Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 8c2b3bf965b175b799cad0600496f3899a05663d / . / ssl / test / runner / runner.go
blob: 6f2bb4ec0e94a697000ec8b08c1e3e16ee84c757 [file] [log] [blame]
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]1package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]30 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]31 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
32 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
33 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
34 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
35 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]36 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
37 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
38 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
39 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]40)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]41
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]42const (
43 rsaCertificateFile = "cert.pem"
44 ecdsaCertificateFile = "ecdsa_cert.pem"
45)
46
47const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]48 rsaKeyFile = "key.pem"
49 ecdsaKeyFile = "ecdsa_key.pem"
50 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]51)
52
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]53var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]54var channelIDKey *ecdsa.PrivateKey
55var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]56
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]57var testOCSPResponse = []byte{1, 2, 3, 4}
58var testSCTList = []byte{5, 6, 7, 8}
59
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]60func initCertificates() {
61 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]62 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]63 if err != nil {
64 panic(err)
65 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]66 rsaCertificate.OCSPStaple = testOCSPResponse
67 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]68
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]69 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]70 if err != nil {
71 panic(err)
72 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]73 ecdsaCertificate.OCSPStaple = testOCSPResponse
74 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]75
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]76 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]77 if err != nil {
78 panic(err)
79 }
80 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
81 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
82 panic("bad key type")
83 }
84 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
85 if err != nil {
86 panic(err)
87 }
88 if channelIDKey.Curve != elliptic.P256() {
89 panic("bad curve")
90 }
91
92 channelIDBytes = make([]byte, 64)
93 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
94 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]95}
96
97var certificateOnce sync.Once
98
99func getRSACertificate() Certificate {
100 certificateOnce.Do(initCertificates)
101 return rsaCertificate
102}
103
104func getECDSACertificate() Certificate {
105 certificateOnce.Do(initCertificates)
106 return ecdsaCertificate
107}
108
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]109type testType int
110
111const (
112 clientTest testType = iota
113 serverTest
114)
115
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]116type protocol int
117
118const (
119 tls protocol = iota
120 dtls
121)
122
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]123const (
124 alpn = 1
125 npn = 2
126)
127
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]128type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]129 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]130 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]131 name string
132 config Config
133 shouldFail bool
134 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]135 // expectedLocalError, if not empty, contains a substring that must be
136 // found in the local error.
137 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]138 // expectedVersion, if non-zero, specifies the TLS version that must be
139 // negotiated.
140 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]141 // expectedResumeVersion, if non-zero, specifies the TLS version that
142 // must be negotiated on resumption. If zero, expectedVersion is used.
143 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]144 // expectedCipher, if non-zero, specifies the TLS cipher suite that
145 // should be negotiated.
146 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]147 // expectChannelID controls whether the connection should have
148 // negotiated a Channel ID with channelIDKey.
149 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]150 // expectedNextProto controls whether the connection should
151 // negotiate a next protocol via NPN or ALPN.
152 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]153 // expectNoNextProto, if true, means that no next protocol should be
154 // negotiated.
155 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]156 // expectedNextProtoType, if non-zero, is the expected next
157 // protocol negotiation mechanism.
158 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]159 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
160 // should be negotiated. If zero, none should be negotiated.
161 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]162 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
163 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]164 // expectedSCTList, if not nil, is the expected SCT list to be received.
165 expectedSCTList []uint8
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]166 // expectedClientCertSignatureHash, if not zero, is the TLS id of the
167 // hash function that the client should have used when signing the
168 // handshake with a client certificate.
169 expectedClientCertSignatureHash uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]170 // messageLen is the length, in bytes, of the test message that will be
171 // sent.
172 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]173 // messageCount is the number of test messages that will be sent.
174 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]175 // digestPrefs is the list of digest preferences from the client.
176 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]177 // certFile is the path to the certificate to use for the server.
178 certFile string
179 // keyFile is the path to the private key to use for the server.
180 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]181 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]182 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]183 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]184 // expectResumeRejected, if true, specifies that the attempted
185 // resumption must be rejected by the client. This is only valid for a
186 // serverTest.
187 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]188 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]189 // resumption. Unless newSessionsOnResume is set,
190 // SessionTicketKey, ServerSessionCache, and
191 // ClientSessionCache are copied from the initial connection's
192 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]193 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]194 // newSessionsOnResume, if true, will cause resumeConfig to
195 // use a different session resumption context.
196 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]197 // noSessionCache, if true, will cause the server to run without a
198 // session cache.
199 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]200 // sendPrefix sends a prefix on the socket before actually performing a
201 // handshake.
202 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]203 // shimWritesFirst controls whether the shim sends an initial "hello"
204 // message before doing a roundtrip with the runner.
205 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]206 // shimShutsDown, if true, runs a test where the shim shuts down the
207 // connection immediately after the handshake rather than echoing
208 // messages from the runner.
209 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]210 // renegotiate indicates the number of times the connection should be
211 // renegotiated during the exchange.
212 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]213 // renegotiateCiphers is a list of ciphersuite ids that will be
214 // switched in just before renegotiation.
215 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]216 // replayWrites, if true, configures the underlying transport
217 // to replay every write it makes in DTLS tests.
218 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]219 // damageFirstWrite, if true, configures the underlying transport to
220 // damage the final byte of the first application data write.
221 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]222 // exportKeyingMaterial, if non-zero, configures the test to exchange
223 // keying material and verify they match.
224 exportKeyingMaterial int
225 exportLabel string
226 exportContext string
227 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]228 // flags, if not empty, contains a list of command-line flags that will
229 // be passed to the shim program.
230 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]231 // testTLSUnique, if true, causes the shim to send the tls-unique value
232 // which will be compared against the expected value.
233 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]234 // sendEmptyRecords is the number of consecutive empty records to send
235 // before and after the test message.
236 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]237 // sendWarningAlerts is the number of consecutive warning alerts to send
238 // before and after the test message.
239 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]240 // expectMessageDropped, if true, means the test message is expected to
241 // be dropped by the client rather than echoed back.
242 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]243}
244
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]245var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]246
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]247func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]248 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]249
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]250 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]251 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
252 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]253 }
254
255 if *flagDebug {
256 local, peer := "client", "server"
257 if test.testType == clientTest {
258 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]259 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]260 connDebug := &recordingConn{
261 Conn: conn,
262 isDatagram: test.protocol == dtls,
263 local: local,
264 peer: peer,
265 }
266 conn = connDebug
267 defer func() {
268 connDebug.WriteTo(os.Stdout)
269 }()
270
271 if config.Bugs.PacketAdaptor != nil {
272 config.Bugs.PacketAdaptor.debug = connDebug
273 }
274 }
275
276 if test.replayWrites {
277 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]278 }
279
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]280 if test.damageFirstWrite {
281 connDamage = newDamageAdaptor(conn)
282 conn = connDamage
283 }
284
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]285 if test.sendPrefix != "" {
286 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
287 return err
288 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]289 }
290
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]291 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]292 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]293 if test.protocol == dtls {
294 tlsConn = DTLSServer(conn, config)
295 } else {
296 tlsConn = Server(conn, config)
297 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]298 } else {
299 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]300 if test.protocol == dtls {
301 tlsConn = DTLSClient(conn, config)
302 } else {
303 tlsConn = Client(conn, config)
304 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]305 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]306 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]307
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]308 if err := tlsConn.Handshake(); err != nil {
309 return err
310 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]311
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]312 // TODO(davidben): move all per-connection expectations into a dedicated
313 // expectations struct that can be specified separately for the two
314 // legs.
315 expectedVersion := test.expectedVersion
316 if isResume && test.expectedResumeVersion != 0 {
317 expectedVersion = test.expectedResumeVersion
318 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]319 connState := tlsConn.ConnectionState()
320 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]321 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]322 }
323
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]324 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]325 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
326 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]327 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
328 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
329 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]330
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]331 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]332 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]333 if channelID == nil {
334 return fmt.Errorf("no channel ID negotiated")
335 }
336 if channelID.Curve != channelIDKey.Curve ||
337 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
338 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
339 return fmt.Errorf("incorrect channel ID")
340 }
341 }
342
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]343 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]344 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]345 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
346 }
347 }
348
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]349 if test.expectNoNextProto {
350 if actual := connState.NegotiatedProtocol; actual != "" {
351 return fmt.Errorf("got unexpected next proto %s", actual)
352 }
353 }
354
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]355 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]356 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]357 return fmt.Errorf("next proto type mismatch")
358 }
359 }
360
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]361 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]362 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
363 }
364
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]365 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
366 return fmt.Errorf("OCSP Response mismatch")
367 }
368
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]369 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
370 return fmt.Errorf("SCT list mismatch")
371 }
372
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]373 if expected := test.expectedClientCertSignatureHash; expected != 0 && expected != connState.ClientCertSignatureHash {
374 return fmt.Errorf("expected client to sign handshake with hash %d, but got %d", expected, connState.ClientCertSignatureHash)
375 }
376
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]377 if test.exportKeyingMaterial > 0 {
378 actual := make([]byte, test.exportKeyingMaterial)
379 if _, err := io.ReadFull(tlsConn, actual); err != nil {
380 return err
381 }
382 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
383 if err != nil {
384 return err
385 }
386 if !bytes.Equal(actual, expected) {
387 return fmt.Errorf("keying material mismatch")
388 }
389 }
390
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]391 if test.testTLSUnique {
392 var peersValue [12]byte
393 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
394 return err
395 }
396 expected := tlsConn.ConnectionState().TLSUnique
397 if !bytes.Equal(peersValue[:], expected) {
398 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
399 }
400 }
401
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]402 if test.shimWritesFirst {
403 var buf [5]byte
404 _, err := io.ReadFull(tlsConn, buf[:])
405 if err != nil {
406 return err
407 }
408 if string(buf[:]) != "hello" {
409 return fmt.Errorf("bad initial message")
410 }
411 }
412
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]413 for i := 0; i < test.sendEmptyRecords; i++ {
414 tlsConn.Write(nil)
415 }
416
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]417 for i := 0; i < test.sendWarningAlerts; i++ {
418 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
419 }
420
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]421 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]422 if test.renegotiateCiphers != nil {
423 config.CipherSuites = test.renegotiateCiphers
424 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]425 for i := 0; i < test.renegotiate; i++ {
426 if err := tlsConn.Renegotiate(); err != nil {
427 return err
428 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]429 }
430 } else if test.renegotiateCiphers != nil {
431 panic("renegotiateCiphers without renegotiate")
432 }
433
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]434 if test.damageFirstWrite {
435 connDamage.setDamage(true)
436 tlsConn.Write([]byte("DAMAGED WRITE"))
437 connDamage.setDamage(false)
438 }
439
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]440 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]441 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]442 if test.protocol == dtls {
443 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
444 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]445 // Read until EOF.
