Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 720ff53d0785b37d468fc14178d419023798ccfd / . / ssl / test / runner / runner.go
blob: bbe604261ab79672468773afb87ac5a8714cbd5f [file] [log] [blame]
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]1// Copyright (c) 2016, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
David Benjamin0d1b0962016-08-01 09:50:57 -0400[diff] [blame]13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]14
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]15package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]16
17import (
18 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]19 "crypto/ecdsa"
20 "crypto/elliptic"
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]21 "crypto/rand"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]22 "crypto/x509"
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]23 "crypto/x509/pkix"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]24 "encoding/base64"
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]25 "encoding/json"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]26 "encoding/pem"
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]27 "errors"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]28 "flag"
29 "fmt"
30 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]31 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]32 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]33 "net"
34 "os"
35 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]36 "path"
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]37 "path/filepath"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]38 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]39 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]40 "strings"
41 "sync"
42 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]43 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]44)
45
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]46var (
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]47 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
48 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
49 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
50 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
51 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
52 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
53 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
54 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]55 testToRun = flag.String("test", "", "The pattern to filter tests to run, or empty to run all tests")
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]56 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
57 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
58 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
59 fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
60 transcriptDir = flag.String("transcript-dir", "", "The directory in which to write transcripts.")
61 idleTimeout = flag.Duration("idle-timeout", 15*time.Second, "The number of seconds to wait for a read or write to bssl_shim.")
62 deterministic = flag.Bool("deterministic", false, "If true, uses a deterministic PRNG in the runner.")
63 allowUnimplemented = flag.Bool("allow-unimplemented", false, "If true, report pass even if some tests are unimplemented.")
EKR173bf932016-07-29 15:52:49 +0200[diff] [blame]64 looseErrors = flag.Bool("loose-errors", false, "If true, allow shims to report an untranslated error code.")
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]65 shimConfigFile = flag.String("shim-config", "", "A config file to use to configure the tests for this shim.")
66 includeDisabled = flag.Bool("include-disabled", false, "If true, also runs disabled tests.")
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]67 repeatUntilFailure = flag.Bool("repeat-until-failure", false, "If true, the first selected test will be run repeatedly until failure.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]68)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]69
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]70// ShimConfigurations is used with the “json” package and represents a shim
71// config file.
72type ShimConfiguration struct {
73 // DisabledTests maps from a glob-based pattern to a freeform string.
74 // The glob pattern is used to exclude tests from being run and the
75 // freeform string is unparsed but expected to explain why the test is
76 // disabled.
77 DisabledTests map[string]string
78
79 // ErrorMap maps from expected error strings to the correct error
80 // string for the shim in question. For example, it might map
81 // “:NO_SHARED_CIPHER:” (a BoringSSL error string) to something
82 // like “SSL_ERROR_NO_CYPHER_OVERLAP”.
83 ErrorMap map[string]string
84}
85
86var shimConfig ShimConfiguration
87
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]88type testCert int
89
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]90const (
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]91 testCertRSA testCert = iota
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]92 testCertRSA1024
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]93 testCertRSAChain
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]94 testCertECDSAP256
95 testCertECDSAP384
96 testCertECDSAP521
97)
98
99const (
100 rsaCertificateFile = "cert.pem"
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]101 rsa1024CertificateFile = "rsa_1024_cert.pem"
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]102 rsaChainCertificateFile = "rsa_chain_cert.pem"
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]103 ecdsaP256CertificateFile = "ecdsa_p256_cert.pem"
104 ecdsaP384CertificateFile = "ecdsa_p384_cert.pem"
105 ecdsaP521CertificateFile = "ecdsa_p521_cert.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]106)
107
108const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]109 rsaKeyFile = "key.pem"
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]110 rsa1024KeyFile = "rsa_1024_key.pem"
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]111 rsaChainKeyFile = "rsa_chain_key.pem"
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]112 ecdsaP256KeyFile = "ecdsa_p256_key.pem"
113 ecdsaP384KeyFile = "ecdsa_p384_key.pem"
114 ecdsaP521KeyFile = "ecdsa_p521_key.pem"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]115 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]116)
117
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]118var (
119 rsaCertificate Certificate
120 rsa1024Certificate Certificate
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]121 rsaChainCertificate Certificate
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]122 ecdsaP256Certificate Certificate
123 ecdsaP384Certificate Certificate
124 ecdsaP521Certificate Certificate
125)
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]126
127var testCerts = []struct {
128 id testCert
129 certFile, keyFile string
130 cert *Certificate
131}{
132 {
133 id: testCertRSA,
134 certFile: rsaCertificateFile,
135 keyFile: rsaKeyFile,
136 cert: &rsaCertificate,
137 },
138 {
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]139 id: testCertRSA1024,
140 certFile: rsa1024CertificateFile,
141 keyFile: rsa1024KeyFile,
142 cert: &rsa1024Certificate,
143 },
144 {
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]145 id: testCertRSAChain,
146 certFile: rsaChainCertificateFile,
147 keyFile: rsaChainKeyFile,
148 cert: &rsaChainCertificate,
149 },
150 {
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]151 id: testCertECDSAP256,
152 certFile: ecdsaP256CertificateFile,
153 keyFile: ecdsaP256KeyFile,
154 cert: &ecdsaP256Certificate,
155 },
156 {
157 id: testCertECDSAP384,
158 certFile: ecdsaP384CertificateFile,
159 keyFile: ecdsaP384KeyFile,
160 cert: &ecdsaP384Certificate,
161 },
162 {
163 id: testCertECDSAP521,
164 certFile: ecdsaP521CertificateFile,
165 keyFile: ecdsaP521KeyFile,
166 cert: &ecdsaP521Certificate,
167 },
168}
169
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]170var channelIDKey *ecdsa.PrivateKey
171var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]172
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]173var testOCSPResponse = []byte{1, 2, 3, 4}
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]174var testSCTList = []byte{0, 6, 0, 4, 5, 6, 7, 8}
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]175
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]176var testOCSPExtension = append([]byte{byte(extensionStatusRequest) >> 8, byte(extensionStatusRequest), 0, 8, statusTypeOCSP, 0, 0, 4}, testOCSPResponse...)
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]177var testSCTExtension = append([]byte{byte(extensionSignedCertificateTimestamp) >> 8, byte(extensionSignedCertificateTimestamp), 0, byte(len(testSCTList))}, testSCTList...)
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]178
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]179func initCertificates() {
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]180 for i := range testCerts {
181 cert, err := LoadX509KeyPair(path.Join(*resourceDir, testCerts[i].certFile), path.Join(*resourceDir, testCerts[i].keyFile))
182 if err != nil {
183 panic(err)
184 }
185 cert.OCSPStaple = testOCSPResponse
186 cert.SignedCertificateTimestampList = testSCTList
187 *testCerts[i].cert = cert
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]188 }
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]189
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]190 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]191 if err != nil {
192 panic(err)
193 }
194 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
195 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
196 panic("bad key type")
197 }
198 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
199 if err != nil {
200 panic(err)
201 }
202 if channelIDKey.Curve != elliptic.P256() {
203 panic("bad curve")
204 }
205
206 channelIDBytes = make([]byte, 64)
207 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
208 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]209}
210
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]211func getRunnerCertificate(t testCert) Certificate {
212 for _, cert := range testCerts {
213 if cert.id == t {
214 return *cert.cert
215 }
216 }
217 panic("Unknown test certificate")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]218}
219
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]220func getShimCertificate(t testCert) string {
221 for _, cert := range testCerts {
222 if cert.id == t {
223 return cert.certFile
224 }
225 }
226 panic("Unknown test certificate")
227}
228
229func getShimKey(t testCert) string {
230 for _, cert := range testCerts {
231 if cert.id == t {
232 return cert.keyFile
233 }
234 }
235 panic("Unknown test certificate")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]236}
237
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]238type testType int
239
240const (
241 clientTest testType = iota
242 serverTest
243)
244
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]245type protocol int
246
247const (
248 tls protocol = iota
249 dtls
250)
251
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]252const (
253 alpn = 1
254 npn = 2
255)
256
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]257type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]258 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]259 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]260 name string
261 config Config
262 shouldFail bool
263 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]264 // expectedLocalError, if not empty, contains a substring that must be
265 // found in the local error.
266 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]267 // expectedVersion, if non-zero, specifies the TLS version that must be
268 // negotiated.
269 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]270 // expectedResumeVersion, if non-zero, specifies the TLS version that
271 // must be negotiated on resumption. If zero, expectedVersion is used.
272 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]273 // expectedCipher, if non-zero, specifies the TLS cipher suite that
274 // should be negotiated.
275 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]276 // expectChannelID controls whether the connection should have
277 // negotiated a Channel ID with channelIDKey.
278 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]279 // expectedNextProto controls whether the connection should
280 // negotiate a next protocol via NPN or ALPN.
281 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]282 // expectNoNextProto, if true, means that no next protocol should be
283 // negotiated.
284 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]285 // expectedNextProtoType, if non-zero, is the expected next
286 // protocol negotiation mechanism.
287 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]288 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
289 // should be negotiated. If zero, none should be negotiated.
290 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]291 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
292 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]293 // expectedSCTList, if not nil, is the expected SCT list to be received.
294 expectedSCTList []uint8
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]295 // expectedPeerSignatureAlgorithm, if not zero, is the signature
296 // algorithm that the peer should have used in the handshake.
297 expectedPeerSignatureAlgorithm signatureAlgorithm
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]298 // expectedCurveID, if not zero, is the curve that the handshake should
299 // have used.
300 expectedCurveID CurveID
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]301 // messageLen is the length, in bytes, of the test message that will be
302 // sent.
303 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]304 // messageCount is the number of test messages that will be sent.
305 messageCount int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]306 // certFile is the path to the certificate to use for the server.
307 certFile string
308 // keyFile is the path to the private key to use for the server.
309 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]310 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]311 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]312 resumeSession bool
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]313 // resumeRenewedSession controls whether a third connection should be
314 // tested which attempts to resume the second connection's session.
315 resumeRenewedSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]316 // expectResumeRejected, if true, specifies that the attempted
317 // resumption must be rejected by the client. This is only valid for a
318 // serverTest.
319 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]320 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]321 // resumption. Unless newSessionsOnResume is set,
322 // SessionTicketKey, ServerSessionCache, and
323 // ClientSessionCache are copied from the initial connection's
324 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]325 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]326 // newSessionsOnResume, if true, will cause resumeConfig to
327 // use a different session resumption context.
328 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]329 // noSessionCache, if true, will cause the server to run without a
330 // session cache.
331 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]332 // sendPrefix sends a prefix on the socket before actually performing a
333 // handshake.
334 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]335 // shimWritesFirst controls whether the shim sends an initial "hello"
336 // message before doing a roundtrip with the runner.
337 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]338 // shimShutsDown, if true, runs a test where the shim shuts down the
339 // connection immediately after the handshake rather than echoing
340 // messages from the runner.
341 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]342 // renegotiate indicates the number of times the connection should be
343 // renegotiated during the exchange.
344 renegotiate int
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]345 // sendHalfHelloRequest, if true, causes the server to send half a
346 // HelloRequest when the handshake completes.
347 sendHalfHelloRequest bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]348 // renegotiateCiphers is a list of ciphersuite ids that will be
349 // switched in just before renegotiation.
350 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]351 // replayWrites, if true, configures the underlying transport
352 // to replay every write it makes in DTLS tests.
353 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]354 // damageFirstWrite, if true, configures the underlying transport to
355 // damage the final byte of the first application data write.
356 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]357 // exportKeyingMaterial, if non-zero, configures the test to exchange
358 // keying material and verify they match.
359 exportKeyingMaterial int
360 exportLabel string
361 exportContext string
362 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]363 // flags, if not empty, contains a list of command-line flags that will
364 // be passed to the shim program.
365 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]366 // testTLSUnique, if true, causes the shim to send the tls-unique value
367 // which will be compared against the expected value.
368 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]369 // sendEmptyRecords is the number of consecutive empty records to send
370 // before and after the test message.
371 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]372 // sendWarningAlerts is the number of consecutive warning alerts to send
373 // before and after the test message.
374 sendWarningAlerts int
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]375 // sendKeyUpdates is the number of consecutive key updates to send
376 // before and after the test message.
377 sendKeyUpdates int
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]378 // keyUpdateRequest is the KeyUpdateRequest value to send in KeyUpdate messages.
379 keyUpdateRequest byte
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]380 // expectMessageDropped, if true, means the test message is expected to
381 // be dropped by the client rather than echoed back.
382 expectMessageDropped bool
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]383 // expectPeerCertificate, if not nil, is the certificate chain the peer
384 // is expected to send.
385 expectPeerCertificate *Certificate
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]386}
387
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]388var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]389
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]390func writeTranscript(test *testCase, num int, data []byte) {
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]391 if len(data) == 0 {
392 return
393 }
394
395 protocol := "tls"
396 if test.protocol == dtls {
397 protocol = "dtls"
398 }
399
400 side := "client"
401 if test.testType == serverTest {
402 side = "server"
403 }
404
405 dir := path.Join(*transcriptDir, protocol, side)
406 if err := os.MkdirAll(dir, 0755); err != nil {
407 fmt.Fprintf(os.Stderr, "Error making %s: %s\n", dir, err)
408 return
409 }
410
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]411 name := fmt.Sprintf("%s-%d", test.name, num)
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]412 if err := ioutil.WriteFile(path.Join(dir, name), data, 0644); err != nil {
413 fmt.Fprintf(os.Stderr, "Error writing %s: %s\n", name, err)
414 }
415}
416
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]417// A timeoutConn implements an idle timeout on each Read and Write operation.
418type timeoutConn struct {
419 net.Conn
420 timeout time.Duration
421}
422
423func (t *timeoutConn) Read(b []byte) (int, error) {
424 if err := t.SetReadDeadline(time.Now().Add(t.timeout)); err != nil {
425 return 0, err
426 }
427 return t.Conn.Read(b)
428}
429
430func (t *timeoutConn) Write(b []byte) (int, error) {
431 if err := t.SetWriteDeadline(time.Now().Add(t.timeout)); err != nil {
432 return 0, err
433 }
434 return t.Conn.Write(b)
435}
436
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]437func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, num int) error {
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]438 if !test.noSessionCache {
439 if config.ClientSessionCache == nil {
440 config.ClientSessionCache = NewLRUClientSessionCache(1)
441 }
442 if config.ServerSessionCache == nil {
443 config.ServerSessionCache = NewLRUServerSessionCache(1)
444 }
445 }
446 if test.testType == clientTest {
447 if len(config.Certificates) == 0 {
448 config.Certificates = []Certificate{rsaCertificate}
449 }
450 } else {
451 // Supply a ServerName to ensure a constant session cache key,
452 // rather than falling back to net.Conn.RemoteAddr.
453 if len(config.ServerName) == 0 {
454 config.ServerName = "test"
455 }
456 }
457 if *fuzzer {
458 config.Bugs.NullAllCiphers = true
459 }
David Benjamin01a90572016-09-22 00:11:43 -0400[diff] [blame]460 if *deterministic {
461 config.Time = func() time.Time { return time.Unix(1234, 1234) }
462 }
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]463
David Benjamin01784b42016-06-07 18:00:52 -0400[diff] [blame]464 conn = &timeoutConn{conn, *idleTimeout}
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]465
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]466 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]467 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
468 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]469 }
470
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]471 if *flagDebug || len(*transcriptDir) != 0 {
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]472 local, peer := "client", "server"
473 if test.testType == clientTest {
474 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]475 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]476 connDebug := &recordingConn{
477 Conn: conn,
478 isDatagram: test.protocol == dtls,
479 local: local,
480 peer: peer,
481 }
482 conn = connDebug
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]483 if *flagDebug {
484 defer connDebug.WriteTo(os.Stdout)
485 }
486 if len(*transcriptDir) != 0 {
487 defer func() {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]488 writeTranscript(test, num, connDebug.Transcript())
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]489 }()
490 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]491
492 if config.Bugs.PacketAdaptor != nil {
493 config.Bugs.PacketAdaptor.debug = connDebug
494 }
495 }
496
497 if test.replayWrites {
498 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]499 }
500
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]501 var connDamage *damageAdaptor
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]502 if test.damageFirstWrite {
503 connDamage = newDamageAdaptor(conn)
504 conn = connDamage
505 }
506
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]507 if test.sendPrefix != "" {
508 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
509 return err
510 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]511 }
512
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]513 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]514 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]515 if test.protocol == dtls {
516 tlsConn = DTLSServer(conn, config)
517 } else {
518 tlsConn = Server(conn, config)
519 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]520 } else {
521 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]522 if test.protocol == dtls {
523 tlsConn = DTLSClient(conn, config)
524 } else {
525 tlsConn = Client(conn, config)
526 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]527 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]528 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]529
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]530 if err := tlsConn.Handshake(); err != nil {
531 return err
532 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]533
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]534 // TODO(davidben): move all per-connection expectations into a dedicated
535 // expectations struct that can be specified separately for the two
536 // legs.
537 expectedVersion := test.expectedVersion
538 if isResume && test.expectedResumeVersion != 0 {
539 expectedVersion = test.expectedResumeVersion
540 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]541 connState := tlsConn.ConnectionState()
542 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]543 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]544 }
545
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]546 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]547 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
548 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]549 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
550 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
551 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]552
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]553 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]554 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]555 if channelID == nil {
556 return fmt.Errorf("no channel ID negotiated")
557 }
558 if channelID.Curve != channelIDKey.Curve ||
559 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
560 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
561 return fmt.Errorf("incorrect channel ID")
562 }
563 }
564
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]565 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]566 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]567 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
568 }
569 }
570
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]571 if test.expectNoNextProto {
572 if actual := connState.NegotiatedProtocol; actual != "" {
573 return fmt.Errorf("got unexpected next proto %s", actual)
574 }
575 }
576
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]577 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]578 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]579 return fmt.Errorf("next proto type mismatch")
580 }
581 }
582
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]583 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]584 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
585 }
586
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]587 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]588 return fmt.Errorf("OCSP Response mismatch: got %x, wanted %x", tlsConn.OCSPResponse(), test.expectedOCSPResponse)
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]589 }
590
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]591 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
592 return fmt.Errorf("SCT list mismatch")
593 }
594
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]595 if expected := test.expectedPeerSignatureAlgorithm; expected != 0 && expected != connState.PeerSignatureAlgorithm {
596 return fmt.Errorf("expected peer to use signature algorithm %04x, but got %04x", expected, connState.PeerSignatureAlgorithm)
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]597 }
598
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]599 if expected := test.expectedCurveID; expected != 0 && expected != connState.CurveID {
600 return fmt.Errorf("expected peer to use curve %04x, but got %04x", expected, connState.CurveID)
601 }
602
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]603 if test.expectPeerCertificate != nil {
604 if len(connState.PeerCertificates) != len(test.expectPeerCertificate.Certificate) {
605 return fmt.Errorf("expected peer to send %d certificates, but got %d", len(connState.PeerCertificates), len(test.expectPeerCertificate.Certificate))
606 }
607 for i, cert := range connState.PeerCertificates {
608 if !bytes.Equal(cert.Raw, test.expectPeerCertificate.Certificate[i]) {
609 return fmt.Errorf("peer certificate %d did not match", i+1)
610 }
611 }
612 }
613
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]614 if test.exportKeyingMaterial > 0 {
615 actual := make([]byte, test.exportKeyingMaterial)
616 if _, err := io.ReadFull(tlsConn, actual); err != nil {
617 return err
618 }
619 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
620 if err != nil {
621 return err
622 }
623 if !bytes.Equal(actual, expected) {
624 return fmt.Errorf("keying material mismatch")
625 }
626 }
627
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]628 if test.testTLSUnique {
629 var peersValue [12]byte
630 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
631 return err
632 }
633 expected := tlsConn.ConnectionState().TLSUnique
634 if !bytes.Equal(peersValue[:], expected) {
635 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
636 }
637 }
638
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]639 if test.shimWritesFirst {
640 var buf [5]byte
641 _, err := io.ReadFull(tlsConn, buf[:])
642 if err != nil {
643 return err
644 }
645 if string(buf[:]) != "hello" {
646 return fmt.Errorf("bad initial message")
647 }
648 }
649
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]650 for i := 0; i < test.sendKeyUpdates; i++ {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]651 if err := tlsConn.SendKeyUpdate(test.keyUpdateRequest); err != nil {
David Benjamin7f0965a2016-09-30 15:14:01 -0400[diff] [blame]652 return err
653 }
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]654 }
655
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]656 for i := 0; i < test.sendEmptyRecords; i++ {
657 tlsConn.Write(nil)
658 }
659
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]660 for i := 0; i < test.sendWarningAlerts; i++ {
661 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
662 }
663
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]664 if test.sendHalfHelloRequest {
665 tlsConn.SendHalfHelloRequest()
666 }
667
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]668 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]669 if test.renegotiateCiphers != nil {
670 config.CipherSuites = test.renegotiateCiphers
671 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]672 for i := 0; i < test.renegotiate; i++ {
673 if err := tlsConn.Renegotiate(); err != nil {
674 return err
675 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]676 }
677 } else if test.renegotiateCiphers != nil {
678 panic("renegotiateCiphers without renegotiate")
679 }
680
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]681 if test.damageFirstWrite {
682 connDamage.setDamage(true)
683 tlsConn.Write([]byte("DAMAGED WRITE"))
684 connDamage.setDamage(false)
685 }
686
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]687 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]688 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]689 if test.protocol == dtls {
690 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
691 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]692 // Read until EOF.
693 _, err := io.Copy(ioutil.Discard, tlsConn)
694 return err
695 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]696 if messageLen == 0 {
697 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]698 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]699
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]700 messageCount := test.messageCount
701 if messageCount == 0 {
702 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]703 }
704
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]705 for j := 0; j < messageCount; j++ {
706 testMessage := make([]byte, messageLen)
707 for i := range testMessage {
708 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]709 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]710 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]711
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]712 for i := 0; i < test.sendKeyUpdates; i++ {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]713 tlsConn.SendKeyUpdate(test.keyUpdateRequest)
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]714 }
715
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]716 for i := 0; i < test.sendEmptyRecords; i++ {
717 tlsConn.Write(nil)
718 }
719
720 for i := 0; i < test.sendWarningAlerts; i++ {
721 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
722 }
723
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]724 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]725 // The shim will not respond.
726 continue
727 }
728
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]729 buf := make([]byte, len(testMessage))
730 if test.protocol == dtls {
731 bufTmp := make([]byte, len(buf)+1)
732 n, err := tlsConn.Read(bufTmp)
733 if err != nil {
734 return err
735 }
736 if n != len(buf) {
737 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
738 }
739 copy(buf, bufTmp)
740 } else {
741 _, err := io.ReadFull(tlsConn, buf)
742 if err != nil {
743 return err
744 }
745 }
746
747 for i, v := range buf {
748 if v != testMessage[i]^0xff {
749 return fmt.Errorf("bad reply contents at byte %d", i)
750 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]751 }
752 }
753
754 return nil
755}
756
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]757func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]758 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full", "--quiet"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]759 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]760 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]761 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]762 valgrindArgs = append(valgrindArgs, path)
763 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]764
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]765 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]766}
767
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]768func gdbOf(path string, args ...string) *exec.Cmd {
769 xtermArgs := []string{"-e", "gdb", "--args"}
770 xtermArgs = append(xtermArgs, path)
771 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]772
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]773 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]774}
775
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]776func lldbOf(path string, args ...string) *exec.Cmd {
777 xtermArgs := []string{"-e", "lldb", "--"}
778 xtermArgs = append(xtermArgs, path)
779 xtermArgs = append(xtermArgs, args...)
780
781 return exec.Command("xterm", xtermArgs...)
782}
783
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]784var (
785 errMoreMallocs = errors.New("child process did not exhaust all allocation calls")
786 errUnimplemented = errors.New("child process does not implement needed flags")
787)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]788
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]789// accept accepts a connection from listener, unless waitChan signals a process
790// exit first.
791func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
792 type connOrError struct {
793 conn net.Conn
794 err error
795 }
796 connChan := make(chan connOrError, 1)
797 go func() {
798 conn, err := listener.Accept()
799 connChan <- connOrError{conn, err}
800 close(connChan)
801 }()
802 select {
803 case result := <-connChan:
804 return result.conn, result.err
805 case childErr := <-waitChan:
806 waitChan <- childErr
807 return nil, fmt.Errorf("child exited early: %s", childErr)
808 }
809}
810
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]811func translateExpectedError(errorStr string) string {
812 if translated, ok := shimConfig.ErrorMap[errorStr]; ok {
813 return translated
814 }
815
816 if *looseErrors {
817 return ""
818 }
819
820 return errorStr
821}
822
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]823func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]824 // Help debugging panics on the Go side.
825 defer func() {
826 if r := recover(); r != nil {
827 fmt.Fprintf(os.Stderr, "Test '%s' panicked.\n", test.name)
828 panic(r)
829 }
830 }()
831
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]832 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
833 panic("Error expected without shouldFail in " + test.name)
834 }
835
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]836 if test.expectResumeRejected && !test.resumeSession {
837 panic("expectResumeRejected without resumeSession in " + test.name)
838 }
839
Adam Langley33b1d4f2016-12-07 15:03:45 -0800[diff] [blame]840 for _, ver := range tlsVersions {
841 if !strings.Contains("-"+test.name+"-", "-"+ver.name+"-") {
842 continue
843 }
844
845 if test.config.MaxVersion != 0 || test.config.MinVersion != 0 || test.expectedVersion != 0 {
846 continue
847 }
848
849 panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
850 }
851
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]852 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
853 if err != nil {
854 panic(err)
855 }
856 defer func() {
857 if listener != nil {
858 listener.Close()
859 }
860 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]861
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]862 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]863 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]864 flags = append(flags, "-server")
865
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]866 flags = append(flags, "-key-file")
867 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]868 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]869 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]870 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]871 }
872
873 flags = append(flags, "-cert-file")
874 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]875 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]876 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]877 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]878 }
879 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]880
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]881 if test.protocol == dtls {
882 flags = append(flags, "-dtls")
883 }
884
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]885 var resumeCount int
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]886 if test.resumeSession {
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]887 resumeCount++
888 if test.resumeRenewedSession {
889 resumeCount++
890 }
891 }
892
893 if resumeCount > 0 {
894 flags = append(flags, "-resume-count", strconv.Itoa(resumeCount))
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]895 }
896
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]897 if test.shimWritesFirst {
898 flags = append(flags, "-shim-writes-first")
899 }
900
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]901 if test.shimShutsDown {
902 flags = append(flags, "-shim-shuts-down")
903 }
904
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]905 if test.exportKeyingMaterial > 0 {
906 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
907 flags = append(flags, "-export-label", test.exportLabel)
908 flags = append(flags, "-export-context", test.exportContext)
909 if test.useExportContext {
910 flags = append(flags, "-use-export-context")
911 }
912 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]913 if test.expectResumeRejected {
914 flags = append(flags, "-expect-session-miss")
915 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]916
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]917 if test.testTLSUnique {
918 flags = append(flags, "-tls-unique")
919 }
920
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]921 flags = append(flags, test.flags...)
922
923 var shim *exec.Cmd
924 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]925 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]926 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]927 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]928 } else if *useLLDB {
929 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]930 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]931 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]932 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]933 shim.Stdin = os.Stdin
934 var stdoutBuf, stderrBuf bytes.Buffer
935 shim.Stdout = &stdoutBuf
936 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]937 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]938 shim.Env = os.Environ()
939 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]940 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]941 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]942 }
943 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
944 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]945
946 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]947 panic(err)
948 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]949 waitChan := make(chan error, 1)
950 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]951
952 config := test.config
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]953
David Benjamin7a4aaa42016-09-20 17:58:14 -0400[diff] [blame]954 if *deterministic {
955 config.Rand = &deterministicRand{}
956 }
957
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]958 conn, err := acceptOrWait(listener, waitChan)
959 if err == nil {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]960 err = doExchange(test, &config, conn, false /* not a resumption */, 0)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]961 conn.Close()
962 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]963
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]964 for i := 0; err == nil && i < resumeCount; i++ {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]965 var resumeConfig Config
966 if test.resumeConfig != nil {
967 resumeConfig = *test.resumeConfig
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]968 if !test.newSessionsOnResume {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]969 resumeConfig.SessionTicketKey = config.SessionTicketKey
970 resumeConfig.ClientSessionCache = config.ClientSessionCache
971 resumeConfig.ServerSessionCache = config.ServerSessionCache
972 }
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]973 resumeConfig.Rand = config.Rand
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]974 } else {
975 resumeConfig = config
976 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]977 var connResume net.Conn
978 connResume, err = acceptOrWait(listener, waitChan)
979 if err == nil {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]980 err = doExchange(test, &resumeConfig, connResume, true /* resumption */, i+1)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]981 connResume.Close()
982 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]983 }
984
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]985 // Close the listener now. This is to avoid hangs should the shim try to
986 // open more connections than expected.
987 listener.Close()
988 listener = nil
989
990 childErr := <-waitChan
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]991 var isValgrindError bool
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]992 if exitError, ok := childErr.(*exec.ExitError); ok {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]993 switch exitError.Sys().(syscall.WaitStatus).ExitStatus() {
994 case 88:
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]995 return errMoreMallocs
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]996 case 89:
997 return errUnimplemented
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]998 case 99:
999 isValgrindError = true
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1000 }
1001 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1002
David Benjamin9bea3492016-03-02 10:59:16 -0500[diff] [blame]1003 // Account for Windows line endings.
1004 stdout := strings.Replace(string(stdoutBuf.Bytes()), "\r\n", "\n", -1)
1005 stderr := strings.Replace(string(stderrBuf.Bytes()), "\r\n", "\n", -1)
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]1006
1007 // Separate the errors from the shim and those from tools like
1008 // AddressSanitizer.
1009 var extraStderr string
1010 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
1011 stderr = stderrParts[0]
1012 extraStderr = stderrParts[1]
1013 }
1014
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1015 failed := err != nil || childErr != nil
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]1016 expectedError := translateExpectedError(test.expectedError)
1017 correctFailure := len(expectedError) == 0 || strings.Contains(stderr, expectedError)
EKR173bf932016-07-29 15:52:49 +0200[diff] [blame]1018
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1019 localError := "none"
1020 if err != nil {
1021 localError = err.Error()
1022 }
1023 if len(test.expectedLocalError) != 0 {
1024 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
1025 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1026
1027 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1028 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1029 if childErr != nil {
1030 childError = childErr.Error()
1031 }
1032
1033 var msg string
1034 switch {
1035 case failed && !test.shouldFail:
1036 msg = "unexpected failure"
1037 case !failed && test.shouldFail:
1038 msg = "unexpected success"
1039 case failed && !correctFailure:
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]1040 msg = "bad error (wanted '" + expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1041 default:
1042 panic("internal error")
1043 }
1044
David Benjamin9aafb642016-09-20 19:36:53 -0400[diff] [blame]1045 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s\n%s", msg, localError, childError, stdout, stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1046 }
1047
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1048 if len(extraStderr) > 0 || (!failed && len(stderr) > 0) {
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]1049 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1050 }
1051
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1052 if *useValgrind && isValgrindError {
1053 return fmt.Errorf("valgrind error:\n%s\n%s", stderr, extraStderr)
1054 }
1055
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1056 return nil
1057}
1058
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1059type tlsVersion struct {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1060 name string
1061 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1062 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1063 hasDTLS bool
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1064}
1065
1066var tlsVersions = []tlsVersion{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1067 {"SSL3", VersionSSL30, "-no-ssl3", false},
1068 {"TLS1", VersionTLS10, "-no-tls1", true},
1069 {"TLS11", VersionTLS11, "-no-tls11", false},
1070 {"TLS12", VersionTLS12, "-no-tls12", true},
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1071 {"TLS13", VersionTLS13, "-no-tls13", false},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1072}
1073
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1074type testCipherSuite struct {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1075 name string
1076 id uint16
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1077}
1078
1079var testCipherSuites = []testCipherSuite{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1080 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1081 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1082 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1083 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1084 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1085 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1086 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1087 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1088 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1089 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1090 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
1091 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1092 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1093 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1094 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1095 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
1096 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1097 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1098 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1099 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]1100 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1101 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1102 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1103 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1104 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1105 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1106 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1107 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]1108 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1109 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
1110 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]1111 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
1112 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1113 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1114 {"AEAD-CHACHA20-POLY1305", TLS_CHACHA20_POLY1305_SHA256},
1115 {"AEAD-AES128-GCM-SHA256", TLS_AES_128_GCM_SHA256},
1116 {"AEAD-AES256-GCM-SHA384", TLS_AES_256_GCM_SHA384},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1117 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1118}
1119
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1120func hasComponent(suiteName, component string) bool {
1121 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
1122}
1123
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1124func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1125 return hasComponent(suiteName, "GCM") ||
1126 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]1127 hasComponent(suiteName, "SHA384") ||
1128 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1129}
1130
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1131func isTLS13Suite(suiteName string) bool {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1132 return strings.HasPrefix(suiteName, "AEAD-")
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1133}
1134
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1135func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1136 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1137}
1138
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]1139func bigFromHex(hex string) *big.Int {
1140 ret, ok := new(big.Int).SetString(hex, 16)
1141 if !ok {
1142 panic("failed to parse hex number 0x" + hex)
1143 }
1144 return ret
1145}
1146
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1147func addBasicTests() {
1148 basicTests := []testCase{
1149 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1150 name: "NoFallbackSCSV",
1151 config: Config{
1152 Bugs: ProtocolBugs{
1153 FailIfNotFallbackSCSV: true,
1154 },
1155 },
1156 shouldFail: true,
1157 expectedLocalError: "no fallback SCSV found",
1158 },
1159 {
1160 name: "SendFallbackSCSV",
1161 config: Config{
1162 Bugs: ProtocolBugs{
1163 FailIfNotFallbackSCSV: true,
1164 },
1165 },
1166 flags: []string{"-fallback-scsv"},
1167 },
1168 {
1169 name: "ClientCertificateTypes",
1170 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1171 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1172 ClientAuth: RequestClientCert,
1173 ClientCertificateTypes: []byte{
1174 CertTypeDSSSign,
1175 CertTypeRSASign,
1176 CertTypeECDSASign,
1177 },
1178 },
1179 flags: []string{
1180 "-expect-certificate-types",
1181 base64.StdEncoding.EncodeToString([]byte{
1182 CertTypeDSSSign,
1183 CertTypeRSASign,
1184 CertTypeECDSASign,
1185 }),
1186 },
1187 },
1188 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1189 name: "UnauthenticatedECDH",
1190 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1191 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1192 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1193 Bugs: ProtocolBugs{
1194 UnauthenticatedECDH: true,
1195 },
1196 },
1197 shouldFail: true,
1198 expectedError: ":UNEXPECTED_MESSAGE:",
1199 },
1200 {
1201 name: "SkipCertificateStatus",
1202 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1203 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1204 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1205 Bugs: ProtocolBugs{
1206 SkipCertificateStatus: true,
1207 },
1208 },
1209 flags: []string{
1210 "-enable-ocsp-stapling",
1211 },
1212 },
1213 {
1214 name: "SkipServerKeyExchange",
1215 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1216 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1217 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1218 Bugs: ProtocolBugs{
1219 SkipServerKeyExchange: true,
1220 },
1221 },
1222 shouldFail: true,
1223 expectedError: ":UNEXPECTED_MESSAGE:",
1224 },
1225 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1226 testType: serverTest,
1227 name: "Alert",
1228 config: Config{
1229 Bugs: ProtocolBugs{
1230 SendSpuriousAlert: alertRecordOverflow,
1231 },
1232 },
1233 shouldFail: true,
1234 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1235 },
1236 {
1237 protocol: dtls,
1238 testType: serverTest,
1239 name: "Alert-DTLS",
1240 config: Config{
1241 Bugs: ProtocolBugs{
1242 SendSpuriousAlert: alertRecordOverflow,
1243 },
1244 },
1245 shouldFail: true,
1246 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1247 },
1248 {
1249 testType: serverTest,
1250 name: "FragmentAlert",
1251 config: Config{
1252 Bugs: ProtocolBugs{
1253 FragmentAlert: true,
1254 SendSpuriousAlert: alertRecordOverflow,
1255 },
1256 },
1257 shouldFail: true,
1258 expectedError: ":BAD_ALERT:",
1259 },
1260 {
1261 protocol: dtls,
1262 testType: serverTest,
1263 name: "FragmentAlert-DTLS",
1264 config: Config{
1265 Bugs: ProtocolBugs{
1266 FragmentAlert: true,
1267 SendSpuriousAlert: alertRecordOverflow,
1268 },
1269 },
1270 shouldFail: true,
1271 expectedError: ":BAD_ALERT:",
1272 },
1273 {
1274 testType: serverTest,
David Benjamin0d3a8c62016-03-11 22:25:18 -0500[diff] [blame]1275 name: "DoubleAlert",
1276 config: Config{
1277 Bugs: ProtocolBugs{
1278 DoubleAlert: true,
1279 SendSpuriousAlert: alertRecordOverflow,
1280 },
1281 },
1282 shouldFail: true,
1283 expectedError: ":BAD_ALERT:",
1284 },
1285 {
1286 protocol: dtls,
1287 testType: serverTest,
1288 name: "DoubleAlert-DTLS",
1289 config: Config{
1290 Bugs: ProtocolBugs{
1291 DoubleAlert: true,
1292 SendSpuriousAlert: alertRecordOverflow,
1293 },
1294 },
1295 shouldFail: true,
1296 expectedError: ":BAD_ALERT:",
1297 },
1298 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1299 name: "SkipNewSessionTicket",
1300 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1301 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1302 Bugs: ProtocolBugs{
1303 SkipNewSessionTicket: true,
1304 },
1305 },
1306 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1307 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1308 },
1309 {
1310 testType: serverTest,
1311 name: "FallbackSCSV",
1312 config: Config{
1313 MaxVersion: VersionTLS11,
1314 Bugs: ProtocolBugs{
1315 SendFallbackSCSV: true,
1316 },
1317 },
1318 shouldFail: true,
1319 expectedError: ":INAPPROPRIATE_FALLBACK:",
1320 },
1321 {
1322 testType: serverTest,
David Benjaminb442dee2016-12-19 22:15:08 -0500[diff] [blame]1323 name: "FallbackSCSV-VersionMatch-TLS13",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1324 config: Config{
David Benjaminb442dee2016-12-19 22:15:08 -0500[diff] [blame]1325 MaxVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1326 Bugs: ProtocolBugs{
1327 SendFallbackSCSV: true,
1328 },
1329 },
1330 },
1331 {
1332 testType: serverTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1333 name: "FallbackSCSV-VersionMatch-TLS12",
1334 config: Config{
1335 MaxVersion: VersionTLS12,
1336 Bugs: ProtocolBugs{
1337 SendFallbackSCSV: true,
1338 },
1339 },
1340 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
1341 },
1342 {
1343 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1344 name: "FragmentedClientVersion",
1345 config: Config{
1346 Bugs: ProtocolBugs{
1347 MaxHandshakeRecordLength: 1,
1348 FragmentClientVersion: true,
1349 },
1350 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1351 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1352 },
1353 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1354 testType: serverTest,
1355 name: "HttpGET",
1356 sendPrefix: "GET / HTTP/1.0\n",
1357 shouldFail: true,
1358 expectedError: ":HTTP_REQUEST:",
1359 },
1360 {
1361 testType: serverTest,
1362 name: "HttpPOST",
1363 sendPrefix: "POST / HTTP/1.0\n",
1364 shouldFail: true,
1365 expectedError: ":HTTP_REQUEST:",
1366 },
1367 {
1368 testType: serverTest,
1369 name: "HttpHEAD",
1370 sendPrefix: "HEAD / HTTP/1.0\n",
1371 shouldFail: true,
1372 expectedError: ":HTTP_REQUEST:",
1373 },
1374 {
1375 testType: serverTest,
1376 name: "HttpPUT",
1377 sendPrefix: "PUT / HTTP/1.0\n",
1378 shouldFail: true,
1379 expectedError: ":HTTP_REQUEST:",
1380 },
1381 {
1382 testType: serverTest,
1383 name: "HttpCONNECT",
1384 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1385 shouldFail: true,
1386 expectedError: ":HTTPS_PROXY_REQUEST:",
1387 },
1388 {
1389 testType: serverTest,
1390 name: "Garbage",
1391 sendPrefix: "blah",
1392 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1393 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1394 },
1395 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1396 name: "RSAEphemeralKey",
1397 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1398 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1399 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1400 Bugs: ProtocolBugs{
1401 RSAEphemeralKey: true,
1402 },
1403 },
1404 shouldFail: true,
1405 expectedError: ":UNEXPECTED_MESSAGE:",
1406 },
1407 {
1408 name: "DisableEverything",
Steven Valdez4f94b1c2016-05-24 12:31:07 -0400[diff] [blame]1409 flags: []string{"-no-tls13", "-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1410 shouldFail: true,
1411 expectedError: ":WRONG_SSL_VERSION:",
1412 },
1413 {
1414 protocol: dtls,
1415 name: "DisableEverything-DTLS",
1416 flags: []string{"-no-tls12", "-no-tls1"},
1417 shouldFail: true,
1418 expectedError: ":WRONG_SSL_VERSION:",
1419 },
1420 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1421 protocol: dtls,
1422 testType: serverTest,
1423 name: "MTU",
1424 config: Config{
1425 Bugs: ProtocolBugs{
1426 MaxPacketLength: 256,
1427 },
1428 },
1429 flags: []string{"-mtu", "256"},
1430 },
1431 {
1432 protocol: dtls,
1433 testType: serverTest,
1434 name: "MTUExceeded",
1435 config: Config{
1436 Bugs: ProtocolBugs{
1437 MaxPacketLength: 255,
1438 },
1439 },
1440 flags: []string{"-mtu", "256"},
1441 shouldFail: true,
1442 expectedLocalError: "dtls: exceeded maximum packet length",
1443 },
1444 {
1445 name: "CertMismatchRSA",
1446 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1447 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1448 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]1449 Certificates: []Certificate{ecdsaP256Certificate},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1450 Bugs: ProtocolBugs{
1451 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1452 },
1453 },
1454 shouldFail: true,
1455 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1456 },
1457 {
1458 name: "CertMismatchECDSA",
1459 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1460 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1461 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]1462 Certificates: []Certificate{rsaCertificate},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1463 Bugs: ProtocolBugs{
1464 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1465 },
1466 },
1467 shouldFail: true,
1468 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1469 },
1470 {
1471 name: "EmptyCertificateList",
1472 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1473 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1474 Bugs: ProtocolBugs{
1475 EmptyCertificateList: true,
1476 },
1477 },
1478 shouldFail: true,
1479 expectedError: ":DECODE_ERROR:",
1480 },
1481 {
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1482 name: "EmptyCertificateList-TLS13",
1483 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1484 MaxVersion: VersionTLS13,
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1485 Bugs: ProtocolBugs{
1486 EmptyCertificateList: true,
1487 },
1488 },
1489 shouldFail: true,
David Benjamin4087df92016-08-01 20:16:31 -0400[diff] [blame]1490 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1491 },
1492 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1493 name: "TLSFatalBadPackets",
1494 damageFirstWrite: true,
1495 shouldFail: true,
1496 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1497 },
1498 {
1499 protocol: dtls,
1500 name: "DTLSIgnoreBadPackets",
1501 damageFirstWrite: true,
1502 },
1503 {
1504 protocol: dtls,
1505 name: "DTLSIgnoreBadPackets-Async",
1506 damageFirstWrite: true,
1507 flags: []string{"-async"},
1508 },
1509 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1510 name: "AppDataBeforeHandshake",
1511 config: Config{
1512 Bugs: ProtocolBugs{
1513 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1514 },
1515 },
1516 shouldFail: true,
1517 expectedError: ":UNEXPECTED_RECORD:",
1518 },
1519 {
1520 name: "AppDataBeforeHandshake-Empty",
1521 config: Config{
1522 Bugs: ProtocolBugs{
1523 AppDataBeforeHandshake: []byte{},
1524 },
1525 },
1526 shouldFail: true,
1527 expectedError: ":UNEXPECTED_RECORD:",
1528 },
1529 {
1530 protocol: dtls,
1531 name: "AppDataBeforeHandshake-DTLS",
1532 config: Config{
1533 Bugs: ProtocolBugs{
1534 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1535 },
1536 },
1537 shouldFail: true,
1538 expectedError: ":UNEXPECTED_RECORD:",
1539 },
1540 {
1541 protocol: dtls,
1542 name: "AppDataBeforeHandshake-DTLS-Empty",
1543 config: Config{
1544 Bugs: ProtocolBugs{
1545 AppDataBeforeHandshake: []byte{},
1546 },
1547 },
1548 shouldFail: true,
1549 expectedError: ":UNEXPECTED_RECORD:",
1550 },
1551 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1552 name: "AppDataAfterChangeCipherSpec",
1553 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1554 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1555 Bugs: ProtocolBugs{
1556 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1557 },
1558 },
1559 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1560 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1561 },
1562 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1563 name: "AppDataAfterChangeCipherSpec-Empty",
1564 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1565 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1566 Bugs: ProtocolBugs{
1567 AppDataAfterChangeCipherSpec: []byte{},
1568 },
1569 },
1570 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1571 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1572 },
1573 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1574 protocol: dtls,
1575 name: "AppDataAfterChangeCipherSpec-DTLS",
1576 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1577 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1578 Bugs: ProtocolBugs{
1579 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1580 },
1581 },
1582 // BoringSSL's DTLS implementation will drop the out-of-order
1583 // application data.
