Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 76c2efc0e902d425ca8bc56acdf0b8283cd25117 / . / ssl / test / runner / runner.go
blob: adcb405810b2ad064666dc109fce0ff41467f805 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1package main
2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
30 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
31 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
32 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
33 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
34 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]35 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
36 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
37 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
38 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]39)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]40
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]41const (
42 rsaCertificateFile = "cert.pem"
43 ecdsaCertificateFile = "ecdsa_cert.pem"
44)
45
46const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]47 rsaKeyFile = "key.pem"
48 ecdsaKeyFile = "ecdsa_key.pem"
49 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]50)
51
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]52var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]53var channelIDKey *ecdsa.PrivateKey
54var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]55
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]56var testOCSPResponse = []byte{1, 2, 3, 4}
57var testSCTList = []byte{5, 6, 7, 8}
58
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]59func initCertificates() {
60 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]61 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]62 if err != nil {
63 panic(err)
64 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]65 rsaCertificate.OCSPStaple = testOCSPResponse
66 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]67
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]68 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]69 if err != nil {
70 panic(err)
71 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]72 ecdsaCertificate.OCSPStaple = testOCSPResponse
73 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]74
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]75 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]76 if err != nil {
77 panic(err)
78 }
79 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
80 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
81 panic("bad key type")
82 }
83 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
84 if err != nil {
85 panic(err)
86 }
87 if channelIDKey.Curve != elliptic.P256() {
88 panic("bad curve")
89 }
90
91 channelIDBytes = make([]byte, 64)
92 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
93 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]94}
95
96var certificateOnce sync.Once
97
98func getRSACertificate() Certificate {
99 certificateOnce.Do(initCertificates)
100 return rsaCertificate
101}
102
103func getECDSACertificate() Certificate {
104 certificateOnce.Do(initCertificates)
105 return ecdsaCertificate
106}
107
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]108type testType int
109
110const (
111 clientTest testType = iota
112 serverTest
113)
114
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]115type protocol int
116
117const (
118 tls protocol = iota
119 dtls
120)
121
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]122const (
123 alpn = 1
124 npn = 2
125)
126
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]127type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]128 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]129 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]130 name string
131 config Config
132 shouldFail bool
133 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]134 // expectedLocalError, if not empty, contains a substring that must be
135 // found in the local error.
136 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]137 // expectedVersion, if non-zero, specifies the TLS version that must be
138 // negotiated.
139 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]140 // expectedResumeVersion, if non-zero, specifies the TLS version that
141 // must be negotiated on resumption. If zero, expectedVersion is used.
142 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]143 // expectedCipher, if non-zero, specifies the TLS cipher suite that
144 // should be negotiated.
145 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]146 // expectChannelID controls whether the connection should have
147 // negotiated a Channel ID with channelIDKey.
148 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]149 // expectedNextProto controls whether the connection should
150 // negotiate a next protocol via NPN or ALPN.
151 expectedNextProto string
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]152 // expectedNextProtoType, if non-zero, is the expected next
153 // protocol negotiation mechanism.
154 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]155 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
156 // should be negotiated. If zero, none should be negotiated.
157 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]158 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
159 expectedOCSPResponse []uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]160 // messageLen is the length, in bytes, of the test message that will be
161 // sent.
162 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]163 // messageCount is the number of test messages that will be sent.
164 messageCount int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]165 // certFile is the path to the certificate to use for the server.
166 certFile string
167 // keyFile is the path to the private key to use for the server.
168 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]169 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]170 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]171 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]172 // expectResumeRejected, if true, specifies that the attempted
173 // resumption must be rejected by the client. This is only valid for a
174 // serverTest.
175 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]176 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]177 // resumption. Unless newSessionsOnResume is set,
178 // SessionTicketKey, ServerSessionCache, and
179 // ClientSessionCache are copied from the initial connection's
180 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]181 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]182 // newSessionsOnResume, if true, will cause resumeConfig to
183 // use a different session resumption context.
184 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]185 // noSessionCache, if true, will cause the server to run without a
186 // session cache.
187 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]188 // sendPrefix sends a prefix on the socket before actually performing a
189 // handshake.
190 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]191 // shimWritesFirst controls whether the shim sends an initial "hello"
192 // message before doing a roundtrip with the runner.
193 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]194 // shimShutsDown, if true, runs a test where the shim shuts down the
195 // connection immediately after the handshake rather than echoing
196 // messages from the runner.
197 shimShutsDown bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]198 // renegotiate indicates the the connection should be renegotiated
199 // during the exchange.
200 renegotiate bool
201 // renegotiateCiphers is a list of ciphersuite ids that will be
202 // switched in just before renegotiation.
203 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]204 // replayWrites, if true, configures the underlying transport
205 // to replay every write it makes in DTLS tests.
206 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]207 // damageFirstWrite, if true, configures the underlying transport to
208 // damage the final byte of the first application data write.
209 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]210 // exportKeyingMaterial, if non-zero, configures the test to exchange
211 // keying material and verify they match.
212 exportKeyingMaterial int
213 exportLabel string
214 exportContext string
215 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]216 // flags, if not empty, contains a list of command-line flags that will
217 // be passed to the shim program.
218 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]219 // testTLSUnique, if true, causes the shim to send the tls-unique value
220 // which will be compared against the expected value.
221 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]222 // sendEmptyRecords is the number of consecutive empty records to send
223 // before and after the test message.
224 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]225 // sendWarningAlerts is the number of consecutive warning alerts to send
226 // before and after the test message.
227 sendWarningAlerts int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]228}
229
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]230var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]231
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]232func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]233 var connDebug *recordingConn
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]234 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]235 if *flagDebug {
236 connDebug = &recordingConn{Conn: conn}
237 conn = connDebug
238 defer func() {
239 connDebug.WriteTo(os.Stdout)
240 }()
241 }
242
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]243 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]244 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
245 conn = config.Bugs.PacketAdaptor
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]246 if test.replayWrites {
247 conn = newReplayAdaptor(conn)
248 }
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]249 }
250
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]251 if test.damageFirstWrite {
252 connDamage = newDamageAdaptor(conn)
253 conn = connDamage
254 }
255
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]256 if test.sendPrefix != "" {
257 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
258 return err
259 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]260 }
261
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]262 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]263 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]264 if test.protocol == dtls {
265 tlsConn = DTLSServer(conn, config)
266 } else {
267 tlsConn = Server(conn, config)
268 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]269 } else {
270 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]271 if test.protocol == dtls {
272 tlsConn = DTLSClient(conn, config)
273 } else {
274 tlsConn = Client(conn, config)
275 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]276 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]277 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]278
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]279 if err := tlsConn.Handshake(); err != nil {
280 return err
281 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]282
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]283 // TODO(davidben): move all per-connection expectations into a dedicated
284 // expectations struct that can be specified separately for the two
285 // legs.
286 expectedVersion := test.expectedVersion
287 if isResume && test.expectedResumeVersion != 0 {
288 expectedVersion = test.expectedResumeVersion
289 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]290 connState := tlsConn.ConnectionState()
291 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]292 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]293 }
294
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]295 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]296 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
297 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]298 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
299 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
300 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]301
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]302 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]303 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]304 if channelID == nil {
305 return fmt.Errorf("no channel ID negotiated")
306 }
307 if channelID.Curve != channelIDKey.Curve ||
308 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
309 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
310 return fmt.Errorf("incorrect channel ID")
311 }
312 }
313
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]314 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]315 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]316 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
317 }
318 }
319
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]320 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]321 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]322 return fmt.Errorf("next proto type mismatch")
323 }
324 }
325
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]326 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]327 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
328 }
329
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]330 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
331 return fmt.Errorf("OCSP Response mismatch")
332 }
333
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]334 if test.exportKeyingMaterial > 0 {
335 actual := make([]byte, test.exportKeyingMaterial)
336 if _, err := io.ReadFull(tlsConn, actual); err != nil {
337 return err
338 }
339 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
340 if err != nil {
341 return err
342 }
343 if !bytes.Equal(actual, expected) {
344 return fmt.Errorf("keying material mismatch")
345 }
346 }
347
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]348 if test.testTLSUnique {
349 var peersValue [12]byte
350 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
351 return err
352 }
353 expected := tlsConn.ConnectionState().TLSUnique
354 if !bytes.Equal(peersValue[:], expected) {
355 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
356 }
357 }
358
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]359 if test.shimWritesFirst {
360 var buf [5]byte
361 _, err := io.ReadFull(tlsConn, buf[:])
362 if err != nil {
363 return err
364 }
365 if string(buf[:]) != "hello" {
366 return fmt.Errorf("bad initial message")
367 }
368 }
369
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]370 for i := 0; i < test.sendEmptyRecords; i++ {
371 tlsConn.Write(nil)
372 }
373
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]374 for i := 0; i < test.sendWarningAlerts; i++ {
375 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
376 }
377
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]378 if test.renegotiate {
379 if test.renegotiateCiphers != nil {
380 config.CipherSuites = test.renegotiateCiphers
381 }
382 if err := tlsConn.Renegotiate(); err != nil {
383 return err
384 }
385 } else if test.renegotiateCiphers != nil {
386 panic("renegotiateCiphers without renegotiate")
387 }
388
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]389 if test.damageFirstWrite {
390 connDamage.setDamage(true)
391 tlsConn.Write([]byte("DAMAGED WRITE"))
392 connDamage.setDamage(false)
393 }
394
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]395 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]396 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]397 if test.protocol == dtls {
398 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
399 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]400 // Read until EOF.
401 _, err := io.Copy(ioutil.Discard, tlsConn)
402 return err
403 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]404 if messageLen == 0 {
405 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]406 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]407
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]408 messageCount := test.messageCount
409 if messageCount == 0 {
410 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]411 }
412
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]413 for j := 0; j < messageCount; j++ {
414 testMessage := make([]byte, messageLen)
415 for i := range testMessage {
416 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]417 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]418 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]419
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]420 for i := 0; i < test.sendEmptyRecords; i++ {
421 tlsConn.Write(nil)
422 }
423
424 for i := 0; i < test.sendWarningAlerts; i++ {
425 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
426 }
427
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]428 if test.shimShutsDown {
429 // The shim will not respond.
430 continue
431 }
432
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]433 buf := make([]byte, len(testMessage))
434 if test.protocol == dtls {
435 bufTmp := make([]byte, len(buf)+1)
436 n, err := tlsConn.Read(bufTmp)
437 if err != nil {
438 return err
439 }
440 if n != len(buf) {
441 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
442 }
443 copy(buf, bufTmp)
444 } else {
445 _, err := io.ReadFull(tlsConn, buf)
446 if err != nil {
447 return err
448 }
449 }
450
451 for i, v := range buf {
452 if v != testMessage[i]^0xff {
453 return fmt.Errorf("bad reply contents at byte %d", i)
454 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]455 }
456 }
457
458 return nil
459}
460
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]461func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
462 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]463 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]464 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]465 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]466 valgrindArgs = append(valgrindArgs, path)
467 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]468
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]469 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]470}
471
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]472func gdbOf(path string, args ...string) *exec.Cmd {
473 xtermArgs := []string{"-e", "gdb", "--args"}
474 xtermArgs = append(xtermArgs, path)
475 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]476
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]477 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]478}
479
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]480type moreMallocsError struct{}
481
482func (moreMallocsError) Error() string {
483 return "child process did not exhaust all allocation calls"
484}
485
486var errMoreMallocs = moreMallocsError{}
487
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]488// accept accepts a connection from listener, unless waitChan signals a process
489// exit first.
490func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
491 type connOrError struct {
492 conn net.Conn
493 err error
494 }
495 connChan := make(chan connOrError, 1)
496 go func() {
497 conn, err := listener.Accept()
498 connChan <- connOrError{conn, err}
499 close(connChan)
500 }()
501 select {
502 case result := <-connChan:
503 return result.conn, result.err
504 case childErr := <-waitChan:
505 waitChan <- childErr
506 return nil, fmt.Errorf("child exited early: %s", childErr)
507 }
508}
509
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]510func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]511 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
512 panic("Error expected without shouldFail in " + test.name)
513 }
514
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]515 if test.expectResumeRejected && !test.resumeSession {
516 panic("expectResumeRejected without resumeSession in " + test.name)
517 }
518
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]519 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
520 if err != nil {
521 panic(err)
522 }
523 defer func() {
524 if listener != nil {
525 listener.Close()
526 }
527 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]528
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]529 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]530 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]531 flags = append(flags, "-server")
532
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]533 flags = append(flags, "-key-file")
534 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]535 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]536 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]537 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]538 }
539
540 flags = append(flags, "-cert-file")
541 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]542 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]543 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]544 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]545 }
546 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]547
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]548 if test.protocol == dtls {
549 flags = append(flags, "-dtls")
550 }
551
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]552 if test.resumeSession {
553 flags = append(flags, "-resume")
554 }
555
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]556 if test.shimWritesFirst {
557 flags = append(flags, "-shim-writes-first")
558 }
559
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]560 if test.shimShutsDown {
561 flags = append(flags, "-shim-shuts-down")
562 }
563
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]564 if test.exportKeyingMaterial > 0 {
565 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
566 flags = append(flags, "-export-label", test.exportLabel)
567 flags = append(flags, "-export-context", test.exportContext)
568 if test.useExportContext {
569 flags = append(flags, "-use-export-context")
570 }
571 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]572 if test.expectResumeRejected {
573 flags = append(flags, "-expect-session-miss")
574 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]575
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]576 if test.testTLSUnique {
577 flags = append(flags, "-tls-unique")
578 }
579
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]580 flags = append(flags, test.flags...)
581
582 var shim *exec.Cmd
583 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]584 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]585 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]586 shim = gdbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]587 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]588 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]589 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]590 shim.Stdin = os.Stdin
591 var stdoutBuf, stderrBuf bytes.Buffer
592 shim.Stdout = &stdoutBuf
593 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]594 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]595 shim.Env = os.Environ()
596 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]597 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]598 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]599 }
600 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
601 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]602
603 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]604 panic(err)
605 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]606 waitChan := make(chan error, 1)
607 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]608
609 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]610 if !test.noSessionCache {
611 config.ClientSessionCache = NewLRUClientSessionCache(1)
612 config.ServerSessionCache = NewLRUServerSessionCache(1)
613 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]614 if test.testType == clientTest {
615 if len(config.Certificates) == 0 {
616 config.Certificates = []Certificate{getRSACertificate()}
617 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]618 } else {
619 // Supply a ServerName to ensure a constant session cache key,
620 // rather than falling back to net.Conn.RemoteAddr.