446 _, err := io.Copy(ioutil.Discard, tlsConn)
447 return err
448 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]449 if messageLen == 0 {
450 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]451 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]452
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]453 messageCount := test.messageCount
454 if messageCount == 0 {
455 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]456 }
457
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]458 for j := 0; j < messageCount; j++ {
459 testMessage := make([]byte, messageLen)
460 for i := range testMessage {
461 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]462 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]463 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]464
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]465 for i := 0; i < test.sendEmptyRecords; i++ {
466 tlsConn.Write(nil)
467 }
468
469 for i := 0; i < test.sendWarningAlerts; i++ {
470 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
471 }
472
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]473 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]474 // The shim will not respond.
475 continue
476 }
477
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]478 buf := make([]byte, len(testMessage))
479 if test.protocol == dtls {
480 bufTmp := make([]byte, len(buf)+1)
481 n, err := tlsConn.Read(bufTmp)
482 if err != nil {
483 return err
484 }
485 if n != len(buf) {
486 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
487 }
488 copy(buf, bufTmp)
489 } else {
490 _, err := io.ReadFull(tlsConn, buf)
491 if err != nil {
492 return err
493 }
494 }
495
496 for i, v := range buf {
497 if v != testMessage[i]^0xff {
498 return fmt.Errorf("bad reply contents at byte %d", i)
499 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]500 }
501 }
502
503 return nil
504}
505
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]506func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
507 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]508 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]509 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]510 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]511 valgrindArgs = append(valgrindArgs, path)
512 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]513
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]514 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]515}
516
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]517func gdbOf(path string, args ...string) *exec.Cmd {
518 xtermArgs := []string{"-e", "gdb", "--args"}
519 xtermArgs = append(xtermArgs, path)
520 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]521
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]522 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]523}
524
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]525func lldbOf(path string, args ...string) *exec.Cmd {
526 xtermArgs := []string{"-e", "lldb", "--"}
527 xtermArgs = append(xtermArgs, path)
528 xtermArgs = append(xtermArgs, args...)
529
530 return exec.Command("xterm", xtermArgs...)
531}
532
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]533type moreMallocsError struct{}
534
535func (moreMallocsError) Error() string {
536 return "child process did not exhaust all allocation calls"
537}
538
539var errMoreMallocs = moreMallocsError{}
540
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]541// accept accepts a connection from listener, unless waitChan signals a process
542// exit first.
543func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
544 type connOrError struct {
545 conn net.Conn
546 err error
547 }
548 connChan := make(chan connOrError, 1)
549 go func() {
550 conn, err := listener.Accept()
551 connChan <- connOrError{conn, err}
552 close(connChan)
553 }()
554 select {
555 case result := <-connChan:
556 return result.conn, result.err
557 case childErr := <-waitChan:
558 waitChan <- childErr
559 return nil, fmt.Errorf("child exited early: %s", childErr)
560 }
561}
562
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]563func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]564 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
565 panic("Error expected without shouldFail in " + test.name)
566 }
567
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]568 if test.expectResumeRejected && !test.resumeSession {
569 panic("expectResumeRejected without resumeSession in " + test.name)
570 }
571
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]572 if test.testType != clientTest && test.expectedClientCertSignatureHash != 0 {
573 panic("expectedClientCertSignatureHash non-zero with serverTest in " + test.name)
574 }
575
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]576 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
577 if err != nil {
578 panic(err)
579 }
580 defer func() {
581 if listener != nil {
582 listener.Close()
583 }
584 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]585
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]586 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]587 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]588 flags = append(flags, "-server")
589
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]590 flags = append(flags, "-key-file")
591 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]592 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]593 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]594 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]595 }
596
597 flags = append(flags, "-cert-file")
598 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]599 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]600 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]601 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]602 }
603 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]604
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]605 if test.digestPrefs != "" {
606 flags = append(flags, "-digest-prefs")
607 flags = append(flags, test.digestPrefs)
608 }
609
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]610 if test.protocol == dtls {
611 flags = append(flags, "-dtls")
612 }
613
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]614 if test.resumeSession {
615 flags = append(flags, "-resume")
616 }
617
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]618 if test.shimWritesFirst {
619 flags = append(flags, "-shim-writes-first")
620 }
621
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]622 if test.shimShutsDown {
623 flags = append(flags, "-shim-shuts-down")
624 }
625
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]626 if test.exportKeyingMaterial > 0 {
627 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
628 flags = append(flags, "-export-label", test.exportLabel)
629 flags = append(flags, "-export-context", test.exportContext)
630 if test.useExportContext {
631 flags = append(flags, "-use-export-context")
632 }
633 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]634 if test.expectResumeRejected {
635 flags = append(flags, "-expect-session-miss")
636 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]637
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]638 if test.testTLSUnique {
639 flags = append(flags, "-tls-unique")
640 }
641
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]642 flags = append(flags, test.flags...)
643
644 var shim *exec.Cmd
645 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]646 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]647 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]648 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]649 } else if *useLLDB {
650 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]651 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]652 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]653 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]654 shim.Stdin = os.Stdin
655 var stdoutBuf, stderrBuf bytes.Buffer
656 shim.Stdout = &stdoutBuf
657 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]658 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]659 shim.Env = os.Environ()
660 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]661 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]662 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]663 }
664 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
665 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]666
667 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]668 panic(err)
669 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]670 waitChan := make(chan error, 1)
671 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]672
673 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]674 if !test.noSessionCache {
675 config.ClientSessionCache = NewLRUClientSessionCache(1)
676 config.ServerSessionCache = NewLRUServerSessionCache(1)
677 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]678 if test.testType == clientTest {
679 if len(config.Certificates) == 0 {
680 config.Certificates = []Certificate{getRSACertificate()}
681 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]682 } else {
683 // Supply a ServerName to ensure a constant session cache key,
684 // rather than falling back to net.Conn.RemoteAddr.
685 if len(config.ServerName) == 0 {
686 config.ServerName = "test"
687 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]688 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]690 conn, err := acceptOrWait(listener, waitChan)
691 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]692 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]693 conn.Close()
694 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]695
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]696 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]697 var resumeConfig Config
698 if test.resumeConfig != nil {
699 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]700 if len(resumeConfig.ServerName) == 0 {
701 resumeConfig.ServerName = config.ServerName
702 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]703 if len(resumeConfig.Certificates) == 0 {
704 resumeConfig.Certificates = []Certificate{getRSACertificate()}
705 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]706 if test.newSessionsOnResume {
707 if !test.noSessionCache {
708 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
709 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
710 }
711 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]712 resumeConfig.SessionTicketKey = config.SessionTicketKey
713 resumeConfig.ClientSessionCache = config.ClientSessionCache
714 resumeConfig.ServerSessionCache = config.ServerSessionCache
715 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]716 } else {
717 resumeConfig = config
718 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]719 var connResume net.Conn
720 connResume, err = acceptOrWait(listener, waitChan)
721 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]722 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]723 connResume.Close()
724 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]725 }
726
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]727 // Close the listener now. This is to avoid hangs should the shim try to
728 // open more connections than expected.
729 listener.Close()
730 listener = nil
731
732 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]733 if exitError, ok := childErr.(*exec.ExitError); ok {
734 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
735 return errMoreMallocs
736 }
737 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]738
739 stdout := string(stdoutBuf.Bytes())
740 stderr := string(stderrBuf.Bytes())
741 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]742 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]743 localError := "none"
744 if err != nil {
745 localError = err.Error()
746 }
747 if len(test.expectedLocalError) != 0 {
748 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
749 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]750
751 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]752 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]753 if childErr != nil {
754 childError = childErr.Error()
755 }
756
757 var msg string
758 switch {
759 case failed && !test.shouldFail:
760 msg = "unexpected failure"
761 case !failed && test.shouldFail:
762 msg = "unexpected success"
763 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]764 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]765 default:
766 panic("internal error")
767 }
768
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]769 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]770 }
771
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]772 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]773 println(stderr)
774 }
775
776 return nil
777}
778
779var tlsVersions = []struct {
780 name string
781 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]782 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]783 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]784}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]785 {"SSL3", VersionSSL30, "-no-ssl3", false},
786 {"TLS1", VersionTLS10, "-no-tls1", true},
787 {"TLS11", VersionTLS11, "-no-tls11", false},
788 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]789}
790
791var testCipherSuites = []struct {
792 name string
793 id uint16
794}{
795 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]796 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]797 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]798 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]799 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]800 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]801 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]802 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
803 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]804 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]805 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
806 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]807 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]808 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
809 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]810 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
811 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]812 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]813 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]814 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]815 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]816 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]817 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]818 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]819 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]820 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]821 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]822 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]823 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]824 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]825 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]826 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
827 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]828 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
829 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]830 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]831 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]832 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]833 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]834 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]835}
836
