append(flags, "-digest-prefs")
719 flags = append(flags, test.digestPrefs)
720 }
721
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]722 if test.protocol == dtls {
723 flags = append(flags, "-dtls")
724 }
725
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]726 if test.resumeSession {
727 flags = append(flags, "-resume")
728 }
729
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]730 if test.shimWritesFirst {
731 flags = append(flags, "-shim-writes-first")
732 }
733
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]734 if test.shimShutsDown {
735 flags = append(flags, "-shim-shuts-down")
736 }
737
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]738 if test.exportKeyingMaterial > 0 {
739 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
740 flags = append(flags, "-export-label", test.exportLabel)
741 flags = append(flags, "-export-context", test.exportContext)
742 if test.useExportContext {
743 flags = append(flags, "-use-export-context")
744 }
745 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]746 if test.expectResumeRejected {
747 flags = append(flags, "-expect-session-miss")
748 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]749
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]750 if test.testTLSUnique {
751 flags = append(flags, "-tls-unique")
752 }
753
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]754 flags = append(flags, test.flags...)
755
756 var shim *exec.Cmd
757 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]758 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]759 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]760 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]761 } else if *useLLDB {
762 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]763 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]764 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]765 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]766 shim.Stdin = os.Stdin
767 var stdoutBuf, stderrBuf bytes.Buffer
768 shim.Stdout = &stdoutBuf
769 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]770 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]771 shim.Env = os.Environ()
772 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]773 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]774 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]775 }
776 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
777 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]778
779 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]780 panic(err)
781 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]782 waitChan := make(chan error, 1)
783 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]784
785 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]786 if !test.noSessionCache {
787 config.ClientSessionCache = NewLRUClientSessionCache(1)
788 config.ServerSessionCache = NewLRUServerSessionCache(1)
789 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]790 if test.testType == clientTest {
791 if len(config.Certificates) == 0 {
792 config.Certificates = []Certificate{getRSACertificate()}
793 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]794 } else {
795 // Supply a ServerName to ensure a constant session cache key,
796 // rather than falling back to net.Conn.RemoteAddr.
797 if len(config.ServerName) == 0 {
798 config.ServerName = "test"
799 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]800 }
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]801 if *fuzzer {
802 config.Bugs.NullAllCiphers = true
803 }
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]804 if *deterministic {
805 config.Rand = &deterministicRand{}
806 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]807
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]808 conn, err := acceptOrWait(listener, waitChan)
809 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]810 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]811 conn.Close()
812 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]813
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]814 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]815 var resumeConfig Config
816 if test.resumeConfig != nil {
817 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]818 if len(resumeConfig.ServerName) == 0 {
819 resumeConfig.ServerName = config.ServerName
820 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]821 if len(resumeConfig.Certificates) == 0 {
822 resumeConfig.Certificates = []Certificate{getRSACertificate()}
823 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]824 if test.newSessionsOnResume {
825 if !test.noSessionCache {
826 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
827 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
828 }
829 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]830 resumeConfig.SessionTicketKey = config.SessionTicketKey
831 resumeConfig.ClientSessionCache = config.ClientSessionCache
832 resumeConfig.ServerSessionCache = config.ServerSessionCache
833 }
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]834 if *fuzzer {
835 resumeConfig.Bugs.NullAllCiphers = true
836 }
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]837 resumeConfig.Rand = config.Rand
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]838 } else {
839 resumeConfig = config
840 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]841 var connResume net.Conn
842 connResume, err = acceptOrWait(listener, waitChan)
843 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]844 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]845 connResume.Close()
846 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]847 }
848
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]849 // Close the listener now. This is to avoid hangs should the shim try to
850 // open more connections than expected.
851 listener.Close()
852 listener = nil
853
854 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]855 if exitError, ok := childErr.(*exec.ExitError); ok {
856 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
857 return errMoreMallocs
858 }
859 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]860
David Benjamin9bea3492016-03-02 10:59:16 -0500[diff] [blame]861 // Account for Windows line endings.
862 stdout := strings.Replace(string(stdoutBuf.Bytes()), "\r\n", "\n", -1)
863 stderr := strings.Replace(string(stderrBuf.Bytes()), "\r\n", "\n", -1)
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]864
865 // Separate the errors from the shim and those from tools like
866 // AddressSanitizer.
867 var extraStderr string
868 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
869 stderr = stderrParts[0]
870 extraStderr = stderrParts[1]
871 }
872
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]873 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]874 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]875 localError := "none"
876 if err != nil {
877 localError = err.Error()
878 }
879 if len(test.expectedLocalError) != 0 {
880 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
881 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]882
883 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]884 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]885 if childErr != nil {
886 childError = childErr.Error()
887 }
888
889 var msg string
890 switch {
891 case failed && !test.shouldFail:
892 msg = "unexpected failure"
893 case !failed && test.shouldFail:
894 msg = "unexpected success"
895 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]896 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]897 default:
898 panic("internal error")
899 }
900
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]901 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]902 }
903
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]904 if !*useValgrind && (len(extraStderr) > 0 || (!failed && len(stderr) > 0)) {
905 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]906 }
907
908 return nil
909}
910
911var tlsVersions = []struct {
912 name string
913 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]914 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]915 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]916}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]917 {"SSL3", VersionSSL30, "-no-ssl3", false},
918 {"TLS1", VersionTLS10, "-no-tls1", true},
919 {"TLS11", VersionTLS11, "-no-tls11", false},
920 {"TLS12", VersionTLS12, "-no-tls12", true},
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]921 // TODO(nharper): Once we have a real implementation of TLS 1.3, update the name here.
922 {"FakeTLS13", VersionTLS13, "-no-tls13", false},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]923}
924
925var testCipherSuites = []struct {
926 name string
927 id uint16
928}{
929 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]930 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]931 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]932 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]933 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]934 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]935 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]936 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
937 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]938 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]939 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
940 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]941 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]942 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
943 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]944 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
945 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]946 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]947 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]948 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]949 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]950 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]951 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]952 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]953 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]954 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]955 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]956 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]957 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]958 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]959 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]960 {"CECPQ1-RSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256},
961 {"CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
962 {"CECPQ1-RSA-AES256-GCM-SHA384", TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
963 {"CECPQ1-ECDSA-AES256-GCM-SHA384", TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]964 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
965 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]966 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
967 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]968 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
Steven Valdez3084e7b2016-06-02 12:07:20 -0400[diff] [blame]969 {"ECDHE-PSK-AES128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
970 {"ECDHE-PSK-AES256-GCM-SHA384", TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]971 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]972 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]973 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]974 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]975}
976
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]977func hasComponent(suiteName, component string) bool {
978 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
979}
980
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]981func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]982 return hasComponent(suiteName, "GCM") ||
983 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]984 hasComponent(suiteName, "SHA384") ||
985 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]986}
987
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]988func isTLS13Suite(suiteName string) bool {
989 return (hasComponent(suiteName, "GCM") || hasComponent(suiteName, "POLY1305")) && hasComponent(suiteName, "ECDHE") && !hasComponent(suiteName, "OLD")
990}
991
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]992func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]993 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]994}
995
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]996func bigFromHex(hex string) *big.Int {
997 ret, ok := new(big.Int).SetString(hex, 16)
998 if !ok {
999 panic("failed to parse hex number 0x" + hex)
1000 }
1001 return ret
1002}
1003
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1004func addBasicTests() {
1005 basicTests := []testCase{
1006 {
1007 name: "BadRSASignature",
1008 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1009 // TODO(davidben): Add a TLS 1.3 version of this.
1010 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1011 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1012 Bugs: ProtocolBugs{
1013 InvalidSKXSignature: true,
1014 },
1015 },
1016 shouldFail: true,
1017 expectedError: ":BAD_SIGNATURE:",
1018 },
1019 {
1020 name: "BadECDSASignature",
1021 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1022 // TODO(davidben): Add a TLS 1.3 version of this.
1023 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1024 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1025 Bugs: ProtocolBugs{
1026 InvalidSKXSignature: true,
1027 },
1028 Certificates: []Certificate{getECDSACertificate()},
1029 },
1030 shouldFail: true,
1031 expectedError: ":BAD_SIGNATURE:",
1032 },
1033 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]1034 testType: serverTest,
1035 name: "BadRSASignature-ClientAuth",
1036 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1037 // TODO(davidben): Add a TLS 1.3 version of this.
1038 MaxVersion: VersionTLS12,
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]1039 Bugs: ProtocolBugs{
1040 InvalidCertVerifySignature: true,
1041 },
1042 Certificates: []Certificate{getRSACertificate()},
1043 },
1044 shouldFail: true,
1045 expectedError: ":BAD_SIGNATURE:",
1046 flags: []string{"-require-any-client-certificate"},
1047 },
1048 {
1049 testType: serverTest,
1050 name: "BadECDSASignature-ClientAuth",
1051 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1052 // TODO(davidben): Add a TLS 1.3 version of this.
1053 MaxVersion: VersionTLS12,
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]1054 Bugs: ProtocolBugs{
1055 InvalidCertVerifySignature: true,
1056 },
1057 Certificates: []Certificate{getECDSACertificate()},
1058 },
1059 shouldFail: true,
1060 expectedError: ":BAD_SIGNATURE:",
1061 flags: []string{"-require-any-client-certificate"},
1062 },
1063 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1064 name: "NoFallbackSCSV",
1065 config: Config{
1066 Bugs: ProtocolBugs{
1067 FailIfNotFallbackSCSV: true,
1068 },
1069 },
1070 shouldFail: true,
1071 expectedLocalError: "no fallback SCSV found",
1072 },
1073 {
1074 name: "SendFallbackSCSV",
1075 config: Config{
1076 Bugs: ProtocolBugs{
1077 FailIfNotFallbackSCSV: true,
1078 },
1079 },
1080 flags: []string{"-fallback-scsv"},
1081 },
1082 {
1083 name: "ClientCertificateTypes",
1084 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1085 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1086 ClientAuth: RequestClientCert,
1087 ClientCertificateTypes: []byte{
1088 CertTypeDSSSign,
1089 CertTypeRSASign,
1090 CertTypeECDSASign,
1091 },
1092 },
1093 flags: []string{
1094 "-expect-certificate-types",
1095 base64.StdEncoding.EncodeToString([]byte{
1096 CertTypeDSSSign,
1097 CertTypeRSASign,
1098 CertTypeECDSASign,
1099 }),
1100 },
1101 },
1102 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1103 name: "UnauthenticatedECDH",
1104 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1105 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1106 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1107 Bugs: ProtocolBugs{
1108 UnauthenticatedECDH: true,
1109 },
1110 },
1111 shouldFail: true,
1112 expectedError: ":UNEXPECTED_MESSAGE:",
1113 },
1114 {
1115 name: "SkipCertificateStatus",
1116 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1117 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1118 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1119 Bugs: ProtocolBugs{
1120 SkipCertificateStatus: true,
1121 },
1122 },
1123 flags: []string{
1124 "-enable-ocsp-stapling",
1125 },
1126 },
1127 {
1128 name: "SkipServerKeyExchange",
1129 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1130 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1131 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1132 Bugs: ProtocolBugs{
1133 SkipServerKeyExchange: true,
1134 },
1135 },
1136 shouldFail: true,
1137 expectedError: ":UNEXPECTED_MESSAGE:",
1138 },
1139 {
1140 name: "SkipChangeCipherSpec-Client",
1141 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1142 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1143 Bugs: ProtocolBugs{
1144 SkipChangeCipherSpec: true,
1145 },
1146 },
1147 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1148 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1149 },
1150 {
1151 testType: serverTest,
1152 name: "SkipChangeCipherSpec-Server",
1153 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1154 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1155 Bugs: ProtocolBugs{
1156 SkipChangeCipherSpec: true,
1157 },
1158 },
1159 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1160 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1161 },
1162 {
1163 testType: serverTest,
1164 name: "SkipChangeCipherSpec-Server-NPN",
1165 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1166 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1167 NextProtos: []string{"bar"},
1168 Bugs: ProtocolBugs{
1169 SkipChangeCipherSpec: true,
1170 },
1171 },
1172 flags: []string{
1173 "-advertise-npn", "\x03foo\x03bar\x03baz",
1174 },
1175 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1176 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1177 },
1178 {
1179 name: "FragmentAcrossChangeCipherSpec-Client",
1180 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1181 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1182 Bugs: ProtocolBugs{
1183 FragmentAcrossChangeCipherSpec: true,
1184 },
1185 },
1186 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1187 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1188 },
1189 {
1190 testType: serverTest,
1191 name: "FragmentAcrossChangeCipherSpec-Server",
1192 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1193 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1194 Bugs: ProtocolBugs{
1195 FragmentAcrossChangeCipherSpec: true,
1196 },
1197 },
1198 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1199 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1200 },
1201 {
1202 testType: serverTest,
1203 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1204 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1205 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1206 NextProtos: []string{"bar"},
1207 Bugs: ProtocolBugs{
1208 FragmentAcrossChangeCipherSpec: true,
1209 },
1210 },
1211 flags: []string{
1212 "-advertise-npn", "\x03foo\x03bar\x03baz",
1213 },
1214 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1215 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1216 },
1217 {
1218 testType: serverTest,
1219 name: "Alert",
1220 config: Config{
1221 Bugs: ProtocolBugs{
1222 SendSpuriousAlert: alertRecordOverflow,
1223 },
1224 },
1225 shouldFail: true,
1226 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1227 },
1228 {
1229 protocol: dtls,
1230 testType: serverTest,
1231 name: "Alert-DTLS",
1232 config: Config{
1233 Bugs: ProtocolBugs{
1234 SendSpuriousAlert: alertRecordOverflow,
1235 },
1236 },
1237 shouldFail: true,
1238 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1239 },
1240 {
1241 testType: serverTest,
1242 name: "FragmentAlert",
1243 config: Config{
1244 Bugs: ProtocolBugs{
1245 FragmentAlert: true,
1246 SendSpuriousAlert: alertRecordOverflow,
1247 },
1248 },
1249 shouldFail: true,
1250 expectedError: ":BAD_ALERT:",
1251 },
1252 {
1253 protocol: dtls,
1254 testType: serverTest,
1255 name: "FragmentAlert-DTLS",
1256 config: Config{
1257 Bugs: ProtocolBugs{
1258 FragmentAlert: true,
1259 SendSpuriousAlert: alertRecordOverflow,
1260 },
1261 },
1262 shouldFail: true,
1263 expectedError: ":BAD_ALERT:",
1264 },
1265 {
1266 testType: serverTest,
David Benjamin0d3a8c62016-03-11 22:25:18 -0500[diff] [blame]1267 name: "DoubleAlert",
1268 config: Config{
1269 Bugs: ProtocolBugs{
1270 DoubleAlert: true,
1271 SendSpuriousAlert: alertRecordOverflow,
1272 },
1273 },
1274 shouldFail: true,
1275 expectedError: ":BAD_ALERT:",
1276 },
1277 {
1278 protocol: dtls,
1279 testType: serverTest,
1280 name: "DoubleAlert-DTLS",
1281 config: Config{
1282 Bugs: ProtocolBugs{
1283 DoubleAlert: true,
1284 SendSpuriousAlert: alertRecordOverflow,
1285 },
1286 },
1287 shouldFail: true,
1288 expectedError: ":BAD_ALERT:",
1289 },
1290 {
1291 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1292 name: "EarlyChangeCipherSpec-server-1",
1293 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1294 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1295 Bugs: ProtocolBugs{
1296 EarlyChangeCipherSpec: 1,
1297 },
1298 },
1299 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1300 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1301 },
1302 {
1303 testType: serverTest,
1304 name: "EarlyChangeCipherSpec-server-2",
1305 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1306 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1307 Bugs: ProtocolBugs{
1308 EarlyChangeCipherSpec: 2,
1309 },
1310 },
1311 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1312 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1313 },
1314 {
David Benjamin8144f992016-06-22 17:05:13 -0400[diff] [blame]1315 protocol: dtls,
1316 name: "StrayChangeCipherSpec",
1317 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1318 // TODO(davidben): Once DTLS 1.3 exists, test
1319 // that stray ChangeCipherSpec messages are
1320 // rejected.
