Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 5e961c1ff1515fb328de711b0ee795253199b298 / . / ssl / test / runner / runner.go
blob: 44e15d1989caa79f960a8c69b921e677fbd34261 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1package main
2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]14 "net"
15 "os"
16 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]17 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]18 "runtime"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]19 "strings"
20 "sync"
21 "syscall"
22)
23
24var useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]25var useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
26var flagDebug *bool = flag.Bool("debug", false, "Hexdump the contents of the connection")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]27
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]28const (
29 rsaCertificateFile = "cert.pem"
30 ecdsaCertificateFile = "ecdsa_cert.pem"
31)
32
33const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]34 rsaKeyFile = "key.pem"
35 ecdsaKeyFile = "ecdsa_key.pem"
36 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]37)
38
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]39var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]40var channelIDKey *ecdsa.PrivateKey
41var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]42
43func initCertificates() {
44 var err error
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]45 rsaCertificate, err = LoadX509KeyPair(rsaCertificateFile, rsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]46 if err != nil {
47 panic(err)
48 }
49
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]50 ecdsaCertificate, err = LoadX509KeyPair(ecdsaCertificateFile, ecdsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]51 if err != nil {
52 panic(err)
53 }
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]54
55 channelIDPEMBlock, err := ioutil.ReadFile(channelIDKeyFile)
56 if err != nil {
57 panic(err)
58 }
59 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
60 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
61 panic("bad key type")
62 }
63 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
64 if err != nil {
65 panic(err)
66 }
67 if channelIDKey.Curve != elliptic.P256() {
68 panic("bad curve")
69 }
70
71 channelIDBytes = make([]byte, 64)
72 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
73 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]74}
75
76var certificateOnce sync.Once
77
78func getRSACertificate() Certificate {
79 certificateOnce.Do(initCertificates)
80 return rsaCertificate
81}
82
83func getECDSACertificate() Certificate {
84 certificateOnce.Do(initCertificates)
85 return ecdsaCertificate
86}
87
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]88type testType int
89
90const (
91 clientTest testType = iota
92 serverTest
93)
94
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]95type protocol int
96
97const (
98 tls protocol = iota
99 dtls
100)
101
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]102const (
103 alpn = 1
104 npn = 2
105)
106
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]107type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]108 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]109 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]110 name string
111 config Config
112 shouldFail bool
113 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]114 // expectedLocalError, if not empty, contains a substring that must be
115 // found in the local error.
116 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]117 // expectedVersion, if non-zero, specifies the TLS version that must be
118 // negotiated.
119 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]120 // expectedResumeVersion, if non-zero, specifies the TLS version that
121 // must be negotiated on resumption. If zero, expectedVersion is used.
122 expectedResumeVersion uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]123 // expectChannelID controls whether the connection should have
124 // negotiated a Channel ID with channelIDKey.
125 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]126 // expectedNextProto controls whether the connection should
127 // negotiate a next protocol via NPN or ALPN.
128 expectedNextProto string
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]129 // expectedNextProtoType, if non-zero, is the expected next
130 // protocol negotiation mechanism.
131 expectedNextProtoType int
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]132 // messageLen is the length, in bytes, of the test message that will be
133 // sent.
134 messageLen int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]135 // certFile is the path to the certificate to use for the server.
136 certFile string
137 // keyFile is the path to the private key to use for the server.
138 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]139 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]140 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]141 resumeSession bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]142 // resumeConfig, if not nil, points to a Config to be used on
143 // resumption. SessionTicketKey and ClientSessionCache are copied from
144 // the initial connection's config. If nil, the initial connection's
145 // config is used.
146 resumeConfig *Config
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]147 // sendPrefix sends a prefix on the socket before actually performing a
148 // handshake.
149 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]150 // shimWritesFirst controls whether the shim sends an initial "hello"
151 // message before doing a roundtrip with the runner.
152 shimWritesFirst bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]153 // renegotiate indicates the the connection should be renegotiated
154 // during the exchange.
155 renegotiate bool
156 // renegotiateCiphers is a list of ciphersuite ids that will be
157 // switched in just before renegotiation.
158 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame^]159 // replayWrites, if true, configures the underlying transport
160 // to replay every write it makes in DTLS tests.
161 replayWrites bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]162 // flags, if not empty, contains a list of command-line flags that will
163 // be passed to the shim program.
164 flags []string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]165}
166
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]167var testCases = []testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]168 {
169 name: "BadRSASignature",
170 config: Config{
171 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
172 Bugs: ProtocolBugs{
173 InvalidSKXSignature: true,
174 },
175 },
176 shouldFail: true,
177 expectedError: ":BAD_SIGNATURE:",
178 },
179 {
180 name: "BadECDSASignature",
181 config: Config{
182 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
183 Bugs: ProtocolBugs{
184 InvalidSKXSignature: true,
185 },
186 Certificates: []Certificate{getECDSACertificate()},
187 },
188 shouldFail: true,
189 expectedError: ":BAD_SIGNATURE:",
190 },
191 {
192 name: "BadECDSACurve",
193 config: Config{
194 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
195 Bugs: ProtocolBugs{
196 InvalidSKXCurve: true,
197 },
198 Certificates: []Certificate{getECDSACertificate()},
199 },
200 shouldFail: true,
201 expectedError: ":WRONG_CURVE:",
202 },
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]203 {
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]204 testType: serverTest,
205 name: "BadRSAVersion",
206 config: Config{
207 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
208 Bugs: ProtocolBugs{
209 RsaClientKeyExchangeVersion: VersionTLS11,
210 },
211 },
212 shouldFail: true,
213 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
214 },
215 {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]216 name: "NoFallbackSCSV",
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]217 config: Config{
218 Bugs: ProtocolBugs{
219 FailIfNotFallbackSCSV: true,
220 },
221 },
222 shouldFail: true,
223 expectedLocalError: "no fallback SCSV found",
224 },
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]225 {
David Benjamin2a0c4962014-08-22 23:46:35 -0400[diff] [blame]226 name: "SendFallbackSCSV",
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]227 config: Config{
228 Bugs: ProtocolBugs{
229 FailIfNotFallbackSCSV: true,
230 },
231 },
232 flags: []string{"-fallback-scsv"},
233 },
David Benjamin197b3ab2014-07-02 18:37:33 -0400[diff] [blame]234 {
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]235 name: "ClientCertificateTypes",