621 if len(config.ServerName) == 0 {
622 config.ServerName = "test"
623 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]624 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]625
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]626 conn, err := acceptOrWait(listener, waitChan)
627 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]628 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]629 conn.Close()
630 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]631
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]632 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]633 var resumeConfig Config
634 if test.resumeConfig != nil {
635 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]636 if len(resumeConfig.ServerName) == 0 {
637 resumeConfig.ServerName = config.ServerName
638 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]639 if len(resumeConfig.Certificates) == 0 {
640 resumeConfig.Certificates = []Certificate{getRSACertificate()}
641 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]642 if test.newSessionsOnResume {
643 if !test.noSessionCache {
644 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
645 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
646 }
647 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]648 resumeConfig.SessionTicketKey = config.SessionTicketKey
649 resumeConfig.ClientSessionCache = config.ClientSessionCache
650 resumeConfig.ServerSessionCache = config.ServerSessionCache
651 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]652 } else {
653 resumeConfig = config
654 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]655 var connResume net.Conn
656 connResume, err = acceptOrWait(listener, waitChan)
657 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]658 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]659 connResume.Close()
660 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]661 }
662
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]663 // Close the listener now. This is to avoid hangs should the shim try to
664 // open more connections than expected.
665 listener.Close()
666 listener = nil
667
668 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]669 if exitError, ok := childErr.(*exec.ExitError); ok {
670 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
671 return errMoreMallocs
672 }
673 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]674
675 stdout := string(stdoutBuf.Bytes())
676 stderr := string(stderrBuf.Bytes())
677 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]678 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]679 localError := "none"
680 if err != nil {
681 localError = err.Error()
682 }
683 if len(test.expectedLocalError) != 0 {
684 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
685 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]686
687 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]688 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689 if childErr != nil {
690 childError = childErr.Error()
691 }
692
693 var msg string
694 switch {
695 case failed && !test.shouldFail:
696 msg = "unexpected failure"
697 case !failed && test.shouldFail:
698 msg = "unexpected success"
699 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]700 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]701 default:
702 panic("internal error")
703 }
704
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]705 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]706 }
707
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]708 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]709 println(stderr)
710 }
711
712 return nil
713}
714
715var tlsVersions = []struct {
716 name string
717 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]718 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]719 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]720}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]721 {"SSL3", VersionSSL30, "-no-ssl3", false},
722 {"TLS1", VersionTLS10, "-no-tls1", true},
723 {"TLS11", VersionTLS11, "-no-tls11", false},
724 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]725}
726
727var testCipherSuites = []struct {
728 name string
729 id uint16
730}{
731 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]732 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]733 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]734 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]735 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]736 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]737 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]738 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
739 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]740 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]741 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
742 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]743 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]744 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
745 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]746 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
747 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]748 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]749 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]750 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]751 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]752 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]753 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]754 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]755 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]756 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]757 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]758 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]759 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]760 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
761 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]762 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
763 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]764 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]765 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]766 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]767}
768
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]769func hasComponent(suiteName, component string) bool {
770 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
771}
772
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]773func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]774 return hasComponent(suiteName, "GCM") ||
775 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]776 hasComponent(suiteName, "SHA384") ||
777 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]778}
779
780func isDTLSCipher(suiteName string) bool {
David Benjamine95d20d2014-12-23 11:16:01 -0500[diff] [blame]781 return !hasComponent(suiteName, "RC4")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]782}
783
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]784func bigFromHex(hex string) *big.Int {
785 ret, ok := new(big.Int).SetString(hex, 16)
786 if !ok {
787 panic("failed to parse hex number 0x" + hex)
788 }
789 return ret
790}
791
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]792func addBasicTests() {
793 basicTests := []testCase{
794 {
795 name: "BadRSASignature",
796 config: Config{
797 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
798 Bugs: ProtocolBugs{
799 InvalidSKXSignature: true,
800 },
801 },
802 shouldFail: true,
803 expectedError: ":BAD_SIGNATURE:",
804 },
805 {
806 name: "BadECDSASignature",
807 config: Config{
808 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
809 Bugs: ProtocolBugs{
810 InvalidSKXSignature: true,
811 },
812 Certificates: []Certificate{getECDSACertificate()},
813 },
814 shouldFail: true,
815 expectedError: ":BAD_SIGNATURE:",
816 },
817 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]818 testType: serverTest,
819 name: "BadRSASignature-ClientAuth",
820 config: Config{
821 Bugs: ProtocolBugs{
822 InvalidCertVerifySignature: true,
823 },
824 Certificates: []Certificate{getRSACertificate()},
825 },
826 shouldFail: true,
827 expectedError: ":BAD_SIGNATURE:",
828 flags: []string{"-require-any-client-certificate"},
829 },
830 {
831 testType: serverTest,
832 name: "BadECDSASignature-ClientAuth",
833 config: Config{
834 Bugs: ProtocolBugs{
835 InvalidCertVerifySignature: true,
836 },
837 Certificates: []Certificate{getECDSACertificate()},
838 },
839 shouldFail: true,
840 expectedError: ":BAD_SIGNATURE:",
841 flags: []string{"-require-any-client-certificate"},
842 },
843 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]844 name: "BadECDSACurve",
845 config: Config{
846 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
847 Bugs: ProtocolBugs{
848 InvalidSKXCurve: true,
849 },
850 Certificates: []Certificate{getECDSACertificate()},
851 },
852 shouldFail: true,
853 expectedError: ":WRONG_CURVE:",
854 },
855 {
856 testType: serverTest,
857 name: "BadRSAVersion",
858 config: Config{
859 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
860 Bugs: ProtocolBugs{
861 RsaClientKeyExchangeVersion: VersionTLS11,
862 },
863 },
864 shouldFail: true,
865 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
866 },
867 {
868 name: "NoFallbackSCSV",
869 config: Config{
870 Bugs: ProtocolBugs{
871 FailIfNotFallbackSCSV: true,
872 },
873 },
874 shouldFail: true,
875 expectedLocalError: "no fallback SCSV found",
876 },
877 {
878 name: "SendFallbackSCSV",
879 config: Config{
880 Bugs: ProtocolBugs{
881 FailIfNotFallbackSCSV: true,
882 },
883 },
884 flags: []string{"-fallback-scsv"},
885 },
886 {
887 name: "ClientCertificateTypes",
888 config: Config{
889 ClientAuth: RequestClientCert,
890 ClientCertificateTypes: []byte{
891 CertTypeDSSSign,
892 CertTypeRSASign,
893 CertTypeECDSASign,
894 },
895 },
896 flags: []string{
897 "-expect-certificate-types",
898 base64.StdEncoding.EncodeToString([]byte{
899 CertTypeDSSSign,
900 CertTypeRSASign,
901 CertTypeECDSASign,
902 }),
903 },
904 },
905 {
906 name: "NoClientCertificate",
907 config: Config{
908 ClientAuth: RequireAnyClientCert,
909 },
910 shouldFail: true,
911 expectedLocalError: "client didn't provide a certificate",
912 },
913 {
914 name: "UnauthenticatedECDH",
915 config: Config{
916 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
917 Bugs: ProtocolBugs{
918 UnauthenticatedECDH: true,
919 },
920 },
921 shouldFail: true,
922 expectedError: ":UNEXPECTED_MESSAGE:",
923 },
924 {
925 name: "SkipCertificateStatus",
926 config: Config{
927 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
928 Bugs: ProtocolBugs{
929 SkipCertificateStatus: true,
930 },
931 },
932 flags: []string{
933 "-enable-ocsp-stapling",
934 },
935 },
936 {
937 name: "SkipServerKeyExchange",
938 config: Config{
939 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
940 Bugs: ProtocolBugs{
941 SkipServerKeyExchange: true,
942 },
943 },
944 shouldFail: true,
945 expectedError: ":UNEXPECTED_MESSAGE:",
946 },
947 {
948 name: "SkipChangeCipherSpec-Client",
949 config: Config{
950 Bugs: ProtocolBugs{
951 SkipChangeCipherSpec: true,
952 },
953 },
954 shouldFail: true,
955 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
956 },
957 {
958 testType: serverTest,
959 name: "SkipChangeCipherSpec-Server",
960 config: Config{
961 Bugs: ProtocolBugs{
962 SkipChangeCipherSpec: true,
963 },
964 },
965 shouldFail: true,
966 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
967 },
968 {
969 testType: serverTest,
970 name: "SkipChangeCipherSpec-Server-NPN",
971 config: Config{
972 NextProtos: []string{"bar"},
973 Bugs: ProtocolBugs{
974 SkipChangeCipherSpec: true,
975 },
976 },
977 flags: []string{
978 "-advertise-npn", "\x03foo\x03bar\x03baz",
979 },
980 shouldFail: true,
981 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
982 },
983 {
984 name: "FragmentAcrossChangeCipherSpec-Client",
985 config: Config{
986 Bugs: ProtocolBugs{
987 FragmentAcrossChangeCipherSpec: true,
988 },
989 },
990 shouldFail: true,
991 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
992 },
993 {
994 testType: serverTest,
995 name: "FragmentAcrossChangeCipherSpec-Server",
996 config: Config{
997 Bugs: ProtocolBugs{
998 FragmentAcrossChangeCipherSpec: true,
999 },
1000 },
1001 shouldFail: true,
1002 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
1003 },
1004 {
1005 testType: serverTest,
1006 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1007 config: Config{
1008 NextProtos: []string{"bar"},
1009 Bugs: ProtocolBugs{
1010 FragmentAcrossChangeCipherSpec: true,
1011 },
1012 },
1013 flags: []string{
1014 "-advertise-npn", "\x03foo\x03bar\x03baz",
1015 },
1016 shouldFail: true,
1017 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
1018 },
1019 {
1020 testType: serverTest,
1021 name: "Alert",
1022 config: Config{
1023 Bugs: ProtocolBugs{
1024 SendSpuriousAlert: alertRecordOverflow,
1025 },
1026 },
1027 shouldFail: true,
1028 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1029 },
1030 {
1031 protocol: dtls,
1032 testType: serverTest,
1033 name: "Alert-DTLS",
1034 config: Config{
1035 Bugs: ProtocolBugs{
1036 SendSpuriousAlert: alertRecordOverflow,
1037 },
1038 },
1039 shouldFail: true,
1040 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1041 },
1042 {
1043 testType: serverTest,
1044 name: "FragmentAlert",
1045 config: Config{
1046 Bugs: ProtocolBugs{
1047 FragmentAlert: true,
1048 SendSpuriousAlert: alertRecordOverflow,
1049 },
1050 },
1051 shouldFail: true,
1052 expectedError: ":BAD_ALERT:",
1053 },
1054 {
1055 protocol: dtls,
1056 testType: serverTest,
1057 name: "FragmentAlert-DTLS",
1058 config: Config{
1059 Bugs: ProtocolBugs{
1060 FragmentAlert: true,
1061 SendSpuriousAlert: alertRecordOverflow,
1062 },
1063 },
1064 shouldFail: true,
1065 expectedError: ":BAD_ALERT:",
1066 },
1067 {
1068 testType: serverTest,
1069 name: "EarlyChangeCipherSpec-server-1",
1070 config: Config{
1071 Bugs: ProtocolBugs{
1072 EarlyChangeCipherSpec: 1,
1073 },
