Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 60edffd2a59a7bb5da88735097d41a827ce8074c / . / ssl / test / runner / runner.go
blob: 41b886cb3ceaa20aacb4cf2f2f6852acf0d33ff6 [file] [log] [blame]
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]1// Copyright (c) 2016, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]15package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]16
17import (
18 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]19 "crypto/ecdsa"
20 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]21 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]22 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]23 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]24 "flag"
25 "fmt"
26 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]27 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]28 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]29 "net"
30 "os"
31 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]32 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]33 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]34 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]35 "strings"
36 "sync"
37 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]38 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]39)
40
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]41var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]42 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
43 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]44 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]45 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
46 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
47 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
48 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
49 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]50 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
51 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
52 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
53 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]54 fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]55 transcriptDir = flag.String("transcript-dir", "", "The directory in which to write transcripts.")
David Benjamin01784b42016-06-07 18:00:52 -0400[diff] [blame]56 idleTimeout = flag.Duration("idle-timeout", 15*time.Second, "The number of seconds to wait for a read or write to bssl_shim.")
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]57 deterministic = flag.Bool("deterministic", false, "If true, uses a deterministic PRNG in the runner.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]58)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]59
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]60const (
61 rsaCertificateFile = "cert.pem"
62 ecdsaCertificateFile = "ecdsa_cert.pem"
63)
64
65const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]66 rsaKeyFile = "key.pem"
67 ecdsaKeyFile = "ecdsa_key.pem"
68 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]69)
70
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]71var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]72var channelIDKey *ecdsa.PrivateKey
73var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]74
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]75var testOCSPResponse = []byte{1, 2, 3, 4}
76var testSCTList = []byte{5, 6, 7, 8}
77
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]78func initCertificates() {
79 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]80 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]81 if err != nil {
82 panic(err)
83 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]84 rsaCertificate.OCSPStaple = testOCSPResponse
85 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]86
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]87 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]88 if err != nil {
89 panic(err)
90 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]91 ecdsaCertificate.OCSPStaple = testOCSPResponse
92 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]93
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]94 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]95 if err != nil {
96 panic(err)
97 }
98 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
99 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
100 panic("bad key type")
101 }
102 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
103 if err != nil {
104 panic(err)
105 }
106 if channelIDKey.Curve != elliptic.P256() {
107 panic("bad curve")
108 }
109
110 channelIDBytes = make([]byte, 64)
111 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
112 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]113}
114
115var certificateOnce sync.Once
116
117func getRSACertificate() Certificate {
118 certificateOnce.Do(initCertificates)
119 return rsaCertificate
120}
121
122func getECDSACertificate() Certificate {
123 certificateOnce.Do(initCertificates)
124 return ecdsaCertificate
125}
126
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]127type testType int
128
129const (
130 clientTest testType = iota
131 serverTest
132)
133
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]134type protocol int
135
136const (
137 tls protocol = iota
138 dtls
139)
140
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]141const (
142 alpn = 1
143 npn = 2
144)
145
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]146type testCert int
147
148const (
149 testCertRSA testCert = iota
150 testCertECDSA
151)
152
153func getRunnerCertificate(t testCert) Certificate {
154 switch t {
155 case testCertRSA:
156 return getRSACertificate()
157 case testCertECDSA:
158 return getECDSACertificate()
159 default:
160 panic("Unknown test certificate")
161 }
162}
163
164func getShimCertificate(t testCert) string {
165 switch t {
166 case testCertRSA:
167 return rsaCertificateFile
168 case testCertECDSA:
169 return ecdsaCertificateFile
170 default:
171 panic("Unknown test certificate")
172 }
173}
174
175func getShimKey(t testCert) string {
176 switch t {
177 case testCertRSA:
178 return rsaKeyFile
179 case testCertECDSA:
180 return ecdsaKeyFile
181 default:
182 panic("Unknown test certificate")
183 }
184}
185
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]186type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]187 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]188 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]189 name string
190 config Config
191 shouldFail bool
192 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]193 // expectedLocalError, if not empty, contains a substring that must be
194 // found in the local error.
195 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]196 // expectedVersion, if non-zero, specifies the TLS version that must be
197 // negotiated.
198 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]199 // expectedResumeVersion, if non-zero, specifies the TLS version that
200 // must be negotiated on resumption. If zero, expectedVersion is used.
201 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]202 // expectedCipher, if non-zero, specifies the TLS cipher suite that
203 // should be negotiated.
204 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]205 // expectChannelID controls whether the connection should have
206 // negotiated a Channel ID with channelIDKey.
207 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]208 // expectedNextProto controls whether the connection should
209 // negotiate a next protocol via NPN or ALPN.
210 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]211 // expectNoNextProto, if true, means that no next protocol should be
212 // negotiated.
213 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]214 // expectedNextProtoType, if non-zero, is the expected next
215 // protocol negotiation mechanism.
216 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]217 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
218 // should be negotiated. If zero, none should be negotiated.
219 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]220 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
221 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]222 // expectedSCTList, if not nil, is the expected SCT list to be received.
223 expectedSCTList []uint8
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]224 // expectedPeerSignatureAlgorithm, if not zero, is the signature
225 // algorithm that the peer should have used in the handshake.
226 expectedPeerSignatureAlgorithm signatureAlgorithm
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]227 // messageLen is the length, in bytes, of the test message that will be
228 // sent.
229 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]230 // messageCount is the number of test messages that will be sent.
231 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]232 // digestPrefs is the list of digest preferences from the client.
233 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]234 // certFile is the path to the certificate to use for the server.
235 certFile string
236 // keyFile is the path to the private key to use for the server.
237 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]238 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]239 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]240 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]241 // expectResumeRejected, if true, specifies that the attempted
242 // resumption must be rejected by the client. This is only valid for a
243 // serverTest.
244 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]245 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]246 // resumption. Unless newSessionsOnResume is set,
247 // SessionTicketKey, ServerSessionCache, and
248 // ClientSessionCache are copied from the initial connection's
249 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]250 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]251 // newSessionsOnResume, if true, will cause resumeConfig to
252 // use a different session resumption context.
253 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]254 // noSessionCache, if true, will cause the server to run without a
255 // session cache.
256 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]257 // sendPrefix sends a prefix on the socket before actually performing a
258 // handshake.
259 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]260 // shimWritesFirst controls whether the shim sends an initial "hello"
261 // message before doing a roundtrip with the runner.
262 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]263 // shimShutsDown, if true, runs a test where the shim shuts down the
264 // connection immediately after the handshake rather than echoing
265 // messages from the runner.
266 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]267 // renegotiate indicates the number of times the connection should be
268 // renegotiated during the exchange.
269 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]270 // renegotiateCiphers is a list of ciphersuite ids that will be
271 // switched in just before renegotiation.
272 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]273 // replayWrites, if true, configures the underlying transport
274 // to replay every write it makes in DTLS tests.
275 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]276 // damageFirstWrite, if true, configures the underlying transport to
277 // damage the final byte of the first application data write.
278 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]279 // exportKeyingMaterial, if non-zero, configures the test to exchange
280 // keying material and verify they match.
281 exportKeyingMaterial int
282 exportLabel string
283 exportContext string
284 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]285 // flags, if not empty, contains a list of command-line flags that will
286 // be passed to the shim program.
287 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]288 // testTLSUnique, if true, causes the shim to send the tls-unique value
289 // which will be compared against the expected value.
290 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]291 // sendEmptyRecords is the number of consecutive empty records to send
292 // before and after the test message.
293 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]294 // sendWarningAlerts is the number of consecutive warning alerts to send
295 // before and after the test message.
296 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]297 // expectMessageDropped, if true, means the test message is expected to
298 // be dropped by the client rather than echoed back.
299 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]300}
301
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]302var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]303
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]304func writeTranscript(test *testCase, isResume bool, data []byte) {
305 if len(data) == 0 {
306 return
307 }
308
309 protocol := "tls"
310 if test.protocol == dtls {
311 protocol = "dtls"
312 }
313
314 side := "client"
315 if test.testType == serverTest {
316 side = "server"
317 }
318
319 dir := path.Join(*transcriptDir, protocol, side)
320 if err := os.MkdirAll(dir, 0755); err != nil {
321 fmt.Fprintf(os.Stderr, "Error making %s: %s\n", dir, err)
322 return
323 }
324
325 name := test.name
326 if isResume {
327 name += "-Resume"
328 } else {
329 name += "-Normal"
330 }
331
332 if err := ioutil.WriteFile(path.Join(dir, name), data, 0644); err != nil {
333 fmt.Fprintf(os.Stderr, "Error writing %s: %s\n", name, err)
334 }
335}
336
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]337// A timeoutConn implements an idle timeout on each Read and Write operation.
338type timeoutConn struct {
339 net.Conn
340 timeout time.Duration
341}
342
343func (t *timeoutConn) Read(b []byte) (int, error) {
344 if err := t.SetReadDeadline(time.Now().Add(t.timeout)); err != nil {
345 return 0, err
346 }
347 return t.Conn.Read(b)
348}
349
350func (t *timeoutConn) Write(b []byte) (int, error) {
351 if err := t.SetWriteDeadline(time.Now().Add(t.timeout)); err != nil {
352 return 0, err
353 }
354 return t.Conn.Write(b)
355}
356
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]357func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin01784b42016-06-07 18:00:52 -0400[diff] [blame]358 conn = &timeoutConn{conn, *idleTimeout}
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]359
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]360 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]361 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
362 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]363 }
364
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]365 if *flagDebug || len(*transcriptDir) != 0 {
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]366 local, peer := "client", "server"
367 if test.testType == clientTest {
368 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]369 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]370 connDebug := &recordingConn{
371 Conn: conn,
372 isDatagram: test.protocol == dtls,
373 local: local,
374 peer: peer,
375 }
376 conn = connDebug
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]377 if *flagDebug {
378 defer connDebug.WriteTo(os.Stdout)
379 }
380 if len(*transcriptDir) != 0 {
381 defer func() {
382 writeTranscript(test, isResume, connDebug.Transcript())
383 }()
384 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]385
386 if config.Bugs.PacketAdaptor != nil {
387 config.Bugs.PacketAdaptor.debug = connDebug
388 }
389 }
390
391 if test.replayWrites {
392 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]393 }
394
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]395 var connDamage *damageAdaptor
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]396 if test.damageFirstWrite {
397 connDamage = newDamageAdaptor(conn)
398 conn = connDamage
399 }
400
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]401 if test.sendPrefix != "" {
402 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
403 return err
404 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]405 }
406
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]407 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]408 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]409 if test.protocol == dtls {
410 tlsConn = DTLSServer(conn, config)
411 } else {
412 tlsConn = Server(conn, config)
413 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]414 } else {
415 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]416 if test.protocol == dtls {
417 tlsConn = DTLSClient(conn, config)
418 } else {
419 tlsConn = Client(conn, config)
420 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]421 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]422 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]423
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]424 if err := tlsConn.Handshake(); err != nil {
425 return err
426 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]427
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]428 // TODO(davidben): move all per-connection expectations into a dedicated
429 // expectations struct that can be specified separately for the two
430 // legs.
431 expectedVersion := test.expectedVersion
432 if isResume && test.expectedResumeVersion != 0 {
433 expectedVersion = test.expectedResumeVersion
434 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]435 connState := tlsConn.ConnectionState()
436 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]437 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]438 }
439
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]440 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]441 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
442 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]443 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
444 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
445 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]446
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]447 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]448 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]449 if channelID == nil {
450 return fmt.Errorf("no channel ID negotiated")
451 }
452 if channelID.Curve != channelIDKey.Curve ||
453 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
454 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
455 return fmt.Errorf("incorrect channel ID")
456 }
457 }
458
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]459 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]460 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]461 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
462 }
463 }
464
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]465 if test.expectNoNextProto {
466 if actual := connState.NegotiatedProtocol; actual != "" {
467 return fmt.Errorf("got unexpected next proto %s", actual)
468 }
469 }
470
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]471 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]472 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]473 return fmt.Errorf("next proto type mismatch")
474 }
475 }
476
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]477 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]478 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
479 }
480
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]481 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
482 return fmt.Errorf("OCSP Response mismatch")
483 }
484
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]485 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
486 return fmt.Errorf("SCT list mismatch")
487 }
488
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]489 if expected := test.expectedPeerSignatureAlgorithm; expected != 0 && expected != connState.PeerSignatureAlgorithm {
490 return fmt.Errorf("expected peer to use signature algorithm %04x, but got %04x", expected, connState.PeerSignatureAlgorithm)
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]491 }
492
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]493 if test.exportKeyingMaterial > 0 {
494 actual := make([]byte, test.exportKeyingMaterial)
495 if _, err := io.ReadFull(tlsConn, actual); err != nil {
496 return err
497 }
498 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
499 if err != nil {
500 return err
501 }
502 if !bytes.Equal(actual, expected) {
503 return fmt.Errorf("keying material mismatch")
504 }
505 }
506
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]507 if test.testTLSUnique {
508 var peersValue [12]byte
509 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
510 return err
511 }
512 expected := tlsConn.ConnectionState().TLSUnique
513 if !bytes.Equal(peersValue[:], expected) {
514 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
515 }
516 }
517
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]518 if test.shimWritesFirst {
519 var buf [5]byte
520 _, err := io.ReadFull(tlsConn, buf[:])
521 if err != nil {
522 return err
523 }
524 if string(buf[:]) != "hello" {
525 return fmt.Errorf("bad initial message")
526 }
527 }
528
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]529 for i := 0; i < test.sendEmptyRecords; i++ {
530 tlsConn.Write(nil)
531 }
532
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]533 for i := 0; i < test.sendWarningAlerts; i++ {
534 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
535 }
536
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]537 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]538 if test.renegotiateCiphers != nil {
539 config.CipherSuites = test.renegotiateCiphers
540 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]541 for i := 0; i < test.renegotiate; i++ {
542 if err := tlsConn.Renegotiate(); err != nil {
543 return err
544 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]545 }
546 } else if test.renegotiateCiphers != nil {
547 panic("renegotiateCiphers without renegotiate")
548 }
549
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]550 if test.damageFirstWrite {
551 connDamage.setDamage(true)
552 tlsConn.Write([]byte("DAMAGED WRITE"))
553 connDamage.setDamage(false)
554 }
555
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]556 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]557 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]558 if test.protocol == dtls {
559 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
560 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]561 // Read until EOF.
562 _, err := io.Copy(ioutil.Discard, tlsConn)
563 return err
564 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]565 if messageLen == 0 {
566 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]567 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]568
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]569 messageCount := test.messageCount
570 if messageCount == 0 {
571 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]572 }
573
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]574 for j := 0; j < messageCount; j++ {
575 testMessage := make([]byte, messageLen)
576 for i := range testMessage {
577 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]578 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]579 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]580
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]581 for i := 0; i < test.sendEmptyRecords; i++ {
582 tlsConn.Write(nil)
583 }
584
585 for i := 0; i < test.sendWarningAlerts; i++ {
586 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
587 }
588
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]589 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]590 // The shim will not respond.
591 continue
592 }
593
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]594 buf := make([]byte, len(testMessage))
595 if test.protocol == dtls {
596 bufTmp := make([]byte, len(buf)+1)
597 n, err := tlsConn.Read(bufTmp)
598 if err != nil {
599 return err
600 }
601 if n != len(buf) {
602 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
603 }
604 copy(buf, bufTmp)
605 } else {
606 _, err := io.ReadFull(tlsConn, buf)
607 if err != nil {
608 return err
609 }
610 }
611
612 for i, v := range buf {
613 if v != testMessage[i]^0xff {
614 return fmt.Errorf("bad reply contents at byte %d", i)
615 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]616 }
617 }
618
619 return nil
620}
621
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]622func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
623 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]624 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]625 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]626 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]627 valgrindArgs = append(valgrindArgs, path)
628 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]629
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]630 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]631}
632
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]633func gdbOf(path string, args ...string) *exec.Cmd {
634 xtermArgs := []string{"-e", "gdb", "--args"}
635 xtermArgs = append(xtermArgs, path)
636 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]637
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]638 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]639}
640
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]641func lldbOf(path string, args ...string) *exec.Cmd {
642 xtermArgs := []string{"-e", "lldb", "--"}
643 xtermArgs = append(xtermArgs, path)
644 xtermArgs = append(xtermArgs, args...)
645
646 return exec.Command("xterm", xtermArgs...)
647}
648
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]649type moreMallocsError struct{}
650
651func (moreMallocsError) Error() string {
652 return "child process did not exhaust all allocation calls"
653}
654
655var errMoreMallocs = moreMallocsError{}
656
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]657// accept accepts a connection from listener, unless waitChan signals a process
658// exit first.
659func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
660 type connOrError struct {
661 conn net.Conn
662 err error
663 }
664 connChan := make(chan connOrError, 1)
665 go func() {
666 conn, err := listener.Accept()
667 connChan <- connOrError{conn, err}
668 close(connChan)
669 }()
670 select {
671 case result := <-connChan:
672 return result.conn, result.err
673 case childErr := <-waitChan:
674 waitChan <- childErr
675 return nil, fmt.Errorf("child exited early: %s", childErr)
676 }
677}
678
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]679func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]680 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
681 panic("Error expected without shouldFail in " + test.name)
682 }
683
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]684 if test.expectResumeRejected && !test.resumeSession {
685 panic("expectResumeRejected without resumeSession in " + test.name)
686 }
687
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]688 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
689 if err != nil {
690 panic(err)
691 }
692 defer func() {
693 if listener != nil {
694 listener.Close()
695 }
696 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]697
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]698 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]699 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]700 flags = append(flags, "-server")
701
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]702 flags = append(flags, "-key-file")
703 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]704 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]705 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]706 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]707 }
708
709 flags = append(flags, "-cert-file")
710 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]711 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]712 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]713 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]714 }
715 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]716
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]717 if test.digestPrefs != "" {
718 flags = append(flags, "-digest-prefs")
719 flags = append(flags, test.digestPrefs)
720 }
721
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]722 if test.protocol == dtls {
723 flags = append(flags, "-dtls")
724 }
725
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]726 if test.resumeSession {
727 flags = append(flags, "-resume")
728 }
729
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]730 if test.shimWritesFirst {
731 flags = append(flags, "-shim-writes-first")
732 }
733
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]734 if test.shimShutsDown {
735 flags = append(flags, "-shim-shuts-down")
736 }
737
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]738 if test.exportKeyingMaterial > 0 {
739 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
740 flags = append(flags, "-export-label", test.exportLabel)
741 flags = append(flags, "-export-context", test.exportContext)
742 if test.useExportContext {
743 flags = append(flags, "-use-export-context")
744 }
745 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]746 if test.expectResumeRejected {
747 flags = append(flags, "-expect-session-miss")
748 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]749
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]750 if test.testTLSUnique {
751 flags = append(flags, "-tls-unique")
752 }
753
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]754 flags = append(flags, test.flags...)
755
756 var shim *exec.Cmd
757 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]758 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]759 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]760 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]761 } else if *useLLDB {
762 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]763 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]764 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]765 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]766 shim.Stdin = os.Stdin
767 var stdoutBuf, stderrBuf bytes.Buffer
768 shim.Stdout = &stdoutBuf
769 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]770 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]771 shim.Env = os.Environ()
772 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]773 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]774 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]775 }
776 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
777 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]778
779 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]780 panic(err)
781 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]782 waitChan := make(chan error, 1)
783 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]784
785 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]786 if !test.noSessionCache {
787 config.ClientSessionCache = NewLRUClientSessionCache(1)
788 config.ServerSessionCache = NewLRUServerSessionCache(1)
789 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]790 if test.testType == clientTest {
791 if len(config.Certificates) == 0 {
792 config.Certificates = []Certificate{getRSACertificate()}
793 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]794 } else {
795 // Supply a ServerName to ensure a constant session cache key,
796 // rather than falling back to net.Conn.RemoteAddr.