1321 MaxVersion: VersionTLS12,
David Benjamin8144f992016-06-22 17:05:13 -0400[diff] [blame]1322 Bugs: ProtocolBugs{
1323 StrayChangeCipherSpec: true,
1324 },
1325 },
1326 },
1327 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1328 name: "SkipNewSessionTicket",
1329 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1330 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1331 Bugs: ProtocolBugs{
1332 SkipNewSessionTicket: true,
1333 },
1334 },
1335 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1336 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1337 },
1338 {
1339 testType: serverTest,
1340 name: "FallbackSCSV",
1341 config: Config{
1342 MaxVersion: VersionTLS11,
1343 Bugs: ProtocolBugs{
1344 SendFallbackSCSV: true,
1345 },
1346 },
1347 shouldFail: true,
1348 expectedError: ":INAPPROPRIATE_FALLBACK:",
1349 },
1350 {
1351 testType: serverTest,
1352 name: "FallbackSCSV-VersionMatch",
1353 config: Config{
1354 Bugs: ProtocolBugs{
1355 SendFallbackSCSV: true,
1356 },
1357 },
1358 },
1359 {
1360 testType: serverTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1361 name: "FallbackSCSV-VersionMatch-TLS12",
1362 config: Config{
1363 MaxVersion: VersionTLS12,
1364 Bugs: ProtocolBugs{
1365 SendFallbackSCSV: true,
1366 },
1367 },
1368 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
1369 },
1370 {
1371 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1372 name: "FragmentedClientVersion",
1373 config: Config{
1374 Bugs: ProtocolBugs{
1375 MaxHandshakeRecordLength: 1,
1376 FragmentClientVersion: true,
1377 },
1378 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1379 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1380 },
1381 {
1382 testType: serverTest,
1383 name: "MinorVersionTolerance",
1384 config: Config{
1385 Bugs: ProtocolBugs{
1386 SendClientVersion: 0x03ff,
1387 },
1388 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1389 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1390 },
1391 {
1392 testType: serverTest,
1393 name: "MajorVersionTolerance",
1394 config: Config{
1395 Bugs: ProtocolBugs{
1396 SendClientVersion: 0x0400,
1397 },
1398 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1399 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1400 },
1401 {
1402 testType: serverTest,
1403 name: "VersionTooLow",
1404 config: Config{
1405 Bugs: ProtocolBugs{
1406 SendClientVersion: 0x0200,
1407 },
1408 },
1409 shouldFail: true,
1410 expectedError: ":UNSUPPORTED_PROTOCOL:",
1411 },
1412 {
1413 testType: serverTest,
1414 name: "HttpGET",
1415 sendPrefix: "GET / HTTP/1.0\n",
1416 shouldFail: true,
1417 expectedError: ":HTTP_REQUEST:",
1418 },
1419 {
1420 testType: serverTest,
1421 name: "HttpPOST",
1422 sendPrefix: "POST / HTTP/1.0\n",
1423 shouldFail: true,
1424 expectedError: ":HTTP_REQUEST:",
1425 },
1426 {
1427 testType: serverTest,
1428 name: "HttpHEAD",
1429 sendPrefix: "HEAD / HTTP/1.0\n",
1430 shouldFail: true,
1431 expectedError: ":HTTP_REQUEST:",
1432 },
1433 {
1434 testType: serverTest,
1435 name: "HttpPUT",
1436 sendPrefix: "PUT / HTTP/1.0\n",
1437 shouldFail: true,
1438 expectedError: ":HTTP_REQUEST:",
1439 },
1440 {
1441 testType: serverTest,
1442 name: "HttpCONNECT",
1443 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1444 shouldFail: true,
1445 expectedError: ":HTTPS_PROXY_REQUEST:",
1446 },
1447 {
1448 testType: serverTest,
1449 name: "Garbage",
1450 sendPrefix: "blah",
1451 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1452 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1453 },
1454 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1455 name: "RSAEphemeralKey",
1456 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1457 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1458 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1459 Bugs: ProtocolBugs{
1460 RSAEphemeralKey: true,
1461 },
1462 },
1463 shouldFail: true,
1464 expectedError: ":UNEXPECTED_MESSAGE:",
1465 },
1466 {
1467 name: "DisableEverything",
Steven Valdez4f94b1c2016-05-24 12:31:07 -0400[diff] [blame]1468 flags: []string{"-no-tls13", "-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1469 shouldFail: true,
1470 expectedError: ":WRONG_SSL_VERSION:",
1471 },
1472 {
1473 protocol: dtls,
1474 name: "DisableEverything-DTLS",
1475 flags: []string{"-no-tls12", "-no-tls1"},
1476 shouldFail: true,
1477 expectedError: ":WRONG_SSL_VERSION:",
1478 },
1479 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1480 protocol: dtls,
1481 testType: serverTest,
1482 name: "MTU",
1483 config: Config{
1484 Bugs: ProtocolBugs{
1485 MaxPacketLength: 256,
1486 },
1487 },
1488 flags: []string{"-mtu", "256"},
1489 },
1490 {
1491 protocol: dtls,
1492 testType: serverTest,
1493 name: "MTUExceeded",
1494 config: Config{
1495 Bugs: ProtocolBugs{
1496 MaxPacketLength: 255,
1497 },
1498 },
1499 flags: []string{"-mtu", "256"},
1500 shouldFail: true,
1501 expectedLocalError: "dtls: exceeded maximum packet length",
1502 },
1503 {
1504 name: "CertMismatchRSA",
1505 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1506 // TODO(davidben): Add a TLS 1.3 version of this test.
1507 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1508 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1509 Certificates: []Certificate{getECDSACertificate()},
1510 Bugs: ProtocolBugs{
1511 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1512 },
1513 },
1514 shouldFail: true,
1515 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1516 },
1517 {
1518 name: "CertMismatchECDSA",
1519 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1520 // TODO(davidben): Add a TLS 1.3 version of this test.
1521 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1522 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1523 Certificates: []Certificate{getRSACertificate()},
1524 Bugs: ProtocolBugs{
1525 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1526 },
1527 },
1528 shouldFail: true,
1529 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1530 },
1531 {
1532 name: "EmptyCertificateList",
1533 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1534 // TODO(davidben): Add a TLS 1.3 version of this test.
1535 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1536 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1537 Bugs: ProtocolBugs{
1538 EmptyCertificateList: true,
1539 },
1540 },
1541 shouldFail: true,
1542 expectedError: ":DECODE_ERROR:",
1543 },
1544 {
1545 name: "TLSFatalBadPackets",
1546 damageFirstWrite: true,
1547 shouldFail: true,
1548 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1549 },
1550 {
1551 protocol: dtls,
1552 name: "DTLSIgnoreBadPackets",
1553 damageFirstWrite: true,
1554 },
1555 {
1556 protocol: dtls,
1557 name: "DTLSIgnoreBadPackets-Async",
1558 damageFirstWrite: true,
1559 flags: []string{"-async"},
1560 },
1561 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1562 name: "AppDataBeforeHandshake",
1563 config: Config{
1564 Bugs: ProtocolBugs{
1565 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1566 },
1567 },
1568 shouldFail: true,
1569 expectedError: ":UNEXPECTED_RECORD:",
1570 },
1571 {
1572 name: "AppDataBeforeHandshake-Empty",
1573 config: Config{
1574 Bugs: ProtocolBugs{
1575 AppDataBeforeHandshake: []byte{},
1576 },
1577 },
1578 shouldFail: true,
1579 expectedError: ":UNEXPECTED_RECORD:",
1580 },
1581 {
1582 protocol: dtls,
1583 name: "AppDataBeforeHandshake-DTLS",
1584 config: Config{
1585 Bugs: ProtocolBugs{
1586 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1587 },
1588 },
1589 shouldFail: true,
1590 expectedError: ":UNEXPECTED_RECORD:",
1591 },
1592 {
1593 protocol: dtls,
1594 name: "AppDataBeforeHandshake-DTLS-Empty",
1595 config: Config{
1596 Bugs: ProtocolBugs{
1597 AppDataBeforeHandshake: []byte{},
1598 },
1599 },
1600 shouldFail: true,
1601 expectedError: ":UNEXPECTED_RECORD:",
1602 },
1603 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1604 name: "AppDataAfterChangeCipherSpec",
1605 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1606 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1607 Bugs: ProtocolBugs{
1608 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1609 },
1610 },
1611 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1612 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1613 },
1614 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1615 name: "AppDataAfterChangeCipherSpec-Empty",
1616 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1617 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1618 Bugs: ProtocolBugs{
1619 AppDataAfterChangeCipherSpec: []byte{},
1620 },
1621 },
1622 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1623 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1624 },
1625 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1626 protocol: dtls,
1627 name: "AppDataAfterChangeCipherSpec-DTLS",
1628 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1629 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1630 Bugs: ProtocolBugs{
1631 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1632 },
1633 },
1634 // BoringSSL's DTLS implementation will drop the out-of-order
1635 // application data.
1636 },
1637 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1638 protocol: dtls,
1639 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1640 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1641 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1642 Bugs: ProtocolBugs{
1643 AppDataAfterChangeCipherSpec: []byte{},
1644 },
1645 },
1646 // BoringSSL's DTLS implementation will drop the out-of-order
1647 // application data.
1648 },
1649 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1650 name: "AlertAfterChangeCipherSpec",
1651 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1652 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1653 Bugs: ProtocolBugs{
1654 AlertAfterChangeCipherSpec: alertRecordOverflow,
1655 },
1656 },
1657 shouldFail: true,
1658 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1659 },
1660 {
1661 protocol: dtls,
1662 name: "AlertAfterChangeCipherSpec-DTLS",
1663 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1664 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1665 Bugs: ProtocolBugs{
1666 AlertAfterChangeCipherSpec: alertRecordOverflow,
1667 },
1668 },
1669 shouldFail: true,
1670 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1671 },
1672 {
1673 protocol: dtls,
1674 name: "ReorderHandshakeFragments-Small-DTLS",
1675 config: Config{
1676 Bugs: ProtocolBugs{
1677 ReorderHandshakeFragments: true,
1678 // Small enough that every handshake message is
1679 // fragmented.
1680 MaxHandshakeRecordLength: 2,
1681 },
1682 },
1683 },
1684 {
1685 protocol: dtls,
1686 name: "ReorderHandshakeFragments-Large-DTLS",
1687 config: Config{
1688 Bugs: ProtocolBugs{
1689 ReorderHandshakeFragments: true,
1690 // Large enough that no handshake message is
1691 // fragmented.
1692 MaxHandshakeRecordLength: 2048,
1693 },
1694 },
1695 },
1696 {
1697 protocol: dtls,
1698 name: "MixCompleteMessageWithFragments-DTLS",
1699 config: Config{
1700 Bugs: ProtocolBugs{
1701 ReorderHandshakeFragments: true,
1702 MixCompleteMessageWithFragments: true,
1703 MaxHandshakeRecordLength: 2,
1704 },
1705 },
1706 },
1707 {
1708 name: "SendInvalidRecordType",
1709 config: Config{
1710 Bugs: ProtocolBugs{
1711 SendInvalidRecordType: true,
1712 },
1713 },
1714 shouldFail: true,
1715 expectedError: ":UNEXPECTED_RECORD:",
1716 },
1717 {
1718 protocol: dtls,
1719 name: "SendInvalidRecordType-DTLS",
1720 config: Config{
1721 Bugs: ProtocolBugs{
1722 SendInvalidRecordType: true,
1723 },
1724 },
1725 shouldFail: true,
1726 expectedError: ":UNEXPECTED_RECORD:",
1727 },
1728 {
1729 name: "FalseStart-SkipServerSecondLeg",
1730 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1731 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1732 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1733 NextProtos: []string{"foo"},
1734 Bugs: ProtocolBugs{
1735 SkipNewSessionTicket: true,
1736 SkipChangeCipherSpec: true,
1737 SkipFinished: true,
1738 ExpectFalseStart: true,
1739 },
1740 },
1741 flags: []string{
1742 "-false-start",
1743 "-handshake-never-done",
1744 "-advertise-alpn", "\x03foo",
1745 },
1746 shimWritesFirst: true,
1747 shouldFail: true,
1748 expectedError: ":UNEXPECTED_RECORD:",
1749 },
1750 {
1751 name: "FalseStart-SkipServerSecondLeg-Implicit",
1752 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1753 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1754 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1755 NextProtos: []string{"foo"},
1756 Bugs: ProtocolBugs{
1757 SkipNewSessionTicket: true,
1758 SkipChangeCipherSpec: true,
1759 SkipFinished: true,
1760 },
1761 },
1762 flags: []string{
1763 "-implicit-handshake",
1764 "-false-start",
1765 "-handshake-never-done",
1766 "-advertise-alpn", "\x03foo",
1767 },
1768 shouldFail: true,
1769 expectedError: ":UNEXPECTED_RECORD:",
1770 },
1771 {
1772 testType: serverTest,
1773 name: "FailEarlyCallback",
1774 flags: []string{"-fail-early-callback"},
1775 shouldFail: true,
1776 expectedError: ":CONNECTION_REJECTED:",
1777 expectedLocalError: "remote error: access denied",
1778 },
1779 {
1780 name: "WrongMessageType",
1781 config: Config{
1782 Bugs: ProtocolBugs{
1783 WrongCertificateMessageType: true,
1784 },
1785 },
1786 shouldFail: true,
1787 expectedError: ":UNEXPECTED_MESSAGE:",
1788 expectedLocalError: "remote error: unexpected message",
1789 },
1790 {
1791 protocol: dtls,
1792 name: "WrongMessageType-DTLS",
1793 config: Config{
1794 Bugs: ProtocolBugs{
1795 WrongCertificateMessageType: true,
1796 },
1797 },
1798 shouldFail: true,
1799 expectedError: ":UNEXPECTED_MESSAGE:",
1800 expectedLocalError: "remote error: unexpected message",
1801 },
1802 {
1803 protocol: dtls,
1804 name: "FragmentMessageTypeMismatch-DTLS",
1805 config: Config{
1806 Bugs: ProtocolBugs{
1807 MaxHandshakeRecordLength: 2,
1808 FragmentMessageTypeMismatch: true,
1809 },
1810 },
1811 shouldFail: true,
1812 expectedError: ":FRAGMENT_MISMATCH:",
1813 },
1814 {
1815 protocol: dtls,
1816 name: "FragmentMessageLengthMismatch-DTLS",
1817 config: Config{
1818 Bugs: ProtocolBugs{
1819 MaxHandshakeRecordLength: 2,
1820 FragmentMessageLengthMismatch: true,
1821 },
1822 },
1823 shouldFail: true,
1824 expectedError: ":FRAGMENT_MISMATCH:",
1825 },
1826 {
1827 protocol: dtls,
1828 name: "SplitFragments-Header-DTLS",
1829 config: Config{
1830 Bugs: ProtocolBugs{
1831 SplitFragments: 2,
1832 },
1833 },
1834 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1835 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1836 },
1837 {
1838 protocol: dtls,
1839 name: "SplitFragments-Boundary-DTLS",
1840 config: Config{
1841 Bugs: ProtocolBugs{
1842 SplitFragments: dtlsRecordHeaderLen,
1843 },
1844 },
1845 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1846 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1847 },
1848 {
1849 protocol: dtls,
1850 name: "SplitFragments-Body-DTLS",
1851 config: Config{
1852 Bugs: ProtocolBugs{
1853 SplitFragments: dtlsRecordHeaderLen + 1,
1854 },
1855 },
1856 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1857 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1858 },
1859 {
1860 protocol: dtls,
1861 name: "SendEmptyFragments-DTLS",
1862 config: Config{
1863 Bugs: ProtocolBugs{
1864 SendEmptyFragments: true,
1865 },
1866 },
1867 },
1868 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1869 name: "BadFinished-Client",
1870 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1871 // TODO(davidben): Add a TLS 1.3 version of this.
1872 MaxVersion: VersionTLS12,
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1873 Bugs: ProtocolBugs{
1874 BadFinished: true,
1875 },
1876 },
1877 shouldFail: true,
1878 expectedError: ":DIGEST_CHECK_FAILED:",
1879 },
1880 {
1881 testType: serverTest,
1882 name: "BadFinished-Server",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1883 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]1884 // TODO(davidben): Add a TLS 1.3 version of this.
1885 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1886 Bugs: ProtocolBugs{
1887 BadFinished: true,
1888 },
1889 },
1890 shouldFail: true,
1891 expectedError: ":DIGEST_CHECK_FAILED:",
1892 },
1893 {
1894 name: "FalseStart-BadFinished",
1895 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1896 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1897 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1898 NextProtos: []string{"foo"},
1899 Bugs: ProtocolBugs{
1900 BadFinished: true,
1901 ExpectFalseStart: true,
1902 },
1903 },
1904 flags: []string{
1905 "-false-start",
1906 "-handshake-never-done",
1907 "-advertise-alpn", "\x03foo",
1908 },
1909 shimWritesFirst: true,
1910 shouldFail: true,
1911 expectedError: ":DIGEST_CHECK_FAILED:",
1912 },
1913 {
1914 name: "NoFalseStart-NoALPN",
1915 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1916 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1917 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1918 Bugs: ProtocolBugs{
1919 ExpectFalseStart: true,
1920 AlertBeforeFalseStartTest: alertAccessDenied,
1921 },
1922 },
1923 flags: []string{
1924 "-false-start",
1925 },
1926 shimWritesFirst: true,
1927 shouldFail: true,
1928 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1929 expectedLocalError: "tls: peer did not false start: EOF",
1930 },
1931 {
1932 name: "NoFalseStart-NoAEAD",
1933 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1934 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1935 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1936 NextProtos: []string{"foo"},
1937 Bugs: ProtocolBugs{
1938 ExpectFalseStart: true,
1939 AlertBeforeFalseStartTest: alertAccessDenied,
1940 },
1941 },
1942 flags: []string{
1943 "-false-start",
1944 "-advertise-alpn", "\x03foo",
1945 },
1946 shimWritesFirst: true,
1947 shouldFail: true,
1948 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1949 expectedLocalError: "tls: peer did not false start: EOF",
1950 },
1951 {
1952 name: "NoFalseStart-RSA",
1953 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1954 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1955 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1956 NextProtos: []string{"foo"},
1957 Bugs: ProtocolBugs{
1958 ExpectFalseStart: true,
1959 AlertBeforeFalseStartTest: alertAccessDenied,
1960 },
1961 },
1962 flags: []string{
1963 "-false-start",
1964 "-advertise-alpn", "\x03foo",
1965 },
1966 shimWritesFirst: true,
1967 shouldFail: true,
1968 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1969 expectedLocalError: "tls: peer did not false start: EOF",
1970 },
1971 {
1972 name: "NoFalseStart-DHE_RSA",
1973 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1974 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1975 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1976 NextProtos: []string{"foo"},
1977 Bugs: ProtocolBugs{
1978 ExpectFalseStart: true,
1979 AlertBeforeFalseStartTest: alertAccessDenied,
1980 },
1981 },
1982 flags: []string{
1983 "-false-start",
1984 "-advertise-alpn", "\x03foo",
1985 },
1986 shimWritesFirst: true,
1987 shouldFail: true,
1988 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1989 expectedLocalError: "tls: peer did not false start: EOF",
1990 },
1991 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1992 protocol: dtls,
1993 name: "SendSplitAlert-Sync",
1994 config: Config{
1995 Bugs: ProtocolBugs{
1996 SendSplitAlert: true,
1997 },
1998 },
1999 },
2000 {
2001 protocol: dtls,
2002 name: "SendSplitAlert-Async",
2003 config: Config{
2004 Bugs: ProtocolBugs{
2005 SendSplitAlert: true,
2006 },
2007 },
2008 flags: []string{"-async"},
2009 },
2010 {
2011 protocol: dtls,
2012 name: "PackDTLSHandshake",
2013 config: Config{
2014 Bugs: ProtocolBugs{
2015 MaxHandshakeRecordLength: 2,
2016 PackHandshakeFragments: 20,
2017 PackHandshakeRecords: 200,
2018 },
2019 },
2020 },
2021 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2022 name: "SendEmptyRecords-Pass",
2023 sendEmptyRecords: 32,
2024 },
2025 {
2026 name: "SendEmptyRecords",
2027 sendEmptyRecords: 33,
2028 shouldFail: true,
2029 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2030 },
2031 {
2032 name: "SendEmptyRecords-Async",
2033 sendEmptyRecords: 33,
2034 flags: []string{"-async"},
2035 shouldFail: true,
2036 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2037 },
2038 {
2039 name: "SendWarningAlerts-Pass",
2040 sendWarningAlerts: 4,
2041 },
2042 {
2043 protocol: dtls,
2044 name: "SendWarningAlerts-DTLS-Pass",
2045 sendWarningAlerts: 4,
2046 },
2047 {
2048 name: "SendWarningAlerts",
2049 sendWarningAlerts: 5,
2050 shouldFail: true,
2051 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2052 },
2053 {
2054 name: "SendWarningAlerts-Async",
2055 sendWarningAlerts: 5,
2056 flags: []string{"-async"},
2057 shouldFail: true,
2058 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2059 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2060 {
2061 name: "EmptySessionID",
2062 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2063 MaxVersion: VersionTLS12,
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2064 SessionTicketsDisabled: true,
2065 },
2066 noSessionCache: true,
2067 flags: []string{"-expect-no-session"},
2068 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2069 {
2070 name: "Unclean-Shutdown",
2071 config: Config{
2072 Bugs: ProtocolBugs{
2073 NoCloseNotify: true,
2074 ExpectCloseNotify: true,
2075 },
2076 },
2077 shimShutsDown: true,
2078 flags: []string{"-check-close-notify"},
2079 shouldFail: true,
2080 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
2081 },
2082 {
2083 name: "Unclean-Shutdown-Ignored",
2084 config: Config{
2085 Bugs: ProtocolBugs{
2086 NoCloseNotify: true,
2087 },
2088 },
2089 shimShutsDown: true,
2090 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2091 {
David Benjaminfa214e42016-05-10 17:03:10 -0400[diff] [blame]2092 name: "Unclean-Shutdown-Alert",
2093 config: Config{
2094 Bugs: ProtocolBugs{
2095 SendAlertOnShutdown: alertDecompressionFailure,
2096 ExpectCloseNotify: true,
2097 },
2098 },
2099 shimShutsDown: true,
2100 flags: []string{"-check-close-notify"},
2101 shouldFail: true,
2102 expectedError: ":SSLV3_ALERT_DECOMPRESSION_FAILURE:",
2103 },
2104 {
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2105 name: "LargePlaintext",
2106 config: Config{
2107 Bugs: ProtocolBugs{
2108 SendLargeRecords: true,
2109 },
2110 },
2111 messageLen: maxPlaintext + 1,
2112 shouldFail: true,
2113 expectedError: ":DATA_LENGTH_TOO_LONG:",
2114 },
2115 {
2116 protocol: dtls,
2117 name: "LargePlaintext-DTLS",
2118 config: Config{
2119 Bugs: ProtocolBugs{
2120 SendLargeRecords: true,
2121 },
2122 },
2123 messageLen: maxPlaintext + 1,
2124 shouldFail: true,
2125 expectedError: ":DATA_LENGTH_TOO_LONG:",
2126 },
2127 {
2128 name: "LargeCiphertext",
2129 config: Config{
2130 Bugs: ProtocolBugs{
2131 SendLargeRecords: true,
2132 },
2133 },
2134 messageLen: maxPlaintext * 2,
2135 shouldFail: true,
2136 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
2137 },
2138 {
2139 protocol: dtls,
2140 name: "LargeCiphertext-DTLS",
2141 config: Config{
2142 Bugs: ProtocolBugs{
2143 SendLargeRecords: true,
2144 },
2145 },
2146 messageLen: maxPlaintext * 2,
2147 // Unlike the other four cases, DTLS drops records which
2148 // are invalid before authentication, so the connection
2149 // does not fail.