236 config: Config{
237 ClientAuth: RequestClientCert,
238 ClientCertificateTypes: []byte{
239 CertTypeDSSSign,
240 CertTypeRSASign,
241 CertTypeECDSASign,
242 },
243 },
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]244 flags: []string{
245 "-expect-certificate-types",
246 base64.StdEncoding.EncodeToString([]byte{
247 CertTypeDSSSign,
248 CertTypeRSASign,
249 CertTypeECDSASign,
250 }),
251 },
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]252 },
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]253 {
254 name: "NoClientCertificate",
255 config: Config{
256 ClientAuth: RequireAnyClientCert,
257 },
258 shouldFail: true,
259 expectedLocalError: "client didn't provide a certificate",
260 },
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]261 {
262 name: "UnauthenticatedECDH",
263 config: Config{
264 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
265 Bugs: ProtocolBugs{
266 UnauthenticatedECDH: true,
267 },
268 },
269 shouldFail: true,
David Benjamine8f3d662014-07-12 01:10:19 -0400[diff] [blame]270 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]271 },
David Benjamin9c651c92014-07-12 13:27:45 -0400[diff] [blame]272 {
273 name: "SkipServerKeyExchange",
274 config: Config{
275 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
276 Bugs: ProtocolBugs{
277 SkipServerKeyExchange: true,
278 },
279 },
280 shouldFail: true,
281 expectedError: ":UNEXPECTED_MESSAGE:",
282 },
David Benjamin1f5f62b2014-07-12 16:18:02 -0400[diff] [blame]283 {
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]284 name: "SkipChangeCipherSpec-Client",
285 config: Config{
286 Bugs: ProtocolBugs{
287 SkipChangeCipherSpec: true,
288 },
289 },
290 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]291 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]292 },
293 {
294 testType: serverTest,
295 name: "SkipChangeCipherSpec-Server",
296 config: Config{
297 Bugs: ProtocolBugs{
298 SkipChangeCipherSpec: true,
299 },
300 },
301 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]302 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]303 },
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]304 {
305 testType: serverTest,
306 name: "SkipChangeCipherSpec-Server-NPN",
307 config: Config{
308 NextProtos: []string{"bar"},
309 Bugs: ProtocolBugs{
310 SkipChangeCipherSpec: true,
311 },
312 },
313 flags: []string{
314 "-advertise-npn", "\x03foo\x03bar\x03baz",
315 },
316 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]317 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
318 },
319 {
320 name: "FragmentAcrossChangeCipherSpec-Client",
321 config: Config{
322 Bugs: ProtocolBugs{
323 FragmentAcrossChangeCipherSpec: true,
324 },
325 },
326 shouldFail: true,
327 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
328 },
329 {
330 testType: serverTest,
331 name: "FragmentAcrossChangeCipherSpec-Server",
332 config: Config{
333 Bugs: ProtocolBugs{
334 FragmentAcrossChangeCipherSpec: true,
335 },
336 },
337 shouldFail: true,
338 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
339 },
340 {
341 testType: serverTest,
342 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
343 config: Config{
344 NextProtos: []string{"bar"},
345 Bugs: ProtocolBugs{
346 FragmentAcrossChangeCipherSpec: true,
347 },
348 },
349 flags: []string{
350 "-advertise-npn", "\x03foo\x03bar\x03baz",
351 },
352 shouldFail: true,
353 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]354 },
David Benjaminf3ec83d2014-07-21 22:42:34 -0400[diff] [blame]355 {
356 testType: serverTest,
357 name: "EarlyChangeCipherSpec-server-1",
358 config: Config{
359 Bugs: ProtocolBugs{
360 EarlyChangeCipherSpec: 1,
361 },
362 },
363 shouldFail: true,
364 expectedError: ":CCS_RECEIVED_EARLY:",
365 },
366 {
367 testType: serverTest,
368 name: "EarlyChangeCipherSpec-server-2",
369 config: Config{
370 Bugs: ProtocolBugs{
371 EarlyChangeCipherSpec: 2,
372 },
373 },
374 shouldFail: true,
375 expectedError: ":CCS_RECEIVED_EARLY:",
376 },
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]377 {
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]378 name: "SkipNewSessionTicket",
379 config: Config{
380 Bugs: ProtocolBugs{
381 SkipNewSessionTicket: true,
382 },
383 },
384 shouldFail: true,
385 expectedError: ":CCS_RECEIVED_EARLY:",
386 },
David Benjamin7e3305e2014-07-28 14:52:32 -0400[diff] [blame]387 {
David Benjamind86c7672014-08-02 04:07:12 -0400[diff] [blame]388 testType: serverTest,
David Benjaminbef270a2014-08-02 04:22:02 -0400[diff] [blame]389 name: "FallbackSCSV",
390 config: Config{
391 MaxVersion: VersionTLS11,
392 Bugs: ProtocolBugs{
393 SendFallbackSCSV: true,
394 },
395 },
396 shouldFail: true,
397 expectedError: ":INAPPROPRIATE_FALLBACK:",
398 },
399 {
400 testType: serverTest,
401 name: "FallbackSCSV-VersionMatch",
402 config: Config{
403 Bugs: ProtocolBugs{
404 SendFallbackSCSV: true,
405 },
406 },
407 },
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]408 {
409 testType: serverTest,
410 name: "FragmentedClientVersion",
411 config: Config{
412 Bugs: ProtocolBugs{
413 MaxHandshakeRecordLength: 1,
414 FragmentClientVersion: true,
415 },
416 },
417 shouldFail: true,
418 expectedError: ":RECORD_TOO_SMALL:",
419 },
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]420 {
421 testType: serverTest,
422 name: "MinorVersionTolerance",
423 config: Config{
424 Bugs: ProtocolBugs{
425 SendClientVersion: 0x03ff,
426 },
427 },
428 expectedVersion: VersionTLS12,
429 },
430 {
431 testType: serverTest,
432 name: "MajorVersionTolerance",
433 config: Config{
434 Bugs: ProtocolBugs{
435 SendClientVersion: 0x0400,
436 },
437 },
438 expectedVersion: VersionTLS12,
439 },
440 {
441 testType: serverTest,
442 name: "VersionTooLow",
443 config: Config{
444 Bugs: ProtocolBugs{
445 SendClientVersion: 0x0200,
446 },
447 },
448 shouldFail: true,
449 expectedError: ":UNSUPPORTED_PROTOCOL:",
450 },
451 {
452 testType: serverTest,
453 name: "HttpGET",
454 sendPrefix: "GET / HTTP/1.0\n",
455 shouldFail: true,
456 expectedError: ":HTTP_REQUEST:",
457 },
458 {
459 testType: serverTest,
460 name: "HttpPOST",
461 sendPrefix: "POST / HTTP/1.0\n",
462 shouldFail: true,
463 expectedError: ":HTTP_REQUEST:",
464 },
465 {
466 testType: serverTest,
467 name: "HttpHEAD",
468 sendPrefix: "HEAD / HTTP/1.0\n",
469 shouldFail: true,
470 expectedError: ":HTTP_REQUEST:",
471 },
472 {
473 testType: serverTest,
474 name: "HttpPUT",
475 sendPrefix: "PUT / HTTP/1.0\n",
476 shouldFail: true,
477 expectedError: ":HTTP_REQUEST:",
478 },
479 {
480 testType: serverTest,
481 name: "HttpCONNECT",
482 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
483 shouldFail: true,
484 expectedError: ":HTTPS_PROXY_REQUEST:",
485 },
David Benjamin39ebf532014-08-31 02:23:49 -0400[diff] [blame]486 {
487 name: "SkipCipherVersionCheck",
488 config: Config{
489 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
490 MaxVersion: VersionTLS11,
491 Bugs: ProtocolBugs{
492 SkipCipherVersionCheck: true,
493 },
494 },
495 shouldFail: true,
496 expectedError: ":WRONG_CIPHER_RETURNED:",
497 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]498}
499
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]500func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]501 if test.protocol == dtls {
502 conn = newPacketAdaptor(conn)
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame^]503 if test.replayWrites {
504 conn = newReplayAdaptor(conn)
505 }
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]506 }
507
508 if test.sendPrefix != "" {
509 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
510 return err
511 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]512 }
513
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]514 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]515 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]516 if test.protocol == dtls {
517 tlsConn = DTLSServer(conn, config)
518 } else {
519 tlsConn = Server(conn, config)
520 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]521 } else {
522 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]523 if test.protocol == dtls {
524 tlsConn = DTLSClient(conn, config)
525 } else {
526 tlsConn = Client(conn, config)
527 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]528 }
529
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]530 if err := tlsConn.Handshake(); err != nil {
531 return err
532 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]533
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]534 // TODO(davidben): move all per-connection expectations into a dedicated
535 // expectations struct that can be specified separately for the two
536 // legs.