797 if len(config.ServerName) == 0 {
798 config.ServerName = "test"
799 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]800 }
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]801 if *fuzzer {
802 config.Bugs.NullAllCiphers = true
803 }
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]804 if *deterministic {
805 config.Rand = &deterministicRand{}
806 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]807
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]808 conn, err := acceptOrWait(listener, waitChan)
809 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]810 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]811 conn.Close()
812 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]813
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]814 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]815 var resumeConfig Config
816 if test.resumeConfig != nil {
817 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]818 if len(resumeConfig.ServerName) == 0 {
819 resumeConfig.ServerName = config.ServerName
820 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]821 if len(resumeConfig.Certificates) == 0 {
822 resumeConfig.Certificates = []Certificate{getRSACertificate()}
823 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]824 if test.newSessionsOnResume {
825 if !test.noSessionCache {
826 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
827 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
828 }
829 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]830 resumeConfig.SessionTicketKey = config.SessionTicketKey
831 resumeConfig.ClientSessionCache = config.ClientSessionCache
832 resumeConfig.ServerSessionCache = config.ServerSessionCache
833 }
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]834 if *fuzzer {
835 resumeConfig.Bugs.NullAllCiphers = true
836 }
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]837 resumeConfig.Rand = config.Rand
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]838 } else {
839 resumeConfig = config
840 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]841 var connResume net.Conn
842 connResume, err = acceptOrWait(listener, waitChan)
843 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]844 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]845 connResume.Close()
846 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]847 }
848
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]849 // Close the listener now. This is to avoid hangs should the shim try to
850 // open more connections than expected.
851 listener.Close()
852 listener = nil
853
854 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]855 if exitError, ok := childErr.(*exec.ExitError); ok {
856 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
857 return errMoreMallocs
858 }
859 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]860
David Benjamin9bea3492016-03-02 10:59:16 -0500[diff] [blame]861 // Account for Windows line endings.
862 stdout := strings.Replace(string(stdoutBuf.Bytes()), "\r\n", "\n", -1)
863 stderr := strings.Replace(string(stderrBuf.Bytes()), "\r\n", "\n", -1)
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]864
865 // Separate the errors from the shim and those from tools like
866 // AddressSanitizer.
867 var extraStderr string
868 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
869 stderr = stderrParts[0]
870 extraStderr = stderrParts[1]
871 }
872
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]873 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]874 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]875 localError := "none"
876 if err != nil {
877 localError = err.Error()
878 }
879 if len(test.expectedLocalError) != 0 {
880 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
881 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]882
883 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]884 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]885 if childErr != nil {
886 childError = childErr.Error()
887 }
888
889 var msg string
890 switch {
891 case failed && !test.shouldFail:
892 msg = "unexpected failure"
893 case !failed && test.shouldFail:
894 msg = "unexpected success"
895 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]896 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]897 default:
898 panic("internal error")
899 }
900
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]901 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]902 }
903
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]904 if !*useValgrind && (len(extraStderr) > 0 || (!failed && len(stderr) > 0)) {
905 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]906 }
907
908 return nil
909}
910
911var tlsVersions = []struct {
912 name string
913 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]914 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]915 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]916}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]917 {"SSL3", VersionSSL30, "-no-ssl3", false},
918 {"TLS1", VersionTLS10, "-no-tls1", true},
919 {"TLS11", VersionTLS11, "-no-tls11", false},
920 {"TLS12", VersionTLS12, "-no-tls12", true},
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]921 // TODO(nharper): Once we have a real implementation of TLS 1.3, update the name here.
922 {"FakeTLS13", VersionTLS13, "-no-tls13", false},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]923}
924
925var testCipherSuites = []struct {
926 name string
927 id uint16
928}{
929 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]930 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]931 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]932 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]933 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]934 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]935 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]936 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
937 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]938 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]939 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
940 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]941 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]942 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
943 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]944 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
945 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]946 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]947 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]948 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]949 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]950 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]951 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]952 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]953 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]954 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]955 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]956 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]957 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]958 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]959 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]960 {"CECPQ1-RSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256},
961 {"CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
962 {"CECPQ1-RSA-AES256-GCM-SHA384", TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
963 {"CECPQ1-ECDSA-AES256-GCM-SHA384", TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]964 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
965 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]966 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
967 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]968 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
Steven Valdez3084e7b2016-06-02 12:07:20 -0400[diff] [blame]969 {"ECDHE-PSK-AES128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
970 {"ECDHE-PSK-AES256-GCM-SHA384", TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]971 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]972 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]973 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]974 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]975}
976
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]977func hasComponent(suiteName, component string) bool {
978 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
979}
980
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]981func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]982 return hasComponent(suiteName, "GCM") ||
983 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]984 hasComponent(suiteName, "SHA384") ||
985 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]986}
987
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]988func isTLS13Suite(suiteName string) bool {
989 return (hasComponent(suiteName, "GCM") || hasComponent(suiteName, "POLY1305")) && hasComponent(suiteName, "ECDHE") && !hasComponent(suiteName, "OLD")
990}
991
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]992func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]993 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]994}
995
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]996func bigFromHex(hex string) *big.Int {
997 ret, ok := new(big.Int).SetString(hex, 16)
998 if !ok {
999 panic("failed to parse hex number 0x" + hex)
1000 }
1001 return ret
1002}
1003
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1004func addBasicTests() {
1005 basicTests := []testCase{
1006 {
1007 name: "BadRSASignature",
1008 config: Config{
1009 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1010 Bugs: ProtocolBugs{
1011 InvalidSKXSignature: true,
1012 },
1013 },
1014 shouldFail: true,
1015 expectedError: ":BAD_SIGNATURE:",
1016 },
1017 {
1018 name: "BadECDSASignature",
1019 config: Config{
1020 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1021 Bugs: ProtocolBugs{
1022 InvalidSKXSignature: true,
1023 },
1024 Certificates: []Certificate{getECDSACertificate()},
1025 },
1026 shouldFail: true,
1027 expectedError: ":BAD_SIGNATURE:",
1028 },
1029 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]1030 testType: serverTest,
1031 name: "BadRSASignature-ClientAuth",
1032 config: Config{
1033 Bugs: ProtocolBugs{
1034 InvalidCertVerifySignature: true,
1035 },
1036 Certificates: []Certificate{getRSACertificate()},
1037 },
1038 shouldFail: true,
1039 expectedError: ":BAD_SIGNATURE:",
1040 flags: []string{"-require-any-client-certificate"},
1041 },
1042 {
1043 testType: serverTest,
1044 name: "BadECDSASignature-ClientAuth",
1045 config: Config{
1046 Bugs: ProtocolBugs{
1047 InvalidCertVerifySignature: true,
1048 },
1049 Certificates: []Certificate{getECDSACertificate()},
1050 },
1051 shouldFail: true,
1052 expectedError: ":BAD_SIGNATURE:",
1053 flags: []string{"-require-any-client-certificate"},
1054 },
1055 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1056 name: "BadECDSACurve",
1057 config: Config{
1058 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1059 Bugs: ProtocolBugs{
1060 InvalidSKXCurve: true,
1061 },
1062 Certificates: []Certificate{getECDSACertificate()},
1063 },
1064 shouldFail: true,
1065 expectedError: ":WRONG_CURVE:",
1066 },
1067 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1068 name: "NoFallbackSCSV",
1069 config: Config{
1070 Bugs: ProtocolBugs{
1071 FailIfNotFallbackSCSV: true,
1072 },
1073 },
1074 shouldFail: true,
1075 expectedLocalError: "no fallback SCSV found",
1076 },
1077 {
1078 name: "SendFallbackSCSV",
1079 config: Config{
1080 Bugs: ProtocolBugs{
1081 FailIfNotFallbackSCSV: true,
1082 },
1083 },
1084 flags: []string{"-fallback-scsv"},
1085 },
1086 {
1087 name: "ClientCertificateTypes",
1088 config: Config{
1089 ClientAuth: RequestClientCert,
1090 ClientCertificateTypes: []byte{
1091 CertTypeDSSSign,
1092 CertTypeRSASign,
1093 CertTypeECDSASign,
1094 },
1095 },
1096 flags: []string{
1097 "-expect-certificate-types",
1098 base64.StdEncoding.EncodeToString([]byte{
1099 CertTypeDSSSign,
1100 CertTypeRSASign,
1101 CertTypeECDSASign,
1102 }),
1103 },
1104 },
1105 {
1106 name: "NoClientCertificate",
1107 config: Config{
1108 ClientAuth: RequireAnyClientCert,
1109 },
1110 shouldFail: true,
1111 expectedLocalError: "client didn't provide a certificate",
1112 },
1113 {
1114 name: "UnauthenticatedECDH",
1115 config: Config{
1116 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1117 Bugs: ProtocolBugs{
1118 UnauthenticatedECDH: true,
1119 },
1120 },
1121 shouldFail: true,
1122 expectedError: ":UNEXPECTED_MESSAGE:",
1123 },
1124 {
1125 name: "SkipCertificateStatus",
1126 config: Config{
1127 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1128 Bugs: ProtocolBugs{
1129 SkipCertificateStatus: true,
1130 },
1131 },
1132 flags: []string{
1133 "-enable-ocsp-stapling",
1134 },
1135 },
1136 {
1137 name: "SkipServerKeyExchange",
1138 config: Config{
1139 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1140 Bugs: ProtocolBugs{
1141 SkipServerKeyExchange: true,
1142 },
1143 },
1144 shouldFail: true,
1145 expectedError: ":UNEXPECTED_MESSAGE:",
1146 },
1147 {
1148 name: "SkipChangeCipherSpec-Client",
1149 config: Config{
1150 Bugs: ProtocolBugs{
1151 SkipChangeCipherSpec: true,
1152 },
1153 },
1154 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1155 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1156 },
1157 {
1158 testType: serverTest,
1159 name: "SkipChangeCipherSpec-Server",
1160 config: Config{
1161 Bugs: ProtocolBugs{
1162 SkipChangeCipherSpec: true,
1163 },
1164 },
1165 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1166 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1167 },
1168 {
1169 testType: serverTest,
1170 name: "SkipChangeCipherSpec-Server-NPN",
1171 config: Config{
1172 NextProtos: []string{"bar"},
1173 Bugs: ProtocolBugs{
1174 SkipChangeCipherSpec: true,
1175 },
1176 },
1177 flags: []string{
1178 "-advertise-npn", "\x03foo\x03bar\x03baz",
1179 },
1180 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1181 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1182 },
1183 {
1184 name: "FragmentAcrossChangeCipherSpec-Client",
1185 config: Config{
1186 Bugs: ProtocolBugs{
1187 FragmentAcrossChangeCipherSpec: true,
1188 },
1189 },
1190 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1191 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1192 },
1193 {
1194 testType: serverTest,
1195 name: "FragmentAcrossChangeCipherSpec-Server",
1196 config: Config{
1197 Bugs: ProtocolBugs{
1198 FragmentAcrossChangeCipherSpec: true,
1199 },
1200 },
1201 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1202 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1203 },
1204 {
1205 testType: serverTest,
1206 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1207 config: Config{
1208 NextProtos: []string{"bar"},
1209 Bugs: ProtocolBugs{
1210 FragmentAcrossChangeCipherSpec: true,
1211 },
1212 },
1213 flags: []string{
1214 "-advertise-npn", "\x03foo\x03bar\x03baz",
1215 },
1216 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1217 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1218 },
1219 {
1220 testType: serverTest,
1221 name: "Alert",
1222 config: Config{
1223 Bugs: ProtocolBugs{
1224 SendSpuriousAlert: alertRecordOverflow,
1225 },
1226 },
1227 shouldFail: true,
1228 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1229 },
1230 {
1231 protocol: dtls,
1232 testType: serverTest,
1233 name: "Alert-DTLS",
1234 config: Config{
1235 Bugs: ProtocolBugs{
1236 SendSpuriousAlert: alertRecordOverflow,
1237 },
1238 },
1239 shouldFail: true,
1240 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1241 },
1242 {
1243 testType: serverTest,
1244 name: "FragmentAlert",
1245 config: Config{
1246 Bugs: ProtocolBugs{
1247 FragmentAlert: true,
1248 SendSpuriousAlert: alertRecordOverflow,
1249 },
1250 },
1251 shouldFail: true,
1252 expectedError: ":BAD_ALERT:",
1253 },
1254 {
1255 protocol: dtls,
1256 testType: serverTest,
1257 name: "FragmentAlert-DTLS",
1258 config: Config{
1259 Bugs: ProtocolBugs{
1260 FragmentAlert: true,
1261 SendSpuriousAlert: alertRecordOverflow,
1262 },
1263 },
1264 shouldFail: true,
1265 expectedError: ":BAD_ALERT:",
1266 },
1267 {
1268 testType: serverTest,
David Benjamin0d3a8c62016-03-11 22:25:18 -0500[diff] [blame]1269 name: "DoubleAlert",
1270 config: Config{
1271 Bugs: ProtocolBugs{
1272 DoubleAlert: true,
1273 SendSpuriousAlert: alertRecordOverflow,
1274 },
1275 },
1276 shouldFail: true,
1277 expectedError: ":BAD_ALERT:",
1278 },
1279 {
1280 protocol: dtls,
1281 testType: serverTest,
1282 name: "DoubleAlert-DTLS",
1283 config: Config{
1284 Bugs: ProtocolBugs{
1285 DoubleAlert: true,
1286 SendSpuriousAlert: alertRecordOverflow,
1287 },
1288 },
1289 shouldFail: true,
1290 expectedError: ":BAD_ALERT:",
1291 },
1292 {
1293 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1294 name: "EarlyChangeCipherSpec-server-1",
1295 config: Config{
1296 Bugs: ProtocolBugs{
1297 EarlyChangeCipherSpec: 1,
1298 },
1299 },
1300 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1301 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1302 },
1303 {
1304 testType: serverTest,
1305 name: "EarlyChangeCipherSpec-server-2",
1306 config: Config{
1307 Bugs: ProtocolBugs{
1308 EarlyChangeCipherSpec: 2,
1309 },
1310 },
1311 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1312 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1313 },
1314 {
David Benjamin8144f992016-06-22 17:05:13 -0400[diff] [blame]1315 protocol: dtls,
1316 name: "StrayChangeCipherSpec",
1317 config: Config{
1318 Bugs: ProtocolBugs{
1319 StrayChangeCipherSpec: true,
1320 },
1321 },
1322 },
1323 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1324 name: "SkipNewSessionTicket",
1325 config: Config{
1326 Bugs: ProtocolBugs{
1327 SkipNewSessionTicket: true,
1328 },
1329 },
1330 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1331 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1332 },
1333 {
1334 testType: serverTest,
1335 name: "FallbackSCSV",
1336 config: Config{
1337 MaxVersion: VersionTLS11,
1338 Bugs: ProtocolBugs{
1339 SendFallbackSCSV: true,
1340 },
1341 },
1342 shouldFail: true,
1343 expectedError: ":INAPPROPRIATE_FALLBACK:",
1344 },
1345 {
1346 testType: serverTest,
1347 name: "FallbackSCSV-VersionMatch",
1348 config: Config{
1349 Bugs: ProtocolBugs{
1350 SendFallbackSCSV: true,
1351 },
1352 },
1353 },
1354 {
1355 testType: serverTest,
1356 name: "FragmentedClientVersion",
1357 config: Config{
1358 Bugs: ProtocolBugs{
1359 MaxHandshakeRecordLength: 1,
1360 FragmentClientVersion: true,
1361 },
1362 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1363 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1364 },
1365 {
1366 testType: serverTest,
1367 name: "MinorVersionTolerance",
1368 config: Config{
1369 Bugs: ProtocolBugs{
1370 SendClientVersion: 0x03ff,
1371 },
1372 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1373 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1374 },
1375 {
1376 testType: serverTest,
1377 name: "MajorVersionTolerance",
1378 config: Config{
1379 Bugs: ProtocolBugs{
1380 SendClientVersion: 0x0400,
1381 },
1382 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1383 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1384 },
1385 {
1386 testType: serverTest,
1387 name: "VersionTooLow",
1388 config: Config{
1389 Bugs: ProtocolBugs{
1390 SendClientVersion: 0x0200,
1391 },
1392 },
1393 shouldFail: true,
1394 expectedError: ":UNSUPPORTED_PROTOCOL:",
1395 },
1396 {
1397 testType: serverTest,
1398 name: "HttpGET",
1399 sendPrefix: "GET / HTTP/1.0\n",
1400 shouldFail: true,
1401 expectedError: ":HTTP_REQUEST:",
1402 },
1403 {
1404 testType: serverTest,
1405 name: "HttpPOST",
1406 sendPrefix: "POST / HTTP/1.0\n",
1407 shouldFail: true,
1408 expectedError: ":HTTP_REQUEST:",
1409 },
1410 {
1411 testType: serverTest,
1412 name: "HttpHEAD",
1413 sendPrefix: "HEAD / HTTP/1.0\n",
1414 shouldFail: true,
1415 expectedError: ":HTTP_REQUEST:",
1416 },
1417 {
1418 testType: serverTest,
1419 name: "HttpPUT",
1420 sendPrefix: "PUT / HTTP/1.0\n",
1421 shouldFail: true,
1422 expectedError: ":HTTP_REQUEST:",
1423 },
1424 {
1425 testType: serverTest,
1426 name: "HttpCONNECT",
1427 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1428 shouldFail: true,
1429 expectedError: ":HTTPS_PROXY_REQUEST:",
1430 },
1431 {
1432 testType: serverTest,
1433 name: "Garbage",
1434 sendPrefix: "blah",
1435 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1436 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1437 },
1438 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1439 name: "RSAEphemeralKey",
1440 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1441 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1442 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1443 Bugs: ProtocolBugs{
1444 RSAEphemeralKey: true,
1445 },
1446 },
1447 shouldFail: true,
1448 expectedError: ":UNEXPECTED_MESSAGE:",
1449 },
1450 {
1451 name: "DisableEverything",
Steven Valdez4f94b1c2016-05-24 12:31:07 -0400[diff] [blame]1452 flags: []string{"-no-tls13", "-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1453 shouldFail: true,
1454 expectedError: ":WRONG_SSL_VERSION:",
1455 },
1456 {
1457 protocol: dtls,
1458 name: "DisableEverything-DTLS",
1459 flags: []string{"-no-tls12", "-no-tls1"},
1460 shouldFail: true,
1461 expectedError: ":WRONG_SSL_VERSION:",
1462 },
1463 {
1464 name: "NoSharedCipher",
1465 config: Config{
1466 CipherSuites: []uint16{},
1467 },
1468 shouldFail: true,
1469 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1470 },
1471 {
1472 protocol: dtls,
1473 testType: serverTest,
1474 name: "MTU",
1475 config: Config{
1476 Bugs: ProtocolBugs{
1477 MaxPacketLength: 256,
1478 },
1479 },
1480 flags: []string{"-mtu", "256"},
1481 },
1482 {
1483 protocol: dtls,
1484 testType: serverTest,
1485 name: "MTUExceeded",
1486 config: Config{
1487 Bugs: ProtocolBugs{
1488 MaxPacketLength: 255,
1489 },
1490 },
1491 flags: []string{"-mtu", "256"},
1492 shouldFail: true,
1493 expectedLocalError: "dtls: exceeded maximum packet length",
1494 },
1495 {
1496 name: "CertMismatchRSA",
1497 config: Config{
1498 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1499 Certificates: []Certificate{getECDSACertificate()},
1500 Bugs: ProtocolBugs{
1501 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1502 },
1503 },
1504 shouldFail: true,
1505 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1506 },
1507 {
1508 name: "CertMismatchECDSA",
1509 config: Config{
1510 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1511 Certificates: []Certificate{getRSACertificate()},
1512 Bugs: ProtocolBugs{
1513 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1514 },
1515 },
1516 shouldFail: true,
1517 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1518 },
1519 {
1520 name: "EmptyCertificateList",
1521 config: Config{
1522 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1523 Bugs: ProtocolBugs{
1524 EmptyCertificateList: true,
1525 },
1526 },
1527 shouldFail: true,
1528 expectedError: ":DECODE_ERROR:",
1529 },
1530 {
1531 name: "TLSFatalBadPackets",
1532 damageFirstWrite: true,
1533 shouldFail: true,
1534 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1535 },
1536 {
1537 protocol: dtls,
1538 name: "DTLSIgnoreBadPackets",
1539 damageFirstWrite: true,
1540 },
1541 {
1542 protocol: dtls,
1543 name: "DTLSIgnoreBadPackets-Async",
1544 damageFirstWrite: true,
1545 flags: []string{"-async"},
1546 },
1547 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1548 name: "AppDataBeforeHandshake",
1549 config: Config{
1550 Bugs: ProtocolBugs{
1551 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1552 },
1553 },
1554 shouldFail: true,
1555 expectedError: ":UNEXPECTED_RECORD:",
1556 },
1557 {
1558 name: "AppDataBeforeHandshake-Empty",
1559 config: Config{
1560 Bugs: ProtocolBugs{
1561 AppDataBeforeHandshake: []byte{},
1562 },
1563 },
1564 shouldFail: true,
1565 expectedError: ":UNEXPECTED_RECORD:",
1566 },
1567 {
1568 protocol: dtls,
1569 name: "AppDataBeforeHandshake-DTLS",
1570 config: Config{
1571 Bugs: ProtocolBugs{
1572 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1573 },
1574 },
1575 shouldFail: true,
1576 expectedError: ":UNEXPECTED_RECORD:",
1577 },
1578 {
1579 protocol: dtls,
1580 name: "AppDataBeforeHandshake-DTLS-Empty",
1581 config: Config{
1582 Bugs: ProtocolBugs{
1583 AppDataBeforeHandshake: []byte{},
1584 },
1585 },
1586 shouldFail: true,
1587 expectedError: ":UNEXPECTED_RECORD:",
1588 },
1589 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1590 name: "AppDataAfterChangeCipherSpec",
1591 config: Config{
1592 Bugs: ProtocolBugs{
1593 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1594 },
1595 },
1596 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1597 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1598 },
1599 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1600 name: "AppDataAfterChangeCipherSpec-Empty",
1601 config: Config{
1602 Bugs: ProtocolBugs{
1603 AppDataAfterChangeCipherSpec: []byte{},
1604 },
1605 },
1606 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1607 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1608 },
1609 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1610 protocol: dtls,
1611 name: "AppDataAfterChangeCipherSpec-DTLS",
1612 config: Config{
1613 Bugs: ProtocolBugs{
1614 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1615 },
1616 },
1617 // BoringSSL's DTLS implementation will drop the out-of-order
1618 // application data.