2150 expectMessageDropped: true,
2151 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2152 {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2153 // In TLS 1.2 and below, empty NewSessionTicket messages
2154 // mean the server changed its mind on sending a ticket.
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2155 name: "SendEmptySessionTicket",
2156 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2157 MaxVersion: VersionTLS12,
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2158 Bugs: ProtocolBugs{
2159 SendEmptySessionTicket: true,
2160 FailIfSessionOffered: true,
2161 },
2162 },
2163 flags: []string{"-expect-no-session"},
2164 resumeSession: true,
2165 expectResumeRejected: true,
2166 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]2167 {
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2168 name: "BadChangeCipherSpec-1",
2169 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2170 MaxVersion: VersionTLS12,
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2171 Bugs: ProtocolBugs{
2172 BadChangeCipherSpec: []byte{2},
2173 },
2174 },
2175 shouldFail: true,
2176 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2177 },
2178 {
2179 name: "BadChangeCipherSpec-2",
2180 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2181 MaxVersion: VersionTLS12,
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2182 Bugs: ProtocolBugs{
2183 BadChangeCipherSpec: []byte{1, 1},
2184 },
2185 },
2186 shouldFail: true,
2187 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2188 },
2189 {
2190 protocol: dtls,
2191 name: "BadChangeCipherSpec-DTLS-1",
2192 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2193 MaxVersion: VersionTLS12,
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2194 Bugs: ProtocolBugs{
2195 BadChangeCipherSpec: []byte{2},
2196 },
2197 },
2198 shouldFail: true,
2199 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2200 },
2201 {
2202 protocol: dtls,
2203 name: "BadChangeCipherSpec-DTLS-2",
2204 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2205 MaxVersion: VersionTLS12,
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2206 Bugs: ProtocolBugs{
2207 BadChangeCipherSpec: []byte{1, 1},
2208 },
2209 },
2210 shouldFail: true,
2211 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2212 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2213 {
2214 name: "BadHelloRequest-1",
2215 renegotiate: 1,
2216 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2217 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2218 Bugs: ProtocolBugs{
2219 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2220 },
2221 },
2222 flags: []string{
2223 "-renegotiate-freely",
2224 "-expect-total-renegotiations", "1",
2225 },
2226 shouldFail: true,
2227 expectedError: ":BAD_HELLO_REQUEST:",
2228 },
2229 {
2230 name: "BadHelloRequest-2",
2231 renegotiate: 1,
2232 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2233 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2234 Bugs: ProtocolBugs{
2235 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2236 },
2237 },
2238 flags: []string{
2239 "-renegotiate-freely",
2240 "-expect-total-renegotiations", "1",
2241 },
2242 shouldFail: true,
2243 expectedError: ":BAD_HELLO_REQUEST:",
2244 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2245 {
2246 testType: serverTest,
2247 name: "SupportTicketsWithSessionID",
2248 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2249 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2250 SessionTicketsDisabled: true,
2251 },
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2252 resumeConfig: &Config{
2253 MaxVersion: VersionTLS12,
2254 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2255 resumeSession: true,
2256 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2257 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2258 testCases = append(testCases, basicTests...)
2259}
2260
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2261func addCipherSuiteTests() {
2262 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2263 const psk = "12345"
2264 const pskIdentity = "luggage combo"
2265
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2266 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2267 var certFile string
2268 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2269 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2270 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2271 certFile = ecdsaCertificateFile
2272 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2273 } else {
2274 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2275 certFile = rsaCertificateFile
2276 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2277 }
2278
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2279 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2280 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2281 flags = append(flags,
2282 "-psk", psk,
2283 "-psk-identity", pskIdentity)
2284 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2285 if hasComponent(suite.name, "NULL") {
2286 // NULL ciphers must be explicitly enabled.
2287 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2288 }
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]2289 if hasComponent(suite.name, "CECPQ1") {
2290 // CECPQ1 ciphers must be explicitly enabled.
2291 flags = append(flags, "-cipher", "DEFAULT:kCECPQ1")
2292 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2293
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2294 for _, ver := range tlsVersions {
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2295 for _, protocol := range []protocol{tls, dtls} {
2296 var prefix string
2297 if protocol == dtls {
2298 if !ver.hasDTLS {
2299 continue
2300 }
2301 prefix = "D"
2302 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2303
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2304 var shouldServerFail, shouldClientFail bool
2305 if hasComponent(suite.name, "ECDHE") && ver.version == VersionSSL30 {
2306 // BoringSSL clients accept ECDHE on SSLv3, but
2307 // a BoringSSL server will never select it
2308 // because the extension is missing.
2309 shouldServerFail = true
2310 }
2311 if isTLS12Only(suite.name) && ver.version < VersionTLS12 {
2312 shouldClientFail = true
2313 shouldServerFail = true
2314 }
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2315 if !isTLS13Suite(suite.name) && ver.version == VersionTLS13 {
2316 shouldClientFail = true
2317 shouldServerFail = true
2318 }
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2319 if !isDTLSCipher(suite.name) && protocol == dtls {
2320 shouldClientFail = true
2321 shouldServerFail = true
2322 }
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2323
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2324 var expectedServerError, expectedClientError string
2325 if shouldServerFail {
2326 expectedServerError = ":NO_SHARED_CIPHER:"
2327 }
2328 if shouldClientFail {
2329 expectedClientError = ":WRONG_CIPHER_RETURNED:"
2330 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2331
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2332 testCases = append(testCases, testCase{
2333 testType: serverTest,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2334 protocol: protocol,
2335
2336 name: prefix + ver.name + "-" + suite.name + "-server",
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2337 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2338 MinVersion: ver.version,
2339 MaxVersion: ver.version,
2340 CipherSuites: []uint16{suite.id},
2341 Certificates: []Certificate{cert},
2342 PreSharedKey: []byte(psk),
2343 PreSharedKeyIdentity: pskIdentity,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2344 Bugs: ProtocolBugs{
David Benjamin9acf0ca2016-06-25 00:01:28 -0400[diff] [blame]2345 EnableAllCiphers: shouldServerFail,
2346 IgnorePeerCipherPreferences: shouldServerFail,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2347 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2348 },
2349 certFile: certFile,
2350 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2351 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2352 resumeSession: true,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2353 shouldFail: shouldServerFail,
2354 expectedError: expectedServerError,
2355 })
2356
2357 testCases = append(testCases, testCase{
2358 testType: clientTest,
2359 protocol: protocol,
2360 name: prefix + ver.name + "-" + suite.name + "-client",
2361 config: Config{
2362 MinVersion: ver.version,
2363 MaxVersion: ver.version,
2364 CipherSuites: []uint16{suite.id},
2365 Certificates: []Certificate{cert},
2366 PreSharedKey: []byte(psk),
2367 PreSharedKeyIdentity: pskIdentity,
2368 Bugs: ProtocolBugs{
David Benjamin9acf0ca2016-06-25 00:01:28 -0400[diff] [blame]2369 EnableAllCiphers: shouldClientFail,
2370 IgnorePeerCipherPreferences: shouldClientFail,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2371 },
2372 },
2373 flags: flags,
2374 resumeSession: true,
2375 shouldFail: shouldClientFail,
2376 expectedError: expectedClientError,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2377 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2378
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2379 if !shouldClientFail {
2380 // Ensure the maximum record size is accepted.
2381 testCases = append(testCases, testCase{
2382 name: prefix + ver.name + "-" + suite.name + "-LargeRecord",
2383 config: Config{
2384 MinVersion: ver.version,
2385 MaxVersion: ver.version,
2386 CipherSuites: []uint16{suite.id},
2387 Certificates: []Certificate{cert},
2388 PreSharedKey: []byte(psk),
2389 PreSharedKeyIdentity: pskIdentity,
2390 },
2391 flags: flags,
2392 messageLen: maxPlaintext,
2393 })
2394 }
2395 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2396 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2397 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2398
2399 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2400 name: "NoSharedCipher",
2401 config: Config{
2402 // TODO(davidben): Add a TLS 1.3 version of this test.
2403 MaxVersion: VersionTLS12,
2404 CipherSuites: []uint16{},
2405 },
2406 shouldFail: true,
2407 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
2408 })
2409
2410 testCases = append(testCases, testCase{
2411 name: "UnsupportedCipherSuite",
2412 config: Config{
2413 MaxVersion: VersionTLS12,
2414 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2415 Bugs: ProtocolBugs{
2416 IgnorePeerCipherPreferences: true,
2417 },
2418 },
2419 flags: []string{"-cipher", "DEFAULT:!RC4"},
2420 shouldFail: true,
2421 expectedError: ":WRONG_CIPHER_RETURNED:",
2422 })
2423
2424 testCases = append(testCases, testCase{
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2425 name: "WeakDH",
2426 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2427 MaxVersion: VersionTLS12,
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2428 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2429 Bugs: ProtocolBugs{
2430 // This is a 1023-bit prime number, generated
2431 // with:
2432 // openssl gendh 1023 | openssl asn1parse -i
2433 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2434 },
2435 },
2436 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2437 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2438 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2439
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2440 testCases = append(testCases, testCase{
2441 name: "SillyDH",
2442 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2443 MaxVersion: VersionTLS12,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2444 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2445 Bugs: ProtocolBugs{
2446 // This is a 4097-bit prime number, generated
2447 // with:
2448 // openssl gendh 4097 | openssl asn1parse -i
2449 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2450 },
2451 },
2452 shouldFail: true,
2453 expectedError: ":DH_P_TOO_LONG:",
2454 })
2455
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2456 // This test ensures that Diffie-Hellman public values are padded with
2457 // zeros so that they're the same length as the prime. This is to avoid
2458 // hitting a bug in yaSSL.
2459 testCases = append(testCases, testCase{
2460 testType: serverTest,
2461 name: "DHPublicValuePadded",
2462 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2463 MaxVersion: VersionTLS12,
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2464 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2465 Bugs: ProtocolBugs{
2466 RequireDHPublicValueLen: (1025 + 7) / 8,
2467 },
2468 },
2469 flags: []string{"-use-sparse-dh-prime"},
2470 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2471
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2472 // The server must be tolerant to bogus ciphers.
2473 const bogusCipher = 0x1234
2474 testCases = append(testCases, testCase{
2475 testType: serverTest,
2476 name: "UnknownCipher",
2477 config: Config{
2478 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2479 },
2480 })
2481
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2482 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2483 // 1.1 specific cipher suite settings. A server is setup with the given
2484 // cipher lists and then a connection is made for each member of
2485 // expectations. The cipher suite that the server selects must match
2486 // the specified one.
2487 var versionSpecificCiphersTest = []struct {
2488 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2489 // expectations is a map from TLS version to cipher suite id.
2490 expectations map[uint16]uint16
2491 }{
2492 {
2493 // Test that the null case (where no version-specific ciphers are set)
2494 // works as expected.
2495 "RC4-SHA:AES128-SHA", // default ciphers
2496 "", // no ciphers specifically for TLS ≥ 1.0
2497 "", // no ciphers specifically for TLS ≥ 1.1
2498 map[uint16]uint16{
2499 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2500 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2501 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2502 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2503 },
2504 },
2505 {
2506 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2507 // cipher.
2508 "RC4-SHA:AES128-SHA", // default
2509 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2510 "", // no ciphers specifically for TLS ≥ 1.1
2511 map[uint16]uint16{
2512 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2513 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2514 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2515 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2516 },
2517 },
2518 {
2519 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2520 // cipher.
2521 "RC4-SHA:AES128-SHA", // default
2522 "", // no ciphers specifically for TLS ≥ 1.0
2523 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2524 map[uint16]uint16{
2525 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2526 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2527 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2528 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2529 },
2530 },
2531 {
2532 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2533 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2534 "RC4-SHA:AES128-SHA", // default
2535 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2536 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2537 map[uint16]uint16{
2538 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2539 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2540 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2541 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2542 },
2543 },
2544 }
2545
2546 for i, test := range versionSpecificCiphersTest {
2547 for version, expectedCipherSuite := range test.expectations {
2548 flags := []string{"-cipher", test.ciphersDefault}
2549 if len(test.ciphersTLS10) > 0 {
2550 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2551 }
2552 if len(test.ciphersTLS11) > 0 {
2553 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2554 }
2555
2556 testCases = append(testCases, testCase{
2557 testType: serverTest,
2558 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2559 config: Config{
2560 MaxVersion: version,
2561 MinVersion: version,
2562 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2563 },
2564 flags: flags,
2565 expectedCipher: expectedCipherSuite,
2566 })
2567 }
2568 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2569}
2570
2571func addBadECDSASignatureTests() {
2572 for badR := BadValue(1); badR < NumBadValues; badR++ {
2573 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2574 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2575 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2576 config: Config{
2577 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2578 Certificates: []Certificate{getECDSACertificate()},
2579 Bugs: ProtocolBugs{
2580 BadECDSAR: badR,
2581 BadECDSAS: badS,
2582 },
2583 },
2584 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2585 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2586 })
2587 }
2588 }
2589}
2590
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2591func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2592 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2593 name: "MaxCBCPadding",
2594 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2595 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2596 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2597 Bugs: ProtocolBugs{
2598 MaxPadding: true,
2599 },
2600 },
2601 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2602 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2603 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2604 name: "BadCBCPadding",
2605 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2606 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2607 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2608 Bugs: ProtocolBugs{
2609 PaddingFirstByteBad: true,
2610 },
2611 },
2612 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2613 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2614 })
2615 // OpenSSL previously had an issue where the first byte of padding in
2616 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2617 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2618 name: "BadCBCPadding255",
2619 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2620 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2621 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2622 Bugs: ProtocolBugs{
2623 MaxPadding: true,
2624 PaddingFirstByteBadIf255: true,
2625 },
2626 },
2627 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2628 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2629 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2630 })
2631}
2632
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2633func addCBCSplittingTests() {
2634 testCases = append(testCases, testCase{
2635 name: "CBCRecordSplitting",
2636 config: Config{
2637 MaxVersion: VersionTLS10,
2638 MinVersion: VersionTLS10,
2639 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2640 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2641 messageLen: -1, // read until EOF
2642 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2643 flags: []string{
2644 "-async",
2645 "-write-different-record-sizes",
2646 "-cbc-record-splitting",
2647 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2648 })
2649 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2650 name: "CBCRecordSplittingPartialWrite",
2651 config: Config{
2652 MaxVersion: VersionTLS10,
2653 MinVersion: VersionTLS10,
2654 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2655 },
2656 messageLen: -1, // read until EOF
2657 flags: []string{
2658 "-async",
2659 "-write-different-record-sizes",
2660 "-cbc-record-splitting",
2661 "-partial-write",
2662 },
2663 })
2664}
2665
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2666func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2667 // Add a dummy cert pool to stress certificate authority parsing.
2668 // TODO(davidben): Add tests that those values parse out correctly.