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]837func hasComponent(suiteName, component string) bool {
838 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
839}
840
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]841func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]842 return hasComponent(suiteName, "GCM") ||
843 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]844 hasComponent(suiteName, "SHA384") ||
845 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]846}
847
848func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]849 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]850}
851
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]852func bigFromHex(hex string) *big.Int {
853 ret, ok := new(big.Int).SetString(hex, 16)
854 if !ok {
855 panic("failed to parse hex number 0x" + hex)
856 }
857 return ret
858}
859
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]860func addBasicTests() {
861 basicTests := []testCase{
862 {
863 name: "BadRSASignature",
864 config: Config{
865 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
866 Bugs: ProtocolBugs{
867 InvalidSKXSignature: true,
868 },
869 },
870 shouldFail: true,
871 expectedError: ":BAD_SIGNATURE:",
872 },
873 {
874 name: "BadECDSASignature",
875 config: Config{
876 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
877 Bugs: ProtocolBugs{
878 InvalidSKXSignature: true,
879 },
880 Certificates: []Certificate{getECDSACertificate()},
881 },
882 shouldFail: true,
883 expectedError: ":BAD_SIGNATURE:",
884 },
885 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]886 testType: serverTest,
887 name: "BadRSASignature-ClientAuth",
888 config: Config{
889 Bugs: ProtocolBugs{
890 InvalidCertVerifySignature: true,
891 },
892 Certificates: []Certificate{getRSACertificate()},
893 },
894 shouldFail: true,
895 expectedError: ":BAD_SIGNATURE:",
896 flags: []string{"-require-any-client-certificate"},
897 },
898 {
899 testType: serverTest,
900 name: "BadECDSASignature-ClientAuth",
901 config: Config{
902 Bugs: ProtocolBugs{
903 InvalidCertVerifySignature: true,
904 },
905 Certificates: []Certificate{getECDSACertificate()},
906 },
907 shouldFail: true,
908 expectedError: ":BAD_SIGNATURE:",
909 flags: []string{"-require-any-client-certificate"},
910 },
911 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]912 name: "BadECDSACurve",
913 config: Config{
914 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
915 Bugs: ProtocolBugs{
916 InvalidSKXCurve: true,
917 },
918 Certificates: []Certificate{getECDSACertificate()},
919 },
920 shouldFail: true,
921 expectedError: ":WRONG_CURVE:",
922 },
923 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]924 name: "NoFallbackSCSV",
925 config: Config{
926 Bugs: ProtocolBugs{
927 FailIfNotFallbackSCSV: true,
928 },
929 },
930 shouldFail: true,
931 expectedLocalError: "no fallback SCSV found",
932 },
933 {
934 name: "SendFallbackSCSV",
935 config: Config{
936 Bugs: ProtocolBugs{
937 FailIfNotFallbackSCSV: true,
938 },
939 },
940 flags: []string{"-fallback-scsv"},
941 },
942 {
943 name: "ClientCertificateTypes",
944 config: Config{
945 ClientAuth: RequestClientCert,
946 ClientCertificateTypes: []byte{
947 CertTypeDSSSign,
948 CertTypeRSASign,
949 CertTypeECDSASign,
950 },
951 },
952 flags: []string{
953 "-expect-certificate-types",
954 base64.StdEncoding.EncodeToString([]byte{
955 CertTypeDSSSign,
956 CertTypeRSASign,
957 CertTypeECDSASign,
958 }),
959 },
960 },
961 {
962 name: "NoClientCertificate",
963 config: Config{
964 ClientAuth: RequireAnyClientCert,
965 },
966 shouldFail: true,
967 expectedLocalError: "client didn't provide a certificate",
968 },
969 {
970 name: "UnauthenticatedECDH",
971 config: Config{
972 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
973 Bugs: ProtocolBugs{
974 UnauthenticatedECDH: true,
975 },
976 },
977 shouldFail: true,
978 expectedError: ":UNEXPECTED_MESSAGE:",
979 },
980 {
981 name: "SkipCertificateStatus",
982 config: Config{
983 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
984 Bugs: ProtocolBugs{
985 SkipCertificateStatus: true,
986 },
987 },
988 flags: []string{
989 "-enable-ocsp-stapling",
990 },
991 },
992 {
993 name: "SkipServerKeyExchange",
994 config: Config{
995 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
996 Bugs: ProtocolBugs{
997 SkipServerKeyExchange: true,
998 },
999 },
1000 shouldFail: true,
1001 expectedError: ":UNEXPECTED_MESSAGE:",
1002 },
1003 {
1004 name: "SkipChangeCipherSpec-Client",
1005 config: Config{
1006 Bugs: ProtocolBugs{
1007 SkipChangeCipherSpec: true,
1008 },
1009 },
1010 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1011 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1012 },
1013 {
1014 testType: serverTest,
1015 name: "SkipChangeCipherSpec-Server",
1016 config: Config{
1017 Bugs: ProtocolBugs{
1018 SkipChangeCipherSpec: true,
1019 },
1020 },
1021 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1022 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1023 },
1024 {
1025 testType: serverTest,
1026 name: "SkipChangeCipherSpec-Server-NPN",
1027 config: Config{
1028 NextProtos: []string{"bar"},
1029 Bugs: ProtocolBugs{
1030 SkipChangeCipherSpec: true,
1031 },
1032 },
1033 flags: []string{
1034 "-advertise-npn", "\x03foo\x03bar\x03baz",
1035 },
1036 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1037 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1038 },
1039 {
1040 name: "FragmentAcrossChangeCipherSpec-Client",
1041 config: Config{
1042 Bugs: ProtocolBugs{
1043 FragmentAcrossChangeCipherSpec: true,
1044 },
1045 },
1046 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1047 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1048 },
1049 {
1050 testType: serverTest,
1051 name: "FragmentAcrossChangeCipherSpec-Server",
1052 config: Config{
1053 Bugs: ProtocolBugs{
1054 FragmentAcrossChangeCipherSpec: true,
1055 },
1056 },
1057 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1058 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1059 },
1060 {
1061 testType: serverTest,
1062 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1063 config: Config{
1064 NextProtos: []string{"bar"},
1065 Bugs: ProtocolBugs{
1066 FragmentAcrossChangeCipherSpec: true,
1067 },
1068 },
1069 flags: []string{
1070 "-advertise-npn", "\x03foo\x03bar\x03baz",
1071 },
1072 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1073 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1074 },
1075 {
1076 testType: serverTest,
1077 name: "Alert",
1078 config: Config{
1079 Bugs: ProtocolBugs{
1080 SendSpuriousAlert: alertRecordOverflow,
1081 },
1082 },
1083 shouldFail: true,
1084 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1085 },
1086 {
1087 protocol: dtls,
1088 testType: serverTest,
1089 name: "Alert-DTLS",
1090 config: Config{
1091 Bugs: ProtocolBugs{
1092 SendSpuriousAlert: alertRecordOverflow,
1093 },
1094 },
1095 shouldFail: true,
1096 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1097 },
1098 {
1099 testType: serverTest,
1100 name: "FragmentAlert",
1101 config: Config{
1102 Bugs: ProtocolBugs{
1103 FragmentAlert: true,
1104 SendSpuriousAlert: alertRecordOverflow,
1105 },
1106 },
1107 shouldFail: true,
1108 expectedError: ":BAD_ALERT:",
1109 },
1110 {
1111 protocol: dtls,
1112 testType: serverTest,
1113 name: "FragmentAlert-DTLS",
1114 config: Config{
1115 Bugs: ProtocolBugs{
1116 FragmentAlert: true,
1117 SendSpuriousAlert: alertRecordOverflow,
1118 },
1119 },
1120 shouldFail: true,
1121 expectedError: ":BAD_ALERT:",
1122 },
1123 {
1124 testType: serverTest,
1125 name: "EarlyChangeCipherSpec-server-1",
1126 config: Config{
1127 Bugs: ProtocolBugs{
1128 EarlyChangeCipherSpec: 1,
1129 },
1130 },
1131 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1132 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1133 },
1134 {
1135 testType: serverTest,
1136 name: "EarlyChangeCipherSpec-server-2",
1137 config: Config{
1138 Bugs: ProtocolBugs{
1139 EarlyChangeCipherSpec: 2,
1140 },
1141 },
1142 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1143 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1144 },
1145 {
1146 name: "SkipNewSessionTicket",
1147 config: Config{
1148 Bugs: ProtocolBugs{
1149 SkipNewSessionTicket: true,
1150 },
1151 },
1152 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1153 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1154 },
1155 {
1156 testType: serverTest,
1157 name: "FallbackSCSV",
1158 config: Config{
1159 MaxVersion: VersionTLS11,
1160 Bugs: ProtocolBugs{
1161 SendFallbackSCSV: true,
1162 },
1163 },
1164 shouldFail: true,
1165 expectedError: ":INAPPROPRIATE_FALLBACK:",
1166 },
1167 {
1168 testType: serverTest,
1169 name: "FallbackSCSV-VersionMatch",
1170 config: Config{
1171 Bugs: ProtocolBugs{
1172 SendFallbackSCSV: true,
1173 },
1174 },
1175 },
1176 {
1177 testType: serverTest,
1178 name: "FragmentedClientVersion",
1179 config: Config{
1180 Bugs: ProtocolBugs{
1181 MaxHandshakeRecordLength: 1,
1182 FragmentClientVersion: true,
1183 },
1184 },
1185 expectedVersion: VersionTLS12,
1186 },
1187 {
1188 testType: serverTest,
1189 name: "MinorVersionTolerance",
1190 config: Config{
1191 Bugs: ProtocolBugs{
1192 SendClientVersion: 0x03ff,
1193 },
1194 },
1195 expectedVersion: VersionTLS12,
1196 },
1197 {
1198 testType: serverTest,
1199 name: "MajorVersionTolerance",
1200 config: Config{
1201 Bugs: ProtocolBugs{
1202 SendClientVersion: 0x0400,
1203 },
1204 },
1205 expectedVersion: VersionTLS12,
1206 },
1207 {
1208 testType: serverTest,
1209 name: "VersionTooLow",
1210 config: Config{
1211 Bugs: ProtocolBugs{
1212 SendClientVersion: 0x0200,
1213 },
1214 },
1215 shouldFail: true,
1216 expectedError: ":UNSUPPORTED_PROTOCOL:",
1217 },
1218 {
1219 testType: serverTest,
1220 name: "HttpGET",
1221 sendPrefix: "GET / HTTP/1.0\n",
1222 shouldFail: true,
1223 expectedError: ":HTTP_REQUEST:",
1224 },
1225 {
1226 testType: serverTest,
1227 name: "HttpPOST",
1228 sendPrefix: "POST / HTTP/1.0\n",
1229 shouldFail: true,
1230 expectedError: ":HTTP_REQUEST:",
1231 },
1232 {
1233 testType: serverTest,
1234 name: "HttpHEAD",
1235 sendPrefix: "HEAD / HTTP/1.0\n",
1236 shouldFail: true,
1237 expectedError: ":HTTP_REQUEST:",
1238 },
1239 {
1240 testType: serverTest,
1241 name: "HttpPUT",
1242 sendPrefix: "PUT / HTTP/1.0\n",
1243 shouldFail: true,
1244 expectedError: ":HTTP_REQUEST:",
1245 },
1246 {
1247 testType: serverTest,
1248 name: "HttpCONNECT",
1249 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1250 shouldFail: true,
1251 expectedError: ":HTTPS_PROXY_REQUEST:",
1252 },
1253 {
1254 testType: serverTest,
1255 name: "Garbage",
1256 sendPrefix: "blah",
1257 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1258 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1259 },
1260 {
1261 name: "SkipCipherVersionCheck",
1262 config: Config{
1263 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1264 MaxVersion: VersionTLS11,
1265 Bugs: ProtocolBugs{
1266 SkipCipherVersionCheck: true,
1267 },
1268 },
1269 shouldFail: true,
1270 expectedError: ":WRONG_CIPHER_RETURNED:",
1271 },
1272 {
1273 name: "RSAEphemeralKey",
1274 config: Config{
1275 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1276 Bugs: ProtocolBugs{
1277 RSAEphemeralKey: true,
1278 },
1279 },
1280 shouldFail: true,
1281 expectedError: ":UNEXPECTED_MESSAGE:",
1282 },
1283 {
1284 name: "DisableEverything",
1285 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1286 shouldFail: true,
1287 expectedError: ":WRONG_SSL_VERSION:",
1288 },
1289 {
1290 protocol: dtls,
1291 name: "DisableEverything-DTLS",
1292 flags: []string{"-no-tls12", "-no-tls1"},
1293 shouldFail: true,
1294 expectedError: ":WRONG_SSL_VERSION:",
1295 },
1296 {
1297 name: "NoSharedCipher",
1298 config: Config{
1299 CipherSuites: []uint16{},
1300 },
1301 shouldFail: true,
1302 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1303 },
1304 {
1305 protocol: dtls,
1306 testType: serverTest,
1307 name: "MTU",
1308 config: Config{
1309 Bugs: ProtocolBugs{
1310 MaxPacketLength: 256,
1311 },
1312 },
1313 flags: []string{"-mtu", "256"},
1314 },
1315 {
1316 protocol: dtls,
1317 testType: serverTest,
1318 name: "MTUExceeded",
1319 config: Config{
1320 Bugs: ProtocolBugs{
1321 MaxPacketLength: 255,
1322 },
1323 },
1324 flags: []string{"-mtu", "256"},
1325 shouldFail: true,
1326 expectedLocalError: "dtls: exceeded maximum packet length",
1327 },
1328 {
1329 name: "CertMismatchRSA",
1330 config: Config{
1331 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1332 Certificates: []Certificate{getECDSACertificate()},
1333 Bugs: ProtocolBugs{
1334 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1335 },
1336 },
1337 shouldFail: true,
1338 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1339 },
1340 {
1341 name: "CertMismatchECDSA",
1342 config: Config{
1343 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1344 Certificates: []Certificate{getRSACertificate()},
1345 Bugs: ProtocolBugs{
1346 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1347 },
1348 },
1349 shouldFail: true,
1350 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1351 },
1352 {
1353 name: "EmptyCertificateList",
1354 config: Config{
1355 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1356 Bugs: ProtocolBugs{
1357 EmptyCertificateList: true,
1358 },
1359 },
1360 shouldFail: true,
1361 expectedError: ":DECODE_ERROR:",
1362 },
1363 {
1364 name: "TLSFatalBadPackets",
1365 damageFirstWrite: true,
1366 shouldFail: true,
1367 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1368 },
1369 {
1370 protocol: dtls,
1371 name: "DTLSIgnoreBadPackets",
1372 damageFirstWrite: true,
1373 },
1374 {
1375 protocol: dtls,
1376 name: "DTLSIgnoreBadPackets-Async",
1377 damageFirstWrite: true,
1378 flags: []string{"-async"},
1379 },
1380 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1381 name: "AppDataBeforeHandshake",
1382 config: Config{
1383 Bugs: ProtocolBugs{
1384 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1385 },
1386 },
1387 shouldFail: true,
1388 expectedError: ":UNEXPECTED_RECORD:",
1389 },
1390 {
1391 name: "AppDataBeforeHandshake-Empty",
1392 config: Config{
1393 Bugs: ProtocolBugs{
1394 AppDataBeforeHandshake: []byte{},
1395 },
1396 },
1397 shouldFail: true,
1398 expectedError: ":UNEXPECTED_RECORD:",
1399 },
1400 {
1401 protocol: dtls,
1402 name: "AppDataBeforeHandshake-DTLS",
1403 config: Config{
1404 Bugs: ProtocolBugs{
1405 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1406 },
1407 },
1408 shouldFail: true,
1409 expectedError: ":UNEXPECTED_RECORD:",
1410 },
1411 {
1412 protocol: dtls,
1413 name: "AppDataBeforeHandshake-DTLS-Empty",
1414 config: Config{
1415 Bugs: ProtocolBugs{
1416 AppDataBeforeHandshake: []byte{},
1417 },
1418 },
1419 shouldFail: true,
1420 expectedError: ":UNEXPECTED_RECORD:",
1421 },
1422 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1423 name: "AppDataAfterChangeCipherSpec",
1424 config: Config{
1425 Bugs: ProtocolBugs{
1426 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1427 },
1428 },
1429 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1430 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1431 },
1432 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1433 name: "AppDataAfterChangeCipherSpec-Empty",
1434 config: Config{
1435 Bugs: ProtocolBugs{
1436 AppDataAfterChangeCipherSpec: []byte{},
1437 },
1438 },
1439 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1440 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1441 },
1442 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1443 protocol: dtls,
1444 name: "AppDataAfterChangeCipherSpec-DTLS",
1445 config: Config{
1446 Bugs: ProtocolBugs{
1447 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1448 },
1449 },
1450 // BoringSSL's DTLS implementation will drop the out-of-order
1451 // application data.