1619 },
1620 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1621 protocol: dtls,
1622 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1623 config: Config{
1624 Bugs: ProtocolBugs{
1625 AppDataAfterChangeCipherSpec: []byte{},
1626 },
1627 },
1628 // BoringSSL's DTLS implementation will drop the out-of-order
1629 // application data.
1630 },
1631 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1632 name: "AlertAfterChangeCipherSpec",
1633 config: Config{
1634 Bugs: ProtocolBugs{
1635 AlertAfterChangeCipherSpec: alertRecordOverflow,
1636 },
1637 },
1638 shouldFail: true,
1639 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1640 },
1641 {
1642 protocol: dtls,
1643 name: "AlertAfterChangeCipherSpec-DTLS",
1644 config: Config{
1645 Bugs: ProtocolBugs{
1646 AlertAfterChangeCipherSpec: alertRecordOverflow,
1647 },
1648 },
1649 shouldFail: true,
1650 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1651 },
1652 {
1653 protocol: dtls,
1654 name: "ReorderHandshakeFragments-Small-DTLS",
1655 config: Config{
1656 Bugs: ProtocolBugs{
1657 ReorderHandshakeFragments: true,
1658 // Small enough that every handshake message is
1659 // fragmented.
1660 MaxHandshakeRecordLength: 2,
1661 },
1662 },
1663 },
1664 {
1665 protocol: dtls,
1666 name: "ReorderHandshakeFragments-Large-DTLS",
1667 config: Config{
1668 Bugs: ProtocolBugs{
1669 ReorderHandshakeFragments: true,
1670 // Large enough that no handshake message is
1671 // fragmented.
1672 MaxHandshakeRecordLength: 2048,
1673 },
1674 },
1675 },
1676 {
1677 protocol: dtls,
1678 name: "MixCompleteMessageWithFragments-DTLS",
1679 config: Config{
1680 Bugs: ProtocolBugs{
1681 ReorderHandshakeFragments: true,
1682 MixCompleteMessageWithFragments: true,
1683 MaxHandshakeRecordLength: 2,
1684 },
1685 },
1686 },
1687 {
1688 name: "SendInvalidRecordType",
1689 config: Config{
1690 Bugs: ProtocolBugs{
1691 SendInvalidRecordType: true,
1692 },
1693 },
1694 shouldFail: true,
1695 expectedError: ":UNEXPECTED_RECORD:",
1696 },
1697 {
1698 protocol: dtls,
1699 name: "SendInvalidRecordType-DTLS",
1700 config: Config{
1701 Bugs: ProtocolBugs{
1702 SendInvalidRecordType: true,
1703 },
1704 },
1705 shouldFail: true,
1706 expectedError: ":UNEXPECTED_RECORD:",
1707 },
1708 {
1709 name: "FalseStart-SkipServerSecondLeg",
1710 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1711 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1712 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1713 NextProtos: []string{"foo"},
1714 Bugs: ProtocolBugs{
1715 SkipNewSessionTicket: true,
1716 SkipChangeCipherSpec: true,
1717 SkipFinished: true,
1718 ExpectFalseStart: true,
1719 },
1720 },
1721 flags: []string{
1722 "-false-start",
1723 "-handshake-never-done",
1724 "-advertise-alpn", "\x03foo",
1725 },
1726 shimWritesFirst: true,
1727 shouldFail: true,
1728 expectedError: ":UNEXPECTED_RECORD:",
1729 },
1730 {
1731 name: "FalseStart-SkipServerSecondLeg-Implicit",
1732 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1733 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1734 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1735 NextProtos: []string{"foo"},
1736 Bugs: ProtocolBugs{
1737 SkipNewSessionTicket: true,
1738 SkipChangeCipherSpec: true,
1739 SkipFinished: true,
1740 },
1741 },
1742 flags: []string{
1743 "-implicit-handshake",
1744 "-false-start",
1745 "-handshake-never-done",
1746 "-advertise-alpn", "\x03foo",
1747 },
1748 shouldFail: true,
1749 expectedError: ":UNEXPECTED_RECORD:",
1750 },
1751 {
1752 testType: serverTest,
1753 name: "FailEarlyCallback",
1754 flags: []string{"-fail-early-callback"},
1755 shouldFail: true,
1756 expectedError: ":CONNECTION_REJECTED:",
1757 expectedLocalError: "remote error: access denied",
1758 },
1759 {
1760 name: "WrongMessageType",
1761 config: Config{
1762 Bugs: ProtocolBugs{
1763 WrongCertificateMessageType: true,
1764 },
1765 },
1766 shouldFail: true,
1767 expectedError: ":UNEXPECTED_MESSAGE:",
1768 expectedLocalError: "remote error: unexpected message",
1769 },
1770 {
1771 protocol: dtls,
1772 name: "WrongMessageType-DTLS",
1773 config: Config{
1774 Bugs: ProtocolBugs{
1775 WrongCertificateMessageType: true,
1776 },
1777 },
1778 shouldFail: true,
1779 expectedError: ":UNEXPECTED_MESSAGE:",
1780 expectedLocalError: "remote error: unexpected message",
1781 },
1782 {
1783 protocol: dtls,
1784 name: "FragmentMessageTypeMismatch-DTLS",
1785 config: Config{
1786 Bugs: ProtocolBugs{
1787 MaxHandshakeRecordLength: 2,
1788 FragmentMessageTypeMismatch: true,
1789 },
1790 },
1791 shouldFail: true,
1792 expectedError: ":FRAGMENT_MISMATCH:",
1793 },
1794 {
1795 protocol: dtls,
1796 name: "FragmentMessageLengthMismatch-DTLS",
1797 config: Config{
1798 Bugs: ProtocolBugs{
1799 MaxHandshakeRecordLength: 2,
1800 FragmentMessageLengthMismatch: true,
1801 },
1802 },
1803 shouldFail: true,
1804 expectedError: ":FRAGMENT_MISMATCH:",
1805 },
1806 {
1807 protocol: dtls,
1808 name: "SplitFragments-Header-DTLS",
1809 config: Config{
1810 Bugs: ProtocolBugs{
1811 SplitFragments: 2,
1812 },
1813 },
1814 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1815 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1816 },
1817 {
1818 protocol: dtls,
1819 name: "SplitFragments-Boundary-DTLS",
1820 config: Config{
1821 Bugs: ProtocolBugs{
1822 SplitFragments: dtlsRecordHeaderLen,
1823 },
1824 },
1825 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1826 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1827 },
1828 {
1829 protocol: dtls,
1830 name: "SplitFragments-Body-DTLS",
1831 config: Config{
1832 Bugs: ProtocolBugs{
1833 SplitFragments: dtlsRecordHeaderLen + 1,
1834 },
1835 },
1836 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1837 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1838 },
1839 {
1840 protocol: dtls,
1841 name: "SendEmptyFragments-DTLS",
1842 config: Config{
1843 Bugs: ProtocolBugs{
1844 SendEmptyFragments: true,
1845 },
1846 },
1847 },
1848 {
1849 name: "UnsupportedCipherSuite",
1850 config: Config{
1851 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1852 Bugs: ProtocolBugs{
1853 IgnorePeerCipherPreferences: true,
1854 },
1855 },
1856 flags: []string{"-cipher", "DEFAULT:!RC4"},
1857 shouldFail: true,
1858 expectedError: ":WRONG_CIPHER_RETURNED:",
1859 },
1860 {
1861 name: "UnsupportedCurve",
1862 config: Config{
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1863 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1864 CurvePreferences: []CurveID{CurveP256},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1865 Bugs: ProtocolBugs{
1866 IgnorePeerCurvePreferences: true,
1867 },
1868 },
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1869 flags: []string{"-p384-only"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1870 shouldFail: true,
1871 expectedError: ":WRONG_CURVE:",
1872 },
1873 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1874 name: "BadFinished-Client",
1875 config: Config{
1876 Bugs: ProtocolBugs{
1877 BadFinished: true,
1878 },
1879 },
1880 shouldFail: true,
1881 expectedError: ":DIGEST_CHECK_FAILED:",
1882 },
1883 {
1884 testType: serverTest,
1885 name: "BadFinished-Server",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1886 config: Config{
1887 Bugs: ProtocolBugs{
1888 BadFinished: true,
1889 },
1890 },
1891 shouldFail: true,
1892 expectedError: ":DIGEST_CHECK_FAILED:",
1893 },
1894 {
1895 name: "FalseStart-BadFinished",
1896 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1897 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1898 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1899 NextProtos: []string{"foo"},
1900 Bugs: ProtocolBugs{
1901 BadFinished: true,
1902 ExpectFalseStart: true,
1903 },
1904 },
1905 flags: []string{
1906 "-false-start",
1907 "-handshake-never-done",
1908 "-advertise-alpn", "\x03foo",
1909 },
1910 shimWritesFirst: true,
1911 shouldFail: true,
1912 expectedError: ":DIGEST_CHECK_FAILED:",
1913 },
1914 {
1915 name: "NoFalseStart-NoALPN",
1916 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1917 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1918 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1919 Bugs: ProtocolBugs{
1920 ExpectFalseStart: true,
1921 AlertBeforeFalseStartTest: alertAccessDenied,
1922 },
1923 },
1924 flags: []string{
1925 "-false-start",
1926 },
1927 shimWritesFirst: true,
1928 shouldFail: true,
1929 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1930 expectedLocalError: "tls: peer did not false start: EOF",
1931 },
1932 {
1933 name: "NoFalseStart-NoAEAD",
1934 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1935 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1936 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1937 NextProtos: []string{"foo"},
1938 Bugs: ProtocolBugs{
1939 ExpectFalseStart: true,
1940 AlertBeforeFalseStartTest: alertAccessDenied,
1941 },
1942 },
1943 flags: []string{
1944 "-false-start",
1945 "-advertise-alpn", "\x03foo",
1946 },
1947 shimWritesFirst: true,
1948 shouldFail: true,
1949 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1950 expectedLocalError: "tls: peer did not false start: EOF",
1951 },
1952 {
1953 name: "NoFalseStart-RSA",
1954 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1955 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1956 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1957 NextProtos: []string{"foo"},
1958 Bugs: ProtocolBugs{
1959 ExpectFalseStart: true,
1960 AlertBeforeFalseStartTest: alertAccessDenied,
1961 },
1962 },
1963 flags: []string{
1964 "-false-start",
1965 "-advertise-alpn", "\x03foo",
1966 },
1967 shimWritesFirst: true,
1968 shouldFail: true,
1969 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1970 expectedLocalError: "tls: peer did not false start: EOF",
1971 },
1972 {
1973 name: "NoFalseStart-DHE_RSA",
1974 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1975 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1976 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1977 NextProtos: []string{"foo"},
1978 Bugs: ProtocolBugs{
1979 ExpectFalseStart: true,
1980 AlertBeforeFalseStartTest: alertAccessDenied,
1981 },
1982 },
1983 flags: []string{
1984 "-false-start",
1985 "-advertise-alpn", "\x03foo",
1986 },
1987 shimWritesFirst: true,
1988 shouldFail: true,
1989 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1990 expectedLocalError: "tls: peer did not false start: EOF",
1991 },
1992 {
1993 testType: serverTest,
1994 name: "NoSupportedCurves",
1995 config: Config{
1996 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1997 Bugs: ProtocolBugs{
1998 NoSupportedCurves: true,
1999 },
2000 },
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2001 shouldFail: true,
2002 expectedError: ":NO_SHARED_CIPHER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2003 },
2004 {
2005 testType: serverTest,
2006 name: "NoCommonCurves",
2007 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2008 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2009 CipherSuites: []uint16{
2010 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2011 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
2012 },
2013 CurvePreferences: []CurveID{CurveP224},
2014 },
2015 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
2016 },
2017 {
2018 protocol: dtls,
2019 name: "SendSplitAlert-Sync",
2020 config: Config{
2021 Bugs: ProtocolBugs{
2022 SendSplitAlert: true,
2023 },
2024 },
2025 },
2026 {
2027 protocol: dtls,
2028 name: "SendSplitAlert-Async",
2029 config: Config{
2030 Bugs: ProtocolBugs{
2031 SendSplitAlert: true,
2032 },
2033 },
2034 flags: []string{"-async"},
2035 },
2036 {
2037 protocol: dtls,
2038 name: "PackDTLSHandshake",
2039 config: Config{
2040 Bugs: ProtocolBugs{
2041 MaxHandshakeRecordLength: 2,
2042 PackHandshakeFragments: 20,
2043 PackHandshakeRecords: 200,
2044 },
2045 },
2046 },
2047 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2048 name: "SendEmptyRecords-Pass",
2049 sendEmptyRecords: 32,
2050 },
2051 {
2052 name: "SendEmptyRecords",
2053 sendEmptyRecords: 33,
2054 shouldFail: true,
2055 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2056 },
2057 {
2058 name: "SendEmptyRecords-Async",
2059 sendEmptyRecords: 33,
2060 flags: []string{"-async"},
2061 shouldFail: true,
2062 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2063 },
2064 {
2065 name: "SendWarningAlerts-Pass",
2066 sendWarningAlerts: 4,
2067 },
2068 {
2069 protocol: dtls,
2070 name: "SendWarningAlerts-DTLS-Pass",
2071 sendWarningAlerts: 4,
2072 },
2073 {
2074 name: "SendWarningAlerts",
2075 sendWarningAlerts: 5,
2076 shouldFail: true,
2077 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2078 },
2079 {
2080 name: "SendWarningAlerts-Async",
2081 sendWarningAlerts: 5,
2082 flags: []string{"-async"},
2083 shouldFail: true,
2084 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2085 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2086 {
2087 name: "EmptySessionID",
2088 config: Config{
2089 SessionTicketsDisabled: true,
2090 },
2091 noSessionCache: true,
2092 flags: []string{"-expect-no-session"},
2093 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2094 {
2095 name: "Unclean-Shutdown",
2096 config: Config{
2097 Bugs: ProtocolBugs{
2098 NoCloseNotify: true,
2099 ExpectCloseNotify: true,
2100 },
2101 },
2102 shimShutsDown: true,
2103 flags: []string{"-check-close-notify"},
2104 shouldFail: true,
2105 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
2106 },
2107 {
2108 name: "Unclean-Shutdown-Ignored",
2109 config: Config{
2110 Bugs: ProtocolBugs{
2111 NoCloseNotify: true,
2112 },
2113 },
2114 shimShutsDown: true,
2115 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2116 {
David Benjaminfa214e42016-05-10 17:03:10 -0400[diff] [blame]2117 name: "Unclean-Shutdown-Alert",
2118 config: Config{
2119 Bugs: ProtocolBugs{
2120 SendAlertOnShutdown: alertDecompressionFailure,
2121 ExpectCloseNotify: true,
2122 },
2123 },
2124 shimShutsDown: true,
2125 flags: []string{"-check-close-notify"},
2126 shouldFail: true,
2127 expectedError: ":SSLV3_ALERT_DECOMPRESSION_FAILURE:",
2128 },
2129 {
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2130 name: "LargePlaintext",
2131 config: Config{
2132 Bugs: ProtocolBugs{
2133 SendLargeRecords: true,
2134 },
2135 },
2136 messageLen: maxPlaintext + 1,
2137 shouldFail: true,
2138 expectedError: ":DATA_LENGTH_TOO_LONG:",
2139 },
2140 {
2141 protocol: dtls,
2142 name: "LargePlaintext-DTLS",
2143 config: Config{
2144 Bugs: ProtocolBugs{
2145 SendLargeRecords: true,
2146 },
2147 },
2148 messageLen: maxPlaintext + 1,
2149 shouldFail: true,
2150 expectedError: ":DATA_LENGTH_TOO_LONG:",
2151 },
2152 {
2153 name: "LargeCiphertext",
2154 config: Config{
2155 Bugs: ProtocolBugs{
2156 SendLargeRecords: true,
2157 },
2158 },
2159 messageLen: maxPlaintext * 2,
2160 shouldFail: true,
2161 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
2162 },
2163 {
2164 protocol: dtls,
2165 name: "LargeCiphertext-DTLS",
2166 config: Config{
2167 Bugs: ProtocolBugs{
2168 SendLargeRecords: true,
2169 },
2170 },
2171 messageLen: maxPlaintext * 2,
2172 // Unlike the other four cases, DTLS drops records which
2173 // are invalid before authentication, so the connection
2174 // does not fail.