2669 certPool := x509.NewCertPool()
2670 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2671 if err != nil {
2672 panic(err)
2673 }
2674 certPool.AddCert(cert)
2675
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2676 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2677 testCases = append(testCases, testCase{
2678 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2679 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2680 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2681 MinVersion: ver.version,
2682 MaxVersion: ver.version,
2683 ClientAuth: RequireAnyClientCert,
2684 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2685 },
2686 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2687 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2688 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2689 },
2690 })
2691 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2692 testType: serverTest,
2693 name: ver.name + "-Server-ClientAuth-RSA",
2694 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2695 MinVersion: ver.version,
2696 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2697 Certificates: []Certificate{rsaCertificate},
2698 },
2699 flags: []string{"-require-any-client-certificate"},
2700 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2701 if ver.version != VersionSSL30 {
2702 testCases = append(testCases, testCase{
2703 testType: serverTest,
2704 name: ver.name + "-Server-ClientAuth-ECDSA",
2705 config: Config{
2706 MinVersion: ver.version,
2707 MaxVersion: ver.version,
2708 Certificates: []Certificate{ecdsaCertificate},
2709 },
2710 flags: []string{"-require-any-client-certificate"},
2711 })
2712 testCases = append(testCases, testCase{
2713 testType: clientTest,
2714 name: ver.name + "-Client-ClientAuth-ECDSA",
2715 config: Config{
2716 MinVersion: ver.version,
2717 MaxVersion: ver.version,
2718 ClientAuth: RequireAnyClientCert,
2719 ClientCAs: certPool,
2720 },
2721 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2722 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2723 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2724 },
2725 })
2726 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2727 }
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2728
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2729 // TODO(davidben): These tests will need TLS 1.3 versions when the
2730 // handshake is separate.
2731
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2732 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2733 name: "NoClientCertificate",
2734 config: Config{
2735 MaxVersion: VersionTLS12,
2736 ClientAuth: RequireAnyClientCert,
2737 },
2738 shouldFail: true,
2739 expectedLocalError: "client didn't provide a certificate",
2740 })
2741
2742 testCases = append(testCases, testCase{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2743 testType: serverTest,
2744 name: "RequireAnyClientCertificate",
2745 config: Config{
2746 MaxVersion: VersionTLS12,
2747 },
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2748 flags: []string{"-require-any-client-certificate"},
2749 shouldFail: true,
2750 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2751 })
2752
2753 testCases = append(testCases, testCase{
2754 testType: serverTest,
David Benjamindf28c3a2016-03-10 16:11:51 -0500[diff] [blame]2755 name: "RequireAnyClientCertificate-SSL3",
2756 config: Config{
2757 MaxVersion: VersionSSL30,
2758 },
2759 flags: []string{"-require-any-client-certificate"},
2760 shouldFail: true,
2761 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2762 })
2763
2764 testCases = append(testCases, testCase{
2765 testType: serverTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2766 name: "SkipClientCertificate",
2767 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2768 MaxVersion: VersionTLS12,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2769 Bugs: ProtocolBugs{
2770 SkipClientCertificate: true,
2771 },
2772 },
2773 // Setting SSL_VERIFY_PEER allows anonymous clients.
2774 flags: []string{"-verify-peer"},
2775 shouldFail: true,
David Benjamindf28c3a2016-03-10 16:11:51 -0500[diff] [blame]2776 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2777 })
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]2778
2779 // Client auth is only legal in certificate-based ciphers.
2780 testCases = append(testCases, testCase{
2781 testType: clientTest,
2782 name: "ClientAuth-PSK",
2783 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2784 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]2785 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2786 PreSharedKey: []byte("secret"),
2787 ClientAuth: RequireAnyClientCert,
2788 },
2789 flags: []string{
2790 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2791 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2792 "-psk", "secret",
2793 },
2794 shouldFail: true,
2795 expectedError: ":UNEXPECTED_MESSAGE:",
2796 })
2797 testCases = append(testCases, testCase{
2798 testType: clientTest,
2799 name: "ClientAuth-ECDHE_PSK",
2800 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2801 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]2802 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
2803 PreSharedKey: []byte("secret"),
2804 ClientAuth: RequireAnyClientCert,
2805 },
2806 flags: []string{
2807 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2808 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2809 "-psk", "secret",
2810 },
2811 shouldFail: true,
2812 expectedError: ":UNEXPECTED_MESSAGE:",
2813 })
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2814}
2815
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2816func addExtendedMasterSecretTests() {
2817 const expectEMSFlag = "-expect-extended-master-secret"
2818
2819 for _, with := range []bool{false, true} {
2820 prefix := "No"
2821 var flags []string
2822 if with {
2823 prefix = ""
2824 flags = []string{expectEMSFlag}
2825 }
2826
2827 for _, isClient := range []bool{false, true} {
2828 suffix := "-Server"
2829 testType := serverTest
2830 if isClient {
2831 suffix = "-Client"
2832 testType = clientTest
2833 }
2834
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2835 // TODO(davidben): Once the new TLS 1.3 handshake is in,
2836 // test that the extension is irrelevant, but the API
2837 // acts as if it is enabled.
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2838 for _, ver := range tlsVersions {
2839 test := testCase{
2840 testType: testType,
2841 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2842 config: Config{
2843 MinVersion: ver.version,
2844 MaxVersion: ver.version,
2845 Bugs: ProtocolBugs{
2846 NoExtendedMasterSecret: !with,
2847 RequireExtendedMasterSecret: with,
2848 },
2849 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2850 flags: flags,
2851 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2852 }
2853 if test.shouldFail {
2854 test.expectedLocalError = "extended master secret required but not supported by peer"
2855 }
2856 testCases = append(testCases, test)
2857 }
2858 }
2859 }
2860
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2861 for _, isClient := range []bool{false, true} {
2862 for _, supportedInFirstConnection := range []bool{false, true} {
2863 for _, supportedInResumeConnection := range []bool{false, true} {
2864 boolToWord := func(b bool) string {
2865 if b {
2866 return "Yes"
2867 }
2868 return "No"
2869 }
2870 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2871 if isClient {
2872 suffix += "Client"
2873 } else {
2874 suffix += "Server"
2875 }
2876
2877 supportedConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2878 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2879 Bugs: ProtocolBugs{
2880 RequireExtendedMasterSecret: true,
2881 },
2882 }
2883
2884 noSupportConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2885 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2886 Bugs: ProtocolBugs{
2887 NoExtendedMasterSecret: true,
2888 },
2889 }
2890
2891 test := testCase{
2892 name: "ExtendedMasterSecret-" + suffix,
2893 resumeSession: true,
2894 }
2895
2896 if !isClient {
2897 test.testType = serverTest
2898 }
2899
2900 if supportedInFirstConnection {
2901 test.config = supportedConfig
2902 } else {
2903 test.config = noSupportConfig
2904 }
2905
2906 if supportedInResumeConnection {
2907 test.resumeConfig = &supportedConfig
2908 } else {
2909 test.resumeConfig = &noSupportConfig
2910 }
2911
2912 switch suffix {
2913 case "YesToYes-Client", "YesToYes-Server":
2914 // When a session is resumed, it should
2915 // still be aware that its master
2916 // secret was generated via EMS and
2917 // thus it's safe to use tls-unique.
2918 test.flags = []string{expectEMSFlag}
2919 case "NoToYes-Server":
2920 // If an original connection did not
2921 // contain EMS, but a resumption
2922 // handshake does, then a server should
2923 // not resume the session.
2924 test.expectResumeRejected = true
2925 case "YesToNo-Server":
2926 // Resuming an EMS session without the
2927 // EMS extension should cause the
2928 // server to abort the connection.
2929 test.shouldFail = true
2930 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2931 case "NoToYes-Client":
2932 // A client should abort a connection
2933 // where the server resumed a non-EMS
2934 // session but echoed the EMS
2935 // extension.
2936 test.shouldFail = true
2937 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2938 case "YesToNo-Client":
2939 // A client should abort a connection
2940 // where the server didn't echo EMS
2941 // when the session used it.
2942 test.shouldFail = true
2943 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2944 }
2945
2946 testCases = append(testCases, test)
2947 }
2948 }
2949 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2950}
2951
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2952// Adds tests that try to cover the range of the handshake state machine, under
2953// various conditions. Some of these are redundant with other tests, but they
2954// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2955func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2956 var tests []testCase
2957
2958 // Basic handshake, with resumption. Client and server,
2959 // session ID and session ticket.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2960 //
2961 // TODO(davidben): Add TLS 1.3 tests for all of its different handshake
2962 // shapes.
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2963 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2964 name: "Basic-Client",
2965 config: Config{
2966 MaxVersion: VersionTLS12,
2967 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2968 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2969 // Ensure session tickets are used, not session IDs.
2970 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2971 })
2972 tests = append(tests, testCase{
2973 name: "Basic-Client-RenewTicket",
2974 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2975 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2976 Bugs: ProtocolBugs{
2977 RenewTicketOnResume: true,
2978 },
2979 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2980 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2981 resumeSession: true,
2982 })
2983 tests = append(tests, testCase{
2984 name: "Basic-Client-NoTicket",
2985 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2986 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2987 SessionTicketsDisabled: true,
2988 },
2989 resumeSession: true,
2990 })
2991 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]2992 name: "Basic-Client-Implicit",
2993 config: Config{
2994 MaxVersion: VersionTLS12,
2995 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2996 flags: []string{"-implicit-handshake"},
2997 resumeSession: true,
2998 })
2999 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3000 testType: serverTest,
3001 name: "Basic-Server",
3002 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3003 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3004 Bugs: ProtocolBugs{
3005 RequireSessionTickets: true,
3006 },
3007 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3008 resumeSession: true,
3009 })
3010 tests = append(tests, testCase{
3011 testType: serverTest,
3012 name: "Basic-Server-NoTickets",
3013 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3014 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3015 SessionTicketsDisabled: true,
3016 },
3017 resumeSession: true,
3018 })
3019 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3020 testType: serverTest,
3021 name: "Basic-Server-Implicit",
3022 config: Config{
3023 MaxVersion: VersionTLS12,
3024 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3025 flags: []string{"-implicit-handshake"},
3026 resumeSession: true,
3027 })
3028 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3029 testType: serverTest,
3030 name: "Basic-Server-EarlyCallback",
3031 config: Config{
3032 MaxVersion: VersionTLS12,
3033 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3034 flags: []string{"-use-early-callback"},
3035 resumeSession: true,
3036 })
3037
3038 // TLS client auth.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3039 //
3040 // TODO(davidben): Add TLS 1.3 client auth tests.
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3041 tests = append(tests, testCase{
3042 testType: clientTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3043 name: "ClientAuth-NoCertificate-Client",
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3044 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3045 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3046 ClientAuth: RequestClientCert,
3047 },
3048 })
3049 tests = append(tests, testCase{
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3050 testType: serverTest,
3051 name: "ClientAuth-NoCertificate-Server",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3052 config: Config{
3053 MaxVersion: VersionTLS12,
3054 },
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3055 // Setting SSL_VERIFY_PEER allows anonymous clients.
3056 flags: []string{"-verify-peer"},
3057 })
3058 if protocol == tls {
3059 tests = append(tests, testCase{
3060 testType: clientTest,
3061 name: "ClientAuth-NoCertificate-Client-SSL3",
3062 config: Config{
3063 MaxVersion: VersionSSL30,
3064 ClientAuth: RequestClientCert,
3065 },
3066 })
3067 tests = append(tests, testCase{
3068 testType: serverTest,
3069 name: "ClientAuth-NoCertificate-Server-SSL3",
3070 config: Config{
3071 MaxVersion: VersionSSL30,
3072 },
3073 // Setting SSL_VERIFY_PEER allows anonymous clients.
3074 flags: []string{"-verify-peer"},
3075 })
3076 }
3077 tests = append(tests, testCase{
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3078 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3079 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3080 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3081 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3082 ClientAuth: RequireAnyClientCert,
3083 },
3084 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3085 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3086 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3087 },
3088 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3089 tests = append(tests, testCase{
3090 testType: clientTest,
3091 name: "ClientAuth-ECDSA-Client",
3092 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3093 MaxVersion: VersionTLS12,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3094 ClientAuth: RequireAnyClientCert,
3095 },
3096 flags: []string{
3097 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3098 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
3099 },
3100 })
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3101 tests = append(tests, testCase{
3102 testType: clientTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3103 name: "ClientAuth-NoCertificate-OldCallback",
3104 config: Config{
3105 MaxVersion: VersionTLS12,
3106 ClientAuth: RequestClientCert,
3107 },
3108 flags: []string{"-use-old-client-cert-callback"},
3109 })
3110 tests = append(tests, testCase{
3111 testType: clientTest,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3112 name: "ClientAuth-OldCallback",
3113 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3114 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3115 ClientAuth: RequireAnyClientCert,
3116 },
3117 flags: []string{
3118 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3119 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3120 "-use-old-client-cert-callback",
3121 },
3122 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3123 tests = append(tests, testCase{
3124 testType: serverTest,
3125 name: "ClientAuth-Server",
3126 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3127 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3128 Certificates: []Certificate{rsaCertificate},
3129 },
3130 flags: []string{"-require-any-client-certificate"},
3131 })
3132
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3133 // Test each key exchange on the server side for async keys.
3134 //
3135 // TODO(davidben): Add TLS 1.3 versions of these.
3136 tests = append(tests, testCase{
3137 testType: serverTest,
3138 name: "Basic-Server-RSA",
3139 config: Config{
3140 MaxVersion: VersionTLS12,
3141 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3142 },
3143 flags: []string{
3144 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3145 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3146 },
3147 })
3148 tests = append(tests, testCase{
3149 testType: serverTest,
3150 name: "Basic-Server-ECDHE-RSA",
3151 config: Config{
3152 MaxVersion: VersionTLS12,
3153 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3154 },
3155 flags: []string{
3156 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3157 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3158 },
3159 })
3160 tests = append(tests, testCase{
3161 testType: serverTest,
3162 name: "Basic-Server-ECDHE-ECDSA",
3163 config: Config{
3164 MaxVersion: VersionTLS12,
3165 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
3166 },
3167 flags: []string{
3168 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3169 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
3170 },
3171 })
3172
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3173 // No session ticket support; server doesn't send NewSessionTicket.
3174 tests = append(tests, testCase{
3175 name: "SessionTicketsDisabled-Client",
3176 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3177 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3178 SessionTicketsDisabled: true,
3179 },
3180 })
3181 tests = append(tests, testCase{
3182 testType: serverTest,
3183 name: "SessionTicketsDisabled-Server",
3184 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3185 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3186 SessionTicketsDisabled: true,
3187 },
3188 })
3189
3190 // Skip ServerKeyExchange in PSK key exchange if there's no
3191 // identity hint.
3192 tests = append(tests, testCase{
3193 name: "EmptyPSKHint-Client",
3194 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3195 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3196 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3197 PreSharedKey: []byte("secret"),
3198 },
3199 flags: []string{"-psk", "secret"},
3200 })
3201 tests = append(tests, testCase{
3202 testType: serverTest,
3203 name: "EmptyPSKHint-Server",
3204 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3205 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3206 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3207 PreSharedKey: []byte("secret"),
3208 },
3209 flags: []string{"-psk", "secret"},
3210 })
3211
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3212 // OCSP stapling tests.
3213 //
3214 // TODO(davidben): Test the TLS 1.3 version of OCSP stapling.
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3215 tests = append(tests, testCase{
3216 testType: clientTest,
3217 name: "OCSPStapling-Client",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3218 config: Config{
3219 MaxVersion: VersionTLS12,
3220 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3221 flags: []string{
3222 "-enable-ocsp-stapling",
3223 "-expect-ocsp-response",
3224 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3225 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3226 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3227 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3228 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3229 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3230 testType: serverTest,
3231 name: "OCSPStapling-Server",
3232 config: Config{
3233 MaxVersion: VersionTLS12,
3234 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3235 expectedOCSPResponse: testOCSPResponse,
3236 flags: []string{
3237 "-ocsp-response",
3238 base64.StdEncoding.EncodeToString(testOCSPResponse),
3239 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3240 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3241 })
3242
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3243 // Certificate verification tests.
3244 //
3245 // TODO(davidben): Test the TLS 1.3 version.
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3246 tests = append(tests, testCase{
3247 testType: clientTest,
3248 name: "CertificateVerificationSucceed",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3249 config: Config{
3250 MaxVersion: VersionTLS12,
3251 },
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3252 flags: []string{
3253 "-verify-peer",
3254 },
3255 })
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3256 tests = append(tests, testCase{
3257 testType: clientTest,
3258 name: "CertificateVerificationFail",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3259 config: Config{
3260 MaxVersion: VersionTLS12,
3261 },
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3262 flags: []string{
3263 "-verify-fail",
3264 "-verify-peer",
3265 },
3266 shouldFail: true,
3267 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
3268 })
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3269 tests = append(tests, testCase{
3270 testType: clientTest,
3271 name: "CertificateVerificationSoftFail",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3272 config: Config{
3273 MaxVersion: VersionTLS12,
3274 },
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3275 flags: []string{
3276 "-verify-fail",
3277 "-expect-verify-result",
3278 },
3279 })
3280
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3281 if protocol == tls {
3282 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3283 name: "Renegotiate-Client",
3284 config: Config{
3285 MaxVersion: VersionTLS12,
3286 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3287 renegotiate: 1,
3288 flags: []string{
3289 "-renegotiate-freely",
3290 "-expect-total-renegotiations", "1",
3291 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3292 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3293
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3294 // NPN on client and server; results in post-handshake message.
3295 tests = append(tests, testCase{
3296 name: "NPN-Client",
3297 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3298 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3299 NextProtos: []string{"foo"},
3300 },
3301 flags: []string{"-select-next-proto", "foo"},
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3302 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3303 expectedNextProto: "foo",
3304 expectedNextProtoType: npn,
3305 })
3306 tests = append(tests, testCase{
3307 testType: serverTest,
3308 name: "NPN-Server",
3309 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3310 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3311 NextProtos: []string{"bar"},
3312 },
3313 flags: []string{
3314 "-advertise-npn", "\x03foo\x03bar\x03baz",
3315 "-expect-next-proto", "bar",
3316 },
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3317 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3318 expectedNextProto: "bar",
3319 expectedNextProtoType: npn,
3320 })
3321
3322 // TODO(davidben): Add tests for when False Start doesn't trigger.
3323
3324 // Client does False Start and negotiates NPN.
3325 tests = append(tests, testCase{
3326 name: "FalseStart",
3327 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3328 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3329 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3330 NextProtos: []string{"foo"},
3331 Bugs: ProtocolBugs{
3332 ExpectFalseStart: true,
3333 },
3334 },
3335 flags: []string{
3336 "-false-start",
3337 "-select-next-proto", "foo",
3338 },
3339 shimWritesFirst: true,
3340 resumeSession: true,
3341 })
3342
3343 // Client does False Start and negotiates ALPN.