1074 },
1075 shouldFail: true,
1076 expectedError: ":CCS_RECEIVED_EARLY:",
1077 },
1078 {
1079 testType: serverTest,
1080 name: "EarlyChangeCipherSpec-server-2",
1081 config: Config{
1082 Bugs: ProtocolBugs{
1083 EarlyChangeCipherSpec: 2,
1084 },
1085 },
1086 shouldFail: true,
1087 expectedError: ":CCS_RECEIVED_EARLY:",
1088 },
1089 {
1090 name: "SkipNewSessionTicket",
1091 config: Config{
1092 Bugs: ProtocolBugs{
1093 SkipNewSessionTicket: true,
1094 },
1095 },
1096 shouldFail: true,
1097 expectedError: ":CCS_RECEIVED_EARLY:",
1098 },
1099 {
1100 testType: serverTest,
1101 name: "FallbackSCSV",
1102 config: Config{
1103 MaxVersion: VersionTLS11,
1104 Bugs: ProtocolBugs{
1105 SendFallbackSCSV: true,
1106 },
1107 },
1108 shouldFail: true,
1109 expectedError: ":INAPPROPRIATE_FALLBACK:",
1110 },
1111 {
1112 testType: serverTest,
1113 name: "FallbackSCSV-VersionMatch",
1114 config: Config{
1115 Bugs: ProtocolBugs{
1116 SendFallbackSCSV: true,
1117 },
1118 },
1119 },
1120 {
1121 testType: serverTest,
1122 name: "FragmentedClientVersion",
1123 config: Config{
1124 Bugs: ProtocolBugs{
1125 MaxHandshakeRecordLength: 1,
1126 FragmentClientVersion: true,
1127 },
1128 },
1129 expectedVersion: VersionTLS12,
1130 },
1131 {
1132 testType: serverTest,
1133 name: "MinorVersionTolerance",
1134 config: Config{
1135 Bugs: ProtocolBugs{
1136 SendClientVersion: 0x03ff,
1137 },
1138 },
1139 expectedVersion: VersionTLS12,
1140 },
1141 {
1142 testType: serverTest,
1143 name: "MajorVersionTolerance",
1144 config: Config{
1145 Bugs: ProtocolBugs{
1146 SendClientVersion: 0x0400,
1147 },
1148 },
1149 expectedVersion: VersionTLS12,
1150 },
1151 {
1152 testType: serverTest,
1153 name: "VersionTooLow",
1154 config: Config{
1155 Bugs: ProtocolBugs{
1156 SendClientVersion: 0x0200,
1157 },
1158 },
1159 shouldFail: true,
1160 expectedError: ":UNSUPPORTED_PROTOCOL:",
1161 },
1162 {
1163 testType: serverTest,
1164 name: "HttpGET",
1165 sendPrefix: "GET / HTTP/1.0\n",
1166 shouldFail: true,
1167 expectedError: ":HTTP_REQUEST:",
1168 },
1169 {
1170 testType: serverTest,
1171 name: "HttpPOST",
1172 sendPrefix: "POST / HTTP/1.0\n",
1173 shouldFail: true,
1174 expectedError: ":HTTP_REQUEST:",
1175 },
1176 {
1177 testType: serverTest,
1178 name: "HttpHEAD",
1179 sendPrefix: "HEAD / HTTP/1.0\n",
1180 shouldFail: true,
1181 expectedError: ":HTTP_REQUEST:",
1182 },
1183 {
1184 testType: serverTest,
1185 name: "HttpPUT",
1186 sendPrefix: "PUT / HTTP/1.0\n",
1187 shouldFail: true,
1188 expectedError: ":HTTP_REQUEST:",
1189 },
1190 {
1191 testType: serverTest,
1192 name: "HttpCONNECT",
1193 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1194 shouldFail: true,
1195 expectedError: ":HTTPS_PROXY_REQUEST:",
1196 },
1197 {
1198 testType: serverTest,
1199 name: "Garbage",
1200 sendPrefix: "blah",
1201 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1202 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1203 },
1204 {
1205 name: "SkipCipherVersionCheck",
1206 config: Config{
1207 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1208 MaxVersion: VersionTLS11,
1209 Bugs: ProtocolBugs{
1210 SkipCipherVersionCheck: true,
1211 },
1212 },
1213 shouldFail: true,
1214 expectedError: ":WRONG_CIPHER_RETURNED:",
1215 },
1216 {
1217 name: "RSAEphemeralKey",
1218 config: Config{
1219 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1220 Bugs: ProtocolBugs{
1221 RSAEphemeralKey: true,
1222 },
1223 },
1224 shouldFail: true,
1225 expectedError: ":UNEXPECTED_MESSAGE:",
1226 },
1227 {
1228 name: "DisableEverything",
1229 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1230 shouldFail: true,
1231 expectedError: ":WRONG_SSL_VERSION:",
1232 },
1233 {
1234 protocol: dtls,
1235 name: "DisableEverything-DTLS",
1236 flags: []string{"-no-tls12", "-no-tls1"},
1237 shouldFail: true,
1238 expectedError: ":WRONG_SSL_VERSION:",
1239 },
1240 {
1241 name: "NoSharedCipher",
1242 config: Config{
1243 CipherSuites: []uint16{},
1244 },
1245 shouldFail: true,
1246 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1247 },
1248 {
1249 protocol: dtls,
1250 testType: serverTest,
1251 name: "MTU",
1252 config: Config{
1253 Bugs: ProtocolBugs{
1254 MaxPacketLength: 256,
1255 },
1256 },
1257 flags: []string{"-mtu", "256"},
1258 },
1259 {
1260 protocol: dtls,
1261 testType: serverTest,
1262 name: "MTUExceeded",
1263 config: Config{
1264 Bugs: ProtocolBugs{
1265 MaxPacketLength: 255,
1266 },
1267 },
1268 flags: []string{"-mtu", "256"},
1269 shouldFail: true,
1270 expectedLocalError: "dtls: exceeded maximum packet length",
1271 },
1272 {
1273 name: "CertMismatchRSA",
1274 config: Config{
1275 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1276 Certificates: []Certificate{getECDSACertificate()},
1277 Bugs: ProtocolBugs{
1278 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1279 },
1280 },
1281 shouldFail: true,
1282 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1283 },
1284 {
1285 name: "CertMismatchECDSA",
1286 config: Config{
1287 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1288 Certificates: []Certificate{getRSACertificate()},
1289 Bugs: ProtocolBugs{
1290 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1291 },
1292 },
1293 shouldFail: true,
1294 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1295 },
1296 {
1297 name: "EmptyCertificateList",
1298 config: Config{
1299 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1300 Bugs: ProtocolBugs{
1301 EmptyCertificateList: true,
1302 },
1303 },
1304 shouldFail: true,
1305 expectedError: ":DECODE_ERROR:",
1306 },
1307 {
1308 name: "TLSFatalBadPackets",
1309 damageFirstWrite: true,
1310 shouldFail: true,
1311 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1312 },
1313 {
1314 protocol: dtls,
1315 name: "DTLSIgnoreBadPackets",
1316 damageFirstWrite: true,
1317 },
1318 {
1319 protocol: dtls,
1320 name: "DTLSIgnoreBadPackets-Async",
1321 damageFirstWrite: true,
1322 flags: []string{"-async"},
1323 },
1324 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1325 name: "AppDataBeforeHandshake",
1326 config: Config{
1327 Bugs: ProtocolBugs{
1328 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1329 },
1330 },
1331 shouldFail: true,
1332 expectedError: ":UNEXPECTED_RECORD:",
1333 },
1334 {
1335 name: "AppDataBeforeHandshake-Empty",
1336 config: Config{
1337 Bugs: ProtocolBugs{
1338 AppDataBeforeHandshake: []byte{},
1339 },
1340 },
1341 shouldFail: true,
1342 expectedError: ":UNEXPECTED_RECORD:",
1343 },
1344 {
1345 protocol: dtls,
1346 name: "AppDataBeforeHandshake-DTLS",
1347 config: Config{
1348 Bugs: ProtocolBugs{
1349 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1350 },
1351 },
1352 shouldFail: true,
1353 expectedError: ":UNEXPECTED_RECORD:",
1354 },
1355 {
1356 protocol: dtls,
1357 name: "AppDataBeforeHandshake-DTLS-Empty",
1358 config: Config{
1359 Bugs: ProtocolBugs{
1360 AppDataBeforeHandshake: []byte{},
1361 },
1362 },
1363 shouldFail: true,
1364 expectedError: ":UNEXPECTED_RECORD:",
1365 },
1366 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1367 name: "AppDataAfterChangeCipherSpec",
1368 config: Config{
1369 Bugs: ProtocolBugs{
1370 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1371 },
1372 },
1373 shouldFail: true,
1374 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
1375 },
1376 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1377 name: "AppDataAfterChangeCipherSpec-Empty",
1378 config: Config{
1379 Bugs: ProtocolBugs{
1380 AppDataAfterChangeCipherSpec: []byte{},
1381 },
1382 },
1383 shouldFail: true,
1384 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
1385 },
1386 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1387 protocol: dtls,
1388 name: "AppDataAfterChangeCipherSpec-DTLS",
1389 config: Config{
1390 Bugs: ProtocolBugs{
1391 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1392 },
1393 },
1394 // BoringSSL's DTLS implementation will drop the out-of-order
1395 // application data.
1396 },
1397 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1398 protocol: dtls,
1399 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1400 config: Config{
1401 Bugs: ProtocolBugs{
1402 AppDataAfterChangeCipherSpec: []byte{},
1403 },
1404 },
1405 // BoringSSL's DTLS implementation will drop the out-of-order
1406 // application data.
1407 },
1408 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1409 name: "AlertAfterChangeCipherSpec",
1410 config: Config{
1411 Bugs: ProtocolBugs{
1412 AlertAfterChangeCipherSpec: alertRecordOverflow,
1413 },
1414 },
1415 shouldFail: true,
1416 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1417 },
1418 {
1419 protocol: dtls,
1420 name: "AlertAfterChangeCipherSpec-DTLS",
1421 config: Config{
1422 Bugs: ProtocolBugs{
1423 AlertAfterChangeCipherSpec: alertRecordOverflow,
1424 },
1425 },
1426 shouldFail: true,
1427 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1428 },
1429 {
1430 protocol: dtls,
1431 name: "ReorderHandshakeFragments-Small-DTLS",
1432 config: Config{
1433 Bugs: ProtocolBugs{
1434 ReorderHandshakeFragments: true,
1435 // Small enough that every handshake message is
1436 // fragmented.
1437 MaxHandshakeRecordLength: 2,
1438 },
1439 },
1440 },
1441 {
1442 protocol: dtls,
1443 name: "ReorderHandshakeFragments-Large-DTLS",
1444 config: Config{
1445 Bugs: ProtocolBugs{
1446 ReorderHandshakeFragments: true,
1447 // Large enough that no handshake message is
1448 // fragmented.
1449 MaxHandshakeRecordLength: 2048,
1450 },
1451 },
1452 },
1453 {
1454 protocol: dtls,
1455 name: "MixCompleteMessageWithFragments-DTLS",
1456 config: Config{
1457 Bugs: ProtocolBugs{
1458 ReorderHandshakeFragments: true,
1459 MixCompleteMessageWithFragments: true,
1460 MaxHandshakeRecordLength: 2,
1461 },
1462 },
1463 },
1464 {
1465 name: "SendInvalidRecordType",
1466 config: Config{
1467 Bugs: ProtocolBugs{
1468 SendInvalidRecordType: true,
1469 },
1470 },
1471 shouldFail: true,
1472 expectedError: ":UNEXPECTED_RECORD:",
1473 },
1474 {
1475 protocol: dtls,
1476 name: "SendInvalidRecordType-DTLS",
1477 config: Config{
1478 Bugs: ProtocolBugs{
1479 SendInvalidRecordType: true,
1480 },
1481 },
1482 shouldFail: true,
1483 expectedError: ":UNEXPECTED_RECORD:",
1484 },
1485 {
1486 name: "FalseStart-SkipServerSecondLeg",
1487 config: Config{
1488 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1489 NextProtos: []string{"foo"},
1490 Bugs: ProtocolBugs{
1491 SkipNewSessionTicket: true,
1492 SkipChangeCipherSpec: true,
1493 SkipFinished: true,
1494 ExpectFalseStart: true,
1495 },
1496 },
1497 flags: []string{
1498 "-false-start",
1499 "-handshake-never-done",
1500 "-advertise-alpn", "\x03foo",
1501 },
1502 shimWritesFirst: true,
1503 shouldFail: true,
1504 expectedError: ":UNEXPECTED_RECORD:",
1505 },
1506 {
1507 name: "FalseStart-SkipServerSecondLeg-Implicit",
1508 config: Config{
1509 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1510 NextProtos: []string{"foo"},
1511 Bugs: ProtocolBugs{
1512 SkipNewSessionTicket: true,
1513 SkipChangeCipherSpec: true,
1514 SkipFinished: true,
1515 },
1516 },
1517 flags: []string{
1518 "-implicit-handshake",
1519 "-false-start",
1520 "-handshake-never-done",
1521 "-advertise-alpn", "\x03foo",
1522 },
1523 shouldFail: true,
1524 expectedError: ":UNEXPECTED_RECORD:",
1525 },
1526 {
1527 testType: serverTest,
1528 name: "FailEarlyCallback",
1529 flags: []string{"-fail-early-callback"},
1530 shouldFail: true,
1531 expectedError: ":CONNECTION_REJECTED:",
1532 expectedLocalError: "remote error: access denied",
1533 },
1534 {
1535 name: "WrongMessageType",
1536 config: Config{
1537 Bugs: ProtocolBugs{
1538 WrongCertificateMessageType: true,
1539 },
1540 },
1541 shouldFail: true,
1542 expectedError: ":UNEXPECTED_MESSAGE:",
1543 expectedLocalError: "remote error: unexpected message",
1544 },
1545 {
1546 protocol: dtls,
1547 name: "WrongMessageType-DTLS",
1548 config: Config{
1549 Bugs: ProtocolBugs{
1550 WrongCertificateMessageType: true,
1551 },
1552 },
1553 shouldFail: true,
1554 expectedError: ":UNEXPECTED_MESSAGE:",
1555 expectedLocalError: "remote error: unexpected message",
1556 },
1557 {
1558 protocol: dtls,
1559 name: "FragmentMessageTypeMismatch-DTLS",
1560 config: Config{
1561 Bugs: ProtocolBugs{
1562 MaxHandshakeRecordLength: 2,
1563 FragmentMessageTypeMismatch: true,
1564 },
1565 },
1566 shouldFail: true,
1567 expectedError: ":FRAGMENT_MISMATCH:",
1568 },
1569 {
1570 protocol: dtls,
1571 name: "FragmentMessageLengthMismatch-DTLS",
1572 config: Config{
1573 Bugs: ProtocolBugs{
1574 MaxHandshakeRecordLength: 2,
1575 FragmentMessageLengthMismatch: true,
1576 },
1577 },
1578 shouldFail: true,
1579 expectedError: ":FRAGMENT_MISMATCH:",
1580 },
1581 {
1582 protocol: dtls,
1583 name: "SplitFragments-Header-DTLS",
1584 config: Config{
1585 Bugs: ProtocolBugs{
1586 SplitFragments: 2,
1587 },
1588 },
1589 shouldFail: true,
1590 expectedError: ":UNEXPECTED_MESSAGE:",
1591 },
1592 {
1593 protocol: dtls,
1594 name: "SplitFragments-Boundary-DTLS",
1595 config: Config{
1596 Bugs: ProtocolBugs{
1597 SplitFragments: dtlsRecordHeaderLen,
1598 },
1599 },
1600 shouldFail: true,
1601 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1602 },
1603 {
1604 protocol: dtls,
1605 name: "SplitFragments-Body-DTLS",
1606 config: Config{
1607 Bugs: ProtocolBugs{
1608 SplitFragments: dtlsRecordHeaderLen + 1,
1609 },
1610 },
1611 shouldFail: true,
1612 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1613 },
1614 {
1615 protocol: dtls,
1616 name: "SendEmptyFragments-DTLS",
1617 config: Config{
1618 Bugs: ProtocolBugs{
1619 SendEmptyFragments: true,
1620 },
1621 },
1622 },
1623 {
1624 name: "UnsupportedCipherSuite",
1625 config: Config{
1626 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1627 Bugs: ProtocolBugs{
1628 IgnorePeerCipherPreferences: true,
1629 },
1630 },
1631 flags: []string{"-cipher", "DEFAULT:!RC4"},
1632 shouldFail: true,
1633 expectedError: ":WRONG_CIPHER_RETURNED:",
1634 },
1635 {
1636 name: "UnsupportedCurve",
1637 config: Config{
1638 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1639 // BoringSSL implements P-224 but doesn't enable it by
1640 // default.