537 expectedVersion := test.expectedVersion
538 if isResume && test.expectedResumeVersion != 0 {
539 expectedVersion = test.expectedResumeVersion
540 }
541 if vers := tlsConn.ConnectionState().Version; expectedVersion != 0 && vers != expectedVersion {
542 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]543 }
544
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]545 if test.expectChannelID {
546 channelID := tlsConn.ConnectionState().ChannelID
547 if channelID == nil {
548 return fmt.Errorf("no channel ID negotiated")
549 }
550 if channelID.Curve != channelIDKey.Curve ||
551 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
552 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
553 return fmt.Errorf("incorrect channel ID")
554 }
555 }
556
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]557 if expected := test.expectedNextProto; expected != "" {
558 if actual := tlsConn.ConnectionState().NegotiatedProtocol; actual != expected {
559 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
560 }
561 }
562
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]563 if test.expectedNextProtoType != 0 {
564 if (test.expectedNextProtoType == alpn) != tlsConn.ConnectionState().NegotiatedProtocolFromALPN {
565 return fmt.Errorf("next proto type mismatch")
566 }
567 }
568
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]569 if test.shimWritesFirst {
570 var buf [5]byte
571 _, err := io.ReadFull(tlsConn, buf[:])
572 if err != nil {
573 return err
574 }
575 if string(buf[:]) != "hello" {
576 return fmt.Errorf("bad initial message")
577 }
578 }
579
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]580 if test.renegotiate {
581 if test.renegotiateCiphers != nil {
582 config.CipherSuites = test.renegotiateCiphers
583 }
584 if err := tlsConn.Renegotiate(); err != nil {
585 return err
586 }
587 } else if test.renegotiateCiphers != nil {
588 panic("renegotiateCiphers without renegotiate")
589 }
590
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]591 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]592 if test.protocol == dtls {
593 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
594 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]595 // Read until EOF.
596 _, err := io.Copy(ioutil.Discard, tlsConn)
597 return err
598 }
599
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]600 if messageLen == 0 {
601 messageLen = 32
602 }
603 testMessage := make([]byte, messageLen)
604 for i := range testMessage {
605 testMessage[i] = 0x42
606 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]607 tlsConn.Write(testMessage)
608
609 buf := make([]byte, len(testMessage))
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]610 if test.protocol == dtls {
611 bufTmp := make([]byte, len(buf)+1)
612 n, err := tlsConn.Read(bufTmp)
613 if err != nil {
614 return err
615 }
616 if n != len(buf) {
617 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
618 }
619 copy(buf, bufTmp)
620 } else {
621 _, err := io.ReadFull(tlsConn, buf)
622 if err != nil {
623 return err
624 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]625 }
626
627 for i, v := range buf {
628 if v != testMessage[i]^0xff {
629 return fmt.Errorf("bad reply contents at byte %d", i)
630 }
631 }
632
633 return nil
634}
635
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]636func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
637 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]638 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]639 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]640 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]641 valgrindArgs = append(valgrindArgs, path)
642 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]643
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]644 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]645}
646
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]647func gdbOf(path string, args ...string) *exec.Cmd {
648 xtermArgs := []string{"-e", "gdb", "--args"}
649 xtermArgs = append(xtermArgs, path)
650 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]651
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]652 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]653}
654
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]655func openSocketPair() (shimEnd *os.File, conn net.Conn) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]656 socks, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
657 if err != nil {
658 panic(err)
659 }
660
661 syscall.CloseOnExec(socks[0])
662 syscall.CloseOnExec(socks[1])
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]663 shimEnd = os.NewFile(uintptr(socks[0]), "shim end")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]664 connFile := os.NewFile(uintptr(socks[1]), "our end")
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]665 conn, err = net.FileConn(connFile)
666 if err != nil {
667 panic(err)
668 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]669 connFile.Close()
670 if err != nil {
671 panic(err)
672 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]673 return shimEnd, conn
674}
675
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]676func runTest(test *testCase, buildDir string) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]677 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
678 panic("Error expected without shouldFail in " + test.name)
679 }
680
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]681 shimEnd, conn := openSocketPair()
682 shimEndResume, connResume := openSocketPair()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]683
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]684 shim_path := path.Join(buildDir, "ssl/test/bssl_shim")
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]685 var flags []string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]686 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]687 flags = append(flags, "-server")
688
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]689 flags = append(flags, "-key-file")
690 if test.keyFile == "" {
691 flags = append(flags, rsaKeyFile)
692 } else {
693 flags = append(flags, test.keyFile)
694 }
695
696 flags = append(flags, "-cert-file")
697 if test.certFile == "" {
698 flags = append(flags, rsaCertificateFile)
699 } else {
700 flags = append(flags, test.certFile)
701 }
702 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]703
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]704 if test.protocol == dtls {
705 flags = append(flags, "-dtls")
706 }
707
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]708 if test.resumeSession {
709 flags = append(flags, "-resume")
710 }
711
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]712 if test.shimWritesFirst {
713 flags = append(flags, "-shim-writes-first")
714 }
715
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]716 flags = append(flags, test.flags...)
717
718 var shim *exec.Cmd
719 if *useValgrind {
720 shim = valgrindOf(false, shim_path, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]721 } else if *useGDB {
722 shim = gdbOf(shim_path, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]723 } else {
724 shim = exec.Command(shim_path, flags...)