1584 },
1585 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1586 protocol: dtls,
1587 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1588 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1589 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1590 Bugs: ProtocolBugs{
1591 AppDataAfterChangeCipherSpec: []byte{},
1592 },
1593 },
1594 // BoringSSL's DTLS implementation will drop the out-of-order
1595 // application data.
1596 },
1597 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1598 name: "AlertAfterChangeCipherSpec",
1599 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1600 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1601 Bugs: ProtocolBugs{
1602 AlertAfterChangeCipherSpec: alertRecordOverflow,
1603 },
1604 },
1605 shouldFail: true,
1606 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1607 },
1608 {
1609 protocol: dtls,
1610 name: "AlertAfterChangeCipherSpec-DTLS",
1611 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1612 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1613 Bugs: ProtocolBugs{
1614 AlertAfterChangeCipherSpec: alertRecordOverflow,
1615 },
1616 },
1617 shouldFail: true,
1618 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1619 },
1620 {
1621 protocol: dtls,
1622 name: "ReorderHandshakeFragments-Small-DTLS",
1623 config: Config{
1624 Bugs: ProtocolBugs{
1625 ReorderHandshakeFragments: true,
1626 // Small enough that every handshake message is
1627 // fragmented.
1628 MaxHandshakeRecordLength: 2,
1629 },
1630 },
1631 },
1632 {
1633 protocol: dtls,
1634 name: "ReorderHandshakeFragments-Large-DTLS",
1635 config: Config{
1636 Bugs: ProtocolBugs{
1637 ReorderHandshakeFragments: true,
1638 // Large enough that no handshake message is
1639 // fragmented.
1640 MaxHandshakeRecordLength: 2048,
1641 },
1642 },
1643 },
1644 {
1645 protocol: dtls,
1646 name: "MixCompleteMessageWithFragments-DTLS",
1647 config: Config{
1648 Bugs: ProtocolBugs{
1649 ReorderHandshakeFragments: true,
1650 MixCompleteMessageWithFragments: true,
1651 MaxHandshakeRecordLength: 2,
1652 },
1653 },
1654 },
1655 {
1656 name: "SendInvalidRecordType",
1657 config: Config{
1658 Bugs: ProtocolBugs{
1659 SendInvalidRecordType: true,
1660 },
1661 },
1662 shouldFail: true,
1663 expectedError: ":UNEXPECTED_RECORD:",
1664 },
1665 {
1666 protocol: dtls,
1667 name: "SendInvalidRecordType-DTLS",
1668 config: Config{
1669 Bugs: ProtocolBugs{
1670 SendInvalidRecordType: true,
1671 },
1672 },
1673 shouldFail: true,
1674 expectedError: ":UNEXPECTED_RECORD:",
1675 },
1676 {
1677 name: "FalseStart-SkipServerSecondLeg",
1678 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1679 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1680 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1681 NextProtos: []string{"foo"},
1682 Bugs: ProtocolBugs{
1683 SkipNewSessionTicket: true,
1684 SkipChangeCipherSpec: true,
1685 SkipFinished: true,
1686 ExpectFalseStart: true,
1687 },
1688 },
1689 flags: []string{
1690 "-false-start",
1691 "-handshake-never-done",
1692 "-advertise-alpn", "\x03foo",
1693 },
1694 shimWritesFirst: true,
1695 shouldFail: true,
1696 expectedError: ":UNEXPECTED_RECORD:",
1697 },
1698 {
1699 name: "FalseStart-SkipServerSecondLeg-Implicit",
1700 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1701 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1702 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1703 NextProtos: []string{"foo"},
1704 Bugs: ProtocolBugs{
1705 SkipNewSessionTicket: true,
1706 SkipChangeCipherSpec: true,
1707 SkipFinished: true,
1708 },
1709 },
1710 flags: []string{
1711 "-implicit-handshake",
1712 "-false-start",
1713 "-handshake-never-done",
1714 "-advertise-alpn", "\x03foo",
1715 },
1716 shouldFail: true,
1717 expectedError: ":UNEXPECTED_RECORD:",
1718 },
1719 {
1720 testType: serverTest,
1721 name: "FailEarlyCallback",
1722 flags: []string{"-fail-early-callback"},
1723 shouldFail: true,
1724 expectedError: ":CONNECTION_REJECTED:",
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]1725 expectedLocalError: "remote error: handshake failure",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1726 },
1727 {
David Benjaminb8d74f52016-11-14 22:02:50 +0900[diff] [blame]1728 name: "FailCertCallback-Client-TLS12",
1729 config: Config{
1730 MaxVersion: VersionTLS12,
1731 ClientAuth: RequestClientCert,
1732 },
1733 flags: []string{"-fail-cert-callback"},
1734 shouldFail: true,
1735 expectedError: ":CERT_CB_ERROR:",
1736 expectedLocalError: "remote error: internal error",
1737 },
1738 {
1739 testType: serverTest,
1740 name: "FailCertCallback-Server-TLS12",
1741 config: Config{
1742 MaxVersion: VersionTLS12,
1743 },
1744 flags: []string{"-fail-cert-callback"},
1745 shouldFail: true,
1746 expectedError: ":CERT_CB_ERROR:",
1747 expectedLocalError: "remote error: internal error",
1748 },
1749 {
1750 name: "FailCertCallback-Client-TLS13",
1751 config: Config{
1752 MaxVersion: VersionTLS13,
1753 ClientAuth: RequestClientCert,
1754 },
1755 flags: []string{"-fail-cert-callback"},
1756 shouldFail: true,
1757 expectedError: ":CERT_CB_ERROR:",
1758 expectedLocalError: "remote error: internal error",
1759 },
1760 {
1761 testType: serverTest,
1762 name: "FailCertCallback-Server-TLS13",
1763 config: Config{
1764 MaxVersion: VersionTLS13,
1765 },
1766 flags: []string{"-fail-cert-callback"},
1767 shouldFail: true,
1768 expectedError: ":CERT_CB_ERROR:",
1769 expectedLocalError: "remote error: internal error",
1770 },
1771 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1772 protocol: dtls,
1773 name: "FragmentMessageTypeMismatch-DTLS",
1774 config: Config{
1775 Bugs: ProtocolBugs{
1776 MaxHandshakeRecordLength: 2,
1777 FragmentMessageTypeMismatch: true,
1778 },
1779 },
1780 shouldFail: true,
1781 expectedError: ":FRAGMENT_MISMATCH:",
1782 },
1783 {
1784 protocol: dtls,
1785 name: "FragmentMessageLengthMismatch-DTLS",
1786 config: Config{
1787 Bugs: ProtocolBugs{
1788 MaxHandshakeRecordLength: 2,
1789 FragmentMessageLengthMismatch: true,
1790 },
1791 },
1792 shouldFail: true,
1793 expectedError: ":FRAGMENT_MISMATCH:",
1794 },
1795 {
1796 protocol: dtls,
1797 name: "SplitFragments-Header-DTLS",
1798 config: Config{
1799 Bugs: ProtocolBugs{
1800 SplitFragments: 2,
1801 },
1802 },
1803 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1804 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1805 },
1806 {
1807 protocol: dtls,
1808 name: "SplitFragments-Boundary-DTLS",
1809 config: Config{
1810 Bugs: ProtocolBugs{
1811 SplitFragments: dtlsRecordHeaderLen,
1812 },
1813 },
1814 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1815 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1816 },
1817 {
1818 protocol: dtls,
1819 name: "SplitFragments-Body-DTLS",
1820 config: Config{
1821 Bugs: ProtocolBugs{
1822 SplitFragments: dtlsRecordHeaderLen + 1,
1823 },
1824 },
1825 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1826 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1827 },
1828 {
1829 protocol: dtls,
1830 name: "SendEmptyFragments-DTLS",
1831 config: Config{
1832 Bugs: ProtocolBugs{
1833 SendEmptyFragments: true,
1834 },
1835 },
1836 },
1837 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1838 name: "BadFinished-Client",
1839 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1840 MaxVersion: VersionTLS12,
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1841 Bugs: ProtocolBugs{
1842 BadFinished: true,
1843 },
1844 },
1845 shouldFail: true,
1846 expectedError: ":DIGEST_CHECK_FAILED:",
1847 },
1848 {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1849 name: "BadFinished-Client-TLS13",
1850 config: Config{
1851 MaxVersion: VersionTLS13,
1852 Bugs: ProtocolBugs{
1853 BadFinished: true,
1854 },
1855 },
1856 shouldFail: true,
1857 expectedError: ":DIGEST_CHECK_FAILED:",
1858 },
1859 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1860 testType: serverTest,
1861 name: "BadFinished-Server",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1862 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1863 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1864 Bugs: ProtocolBugs{
1865 BadFinished: true,
1866 },
1867 },
1868 shouldFail: true,
1869 expectedError: ":DIGEST_CHECK_FAILED:",
1870 },
1871 {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1872 testType: serverTest,
1873 name: "BadFinished-Server-TLS13",
1874 config: Config{
1875 MaxVersion: VersionTLS13,
1876 Bugs: ProtocolBugs{
1877 BadFinished: true,
1878 },
1879 },
1880 shouldFail: true,
1881 expectedError: ":DIGEST_CHECK_FAILED:",
1882 },
1883 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1884 name: "FalseStart-BadFinished",
1885 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1886 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1887 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1888 NextProtos: []string{"foo"},
1889 Bugs: ProtocolBugs{
1890 BadFinished: true,
1891 ExpectFalseStart: true,
1892 },
1893 },
1894 flags: []string{
1895 "-false-start",
1896 "-handshake-never-done",
1897 "-advertise-alpn", "\x03foo",
1898 },
1899 shimWritesFirst: true,
1900 shouldFail: true,
1901 expectedError: ":DIGEST_CHECK_FAILED:",
1902 },
1903 {
1904 name: "NoFalseStart-NoALPN",
1905 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1906 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1907 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1908 Bugs: ProtocolBugs{
1909 ExpectFalseStart: true,
1910 AlertBeforeFalseStartTest: alertAccessDenied,
1911 },
1912 },
1913 flags: []string{
1914 "-false-start",
1915 },
1916 shimWritesFirst: true,
1917 shouldFail: true,
1918 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1919 expectedLocalError: "tls: peer did not false start: EOF",
1920 },
1921 {
1922 name: "NoFalseStart-NoAEAD",
1923 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1924 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1925 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1926 NextProtos: []string{"foo"},
1927 Bugs: ProtocolBugs{
1928 ExpectFalseStart: true,
1929 AlertBeforeFalseStartTest: alertAccessDenied,
1930 },
1931 },
1932 flags: []string{
1933 "-false-start",
1934 "-advertise-alpn", "\x03foo",
1935 },
1936 shimWritesFirst: true,
1937 shouldFail: true,
1938 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1939 expectedLocalError: "tls: peer did not false start: EOF",
1940 },
1941 {
1942 name: "NoFalseStart-RSA",
1943 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1944 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1945 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1946 NextProtos: []string{"foo"},
1947 Bugs: ProtocolBugs{
1948 ExpectFalseStart: true,
1949 AlertBeforeFalseStartTest: alertAccessDenied,
1950 },
1951 },
1952 flags: []string{
1953 "-false-start",
1954 "-advertise-alpn", "\x03foo",
1955 },
1956 shimWritesFirst: true,
1957 shouldFail: true,
1958 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1959 expectedLocalError: "tls: peer did not false start: EOF",
1960 },
1961 {
1962 name: "NoFalseStart-DHE_RSA",
1963 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1964 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1965 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1966 NextProtos: []string{"foo"},
1967 Bugs: ProtocolBugs{
1968 ExpectFalseStart: true,
1969 AlertBeforeFalseStartTest: alertAccessDenied,
1970 },
1971 },
1972 flags: []string{
1973 "-false-start",
1974 "-advertise-alpn", "\x03foo",
1975 },
1976 shimWritesFirst: true,
1977 shouldFail: true,
1978 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1979 expectedLocalError: "tls: peer did not false start: EOF",
1980 },
1981 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1982 protocol: dtls,
1983 name: "SendSplitAlert-Sync",
1984 config: Config{
1985 Bugs: ProtocolBugs{
1986 SendSplitAlert: true,
1987 },
1988 },
1989 },
1990 {
1991 protocol: dtls,
1992 name: "SendSplitAlert-Async",
1993 config: Config{
1994 Bugs: ProtocolBugs{
1995 SendSplitAlert: true,
1996 },
1997 },
1998 flags: []string{"-async"},
1999 },
2000 {
2001 protocol: dtls,
2002 name: "PackDTLSHandshake",
2003 config: Config{
2004 Bugs: ProtocolBugs{
2005 MaxHandshakeRecordLength: 2,
2006 PackHandshakeFragments: 20,
2007 PackHandshakeRecords: 200,
2008 },
2009 },
2010 },
2011 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2012 name: "SendEmptyRecords-Pass",
2013 sendEmptyRecords: 32,
2014 },
2015 {
2016 name: "SendEmptyRecords",
2017 sendEmptyRecords: 33,
2018 shouldFail: true,
2019 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2020 },
2021 {
2022 name: "SendEmptyRecords-Async",
2023 sendEmptyRecords: 33,
2024 flags: []string{"-async"},
2025 shouldFail: true,
2026 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2027 },
2028 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2029 name: "SendWarningAlerts-Pass",
2030 config: Config{
2031 MaxVersion: VersionTLS12,
2032 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2033 sendWarningAlerts: 4,
2034 },
2035 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2036 protocol: dtls,
2037 name: "SendWarningAlerts-DTLS-Pass",
2038 config: Config{
2039 MaxVersion: VersionTLS12,
2040 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2041 sendWarningAlerts: 4,
2042 },
2043 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2044 name: "SendWarningAlerts-TLS13",
2045 config: Config{
2046 MaxVersion: VersionTLS13,
2047 },
2048 sendWarningAlerts: 4,
2049 shouldFail: true,
2050 expectedError: ":BAD_ALERT:",
2051 expectedLocalError: "remote error: error decoding message",
2052 },
2053 {
2054 name: "SendWarningAlerts",
2055 config: Config{
2056 MaxVersion: VersionTLS12,
2057 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2058 sendWarningAlerts: 5,
2059 shouldFail: true,
2060 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2061 },
2062 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2063 name: "SendWarningAlerts-Async",
2064 config: Config{
2065 MaxVersion: VersionTLS12,
2066 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2067 sendWarningAlerts: 5,
2068 flags: []string{"-async"},
2069 shouldFail: true,
2070 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2071 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2072 {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2073 name: "TooManyKeyUpdates",
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]2074 config: Config{
2075 MaxVersion: VersionTLS13,
2076 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2077 sendKeyUpdates: 33,
2078 keyUpdateRequest: keyUpdateNotRequested,
2079 shouldFail: true,
2080 expectedError: ":TOO_MANY_KEY_UPDATES:",
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]2081 },
2082 {
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2083 name: "EmptySessionID",
2084 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2085 MaxVersion: VersionTLS12,
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2086 SessionTicketsDisabled: true,
2087 },
2088 noSessionCache: true,
2089 flags: []string{"-expect-no-session"},
2090 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2091 {
2092 name: "Unclean-Shutdown",
2093 config: Config{
2094 Bugs: ProtocolBugs{
2095 NoCloseNotify: true,
2096 ExpectCloseNotify: true,
2097 },
2098 },
2099 shimShutsDown: true,
2100 flags: []string{"-check-close-notify"},
2101 shouldFail: true,
2102 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
2103 },
2104 {
2105 name: "Unclean-Shutdown-Ignored",
2106 config: Config{
2107 Bugs: ProtocolBugs{
2108 NoCloseNotify: true,
2109 },
2110 },
2111 shimShutsDown: true,
2112 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2113 {
David Benjaminfa214e42016-05-10 17:03:10 -0400[diff] [blame]2114 name: "Unclean-Shutdown-Alert",
2115 config: Config{
2116 Bugs: ProtocolBugs{
2117 SendAlertOnShutdown: alertDecompressionFailure,
2118 ExpectCloseNotify: true,
2119 },
2120 },
2121 shimShutsDown: true,
2122 flags: []string{"-check-close-notify"},
2123 shouldFail: true,
2124 expectedError: ":SSLV3_ALERT_DECOMPRESSION_FAILURE:",
2125 },
2126 {
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2127 name: "LargePlaintext",
2128 config: Config{
2129 Bugs: ProtocolBugs{
2130 SendLargeRecords: true,
2131 },
2132 },
2133 messageLen: maxPlaintext + 1,
2134 shouldFail: true,
2135 expectedError: ":DATA_LENGTH_TOO_LONG:",
2136 },
2137 {
2138 protocol: dtls,
2139 name: "LargePlaintext-DTLS",
2140 config: Config{
2141 Bugs: ProtocolBugs{
2142 SendLargeRecords: true,
2143 },
2144 },
2145 messageLen: maxPlaintext + 1,
2146 shouldFail: true,
2147 expectedError: ":DATA_LENGTH_TOO_LONG:",
2148 },
2149 {
2150 name: "LargeCiphertext",
2151 config: Config{
2152 Bugs: ProtocolBugs{
2153 SendLargeRecords: true,
2154 },
2155 },
2156 messageLen: maxPlaintext * 2,
2157 shouldFail: true,
2158 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
2159 },
2160 {
2161 protocol: dtls,
2162 name: "LargeCiphertext-DTLS",
2163 config: Config{
2164 Bugs: ProtocolBugs{
2165 SendLargeRecords: true,
2166 },
2167 },
2168 messageLen: maxPlaintext * 2,
2169 // Unlike the other four cases, DTLS drops records which
2170 // are invalid before authentication, so the connection
2171 // does not fail.
2172 expectMessageDropped: true,
2173 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2174 {
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2175 name: "BadHelloRequest-1",
2176 renegotiate: 1,
2177 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2178 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2179 Bugs: ProtocolBugs{
2180 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2181 },
2182 },
2183 flags: []string{
2184 "-renegotiate-freely",
2185 "-expect-total-renegotiations", "1",
2186 },
2187 shouldFail: true,
David Benjamin163f29a2016-07-28 11:05:58 -0400[diff] [blame]2188 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2189 },
2190 {
2191 name: "BadHelloRequest-2",
2192 renegotiate: 1,
2193 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2194 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2195 Bugs: ProtocolBugs{
2196 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2197 },
2198 },
2199 flags: []string{
2200 "-renegotiate-freely",
2201 "-expect-total-renegotiations", "1",
2202 },
2203 shouldFail: true,
2204 expectedError: ":BAD_HELLO_REQUEST:",
2205 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2206 {
2207 testType: serverTest,
2208 name: "SupportTicketsWithSessionID",
2209 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2210 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2211 SessionTicketsDisabled: true,
2212 },
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2213 resumeConfig: &Config{
2214 MaxVersion: VersionTLS12,
2215 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2216 resumeSession: true,
2217 },
David Benjamin02edcd02016-07-27 17:40:37 -0400[diff] [blame]2218 {
2219 protocol: dtls,
2220 name: "DTLS-SendExtraFinished",
2221 config: Config{
2222 Bugs: ProtocolBugs{
2223 SendExtraFinished: true,
2224 },
2225 },
2226 shouldFail: true,
2227 expectedError: ":UNEXPECTED_RECORD:",
2228 },
2229 {
2230 protocol: dtls,
2231 name: "DTLS-SendExtraFinished-Reordered",
2232 config: Config{
2233 Bugs: ProtocolBugs{
2234 MaxHandshakeRecordLength: 2,
2235 ReorderHandshakeFragments: true,
2236 SendExtraFinished: true,
2237 },
2238 },
2239 shouldFail: true,
2240 expectedError: ":UNEXPECTED_RECORD:",
2241 },
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2242 {
2243 testType: serverTest,
2244 name: "V2ClientHello-EmptyRecordPrefix",
2245 config: Config{
2246 // Choose a cipher suite that does not involve
2247 // elliptic curves, so no extensions are
2248 // involved.
2249 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]2250 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2251 Bugs: ProtocolBugs{
2252 SendV2ClientHello: true,
2253 },
2254 },
2255 sendPrefix: string([]byte{
2256 byte(recordTypeHandshake),
2257 3, 1, // version
2258 0, 0, // length
2259 }),
2260 // A no-op empty record may not be sent before V2ClientHello.
2261 shouldFail: true,
2262 expectedError: ":WRONG_VERSION_NUMBER:",
2263 },
2264 {
2265 testType: serverTest,
2266 name: "V2ClientHello-WarningAlertPrefix",
2267 config: Config{
2268 // Choose a cipher suite that does not involve
2269 // elliptic curves, so no extensions are
2270 // involved.
2271 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]2272 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2273 Bugs: ProtocolBugs{
2274 SendV2ClientHello: true,
2275 },
2276 },
2277 sendPrefix: string([]byte{
2278 byte(recordTypeAlert),
2279 3, 1, // version
2280 0, 2, // length
2281 alertLevelWarning, byte(alertDecompressionFailure),
2282 }),
2283 // A no-op warning alert may not be sent before V2ClientHello.
2284 shouldFail: true,
2285 expectedError: ":WRONG_VERSION_NUMBER:",
2286 },
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2287 {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2288 name: "KeyUpdate",
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2289 config: Config{
2290 MaxVersion: VersionTLS13,
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2291 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2292 sendKeyUpdates: 1,
2293 keyUpdateRequest: keyUpdateNotRequested,
2294 },
2295 {
2296 name: "KeyUpdate-InvalidRequestMode",
2297 config: Config{
2298 MaxVersion: VersionTLS13,
2299 },
2300 sendKeyUpdates: 1,
2301 keyUpdateRequest: 42,
2302 shouldFail: true,
2303 expectedError: ":DECODE_ERROR:",
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2304 },
David Benjaminabe94e32016-09-04 14:18:58 -0400[diff] [blame]2305 {
2306 name: "SendSNIWarningAlert",
2307 config: Config{
2308 MaxVersion: VersionTLS12,
2309 Bugs: ProtocolBugs{
2310 SendSNIWarningAlert: true,
2311 },
2312 },
2313 },
David Benjaminc241d792016-09-09 10:34:20 -0400[diff] [blame]2314 {
2315 testType: serverTest,
2316 name: "ExtraCompressionMethods-TLS12",
2317 config: Config{
2318 MaxVersion: VersionTLS12,
2319 Bugs: ProtocolBugs{
2320 SendCompressionMethods: []byte{1, 2, 3, compressionNone, 4, 5, 6},
2321 },
2322 },
2323 },
2324 {
2325 testType: serverTest,
2326 name: "ExtraCompressionMethods-TLS13",
2327 config: Config{
2328 MaxVersion: VersionTLS13,
2329 Bugs: ProtocolBugs{
2330 SendCompressionMethods: []byte{1, 2, 3, compressionNone, 4, 5, 6},
2331 },
2332 },
2333 shouldFail: true,
2334 expectedError: ":INVALID_COMPRESSION_LIST:",
2335 expectedLocalError: "remote error: illegal parameter",
2336 },
2337 {
2338 testType: serverTest,
2339 name: "NoNullCompression-TLS12",
2340 config: Config{
2341 MaxVersion: VersionTLS12,
2342 Bugs: ProtocolBugs{
2343 SendCompressionMethods: []byte{1, 2, 3, 4, 5, 6},
2344 },
2345 },
2346 shouldFail: true,
2347 expectedError: ":NO_COMPRESSION_SPECIFIED:",
2348 expectedLocalError: "remote error: illegal parameter",
2349 },
2350 {
2351 testType: serverTest,
2352 name: "NoNullCompression-TLS13",
2353 config: Config{
2354 MaxVersion: VersionTLS13,
2355 Bugs: ProtocolBugs{
2356 SendCompressionMethods: []byte{1, 2, 3, 4, 5, 6},
2357 },
2358 },
2359 shouldFail: true,
2360 expectedError: ":INVALID_COMPRESSION_LIST:",
2361 expectedLocalError: "remote error: illegal parameter",
2362 },
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2363 {
David Benjamin1a5e8ec2016-10-07 15:19:18 -0400[diff] [blame]2364 name: "GREASE-Client-TLS12",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2365 config: Config{
2366 MaxVersion: VersionTLS12,
2367 Bugs: ProtocolBugs{
2368 ExpectGREASE: true,
2369 },
2370 },
2371 flags: []string{"-enable-grease"},
2372 },
2373 {
David Benjamin1a5e8ec2016-10-07 15:19:18 -0400[diff] [blame]2374 name: "GREASE-Client-TLS13",
2375 config: Config{
2376 MaxVersion: VersionTLS13,
2377 Bugs: ProtocolBugs{
2378 ExpectGREASE: true,
2379 },
2380 },
2381 flags: []string{"-enable-grease"},
2382 },
2383 {
2384 testType: serverTest,
2385 name: "GREASE-Server-TLS13",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2386 config: Config{
2387 MaxVersion: VersionTLS13,
2388 Bugs: ProtocolBugs{
David Benjamin079b3942016-10-20 13:19:20 -0400[diff] [blame]2389 // TLS 1.3 servers are expected to
2390 // always enable GREASE. TLS 1.3 is new,
2391 // so there is no existing ecosystem to
2392 // worry about.
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2393 ExpectGREASE: true,
2394 },
2395 },
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2396 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2397 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2398 testCases = append(testCases, basicTests...)
David Benjamina252b342016-09-26 19:57:53 -0400[diff] [blame]2399
2400 // Test that very large messages can be received.
2401 cert := rsaCertificate
2402 for i := 0; i < 50; i++ {
2403 cert.Certificate = append(cert.Certificate, cert.Certificate[0])
2404 }
2405 testCases = append(testCases, testCase{
2406 name: "LargeMessage",
2407 config: Config{
2408 Certificates: []Certificate{cert},
2409 },
2410 })
2411 testCases = append(testCases, testCase{
2412 protocol: dtls,
2413 name: "LargeMessage-DTLS",
2414 config: Config{
2415 Certificates: []Certificate{cert},
2416 },
2417 })
2418
2419 // They are rejected if the maximum certificate chain length is capped.
2420 testCases = append(testCases, testCase{
2421 name: "LargeMessage-Reject",
2422 config: Config{
2423 Certificates: []Certificate{cert},
2424 },
2425 flags: []string{"-max-cert-list", "16384"},
2426 shouldFail: true,
2427 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
2428 })
2429 testCases = append(testCases, testCase{
2430 protocol: dtls,
2431 name: "LargeMessage-Reject-DTLS",
2432 config: Config{
2433 Certificates: []Certificate{cert},
2434 },
2435 flags: []string{"-max-cert-list", "16384"},
2436 shouldFail: true,
2437 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
2438 })
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2439}
2440
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2441func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol protocol) {
2442 const psk = "12345"
2443 const pskIdentity = "luggage combo"
2444
2445 var prefix string
2446 if protocol == dtls {
2447 if !ver.hasDTLS {
2448 return
2449 }
2450 prefix = "D"
2451 }
2452
2453 var cert Certificate
2454 var certFile string
2455 var keyFile string
2456 if hasComponent(suite.name, "ECDSA") {
2457 cert = ecdsaP256Certificate
2458 certFile = ecdsaP256CertificateFile
2459 keyFile = ecdsaP256KeyFile
2460 } else {
2461 cert = rsaCertificate
2462 certFile = rsaCertificateFile
2463 keyFile = rsaKeyFile
2464 }
2465
2466 var flags []string
2467 if hasComponent(suite.name, "PSK") {
2468 flags = append(flags,
2469 "-psk", psk,
2470 "-psk-identity", pskIdentity)
2471 }
2472 if hasComponent(suite.name, "NULL") {
2473 // NULL ciphers must be explicitly enabled.
2474 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2475 }
2476 if hasComponent(suite.name, "ECDHE-PSK") && hasComponent(suite.name, "GCM") {
2477 // ECDHE_PSK AES_GCM ciphers must be explicitly enabled
2478 // for now.
2479 flags = append(flags, "-cipher", suite.name)
2480 }
2481
2482 var shouldServerFail, shouldClientFail bool
2483 if hasComponent(suite.name, "ECDHE") && ver.version == VersionSSL30 {
2484 // BoringSSL clients accept ECDHE on SSLv3, but
2485 // a BoringSSL server will never select it
2486 // because the extension is missing.
2487 shouldServerFail = true
2488 }
2489 if isTLS12Only(suite.name) && ver.version < VersionTLS12 {
2490 shouldClientFail = true
2491 shouldServerFail = true
2492 }
2493 if !isTLS13Suite(suite.name) && ver.version >= VersionTLS13 {
2494 shouldClientFail = true
2495 shouldServerFail = true
2496 }
2497 if isTLS13Suite(suite.name) && ver.version < VersionTLS13 {
2498 shouldClientFail = true
2499 shouldServerFail = true
2500 }
2501 if !isDTLSCipher(suite.name) && protocol == dtls {
2502 shouldClientFail = true
2503 shouldServerFail = true
2504 }
2505
2506 var sendCipherSuite uint16
2507 var expectedServerError, expectedClientError string
2508 serverCipherSuites := []uint16{suite.id}
2509 if shouldServerFail {
2510 expectedServerError = ":NO_SHARED_CIPHER:"
2511 }
2512 if shouldClientFail {
2513 expectedClientError = ":WRONG_CIPHER_RETURNED:"
2514 // Configure the server to select ciphers as normal but
2515 // select an incompatible cipher in ServerHello.
2516 serverCipherSuites = nil
2517 sendCipherSuite = suite.id
2518 }
2519
2520 testCases = append(testCases, testCase{
2521 testType: serverTest,
2522 protocol: protocol,
2523 name: prefix + ver.name + "-" + suite.name + "-server",
2524 config: Config{
2525 MinVersion: ver.version,
2526 MaxVersion: ver.version,
2527 CipherSuites: []uint16{suite.id},
2528 Certificates: []Certificate{cert},
2529 PreSharedKey: []byte(psk),
2530 PreSharedKeyIdentity: pskIdentity,
2531 Bugs: ProtocolBugs{
2532 AdvertiseAllConfiguredCiphers: true,
2533 },
2534 },
2535 certFile: certFile,
2536 keyFile: keyFile,
2537 flags: flags,
2538 resumeSession: true,
2539 shouldFail: shouldServerFail,
2540 expectedError: expectedServerError,
2541 })
2542
2543 testCases = append(testCases, testCase{
2544 testType: clientTest,
2545 protocol: protocol,
2546 name: prefix + ver.name + "-" + suite.name + "-client",
2547 config: Config{
2548 MinVersion: ver.version,
2549 MaxVersion: ver.version,
2550 CipherSuites: serverCipherSuites,
2551 Certificates: []Certificate{cert},
2552 PreSharedKey: []byte(psk),
2553 PreSharedKeyIdentity: pskIdentity,
2554 Bugs: ProtocolBugs{
2555 IgnorePeerCipherPreferences: shouldClientFail,
2556 SendCipherSuite: sendCipherSuite,
2557 },
2558 },
2559 flags: flags,
2560 resumeSession: true,
2561 shouldFail: shouldClientFail,
2562 expectedError: expectedClientError,
2563 })
2564
2565 if !shouldClientFail {
2566 // Ensure the maximum record size is accepted.
2567 testCases = append(testCases, testCase{
2568 protocol: protocol,
2569 name: prefix + ver.name + "-" + suite.name + "-LargeRecord",
2570 config: Config{
2571 MinVersion: ver.version,
2572 MaxVersion: ver.version,
2573 CipherSuites: []uint16{suite.id},
2574 Certificates: []Certificate{cert},
2575 PreSharedKey: []byte(psk),
2576 PreSharedKeyIdentity: pskIdentity,
2577 },
2578 flags: flags,
2579 messageLen: maxPlaintext,
2580 })
2581
2582 // Test bad records for all ciphers. Bad records are fatal in TLS
2583 // and ignored in DTLS.