1452 },
1453 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1454 protocol: dtls,
1455 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1456 config: Config{
1457 Bugs: ProtocolBugs{
1458 AppDataAfterChangeCipherSpec: []byte{},
1459 },
1460 },
1461 // BoringSSL's DTLS implementation will drop the out-of-order
1462 // application data.
1463 },
1464 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1465 name: "AlertAfterChangeCipherSpec",
1466 config: Config{
1467 Bugs: ProtocolBugs{
1468 AlertAfterChangeCipherSpec: alertRecordOverflow,
1469 },
1470 },
1471 shouldFail: true,
1472 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1473 },
1474 {
1475 protocol: dtls,
1476 name: "AlertAfterChangeCipherSpec-DTLS",
1477 config: Config{
1478 Bugs: ProtocolBugs{
1479 AlertAfterChangeCipherSpec: alertRecordOverflow,
1480 },
1481 },
1482 shouldFail: true,
1483 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1484 },
1485 {
1486 protocol: dtls,
1487 name: "ReorderHandshakeFragments-Small-DTLS",
1488 config: Config{
1489 Bugs: ProtocolBugs{
1490 ReorderHandshakeFragments: true,
1491 // Small enough that every handshake message is
1492 // fragmented.
1493 MaxHandshakeRecordLength: 2,
1494 },
1495 },
1496 },
1497 {
1498 protocol: dtls,
1499 name: "ReorderHandshakeFragments-Large-DTLS",
1500 config: Config{
1501 Bugs: ProtocolBugs{
1502 ReorderHandshakeFragments: true,
1503 // Large enough that no handshake message is
1504 // fragmented.
1505 MaxHandshakeRecordLength: 2048,
1506 },
1507 },
1508 },
1509 {
1510 protocol: dtls,
1511 name: "MixCompleteMessageWithFragments-DTLS",
1512 config: Config{
1513 Bugs: ProtocolBugs{
1514 ReorderHandshakeFragments: true,
1515 MixCompleteMessageWithFragments: true,
1516 MaxHandshakeRecordLength: 2,
1517 },
1518 },
1519 },
1520 {
1521 name: "SendInvalidRecordType",
1522 config: Config{
1523 Bugs: ProtocolBugs{
1524 SendInvalidRecordType: true,
1525 },
1526 },
1527 shouldFail: true,
1528 expectedError: ":UNEXPECTED_RECORD:",
1529 },
1530 {
1531 protocol: dtls,
1532 name: "SendInvalidRecordType-DTLS",
1533 config: Config{
1534 Bugs: ProtocolBugs{
1535 SendInvalidRecordType: true,
1536 },
1537 },
1538 shouldFail: true,
1539 expectedError: ":UNEXPECTED_RECORD:",
1540 },
1541 {
1542 name: "FalseStart-SkipServerSecondLeg",
1543 config: Config{
1544 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1545 NextProtos: []string{"foo"},
1546 Bugs: ProtocolBugs{
1547 SkipNewSessionTicket: true,
1548 SkipChangeCipherSpec: true,
1549 SkipFinished: true,
1550 ExpectFalseStart: true,
1551 },
1552 },
1553 flags: []string{
1554 "-false-start",
1555 "-handshake-never-done",
1556 "-advertise-alpn", "\x03foo",
1557 },
1558 shimWritesFirst: true,
1559 shouldFail: true,
1560 expectedError: ":UNEXPECTED_RECORD:",
1561 },
1562 {
1563 name: "FalseStart-SkipServerSecondLeg-Implicit",
1564 config: Config{
1565 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1566 NextProtos: []string{"foo"},
1567 Bugs: ProtocolBugs{
1568 SkipNewSessionTicket: true,
1569 SkipChangeCipherSpec: true,
1570 SkipFinished: true,
1571 },
1572 },
1573 flags: []string{
1574 "-implicit-handshake",
1575 "-false-start",
1576 "-handshake-never-done",
1577 "-advertise-alpn", "\x03foo",
1578 },
1579 shouldFail: true,
1580 expectedError: ":UNEXPECTED_RECORD:",
1581 },
1582 {
1583 testType: serverTest,
1584 name: "FailEarlyCallback",
1585 flags: []string{"-fail-early-callback"},
1586 shouldFail: true,
1587 expectedError: ":CONNECTION_REJECTED:",
1588 expectedLocalError: "remote error: access denied",
1589 },
1590 {
1591 name: "WrongMessageType",
1592 config: Config{
1593 Bugs: ProtocolBugs{
1594 WrongCertificateMessageType: true,
1595 },
1596 },
1597 shouldFail: true,
1598 expectedError: ":UNEXPECTED_MESSAGE:",
1599 expectedLocalError: "remote error: unexpected message",
1600 },
1601 {
1602 protocol: dtls,
1603 name: "WrongMessageType-DTLS",
1604 config: Config{
1605 Bugs: ProtocolBugs{
1606 WrongCertificateMessageType: true,
1607 },
1608 },
1609 shouldFail: true,
1610 expectedError: ":UNEXPECTED_MESSAGE:",
1611 expectedLocalError: "remote error: unexpected message",
1612 },
1613 {
1614 protocol: dtls,
1615 name: "FragmentMessageTypeMismatch-DTLS",
1616 config: Config{
1617 Bugs: ProtocolBugs{
1618 MaxHandshakeRecordLength: 2,
1619 FragmentMessageTypeMismatch: true,
1620 },
1621 },
1622 shouldFail: true,
1623 expectedError: ":FRAGMENT_MISMATCH:",
1624 },
1625 {
1626 protocol: dtls,
1627 name: "FragmentMessageLengthMismatch-DTLS",
1628 config: Config{
1629 Bugs: ProtocolBugs{
1630 MaxHandshakeRecordLength: 2,
1631 FragmentMessageLengthMismatch: true,
1632 },
1633 },
1634 shouldFail: true,
1635 expectedError: ":FRAGMENT_MISMATCH:",
1636 },
1637 {
1638 protocol: dtls,
1639 name: "SplitFragments-Header-DTLS",
1640 config: Config{
1641 Bugs: ProtocolBugs{
1642 SplitFragments: 2,
1643 },
1644 },
1645 shouldFail: true,
1646 expectedError: ":UNEXPECTED_MESSAGE:",
1647 },
1648 {
1649 protocol: dtls,
1650 name: "SplitFragments-Boundary-DTLS",
1651 config: Config{
1652 Bugs: ProtocolBugs{
1653 SplitFragments: dtlsRecordHeaderLen,
1654 },
1655 },
1656 shouldFail: true,
1657 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1658 },
1659 {
1660 protocol: dtls,
1661 name: "SplitFragments-Body-DTLS",
1662 config: Config{
1663 Bugs: ProtocolBugs{
1664 SplitFragments: dtlsRecordHeaderLen + 1,
1665 },
1666 },
1667 shouldFail: true,
1668 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1669 },
1670 {
1671 protocol: dtls,
1672 name: "SendEmptyFragments-DTLS",
1673 config: Config{
1674 Bugs: ProtocolBugs{
1675 SendEmptyFragments: true,
1676 },
1677 },
1678 },
1679 {
1680 name: "UnsupportedCipherSuite",
1681 config: Config{
1682 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1683 Bugs: ProtocolBugs{
1684 IgnorePeerCipherPreferences: true,
1685 },
1686 },
1687 flags: []string{"-cipher", "DEFAULT:!RC4"},
1688 shouldFail: true,
1689 expectedError: ":WRONG_CIPHER_RETURNED:",
1690 },
1691 {
1692 name: "UnsupportedCurve",
1693 config: Config{
1694 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1695 // BoringSSL implements P-224 but doesn't enable it by
1696 // default.