725 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]726 shim.ExtraFiles = []*os.File{shimEnd, shimEndResume}
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]727 shim.Stdin = os.Stdin
728 var stdoutBuf, stderrBuf bytes.Buffer
729 shim.Stdout = &stdoutBuf
730 shim.Stderr = &stderrBuf
731
732 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]733 panic(err)
734 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]735 shimEnd.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]736 shimEndResume.Close()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]737
738 config := test.config
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]739 config.ClientSessionCache = NewLRUClientSessionCache(1)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]740 if test.testType == clientTest {
741 if len(config.Certificates) == 0 {
742 config.Certificates = []Certificate{getRSACertificate()}
743 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]744 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]745
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]746 var connDebug *recordingConn
747 if *flagDebug {
748 connDebug = &recordingConn{Conn: conn}
749 conn = connDebug
750 }
751
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]752 err := doExchange(test, &config, conn, test.messageLen,
753 false /* not a resumption */)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]754
755 if *flagDebug {
756 connDebug.WriteTo(os.Stdout)
757 }
758
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]759 conn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]760 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]761 var resumeConfig Config
762 if test.resumeConfig != nil {
763 resumeConfig = *test.resumeConfig
764 if len(resumeConfig.Certificates) == 0 {
765 resumeConfig.Certificates = []Certificate{getRSACertificate()}
766 }
767 resumeConfig.SessionTicketKey = config.SessionTicketKey
768 resumeConfig.ClientSessionCache = config.ClientSessionCache
769 } else {
770 resumeConfig = config
771 }
772 err = doExchange(test, &resumeConfig, connResume, test.messageLen,
773 true /* resumption */)
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]774 }
David Benjamin812152a2014-09-06 12:49:07 -0400[diff] [blame]775 connResume.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]776
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]777 childErr := shim.Wait()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]778
779 stdout := string(stdoutBuf.Bytes())
780 stderr := string(stderrBuf.Bytes())
781 failed := err != nil || childErr != nil
782 correctFailure := len(test.expectedError) == 0 || strings.Contains(stdout, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]783 localError := "none"
784 if err != nil {
785 localError = err.Error()
786 }
787 if len(test.expectedLocalError) != 0 {
788 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
789 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]790
791 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]792 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]793 if childErr != nil {
794 childError = childErr.Error()
795 }
796
797 var msg string
798 switch {
799 case failed && !test.shouldFail:
800 msg = "unexpected failure"
801 case !failed && test.shouldFail:
802 msg = "unexpected success"
803 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]804 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]805 default:
806 panic("internal error")
807 }
808
809 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, string(stdoutBuf.Bytes()), stderr)
810 }
811
812 if !*useValgrind && len(stderr) > 0 {
813 println(stderr)
814 }
815
816 return nil
817}
818
819var tlsVersions = []struct {
820 name string
821 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]822 flag string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]823}{
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]824 {"SSL3", VersionSSL30, "-no-ssl3"},
825 {"TLS1", VersionTLS10, "-no-tls1"},
826 {"TLS11", VersionTLS11, "-no-tls11"},
827 {"TLS12", VersionTLS12, "-no-tls12"},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]828}
829
830var testCipherSuites = []struct {
831 name string
832 id uint16
833}{
834 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]835 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]836 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]837 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]838 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]839 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]840 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]841 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
842 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]843 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]844 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
845 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]846 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]847 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
848 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]849 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
850 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]851 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]852 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]853 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
David Benjamin2af684f2014-10-27 02:23:15 -0400[diff] [blame]854 {"ECDHE-PSK-WITH-AES-128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]855 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]856 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]857 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]858 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]859 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]860 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]861 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]862 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
863 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
864 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]865 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]866 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]867}
868
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]869func isTLS12Only(suiteName string) bool {
870 return strings.HasSuffix(suiteName, "-GCM") ||
871 strings.HasSuffix(suiteName, "-SHA256") ||
872 strings.HasSuffix(suiteName, "-SHA384")
873}
874
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]875func addCipherSuiteTests() {
876 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]877 const psk = "12345"
878 const pskIdentity = "luggage combo"
879
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]880 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]881 var certFile string
882 var keyFile string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]883 if strings.Contains(suite.name, "ECDSA") {
884 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]885 certFile = ecdsaCertificateFile
886 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]887 } else {
888 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]889 certFile = rsaCertificateFile
890 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]891 }
892
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]893 var flags []string
894 if strings.HasPrefix(suite.name, "PSK-") || strings.Contains(suite.name, "-PSK-") {
895 flags = append(flags,
896 "-psk", psk,
897 "-psk-identity", pskIdentity)
898 }
899
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]900 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]901 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]902 continue
903 }
904
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]905 // Go's TLS implementation only implements session
906 // resumption with tickets, so SSLv3 cannot resume
907 // sessions.
908 resumeSession := ver.version != VersionSSL30
909
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]910 testCases = append(testCases, testCase{
911 testType: clientTest,
912 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]913 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]914 MinVersion: ver.version,
915 MaxVersion: ver.version,
916 CipherSuites: []uint16{suite.id},
917 Certificates: []Certificate{cert},
918 PreSharedKey: []byte(psk),
919 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]920 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]921 flags: flags,
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]922 resumeSession: resumeSession,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]923 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]924
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]925 testCases = append(testCases, testCase{
926 testType: serverTest,
927 name: ver.name + "-" + suite.name + "-server",
928 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]929 MinVersion: ver.version,
930 MaxVersion: ver.version,
931 CipherSuites: []uint16{suite.id},
932 Certificates: []Certificate{cert},
933 PreSharedKey: []byte(psk),
934 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]935 },
936 certFile: certFile,
937 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]938 flags: flags,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]939 resumeSession: resumeSession,
940 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]941
942 // TODO(davidben): Fix DTLS 1.2 support and test that.
943 if ver.version == VersionTLS10 && strings.Index(suite.name, "RC4") == -1 {
944 testCases = append(testCases, testCase{
945 testType: clientTest,
946 protocol: dtls,
947 name: "D" + ver.name + "-" + suite.name + "-client",
948 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]949 MinVersion: ver.version,
950 MaxVersion: ver.version,
951 CipherSuites: []uint16{suite.id},
952 Certificates: []Certificate{cert},
953 PreSharedKey: []byte(psk),
954 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]955 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]956 flags: flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]957 resumeSession: resumeSession,
958 })
959 testCases = append(testCases, testCase{
960 testType: serverTest,
961 protocol: dtls,
962 name: "D" + ver.name + "-" + suite.name + "-server",
963 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]964 MinVersion: ver.version,
965 MaxVersion: ver.version,
966 CipherSuites: []uint16{suite.id},
967 Certificates: []Certificate{cert},
968 PreSharedKey: []byte(psk),
969 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]970 },
971 certFile: certFile,
972 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]973 flags: flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]974 resumeSession: resumeSession,
975 })
976 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]977 }
978 }
979}
980
981func addBadECDSASignatureTests() {
982 for badR := BadValue(1); badR < NumBadValues; badR++ {
983 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]984 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]985 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
986 config: Config{
987 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
988 Certificates: []Certificate{getECDSACertificate()},
989 Bugs: ProtocolBugs{
990 BadECDSAR: badR,
991 BadECDSAS: badS,
992 },
993 },
994 shouldFail: true,
995 expectedError: "SIGNATURE",
996 })
997 }
998 }
999}
1000
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1001func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1002 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1003 name: "MaxCBCPadding",
1004 config: Config{
1005 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1006 Bugs: ProtocolBugs{
1007 MaxPadding: true,
1008 },
1009 },
1010 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1011 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1012 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1013 name: "BadCBCPadding",
1014 config: Config{
1015 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1016 Bugs: ProtocolBugs{
1017 PaddingFirstByteBad: true,
1018 },
1019 },
1020 shouldFail: true,
1021 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1022 })
1023 // OpenSSL previously had an issue where the first byte of padding in
1024 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1025 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1026 name: "BadCBCPadding255",
1027 config: Config{
1028 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1029 Bugs: ProtocolBugs{
1030 MaxPadding: true,
1031 PaddingFirstByteBadIf255: true,
1032 },
1033 },
1034 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1035 shouldFail: true,
1036 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1037 })
1038}
1039
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1040func addCBCSplittingTests() {
1041 testCases = append(testCases, testCase{
1042 name: "CBCRecordSplitting",
1043 config: Config{
1044 MaxVersion: VersionTLS10,
1045 MinVersion: VersionTLS10,
1046 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1047 },
1048 messageLen: -1, // read until EOF
1049 flags: []string{
1050 "-async",
1051 "-write-different-record-sizes",
1052 "-cbc-record-splitting",
1053 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]1054 })
1055 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1056 name: "CBCRecordSplittingPartialWrite",
1057 config: Config{
1058 MaxVersion: VersionTLS10,
1059 MinVersion: VersionTLS10,
1060 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1061 },
1062 messageLen: -1, // read until EOF
1063 flags: []string{
1064 "-async",
1065 "-write-different-record-sizes",
1066 "-cbc-record-splitting",
1067 "-partial-write",
1068 },
1069 })
1070}
1071
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1072func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]1073 // Add a dummy cert pool to stress certificate authority parsing.