2584 var shouldFail bool
2585 var expectedError string
2586 if protocol == tls {
2587 shouldFail = true
2588 expectedError = ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:"
2589 }
2590
2591 testCases = append(testCases, testCase{
2592 protocol: protocol,
2593 name: prefix + ver.name + "-" + suite.name + "-BadRecord",
2594 config: Config{
2595 MinVersion: ver.version,
2596 MaxVersion: ver.version,
2597 CipherSuites: []uint16{suite.id},
2598 Certificates: []Certificate{cert},
2599 PreSharedKey: []byte(psk),
2600 PreSharedKeyIdentity: pskIdentity,
2601 },
2602 flags: flags,
2603 damageFirstWrite: true,
2604 messageLen: maxPlaintext,
2605 shouldFail: shouldFail,
2606 expectedError: expectedError,
2607 })
2608 }
2609}
2610
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2611func addCipherSuiteTests() {
David Benjamine470e662016-07-18 15:47:32 +0200[diff] [blame]2612 const bogusCipher = 0xfe00
2613
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2614 for _, suite := range testCipherSuites {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2615 for _, ver := range tlsVersions {
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2616 for _, protocol := range []protocol{tls, dtls} {
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2617 addTestForCipherSuite(suite, ver, protocol)
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2618 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2619 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2620 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2621
2622 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2623 name: "NoSharedCipher",
2624 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2625 MaxVersion: VersionTLS12,
2626 CipherSuites: []uint16{},
2627 },
2628 shouldFail: true,
2629 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
2630 })
2631
2632 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]2633 name: "NoSharedCipher-TLS13",
2634 config: Config{
2635 MaxVersion: VersionTLS13,
2636 CipherSuites: []uint16{},
2637 },
2638 shouldFail: true,
2639 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
2640 })
2641
2642 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2643 name: "UnsupportedCipherSuite",
2644 config: Config{
2645 MaxVersion: VersionTLS12,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2646 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2647 Bugs: ProtocolBugs{
2648 IgnorePeerCipherPreferences: true,
2649 },
2650 },
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2651 flags: []string{"-cipher", "DEFAULT:!AES"},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2652 shouldFail: true,
2653 expectedError: ":WRONG_CIPHER_RETURNED:",
2654 })
2655
2656 testCases = append(testCases, testCase{
David Benjamine470e662016-07-18 15:47:32 +0200[diff] [blame]2657 name: "ServerHelloBogusCipher",
2658 config: Config{
2659 MaxVersion: VersionTLS12,
2660 Bugs: ProtocolBugs{
2661 SendCipherSuite: bogusCipher,
2662 },
2663 },
2664 shouldFail: true,
2665 expectedError: ":UNKNOWN_CIPHER_RETURNED:",
2666 })
2667 testCases = append(testCases, testCase{
2668 name: "ServerHelloBogusCipher-TLS13",
2669 config: Config{
2670 MaxVersion: VersionTLS13,
2671 Bugs: ProtocolBugs{
2672 SendCipherSuite: bogusCipher,
2673 },
2674 },
2675 shouldFail: true,
2676 expectedError: ":UNKNOWN_CIPHER_RETURNED:",
2677 })
2678
2679 testCases = append(testCases, testCase{
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2680 name: "WeakDH",
2681 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2682 MaxVersion: VersionTLS12,
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2683 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2684 Bugs: ProtocolBugs{
2685 // This is a 1023-bit prime number, generated
2686 // with:
2687 // openssl gendh 1023 | openssl asn1parse -i
2688 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2689 },
2690 },
2691 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2692 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2693 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2694
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2695 testCases = append(testCases, testCase{
2696 name: "SillyDH",
2697 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2698 MaxVersion: VersionTLS12,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2699 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2700 Bugs: ProtocolBugs{
2701 // This is a 4097-bit prime number, generated
2702 // with:
2703 // openssl gendh 4097 | openssl asn1parse -i
2704 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2705 },
2706 },
2707 shouldFail: true,
2708 expectedError: ":DH_P_TOO_LONG:",
2709 })
2710
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2711 // This test ensures that Diffie-Hellman public values are padded with
2712 // zeros so that they're the same length as the prime. This is to avoid
2713 // hitting a bug in yaSSL.
2714 testCases = append(testCases, testCase{
2715 testType: serverTest,
2716 name: "DHPublicValuePadded",
2717 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2718 MaxVersion: VersionTLS12,
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2719 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2720 Bugs: ProtocolBugs{
2721 RequireDHPublicValueLen: (1025 + 7) / 8,
2722 },
2723 },
2724 flags: []string{"-use-sparse-dh-prime"},
2725 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2726
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2727 // The server must be tolerant to bogus ciphers.
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2728 testCases = append(testCases, testCase{
2729 testType: serverTest,
2730 name: "UnknownCipher",
2731 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2732 MaxVersion: VersionTLS12,
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2733 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2734 Bugs: ProtocolBugs{
2735 AdvertiseAllConfiguredCiphers: true,
2736 },
2737 },
2738 })
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2739
2740 // The server must be tolerant to bogus ciphers.
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2741 testCases = append(testCases, testCase{
2742 testType: serverTest,
2743 name: "UnknownCipher-TLS13",
2744 config: Config{
2745 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2746 CipherSuites: []uint16{bogusCipher, TLS_AES_128_GCM_SHA256},
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2747 Bugs: ProtocolBugs{
2748 AdvertiseAllConfiguredCiphers: true,
2749 },
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2750 },
2751 })
2752
David Benjamin78679342016-09-16 19:42:05 -0400[diff] [blame]2753 // Test empty ECDHE_PSK identity hints work as expected.
2754 testCases = append(testCases, testCase{
2755 name: "EmptyECDHEPSKHint",
2756 config: Config{
2757 MaxVersion: VersionTLS12,
2758 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
2759 PreSharedKey: []byte("secret"),
2760 },
2761 flags: []string{"-psk", "secret"},
2762 })
2763
2764 // Test empty PSK identity hints work as expected, even if an explicit
2765 // ServerKeyExchange is sent.
2766 testCases = append(testCases, testCase{
2767 name: "ExplicitEmptyPSKHint",
2768 config: Config{
2769 MaxVersion: VersionTLS12,
2770 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2771 PreSharedKey: []byte("secret"),
2772 Bugs: ProtocolBugs{
2773 AlwaysSendPreSharedKeyIdentityHint: true,
2774 },
2775 },
2776 flags: []string{"-psk", "secret"},
2777 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2778}
2779
2780func addBadECDSASignatureTests() {
2781 for badR := BadValue(1); badR < NumBadValues; badR++ {
2782 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2783 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2784 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2785 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2786 MaxVersion: VersionTLS12,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2787 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]2788 Certificates: []Certificate{ecdsaP256Certificate},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2789 Bugs: ProtocolBugs{
2790 BadECDSAR: badR,
2791 BadECDSAS: badS,
2792 },
2793 },
2794 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2795 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2796 })
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2797 testCases = append(testCases, testCase{
2798 name: fmt.Sprintf("BadECDSA-%d-%d-TLS13", badR, badS),
2799 config: Config{
2800 MaxVersion: VersionTLS13,
2801 Certificates: []Certificate{ecdsaP256Certificate},
2802 Bugs: ProtocolBugs{
2803 BadECDSAR: badR,
2804 BadECDSAS: badS,
2805 },
2806 },
2807 shouldFail: true,
2808 expectedError: ":BAD_SIGNATURE:",
2809 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2810 }
2811 }
2812}
2813
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2814func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2815 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2816 name: "MaxCBCPadding",
2817 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2818 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2819 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2820 Bugs: ProtocolBugs{
2821 MaxPadding: true,
2822 },
2823 },
2824 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2825 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2826 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2827 name: "BadCBCPadding",
2828 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2829 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2830 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2831 Bugs: ProtocolBugs{
2832 PaddingFirstByteBad: true,
2833 },
2834 },
2835 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2836 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2837 })
2838 // OpenSSL previously had an issue where the first byte of padding in
2839 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2840 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2841 name: "BadCBCPadding255",
2842 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2843 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2844 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2845 Bugs: ProtocolBugs{
2846 MaxPadding: true,
2847 PaddingFirstByteBadIf255: true,
2848 },
2849 },
2850 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2851 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2852 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2853 })
2854}
2855
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2856func addCBCSplittingTests() {
2857 testCases = append(testCases, testCase{
2858 name: "CBCRecordSplitting",
2859 config: Config{
2860 MaxVersion: VersionTLS10,
2861 MinVersion: VersionTLS10,
2862 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2863 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2864 messageLen: -1, // read until EOF
2865 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2866 flags: []string{
2867 "-async",
2868 "-write-different-record-sizes",
2869 "-cbc-record-splitting",
2870 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2871 })
2872 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2873 name: "CBCRecordSplittingPartialWrite",
2874 config: Config{
2875 MaxVersion: VersionTLS10,
2876 MinVersion: VersionTLS10,
2877 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2878 },
2879 messageLen: -1, // read until EOF
2880 flags: []string{
2881 "-async",
2882 "-write-different-record-sizes",
2883 "-cbc-record-splitting",
2884 "-partial-write",
2885 },
2886 })
2887}
2888
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2889func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2890 // Add a dummy cert pool to stress certificate authority parsing.
2891 // TODO(davidben): Add tests that those values parse out correctly.
2892 certPool := x509.NewCertPool()
2893 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2894 if err != nil {
2895 panic(err)
2896 }
2897 certPool.AddCert(cert)
2898
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2899 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2900 testCases = append(testCases, testCase{
2901 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2902 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2903 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2904 MinVersion: ver.version,
2905 MaxVersion: ver.version,
2906 ClientAuth: RequireAnyClientCert,
2907 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2908 },
2909 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2910 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2911 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2912 },
2913 })
2914 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2915 testType: serverTest,
2916 name: ver.name + "-Server-ClientAuth-RSA",
2917 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2918 MinVersion: ver.version,
2919 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2920 Certificates: []Certificate{rsaCertificate},
2921 },
2922 flags: []string{"-require-any-client-certificate"},
2923 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2924 if ver.version != VersionSSL30 {
2925 testCases = append(testCases, testCase{
2926 testType: serverTest,
2927 name: ver.name + "-Server-ClientAuth-ECDSA",
2928 config: Config{
2929 MinVersion: ver.version,
2930 MaxVersion: ver.version,
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]2931 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2932 },
2933 flags: []string{"-require-any-client-certificate"},
2934 })
2935 testCases = append(testCases, testCase{
2936 testType: clientTest,
2937 name: ver.name + "-Client-ClientAuth-ECDSA",
2938 config: Config{
2939 MinVersion: ver.version,
2940 MaxVersion: ver.version,
2941 ClientAuth: RequireAnyClientCert,
2942 ClientCAs: certPool,
2943 },
2944 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]2945 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
2946 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2947 },
2948 })
2949 }
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2950
2951 testCases = append(testCases, testCase{
2952 name: "NoClientCertificate-" + ver.name,
2953 config: Config{
2954 MinVersion: ver.version,
2955 MaxVersion: ver.version,
2956 ClientAuth: RequireAnyClientCert,
2957 },
2958 shouldFail: true,
2959 expectedLocalError: "client didn't provide a certificate",
2960 })
2961
2962 testCases = append(testCases, testCase{
2963 // Even if not configured to expect a certificate, OpenSSL will
2964 // return X509_V_OK as the verify_result.
2965 testType: serverTest,
2966 name: "NoClientCertificateRequested-Server-" + ver.name,
2967 config: Config{
2968 MinVersion: ver.version,
2969 MaxVersion: ver.version,
2970 },
2971 flags: []string{
2972 "-expect-verify-result",
2973 },
David Benjamin5d9ba812016-10-07 20:51:20 -0400[diff] [blame]2974 resumeSession: true,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2975 })
2976
2977 testCases = append(testCases, testCase{
2978 // If a client certificate is not provided, OpenSSL will still
2979 // return X509_V_OK as the verify_result.
2980 testType: serverTest,
2981 name: "NoClientCertificate-Server-" + ver.name,
2982 config: Config{
2983 MinVersion: ver.version,
2984 MaxVersion: ver.version,
2985 },
2986 flags: []string{
2987 "-expect-verify-result",
2988 "-verify-peer",
2989 },
David Benjamin5d9ba812016-10-07 20:51:20 -0400[diff] [blame]2990 resumeSession: true,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2991 })
2992
David Benjamin1db9e1b2016-10-07 20:51:43 -0400[diff] [blame]2993 certificateRequired := "remote error: certificate required"
2994 if ver.version < VersionTLS13 {
2995 // Prior to TLS 1.3, the generic handshake_failure alert
2996 // was used.
2997 certificateRequired = "remote error: handshake failure"
2998 }
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2999 testCases = append(testCases, testCase{
3000 testType: serverTest,
3001 name: "RequireAnyClientCertificate-" + ver.name,
3002 config: Config{
3003 MinVersion: ver.version,
3004 MaxVersion: ver.version,
3005 },
David Benjamin1db9e1b2016-10-07 20:51:43 -0400[diff] [blame]3006 flags: []string{"-require-any-client-certificate"},
3007 shouldFail: true,
3008 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
3009 expectedLocalError: certificateRequired,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]3010 })
3011
3012 if ver.version != VersionSSL30 {
3013 testCases = append(testCases, testCase{
3014 testType: serverTest,
3015 name: "SkipClientCertificate-" + ver.name,
3016 config: Config{
3017 MinVersion: ver.version,
3018 MaxVersion: ver.version,
3019 Bugs: ProtocolBugs{
3020 SkipClientCertificate: true,
3021 },
3022 },
3023 // Setting SSL_VERIFY_PEER allows anonymous clients.
3024 flags: []string{"-verify-peer"},
3025 shouldFail: true,
3026 expectedError: ":UNEXPECTED_MESSAGE:",
3027 })
3028 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]3029 }
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3030
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3031 // Client auth is only legal in certificate-based ciphers.
3032 testCases = append(testCases, testCase{
3033 testType: clientTest,
3034 name: "ClientAuth-PSK",
3035 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3036 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3037 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3038 PreSharedKey: []byte("secret"),
3039 ClientAuth: RequireAnyClientCert,
3040 },
3041 flags: []string{
3042 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3043 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3044 "-psk", "secret",
3045 },
3046 shouldFail: true,
3047 expectedError: ":UNEXPECTED_MESSAGE:",
3048 })
3049 testCases = append(testCases, testCase{
3050 testType: clientTest,
3051 name: "ClientAuth-ECDHE_PSK",
3052 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3053 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3054 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
3055 PreSharedKey: []byte("secret"),
3056 ClientAuth: RequireAnyClientCert,
3057 },
3058 flags: []string{
3059 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3060 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3061 "-psk", "secret",
3062 },
3063 shouldFail: true,
3064 expectedError: ":UNEXPECTED_MESSAGE:",
3065 })
David Benjamin2f8935d2016-07-13 19:47:39 -0400[diff] [blame]3066
3067 // Regression test for a bug where the client CA list, if explicitly
3068 // set to NULL, was mis-encoded.
3069 testCases = append(testCases, testCase{
3070 testType: serverTest,
3071 name: "Null-Client-CA-List",
3072 config: Config{
3073 MaxVersion: VersionTLS12,
3074 Certificates: []Certificate{rsaCertificate},
3075 },
3076 flags: []string{
3077 "-require-any-client-certificate",
3078 "-use-null-client-ca-list",
3079 },
3080 })
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]3081}
3082
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3083func addExtendedMasterSecretTests() {
3084 const expectEMSFlag = "-expect-extended-master-secret"
3085
3086 for _, with := range []bool{false, true} {
3087 prefix := "No"
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3088 if with {
3089 prefix = ""
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3090 }
3091
3092 for _, isClient := range []bool{false, true} {
3093 suffix := "-Server"
3094 testType := serverTest
3095 if isClient {
3096 suffix = "-Client"
3097 testType = clientTest
3098 }
3099
3100 for _, ver := range tlsVersions {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3101 // In TLS 1.3, the extension is irrelevant and
3102 // always reports as enabled.
3103 var flags []string
3104 if with || ver.version >= VersionTLS13 {
3105 flags = []string{expectEMSFlag}
3106 }
3107
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3108 test := testCase{
3109 testType: testType,
3110 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
3111 config: Config{
3112 MinVersion: ver.version,
3113 MaxVersion: ver.version,
3114 Bugs: ProtocolBugs{
3115 NoExtendedMasterSecret: !with,
3116 RequireExtendedMasterSecret: with,
3117 },
3118 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]3119 flags: flags,
3120 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3121 }
3122 if test.shouldFail {
3123 test.expectedLocalError = "extended master secret required but not supported by peer"
3124 }
3125 testCases = append(testCases, test)
3126 }
3127 }
3128 }
3129
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3130 for _, isClient := range []bool{false, true} {
3131 for _, supportedInFirstConnection := range []bool{false, true} {
3132 for _, supportedInResumeConnection := range []bool{false, true} {
3133 boolToWord := func(b bool) string {
3134 if b {
3135 return "Yes"
3136 }
3137 return "No"
3138 }
3139 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
3140 if isClient {
3141 suffix += "Client"
3142 } else {
3143 suffix += "Server"
3144 }
3145
3146 supportedConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3147 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3148 Bugs: ProtocolBugs{
3149 RequireExtendedMasterSecret: true,
3150 },
3151 }
3152
3153 noSupportConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3154 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3155 Bugs: ProtocolBugs{
3156 NoExtendedMasterSecret: true,
3157 },
3158 }
3159
3160 test := testCase{
3161 name: "ExtendedMasterSecret-" + suffix,
3162 resumeSession: true,
3163 }
3164
3165 if !isClient {
3166 test.testType = serverTest
3167 }
3168
3169 if supportedInFirstConnection {
3170 test.config = supportedConfig
3171 } else {
3172 test.config = noSupportConfig
3173 }
3174
3175 if supportedInResumeConnection {
3176 test.resumeConfig = &supportedConfig
3177 } else {
3178 test.resumeConfig = &noSupportConfig
3179 }
3180
3181 switch suffix {
3182 case "YesToYes-Client", "YesToYes-Server":
3183 // When a session is resumed, it should
3184 // still be aware that its master
3185 // secret was generated via EMS and
3186 // thus it's safe to use tls-unique.
3187 test.flags = []string{expectEMSFlag}
3188 case "NoToYes-Server":
3189 // If an original connection did not
3190 // contain EMS, but a resumption
3191 // handshake does, then a server should
3192 // not resume the session.
3193 test.expectResumeRejected = true
3194 case "YesToNo-Server":
3195 // Resuming an EMS session without the
3196 // EMS extension should cause the
3197 // server to abort the connection.
3198 test.shouldFail = true
3199 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
3200 case "NoToYes-Client":
3201 // A client should abort a connection
3202 // where the server resumed a non-EMS
3203 // session but echoed the EMS
3204 // extension.
3205 test.shouldFail = true
3206 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
3207 case "YesToNo-Client":
3208 // A client should abort a connection
3209 // where the server didn't echo EMS
3210 // when the session used it.
3211 test.shouldFail = true
3212 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
3213 }
3214
3215 testCases = append(testCases, test)
3216 }
3217 }
3218 }
David Benjamin163c9562016-08-29 23:14:17 -0400[diff] [blame]3219
3220 // Switching EMS on renegotiation is forbidden.
3221 testCases = append(testCases, testCase{
3222 name: "ExtendedMasterSecret-Renego-NoEMS",
3223 config: Config{
3224 MaxVersion: VersionTLS12,
3225 Bugs: ProtocolBugs{
3226 NoExtendedMasterSecret: true,
3227 NoExtendedMasterSecretOnRenegotiation: true,
3228 },
3229 },
3230 renegotiate: 1,
3231 flags: []string{
3232 "-renegotiate-freely",
3233 "-expect-total-renegotiations", "1",
3234 },
3235 })
3236
3237 testCases = append(testCases, testCase{
3238 name: "ExtendedMasterSecret-Renego-Upgrade",
3239 config: Config{
3240 MaxVersion: VersionTLS12,
3241 Bugs: ProtocolBugs{
3242 NoExtendedMasterSecret: true,
3243 },
3244 },
3245 renegotiate: 1,
3246 flags: []string{
3247 "-renegotiate-freely",
3248 "-expect-total-renegotiations", "1",
3249 },
3250 shouldFail: true,
3251 expectedError: ":RENEGOTIATION_EMS_MISMATCH:",
3252 })
3253
3254 testCases = append(testCases, testCase{
3255 name: "ExtendedMasterSecret-Renego-Downgrade",
3256 config: Config{
3257 MaxVersion: VersionTLS12,
3258 Bugs: ProtocolBugs{
3259 NoExtendedMasterSecretOnRenegotiation: true,
3260 },
3261 },
3262 renegotiate: 1,
3263 flags: []string{
3264 "-renegotiate-freely",
3265 "-expect-total-renegotiations", "1",
3266 },
3267 shouldFail: true,
3268 expectedError: ":RENEGOTIATION_EMS_MISMATCH:",
3269 })
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3270}
3271
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3272type stateMachineTestConfig struct {
3273 protocol protocol
3274 async bool
3275 splitHandshake, packHandshakeFlight bool
3276}
3277
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3278// Adds tests that try to cover the range of the handshake state machine, under
3279// various conditions. Some of these are redundant with other tests, but they
3280// only cover the synchronous case.
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3281func addAllStateMachineCoverageTests() {
3282 for _, async := range []bool{false, true} {
3283 for _, protocol := range []protocol{tls, dtls} {
3284 addStateMachineCoverageTests(stateMachineTestConfig{
3285 protocol: protocol,
3286 async: async,
3287 })
3288 addStateMachineCoverageTests(stateMachineTestConfig{
3289 protocol: protocol,
3290 async: async,
3291 splitHandshake: true,
3292 })
3293 if protocol == tls {
3294 addStateMachineCoverageTests(stateMachineTestConfig{
3295 protocol: protocol,
3296 async: async,
3297 packHandshakeFlight: true,
3298 })
3299 }
3300 }
3301 }
3302}
3303
3304func addStateMachineCoverageTests(config stateMachineTestConfig) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3305 var tests []testCase
3306
3307 // Basic handshake, with resumption. Client and server,
3308 // session ID and session ticket.
3309 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3310 name: "Basic-Client",
3311 config: Config{
3312 MaxVersion: VersionTLS12,
3313 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3314 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3315 // Ensure session tickets are used, not session IDs.
3316 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3317 })
3318 tests = append(tests, testCase{
3319 name: "Basic-Client-RenewTicket",
3320 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3321 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3322 Bugs: ProtocolBugs{
3323 RenewTicketOnResume: true,
3324 },
3325 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3326 flags: []string{"-expect-ticket-renewal"},
3327 resumeSession: true,
3328 resumeRenewedSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3329 })
3330 tests = append(tests, testCase{
3331 name: "Basic-Client-NoTicket",
3332 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3333 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3334 SessionTicketsDisabled: true,
3335 },
3336 resumeSession: true,
3337 })
3338 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3339 name: "Basic-Client-Implicit",
3340 config: Config{
3341 MaxVersion: VersionTLS12,
3342 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3343 flags: []string{"-implicit-handshake"},
3344 resumeSession: true,
3345 })
3346 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3347 testType: serverTest,
3348 name: "Basic-Server",
3349 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3350 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3351 Bugs: ProtocolBugs{
3352 RequireSessionTickets: true,
3353 },
3354 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3355 resumeSession: true,
3356 })
3357 tests = append(tests, testCase{
3358 testType: serverTest,
3359 name: "Basic-Server-NoTickets",
3360 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3361 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3362 SessionTicketsDisabled: true,
3363 },
3364 resumeSession: true,
3365 })
3366 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3367 testType: serverTest,
3368 name: "Basic-Server-Implicit",
3369 config: Config{
3370 MaxVersion: VersionTLS12,
3371 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3372 flags: []string{"-implicit-handshake"},
3373 resumeSession: true,
3374 })
3375 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3376 testType: serverTest,
3377 name: "Basic-Server-EarlyCallback",
3378 config: Config{
3379 MaxVersion: VersionTLS12,
3380 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3381 flags: []string{"-use-early-callback"},
3382 resumeSession: true,
3383 })
3384
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3385 // TLS 1.3 basic handshake shapes.
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3386 if config.protocol == tls {
3387 tests = append(tests, testCase{
3388 name: "TLS13-1RTT-Client",
3389 config: Config{
3390 MaxVersion: VersionTLS13,
3391 MinVersion: VersionTLS13,
3392 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3393 resumeSession: true,
3394 resumeRenewedSession: true,
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3395 })
3396
3397 tests = append(tests, testCase{
3398 testType: serverTest,
3399 name: "TLS13-1RTT-Server",
3400 config: Config{
3401 MaxVersion: VersionTLS13,
3402 MinVersion: VersionTLS13,
3403 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3404 resumeSession: true,
3405 resumeRenewedSession: true,
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3406 })
3407
3408 tests = append(tests, testCase{
3409 name: "TLS13-HelloRetryRequest-Client",
3410 config: Config{
3411 MaxVersion: VersionTLS13,
3412 MinVersion: VersionTLS13,
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]3413 // P-384 requires a HelloRetryRequest against BoringSSL's default
3414 // configuration. Assert this with ExpectMissingKeyShare.
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3415 CurvePreferences: []CurveID{CurveP384},
3416 Bugs: ProtocolBugs{
3417 ExpectMissingKeyShare: true,
3418 },
3419 },
3420 // Cover HelloRetryRequest during an ECDHE-PSK resumption.
3421 resumeSession: true,
3422 })
3423
3424 tests = append(tests, testCase{
3425 testType: serverTest,
3426 name: "TLS13-HelloRetryRequest-Server",
3427 config: Config{
3428 MaxVersion: VersionTLS13,
3429 MinVersion: VersionTLS13,
3430 // Require a HelloRetryRequest for every curve.
3431 DefaultCurves: []CurveID{},
3432 },
3433 // Cover HelloRetryRequest during an ECDHE-PSK resumption.
3434 resumeSession: true,
3435 })
3436 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3437
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3438 // TLS client auth.
3439 tests = append(tests, testCase{
3440 testType: clientTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3441 name: "ClientAuth-NoCertificate-Client",
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3442 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3443 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3444 ClientAuth: RequestClientCert,
3445 },
3446 })
3447 tests = append(tests, testCase{
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3448 testType: serverTest,
3449 name: "ClientAuth-NoCertificate-Server",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3450 config: Config{
3451 MaxVersion: VersionTLS12,
3452 },
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3453 // Setting SSL_VERIFY_PEER allows anonymous clients.
3454 flags: []string{"-verify-peer"},
3455 })
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3456 if config.protocol == tls {
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3457 tests = append(tests, testCase{
3458 testType: clientTest,
3459 name: "ClientAuth-NoCertificate-Client-SSL3",
3460 config: Config{
3461 MaxVersion: VersionSSL30,
3462 ClientAuth: RequestClientCert,
3463 },
3464 })
3465 tests = append(tests, testCase{
3466 testType: serverTest,
3467 name: "ClientAuth-NoCertificate-Server-SSL3",
3468 config: Config{
3469 MaxVersion: VersionSSL30,
3470 },
3471 // Setting SSL_VERIFY_PEER allows anonymous clients.
3472 flags: []string{"-verify-peer"},
3473 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3474 tests = append(tests, testCase{
3475 testType: clientTest,
3476 name: "ClientAuth-NoCertificate-Client-TLS13",
3477 config: Config{
3478 MaxVersion: VersionTLS13,
3479 ClientAuth: RequestClientCert,
3480 },
3481 })
3482 tests = append(tests, testCase{
3483 testType: serverTest,
3484 name: "ClientAuth-NoCertificate-Server-TLS13",
3485 config: Config{
3486 MaxVersion: VersionTLS13,
3487 },
3488 // Setting SSL_VERIFY_PEER allows anonymous clients.
3489 flags: []string{"-verify-peer"},
3490 })
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3491 }
3492 tests = append(tests, testCase{
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3493 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3494 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3495 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3496 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3497 ClientAuth: RequireAnyClientCert,
3498 },
3499 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3500 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3501 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3502 },
3503 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3504 tests = append(tests, testCase{
3505 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3506 name: "ClientAuth-RSA-Client-TLS13",
3507 config: Config{
3508 MaxVersion: VersionTLS13,
3509 ClientAuth: RequireAnyClientCert,
3510 },
3511 flags: []string{
3512 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3513 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3514 },
3515 })
3516 tests = append(tests, testCase{
3517 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3518 name: "ClientAuth-ECDSA-Client",
3519 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3520 MaxVersion: VersionTLS12,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3521 ClientAuth: RequireAnyClientCert,
3522 },
3523 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3524 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3525 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3526 },
3527 })
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3528 tests = append(tests, testCase{
3529 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3530 name: "ClientAuth-ECDSA-Client-TLS13",
3531 config: Config{
3532 MaxVersion: VersionTLS13,
3533 ClientAuth: RequireAnyClientCert,
3534 },
3535 flags: []string{
3536 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3537 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
3538 },
3539 })
3540 tests = append(tests, testCase{
3541 testType: clientTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3542 name: "ClientAuth-NoCertificate-OldCallback",
3543 config: Config{
3544 MaxVersion: VersionTLS12,
3545 ClientAuth: RequestClientCert,
3546 },
3547 flags: []string{"-use-old-client-cert-callback"},
3548 })
3549 tests = append(tests, testCase{
3550 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3551 name: "ClientAuth-NoCertificate-OldCallback-TLS13",
3552 config: Config{
3553 MaxVersion: VersionTLS13,
3554 ClientAuth: RequestClientCert,
3555 },
3556 flags: []string{"-use-old-client-cert-callback"},
3557 })
3558 tests = append(tests, testCase{
3559 testType: clientTest,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3560 name: "ClientAuth-OldCallback",
3561 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3562 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3563 ClientAuth: RequireAnyClientCert,
3564 },
3565 flags: []string{
3566 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3567 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3568 "-use-old-client-cert-callback",
3569 },
3570 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3571 tests = append(tests, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3572 testType: clientTest,
3573 name: "ClientAuth-OldCallback-TLS13",
3574 config: Config{
3575 MaxVersion: VersionTLS13,
3576 ClientAuth: RequireAnyClientCert,
3577 },
3578 flags: []string{
3579 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3580 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3581 "-use-old-client-cert-callback",
3582 },
3583 })
3584 tests = append(tests, testCase{
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3585 testType: serverTest,
3586 name: "ClientAuth-Server",
3587 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3588 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3589 Certificates: []Certificate{rsaCertificate},
3590 },
3591 flags: []string{"-require-any-client-certificate"},
3592 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3593 tests = append(tests, testCase{
3594 testType: serverTest,
3595 name: "ClientAuth-Server-TLS13",
3596 config: Config{
3597 MaxVersion: VersionTLS13,
3598 Certificates: []Certificate{rsaCertificate},
3599 },
3600 flags: []string{"-require-any-client-certificate"},
3601 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3602
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3603 // Test each key exchange on the server side for async keys.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3604 tests = append(tests, testCase{
3605 testType: serverTest,
3606 name: "Basic-Server-RSA",
3607 config: Config{
3608 MaxVersion: VersionTLS12,
3609 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3610 },
3611 flags: []string{
3612 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3613 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3614 },
3615 })
3616 tests = append(tests, testCase{
3617 testType: serverTest,
3618 name: "Basic-Server-ECDHE-RSA",
3619 config: Config{
3620 MaxVersion: VersionTLS12,
3621 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3622 },
3623 flags: []string{
3624 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3625 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3626 },
3627 })
3628 tests = append(tests, testCase{
3629 testType: serverTest,
3630 name: "Basic-Server-ECDHE-ECDSA",
3631 config: Config{
3632 MaxVersion: VersionTLS12,
3633 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
3634 },
3635 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3636 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3637 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3638 },
3639 })
3640
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3641 // No session ticket support; server doesn't send NewSessionTicket.
3642 tests = append(tests, testCase{
3643 name: "SessionTicketsDisabled-Client",
3644 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3645 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3646 SessionTicketsDisabled: true,
3647 },
3648 })
3649 tests = append(tests, testCase{
3650 testType: serverTest,
3651 name: "SessionTicketsDisabled-Server",
3652 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3653 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3654 SessionTicketsDisabled: true,
3655 },
3656 })
3657
3658 // Skip ServerKeyExchange in PSK key exchange if there's no
3659 // identity hint.
3660 tests = append(tests, testCase{
3661 name: "EmptyPSKHint-Client",
3662 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3663 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3664 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3665 PreSharedKey: []byte("secret"),
3666 },
3667 flags: []string{"-psk", "secret"},
3668 })
3669 tests = append(tests, testCase{
3670 testType: serverTest,
3671 name: "EmptyPSKHint-Server",
3672 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3673 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3674 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3675 PreSharedKey: []byte("secret"),
3676 },
3677 flags: []string{"-psk", "secret"},
3678 })
3679
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3680 // OCSP stapling tests.
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3681 tests = append(tests, testCase{
3682 testType: clientTest,
3683 name: "OCSPStapling-Client",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3684 config: Config{
3685 MaxVersion: VersionTLS12,
3686 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3687 flags: []string{
3688 "-enable-ocsp-stapling",
3689 "-expect-ocsp-response",
3690 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3691 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3692 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3693 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3694 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3695 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3696 testType: serverTest,
3697 name: "OCSPStapling-Server",
3698 config: Config{
3699 MaxVersion: VersionTLS12,
3700 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3701 expectedOCSPResponse: testOCSPResponse,
3702 flags: []string{
3703 "-ocsp-response",
3704 base64.StdEncoding.EncodeToString(testOCSPResponse),
3705 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3706 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3707 })
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3708 tests = append(tests, testCase{
3709 testType: clientTest,
3710 name: "OCSPStapling-Client-TLS13",
3711 config: Config{
3712 MaxVersion: VersionTLS13,
3713 },
3714 flags: []string{
3715 "-enable-ocsp-stapling",
3716 "-expect-ocsp-response",
3717 base64.StdEncoding.EncodeToString(testOCSPResponse),
3718 "-verify-peer",
3719 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3720 resumeSession: true,
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3721 })
3722 tests = append(tests, testCase{
3723 testType: serverTest,
3724 name: "OCSPStapling-Server-TLS13",
3725 config: Config{
3726 MaxVersion: VersionTLS13,
3727 },
3728 expectedOCSPResponse: testOCSPResponse,
3729 flags: []string{
3730 "-ocsp-response",
3731 base64.StdEncoding.EncodeToString(testOCSPResponse),
3732 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3733 resumeSession: true,
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3734 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3735
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3736 // Certificate verification tests.
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3737 for _, vers := range tlsVersions {
3738 if config.protocol == dtls && !vers.hasDTLS {
3739 continue
3740 }
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3741 for _, testType := range []testType{clientTest, serverTest} {
3742 suffix := "-Client"
3743 if testType == serverTest {
3744 suffix = "-Server"
3745 }
3746 suffix += "-" + vers.name
3747
3748 flag := "-verify-peer"
3749 if testType == serverTest {
3750 flag = "-require-any-client-certificate"
3751 }
3752
3753 tests = append(tests, testCase{
3754 testType: testType,
3755 name: "CertificateVerificationSucceed" + suffix,
3756 config: Config{
3757 MaxVersion: vers.version,
3758 Certificates: []Certificate{rsaCertificate},
3759 },
3760 flags: []string{
3761 flag,
3762 "-expect-verify-result",
3763 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3764 resumeSession: true,
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3765 })
3766 tests = append(tests, testCase{
3767 testType: testType,
3768 name: "CertificateVerificationFail" + suffix,
3769 config: Config{
3770 MaxVersion: vers.version,
3771 Certificates: []Certificate{rsaCertificate},
3772 },
3773 flags: []string{
3774 flag,
3775 "-verify-fail",
3776 },
3777 shouldFail: true,
3778 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
3779 })
3780 }
3781
3782 // By default, the client is in a soft fail mode where the peer
3783 // certificate is verified but failures are non-fatal.
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3784 tests = append(tests, testCase{
3785 testType: clientTest,
3786 name: "CertificateVerificationSoftFail-" + vers.name,
3787 config: Config{
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3788 MaxVersion: vers.version,
3789 Certificates: []Certificate{rsaCertificate},
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3790 },
3791 flags: []string{
3792 "-verify-fail",
3793 "-expect-verify-result",
3794 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3795 resumeSession: true,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3796 })
3797 }
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3798
David Benjamin1d4f4c02016-07-26 18:03:08 -0400[diff] [blame]3799 tests = append(tests, testCase{
3800 name: "ShimSendAlert",
3801 flags: []string{"-send-alert"},
3802 shimWritesFirst: true,
3803 shouldFail: true,
3804 expectedLocalError: "remote error: decompression failure",
3805 })
3806
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3807 if config.protocol == tls {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3808 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3809 name: "Renegotiate-Client",
3810 config: Config{
3811 MaxVersion: VersionTLS12,
3812 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3813 renegotiate: 1,
3814 flags: []string{
3815 "-renegotiate-freely",
3816 "-expect-total-renegotiations", "1",
3817 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3818 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3819
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]3820 tests = append(tests, testCase{
3821 name: "SendHalfHelloRequest",
3822 config: Config{
3823 MaxVersion: VersionTLS12,
3824 Bugs: ProtocolBugs{
3825 PackHelloRequestWithFinished: config.packHandshakeFlight,
3826 },
3827 },
3828 sendHalfHelloRequest: true,
3829 flags: []string{"-renegotiate-ignore"},
3830 shouldFail: true,
3831 expectedError: ":UNEXPECTED_RECORD:",
3832 })
3833
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3834 // NPN on client and server; results in post-handshake message.
3835 tests = append(tests, testCase{
3836 name: "NPN-Client",
3837 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3838 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3839 NextProtos: []string{"foo"},
3840 },
3841 flags: []string{"-select-next-proto", "foo"},
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3842 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3843 expectedNextProto: "foo",
3844 expectedNextProtoType: npn,
3845 })
3846 tests = append(tests, testCase{
3847 testType: serverTest,
3848 name: "NPN-Server",
3849 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3850 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3851 NextProtos: []string{"bar"},
3852 },
3853 flags: []string{
3854 "-advertise-npn", "\x03foo\x03bar\x03baz",
3855 "-expect-next-proto", "bar",
3856 },
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3857 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3858 expectedNextProto: "bar",
3859 expectedNextProtoType: npn,
3860 })
3861
3862 // TODO(davidben): Add tests for when False Start doesn't trigger.
3863
3864 // Client does False Start and negotiates NPN.
3865 tests = append(tests, testCase{
3866 name: "FalseStart",
3867 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3868 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3869 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3870 NextProtos: []string{"foo"},
3871 Bugs: ProtocolBugs{
3872 ExpectFalseStart: true,
3873 },
3874 },
3875 flags: []string{
3876 "-false-start",
3877 "-select-next-proto", "foo",
3878 },
3879 shimWritesFirst: true,
3880 resumeSession: true,
3881 })
3882
3883 // Client does False Start and negotiates ALPN.
3884 tests = append(tests, testCase{
3885 name: "FalseStart-ALPN",
3886 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3887 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3888 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3889 NextProtos: []string{"foo"},
3890 Bugs: ProtocolBugs{
3891 ExpectFalseStart: true,
3892 },
3893 },
3894 flags: []string{
3895 "-false-start",
3896 "-advertise-alpn", "\x03foo",
3897 },
3898 shimWritesFirst: true,
3899 resumeSession: true,
3900 })
3901
3902 // Client does False Start but doesn't explicitly call
3903 // SSL_connect.
3904 tests = append(tests, testCase{
3905 name: "FalseStart-Implicit",
3906 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3907 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3908 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3909 NextProtos: []string{"foo"},
3910 },
3911 flags: []string{
3912 "-implicit-handshake",
3913 "-false-start",
3914 "-advertise-alpn", "\x03foo",
3915 },
3916 })
3917
3918 // False Start without session tickets.