1697 CurvePreferences: []CurveID{CurveP224},
1698 Bugs: ProtocolBugs{
1699 IgnorePeerCurvePreferences: true,
1700 },
1701 },
1702 shouldFail: true,
1703 expectedError: ":WRONG_CURVE:",
1704 },
1705 {
1706 name: "BadFinished",
1707 config: Config{
1708 Bugs: ProtocolBugs{
1709 BadFinished: true,
1710 },
1711 },
1712 shouldFail: true,
1713 expectedError: ":DIGEST_CHECK_FAILED:",
1714 },
1715 {
1716 name: "FalseStart-BadFinished",
1717 config: Config{
1718 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1719 NextProtos: []string{"foo"},
1720 Bugs: ProtocolBugs{
1721 BadFinished: true,
1722 ExpectFalseStart: true,
1723 },
1724 },
1725 flags: []string{
1726 "-false-start",
1727 "-handshake-never-done",
1728 "-advertise-alpn", "\x03foo",
1729 },
1730 shimWritesFirst: true,
1731 shouldFail: true,
1732 expectedError: ":DIGEST_CHECK_FAILED:",
1733 },
1734 {
1735 name: "NoFalseStart-NoALPN",
1736 config: Config{
1737 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1738 Bugs: ProtocolBugs{
1739 ExpectFalseStart: true,
1740 AlertBeforeFalseStartTest: alertAccessDenied,
1741 },
1742 },
1743 flags: []string{
1744 "-false-start",
1745 },
1746 shimWritesFirst: true,
1747 shouldFail: true,
1748 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1749 expectedLocalError: "tls: peer did not false start: EOF",
1750 },
1751 {
1752 name: "NoFalseStart-NoAEAD",
1753 config: Config{
1754 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1755 NextProtos: []string{"foo"},
1756 Bugs: ProtocolBugs{
1757 ExpectFalseStart: true,
1758 AlertBeforeFalseStartTest: alertAccessDenied,
1759 },
1760 },
1761 flags: []string{
1762 "-false-start",
1763 "-advertise-alpn", "\x03foo",
1764 },
1765 shimWritesFirst: true,
1766 shouldFail: true,
1767 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1768 expectedLocalError: "tls: peer did not false start: EOF",
1769 },
1770 {
1771 name: "NoFalseStart-RSA",
1772 config: Config{
1773 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1774 NextProtos: []string{"foo"},
1775 Bugs: ProtocolBugs{
1776 ExpectFalseStart: true,
1777 AlertBeforeFalseStartTest: alertAccessDenied,
1778 },
1779 },
1780 flags: []string{
1781 "-false-start",
1782 "-advertise-alpn", "\x03foo",
1783 },
1784 shimWritesFirst: true,
1785 shouldFail: true,
1786 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1787 expectedLocalError: "tls: peer did not false start: EOF",
1788 },
1789 {
1790 name: "NoFalseStart-DHE_RSA",
1791 config: Config{
1792 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1793 NextProtos: []string{"foo"},
1794 Bugs: ProtocolBugs{
1795 ExpectFalseStart: true,
1796 AlertBeforeFalseStartTest: alertAccessDenied,
1797 },
1798 },
1799 flags: []string{
1800 "-false-start",
1801 "-advertise-alpn", "\x03foo",
1802 },
1803 shimWritesFirst: true,
1804 shouldFail: true,
1805 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1806 expectedLocalError: "tls: peer did not false start: EOF",
1807 },
1808 {
1809 testType: serverTest,
1810 name: "NoSupportedCurves",
1811 config: Config{
1812 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1813 Bugs: ProtocolBugs{
1814 NoSupportedCurves: true,
1815 },
1816 },
1817 },
1818 {
1819 testType: serverTest,
1820 name: "NoCommonCurves",
1821 config: Config{
1822 CipherSuites: []uint16{
1823 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1824 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1825 },
1826 CurvePreferences: []CurveID{CurveP224},
1827 },
1828 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1829 },
1830 {
1831 protocol: dtls,
1832 name: "SendSplitAlert-Sync",
1833 config: Config{
1834 Bugs: ProtocolBugs{
1835 SendSplitAlert: true,
1836 },
1837 },
1838 },
1839 {
1840 protocol: dtls,
1841 name: "SendSplitAlert-Async",
1842 config: Config{
1843 Bugs: ProtocolBugs{
1844 SendSplitAlert: true,
1845 },
1846 },
1847 flags: []string{"-async"},
1848 },
1849 {
1850 protocol: dtls,
1851 name: "PackDTLSHandshake",
1852 config: Config{
1853 Bugs: ProtocolBugs{
1854 MaxHandshakeRecordLength: 2,
1855 PackHandshakeFragments: 20,
1856 PackHandshakeRecords: 200,
1857 },
1858 },
1859 },
1860 {
1861 testType: serverTest,
1862 protocol: dtls,
1863 name: "NoRC4-DTLS",
1864 config: Config{
1865 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1866 Bugs: ProtocolBugs{
1867 EnableAllCiphersInDTLS: true,
1868 },
1869 },
1870 shouldFail: true,
1871 expectedError: ":NO_SHARED_CIPHER:",
1872 },
1873 {
1874 name: "SendEmptyRecords-Pass",
1875 sendEmptyRecords: 32,
1876 },
1877 {
1878 name: "SendEmptyRecords",
1879 sendEmptyRecords: 33,
1880 shouldFail: true,
1881 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1882 },
1883 {
1884 name: "SendEmptyRecords-Async",
1885 sendEmptyRecords: 33,
1886 flags: []string{"-async"},
1887 shouldFail: true,
1888 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1889 },
1890 {
1891 name: "SendWarningAlerts-Pass",
1892 sendWarningAlerts: 4,
1893 },
1894 {
1895 protocol: dtls,
1896 name: "SendWarningAlerts-DTLS-Pass",
1897 sendWarningAlerts: 4,
1898 },
1899 {
1900 name: "SendWarningAlerts",
1901 sendWarningAlerts: 5,
1902 shouldFail: true,
1903 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1904 },
1905 {
1906 name: "SendWarningAlerts-Async",
1907 sendWarningAlerts: 5,
1908 flags: []string{"-async"},
1909 shouldFail: true,
1910 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1911 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1912 {
1913 name: "EmptySessionID",
1914 config: Config{
1915 SessionTicketsDisabled: true,
1916 },
1917 noSessionCache: true,
1918 flags: []string{"-expect-no-session"},
1919 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1920 {
1921 name: "Unclean-Shutdown",
1922 config: Config{
1923 Bugs: ProtocolBugs{
1924 NoCloseNotify: true,
1925 ExpectCloseNotify: true,
1926 },
1927 },
1928 shimShutsDown: true,
1929 flags: []string{"-check-close-notify"},
1930 shouldFail: true,
1931 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1932 },
1933 {
1934 name: "Unclean-Shutdown-Ignored",
1935 config: Config{
1936 Bugs: ProtocolBugs{
1937 NoCloseNotify: true,
1938 },
1939 },
1940 shimShutsDown: true,
1941 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]1942 {
1943 name: "LargePlaintext",
1944 config: Config{
1945 Bugs: ProtocolBugs{
1946 SendLargeRecords: true,
1947 },
1948 },
1949 messageLen: maxPlaintext + 1,
1950 shouldFail: true,
1951 expectedError: ":DATA_LENGTH_TOO_LONG:",
1952 },
1953 {
1954 protocol: dtls,
1955 name: "LargePlaintext-DTLS",
1956 config: Config{
1957 Bugs: ProtocolBugs{
1958 SendLargeRecords: true,
1959 },
1960 },
1961 messageLen: maxPlaintext + 1,
1962 shouldFail: true,
1963 expectedError: ":DATA_LENGTH_TOO_LONG:",
1964 },
1965 {
1966 name: "LargeCiphertext",
1967 config: Config{
1968 Bugs: ProtocolBugs{
1969 SendLargeRecords: true,
1970 },
1971 },
1972 messageLen: maxPlaintext * 2,
1973 shouldFail: true,
1974 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
1975 },
1976 {
1977 protocol: dtls,
1978 name: "LargeCiphertext-DTLS",
1979 config: Config{
1980 Bugs: ProtocolBugs{
1981 SendLargeRecords: true,
1982 },
1983 },
1984 messageLen: maxPlaintext * 2,
1985 // Unlike the other four cases, DTLS drops records which
1986 // are invalid before authentication, so the connection
1987 // does not fail.
1988 expectMessageDropped: true,
1989 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]1990 {
1991 name: "SendEmptySessionTicket",
1992 config: Config{
1993 Bugs: ProtocolBugs{
1994 SendEmptySessionTicket: true,
1995 FailIfSessionOffered: true,
1996 },
1997 },
1998 flags: []string{"-expect-no-session"},
1999 resumeSession: true,
2000 expectResumeRejected: true,
2001 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]2002 {
2003 name: "CheckLeafCurve",
2004 config: Config{
2005 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2006 Certificates: []Certificate{getECDSACertificate()},
2007 },
2008 flags: []string{"-p384-only"},
2009 shouldFail: true,
2010 expectedError: ":BAD_ECC_CERT:",
2011 },
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2012 {
2013 name: "BadChangeCipherSpec-1",
2014 config: Config{
2015 Bugs: ProtocolBugs{
2016 BadChangeCipherSpec: []byte{2},
2017 },
2018 },
2019 shouldFail: true,
2020 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2021 },
2022 {
2023 name: "BadChangeCipherSpec-2",
2024 config: Config{
2025 Bugs: ProtocolBugs{
2026 BadChangeCipherSpec: []byte{1, 1},
2027 },
2028 },
2029 shouldFail: true,
2030 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2031 },
2032 {
2033 protocol: dtls,
2034 name: "BadChangeCipherSpec-DTLS-1",
2035 config: Config{
2036 Bugs: ProtocolBugs{
2037 BadChangeCipherSpec: []byte{2},
2038 },
2039 },
2040 shouldFail: true,
2041 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2042 },
2043 {
2044 protocol: dtls,
2045 name: "BadChangeCipherSpec-DTLS-2",
2046 config: Config{
2047 Bugs: ProtocolBugs{
2048 BadChangeCipherSpec: []byte{1, 1},
2049 },
2050 },
2051 shouldFail: true,
2052 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2053 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2054 {
2055 name: "BadHelloRequest-1",
2056 renegotiate: 1,
2057 config: Config{
2058 Bugs: ProtocolBugs{
2059 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2060 },
2061 },
2062 flags: []string{
2063 "-renegotiate-freely",
2064 "-expect-total-renegotiations", "1",
2065 },
2066 shouldFail: true,
2067 expectedError: ":BAD_HELLO_REQUEST:",
2068 },
2069 {
2070 name: "BadHelloRequest-2",
2071 renegotiate: 1,
2072 config: Config{
2073 Bugs: ProtocolBugs{
2074 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2075 },
2076 },
2077 flags: []string{
2078 "-renegotiate-freely",
2079 "-expect-total-renegotiations", "1",
2080 },
2081 shouldFail: true,
2082 expectedError: ":BAD_HELLO_REQUEST:",
2083 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2084 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2085 testCases = append(testCases, basicTests...)