1074 // TODO(davidben): Add tests that those values parse out correctly.
1075 certPool := x509.NewCertPool()
1076 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
1077 if err != nil {
1078 panic(err)
1079 }
1080 certPool.AddCert(cert)
1081
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1082 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1083 testCases = append(testCases, testCase{
1084 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1085 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1086 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1087 MinVersion: ver.version,
1088 MaxVersion: ver.version,
1089 ClientAuth: RequireAnyClientCert,
1090 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1091 },
1092 flags: []string{
1093 "-cert-file", rsaCertificateFile,
1094 "-key-file", rsaKeyFile,
1095 },
1096 })
1097 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1098 testType: serverTest,
1099 name: ver.name + "-Server-ClientAuth-RSA",
1100 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1101 MinVersion: ver.version,
1102 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1103 Certificates: []Certificate{rsaCertificate},
1104 },
1105 flags: []string{"-require-any-client-certificate"},
1106 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1107 if ver.version != VersionSSL30 {
1108 testCases = append(testCases, testCase{
1109 testType: serverTest,
1110 name: ver.name + "-Server-ClientAuth-ECDSA",
1111 config: Config{
1112 MinVersion: ver.version,
1113 MaxVersion: ver.version,
1114 Certificates: []Certificate{ecdsaCertificate},
1115 },
1116 flags: []string{"-require-any-client-certificate"},
1117 })
1118 testCases = append(testCases, testCase{
1119 testType: clientTest,
1120 name: ver.name + "-Client-ClientAuth-ECDSA",
1121 config: Config{
1122 MinVersion: ver.version,
1123 MaxVersion: ver.version,
1124 ClientAuth: RequireAnyClientCert,
1125 ClientCAs: certPool,
1126 },
1127 flags: []string{
1128 "-cert-file", ecdsaCertificateFile,
1129 "-key-file", ecdsaKeyFile,
1130 },
1131 })
1132 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1133 }
1134}
1135
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1136func addExtendedMasterSecretTests() {
1137 const expectEMSFlag = "-expect-extended-master-secret"
1138
1139 for _, with := range []bool{false, true} {
1140 prefix := "No"
1141 var flags []string
1142 if with {
1143 prefix = ""
1144 flags = []string{expectEMSFlag}
1145 }
1146
1147 for _, isClient := range []bool{false, true} {
1148 suffix := "-Server"
1149 testType := serverTest
1150 if isClient {
1151 suffix = "-Client"
1152 testType = clientTest
1153 }
1154
1155 for _, ver := range tlsVersions {
1156 test := testCase{
1157 testType: testType,
1158 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
1159 config: Config{
1160 MinVersion: ver.version,
1161 MaxVersion: ver.version,
1162 Bugs: ProtocolBugs{
1163 NoExtendedMasterSecret: !with,
1164 RequireExtendedMasterSecret: with,
1165 },
1166 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1167 flags: flags,
1168 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1169 }
1170 if test.shouldFail {
1171 test.expectedLocalError = "extended master secret required but not supported by peer"
1172 }
1173 testCases = append(testCases, test)
1174 }
1175 }
1176 }
1177
1178 // When a session is resumed, it should still be aware that its master
1179 // secret was generated via EMS and thus it's safe to use tls-unique.
1180 testCases = append(testCases, testCase{
1181 name: "ExtendedMasterSecret-Resume",
1182 config: Config{
1183 Bugs: ProtocolBugs{
1184 RequireExtendedMasterSecret: true,
1185 },
1186 },
1187 flags: []string{expectEMSFlag},
1188 resumeSession: true,
1189 })
1190}
1191
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1192// Adds tests that try to cover the range of the handshake state machine, under
1193// various conditions. Some of these are redundant with other tests, but they
1194// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1195func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1196 var suffix string
1197 var flags []string
1198 var maxHandshakeRecordLength int
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1199 if protocol == dtls {
1200 suffix = "-DTLS"
1201 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1202 if async {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1203 suffix += "-Async"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1204 flags = append(flags, "-async")
1205 } else {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1206 suffix += "-Sync"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1207 }
1208 if splitHandshake {
1209 suffix += "-SplitHandshakeRecords"
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]1210 maxHandshakeRecordLength = 1
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1211 }
1212
1213 // Basic handshake, with resumption. Client and server.
1214 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1215 protocol: protocol,
1216 name: "Basic-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1217 config: Config{
1218 Bugs: ProtocolBugs{
1219 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1220 },
1221 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1222 flags: flags,
1223 resumeSession: true,
1224 })
1225 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1226 protocol: protocol,
1227 name: "Basic-Client-RenewTicket" + suffix,
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1228 config: Config{
1229 Bugs: ProtocolBugs{
1230 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1231 RenewTicketOnResume: true,
1232 },
1233 },
1234 flags: flags,
1235 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1236 })
1237 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1238 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1239 testType: serverTest,
1240 name: "Basic-Server" + suffix,
1241 config: Config{
1242 Bugs: ProtocolBugs{
1243 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1244 },
1245 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1246 flags: flags,
1247 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1248 })
1249
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1250 // TLS client auth.
1251 testCases = append(testCases, testCase{
1252 protocol: protocol,
1253 testType: clientTest,
1254 name: "ClientAuth-Client" + suffix,
1255 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1256 ClientAuth: RequireAnyClientCert,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1257 Bugs: ProtocolBugs{
1258 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1259 },
1260 },
1261 flags: append(flags,
1262 "-cert-file", rsaCertificateFile,
1263 "-key-file", rsaKeyFile),
1264 })
1265 testCases = append(testCases, testCase{
1266 protocol: protocol,
1267 testType: serverTest,
1268 name: "ClientAuth-Server" + suffix,
1269 config: Config{
1270 Certificates: []Certificate{rsaCertificate},
1271 },
1272 flags: append(flags, "-require-any-client-certificate"),
1273 })
1274
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1275 // No session ticket support; server doesn't send NewSessionTicket.