1641 CurvePreferences: []CurveID{CurveP224},
1642 Bugs: ProtocolBugs{
1643 IgnorePeerCurvePreferences: true,
1644 },
1645 },
1646 shouldFail: true,
1647 expectedError: ":WRONG_CURVE:",
1648 },
1649 {
1650 name: "BadFinished",
1651 config: Config{
1652 Bugs: ProtocolBugs{
1653 BadFinished: true,
1654 },
1655 },
1656 shouldFail: true,
1657 expectedError: ":DIGEST_CHECK_FAILED:",
1658 },
1659 {
1660 name: "FalseStart-BadFinished",
1661 config: Config{
1662 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1663 NextProtos: []string{"foo"},
1664 Bugs: ProtocolBugs{
1665 BadFinished: true,
1666 ExpectFalseStart: true,
1667 },
1668 },
1669 flags: []string{
1670 "-false-start",
1671 "-handshake-never-done",
1672 "-advertise-alpn", "\x03foo",
1673 },
1674 shimWritesFirst: true,
1675 shouldFail: true,
1676 expectedError: ":DIGEST_CHECK_FAILED:",
1677 },
1678 {
1679 name: "NoFalseStart-NoALPN",
1680 config: Config{
1681 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1682 Bugs: ProtocolBugs{
1683 ExpectFalseStart: true,
1684 AlertBeforeFalseStartTest: alertAccessDenied,
1685 },
1686 },
1687 flags: []string{
1688 "-false-start",
1689 },
1690 shimWritesFirst: true,
1691 shouldFail: true,
1692 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1693 expectedLocalError: "tls: peer did not false start: EOF",
1694 },
1695 {
1696 name: "NoFalseStart-NoAEAD",
1697 config: Config{
1698 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1699 NextProtos: []string{"foo"},
1700 Bugs: ProtocolBugs{
1701 ExpectFalseStart: true,
1702 AlertBeforeFalseStartTest: alertAccessDenied,
1703 },
1704 },
1705 flags: []string{
1706 "-false-start",
1707 "-advertise-alpn", "\x03foo",
1708 },
1709 shimWritesFirst: true,
1710 shouldFail: true,
1711 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1712 expectedLocalError: "tls: peer did not false start: EOF",
1713 },
1714 {
1715 name: "NoFalseStart-RSA",
1716 config: Config{
1717 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1718 NextProtos: []string{"foo"},
1719 Bugs: ProtocolBugs{
1720 ExpectFalseStart: true,
1721 AlertBeforeFalseStartTest: alertAccessDenied,
1722 },
1723 },
1724 flags: []string{
1725 "-false-start",
1726 "-advertise-alpn", "\x03foo",
1727 },
1728 shimWritesFirst: true,
1729 shouldFail: true,
1730 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1731 expectedLocalError: "tls: peer did not false start: EOF",
1732 },
1733 {
1734 name: "NoFalseStart-DHE_RSA",
1735 config: Config{
1736 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1737 NextProtos: []string{"foo"},
1738 Bugs: ProtocolBugs{
1739 ExpectFalseStart: true,
1740 AlertBeforeFalseStartTest: alertAccessDenied,
1741 },
1742 },
1743 flags: []string{
1744 "-false-start",
1745 "-advertise-alpn", "\x03foo",
1746 },
1747 shimWritesFirst: true,
1748 shouldFail: true,
1749 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1750 expectedLocalError: "tls: peer did not false start: EOF",
1751 },
1752 {
1753 testType: serverTest,
1754 name: "NoSupportedCurves",
1755 config: Config{
1756 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1757 Bugs: ProtocolBugs{
1758 NoSupportedCurves: true,
1759 },
1760 },
1761 },
1762 {
1763 testType: serverTest,
1764 name: "NoCommonCurves",
1765 config: Config{
1766 CipherSuites: []uint16{
1767 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1768 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1769 },
1770 CurvePreferences: []CurveID{CurveP224},
1771 },
1772 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1773 },
1774 {
1775 protocol: dtls,
1776 name: "SendSplitAlert-Sync",
1777 config: Config{
1778 Bugs: ProtocolBugs{
1779 SendSplitAlert: true,
1780 },
1781 },
1782 },
1783 {
1784 protocol: dtls,
1785 name: "SendSplitAlert-Async",
1786 config: Config{
1787 Bugs: ProtocolBugs{
1788 SendSplitAlert: true,
1789 },
1790 },
1791 flags: []string{"-async"},
1792 },
1793 {
1794 protocol: dtls,
1795 name: "PackDTLSHandshake",
1796 config: Config{
1797 Bugs: ProtocolBugs{
1798 MaxHandshakeRecordLength: 2,
1799 PackHandshakeFragments: 20,
1800 PackHandshakeRecords: 200,
1801 },
1802 },
1803 },
1804 {
1805 testType: serverTest,
1806 protocol: dtls,
1807 name: "NoRC4-DTLS",
1808 config: Config{
1809 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1810 Bugs: ProtocolBugs{
1811 EnableAllCiphersInDTLS: true,
1812 },
1813 },
1814 shouldFail: true,
1815 expectedError: ":NO_SHARED_CIPHER:",
1816 },
1817 {
1818 name: "SendEmptyRecords-Pass",
1819 sendEmptyRecords: 32,
1820 },
1821 {
1822 name: "SendEmptyRecords",
1823 sendEmptyRecords: 33,
1824 shouldFail: true,
1825 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1826 },
1827 {
1828 name: "SendEmptyRecords-Async",
1829 sendEmptyRecords: 33,
1830 flags: []string{"-async"},
1831 shouldFail: true,
1832 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1833 },
1834 {
1835 name: "SendWarningAlerts-Pass",
1836 sendWarningAlerts: 4,
1837 },
1838 {
1839 protocol: dtls,
1840 name: "SendWarningAlerts-DTLS-Pass",
1841 sendWarningAlerts: 4,
1842 },
1843 {
1844 name: "SendWarningAlerts",
1845 sendWarningAlerts: 5,
1846 shouldFail: true,
1847 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1848 },
1849 {
1850 name: "SendWarningAlerts-Async",
1851 sendWarningAlerts: 5,
1852 flags: []string{"-async"},
1853 shouldFail: true,
1854 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1855 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1856 {
1857 name: "EmptySessionID",
1858 config: Config{
1859 SessionTicketsDisabled: true,
1860 },
1861 noSessionCache: true,
1862 flags: []string{"-expect-no-session"},
1863 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1864 {
1865 name: "Unclean-Shutdown",
1866 config: Config{
1867 Bugs: ProtocolBugs{
1868 NoCloseNotify: true,
1869 ExpectCloseNotify: true,
1870 },
1871 },
1872 shimShutsDown: true,
1873 flags: []string{"-check-close-notify"},
1874 shouldFail: true,
1875 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1876 },
1877 {
1878 name: "Unclean-Shutdown-Ignored",
1879 config: Config{
1880 Bugs: ProtocolBugs{
1881 NoCloseNotify: true,
1882 },
1883 },
1884 shimShutsDown: true,
1885 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1886 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1887 testCases = append(testCases, basicTests...)
1888}
1889
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1890func addCipherSuiteTests() {
1891 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1892 const psk = "12345"
1893 const pskIdentity = "luggage combo"
1894
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1895 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1896 var certFile string
1897 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1898 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1899 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1900 certFile = ecdsaCertificateFile
1901 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1902 } else {
1903 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1904 certFile = rsaCertificateFile
1905 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1906 }
1907
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1908 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1909 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1910 flags = append(flags,
1911 "-psk", psk,
1912 "-psk-identity", pskIdentity)
1913 }
1914
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1915 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1916 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1917 continue
1918 }
1919
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1920 testCases = append(testCases, testCase{
1921 testType: clientTest,
1922 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1923 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1924 MinVersion: ver.version,
1925 MaxVersion: ver.version,
1926 CipherSuites: []uint16{suite.id},
1927 Certificates: []Certificate{cert},
David Benjamin68793732015-05-04 20:20:48 -0400[diff] [blame]1928 PreSharedKey: []byte(psk),
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1929 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1930 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1931 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1932 resumeSession: true,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1933 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1934
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1935 testCases = append(testCases, testCase{
1936 testType: serverTest,
1937 name: ver.name + "-" + suite.name + "-server",
1938 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1939 MinVersion: ver.version,
1940 MaxVersion: ver.version,
1941 CipherSuites: []uint16{suite.id},
1942 Certificates: []Certificate{cert},
1943 PreSharedKey: []byte(psk),
1944 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1945 },
1946 certFile: certFile,
1947 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1948 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1949 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1950 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1951
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1952 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1953 testCases = append(testCases, testCase{
1954 testType: clientTest,
1955 protocol: dtls,
1956 name: "D" + ver.name + "-" + suite.name + "-client",
1957 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1958 MinVersion: ver.version,
1959 MaxVersion: ver.version,
1960 CipherSuites: []uint16{suite.id},
1961 Certificates: []Certificate{cert},
1962 PreSharedKey: []byte(psk),
1963 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1964 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1965 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1966 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1967 })
1968 testCases = append(testCases, testCase{
1969 testType: serverTest,
1970 protocol: dtls,
1971 name: "D" + ver.name + "-" + suite.name + "-server",
1972 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1973 MinVersion: ver.version,
1974 MaxVersion: ver.version,
1975 CipherSuites: []uint16{suite.id},
1976 Certificates: []Certificate{cert},
1977 PreSharedKey: []byte(psk),
1978 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1979 },
1980 certFile: certFile,
1981 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1982 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1983 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1984 })
1985 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1986 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]1987
1988 // Ensure both TLS and DTLS accept their maximum record sizes.
1989 testCases = append(testCases, testCase{
1990 name: suite.name + "-LargeRecord",
1991 config: Config{
1992 CipherSuites: []uint16{suite.id},
1993 Certificates: []Certificate{cert},
1994 PreSharedKey: []byte(psk),
1995 PreSharedKeyIdentity: pskIdentity,
1996 },
1997 flags: flags,
1998 messageLen: maxPlaintext,
1999 })
2000 testCases = append(testCases, testCase{
2001 name: suite.name + "-LargeRecord-Extra",
2002 config: Config{
2003 CipherSuites: []uint16{suite.id},
2004 Certificates: []Certificate{cert},
2005 PreSharedKey: []byte(psk),
2006 PreSharedKeyIdentity: pskIdentity,
2007 Bugs: ProtocolBugs{
2008 SendLargeRecords: true,
2009 },
2010 },
2011 flags: append(flags, "-microsoft-big-sslv3-buffer"),
2012 messageLen: maxPlaintext + 16384,
2013 })
2014 if isDTLSCipher(suite.name) {
2015 testCases = append(testCases, testCase{
2016 protocol: dtls,
2017 name: suite.name + "-LargeRecord-DTLS",
2018 config: Config{
2019 CipherSuites: []uint16{suite.id},
2020 Certificates: []Certificate{cert},
2021 PreSharedKey: []byte(psk),
2022 PreSharedKeyIdentity: pskIdentity,
2023 },
2024 flags: flags,
2025 messageLen: maxPlaintext,
2026 })
2027 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2028 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2029
2030 testCases = append(testCases, testCase{
2031 name: "WeakDH",
2032 config: Config{
2033 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2034 Bugs: ProtocolBugs{
2035 // This is a 1023-bit prime number, generated
2036 // with:
2037 // openssl gendh 1023 | openssl asn1parse -i
2038 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2039 },
2040 },
2041 shouldFail: true,
2042 expectedError: "BAD_DH_P_LENGTH",
2043 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2044}
2045
2046func addBadECDSASignatureTests() {
2047 for badR := BadValue(1); badR < NumBadValues; badR++ {
2048 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2049 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2050 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2051 config: Config{
2052 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2053 Certificates: []Certificate{getECDSACertificate()},
2054 Bugs: ProtocolBugs{
2055 BadECDSAR: badR,
2056 BadECDSAS: badS,
2057 },
2058 },
2059 shouldFail: true,
2060 expectedError: "SIGNATURE",
2061 })
2062 }
2063 }
2064}
2065
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2066func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2067 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2068 name: "MaxCBCPadding",
2069 config: Config{
2070 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2071 Bugs: ProtocolBugs{
2072 MaxPadding: true,
2073 },
2074 },
2075 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2076 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2077 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2078 name: "BadCBCPadding",
2079 config: Config{
2080 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2081 Bugs: ProtocolBugs{
2082 PaddingFirstByteBad: true,
2083 },
2084 },
2085 shouldFail: true,
2086 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2087 })
2088 // OpenSSL previously had an issue where the first byte of padding in
2089 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2090 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2091 name: "BadCBCPadding255",
2092 config: Config{
2093 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2094 Bugs: ProtocolBugs{
2095 MaxPadding: true,
2096 PaddingFirstByteBadIf255: true,
2097 },
2098 },
2099 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2100 shouldFail: true,
2101 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2102 })
2103}
2104
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2105func addCBCSplittingTests() {
2106 testCases = append(testCases, testCase{
2107 name: "CBCRecordSplitting",
2108 config: Config{
2109 MaxVersion: VersionTLS10,
2110 MinVersion: VersionTLS10,
2111 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2112 },
2113 messageLen: -1, // read until EOF
2114 flags: []string{
2115 "-async",
2116 "-write-different-record-sizes",
2117 "-cbc-record-splitting",
2118 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2119 })
2120 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2121 name: "CBCRecordSplittingPartialWrite",
2122 config: Config{
2123 MaxVersion: VersionTLS10,
2124 MinVersion: VersionTLS10,
2125 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2126 },
2127 messageLen: -1, // read until EOF
2128 flags: []string{
2129 "-async",
2130 "-write-different-record-sizes",
2131 "-cbc-record-splitting",
2132 "-partial-write",
2133 },
2134 })
2135}
2136
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2137func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2138 // Add a dummy cert pool to stress certificate authority parsing.
2139 // TODO(davidben): Add tests that those values parse out correctly.