2175 expectMessageDropped: true,
2176 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2177 {
2178 name: "SendEmptySessionTicket",
2179 config: Config{
2180 Bugs: ProtocolBugs{
2181 SendEmptySessionTicket: true,
2182 FailIfSessionOffered: true,
2183 },
2184 },
2185 flags: []string{"-expect-no-session"},
2186 resumeSession: true,
2187 expectResumeRejected: true,
2188 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]2189 {
2190 name: "CheckLeafCurve",
2191 config: Config{
2192 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2193 Certificates: []Certificate{getECDSACertificate()},
2194 },
2195 flags: []string{"-p384-only"},
2196 shouldFail: true,
2197 expectedError: ":BAD_ECC_CERT:",
2198 },
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2199 {
2200 name: "BadChangeCipherSpec-1",
2201 config: Config{
2202 Bugs: ProtocolBugs{
2203 BadChangeCipherSpec: []byte{2},
2204 },
2205 },
2206 shouldFail: true,
2207 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2208 },
2209 {
2210 name: "BadChangeCipherSpec-2",
2211 config: Config{
2212 Bugs: ProtocolBugs{
2213 BadChangeCipherSpec: []byte{1, 1},
2214 },
2215 },
2216 shouldFail: true,
2217 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2218 },
2219 {
2220 protocol: dtls,
2221 name: "BadChangeCipherSpec-DTLS-1",
2222 config: Config{
2223 Bugs: ProtocolBugs{
2224 BadChangeCipherSpec: []byte{2},
2225 },
2226 },
2227 shouldFail: true,
2228 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2229 },
2230 {
2231 protocol: dtls,
2232 name: "BadChangeCipherSpec-DTLS-2",
2233 config: Config{
2234 Bugs: ProtocolBugs{
2235 BadChangeCipherSpec: []byte{1, 1},
2236 },
2237 },
2238 shouldFail: true,
2239 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2240 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2241 {
2242 name: "BadHelloRequest-1",
2243 renegotiate: 1,
2244 config: Config{
2245 Bugs: ProtocolBugs{
2246 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2247 },
2248 },
2249 flags: []string{
2250 "-renegotiate-freely",
2251 "-expect-total-renegotiations", "1",
2252 },
2253 shouldFail: true,
2254 expectedError: ":BAD_HELLO_REQUEST:",
2255 },
2256 {
2257 name: "BadHelloRequest-2",
2258 renegotiate: 1,
2259 config: Config{
2260 Bugs: ProtocolBugs{
2261 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2262 },
2263 },
2264 flags: []string{
2265 "-renegotiate-freely",
2266 "-expect-total-renegotiations", "1",
2267 },
2268 shouldFail: true,
2269 expectedError: ":BAD_HELLO_REQUEST:",
2270 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2271 {
2272 testType: serverTest,
2273 name: "SupportTicketsWithSessionID",
2274 config: Config{
2275 SessionTicketsDisabled: true,
2276 },
2277 resumeConfig: &Config{},
2278 resumeSession: true,
2279 },
David Benjamin2b07fa42016-03-02 00:23:57 -0500[diff] [blame]2280 {
2281 name: "InvalidECDHPoint-Client",
2282 config: Config{
2283 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2284 CurvePreferences: []CurveID{CurveP256},
2285 Bugs: ProtocolBugs{
2286 InvalidECDHPoint: true,
2287 },
2288 },
2289 shouldFail: true,
2290 expectedError: ":INVALID_ENCODING:",
2291 },
2292 {
2293 testType: serverTest,
2294 name: "InvalidECDHPoint-Server",
2295 config: Config{
2296 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2297 CurvePreferences: []CurveID{CurveP256},
2298 Bugs: ProtocolBugs{
2299 InvalidECDHPoint: true,
2300 },
2301 },
2302 shouldFail: true,
2303 expectedError: ":INVALID_ENCODING:",
2304 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2305 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2306 testCases = append(testCases, basicTests...)
2307}
2308
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2309func addCipherSuiteTests() {
2310 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2311 const psk = "12345"
2312 const pskIdentity = "luggage combo"
2313
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2314 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2315 var certFile string
2316 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2317 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2318 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2319 certFile = ecdsaCertificateFile
2320 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2321 } else {
2322 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2323 certFile = rsaCertificateFile
2324 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2325 }
2326
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2327 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2328 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2329 flags = append(flags,
2330 "-psk", psk,
2331 "-psk-identity", pskIdentity)
2332 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2333 if hasComponent(suite.name, "NULL") {
2334 // NULL ciphers must be explicitly enabled.
2335 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2336 }
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]2337 if hasComponent(suite.name, "CECPQ1") {
2338 // CECPQ1 ciphers must be explicitly enabled.
2339 flags = append(flags, "-cipher", "DEFAULT:kCECPQ1")
2340 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2341
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2342 for _, ver := range tlsVersions {
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2343 for _, protocol := range []protocol{tls, dtls} {
2344 var prefix string
2345 if protocol == dtls {
2346 if !ver.hasDTLS {
2347 continue
2348 }
2349 prefix = "D"
2350 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2351
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2352 var shouldServerFail, shouldClientFail bool
2353 if hasComponent(suite.name, "ECDHE") && ver.version == VersionSSL30 {
2354 // BoringSSL clients accept ECDHE on SSLv3, but
2355 // a BoringSSL server will never select it
2356 // because the extension is missing.
2357 shouldServerFail = true
2358 }
2359 if isTLS12Only(suite.name) && ver.version < VersionTLS12 {
2360 shouldClientFail = true
2361 shouldServerFail = true
2362 }
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2363 if !isTLS13Suite(suite.name) && ver.version == VersionTLS13 {
2364 shouldClientFail = true
2365 shouldServerFail = true
2366 }
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2367 if !isDTLSCipher(suite.name) && protocol == dtls {
2368 shouldClientFail = true
2369 shouldServerFail = true
2370 }
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2371
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2372 var expectedServerError, expectedClientError string
2373 if shouldServerFail {
2374 expectedServerError = ":NO_SHARED_CIPHER:"
2375 }
2376 if shouldClientFail {
2377 expectedClientError = ":WRONG_CIPHER_RETURNED:"
2378 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2379
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2380 testCases = append(testCases, testCase{
2381 testType: serverTest,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2382 protocol: protocol,
2383
2384 name: prefix + ver.name + "-" + suite.name + "-server",
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2385 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2386 MinVersion: ver.version,
2387 MaxVersion: ver.version,
2388 CipherSuites: []uint16{suite.id},
2389 Certificates: []Certificate{cert},
2390 PreSharedKey: []byte(psk),
2391 PreSharedKeyIdentity: pskIdentity,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2392 Bugs: ProtocolBugs{
David Benjamin9acf0ca2016-06-25 00:01:28 -0400[diff] [blame]2393 EnableAllCiphers: shouldServerFail,
2394 IgnorePeerCipherPreferences: shouldServerFail,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2395 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2396 },
2397 certFile: certFile,
2398 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2399 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2400 resumeSession: true,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2401 shouldFail: shouldServerFail,
2402 expectedError: expectedServerError,
2403 })
2404
2405 testCases = append(testCases, testCase{
2406 testType: clientTest,
2407 protocol: protocol,
2408 name: prefix + ver.name + "-" + suite.name + "-client",
2409 config: Config{
2410 MinVersion: ver.version,
2411 MaxVersion: ver.version,
2412 CipherSuites: []uint16{suite.id},
2413 Certificates: []Certificate{cert},
2414 PreSharedKey: []byte(psk),
2415 PreSharedKeyIdentity: pskIdentity,
2416 Bugs: ProtocolBugs{
David Benjamin9acf0ca2016-06-25 00:01:28 -0400[diff] [blame]2417 EnableAllCiphers: shouldClientFail,
2418 IgnorePeerCipherPreferences: shouldClientFail,
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2419 },
2420 },
2421 flags: flags,
2422 resumeSession: true,
2423 shouldFail: shouldClientFail,
2424 expectedError: expectedClientError,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2425 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2426
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2427 if !shouldClientFail {
2428 // Ensure the maximum record size is accepted.
2429 testCases = append(testCases, testCase{
2430 name: prefix + ver.name + "-" + suite.name + "-LargeRecord",
2431 config: Config{
2432 MinVersion: ver.version,
2433 MaxVersion: ver.version,
2434 CipherSuites: []uint16{suite.id},
2435 Certificates: []Certificate{cert},
2436 PreSharedKey: []byte(psk),
2437 PreSharedKeyIdentity: pskIdentity,
2438 },
2439 flags: flags,
2440 messageLen: maxPlaintext,
2441 })
2442 }
2443 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2444 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2445 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2446
2447 testCases = append(testCases, testCase{
2448 name: "WeakDH",
2449 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2450 MaxVersion: VersionTLS12,
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2451 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2452 Bugs: ProtocolBugs{
2453 // This is a 1023-bit prime number, generated
2454 // with:
2455 // openssl gendh 1023 | openssl asn1parse -i
2456 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2457 },
2458 },
2459 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2460 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2461 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2462
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2463 testCases = append(testCases, testCase{
2464 name: "SillyDH",
2465 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2466 MaxVersion: VersionTLS12,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2467 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2468 Bugs: ProtocolBugs{
2469 // This is a 4097-bit prime number, generated
2470 // with:
2471 // openssl gendh 4097 | openssl asn1parse -i
2472 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2473 },
2474 },
2475 shouldFail: true,
2476 expectedError: ":DH_P_TOO_LONG:",
2477 })
2478
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2479 // This test ensures that Diffie-Hellman public values are padded with
2480 // zeros so that they're the same length as the prime. This is to avoid
2481 // hitting a bug in yaSSL.
2482 testCases = append(testCases, testCase{
2483 testType: serverTest,
2484 name: "DHPublicValuePadded",
2485 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2486 MaxVersion: VersionTLS12,
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2487 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2488 Bugs: ProtocolBugs{
2489 RequireDHPublicValueLen: (1025 + 7) / 8,
2490 },
2491 },
2492 flags: []string{"-use-sparse-dh-prime"},
2493 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2494
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2495 // The server must be tolerant to bogus ciphers.
2496 const bogusCipher = 0x1234
2497 testCases = append(testCases, testCase{
2498 testType: serverTest,
2499 name: "UnknownCipher",
2500 config: Config{
2501 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2502 },
2503 })
2504
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2505 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2506 // 1.1 specific cipher suite settings. A server is setup with the given
2507 // cipher lists and then a connection is made for each member of
2508 // expectations. The cipher suite that the server selects must match
2509 // the specified one.
2510 var versionSpecificCiphersTest = []struct {
2511 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2512 // expectations is a map from TLS version to cipher suite id.
2513 expectations map[uint16]uint16
2514 }{
2515 {
2516 // Test that the null case (where no version-specific ciphers are set)
2517 // works as expected.
2518 "RC4-SHA:AES128-SHA", // default ciphers
2519 "", // no ciphers specifically for TLS ≥ 1.0
2520 "", // no ciphers specifically for TLS ≥ 1.1
2521 map[uint16]uint16{
2522 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2523 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2524 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2525 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2526 },
2527 },
2528 {
2529 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2530 // cipher.
2531 "RC4-SHA:AES128-SHA", // default
2532 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2533 "", // no ciphers specifically for TLS ≥ 1.1
2534 map[uint16]uint16{
2535 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2536 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2537 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2538 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2539 },
2540 },
2541 {
2542 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2543 // cipher.
2544 "RC4-SHA:AES128-SHA", // default
2545 "", // no ciphers specifically for TLS ≥ 1.0
2546 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2547 map[uint16]uint16{
2548 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2549 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2550 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2551 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2552 },
2553 },
2554 {
2555 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2556 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2557 "RC4-SHA:AES128-SHA", // default
2558 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2559 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2560 map[uint16]uint16{
2561 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2562 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2563 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2564 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2565 },
2566 },
2567 }
2568
2569 for i, test := range versionSpecificCiphersTest {
2570 for version, expectedCipherSuite := range test.expectations {
2571 flags := []string{"-cipher", test.ciphersDefault}
2572 if len(test.ciphersTLS10) > 0 {
2573 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2574 }
2575 if len(test.ciphersTLS11) > 0 {
2576 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2577 }
2578
2579 testCases = append(testCases, testCase{
2580 testType: serverTest,
2581 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2582 config: Config{
2583 MaxVersion: version,
2584 MinVersion: version,
2585 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2586 },
2587 flags: flags,
2588 expectedCipher: expectedCipherSuite,
2589 })
2590 }
2591 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2592}
2593
2594func addBadECDSASignatureTests() {
2595 for badR := BadValue(1); badR < NumBadValues; badR++ {
2596 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2597 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2598 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2599 config: Config{
2600 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2601 Certificates: []Certificate{getECDSACertificate()},
2602 Bugs: ProtocolBugs{
2603 BadECDSAR: badR,
2604 BadECDSAS: badS,
2605 },
2606 },
2607 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2608 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2609 })
2610 }
2611 }
2612}
2613
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2614func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2615 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2616 name: "MaxCBCPadding",
2617 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2618 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2619 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2620 Bugs: ProtocolBugs{
2621 MaxPadding: true,
2622 },
2623 },
2624 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2625 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2626 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2627 name: "BadCBCPadding",
2628 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2629 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2630 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2631 Bugs: ProtocolBugs{
2632 PaddingFirstByteBad: true,
2633 },
2634 },
2635 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2636 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2637 })
2638 // OpenSSL previously had an issue where the first byte of padding in
2639 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2640 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2641 name: "BadCBCPadding255",
2642 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2643 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2644 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2645 Bugs: ProtocolBugs{
2646 MaxPadding: true,
2647 PaddingFirstByteBadIf255: true,
2648 },
2649 },
2650 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2651 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2652 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2653 })
2654}
2655
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2656func addCBCSplittingTests() {
2657 testCases = append(testCases, testCase{
2658 name: "CBCRecordSplitting",
2659 config: Config{
2660 MaxVersion: VersionTLS10,
2661 MinVersion: VersionTLS10,
2662 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2663 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2664 messageLen: -1, // read until EOF
2665 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2666 flags: []string{
2667 "-async",
2668 "-write-different-record-sizes",
2669 "-cbc-record-splitting",
2670 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2671 })
2672 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2673 name: "CBCRecordSplittingPartialWrite",
2674 config: Config{
2675 MaxVersion: VersionTLS10,
2676 MinVersion: VersionTLS10,
2677 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2678 },
2679 messageLen: -1, // read until EOF
2680 flags: []string{
2681 "-async",
2682 "-write-different-record-sizes",
2683 "-cbc-record-splitting",
2684 "-partial-write",
2685 },
2686 })
2687}
2688
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2689func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2690 // Add a dummy cert pool to stress certificate authority parsing.
2691 // TODO(davidben): Add tests that those values parse out correctly.
2692 certPool := x509.NewCertPool()
2693 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2694 if err != nil {
2695 panic(err)
2696 }
2697 certPool.AddCert(cert)
2698
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2699 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2700 testCases = append(testCases, testCase{
2701 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2702 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2703 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2704 MinVersion: ver.version,
2705 MaxVersion: ver.version,
2706 ClientAuth: RequireAnyClientCert,
2707 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2708 },
2709 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2710 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2711 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2712 },
2713 })
2714 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2715 testType: serverTest,
2716 name: ver.name + "-Server-ClientAuth-RSA",
2717 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2718 MinVersion: ver.version,
2719 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2720 Certificates: []Certificate{rsaCertificate},
2721 },
2722 flags: []string{"-require-any-client-certificate"},
2723 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2724 if ver.version != VersionSSL30 {
2725 testCases = append(testCases, testCase{
2726 testType: serverTest,
2727 name: ver.name + "-Server-ClientAuth-ECDSA",
2728 config: Config{
2729 MinVersion: ver.version,
2730 MaxVersion: ver.version,
2731 Certificates: []Certificate{ecdsaCertificate},
2732 },
2733 flags: []string{"-require-any-client-certificate"},
2734 })
2735 testCases = append(testCases, testCase{
2736 testType: clientTest,
2737 name: ver.name + "-Client-ClientAuth-ECDSA",
2738 config: Config{
2739 MinVersion: ver.version,
2740 MaxVersion: ver.version,
2741 ClientAuth: RequireAnyClientCert,
2742 ClientCAs: certPool,
2743 },
2744 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2745 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2746 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2747 },
2748 })
2749 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2750 }
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2751
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2752 // TODO(davidben): These tests will need TLS 1.3 versions when the
2753 // handshake is separate.
2754
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2755 testCases = append(testCases, testCase{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2756 testType: serverTest,
2757 name: "RequireAnyClientCertificate",
2758 config: Config{
2759 MaxVersion: VersionTLS12,
2760 },
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2761 flags: []string{"-require-any-client-certificate"},
2762 shouldFail: true,
2763 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2764 })
2765
2766 testCases = append(testCases, testCase{
2767 testType: serverTest,
David Benjamindf28c3a2016-03-10 16:11:51 -0500[diff] [blame]2768 name: "RequireAnyClientCertificate-SSL3",
2769 config: Config{
2770 MaxVersion: VersionSSL30,
2771 },
2772 flags: []string{"-require-any-client-certificate"},
2773 shouldFail: true,
2774 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2775 })
2776
2777 testCases = append(testCases, testCase{
2778 testType: serverTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2779 name: "SkipClientCertificate",
2780 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2781 MaxVersion: VersionTLS12,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2782 Bugs: ProtocolBugs{
2783 SkipClientCertificate: true,
2784 },
2785 },
2786 // Setting SSL_VERIFY_PEER allows anonymous clients.
2787 flags: []string{"-verify-peer"},
2788 shouldFail: true,
David Benjamindf28c3a2016-03-10 16:11:51 -0500[diff] [blame]2789 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2790 })
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]2791
2792 // Client auth is only legal in certificate-based ciphers.
2793 testCases = append(testCases, testCase{
2794 testType: clientTest,
2795 name: "ClientAuth-PSK",
2796 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2797 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]2798 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2799 PreSharedKey: []byte("secret"),
2800 ClientAuth: RequireAnyClientCert,
2801 },
2802 flags: []string{
2803 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2804 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2805 "-psk", "secret",
2806 },
2807 shouldFail: true,
2808 expectedError: ":UNEXPECTED_MESSAGE:",
2809 })
2810 testCases = append(testCases, testCase{
2811 testType: clientTest,
2812 name: "ClientAuth-ECDHE_PSK",
2813 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2814 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]2815 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
2816 PreSharedKey: []byte("secret"),
2817 ClientAuth: RequireAnyClientCert,
2818 },
2819 flags: []string{
2820 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2821 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2822 "-psk", "secret",
2823 },
2824 shouldFail: true,
2825 expectedError: ":UNEXPECTED_MESSAGE:",
2826 })
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2827}
2828
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2829func addExtendedMasterSecretTests() {
2830 const expectEMSFlag = "-expect-extended-master-secret"
2831
2832 for _, with := range []bool{false, true} {
2833 prefix := "No"
2834 var flags []string
2835 if with {
2836 prefix = ""
2837 flags = []string{expectEMSFlag}
2838 }
2839
2840 for _, isClient := range []bool{false, true} {
2841 suffix := "-Server"
2842 testType := serverTest
2843 if isClient {
2844 suffix = "-Client"
2845 testType = clientTest
2846 }
2847
2848 for _, ver := range tlsVersions {
2849 test := testCase{
2850 testType: testType,
2851 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2852 config: Config{
2853 MinVersion: ver.version,
2854 MaxVersion: ver.version,
2855 Bugs: ProtocolBugs{
2856 NoExtendedMasterSecret: !with,
2857 RequireExtendedMasterSecret: with,
2858 },
2859 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2860 flags: flags,
2861 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2862 }
2863 if test.shouldFail {
2864 test.expectedLocalError = "extended master secret required but not supported by peer"
2865 }
2866 testCases = append(testCases, test)
2867 }
2868 }
2869 }
2870
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2871 for _, isClient := range []bool{false, true} {
2872 for _, supportedInFirstConnection := range []bool{false, true} {
2873 for _, supportedInResumeConnection := range []bool{false, true} {
2874 boolToWord := func(b bool) string {
2875 if b {
2876 return "Yes"
2877 }
2878 return "No"
2879 }
2880 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2881 if isClient {
2882 suffix += "Client"
2883 } else {
2884 suffix += "Server"
2885 }
2886
2887 supportedConfig := Config{
2888 Bugs: ProtocolBugs{
2889 RequireExtendedMasterSecret: true,
2890 },
2891 }
2892
2893 noSupportConfig := Config{
2894 Bugs: ProtocolBugs{
2895 NoExtendedMasterSecret: true,
2896 },
2897 }
2898
2899 test := testCase{
2900 name: "ExtendedMasterSecret-" + suffix,
2901 resumeSession: true,
2902 }
2903
2904 if !isClient {
2905 test.testType = serverTest
2906 }
2907
2908 if supportedInFirstConnection {
2909 test.config = supportedConfig
2910 } else {
2911 test.config = noSupportConfig
2912 }
2913
2914 if supportedInResumeConnection {
2915 test.resumeConfig = &supportedConfig
2916 } else {
2917 test.resumeConfig = &noSupportConfig
2918 }
2919
2920 switch suffix {
2921 case "YesToYes-Client", "YesToYes-Server":
2922 // When a session is resumed, it should
2923 // still be aware that its master
2924 // secret was generated via EMS and
2925 // thus it's safe to use tls-unique.