1276 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1277 protocol: protocol,
1278 name: "SessionTicketsDisabled-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1279 config: Config{
1280 SessionTicketsDisabled: true,
1281 Bugs: ProtocolBugs{
1282 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1283 },
1284 },
1285 flags: flags,
1286 })
1287 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1288 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1289 testType: serverTest,
1290 name: "SessionTicketsDisabled-Server" + suffix,
1291 config: Config{
1292 SessionTicketsDisabled: true,
1293 Bugs: ProtocolBugs{
1294 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1295 },
1296 },
1297 flags: flags,
1298 })
1299
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1300 // Skip ServerKeyExchange in PSK key exchange if there's no
1301 // identity hint.
1302 testCases = append(testCases, testCase{
1303 protocol: protocol,
1304 name: "EmptyPSKHint-Client" + suffix,
1305 config: Config{
1306 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
1307 PreSharedKey: []byte("secret"),
1308 Bugs: ProtocolBugs{
1309 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1310 },
1311 },
1312 flags: append(flags, "-psk", "secret"),
1313 })
1314 testCases = append(testCases, testCase{
1315 protocol: protocol,
1316 testType: serverTest,
1317 name: "EmptyPSKHint-Server" + suffix,
1318 config: Config{
1319 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
1320 PreSharedKey: []byte("secret"),
1321 Bugs: ProtocolBugs{
1322 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1323 },
1324 },
1325 flags: append(flags, "-psk", "secret"),
1326 })
1327
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1328 if protocol == tls {
1329 // NPN on client and server; results in post-handshake message.
1330 testCases = append(testCases, testCase{
1331 protocol: protocol,
1332 name: "NPN-Client" + suffix,
1333 config: Config{
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1334 NextProtos: []string{"foo"},
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1335 Bugs: ProtocolBugs{
1336 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1337 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1338 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1339 flags: append(flags, "-select-next-proto", "foo"),
1340 expectedNextProto: "foo",
1341 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1342 })
1343 testCases = append(testCases, testCase{
1344 protocol: protocol,
1345 testType: serverTest,
1346 name: "NPN-Server" + suffix,
1347 config: Config{
1348 NextProtos: []string{"bar"},
1349 Bugs: ProtocolBugs{
1350 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1351 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1352 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1353 flags: append(flags,
1354 "-advertise-npn", "\x03foo\x03bar\x03baz",
1355 "-expect-next-proto", "bar"),
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1356 expectedNextProto: "bar",
1357 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1358 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1359
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1360 // Client does False Start and negotiates NPN.
1361 testCases = append(testCases, testCase{
1362 protocol: protocol,
1363 name: "FalseStart" + suffix,
1364 config: Config{
1365 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1366 NextProtos: []string{"foo"},
1367 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1368 ExpectFalseStart: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1369 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1370 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1371 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1372 flags: append(flags,
1373 "-false-start",
1374 "-select-next-proto", "foo"),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1375 shimWritesFirst: true,
1376 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1377 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1378
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1379 // Client does False Start and negotiates ALPN.
1380 testCases = append(testCases, testCase{
1381 protocol: protocol,
1382 name: "FalseStart-ALPN" + suffix,
1383 config: Config{
1384 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1385 NextProtos: []string{"foo"},
1386 Bugs: ProtocolBugs{
1387 ExpectFalseStart: true,
1388 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1389 },
1390 },
1391 flags: append(flags,
1392 "-false-start",
1393 "-advertise-alpn", "\x03foo"),
1394 shimWritesFirst: true,
1395 resumeSession: true,
1396 })
1397
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1398 // False Start without session tickets.
1399 testCases = append(testCases, testCase{
1400 name: "FalseStart-SessionTicketsDisabled",
1401 config: Config{
1402 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1403 NextProtos: []string{"foo"},
1404 SessionTicketsDisabled: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1405 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1406 ExpectFalseStart: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1407 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1408 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1409 },
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1410 flags: append(flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1411 "-false-start",
1412 "-select-next-proto", "foo",
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1413 ),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1414 shimWritesFirst: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1415 })
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]1416
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]1417 // Server parses a V2ClientHello.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1418 testCases = append(testCases, testCase{
1419 protocol: protocol,
1420 testType: serverTest,
1421 name: "SendV2ClientHello" + suffix,
1422 config: Config{
1423 // Choose a cipher suite that does not involve
1424 // elliptic curves, so no extensions are
1425 // involved.
1426 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1427 Bugs: ProtocolBugs{
1428 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1429 SendV2ClientHello: true,
1430 },
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]1431 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1432 flags: flags,
1433 })
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]1434
1435 // Client sends a Channel ID.
1436 testCases = append(testCases, testCase{
1437 protocol: protocol,
1438 name: "ChannelID-Client" + suffix,
1439 config: Config{
1440 RequestChannelID: true,
1441 Bugs: ProtocolBugs{
1442 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1443 },
1444 },
1445 flags: append(flags,
1446 "-send-channel-id", channelIDKeyFile,
1447 ),
1448 resumeSession: true,
1449 expectChannelID: true,
1450 })
1451
1452 // Server accepts a Channel ID.
1453 testCases = append(testCases, testCase{
1454 protocol: protocol,
1455 testType: serverTest,
1456 name: "ChannelID-Server" + suffix,
1457 config: Config{
1458 ChannelID: channelIDKey,
1459 Bugs: ProtocolBugs{
1460 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1461 },
1462 },
1463 flags: append(flags,
1464 "-expect-channel-id",
1465 base64.StdEncoding.EncodeToString(channelIDBytes),
1466 ),
1467 resumeSession: true,
1468 expectChannelID: true,
1469 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1470 } else {
1471 testCases = append(testCases, testCase{
1472 protocol: protocol,
1473 name: "SkipHelloVerifyRequest" + suffix,
1474 config: Config{
1475 Bugs: ProtocolBugs{
1476 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1477 SkipHelloVerifyRequest: true,
1478 },
1479 },
1480 flags: flags,
1481 })
1482
1483 testCases = append(testCases, testCase{
1484 testType: serverTest,
1485 protocol: protocol,
1486 name: "CookieExchange" + suffix,
1487 config: Config{
1488 Bugs: ProtocolBugs{
1489 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1490 },
1491 },
1492 flags: append(flags, "-cookie-exchange"),
1493 })
1494 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1495}
1496
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1497func addVersionNegotiationTests() {
1498 for i, shimVers := range tlsVersions {
1499 // Assemble flags to disable all newer versions on the shim.