3344 tests = append(tests, testCase{
3345 name: "FalseStart-ALPN",
3346 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3347 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3348 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3349 NextProtos: []string{"foo"},
3350 Bugs: ProtocolBugs{
3351 ExpectFalseStart: true,
3352 },
3353 },
3354 flags: []string{
3355 "-false-start",
3356 "-advertise-alpn", "\x03foo",
3357 },
3358 shimWritesFirst: true,
3359 resumeSession: true,
3360 })
3361
3362 // Client does False Start but doesn't explicitly call
3363 // SSL_connect.
3364 tests = append(tests, testCase{
3365 name: "FalseStart-Implicit",
3366 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3367 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3368 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3369 NextProtos: []string{"foo"},
3370 },
3371 flags: []string{
3372 "-implicit-handshake",
3373 "-false-start",
3374 "-advertise-alpn", "\x03foo",
3375 },
3376 })
3377
3378 // False Start without session tickets.
3379 tests = append(tests, testCase{
3380 name: "FalseStart-SessionTicketsDisabled",
3381 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3382 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3383 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3384 NextProtos: []string{"foo"},
3385 SessionTicketsDisabled: true,
3386 Bugs: ProtocolBugs{
3387 ExpectFalseStart: true,
3388 },
3389 },
3390 flags: []string{
3391 "-false-start",
3392 "-select-next-proto", "foo",
3393 },
3394 shimWritesFirst: true,
3395 })
3396
3397 // Server parses a V2ClientHello.
3398 tests = append(tests, testCase{
3399 testType: serverTest,
3400 name: "SendV2ClientHello",
3401 config: Config{
3402 // Choose a cipher suite that does not involve
3403 // elliptic curves, so no extensions are
3404 // involved.
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3405 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3406 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3407 Bugs: ProtocolBugs{
3408 SendV2ClientHello: true,
3409 },
3410 },
3411 })
3412
3413 // Client sends a Channel ID.
3414 tests = append(tests, testCase{
3415 name: "ChannelID-Client",
3416 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3417 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3418 RequestChannelID: true,
3419 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3420 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3421 resumeSession: true,
3422 expectChannelID: true,
3423 })
3424
3425 // Server accepts a Channel ID.
3426 tests = append(tests, testCase{
3427 testType: serverTest,
3428 name: "ChannelID-Server",
3429 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3430 MaxVersion: VersionTLS12,
3431 ChannelID: channelIDKey,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3432 },
3433 flags: []string{
3434 "-expect-channel-id",
3435 base64.StdEncoding.EncodeToString(channelIDBytes),
3436 },
3437 resumeSession: true,
3438 expectChannelID: true,
3439 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3440
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3441 // Channel ID and NPN at the same time, to ensure their relative
3442 // ordering is correct.
3443 tests = append(tests, testCase{
3444 name: "ChannelID-NPN-Client",
3445 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3446 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3447 RequestChannelID: true,
3448 NextProtos: []string{"foo"},
3449 },
3450 flags: []string{
3451 "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
3452 "-select-next-proto", "foo",
3453 },
3454 resumeSession: true,
3455 expectChannelID: true,
3456 expectedNextProto: "foo",
3457 expectedNextProtoType: npn,
3458 })
3459 tests = append(tests, testCase{
3460 testType: serverTest,
3461 name: "ChannelID-NPN-Server",
3462 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3463 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3464 ChannelID: channelIDKey,
3465 NextProtos: []string{"bar"},
3466 },
3467 flags: []string{
3468 "-expect-channel-id",
3469 base64.StdEncoding.EncodeToString(channelIDBytes),
3470 "-advertise-npn", "\x03foo\x03bar\x03baz",
3471 "-expect-next-proto", "bar",
3472 },
3473 resumeSession: true,
3474 expectChannelID: true,
3475 expectedNextProto: "bar",
3476 expectedNextProtoType: npn,
3477 })
3478
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3479 // Bidirectional shutdown with the runner initiating.
3480 tests = append(tests, testCase{
3481 name: "Shutdown-Runner",
3482 config: Config{
3483 Bugs: ProtocolBugs{
3484 ExpectCloseNotify: true,
3485 },
3486 },
3487 flags: []string{"-check-close-notify"},
3488 })
3489
3490 // Bidirectional shutdown with the shim initiating. The runner,
3491 // in the meantime, sends garbage before the close_notify which
3492 // the shim must ignore.
3493 tests = append(tests, testCase{
3494 name: "Shutdown-Shim",
3495 config: Config{
3496 Bugs: ProtocolBugs{
3497 ExpectCloseNotify: true,
3498 },
3499 },
3500 shimShutsDown: true,
3501 sendEmptyRecords: 1,
3502 sendWarningAlerts: 1,
3503 flags: []string{"-check-close-notify"},
3504 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3505 } else {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3506 // TODO(davidben): DTLS 1.3 will want a similar thing for
3507 // HelloRetryRequest.
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3508 tests = append(tests, testCase{
3509 name: "SkipHelloVerifyRequest",
3510 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3511 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3512 Bugs: ProtocolBugs{
3513 SkipHelloVerifyRequest: true,
3514 },
3515 },
3516 })
3517 }
3518
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3519 for _, test := range tests {
3520 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3521 if protocol == dtls {
3522 test.name += "-DTLS"
3523 }
3524 if async {
3525 test.name += "-Async"
3526 test.flags = append(test.flags, "-async")
3527 } else {
3528 test.name += "-Sync"
3529 }
3530 if splitHandshake {
3531 test.name += "-SplitHandshakeRecords"
3532 test.config.Bugs.MaxHandshakeRecordLength = 1
3533 if protocol == dtls {
3534 test.config.Bugs.MaxPacketLength = 256
3535 test.flags = append(test.flags, "-mtu", "256")
3536 }
3537 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3538 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3539 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3540}
3541
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3542func addDDoSCallbackTests() {
3543 // DDoS callback.
3544
3545 for _, resume := range []bool{false, true} {
3546 suffix := "Resume"
3547 if resume {
3548 suffix = "No" + suffix
3549 }
3550
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3551 // TODO(davidben): Test TLS 1.3's version of the DDoS callback.
3552
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3553 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3554 testType: serverTest,
3555 name: "Server-DDoS-OK-" + suffix,
3556 config: Config{
3557 MaxVersion: VersionTLS12,
3558 },
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3559 flags: []string{"-install-ddos-callback"},
3560 resumeSession: resume,
3561 })
3562
3563 failFlag := "-fail-ddos-callback"
3564 if resume {
3565 failFlag = "-fail-second-ddos-callback"
3566 }
3567 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3568 testType: serverTest,
3569 name: "Server-DDoS-Reject-" + suffix,
3570 config: Config{
3571 MaxVersion: VersionTLS12,
3572 },
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3573 flags: []string{"-install-ddos-callback", failFlag},
3574 resumeSession: resume,
3575 shouldFail: true,
3576 expectedError: ":CONNECTION_REJECTED:",
3577 })
3578 }
3579}
3580
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3581func addVersionNegotiationTests() {
3582 for i, shimVers := range tlsVersions {
3583 // Assemble flags to disable all newer versions on the shim.
3584 var flags []string
3585 for _, vers := range tlsVersions[i+1:] {
3586 flags = append(flags, vers.flag)
3587 }
3588
3589 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3590 protocols := []protocol{tls}
3591 if runnerVers.hasDTLS && shimVers.hasDTLS {
3592 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3593 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3594 for _, protocol := range protocols {
3595 expectedVersion := shimVers.version
3596 if runnerVers.version < shimVers.version {
3597 expectedVersion = runnerVers.version
3598 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3599
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3600 suffix := shimVers.name + "-" + runnerVers.name
3601 if protocol == dtls {
3602 suffix += "-DTLS"
3603 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3604
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3605 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3606
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3607 clientVers := shimVers.version
3608 if clientVers > VersionTLS10 {
3609 clientVers = VersionTLS10
3610 }
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3611 serverVers := expectedVersion
3612 if expectedVersion >= VersionTLS13 {
3613 serverVers = VersionTLS10
3614 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3615 testCases = append(testCases, testCase{
3616 protocol: protocol,
3617 testType: clientTest,
3618 name: "VersionNegotiation-Client-" + suffix,
3619 config: Config{
3620 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3621 Bugs: ProtocolBugs{
3622 ExpectInitialRecordVersion: clientVers,
3623 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3624 },
3625 flags: flags,
3626 expectedVersion: expectedVersion,
3627 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3628 testCases = append(testCases, testCase{
3629 protocol: protocol,
3630 testType: clientTest,
3631 name: "VersionNegotiation-Client2-" + suffix,
3632 config: Config{
3633 MaxVersion: runnerVers.version,
3634 Bugs: ProtocolBugs{
3635 ExpectInitialRecordVersion: clientVers,
3636 },
3637 },
3638 flags: []string{"-max-version", shimVersFlag},
3639 expectedVersion: expectedVersion,
3640 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3641
3642 testCases = append(testCases, testCase{
3643 protocol: protocol,
3644 testType: serverTest,
3645 name: "VersionNegotiation-Server-" + suffix,
3646 config: Config{
3647 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3648 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3649 ExpectInitialRecordVersion: serverVers,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3650 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3651 },
3652 flags: flags,
3653 expectedVersion: expectedVersion,
3654 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3655 testCases = append(testCases, testCase{
3656 protocol: protocol,
3657 testType: serverTest,
3658 name: "VersionNegotiation-Server2-" + suffix,
3659 config: Config{
3660 MaxVersion: runnerVers.version,
3661 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3662 ExpectInitialRecordVersion: serverVers,
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3663 },
3664 },
3665 flags: []string{"-max-version", shimVersFlag},
3666 expectedVersion: expectedVersion,
3667 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3668 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3669 }
3670 }
3671}
3672
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3673func addMinimumVersionTests() {
3674 for i, shimVers := range tlsVersions {
3675 // Assemble flags to disable all older versions on the shim.
3676 var flags []string
3677 for _, vers := range tlsVersions[:i] {
3678 flags = append(flags, vers.flag)
3679 }
3680
3681 for _, runnerVers := range tlsVersions {
3682 protocols := []protocol{tls}
3683 if runnerVers.hasDTLS && shimVers.hasDTLS {
3684 protocols = append(protocols, dtls)
3685 }
3686 for _, protocol := range protocols {
3687 suffix := shimVers.name + "-" + runnerVers.name
3688 if protocol == dtls {
3689 suffix += "-DTLS"
3690 }
3691 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3692
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3693 var expectedVersion uint16
3694 var shouldFail bool
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3695 var expectedClientError, expectedServerError string
3696 var expectedClientLocalError, expectedServerLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3697 if runnerVers.version >= shimVers.version {
3698 expectedVersion = runnerVers.version
3699 } else {
3700 shouldFail = true
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3701 expectedServerError = ":UNSUPPORTED_PROTOCOL:"
3702 expectedServerLocalError = "remote error: protocol version not supported"
3703 if shimVers.version >= VersionTLS13 && runnerVers.version <= VersionTLS11 {
3704 // If the client's minimum version is TLS 1.3 and the runner's
3705 // maximum is below TLS 1.2, the runner will fail to select a
3706 // cipher before the shim rejects the selected version.
3707 expectedClientError = ":SSLV3_ALERT_HANDSHAKE_FAILURE:"
3708 expectedClientLocalError = "tls: no cipher suite supported by both client and server"
3709 } else {
3710 expectedClientError = expectedServerError
3711 expectedClientLocalError = expectedServerLocalError
3712 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3713 }
3714
3715 testCases = append(testCases, testCase{
3716 protocol: protocol,
3717 testType: clientTest,
3718 name: "MinimumVersion-Client-" + suffix,
3719 config: Config{
3720 MaxVersion: runnerVers.version,
3721 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3722 flags: flags,
3723 expectedVersion: expectedVersion,
3724 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3725 expectedError: expectedClientError,
3726 expectedLocalError: expectedClientLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3727 })
3728 testCases = append(testCases, testCase{
3729 protocol: protocol,
3730 testType: clientTest,
3731 name: "MinimumVersion-Client2-" + suffix,
3732 config: Config{
3733 MaxVersion: runnerVers.version,
3734 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3735 flags: []string{"-min-version", shimVersFlag},
3736 expectedVersion: expectedVersion,
3737 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3738 expectedError: expectedClientError,
3739 expectedLocalError: expectedClientLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3740 })
3741
3742 testCases = append(testCases, testCase{
3743 protocol: protocol,
3744 testType: serverTest,
3745 name: "MinimumVersion-Server-" + suffix,
3746 config: Config{
3747 MaxVersion: runnerVers.version,
3748 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3749 flags: flags,
3750 expectedVersion: expectedVersion,
3751 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3752 expectedError: expectedServerError,
3753 expectedLocalError: expectedServerLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3754 })
3755 testCases = append(testCases, testCase{
3756 protocol: protocol,
3757 testType: serverTest,
3758 name: "MinimumVersion-Server2-" + suffix,
3759 config: Config{
3760 MaxVersion: runnerVers.version,
3761 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3762 flags: []string{"-min-version", shimVersFlag},
3763 expectedVersion: expectedVersion,
3764 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3765 expectedError: expectedServerError,
3766 expectedLocalError: expectedServerLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3767 })
3768 }
3769 }
3770 }
3771}
3772
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3773func addExtensionTests() {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3774 // TODO(davidben): Extensions, where applicable, all move their server
3775 // halves to EncryptedExtensions in TLS 1.3. Duplicate each of these
3776 // tests for both. Also test interaction with 0-RTT when implemented.
3777
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3778 testCases = append(testCases, testCase{
3779 testType: clientTest,
3780 name: "DuplicateExtensionClient",
3781 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3782 MaxVersion: VersionTLS12,
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3783 Bugs: ProtocolBugs{
3784 DuplicateExtension: true,
3785 },
3786 },
3787 shouldFail: true,
3788 expectedLocalError: "remote error: error decoding message",
3789 })
3790 testCases = append(testCases, testCase{
3791 testType: serverTest,
3792 name: "DuplicateExtensionServer",
3793 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3794 MaxVersion: VersionTLS12,
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3795 Bugs: ProtocolBugs{
3796 DuplicateExtension: true,
3797 },
3798 },
3799 shouldFail: true,
3800 expectedLocalError: "remote error: error decoding message",
3801 })
3802 testCases = append(testCases, testCase{
3803 testType: clientTest,
3804 name: "ServerNameExtensionClient",
3805 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3806 MaxVersion: VersionTLS12,
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3807 Bugs: ProtocolBugs{
3808 ExpectServerName: "example.com",
3809 },
3810 },
3811 flags: []string{"-host-name", "example.com"},
3812 })
3813 testCases = append(testCases, testCase{
3814 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3815 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3816 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3817 MaxVersion: VersionTLS12,
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3818 Bugs: ProtocolBugs{
3819 ExpectServerName: "mismatch.com",
3820 },
3821 },
3822 flags: []string{"-host-name", "example.com"},
3823 shouldFail: true,
3824 expectedLocalError: "tls: unexpected server name",
3825 })
3826 testCases = append(testCases, testCase{
3827 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3828 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3829 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3830 MaxVersion: VersionTLS12,
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3831 Bugs: ProtocolBugs{
3832 ExpectServerName: "missing.com",
3833 },
3834 },
3835 shouldFail: true,
3836 expectedLocalError: "tls: unexpected server name",
3837 })
3838 testCases = append(testCases, testCase{
3839 testType: serverTest,
3840 name: "ServerNameExtensionServer",
3841 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3842 MaxVersion: VersionTLS12,
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3843 ServerName: "example.com",
3844 },
3845 flags: []string{"-expect-server-name", "example.com"},
3846 resumeSession: true,
3847 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3848 testCases = append(testCases, testCase{
3849 testType: clientTest,
3850 name: "ALPNClient",
3851 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3852 MaxVersion: VersionTLS12,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3853 NextProtos: []string{"foo"},
3854 },
3855 flags: []string{
3856 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3857 "-expect-alpn", "foo",
3858 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3859 expectedNextProto: "foo",
3860 expectedNextProtoType: alpn,
3861 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3862 })
3863 testCases = append(testCases, testCase{
3864 testType: serverTest,
3865 name: "ALPNServer",
3866 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3867 MaxVersion: VersionTLS12,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3868 NextProtos: []string{"foo", "bar", "baz"},
3869 },
3870 flags: []string{
3871 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3872 "-select-alpn", "foo",
3873 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3874 expectedNextProto: "foo",
3875 expectedNextProtoType: alpn,
3876 resumeSession: true,
3877 })
David Benjamin594e7d22016-03-17 17:49:56 -0400[diff] [blame]3878 testCases = append(testCases, testCase{
3879 testType: serverTest,
3880 name: "ALPNServer-Decline",
3881 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3882 MaxVersion: VersionTLS12,
David Benjamin594e7d22016-03-17 17:49:56 -0400[diff] [blame]3883 NextProtos: []string{"foo", "bar", "baz"},
3884 },
3885 flags: []string{"-decline-alpn"},
3886 expectNoNextProto: true,
3887 resumeSession: true,
3888 })
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3889 // Test that the server prefers ALPN over NPN.
3890 testCases = append(testCases, testCase{
3891 testType: serverTest,
3892 name: "ALPNServer-Preferred",
3893 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3894 MaxVersion: VersionTLS12,
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3895 NextProtos: []string{"foo", "bar", "baz"},
3896 },
3897 flags: []string{
3898 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3899 "-select-alpn", "foo",
3900 "-advertise-npn", "\x03foo\x03bar\x03baz",
3901 },
3902 expectedNextProto: "foo",
3903 expectedNextProtoType: alpn,
3904 resumeSession: true,
3905 })
3906 testCases = append(testCases, testCase{
3907 testType: serverTest,
3908 name: "ALPNServer-Preferred-Swapped",
3909 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3910 MaxVersion: VersionTLS12,
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3911 NextProtos: []string{"foo", "bar", "baz"},
3912 Bugs: ProtocolBugs{
3913 SwapNPNAndALPN: true,
3914 },
3915 },
3916 flags: []string{
3917 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3918 "-select-alpn", "foo",
3919 "-advertise-npn", "\x03foo\x03bar\x03baz",
3920 },
3921 expectedNextProto: "foo",
3922 expectedNextProtoType: alpn,
3923 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3924 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3925 var emptyString string
3926 testCases = append(testCases, testCase{
3927 testType: clientTest,
3928 name: "ALPNClient-EmptyProtocolName",
3929 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3930 MaxVersion: VersionTLS12,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3931 NextProtos: []string{""},
3932 Bugs: ProtocolBugs{
3933 // A server returning an empty ALPN protocol
3934 // should be rejected.