2926 test.flags = []string{expectEMSFlag}
2927 case "NoToYes-Server":
2928 // If an original connection did not
2929 // contain EMS, but a resumption
2930 // handshake does, then a server should
2931 // not resume the session.
2932 test.expectResumeRejected = true
2933 case "YesToNo-Server":
2934 // Resuming an EMS session without the
2935 // EMS extension should cause the
2936 // server to abort the connection.
2937 test.shouldFail = true
2938 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2939 case "NoToYes-Client":
2940 // A client should abort a connection
2941 // where the server resumed a non-EMS
2942 // session but echoed the EMS
2943 // extension.
2944 test.shouldFail = true
2945 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2946 case "YesToNo-Client":
2947 // A client should abort a connection
2948 // where the server didn't echo EMS
2949 // when the session used it.
2950 test.shouldFail = true
2951 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2952 }
2953
2954 testCases = append(testCases, test)
2955 }
2956 }
2957 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2958}
2959
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2960// Adds tests that try to cover the range of the handshake state machine, under
2961// various conditions. Some of these are redundant with other tests, but they
2962// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2963func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2964 var tests []testCase
2965
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2966 // TODO(davidben): These tests will need both TLS 1.2 and TLS 1.3
2967 // versions when the handshake becomes completely different.
2968
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2969 // Basic handshake, with resumption. Client and server,
2970 // session ID and session ticket.
2971 tests = append(tests, testCase{
2972 name: "Basic-Client",
2973 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2974 // Ensure session tickets are used, not session IDs.
2975 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2976 })
2977 tests = append(tests, testCase{
2978 name: "Basic-Client-RenewTicket",
2979 config: Config{
2980 Bugs: ProtocolBugs{
2981 RenewTicketOnResume: true,
2982 },
2983 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2984 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2985 resumeSession: true,
2986 })
2987 tests = append(tests, testCase{
2988 name: "Basic-Client-NoTicket",
2989 config: Config{
2990 SessionTicketsDisabled: true,
2991 },
2992 resumeSession: true,
2993 })
2994 tests = append(tests, testCase{
2995 name: "Basic-Client-Implicit",
2996 flags: []string{"-implicit-handshake"},
2997 resumeSession: true,
2998 })
2999 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3000 testType: serverTest,
3001 name: "Basic-Server",
3002 config: Config{
3003 Bugs: ProtocolBugs{
3004 RequireSessionTickets: true,
3005 },
3006 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3007 resumeSession: true,
3008 })
3009 tests = append(tests, testCase{
3010 testType: serverTest,
3011 name: "Basic-Server-NoTickets",
3012 config: Config{
3013 SessionTicketsDisabled: true,
3014 },
3015 resumeSession: true,
3016 })
3017 tests = append(tests, testCase{
3018 testType: serverTest,
3019 name: "Basic-Server-Implicit",
3020 flags: []string{"-implicit-handshake"},
3021 resumeSession: true,
3022 })
3023 tests = append(tests, testCase{
3024 testType: serverTest,
3025 name: "Basic-Server-EarlyCallback",
3026 flags: []string{"-use-early-callback"},
3027 resumeSession: true,
3028 })
3029
3030 // TLS client auth.
3031 tests = append(tests, testCase{
3032 testType: clientTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3033 name: "ClientAuth-NoCertificate-Client",
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3034 config: Config{
3035 ClientAuth: RequestClientCert,
3036 },
3037 })
3038 tests = append(tests, testCase{
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3039 testType: serverTest,
3040 name: "ClientAuth-NoCertificate-Server",
3041 // Setting SSL_VERIFY_PEER allows anonymous clients.
3042 flags: []string{"-verify-peer"},
3043 })
3044 if protocol == tls {
3045 tests = append(tests, testCase{
3046 testType: clientTest,
3047 name: "ClientAuth-NoCertificate-Client-SSL3",
3048 config: Config{
3049 MaxVersion: VersionSSL30,
3050 ClientAuth: RequestClientCert,
3051 },
3052 })
3053 tests = append(tests, testCase{
3054 testType: serverTest,
3055 name: "ClientAuth-NoCertificate-Server-SSL3",
3056 config: Config{
3057 MaxVersion: VersionSSL30,
3058 },
3059 // Setting SSL_VERIFY_PEER allows anonymous clients.
3060 flags: []string{"-verify-peer"},
3061 })
3062 }
3063 tests = append(tests, testCase{
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3064 testType: clientTest,
3065 name: "ClientAuth-NoCertificate-OldCallback",
3066 config: Config{
3067 ClientAuth: RequestClientCert,
3068 },
3069 flags: []string{"-use-old-client-cert-callback"},
3070 })
3071 tests = append(tests, testCase{
3072 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3073 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3074 config: Config{
3075 ClientAuth: RequireAnyClientCert,
3076 },
3077 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3078 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3079 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3080 },
3081 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3082 tests = append(tests, testCase{
3083 testType: clientTest,
3084 name: "ClientAuth-ECDSA-Client",
3085 config: Config{
3086 ClientAuth: RequireAnyClientCert,
3087 },
3088 flags: []string{
3089 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3090 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
3091 },
3092 })
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3093 tests = append(tests, testCase{
3094 testType: clientTest,
3095 name: "ClientAuth-OldCallback",
3096 config: Config{
3097 ClientAuth: RequireAnyClientCert,
3098 },
3099 flags: []string{
3100 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3101 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3102 "-use-old-client-cert-callback",
3103 },
3104 })
3105
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3106 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3107 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3108 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3109 testType: serverTest,
3110 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3111 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3112 MaxVersion: VersionTLS12,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3113 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3114 },
3115 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]3116 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3117 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3118 },
3119 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3120 tests = append(tests, testCase{
3121 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3122 name: "Basic-Server-ECDHE-RSA",
3123 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3124 MaxVersion: VersionTLS12,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3125 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3126 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3127 flags: []string{
3128 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3129 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3130 },
3131 })
3132 tests = append(tests, testCase{
3133 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3134 name: "Basic-Server-ECDHE-ECDSA",
3135 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3136 MaxVersion: VersionTLS12,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3137 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
3138 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3139 flags: []string{
3140 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3141 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3142 },
3143 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3144 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3145 tests = append(tests, testCase{
3146 testType: serverTest,
3147 name: "ClientAuth-Server",
3148 config: Config{
3149 Certificates: []Certificate{rsaCertificate},
3150 },
3151 flags: []string{"-require-any-client-certificate"},
3152 })
3153
3154 // No session ticket support; server doesn't send NewSessionTicket.
3155 tests = append(tests, testCase{
3156 name: "SessionTicketsDisabled-Client",
3157 config: Config{
3158 SessionTicketsDisabled: true,
3159 },
3160 })
3161 tests = append(tests, testCase{
3162 testType: serverTest,
3163 name: "SessionTicketsDisabled-Server",
3164 config: Config{
3165 SessionTicketsDisabled: true,
3166 },
3167 })
3168
3169 // Skip ServerKeyExchange in PSK key exchange if there's no
3170 // identity hint.
3171 tests = append(tests, testCase{
3172 name: "EmptyPSKHint-Client",
3173 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3174 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3175 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3176 PreSharedKey: []byte("secret"),
3177 },
3178 flags: []string{"-psk", "secret"},
3179 })
3180 tests = append(tests, testCase{
3181 testType: serverTest,
3182 name: "EmptyPSKHint-Server",
3183 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3184 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3185 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3186 PreSharedKey: []byte("secret"),
3187 },
3188 flags: []string{"-psk", "secret"},
3189 })
3190
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3191 tests = append(tests, testCase{
3192 testType: clientTest,
3193 name: "OCSPStapling-Client",
3194 flags: []string{
3195 "-enable-ocsp-stapling",
3196 "-expect-ocsp-response",
3197 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3198 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3199 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3200 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3201 })
3202
3203 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]3204 testType: serverTest,
3205 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3206 expectedOCSPResponse: testOCSPResponse,
3207 flags: []string{
3208 "-ocsp-response",
3209 base64.StdEncoding.EncodeToString(testOCSPResponse),
3210 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3211 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3212 })
3213
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3214 tests = append(tests, testCase{
3215 testType: clientTest,
3216 name: "CertificateVerificationSucceed",
3217 flags: []string{
3218 "-verify-peer",
3219 },
3220 })
3221
3222 tests = append(tests, testCase{
3223 testType: clientTest,
3224 name: "CertificateVerificationFail",
3225 flags: []string{
3226 "-verify-fail",
3227 "-verify-peer",
3228 },
3229 shouldFail: true,
3230 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
3231 })
3232
3233 tests = append(tests, testCase{
3234 testType: clientTest,
3235 name: "CertificateVerificationSoftFail",
3236 flags: []string{
3237 "-verify-fail",
3238 "-expect-verify-result",
3239 },
3240 })
3241
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3242 if protocol == tls {
3243 tests = append(tests, testCase{
3244 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3245 renegotiate: 1,
3246 flags: []string{
3247 "-renegotiate-freely",
3248 "-expect-total-renegotiations", "1",
3249 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3250 })
3251 // NPN on client and server; results in post-handshake message.
3252 tests = append(tests, testCase{
3253 name: "NPN-Client",
3254 config: Config{
3255 NextProtos: []string{"foo"},
3256 },
3257 flags: []string{"-select-next-proto", "foo"},
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3258 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3259 expectedNextProto: "foo",
3260 expectedNextProtoType: npn,
3261 })
3262 tests = append(tests, testCase{
3263 testType: serverTest,
3264 name: "NPN-Server",
3265 config: Config{
3266 NextProtos: []string{"bar"},
3267 },
3268 flags: []string{
3269 "-advertise-npn", "\x03foo\x03bar\x03baz",
3270 "-expect-next-proto", "bar",
3271 },
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3272 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3273 expectedNextProto: "bar",
3274 expectedNextProtoType: npn,
3275 })
3276
3277 // TODO(davidben): Add tests for when False Start doesn't trigger.
3278
3279 // Client does False Start and negotiates NPN.
3280 tests = append(tests, testCase{
3281 name: "FalseStart",
3282 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3283 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3284 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3285 NextProtos: []string{"foo"},
3286 Bugs: ProtocolBugs{
3287 ExpectFalseStart: true,
3288 },
3289 },
3290 flags: []string{
3291 "-false-start",
3292 "-select-next-proto", "foo",
3293 },
3294 shimWritesFirst: true,
3295 resumeSession: true,
3296 })
3297
3298 // Client does False Start and negotiates ALPN.
3299 tests = append(tests, testCase{
3300 name: "FalseStart-ALPN",
3301 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3302 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3303 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3304 NextProtos: []string{"foo"},
3305 Bugs: ProtocolBugs{
3306 ExpectFalseStart: true,
3307 },
3308 },
3309 flags: []string{
3310 "-false-start",
3311 "-advertise-alpn", "\x03foo",
3312 },
3313 shimWritesFirst: true,
3314 resumeSession: true,
3315 })
3316
3317 // Client does False Start but doesn't explicitly call
3318 // SSL_connect.
3319 tests = append(tests, testCase{
3320 name: "FalseStart-Implicit",
3321 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3322 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3323 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3324 NextProtos: []string{"foo"},
3325 },
3326 flags: []string{
3327 "-implicit-handshake",
3328 "-false-start",
3329 "-advertise-alpn", "\x03foo",
3330 },
3331 })
3332
3333 // False Start without session tickets.
3334 tests = append(tests, testCase{
3335 name: "FalseStart-SessionTicketsDisabled",
3336 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3337 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3338 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3339 NextProtos: []string{"foo"},
3340 SessionTicketsDisabled: true,
3341 Bugs: ProtocolBugs{
3342 ExpectFalseStart: true,
3343 },
3344 },
3345 flags: []string{
3346 "-false-start",
3347 "-select-next-proto", "foo",
3348 },
3349 shimWritesFirst: true,
3350 })
3351
3352 // Server parses a V2ClientHello.
3353 tests = append(tests, testCase{
3354 testType: serverTest,
3355 name: "SendV2ClientHello",
3356 config: Config{
3357 // Choose a cipher suite that does not involve
3358 // elliptic curves, so no extensions are
3359 // involved.
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3360 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3361 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3362 Bugs: ProtocolBugs{
3363 SendV2ClientHello: true,
3364 },
3365 },
3366 })
3367
3368 // Client sends a Channel ID.
3369 tests = append(tests, testCase{
3370 name: "ChannelID-Client",
3371 config: Config{
3372 RequestChannelID: true,
3373 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3374 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3375 resumeSession: true,
3376 expectChannelID: true,
3377 })
3378
3379 // Server accepts a Channel ID.
3380 tests = append(tests, testCase{
3381 testType: serverTest,
3382 name: "ChannelID-Server",
3383 config: Config{
3384 ChannelID: channelIDKey,
3385 },
3386 flags: []string{
3387 "-expect-channel-id",
3388 base64.StdEncoding.EncodeToString(channelIDBytes),
3389 },
3390 resumeSession: true,
3391 expectChannelID: true,
3392 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3393
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3394 // Channel ID and NPN at the same time, to ensure their relative
3395 // ordering is correct.
3396 tests = append(tests, testCase{
3397 name: "ChannelID-NPN-Client",
3398 config: Config{
3399 RequestChannelID: true,
3400 NextProtos: []string{"foo"},
3401 },
3402 flags: []string{
3403 "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
3404 "-select-next-proto", "foo",
3405 },
3406 resumeSession: true,
3407 expectChannelID: true,
3408 expectedNextProto: "foo",
3409 expectedNextProtoType: npn,
3410 })
3411 tests = append(tests, testCase{
3412 testType: serverTest,
3413 name: "ChannelID-NPN-Server",
3414 config: Config{
3415 ChannelID: channelIDKey,
3416 NextProtos: []string{"bar"},
3417 },
3418 flags: []string{
3419 "-expect-channel-id",
3420 base64.StdEncoding.EncodeToString(channelIDBytes),
3421 "-advertise-npn", "\x03foo\x03bar\x03baz",
3422 "-expect-next-proto", "bar",
3423 },
3424 resumeSession: true,
3425 expectChannelID: true,
3426 expectedNextProto: "bar",
3427 expectedNextProtoType: npn,
3428 })
3429
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3430 // Bidirectional shutdown with the runner initiating.
3431 tests = append(tests, testCase{
3432 name: "Shutdown-Runner",
3433 config: Config{
3434 Bugs: ProtocolBugs{
3435 ExpectCloseNotify: true,
3436 },
3437 },
3438 flags: []string{"-check-close-notify"},
3439 })
3440
3441 // Bidirectional shutdown with the shim initiating. The runner,
3442 // in the meantime, sends garbage before the close_notify which
3443 // the shim must ignore.
3444 tests = append(tests, testCase{
3445 name: "Shutdown-Shim",
3446 config: Config{
3447 Bugs: ProtocolBugs{
3448 ExpectCloseNotify: true,
3449 },
3450 },
3451 shimShutsDown: true,
3452 sendEmptyRecords: 1,
3453 sendWarningAlerts: 1,
3454 flags: []string{"-check-close-notify"},
3455 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3456 } else {
3457 tests = append(tests, testCase{
3458 name: "SkipHelloVerifyRequest",
3459 config: Config{
3460 Bugs: ProtocolBugs{
3461 SkipHelloVerifyRequest: true,
3462 },
3463 },
3464 })
3465 }
3466
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3467 for _, test := range tests {
3468 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3469 if protocol == dtls {
3470 test.name += "-DTLS"
3471 }
3472 if async {
3473 test.name += "-Async"
3474 test.flags = append(test.flags, "-async")
3475 } else {
3476 test.name += "-Sync"
3477 }
3478 if splitHandshake {
3479 test.name += "-SplitHandshakeRecords"
3480 test.config.Bugs.MaxHandshakeRecordLength = 1
3481 if protocol == dtls {
3482 test.config.Bugs.MaxPacketLength = 256
3483 test.flags = append(test.flags, "-mtu", "256")
3484 }
3485 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3486 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3487 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3488}
3489
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3490func addDDoSCallbackTests() {
3491 // DDoS callback.
3492
3493 for _, resume := range []bool{false, true} {
3494 suffix := "Resume"
3495 if resume {
3496 suffix = "No" + suffix
3497 }
3498
3499 testCases = append(testCases, testCase{
3500 testType: serverTest,
3501 name: "Server-DDoS-OK-" + suffix,
3502 flags: []string{"-install-ddos-callback"},
3503 resumeSession: resume,
3504 })
3505
3506 failFlag := "-fail-ddos-callback"
3507 if resume {
3508 failFlag = "-fail-second-ddos-callback"
3509 }
3510 testCases = append(testCases, testCase{
3511 testType: serverTest,
3512 name: "Server-DDoS-Reject-" + suffix,
3513 flags: []string{"-install-ddos-callback", failFlag},
3514 resumeSession: resume,
3515 shouldFail: true,
3516 expectedError: ":CONNECTION_REJECTED:",
3517 })
3518 }
3519}
3520
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3521func addVersionNegotiationTests() {
3522 for i, shimVers := range tlsVersions {
3523 // Assemble flags to disable all newer versions on the shim.
3524 var flags []string
3525 for _, vers := range tlsVersions[i+1:] {
3526 flags = append(flags, vers.flag)
3527 }
3528
3529 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3530 protocols := []protocol{tls}
3531 if runnerVers.hasDTLS && shimVers.hasDTLS {
3532 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3533 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3534 for _, protocol := range protocols {
3535 expectedVersion := shimVers.version
3536 if runnerVers.version < shimVers.version {
3537 expectedVersion = runnerVers.version
3538 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3539
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3540 suffix := shimVers.name + "-" + runnerVers.name
3541 if protocol == dtls {
3542 suffix += "-DTLS"
3543 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3544
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3545 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3546
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3547 clientVers := shimVers.version
3548 if clientVers > VersionTLS10 {
3549 clientVers = VersionTLS10
3550 }
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3551 serverVers := expectedVersion
3552 if expectedVersion >= VersionTLS13 {
3553 serverVers = VersionTLS10
3554 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3555 testCases = append(testCases, testCase{
3556 protocol: protocol,
3557 testType: clientTest,
3558 name: "VersionNegotiation-Client-" + suffix,
3559 config: Config{
3560 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3561 Bugs: ProtocolBugs{
3562 ExpectInitialRecordVersion: clientVers,
3563 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3564 },
3565 flags: flags,
3566 expectedVersion: expectedVersion,
3567 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3568 testCases = append(testCases, testCase{
3569 protocol: protocol,
3570 testType: clientTest,
3571 name: "VersionNegotiation-Client2-" + suffix,
3572 config: Config{
3573 MaxVersion: runnerVers.version,
3574 Bugs: ProtocolBugs{
3575 ExpectInitialRecordVersion: clientVers,
3576 },
3577 },
3578 flags: []string{"-max-version", shimVersFlag},
3579 expectedVersion: expectedVersion,
3580 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3581
3582 testCases = append(testCases, testCase{
3583 protocol: protocol,
3584 testType: serverTest,
3585 name: "VersionNegotiation-Server-" + suffix,
3586 config: Config{
3587 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3588 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3589 ExpectInitialRecordVersion: serverVers,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3590 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3591 },
3592 flags: flags,
3593 expectedVersion: expectedVersion,
3594 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3595 testCases = append(testCases, testCase{
3596 protocol: protocol,
3597 testType: serverTest,
3598 name: "VersionNegotiation-Server2-" + suffix,
3599 config: Config{
3600 MaxVersion: runnerVers.version,
3601 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3602 ExpectInitialRecordVersion: serverVers,
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3603 },
3604 },
3605 flags: []string{"-max-version", shimVersFlag},
3606 expectedVersion: expectedVersion,
3607 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3608 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3609 }
3610 }
3611}
3612
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3613func addMinimumVersionTests() {
3614 for i, shimVers := range tlsVersions {
3615 // Assemble flags to disable all older versions on the shim.