2140 certPool := x509.NewCertPool()
2141 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2142 if err != nil {
2143 panic(err)
2144 }
2145 certPool.AddCert(cert)
2146
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2147 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2148 testCases = append(testCases, testCase{
2149 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2150 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2151 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2152 MinVersion: ver.version,
2153 MaxVersion: ver.version,
2154 ClientAuth: RequireAnyClientCert,
2155 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2156 },
2157 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2158 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2159 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2160 },
2161 })
2162 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2163 testType: serverTest,
2164 name: ver.name + "-Server-ClientAuth-RSA",
2165 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2166 MinVersion: ver.version,
2167 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2168 Certificates: []Certificate{rsaCertificate},
2169 },
2170 flags: []string{"-require-any-client-certificate"},
2171 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2172 if ver.version != VersionSSL30 {
2173 testCases = append(testCases, testCase{
2174 testType: serverTest,
2175 name: ver.name + "-Server-ClientAuth-ECDSA",
2176 config: Config{
2177 MinVersion: ver.version,
2178 MaxVersion: ver.version,
2179 Certificates: []Certificate{ecdsaCertificate},
2180 },
2181 flags: []string{"-require-any-client-certificate"},
2182 })
2183 testCases = append(testCases, testCase{
2184 testType: clientTest,
2185 name: ver.name + "-Client-ClientAuth-ECDSA",
2186 config: Config{
2187 MinVersion: ver.version,
2188 MaxVersion: ver.version,
2189 ClientAuth: RequireAnyClientCert,
2190 ClientCAs: certPool,
2191 },
2192 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2193 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2194 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2195 },
2196 })
2197 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2198 }
2199}
2200
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2201func addExtendedMasterSecretTests() {
2202 const expectEMSFlag = "-expect-extended-master-secret"
2203
2204 for _, with := range []bool{false, true} {
2205 prefix := "No"
2206 var flags []string
2207 if with {
2208 prefix = ""
2209 flags = []string{expectEMSFlag}
2210 }
2211
2212 for _, isClient := range []bool{false, true} {
2213 suffix := "-Server"
2214 testType := serverTest
2215 if isClient {
2216 suffix = "-Client"
2217 testType = clientTest
2218 }
2219
2220 for _, ver := range tlsVersions {
2221 test := testCase{
2222 testType: testType,
2223 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2224 config: Config{
2225 MinVersion: ver.version,
2226 MaxVersion: ver.version,
2227 Bugs: ProtocolBugs{
2228 NoExtendedMasterSecret: !with,
2229 RequireExtendedMasterSecret: with,
2230 },
2231 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2232 flags: flags,
2233 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2234 }
2235 if test.shouldFail {
2236 test.expectedLocalError = "extended master secret required but not supported by peer"
2237 }
2238 testCases = append(testCases, test)
2239 }
2240 }
2241 }
2242
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2243 for _, isClient := range []bool{false, true} {
2244 for _, supportedInFirstConnection := range []bool{false, true} {
2245 for _, supportedInResumeConnection := range []bool{false, true} {
2246 boolToWord := func(b bool) string {
2247 if b {
2248 return "Yes"
2249 }
2250 return "No"
2251 }
2252 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2253 if isClient {
2254 suffix += "Client"
2255 } else {
2256 suffix += "Server"
2257 }
2258
2259 supportedConfig := Config{
2260 Bugs: ProtocolBugs{
2261 RequireExtendedMasterSecret: true,
2262 },
2263 }
2264
2265 noSupportConfig := Config{
2266 Bugs: ProtocolBugs{
2267 NoExtendedMasterSecret: true,
2268 },
2269 }
2270
2271 test := testCase{
2272 name: "ExtendedMasterSecret-" + suffix,
2273 resumeSession: true,
2274 }
2275
2276 if !isClient {
2277 test.testType = serverTest
2278 }
2279
2280 if supportedInFirstConnection {
2281 test.config = supportedConfig
2282 } else {
2283 test.config = noSupportConfig
2284 }
2285
2286 if supportedInResumeConnection {
2287 test.resumeConfig = &supportedConfig
2288 } else {
2289 test.resumeConfig = &noSupportConfig
2290 }
2291
2292 switch suffix {
2293 case "YesToYes-Client", "YesToYes-Server":
2294 // When a session is resumed, it should
2295 // still be aware that its master
2296 // secret was generated via EMS and
2297 // thus it's safe to use tls-unique.
2298 test.flags = []string{expectEMSFlag}
2299 case "NoToYes-Server":
2300 // If an original connection did not
2301 // contain EMS, but a resumption
2302 // handshake does, then a server should
2303 // not resume the session.
2304 test.expectResumeRejected = true
2305 case "YesToNo-Server":
2306 // Resuming an EMS session without the
2307 // EMS extension should cause the
2308 // server to abort the connection.
2309 test.shouldFail = true
2310 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2311 case "NoToYes-Client":
2312 // A client should abort a connection
2313 // where the server resumed a non-EMS
2314 // session but echoed the EMS
2315 // extension.
2316 test.shouldFail = true
2317 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2318 case "YesToNo-Client":
2319 // A client should abort a connection
2320 // where the server didn't echo EMS
2321 // when the session used it.
2322 test.shouldFail = true
2323 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2324 }
2325
2326 testCases = append(testCases, test)
2327 }
2328 }
2329 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2330}
2331
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2332// Adds tests that try to cover the range of the handshake state machine, under
2333// various conditions. Some of these are redundant with other tests, but they
2334// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2335func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2336 var tests []testCase
2337
2338 // Basic handshake, with resumption. Client and server,
2339 // session ID and session ticket.
2340 tests = append(tests, testCase{
2341 name: "Basic-Client",
2342 resumeSession: true,
2343 })
2344 tests = append(tests, testCase{
2345 name: "Basic-Client-RenewTicket",
2346 config: Config{
2347 Bugs: ProtocolBugs{
2348 RenewTicketOnResume: true,
2349 },
2350 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2351 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2352 resumeSession: true,
2353 })
2354 tests = append(tests, testCase{
2355 name: "Basic-Client-NoTicket",
2356 config: Config{
2357 SessionTicketsDisabled: true,
2358 },
2359 resumeSession: true,
2360 })
2361 tests = append(tests, testCase{
2362 name: "Basic-Client-Implicit",
2363 flags: []string{"-implicit-handshake"},
2364 resumeSession: true,
2365 })
2366 tests = append(tests, testCase{
2367 testType: serverTest,
2368 name: "Basic-Server",
2369 resumeSession: true,
2370 })
2371 tests = append(tests, testCase{
2372 testType: serverTest,
2373 name: "Basic-Server-NoTickets",
2374 config: Config{
2375 SessionTicketsDisabled: true,
2376 },
2377 resumeSession: true,
2378 })
2379 tests = append(tests, testCase{
2380 testType: serverTest,
2381 name: "Basic-Server-Implicit",
2382 flags: []string{"-implicit-handshake"},
2383 resumeSession: true,
2384 })
2385 tests = append(tests, testCase{
2386 testType: serverTest,
2387 name: "Basic-Server-EarlyCallback",
2388 flags: []string{"-use-early-callback"},
2389 resumeSession: true,
2390 })
2391
2392 // TLS client auth.
2393 tests = append(tests, testCase{
2394 testType: clientTest,
2395 name: "ClientAuth-Client",
2396 config: Config{
2397 ClientAuth: RequireAnyClientCert,
2398 },
2399 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2400 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2401 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2402 },
2403 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2404 if async {
2405 tests = append(tests, testCase{
2406 testType: clientTest,
2407 name: "ClientAuth-Client-AsyncKey",
2408 config: Config{
2409 ClientAuth: RequireAnyClientCert,
2410 },
2411 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2412 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2413 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2414 "-use-async-private-key",
2415 },
2416 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2417 tests = append(tests, testCase{
2418 testType: serverTest,
2419 name: "Basic-Server-RSAAsyncKey",
2420 flags: []string{
2421 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2422 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2423 "-use-async-private-key",
2424 },
2425 })
2426 tests = append(tests, testCase{
2427 testType: serverTest,
2428 name: "Basic-Server-ECDSAAsyncKey",
2429 flags: []string{
2430 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2431 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2432 "-use-async-private-key",
2433 },
2434 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2435 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2436 tests = append(tests, testCase{
2437 testType: serverTest,
2438 name: "ClientAuth-Server",
2439 config: Config{
2440 Certificates: []Certificate{rsaCertificate},
2441 },
2442 flags: []string{"-require-any-client-certificate"},
2443 })
2444
2445 // No session ticket support; server doesn't send NewSessionTicket.
2446 tests = append(tests, testCase{
2447 name: "SessionTicketsDisabled-Client",
2448 config: Config{
2449 SessionTicketsDisabled: true,
2450 },
2451 })
2452 tests = append(tests, testCase{
2453 testType: serverTest,
2454 name: "SessionTicketsDisabled-Server",
2455 config: Config{
2456 SessionTicketsDisabled: true,
2457 },
2458 })
2459
2460 // Skip ServerKeyExchange in PSK key exchange if there's no
2461 // identity hint.
2462 tests = append(tests, testCase{
2463 name: "EmptyPSKHint-Client",
2464 config: Config{
2465 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2466 PreSharedKey: []byte("secret"),
2467 },
2468 flags: []string{"-psk", "secret"},
2469 })
2470 tests = append(tests, testCase{
2471 testType: serverTest,
2472 name: "EmptyPSKHint-Server",
2473 config: Config{
2474 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2475 PreSharedKey: []byte("secret"),
2476 },
2477 flags: []string{"-psk", "secret"},
2478 })
2479
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2480 tests = append(tests, testCase{
2481 testType: clientTest,
2482 name: "OCSPStapling-Client",
2483 flags: []string{
2484 "-enable-ocsp-stapling",
2485 "-expect-ocsp-response",
2486 base64.StdEncoding.EncodeToString(testOCSPResponse),
2487 },
2488 })
2489
2490 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2491 testType: serverTest,
2492 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2493 expectedOCSPResponse: testOCSPResponse,
2494 flags: []string{
2495 "-ocsp-response",
2496 base64.StdEncoding.EncodeToString(testOCSPResponse),
2497 },
2498 })
2499
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2500 if protocol == tls {
2501 tests = append(tests, testCase{
2502 name: "Renegotiate-Client",
2503 renegotiate: true,
2504 })
2505 // NPN on client and server; results in post-handshake message.
2506 tests = append(tests, testCase{
2507 name: "NPN-Client",
2508 config: Config{
2509 NextProtos: []string{"foo"},
2510 },
2511 flags: []string{"-select-next-proto", "foo"},
2512 expectedNextProto: "foo",
2513 expectedNextProtoType: npn,
2514 })
2515 tests = append(tests, testCase{
2516 testType: serverTest,
2517 name: "NPN-Server",
2518 config: Config{
2519 NextProtos: []string{"bar"},
2520 },
2521 flags: []string{
2522 "-advertise-npn", "\x03foo\x03bar\x03baz",
2523 "-expect-next-proto", "bar",
2524 },
2525 expectedNextProto: "bar",
2526 expectedNextProtoType: npn,
2527 })
2528
2529 // TODO(davidben): Add tests for when False Start doesn't trigger.
2530
2531 // Client does False Start and negotiates NPN.
2532 tests = append(tests, testCase{
2533 name: "FalseStart",
2534 config: Config{
2535 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2536 NextProtos: []string{"foo"},
2537 Bugs: ProtocolBugs{
2538 ExpectFalseStart: true,
2539 },
2540 },
2541 flags: []string{
2542 "-false-start",
2543 "-select-next-proto", "foo",
2544 },
2545 shimWritesFirst: true,
2546 resumeSession: true,
2547 })
2548
2549 // Client does False Start and negotiates ALPN.
2550 tests = append(tests, testCase{
2551 name: "FalseStart-ALPN",
2552 config: Config{
2553 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2554 NextProtos: []string{"foo"},
2555 Bugs: ProtocolBugs{
2556 ExpectFalseStart: true,
2557 },
2558 },
2559 flags: []string{
2560 "-false-start",
2561 "-advertise-alpn", "\x03foo",
2562 },
2563 shimWritesFirst: true,
2564 resumeSession: true,
2565 })
2566
2567 // Client does False Start but doesn't explicitly call
2568 // SSL_connect.
2569 tests = append(tests, testCase{
2570 name: "FalseStart-Implicit",
2571 config: Config{
2572 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2573 NextProtos: []string{"foo"},
2574 },
2575 flags: []string{
2576 "-implicit-handshake",
2577 "-false-start",
2578 "-advertise-alpn", "\x03foo",
2579 },
2580 })
2581
2582 // False Start without session tickets.
2583 tests = append(tests, testCase{
2584 name: "FalseStart-SessionTicketsDisabled",
2585 config: Config{
2586 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2587 NextProtos: []string{"foo"},
2588 SessionTicketsDisabled: true,
2589 Bugs: ProtocolBugs{
2590 ExpectFalseStart: true,
2591 },
2592 },
2593 flags: []string{
2594 "-false-start",
2595 "-select-next-proto", "foo",
2596 },
2597 shimWritesFirst: true,
2598 })
2599
2600 // Server parses a V2ClientHello.
2601 tests = append(tests, testCase{
2602 testType: serverTest,
2603 name: "SendV2ClientHello",
2604 config: Config{
2605 // Choose a cipher suite that does not involve
2606 // elliptic curves, so no extensions are
2607 // involved.
2608 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2609 Bugs: ProtocolBugs{
2610 SendV2ClientHello: true,
2611 },
2612 },
2613 })
2614
2615 // Client sends a Channel ID.
2616 tests = append(tests, testCase{
2617 name: "ChannelID-Client",
2618 config: Config{
2619 RequestChannelID: true,
2620 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2621 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2622 resumeSession: true,
2623 expectChannelID: true,
2624 })
2625
2626 // Server accepts a Channel ID.
2627 tests = append(tests, testCase{
2628 testType: serverTest,
2629 name: "ChannelID-Server",
2630 config: Config{
2631 ChannelID: channelIDKey,
2632 },
2633 flags: []string{
2634 "-expect-channel-id",
2635 base64.StdEncoding.EncodeToString(channelIDBytes),
2636 },
2637 resumeSession: true,
2638 expectChannelID: true,
2639 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2640
2641 // Bidirectional shutdown with the runner initiating.
2642 tests = append(tests, testCase{
2643 name: "Shutdown-Runner",
2644 config: Config{
2645 Bugs: ProtocolBugs{
2646 ExpectCloseNotify: true,
2647 },
2648 },
2649 flags: []string{"-check-close-notify"},
2650 })
2651
2652 // Bidirectional shutdown with the shim initiating. The runner,
2653 // in the meantime, sends garbage before the close_notify which
2654 // the shim must ignore.