1500 var flags []string
1501 for _, vers := range tlsVersions[i+1:] {
1502 flags = append(flags, vers.flag)
1503 }
1504
1505 for _, runnerVers := range tlsVersions {
1506 expectedVersion := shimVers.version
1507 if runnerVers.version < shimVers.version {
1508 expectedVersion = runnerVers.version
1509 }
1510 suffix := shimVers.name + "-" + runnerVers.name
1511
1512 testCases = append(testCases, testCase{
1513 testType: clientTest,
1514 name: "VersionNegotiation-Client-" + suffix,
1515 config: Config{
1516 MaxVersion: runnerVers.version,
1517 },
1518 flags: flags,
1519 expectedVersion: expectedVersion,
1520 })
1521
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1522 testCases = append(testCases, testCase{
1523 testType: serverTest,
1524 name: "VersionNegotiation-Server-" + suffix,
1525 config: Config{
1526 MaxVersion: runnerVers.version,
1527 },
1528 flags: flags,
1529 expectedVersion: expectedVersion,
1530 })
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1531 }
1532 }
1533}
1534
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]1535func addD5BugTests() {
1536 testCases = append(testCases, testCase{
1537 testType: serverTest,
1538 name: "D5Bug-NoQuirk-Reject",
1539 config: Config{
1540 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1541 Bugs: ProtocolBugs{
1542 SSL3RSAKeyExchange: true,
1543 },
1544 },
1545 shouldFail: true,
1546 expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
1547 })
1548 testCases = append(testCases, testCase{
1549 testType: serverTest,
1550 name: "D5Bug-Quirk-Normal",
1551 config: Config{
1552 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1553 },
1554 flags: []string{"-tls-d5-bug"},
1555 })
1556 testCases = append(testCases, testCase{
1557 testType: serverTest,
1558 name: "D5Bug-Quirk-Bug",
1559 config: Config{
1560 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1561 Bugs: ProtocolBugs{
1562 SSL3RSAKeyExchange: true,
1563 },
1564 },
1565 flags: []string{"-tls-d5-bug"},
1566 })
1567}
1568
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]1569func addExtensionTests() {
1570 testCases = append(testCases, testCase{
1571 testType: clientTest,
1572 name: "DuplicateExtensionClient",
1573 config: Config{
1574 Bugs: ProtocolBugs{
1575 DuplicateExtension: true,
1576 },
1577 },
1578 shouldFail: true,
1579 expectedLocalError: "remote error: error decoding message",
1580 })
1581 testCases = append(testCases, testCase{
1582 testType: serverTest,
1583 name: "DuplicateExtensionServer",
1584 config: Config{
1585 Bugs: ProtocolBugs{
1586 DuplicateExtension: true,
1587 },
1588 },
1589 shouldFail: true,
1590 expectedLocalError: "remote error: error decoding message",
1591 })
1592 testCases = append(testCases, testCase{
1593 testType: clientTest,
1594 name: "ServerNameExtensionClient",
1595 config: Config{
1596 Bugs: ProtocolBugs{
1597 ExpectServerName: "example.com",
1598 },
1599 },
1600 flags: []string{"-host-name", "example.com"},
1601 })
1602 testCases = append(testCases, testCase{
1603 testType: clientTest,
1604 name: "ServerNameExtensionClient",
1605 config: Config{
1606 Bugs: ProtocolBugs{
1607 ExpectServerName: "mismatch.com",
1608 },
1609 },
1610 flags: []string{"-host-name", "example.com"},
1611 shouldFail: true,
1612 expectedLocalError: "tls: unexpected server name",
1613 })
1614 testCases = append(testCases, testCase{
1615 testType: clientTest,
1616 name: "ServerNameExtensionClient",
1617 config: Config{
1618 Bugs: ProtocolBugs{
1619 ExpectServerName: "missing.com",
1620 },
1621 },
1622 shouldFail: true,
1623 expectedLocalError: "tls: unexpected server name",
1624 })
1625 testCases = append(testCases, testCase{
1626 testType: serverTest,
1627 name: "ServerNameExtensionServer",
1628 config: Config{
1629 ServerName: "example.com",
1630 },
1631 flags: []string{"-expect-server-name", "example.com"},
1632 resumeSession: true,
1633 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1634 testCases = append(testCases, testCase{
1635 testType: clientTest,
1636 name: "ALPNClient",
1637 config: Config{
1638 NextProtos: []string{"foo"},
1639 },
1640 flags: []string{
1641 "-advertise-alpn", "\x03foo\x03bar\x03baz",
1642 "-expect-alpn", "foo",
1643 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1644 expectedNextProto: "foo",
1645 expectedNextProtoType: alpn,
1646 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1647 })
1648 testCases = append(testCases, testCase{
1649 testType: serverTest,
1650 name: "ALPNServer",
1651 config: Config{
1652 NextProtos: []string{"foo", "bar", "baz"},
1653 },
1654 flags: []string{
1655 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
1656 "-select-alpn", "foo",
1657 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1658 expectedNextProto: "foo",
1659 expectedNextProtoType: alpn,
1660 resumeSession: true,
1661 })
1662 // Test that the server prefers ALPN over NPN.
1663 testCases = append(testCases, testCase{
1664 testType: serverTest,
1665 name: "ALPNServer-Preferred",
1666 config: Config{
1667 NextProtos: []string{"foo", "bar", "baz"},
1668 },
1669 flags: []string{
1670 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
1671 "-select-alpn", "foo",
1672 "-advertise-npn", "\x03foo\x03bar\x03baz",
1673 },
1674 expectedNextProto: "foo",
1675 expectedNextProtoType: alpn,
1676 resumeSession: true,
1677 })
1678 testCases = append(testCases, testCase{
1679 testType: serverTest,
1680 name: "ALPNServer-Preferred-Swapped",
1681 config: Config{
1682 NextProtos: []string{"foo", "bar", "baz"},
1683 Bugs: ProtocolBugs{
1684 SwapNPNAndALPN: true,
1685 },
1686 },
1687 flags: []string{
1688 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
1689 "-select-alpn", "foo",
1690 "-advertise-npn", "\x03foo\x03bar\x03baz",
1691 },
1692 expectedNextProto: "foo",
1693 expectedNextProtoType: alpn,
1694 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1695 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]1696 // Resume with a corrupt ticket.
1697 testCases = append(testCases, testCase{
1698 testType: serverTest,
1699 name: "CorruptTicket",
1700 config: Config{
1701 Bugs: ProtocolBugs{
1702 CorruptTicket: true,
1703 },
1704 },
1705 resumeSession: true,
1706 flags: []string{"-expect-session-miss"},
1707 })
1708 // Resume with an oversized session id.
1709 testCases = append(testCases, testCase{
1710 testType: serverTest,
1711 name: "OversizedSessionId",
1712 config: Config{
1713 Bugs: ProtocolBugs{
1714 OversizedSessionId: true,
1715 },
1716 },
1717 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1718 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]1719 expectedError: ":DECODE_ERROR:",
1720 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]1721}
1722
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1723func addResumptionVersionTests() {
1724 // TODO(davidben): Once DTLS 1.2 is working, test that as well.
1725 for _, sessionVers := range tlsVersions {
1726 // TODO(davidben): SSLv3 is omitted here because runner does not
1727 // support resumption with session IDs.
1728 if sessionVers.version == VersionSSL30 {
1729 continue
1730 }
1731 for _, resumeVers := range tlsVersions {
1732 if resumeVers.version == VersionSSL30 {
1733 continue
1734 }
1735 suffix := "-" + sessionVers.name + "-" + resumeVers.name
1736
1737 // TODO(davidben): Write equivalent tests for the server
1738 // and clean up the server's logic. This requires being
1739 // able to give the shim a different set of SSL_OP_NO_*
1740 // flags between the initial connection and the
1741 // resume. Perhaps resumption should be tested by
1742 // serializing the SSL_SESSION and starting a second
1743 // shim.