3616 var flags []string
3617 for _, vers := range tlsVersions[:i] {
3618 flags = append(flags, vers.flag)
3619 }
3620
3621 for _, runnerVers := range tlsVersions {
3622 protocols := []protocol{tls}
3623 if runnerVers.hasDTLS && shimVers.hasDTLS {
3624 protocols = append(protocols, dtls)
3625 }
3626 for _, protocol := range protocols {
3627 suffix := shimVers.name + "-" + runnerVers.name
3628 if protocol == dtls {
3629 suffix += "-DTLS"
3630 }
3631 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3632
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3633 var expectedVersion uint16
3634 var shouldFail bool
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3635 var expectedClientError, expectedServerError string
3636 var expectedClientLocalError, expectedServerLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3637 if runnerVers.version >= shimVers.version {
3638 expectedVersion = runnerVers.version
3639 } else {
3640 shouldFail = true
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3641 expectedServerError = ":UNSUPPORTED_PROTOCOL:"
3642 expectedServerLocalError = "remote error: protocol version not supported"
3643 if shimVers.version >= VersionTLS13 && runnerVers.version <= VersionTLS11 {
3644 // If the client's minimum version is TLS 1.3 and the runner's
3645 // maximum is below TLS 1.2, the runner will fail to select a
3646 // cipher before the shim rejects the selected version.
3647 expectedClientError = ":SSLV3_ALERT_HANDSHAKE_FAILURE:"
3648 expectedClientLocalError = "tls: no cipher suite supported by both client and server"
3649 } else {
3650 expectedClientError = expectedServerError
3651 expectedClientLocalError = expectedServerLocalError
3652 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3653 }
3654
3655 testCases = append(testCases, testCase{
3656 protocol: protocol,
3657 testType: clientTest,
3658 name: "MinimumVersion-Client-" + suffix,
3659 config: Config{
3660 MaxVersion: runnerVers.version,
3661 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3662 flags: flags,
3663 expectedVersion: expectedVersion,
3664 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3665 expectedError: expectedClientError,
3666 expectedLocalError: expectedClientLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3667 })
3668 testCases = append(testCases, testCase{
3669 protocol: protocol,
3670 testType: clientTest,
3671 name: "MinimumVersion-Client2-" + suffix,
3672 config: Config{
3673 MaxVersion: runnerVers.version,
3674 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3675 flags: []string{"-min-version", shimVersFlag},
3676 expectedVersion: expectedVersion,
3677 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3678 expectedError: expectedClientError,
3679 expectedLocalError: expectedClientLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3680 })
3681
3682 testCases = append(testCases, testCase{
3683 protocol: protocol,
3684 testType: serverTest,
3685 name: "MinimumVersion-Server-" + suffix,
3686 config: Config{
3687 MaxVersion: runnerVers.version,
3688 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3689 flags: flags,
3690 expectedVersion: expectedVersion,
3691 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3692 expectedError: expectedServerError,
3693 expectedLocalError: expectedServerLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3694 })
3695 testCases = append(testCases, testCase{
3696 protocol: protocol,
3697 testType: serverTest,
3698 name: "MinimumVersion-Server2-" + suffix,
3699 config: Config{
3700 MaxVersion: runnerVers.version,
3701 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3702 flags: []string{"-min-version", shimVersFlag},
3703 expectedVersion: expectedVersion,
3704 shouldFail: shouldFail,
David Benjamin929d4ee2016-06-24 23:55:58 -0400[diff] [blame]3705 expectedError: expectedServerError,
3706 expectedLocalError: expectedServerLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3707 })
3708 }
3709 }
3710 }
3711}
3712
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3713func addExtensionTests() {
3714 testCases = append(testCases, testCase{
3715 testType: clientTest,
3716 name: "DuplicateExtensionClient",
3717 config: Config{
3718 Bugs: ProtocolBugs{
3719 DuplicateExtension: true,
3720 },
3721 },
3722 shouldFail: true,
3723 expectedLocalError: "remote error: error decoding message",
3724 })
3725 testCases = append(testCases, testCase{
3726 testType: serverTest,
3727 name: "DuplicateExtensionServer",
3728 config: Config{
3729 Bugs: ProtocolBugs{
3730 DuplicateExtension: true,
3731 },
3732 },
3733 shouldFail: true,
3734 expectedLocalError: "remote error: error decoding message",
3735 })
3736 testCases = append(testCases, testCase{
3737 testType: clientTest,
3738 name: "ServerNameExtensionClient",
3739 config: Config{
3740 Bugs: ProtocolBugs{
3741 ExpectServerName: "example.com",
3742 },
3743 },
3744 flags: []string{"-host-name", "example.com"},
3745 })
3746 testCases = append(testCases, testCase{
3747 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3748 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3749 config: Config{
3750 Bugs: ProtocolBugs{
3751 ExpectServerName: "mismatch.com",
3752 },
3753 },
3754 flags: []string{"-host-name", "example.com"},
3755 shouldFail: true,
3756 expectedLocalError: "tls: unexpected server name",
3757 })
3758 testCases = append(testCases, testCase{
3759 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3760 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3761 config: Config{
3762 Bugs: ProtocolBugs{
3763 ExpectServerName: "missing.com",
3764 },
3765 },
3766 shouldFail: true,
3767 expectedLocalError: "tls: unexpected server name",
3768 })
3769 testCases = append(testCases, testCase{
3770 testType: serverTest,
3771 name: "ServerNameExtensionServer",
3772 config: Config{
3773 ServerName: "example.com",
3774 },
3775 flags: []string{"-expect-server-name", "example.com"},
3776 resumeSession: true,
3777 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3778 testCases = append(testCases, testCase{
3779 testType: clientTest,
3780 name: "ALPNClient",
3781 config: Config{
3782 NextProtos: []string{"foo"},
3783 },
3784 flags: []string{
3785 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3786 "-expect-alpn", "foo",
3787 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3788 expectedNextProto: "foo",
3789 expectedNextProtoType: alpn,
3790 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3791 })
3792 testCases = append(testCases, testCase{
3793 testType: serverTest,
3794 name: "ALPNServer",
3795 config: Config{
3796 NextProtos: []string{"foo", "bar", "baz"},
3797 },
3798 flags: []string{
3799 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3800 "-select-alpn", "foo",
3801 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3802 expectedNextProto: "foo",
3803 expectedNextProtoType: alpn,
3804 resumeSession: true,
3805 })
David Benjamin594e7d22016-03-17 17:49:56 -0400[diff] [blame]3806 testCases = append(testCases, testCase{
3807 testType: serverTest,
3808 name: "ALPNServer-Decline",
3809 config: Config{
3810 NextProtos: []string{"foo", "bar", "baz"},
3811 },
3812 flags: []string{"-decline-alpn"},
3813 expectNoNextProto: true,
3814 resumeSession: true,
3815 })
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3816 // Test that the server prefers ALPN over NPN.
3817 testCases = append(testCases, testCase{
3818 testType: serverTest,
3819 name: "ALPNServer-Preferred",
3820 config: Config{
3821 NextProtos: []string{"foo", "bar", "baz"},
3822 },
3823 flags: []string{
3824 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3825 "-select-alpn", "foo",
3826 "-advertise-npn", "\x03foo\x03bar\x03baz",
3827 },
3828 expectedNextProto: "foo",
3829 expectedNextProtoType: alpn,
3830 resumeSession: true,
3831 })
3832 testCases = append(testCases, testCase{
3833 testType: serverTest,
3834 name: "ALPNServer-Preferred-Swapped",
3835 config: Config{
3836 NextProtos: []string{"foo", "bar", "baz"},
3837 Bugs: ProtocolBugs{
3838 SwapNPNAndALPN: true,
3839 },
3840 },
3841 flags: []string{
3842 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3843 "-select-alpn", "foo",
3844 "-advertise-npn", "\x03foo\x03bar\x03baz",
3845 },
3846 expectedNextProto: "foo",
3847 expectedNextProtoType: alpn,
3848 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3849 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3850 var emptyString string
3851 testCases = append(testCases, testCase{
3852 testType: clientTest,
3853 name: "ALPNClient-EmptyProtocolName",
3854 config: Config{
3855 NextProtos: []string{""},
3856 Bugs: ProtocolBugs{
3857 // A server returning an empty ALPN protocol
3858 // should be rejected.
3859 ALPNProtocol: &emptyString,
3860 },
3861 },
3862 flags: []string{
3863 "-advertise-alpn", "\x03foo",
3864 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3865 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3866 expectedError: ":PARSE_TLSEXT:",
3867 })
3868 testCases = append(testCases, testCase{
3869 testType: serverTest,
3870 name: "ALPNServer-EmptyProtocolName",
3871 config: Config{
3872 // A ClientHello containing an empty ALPN protocol
3873 // should be rejected.
3874 NextProtos: []string{"foo", "", "baz"},
3875 },
3876 flags: []string{
3877 "-select-alpn", "foo",
3878 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3879 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3880 expectedError: ":PARSE_TLSEXT:",
3881 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3882 // Test that negotiating both NPN and ALPN is forbidden.
3883 testCases = append(testCases, testCase{
3884 name: "NegotiateALPNAndNPN",
3885 config: Config{
3886 NextProtos: []string{"foo", "bar", "baz"},
3887 Bugs: ProtocolBugs{
3888 NegotiateALPNAndNPN: true,
3889 },
3890 },
3891 flags: []string{
3892 "-advertise-alpn", "\x03foo",
3893 "-select-next-proto", "foo",
3894 },
3895 shouldFail: true,
3896 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3897 })
3898 testCases = append(testCases, testCase{
3899 name: "NegotiateALPNAndNPN-Swapped",
3900 config: Config{
3901 NextProtos: []string{"foo", "bar", "baz"},
3902 Bugs: ProtocolBugs{
3903 NegotiateALPNAndNPN: true,
3904 SwapNPNAndALPN: true,
3905 },
3906 },
3907 flags: []string{
3908 "-advertise-alpn", "\x03foo",
3909 "-select-next-proto", "foo",
3910 },
3911 shouldFail: true,
3912 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3913 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3914 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3915 testCases = append(testCases, testCase{
3916 name: "DisableNPN",
3917 config: Config{
3918 NextProtos: []string{"foo"},
3919 },
3920 flags: []string{
3921 "-select-next-proto", "foo",
3922 "-disable-npn",
3923 },
3924 expectNoNextProto: true,
3925 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3926 // Resume with a corrupt ticket.
3927 testCases = append(testCases, testCase{
3928 testType: serverTest,
3929 name: "CorruptTicket",
3930 config: Config{
3931 Bugs: ProtocolBugs{
3932 CorruptTicket: true,
3933 },
3934 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3935 resumeSession: true,
3936 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3937 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3938 // Test the ticket callback, with and without renewal.
3939 testCases = append(testCases, testCase{
3940 testType: serverTest,
3941 name: "TicketCallback",
3942 resumeSession: true,
3943 flags: []string{"-use-ticket-callback"},
3944 })
3945 testCases = append(testCases, testCase{
3946 testType: serverTest,
3947 name: "TicketCallback-Renew",
3948 config: Config{
3949 Bugs: ProtocolBugs{
3950 ExpectNewTicket: true,
3951 },
3952 },
3953 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3954 resumeSession: true,
3955 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3956 // Resume with an oversized session id.
3957 testCases = append(testCases, testCase{
3958 testType: serverTest,
3959 name: "OversizedSessionId",
3960 config: Config{
3961 Bugs: ProtocolBugs{
3962 OversizedSessionId: true,
3963 },
3964 },
3965 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3966 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3967 expectedError: ":DECODE_ERROR:",
3968 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3969 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3970 // are ignored.
3971 testCases = append(testCases, testCase{
3972 protocol: dtls,
3973 name: "SRTP-Client",
3974 config: Config{
3975 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3976 },
3977 flags: []string{
3978 "-srtp-profiles",
3979 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3980 },
3981 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3982 })
3983 testCases = append(testCases, testCase{
3984 protocol: dtls,
3985 testType: serverTest,
3986 name: "SRTP-Server",
3987 config: Config{
3988 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3989 },
3990 flags: []string{
3991 "-srtp-profiles",
3992 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3993 },
3994 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3995 })
3996 // Test that the MKI is ignored.
3997 testCases = append(testCases, testCase{
3998 protocol: dtls,
3999 testType: serverTest,
4000 name: "SRTP-Server-IgnoreMKI",
4001 config: Config{
4002 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
4003 Bugs: ProtocolBugs{
4004 SRTPMasterKeyIdentifer: "bogus",
4005 },
4006 },
4007 flags: []string{
4008 "-srtp-profiles",
4009 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4010 },
4011 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4012 })
4013 // Test that SRTP isn't negotiated on the server if there were
4014 // no matching profiles.
4015 testCases = append(testCases, testCase{
4016 protocol: dtls,
4017 testType: serverTest,
4018 name: "SRTP-Server-NoMatch",
4019 config: Config{
4020 SRTPProtectionProfiles: []uint16{100, 101, 102},
4021 },
4022 flags: []string{
4023 "-srtp-profiles",
4024 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4025 },
4026 expectedSRTPProtectionProfile: 0,
4027 })
4028 // Test that the server returning an invalid SRTP profile is
4029 // flagged as an error by the client.
4030 testCases = append(testCases, testCase{
4031 protocol: dtls,
4032 name: "SRTP-Client-NoMatch",
4033 config: Config{
4034 Bugs: ProtocolBugs{
4035 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
4036 },
4037 },
4038 flags: []string{
4039 "-srtp-profiles",
4040 "SRTP_AES128_CM_SHA1_80",
4041 },
4042 shouldFail: true,
4043 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
4044 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]4045 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]4046 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]4047 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4048 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]4049 flags: []string{
4050 "-enable-signed-cert-timestamps",
4051 "-expect-signed-cert-timestamps",
4052 base64.StdEncoding.EncodeToString(testSCTList),
4053 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]4054 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]4055 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]4056 testCases = append(testCases, testCase{
David Benjamin80d1b352016-05-04 19:19:06 -0400[diff] [blame]4057 name: "SendSCTListOnResume",
4058 config: Config{
4059 Bugs: ProtocolBugs{
4060 SendSCTListOnResume: []byte("bogus"),
4061 },
4062 },
4063 flags: []string{
4064 "-enable-signed-cert-timestamps",
4065 "-expect-signed-cert-timestamps",
4066 base64.StdEncoding.EncodeToString(testSCTList),
4067 },
4068 resumeSession: true,
4069 })
4070 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]4071 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4072 testType: serverTest,
4073 flags: []string{
4074 "-signed-cert-timestamps",
4075 base64.StdEncoding.EncodeToString(testSCTList),
4076 },
4077 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]4078 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]4079 })
4080 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]4081 testType: clientTest,
4082 name: "ClientHelloPadding",
4083 config: Config{
4084 Bugs: ProtocolBugs{
4085 RequireClientHelloSize: 512,
4086 },
4087 },
4088 // This hostname just needs to be long enough to push the
4089 // ClientHello into F5's danger zone between 256 and 511 bytes
4090 // long.
4091 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
4092 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]4093
4094 // Extensions should not function in SSL 3.0.
4095 testCases = append(testCases, testCase{
4096 testType: serverTest,
4097 name: "SSLv3Extensions-NoALPN",
4098 config: Config{
4099 MaxVersion: VersionSSL30,
4100 NextProtos: []string{"foo", "bar", "baz"},
4101 },
4102 flags: []string{
4103 "-select-alpn", "foo",
4104 },
4105 expectNoNextProto: true,
4106 })
4107
4108 // Test session tickets separately as they follow a different codepath.
4109 testCases = append(testCases, testCase{
4110 testType: serverTest,
4111 name: "SSLv3Extensions-NoTickets",
4112 config: Config{
4113 MaxVersion: VersionSSL30,
4114 Bugs: ProtocolBugs{
4115 // Historically, session tickets in SSL 3.0
4116 // failed in different ways depending on whether
4117 // the client supported renegotiation_info.
4118 NoRenegotiationInfo: true,
4119 },
4120 },
4121 resumeSession: true,
4122 })
4123 testCases = append(testCases, testCase{
4124 testType: serverTest,
4125 name: "SSLv3Extensions-NoTickets2",
4126 config: Config{
4127 MaxVersion: VersionSSL30,
4128 },
4129 resumeSession: true,
4130 })
4131
4132 // But SSL 3.0 does send and process renegotiation_info.
4133 testCases = append(testCases, testCase{
4134 testType: serverTest,
4135 name: "SSLv3Extensions-RenegotiationInfo",
4136 config: Config{
4137 MaxVersion: VersionSSL30,
4138 Bugs: ProtocolBugs{
4139 RequireRenegotiationInfo: true,
4140 },
4141 },
4142 })
4143 testCases = append(testCases, testCase{
4144 testType: serverTest,
4145 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
4146 config: Config{
4147 MaxVersion: VersionSSL30,
4148 Bugs: ProtocolBugs{
4149 NoRenegotiationInfo: true,
4150 SendRenegotiationSCSV: true,
4151 RequireRenegotiationInfo: true,
4152 },
4153 },
4154 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4155}
4156
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4157func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4158 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4159 for _, resumeVers := range tlsVersions {
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4160 cipher := TLS_RSA_WITH_AES_128_CBC_SHA
4161 if sessionVers.version >= VersionTLS13 || resumeVers.version >= VersionTLS13 {
4162 // TLS 1.3 only shares ciphers with TLS 1.2, so
4163 // we skip certain combinations and use a
4164 // different cipher to test with.