2086}
2087
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2088func addCipherSuiteTests() {
2089 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2090 const psk = "12345"
2091 const pskIdentity = "luggage combo"
2092
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2093 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2094 var certFile string
2095 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2096 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2097 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2098 certFile = ecdsaCertificateFile
2099 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2100 } else {
2101 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2102 certFile = rsaCertificateFile
2103 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2104 }
2105
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2106 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2107 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2108 flags = append(flags,
2109 "-psk", psk,
2110 "-psk-identity", pskIdentity)
2111 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2112 if hasComponent(suite.name, "NULL") {
2113 // NULL ciphers must be explicitly enabled.
2114 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2115 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2116
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2117 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]2118 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2119 continue
2120 }
2121
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2122 testCases = append(testCases, testCase{
2123 testType: clientTest,
2124 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2125 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2126 MinVersion: ver.version,
2127 MaxVersion: ver.version,
2128 CipherSuites: []uint16{suite.id},
2129 Certificates: []Certificate{cert},
David Benjamin68793732015-05-04 20:20:48 -0400[diff] [blame]2130 PreSharedKey: []byte(psk),
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2131 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2132 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2133 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2134 resumeSession: true,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2135 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2136
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2137 testCases = append(testCases, testCase{
2138 testType: serverTest,
2139 name: ver.name + "-" + suite.name + "-server",
2140 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2141 MinVersion: ver.version,
2142 MaxVersion: ver.version,
2143 CipherSuites: []uint16{suite.id},
2144 Certificates: []Certificate{cert},
2145 PreSharedKey: []byte(psk),
2146 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2147 },
2148 certFile: certFile,
2149 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2150 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2151 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2152 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2153
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2154 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2155 testCases = append(testCases, testCase{
2156 testType: clientTest,
2157 protocol: dtls,
2158 name: "D" + ver.name + "-" + suite.name + "-client",
2159 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2160 MinVersion: ver.version,
2161 MaxVersion: ver.version,
2162 CipherSuites: []uint16{suite.id},
2163 Certificates: []Certificate{cert},
2164 PreSharedKey: []byte(psk),
2165 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2166 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2167 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2168 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2169 })
2170 testCases = append(testCases, testCase{
2171 testType: serverTest,
2172 protocol: dtls,
2173 name: "D" + ver.name + "-" + suite.name + "-server",
2174 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2175 MinVersion: ver.version,
2176 MaxVersion: ver.version,
2177 CipherSuites: []uint16{suite.id},
2178 Certificates: []Certificate{cert},
2179 PreSharedKey: []byte(psk),
2180 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2181 },
2182 certFile: certFile,
2183 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2184 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2185 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2186 })
2187 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2188 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2189
2190 // Ensure both TLS and DTLS accept their maximum record sizes.
2191 testCases = append(testCases, testCase{
2192 name: suite.name + "-LargeRecord",
2193 config: Config{
2194 CipherSuites: []uint16{suite.id},
2195 Certificates: []Certificate{cert},
2196 PreSharedKey: []byte(psk),
2197 PreSharedKeyIdentity: pskIdentity,
2198 },
2199 flags: flags,
2200 messageLen: maxPlaintext,
2201 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2202 if isDTLSCipher(suite.name) {
2203 testCases = append(testCases, testCase{
2204 protocol: dtls,
2205 name: suite.name + "-LargeRecord-DTLS",
2206 config: Config{
2207 CipherSuites: []uint16{suite.id},
2208 Certificates: []Certificate{cert},
2209 PreSharedKey: []byte(psk),
2210 PreSharedKeyIdentity: pskIdentity,
2211 },
2212 flags: flags,
2213 messageLen: maxPlaintext,
2214 })
2215 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2216 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2217
2218 testCases = append(testCases, testCase{
2219 name: "WeakDH",
2220 config: Config{
2221 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2222 Bugs: ProtocolBugs{
2223 // This is a 1023-bit prime number, generated
2224 // with:
2225 // openssl gendh 1023 | openssl asn1parse -i
2226 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2227 },
2228 },
2229 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2230 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2231 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2232
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2233 testCases = append(testCases, testCase{
2234 name: "SillyDH",
2235 config: Config{
2236 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2237 Bugs: ProtocolBugs{
2238 // This is a 4097-bit prime number, generated
2239 // with:
2240 // openssl gendh 4097 | openssl asn1parse -i
2241 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2242 },
2243 },
2244 shouldFail: true,
2245 expectedError: ":DH_P_TOO_LONG:",
2246 })
2247
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2248 // This test ensures that Diffie-Hellman public values are padded with
2249 // zeros so that they're the same length as the prime. This is to avoid
2250 // hitting a bug in yaSSL.
2251 testCases = append(testCases, testCase{
2252 testType: serverTest,
2253 name: "DHPublicValuePadded",
2254 config: Config{
2255 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2256 Bugs: ProtocolBugs{
2257 RequireDHPublicValueLen: (1025 + 7) / 8,
2258 },
2259 },
2260 flags: []string{"-use-sparse-dh-prime"},
2261 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2262
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2263 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2264 // 1.1 specific cipher suite settings. A server is setup with the given
2265 // cipher lists and then a connection is made for each member of
2266 // expectations. The cipher suite that the server selects must match
2267 // the specified one.
2268 var versionSpecificCiphersTest = []struct {
2269 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2270 // expectations is a map from TLS version to cipher suite id.
2271 expectations map[uint16]uint16
2272 }{
2273 {
2274 // Test that the null case (where no version-specific ciphers are set)
2275 // works as expected.
2276 "RC4-SHA:AES128-SHA", // default ciphers
2277 "", // no ciphers specifically for TLS ≥ 1.0
2278 "", // no ciphers specifically for TLS ≥ 1.1
2279 map[uint16]uint16{
2280 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2281 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2282 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2283 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2284 },
2285 },
2286 {
2287 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2288 // cipher.
2289 "RC4-SHA:AES128-SHA", // default
2290 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2291 "", // no ciphers specifically for TLS ≥ 1.1
2292 map[uint16]uint16{
2293 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2294 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2295 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2296 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2297 },
2298 },
2299 {
2300 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2301 // cipher.
2302 "RC4-SHA:AES128-SHA", // default
2303 "", // no ciphers specifically for TLS ≥ 1.0
2304 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2305 map[uint16]uint16{
2306 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2307 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2308 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2309 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2310 },
2311 },
2312 {
2313 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2314 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2315 "RC4-SHA:AES128-SHA", // default
2316 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2317 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2318 map[uint16]uint16{
2319 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2320 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2321 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2322 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2323 },
2324 },
2325 }
2326
2327 for i, test := range versionSpecificCiphersTest {
2328 for version, expectedCipherSuite := range test.expectations {
2329 flags := []string{"-cipher", test.ciphersDefault}
2330 if len(test.ciphersTLS10) > 0 {
2331 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2332 }
2333 if len(test.ciphersTLS11) > 0 {
2334 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2335 }
2336
2337 testCases = append(testCases, testCase{
2338 testType: serverTest,
2339 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2340 config: Config{
2341 MaxVersion: version,
2342 MinVersion: version,
2343 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2344 },
2345 flags: flags,
2346 expectedCipher: expectedCipherSuite,
2347 })
2348 }
2349 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2350}
2351
2352func addBadECDSASignatureTests() {
2353 for badR := BadValue(1); badR < NumBadValues; badR++ {
2354 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2355 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2356 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2357 config: Config{
2358 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2359 Certificates: []Certificate{getECDSACertificate()},
2360 Bugs: ProtocolBugs{
2361 BadECDSAR: badR,
2362 BadECDSAS: badS,
2363 },
2364 },
2365 shouldFail: true,
2366 expectedError: "SIGNATURE",
2367 })
2368 }
2369 }
2370}
2371
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2372func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2373 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2374 name: "MaxCBCPadding",
2375 config: Config{
2376 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2377 Bugs: ProtocolBugs{
2378 MaxPadding: true,
2379 },
2380 },
2381 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2382 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2383 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2384 name: "BadCBCPadding",
2385 config: Config{
2386 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2387 Bugs: ProtocolBugs{
2388 PaddingFirstByteBad: true,
2389 },
2390 },
2391 shouldFail: true,
2392 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2393 })
2394 // OpenSSL previously had an issue where the first byte of padding in
2395 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2396 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2397 name: "BadCBCPadding255",
2398 config: Config{
2399 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2400 Bugs: ProtocolBugs{
2401 MaxPadding: true,
2402 PaddingFirstByteBadIf255: true,
2403 },
2404 },
2405 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2406 shouldFail: true,
2407 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2408 })
2409}
2410
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2411func addCBCSplittingTests() {
2412 testCases = append(testCases, testCase{
2413 name: "CBCRecordSplitting",
2414 config: Config{
2415 MaxVersion: VersionTLS10,
2416 MinVersion: VersionTLS10,
2417 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2418 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2419 messageLen: -1, // read until EOF
2420 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2421 flags: []string{
2422 "-async",
2423 "-write-different-record-sizes",
2424 "-cbc-record-splitting",
2425 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2426 })
2427 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2428 name: "CBCRecordSplittingPartialWrite",
2429 config: Config{
2430 MaxVersion: VersionTLS10,
2431 MinVersion: VersionTLS10,
2432 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2433 },
2434 messageLen: -1, // read until EOF
2435 flags: []string{
2436 "-async",
2437 "-write-different-record-sizes",
2438 "-cbc-record-splitting",
2439 "-partial-write",
2440 },
2441 })
2442}
2443
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2444func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2445 // Add a dummy cert pool to stress certificate authority parsing.
2446 // TODO(davidben): Add tests that those values parse out correctly.