3935 ALPNProtocol: &emptyString,
3936 },
3937 },
3938 flags: []string{
3939 "-advertise-alpn", "\x03foo",
3940 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3941 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3942 expectedError: ":PARSE_TLSEXT:",
3943 })
3944 testCases = append(testCases, testCase{
3945 testType: serverTest,
3946 name: "ALPNServer-EmptyProtocolName",
3947 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3948 MaxVersion: VersionTLS12,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3949 // A ClientHello containing an empty ALPN protocol
3950 // should be rejected.
3951 NextProtos: []string{"foo", "", "baz"},
3952 },
3953 flags: []string{
3954 "-select-alpn", "foo",
3955 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3956 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3957 expectedError: ":PARSE_TLSEXT:",
3958 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3959 // Test that negotiating both NPN and ALPN is forbidden.
3960 testCases = append(testCases, testCase{
3961 name: "NegotiateALPNAndNPN",
3962 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3963 MaxVersion: VersionTLS12,
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3964 NextProtos: []string{"foo", "bar", "baz"},
3965 Bugs: ProtocolBugs{
3966 NegotiateALPNAndNPN: true,
3967 },
3968 },
3969 flags: []string{
3970 "-advertise-alpn", "\x03foo",
3971 "-select-next-proto", "foo",
3972 },
3973 shouldFail: true,
3974 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3975 })
3976 testCases = append(testCases, testCase{
3977 name: "NegotiateALPNAndNPN-Swapped",
3978 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3979 MaxVersion: VersionTLS12,
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3980 NextProtos: []string{"foo", "bar", "baz"},
3981 Bugs: ProtocolBugs{
3982 NegotiateALPNAndNPN: true,
3983 SwapNPNAndALPN: true,
3984 },
3985 },
3986 flags: []string{
3987 "-advertise-alpn", "\x03foo",
3988 "-select-next-proto", "foo",
3989 },
3990 shouldFail: true,
3991 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3992 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3993 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3994 testCases = append(testCases, testCase{
3995 name: "DisableNPN",
3996 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]3997 MaxVersion: VersionTLS12,
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3998 NextProtos: []string{"foo"},
3999 },
4000 flags: []string{
4001 "-select-next-proto", "foo",
4002 "-disable-npn",
4003 },
4004 expectNoNextProto: true,
4005 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]4006 // Resume with a corrupt ticket.
4007 testCases = append(testCases, testCase{
4008 testType: serverTest,
4009 name: "CorruptTicket",
4010 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4011 MaxVersion: VersionTLS12,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]4012 Bugs: ProtocolBugs{
4013 CorruptTicket: true,
4014 },
4015 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]4016 resumeSession: true,
4017 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]4018 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]4019 // Test the ticket callback, with and without renewal.
4020 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4021 testType: serverTest,
4022 name: "TicketCallback",
4023 config: Config{
4024 MaxVersion: VersionTLS12,
4025 },
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]4026 resumeSession: true,
4027 flags: []string{"-use-ticket-callback"},
4028 })
4029 testCases = append(testCases, testCase{
4030 testType: serverTest,
4031 name: "TicketCallback-Renew",
4032 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4033 MaxVersion: VersionTLS12,
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]4034 Bugs: ProtocolBugs{
4035 ExpectNewTicket: true,
4036 },
4037 },
4038 flags: []string{"-use-ticket-callback", "-renew-ticket"},
4039 resumeSession: true,
4040 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]4041 // Resume with an oversized session id.
4042 testCases = append(testCases, testCase{
4043 testType: serverTest,
4044 name: "OversizedSessionId",
4045 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4046 MaxVersion: VersionTLS12,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]4047 Bugs: ProtocolBugs{
4048 OversizedSessionId: true,
4049 },
4050 },
4051 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4052 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]4053 expectedError: ":DECODE_ERROR:",
4054 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]4055 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
4056 // are ignored.
4057 testCases = append(testCases, testCase{
4058 protocol: dtls,
4059 name: "SRTP-Client",
4060 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4061 MaxVersion: VersionTLS12,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]4062 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
4063 },
4064 flags: []string{
4065 "-srtp-profiles",
4066 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4067 },
4068 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4069 })
4070 testCases = append(testCases, testCase{
4071 protocol: dtls,
4072 testType: serverTest,
4073 name: "SRTP-Server",
4074 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4075 MaxVersion: VersionTLS12,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]4076 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
4077 },
4078 flags: []string{
4079 "-srtp-profiles",
4080 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4081 },
4082 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4083 })
4084 // Test that the MKI is ignored.
4085 testCases = append(testCases, testCase{
4086 protocol: dtls,
4087 testType: serverTest,
4088 name: "SRTP-Server-IgnoreMKI",
4089 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4090 MaxVersion: VersionTLS12,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]4091 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
4092 Bugs: ProtocolBugs{
4093 SRTPMasterKeyIdentifer: "bogus",
4094 },
4095 },
4096 flags: []string{
4097 "-srtp-profiles",
4098 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4099 },
4100 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4101 })
4102 // Test that SRTP isn't negotiated on the server if there were
4103 // no matching profiles.
4104 testCases = append(testCases, testCase{
4105 protocol: dtls,
4106 testType: serverTest,
4107 name: "SRTP-Server-NoMatch",
4108 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4109 MaxVersion: VersionTLS12,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]4110 SRTPProtectionProfiles: []uint16{100, 101, 102},
4111 },
4112 flags: []string{
4113 "-srtp-profiles",
4114 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4115 },
4116 expectedSRTPProtectionProfile: 0,
4117 })
4118 // Test that the server returning an invalid SRTP profile is
4119 // flagged as an error by the client.
4120 testCases = append(testCases, testCase{
4121 protocol: dtls,
4122 name: "SRTP-Client-NoMatch",
4123 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4124 MaxVersion: VersionTLS12,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]4125 Bugs: ProtocolBugs{
4126 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
4127 },
4128 },
4129 flags: []string{
4130 "-srtp-profiles",
4131 "SRTP_AES128_CM_SHA1_80",
4132 },
4133 shouldFail: true,
4134 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
4135 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]4136 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]4137 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]4138 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4139 testType: clientTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4140 config: Config{
4141 MaxVersion: VersionTLS12,
4142 },
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]4143 flags: []string{
4144 "-enable-signed-cert-timestamps",
4145 "-expect-signed-cert-timestamps",
4146 base64.StdEncoding.EncodeToString(testSCTList),
4147 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]4148 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]4149 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]4150 testCases = append(testCases, testCase{
David Benjamin80d1b352016-05-04 19:19:06 -0400[diff] [blame]4151 name: "SendSCTListOnResume",
4152 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4153 MaxVersion: VersionTLS12,
David Benjamin80d1b352016-05-04 19:19:06 -0400[diff] [blame]4154 Bugs: ProtocolBugs{
4155 SendSCTListOnResume: []byte("bogus"),
4156 },
4157 },
4158 flags: []string{
4159 "-enable-signed-cert-timestamps",
4160 "-expect-signed-cert-timestamps",
4161 base64.StdEncoding.EncodeToString(testSCTList),
4162 },
4163 resumeSession: true,
4164 })
4165 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]4166 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4167 testType: serverTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4168 config: Config{
4169 MaxVersion: VersionTLS12,
4170 },
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4171 flags: []string{
4172 "-signed-cert-timestamps",
4173 base64.StdEncoding.EncodeToString(testSCTList),
4174 },
4175 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]4176 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4177 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4178
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4179 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]4180 testType: clientTest,
4181 name: "ClientHelloPadding",
4182 config: Config{
4183 Bugs: ProtocolBugs{
4184 RequireClientHelloSize: 512,
4185 },
4186 },
4187 // This hostname just needs to be long enough to push the
4188 // ClientHello into F5's danger zone between 256 and 511 bytes
4189 // long.
4190 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
4191 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]4192
4193 // Extensions should not function in SSL 3.0.
4194 testCases = append(testCases, testCase{
4195 testType: serverTest,
4196 name: "SSLv3Extensions-NoALPN",
4197 config: Config{
4198 MaxVersion: VersionSSL30,
4199 NextProtos: []string{"foo", "bar", "baz"},
4200 },
4201 flags: []string{
4202 "-select-alpn", "foo",
4203 },
4204 expectNoNextProto: true,
4205 })
4206
4207 // Test session tickets separately as they follow a different codepath.
4208 testCases = append(testCases, testCase{
4209 testType: serverTest,
4210 name: "SSLv3Extensions-NoTickets",
4211 config: Config{
4212 MaxVersion: VersionSSL30,
4213 Bugs: ProtocolBugs{
4214 // Historically, session tickets in SSL 3.0
4215 // failed in different ways depending on whether
4216 // the client supported renegotiation_info.
4217 NoRenegotiationInfo: true,
4218 },
4219 },
4220 resumeSession: true,
4221 })
4222 testCases = append(testCases, testCase{
4223 testType: serverTest,
4224 name: "SSLv3Extensions-NoTickets2",
4225 config: Config{
4226 MaxVersion: VersionSSL30,
4227 },
4228 resumeSession: true,
4229 })
4230
4231 // But SSL 3.0 does send and process renegotiation_info.
4232 testCases = append(testCases, testCase{
4233 testType: serverTest,
4234 name: "SSLv3Extensions-RenegotiationInfo",
4235 config: Config{
4236 MaxVersion: VersionSSL30,
4237 Bugs: ProtocolBugs{
4238 RequireRenegotiationInfo: true,
4239 },
4240 },
4241 })
4242 testCases = append(testCases, testCase{
4243 testType: serverTest,
4244 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
4245 config: Config{
4246 MaxVersion: VersionSSL30,
4247 Bugs: ProtocolBugs{
4248 NoRenegotiationInfo: true,
4249 SendRenegotiationSCSV: true,
4250 RequireRenegotiationInfo: true,
4251 },
4252 },
4253 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4254}
4255
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4256func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4257 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4258 for _, resumeVers := range tlsVersions {
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4259 cipher := TLS_RSA_WITH_AES_128_CBC_SHA
4260 if sessionVers.version >= VersionTLS13 || resumeVers.version >= VersionTLS13 {
4261 // TLS 1.3 only shares ciphers with TLS 1.2, so
4262 // we skip certain combinations and use a
4263 // different cipher to test with.
4264 cipher = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
4265 if sessionVers.version < VersionTLS12 || resumeVers.version < VersionTLS12 {
4266 continue
4267 }
4268 }
4269
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4270 protocols := []protocol{tls}
4271 if sessionVers.hasDTLS && resumeVers.hasDTLS {
4272 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]4273 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4274 for _, protocol := range protocols {
4275 suffix := "-" + sessionVers.name + "-" + resumeVers.name
4276 if protocol == dtls {
4277 suffix += "-DTLS"
4278 }
4279
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4280 if sessionVers.version == resumeVers.version {
4281 testCases = append(testCases, testCase{
4282 protocol: protocol,
4283 name: "Resume-Client" + suffix,
4284 resumeSession: true,
4285 config: Config{
4286 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4287 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4288 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4289 expectedVersion: sessionVers.version,
4290 expectedResumeVersion: resumeVers.version,
4291 })
4292 } else {
4293 testCases = append(testCases, testCase{
4294 protocol: protocol,
4295 name: "Resume-Client-Mismatch" + suffix,
4296 resumeSession: true,
4297 config: Config{
4298 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4299 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4300 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4301 expectedVersion: sessionVers.version,
4302 resumeConfig: &Config{
4303 MaxVersion: resumeVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4304 CipherSuites: []uint16{cipher},
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4305 Bugs: ProtocolBugs{
4306 AllowSessionVersionMismatch: true,
4307 },
4308 },
4309 expectedResumeVersion: resumeVers.version,
4310 shouldFail: true,
4311 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
4312 })
4313 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4314
4315 testCases = append(testCases, testCase{
4316 protocol: protocol,
4317 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4318 resumeSession: true,
4319 config: Config{
4320 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4321 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4322 },
4323 expectedVersion: sessionVers.version,
4324 resumeConfig: &Config{
4325 MaxVersion: resumeVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4326 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4327 },
4328 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]4329 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4330 expectedResumeVersion: resumeVers.version,
4331 })
4332
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4333 testCases = append(testCases, testCase{
4334 protocol: protocol,
4335 testType: serverTest,
4336 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4337 resumeSession: true,
4338 config: Config{
4339 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4340 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4341 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]4342 expectedVersion: sessionVers.version,
4343 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4344 resumeConfig: &Config{
4345 MaxVersion: resumeVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4346 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4347 },
4348 expectedResumeVersion: resumeVers.version,
4349 })
4350 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4351 }
4352 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4353
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4354 // TODO(davidben): This test should have a TLS 1.3 variant later.
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4355 testCases = append(testCases, testCase{
4356 name: "Resume-Client-CipherMismatch",
4357 resumeSession: true,
4358 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4359 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4360 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4361 },
4362 resumeConfig: &Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4363 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4364 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4365 Bugs: ProtocolBugs{
4366 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
4367 },
4368 },
4369 shouldFail: true,
4370 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
4371 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4372}
4373
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4374func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]4375 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4376 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4377 testType: serverTest,
4378 name: "Renegotiate-Server-Forbidden",
4379 config: Config{
4380 MaxVersion: VersionTLS12,
4381 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4382 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4383 shouldFail: true,
4384 expectedError: ":NO_RENEGOTIATION:",
4385 expectedLocalError: "remote error: no renegotiation",
4386 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]4387 // The server shouldn't echo the renegotiation extension unless
4388 // requested by the client.
4389 testCases = append(testCases, testCase{
4390 testType: serverTest,
4391 name: "Renegotiate-Server-NoExt",
4392 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4393 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]4394 Bugs: ProtocolBugs{
4395 NoRenegotiationInfo: true,
4396 RequireRenegotiationInfo: true,
4397 },
4398 },
4399 shouldFail: true,
4400 expectedLocalError: "renegotiation extension missing",
4401 })
4402 // The renegotiation SCSV should be sufficient for the server to echo
4403 // the extension.
4404 testCases = append(testCases, testCase{
4405 testType: serverTest,
4406 name: "Renegotiate-Server-NoExt-SCSV",
4407 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4408 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]4409 Bugs: ProtocolBugs{
4410 NoRenegotiationInfo: true,
4411 SendRenegotiationSCSV: true,
4412 RequireRenegotiationInfo: true,
4413 },
4414 },
4415 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4416 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]4417 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4418 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4419 MaxVersion: VersionTLS12,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4420 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]4421 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4422 },
4423 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4424 renegotiate: 1,
4425 flags: []string{
4426 "-renegotiate-freely",
4427 "-expect-total-renegotiations", "1",
4428 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4429 })
4430 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4431 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4432 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4433 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4434 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4435 Bugs: ProtocolBugs{
4436 EmptyRenegotiationInfo: true,
4437 },
4438 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4439 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4440 shouldFail: true,
4441 expectedError: ":RENEGOTIATION_MISMATCH:",
4442 })
4443 testCases = append(testCases, testCase{
4444 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4445 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4446 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4447 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4448 Bugs: ProtocolBugs{
4449 BadRenegotiationInfo: true,
4450 },
4451 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4452 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4453 shouldFail: true,
4454 expectedError: ":RENEGOTIATION_MISMATCH:",
4455 })
4456 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]4457 name: "Renegotiate-Client-Downgrade",
4458 renegotiate: 1,
4459 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4460 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]4461 Bugs: ProtocolBugs{
4462 NoRenegotiationInfoAfterInitial: true,
4463 },
4464 },
4465 flags: []string{"-renegotiate-freely"},
4466 shouldFail: true,
4467 expectedError: ":RENEGOTIATION_MISMATCH:",
4468 })
4469 testCases = append(testCases, testCase{
4470 name: "Renegotiate-Client-Upgrade",
4471 renegotiate: 1,
4472 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4473 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]4474 Bugs: ProtocolBugs{
4475 NoRenegotiationInfoInInitial: true,
4476 },
4477 },
4478 flags: []string{"-renegotiate-freely"},
4479 shouldFail: true,
4480 expectedError: ":RENEGOTIATION_MISMATCH:",
4481 })
4482 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4483 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4484 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4485 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4486 MaxVersion: VersionTLS12,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4487 Bugs: ProtocolBugs{
4488 NoRenegotiationInfo: true,
4489 },
4490 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4491 flags: []string{
4492 "-renegotiate-freely",
4493 "-expect-total-renegotiations", "1",
4494 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4495 })
4496 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4497 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4498 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4499 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4500 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4501 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4502 },
4503 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4504 flags: []string{
4505 "-renegotiate-freely",
4506 "-expect-total-renegotiations", "1",
4507 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4508 })
4509 testCases = append(testCases, testCase{
4510 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4511 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4512 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4513 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4514 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4515 },
4516 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4517 flags: []string{
4518 "-renegotiate-freely",
4519 "-expect-total-renegotiations", "1",
4520 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4521 })
4522 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4523 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4524 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4525 config: Config{
4526 MaxVersion: VersionTLS10,
4527 Bugs: ProtocolBugs{
4528 RequireSameRenegoClientVersion: true,
4529 },
4530 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4531 flags: []string{
4532 "-renegotiate-freely",
4533 "-expect-total-renegotiations", "1",
4534 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4535 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4536 testCases = append(testCases, testCase{
4537 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4538 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4539 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4540 MaxVersion: VersionTLS12,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4541 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4542 NextProtos: []string{"foo"},
4543 },
4544 flags: []string{
4545 "-false-start",
4546 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4547 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]4548 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4549 },
4550 shimWritesFirst: true,
4551 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4552
4553 // Client-side renegotiation controls.