3919 tests = append(tests, testCase{
3920 name: "FalseStart-SessionTicketsDisabled",
3921 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3922 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3923 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3924 NextProtos: []string{"foo"},
3925 SessionTicketsDisabled: true,
3926 Bugs: ProtocolBugs{
3927 ExpectFalseStart: true,
3928 },
3929 },
3930 flags: []string{
3931 "-false-start",
3932 "-select-next-proto", "foo",
3933 },
3934 shimWritesFirst: true,
3935 })
3936
3937 // Server parses a V2ClientHello.
3938 tests = append(tests, testCase{
3939 testType: serverTest,
3940 name: "SendV2ClientHello",
3941 config: Config{
3942 // Choose a cipher suite that does not involve
3943 // elliptic curves, so no extensions are
3944 // involved.
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3945 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]3946 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3947 Bugs: ProtocolBugs{
3948 SendV2ClientHello: true,
3949 },
3950 },
3951 })
3952
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]3953 // Test Channel ID
3954 for _, ver := range tlsVersions {
Nick Harperc9846112016-10-17 15:05:35 -0700[diff] [blame]3955 if ver.version < VersionTLS10 {
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]3956 continue
3957 }
3958 // Client sends a Channel ID.
3959 tests = append(tests, testCase{
3960 name: "ChannelID-Client-" + ver.name,
3961 config: Config{
3962 MaxVersion: ver.version,
3963 RequestChannelID: true,
3964 },
3965 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
3966 resumeSession: true,
3967 expectChannelID: true,
3968 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3969
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]3970 // Server accepts a Channel ID.
3971 tests = append(tests, testCase{
3972 testType: serverTest,
3973 name: "ChannelID-Server-" + ver.name,
3974 config: Config{
3975 MaxVersion: ver.version,
3976 ChannelID: channelIDKey,
3977 },
3978 flags: []string{
3979 "-expect-channel-id",
3980 base64.StdEncoding.EncodeToString(channelIDBytes),
3981 },
3982 resumeSession: true,
3983 expectChannelID: true,
3984 })
3985
3986 tests = append(tests, testCase{
3987 testType: serverTest,
3988 name: "InvalidChannelIDSignature-" + ver.name,
3989 config: Config{
3990 MaxVersion: ver.version,
3991 ChannelID: channelIDKey,
3992 Bugs: ProtocolBugs{
3993 InvalidChannelIDSignature: true,
3994 },
3995 },
3996 flags: []string{"-enable-channel-id"},
3997 shouldFail: true,
3998 expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:",
3999 })
4000 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4001
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4002 // Channel ID and NPN at the same time, to ensure their relative
4003 // ordering is correct.
4004 tests = append(tests, testCase{
4005 name: "ChannelID-NPN-Client",
4006 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4007 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4008 RequestChannelID: true,
4009 NextProtos: []string{"foo"},
4010 },
4011 flags: []string{
4012 "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
4013 "-select-next-proto", "foo",
4014 },
4015 resumeSession: true,
4016 expectChannelID: true,
4017 expectedNextProto: "foo",
4018 expectedNextProtoType: npn,
4019 })
4020 tests = append(tests, testCase{
4021 testType: serverTest,
4022 name: "ChannelID-NPN-Server",
4023 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4024 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4025 ChannelID: channelIDKey,
4026 NextProtos: []string{"bar"},
4027 },
4028 flags: []string{
4029 "-expect-channel-id",
4030 base64.StdEncoding.EncodeToString(channelIDBytes),
4031 "-advertise-npn", "\x03foo\x03bar\x03baz",
4032 "-expect-next-proto", "bar",
4033 },
4034 resumeSession: true,
4035 expectChannelID: true,
4036 expectedNextProto: "bar",
4037 expectedNextProtoType: npn,
4038 })
4039
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4040 // Bidirectional shutdown with the runner initiating.
4041 tests = append(tests, testCase{
4042 name: "Shutdown-Runner",
4043 config: Config{
4044 Bugs: ProtocolBugs{
4045 ExpectCloseNotify: true,
4046 },
4047 },
4048 flags: []string{"-check-close-notify"},
4049 })
4050
4051 // Bidirectional shutdown with the shim initiating. The runner,
4052 // in the meantime, sends garbage before the close_notify which
4053 // the shim must ignore.
4054 tests = append(tests, testCase{
4055 name: "Shutdown-Shim",
4056 config: Config{
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]4057 MaxVersion: VersionTLS12,
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4058 Bugs: ProtocolBugs{
4059 ExpectCloseNotify: true,
4060 },
4061 },
4062 shimShutsDown: true,
4063 sendEmptyRecords: 1,
4064 sendWarningAlerts: 1,
4065 flags: []string{"-check-close-notify"},
4066 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4067 } else {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4068 // TODO(davidben): DTLS 1.3 will want a similar thing for
4069 // HelloRetryRequest.
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4070 tests = append(tests, testCase{
4071 name: "SkipHelloVerifyRequest",
4072 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4073 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4074 Bugs: ProtocolBugs{
4075 SkipHelloVerifyRequest: true,
4076 },
4077 },
4078 })
4079 }
4080
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4081 for _, test := range tests {
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4082 test.protocol = config.protocol
4083 if config.protocol == dtls {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4084 test.name += "-DTLS"
4085 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4086 if config.async {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4087 test.name += "-Async"
4088 test.flags = append(test.flags, "-async")
4089 } else {
4090 test.name += "-Sync"
4091 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4092 if config.splitHandshake {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4093 test.name += "-SplitHandshakeRecords"
4094 test.config.Bugs.MaxHandshakeRecordLength = 1
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4095 if config.protocol == dtls {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4096 test.config.Bugs.MaxPacketLength = 256
4097 test.flags = append(test.flags, "-mtu", "256")
4098 }
4099 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4100 if config.packHandshakeFlight {
4101 test.name += "-PackHandshakeFlight"
4102 test.config.Bugs.PackHandshakeFlight = true
4103 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4104 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4105 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4106}
4107
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4108func addDDoSCallbackTests() {
4109 // DDoS callback.
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4110 for _, resume := range []bool{false, true} {
4111 suffix := "Resume"
4112 if resume {
4113 suffix = "No" + suffix
4114 }
4115
4116 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4117 testType: serverTest,
4118 name: "Server-DDoS-OK-" + suffix,
4119 config: Config{
4120 MaxVersion: VersionTLS12,
4121 },
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4122 flags: []string{"-install-ddos-callback"},
4123 resumeSession: resume,
4124 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4125 testCases = append(testCases, testCase{
4126 testType: serverTest,
4127 name: "Server-DDoS-OK-" + suffix + "-TLS13",
4128 config: Config{
4129 MaxVersion: VersionTLS13,
4130 },
4131 flags: []string{"-install-ddos-callback"},
4132 resumeSession: resume,
4133 })
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4134
4135 failFlag := "-fail-ddos-callback"
4136 if resume {
4137 failFlag = "-fail-second-ddos-callback"
4138 }
4139 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4140 testType: serverTest,
4141 name: "Server-DDoS-Reject-" + suffix,
4142 config: Config{
4143 MaxVersion: VersionTLS12,
4144 },
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]4145 flags: []string{"-install-ddos-callback", failFlag},
4146 resumeSession: resume,
4147 shouldFail: true,
4148 expectedError: ":CONNECTION_REJECTED:",
4149 expectedLocalError: "remote error: internal error",
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4150 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4151 testCases = append(testCases, testCase{
4152 testType: serverTest,
4153 name: "Server-DDoS-Reject-" + suffix + "-TLS13",
4154 config: Config{
4155 MaxVersion: VersionTLS13,
4156 },
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]4157 flags: []string{"-install-ddos-callback", failFlag},
4158 resumeSession: resume,
4159 shouldFail: true,
4160 expectedError: ":CONNECTION_REJECTED:",
4161 expectedLocalError: "remote error: internal error",
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4162 })
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4163 }
4164}
4165
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4166func addVersionNegotiationTests() {
4167 for i, shimVers := range tlsVersions {
4168 // Assemble flags to disable all newer versions on the shim.
4169 var flags []string
4170 for _, vers := range tlsVersions[i+1:] {
4171 flags = append(flags, vers.flag)
4172 }
4173
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4174 // Test configuring the runner's maximum version.
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4175 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4176 protocols := []protocol{tls}
4177 if runnerVers.hasDTLS && shimVers.hasDTLS {
4178 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4179 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4180 for _, protocol := range protocols {
4181 expectedVersion := shimVers.version
4182 if runnerVers.version < shimVers.version {
4183 expectedVersion = runnerVers.version
4184 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4185
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4186 suffix := shimVers.name + "-" + runnerVers.name
4187 if protocol == dtls {
4188 suffix += "-DTLS"
4189 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4190
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4191 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
4192
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4193 // Determine the expected initial record-layer versions.
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4194 clientVers := shimVers.version
4195 if clientVers > VersionTLS10 {
4196 clientVers = VersionTLS10
4197 }
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4198 clientVers = versionToWire(clientVers, protocol == dtls)
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4199 serverVers := expectedVersion
4200 if expectedVersion >= VersionTLS13 {
4201 serverVers = VersionTLS10
4202 }
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4203 serverVers = versionToWire(serverVers, protocol == dtls)
4204
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4205 testCases = append(testCases, testCase{
4206 protocol: protocol,
4207 testType: clientTest,
4208 name: "VersionNegotiation-Client-" + suffix,
4209 config: Config{
4210 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4211 Bugs: ProtocolBugs{
4212 ExpectInitialRecordVersion: clientVers,
4213 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4214 },
4215 flags: flags,
4216 expectedVersion: expectedVersion,
4217 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4218 testCases = append(testCases, testCase{
4219 protocol: protocol,
4220 testType: clientTest,
4221 name: "VersionNegotiation-Client2-" + suffix,
4222 config: Config{
4223 MaxVersion: runnerVers.version,
4224 Bugs: ProtocolBugs{
4225 ExpectInitialRecordVersion: clientVers,
4226 },
4227 },
4228 flags: []string{"-max-version", shimVersFlag},
4229 expectedVersion: expectedVersion,
4230 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4231
4232 testCases = append(testCases, testCase{
4233 protocol: protocol,
4234 testType: serverTest,
4235 name: "VersionNegotiation-Server-" + suffix,
4236 config: Config{
4237 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4238 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4239 ExpectInitialRecordVersion: serverVers,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4240 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4241 },
4242 flags: flags,
4243 expectedVersion: expectedVersion,
4244 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4245 testCases = append(testCases, testCase{
4246 protocol: protocol,
4247 testType: serverTest,
4248 name: "VersionNegotiation-Server2-" + suffix,
4249 config: Config{
4250 MaxVersion: runnerVers.version,
4251 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4252 ExpectInitialRecordVersion: serverVers,
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4253 },
4254 },
4255 flags: []string{"-max-version", shimVersFlag},
4256 expectedVersion: expectedVersion,
4257 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4258 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4259 }
4260 }
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4261
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4262 // Test the version extension at all versions.
4263 for _, vers := range tlsVersions {
4264 protocols := []protocol{tls}
4265 if vers.hasDTLS {
4266 protocols = append(protocols, dtls)
4267 }
4268 for _, protocol := range protocols {
4269 suffix := vers.name
4270 if protocol == dtls {
4271 suffix += "-DTLS"
4272 }
4273
4274 wireVersion := versionToWire(vers.version, protocol == dtls)
4275 testCases = append(testCases, testCase{
4276 protocol: protocol,
4277 testType: serverTest,
4278 name: "VersionNegotiationExtension-" + suffix,
4279 config: Config{
4280 Bugs: ProtocolBugs{
4281 SendSupportedVersions: []uint16{0x1111, wireVersion, 0x2222},
4282 },
4283 },
4284 expectedVersion: vers.version,
4285 })
4286 }
4287
4288 }
4289
4290 // If all versions are unknown, negotiation fails.
4291 testCases = append(testCases, testCase{
4292 testType: serverTest,
4293 name: "NoSupportedVersions",
4294 config: Config{
4295 Bugs: ProtocolBugs{
4296 SendSupportedVersions: []uint16{0x1111},
4297 },
4298 },
4299 shouldFail: true,
4300 expectedError: ":UNSUPPORTED_PROTOCOL:",
4301 })
4302 testCases = append(testCases, testCase{
4303 protocol: dtls,
4304 testType: serverTest,
4305 name: "NoSupportedVersions-DTLS",
4306 config: Config{
4307 Bugs: ProtocolBugs{
4308 SendSupportedVersions: []uint16{0x1111},
4309 },
4310 },
4311 shouldFail: true,
4312 expectedError: ":UNSUPPORTED_PROTOCOL:",
4313 })
4314
4315 testCases = append(testCases, testCase{
4316 testType: serverTest,
4317 name: "ClientHelloVersionTooHigh",
4318 config: Config{
4319 MaxVersion: VersionTLS13,
4320 Bugs: ProtocolBugs{
4321 SendClientVersion: 0x0304,
4322 OmitSupportedVersions: true,
4323 },
4324 },
4325 expectedVersion: VersionTLS12,
4326 })
4327
4328 testCases = append(testCases, testCase{
4329 testType: serverTest,
4330 name: "ConflictingVersionNegotiation",
4331 config: Config{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4332 Bugs: ProtocolBugs{
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4333 SendClientVersion: VersionTLS12,
4334 SendSupportedVersions: []uint16{VersionTLS11},
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4335 },
4336 },
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4337 // The extension takes precedence over the ClientHello version.
4338 expectedVersion: VersionTLS11,
4339 })
4340
4341 testCases = append(testCases, testCase{
4342 testType: serverTest,
4343 name: "ConflictingVersionNegotiation-2",
4344 config: Config{
4345 Bugs: ProtocolBugs{
4346 SendClientVersion: VersionTLS11,
4347 SendSupportedVersions: []uint16{VersionTLS12},
4348 },
4349 },
4350 // The extension takes precedence over the ClientHello version.
4351 expectedVersion: VersionTLS12,
4352 })
4353
4354 testCases = append(testCases, testCase{
4355 testType: serverTest,
4356 name: "RejectFinalTLS13",
4357 config: Config{
4358 Bugs: ProtocolBugs{
4359 SendSupportedVersions: []uint16{VersionTLS13, VersionTLS12},
4360 },
4361 },
4362 // We currently implement a draft TLS 1.3 version. Ensure that
4363 // the true TLS 1.3 value is ignored for now.
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4364 expectedVersion: VersionTLS12,
4365 })
4366
Brian Smithf85d3232016-10-28 10:34:06 -1000[diff] [blame]4367 // Test that the maximum version is selected regardless of the
4368 // client-sent order.
4369 testCases = append(testCases, testCase{
4370 testType: serverTest,
4371 name: "IgnoreClientVersionOrder",
4372 config: Config{
4373 Bugs: ProtocolBugs{
4374 SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
4375 },
4376 },
4377 expectedVersion: VersionTLS13,
4378 })
4379
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4380 // Test for version tolerance.
4381 testCases = append(testCases, testCase{
4382 testType: serverTest,
4383 name: "MinorVersionTolerance",
4384 config: Config{
4385 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4386 SendClientVersion: 0x03ff,
4387 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4388 },
4389 },
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4390 expectedVersion: VersionTLS12,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4391 })
4392 testCases = append(testCases, testCase{
4393 testType: serverTest,
4394 name: "MajorVersionTolerance",
4395 config: Config{
4396 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4397 SendClientVersion: 0x0400,
4398 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4399 },
4400 },
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4401 // TLS 1.3 must be negotiated with the supported_versions
4402 // extension, not ClientHello.version.
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4403 expectedVersion: VersionTLS12,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4404 })
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4405 testCases = append(testCases, testCase{
4406 testType: serverTest,
4407 name: "VersionTolerance-TLS13",
4408 config: Config{
4409 Bugs: ProtocolBugs{
4410 // Although TLS 1.3 does not use
4411 // ClientHello.version, it still tolerates high
4412 // values there.
4413 SendClientVersion: 0x0400,
4414 },
4415 },
4416 expectedVersion: VersionTLS13,
4417 })
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4418
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4419 testCases = append(testCases, testCase{
4420 protocol: dtls,
4421 testType: serverTest,
4422 name: "MinorVersionTolerance-DTLS",
4423 config: Config{
4424 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4425 SendClientVersion: 0xfe00,
4426 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4427 },
4428 },
4429 expectedVersion: VersionTLS12,
4430 })
4431 testCases = append(testCases, testCase{
4432 protocol: dtls,
4433 testType: serverTest,
4434 name: "MajorVersionTolerance-DTLS",
4435 config: Config{
4436 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4437 SendClientVersion: 0xfdff,
4438 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4439 },
4440 },
4441 expectedVersion: VersionTLS12,
4442 })
4443
4444 // Test that versions below 3.0 are rejected.
4445 testCases = append(testCases, testCase{
4446 testType: serverTest,
4447 name: "VersionTooLow",
4448 config: Config{
4449 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4450 SendClientVersion: 0x0200,
4451 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4452 },
4453 },
4454 shouldFail: true,
4455 expectedError: ":UNSUPPORTED_PROTOCOL:",
4456 })
4457 testCases = append(testCases, testCase{
4458 protocol: dtls,
4459 testType: serverTest,
4460 name: "VersionTooLow-DTLS",
4461 config: Config{
4462 Bugs: ProtocolBugs{
David Benjamin3c6a1ea2016-09-26 18:30:05 -0400[diff] [blame]4463 SendClientVersion: 0xffff,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4464 },
4465 },
4466 shouldFail: true,
4467 expectedError: ":UNSUPPORTED_PROTOCOL:",
4468 })
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4469
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]4470 testCases = append(testCases, testCase{
4471 name: "ServerBogusVersion",
4472 config: Config{
4473 Bugs: ProtocolBugs{
4474 SendServerHelloVersion: 0x1234,
4475 },
4476 },
4477 shouldFail: true,
4478 expectedError: ":UNSUPPORTED_PROTOCOL:",
4479 })
4480
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4481 // Test TLS 1.3's downgrade signal.
4482 testCases = append(testCases, testCase{
4483 name: "Downgrade-TLS12-Client",
4484 config: Config{
4485 Bugs: ProtocolBugs{
4486 NegotiateVersion: VersionTLS12,
4487 },
4488 },
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4489 expectedVersion: VersionTLS12,
David Benjamin55108632016-08-11 22:01:18 -0400[diff] [blame]4490 // TODO(davidben): This test should fail once TLS 1.3 is final
4491 // and the fallback signal restored.
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4492 })
4493 testCases = append(testCases, testCase{
4494 testType: serverTest,
4495 name: "Downgrade-TLS12-Server",
4496 config: Config{
4497 Bugs: ProtocolBugs{
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4498 SendSupportedVersions: []uint16{VersionTLS12},
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4499 },
4500 },
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4501 expectedVersion: VersionTLS12,
David Benjamin55108632016-08-11 22:01:18 -0400[diff] [blame]4502 // TODO(davidben): This test should fail once TLS 1.3 is final
4503 // and the fallback signal restored.
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4504 })
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4505}
4506
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4507func addMinimumVersionTests() {
4508 for i, shimVers := range tlsVersions {
4509 // Assemble flags to disable all older versions on the shim.
4510 var flags []string
4511 for _, vers := range tlsVersions[:i] {
4512 flags = append(flags, vers.flag)
4513 }
4514
4515 for _, runnerVers := range tlsVersions {
4516 protocols := []protocol{tls}
4517 if runnerVers.hasDTLS && shimVers.hasDTLS {
4518 protocols = append(protocols, dtls)
4519 }
4520 for _, protocol := range protocols {
4521 suffix := shimVers.name + "-" + runnerVers.name
4522 if protocol == dtls {
4523 suffix += "-DTLS"
4524 }
4525 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
4526
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4527 var expectedVersion uint16
4528 var shouldFail bool
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4529 var expectedError, expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4530 if runnerVers.version >= shimVers.version {
4531 expectedVersion = runnerVers.version
4532 } else {
4533 shouldFail = true
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4534 expectedError = ":UNSUPPORTED_PROTOCOL:"
4535 expectedLocalError = "remote error: protocol version not supported"
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4536 }
4537
4538 testCases = append(testCases, testCase{
4539 protocol: protocol,
4540 testType: clientTest,
4541 name: "MinimumVersion-Client-" + suffix,
4542 config: Config{
4543 MaxVersion: runnerVers.version,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4544 Bugs: ProtocolBugs{
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4545 // Ensure the server does not decline to
4546 // select a version (versions extension) or
4547 // cipher (some ciphers depend on versions).
4548 NegotiateVersion: runnerVers.version,
4549 IgnorePeerCipherPreferences: shouldFail,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4550 },
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4551 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4552 flags: flags,
4553 expectedVersion: expectedVersion,
4554 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4555 expectedError: expectedError,
4556 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4557 })
4558 testCases = append(testCases, testCase{
4559 protocol: protocol,
4560 testType: clientTest,
4561 name: "MinimumVersion-Client2-" + suffix,
4562 config: Config{
4563 MaxVersion: runnerVers.version,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4564 Bugs: ProtocolBugs{
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4565 // Ensure the server does not decline to
4566 // select a version (versions extension) or
4567 // cipher (some ciphers depend on versions).
4568 NegotiateVersion: runnerVers.version,
4569 IgnorePeerCipherPreferences: shouldFail,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4570 },
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4571 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4572 flags: []string{"-min-version", shimVersFlag},
4573 expectedVersion: expectedVersion,
4574 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4575 expectedError: expectedError,
4576 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4577 })
4578
4579 testCases = append(testCases, testCase{
4580 protocol: protocol,
4581 testType: serverTest,
4582 name: "MinimumVersion-Server-" + suffix,
4583 config: Config{
4584 MaxVersion: runnerVers.version,
4585 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4586 flags: flags,
4587 expectedVersion: expectedVersion,
4588 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4589 expectedError: expectedError,
4590 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4591 })
4592 testCases = append(testCases, testCase{
4593 protocol: protocol,
4594 testType: serverTest,
4595 name: "MinimumVersion-Server2-" + suffix,
4596 config: Config{
4597 MaxVersion: runnerVers.version,
4598 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4599 flags: []string{"-min-version", shimVersFlag},
4600 expectedVersion: expectedVersion,
4601 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4602 expectedError: expectedError,
4603 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4604 })
4605 }
4606 }
4607 }
4608}
4609
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4610func addExtensionTests() {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4611 // TODO(davidben): Extensions, where applicable, all move their server
4612 // halves to EncryptedExtensions in TLS 1.3. Duplicate each of these
4613 // tests for both. Also test interaction with 0-RTT when implemented.
4614
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4615 // Repeat extensions tests all versions except SSL 3.0.
4616 for _, ver := range tlsVersions {
4617 if ver.version == VersionSSL30 {
4618 continue
4619 }
4620
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4621 // Test that duplicate extensions are rejected.
4622 testCases = append(testCases, testCase{
4623 testType: clientTest,
4624 name: "DuplicateExtensionClient-" + ver.name,
4625 config: Config{
4626 MaxVersion: ver.version,
4627 Bugs: ProtocolBugs{
4628 DuplicateExtension: true,
4629 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4630 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4631 shouldFail: true,
4632 expectedLocalError: "remote error: error decoding message",
4633 })
4634 testCases = append(testCases, testCase{
4635 testType: serverTest,
4636 name: "DuplicateExtensionServer-" + ver.name,
4637 config: Config{
4638 MaxVersion: ver.version,
4639 Bugs: ProtocolBugs{
4640 DuplicateExtension: true,
4641 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4642 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4643 shouldFail: true,
4644 expectedLocalError: "remote error: error decoding message",
4645 })
4646
4647 // Test SNI.
4648 testCases = append(testCases, testCase{
4649 testType: clientTest,
4650 name: "ServerNameExtensionClient-" + ver.name,
4651 config: Config{
4652 MaxVersion: ver.version,
4653 Bugs: ProtocolBugs{
4654 ExpectServerName: "example.com",
4655 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4656 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4657 flags: []string{"-host-name", "example.com"},
4658 })
4659 testCases = append(testCases, testCase{
4660 testType: clientTest,
4661 name: "ServerNameExtensionClientMismatch-" + ver.name,
4662 config: Config{
4663 MaxVersion: ver.version,
4664 Bugs: ProtocolBugs{
4665 ExpectServerName: "mismatch.com",
4666 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4667 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4668 flags: []string{"-host-name", "example.com"},
4669 shouldFail: true,
4670 expectedLocalError: "tls: unexpected server name",
4671 })
4672 testCases = append(testCases, testCase{
4673 testType: clientTest,
4674 name: "ServerNameExtensionClientMissing-" + ver.name,
4675 config: Config{
4676 MaxVersion: ver.version,
4677 Bugs: ProtocolBugs{
4678 ExpectServerName: "missing.com",
4679 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4680 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4681 shouldFail: true,
4682 expectedLocalError: "tls: unexpected server name",
4683 })
4684 testCases = append(testCases, testCase{
4685 testType: serverTest,
4686 name: "ServerNameExtensionServer-" + ver.name,
4687 config: Config{
4688 MaxVersion: ver.version,
4689 ServerName: "example.com",
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]4690 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4691 flags: []string{"-expect-server-name", "example.com"},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4692 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4693 })
4694
4695 // Test ALPN.
4696 testCases = append(testCases, testCase{
4697 testType: clientTest,
4698 name: "ALPNClient-" + ver.name,
4699 config: Config{
4700 MaxVersion: ver.version,
4701 NextProtos: []string{"foo"},
4702 },
4703 flags: []string{
4704 "-advertise-alpn", "\x03foo\x03bar\x03baz",
4705 "-expect-alpn", "foo",
4706 },
4707 expectedNextProto: "foo",
4708 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4709 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4710 })
4711 testCases = append(testCases, testCase{
David Benjamin3e517572016-08-11 11:52:23 -0400[diff] [blame]4712 testType: clientTest,
4713 name: "ALPNClient-Mismatch-" + ver.name,
4714 config: Config{
4715 MaxVersion: ver.version,
4716 Bugs: ProtocolBugs{
4717 SendALPN: "baz",
4718 },
4719 },
4720 flags: []string{
4721 "-advertise-alpn", "\x03foo\x03bar",
4722 },
4723 shouldFail: true,
4724 expectedError: ":INVALID_ALPN_PROTOCOL:",
4725 expectedLocalError: "remote error: illegal parameter",
4726 })
4727 testCases = append(testCases, testCase{
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4728 testType: serverTest,
4729 name: "ALPNServer-" + ver.name,
4730 config: Config{
4731 MaxVersion: ver.version,
4732 NextProtos: []string{"foo", "bar", "baz"},
4733 },
4734 flags: []string{
4735 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4736 "-select-alpn", "foo",
4737 },
4738 expectedNextProto: "foo",
4739 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4740 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4741 })
4742 testCases = append(testCases, testCase{
4743 testType: serverTest,
4744 name: "ALPNServer-Decline-" + ver.name,
4745 config: Config{
4746 MaxVersion: ver.version,
4747 NextProtos: []string{"foo", "bar", "baz"},
4748 },
4749 flags: []string{"-decline-alpn"},
4750 expectNoNextProto: true,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4751 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4752 })
4753
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4754 // Test ALPN in async mode as well to ensure that extensions callbacks are only
4755 // called once.
4756 testCases = append(testCases, testCase{
4757 testType: serverTest,
4758 name: "ALPNServer-Async-" + ver.name,
4759 config: Config{
4760 MaxVersion: ver.version,
4761 NextProtos: []string{"foo", "bar", "baz"},
David Benjamin4eb95cc2016-11-16 17:08:23 +0900[diff] [blame]4762 // Prior to TLS 1.3, exercise the asynchronous session callback.
4763 SessionTicketsDisabled: ver.version < VersionTLS13,
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4764 },
4765 flags: []string{
4766 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4767 "-select-alpn", "foo",
4768 "-async",
4769 },
4770 expectedNextProto: "foo",
4771 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4772 resumeSession: true,
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4773 })
4774
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4775 var emptyString string
4776 testCases = append(testCases, testCase{
4777 testType: clientTest,
4778 name: "ALPNClient-EmptyProtocolName-" + ver.name,
4779 config: Config{
4780 MaxVersion: ver.version,
4781 NextProtos: []string{""},
4782 Bugs: ProtocolBugs{
4783 // A server returning an empty ALPN protocol
4784 // should be rejected.
4785 ALPNProtocol: &emptyString,
4786 },
4787 },
4788 flags: []string{
4789 "-advertise-alpn", "\x03foo",
4790 },
4791 shouldFail: true,
4792 expectedError: ":PARSE_TLSEXT:",
4793 })
4794 testCases = append(testCases, testCase{
4795 testType: serverTest,
4796 name: "ALPNServer-EmptyProtocolName-" + ver.name,
4797 config: Config{
4798 MaxVersion: ver.version,
4799 // A ClientHello containing an empty ALPN protocol
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]4800 // should be rejected.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4801 NextProtos: []string{"foo", "", "baz"},
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]4802 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4803 flags: []string{
4804 "-select-alpn", "foo",
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]4805 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4806 shouldFail: true,
4807 expectedError: ":PARSE_TLSEXT:",
4808 })
4809
4810 // Test NPN and the interaction with ALPN.
4811 if ver.version < VersionTLS13 {
4812 // Test that the server prefers ALPN over NPN.
4813 testCases = append(testCases, testCase{
4814 testType: serverTest,
4815 name: "ALPNServer-Preferred-" + ver.name,
4816 config: Config{
4817 MaxVersion: ver.version,
4818 NextProtos: []string{"foo", "bar", "baz"},
4819 },
4820 flags: []string{
4821 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4822 "-select-alpn", "foo",
4823 "-advertise-npn", "\x03foo\x03bar\x03baz",
4824 },
4825 expectedNextProto: "foo",
4826 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4827 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4828 })
4829 testCases = append(testCases, testCase{
4830 testType: serverTest,
4831 name: "ALPNServer-Preferred-Swapped-" + ver.name,
4832 config: Config{
4833 MaxVersion: ver.version,
4834 NextProtos: []string{"foo", "bar", "baz"},
4835 Bugs: ProtocolBugs{
4836 SwapNPNAndALPN: true,
4837 },
4838 },
4839 flags: []string{
4840 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4841 "-select-alpn", "foo",
4842 "-advertise-npn", "\x03foo\x03bar\x03baz",
4843 },
4844 expectedNextProto: "foo",
4845 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4846 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4847 })
4848
4849 // Test that negotiating both NPN and ALPN is forbidden.
4850 testCases = append(testCases, testCase{
4851 name: "NegotiateALPNAndNPN-" + ver.name,
4852 config: Config{
4853 MaxVersion: ver.version,
4854 NextProtos: []string{"foo", "bar", "baz"},
4855 Bugs: ProtocolBugs{
4856 NegotiateALPNAndNPN: true,
4857 },
4858 },
4859 flags: []string{
4860 "-advertise-alpn", "\x03foo",
4861 "-select-next-proto", "foo",
4862 },
4863 shouldFail: true,
4864 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
4865 })
4866 testCases = append(testCases, testCase{
4867 name: "NegotiateALPNAndNPN-Swapped-" + ver.name,
4868 config: Config{
4869 MaxVersion: ver.version,
4870 NextProtos: []string{"foo", "bar", "baz"},
4871 Bugs: ProtocolBugs{
4872 NegotiateALPNAndNPN: true,
4873 SwapNPNAndALPN: true,
4874 },
4875 },
4876 flags: []string{
4877 "-advertise-alpn", "\x03foo",
4878 "-select-next-proto", "foo",
4879 },
4880 shouldFail: true,
4881 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
4882 })
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4883 }
4884
4885 // Test ticket behavior.
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4886
4887 // Resume with a corrupt ticket.
4888 testCases = append(testCases, testCase{
4889 testType: serverTest,
4890 name: "CorruptTicket-" + ver.name,
4891 config: Config{
4892 MaxVersion: ver.version,
4893 Bugs: ProtocolBugs{
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]4894 FilterTicket: func(in []byte) ([]byte, error) {
4895 in[len(in)-1] ^= 1
4896 return in, nil
4897 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4898 },
4899 },
4900 resumeSession: true,
4901 expectResumeRejected: true,
4902 })
4903 // Test the ticket callback, with and without renewal.
4904 testCases = append(testCases, testCase{
4905 testType: serverTest,
4906 name: "TicketCallback-" + ver.name,
4907 config: Config{
4908 MaxVersion: ver.version,
4909 },
4910 resumeSession: true,
4911 flags: []string{"-use-ticket-callback"},
4912 })
4913 testCases = append(testCases, testCase{
4914 testType: serverTest,
4915 name: "TicketCallback-Renew-" + ver.name,
4916 config: Config{
4917 MaxVersion: ver.version,
4918 Bugs: ProtocolBugs{
4919 ExpectNewTicket: true,
4920 },
4921 },
4922 flags: []string{"-use-ticket-callback", "-renew-ticket"},
4923 resumeSession: true,
4924 })
4925
4926 // Test that the ticket callback is only called once when everything before
4927 // it in the ClientHello is asynchronous. This corrupts the ticket so
4928 // certificate selection callbacks run.
4929 testCases = append(testCases, testCase{
4930 testType: serverTest,
4931 name: "TicketCallback-SingleCall-" + ver.name,
4932 config: Config{
4933 MaxVersion: ver.version,
4934 Bugs: ProtocolBugs{
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]4935 FilterTicket: func(in []byte) ([]byte, error) {
4936 in[len(in)-1] ^= 1
4937 return in, nil
4938 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4939 },
4940 },
4941 resumeSession: true,
4942 expectResumeRejected: true,
4943 flags: []string{
4944 "-use-ticket-callback",
4945 "-async",
4946 },
4947 })
4948
4949 // Resume with an oversized session id.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4950 if ver.version < VersionTLS13 {
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4951 testCases = append(testCases, testCase{
4952 testType: serverTest,
4953 name: "OversizedSessionId-" + ver.name,
4954 config: Config{
4955 MaxVersion: ver.version,
4956 Bugs: ProtocolBugs{
4957 OversizedSessionId: true,
4958 },
4959 },
4960 resumeSession: true,
4961 shouldFail: true,
4962 expectedError: ":DECODE_ERROR:",
4963 })
4964 }
4965
4966 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
4967 // are ignored.
4968 if ver.hasDTLS {
4969 testCases = append(testCases, testCase{
4970 protocol: dtls,
4971 name: "SRTP-Client-" + ver.name,
4972 config: Config{
4973 MaxVersion: ver.version,
4974 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
4975 },
4976 flags: []string{
4977 "-srtp-profiles",
4978 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4979 },
4980 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4981 })
4982 testCases = append(testCases, testCase{
4983 protocol: dtls,
4984 testType: serverTest,
4985 name: "SRTP-Server-" + ver.name,
4986 config: Config{
4987 MaxVersion: ver.version,
4988 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
4989 },
4990 flags: []string{
4991 "-srtp-profiles",
4992 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4993 },
4994 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4995 })
4996 // Test that the MKI is ignored.
4997 testCases = append(testCases, testCase{
4998 protocol: dtls,
4999 testType: serverTest,
5000 name: "SRTP-Server-IgnoreMKI-" + ver.name,
5001 config: Config{
5002 MaxVersion: ver.version,
5003 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
5004 Bugs: ProtocolBugs{
5005 SRTPMasterKeyIdentifer: "bogus",
5006 },
5007 },
5008 flags: []string{
5009 "-srtp-profiles",
5010 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5011 },
5012 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
5013 })
5014 // Test that SRTP isn't negotiated on the server if there were
5015 // no matching profiles.
5016 testCases = append(testCases, testCase{
5017 protocol: dtls,
5018 testType: serverTest,
5019 name: "SRTP-Server-NoMatch-" + ver.name,
5020 config: Config{
5021 MaxVersion: ver.version,
5022 SRTPProtectionProfiles: []uint16{100, 101, 102},
5023 },
5024 flags: []string{
5025 "-srtp-profiles",
5026 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5027 },
5028 expectedSRTPProtectionProfile: 0,
5029 })
5030 // Test that the server returning an invalid SRTP profile is
5031 // flagged as an error by the client.
5032 testCases = append(testCases, testCase{
5033 protocol: dtls,
5034 name: "SRTP-Client-NoMatch-" + ver.name,
5035 config: Config{
5036 MaxVersion: ver.version,
5037 Bugs: ProtocolBugs{
5038 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
5039 },
5040 },
5041 flags: []string{
5042 "-srtp-profiles",
5043 "SRTP_AES128_CM_SHA1_80",
5044 },
5045 shouldFail: true,
5046 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
5047 })
5048 }
5049
5050 // Test SCT list.
5051 testCases = append(testCases, testCase{
5052 name: "SignedCertificateTimestampList-Client-" + ver.name,
5053 testType: clientTest,
5054 config: Config{
5055 MaxVersion: ver.version,
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]5056 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5057 flags: []string{
5058 "-enable-signed-cert-timestamps",
5059 "-expect-signed-cert-timestamps",
5060 base64.StdEncoding.EncodeToString(testSCTList),
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]5061 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5062 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5063 })
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5064
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5065 var differentSCTList []byte
5066 differentSCTList = append(differentSCTList, testSCTList...)
5067 differentSCTList[len(differentSCTList)-1] ^= 1
5068
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5069 // The SCT extension did not specify that it must only be sent on resumption as it
5070 // should have, so test that we tolerate but ignore it.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5071 testCases = append(testCases, testCase{
5072 name: "SendSCTListOnResume-" + ver.name,
5073 config: Config{
5074 MaxVersion: ver.version,
5075 Bugs: ProtocolBugs{
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5076 SendSCTListOnResume: differentSCTList,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5077 },
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]5078 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5079 flags: []string{
5080 "-enable-signed-cert-timestamps",
5081 "-expect-signed-cert-timestamps",
5082 base64.StdEncoding.EncodeToString(testSCTList),
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]5083 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5084 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5085 })
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5086
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5087 testCases = append(testCases, testCase{
5088 name: "SignedCertificateTimestampList-Server-" + ver.name,
5089 testType: serverTest,
5090 config: Config{
5091 MaxVersion: ver.version,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]5092 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5093 flags: []string{
5094 "-signed-cert-timestamps",
5095 base64.StdEncoding.EncodeToString(testSCTList),
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]5096 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5097 expectedSCTList: testSCTList,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5098 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5099 })
David Benjamin53210cb2016-11-16 09:01:48 +0900[diff] [blame]5100
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5101 emptySCTListCert := *testCerts[0].cert
5102 emptySCTListCert.SignedCertificateTimestampList = []byte{0, 0}
5103
5104 // Test empty SCT list.
5105 testCases = append(testCases, testCase{
5106 name: "SignedCertificateTimestampListEmpty-Client-" + ver.name,
5107 testType: clientTest,
5108 config: Config{
5109 MaxVersion: ver.version,
5110 Certificates: []Certificate{emptySCTListCert},
5111 },
5112 flags: []string{
5113 "-enable-signed-cert-timestamps",
5114 },
5115 shouldFail: true,
5116 expectedError: ":ERROR_PARSING_EXTENSION:",
5117 })
5118
5119 emptySCTCert := *testCerts[0].cert
5120 emptySCTCert.SignedCertificateTimestampList = []byte{0, 6, 0, 2, 1, 2, 0, 0}
5121
5122 // Test empty SCT in non-empty list.