1744 testCases = append(testCases, testCase{
1745 name: "Resume-Client" + suffix,
1746 resumeSession: true,
1747 config: Config{
1748 MaxVersion: sessionVers.version,
1749 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1750 Bugs: ProtocolBugs{
1751 AllowSessionVersionMismatch: true,
1752 },
1753 },
1754 expectedVersion: sessionVers.version,
1755 resumeConfig: &Config{
1756 MaxVersion: resumeVers.version,
1757 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1758 Bugs: ProtocolBugs{
1759 AllowSessionVersionMismatch: true,
1760 },
1761 },
1762 expectedResumeVersion: resumeVers.version,
1763 })
1764
1765 testCases = append(testCases, testCase{
1766 name: "Resume-Client-NoResume" + suffix,
1767 flags: []string{"-expect-session-miss"},
1768 resumeSession: true,
1769 config: Config{
1770 MaxVersion: sessionVers.version,
1771 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1772 },
1773 expectedVersion: sessionVers.version,
1774 resumeConfig: &Config{
1775 MaxVersion: resumeVers.version,
1776 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1777 SessionTicketsDisabled: true,
1778 },
1779 expectedResumeVersion: resumeVers.version,
1780 })
1781 }
1782 }
1783}
1784
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]1785func addRenegotiationTests() {
1786 testCases = append(testCases, testCase{
1787 testType: serverTest,
1788 name: "Renegotiate-Server",
1789 flags: []string{"-renegotiate"},
1790 shimWritesFirst: true,
1791 })
1792 testCases = append(testCases, testCase{
1793 testType: serverTest,
1794 name: "Renegotiate-Server-EmptyExt",
1795 config: Config{
1796 Bugs: ProtocolBugs{
1797 EmptyRenegotiationInfo: true,
1798 },
1799 },
1800 flags: []string{"-renegotiate"},
1801 shimWritesFirst: true,
1802 shouldFail: true,
1803 expectedError: ":RENEGOTIATION_MISMATCH:",
1804 })
1805 testCases = append(testCases, testCase{
1806 testType: serverTest,
1807 name: "Renegotiate-Server-BadExt",
1808 config: Config{
1809 Bugs: ProtocolBugs{
1810 BadRenegotiationInfo: true,
1811 },
1812 },
1813 flags: []string{"-renegotiate"},
1814 shimWritesFirst: true,
1815 shouldFail: true,
1816 expectedError: ":RENEGOTIATION_MISMATCH:",
1817 })
1818 // TODO(agl): test the renegotiation info SCSV.
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]1819 testCases = append(testCases, testCase{
1820 name: "Renegotiate-Client",
1821 renegotiate: true,
1822 })
1823 testCases = append(testCases, testCase{
1824 name: "Renegotiate-Client-EmptyExt",
1825 renegotiate: true,
1826 config: Config{
1827 Bugs: ProtocolBugs{
1828 EmptyRenegotiationInfo: true,
1829 },
1830 },
1831 shouldFail: true,
1832 expectedError: ":RENEGOTIATION_MISMATCH:",
1833 })
1834 testCases = append(testCases, testCase{
1835 name: "Renegotiate-Client-BadExt",
1836 renegotiate: true,
1837 config: Config{
1838 Bugs: ProtocolBugs{
1839 BadRenegotiationInfo: true,
1840 },
1841 },
1842 shouldFail: true,
1843 expectedError: ":RENEGOTIATION_MISMATCH:",
1844 })
1845 testCases = append(testCases, testCase{
1846 name: "Renegotiate-Client-SwitchCiphers",
1847 renegotiate: true,
1848 config: Config{
1849 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1850 },
1851 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1852 })
1853 testCases = append(testCases, testCase{
1854 name: "Renegotiate-Client-SwitchCiphers2",
1855 renegotiate: true,
1856 config: Config{
1857 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1858 },
1859 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1860 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]1861}
1862
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame^]1863func addDTLSReplayTests() {
1864 // Test that sequence number replays are detected.
1865 testCases = append(testCases, testCase{
1866 protocol: dtls,
1867 name: "DTLS-Replay",
1868 replayWrites: true,
1869 })
1870
1871 // Test the outgoing sequence number skipping by values larger
1872 // than the retransmit window.
1873 testCases = append(testCases, testCase{
1874 protocol: dtls,
1875 name: "DTLS-Replay-LargeGaps",
1876 config: Config{
1877 Bugs: ProtocolBugs{
1878 SequenceNumberIncrement: 127,
1879 },
1880 },
1881 replayWrites: true,
1882 })
1883}
1884
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1885func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1886 defer wg.Done()
1887
1888 for test := range c {
1889 statusChan <- statusMsg{test: test, started: true}
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1890 err := runTest(test, buildDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1891 statusChan <- statusMsg{test: test, err: err}
1892 }
1893}
1894
1895type statusMsg struct {
1896 test *testCase
1897 started bool
1898 err error
1899}
1900
1901func statusPrinter(doneChan chan struct{}, statusChan chan statusMsg, total int) {
1902 var started, done, failed, lineLen int
1903 defer close(doneChan)
1904
1905 for msg := range statusChan {
1906 if msg.started {
1907 started++
1908 } else {
1909 done++
1910 }
1911
1912 fmt.Printf("\x1b[%dD\x1b[K", lineLen)
1913
1914 if msg.err != nil {
1915 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
1916 failed++
1917 }
1918 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
1919 lineLen = len(line)
1920 os.Stdout.WriteString(line)
1921 }
1922}
1923
1924func main() {
1925 var flagTest *string = flag.String("test", "", "The name of a test to run, or empty to run all tests")
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]1926 var flagNumWorkers *int = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1927 var flagBuildDir *string = flag.String("build-dir", "../../../build", "The build directory to run the shim from.")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1928
1929 flag.Parse()
1930
1931 addCipherSuiteTests()
1932 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1933 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1934 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1935 addClientAuthTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1936 addVersionNegotiationTests()
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]1937 addD5BugTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]1938 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1939 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1940 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]1941 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame^]1942 addDTLSReplayTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1943 for _, async := range []bool{false, true} {
1944 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1945 for _, protocol := range []protocol{tls, dtls} {
1946 addStateMachineCoverageTests(async, splitHandshake, protocol)
1947 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1948 }
1949 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1950
1951 var wg sync.WaitGroup
1952
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]1953 numWorkers := *flagNumWorkers
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1954
1955 statusChan := make(chan statusMsg, numWorkers)
1956 testChan := make(chan *testCase, numWorkers)
1957 doneChan := make(chan struct{})
1958
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1959 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1960
1961 for i := 0; i < numWorkers; i++ {
1962 wg.Add(1)
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1963 go worker(statusChan, testChan, *flagBuildDir, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1964 }
1965
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1966 for i := range testCases {
1967 if len(*flagTest) == 0 || *flagTest == testCases[i].name {
1968 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1969 }
1970 }
1971
1972 close(testChan)
1973 wg.Wait()
1974 close(statusChan)
1975 <-doneChan
1976
1977 fmt.Printf("\n")
1978}