4165 cipher = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
4166 if sessionVers.version < VersionTLS12 || resumeVers.version < VersionTLS12 {
4167 continue
4168 }
4169 }
4170
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4171 protocols := []protocol{tls}
4172 if sessionVers.hasDTLS && resumeVers.hasDTLS {
4173 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]4174 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4175 for _, protocol := range protocols {
4176 suffix := "-" + sessionVers.name + "-" + resumeVers.name
4177 if protocol == dtls {
4178 suffix += "-DTLS"
4179 }
4180
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4181 if sessionVers.version == resumeVers.version {
4182 testCases = append(testCases, testCase{
4183 protocol: protocol,
4184 name: "Resume-Client" + suffix,
4185 resumeSession: true,
4186 config: Config{
4187 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4188 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4189 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4190 expectedVersion: sessionVers.version,
4191 expectedResumeVersion: resumeVers.version,
4192 })
4193 } else {
4194 testCases = append(testCases, testCase{
4195 protocol: protocol,
4196 name: "Resume-Client-Mismatch" + suffix,
4197 resumeSession: true,
4198 config: Config{
4199 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4200 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4201 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4202 expectedVersion: sessionVers.version,
4203 resumeConfig: &Config{
4204 MaxVersion: resumeVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4205 CipherSuites: []uint16{cipher},
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4206 Bugs: ProtocolBugs{
4207 AllowSessionVersionMismatch: true,
4208 },
4209 },
4210 expectedResumeVersion: resumeVers.version,
4211 shouldFail: true,
4212 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
4213 })
4214 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4215
4216 testCases = append(testCases, testCase{
4217 protocol: protocol,
4218 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4219 resumeSession: true,
4220 config: Config{
4221 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4222 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4223 },
4224 expectedVersion: sessionVers.version,
4225 resumeConfig: &Config{
4226 MaxVersion: resumeVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4227 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4228 },
4229 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]4230 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4231 expectedResumeVersion: resumeVers.version,
4232 })
4233
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4234 testCases = append(testCases, testCase{
4235 protocol: protocol,
4236 testType: serverTest,
4237 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4238 resumeSession: true,
4239 config: Config{
4240 MaxVersion: sessionVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4241 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4242 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]4243 expectedVersion: sessionVers.version,
4244 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4245 resumeConfig: &Config{
4246 MaxVersion: resumeVers.version,
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4247 CipherSuites: []uint16{cipher},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4248 },
4249 expectedResumeVersion: resumeVers.version,
4250 })
4251 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4252 }
4253 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4254
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4255 // TODO(davidben): This test should have a TLS 1.3 variant later.
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4256 testCases = append(testCases, testCase{
4257 name: "Resume-Client-CipherMismatch",
4258 resumeSession: true,
4259 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4260 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4261 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4262 },
4263 resumeConfig: &Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4264 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4265 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4266 Bugs: ProtocolBugs{
4267 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
4268 },
4269 },
4270 shouldFail: true,
4271 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
4272 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4273}
4274
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4275func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]4276 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4277 testCases = append(testCases, testCase{
4278 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]4279 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4280 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4281 shouldFail: true,
4282 expectedError: ":NO_RENEGOTIATION:",
4283 expectedLocalError: "remote error: no renegotiation",
4284 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]4285 // The server shouldn't echo the renegotiation extension unless
4286 // requested by the client.
4287 testCases = append(testCases, testCase{
4288 testType: serverTest,
4289 name: "Renegotiate-Server-NoExt",
4290 config: Config{
4291 Bugs: ProtocolBugs{
4292 NoRenegotiationInfo: true,
4293 RequireRenegotiationInfo: true,
4294 },
4295 },
4296 shouldFail: true,
4297 expectedLocalError: "renegotiation extension missing",
4298 })
4299 // The renegotiation SCSV should be sufficient for the server to echo
4300 // the extension.
4301 testCases = append(testCases, testCase{
4302 testType: serverTest,
4303 name: "Renegotiate-Server-NoExt-SCSV",
4304 config: Config{
4305 Bugs: ProtocolBugs{
4306 NoRenegotiationInfo: true,
4307 SendRenegotiationSCSV: true,
4308 RequireRenegotiationInfo: true,
4309 },
4310 },
4311 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4312 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]4313 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4314 config: Config{
4315 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]4316 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4317 },
4318 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4319 renegotiate: 1,
4320 flags: []string{
4321 "-renegotiate-freely",
4322 "-expect-total-renegotiations", "1",
4323 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4324 })
4325 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4326 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4327 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4328 config: Config{
4329 Bugs: ProtocolBugs{
4330 EmptyRenegotiationInfo: true,
4331 },
4332 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4333 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4334 shouldFail: true,
4335 expectedError: ":RENEGOTIATION_MISMATCH:",
4336 })
4337 testCases = append(testCases, testCase{
4338 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4339 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4340 config: Config{
4341 Bugs: ProtocolBugs{
4342 BadRenegotiationInfo: true,
4343 },
4344 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4345 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4346 shouldFail: true,
4347 expectedError: ":RENEGOTIATION_MISMATCH:",
4348 })
4349 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]4350 name: "Renegotiate-Client-Downgrade",
4351 renegotiate: 1,
4352 config: Config{
4353 Bugs: ProtocolBugs{
4354 NoRenegotiationInfoAfterInitial: true,
4355 },
4356 },
4357 flags: []string{"-renegotiate-freely"},
4358 shouldFail: true,
4359 expectedError: ":RENEGOTIATION_MISMATCH:",
4360 })
4361 testCases = append(testCases, testCase{
4362 name: "Renegotiate-Client-Upgrade",
4363 renegotiate: 1,
4364 config: Config{
4365 Bugs: ProtocolBugs{
4366 NoRenegotiationInfoInInitial: true,
4367 },
4368 },
4369 flags: []string{"-renegotiate-freely"},
4370 shouldFail: true,
4371 expectedError: ":RENEGOTIATION_MISMATCH:",
4372 })
4373 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4374 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4375 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4376 config: Config{
4377 Bugs: ProtocolBugs{
4378 NoRenegotiationInfo: true,
4379 },
4380 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4381 flags: []string{
4382 "-renegotiate-freely",
4383 "-expect-total-renegotiations", "1",
4384 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4385 })
4386 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4387 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4388 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4389 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4390 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4391 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4392 },
4393 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4394 flags: []string{
4395 "-renegotiate-freely",
4396 "-expect-total-renegotiations", "1",
4397 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4398 })
4399 testCases = append(testCases, testCase{
4400 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4401 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4402 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4403 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4404 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4405 },
4406 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4407 flags: []string{
4408 "-renegotiate-freely",
4409 "-expect-total-renegotiations", "1",
4410 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4411 })
4412 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4413 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4414 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4415 config: Config{
4416 MaxVersion: VersionTLS10,
4417 Bugs: ProtocolBugs{
4418 RequireSameRenegoClientVersion: true,
4419 },
4420 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4421 flags: []string{
4422 "-renegotiate-freely",
4423 "-expect-total-renegotiations", "1",
4424 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4425 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4426 testCases = append(testCases, testCase{
4427 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4428 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4429 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4430 MaxVersion: VersionTLS12,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4431 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4432 NextProtos: []string{"foo"},
4433 },
4434 flags: []string{
4435 "-false-start",
4436 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4437 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]4438 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4439 },
4440 shimWritesFirst: true,
4441 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4442
4443 // Client-side renegotiation controls.
4444 testCases = append(testCases, testCase{
4445 name: "Renegotiate-Client-Forbidden-1",
4446 renegotiate: 1,
4447 shouldFail: true,
4448 expectedError: ":NO_RENEGOTIATION:",
4449 expectedLocalError: "remote error: no renegotiation",
4450 })
4451 testCases = append(testCases, testCase{
4452 name: "Renegotiate-Client-Once-1",
4453 renegotiate: 1,
4454 flags: []string{
4455 "-renegotiate-once",
4456 "-expect-total-renegotiations", "1",
4457 },
4458 })
4459 testCases = append(testCases, testCase{
4460 name: "Renegotiate-Client-Freely-1",
4461 renegotiate: 1,
4462 flags: []string{
4463 "-renegotiate-freely",
4464 "-expect-total-renegotiations", "1",
4465 },
4466 })
4467 testCases = append(testCases, testCase{
4468 name: "Renegotiate-Client-Once-2",
4469 renegotiate: 2,
4470 flags: []string{"-renegotiate-once"},
4471 shouldFail: true,
4472 expectedError: ":NO_RENEGOTIATION:",
4473 expectedLocalError: "remote error: no renegotiation",
4474 })
4475 testCases = append(testCases, testCase{
4476 name: "Renegotiate-Client-Freely-2",
4477 renegotiate: 2,
4478 flags: []string{
4479 "-renegotiate-freely",
4480 "-expect-total-renegotiations", "2",
4481 },
4482 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4483 testCases = append(testCases, testCase{
4484 name: "Renegotiate-Client-NoIgnore",
4485 config: Config{
4486 Bugs: ProtocolBugs{
4487 SendHelloRequestBeforeEveryAppDataRecord: true,
4488 },
4489 },
4490 shouldFail: true,
4491 expectedError: ":NO_RENEGOTIATION:",
4492 })
4493 testCases = append(testCases, testCase{
4494 name: "Renegotiate-Client-Ignore",
4495 config: Config{
4496 Bugs: ProtocolBugs{
4497 SendHelloRequestBeforeEveryAppDataRecord: true,
4498 },
4499 },
4500 flags: []string{
4501 "-renegotiate-ignore",
4502 "-expect-total-renegotiations", "0",
4503 },
4504 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4505}
4506
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4507func addDTLSReplayTests() {
4508 // Test that sequence number replays are detected.
4509 testCases = append(testCases, testCase{
4510 protocol: dtls,
4511 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4512 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4513 replayWrites: true,
4514 })
4515
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4516 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4517 // than the retransmit window.
4518 testCases = append(testCases, testCase{
4519 protocol: dtls,
4520 name: "DTLS-Replay-LargeGaps",
4521 config: Config{
4522 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4523 SequenceNumberMapping: func(in uint64) uint64 {
4524 return in * 127
4525 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4526 },
4527 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4528 messageCount: 200,
4529 replayWrites: true,
4530 })
4531
4532 // Test the incoming sequence number changing non-monotonically.
4533 testCases = append(testCases, testCase{
4534 protocol: dtls,
4535 name: "DTLS-Replay-NonMonotonic",
4536 config: Config{
4537 Bugs: ProtocolBugs{
4538 SequenceNumberMapping: func(in uint64) uint64 {
4539 return in ^ 31
4540 },
4541 },
4542 },
4543 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4544 replayWrites: true,
4545 })
4546}
4547
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4548var testSignatureAlgorithms = []struct {
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4549 name string
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4550 id signatureAlgorithm
4551 cert testCert
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4552}{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4553 {"RSA-PKCS1-SHA1", signatureRSAPKCS1WithSHA1, testCertRSA},
4554 {"RSA-PKCS1-SHA256", signatureRSAPKCS1WithSHA256, testCertRSA},
4555 {"RSA-PKCS1-SHA384", signatureRSAPKCS1WithSHA384, testCertRSA},
4556 {"RSA-PKCS1-SHA512", signatureRSAPKCS1WithSHA512, testCertRSA},
4557 {"ECDSA-SHA1", signatureECDSAWithSHA1, testCertECDSA},
4558 // TODO(davidben): These signature algorithms are paired with a curve in
4559 // TLS 1.3. Test that, in TLS 1.3, the curves must match and, in TLS
4560 // 1.2, mismatches are tolerated.
4561 {"ECDSA-SHA256", signatureECDSAWithP256AndSHA256, testCertECDSA},
4562 {"ECDSA-SHA384", signatureECDSAWithP384AndSHA384, testCertECDSA},
4563 {"ECDSA-SHA512", signatureECDSAWithP521AndSHA512, testCertECDSA},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4564}
4565
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4566const fakeSigAlg1 signatureAlgorithm = 0x2a01
4567const fakeSigAlg2 signatureAlgorithm = 0xff01
4568
4569func addSignatureAlgorithmTests() {
4570 // Make sure each signature algorithm works. Include some fake values in
4571 // the list and ensure they're ignored.
4572 for _, alg := range testSignatureAlgorithms {
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4573 testCases = append(testCases, testCase{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4574 name: "SigningHash-ClientAuth-Sign-" + alg.name,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4575 config: Config{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4576 // SignatureAlgorithms is shared, so we must
4577 // configure a matching server certificate too.
4578 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
4579 ClientAuth: RequireAnyClientCert,
4580 SignatureAlgorithms: []signatureAlgorithm{
4581 fakeSigAlg1,
4582 alg.id,
4583 fakeSigAlg2,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4584 },
4585 },
4586 flags: []string{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4587 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
4588 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
4589 },
4590 expectedPeerSignatureAlgorithm: alg.id,
4591 })
4592
4593 testCases = append(testCases, testCase{
4594 testType: serverTest,
4595 name: "SigningHash-ClientAuth-Verify-" + alg.name,
4596 config: Config{
4597 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
4598 SignatureAlgorithms: []signatureAlgorithm{
4599 alg.id,
4600 },
4601 },
4602 flags: []string{
4603 "-require-any-client-certificate",
4604 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
4605 // SignatureAlgorithms is shared, so we must
4606 // configure a matching server certificate too.
4607 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
4608 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4609 },
4610 })
4611
4612 testCases = append(testCases, testCase{
4613 testType: serverTest,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4614 name: "SigningHash-ServerKeyExchange-Sign-" + alg.name,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4615 config: Config{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4616 CipherSuites: []uint16{
4617 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
4618 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
4619 },
4620 SignatureAlgorithms: []signatureAlgorithm{
4621 fakeSigAlg1,
4622 alg.id,
4623 fakeSigAlg2,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4624 },
4625 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4626 flags: []string{
4627 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
4628 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
4629 },
4630 expectedPeerSignatureAlgorithm: alg.id,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4631 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4632
4633 testCases = append(testCases, testCase{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4634 name: "SigningHash-ServerKeyExchange-Verify-" + alg.name,
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4635 config: Config{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4636 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
4637 CipherSuites: []uint16{
4638 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
4639 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
4640 },
4641 SignatureAlgorithms: []signatureAlgorithm{
4642 alg.id,
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4643 },
4644 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4645 flags: []string{"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id))},
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4646 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4647 }
4648
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4649 // Test that algorithm selection takes the key type into account.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4650 testCases = append(testCases, testCase{
4651 name: "SigningHash-ClientAuth-SignatureType",
4652 config: Config{
4653 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4654 SignatureAlgorithms: []signatureAlgorithm{
4655 signatureECDSAWithP521AndSHA512,
4656 signatureRSAPKCS1WithSHA384,
4657 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4658 },
4659 },
4660 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4661 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4662 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4663 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4664 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4665 })
4666
4667 testCases = append(testCases, testCase{
4668 testType: serverTest,
4669 name: "SigningHash-ServerKeyExchange-SignatureType",
4670 config: Config{
4671 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4672 SignatureAlgorithms: []signatureAlgorithm{
4673 signatureECDSAWithP521AndSHA512,
4674 signatureRSAPKCS1WithSHA384,
4675 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4676 },
4677 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4678 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4679 })
4680
4681 // Test that, if the list is missing, the peer falls back to SHA-1.
4682 testCases = append(testCases, testCase{
4683 name: "SigningHash-ClientAuth-Fallback",
4684 config: Config{
4685 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4686 SignatureAlgorithms: []signatureAlgorithm{
4687 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4688 },
4689 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4690 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4691 },
4692 },
4693 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4694 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4695 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4696 },
4697 })
4698
4699 testCases = append(testCases, testCase{
4700 testType: serverTest,
4701 name: "SigningHash-ServerKeyExchange-Fallback",
4702 config: Config{
4703 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4704 SignatureAlgorithms: []signatureAlgorithm{
4705 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4706 },
4707 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4708 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4709 },
4710 },
4711 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4712
4713 // Test that hash preferences are enforced. BoringSSL defaults to
4714 // rejecting MD5 signatures.
4715 testCases = append(testCases, testCase{
4716 testType: serverTest,
4717 name: "SigningHash-ClientAuth-Enforced",
4718 config: Config{
4719 Certificates: []Certificate{rsaCertificate},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4720 SignatureAlgorithms: []signatureAlgorithm{
4721 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4722 // Advertise SHA-1 so the handshake will
4723 // proceed, but the shim's preferences will be
4724 // ignored in CertificateVerify generation, so
4725 // MD5 will be chosen.
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4726 signatureRSAPKCS1WithSHA1,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4727 },
4728 Bugs: ProtocolBugs{
4729 IgnorePeerSignatureAlgorithmPreferences: true,
4730 },
4731 },
4732 flags: []string{"-require-any-client-certificate"},
4733 shouldFail: true,
4734 expectedError: ":WRONG_SIGNATURE_TYPE:",
4735 })
4736
4737 testCases = append(testCases, testCase{
4738 name: "SigningHash-ServerKeyExchange-Enforced",
4739 config: Config{
4740 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4741 SignatureAlgorithms: []signatureAlgorithm{
4742 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4743 },
4744 Bugs: ProtocolBugs{
4745 IgnorePeerSignatureAlgorithmPreferences: true,
4746 },
4747 },
4748 shouldFail: true,
4749 expectedError: ":WRONG_SIGNATURE_TYPE:",
4750 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4751
4752 // Test that the agreed upon digest respects the client preferences and
4753 // the server digests.
4754 testCases = append(testCases, testCase{
4755 name: "Agree-Digest-Fallback",
4756 config: Config{
4757 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4758 SignatureAlgorithms: []signatureAlgorithm{
4759 signatureRSAPKCS1WithSHA512,
4760 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4761 },
4762 },
4763 flags: []string{
4764 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4765 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4766 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4767 digestPrefs: "SHA256",
4768 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4769 })
4770 testCases = append(testCases, testCase{
4771 name: "Agree-Digest-SHA256",
4772 config: Config{
4773 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4774 SignatureAlgorithms: []signatureAlgorithm{
4775 signatureRSAPKCS1WithSHA1,
4776 signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4777 },
4778 },
4779 flags: []string{
4780 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4781 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4782 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4783 digestPrefs: "SHA256,SHA1",
4784 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4785 })
4786 testCases = append(testCases, testCase{
4787 name: "Agree-Digest-SHA1",
4788 config: Config{
4789 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4790 SignatureAlgorithms: []signatureAlgorithm{
4791 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4792 },
4793 },
4794 flags: []string{
4795 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4796 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4797 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4798 digestPrefs: "SHA512,SHA256,SHA1",
4799 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4800 })
4801 testCases = append(testCases, testCase{
4802 name: "Agree-Digest-Default",
4803 config: Config{
4804 ClientAuth: RequireAnyClientCert,
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4805 SignatureAlgorithms: []signatureAlgorithm{
4806 signatureRSAPKCS1WithSHA256,
4807 signatureECDSAWithP256AndSHA256,
4808 signatureRSAPKCS1WithSHA1,
4809 signatureECDSAWithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4810 },
4811 },
4812 flags: []string{
4813 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4814 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4815 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]4816 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4817 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4818}
4819
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4820// timeouts is the retransmit schedule for BoringSSL. It doubles and
4821// caps at 60 seconds. On the 13th timeout, it gives up.
4822var timeouts = []time.Duration{
4823 1 * time.Second,
4824 2 * time.Second,
4825 4 * time.Second,
4826 8 * time.Second,
4827 16 * time.Second,
4828 32 * time.Second,
4829 60 * time.Second,
4830 60 * time.Second,
4831 60 * time.Second,
4832 60 * time.Second,
4833 60 * time.Second,
4834 60 * time.Second,
4835 60 * time.Second,
4836}
4837
Taylor Brandstetter376a0fe2016-05-10 19:30:28 -0700[diff] [blame]4838// shortTimeouts is an alternate set of timeouts which would occur if the
4839// initial timeout duration was set to 250ms.
4840var shortTimeouts = []time.Duration{
4841 250 * time.Millisecond,
4842 500 * time.Millisecond,
4843 1 * time.Second,
4844 2 * time.Second,
4845 4 * time.Second,
4846 8 * time.Second,
4847 16 * time.Second,
4848 32 * time.Second,
4849 60 * time.Second,
4850 60 * time.Second,
4851 60 * time.Second,
4852 60 * time.Second,
4853 60 * time.Second,
4854}
4855
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4856func addDTLSRetransmitTests() {
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4857 // These tests work by coordinating some behavior on both the shim and
4858 // the runner.
4859 //
4860 // TimeoutSchedule configures the runner to send a series of timeout
4861 // opcodes to the shim (see packetAdaptor) immediately before reading
4862 // each peer handshake flight N. The timeout opcode both simulates a
4863 // timeout in the shim and acts as a synchronization point to help the
4864 // runner bracket each handshake flight.