2447 certPool := x509.NewCertPool()
2448 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2449 if err != nil {
2450 panic(err)
2451 }
2452 certPool.AddCert(cert)
2453
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2454 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2455 testCases = append(testCases, testCase{
2456 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2457 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2458 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2459 MinVersion: ver.version,
2460 MaxVersion: ver.version,
2461 ClientAuth: RequireAnyClientCert,
2462 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2463 },
2464 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2465 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2466 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2467 },
2468 })
2469 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2470 testType: serverTest,
2471 name: ver.name + "-Server-ClientAuth-RSA",
2472 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2473 MinVersion: ver.version,
2474 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2475 Certificates: []Certificate{rsaCertificate},
2476 },
2477 flags: []string{"-require-any-client-certificate"},
2478 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2479 if ver.version != VersionSSL30 {
2480 testCases = append(testCases, testCase{
2481 testType: serverTest,
2482 name: ver.name + "-Server-ClientAuth-ECDSA",
2483 config: Config{
2484 MinVersion: ver.version,
2485 MaxVersion: ver.version,
2486 Certificates: []Certificate{ecdsaCertificate},
2487 },
2488 flags: []string{"-require-any-client-certificate"},
2489 })
2490 testCases = append(testCases, testCase{
2491 testType: clientTest,
2492 name: ver.name + "-Client-ClientAuth-ECDSA",
2493 config: Config{
2494 MinVersion: ver.version,
2495 MaxVersion: ver.version,
2496 ClientAuth: RequireAnyClientCert,
2497 ClientCAs: certPool,
2498 },
2499 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2500 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2501 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2502 },
2503 })
2504 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2505 }
2506}
2507
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2508func addExtendedMasterSecretTests() {
2509 const expectEMSFlag = "-expect-extended-master-secret"
2510
2511 for _, with := range []bool{false, true} {
2512 prefix := "No"
2513 var flags []string
2514 if with {
2515 prefix = ""
2516 flags = []string{expectEMSFlag}
2517 }
2518
2519 for _, isClient := range []bool{false, true} {
2520 suffix := "-Server"
2521 testType := serverTest
2522 if isClient {
2523 suffix = "-Client"
2524 testType = clientTest
2525 }
2526
2527 for _, ver := range tlsVersions {
2528 test := testCase{
2529 testType: testType,
2530 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2531 config: Config{
2532 MinVersion: ver.version,
2533 MaxVersion: ver.version,
2534 Bugs: ProtocolBugs{
2535 NoExtendedMasterSecret: !with,
2536 RequireExtendedMasterSecret: with,
2537 },
2538 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2539 flags: flags,
2540 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2541 }
2542 if test.shouldFail {
2543 test.expectedLocalError = "extended master secret required but not supported by peer"
2544 }
2545 testCases = append(testCases, test)
2546 }
2547 }
2548 }
2549
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2550 for _, isClient := range []bool{false, true} {
2551 for _, supportedInFirstConnection := range []bool{false, true} {
2552 for _, supportedInResumeConnection := range []bool{false, true} {
2553 boolToWord := func(b bool) string {
2554 if b {
2555 return "Yes"
2556 }
2557 return "No"
2558 }
2559 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2560 if isClient {
2561 suffix += "Client"
2562 } else {
2563 suffix += "Server"
2564 }
2565
2566 supportedConfig := Config{
2567 Bugs: ProtocolBugs{
2568 RequireExtendedMasterSecret: true,
2569 },
2570 }
2571
2572 noSupportConfig := Config{
2573 Bugs: ProtocolBugs{
2574 NoExtendedMasterSecret: true,
2575 },
2576 }
2577
2578 test := testCase{
2579 name: "ExtendedMasterSecret-" + suffix,
2580 resumeSession: true,
2581 }
2582
2583 if !isClient {
2584 test.testType = serverTest
2585 }
2586
2587 if supportedInFirstConnection {
2588 test.config = supportedConfig
2589 } else {
2590 test.config = noSupportConfig
2591 }
2592
2593 if supportedInResumeConnection {
2594 test.resumeConfig = &supportedConfig
2595 } else {
2596 test.resumeConfig = &noSupportConfig
2597 }
2598
2599 switch suffix {
2600 case "YesToYes-Client", "YesToYes-Server":
2601 // When a session is resumed, it should
2602 // still be aware that its master
2603 // secret was generated via EMS and
2604 // thus it's safe to use tls-unique.
2605 test.flags = []string{expectEMSFlag}
2606 case "NoToYes-Server":
2607 // If an original connection did not
2608 // contain EMS, but a resumption
2609 // handshake does, then a server should
2610 // not resume the session.
2611 test.expectResumeRejected = true
2612 case "YesToNo-Server":
2613 // Resuming an EMS session without the
2614 // EMS extension should cause the
2615 // server to abort the connection.
2616 test.shouldFail = true
2617 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2618 case "NoToYes-Client":
2619 // A client should abort a connection
2620 // where the server resumed a non-EMS
2621 // session but echoed the EMS
2622 // extension.
2623 test.shouldFail = true
2624 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2625 case "YesToNo-Client":
2626 // A client should abort a connection
2627 // where the server didn't echo EMS
2628 // when the session used it.
2629 test.shouldFail = true
2630 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2631 }
2632
2633 testCases = append(testCases, test)
2634 }
2635 }
2636 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2637}
2638
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2639// Adds tests that try to cover the range of the handshake state machine, under
2640// various conditions. Some of these are redundant with other tests, but they
2641// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2642func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2643 var tests []testCase
2644
2645 // Basic handshake, with resumption. Client and server,
2646 // session ID and session ticket.
2647 tests = append(tests, testCase{
2648 name: "Basic-Client",
2649 resumeSession: true,
2650 })
2651 tests = append(tests, testCase{
2652 name: "Basic-Client-RenewTicket",
2653 config: Config{
2654 Bugs: ProtocolBugs{
2655 RenewTicketOnResume: true,
2656 },
2657 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2658 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2659 resumeSession: true,
2660 })
2661 tests = append(tests, testCase{
2662 name: "Basic-Client-NoTicket",
2663 config: Config{
2664 SessionTicketsDisabled: true,
2665 },
2666 resumeSession: true,
2667 })
2668 tests = append(tests, testCase{
2669 name: "Basic-Client-Implicit",
2670 flags: []string{"-implicit-handshake"},
2671 resumeSession: true,
2672 })
2673 tests = append(tests, testCase{
2674 testType: serverTest,
2675 name: "Basic-Server",
2676 resumeSession: true,
2677 })
2678 tests = append(tests, testCase{
2679 testType: serverTest,
2680 name: "Basic-Server-NoTickets",
2681 config: Config{
2682 SessionTicketsDisabled: true,
2683 },
2684 resumeSession: true,
2685 })
2686 tests = append(tests, testCase{
2687 testType: serverTest,
2688 name: "Basic-Server-Implicit",
2689 flags: []string{"-implicit-handshake"},
2690 resumeSession: true,
2691 })
2692 tests = append(tests, testCase{
2693 testType: serverTest,
2694 name: "Basic-Server-EarlyCallback",
2695 flags: []string{"-use-early-callback"},
2696 resumeSession: true,
2697 })
2698
2699 // TLS client auth.
2700 tests = append(tests, testCase{
2701 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2702 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2703 config: Config{
2704 ClientAuth: RequireAnyClientCert,
2705 },
2706 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2707 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2708 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2709 },
2710 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2711 tests = append(tests, testCase{
2712 testType: clientTest,
2713 name: "ClientAuth-ECDSA-Client",
2714 config: Config{
2715 ClientAuth: RequireAnyClientCert,
2716 },
2717 flags: []string{
2718 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2719 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2720 },
2721 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2722 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2723 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2724 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2725 testType: serverTest,
2726 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2727 config: Config{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2728 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2729 },
2730 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2731 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2732 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2733 },
2734 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2735 tests = append(tests, testCase{
2736 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2737 name: "Basic-Server-ECDHE-RSA",
2738 config: Config{
2739 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2740 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2741 flags: []string{
2742 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2743 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2744 },
2745 })
2746 tests = append(tests, testCase{
2747 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2748 name: "Basic-Server-ECDHE-ECDSA",
2749 config: Config{
2750 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2751 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2752 flags: []string{
2753 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2754 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2755 },
2756 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2757 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2758 tests = append(tests, testCase{
2759 testType: serverTest,
2760 name: "ClientAuth-Server",
2761 config: Config{
2762 Certificates: []Certificate{rsaCertificate},
2763 },
2764 flags: []string{"-require-any-client-certificate"},
2765 })
2766
2767 // No session ticket support; server doesn't send NewSessionTicket.
2768 tests = append(tests, testCase{
2769 name: "SessionTicketsDisabled-Client",
2770 config: Config{
2771 SessionTicketsDisabled: true,
2772 },
2773 })
2774 tests = append(tests, testCase{
2775 testType: serverTest,
2776 name: "SessionTicketsDisabled-Server",
2777 config: Config{
2778 SessionTicketsDisabled: true,
2779 },
2780 })
2781
2782 // Skip ServerKeyExchange in PSK key exchange if there's no
2783 // identity hint.
2784 tests = append(tests, testCase{
2785 name: "EmptyPSKHint-Client",
2786 config: Config{
2787 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2788 PreSharedKey: []byte("secret"),
2789 },
2790 flags: []string{"-psk", "secret"},
2791 })
2792 tests = append(tests, testCase{
2793 testType: serverTest,
2794 name: "EmptyPSKHint-Server",
2795 config: Config{
2796 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2797 PreSharedKey: []byte("secret"),
2798 },
2799 flags: []string{"-psk", "secret"},
2800 })
2801
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2802 tests = append(tests, testCase{
2803 testType: clientTest,
2804 name: "OCSPStapling-Client",
2805 flags: []string{
2806 "-enable-ocsp-stapling",
2807 "-expect-ocsp-response",
2808 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2809 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2810 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2811 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2812 })
2813
2814 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2815 testType: serverTest,
2816 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2817 expectedOCSPResponse: testOCSPResponse,
2818 flags: []string{
2819 "-ocsp-response",
2820 base64.StdEncoding.EncodeToString(testOCSPResponse),
2821 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2822 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2823 })
2824
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2825 tests = append(tests, testCase{
2826 testType: clientTest,
2827 name: "CertificateVerificationSucceed",
2828 flags: []string{
2829 "-verify-peer",
2830 },
2831 })
2832
2833 tests = append(tests, testCase{
2834 testType: clientTest,
2835 name: "CertificateVerificationFail",
2836 flags: []string{
2837 "-verify-fail",
2838 "-verify-peer",
2839 },
2840 shouldFail: true,
2841 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
2842 })
2843
2844 tests = append(tests, testCase{
2845 testType: clientTest,
2846 name: "CertificateVerificationSoftFail",
2847 flags: []string{
2848 "-verify-fail",
2849 "-expect-verify-result",
2850 },
2851 })
2852
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2853 if protocol == tls {
2854 tests = append(tests, testCase{
2855 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]2856 renegotiate: 1,
2857 flags: []string{
2858 "-renegotiate-freely",
2859 "-expect-total-renegotiations", "1",
2860 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2861 })
2862 // NPN on client and server; results in post-handshake message.
2863 tests = append(tests, testCase{
2864 name: "NPN-Client",
2865 config: Config{
2866 NextProtos: []string{"foo"},
2867 },
2868 flags: []string{"-select-next-proto", "foo"},
2869 expectedNextProto: "foo",
2870 expectedNextProtoType: npn,
2871 })
2872 tests = append(tests, testCase{
2873 testType: serverTest,
2874 name: "NPN-Server",
2875 config: Config{
2876 NextProtos: []string{"bar"},
2877 },
2878 flags: []string{
2879 "-advertise-npn", "\x03foo\x03bar\x03baz",
2880 "-expect-next-proto", "bar",
2881 },
2882 expectedNextProto: "bar",
2883 expectedNextProtoType: npn,
2884 })
2885
2886 // TODO(davidben): Add tests for when False Start doesn't trigger.
2887
2888 // Client does False Start and negotiates NPN.
2889 tests = append(tests, testCase{
2890 name: "FalseStart",
2891 config: Config{
2892 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2893 NextProtos: []string{"foo"},
2894 Bugs: ProtocolBugs{
2895 ExpectFalseStart: true,
2896 },
2897 },
2898 flags: []string{
2899 "-false-start",
2900 "-select-next-proto", "foo",
2901 },
2902 shimWritesFirst: true,
2903 resumeSession: true,
2904 })
2905
2906 // Client does False Start and negotiates ALPN.