5123 testCases = append(testCases, testCase{
5124 name: "SignedCertificateTimestampListEmptySCT-Client-" + ver.name,
5125 testType: clientTest,
5126 config: Config{
5127 MaxVersion: ver.version,
5128 Certificates: []Certificate{emptySCTCert},
5129 },
5130 flags: []string{
5131 "-enable-signed-cert-timestamps",
5132 },
5133 shouldFail: true,
5134 expectedError: ":ERROR_PARSING_EXTENSION:",
5135 })
5136
David Benjamin53210cb2016-11-16 09:01:48 +0900[diff] [blame]5137 // Test that certificate-related extensions are not sent unsolicited.
5138 testCases = append(testCases, testCase{
5139 testType: serverTest,
5140 name: "UnsolicitedCertificateExtensions-" + ver.name,
5141 config: Config{
5142 MaxVersion: ver.version,
5143 Bugs: ProtocolBugs{
5144 NoOCSPStapling: true,
5145 NoSignedCertificateTimestamps: true,
5146 },
5147 },
5148 flags: []string{
5149 "-ocsp-response",
5150 base64.StdEncoding.EncodeToString(testOCSPResponse),
5151 "-signed-cert-timestamps",
5152 base64.StdEncoding.EncodeToString(testSCTList),
5153 },
5154 })
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5155 }
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5156
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]5157 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]5158 testType: clientTest,
5159 name: "ClientHelloPadding",
5160 config: Config{
5161 Bugs: ProtocolBugs{
5162 RequireClientHelloSize: 512,
5163 },
5164 },
5165 // This hostname just needs to be long enough to push the
5166 // ClientHello into F5's danger zone between 256 and 511 bytes
5167 // long.
5168 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
5169 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]5170
5171 // Extensions should not function in SSL 3.0.
5172 testCases = append(testCases, testCase{
5173 testType: serverTest,
5174 name: "SSLv3Extensions-NoALPN",
5175 config: Config{
5176 MaxVersion: VersionSSL30,
5177 NextProtos: []string{"foo", "bar", "baz"},
5178 },
5179 flags: []string{
5180 "-select-alpn", "foo",
5181 },
5182 expectNoNextProto: true,
5183 })
5184
5185 // Test session tickets separately as they follow a different codepath.
5186 testCases = append(testCases, testCase{
5187 testType: serverTest,
5188 name: "SSLv3Extensions-NoTickets",
5189 config: Config{
5190 MaxVersion: VersionSSL30,
5191 Bugs: ProtocolBugs{
5192 // Historically, session tickets in SSL 3.0
5193 // failed in different ways depending on whether
5194 // the client supported renegotiation_info.
5195 NoRenegotiationInfo: true,
5196 },
5197 },
5198 resumeSession: true,
5199 })
5200 testCases = append(testCases, testCase{
5201 testType: serverTest,
5202 name: "SSLv3Extensions-NoTickets2",
5203 config: Config{
5204 MaxVersion: VersionSSL30,
5205 },
5206 resumeSession: true,
5207 })
5208
5209 // But SSL 3.0 does send and process renegotiation_info.
5210 testCases = append(testCases, testCase{
5211 testType: serverTest,
5212 name: "SSLv3Extensions-RenegotiationInfo",
5213 config: Config{
5214 MaxVersion: VersionSSL30,
5215 Bugs: ProtocolBugs{
5216 RequireRenegotiationInfo: true,
5217 },
5218 },
5219 })
5220 testCases = append(testCases, testCase{
5221 testType: serverTest,
5222 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
5223 config: Config{
5224 MaxVersion: VersionSSL30,
5225 Bugs: ProtocolBugs{
5226 NoRenegotiationInfo: true,
5227 SendRenegotiationSCSV: true,
5228 RequireRenegotiationInfo: true,
5229 },
5230 },
5231 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5232
5233 // Test that illegal extensions in TLS 1.3 are rejected by the client if
5234 // in ServerHello.
5235 testCases = append(testCases, testCase{
5236 name: "NPN-Forbidden-TLS13",
5237 config: Config{
5238 MaxVersion: VersionTLS13,
5239 NextProtos: []string{"foo"},
5240 Bugs: ProtocolBugs{
5241 NegotiateNPNAtAllVersions: true,
5242 },
5243 },
5244 flags: []string{"-select-next-proto", "foo"},
5245 shouldFail: true,
5246 expectedError: ":ERROR_PARSING_EXTENSION:",
5247 })
5248 testCases = append(testCases, testCase{
5249 name: "EMS-Forbidden-TLS13",
5250 config: Config{
5251 MaxVersion: VersionTLS13,
5252 Bugs: ProtocolBugs{
5253 NegotiateEMSAtAllVersions: true,
5254 },
5255 },
5256 shouldFail: true,
5257 expectedError: ":ERROR_PARSING_EXTENSION:",
5258 })
5259 testCases = append(testCases, testCase{
5260 name: "RenegotiationInfo-Forbidden-TLS13",
5261 config: Config{
5262 MaxVersion: VersionTLS13,
5263 Bugs: ProtocolBugs{
5264 NegotiateRenegotiationInfoAtAllVersions: true,
5265 },
5266 },
5267 shouldFail: true,
5268 expectedError: ":ERROR_PARSING_EXTENSION:",
5269 })
5270 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5271 name: "Ticket-Forbidden-TLS13",
5272 config: Config{
5273 MaxVersion: VersionTLS12,
5274 },
5275 resumeConfig: &Config{
5276 MaxVersion: VersionTLS13,
5277 Bugs: ProtocolBugs{
5278 AdvertiseTicketExtension: true,
5279 },
5280 },
5281 resumeSession: true,
5282 shouldFail: true,
5283 expectedError: ":ERROR_PARSING_EXTENSION:",
5284 })
5285
5286 // Test that illegal extensions in TLS 1.3 are declined by the server if
5287 // offered in ClientHello. The runner's server will fail if this occurs,
5288 // so we exercise the offering path. (EMS and Renegotiation Info are
5289 // implicit in every test.)
5290 testCases = append(testCases, testCase{
5291 testType: serverTest,
David Benjamin73647192016-09-22 16:24:04 -0400[diff] [blame]5292 name: "NPN-Declined-TLS13",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5293 config: Config{
5294 MaxVersion: VersionTLS13,
5295 NextProtos: []string{"bar"},
5296 },
5297 flags: []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
5298 })
David Benjamin196df5b2016-09-21 16:23:27 -0400[diff] [blame]5299
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5300 // OpenSSL sends the status_request extension on resumption in TLS 1.2. Test that this is
5301 // tolerated.
5302 testCases = append(testCases, testCase{
5303 name: "SendOCSPResponseOnResume-TLS12",
5304 config: Config{
5305 MaxVersion: VersionTLS12,
5306 Bugs: ProtocolBugs{
5307 SendOCSPResponseOnResume: []byte("bogus"),
5308 },
5309 },
5310 flags: []string{
5311 "-enable-ocsp-stapling",
5312 "-expect-ocsp-response",
5313 base64.StdEncoding.EncodeToString(testOCSPResponse),
5314 },
5315 resumeSession: true,
5316 })
5317
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5318 testCases = append(testCases, testCase{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5319 name: "SendUnsolicitedOCSPOnCertificate-TLS13",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5320 config: Config{
5321 MaxVersion: VersionTLS13,
5322 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5323 SendExtensionOnCertificate: testOCSPExtension,
5324 },
5325 },
5326 shouldFail: true,
5327 expectedError: ":UNEXPECTED_EXTENSION:",
5328 })
5329
5330 testCases = append(testCases, testCase{
5331 name: "SendUnsolicitedSCTOnCertificate-TLS13",
5332 config: Config{
5333 MaxVersion: VersionTLS13,
5334 Bugs: ProtocolBugs{
5335 SendExtensionOnCertificate: testSCTExtension,
5336 },
5337 },
5338 shouldFail: true,
5339 expectedError: ":UNEXPECTED_EXTENSION:",
5340 })
5341
5342 // Test that extensions on client certificates are never accepted.
5343 testCases = append(testCases, testCase{
5344 name: "SendExtensionOnClientCertificate-TLS13",
5345 testType: serverTest,
5346 config: Config{
5347 MaxVersion: VersionTLS13,
5348 Certificates: []Certificate{rsaCertificate},
5349 Bugs: ProtocolBugs{
5350 SendExtensionOnCertificate: testOCSPExtension,
5351 },
5352 },
5353 flags: []string{
5354 "-enable-ocsp-stapling",
5355 "-require-any-client-certificate",
5356 },
5357 shouldFail: true,
5358 expectedError: ":UNEXPECTED_EXTENSION:",
5359 })
5360
5361 testCases = append(testCases, testCase{
5362 name: "SendUnknownExtensionOnCertificate-TLS13",
5363 config: Config{
5364 MaxVersion: VersionTLS13,
5365 Bugs: ProtocolBugs{
5366 SendExtensionOnCertificate: []byte{0x00, 0x7f, 0, 0},
5367 },
5368 },
5369 shouldFail: true,
5370 expectedError: ":UNEXPECTED_EXTENSION:",
5371 })
5372
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5373 var differentSCTList []byte
5374 differentSCTList = append(differentSCTList, testSCTList...)
5375 differentSCTList[len(differentSCTList)-1] ^= 1
5376
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5377 // Test that extensions on intermediates are allowed but ignored.
5378 testCases = append(testCases, testCase{
5379 name: "IgnoreExtensionsOnIntermediates-TLS13",
5380 config: Config{
5381 MaxVersion: VersionTLS13,
5382 Certificates: []Certificate{rsaChainCertificate},
5383 Bugs: ProtocolBugs{
5384 // Send different values on the intermediate. This tests
5385 // the intermediate's extensions do not override the
5386 // leaf's.
5387 SendOCSPOnIntermediates: []byte{1, 3, 3, 7},
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5388 SendSCTOnIntermediates: differentSCTList,
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5389 },
5390 },
5391 flags: []string{
5392 "-enable-ocsp-stapling",
5393 "-expect-ocsp-response",
5394 base64.StdEncoding.EncodeToString(testOCSPResponse),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5395 "-enable-signed-cert-timestamps",
5396 "-expect-signed-cert-timestamps",
5397 base64.StdEncoding.EncodeToString(testSCTList),
5398 },
5399 resumeSession: true,
5400 })
5401
5402 // Test that extensions are not sent on intermediates when configured
5403 // only for a leaf.
5404 testCases = append(testCases, testCase{
5405 testType: serverTest,
5406 name: "SendNoExtensionsOnIntermediate-TLS13",
5407 config: Config{
5408 MaxVersion: VersionTLS13,
5409 Bugs: ProtocolBugs{
5410 ExpectNoExtensionsOnIntermediate: true,
5411 },
5412 },
5413 flags: []string{
5414 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
5415 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
5416 "-ocsp-response",
5417 base64.StdEncoding.EncodeToString(testOCSPResponse),
5418 "-signed-cert-timestamps",
5419 base64.StdEncoding.EncodeToString(testSCTList),
5420 },
5421 })
5422
5423 // Test that extensions are not sent on client certificates.
5424 testCases = append(testCases, testCase{
5425 name: "SendNoClientCertificateExtensions-TLS13",
5426 config: Config{
5427 MaxVersion: VersionTLS13,
5428 ClientAuth: RequireAnyClientCert,
5429 },
5430 flags: []string{
5431 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
5432 "-key-file", path.Join(*resourceDir, rsaKeyFile),
5433 "-ocsp-response",
5434 base64.StdEncoding.EncodeToString(testOCSPResponse),
5435 "-signed-cert-timestamps",
5436 base64.StdEncoding.EncodeToString(testSCTList),
5437 },
5438 })
5439
5440 testCases = append(testCases, testCase{
5441 name: "SendDuplicateExtensionsOnCerts-TLS13",
5442 config: Config{
5443 MaxVersion: VersionTLS13,
5444 Bugs: ProtocolBugs{
5445 SendDuplicateCertExtensions: true,
5446 },
5447 },
5448 flags: []string{
5449 "-enable-ocsp-stapling",
5450 "-enable-signed-cert-timestamps",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5451 },
5452 resumeSession: true,
5453 shouldFail: true,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5454 expectedError: ":DUPLICATE_EXTENSION:",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5455 })
Adam Langley9b885c52016-11-18 14:21:03 -0800[diff] [blame]5456
5457 testCases = append(testCases, testCase{
5458 name: "SignedCertificateTimestampListInvalid-Server",
5459 testType: serverTest,
5460 flags: []string{
5461 "-signed-cert-timestamps",
5462 base64.StdEncoding.EncodeToString([]byte{0, 0}),
5463 },
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]5464 shouldFail: true,
Adam Langley9b885c52016-11-18 14:21:03 -0800[diff] [blame]5465 expectedError: ":INVALID_SCT_LIST:",
5466 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]5467}
5468
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5469func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5470 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5471 for _, resumeVers := range tlsVersions {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5472 // SSL 3.0 does not have tickets and TLS 1.3 does not
5473 // have session IDs, so skip their cross-resumption
5474 // tests.
5475 if (sessionVers.version >= VersionTLS13 && resumeVers.version == VersionSSL30) ||
5476 (resumeVers.version >= VersionTLS13 && sessionVers.version == VersionSSL30) {
5477 continue
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5478 }
5479
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5480 protocols := []protocol{tls}
5481 if sessionVers.hasDTLS && resumeVers.hasDTLS {
5482 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]5483 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5484 for _, protocol := range protocols {
5485 suffix := "-" + sessionVers.name + "-" + resumeVers.name
5486 if protocol == dtls {
5487 suffix += "-DTLS"
5488 }
5489
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5490 if sessionVers.version == resumeVers.version {
5491 testCases = append(testCases, testCase{
5492 protocol: protocol,
5493 name: "Resume-Client" + suffix,
5494 resumeSession: true,
5495 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5496 MaxVersion: sessionVers.version,
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5497 Bugs: ProtocolBugs{
5498 ExpectNoTLS12Session: sessionVers.version >= VersionTLS13,
5499 ExpectNoTLS13PSK: sessionVers.version < VersionTLS13,
5500 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5501 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5502 expectedVersion: sessionVers.version,
5503 expectedResumeVersion: resumeVers.version,
5504 })
5505 } else {
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5506 error := ":OLD_SESSION_VERSION_NOT_RETURNED:"
5507
5508 // Offering a TLS 1.3 session sends an empty session ID, so
5509 // there is no way to convince a non-lookahead client the
5510 // session was resumed. It will appear to the client that a
5511 // stray ChangeCipherSpec was sent.
5512 if resumeVers.version < VersionTLS13 && sessionVers.version >= VersionTLS13 {
5513 error = ":UNEXPECTED_RECORD:"
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5514 }
5515
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5516 testCases = append(testCases, testCase{
5517 protocol: protocol,
5518 name: "Resume-Client-Mismatch" + suffix,
5519 resumeSession: true,
5520 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5521 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5522 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5523 expectedVersion: sessionVers.version,
5524 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5525 MaxVersion: resumeVers.version,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5526 Bugs: ProtocolBugs{
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5527 AcceptAnySession: true,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5528 },
5529 },
5530 expectedResumeVersion: resumeVers.version,
5531 shouldFail: true,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5532 expectedError: error,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5533 })
5534 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5535
5536 testCases = append(testCases, testCase{
5537 protocol: protocol,
5538 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5539 resumeSession: true,
5540 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5541 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5542 },
5543 expectedVersion: sessionVers.version,
5544 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5545 MaxVersion: resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5546 },
5547 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]5548 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5549 expectedResumeVersion: resumeVers.version,
5550 })
5551
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5552 testCases = append(testCases, testCase{
5553 protocol: protocol,
5554 testType: serverTest,
5555 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5556 resumeSession: true,
5557 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5558 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5559 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]5560 expectedVersion: sessionVers.version,
5561 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5562 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5563 MaxVersion: resumeVers.version,
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5564 Bugs: ProtocolBugs{
5565 SendBothTickets: true,
5566 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5567 },
5568 expectedResumeVersion: resumeVers.version,
5569 })
5570 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5571 }
5572 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5573
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5574 // Make sure shim ticket mutations are functional.
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5575 testCases = append(testCases, testCase{
5576 testType: serverTest,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5577 name: "ShimTicketRewritable",
5578 resumeSession: true,
5579 config: Config{
5580 MaxVersion: VersionTLS12,
5581 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5582 Bugs: ProtocolBugs{
5583 FilterTicket: func(in []byte) ([]byte, error) {
5584 in, err := SetShimTicketVersion(in, VersionTLS12)
5585 if err != nil {
5586 return nil, err
5587 }
5588 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
5589 },
5590 },
5591 },
5592 flags: []string{
5593 "-ticket-key",
5594 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5595 },
5596 })
5597
5598 // Resumptions are declined if the version does not match.
5599 testCases = append(testCases, testCase{
5600 testType: serverTest,
5601 name: "Resume-Server-DeclineCrossVersion",
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5602 resumeSession: true,
5603 config: Config{
5604 MaxVersion: VersionTLS12,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5605 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5606 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5607 FilterTicket: func(in []byte) ([]byte, error) {
5608 return SetShimTicketVersion(in, VersionTLS13)
5609 },
5610 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5611 },
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5612 flags: []string{
5613 "-ticket-key",
5614 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5615 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5616 expectResumeRejected: true,
5617 })
5618
5619 testCases = append(testCases, testCase{
5620 testType: serverTest,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5621 name: "Resume-Server-DeclineCrossVersion-TLS13",
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5622 resumeSession: true,
5623 config: Config{
5624 MaxVersion: VersionTLS13,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5625 Bugs: ProtocolBugs{
5626 FilterTicket: func(in []byte) ([]byte, error) {
5627 return SetShimTicketVersion(in, VersionTLS12)
5628 },
5629 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5630 },
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5631 flags: []string{
5632 "-ticket-key",
5633 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5634 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5635 expectResumeRejected: true,
5636 })
5637
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5638 // Resumptions are declined if the cipher is invalid or disabled.
5639 testCases = append(testCases, testCase{
5640 testType: serverTest,
5641 name: "Resume-Server-DeclineBadCipher",
5642 resumeSession: true,
5643 config: Config{
5644 MaxVersion: VersionTLS12,
5645 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5646 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5647 FilterTicket: func(in []byte) ([]byte, error) {
5648 return SetShimTicketCipherSuite(in, TLS_AES_128_GCM_SHA256)
5649 },
5650 },
5651 },
5652 flags: []string{
5653 "-ticket-key",
5654 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5655 },
5656 expectResumeRejected: true,
5657 })
5658
5659 testCases = append(testCases, testCase{
5660 testType: serverTest,
5661 name: "Resume-Server-DeclineBadCipher-2",
5662 resumeSession: true,
5663 config: Config{
5664 MaxVersion: VersionTLS12,
5665 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5666 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5667 FilterTicket: func(in []byte) ([]byte, error) {
5668 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
5669 },
5670 },
5671 },
5672 flags: []string{
5673 "-cipher", "AES128",
5674 "-ticket-key",
5675 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5676 },
5677 expectResumeRejected: true,
5678 })
5679
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5680 // Sessions are not resumed if they do not use the preferred cipher.
5681 testCases = append(testCases, testCase{
5682 testType: serverTest,
5683 name: "Resume-Server-CipherNotPreferred",
5684 resumeSession: true,
5685 config: Config{
5686 MaxVersion: VersionTLS12,
5687 Bugs: ProtocolBugs{
5688 ExpectNewTicket: true,
5689 FilterTicket: func(in []byte) ([]byte, error) {
5690 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
5691 },
5692 },
5693 },
5694 flags: []string{
5695 "-ticket-key",
5696 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5697 },
5698 shouldFail: false,
5699 expectResumeRejected: true,
5700 })
5701
5702 // TLS 1.3 allows sessions to be resumed at a different cipher if their
5703 // PRF hashes match, but BoringSSL will always decline such resumptions.
5704 testCases = append(testCases, testCase{
5705 testType: serverTest,
5706 name: "Resume-Server-CipherNotPreferred-TLS13",
5707 resumeSession: true,
5708 config: Config{
5709 MaxVersion: VersionTLS13,
5710 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256},
5711 Bugs: ProtocolBugs{
5712 FilterTicket: func(in []byte) ([]byte, error) {
5713 // If the client (runner) offers ChaCha20-Poly1305 first, the
5714 // server (shim) always prefers it. Switch it to AES-GCM.
5715 return SetShimTicketCipherSuite(in, TLS_AES_128_GCM_SHA256)
5716 },
5717 },
5718 },
5719 flags: []string{
5720 "-ticket-key",
5721 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5722 },
5723 shouldFail: false,
5724 expectResumeRejected: true,
5725 })
5726
5727 // Sessions may not be resumed if they contain another version's cipher.
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5728 testCases = append(testCases, testCase{
5729 testType: serverTest,
5730 name: "Resume-Server-DeclineBadCipher-TLS13",
5731 resumeSession: true,
5732 config: Config{
5733 MaxVersion: VersionTLS13,
5734 Bugs: ProtocolBugs{
5735 FilterTicket: func(in []byte) ([]byte, error) {
5736 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
5737 },
5738 },
5739 },
5740 flags: []string{
5741 "-ticket-key",
5742 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5743 },
5744 expectResumeRejected: true,
5745 })
5746
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5747 // If the client does not offer the cipher from the session, decline to
5748 // resume. Clients are forbidden from doing this, but BoringSSL selects
5749 // the cipher first, so we only decline.
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5750 testCases = append(testCases, testCase{
5751 testType: serverTest,
5752 name: "Resume-Server-UnofferedCipher",
5753 resumeSession: true,
5754 config: Config{
5755 MaxVersion: VersionTLS12,
5756 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
5757 },
5758 resumeConfig: &Config{
5759 MaxVersion: VersionTLS12,
5760 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
5761 Bugs: ProtocolBugs{
5762 SendCipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5763 },
5764 },
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5765 expectResumeRejected: true,
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5766 })
5767
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5768 // In TLS 1.3, clients may advertise a cipher list which does not
5769 // include the selected cipher. Test that we tolerate this. Servers may
5770 // resume at another cipher if the PRF matches, but BoringSSL will
5771 // always decline.
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5772 testCases = append(testCases, testCase{
5773 testType: serverTest,
5774 name: "Resume-Server-UnofferedCipher-TLS13",
5775 resumeSession: true,
5776 config: Config{
5777 MaxVersion: VersionTLS13,
5778 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5779 },
5780 resumeConfig: &Config{
5781 MaxVersion: VersionTLS13,
5782 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5783 Bugs: ProtocolBugs{
5784 SendCipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
5785 },
5786 },
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5787 expectResumeRejected: true,
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5788 })
5789
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5790 // Sessions may not be resumed at a different cipher.
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5791 testCases = append(testCases, testCase{
5792 name: "Resume-Client-CipherMismatch",
5793 resumeSession: true,
5794 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5795 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5796 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5797 },
5798 resumeConfig: &Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5799 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5800 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5801 Bugs: ProtocolBugs{
5802 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
5803 },
5804 },
5805 shouldFail: true,
5806 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
5807 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5808
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5809 // Session resumption in TLS 1.3 may change the cipher suite if the PRF
5810 // matches.
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5811 testCases = append(testCases, testCase{
5812 name: "Resume-Client-CipherMismatch-TLS13",
5813 resumeSession: true,
5814 config: Config{
5815 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5816 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5817 },
5818 resumeConfig: &Config{
5819 MaxVersion: VersionTLS13,
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5820 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5821 },
5822 })
5823
5824 // Session resumption in TLS 1.3 is forbidden if the PRF does not match.
5825 testCases = append(testCases, testCase{
5826 name: "Resume-Client-PRFMismatch-TLS13",
5827 resumeSession: true,
5828 config: Config{
5829 MaxVersion: VersionTLS13,
5830 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
5831 },
5832 resumeConfig: &Config{
5833 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5834 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5835 Bugs: ProtocolBugs{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5836 SendCipherSuite: TLS_AES_256_GCM_SHA384,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5837 },
5838 },
5839 shouldFail: true,
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5840 expectedError: ":OLD_SESSION_PRF_HASH_MISMATCH:",
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5841 })
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5842
5843 testCases = append(testCases, testCase{
5844 testType: serverTest,
5845 name: "Resume-Server-BinderWrongLength",
5846 resumeSession: true,
5847 config: Config{
5848 MaxVersion: VersionTLS13,
5849 Bugs: ProtocolBugs{
5850 SendShortPSKBinder: true,
5851 },
5852 },
5853 shouldFail: true,
5854 expectedLocalError: "remote error: error decrypting message",
5855 expectedError: ":DIGEST_CHECK_FAILED:",
5856 })
5857
5858 testCases = append(testCases, testCase{
5859 testType: serverTest,
5860 name: "Resume-Server-NoPSKBinder",
5861 resumeSession: true,
5862 config: Config{
5863 MaxVersion: VersionTLS13,
5864 Bugs: ProtocolBugs{
5865 SendNoPSKBinder: true,
5866 },
5867 },
5868 shouldFail: true,
5869 expectedLocalError: "remote error: error decoding message",
5870 expectedError: ":DECODE_ERROR:",
5871 })
5872
5873 testCases = append(testCases, testCase{
5874 testType: serverTest,
David Benjaminaedf3032016-12-01 16:47:56 -0500[diff] [blame]5875 name: "Resume-Server-ExtraPSKBinder",
5876 resumeSession: true,
5877 config: Config{
5878 MaxVersion: VersionTLS13,
5879 Bugs: ProtocolBugs{
5880 SendExtraPSKBinder: true,
5881 },
5882 },
5883 shouldFail: true,
5884 expectedLocalError: "remote error: illegal parameter",
5885 expectedError: ":PSK_IDENTITY_BINDER_COUNT_MISMATCH:",
5886 })
5887
5888 testCases = append(testCases, testCase{
5889 testType: serverTest,
5890 name: "Resume-Server-ExtraIdentityNoBinder",
5891 resumeSession: true,
5892 config: Config{
5893 MaxVersion: VersionTLS13,
5894 Bugs: ProtocolBugs{
5895 ExtraPSKIdentity: true,
5896 },
5897 },
5898 shouldFail: true,
5899 expectedLocalError: "remote error: illegal parameter",
5900 expectedError: ":PSK_IDENTITY_BINDER_COUNT_MISMATCH:",
5901 })
5902
5903 testCases = append(testCases, testCase{
5904 testType: serverTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5905 name: "Resume-Server-InvalidPSKBinder",
5906 resumeSession: true,
5907 config: Config{
5908 MaxVersion: VersionTLS13,
5909 Bugs: ProtocolBugs{
5910 SendInvalidPSKBinder: true,
5911 },
5912 },
5913 shouldFail: true,
5914 expectedLocalError: "remote error: error decrypting message",
5915 expectedError: ":DIGEST_CHECK_FAILED:",
5916 })
5917
5918 testCases = append(testCases, testCase{
5919 testType: serverTest,
5920 name: "Resume-Server-PSKBinderFirstExtension",
5921 resumeSession: true,
5922 config: Config{
5923 MaxVersion: VersionTLS13,
5924 Bugs: ProtocolBugs{
5925 PSKBinderFirst: true,
5926 },
5927 },
5928 shouldFail: true,
5929 expectedLocalError: "remote error: illegal parameter",
5930 expectedError: ":PRE_SHARED_KEY_MUST_BE_LAST:",
5931 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5932}
5933
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]5934func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]5935 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]5936 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5937 testType: serverTest,
5938 name: "Renegotiate-Server-Forbidden",
5939 config: Config{
5940 MaxVersion: VersionTLS12,
5941 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5942 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]5943 shouldFail: true,
5944 expectedError: ":NO_RENEGOTIATION:",
5945 expectedLocalError: "remote error: no renegotiation",
5946 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]5947 // The server shouldn't echo the renegotiation extension unless
5948 // requested by the client.
5949 testCases = append(testCases, testCase{
5950 testType: serverTest,
5951 name: "Renegotiate-Server-NoExt",
5952 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5953 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]5954 Bugs: ProtocolBugs{
5955 NoRenegotiationInfo: true,
5956 RequireRenegotiationInfo: true,
5957 },
5958 },
5959 shouldFail: true,
5960 expectedLocalError: "renegotiation extension missing",
5961 })
5962 // The renegotiation SCSV should be sufficient for the server to echo
5963 // the extension.
5964 testCases = append(testCases, testCase{
5965 testType: serverTest,
5966 name: "Renegotiate-Server-NoExt-SCSV",
5967 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5968 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]5969 Bugs: ProtocolBugs{
5970 NoRenegotiationInfo: true,
5971 SendRenegotiationSCSV: true,
5972 RequireRenegotiationInfo: true,
5973 },
5974 },
5975 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5976 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]5977 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5978 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5979 MaxVersion: VersionTLS12,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5980 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]5981 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5982 },
5983 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5984 renegotiate: 1,
5985 flags: []string{
5986 "-renegotiate-freely",
5987 "-expect-total-renegotiations", "1",
5988 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5989 })
5990 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5991 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5992 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5993 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5994 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5995 Bugs: ProtocolBugs{
5996 EmptyRenegotiationInfo: true,
5997 },
5998 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5999 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6000 shouldFail: true,
6001 expectedError: ":RENEGOTIATION_MISMATCH:",
6002 })
6003 testCases = append(testCases, testCase{
6004 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6005 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6006 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6007 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6008 Bugs: ProtocolBugs{
6009 BadRenegotiationInfo: true,
6010 },
6011 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6012 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6013 shouldFail: true,
6014 expectedError: ":RENEGOTIATION_MISMATCH:",
6015 })
6016 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6017 name: "Renegotiate-Client-Downgrade",
6018 renegotiate: 1,
6019 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6020 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6021 Bugs: ProtocolBugs{
6022 NoRenegotiationInfoAfterInitial: true,
6023 },
6024 },
6025 flags: []string{"-renegotiate-freely"},
6026 shouldFail: true,
6027 expectedError: ":RENEGOTIATION_MISMATCH:",
6028 })
6029 testCases = append(testCases, testCase{
6030 name: "Renegotiate-Client-Upgrade",
6031 renegotiate: 1,
6032 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6033 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6034 Bugs: ProtocolBugs{
6035 NoRenegotiationInfoInInitial: true,
6036 },
6037 },
6038 flags: []string{"-renegotiate-freely"},
6039 shouldFail: true,
6040 expectedError: ":RENEGOTIATION_MISMATCH:",
6041 })
6042 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6043 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6044 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6045 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6046 MaxVersion: VersionTLS12,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6047 Bugs: ProtocolBugs{
6048 NoRenegotiationInfo: true,
6049 },
6050 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6051 flags: []string{
6052 "-renegotiate-freely",
6053 "-expect-total-renegotiations", "1",
6054 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6055 })
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6056
6057 // Test that the server may switch ciphers on renegotiation without
6058 // problems.
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6059 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6060 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6061 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6062 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6063 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]6064 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6065 },
6066 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6067 flags: []string{
6068 "-renegotiate-freely",
6069 "-expect-total-renegotiations", "1",
6070 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6071 })
6072 testCases = append(testCases, testCase{
6073 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6074 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6075 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6076 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6077 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
6078 },
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]6079 renegotiateCiphers: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6080 flags: []string{
6081 "-renegotiate-freely",
6082 "-expect-total-renegotiations", "1",
6083 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6084 })
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6085
6086 // Test that the server may not switch versions on renegotiation.
6087 testCases = append(testCases, testCase{
6088 name: "Renegotiate-Client-SwitchVersion",
6089 config: Config{
6090 MaxVersion: VersionTLS12,
6091 // Pick a cipher which exists at both versions.
6092 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
6093 Bugs: ProtocolBugs{
6094 NegotiateVersionOnRenego: VersionTLS11,
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]6095 // Avoid failing early at the record layer.
6096 SendRecordVersion: VersionTLS12,
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6097 },
6098 },
6099 renegotiate: 1,
6100 flags: []string{
6101 "-renegotiate-freely",
6102 "-expect-total-renegotiations", "1",
6103 },
6104 shouldFail: true,
6105 expectedError: ":WRONG_SSL_VERSION:",
6106 })
6107
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6108 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6109 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6110 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6111 config: Config{
6112 MaxVersion: VersionTLS10,
6113 Bugs: ProtocolBugs{
6114 RequireSameRenegoClientVersion: true,
6115 },
6116 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6117 flags: []string{
6118 "-renegotiate-freely",
6119 "-expect-total-renegotiations", "1",
6120 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6121 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6122 testCases = append(testCases, testCase{
6123 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6124 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6125 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6126 MaxVersion: VersionTLS12,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6127 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
6128 NextProtos: []string{"foo"},
6129 },
6130 flags: []string{
6131 "-false-start",
6132 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6133 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]6134 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6135 },
6136 shimWritesFirst: true,
6137 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6138
6139 // Client-side renegotiation controls.
6140 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6141 name: "Renegotiate-Client-Forbidden-1",
6142 config: Config{
6143 MaxVersion: VersionTLS12,
6144 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6145 renegotiate: 1,
6146 shouldFail: true,
6147 expectedError: ":NO_RENEGOTIATION:",
6148 expectedLocalError: "remote error: no renegotiation",
6149 })
6150 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6151 name: "Renegotiate-Client-Once-1",
6152 config: Config{
6153 MaxVersion: VersionTLS12,
6154 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6155 renegotiate: 1,
6156 flags: []string{
6157 "-renegotiate-once",
6158 "-expect-total-renegotiations", "1",
6159 },
6160 })
6161 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6162 name: "Renegotiate-Client-Freely-1",
6163 config: Config{
6164 MaxVersion: VersionTLS12,
6165 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6166 renegotiate: 1,
6167 flags: []string{
6168 "-renegotiate-freely",
6169 "-expect-total-renegotiations", "1",
6170 },
6171 })
6172 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6173 name: "Renegotiate-Client-Once-2",
6174 config: Config{
6175 MaxVersion: VersionTLS12,
6176 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6177 renegotiate: 2,
6178 flags: []string{"-renegotiate-once"},
6179 shouldFail: true,
6180 expectedError: ":NO_RENEGOTIATION:",
6181 expectedLocalError: "remote error: no renegotiation",
6182 })
6183 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6184 name: "Renegotiate-Client-Freely-2",
6185 config: Config{
6186 MaxVersion: VersionTLS12,
6187 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6188 renegotiate: 2,
6189 flags: []string{
6190 "-renegotiate-freely",
6191 "-expect-total-renegotiations", "2",
6192 },
6193 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6194 testCases = append(testCases, testCase{
6195 name: "Renegotiate-Client-NoIgnore",
6196 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6197 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6198 Bugs: ProtocolBugs{
6199 SendHelloRequestBeforeEveryAppDataRecord: true,
6200 },
6201 },
6202 shouldFail: true,
6203 expectedError: ":NO_RENEGOTIATION:",
6204 })
6205 testCases = append(testCases, testCase{
6206 name: "Renegotiate-Client-Ignore",
6207 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6208 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6209 Bugs: ProtocolBugs{
6210 SendHelloRequestBeforeEveryAppDataRecord: true,
6211 },
6212 },
6213 flags: []string{
6214 "-renegotiate-ignore",
6215 "-expect-total-renegotiations", "0",
6216 },
6217 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6218
David Benjamin34941c02016-10-08 11:45:31 -0400[diff] [blame]6219 // Renegotiation is not allowed at SSL 3.0.
6220 testCases = append(testCases, testCase{
6221 name: "Renegotiate-Client-SSL3",
6222 config: Config{
6223 MaxVersion: VersionSSL30,
6224 },
6225 renegotiate: 1,
6226 flags: []string{
6227 "-renegotiate-freely",
6228 "-expect-total-renegotiations", "1",
6229 },
6230 shouldFail: true,
6231 expectedError: ":NO_RENEGOTIATION:",
6232 expectedLocalError: "remote error: no renegotiation",
6233 })
6234
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6235 // Stray HelloRequests during the handshake are ignored in TLS 1.2.
David Benjamin71dd6662016-07-08 14:10:48 -0700[diff] [blame]6236 testCases = append(testCases, testCase{
6237 name: "StrayHelloRequest",
6238 config: Config{
6239 MaxVersion: VersionTLS12,
6240 Bugs: ProtocolBugs{
6241 SendHelloRequestBeforeEveryHandshakeMessage: true,
6242 },
6243 },
6244 })
6245 testCases = append(testCases, testCase{
6246 name: "StrayHelloRequest-Packed",
6247 config: Config{
6248 MaxVersion: VersionTLS12,
6249 Bugs: ProtocolBugs{
6250 PackHandshakeFlight: true,
6251 SendHelloRequestBeforeEveryHandshakeMessage: true,
6252 },
6253 },
6254 })
6255
David Benjamin12d2c482016-07-24 10:56:51 -0400[diff] [blame]6256 // Test renegotiation works if HelloRequest and server Finished come in
6257 // the same record.
6258 testCases = append(testCases, testCase{
6259 name: "Renegotiate-Client-Packed",
6260 config: Config{
6261 MaxVersion: VersionTLS12,
6262 Bugs: ProtocolBugs{
6263 PackHandshakeFlight: true,
6264 PackHelloRequestWithFinished: true,
6265 },
6266 },
6267 renegotiate: 1,
6268 flags: []string{
6269 "-renegotiate-freely",
6270 "-expect-total-renegotiations", "1",
6271 },
6272 })
6273
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6274 // Renegotiation is forbidden in TLS 1.3.
6275 testCases = append(testCases, testCase{
6276 name: "Renegotiate-Client-TLS13",
6277 config: Config{
6278 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6279 Bugs: ProtocolBugs{
6280 SendHelloRequestBeforeEveryAppDataRecord: true,
6281 },
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6282 },
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6283 flags: []string{
6284 "-renegotiate-freely",
6285 },
Steven Valdez8e1c7be2016-07-26 12:39:22 -0400[diff] [blame]6286 shouldFail: true,
6287 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6288 })
6289
6290 // Stray HelloRequests during the handshake are forbidden in TLS 1.3.
6291 testCases = append(testCases, testCase{
6292 name: "StrayHelloRequest-TLS13",
6293 config: Config{
6294 MaxVersion: VersionTLS13,
6295 Bugs: ProtocolBugs{
6296 SendHelloRequestBeforeEveryHandshakeMessage: true,
6297 },
6298 },
6299 shouldFail: true,
6300 expectedError: ":UNEXPECTED_MESSAGE:",
6301 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]6302}
6303
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6304func addDTLSReplayTests() {
6305 // Test that sequence number replays are detected.
6306 testCases = append(testCases, testCase{
6307 protocol: dtls,
6308 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6309 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6310 replayWrites: true,
6311 })
6312
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6313 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6314 // than the retransmit window.
6315 testCases = append(testCases, testCase{
6316 protocol: dtls,
6317 name: "DTLS-Replay-LargeGaps",
6318 config: Config{
6319 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6320 SequenceNumberMapping: func(in uint64) uint64 {
6321 return in * 127
6322 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6323 },
6324 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6325 messageCount: 200,
6326 replayWrites: true,
6327 })
6328
6329 // Test the incoming sequence number changing non-monotonically.