2655 tests = append(tests, testCase{
2656 name: "Shutdown-Shim",
2657 config: Config{
2658 Bugs: ProtocolBugs{
2659 ExpectCloseNotify: true,
2660 },
2661 },
2662 shimShutsDown: true,
2663 sendEmptyRecords: 1,
2664 sendWarningAlerts: 1,
2665 flags: []string{"-check-close-notify"},
2666 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2667 } else {
2668 tests = append(tests, testCase{
2669 name: "SkipHelloVerifyRequest",
2670 config: Config{
2671 Bugs: ProtocolBugs{
2672 SkipHelloVerifyRequest: true,
2673 },
2674 },
2675 })
2676 }
2677
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2678 var suffix string
2679 var flags []string
2680 var maxHandshakeRecordLength int
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2681 if protocol == dtls {
2682 suffix = "-DTLS"
2683 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2684 if async {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2685 suffix += "-Async"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2686 flags = append(flags, "-async")
2687 } else {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2688 suffix += "-Sync"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2689 }
2690 if splitHandshake {
2691 suffix += "-SplitHandshakeRecords"
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]2692 maxHandshakeRecordLength = 1
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2693 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2694 for _, test := range tests {
2695 test.protocol = protocol
2696 test.name += suffix
2697 test.config.Bugs.MaxHandshakeRecordLength = maxHandshakeRecordLength
2698 test.flags = append(test.flags, flags...)
2699 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2700 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2701}
2702
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]2703func addDDoSCallbackTests() {
2704 // DDoS callback.
2705
2706 for _, resume := range []bool{false, true} {
2707 suffix := "Resume"
2708 if resume {
2709 suffix = "No" + suffix
2710 }
2711
2712 testCases = append(testCases, testCase{
2713 testType: serverTest,
2714 name: "Server-DDoS-OK-" + suffix,
2715 flags: []string{"-install-ddos-callback"},
2716 resumeSession: resume,
2717 })
2718
2719 failFlag := "-fail-ddos-callback"
2720 if resume {
2721 failFlag = "-fail-second-ddos-callback"
2722 }
2723 testCases = append(testCases, testCase{
2724 testType: serverTest,
2725 name: "Server-DDoS-Reject-" + suffix,
2726 flags: []string{"-install-ddos-callback", failFlag},
2727 resumeSession: resume,
2728 shouldFail: true,
2729 expectedError: ":CONNECTION_REJECTED:",
2730 })
2731 }
2732}
2733
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2734func addVersionNegotiationTests() {
2735 for i, shimVers := range tlsVersions {
2736 // Assemble flags to disable all newer versions on the shim.
2737 var flags []string
2738 for _, vers := range tlsVersions[i+1:] {
2739 flags = append(flags, vers.flag)
2740 }
2741
2742 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2743 protocols := []protocol{tls}
2744 if runnerVers.hasDTLS && shimVers.hasDTLS {
2745 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2746 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2747 for _, protocol := range protocols {
2748 expectedVersion := shimVers.version
2749 if runnerVers.version < shimVers.version {
2750 expectedVersion = runnerVers.version
2751 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2752
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2753 suffix := shimVers.name + "-" + runnerVers.name
2754 if protocol == dtls {
2755 suffix += "-DTLS"
2756 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2757
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2758 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
2759
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2760 clientVers := shimVers.version
2761 if clientVers > VersionTLS10 {
2762 clientVers = VersionTLS10
2763 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2764 testCases = append(testCases, testCase{
2765 protocol: protocol,
2766 testType: clientTest,
2767 name: "VersionNegotiation-Client-" + suffix,
2768 config: Config{
2769 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2770 Bugs: ProtocolBugs{
2771 ExpectInitialRecordVersion: clientVers,
2772 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2773 },
2774 flags: flags,
2775 expectedVersion: expectedVersion,
2776 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2777 testCases = append(testCases, testCase{
2778 protocol: protocol,
2779 testType: clientTest,
2780 name: "VersionNegotiation-Client2-" + suffix,
2781 config: Config{
2782 MaxVersion: runnerVers.version,
2783 Bugs: ProtocolBugs{
2784 ExpectInitialRecordVersion: clientVers,
2785 },
2786 },
2787 flags: []string{"-max-version", shimVersFlag},
2788 expectedVersion: expectedVersion,
2789 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2790
2791 testCases = append(testCases, testCase{
2792 protocol: protocol,
2793 testType: serverTest,
2794 name: "VersionNegotiation-Server-" + suffix,
2795 config: Config{
2796 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2797 Bugs: ProtocolBugs{
2798 ExpectInitialRecordVersion: expectedVersion,
2799 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2800 },
2801 flags: flags,
2802 expectedVersion: expectedVersion,
2803 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2804 testCases = append(testCases, testCase{
2805 protocol: protocol,
2806 testType: serverTest,
2807 name: "VersionNegotiation-Server2-" + suffix,
2808 config: Config{
2809 MaxVersion: runnerVers.version,
2810 Bugs: ProtocolBugs{
2811 ExpectInitialRecordVersion: expectedVersion,
2812 },
2813 },
2814 flags: []string{"-max-version", shimVersFlag},
2815 expectedVersion: expectedVersion,
2816 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2817 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2818 }
2819 }
2820}
2821
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2822func addMinimumVersionTests() {
2823 for i, shimVers := range tlsVersions {
2824 // Assemble flags to disable all older versions on the shim.
2825 var flags []string
2826 for _, vers := range tlsVersions[:i] {
2827 flags = append(flags, vers.flag)
2828 }
2829
2830 for _, runnerVers := range tlsVersions {
2831 protocols := []protocol{tls}
2832 if runnerVers.hasDTLS && shimVers.hasDTLS {
2833 protocols = append(protocols, dtls)
2834 }
2835 for _, protocol := range protocols {
2836 suffix := shimVers.name + "-" + runnerVers.name
2837 if protocol == dtls {
2838 suffix += "-DTLS"
2839 }
2840 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
2841
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2842 var expectedVersion uint16
2843 var shouldFail bool
2844 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2845 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2846 if runnerVers.version >= shimVers.version {
2847 expectedVersion = runnerVers.version
2848 } else {
2849 shouldFail = true
2850 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2851 if runnerVers.version > VersionSSL30 {
2852 expectedLocalError = "remote error: protocol version not supported"
2853 } else {
2854 expectedLocalError = "remote error: handshake failure"
2855 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2856 }
2857
2858 testCases = append(testCases, testCase{
2859 protocol: protocol,
2860 testType: clientTest,
2861 name: "MinimumVersion-Client-" + suffix,
2862 config: Config{
2863 MaxVersion: runnerVers.version,
2864 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2865 flags: flags,
2866 expectedVersion: expectedVersion,
2867 shouldFail: shouldFail,
2868 expectedError: expectedError,
2869 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2870 })
2871 testCases = append(testCases, testCase{
2872 protocol: protocol,
2873 testType: clientTest,
2874 name: "MinimumVersion-Client2-" + suffix,
2875 config: Config{
2876 MaxVersion: runnerVers.version,
2877 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2878 flags: []string{"-min-version", shimVersFlag},
2879 expectedVersion: expectedVersion,
2880 shouldFail: shouldFail,
2881 expectedError: expectedError,
2882 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2883 })
2884
2885 testCases = append(testCases, testCase{
2886 protocol: protocol,
2887 testType: serverTest,
2888 name: "MinimumVersion-Server-" + suffix,
2889 config: Config{
2890 MaxVersion: runnerVers.version,
2891 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2892 flags: flags,
2893 expectedVersion: expectedVersion,
2894 shouldFail: shouldFail,
2895 expectedError: expectedError,
2896 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2897 })
2898 testCases = append(testCases, testCase{
2899 protocol: protocol,
2900 testType: serverTest,
2901 name: "MinimumVersion-Server2-" + suffix,
2902 config: Config{
2903 MaxVersion: runnerVers.version,
2904 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2905 flags: []string{"-min-version", shimVersFlag},
2906 expectedVersion: expectedVersion,
2907 shouldFail: shouldFail,
2908 expectedError: expectedError,
2909 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2910 })
2911 }
2912 }
2913 }
2914}
2915
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]2916func addD5BugTests() {
2917 testCases = append(testCases, testCase{
2918 testType: serverTest,
2919 name: "D5Bug-NoQuirk-Reject",
2920 config: Config{
2921 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2922 Bugs: ProtocolBugs{
2923 SSL3RSAKeyExchange: true,
2924 },
2925 },
2926 shouldFail: true,
2927 expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
2928 })
2929 testCases = append(testCases, testCase{
2930 testType: serverTest,
2931 name: "D5Bug-Quirk-Normal",
2932 config: Config{
2933 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2934 },
2935 flags: []string{"-tls-d5-bug"},
2936 })
2937 testCases = append(testCases, testCase{
2938 testType: serverTest,
2939 name: "D5Bug-Quirk-Bug",
2940 config: Config{
2941 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2942 Bugs: ProtocolBugs{
2943 SSL3RSAKeyExchange: true,
2944 },
2945 },
2946 flags: []string{"-tls-d5-bug"},
2947 })
2948}
2949
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2950func addExtensionTests() {
2951 testCases = append(testCases, testCase{
2952 testType: clientTest,
2953 name: "DuplicateExtensionClient",
2954 config: Config{
2955 Bugs: ProtocolBugs{
2956 DuplicateExtension: true,
2957 },
2958 },
2959 shouldFail: true,
2960 expectedLocalError: "remote error: error decoding message",
2961 })
2962 testCases = append(testCases, testCase{
2963 testType: serverTest,
2964 name: "DuplicateExtensionServer",
2965 config: Config{
2966 Bugs: ProtocolBugs{
2967 DuplicateExtension: true,
2968 },
2969 },
2970 shouldFail: true,
2971 expectedLocalError: "remote error: error decoding message",
2972 })
2973 testCases = append(testCases, testCase{
2974 testType: clientTest,
2975 name: "ServerNameExtensionClient",
2976 config: Config{
2977 Bugs: ProtocolBugs{
2978 ExpectServerName: "example.com",
2979 },
2980 },
2981 flags: []string{"-host-name", "example.com"},
2982 })
2983 testCases = append(testCases, testCase{
2984 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]2985 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2986 config: Config{
2987 Bugs: ProtocolBugs{
2988 ExpectServerName: "mismatch.com",
2989 },
2990 },
2991 flags: []string{"-host-name", "example.com"},
2992 shouldFail: true,
2993 expectedLocalError: "tls: unexpected server name",
2994 })
2995 testCases = append(testCases, testCase{
2996 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]2997 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2998 config: Config{
2999 Bugs: ProtocolBugs{
3000 ExpectServerName: "missing.com",
3001 },
3002 },
3003 shouldFail: true,
3004 expectedLocalError: "tls: unexpected server name",
3005 })
3006 testCases = append(testCases, testCase{
3007 testType: serverTest,
3008 name: "ServerNameExtensionServer",
3009 config: Config{
3010 ServerName: "example.com",
3011 },
3012 flags: []string{"-expect-server-name", "example.com"},
3013 resumeSession: true,
3014 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3015 testCases = append(testCases, testCase{
3016 testType: clientTest,
3017 name: "ALPNClient",
3018 config: Config{
3019 NextProtos: []string{"foo"},
3020 },
3021 flags: []string{
3022 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3023 "-expect-alpn", "foo",
3024 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3025 expectedNextProto: "foo",
3026 expectedNextProtoType: alpn,
3027 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3028 })
3029 testCases = append(testCases, testCase{
3030 testType: serverTest,
3031 name: "ALPNServer",
3032 config: Config{
3033 NextProtos: []string{"foo", "bar", "baz"},
3034 },
3035 flags: []string{
3036 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3037 "-select-alpn", "foo",
3038 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3039 expectedNextProto: "foo",
3040 expectedNextProtoType: alpn,
3041 resumeSession: true,
3042 })
3043 // Test that the server prefers ALPN over NPN.
3044 testCases = append(testCases, testCase{
3045 testType: serverTest,
3046 name: "ALPNServer-Preferred",
3047 config: Config{
3048 NextProtos: []string{"foo", "bar", "baz"},
3049 },
3050 flags: []string{
3051 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3052 "-select-alpn", "foo",
3053 "-advertise-npn", "\x03foo\x03bar\x03baz",
3054 },
3055 expectedNextProto: "foo",
3056 expectedNextProtoType: alpn,
3057 resumeSession: true,
3058 })
3059 testCases = append(testCases, testCase{
3060 testType: serverTest,
3061 name: "ALPNServer-Preferred-Swapped",
3062 config: Config{
3063 NextProtos: []string{"foo", "bar", "baz"},
3064 Bugs: ProtocolBugs{
3065 SwapNPNAndALPN: true,
3066 },
3067 },
3068 flags: []string{
3069 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3070 "-select-alpn", "foo",
3071 "-advertise-npn", "\x03foo\x03bar\x03baz",
3072 },
3073 expectedNextProto: "foo",
3074 expectedNextProtoType: alpn,
3075 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3076 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3077 var emptyString string
3078 testCases = append(testCases, testCase{
3079 testType: clientTest,
3080 name: "ALPNClient-EmptyProtocolName",
3081 config: Config{
3082 NextProtos: []string{""},
3083 Bugs: ProtocolBugs{
3084 // A server returning an empty ALPN protocol
3085 // should be rejected.
3086 ALPNProtocol: &emptyString,
3087 },
3088 },
3089 flags: []string{
3090 "-advertise-alpn", "\x03foo",
3091 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3092 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3093 expectedError: ":PARSE_TLSEXT:",
3094 })
3095 testCases = append(testCases, testCase{
3096 testType: serverTest,
3097 name: "ALPNServer-EmptyProtocolName",
3098 config: Config{
3099 // A ClientHello containing an empty ALPN protocol
3100 // should be rejected.
3101 NextProtos: []string{"foo", "", "baz"},
3102 },
3103 flags: []string{
3104 "-select-alpn", "foo",
3105 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3106 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3107 expectedError: ":PARSE_TLSEXT:",
3108 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame^]3109 // Test that negotiating both NPN and ALPN is forbidden.
3110 testCases = append(testCases, testCase{
3111 name: "NegotiateALPNAndNPN",
3112 config: Config{
3113 NextProtos: []string{"foo", "bar", "baz"},
3114 Bugs: ProtocolBugs{
3115 NegotiateALPNAndNPN: true,
3116 },
3117 },
3118 flags: []string{
3119 "-advertise-alpn", "\x03foo",
3120 "-select-next-proto", "foo",
3121 },
3122 shouldFail: true,
3123 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3124 })
3125 testCases = append(testCases, testCase{
3126 name: "NegotiateALPNAndNPN-Swapped",
3127 config: Config{
3128 NextProtos: []string{"foo", "bar", "baz"},
3129 Bugs: ProtocolBugs{
3130 NegotiateALPNAndNPN: true,
3131 SwapNPNAndALPN: true,
3132 },
3133 },
3134 flags: []string{
3135 "-advertise-alpn", "\x03foo",
3136 "-select-next-proto", "foo",
3137 },
3138 shouldFail: true,
3139 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3140 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3141 // Resume with a corrupt ticket.