4554 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4555 name: "Renegotiate-Client-Forbidden-1",
4556 config: Config{
4557 MaxVersion: VersionTLS12,
4558 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4559 renegotiate: 1,
4560 shouldFail: true,
4561 expectedError: ":NO_RENEGOTIATION:",
4562 expectedLocalError: "remote error: no renegotiation",
4563 })
4564 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4565 name: "Renegotiate-Client-Once-1",
4566 config: Config{
4567 MaxVersion: VersionTLS12,
4568 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4569 renegotiate: 1,
4570 flags: []string{
4571 "-renegotiate-once",
4572 "-expect-total-renegotiations", "1",
4573 },
4574 })
4575 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4576 name: "Renegotiate-Client-Freely-1",
4577 config: Config{
4578 MaxVersion: VersionTLS12,
4579 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4580 renegotiate: 1,
4581 flags: []string{
4582 "-renegotiate-freely",
4583 "-expect-total-renegotiations", "1",
4584 },
4585 })
4586 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4587 name: "Renegotiate-Client-Once-2",
4588 config: Config{
4589 MaxVersion: VersionTLS12,
4590 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4591 renegotiate: 2,
4592 flags: []string{"-renegotiate-once"},
4593 shouldFail: true,
4594 expectedError: ":NO_RENEGOTIATION:",
4595 expectedLocalError: "remote error: no renegotiation",
4596 })
4597 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4598 name: "Renegotiate-Client-Freely-2",
4599 config: Config{
4600 MaxVersion: VersionTLS12,
4601 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4602 renegotiate: 2,
4603 flags: []string{
4604 "-renegotiate-freely",
4605 "-expect-total-renegotiations", "2",
4606 },
4607 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4608 testCases = append(testCases, testCase{
4609 name: "Renegotiate-Client-NoIgnore",
4610 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4611 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4612 Bugs: ProtocolBugs{
4613 SendHelloRequestBeforeEveryAppDataRecord: true,
4614 },
4615 },
4616 shouldFail: true,
4617 expectedError: ":NO_RENEGOTIATION:",
4618 })
4619 testCases = append(testCases, testCase{
4620 name: "Renegotiate-Client-Ignore",
4621 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4622 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4623 Bugs: ProtocolBugs{
4624 SendHelloRequestBeforeEveryAppDataRecord: true,
4625 },
4626 },
4627 flags: []string{
4628 "-renegotiate-ignore",
4629 "-expect-total-renegotiations", "0",
4630 },
4631 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4632
4633 // TODO(davidben): Add a test that HelloRequests are illegal in TLS 1.3.
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4634}
4635
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4636func addDTLSReplayTests() {
4637 // Test that sequence number replays are detected.
4638 testCases = append(testCases, testCase{
4639 protocol: dtls,
4640 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4641 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4642 replayWrites: true,
4643 })
4644
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4645 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4646 // than the retransmit window.
4647 testCases = append(testCases, testCase{
4648 protocol: dtls,
4649 name: "DTLS-Replay-LargeGaps",
4650 config: Config{
4651 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4652 SequenceNumberMapping: func(in uint64) uint64 {
4653 return in * 127
4654 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4655 },
4656 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4657 messageCount: 200,
4658 replayWrites: true,
4659 })
4660
4661 // Test the incoming sequence number changing non-monotonically.
4662 testCases = append(testCases, testCase{
4663 protocol: dtls,
4664 name: "DTLS-Replay-NonMonotonic",
4665 config: Config{
4666 Bugs: ProtocolBugs{
4667 SequenceNumberMapping: func(in uint64) uint64 {
4668 return in ^ 31
4669 },
4670 },
4671 },
4672 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4673 replayWrites: true,
4674 })
4675}
4676
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4677var testSignatureAlgorithms = []struct {
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4678 name string
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4679 id signatureAlgorithm
4680 cert testCert
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4681}{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4682 {"RSA-PKCS1-SHA1", signatureRSAPKCS1WithSHA1, testCertRSA},
4683 {"RSA-PKCS1-SHA256", signatureRSAPKCS1WithSHA256, testCertRSA},
4684 {"RSA-PKCS1-SHA384", signatureRSAPKCS1WithSHA384, testCertRSA},
4685 {"RSA-PKCS1-SHA512", signatureRSAPKCS1WithSHA512, testCertRSA},
4686 {"ECDSA-SHA1", signatureECDSAWithSHA1, testCertECDSA},
4687 // TODO(davidben): These signature algorithms are paired with a curve in
4688 // TLS 1.3. Test that, in TLS 1.3, the curves must match and, in TLS
4689 // 1.2, mismatches are tolerated.
4690 {"ECDSA-SHA256", signatureECDSAWithP256AndSHA256, testCertECDSA},
4691 {"ECDSA-SHA384", signatureECDSAWithP384AndSHA384, testCertECDSA},
4692 {"ECDSA-SHA512", signatureECDSAWithP521AndSHA512, testCertECDSA},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4693}
4694
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4695const fakeSigAlg1 signatureAlgorithm = 0x2a01
4696const fakeSigAlg2 signatureAlgorithm = 0xff01
4697
4698func addSignatureAlgorithmTests() {
4699 // Make sure each signature algorithm works. Include some fake values in
4700 // the list and ensure they're ignored.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4701 //
4702 // TODO(davidben): Test each of these against both TLS 1.2 and TLS 1.3.
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4703 for _, alg := range testSignatureAlgorithms {
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4704 testCases = append(testCases, testCase{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4705 name: "SigningHash-ClientAuth-Sign-" + alg.name,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4706 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4707 MaxVersion: VersionTLS12,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4708 // SignatureAlgorithms is shared, so we must
4709 // configure a matching server certificate too.
4710 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
4711 ClientAuth: RequireAnyClientCert,
4712 SignatureAlgorithms: []signatureAlgorithm{
4713 fakeSigAlg1,
4714 alg.id,
4715 fakeSigAlg2,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4716 },
4717 },
4718 flags: []string{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4719 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
4720 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
4721 },
4722 expectedPeerSignatureAlgorithm: alg.id,
4723 })
4724
4725 testCases = append(testCases, testCase{
4726 testType: serverTest,
4727 name: "SigningHash-ClientAuth-Verify-" + alg.name,
4728 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4729 MaxVersion: VersionTLS12,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4730 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
4731 SignatureAlgorithms: []signatureAlgorithm{
4732 alg.id,
4733 },
4734 },
4735 flags: []string{
4736 "-require-any-client-certificate",
4737 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
4738 // SignatureAlgorithms is shared, so we must
4739 // configure a matching server certificate too.
4740 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
4741 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4742 },
4743 })
4744
4745 testCases = append(testCases, testCase{
4746 testType: serverTest,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4747 name: "SigningHash-ServerKeyExchange-Sign-" + alg.name,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4748 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4749 MaxVersion: VersionTLS12,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4750 CipherSuites: []uint16{
4751 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
4752 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
4753 },
4754 SignatureAlgorithms: []signatureAlgorithm{
4755 fakeSigAlg1,
4756 alg.id,
4757 fakeSigAlg2,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4758 },
4759 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4760 flags: []string{
4761 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
4762 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
4763 },
4764 expectedPeerSignatureAlgorithm: alg.id,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4765 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4766
4767 testCases = append(testCases, testCase{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4768 name: "SigningHash-ServerKeyExchange-Verify-" + alg.name,
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4769 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4770 MaxVersion: VersionTLS12,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4771 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
4772 CipherSuites: []uint16{
4773 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
4774 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
4775 },
4776 SignatureAlgorithms: []signatureAlgorithm{
4777 alg.id,
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4778 },
4779 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4780 flags: []string{"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id))},
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4781 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4782 }
4783
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4784 // Test that algorithm selection takes the key type into account.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4785 //
4786 // TODO(davidben): Test this in TLS 1.3.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4787 testCases = append(testCases, testCase{
4788 name: "SigningHash-ClientAuth-SignatureType",
4789 config: Config{
4790 ClientAuth: RequireAnyClientCert,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4791 MaxVersion: VersionTLS12,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4792 SignatureAlgorithms: []signatureAlgorithm{
4793 signatureECDSAWithP521AndSHA512,
4794 signatureRSAPKCS1WithSHA384,
4795 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4796 },
4797 },
4798 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4799 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4800 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4801 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4802 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4803 })
4804
4805 testCases = append(testCases, testCase{
4806 testType: serverTest,
4807 name: "SigningHash-ServerKeyExchange-SignatureType",
4808 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4809 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4810 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4811 SignatureAlgorithms: []signatureAlgorithm{
4812 signatureECDSAWithP521AndSHA512,
4813 signatureRSAPKCS1WithSHA384,
4814 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4815 },
4816 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4817 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4818 })
4819
4820 // Test that, if the list is missing, the peer falls back to SHA-1.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4821 //
4822 // TODO(davidben): Test this does not happen in TLS 1.3.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4823 testCases = append(testCases, testCase{
4824 name: "SigningHash-ClientAuth-Fallback",
4825 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4826 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4827 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4828 SignatureAlgorithms: []signatureAlgorithm{
4829 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4830 },
4831 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4832 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4833 },
4834 },
4835 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4836 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4837 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4838 },
4839 })
4840
4841 testCases = append(testCases, testCase{
4842 testType: serverTest,
4843 name: "SigningHash-ServerKeyExchange-Fallback",
4844 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4845 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4846 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4847 SignatureAlgorithms: []signatureAlgorithm{
4848 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4849 },
4850 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4851 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4852 },
4853 },
4854 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4855
4856 // Test that hash preferences are enforced. BoringSSL defaults to
4857 // rejecting MD5 signatures.
4858 testCases = append(testCases, testCase{
4859 testType: serverTest,
4860 name: "SigningHash-ClientAuth-Enforced",
4861 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4862 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4863 Certificates: []Certificate{rsaCertificate},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4864 SignatureAlgorithms: []signatureAlgorithm{
4865 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4866 // Advertise SHA-1 so the handshake will
4867 // proceed, but the shim's preferences will be
4868 // ignored in CertificateVerify generation, so
4869 // MD5 will be chosen.
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4870 signatureRSAPKCS1WithSHA1,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4871 },
4872 Bugs: ProtocolBugs{
4873 IgnorePeerSignatureAlgorithmPreferences: true,
4874 },
4875 },
4876 flags: []string{"-require-any-client-certificate"},
4877 shouldFail: true,
4878 expectedError: ":WRONG_SIGNATURE_TYPE:",
4879 })
4880
4881 testCases = append(testCases, testCase{
4882 name: "SigningHash-ServerKeyExchange-Enforced",
4883 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4884 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4885 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4886 SignatureAlgorithms: []signatureAlgorithm{
4887 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4888 },
4889 Bugs: ProtocolBugs{
4890 IgnorePeerSignatureAlgorithmPreferences: true,
4891 },
4892 },
4893 shouldFail: true,
4894 expectedError: ":WRONG_SIGNATURE_TYPE:",
4895 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4896
4897 // Test that the agreed upon digest respects the client preferences and
4898 // the server digests.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4899 //
4900 // TODO(davidben): Add TLS 1.3 versions of these.
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4901 testCases = append(testCases, testCase{
4902 name: "Agree-Digest-Fallback",
4903 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4904 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4905 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4906 SignatureAlgorithms: []signatureAlgorithm{
4907 signatureRSAPKCS1WithSHA512,
4908 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4909 },
4910 },
4911 flags: []string{
4912 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4913 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4914 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4915 digestPrefs: "SHA256",
4916 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4917 })
4918 testCases = append(testCases, testCase{
4919 name: "Agree-Digest-SHA256",
4920 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4921 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4922 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4923 SignatureAlgorithms: []signatureAlgorithm{
4924 signatureRSAPKCS1WithSHA1,
4925 signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4926 },
4927 },
4928 flags: []string{
4929 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4930 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4931 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4932 digestPrefs: "SHA256,SHA1",
4933 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4934 })
4935 testCases = append(testCases, testCase{
4936 name: "Agree-Digest-SHA1",
4937 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4938 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4939 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4940 SignatureAlgorithms: []signatureAlgorithm{
4941 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4942 },
4943 },
4944 flags: []string{
4945 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4946 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4947 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4948 digestPrefs: "SHA512,SHA256,SHA1",
4949 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4950 })
4951 testCases = append(testCases, testCase{
4952 name: "Agree-Digest-Default",
4953 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4954 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4955 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4956 SignatureAlgorithms: []signatureAlgorithm{
4957 signatureRSAPKCS1WithSHA256,
4958 signatureECDSAWithP256AndSHA256,
4959 signatureRSAPKCS1WithSHA1,
4960 signatureECDSAWithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4961 },
4962 },
4963 flags: []string{
4964 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4965 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4966 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]4967 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4968 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]4969
4970 // In TLS 1.2 and below, ECDSA uses the curve list rather than the
4971 // signature algorithms.
4972 //
4973 // TODO(davidben): Add a TLS 1.3 version of this test where the mismatch
4974 // is allowed.
4975 testCases = append(testCases, testCase{
4976 name: "CheckLeafCurve",
4977 config: Config{
4978 MaxVersion: VersionTLS12,
4979 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
4980 Certificates: []Certificate{getECDSACertificate()},
4981 },
4982 flags: []string{"-p384-only"},
4983 shouldFail: true,
4984 expectedError: ":BAD_ECC_CERT:",
4985 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4986}
4987
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4988// timeouts is the retransmit schedule for BoringSSL. It doubles and
4989// caps at 60 seconds. On the 13th timeout, it gives up.
4990var timeouts = []time.Duration{
4991 1 * time.Second,
4992 2 * time.Second,
4993 4 * time.Second,
4994 8 * time.Second,
4995 16 * time.Second,
4996 32 * time.Second,
4997 60 * time.Second,
4998 60 * time.Second,
4999 60 * time.Second,
5000 60 * time.Second,
5001 60 * time.Second,
5002 60 * time.Second,
5003 60 * time.Second,
5004}
5005
Taylor Brandstetter376a0fe2016-05-10 19:30:28 -0700[diff] [blame]5006// shortTimeouts is an alternate set of timeouts which would occur if the
5007// initial timeout duration was set to 250ms.
5008var shortTimeouts = []time.Duration{
5009 250 * time.Millisecond,
5010 500 * time.Millisecond,
5011 1 * time.Second,
5012 2 * time.Second,
5013 4 * time.Second,
5014 8 * time.Second,
5015 16 * time.Second,
5016 32 * time.Second,
5017 60 * time.Second,
5018 60 * time.Second,
5019 60 * time.Second,
5020 60 * time.Second,
5021 60 * time.Second,
5022}
5023
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5024func addDTLSRetransmitTests() {
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5025 // These tests work by coordinating some behavior on both the shim and
5026 // the runner.
5027 //
5028 // TimeoutSchedule configures the runner to send a series of timeout
5029 // opcodes to the shim (see packetAdaptor) immediately before reading
5030 // each peer handshake flight N. The timeout opcode both simulates a
5031 // timeout in the shim and acts as a synchronization point to help the
5032 // runner bracket each handshake flight.
5033 //
5034 // We assume the shim does not read from the channel eagerly. It must
5035 // first wait until it has sent flight N and is ready to receive
5036 // handshake flight N+1. At this point, it will process the timeout
5037 // opcode. It must then immediately respond with a timeout ACK and act
5038 // as if the shim was idle for the specified amount of time.
5039 //
5040 // The runner then drops all packets received before the ACK and
5041 // continues waiting for flight N. This ordering results in one attempt
5042 // at sending flight N to be dropped. For the test to complete, the
5043 // shim must send flight N again, testing that the shim implements DTLS
5044 // retransmit on a timeout.
5045
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5046 // TODO(davidben): Add TLS 1.3 versions of these tests. There will
5047 // likely be more epochs to cross and the final message's retransmit may
5048 // be more complex.
5049
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5050 for _, async := range []bool{true, false} {
5051 var tests []testCase
5052
5053 // Test that this is indeed the timeout schedule. Stress all
5054 // four patterns of handshake.
5055 for i := 1; i < len(timeouts); i++ {
5056 number := strconv.Itoa(i)
5057 tests = append(tests, testCase{
5058 protocol: dtls,
5059 name: "DTLS-Retransmit-Client-" + number,
5060 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5061 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5062 Bugs: ProtocolBugs{
5063 TimeoutSchedule: timeouts[:i],
5064 },
5065 },
5066 resumeSession: true,
5067 })
5068 tests = append(tests, testCase{
5069 protocol: dtls,
5070 testType: serverTest,
5071 name: "DTLS-Retransmit-Server-" + number,
5072 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5073 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5074 Bugs: ProtocolBugs{
5075 TimeoutSchedule: timeouts[:i],
5076 },
5077 },
5078 resumeSession: true,
5079 })
5080 }
5081
5082 // Test that exceeding the timeout schedule hits a read
5083 // timeout.
5084 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5085 protocol: dtls,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5086 name: "DTLS-Retransmit-Timeout",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5087 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5088 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5089 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5090 TimeoutSchedule: timeouts,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5091 },
5092 },
5093 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5094 shouldFail: true,
5095 expectedError: ":READ_TIMEOUT_EXPIRED:",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5096 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5097
5098 if async {
5099 // Test that timeout handling has a fudge factor, due to API
5100 // problems.
5101 tests = append(tests, testCase{
5102 protocol: dtls,
5103 name: "DTLS-Retransmit-Fudge",
5104 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5105 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5106 Bugs: ProtocolBugs{
5107 TimeoutSchedule: []time.Duration{
5108 timeouts[0] - 10*time.Millisecond,
5109 },
5110 },
5111 },
5112 resumeSession: true,
5113 })
5114 }
5115
5116 // Test that the final Finished retransmitting isn't
5117 // duplicated if the peer badly fragments everything.
5118 tests = append(tests, testCase{
5119 testType: serverTest,
5120 protocol: dtls,
5121 name: "DTLS-Retransmit-Fragmented",
5122 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5123 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5124 Bugs: ProtocolBugs{
5125 TimeoutSchedule: []time.Duration{timeouts[0]},
5126 MaxHandshakeRecordLength: 2,
5127 },
5128 },
5129 })
5130
5131 // Test the timeout schedule when a shorter initial timeout duration is set.