6330 testCases = append(testCases, testCase{
6331 protocol: dtls,
6332 name: "DTLS-Replay-NonMonotonic",
6333 config: Config{
6334 Bugs: ProtocolBugs{
6335 SequenceNumberMapping: func(in uint64) uint64 {
6336 return in ^ 31
6337 },
6338 },
6339 },
6340 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6341 replayWrites: true,
6342 })
6343}
6344
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6345var testSignatureAlgorithms = []struct {
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6346 name string
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6347 id signatureAlgorithm
6348 cert testCert
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6349}{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6350 {"RSA-PKCS1-SHA1", signatureRSAPKCS1WithSHA1, testCertRSA},
6351 {"RSA-PKCS1-SHA256", signatureRSAPKCS1WithSHA256, testCertRSA},
6352 {"RSA-PKCS1-SHA384", signatureRSAPKCS1WithSHA384, testCertRSA},
6353 {"RSA-PKCS1-SHA512", signatureRSAPKCS1WithSHA512, testCertRSA},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]6354 {"ECDSA-SHA1", signatureECDSAWithSHA1, testCertECDSAP256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]6355 {"ECDSA-P256-SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP256},
6356 {"ECDSA-P384-SHA384", signatureECDSAWithP384AndSHA384, testCertECDSAP384},
6357 {"ECDSA-P521-SHA512", signatureECDSAWithP521AndSHA512, testCertECDSAP521},
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6358 {"RSA-PSS-SHA256", signatureRSAPSSWithSHA256, testCertRSA},
6359 {"RSA-PSS-SHA384", signatureRSAPSSWithSHA384, testCertRSA},
6360 {"RSA-PSS-SHA512", signatureRSAPSSWithSHA512, testCertRSA},
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6361 // Tests for key types prior to TLS 1.2.
6362 {"RSA", 0, testCertRSA},
6363 {"ECDSA", 0, testCertECDSAP256},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6364}
6365
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6366const fakeSigAlg1 signatureAlgorithm = 0x2a01
6367const fakeSigAlg2 signatureAlgorithm = 0xff01
6368
6369func addSignatureAlgorithmTests() {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6370 // Not all ciphers involve a signature. Advertise a list which gives all
6371 // versions a signing cipher.
6372 signingCiphers := []uint16{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6373 TLS_AES_128_GCM_SHA256,
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6374 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
6375 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
6376 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
6377 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
6378 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
6379 }
6380
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6381 var allAlgorithms []signatureAlgorithm
6382 for _, alg := range testSignatureAlgorithms {
6383 if alg.id != 0 {
6384 allAlgorithms = append(allAlgorithms, alg.id)
6385 }
6386 }
6387
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6388 // Make sure each signature algorithm works. Include some fake values in
6389 // the list and ensure they're ignored.
6390 for _, alg := range testSignatureAlgorithms {
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6391 for _, ver := range tlsVersions {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6392 if (ver.version < VersionTLS12) != (alg.id == 0) {
6393 continue
6394 }
6395
6396 // TODO(davidben): Support ECDSA in SSL 3.0 in Go for testing
6397 // or remove it in C.
6398 if ver.version == VersionSSL30 && alg.cert != testCertRSA {
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6399 continue
6400 }
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6401
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6402 var shouldSignFail, shouldVerifyFail bool
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6403 // ecdsa_sha1 does not exist in TLS 1.3.
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6404 if ver.version >= VersionTLS13 && alg.id == signatureECDSAWithSHA1 {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6405 shouldSignFail = true
6406 shouldVerifyFail = true
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6407 }
Steven Valdez54ed58e2016-08-18 14:03:49 -0400[diff] [blame]6408 // RSA-PKCS1 does not exist in TLS 1.3.
6409 if ver.version == VersionTLS13 && hasComponent(alg.name, "PKCS1") {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6410 shouldSignFail = true
6411 shouldVerifyFail = true
6412 }
6413
6414 // BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.
6415 if alg.id == signatureECDSAWithSHA1 || alg.id == signatureECDSAWithP521AndSHA512 {
6416 shouldVerifyFail = true
Steven Valdez54ed58e2016-08-18 14:03:49 -0400[diff] [blame]6417 }
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6418
6419 var signError, verifyError string
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6420 if shouldSignFail {
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6421 signError = ":NO_COMMON_SIGNATURE_ALGORITHMS:"
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6422 }
6423 if shouldVerifyFail {
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6424 verifyError = ":WRONG_SIGNATURE_TYPE:"
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6425 }
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6426
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6427 suffix := "-" + alg.name + "-" + ver.name
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]6428
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6429 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6430 name: "ClientAuth-Sign" + suffix,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6431 config: Config{
6432 MaxVersion: ver.version,
6433 ClientAuth: RequireAnyClientCert,
6434 VerifySignatureAlgorithms: []signatureAlgorithm{
6435 fakeSigAlg1,
6436 alg.id,
6437 fakeSigAlg2,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6438 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6439 },
6440 flags: []string{
6441 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6442 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6443 "-enable-all-curves",
6444 },
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6445 shouldFail: shouldSignFail,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6446 expectedError: signError,
6447 expectedPeerSignatureAlgorithm: alg.id,
6448 })
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6449
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6450 testCases = append(testCases, testCase{
6451 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6452 name: "ClientAuth-Verify" + suffix,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6453 config: Config{
6454 MaxVersion: ver.version,
6455 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6456 SignSignatureAlgorithms: []signatureAlgorithm{
6457 alg.id,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6458 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6459 Bugs: ProtocolBugs{
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6460 SkipECDSACurveCheck: shouldVerifyFail,
6461 IgnoreSignatureVersionChecks: shouldVerifyFail,
6462 // Some signature algorithms may not be advertised.
6463 IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6464 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6465 },
6466 flags: []string{
6467 "-require-any-client-certificate",
6468 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
6469 "-enable-all-curves",
6470 },
David Benjaminf1050fd2016-12-13 20:05:36 -0500[diff] [blame]6471 // Resume the session to assert the peer signature
6472 // algorithm is reported on both handshakes.
6473 resumeSession: !shouldVerifyFail,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6474 shouldFail: shouldVerifyFail,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6475 expectedError: verifyError,
6476 })
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6477
6478 testCases = append(testCases, testCase{
6479 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6480 name: "ServerAuth-Sign" + suffix,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6481 config: Config{
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6482 MaxVersion: ver.version,
6483 CipherSuites: signingCiphers,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6484 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6485 fakeSigAlg1,
6486 alg.id,
6487 fakeSigAlg2,
6488 },
6489 },
6490 flags: []string{
6491 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6492 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6493 "-enable-all-curves",
6494 },
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6495 shouldFail: shouldSignFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6496 expectedError: signError,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6497 expectedPeerSignatureAlgorithm: alg.id,
6498 })
6499
6500 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6501 name: "ServerAuth-Verify" + suffix,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6502 config: Config{
6503 MaxVersion: ver.version,
6504 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6505 CipherSuites: signingCiphers,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6506 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6507 alg.id,
6508 },
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6509 Bugs: ProtocolBugs{
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6510 SkipECDSACurveCheck: shouldVerifyFail,
6511 IgnoreSignatureVersionChecks: shouldVerifyFail,
6512 // Some signature algorithms may not be advertised.
6513 IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6514 },
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6515 },
6516 flags: []string{
6517 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
6518 "-enable-all-curves",
6519 },
David Benjaminf1050fd2016-12-13 20:05:36 -0500[diff] [blame]6520 // Resume the session to assert the peer signature
6521 // algorithm is reported on both handshakes.
6522 resumeSession: !shouldVerifyFail,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6523 shouldFail: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6524 expectedError: verifyError,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6525 })
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6526
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6527 if !shouldVerifyFail {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6528 testCases = append(testCases, testCase{
6529 testType: serverTest,
6530 name: "ClientAuth-InvalidSignature" + suffix,
6531 config: Config{
6532 MaxVersion: ver.version,
6533 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6534 SignSignatureAlgorithms: []signatureAlgorithm{
6535 alg.id,
6536 },
6537 Bugs: ProtocolBugs{
6538 InvalidSignature: true,
6539 },
6540 },
6541 flags: []string{
6542 "-require-any-client-certificate",
6543 "-enable-all-curves",
6544 },
6545 shouldFail: true,
6546 expectedError: ":BAD_SIGNATURE:",
6547 })
6548
6549 testCases = append(testCases, testCase{
6550 name: "ServerAuth-InvalidSignature" + suffix,
6551 config: Config{
6552 MaxVersion: ver.version,
6553 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6554 CipherSuites: signingCiphers,
6555 SignSignatureAlgorithms: []signatureAlgorithm{
6556 alg.id,
6557 },
6558 Bugs: ProtocolBugs{
6559 InvalidSignature: true,
6560 },
6561 },
6562 flags: []string{"-enable-all-curves"},
6563 shouldFail: true,
6564 expectedError: ":BAD_SIGNATURE:",
6565 })
6566 }
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6567
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6568 if ver.version >= VersionTLS12 && !shouldSignFail {
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6569 testCases = append(testCases, testCase{
6570 name: "ClientAuth-Sign-Negotiate" + suffix,
6571 config: Config{
6572 MaxVersion: ver.version,
6573 ClientAuth: RequireAnyClientCert,
6574 VerifySignatureAlgorithms: allAlgorithms,
6575 },
6576 flags: []string{
6577 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6578 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6579 "-enable-all-curves",
6580 "-signing-prefs", strconv.Itoa(int(alg.id)),
6581 },
6582 expectedPeerSignatureAlgorithm: alg.id,
6583 })
6584
6585 testCases = append(testCases, testCase{
6586 testType: serverTest,
6587 name: "ServerAuth-Sign-Negotiate" + suffix,
6588 config: Config{
6589 MaxVersion: ver.version,
6590 CipherSuites: signingCiphers,
6591 VerifySignatureAlgorithms: allAlgorithms,
6592 },
6593 flags: []string{
6594 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6595 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6596 "-enable-all-curves",
6597 "-signing-prefs", strconv.Itoa(int(alg.id)),
6598 },
6599 expectedPeerSignatureAlgorithm: alg.id,
6600 })
6601 }
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6602 }
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6603 }
6604
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6605 // Test that algorithm selection takes the key type into account.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6606 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6607 name: "ClientAuth-SignatureType",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6608 config: Config{
6609 ClientAuth: RequireAnyClientCert,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6610 MaxVersion: VersionTLS12,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6611 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6612 signatureECDSAWithP521AndSHA512,
6613 signatureRSAPKCS1WithSHA384,
6614 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6615 },
6616 },
6617 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]6618 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6619 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6620 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6621 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6622 })
6623
6624 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6625 name: "ClientAuth-SignatureType-TLS13",
6626 config: Config{
6627 ClientAuth: RequireAnyClientCert,
6628 MaxVersion: VersionTLS13,
6629 VerifySignatureAlgorithms: []signatureAlgorithm{
6630 signatureECDSAWithP521AndSHA512,
6631 signatureRSAPKCS1WithSHA384,
6632 signatureRSAPSSWithSHA384,
6633 signatureECDSAWithSHA1,
6634 },
6635 },
6636 flags: []string{
6637 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6638 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6639 },
6640 expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384,
6641 })
6642
6643 testCases = append(testCases, testCase{
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6644 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6645 name: "ServerAuth-SignatureType",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6646 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6647 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6648 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6649 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6650 signatureECDSAWithP521AndSHA512,
6651 signatureRSAPKCS1WithSHA384,
6652 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6653 },
6654 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6655 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6656 })
6657
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6658 testCases = append(testCases, testCase{
6659 testType: serverTest,
6660 name: "ServerAuth-SignatureType-TLS13",
6661 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6662 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6663 VerifySignatureAlgorithms: []signatureAlgorithm{
6664 signatureECDSAWithP521AndSHA512,
6665 signatureRSAPKCS1WithSHA384,
6666 signatureRSAPSSWithSHA384,
6667 signatureECDSAWithSHA1,
6668 },
6669 },
6670 expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384,
6671 })
6672
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6673 // Test that signature verification takes the key type into account.
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6674 testCases = append(testCases, testCase{
6675 testType: serverTest,
6676 name: "Verify-ClientAuth-SignatureType",
6677 config: Config{
6678 MaxVersion: VersionTLS12,
6679 Certificates: []Certificate{rsaCertificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6680 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6681 signatureRSAPKCS1WithSHA256,
6682 },
6683 Bugs: ProtocolBugs{
6684 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6685 },
6686 },
6687 flags: []string{
6688 "-require-any-client-certificate",
6689 },
6690 shouldFail: true,
6691 expectedError: ":WRONG_SIGNATURE_TYPE:",
6692 })
6693
6694 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6695 testType: serverTest,
6696 name: "Verify-ClientAuth-SignatureType-TLS13",
6697 config: Config{
6698 MaxVersion: VersionTLS13,
6699 Certificates: []Certificate{rsaCertificate},
6700 SignSignatureAlgorithms: []signatureAlgorithm{
6701 signatureRSAPSSWithSHA256,
6702 },
6703 Bugs: ProtocolBugs{
6704 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6705 },
6706 },
6707 flags: []string{
6708 "-require-any-client-certificate",
6709 },
6710 shouldFail: true,
6711 expectedError: ":WRONG_SIGNATURE_TYPE:",
6712 })
6713
6714 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6715 name: "Verify-ServerAuth-SignatureType",
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6716 config: Config{
6717 MaxVersion: VersionTLS12,
6718 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6719 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6720 signatureRSAPKCS1WithSHA256,
6721 },
6722 Bugs: ProtocolBugs{
6723 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6724 },
6725 },
6726 shouldFail: true,
6727 expectedError: ":WRONG_SIGNATURE_TYPE:",
6728 })
6729
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6730 testCases = append(testCases, testCase{
6731 name: "Verify-ServerAuth-SignatureType-TLS13",
6732 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6733 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6734 SignSignatureAlgorithms: []signatureAlgorithm{
6735 signatureRSAPSSWithSHA256,
6736 },
6737 Bugs: ProtocolBugs{
6738 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6739 },
6740 },
6741 shouldFail: true,
6742 expectedError: ":WRONG_SIGNATURE_TYPE:",
6743 })
6744
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6745 // Test that, if the list is missing, the peer falls back to SHA-1 in
6746 // TLS 1.2, but not TLS 1.3.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6747 testCases = append(testCases, testCase{
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6748 name: "ClientAuth-SHA1-Fallback-RSA",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6749 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6750 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6751 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6752 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6753 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6754 },
6755 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6756 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6757 },
6758 },
6759 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]6760 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6761 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6762 },
6763 })
6764
6765 testCases = append(testCases, testCase{
6766 testType: serverTest,
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6767 name: "ServerAuth-SHA1-Fallback-RSA",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6768 config: Config{
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6769 MaxVersion: VersionTLS12,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6770 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6771 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6772 },
6773 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6774 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6775 },
6776 },
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6777 flags: []string{
6778 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6779 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6780 },
6781 })
6782
6783 testCases = append(testCases, testCase{
6784 name: "ClientAuth-SHA1-Fallback-ECDSA",
6785 config: Config{
6786 MaxVersion: VersionTLS12,
6787 ClientAuth: RequireAnyClientCert,
6788 VerifySignatureAlgorithms: []signatureAlgorithm{
6789 signatureECDSAWithSHA1,
6790 },
6791 Bugs: ProtocolBugs{
6792 NoSignatureAlgorithms: true,
6793 },
6794 },
6795 flags: []string{
6796 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
6797 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
6798 },
6799 })
6800
6801 testCases = append(testCases, testCase{
6802 testType: serverTest,
6803 name: "ServerAuth-SHA1-Fallback-ECDSA",
6804 config: Config{
6805 MaxVersion: VersionTLS12,
6806 VerifySignatureAlgorithms: []signatureAlgorithm{
6807 signatureECDSAWithSHA1,
6808 },
6809 Bugs: ProtocolBugs{
6810 NoSignatureAlgorithms: true,
6811 },
6812 },
6813 flags: []string{
6814 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
6815 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
6816 },
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6817 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6818
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6819 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6820 name: "ClientAuth-NoFallback-TLS13",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6821 config: Config{
6822 MaxVersion: VersionTLS13,
6823 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6824 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6825 signatureRSAPKCS1WithSHA1,
6826 },
6827 Bugs: ProtocolBugs{
6828 NoSignatureAlgorithms: true,
6829 },
6830 },
6831 flags: []string{
6832 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6833 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6834 },
David Benjamin48901652016-08-01 12:12:47 -0400[diff] [blame]6835 shouldFail: true,
6836 // An empty CertificateRequest signature algorithm list is a
6837 // syntax error in TLS 1.3.
6838 expectedError: ":DECODE_ERROR:",
6839 expectedLocalError: "remote error: error decoding message",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6840 })
6841
6842 testCases = append(testCases, testCase{
6843 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6844 name: "ServerAuth-NoFallback-TLS13",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6845 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6846 MaxVersion: VersionTLS13,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6847 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6848 signatureRSAPKCS1WithSHA1,
6849 },
6850 Bugs: ProtocolBugs{
6851 NoSignatureAlgorithms: true,
6852 },
6853 },
6854 shouldFail: true,
6855 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
6856 })
6857
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]6858 // Test that hash preferences are enforced. BoringSSL does not implement
6859 // MD5 signatures.
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6860 testCases = append(testCases, testCase{
6861 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6862 name: "ClientAuth-Enforced",
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6863 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6864 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6865 Certificates: []Certificate{rsaCertificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6866 SignSignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6867 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6868 },
6869 Bugs: ProtocolBugs{
6870 IgnorePeerSignatureAlgorithmPreferences: true,
6871 },
6872 },
6873 flags: []string{"-require-any-client-certificate"},
6874 shouldFail: true,
6875 expectedError: ":WRONG_SIGNATURE_TYPE:",
6876 })
6877
6878 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6879 name: "ServerAuth-Enforced",
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6880 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6881 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6882 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6883 SignSignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6884 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6885 },
6886 Bugs: ProtocolBugs{
6887 IgnorePeerSignatureAlgorithmPreferences: true,
6888 },
6889 },
6890 shouldFail: true,
6891 expectedError: ":WRONG_SIGNATURE_TYPE:",
6892 })
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]6893 testCases = append(testCases, testCase{
6894 testType: serverTest,
6895 name: "ClientAuth-Enforced-TLS13",
6896 config: Config{
6897 MaxVersion: VersionTLS13,
6898 Certificates: []Certificate{rsaCertificate},
6899 SignSignatureAlgorithms: []signatureAlgorithm{
6900 signatureRSAPKCS1WithMD5,
6901 },
6902 Bugs: ProtocolBugs{
6903 IgnorePeerSignatureAlgorithmPreferences: true,
6904 IgnoreSignatureVersionChecks: true,
6905 },
6906 },
6907 flags: []string{"-require-any-client-certificate"},
6908 shouldFail: true,
6909 expectedError: ":WRONG_SIGNATURE_TYPE:",
6910 })
6911
6912 testCases = append(testCases, testCase{
6913 name: "ServerAuth-Enforced-TLS13",
6914 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6915 MaxVersion: VersionTLS13,
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]6916 SignSignatureAlgorithms: []signatureAlgorithm{
6917 signatureRSAPKCS1WithMD5,
6918 },
6919 Bugs: ProtocolBugs{
6920 IgnorePeerSignatureAlgorithmPreferences: true,
6921 IgnoreSignatureVersionChecks: true,
6922 },
6923 },
6924 shouldFail: true,
6925 expectedError: ":WRONG_SIGNATURE_TYPE:",
6926 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6927
6928 // Test that the agreed upon digest respects the client preferences and
6929 // the server digests.
6930 testCases = append(testCases, testCase{
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6931 name: "NoCommonAlgorithms-Digests",
6932 config: Config{
6933 MaxVersion: VersionTLS12,
6934 ClientAuth: RequireAnyClientCert,
6935 VerifySignatureAlgorithms: []signatureAlgorithm{
6936 signatureRSAPKCS1WithSHA512,
6937 signatureRSAPKCS1WithSHA1,
6938 },
6939 },
6940 flags: []string{
6941 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6942 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6943 "-digest-prefs", "SHA256",
6944 },
6945 shouldFail: true,
6946 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
6947 })
6948 testCases = append(testCases, testCase{
David Benjaminea9a0d52016-07-08 15:52:59 -0700[diff] [blame]6949 name: "NoCommonAlgorithms",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6950 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6951 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6952 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6953 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6954 signatureRSAPKCS1WithSHA512,
6955 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6956 },
6957 },
6958 flags: []string{
6959 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6960 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6961 "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)),
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6962 },
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6963 shouldFail: true,
6964 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
6965 })
6966 testCases = append(testCases, testCase{
6967 name: "NoCommonAlgorithms-TLS13",
6968 config: Config{
6969 MaxVersion: VersionTLS13,
6970 ClientAuth: RequireAnyClientCert,
6971 VerifySignatureAlgorithms: []signatureAlgorithm{
6972 signatureRSAPSSWithSHA512,
6973 signatureRSAPSSWithSHA384,
6974 },
6975 },
6976 flags: []string{
6977 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6978 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6979 "-signing-prefs", strconv.Itoa(int(signatureRSAPSSWithSHA256)),
6980 },
David Benjaminea9a0d52016-07-08 15:52:59 -0700[diff] [blame]6981 shouldFail: true,
6982 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6983 })
6984 testCases = append(testCases, testCase{
6985 name: "Agree-Digest-SHA256",
6986 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6987 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6988 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6989 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6990 signatureRSAPKCS1WithSHA1,
6991 signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6992 },
6993 },
6994 flags: []string{
6995 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6996 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6997 "-digest-prefs", "SHA256,SHA1",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6998 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6999 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7000 })
7001 testCases = append(testCases, testCase{
7002 name: "Agree-Digest-SHA1",
7003 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7004 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7005 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7006 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7007 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7008 },
7009 },
7010 flags: []string{
7011 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7012 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7013 "-digest-prefs", "SHA512,SHA256,SHA1",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7014 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7015 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7016 })
7017 testCases = append(testCases, testCase{
7018 name: "Agree-Digest-Default",
7019 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7020 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7021 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7022 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7023 signatureRSAPKCS1WithSHA256,
7024 signatureECDSAWithP256AndSHA256,
7025 signatureRSAPKCS1WithSHA1,
7026 signatureECDSAWithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7027 },
7028 },
7029 flags: []string{
7030 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7031 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7032 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7033 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7034 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7035
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7036 // Test that the signing preference list may include extra algorithms
7037 // without negotiation problems.
7038 testCases = append(testCases, testCase{
7039 testType: serverTest,
7040 name: "FilterExtraAlgorithms",
7041 config: Config{
7042 MaxVersion: VersionTLS12,
7043 VerifySignatureAlgorithms: []signatureAlgorithm{
7044 signatureRSAPKCS1WithSHA256,
7045 },
7046 },
7047 flags: []string{
7048 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7049 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7050 "-signing-prefs", strconv.Itoa(int(fakeSigAlg1)),
7051 "-signing-prefs", strconv.Itoa(int(signatureECDSAWithP256AndSHA256)),
7052 "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)),
7053 "-signing-prefs", strconv.Itoa(int(fakeSigAlg2)),
7054 },
7055 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
7056 })
7057
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7058 // In TLS 1.2 and below, ECDSA uses the curve list rather than the
7059 // signature algorithms.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7060 testCases = append(testCases, testCase{
7061 name: "CheckLeafCurve",
7062 config: Config{
7063 MaxVersion: VersionTLS12,
7064 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]7065 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7066 },
7067 flags: []string{"-p384-only"},
7068 shouldFail: true,
7069 expectedError: ":BAD_ECC_CERT:",
7070 })
David Benjamin75ea5bb2016-07-08 17:43:29 -0700[diff] [blame]7071
7072 // In TLS 1.3, ECDSA does not use the ECDHE curve list.
7073 testCases = append(testCases, testCase{
7074 name: "CheckLeafCurve-TLS13",
7075 config: Config{
7076 MaxVersion: VersionTLS13,
David Benjamin75ea5bb2016-07-08 17:43:29 -0700[diff] [blame]7077 Certificates: []Certificate{ecdsaP256Certificate},
7078 },
7079 flags: []string{"-p384-only"},
7080 })
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7081
7082 // In TLS 1.2, the ECDSA curve is not in the signature algorithm.
7083 testCases = append(testCases, testCase{
7084 name: "ECDSACurveMismatch-Verify-TLS12",
7085 config: Config{
7086 MaxVersion: VersionTLS12,
7087 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
7088 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7089 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7090 signatureECDSAWithP384AndSHA384,
7091 },
7092 },
7093 })
7094
7095 // In TLS 1.3, the ECDSA curve comes from the signature algorithm.
7096 testCases = append(testCases, testCase{
7097 name: "ECDSACurveMismatch-Verify-TLS13",
7098 config: Config{
7099 MaxVersion: VersionTLS13,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7100 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7101 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7102 signatureECDSAWithP384AndSHA384,
7103 },
7104 Bugs: ProtocolBugs{
7105 SkipECDSACurveCheck: true,
7106 },
7107 },
7108 shouldFail: true,
7109 expectedError: ":WRONG_SIGNATURE_TYPE:",
7110 })
7111
7112 // Signature algorithm selection in TLS 1.3 should take the curve into
7113 // account.
7114 testCases = append(testCases, testCase{
7115 testType: serverTest,
7116 name: "ECDSACurveMismatch-Sign-TLS13",
7117 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7118 MaxVersion: VersionTLS13,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7119 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7120 signatureECDSAWithP384AndSHA384,
7121 signatureECDSAWithP256AndSHA256,
7122 },
7123 },
7124 flags: []string{
7125 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
7126 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
7127 },
7128 expectedPeerSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
7129 })
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]7130
7131 // RSASSA-PSS with SHA-512 is too large for 1024-bit RSA. Test that the
7132 // server does not attempt to sign in that case.
7133 testCases = append(testCases, testCase{
7134 testType: serverTest,
7135 name: "RSA-PSS-Large",
7136 config: Config{
7137 MaxVersion: VersionTLS13,
7138 VerifySignatureAlgorithms: []signatureAlgorithm{
7139 signatureRSAPSSWithSHA512,
7140 },
7141 },
7142 flags: []string{
7143 "-cert-file", path.Join(*resourceDir, rsa1024CertificateFile),
7144 "-key-file", path.Join(*resourceDir, rsa1024KeyFile),
7145 },
7146 shouldFail: true,
7147 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
7148 })
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]7149
7150 // Test that RSA-PSS is enabled by default for TLS 1.2.
7151 testCases = append(testCases, testCase{
7152 testType: clientTest,
7153 name: "RSA-PSS-Default-Verify",
7154 config: Config{
7155 MaxVersion: VersionTLS12,
7156 SignSignatureAlgorithms: []signatureAlgorithm{
7157 signatureRSAPSSWithSHA256,
7158 },
7159 },
7160 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7161 })
7162
7163 testCases = append(testCases, testCase{
7164 testType: serverTest,
7165 name: "RSA-PSS-Default-Sign",
7166 config: Config{
7167 MaxVersion: VersionTLS12,
7168 VerifySignatureAlgorithms: []signatureAlgorithm{
7169 signatureRSAPSSWithSHA256,
7170 },
7171 },
7172 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7173 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7174}
7175
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7176// timeouts is the retransmit schedule for BoringSSL. It doubles and
7177// caps at 60 seconds. On the 13th timeout, it gives up.
7178var timeouts = []time.Duration{
7179 1 * time.Second,
7180 2 * time.Second,
7181 4 * time.Second,
7182 8 * time.Second,
7183 16 * time.Second,
7184 32 * time.Second,
7185 60 * time.Second,
7186 60 * time.Second,
7187 60 * time.Second,
7188 60 * time.Second,
7189 60 * time.Second,
7190 60 * time.Second,
7191 60 * time.Second,
7192}
7193
Taylor Brandstetter376a0fe2016-05-10 19:30:28 -0700[diff] [blame]7194// shortTimeouts is an alternate set of timeouts which would occur if the
7195// initial timeout duration was set to 250ms.
7196var shortTimeouts = []time.Duration{
7197 250 * time.Millisecond,
7198 500 * time.Millisecond,
7199 1 * time.Second,
7200 2 * time.Second,
7201 4 * time.Second,
7202 8 * time.Second,
7203 16 * time.Second,
7204 32 * time.Second,
7205 60 * time.Second,
7206 60 * time.Second,
7207 60 * time.Second,
7208 60 * time.Second,
7209 60 * time.Second,
7210}
7211
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7212func addDTLSRetransmitTests() {
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7213 // These tests work by coordinating some behavior on both the shim and
7214 // the runner.
7215 //
7216 // TimeoutSchedule configures the runner to send a series of timeout
7217 // opcodes to the shim (see packetAdaptor) immediately before reading
7218 // each peer handshake flight N. The timeout opcode both simulates a
7219 // timeout in the shim and acts as a synchronization point to help the
7220 // runner bracket each handshake flight.
7221 //
7222 // We assume the shim does not read from the channel eagerly. It must
7223 // first wait until it has sent flight N and is ready to receive
7224 // handshake flight N+1. At this point, it will process the timeout
7225 // opcode. It must then immediately respond with a timeout ACK and act
7226 // as if the shim was idle for the specified amount of time.
7227 //
7228 // The runner then drops all packets received before the ACK and
7229 // continues waiting for flight N. This ordering results in one attempt
7230 // at sending flight N to be dropped. For the test to complete, the
7231 // shim must send flight N again, testing that the shim implements DTLS
7232 // retransmit on a timeout.
7233
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7234 // TODO(davidben): Add DTLS 1.3 versions of these tests. There will
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7235 // likely be more epochs to cross and the final message's retransmit may
7236 // be more complex.
7237
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7238 for _, async := range []bool{true, false} {
7239 var tests []testCase
7240
7241 // Test that this is indeed the timeout schedule. Stress all
7242 // four patterns of handshake.
7243 for i := 1; i < len(timeouts); i++ {
7244 number := strconv.Itoa(i)
7245 tests = append(tests, testCase{
7246 protocol: dtls,
7247 name: "DTLS-Retransmit-Client-" + number,
7248 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7249 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7250 Bugs: ProtocolBugs{
7251 TimeoutSchedule: timeouts[:i],
7252 },
7253 },
7254 resumeSession: true,
7255 })
7256 tests = append(tests, testCase{
7257 protocol: dtls,
7258 testType: serverTest,
7259 name: "DTLS-Retransmit-Server-" + number,
7260 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7261 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7262 Bugs: ProtocolBugs{
7263 TimeoutSchedule: timeouts[:i],
7264 },
7265 },
7266 resumeSession: true,
7267 })
7268 }
7269
7270 // Test that exceeding the timeout schedule hits a read
7271 // timeout.
7272 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7273 protocol: dtls,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7274 name: "DTLS-Retransmit-Timeout",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7275 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7276 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7277 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7278 TimeoutSchedule: timeouts,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7279 },
7280 },
7281 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7282 shouldFail: true,
7283 expectedError: ":READ_TIMEOUT_EXPIRED:",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7284 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7285
7286 if async {
7287 // Test that timeout handling has a fudge factor, due to API
7288 // problems.
7289 tests = append(tests, testCase{
7290 protocol: dtls,
7291 name: "DTLS-Retransmit-Fudge",
7292 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7293 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7294 Bugs: ProtocolBugs{
7295 TimeoutSchedule: []time.Duration{
7296 timeouts[0] - 10*time.Millisecond,
7297 },
7298 },
7299 },
7300 resumeSession: true,
7301 })
7302 }
7303
7304 // Test that the final Finished retransmitting isn't
7305 // duplicated if the peer badly fragments everything.
7306 tests = append(tests, testCase{
7307 testType: serverTest,
7308 protocol: dtls,
7309 name: "DTLS-Retransmit-Fragmented",
7310 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7311 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7312 Bugs: ProtocolBugs{
7313 TimeoutSchedule: []time.Duration{timeouts[0]},
7314 MaxHandshakeRecordLength: 2,
7315 },
7316 },
7317 })
7318
7319 // Test the timeout schedule when a shorter initial timeout duration is set.
7320 tests = append(tests, testCase{
7321 protocol: dtls,
7322 name: "DTLS-Retransmit-Short-Client",
7323 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7324 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7325 Bugs: ProtocolBugs{
7326 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
7327 },
7328 },
7329 resumeSession: true,
7330 flags: []string{"-initial-timeout-duration-ms", "250"},
7331 })
7332 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7333 protocol: dtls,
7334 testType: serverTest,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7335 name: "DTLS-Retransmit-Short-Server",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7336 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7337 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7338 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7339 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7340 },
7341 },
7342 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7343 flags: []string{"-initial-timeout-duration-ms", "250"},
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7344 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7345
7346 for _, test := range tests {
7347 if async {
7348 test.name += "-Async"
7349 test.flags = append(test.flags, "-async")
7350 }
7351
7352 testCases = append(testCases, test)
7353 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7354 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7355}
7356
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7357func addExportKeyingMaterialTests() {
7358 for _, vers := range tlsVersions {
7359 if vers.version == VersionSSL30 {
7360 continue
7361 }
7362 testCases = append(testCases, testCase{
7363 name: "ExportKeyingMaterial-" + vers.name,
7364 config: Config{
7365 MaxVersion: vers.version,
7366 },
7367 exportKeyingMaterial: 1024,
7368 exportLabel: "label",
7369 exportContext: "context",
7370 useExportContext: true,
7371 })
7372 testCases = append(testCases, testCase{
7373 name: "ExportKeyingMaterial-NoContext-" + vers.name,
7374 config: Config{
7375 MaxVersion: vers.version,
7376 },
7377 exportKeyingMaterial: 1024,
7378 })
7379 testCases = append(testCases, testCase{
7380 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
7381 config: Config{
7382 MaxVersion: vers.version,
7383 },
7384 exportKeyingMaterial: 1024,
7385 useExportContext: true,
7386 })
7387 testCases = append(testCases, testCase{
7388 name: "ExportKeyingMaterial-Small-" + vers.name,
7389 config: Config{
7390 MaxVersion: vers.version,
7391 },
7392 exportKeyingMaterial: 1,
7393 exportLabel: "label",
7394 exportContext: "context",
7395 useExportContext: true,
7396 })
7397 }
David Benjamin7bb1d292016-11-01 19:45:06 -0400[diff] [blame]7398
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7399 testCases = append(testCases, testCase{
7400 name: "ExportKeyingMaterial-SSL3",
7401 config: Config{
7402 MaxVersion: VersionSSL30,
7403 },
7404 exportKeyingMaterial: 1024,
7405 exportLabel: "label",
7406 exportContext: "context",
7407 useExportContext: true,
7408 shouldFail: true,
7409 expectedError: "failed to export keying material",
7410 })
David Benjamin7bb1d292016-11-01 19:45:06 -0400[diff] [blame]7411
7412 // Exporters work during a False Start.
7413 testCases = append(testCases, testCase{
7414 name: "ExportKeyingMaterial-FalseStart",
7415 config: Config{
7416 MaxVersion: VersionTLS12,
7417 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7418 NextProtos: []string{"foo"},
7419 Bugs: ProtocolBugs{
7420 ExpectFalseStart: true,
7421 },
7422 },
7423 flags: []string{
7424 "-false-start",
7425 "-advertise-alpn", "\x03foo",
7426 },
7427 shimWritesFirst: true,
7428 exportKeyingMaterial: 1024,
7429 exportLabel: "label",
7430 exportContext: "context",
7431 useExportContext: true,
7432 })
7433
7434 // Exporters do not work in the middle of a renegotiation. Test this by
7435 // triggering the exporter after every SSL_read call and configuring the
7436 // shim to run asynchronously.
7437 testCases = append(testCases, testCase{
7438 name: "ExportKeyingMaterial-Renegotiate",
7439 config: Config{
7440 MaxVersion: VersionTLS12,
7441 },
7442 renegotiate: 1,
7443 flags: []string{
7444 "-async",
7445 "-use-exporter-between-reads",
7446 "-renegotiate-freely",
7447 "-expect-total-renegotiations", "1",
7448 },
7449 shouldFail: true,
7450 expectedError: "failed to export keying material",
7451 })
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7452}
7453
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7454func addTLSUniqueTests() {
7455 for _, isClient := range []bool{false, true} {
7456 for _, isResumption := range []bool{false, true} {
7457 for _, hasEMS := range []bool{false, true} {
7458 var suffix string
7459 if isResumption {
7460 suffix = "Resume-"
7461 } else {
7462 suffix = "Full-"
7463 }
7464
7465 if hasEMS {
7466 suffix += "EMS-"
7467 } else {
7468 suffix += "NoEMS-"
7469 }
7470
7471 if isClient {
7472 suffix += "Client"
7473 } else {
7474 suffix += "Server"
7475 }
7476
7477 test := testCase{
7478 name: "TLSUnique-" + suffix,
7479 testTLSUnique: true,
7480 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7481 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7482 Bugs: ProtocolBugs{
7483 NoExtendedMasterSecret: !hasEMS,
7484 },
7485 },
7486 }
7487
7488 if isResumption {
7489 test.resumeSession = true
7490 test.resumeConfig = &Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7491 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7492 Bugs: ProtocolBugs{
7493 NoExtendedMasterSecret: !hasEMS,
7494 },
7495 }
7496 }
7497
7498 if isResumption && !hasEMS {
7499 test.shouldFail = true
7500 test.expectedError = "failed to get tls-unique"
7501 }
7502
7503 testCases = append(testCases, test)
7504 }
7505 }
7506 }
7507}
7508
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7509func addCustomExtensionTests() {
7510 expectedContents := "custom extension"
7511 emptyString := ""
7512
7513 for _, isClient := range []bool{false, true} {
7514 suffix := "Server"
7515 flag := "-enable-server-custom-extension"
7516 testType := serverTest
7517 if isClient {
7518 suffix = "Client"
7519 flag = "-enable-client-custom-extension"
7520 testType = clientTest
7521 }
7522
7523 testCases = append(testCases, testCase{
7524 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7525 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7526 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7527 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7528 Bugs: ProtocolBugs{
7529 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7530 ExpectedCustomExtension: &expectedContents,
7531 },
7532 },
7533 flags: []string{flag},
7534 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7535 testCases = append(testCases, testCase{
7536 testType: testType,
7537 name: "CustomExtensions-" + suffix + "-TLS13",
7538 config: Config{
7539 MaxVersion: VersionTLS13,
7540 Bugs: ProtocolBugs{
7541 CustomExtension: expectedContents,
7542 ExpectedCustomExtension: &expectedContents,
7543 },
7544 },
7545 flags: []string{flag},
7546 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7547
7548 // If the parse callback fails, the handshake should also fail.