3142 testCases = append(testCases, testCase{
3143 testType: serverTest,
3144 name: "CorruptTicket",
3145 config: Config{
3146 Bugs: ProtocolBugs{
3147 CorruptTicket: true,
3148 },
3149 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3150 resumeSession: true,
3151 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3152 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3153 // Test the ticket callback, with and without renewal.
3154 testCases = append(testCases, testCase{
3155 testType: serverTest,
3156 name: "TicketCallback",
3157 resumeSession: true,
3158 flags: []string{"-use-ticket-callback"},
3159 })
3160 testCases = append(testCases, testCase{
3161 testType: serverTest,
3162 name: "TicketCallback-Renew",
3163 config: Config{
3164 Bugs: ProtocolBugs{
3165 ExpectNewTicket: true,
3166 },
3167 },
3168 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3169 resumeSession: true,
3170 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3171 // Resume with an oversized session id.
3172 testCases = append(testCases, testCase{
3173 testType: serverTest,
3174 name: "OversizedSessionId",
3175 config: Config{
3176 Bugs: ProtocolBugs{
3177 OversizedSessionId: true,
3178 },
3179 },
3180 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3181 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3182 expectedError: ":DECODE_ERROR:",
3183 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3184 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3185 // are ignored.
3186 testCases = append(testCases, testCase{
3187 protocol: dtls,
3188 name: "SRTP-Client",
3189 config: Config{
3190 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3191 },
3192 flags: []string{
3193 "-srtp-profiles",
3194 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3195 },
3196 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3197 })
3198 testCases = append(testCases, testCase{
3199 protocol: dtls,
3200 testType: serverTest,
3201 name: "SRTP-Server",
3202 config: Config{
3203 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3204 },
3205 flags: []string{
3206 "-srtp-profiles",
3207 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3208 },
3209 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3210 })
3211 // Test that the MKI is ignored.
3212 testCases = append(testCases, testCase{
3213 protocol: dtls,
3214 testType: serverTest,
3215 name: "SRTP-Server-IgnoreMKI",
3216 config: Config{
3217 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3218 Bugs: ProtocolBugs{
3219 SRTPMasterKeyIdentifer: "bogus",
3220 },
3221 },
3222 flags: []string{
3223 "-srtp-profiles",
3224 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3225 },
3226 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3227 })
3228 // Test that SRTP isn't negotiated on the server if there were
3229 // no matching profiles.
3230 testCases = append(testCases, testCase{
3231 protocol: dtls,
3232 testType: serverTest,
3233 name: "SRTP-Server-NoMatch",
3234 config: Config{
3235 SRTPProtectionProfiles: []uint16{100, 101, 102},
3236 },
3237 flags: []string{
3238 "-srtp-profiles",
3239 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3240 },
3241 expectedSRTPProtectionProfile: 0,
3242 })
3243 // Test that the server returning an invalid SRTP profile is
3244 // flagged as an error by the client.
3245 testCases = append(testCases, testCase{
3246 protocol: dtls,
3247 name: "SRTP-Client-NoMatch",
3248 config: Config{
3249 Bugs: ProtocolBugs{
3250 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3251 },
3252 },
3253 flags: []string{
3254 "-srtp-profiles",
3255 "SRTP_AES128_CM_SHA1_80",
3256 },
3257 shouldFail: true,
3258 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3259 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3260 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3261 testCases = append(testCases, testCase{
3262 name: "SignedCertificateTimestampList",
3263 flags: []string{
3264 "-enable-signed-cert-timestamps",
3265 "-expect-signed-cert-timestamps",
3266 base64.StdEncoding.EncodeToString(testSCTList),
3267 },
3268 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3269 testCases = append(testCases, testCase{
3270 testType: clientTest,
3271 name: "ClientHelloPadding",
3272 config: Config{
3273 Bugs: ProtocolBugs{
3274 RequireClientHelloSize: 512,
3275 },
3276 },
3277 // This hostname just needs to be long enough to push the
3278 // ClientHello into F5's danger zone between 256 and 511 bytes
3279 // long.
3280 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3281 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3282}
3283
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3284func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3285 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3286 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3287 protocols := []protocol{tls}
3288 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3289 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3290 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3291 for _, protocol := range protocols {
3292 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3293 if protocol == dtls {
3294 suffix += "-DTLS"
3295 }
3296
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3297 if sessionVers.version == resumeVers.version {
3298 testCases = append(testCases, testCase{
3299 protocol: protocol,
3300 name: "Resume-Client" + suffix,
3301 resumeSession: true,
3302 config: Config{
3303 MaxVersion: sessionVers.version,
3304 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3305 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3306 expectedVersion: sessionVers.version,
3307 expectedResumeVersion: resumeVers.version,
3308 })
3309 } else {
3310 testCases = append(testCases, testCase{
3311 protocol: protocol,
3312 name: "Resume-Client-Mismatch" + suffix,
3313 resumeSession: true,
3314 config: Config{
3315 MaxVersion: sessionVers.version,
3316 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3317 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3318 expectedVersion: sessionVers.version,
3319 resumeConfig: &Config{
3320 MaxVersion: resumeVers.version,
3321 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3322 Bugs: ProtocolBugs{
3323 AllowSessionVersionMismatch: true,
3324 },
3325 },
3326 expectedResumeVersion: resumeVers.version,
3327 shouldFail: true,
3328 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3329 })
3330 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3331
3332 testCases = append(testCases, testCase{
3333 protocol: protocol,
3334 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3335 resumeSession: true,
3336 config: Config{
3337 MaxVersion: sessionVers.version,
3338 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3339 },
3340 expectedVersion: sessionVers.version,
3341 resumeConfig: &Config{
3342 MaxVersion: resumeVers.version,
3343 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3344 },
3345 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3346 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3347 expectedResumeVersion: resumeVers.version,
3348 })
3349
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3350 testCases = append(testCases, testCase{
3351 protocol: protocol,
3352 testType: serverTest,
3353 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3354 resumeSession: true,
3355 config: Config{
3356 MaxVersion: sessionVers.version,
3357 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3358 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3359 expectedVersion: sessionVers.version,
3360 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3361 resumeConfig: &Config{
3362 MaxVersion: resumeVers.version,
3363 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3364 },
3365 expectedResumeVersion: resumeVers.version,
3366 })
3367 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3368 }
3369 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3370
3371 testCases = append(testCases, testCase{
3372 name: "Resume-Client-CipherMismatch",
3373 resumeSession: true,
3374 config: Config{
3375 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3376 },
3377 resumeConfig: &Config{
3378 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3379 Bugs: ProtocolBugs{
3380 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3381 },
3382 },
3383 shouldFail: true,
3384 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3385 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3386}
3387
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3388func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3389 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3390 testCases = append(testCases, testCase{
3391 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3392 name: "Renegotiate-Server-Forbidden",
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3393 renegotiate: true,
3394 flags: []string{"-reject-peer-renegotiations"},
3395 shouldFail: true,
3396 expectedError: ":NO_RENEGOTIATION:",
3397 expectedLocalError: "remote error: no renegotiation",
3398 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3399 // The server shouldn't echo the renegotiation extension unless
3400 // requested by the client.
3401 testCases = append(testCases, testCase{
3402 testType: serverTest,
3403 name: "Renegotiate-Server-NoExt",
3404 config: Config{
3405 Bugs: ProtocolBugs{
3406 NoRenegotiationInfo: true,
3407 RequireRenegotiationInfo: true,
3408 },
3409 },
3410 shouldFail: true,
3411 expectedLocalError: "renegotiation extension missing",
3412 })
3413 // The renegotiation SCSV should be sufficient for the server to echo
3414 // the extension.
3415 testCases = append(testCases, testCase{
3416 testType: serverTest,
3417 name: "Renegotiate-Server-NoExt-SCSV",
3418 config: Config{
3419 Bugs: ProtocolBugs{
3420 NoRenegotiationInfo: true,
3421 SendRenegotiationSCSV: true,
3422 RequireRenegotiationInfo: true,
3423 },
3424 },
3425 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3426 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3427 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3428 config: Config{
3429 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3430 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3431 },
3432 },
3433 renegotiate: true,
3434 })
3435 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3436 name: "Renegotiate-Client-EmptyExt",
3437 renegotiate: true,
3438 config: Config{
3439 Bugs: ProtocolBugs{
3440 EmptyRenegotiationInfo: true,
3441 },
3442 },
3443 shouldFail: true,
3444 expectedError: ":RENEGOTIATION_MISMATCH:",
3445 })
3446 testCases = append(testCases, testCase{
3447 name: "Renegotiate-Client-BadExt",
3448 renegotiate: true,
3449 config: Config{
3450 Bugs: ProtocolBugs{
3451 BadRenegotiationInfo: true,
3452 },
3453 },
3454 shouldFail: true,
3455 expectedError: ":RENEGOTIATION_MISMATCH:",
3456 })
3457 testCases = append(testCases, testCase{
Adam Langleybe9eda42015-06-12 18:01:50 -0700[diff] [blame]3458 name: "Renegotiate-Client-NoExt",
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3459 config: Config{
3460 Bugs: ProtocolBugs{
3461 NoRenegotiationInfo: true,
3462 },
3463 },
3464 shouldFail: true,
3465 expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
3466 flags: []string{"-no-legacy-server-connect"},
3467 })
3468 testCases = append(testCases, testCase{
3469 name: "Renegotiate-Client-NoExt-Allowed",
3470 renegotiate: true,
3471 config: Config{
3472 Bugs: ProtocolBugs{
3473 NoRenegotiationInfo: true,
3474 },
3475 },
3476 })
3477 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3478 name: "Renegotiate-Client-SwitchCiphers",
3479 renegotiate: true,
3480 config: Config{
3481 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3482 },
3483 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3484 })
3485 testCases = append(testCases, testCase{
3486 name: "Renegotiate-Client-SwitchCiphers2",
3487 renegotiate: true,
3488 config: Config{
3489 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3490 },
3491 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3492 })
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3493 testCases = append(testCases, testCase{
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3494 name: "Renegotiate-Client-Forbidden",
3495 renegotiate: true,
3496 flags: []string{"-reject-peer-renegotiations"},
3497 shouldFail: true,
3498 expectedError: ":NO_RENEGOTIATION:",
3499 expectedLocalError: "remote error: no renegotiation",
3500 })
3501 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3502 name: "Renegotiate-SameClientVersion",
3503 renegotiate: true,
3504 config: Config{
3505 MaxVersion: VersionTLS10,
3506 Bugs: ProtocolBugs{
3507 RequireSameRenegoClientVersion: true,
3508 },
3509 },
3510 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3511 testCases = append(testCases, testCase{
3512 name: "Renegotiate-FalseStart",
3513 renegotiate: true,
3514 config: Config{
3515 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3516 NextProtos: []string{"foo"},
3517 },
3518 flags: []string{
3519 "-false-start",
3520 "-select-next-proto", "foo",
3521 },
3522 shimWritesFirst: true,
3523 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3524}
3525
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3526func addDTLSReplayTests() {
3527 // Test that sequence number replays are detected.
3528 testCases = append(testCases, testCase{
3529 protocol: dtls,
3530 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3531 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3532 replayWrites: true,
3533 })
3534
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3535 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3536 // than the retransmit window.
3537 testCases = append(testCases, testCase{
3538 protocol: dtls,
3539 name: "DTLS-Replay-LargeGaps",
3540 config: Config{
3541 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3542 SequenceNumberMapping: func(in uint64) uint64 {
3543 return in * 127
3544 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3545 },
3546 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]3547 messageCount: 200,
3548 replayWrites: true,
3549 })
3550
3551 // Test the incoming sequence number changing non-monotonically.
3552 testCases = append(testCases, testCase{
3553 protocol: dtls,
3554 name: "DTLS-Replay-NonMonotonic",
3555 config: Config{
3556 Bugs: ProtocolBugs{
3557 SequenceNumberMapping: func(in uint64) uint64 {
3558 return in ^ 31
3559 },
3560 },
3561 },
3562 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3563 replayWrites: true,
3564 })
3565}
3566
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3567var testHashes = []struct {
3568 name string
3569 id uint8
3570}{
3571 {"SHA1", hashSHA1},
3572 {"SHA224", hashSHA224},
3573 {"SHA256", hashSHA256},
3574 {"SHA384", hashSHA384},
3575 {"SHA512", hashSHA512},
3576}
3577
3578func addSigningHashTests() {
3579 // Make sure each hash works. Include some fake hashes in the list and
3580 // ensure they're ignored.
3581 for _, hash := range testHashes {
3582 testCases = append(testCases, testCase{
3583 name: "SigningHash-ClientAuth-" + hash.name,
3584 config: Config{
3585 ClientAuth: RequireAnyClientCert,
3586 SignatureAndHashes: []signatureAndHash{
3587 {signatureRSA, 42},
3588 {signatureRSA, hash.id},
3589 {signatureRSA, 255},
3590 },
3591 },
3592 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3593 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3594 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3595 },
3596 })
3597
3598 testCases = append(testCases, testCase{
3599 testType: serverTest,
3600 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
3601 config: Config{
3602 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3603 SignatureAndHashes: []signatureAndHash{
3604 {signatureRSA, 42},
3605 {signatureRSA, hash.id},
3606 {signatureRSA, 255},
3607 },
3608 },
3609 })
3610 }
3611
3612 // Test that hash resolution takes the signature type into account.
3613 testCases = append(testCases, testCase{
3614 name: "SigningHash-ClientAuth-SignatureType",
3615 config: Config{
3616 ClientAuth: RequireAnyClientCert,
3617 SignatureAndHashes: []signatureAndHash{
3618 {signatureECDSA, hashSHA512},
3619 {signatureRSA, hashSHA384},
3620 {signatureECDSA, hashSHA1},
3621 },
3622 },
3623 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3624 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3625 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3626 },
3627 })
3628
3629 testCases = append(testCases, testCase{
3630 testType: serverTest,
3631 name: "SigningHash-ServerKeyExchange-SignatureType",
3632 config: Config{
3633 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3634 SignatureAndHashes: []signatureAndHash{
3635 {signatureECDSA, hashSHA512},
3636 {signatureRSA, hashSHA384},
3637 {signatureECDSA, hashSHA1},
3638 },
3639 },
3640 })
3641
3642 // Test that, if the list is missing, the peer falls back to SHA-1.