5132 tests = append(tests, testCase{
5133 protocol: dtls,
5134 name: "DTLS-Retransmit-Short-Client",
5135 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5136 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5137 Bugs: ProtocolBugs{
5138 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
5139 },
5140 },
5141 resumeSession: true,
5142 flags: []string{"-initial-timeout-duration-ms", "250"},
5143 })
5144 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5145 protocol: dtls,
5146 testType: serverTest,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5147 name: "DTLS-Retransmit-Short-Server",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5148 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5149 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5150 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5151 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5152 },
5153 },
5154 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5155 flags: []string{"-initial-timeout-duration-ms", "250"},
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5156 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]5157
5158 for _, test := range tests {
5159 if async {
5160 test.name += "-Async"
5161 test.flags = append(test.flags, "-async")
5162 }
5163
5164 testCases = append(testCases, test)
5165 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5166 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5167}
5168
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]5169func addExportKeyingMaterialTests() {
5170 for _, vers := range tlsVersions {
5171 if vers.version == VersionSSL30 {
5172 continue
5173 }
5174 testCases = append(testCases, testCase{
5175 name: "ExportKeyingMaterial-" + vers.name,
5176 config: Config{
5177 MaxVersion: vers.version,
5178 },
5179 exportKeyingMaterial: 1024,
5180 exportLabel: "label",
5181 exportContext: "context",
5182 useExportContext: true,
5183 })
5184 testCases = append(testCases, testCase{
5185 name: "ExportKeyingMaterial-NoContext-" + vers.name,
5186 config: Config{
5187 MaxVersion: vers.version,
5188 },
5189 exportKeyingMaterial: 1024,
5190 })
5191 testCases = append(testCases, testCase{
5192 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
5193 config: Config{
5194 MaxVersion: vers.version,
5195 },
5196 exportKeyingMaterial: 1024,
5197 useExportContext: true,
5198 })
5199 testCases = append(testCases, testCase{
5200 name: "ExportKeyingMaterial-Small-" + vers.name,
5201 config: Config{
5202 MaxVersion: vers.version,
5203 },
5204 exportKeyingMaterial: 1,
5205 exportLabel: "label",
5206 exportContext: "context",
5207 useExportContext: true,
5208 })
5209 }
5210 testCases = append(testCases, testCase{
5211 name: "ExportKeyingMaterial-SSL3",
5212 config: Config{
5213 MaxVersion: VersionSSL30,
5214 },
5215 exportKeyingMaterial: 1024,
5216 exportLabel: "label",
5217 exportContext: "context",
5218 useExportContext: true,
5219 shouldFail: true,
5220 expectedError: "failed to export keying material",
5221 })
5222}
5223
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]5224func addTLSUniqueTests() {
5225 for _, isClient := range []bool{false, true} {
5226 for _, isResumption := range []bool{false, true} {
5227 for _, hasEMS := range []bool{false, true} {
5228 var suffix string
5229 if isResumption {
5230 suffix = "Resume-"
5231 } else {
5232 suffix = "Full-"
5233 }
5234
5235 if hasEMS {
5236 suffix += "EMS-"
5237 } else {
5238 suffix += "NoEMS-"
5239 }
5240
5241 if isClient {
5242 suffix += "Client"
5243 } else {
5244 suffix += "Server"
5245 }
5246
5247 test := testCase{
5248 name: "TLSUnique-" + suffix,
5249 testTLSUnique: true,
5250 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5251 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]5252 Bugs: ProtocolBugs{
5253 NoExtendedMasterSecret: !hasEMS,
5254 },
5255 },
5256 }
5257
5258 if isResumption {
5259 test.resumeSession = true
5260 test.resumeConfig = &Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5261 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]5262 Bugs: ProtocolBugs{
5263 NoExtendedMasterSecret: !hasEMS,
5264 },
5265 }
5266 }
5267
5268 if isResumption && !hasEMS {
5269 test.shouldFail = true
5270 test.expectedError = "failed to get tls-unique"
5271 }
5272
5273 testCases = append(testCases, test)
5274 }
5275 }
5276 }
5277}
5278
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5279func addCustomExtensionTests() {
5280 expectedContents := "custom extension"
5281 emptyString := ""
5282
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5283 // TODO(davidben): Add TLS 1.3 versions of these tests.
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5284 for _, isClient := range []bool{false, true} {
5285 suffix := "Server"
5286 flag := "-enable-server-custom-extension"
5287 testType := serverTest
5288 if isClient {
5289 suffix = "Client"
5290 flag = "-enable-client-custom-extension"
5291 testType = clientTest
5292 }
5293
5294 testCases = append(testCases, testCase{
5295 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5296 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5297 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5298 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5299 Bugs: ProtocolBugs{
5300 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5301 ExpectedCustomExtension: &expectedContents,
5302 },
5303 },
5304 flags: []string{flag},
5305 })
5306
5307 // If the parse callback fails, the handshake should also fail.
5308 testCases = append(testCases, testCase{
5309 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5310 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5311 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5312 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5313 Bugs: ProtocolBugs{
5314 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5315 ExpectedCustomExtension: &expectedContents,
5316 },
5317 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5318 flags: []string{flag},
5319 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5320 expectedError: ":CUSTOM_EXTENSION_ERROR:",
5321 })
5322
5323 // If the add callback fails, the handshake should also fail.
5324 testCases = append(testCases, testCase{
5325 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5326 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5327 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5328 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5329 Bugs: ProtocolBugs{
5330 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5331 ExpectedCustomExtension: &expectedContents,
5332 },
5333 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5334 flags: []string{flag, "-custom-extension-fail-add"},
5335 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5336 expectedError: ":CUSTOM_EXTENSION_ERROR:",
5337 })
5338
5339 // If the add callback returns zero, no extension should be
5340 // added.
5341 skipCustomExtension := expectedContents
5342 if isClient {
5343 // For the case where the client skips sending the
5344 // custom extension, the server must not “echo” it.
5345 skipCustomExtension = ""
5346 }
5347 testCases = append(testCases, testCase{
5348 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5349 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5350 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5351 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5352 Bugs: ProtocolBugs{
5353 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5354 ExpectedCustomExtension: &emptyString,
5355 },
5356 },
5357 flags: []string{flag, "-custom-extension-skip"},
5358 })
5359 }
5360
5361 // The custom extension add callback should not be called if the client
5362 // doesn't send the extension.
5363 testCases = append(testCases, testCase{
5364 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5365 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5366 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5367 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5368 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5369 ExpectedCustomExtension: &emptyString,
5370 },
5371 },
5372 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
5373 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]5374
5375 // Test an unknown extension from the server.
5376 testCases = append(testCases, testCase{
5377 testType: clientTest,
5378 name: "UnknownExtension-Client",
5379 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5380 MaxVersion: VersionTLS12,
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]5381 Bugs: ProtocolBugs{
5382 CustomExtension: expectedContents,
5383 },
5384 },
5385 shouldFail: true,
5386 expectedError: ":UNEXPECTED_EXTENSION:",
5387 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5388}
5389
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]5390func addRSAClientKeyExchangeTests() {
5391 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
5392 testCases = append(testCases, testCase{
5393 testType: serverTest,
5394 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
5395 config: Config{
5396 // Ensure the ClientHello version and final
5397 // version are different, to detect if the
5398 // server uses the wrong one.
5399 MaxVersion: VersionTLS11,
5400 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
5401 Bugs: ProtocolBugs{
5402 BadRSAClientKeyExchange: bad,
5403 },
5404 },
5405 shouldFail: true,
5406 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5407 })
5408 }
5409}
5410
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5411var testCurves = []struct {
5412 name string
5413 id CurveID
5414}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5415 {"P-256", CurveP256},
5416 {"P-384", CurveP384},
5417 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]5418 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5419}
5420
5421func addCurveTests() {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5422 // TODO(davidben): Add a TLS 1.3 versions of these tests.
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5423 for _, curve := range testCurves {
5424 testCases = append(testCases, testCase{
5425 name: "CurveTest-Client-" + curve.name,
5426 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5427 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5428 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5429 CurvePreferences: []CurveID{curve.id},
5430 },
5431 flags: []string{"-enable-all-curves"},
5432 })
5433 testCases = append(testCases, testCase{
5434 testType: serverTest,
5435 name: "CurveTest-Server-" + curve.name,
5436 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5437 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5438 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5439 CurvePreferences: []CurveID{curve.id},
5440 },
5441 flags: []string{"-enable-all-curves"},
5442 })
5443 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]5444
5445 // The server must be tolerant to bogus curves.
5446 const bogusCurve = 0x1234
5447 testCases = append(testCases, testCase{
5448 testType: serverTest,
5449 name: "UnknownCurve",
5450 config: Config{
5451 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5452 CurvePreferences: []CurveID{bogusCurve, CurveP256},
5453 },
5454 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame^]5455
5456 // The server must not consider ECDHE ciphers when there are no
5457 // supported curves.
5458 testCases = append(testCases, testCase{
5459 testType: serverTest,
5460 name: "NoSupportedCurves",
5461 config: Config{
5462 // TODO(davidben): Add a TLS 1.3 version of this.
5463 MaxVersion: VersionTLS12,
5464 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5465 Bugs: ProtocolBugs{
5466 NoSupportedCurves: true,
5467 },
5468 },
5469 shouldFail: true,
5470 expectedError: ":NO_SHARED_CIPHER:",
5471 })
5472
5473 // The server must fall back to another cipher when there are no
5474 // supported curves.
5475 testCases = append(testCases, testCase{
5476 testType: serverTest,
5477 name: "NoCommonCurves",
5478 config: Config{
5479 MaxVersion: VersionTLS12,
5480 CipherSuites: []uint16{
5481 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
5482 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
5483 },
5484 CurvePreferences: []CurveID{CurveP224},
5485 },
5486 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
5487 })
5488
5489 // The client must reject bogus curves and disabled curves.
5490 testCases = append(testCases, testCase{
5491 name: "BadECDHECurve",
5492 config: Config{
5493 // TODO(davidben): Add a TLS 1.3 version of this.
5494 MaxVersion: VersionTLS12,
5495 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5496 Bugs: ProtocolBugs{
5497 SendCurve: bogusCurve,
5498 },
5499 },
5500 shouldFail: true,
5501 expectedError: ":WRONG_CURVE:",
5502 })
5503
5504 testCases = append(testCases, testCase{
5505 name: "UnsupportedCurve",
5506 config: Config{
5507 // TODO(davidben): Add a TLS 1.3 version of this.
5508 MaxVersion: VersionTLS12,
5509 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5510 CurvePreferences: []CurveID{CurveP256},
5511 Bugs: ProtocolBugs{
5512 IgnorePeerCurvePreferences: true,
5513 },
5514 },
5515 flags: []string{"-p384-only"},
5516 shouldFail: true,
5517 expectedError: ":WRONG_CURVE:",
5518 })
5519
5520 // Test invalid curve points.
5521 testCases = append(testCases, testCase{
5522 name: "InvalidECDHPoint-Client",
5523 config: Config{
5524 // TODO(davidben): Add a TLS 1.3 version of this test.
5525 MaxVersion: VersionTLS12,
5526 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5527 CurvePreferences: []CurveID{CurveP256},
5528 Bugs: ProtocolBugs{
5529 InvalidECDHPoint: true,
5530 },
5531 },
5532 shouldFail: true,
5533 expectedError: ":INVALID_ENCODING:",
5534 })
5535 testCases = append(testCases, testCase{
5536 testType: serverTest,
5537 name: "InvalidECDHPoint-Server",
5538 config: Config{
5539 // TODO(davidben): Add a TLS 1.3 version of this test.
5540 MaxVersion: VersionTLS12,
5541 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5542 CurvePreferences: []CurveID{CurveP256},
5543 Bugs: ProtocolBugs{
5544 InvalidECDHPoint: true,
5545 },
5546 },
5547 shouldFail: true,
5548 expectedError: ":INVALID_ENCODING:",
5549 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5550}
5551
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5552func addCECPQ1Tests() {
5553 testCases = append(testCases, testCase{
5554 testType: clientTest,
5555 name: "CECPQ1-Client-BadX25519Part",
5556 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5557 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5558 MinVersion: VersionTLS12,
5559 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5560 Bugs: ProtocolBugs{
5561 CECPQ1BadX25519Part: true,
5562 },
5563 },
5564 flags: []string{"-cipher", "kCECPQ1"},
5565 shouldFail: true,
5566 expectedLocalError: "local error: bad record MAC",
5567 })
5568 testCases = append(testCases, testCase{
5569 testType: clientTest,
5570 name: "CECPQ1-Client-BadNewhopePart",
5571 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5572 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5573 MinVersion: VersionTLS12,
5574 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5575 Bugs: ProtocolBugs{
5576 CECPQ1BadNewhopePart: true,
5577 },
5578 },
5579 flags: []string{"-cipher", "kCECPQ1"},
5580 shouldFail: true,
5581 expectedLocalError: "local error: bad record MAC",
5582 })
5583 testCases = append(testCases, testCase{
5584 testType: serverTest,
5585 name: "CECPQ1-Server-BadX25519Part",
5586 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5587 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5588 MinVersion: VersionTLS12,
5589 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5590 Bugs: ProtocolBugs{
5591 CECPQ1BadX25519Part: true,
5592 },
5593 },
5594 flags: []string{"-cipher", "kCECPQ1"},
5595 shouldFail: true,
5596 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5597 })
5598 testCases = append(testCases, testCase{
5599 testType: serverTest,
5600 name: "CECPQ1-Server-BadNewhopePart",
5601 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5602 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5603 MinVersion: VersionTLS12,
5604 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5605 Bugs: ProtocolBugs{
5606 CECPQ1BadNewhopePart: true,
5607 },
5608 },
5609 flags: []string{"-cipher", "kCECPQ1"},
5610 shouldFail: true,
5611 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5612 })
5613}
5614
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5615func addKeyExchangeInfoTests() {
5616 testCases = append(testCases, testCase{
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5617 name: "KeyExchangeInfo-DHE-Client",
5618 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5619 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5620 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5621 Bugs: ProtocolBugs{
5622 // This is a 1234-bit prime number, generated
5623 // with:
5624 // openssl gendh 1234 | openssl asn1parse -i
5625 DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
5626 },
5627 },
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5628 flags: []string{"-expect-dhe-group-size", "1234"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5629 })
5630 testCases = append(testCases, testCase{
5631 testType: serverTest,
5632 name: "KeyExchangeInfo-DHE-Server",
5633 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5634 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5635 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5636 },
5637 // bssl_shim as a server configures a 2048-bit DHE group.
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5638 flags: []string{"-expect-dhe-group-size", "2048"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5639 })
5640
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5641 // TODO(davidben): Add TLS 1.3 versions of these tests once the
5642 // handshake is separate.
5643
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5644 testCases = append(testCases, testCase{
5645 name: "KeyExchangeInfo-ECDHE-Client",
5646 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5647 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5648 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5649 CurvePreferences: []CurveID{CurveX25519},
5650 },
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5651 flags: []string{"-expect-curve-id", "29", "-enable-all-curves"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5652 })
5653 testCases = append(testCases, testCase{
5654 testType: serverTest,
5655 name: "KeyExchangeInfo-ECDHE-Server",
5656 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5657 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5658 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5659 CurvePreferences: []CurveID{CurveX25519},
5660 },
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5661 flags: []string{"-expect-curve-id", "29", "-enable-all-curves"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5662 })
5663}
5664
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]5665func addTLS13RecordTests() {
5666 testCases = append(testCases, testCase{
5667 name: "TLS13-RecordPadding",
5668 config: Config{
5669 MaxVersion: VersionTLS13,
5670 MinVersion: VersionTLS13,
5671 Bugs: ProtocolBugs{
5672 RecordPadding: 10,
5673 },
5674 },
5675 })
5676
5677 testCases = append(testCases, testCase{
5678 name: "TLS13-EmptyRecords",
5679 config: Config{
5680 MaxVersion: VersionTLS13,
5681 MinVersion: VersionTLS13,
5682 Bugs: ProtocolBugs{
5683 OmitRecordContents: true,
5684 },
5685 },
5686 shouldFail: true,
5687 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5688 })
5689
5690 testCases = append(testCases, testCase{
5691 name: "TLS13-OnlyPadding",
5692 config: Config{
5693 MaxVersion: VersionTLS13,
5694 MinVersion: VersionTLS13,
5695 Bugs: ProtocolBugs{
5696 OmitRecordContents: true,
5697 RecordPadding: 10,
5698 },
5699 },
5700 shouldFail: true,
5701 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5702 })
5703
5704 testCases = append(testCases, testCase{
5705 name: "TLS13-WrongOuterRecord",
5706 config: Config{
5707 MaxVersion: VersionTLS13,
5708 MinVersion: VersionTLS13,
5709 Bugs: ProtocolBugs{
5710 OuterRecordType: recordTypeHandshake,
5711 },
5712 },
5713 shouldFail: true,
5714 expectedError: ":INVALID_OUTER_RECORD_TYPE:",
5715 })
5716}
5717
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5718func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5719 defer wg.Done()
5720
5721 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5722 var err error
5723
5724 if *mallocTest < 0 {
5725 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5726 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5727 } else {
5728 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
5729 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5730 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5731 if err != nil {
5732 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
5733 }
5734 break
5735 }
5736 }
5737 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5738 statusChan <- statusMsg{test: test, err: err}
5739 }
5740}
5741
5742type statusMsg struct {
5743 test *testCase
5744 started bool
5745 err error
5746}
5747
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5748func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5749 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5750
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5751 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5752 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5753 if !*pipe {
5754 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]5755 var erase string
5756 for i := 0; i < lineLen; i++ {
5757 erase += "\b \b"
5758 }
5759 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5760 }
5761
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5762 if msg.started {
5763 started++
5764 } else {
5765 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5766
5767 if msg.err != nil {
5768 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
5769 failed++
5770 testOutput.addResult(msg.test.name, "FAIL")
5771 } else {
5772 if *pipe {
5773 // Print each test instead of a status line.
5774 fmt.Printf("PASSED (%s)\n", msg.test.name)
5775 }
5776 testOutput.addResult(msg.test.name, "PASS")
5777 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5778 }
5779
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5780 if !*pipe {
5781 // Print a new status line.
5782 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
5783 lineLen = len(line)
5784 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5785 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5786 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5787
5788 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5789}
5790
5791func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5792 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5793 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5794
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5795 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5796 addCipherSuiteTests()
5797 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]5798 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]5799 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]5800 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]5801 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]5802 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]5803 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]5804 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5805 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]5806 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]5807 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]5808 addDTLSReplayTests()
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]5809 addSignatureAlgorithmTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5810 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]5811 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]5812 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5813 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]5814 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5815 addCurveTests()
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5816 addCECPQ1Tests()
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5817 addKeyExchangeInfoTests()
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]5818 addTLS13RecordTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]5819 for _, async := range []bool{false, true} {
5820 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]5821 for _, protocol := range []protocol{tls, dtls} {
5822 addStateMachineCoverageTests(async, splitHandshake, protocol)
5823 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]5824 }
5825 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5826
5827 var wg sync.WaitGroup
5828
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5829 statusChan := make(chan statusMsg, *numWorkers)
5830 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5831 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5832
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5833 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5834
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5835 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5836 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5837 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5838 }
5839
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5840 var foundTest bool
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5841 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5842 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5843 foundTest = true
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5844 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5845 }
5846 }
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5847 if !foundTest {
5848 fmt.Fprintf(os.Stderr, "No test named '%s'\n", *testToRun)
5849 os.Exit(1)
5850 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5851
5852 close(testChan)
5853 wg.Wait()
5854 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5855 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5856
5857 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5858
5859 if *jsonOutput != "" {
5860 if err := testOutput.writeTo(*jsonOutput); err != nil {
5861 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
5862 }
5863 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]5864
5865 if !testOutput.allPassed {
5866 os.Exit(1)
5867 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5868}