7549 testCases = append(testCases, testCase{
7550 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7551 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7552 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7553 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7554 Bugs: ProtocolBugs{
7555 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7556 ExpectedCustomExtension: &expectedContents,
7557 },
7558 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7559 flags: []string{flag},
7560 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7561 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7562 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7563 testCases = append(testCases, testCase{
7564 testType: testType,
7565 name: "CustomExtensions-ParseError-" + suffix + "-TLS13",
7566 config: Config{
7567 MaxVersion: VersionTLS13,
7568 Bugs: ProtocolBugs{
7569 CustomExtension: expectedContents + "foo",
7570 ExpectedCustomExtension: &expectedContents,
7571 },
7572 },
7573 flags: []string{flag},
7574 shouldFail: true,
7575 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7576 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7577
7578 // If the add callback fails, the handshake should also fail.
7579 testCases = append(testCases, testCase{
7580 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7581 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7582 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7583 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7584 Bugs: ProtocolBugs{
7585 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7586 ExpectedCustomExtension: &expectedContents,
7587 },
7588 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7589 flags: []string{flag, "-custom-extension-fail-add"},
7590 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7591 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7592 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7593 testCases = append(testCases, testCase{
7594 testType: testType,
7595 name: "CustomExtensions-FailAdd-" + suffix + "-TLS13",
7596 config: Config{
7597 MaxVersion: VersionTLS13,
7598 Bugs: ProtocolBugs{
7599 CustomExtension: expectedContents,
7600 ExpectedCustomExtension: &expectedContents,
7601 },
7602 },
7603 flags: []string{flag, "-custom-extension-fail-add"},
7604 shouldFail: true,
7605 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7606 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7607
7608 // If the add callback returns zero, no extension should be
7609 // added.
7610 skipCustomExtension := expectedContents
7611 if isClient {
7612 // For the case where the client skips sending the
7613 // custom extension, the server must not “echo” it.
7614 skipCustomExtension = ""
7615 }
7616 testCases = append(testCases, testCase{
7617 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7618 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7619 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7620 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7621 Bugs: ProtocolBugs{
7622 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7623 ExpectedCustomExtension: &emptyString,
7624 },
7625 },
7626 flags: []string{flag, "-custom-extension-skip"},
7627 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7628 testCases = append(testCases, testCase{
7629 testType: testType,
7630 name: "CustomExtensions-Skip-" + suffix + "-TLS13",
7631 config: Config{
7632 MaxVersion: VersionTLS13,
7633 Bugs: ProtocolBugs{
7634 CustomExtension: skipCustomExtension,
7635 ExpectedCustomExtension: &emptyString,
7636 },
7637 },
7638 flags: []string{flag, "-custom-extension-skip"},
7639 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7640 }
7641
7642 // The custom extension add callback should not be called if the client
7643 // doesn't send the extension.
7644 testCases = append(testCases, testCase{
7645 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7646 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7647 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7648 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7649 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7650 ExpectedCustomExtension: &emptyString,
7651 },
7652 },
7653 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
7654 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7655
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7656 testCases = append(testCases, testCase{
7657 testType: serverTest,
7658 name: "CustomExtensions-NotCalled-Server-TLS13",
7659 config: Config{
7660 MaxVersion: VersionTLS13,
7661 Bugs: ProtocolBugs{
7662 ExpectedCustomExtension: &emptyString,
7663 },
7664 },
7665 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
7666 })
7667
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7668 // Test an unknown extension from the server.
7669 testCases = append(testCases, testCase{
7670 testType: clientTest,
7671 name: "UnknownExtension-Client",
7672 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7673 MaxVersion: VersionTLS12,
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7674 Bugs: ProtocolBugs{
7675 CustomExtension: expectedContents,
7676 },
7677 },
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7678 shouldFail: true,
7679 expectedError: ":UNEXPECTED_EXTENSION:",
7680 expectedLocalError: "remote error: unsupported extension",
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7681 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7682 testCases = append(testCases, testCase{
7683 testType: clientTest,
7684 name: "UnknownExtension-Client-TLS13",
7685 config: Config{
7686 MaxVersion: VersionTLS13,
7687 Bugs: ProtocolBugs{
7688 CustomExtension: expectedContents,
7689 },
7690 },
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7691 shouldFail: true,
7692 expectedError: ":UNEXPECTED_EXTENSION:",
7693 expectedLocalError: "remote error: unsupported extension",
7694 })
David Benjamin490469f2016-10-05 22:44:38 -0400[diff] [blame]7695 testCases = append(testCases, testCase{
7696 testType: clientTest,
7697 name: "UnknownUnencryptedExtension-Client-TLS13",
7698 config: Config{
7699 MaxVersion: VersionTLS13,
7700 Bugs: ProtocolBugs{
7701 CustomUnencryptedExtension: expectedContents,
7702 },
7703 },
7704 shouldFail: true,
7705 expectedError: ":UNEXPECTED_EXTENSION:",
7706 // The shim must send an alert, but alerts at this point do not
7707 // get successfully decrypted by the runner.
7708 expectedLocalError: "local error: bad record MAC",
7709 })
7710 testCases = append(testCases, testCase{
7711 testType: clientTest,
7712 name: "UnexpectedUnencryptedExtension-Client-TLS13",
7713 config: Config{
7714 MaxVersion: VersionTLS13,
7715 Bugs: ProtocolBugs{
7716 SendUnencryptedALPN: "foo",
7717 },
7718 },
7719 flags: []string{
7720 "-advertise-alpn", "\x03foo\x03bar",
7721 },
7722 shouldFail: true,
7723 expectedError: ":UNEXPECTED_EXTENSION:",
7724 // The shim must send an alert, but alerts at this point do not
7725 // get successfully decrypted by the runner.
7726 expectedLocalError: "local error: bad record MAC",
7727 })
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7728
7729 // Test a known but unoffered extension from the server.
7730 testCases = append(testCases, testCase{
7731 testType: clientTest,
7732 name: "UnofferedExtension-Client",
7733 config: Config{
7734 MaxVersion: VersionTLS12,
7735 Bugs: ProtocolBugs{
7736 SendALPN: "alpn",
7737 },
7738 },
7739 shouldFail: true,
7740 expectedError: ":UNEXPECTED_EXTENSION:",
7741 expectedLocalError: "remote error: unsupported extension",
7742 })
7743 testCases = append(testCases, testCase{
7744 testType: clientTest,
7745 name: "UnofferedExtension-Client-TLS13",
7746 config: Config{
7747 MaxVersion: VersionTLS13,
7748 Bugs: ProtocolBugs{
7749 SendALPN: "alpn",
7750 },
7751 },
7752 shouldFail: true,
7753 expectedError: ":UNEXPECTED_EXTENSION:",
7754 expectedLocalError: "remote error: unsupported extension",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7755 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7756}
7757
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]7758func addRSAClientKeyExchangeTests() {
7759 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
7760 testCases = append(testCases, testCase{
7761 testType: serverTest,
7762 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
7763 config: Config{
7764 // Ensure the ClientHello version and final
7765 // version are different, to detect if the
7766 // server uses the wrong one.
7767 MaxVersion: VersionTLS11,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]7768 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]7769 Bugs: ProtocolBugs{
7770 BadRSAClientKeyExchange: bad,
7771 },
7772 },
7773 shouldFail: true,
7774 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
7775 })
7776 }
David Benjamine63d9d72016-09-19 18:27:34 -0400[diff] [blame]7777
7778 // The server must compare whatever was in ClientHello.version for the
7779 // RSA premaster.
7780 testCases = append(testCases, testCase{
7781 testType: serverTest,
7782 name: "SendClientVersion-RSA",
7783 config: Config{
7784 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
7785 Bugs: ProtocolBugs{
7786 SendClientVersion: 0x1234,
7787 },
7788 },
7789 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7790 })
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]7791}
7792
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7793var testCurves = []struct {
7794 name string
7795 id CurveID
7796}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7797 {"P-256", CurveP256},
7798 {"P-384", CurveP384},
7799 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]7800 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7801}
7802
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7803const bogusCurve = 0x1234
7804
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7805func addCurveTests() {
7806 for _, curve := range testCurves {
7807 testCases = append(testCases, testCase{
7808 name: "CurveTest-Client-" + curve.name,
7809 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7810 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7811 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7812 CurvePreferences: []CurveID{curve.id},
7813 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7814 flags: []string{
7815 "-enable-all-curves",
7816 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7817 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7818 expectedCurveID: curve.id,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7819 })
7820 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7821 name: "CurveTest-Client-" + curve.name + "-TLS13",
7822 config: Config{
7823 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7824 CurvePreferences: []CurveID{curve.id},
7825 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7826 flags: []string{
7827 "-enable-all-curves",
7828 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7829 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7830 expectedCurveID: curve.id,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7831 })
7832 testCases = append(testCases, testCase{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7833 testType: serverTest,
7834 name: "CurveTest-Server-" + curve.name,
7835 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7836 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7837 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7838 CurvePreferences: []CurveID{curve.id},
7839 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7840 flags: []string{
7841 "-enable-all-curves",
7842 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7843 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7844 expectedCurveID: curve.id,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7845 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7846 testCases = append(testCases, testCase{
7847 testType: serverTest,
7848 name: "CurveTest-Server-" + curve.name + "-TLS13",
7849 config: Config{
7850 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7851 CurvePreferences: []CurveID{curve.id},
7852 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7853 flags: []string{
7854 "-enable-all-curves",
7855 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7856 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7857 expectedCurveID: curve.id,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7858 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7859 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]7860
7861 // The server must be tolerant to bogus curves.
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]7862 testCases = append(testCases, testCase{
7863 testType: serverTest,
7864 name: "UnknownCurve",
7865 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7866 MaxVersion: VersionTLS12,
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]7867 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7868 CurvePreferences: []CurveID{bogusCurve, CurveP256},
7869 },
7870 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7871
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7872 // The server must be tolerant to bogus curves.
7873 testCases = append(testCases, testCase{
7874 testType: serverTest,
7875 name: "UnknownCurve-TLS13",
7876 config: Config{
7877 MaxVersion: VersionTLS13,
7878 CurvePreferences: []CurveID{bogusCurve, CurveP256},
7879 },
7880 })
7881
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7882 // The server must not consider ECDHE ciphers when there are no
7883 // supported curves.
7884 testCases = append(testCases, testCase{
7885 testType: serverTest,
7886 name: "NoSupportedCurves",
7887 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7888 MaxVersion: VersionTLS12,
7889 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7890 Bugs: ProtocolBugs{
7891 NoSupportedCurves: true,
7892 },
7893 },
7894 shouldFail: true,
7895 expectedError: ":NO_SHARED_CIPHER:",
7896 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7897 testCases = append(testCases, testCase{
7898 testType: serverTest,
7899 name: "NoSupportedCurves-TLS13",
7900 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7901 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7902 Bugs: ProtocolBugs{
7903 NoSupportedCurves: true,
7904 },
7905 },
7906 shouldFail: true,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7907 expectedError: ":NO_SHARED_GROUP:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7908 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7909
7910 // The server must fall back to another cipher when there are no
7911 // supported curves.
7912 testCases = append(testCases, testCase{
7913 testType: serverTest,
7914 name: "NoCommonCurves",
7915 config: Config{
7916 MaxVersion: VersionTLS12,
7917 CipherSuites: []uint16{
7918 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
7919 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
7920 },
7921 CurvePreferences: []CurveID{CurveP224},
7922 },
7923 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
7924 })
7925
7926 // The client must reject bogus curves and disabled curves.
7927 testCases = append(testCases, testCase{
7928 name: "BadECDHECurve",
7929 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7930 MaxVersion: VersionTLS12,
7931 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7932 Bugs: ProtocolBugs{
7933 SendCurve: bogusCurve,
7934 },
7935 },
7936 shouldFail: true,
7937 expectedError: ":WRONG_CURVE:",
7938 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7939 testCases = append(testCases, testCase{
7940 name: "BadECDHECurve-TLS13",
7941 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7942 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7943 Bugs: ProtocolBugs{
7944 SendCurve: bogusCurve,
7945 },
7946 },
7947 shouldFail: true,
7948 expectedError: ":WRONG_CURVE:",
7949 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7950
7951 testCases = append(testCases, testCase{
7952 name: "UnsupportedCurve",
7953 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7954 MaxVersion: VersionTLS12,
7955 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7956 CurvePreferences: []CurveID{CurveP256},
7957 Bugs: ProtocolBugs{
7958 IgnorePeerCurvePreferences: true,
7959 },
7960 },
7961 flags: []string{"-p384-only"},
7962 shouldFail: true,
7963 expectedError: ":WRONG_CURVE:",
7964 })
7965
David Benjamin4f921572016-07-17 14:20:10 +0200[diff] [blame]7966 testCases = append(testCases, testCase{
7967 // TODO(davidben): Add a TLS 1.3 version where
7968 // HelloRetryRequest requests an unsupported curve.
7969 name: "UnsupportedCurve-ServerHello-TLS13",
7970 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7971 MaxVersion: VersionTLS13,
David Benjamin4f921572016-07-17 14:20:10 +0200[diff] [blame]7972 CurvePreferences: []CurveID{CurveP384},
7973 Bugs: ProtocolBugs{
7974 SendCurve: CurveP256,
7975 },
7976 },
7977 flags: []string{"-p384-only"},
7978 shouldFail: true,
7979 expectedError: ":WRONG_CURVE:",
7980 })
7981
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7982 // Test invalid curve points.
7983 testCases = append(testCases, testCase{
7984 name: "InvalidECDHPoint-Client",
7985 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7986 MaxVersion: VersionTLS12,
7987 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7988 CurvePreferences: []CurveID{CurveP256},
7989 Bugs: ProtocolBugs{
7990 InvalidECDHPoint: true,
7991 },
7992 },
7993 shouldFail: true,
7994 expectedError: ":INVALID_ENCODING:",
7995 })
7996 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7997 name: "InvalidECDHPoint-Client-TLS13",
7998 config: Config{
7999 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8000 CurvePreferences: []CurveID{CurveP256},
8001 Bugs: ProtocolBugs{
8002 InvalidECDHPoint: true,
8003 },
8004 },
8005 shouldFail: true,
8006 expectedError: ":INVALID_ENCODING:",
8007 })
8008 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8009 testType: serverTest,
8010 name: "InvalidECDHPoint-Server",
8011 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8012 MaxVersion: VersionTLS12,
8013 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8014 CurvePreferences: []CurveID{CurveP256},
8015 Bugs: ProtocolBugs{
8016 InvalidECDHPoint: true,
8017 },
8018 },
8019 shouldFail: true,
8020 expectedError: ":INVALID_ENCODING:",
8021 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8022 testCases = append(testCases, testCase{
8023 testType: serverTest,
8024 name: "InvalidECDHPoint-Server-TLS13",
8025 config: Config{
8026 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8027 CurvePreferences: []CurveID{CurveP256},
8028 Bugs: ProtocolBugs{
8029 InvalidECDHPoint: true,
8030 },
8031 },
8032 shouldFail: true,
8033 expectedError: ":INVALID_ENCODING:",
8034 })
David Benjamin8a55ce42016-12-11 03:03:42 -0500[diff] [blame]8035
8036 // The previous curve ID should be reported on TLS 1.2 resumption.
8037 testCases = append(testCases, testCase{
8038 name: "CurveID-Resume-Client",
8039 config: Config{
8040 MaxVersion: VersionTLS12,
8041 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8042 CurvePreferences: []CurveID{CurveX25519},
8043 },
8044 flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
8045 resumeSession: true,
8046 })
8047 testCases = append(testCases, testCase{
8048 testType: serverTest,
8049 name: "CurveID-Resume-Server",
8050 config: Config{
8051 MaxVersion: VersionTLS12,
8052 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8053 CurvePreferences: []CurveID{CurveX25519},
8054 },
8055 flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
8056 resumeSession: true,
8057 })
8058
8059 // TLS 1.3 allows resuming at a differet curve. If this happens, the new
8060 // one should be reported.
8061 testCases = append(testCases, testCase{
8062 name: "CurveID-Resume-Client-TLS13",
8063 config: Config{
8064 MaxVersion: VersionTLS13,
8065 CurvePreferences: []CurveID{CurveX25519},
8066 },
8067 resumeConfig: &Config{
8068 MaxVersion: VersionTLS13,
8069 CurvePreferences: []CurveID{CurveP256},
8070 },
8071 flags: []string{
8072 "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
8073 "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
8074 },
8075 resumeSession: true,
8076 })
8077 testCases = append(testCases, testCase{
8078 testType: serverTest,
8079 name: "CurveID-Resume-Server-TLS13",
8080 config: Config{
8081 MaxVersion: VersionTLS13,
8082 CurvePreferences: []CurveID{CurveX25519},
8083 },
8084 resumeConfig: &Config{
8085 MaxVersion: VersionTLS13,
8086 CurvePreferences: []CurveID{CurveP256},
8087 },
8088 flags: []string{
8089 "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
8090 "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
8091 },
8092 resumeSession: true,
8093 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8094}
8095
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]8096func addTLS13RecordTests() {
8097 testCases = append(testCases, testCase{
8098 name: "TLS13-RecordPadding",
8099 config: Config{
8100 MaxVersion: VersionTLS13,
8101 MinVersion: VersionTLS13,
8102 Bugs: ProtocolBugs{
8103 RecordPadding: 10,
8104 },
8105 },
8106 })
8107
8108 testCases = append(testCases, testCase{
8109 name: "TLS13-EmptyRecords",
8110 config: Config{
8111 MaxVersion: VersionTLS13,
8112 MinVersion: VersionTLS13,
8113 Bugs: ProtocolBugs{
8114 OmitRecordContents: true,
8115 },
8116 },
8117 shouldFail: true,
8118 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8119 })
8120
8121 testCases = append(testCases, testCase{
8122 name: "TLS13-OnlyPadding",
8123 config: Config{
8124 MaxVersion: VersionTLS13,
8125 MinVersion: VersionTLS13,
8126 Bugs: ProtocolBugs{
8127 OmitRecordContents: true,
8128 RecordPadding: 10,
8129 },
8130 },
8131 shouldFail: true,
8132 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8133 })
8134
8135 testCases = append(testCases, testCase{
8136 name: "TLS13-WrongOuterRecord",
8137 config: Config{
8138 MaxVersion: VersionTLS13,
8139 MinVersion: VersionTLS13,
8140 Bugs: ProtocolBugs{
8141 OuterRecordType: recordTypeHandshake,
8142 },
8143 },
8144 shouldFail: true,
8145 expectedError: ":INVALID_OUTER_RECORD_TYPE:",
8146 })
8147}
8148
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8149func addSessionTicketTests() {
8150 testCases = append(testCases, testCase{
8151 // In TLS 1.2 and below, empty NewSessionTicket messages
8152 // mean the server changed its mind on sending a ticket.
8153 name: "SendEmptySessionTicket",
8154 config: Config{
8155 MaxVersion: VersionTLS12,
8156 Bugs: ProtocolBugs{
8157 SendEmptySessionTicket: true,
8158 },
8159 },
8160 flags: []string{"-expect-no-session"},
8161 })
8162
8163 // Test that the server ignores unknown PSK modes.
8164 testCases = append(testCases, testCase{
8165 testType: serverTest,
8166 name: "TLS13-SendUnknownModeSessionTicket-Server",
8167 config: Config{
8168 MaxVersion: VersionTLS13,
8169 Bugs: ProtocolBugs{
8170 SendPSKKeyExchangeModes: []byte{0x1a, pskDHEKEMode, 0x2a},
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8171 },
8172 },
8173 resumeSession: true,
8174 expectedResumeVersion: VersionTLS13,
8175 })
8176
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8177 // Test that the server does not send session tickets with no matching key exchange mode.
8178 testCases = append(testCases, testCase{
8179 testType: serverTest,
8180 name: "TLS13-ExpectNoSessionTicketOnBadKEMode-Server",
8181 config: Config{
8182 MaxVersion: VersionTLS13,
8183 Bugs: ProtocolBugs{
8184 SendPSKKeyExchangeModes: []byte{0x1a},
8185 ExpectNoNewSessionTicket: true,
8186 },
8187 },
8188 })
8189
8190 // Test that the server does not accept a session with no matching key exchange mode.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8191 testCases = append(testCases, testCase{
8192 testType: serverTest,
8193 name: "TLS13-SendBadKEModeSessionTicket-Server",
8194 config: Config{
8195 MaxVersion: VersionTLS13,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8196 },
8197 resumeConfig: &Config{
8198 MaxVersion: VersionTLS13,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8199 Bugs: ProtocolBugs{
8200 SendPSKKeyExchangeModes: []byte{0x1a},
8201 },
8202 },
8203 resumeSession: true,
8204 expectResumeRejected: true,
8205 })
8206
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8207 // Test that the client ticket age is sent correctly.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8208 testCases = append(testCases, testCase{
8209 testType: clientTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8210 name: "TLS13-TestValidTicketAge-Client",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8211 config: Config{
8212 MaxVersion: VersionTLS13,
8213 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8214 ExpectTicketAge: 10 * time.Second,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8215 },
8216 },
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8217 resumeSession: true,
8218 flags: []string{
8219 "-resumption-delay", "10",
8220 },
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8221 })
8222
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8223 // Test that the client ticket age is enforced.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8224 testCases = append(testCases, testCase{
8225 testType: clientTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8226 name: "TLS13-TestBadTicketAge-Client",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8227 config: Config{
8228 MaxVersion: VersionTLS13,
8229 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8230 ExpectTicketAge: 1000 * time.Second,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8231 },
8232 },
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8233 resumeSession: true,
8234 shouldFail: true,
8235 expectedLocalError: "tls: invalid ticket age",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8236 })
8237
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8238}
8239
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8240func addChangeCipherSpecTests() {
8241 // Test missing ChangeCipherSpecs.
8242 testCases = append(testCases, testCase{
8243 name: "SkipChangeCipherSpec-Client",
8244 config: Config{
8245 MaxVersion: VersionTLS12,
8246 Bugs: ProtocolBugs{
8247 SkipChangeCipherSpec: true,
8248 },
8249 },
8250 shouldFail: true,
8251 expectedError: ":UNEXPECTED_RECORD:",
8252 })
8253 testCases = append(testCases, testCase{
8254 testType: serverTest,
8255 name: "SkipChangeCipherSpec-Server",
8256 config: Config{
8257 MaxVersion: VersionTLS12,
8258 Bugs: ProtocolBugs{
8259 SkipChangeCipherSpec: true,
8260 },
8261 },
8262 shouldFail: true,
8263 expectedError: ":UNEXPECTED_RECORD:",
8264 })
8265 testCases = append(testCases, testCase{
8266 testType: serverTest,
8267 name: "SkipChangeCipherSpec-Server-NPN",
8268 config: Config{
8269 MaxVersion: VersionTLS12,
8270 NextProtos: []string{"bar"},
8271 Bugs: ProtocolBugs{
8272 SkipChangeCipherSpec: true,
8273 },
8274 },
8275 flags: []string{
8276 "-advertise-npn", "\x03foo\x03bar\x03baz",
8277 },
8278 shouldFail: true,
8279 expectedError: ":UNEXPECTED_RECORD:",
8280 })
8281
8282 // Test synchronization between the handshake and ChangeCipherSpec.
8283 // Partial post-CCS handshake messages before ChangeCipherSpec should be
8284 // rejected. Test both with and without handshake packing to handle both
8285 // when the partial post-CCS message is in its own record and when it is
8286 // attached to the pre-CCS message.
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8287 for _, packed := range []bool{false, true} {
8288 var suffix string
8289 if packed {
8290 suffix = "-Packed"
8291 }
8292
8293 testCases = append(testCases, testCase{
8294 name: "FragmentAcrossChangeCipherSpec-Client" + suffix,
8295 config: Config{
8296 MaxVersion: VersionTLS12,
8297 Bugs: ProtocolBugs{
8298 FragmentAcrossChangeCipherSpec: true,
8299 PackHandshakeFlight: packed,
8300 },
8301 },
8302 shouldFail: true,
8303 expectedError: ":UNEXPECTED_RECORD:",
8304 })
8305 testCases = append(testCases, testCase{
8306 name: "FragmentAcrossChangeCipherSpec-Client-Resume" + suffix,
8307 config: Config{
8308 MaxVersion: VersionTLS12,
8309 },
8310 resumeSession: true,
8311 resumeConfig: &Config{
8312 MaxVersion: VersionTLS12,
8313 Bugs: ProtocolBugs{
8314 FragmentAcrossChangeCipherSpec: true,
8315 PackHandshakeFlight: packed,
8316 },
8317 },
8318 shouldFail: true,
8319 expectedError: ":UNEXPECTED_RECORD:",
8320 })
8321 testCases = append(testCases, testCase{
8322 testType: serverTest,
8323 name: "FragmentAcrossChangeCipherSpec-Server" + suffix,
8324 config: Config{
8325 MaxVersion: VersionTLS12,
8326 Bugs: ProtocolBugs{
8327 FragmentAcrossChangeCipherSpec: true,
8328 PackHandshakeFlight: packed,
8329 },
8330 },
8331 shouldFail: true,
8332 expectedError: ":UNEXPECTED_RECORD:",
8333 })
8334 testCases = append(testCases, testCase{
8335 testType: serverTest,
8336 name: "FragmentAcrossChangeCipherSpec-Server-Resume" + suffix,
8337 config: Config{
8338 MaxVersion: VersionTLS12,
8339 },
8340 resumeSession: true,
8341 resumeConfig: &Config{
8342 MaxVersion: VersionTLS12,
8343 Bugs: ProtocolBugs{
8344 FragmentAcrossChangeCipherSpec: true,
8345 PackHandshakeFlight: packed,
8346 },
8347 },
8348 shouldFail: true,
8349 expectedError: ":UNEXPECTED_RECORD:",
8350 })
8351 testCases = append(testCases, testCase{
8352 testType: serverTest,
8353 name: "FragmentAcrossChangeCipherSpec-Server-NPN" + suffix,
8354 config: Config{
8355 MaxVersion: VersionTLS12,
8356 NextProtos: []string{"bar"},
8357 Bugs: ProtocolBugs{
8358 FragmentAcrossChangeCipherSpec: true,
8359 PackHandshakeFlight: packed,
8360 },
8361 },
8362 flags: []string{
8363 "-advertise-npn", "\x03foo\x03bar\x03baz",
8364 },
8365 shouldFail: true,
8366 expectedError: ":UNEXPECTED_RECORD:",
8367 })
8368 }
8369
David Benjamin61672812016-07-14 23:10:43 -0400[diff] [blame]8370 // Test that, in DTLS, ChangeCipherSpec is not allowed when there are
8371 // messages in the handshake queue. Do this by testing the server
8372 // reading the client Finished, reversing the flight so Finished comes
8373 // first.
8374 testCases = append(testCases, testCase{
8375 protocol: dtls,
8376 testType: serverTest,
8377 name: "SendUnencryptedFinished-DTLS",
8378 config: Config{
8379 MaxVersion: VersionTLS12,
8380 Bugs: ProtocolBugs{
8381 SendUnencryptedFinished: true,
8382 ReverseHandshakeFragments: true,
8383 },
8384 },
8385 shouldFail: true,
8386 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8387 })
8388
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8389 // Test synchronization between encryption changes and the handshake in
8390 // TLS 1.3, where ChangeCipherSpec is implicit.
8391 testCases = append(testCases, testCase{
8392 name: "PartialEncryptedExtensionsWithServerHello",
8393 config: Config{
8394 MaxVersion: VersionTLS13,
8395 Bugs: ProtocolBugs{
8396 PartialEncryptedExtensionsWithServerHello: true,
8397 },
8398 },
8399 shouldFail: true,
8400 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8401 })
8402 testCases = append(testCases, testCase{
8403 testType: serverTest,
8404 name: "PartialClientFinishedWithClientHello",
8405 config: Config{
8406 MaxVersion: VersionTLS13,
8407 Bugs: ProtocolBugs{
8408 PartialClientFinishedWithClientHello: true,
8409 },
8410 },
8411 shouldFail: true,
8412 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8413 })
8414
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8415 // Test that early ChangeCipherSpecs are handled correctly.
8416 testCases = append(testCases, testCase{
8417 testType: serverTest,
8418 name: "EarlyChangeCipherSpec-server-1",
8419 config: Config{
8420 MaxVersion: VersionTLS12,
8421 Bugs: ProtocolBugs{
8422 EarlyChangeCipherSpec: 1,
8423 },
8424 },
8425 shouldFail: true,
8426 expectedError: ":UNEXPECTED_RECORD:",
8427 })
8428 testCases = append(testCases, testCase{
8429 testType: serverTest,
8430 name: "EarlyChangeCipherSpec-server-2",
8431 config: Config{
8432 MaxVersion: VersionTLS12,
8433 Bugs: ProtocolBugs{
8434 EarlyChangeCipherSpec: 2,
8435 },
8436 },
8437 shouldFail: true,
8438 expectedError: ":UNEXPECTED_RECORD:",
8439 })
8440 testCases = append(testCases, testCase{
8441 protocol: dtls,
8442 name: "StrayChangeCipherSpec",
8443 config: Config{
8444 // TODO(davidben): Once DTLS 1.3 exists, test
8445 // that stray ChangeCipherSpec messages are
8446 // rejected.
8447 MaxVersion: VersionTLS12,
8448 Bugs: ProtocolBugs{
8449 StrayChangeCipherSpec: true,
8450 },
8451 },
8452 })
8453
8454 // Test that the contents of ChangeCipherSpec are checked.
8455 testCases = append(testCases, testCase{
8456 name: "BadChangeCipherSpec-1",
8457 config: Config{
8458 MaxVersion: VersionTLS12,
8459 Bugs: ProtocolBugs{
8460 BadChangeCipherSpec: []byte{2},
8461 },
8462 },
8463 shouldFail: true,
8464 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8465 })
8466 testCases = append(testCases, testCase{
8467 name: "BadChangeCipherSpec-2",
8468 config: Config{
8469 MaxVersion: VersionTLS12,
8470 Bugs: ProtocolBugs{
8471 BadChangeCipherSpec: []byte{1, 1},
8472 },
8473 },
8474 shouldFail: true,
8475 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8476 })
8477 testCases = append(testCases, testCase{
8478 protocol: dtls,
8479 name: "BadChangeCipherSpec-DTLS-1",
8480 config: Config{
8481 MaxVersion: VersionTLS12,
8482 Bugs: ProtocolBugs{
8483 BadChangeCipherSpec: []byte{2},
8484 },
8485 },
8486 shouldFail: true,
8487 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8488 })
8489 testCases = append(testCases, testCase{
8490 protocol: dtls,
8491 name: "BadChangeCipherSpec-DTLS-2",
8492 config: Config{
8493 MaxVersion: VersionTLS12,
8494 Bugs: ProtocolBugs{
8495 BadChangeCipherSpec: []byte{1, 1},
8496 },
8497 },
8498 shouldFail: true,
8499 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8500 })
8501}
8502
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8503type perMessageTest struct {
8504 messageType uint8
8505 test testCase
8506}
8507
8508// makePerMessageTests returns a series of test templates which cover each
8509// message in the TLS handshake. These may be used with bugs like
8510// WrongMessageType to fully test a per-message bug.
8511func makePerMessageTests() []perMessageTest {
8512 var ret []perMessageTest
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8513 for _, protocol := range []protocol{tls, dtls} {
8514 var suffix string
8515 if protocol == dtls {
8516 suffix = "-DTLS"
8517 }
8518
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8519 ret = append(ret, perMessageTest{
8520 messageType: typeClientHello,
8521 test: testCase{
8522 protocol: protocol,
8523 testType: serverTest,
8524 name: "ClientHello" + suffix,
8525 config: Config{
8526 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8527 },
8528 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8529 })
8530
8531 if protocol == dtls {
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8532 ret = append(ret, perMessageTest{
8533 messageType: typeHelloVerifyRequest,
8534 test: testCase{
8535 protocol: protocol,
8536 name: "HelloVerifyRequest" + suffix,
8537 config: Config{
8538 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8539 },
8540 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8541 })
8542 }
8543
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8544 ret = append(ret, perMessageTest{
8545 messageType: typeServerHello,
8546 test: testCase{
8547 protocol: protocol,
8548 name: "ServerHello" + suffix,
8549 config: Config{
8550 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8551 },
8552 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8553 })
8554
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8555 ret = append(ret, perMessageTest{
8556 messageType: typeCertificate,
8557 test: testCase{
8558 protocol: protocol,
8559 name: "ServerCertificate" + suffix,
8560 config: Config{
8561 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8562 },
8563 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8564 })
8565
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8566 ret = append(ret, perMessageTest{
8567 messageType: typeCertificateStatus,
8568 test: testCase{
8569 protocol: protocol,
8570 name: "CertificateStatus" + suffix,
8571 config: Config{
8572 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8573 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8574 flags: []string{"-enable-ocsp-stapling"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8575 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8576 })
8577
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8578 ret = append(ret, perMessageTest{
8579 messageType: typeServerKeyExchange,
8580 test: testCase{
8581 protocol: protocol,
8582 name: "ServerKeyExchange" + suffix,
8583 config: Config{
8584 MaxVersion: VersionTLS12,
8585 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8586 },
8587 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8588 })
8589
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8590 ret = append(ret, perMessageTest{
8591 messageType: typeCertificateRequest,
8592 test: testCase{
8593 protocol: protocol,
8594 name: "CertificateRequest" + suffix,
8595 config: Config{
8596 MaxVersion: VersionTLS12,
8597 ClientAuth: RequireAnyClientCert,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8598 },
8599 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8600 })
8601
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8602 ret = append(ret, perMessageTest{
8603 messageType: typeServerHelloDone,
8604 test: testCase{
8605 protocol: protocol,
8606 name: "ServerHelloDone" + suffix,
8607 config: Config{
8608 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8609 },
8610 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8611 })
8612
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8613 ret = append(ret, perMessageTest{
8614 messageType: typeCertificate,
8615 test: testCase{
8616 testType: serverTest,
8617 protocol: protocol,
8618 name: "ClientCertificate" + suffix,
8619 config: Config{
8620 Certificates: []Certificate{rsaCertificate},
8621 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8622 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8623 flags: []string{"-require-any-client-certificate"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8624 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8625 })
8626
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8627 ret = append(ret, perMessageTest{
8628 messageType: typeCertificateVerify,
8629 test: testCase{
8630 testType: serverTest,
8631 protocol: protocol,
8632 name: "CertificateVerify" + suffix,
8633 config: Config{
8634 Certificates: []Certificate{rsaCertificate},
8635 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8636 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8637 flags: []string{"-require-any-client-certificate"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8638 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8639 })
8640
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8641 ret = append(ret, perMessageTest{
8642 messageType: typeClientKeyExchange,
8643 test: testCase{
8644 testType: serverTest,
8645 protocol: protocol,
8646 name: "ClientKeyExchange" + suffix,
8647 config: Config{
8648 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8649 },
8650 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8651 })
8652
8653 if protocol != dtls {
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8654 ret = append(ret, perMessageTest{
8655 messageType: typeNextProtocol,
8656 test: testCase{
8657 testType: serverTest,
8658 protocol: protocol,
8659 name: "NextProtocol" + suffix,
8660 config: Config{
8661 MaxVersion: VersionTLS12,
8662 NextProtos: []string{"bar"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8663 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8664 flags: []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8665 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8666 })
8667
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8668 ret = append(ret, perMessageTest{
8669 messageType: typeChannelID,
8670 test: testCase{
8671 testType: serverTest,
8672 protocol: protocol,
8673 name: "ChannelID" + suffix,
8674 config: Config{
8675 MaxVersion: VersionTLS12,
8676 ChannelID: channelIDKey,
8677 },
8678 flags: []string{
8679 "-expect-channel-id",
8680 base64.StdEncoding.EncodeToString(channelIDBytes),
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8681 },
8682 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8683 })
8684 }
8685
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8686 ret = append(ret, perMessageTest{
8687 messageType: typeFinished,
8688 test: testCase{
8689 testType: serverTest,
8690 protocol: protocol,
8691 name: "ClientFinished" + suffix,
8692 config: Config{
8693 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8694 },
8695 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8696 })
8697
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8698 ret = append(ret, perMessageTest{
8699 messageType: typeNewSessionTicket,
8700 test: testCase{
8701 protocol: protocol,
8702 name: "NewSessionTicket" + suffix,
8703 config: Config{
8704 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8705 },
8706 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8707 })
8708
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8709 ret = append(ret, perMessageTest{
8710 messageType: typeFinished,
8711 test: testCase{
8712 protocol: protocol,
8713 name: "ServerFinished" + suffix,
8714 config: Config{
8715 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8716 },
8717 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8718 })
8719
8720 }
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8721
8722 ret = append(ret, perMessageTest{
8723 messageType: typeClientHello,
8724 test: testCase{
8725 testType: serverTest,
8726 name: "TLS13-ClientHello",
8727 config: Config{
8728 MaxVersion: VersionTLS13,
8729 },
8730 },
8731 })
8732
8733 ret = append(ret, perMessageTest{
8734 messageType: typeServerHello,
8735 test: testCase{
8736 name: "TLS13-ServerHello",
8737 config: Config{
8738 MaxVersion: VersionTLS13,
8739 },
8740 },
8741 })
8742
8743 ret = append(ret, perMessageTest{
8744 messageType: typeEncryptedExtensions,
8745 test: testCase{
8746 name: "TLS13-EncryptedExtensions",
8747 config: Config{
8748 MaxVersion: VersionTLS13,
8749 },
8750 },
8751 })
8752
8753 ret = append(ret, perMessageTest{
8754 messageType: typeCertificateRequest,
8755 test: testCase{
8756 name: "TLS13-CertificateRequest",
8757 config: Config{
8758 MaxVersion: VersionTLS13,
8759 ClientAuth: RequireAnyClientCert,
8760 },
8761 },
8762 })
8763
8764 ret = append(ret, perMessageTest{
8765 messageType: typeCertificate,
8766 test: testCase{
8767 name: "TLS13-ServerCertificate",
8768 config: Config{
8769 MaxVersion: VersionTLS13,
8770 },
8771 },
8772 })
8773
8774 ret = append(ret, perMessageTest{
8775 messageType: typeCertificateVerify,
8776 test: testCase{
8777 name: "TLS13-ServerCertificateVerify",
8778 config: Config{
8779 MaxVersion: VersionTLS13,
8780 },
8781 },
8782 })
8783
8784 ret = append(ret, perMessageTest{
8785 messageType: typeFinished,
8786 test: testCase{
8787 name: "TLS13-ServerFinished",
8788 config: Config{
8789 MaxVersion: VersionTLS13,
8790 },
8791 },
8792 })
8793
8794 ret = append(ret, perMessageTest{
8795 messageType: typeCertificate,
8796 test: testCase{
8797 testType: serverTest,
8798 name: "TLS13-ClientCertificate",
8799 config: Config{
8800 Certificates: []Certificate{rsaCertificate},
8801 MaxVersion: VersionTLS13,
8802 },
8803 flags: []string{"-require-any-client-certificate"},
8804 },
8805 })
8806
8807 ret = append(ret, perMessageTest{
8808 messageType: typeCertificateVerify,
8809 test: testCase{
8810 testType: serverTest,
8811 name: "TLS13-ClientCertificateVerify",
8812 config: Config{
8813 Certificates: []Certificate{rsaCertificate},
8814 MaxVersion: VersionTLS13,
8815 },
8816 flags: []string{"-require-any-client-certificate"},
8817 },
8818 })
8819
8820 ret = append(ret, perMessageTest{
8821 messageType: typeFinished,
8822 test: testCase{
8823 testType: serverTest,
8824 name: "TLS13-ClientFinished",
8825 config: Config{
8826 MaxVersion: VersionTLS13,
8827 },
8828 },
8829 })
8830
8831 return ret
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8832}
8833
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8834func addWrongMessageTypeTests() {
8835 for _, t := range makePerMessageTests() {
8836 t.test.name = "WrongMessageType-" + t.test.name
8837 t.test.config.Bugs.SendWrongMessageType = t.messageType
8838 t.test.shouldFail = true
8839 t.test.expectedError = ":UNEXPECTED_MESSAGE:"
8840 t.test.expectedLocalError = "remote error: unexpected message"
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8841
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8842 if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
8843 // In TLS 1.3, a bad ServerHello means the client sends
8844 // an unencrypted alert while the server expects
8845 // encryption, so the alert is not readable by runner.