3643 testCases = append(testCases, testCase{
3644 name: "SigningHash-ClientAuth-Fallback",
3645 config: Config{
3646 ClientAuth: RequireAnyClientCert,
3647 SignatureAndHashes: []signatureAndHash{
3648 {signatureRSA, hashSHA1},
3649 },
3650 Bugs: ProtocolBugs{
3651 NoSignatureAndHashes: true,
3652 },
3653 },
3654 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3655 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3656 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3657 },
3658 })
3659
3660 testCases = append(testCases, testCase{
3661 testType: serverTest,
3662 name: "SigningHash-ServerKeyExchange-Fallback",
3663 config: Config{
3664 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3665 SignatureAndHashes: []signatureAndHash{
3666 {signatureRSA, hashSHA1},
3667 },
3668 Bugs: ProtocolBugs{
3669 NoSignatureAndHashes: true,
3670 },
3671 },
3672 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]3673
3674 // Test that hash preferences are enforced. BoringSSL defaults to
3675 // rejecting MD5 signatures.
3676 testCases = append(testCases, testCase{
3677 testType: serverTest,
3678 name: "SigningHash-ClientAuth-Enforced",
3679 config: Config{
3680 Certificates: []Certificate{rsaCertificate},
3681 SignatureAndHashes: []signatureAndHash{
3682 {signatureRSA, hashMD5},
3683 // Advertise SHA-1 so the handshake will
3684 // proceed, but the shim's preferences will be
3685 // ignored in CertificateVerify generation, so
3686 // MD5 will be chosen.
3687 {signatureRSA, hashSHA1},
3688 },
3689 Bugs: ProtocolBugs{
3690 IgnorePeerSignatureAlgorithmPreferences: true,
3691 },
3692 },
3693 flags: []string{"-require-any-client-certificate"},
3694 shouldFail: true,
3695 expectedError: ":WRONG_SIGNATURE_TYPE:",
3696 })
3697
3698 testCases = append(testCases, testCase{
3699 name: "SigningHash-ServerKeyExchange-Enforced",
3700 config: Config{
3701 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3702 SignatureAndHashes: []signatureAndHash{
3703 {signatureRSA, hashMD5},
3704 },
3705 Bugs: ProtocolBugs{
3706 IgnorePeerSignatureAlgorithmPreferences: true,
3707 },
3708 },
3709 shouldFail: true,
3710 expectedError: ":WRONG_SIGNATURE_TYPE:",
3711 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3712}
3713
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3714// timeouts is the retransmit schedule for BoringSSL. It doubles and
3715// caps at 60 seconds. On the 13th timeout, it gives up.
3716var timeouts = []time.Duration{
3717 1 * time.Second,
3718 2 * time.Second,
3719 4 * time.Second,
3720 8 * time.Second,
3721 16 * time.Second,
3722 32 * time.Second,
3723 60 * time.Second,
3724 60 * time.Second,
3725 60 * time.Second,
3726 60 * time.Second,
3727 60 * time.Second,
3728 60 * time.Second,
3729 60 * time.Second,
3730}
3731
3732func addDTLSRetransmitTests() {
3733 // Test that this is indeed the timeout schedule. Stress all
3734 // four patterns of handshake.
3735 for i := 1; i < len(timeouts); i++ {
3736 number := strconv.Itoa(i)
3737 testCases = append(testCases, testCase{
3738 protocol: dtls,
3739 name: "DTLS-Retransmit-Client-" + number,
3740 config: Config{
3741 Bugs: ProtocolBugs{
3742 TimeoutSchedule: timeouts[:i],
3743 },
3744 },
3745 resumeSession: true,
3746 flags: []string{"-async"},
3747 })
3748 testCases = append(testCases, testCase{
3749 protocol: dtls,
3750 testType: serverTest,
3751 name: "DTLS-Retransmit-Server-" + number,
3752 config: Config{
3753 Bugs: ProtocolBugs{
3754 TimeoutSchedule: timeouts[:i],
3755 },
3756 },
3757 resumeSession: true,
3758 flags: []string{"-async"},
3759 })
3760 }
3761
3762 // Test that exceeding the timeout schedule hits a read
3763 // timeout.
3764 testCases = append(testCases, testCase{
3765 protocol: dtls,
3766 name: "DTLS-Retransmit-Timeout",
3767 config: Config{
3768 Bugs: ProtocolBugs{
3769 TimeoutSchedule: timeouts,
3770 },
3771 },
3772 resumeSession: true,
3773 flags: []string{"-async"},
3774 shouldFail: true,
3775 expectedError: ":READ_TIMEOUT_EXPIRED:",
3776 })
3777
3778 // Test that timeout handling has a fudge factor, due to API
3779 // problems.
3780 testCases = append(testCases, testCase{
3781 protocol: dtls,
3782 name: "DTLS-Retransmit-Fudge",
3783 config: Config{
3784 Bugs: ProtocolBugs{
3785 TimeoutSchedule: []time.Duration{
3786 timeouts[0] - 10*time.Millisecond,
3787 },
3788 },
3789 },
3790 resumeSession: true,
3791 flags: []string{"-async"},
3792 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]3793
3794 // Test that the final Finished retransmitting isn't
3795 // duplicated if the peer badly fragments everything.
3796 testCases = append(testCases, testCase{
3797 testType: serverTest,
3798 protocol: dtls,
3799 name: "DTLS-Retransmit-Fragmented",
3800 config: Config{
3801 Bugs: ProtocolBugs{
3802 TimeoutSchedule: []time.Duration{timeouts[0]},
3803 MaxHandshakeRecordLength: 2,
3804 },
3805 },
3806 flags: []string{"-async"},
3807 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3808}
3809
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]3810func addExportKeyingMaterialTests() {
3811 for _, vers := range tlsVersions {
3812 if vers.version == VersionSSL30 {
3813 continue
3814 }
3815 testCases = append(testCases, testCase{
3816 name: "ExportKeyingMaterial-" + vers.name,
3817 config: Config{
3818 MaxVersion: vers.version,
3819 },
3820 exportKeyingMaterial: 1024,
3821 exportLabel: "label",
3822 exportContext: "context",
3823 useExportContext: true,
3824 })
3825 testCases = append(testCases, testCase{
3826 name: "ExportKeyingMaterial-NoContext-" + vers.name,
3827 config: Config{
3828 MaxVersion: vers.version,
3829 },
3830 exportKeyingMaterial: 1024,
3831 })
3832 testCases = append(testCases, testCase{
3833 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
3834 config: Config{
3835 MaxVersion: vers.version,
3836 },
3837 exportKeyingMaterial: 1024,
3838 useExportContext: true,
3839 })
3840 testCases = append(testCases, testCase{
3841 name: "ExportKeyingMaterial-Small-" + vers.name,
3842 config: Config{
3843 MaxVersion: vers.version,
3844 },
3845 exportKeyingMaterial: 1,
3846 exportLabel: "label",
3847 exportContext: "context",
3848 useExportContext: true,
3849 })
3850 }
3851 testCases = append(testCases, testCase{
3852 name: "ExportKeyingMaterial-SSL3",
3853 config: Config{
3854 MaxVersion: VersionSSL30,
3855 },
3856 exportKeyingMaterial: 1024,
3857 exportLabel: "label",
3858 exportContext: "context",
3859 useExportContext: true,
3860 shouldFail: true,
3861 expectedError: "failed to export keying material",
3862 })
3863}
3864
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]3865func addTLSUniqueTests() {
3866 for _, isClient := range []bool{false, true} {
3867 for _, isResumption := range []bool{false, true} {
3868 for _, hasEMS := range []bool{false, true} {
3869 var suffix string
3870 if isResumption {
3871 suffix = "Resume-"
3872 } else {
3873 suffix = "Full-"
3874 }
3875
3876 if hasEMS {
3877 suffix += "EMS-"
3878 } else {
3879 suffix += "NoEMS-"
3880 }
3881
3882 if isClient {
3883 suffix += "Client"
3884 } else {
3885 suffix += "Server"
3886 }
3887
3888 test := testCase{
3889 name: "TLSUnique-" + suffix,
3890 testTLSUnique: true,
3891 config: Config{
3892 Bugs: ProtocolBugs{
3893 NoExtendedMasterSecret: !hasEMS,
3894 },
3895 },
3896 }
3897
3898 if isResumption {
3899 test.resumeSession = true
3900 test.resumeConfig = &Config{
3901 Bugs: ProtocolBugs{
3902 NoExtendedMasterSecret: !hasEMS,
3903 },
3904 }
3905 }
3906
3907 if isResumption && !hasEMS {
3908 test.shouldFail = true
3909 test.expectedError = "failed to get tls-unique"
3910 }
3911
3912 testCases = append(testCases, test)
3913 }
3914 }
3915 }
3916}
3917
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3918func addCustomExtensionTests() {
3919 expectedContents := "custom extension"
3920 emptyString := ""
3921
3922 for _, isClient := range []bool{false, true} {
3923 suffix := "Server"
3924 flag := "-enable-server-custom-extension"
3925 testType := serverTest
3926 if isClient {
3927 suffix = "Client"
3928 flag = "-enable-client-custom-extension"
3929 testType = clientTest
3930 }
3931
3932 testCases = append(testCases, testCase{
3933 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3934 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3935 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3936 Bugs: ProtocolBugs{
3937 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3938 ExpectedCustomExtension: &expectedContents,
3939 },
3940 },
3941 flags: []string{flag},
3942 })
3943
3944 // If the parse callback fails, the handshake should also fail.
3945 testCases = append(testCases, testCase{
3946 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3947 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3948 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3949 Bugs: ProtocolBugs{
3950 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3951 ExpectedCustomExtension: &expectedContents,
3952 },
3953 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3954 flags: []string{flag},
3955 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3956 expectedError: ":CUSTOM_EXTENSION_ERROR:",
3957 })
3958
3959 // If the add callback fails, the handshake should also fail.
3960 testCases = append(testCases, testCase{
3961 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3962 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3963 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3964 Bugs: ProtocolBugs{
3965 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3966 ExpectedCustomExtension: &expectedContents,
3967 },
3968 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3969 flags: []string{flag, "-custom-extension-fail-add"},
3970 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3971 expectedError: ":CUSTOM_EXTENSION_ERROR:",
3972 })
3973
3974 // If the add callback returns zero, no extension should be
3975 // added.
3976 skipCustomExtension := expectedContents
3977 if isClient {
3978 // For the case where the client skips sending the
3979 // custom extension, the server must not “echo” it.
3980 skipCustomExtension = ""
3981 }
3982 testCases = append(testCases, testCase{
3983 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3984 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3985 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3986 Bugs: ProtocolBugs{
3987 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]3988 ExpectedCustomExtension: &emptyString,
3989 },
3990 },
3991 flags: []string{flag, "-custom-extension-skip"},
3992 })
3993 }
3994
3995 // The custom extension add callback should not be called if the client
3996 // doesn't send the extension.
3997 testCases = append(testCases, testCase{
3998 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]3999 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4000 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4001 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4002 ExpectedCustomExtension: &emptyString,
4003 },
4004 },
4005 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
4006 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]4007
4008 // Test an unknown extension from the server.
4009 testCases = append(testCases, testCase{
4010 testType: clientTest,
4011 name: "UnknownExtension-Client",
4012 config: Config{
4013 Bugs: ProtocolBugs{
4014 CustomExtension: expectedContents,
4015 },
4016 },
4017 shouldFail: true,
4018 expectedError: ":UNEXPECTED_EXTENSION:",
4019 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4020}
4021
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4022func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4023 defer wg.Done()
4024
4025 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4026 var err error
4027
4028 if *mallocTest < 0 {
4029 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4030 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4031 } else {
4032 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
4033 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4034 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4035 if err != nil {
4036 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
4037 }
4038 break
4039 }
4040 }
4041 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4042 statusChan <- statusMsg{test: test, err: err}
4043 }
4044}
4045
4046type statusMsg struct {
4047 test *testCase
4048 started bool
4049 err error
4050}
4051
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4052func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4053 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4054
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4055 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4056 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4057 if !*pipe {
4058 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]4059 var erase string
4060 for i := 0; i < lineLen; i++ {
4061 erase += "\b \b"
4062 }
4063 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4064 }
4065
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4066 if msg.started {
4067 started++
4068 } else {
4069 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4070
4071 if msg.err != nil {
4072 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4073 failed++
4074 testOutput.addResult(msg.test.name, "FAIL")
4075 } else {
4076 if *pipe {
4077 // Print each test instead of a status line.
4078 fmt.Printf("PASSED (%s)\n", msg.test.name)
4079 }
4080 testOutput.addResult(msg.test.name, "PASS")
4081 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4082 }
4083
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4084 if !*pipe {
4085 // Print a new status line.
4086 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4087 lineLen = len(line)
4088 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4089 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4090 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4091
4092 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4093}
4094
4095func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4096 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4097 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4098
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4099 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4100 addCipherSuiteTests()
4101 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4102 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4103 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4104 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4105 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4106 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4107 addMinimumVersionTests()
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]4108 addD5BugTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4109 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4110 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4111 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4112 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4113 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4114 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4115 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4116 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4117 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4118 addCustomExtensionTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4119 for _, async := range []bool{false, true} {
4120 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4121 for _, protocol := range []protocol{tls, dtls} {
4122 addStateMachineCoverageTests(async, splitHandshake, protocol)
4123 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4124 }
4125 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4126
4127 var wg sync.WaitGroup
4128
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4129 statusChan := make(chan statusMsg, *numWorkers)
4130 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4131 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4132
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4133 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4134
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4135 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4136 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4137 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4138 }
4139
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4140 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4141 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4142 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4143 }
4144 }
4145
4146 close(testChan)
4147 wg.Wait()
4148 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4149 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4150
4151 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4152
4153 if *jsonOutput != "" {
4154 if err := testOutput.writeTo(*jsonOutput); err != nil {
4155 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4156 }
4157 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4158
4159 if !testOutput.allPassed {
4160 os.Exit(1)
4161 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4162}