4865 //
4866 // We assume the shim does not read from the channel eagerly. It must
4867 // first wait until it has sent flight N and is ready to receive
4868 // handshake flight N+1. At this point, it will process the timeout
4869 // opcode. It must then immediately respond with a timeout ACK and act
4870 // as if the shim was idle for the specified amount of time.
4871 //
4872 // The runner then drops all packets received before the ACK and
4873 // continues waiting for flight N. This ordering results in one attempt
4874 // at sending flight N to be dropped. For the test to complete, the
4875 // shim must send flight N again, testing that the shim implements DTLS
4876 // retransmit on a timeout.
4877
4878 for _, async := range []bool{true, false} {
4879 var tests []testCase
4880
4881 // Test that this is indeed the timeout schedule. Stress all
4882 // four patterns of handshake.
4883 for i := 1; i < len(timeouts); i++ {
4884 number := strconv.Itoa(i)
4885 tests = append(tests, testCase{
4886 protocol: dtls,
4887 name: "DTLS-Retransmit-Client-" + number,
4888 config: Config{
4889 Bugs: ProtocolBugs{
4890 TimeoutSchedule: timeouts[:i],
4891 },
4892 },
4893 resumeSession: true,
4894 })
4895 tests = append(tests, testCase{
4896 protocol: dtls,
4897 testType: serverTest,
4898 name: "DTLS-Retransmit-Server-" + number,
4899 config: Config{
4900 Bugs: ProtocolBugs{
4901 TimeoutSchedule: timeouts[:i],
4902 },
4903 },
4904 resumeSession: true,
4905 })
4906 }
4907
4908 // Test that exceeding the timeout schedule hits a read
4909 // timeout.
4910 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4911 protocol: dtls,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4912 name: "DTLS-Retransmit-Timeout",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4913 config: Config{
4914 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4915 TimeoutSchedule: timeouts,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4916 },
4917 },
4918 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4919 shouldFail: true,
4920 expectedError: ":READ_TIMEOUT_EXPIRED:",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4921 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4922
4923 if async {
4924 // Test that timeout handling has a fudge factor, due to API
4925 // problems.
4926 tests = append(tests, testCase{
4927 protocol: dtls,
4928 name: "DTLS-Retransmit-Fudge",
4929 config: Config{
4930 Bugs: ProtocolBugs{
4931 TimeoutSchedule: []time.Duration{
4932 timeouts[0] - 10*time.Millisecond,
4933 },
4934 },
4935 },
4936 resumeSession: true,
4937 })
4938 }
4939
4940 // Test that the final Finished retransmitting isn't
4941 // duplicated if the peer badly fragments everything.
4942 tests = append(tests, testCase{
4943 testType: serverTest,
4944 protocol: dtls,
4945 name: "DTLS-Retransmit-Fragmented",
4946 config: Config{
4947 Bugs: ProtocolBugs{
4948 TimeoutSchedule: []time.Duration{timeouts[0]},
4949 MaxHandshakeRecordLength: 2,
4950 },
4951 },
4952 })
4953
4954 // Test the timeout schedule when a shorter initial timeout duration is set.
4955 tests = append(tests, testCase{
4956 protocol: dtls,
4957 name: "DTLS-Retransmit-Short-Client",
4958 config: Config{
4959 Bugs: ProtocolBugs{
4960 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
4961 },
4962 },
4963 resumeSession: true,
4964 flags: []string{"-initial-timeout-duration-ms", "250"},
4965 })
4966 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4967 protocol: dtls,
4968 testType: serverTest,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4969 name: "DTLS-Retransmit-Short-Server",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4970 config: Config{
4971 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4972 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4973 },
4974 },
4975 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4976 flags: []string{"-initial-timeout-duration-ms", "250"},
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4977 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4978
4979 for _, test := range tests {
4980 if async {
4981 test.name += "-Async"
4982 test.flags = append(test.flags, "-async")
4983 }
4984
4985 testCases = append(testCases, test)
4986 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4987 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4988}
4989
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4990func addExportKeyingMaterialTests() {
4991 for _, vers := range tlsVersions {
4992 if vers.version == VersionSSL30 {
4993 continue
4994 }
4995 testCases = append(testCases, testCase{
4996 name: "ExportKeyingMaterial-" + vers.name,
4997 config: Config{
4998 MaxVersion: vers.version,
4999 },
5000 exportKeyingMaterial: 1024,
5001 exportLabel: "label",
5002 exportContext: "context",
5003 useExportContext: true,
5004 })
5005 testCases = append(testCases, testCase{
5006 name: "ExportKeyingMaterial-NoContext-" + vers.name,
5007 config: Config{
5008 MaxVersion: vers.version,
5009 },
5010 exportKeyingMaterial: 1024,
5011 })
5012 testCases = append(testCases, testCase{
5013 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
5014 config: Config{
5015 MaxVersion: vers.version,
5016 },
5017 exportKeyingMaterial: 1024,
5018 useExportContext: true,
5019 })
5020 testCases = append(testCases, testCase{
5021 name: "ExportKeyingMaterial-Small-" + vers.name,
5022 config: Config{
5023 MaxVersion: vers.version,
5024 },
5025 exportKeyingMaterial: 1,
5026 exportLabel: "label",
5027 exportContext: "context",
5028 useExportContext: true,
5029 })
5030 }
5031 testCases = append(testCases, testCase{
5032 name: "ExportKeyingMaterial-SSL3",
5033 config: Config{
5034 MaxVersion: VersionSSL30,
5035 },
5036 exportKeyingMaterial: 1024,
5037 exportLabel: "label",
5038 exportContext: "context",
5039 useExportContext: true,
5040 shouldFail: true,
5041 expectedError: "failed to export keying material",
5042 })
5043}
5044
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]5045func addTLSUniqueTests() {
5046 for _, isClient := range []bool{false, true} {
5047 for _, isResumption := range []bool{false, true} {
5048 for _, hasEMS := range []bool{false, true} {
5049 var suffix string
5050 if isResumption {
5051 suffix = "Resume-"
5052 } else {
5053 suffix = "Full-"
5054 }
5055
5056 if hasEMS {
5057 suffix += "EMS-"
5058 } else {
5059 suffix += "NoEMS-"
5060 }
5061
5062 if isClient {
5063 suffix += "Client"
5064 } else {
5065 suffix += "Server"
5066 }
5067
5068 test := testCase{
5069 name: "TLSUnique-" + suffix,
5070 testTLSUnique: true,
5071 config: Config{
5072 Bugs: ProtocolBugs{
5073 NoExtendedMasterSecret: !hasEMS,
5074 },
5075 },
5076 }
5077
5078 if isResumption {
5079 test.resumeSession = true
5080 test.resumeConfig = &Config{
5081 Bugs: ProtocolBugs{
5082 NoExtendedMasterSecret: !hasEMS,
5083 },
5084 }
5085 }
5086
5087 if isResumption && !hasEMS {
5088 test.shouldFail = true
5089 test.expectedError = "failed to get tls-unique"
5090 }
5091
5092 testCases = append(testCases, test)
5093 }
5094 }
5095 }
5096}
5097
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5098func addCustomExtensionTests() {
5099 expectedContents := "custom extension"
5100 emptyString := ""
5101
5102 for _, isClient := range []bool{false, true} {
5103 suffix := "Server"
5104 flag := "-enable-server-custom-extension"
5105 testType := serverTest
5106 if isClient {
5107 suffix = "Client"
5108 flag = "-enable-client-custom-extension"
5109 testType = clientTest
5110 }
5111
5112 testCases = append(testCases, testCase{
5113 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5114 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5115 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5116 Bugs: ProtocolBugs{
5117 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5118 ExpectedCustomExtension: &expectedContents,
5119 },
5120 },
5121 flags: []string{flag},
5122 })
5123
5124 // If the parse callback fails, the handshake should also fail.
5125 testCases = append(testCases, testCase{
5126 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5127 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5128 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5129 Bugs: ProtocolBugs{
5130 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5131 ExpectedCustomExtension: &expectedContents,
5132 },
5133 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5134 flags: []string{flag},
5135 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5136 expectedError: ":CUSTOM_EXTENSION_ERROR:",
5137 })
5138
5139 // If the add callback fails, the handshake should also fail.
5140 testCases = append(testCases, testCase{
5141 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5142 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5143 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5144 Bugs: ProtocolBugs{
5145 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5146 ExpectedCustomExtension: &expectedContents,
5147 },
5148 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5149 flags: []string{flag, "-custom-extension-fail-add"},
5150 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5151 expectedError: ":CUSTOM_EXTENSION_ERROR:",
5152 })
5153
5154 // If the add callback returns zero, no extension should be
5155 // added.
5156 skipCustomExtension := expectedContents
5157 if isClient {
5158 // For the case where the client skips sending the
5159 // custom extension, the server must not “echo” it.
5160 skipCustomExtension = ""
5161 }
5162 testCases = append(testCases, testCase{
5163 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5164 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5165 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5166 Bugs: ProtocolBugs{
5167 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5168 ExpectedCustomExtension: &emptyString,
5169 },
5170 },
5171 flags: []string{flag, "-custom-extension-skip"},
5172 })
5173 }
5174
5175 // The custom extension add callback should not be called if the client
5176 // doesn't send the extension.
5177 testCases = append(testCases, testCase{
5178 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5179 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5180 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5181 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5182 ExpectedCustomExtension: &emptyString,
5183 },
5184 },
5185 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
5186 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]5187
5188 // Test an unknown extension from the server.
5189 testCases = append(testCases, testCase{
5190 testType: clientTest,
5191 name: "UnknownExtension-Client",
5192 config: Config{
5193 Bugs: ProtocolBugs{
5194 CustomExtension: expectedContents,
5195 },
5196 },
5197 shouldFail: true,
5198 expectedError: ":UNEXPECTED_EXTENSION:",
5199 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5200}
5201
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]5202func addRSAClientKeyExchangeTests() {
5203 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
5204 testCases = append(testCases, testCase{
5205 testType: serverTest,
5206 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
5207 config: Config{
5208 // Ensure the ClientHello version and final
5209 // version are different, to detect if the
5210 // server uses the wrong one.
5211 MaxVersion: VersionTLS11,
5212 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
5213 Bugs: ProtocolBugs{
5214 BadRSAClientKeyExchange: bad,
5215 },
5216 },
5217 shouldFail: true,
5218 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5219 })
5220 }
5221}
5222
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5223var testCurves = []struct {
5224 name string
5225 id CurveID
5226}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5227 {"P-256", CurveP256},
5228 {"P-384", CurveP384},
5229 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]5230 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5231}
5232
5233func addCurveTests() {
5234 for _, curve := range testCurves {
5235 testCases = append(testCases, testCase{
5236 name: "CurveTest-Client-" + curve.name,
5237 config: Config{
5238 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5239 CurvePreferences: []CurveID{curve.id},
5240 },
5241 flags: []string{"-enable-all-curves"},
5242 })
5243 testCases = append(testCases, testCase{
5244 testType: serverTest,
5245 name: "CurveTest-Server-" + curve.name,
5246 config: Config{
5247 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5248 CurvePreferences: []CurveID{curve.id},
5249 },
5250 flags: []string{"-enable-all-curves"},
5251 })
5252 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]5253
5254 // The server must be tolerant to bogus curves.
5255 const bogusCurve = 0x1234
5256 testCases = append(testCases, testCase{
5257 testType: serverTest,
5258 name: "UnknownCurve",
5259 config: Config{
5260 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5261 CurvePreferences: []CurveID{bogusCurve, CurveP256},
5262 },
5263 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5264}
5265
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5266func addCECPQ1Tests() {
5267 testCases = append(testCases, testCase{
5268 testType: clientTest,
5269 name: "CECPQ1-Client-BadX25519Part",
5270 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5271 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5272 MinVersion: VersionTLS12,
5273 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5274 Bugs: ProtocolBugs{
5275 CECPQ1BadX25519Part: true,
5276 },
5277 },
5278 flags: []string{"-cipher", "kCECPQ1"},
5279 shouldFail: true,
5280 expectedLocalError: "local error: bad record MAC",
5281 })
5282 testCases = append(testCases, testCase{
5283 testType: clientTest,
5284 name: "CECPQ1-Client-BadNewhopePart",
5285 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5286 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5287 MinVersion: VersionTLS12,
5288 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5289 Bugs: ProtocolBugs{
5290 CECPQ1BadNewhopePart: true,
5291 },
5292 },
5293 flags: []string{"-cipher", "kCECPQ1"},
5294 shouldFail: true,
5295 expectedLocalError: "local error: bad record MAC",
5296 })
5297 testCases = append(testCases, testCase{
5298 testType: serverTest,
5299 name: "CECPQ1-Server-BadX25519Part",
5300 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5301 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5302 MinVersion: VersionTLS12,
5303 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5304 Bugs: ProtocolBugs{
5305 CECPQ1BadX25519Part: true,
5306 },
5307 },
5308 flags: []string{"-cipher", "kCECPQ1"},
5309 shouldFail: true,
5310 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5311 })
5312 testCases = append(testCases, testCase{
5313 testType: serverTest,
5314 name: "CECPQ1-Server-BadNewhopePart",
5315 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5316 MaxVersion: VersionTLS12,
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5317 MinVersion: VersionTLS12,
5318 CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
5319 Bugs: ProtocolBugs{
5320 CECPQ1BadNewhopePart: true,
5321 },
5322 },
5323 flags: []string{"-cipher", "kCECPQ1"},
5324 shouldFail: true,
5325 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5326 })
5327}
5328
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5329func addKeyExchangeInfoTests() {
5330 testCases = append(testCases, testCase{
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5331 name: "KeyExchangeInfo-DHE-Client",
5332 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5333 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5334 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5335 Bugs: ProtocolBugs{
5336 // This is a 1234-bit prime number, generated
5337 // with:
5338 // openssl gendh 1234 | openssl asn1parse -i
5339 DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
5340 },
5341 },
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5342 flags: []string{"-expect-dhe-group-size", "1234"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5343 })
5344 testCases = append(testCases, testCase{
5345 testType: serverTest,
5346 name: "KeyExchangeInfo-DHE-Server",
5347 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5348 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5349 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5350 },
5351 // bssl_shim as a server configures a 2048-bit DHE group.
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5352 flags: []string{"-expect-dhe-group-size", "2048"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5353 })
5354
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5355 // TODO(davidben): Add TLS 1.3 versions of these tests once the
5356 // handshake is separate.
5357
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5358 testCases = append(testCases, testCase{
5359 name: "KeyExchangeInfo-ECDHE-Client",
5360 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5361 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5362 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5363 CurvePreferences: []CurveID{CurveX25519},
5364 },
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5365 flags: []string{"-expect-curve-id", "29", "-enable-all-curves"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5366 })
5367 testCases = append(testCases, testCase{
5368 testType: serverTest,
5369 name: "KeyExchangeInfo-ECDHE-Server",
5370 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5371 MaxVersion: VersionTLS12,
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5372 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5373 CurvePreferences: []CurveID{CurveX25519},
5374 },
David Benjamin9e68f192016-06-30 14:55:33 -0400[diff] [blame]5375 flags: []string{"-expect-curve-id", "29", "-enable-all-curves"},
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5376 })
5377}
5378
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]5379func addTLS13RecordTests() {
5380 testCases = append(testCases, testCase{
5381 name: "TLS13-RecordPadding",
5382 config: Config{
5383 MaxVersion: VersionTLS13,
5384 MinVersion: VersionTLS13,
5385 Bugs: ProtocolBugs{
5386 RecordPadding: 10,
5387 },
5388 },
5389 })
5390
5391 testCases = append(testCases, testCase{
5392 name: "TLS13-EmptyRecords",
5393 config: Config{
5394 MaxVersion: VersionTLS13,
5395 MinVersion: VersionTLS13,
5396 Bugs: ProtocolBugs{
5397 OmitRecordContents: true,
5398 },
5399 },
5400 shouldFail: true,
5401 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5402 })
5403
5404 testCases = append(testCases, testCase{
5405 name: "TLS13-OnlyPadding",
5406 config: Config{
5407 MaxVersion: VersionTLS13,
5408 MinVersion: VersionTLS13,
5409 Bugs: ProtocolBugs{
5410 OmitRecordContents: true,
5411 RecordPadding: 10,
5412 },
5413 },
5414 shouldFail: true,
5415 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5416 })
5417
5418 testCases = append(testCases, testCase{
5419 name: "TLS13-WrongOuterRecord",
5420 config: Config{
5421 MaxVersion: VersionTLS13,
5422 MinVersion: VersionTLS13,
5423 Bugs: ProtocolBugs{
5424 OuterRecordType: recordTypeHandshake,
5425 },
5426 },
5427 shouldFail: true,
5428 expectedError: ":INVALID_OUTER_RECORD_TYPE:",
5429 })
5430}
5431
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5432func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5433 defer wg.Done()
5434
5435 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5436 var err error
5437
5438 if *mallocTest < 0 {
5439 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5440 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5441 } else {
5442 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
5443 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5444 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5445 if err != nil {
5446 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
5447 }
5448 break
5449 }
5450 }
5451 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5452 statusChan <- statusMsg{test: test, err: err}
5453 }
5454}
5455
5456type statusMsg struct {
5457 test *testCase
5458 started bool
5459 err error
5460}
5461
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5462func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5463 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5464
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5465 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5466 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5467 if !*pipe {
5468 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]5469 var erase string
5470 for i := 0; i < lineLen; i++ {
5471 erase += "\b \b"
5472 }
5473 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5474 }
5475
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5476 if msg.started {
5477 started++
5478 } else {
5479 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5480
5481 if msg.err != nil {
5482 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
5483 failed++
5484 testOutput.addResult(msg.test.name, "FAIL")
5485 } else {
5486 if *pipe {
5487 // Print each test instead of a status line.
5488 fmt.Printf("PASSED (%s)\n", msg.test.name)
5489 }
5490 testOutput.addResult(msg.test.name, "PASS")
5491 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5492 }
5493
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5494 if !*pipe {
5495 // Print a new status line.
5496 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
5497 lineLen = len(line)
5498 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5499 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5500 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5501
5502 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5503}
5504
5505func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5506 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5507 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5508
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5509 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5510 addCipherSuiteTests()
5511 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]5512 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]5513 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]5514 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]5515 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]5516 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]5517 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]5518 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5519 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]5520 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]5521 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]5522 addDTLSReplayTests()
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame^]5523 addSignatureAlgorithmTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5524 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]5525 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]5526 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5527 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]5528 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5529 addCurveTests()
Matt Braithwaite54217e42016-06-13 13:03:47 -0700[diff] [blame]5530 addCECPQ1Tests()
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5531 addKeyExchangeInfoTests()
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]5532 addTLS13RecordTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]5533 for _, async := range []bool{false, true} {
5534 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]5535 for _, protocol := range []protocol{tls, dtls} {
5536 addStateMachineCoverageTests(async, splitHandshake, protocol)
5537 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]5538 }
5539 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5540
5541 var wg sync.WaitGroup
5542
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5543 statusChan := make(chan statusMsg, *numWorkers)
5544 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5545 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5546
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5547 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5548
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5549 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5550 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5551 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5552 }
5553
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5554 var foundTest bool
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5555 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5556 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5557 foundTest = true
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5558 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5559 }
5560 }
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5561 if !foundTest {
5562 fmt.Fprintf(os.Stderr, "No test named '%s'\n", *testToRun)
5563 os.Exit(1)
5564 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5565
5566 close(testChan)
5567 wg.Wait()
5568 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5569 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5570
5571 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5572
5573 if *jsonOutput != "" {
5574 if err := testOutput.writeTo(*jsonOutput); err != nil {
5575 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
5576 }
5577 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]5578
5579 if !testOutput.allPassed {
5580 os.Exit(1)
5581 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5582}