8846 t.test.expectedLocalError = "local error: bad record MAC"
8847 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8848
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8849 testCases = append(testCases, t.test)
8850 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8851}
8852
David Benjamin639846e2016-09-09 11:41:18 -0400[diff] [blame]8853func addTrailingMessageDataTests() {
8854 for _, t := range makePerMessageTests() {
8855 t.test.name = "TrailingMessageData-" + t.test.name
8856 t.test.config.Bugs.SendTrailingMessageData = t.messageType
8857 t.test.shouldFail = true
8858 t.test.expectedError = ":DECODE_ERROR:"
8859 t.test.expectedLocalError = "remote error: error decoding message"
8860
8861 if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
8862 // In TLS 1.3, a bad ServerHello means the client sends
8863 // an unencrypted alert while the server expects
8864 // encryption, so the alert is not readable by runner.
8865 t.test.expectedLocalError = "local error: bad record MAC"
8866 }
8867
8868 if t.messageType == typeFinished {
8869 // Bad Finished messages read as the verify data having
8870 // the wrong length.
8871 t.test.expectedError = ":DIGEST_CHECK_FAILED:"
8872 t.test.expectedLocalError = "remote error: error decrypting message"
8873 }
8874
8875 testCases = append(testCases, t.test)
8876 }
8877}
8878
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8879func addTLS13HandshakeTests() {
8880 testCases = append(testCases, testCase{
8881 testType: clientTest,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8882 name: "NegotiatePSKResumption-TLS13",
8883 config: Config{
8884 MaxVersion: VersionTLS13,
8885 Bugs: ProtocolBugs{
8886 NegotiatePSKResumption: true,
8887 },
8888 },
8889 resumeSession: true,
8890 shouldFail: true,
David Benjamindb5bd722016-12-08 18:21:27 -0500[diff] [blame]8891 expectedError: ":MISSING_KEY_SHARE:",
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8892 })
8893
8894 testCases = append(testCases, testCase{
8895 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8896 name: "MissingKeyShare-Client",
8897 config: Config{
8898 MaxVersion: VersionTLS13,
8899 Bugs: ProtocolBugs{
8900 MissingKeyShare: true,
8901 },
8902 },
8903 shouldFail: true,
David Benjamindb5bd722016-12-08 18:21:27 -0500[diff] [blame]8904 expectedError: ":MISSING_KEY_SHARE:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8905 })
8906
8907 testCases = append(testCases, testCase{
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]8908 testType: serverTest,
8909 name: "MissingKeyShare-Server",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8910 config: Config{
8911 MaxVersion: VersionTLS13,
8912 Bugs: ProtocolBugs{
8913 MissingKeyShare: true,
8914 },
8915 },
8916 shouldFail: true,
8917 expectedError: ":MISSING_KEY_SHARE:",
8918 })
8919
8920 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8921 testType: serverTest,
8922 name: "DuplicateKeyShares",
8923 config: Config{
8924 MaxVersion: VersionTLS13,
8925 Bugs: ProtocolBugs{
8926 DuplicateKeyShares: true,
8927 },
8928 },
David Benjamin7e1f9842016-09-20 19:24:40 -0400[diff] [blame]8929 shouldFail: true,
8930 expectedError: ":DUPLICATE_KEY_SHARE:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8931 })
8932
8933 testCases = append(testCases, testCase{
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]8934 testType: serverTest,
8935 name: "SkipEarlyData",
8936 config: Config{
8937 MaxVersion: VersionTLS13,
8938 Bugs: ProtocolBugs{
8939 SendEarlyDataLength: 4,
8940 },
8941 },
8942 })
8943
8944 testCases = append(testCases, testCase{
8945 testType: serverTest,
8946 name: "SkipEarlyData-OmitEarlyDataExtension",
8947 config: Config{
8948 MaxVersion: VersionTLS13,
8949 Bugs: ProtocolBugs{
8950 SendEarlyDataLength: 4,
8951 OmitEarlyDataExtension: true,
8952 },
8953 },
8954 shouldFail: true,
8955 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8956 })
8957
8958 testCases = append(testCases, testCase{
8959 testType: serverTest,
8960 name: "SkipEarlyData-TooMuchData",
8961 config: Config{
8962 MaxVersion: VersionTLS13,
8963 Bugs: ProtocolBugs{
8964 SendEarlyDataLength: 16384 + 1,
8965 },
8966 },
8967 shouldFail: true,
8968 expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
8969 })
8970
8971 testCases = append(testCases, testCase{
8972 testType: serverTest,
8973 name: "SkipEarlyData-Interleaved",
8974 config: Config{
8975 MaxVersion: VersionTLS13,
8976 Bugs: ProtocolBugs{
8977 SendEarlyDataLength: 4,
8978 InterleaveEarlyData: true,
8979 },
8980 },
8981 shouldFail: true,
8982 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8983 })
8984
8985 testCases = append(testCases, testCase{
8986 testType: serverTest,
8987 name: "SkipEarlyData-EarlyDataInTLS12",
8988 config: Config{
8989 MaxVersion: VersionTLS13,
8990 Bugs: ProtocolBugs{
8991 SendEarlyDataLength: 4,
8992 },
8993 },
8994 shouldFail: true,
8995 expectedError: ":UNEXPECTED_RECORD:",
8996 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
8997 })
8998
8999 testCases = append(testCases, testCase{
9000 testType: serverTest,
9001 name: "SkipEarlyData-HRR",
9002 config: Config{
9003 MaxVersion: VersionTLS13,
9004 Bugs: ProtocolBugs{
9005 SendEarlyDataLength: 4,
9006 },
9007 DefaultCurves: []CurveID{},
9008 },
9009 })
9010
9011 testCases = append(testCases, testCase{
9012 testType: serverTest,
9013 name: "SkipEarlyData-HRR-Interleaved",
9014 config: Config{
9015 MaxVersion: VersionTLS13,
9016 Bugs: ProtocolBugs{
9017 SendEarlyDataLength: 4,
9018 InterleaveEarlyData: true,
9019 },
9020 DefaultCurves: []CurveID{},
9021 },
9022 shouldFail: true,
9023 expectedError: ":UNEXPECTED_RECORD:",
9024 })
9025
9026 testCases = append(testCases, testCase{
9027 testType: serverTest,
9028 name: "SkipEarlyData-HRR-TooMuchData",
9029 config: Config{
9030 MaxVersion: VersionTLS13,
9031 Bugs: ProtocolBugs{
9032 SendEarlyDataLength: 16384 + 1,
9033 },
9034 DefaultCurves: []CurveID{},
9035 },
9036 shouldFail: true,
9037 expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
9038 })
9039
9040 // Test that skipping early data looking for cleartext correctly
9041 // processes an alert record.
9042 testCases = append(testCases, testCase{
9043 testType: serverTest,
9044 name: "SkipEarlyData-HRR-FatalAlert",
9045 config: Config{
9046 MaxVersion: VersionTLS13,
9047 Bugs: ProtocolBugs{
9048 SendEarlyAlert: true,
9049 SendEarlyDataLength: 4,
9050 },
9051 DefaultCurves: []CurveID{},
9052 },
9053 shouldFail: true,
9054 expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:",
9055 })
9056
9057 testCases = append(testCases, testCase{
9058 testType: serverTest,
9059 name: "SkipEarlyData-SecondClientHelloEarlyData",
9060 config: Config{
9061 MaxVersion: VersionTLS13,
9062 Bugs: ProtocolBugs{
9063 SendEarlyDataOnSecondClientHello: true,
9064 },
9065 DefaultCurves: []CurveID{},
9066 },
9067 shouldFail: true,
9068 expectedLocalError: "remote error: bad record MAC",
9069 })
9070
9071 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9072 testType: clientTest,
9073 name: "EmptyEncryptedExtensions",
9074 config: Config{
9075 MaxVersion: VersionTLS13,
9076 Bugs: ProtocolBugs{
9077 EmptyEncryptedExtensions: true,
9078 },
9079 },
9080 shouldFail: true,
9081 expectedLocalError: "remote error: error decoding message",
9082 })
9083
9084 testCases = append(testCases, testCase{
9085 testType: clientTest,
9086 name: "EncryptedExtensionsWithKeyShare",
9087 config: Config{
9088 MaxVersion: VersionTLS13,
9089 Bugs: ProtocolBugs{
9090 EncryptedExtensionsWithKeyShare: true,
9091 },
9092 },
9093 shouldFail: true,
9094 expectedLocalError: "remote error: unsupported extension",
9095 })
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9096
9097 testCases = append(testCases, testCase{
9098 testType: serverTest,
9099 name: "SendHelloRetryRequest",
9100 config: Config{
9101 MaxVersion: VersionTLS13,
9102 // Require a HelloRetryRequest for every curve.
9103 DefaultCurves: []CurveID{},
9104 },
9105 expectedCurveID: CurveX25519,
9106 })
9107
9108 testCases = append(testCases, testCase{
9109 testType: serverTest,
9110 name: "SendHelloRetryRequest-2",
9111 config: Config{
9112 MaxVersion: VersionTLS13,
9113 DefaultCurves: []CurveID{CurveP384},
9114 },
9115 // Although the ClientHello did not predict our preferred curve,
9116 // we always select it whether it is predicted or not.
9117 expectedCurveID: CurveX25519,
9118 })
9119
9120 testCases = append(testCases, testCase{
9121 name: "UnknownCurve-HelloRetryRequest",
9122 config: Config{
9123 MaxVersion: VersionTLS13,
9124 // P-384 requires HelloRetryRequest in BoringSSL.
9125 CurvePreferences: []CurveID{CurveP384},
9126 Bugs: ProtocolBugs{
9127 SendHelloRetryRequestCurve: bogusCurve,
9128 },
9129 },
9130 shouldFail: true,
9131 expectedError: ":WRONG_CURVE:",
9132 })
9133
9134 testCases = append(testCases, testCase{
9135 name: "DisabledCurve-HelloRetryRequest",
9136 config: Config{
9137 MaxVersion: VersionTLS13,
9138 CurvePreferences: []CurveID{CurveP256},
9139 Bugs: ProtocolBugs{
9140 IgnorePeerCurvePreferences: true,
9141 },
9142 },
9143 flags: []string{"-p384-only"},
9144 shouldFail: true,
9145 expectedError: ":WRONG_CURVE:",
9146 })
9147
9148 testCases = append(testCases, testCase{
9149 name: "UnnecessaryHelloRetryRequest",
9150 config: Config{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9151 MaxVersion: VersionTLS13,
9152 CurvePreferences: []CurveID{CurveX25519},
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9153 Bugs: ProtocolBugs{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9154 SendHelloRetryRequestCurve: CurveX25519,
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9155 },
9156 },
9157 shouldFail: true,
9158 expectedError: ":WRONG_CURVE:",
9159 })
9160
9161 testCases = append(testCases, testCase{
9162 name: "SecondHelloRetryRequest",
9163 config: Config{
9164 MaxVersion: VersionTLS13,
9165 // P-384 requires HelloRetryRequest in BoringSSL.
9166 CurvePreferences: []CurveID{CurveP384},
9167 Bugs: ProtocolBugs{
9168 SecondHelloRetryRequest: true,
9169 },
9170 },
9171 shouldFail: true,
9172 expectedError: ":UNEXPECTED_MESSAGE:",
9173 })
9174
9175 testCases = append(testCases, testCase{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9176 name: "HelloRetryRequest-Empty",
9177 config: Config{
9178 MaxVersion: VersionTLS13,
9179 Bugs: ProtocolBugs{
9180 AlwaysSendHelloRetryRequest: true,
9181 },
9182 },
9183 shouldFail: true,
9184 expectedError: ":DECODE_ERROR:",
9185 })
9186
9187 testCases = append(testCases, testCase{
9188 name: "HelloRetryRequest-DuplicateCurve",
9189 config: Config{
9190 MaxVersion: VersionTLS13,
9191 // P-384 requires a HelloRetryRequest against BoringSSL's default
9192 // configuration. Assert this ExpectMissingKeyShare.
9193 CurvePreferences: []CurveID{CurveP384},
9194 Bugs: ProtocolBugs{
9195 ExpectMissingKeyShare: true,
9196 DuplicateHelloRetryRequestExtensions: true,
9197 },
9198 },
9199 shouldFail: true,
9200 expectedError: ":DUPLICATE_EXTENSION:",
9201 expectedLocalError: "remote error: illegal parameter",
9202 })
9203
9204 testCases = append(testCases, testCase{
9205 name: "HelloRetryRequest-Cookie",
9206 config: Config{
9207 MaxVersion: VersionTLS13,
9208 Bugs: ProtocolBugs{
9209 SendHelloRetryRequestCookie: []byte("cookie"),
9210 },
9211 },
9212 })
9213
9214 testCases = append(testCases, testCase{
9215 name: "HelloRetryRequest-DuplicateCookie",
9216 config: Config{
9217 MaxVersion: VersionTLS13,
9218 Bugs: ProtocolBugs{
9219 SendHelloRetryRequestCookie: []byte("cookie"),
9220 DuplicateHelloRetryRequestExtensions: true,
9221 },
9222 },
9223 shouldFail: true,
9224 expectedError: ":DUPLICATE_EXTENSION:",
9225 expectedLocalError: "remote error: illegal parameter",
9226 })
9227
9228 testCases = append(testCases, testCase{
9229 name: "HelloRetryRequest-EmptyCookie",
9230 config: Config{
9231 MaxVersion: VersionTLS13,
9232 Bugs: ProtocolBugs{
9233 SendHelloRetryRequestCookie: []byte{},
9234 },
9235 },
9236 shouldFail: true,
9237 expectedError: ":DECODE_ERROR:",
9238 })
9239
9240 testCases = append(testCases, testCase{
9241 name: "HelloRetryRequest-Cookie-Curve",
9242 config: Config{
9243 MaxVersion: VersionTLS13,
9244 // P-384 requires HelloRetryRequest in BoringSSL.
9245 CurvePreferences: []CurveID{CurveP384},
9246 Bugs: ProtocolBugs{
9247 SendHelloRetryRequestCookie: []byte("cookie"),
9248 ExpectMissingKeyShare: true,
9249 },
9250 },
9251 })
9252
9253 testCases = append(testCases, testCase{
9254 name: "HelloRetryRequest-Unknown",
9255 config: Config{
9256 MaxVersion: VersionTLS13,
9257 Bugs: ProtocolBugs{
9258 CustomHelloRetryRequestExtension: "extension",
9259 },
9260 },
9261 shouldFail: true,
9262 expectedError: ":UNEXPECTED_EXTENSION:",
9263 expectedLocalError: "remote error: unsupported extension",
9264 })
9265
9266 testCases = append(testCases, testCase{
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9267 testType: serverTest,
9268 name: "SecondClientHelloMissingKeyShare",
9269 config: Config{
9270 MaxVersion: VersionTLS13,
9271 DefaultCurves: []CurveID{},
9272 Bugs: ProtocolBugs{
9273 SecondClientHelloMissingKeyShare: true,
9274 },
9275 },
9276 shouldFail: true,
9277 expectedError: ":MISSING_KEY_SHARE:",
9278 })
9279
9280 testCases = append(testCases, testCase{
9281 testType: serverTest,
9282 name: "SecondClientHelloWrongCurve",
9283 config: Config{
9284 MaxVersion: VersionTLS13,
9285 DefaultCurves: []CurveID{},
9286 Bugs: ProtocolBugs{
9287 MisinterpretHelloRetryRequestCurve: CurveP521,
9288 },
9289 },
9290 shouldFail: true,
9291 expectedError: ":WRONG_CURVE:",
9292 })
9293
9294 testCases = append(testCases, testCase{
9295 name: "HelloRetryRequestVersionMismatch",
9296 config: Config{
9297 MaxVersion: VersionTLS13,
9298 // P-384 requires HelloRetryRequest in BoringSSL.
9299 CurvePreferences: []CurveID{CurveP384},
9300 Bugs: ProtocolBugs{
9301 SendServerHelloVersion: 0x0305,
9302 },
9303 },
9304 shouldFail: true,
9305 expectedError: ":WRONG_VERSION_NUMBER:",
9306 })
9307
9308 testCases = append(testCases, testCase{
9309 name: "HelloRetryRequestCurveMismatch",
9310 config: Config{
9311 MaxVersion: VersionTLS13,
9312 // P-384 requires HelloRetryRequest in BoringSSL.
9313 CurvePreferences: []CurveID{CurveP384},
9314 Bugs: ProtocolBugs{
9315 // Send P-384 (correct) in the HelloRetryRequest.
9316 SendHelloRetryRequestCurve: CurveP384,
9317 // But send P-256 in the ServerHello.
9318 SendCurve: CurveP256,
9319 },
9320 },
9321 shouldFail: true,
9322 expectedError: ":WRONG_CURVE:",
9323 })
9324
9325 // Test the server selecting a curve that requires a HelloRetryRequest
9326 // without sending it.
9327 testCases = append(testCases, testCase{
9328 name: "SkipHelloRetryRequest",
9329 config: Config{
9330 MaxVersion: VersionTLS13,
9331 // P-384 requires HelloRetryRequest in BoringSSL.
9332 CurvePreferences: []CurveID{CurveP384},
9333 Bugs: ProtocolBugs{
9334 SkipHelloRetryRequest: true,
9335 },
9336 },
9337 shouldFail: true,
9338 expectedError: ":WRONG_CURVE:",
9339 })
David Benjamin8a8349b2016-08-18 02:32:23 -0400[diff] [blame]9340
9341 testCases = append(testCases, testCase{
9342 name: "TLS13-RequestContextInHandshake",
9343 config: Config{
9344 MaxVersion: VersionTLS13,
9345 MinVersion: VersionTLS13,
9346 ClientAuth: RequireAnyClientCert,
9347 Bugs: ProtocolBugs{
9348 SendRequestContext: []byte("request context"),
9349 },
9350 },
9351 flags: []string{
9352 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
9353 "-key-file", path.Join(*resourceDir, rsaKeyFile),
9354 },
9355 shouldFail: true,
9356 expectedError: ":DECODE_ERROR:",
9357 })
David Benjamin7e1f9842016-09-20 19:24:40 -0400[diff] [blame]9358
9359 testCases = append(testCases, testCase{
9360 testType: serverTest,
9361 name: "TLS13-TrailingKeyShareData",
9362 config: Config{
9363 MaxVersion: VersionTLS13,
9364 Bugs: ProtocolBugs{
9365 TrailingKeyShareData: true,
9366 },
9367 },
9368 shouldFail: true,
9369 expectedError: ":DECODE_ERROR:",
9370 })
David Benjamin7f78df42016-10-05 22:33:19 -0400[diff] [blame]9371
9372 testCases = append(testCases, testCase{
9373 name: "TLS13-AlwaysSelectPSKIdentity",
9374 config: Config{
9375 MaxVersion: VersionTLS13,
9376 Bugs: ProtocolBugs{
9377 AlwaysSelectPSKIdentity: true,
9378 },
9379 },
9380 shouldFail: true,
9381 expectedError: ":UNEXPECTED_EXTENSION:",
9382 })
9383
9384 testCases = append(testCases, testCase{
9385 name: "TLS13-InvalidPSKIdentity",
9386 config: Config{
9387 MaxVersion: VersionTLS13,
9388 Bugs: ProtocolBugs{
9389 SelectPSKIdentityOnResume: 1,
9390 },
9391 },
9392 resumeSession: true,
9393 shouldFail: true,
9394 expectedError: ":PSK_IDENTITY_NOT_FOUND:",
9395 })
David Benjamin1286bee2016-10-07 15:25:06 -0400[diff] [blame]9396
Steven Valdezaf3b8a92016-11-01 12:49:22 -0400[diff] [blame]9397 testCases = append(testCases, testCase{
9398 testType: serverTest,
9399 name: "TLS13-ExtraPSKIdentity",
9400 config: Config{
9401 MaxVersion: VersionTLS13,
9402 Bugs: ProtocolBugs{
David Benjaminaedf3032016-12-01 16:47:56 -0500[diff] [blame]9403 ExtraPSKIdentity: true,
9404 SendExtraPSKBinder: true,
Steven Valdezaf3b8a92016-11-01 12:49:22 -0400[diff] [blame]9405 },
9406 },
9407 resumeSession: true,
9408 })
9409
David Benjamin1286bee2016-10-07 15:25:06 -0400[diff] [blame]9410 // Test that unknown NewSessionTicket extensions are tolerated.
9411 testCases = append(testCases, testCase{
9412 name: "TLS13-CustomTicketExtension",
9413 config: Config{
9414 MaxVersion: VersionTLS13,
9415 Bugs: ProtocolBugs{
9416 CustomTicketExtension: "1234",
9417 },
9418 },
9419 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9420}
9421
David Benjaminabbbee12016-10-31 19:20:42 -0400[diff] [blame]9422func addTLS13CipherPreferenceTests() {
9423 // Test that client preference is honored if the shim has AES hardware
9424 // and ChaCha20-Poly1305 is preferred otherwise.
9425 testCases = append(testCases, testCase{
9426 testType: serverTest,
9427 name: "TLS13-CipherPreference-Server-ChaCha20-AES",
9428 config: Config{
9429 MaxVersion: VersionTLS13,
9430 CipherSuites: []uint16{
9431 TLS_CHACHA20_POLY1305_SHA256,
9432 TLS_AES_128_GCM_SHA256,
9433 },
9434 },
9435 flags: []string{
9436 "-expect-cipher-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9437 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9438 },
9439 })
9440
9441 testCases = append(testCases, testCase{
9442 testType: serverTest,
9443 name: "TLS13-CipherPreference-Server-AES-ChaCha20",
9444 config: Config{
9445 MaxVersion: VersionTLS13,
9446 CipherSuites: []uint16{
9447 TLS_AES_128_GCM_SHA256,
9448 TLS_CHACHA20_POLY1305_SHA256,
9449 },
9450 },
9451 flags: []string{
9452 "-expect-cipher-aes", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)),
9453 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9454 },
9455 })
9456
9457 // Test that the client orders ChaCha20-Poly1305 and AES-GCM based on
9458 // whether it has AES hardware.
9459 testCases = append(testCases, testCase{
9460 name: "TLS13-CipherPreference-Client",
9461 config: Config{
9462 MaxVersion: VersionTLS13,
9463 // Use the client cipher order. (This is the default but
9464 // is listed to be explicit.)
9465 PreferServerCipherSuites: false,
9466 },
9467 flags: []string{
9468 "-expect-cipher-aes", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)),
9469 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9470 },
9471 })
9472}
9473
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9474func addPeekTests() {
9475 // Test SSL_peek works, including on empty records.
9476 testCases = append(testCases, testCase{
9477 name: "Peek-Basic",
9478 sendEmptyRecords: 1,
9479 flags: []string{"-peek-then-read"},
9480 })
9481
9482 // Test SSL_peek can drive the initial handshake.
9483 testCases = append(testCases, testCase{
9484 name: "Peek-ImplicitHandshake",
9485 flags: []string{
9486 "-peek-then-read",
9487 "-implicit-handshake",
9488 },
9489 })
9490
9491 // Test SSL_peek can discover and drive a renegotiation.
9492 testCases = append(testCases, testCase{
9493 name: "Peek-Renegotiate",
9494 config: Config{
9495 MaxVersion: VersionTLS12,
9496 },
9497 renegotiate: 1,
9498 flags: []string{
9499 "-peek-then-read",
9500 "-renegotiate-freely",
9501 "-expect-total-renegotiations", "1",
9502 },
9503 })
9504
9505 // Test SSL_peek can discover a close_notify.
9506 testCases = append(testCases, testCase{
9507 name: "Peek-Shutdown",
9508 config: Config{
9509 Bugs: ProtocolBugs{
9510 ExpectCloseNotify: true,
9511 },
9512 },
9513 flags: []string{
9514 "-peek-then-read",
9515 "-check-close-notify",
9516 },
9517 })
9518
9519 // Test SSL_peek can discover an alert.
9520 testCases = append(testCases, testCase{
9521 name: "Peek-Alert",
9522 config: Config{
9523 Bugs: ProtocolBugs{
9524 SendSpuriousAlert: alertRecordOverflow,
9525 },
9526 },
9527 flags: []string{"-peek-then-read"},
9528 shouldFail: true,
9529 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
9530 })
9531
9532 // Test SSL_peek can handle KeyUpdate.
9533 testCases = append(testCases, testCase{
9534 name: "Peek-KeyUpdate",
9535 config: Config{
9536 MaxVersion: VersionTLS13,
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9537 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]9538 sendKeyUpdates: 1,
9539 keyUpdateRequest: keyUpdateNotRequested,
9540 flags: []string{"-peek-then-read"},
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9541 })
9542}
9543
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]9544func addRecordVersionTests() {
9545 for _, ver := range tlsVersions {
9546 // Test that the record version is enforced.
9547 testCases = append(testCases, testCase{
9548 name: "CheckRecordVersion-" + ver.name,
9549 config: Config{
9550 MinVersion: ver.version,
9551 MaxVersion: ver.version,
9552 Bugs: ProtocolBugs{
9553 SendRecordVersion: 0x03ff,
9554 },
9555 },
9556 shouldFail: true,
9557 expectedError: ":WRONG_VERSION_NUMBER:",
9558 })
9559
9560 // Test that the ClientHello may use any record version, for
9561 // compatibility reasons.
9562 testCases = append(testCases, testCase{
9563 testType: serverTest,
9564 name: "LooseInitialRecordVersion-" + ver.name,
9565 config: Config{
9566 MinVersion: ver.version,
9567 MaxVersion: ver.version,
9568 Bugs: ProtocolBugs{
9569 SendInitialRecordVersion: 0x03ff,
9570 },
9571 },
9572 })
9573
9574 // Test that garbage ClientHello record versions are rejected.
9575 testCases = append(testCases, testCase{
9576 testType: serverTest,
9577 name: "GarbageInitialRecordVersion-" + ver.name,
9578 config: Config{
9579 MinVersion: ver.version,
9580 MaxVersion: ver.version,
9581 Bugs: ProtocolBugs{
9582 SendInitialRecordVersion: 0xffff,
9583 },
9584 },
9585 shouldFail: true,
9586 expectedError: ":WRONG_VERSION_NUMBER:",
9587 })
9588 }
9589}
9590
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9591func addCertificateTests() {
9592 // Test that a certificate chain with intermediate may be sent and
9593 // received as both client and server.
9594 for _, ver := range tlsVersions {
9595 testCases = append(testCases, testCase{
9596 testType: clientTest,
9597 name: "SendReceiveIntermediate-Client-" + ver.name,
9598 config: Config{
Adam Langleycd6cfb02016-12-06 15:11:00 -0800[diff] [blame]9599 MinVersion: ver.version,
9600 MaxVersion: ver.version,
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9601 Certificates: []Certificate{rsaChainCertificate},
9602 ClientAuth: RequireAnyClientCert,
9603 },
9604 expectPeerCertificate: &rsaChainCertificate,
9605 flags: []string{
9606 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9607 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
9608 "-expect-peer-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9609 },
9610 })
9611
9612 testCases = append(testCases, testCase{
9613 testType: serverTest,
9614 name: "SendReceiveIntermediate-Server-" + ver.name,
9615 config: Config{
Adam Langleycd6cfb02016-12-06 15:11:00 -0800[diff] [blame]9616 MinVersion: ver.version,
9617 MaxVersion: ver.version,
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9618 Certificates: []Certificate{rsaChainCertificate},
9619 },
9620 expectPeerCertificate: &rsaChainCertificate,
9621 flags: []string{
9622 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9623 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
9624 "-require-any-client-certificate",
9625 "-expect-peer-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9626 },
9627 })
9628 }
9629}
9630
David Benjaminbbaf3672016-11-17 10:53:09 +0900[diff] [blame]9631func addRetainOnlySHA256ClientCertTests() {
9632 for _, ver := range tlsVersions {
9633 // Test that enabling
9634 // SSL_CTX_set_retain_only_sha256_of_client_certs without
9635 // actually requesting a client certificate is a no-op.
9636 testCases = append(testCases, testCase{
9637 testType: serverTest,
9638 name: "RetainOnlySHA256-NoCert-" + ver.name,
9639 config: Config{
9640 MinVersion: ver.version,
9641 MaxVersion: ver.version,
9642 },
9643 flags: []string{
9644 "-retain-only-sha256-client-cert-initial",
9645 "-retain-only-sha256-client-cert-resume",
9646 },
9647 resumeSession: true,
9648 })
9649
9650 // Test that when retaining only a SHA-256 certificate is
9651 // enabled, the hash appears as expected.
9652 testCases = append(testCases, testCase{
9653 testType: serverTest,
9654 name: "RetainOnlySHA256-Cert-" + ver.name,
9655 config: Config{
9656 MinVersion: ver.version,
9657 MaxVersion: ver.version,
9658 Certificates: []Certificate{rsaCertificate},
9659 },
9660 flags: []string{
9661 "-verify-peer",
9662 "-retain-only-sha256-client-cert-initial",
9663 "-retain-only-sha256-client-cert-resume",
9664 "-expect-sha256-client-cert-initial",
9665 "-expect-sha256-client-cert-resume",
9666 },
9667 resumeSession: true,
9668 })
9669
9670 // Test that when the config changes from on to off, a
9671 // resumption is rejected because the server now wants the full
9672 // certificate chain.
9673 testCases = append(testCases, testCase{
9674 testType: serverTest,
9675 name: "RetainOnlySHA256-OnOff-" + ver.name,
9676 config: Config{
9677 MinVersion: ver.version,
9678 MaxVersion: ver.version,
9679 Certificates: []Certificate{rsaCertificate},
9680 },
9681 flags: []string{
9682 "-verify-peer",
9683 "-retain-only-sha256-client-cert-initial",
9684 "-expect-sha256-client-cert-initial",
9685 },
9686 resumeSession: true,
9687 expectResumeRejected: true,
9688 })
9689
9690 // Test that when the config changes from off to on, a
9691 // resumption is rejected because the server now wants just the
9692 // hash.
9693 testCases = append(testCases, testCase{
9694 testType: serverTest,
9695 name: "RetainOnlySHA256-OffOn-" + ver.name,
9696 config: Config{
9697 MinVersion: ver.version,
9698 MaxVersion: ver.version,
9699 Certificates: []Certificate{rsaCertificate},
9700 },
9701 flags: []string{
9702 "-verify-peer",
9703 "-retain-only-sha256-client-cert-resume",
9704 "-expect-sha256-client-cert-resume",
9705 },
9706 resumeSession: true,
9707 expectResumeRejected: true,
9708 })
9709 }
9710}
9711
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]9712func addECDSAKeyUsageTests() {
9713 p256 := elliptic.P256()
9714 priv, err := ecdsa.GenerateKey(p256, rand.Reader)
9715 if err != nil {
9716 panic(err)
9717 }
9718
9719 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
9720 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
9721 if err != nil {
9722 panic(err)
9723 }
9724
9725 template := x509.Certificate{
9726 SerialNumber: serialNumber,
9727 Subject: pkix.Name{
9728 Organization: []string{"Acme Co"},
9729 },
9730 NotBefore: time.Now(),
9731 NotAfter: time.Now(),
9732
9733 // An ECC certificate with only the keyAgreement key usgae may
9734 // be used with ECDH, but not ECDSA.
9735 KeyUsage: x509.KeyUsageKeyAgreement,
9736 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
9737 BasicConstraintsValid: true,
9738 }
9739
9740 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
9741 if err != nil {
9742 panic(err)
9743 }
9744
9745 cert := Certificate{
9746 Certificate: [][]byte{derBytes},
9747 PrivateKey: priv,
9748 }
9749
9750 for _, ver := range tlsVersions {
9751 if ver.version < VersionTLS12 {
9752 continue
9753 }
9754
9755 testCases = append(testCases, testCase{
9756 testType: clientTest,
9757 name: "ECDSAKeyUsage-" + ver.name,
9758 config: Config{
9759 MinVersion: ver.version,
9760 MaxVersion: ver.version,
9761 Certificates: []Certificate{cert},
9762 },
9763 shouldFail: true,
9764 expectedError: ":ECC_CERT_NOT_FOR_SIGNING:",
9765 })
9766 }
9767}
9768
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9769func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9770 defer wg.Done()
9771
9772 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9773 var err error
9774
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]9775 if *mallocTest >= 0 {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9776 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
9777 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9778 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9779 if err != nil {
9780 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
9781 }
9782 break
9783 }
9784 }
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]9785 } else if *repeatUntilFailure {
9786 for err == nil {
9787 statusChan <- statusMsg{test: test, started: true}
9788 err = runTest(test, shimPath, -1)
9789 }
9790 } else {
9791 statusChan <- statusMsg{test: test, started: true}
9792 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9793 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9794 statusChan <- statusMsg{test: test, err: err}
9795 }
9796}
9797
9798type statusMsg struct {
9799 test *testCase
9800 started bool
9801 err error
9802}
9803
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9804func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9805 var started, done, failed, unimplemented, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9806
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9807 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9808 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9809 if !*pipe {
9810 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]9811 var erase string
9812 for i := 0; i < lineLen; i++ {
9813 erase += "\b \b"
9814 }
9815 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9816 }
9817
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9818 if msg.started {
9819 started++
9820 } else {
9821 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9822
9823 if msg.err != nil {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9824 if msg.err == errUnimplemented {
9825 if *pipe {
9826 // Print each test instead of a status line.
9827 fmt.Printf("UNIMPLEMENTED (%s)\n", msg.test.name)
9828 }
9829 unimplemented++
9830 testOutput.addResult(msg.test.name, "UNIMPLEMENTED")
9831 } else {
9832 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
9833 failed++
9834 testOutput.addResult(msg.test.name, "FAIL")
9835 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9836 } else {
9837 if *pipe {
9838 // Print each test instead of a status line.
9839 fmt.Printf("PASSED (%s)\n", msg.test.name)
9840 }
9841 testOutput.addResult(msg.test.name, "PASS")
9842 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9843 }
9844
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9845 if !*pipe {
9846 // Print a new status line.
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9847 line := fmt.Sprintf("%d/%d/%d/%d/%d", failed, unimplemented, done, started, total)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9848 lineLen = len(line)
9849 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9850 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9851 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9852
9853 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9854}
9855
9856func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9857 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9858 *resourceDir = path.Clean(*resourceDir)
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]9859 initCertificates()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9860
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9861 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9862 addCipherSuiteTests()
9863 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]9864 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]9865 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]9866 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]9867 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]9868 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]9869 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]9870 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]9871 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]9872 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]9873 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]9874 addDTLSReplayTests()
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]9875 addSignatureAlgorithmTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]9876 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]9877 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]9878 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]9879 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]9880 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]9881 addCurveTests()
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]9882 addSessionTicketTests()
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]9883 addTLS13RecordTests()
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]9884 addAllStateMachineCoverageTests()
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]9885 addChangeCipherSpecTests()
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9886 addWrongMessageTypeTests()
David Benjamin639846e2016-09-09 11:41:18 -0400[diff] [blame]9887 addTrailingMessageDataTests()
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9888 addTLS13HandshakeTests()
David Benjaminabbbee12016-10-31 19:20:42 -0400[diff] [blame]9889 addTLS13CipherPreferenceTests()
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9890 addPeekTests()
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]9891 addRecordVersionTests()
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9892 addCertificateTests()
David Benjaminbbaf3672016-11-17 10:53:09 +0900[diff] [blame]9893 addRetainOnlySHA256ClientCertTests()
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]9894 addECDSAKeyUsageTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9895
9896 var wg sync.WaitGroup
9897
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9898 statusChan := make(chan statusMsg, *numWorkers)
9899 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9900 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9901
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]9902 if len(*shimConfigFile) != 0 {
9903 encoded, err := ioutil.ReadFile(*shimConfigFile)
9904 if err != nil {
9905 fmt.Fprintf(os.Stderr, "Couldn't read config file %q: %s\n", *shimConfigFile, err)
9906 os.Exit(1)
9907 }
9908
9909 if err := json.Unmarshal(encoded, &shimConfig); err != nil {
9910 fmt.Fprintf(os.Stderr, "Couldn't decode config file %q: %s\n", *shimConfigFile, err)
9911 os.Exit(1)
9912 }
9913 }
9914
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]9915 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9916
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9917 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9918 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9919 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9920 }
9921
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9922 var foundTest bool
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]9923 for i := range testCases {
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]9924 matched := true
9925 if len(*testToRun) != 0 {
9926 var err error
9927 matched, err = filepath.Match(*testToRun, testCases[i].name)
9928 if err != nil {
9929 fmt.Fprintf(os.Stderr, "Error matching pattern: %s\n", err)
9930 os.Exit(1)
9931 }
9932 }
9933
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]9934 if !*includeDisabled {
9935 for pattern := range shimConfig.DisabledTests {
9936 isDisabled, err := filepath.Match(pattern, testCases[i].name)
9937 if err != nil {
9938 fmt.Fprintf(os.Stderr, "Error matching pattern %q from config file: %s\n", pattern, err)
9939 os.Exit(1)
9940 }
9941
9942 if isDisabled {
9943 matched = false
9944 break
9945 }
9946 }
9947 }
9948
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]9949 if matched {
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9950 foundTest = true
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]9951 testChan <- &testCases[i]
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]9952
9953 // Only run one test if repeating until failure.
9954 if *repeatUntilFailure {
9955 break
9956 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9957 }
9958 }
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]9959
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9960 if !foundTest {
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]9961 fmt.Fprintf(os.Stderr, "No tests run\n")
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9962 os.Exit(1)
9963 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9964
9965 close(testChan)
9966 wg.Wait()
9967 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9968 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9969
9970 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9971
9972 if *jsonOutput != "" {
9973 if err := testOutput.writeTo(*jsonOutput); err != nil {
9974 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
9975 }
9976 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]9977
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9978 if !*allowUnimplemented && testOutput.NumFailuresByType["UNIMPLEMENTED"] > 0 {
9979 os.Exit(1)
9980 }
9981
9982 if !testOutput.noneFailed {
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]9983 os.Exit(1)
9984 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9985}