2907 tests = append(tests, testCase{
2908 name: "FalseStart-ALPN",
2909 config: Config{
2910 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2911 NextProtos: []string{"foo"},
2912 Bugs: ProtocolBugs{
2913 ExpectFalseStart: true,
2914 },
2915 },
2916 flags: []string{
2917 "-false-start",
2918 "-advertise-alpn", "\x03foo",
2919 },
2920 shimWritesFirst: true,
2921 resumeSession: true,
2922 })
2923
2924 // Client does False Start but doesn't explicitly call
2925 // SSL_connect.
2926 tests = append(tests, testCase{
2927 name: "FalseStart-Implicit",
2928 config: Config{
2929 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2930 NextProtos: []string{"foo"},
2931 },
2932 flags: []string{
2933 "-implicit-handshake",
2934 "-false-start",
2935 "-advertise-alpn", "\x03foo",
2936 },
2937 })
2938
2939 // False Start without session tickets.
2940 tests = append(tests, testCase{
2941 name: "FalseStart-SessionTicketsDisabled",
2942 config: Config{
2943 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2944 NextProtos: []string{"foo"},
2945 SessionTicketsDisabled: true,
2946 Bugs: ProtocolBugs{
2947 ExpectFalseStart: true,
2948 },
2949 },
2950 flags: []string{
2951 "-false-start",
2952 "-select-next-proto", "foo",
2953 },
2954 shimWritesFirst: true,
2955 })
2956
2957 // Server parses a V2ClientHello.
2958 tests = append(tests, testCase{
2959 testType: serverTest,
2960 name: "SendV2ClientHello",
2961 config: Config{
2962 // Choose a cipher suite that does not involve
2963 // elliptic curves, so no extensions are
2964 // involved.
2965 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2966 Bugs: ProtocolBugs{
2967 SendV2ClientHello: true,
2968 },
2969 },
2970 })
2971
2972 // Client sends a Channel ID.
2973 tests = append(tests, testCase{
2974 name: "ChannelID-Client",
2975 config: Config{
2976 RequestChannelID: true,
2977 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2978 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2979 resumeSession: true,
2980 expectChannelID: true,
2981 })
2982
2983 // Server accepts a Channel ID.
2984 tests = append(tests, testCase{
2985 testType: serverTest,
2986 name: "ChannelID-Server",
2987 config: Config{
2988 ChannelID: channelIDKey,
2989 },
2990 flags: []string{
2991 "-expect-channel-id",
2992 base64.StdEncoding.EncodeToString(channelIDBytes),
2993 },
2994 resumeSession: true,
2995 expectChannelID: true,
2996 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2997
2998 // Bidirectional shutdown with the runner initiating.
2999 tests = append(tests, testCase{
3000 name: "Shutdown-Runner",
3001 config: Config{
3002 Bugs: ProtocolBugs{
3003 ExpectCloseNotify: true,
3004 },
3005 },
3006 flags: []string{"-check-close-notify"},
3007 })
3008
3009 // Bidirectional shutdown with the shim initiating. The runner,
3010 // in the meantime, sends garbage before the close_notify which
3011 // the shim must ignore.
3012 tests = append(tests, testCase{
3013 name: "Shutdown-Shim",
3014 config: Config{
3015 Bugs: ProtocolBugs{
3016 ExpectCloseNotify: true,
3017 },
3018 },
3019 shimShutsDown: true,
3020 sendEmptyRecords: 1,
3021 sendWarningAlerts: 1,
3022 flags: []string{"-check-close-notify"},
3023 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3024 } else {
3025 tests = append(tests, testCase{
3026 name: "SkipHelloVerifyRequest",
3027 config: Config{
3028 Bugs: ProtocolBugs{
3029 SkipHelloVerifyRequest: true,
3030 },
3031 },
3032 })
3033 }
3034
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3035 for _, test := range tests {
3036 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3037 if protocol == dtls {
3038 test.name += "-DTLS"
3039 }
3040 if async {
3041 test.name += "-Async"
3042 test.flags = append(test.flags, "-async")
3043 } else {
3044 test.name += "-Sync"
3045 }
3046 if splitHandshake {
3047 test.name += "-SplitHandshakeRecords"
3048 test.config.Bugs.MaxHandshakeRecordLength = 1
3049 if protocol == dtls {
3050 test.config.Bugs.MaxPacketLength = 256
3051 test.flags = append(test.flags, "-mtu", "256")
3052 }
3053 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3054 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3055 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3056}
3057
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3058func addDDoSCallbackTests() {
3059 // DDoS callback.
3060
3061 for _, resume := range []bool{false, true} {
3062 suffix := "Resume"
3063 if resume {
3064 suffix = "No" + suffix
3065 }
3066
3067 testCases = append(testCases, testCase{
3068 testType: serverTest,
3069 name: "Server-DDoS-OK-" + suffix,
3070 flags: []string{"-install-ddos-callback"},
3071 resumeSession: resume,
3072 })
3073
3074 failFlag := "-fail-ddos-callback"
3075 if resume {
3076 failFlag = "-fail-second-ddos-callback"
3077 }
3078 testCases = append(testCases, testCase{
3079 testType: serverTest,
3080 name: "Server-DDoS-Reject-" + suffix,
3081 flags: []string{"-install-ddos-callback", failFlag},
3082 resumeSession: resume,
3083 shouldFail: true,
3084 expectedError: ":CONNECTION_REJECTED:",
3085 })
3086 }
3087}
3088
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3089func addVersionNegotiationTests() {
3090 for i, shimVers := range tlsVersions {
3091 // Assemble flags to disable all newer versions on the shim.
3092 var flags []string
3093 for _, vers := range tlsVersions[i+1:] {
3094 flags = append(flags, vers.flag)
3095 }
3096
3097 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3098 protocols := []protocol{tls}
3099 if runnerVers.hasDTLS && shimVers.hasDTLS {
3100 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3101 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3102 for _, protocol := range protocols {
3103 expectedVersion := shimVers.version
3104 if runnerVers.version < shimVers.version {
3105 expectedVersion = runnerVers.version
3106 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3107
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3108 suffix := shimVers.name + "-" + runnerVers.name
3109 if protocol == dtls {
3110 suffix += "-DTLS"
3111 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3112
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3113 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3114
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3115 clientVers := shimVers.version
3116 if clientVers > VersionTLS10 {
3117 clientVers = VersionTLS10
3118 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3119 testCases = append(testCases, testCase{
3120 protocol: protocol,
3121 testType: clientTest,
3122 name: "VersionNegotiation-Client-" + suffix,
3123 config: Config{
3124 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3125 Bugs: ProtocolBugs{
3126 ExpectInitialRecordVersion: clientVers,
3127 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3128 },
3129 flags: flags,
3130 expectedVersion: expectedVersion,
3131 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3132 testCases = append(testCases, testCase{
3133 protocol: protocol,
3134 testType: clientTest,
3135 name: "VersionNegotiation-Client2-" + suffix,
3136 config: Config{
3137 MaxVersion: runnerVers.version,
3138 Bugs: ProtocolBugs{
3139 ExpectInitialRecordVersion: clientVers,
3140 },
3141 },
3142 flags: []string{"-max-version", shimVersFlag},
3143 expectedVersion: expectedVersion,
3144 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3145
3146 testCases = append(testCases, testCase{
3147 protocol: protocol,
3148 testType: serverTest,
3149 name: "VersionNegotiation-Server-" + suffix,
3150 config: Config{
3151 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3152 Bugs: ProtocolBugs{
3153 ExpectInitialRecordVersion: expectedVersion,
3154 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3155 },
3156 flags: flags,
3157 expectedVersion: expectedVersion,
3158 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3159 testCases = append(testCases, testCase{
3160 protocol: protocol,
3161 testType: serverTest,
3162 name: "VersionNegotiation-Server2-" + suffix,
3163 config: Config{
3164 MaxVersion: runnerVers.version,
3165 Bugs: ProtocolBugs{
3166 ExpectInitialRecordVersion: expectedVersion,
3167 },
3168 },
3169 flags: []string{"-max-version", shimVersFlag},
3170 expectedVersion: expectedVersion,
3171 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3172 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3173 }
3174 }
3175}
3176
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3177func addMinimumVersionTests() {
3178 for i, shimVers := range tlsVersions {
3179 // Assemble flags to disable all older versions on the shim.
3180 var flags []string
3181 for _, vers := range tlsVersions[:i] {
3182 flags = append(flags, vers.flag)
3183 }
3184
3185 for _, runnerVers := range tlsVersions {
3186 protocols := []protocol{tls}
3187 if runnerVers.hasDTLS && shimVers.hasDTLS {
3188 protocols = append(protocols, dtls)
3189 }
3190 for _, protocol := range protocols {
3191 suffix := shimVers.name + "-" + runnerVers.name
3192 if protocol == dtls {
3193 suffix += "-DTLS"
3194 }
3195 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3196
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3197 var expectedVersion uint16
3198 var shouldFail bool
3199 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3200 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3201 if runnerVers.version >= shimVers.version {
3202 expectedVersion = runnerVers.version
3203 } else {
3204 shouldFail = true
3205 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3206 if runnerVers.version > VersionSSL30 {
3207 expectedLocalError = "remote error: protocol version not supported"
3208 } else {
3209 expectedLocalError = "remote error: handshake failure"
3210 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3211 }
3212
3213 testCases = append(testCases, testCase{
3214 protocol: protocol,
3215 testType: clientTest,
3216 name: "MinimumVersion-Client-" + suffix,
3217 config: Config{
3218 MaxVersion: runnerVers.version,
3219 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3220 flags: flags,
3221 expectedVersion: expectedVersion,
3222 shouldFail: shouldFail,
3223 expectedError: expectedError,
3224 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3225 })
3226 testCases = append(testCases, testCase{
3227 protocol: protocol,
3228 testType: clientTest,
3229 name: "MinimumVersion-Client2-" + suffix,
3230 config: Config{
3231 MaxVersion: runnerVers.version,
3232 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3233 flags: []string{"-min-version", shimVersFlag},
3234 expectedVersion: expectedVersion,
3235 shouldFail: shouldFail,
3236 expectedError: expectedError,
3237 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3238 })
3239
3240 testCases = append(testCases, testCase{
3241 protocol: protocol,
3242 testType: serverTest,
3243 name: "MinimumVersion-Server-" + suffix,
3244 config: Config{
3245 MaxVersion: runnerVers.version,
3246 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3247 flags: flags,
3248 expectedVersion: expectedVersion,
3249 shouldFail: shouldFail,
3250 expectedError: expectedError,
3251 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3252 })
3253 testCases = append(testCases, testCase{
3254 protocol: protocol,
3255 testType: serverTest,
3256 name: "MinimumVersion-Server2-" + suffix,
3257 config: Config{
3258 MaxVersion: runnerVers.version,
3259 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3260 flags: []string{"-min-version", shimVersFlag},
3261 expectedVersion: expectedVersion,
3262 shouldFail: shouldFail,
3263 expectedError: expectedError,
3264 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3265 })
3266 }
3267 }
3268 }
3269}
3270
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3271func addExtensionTests() {
3272 testCases = append(testCases, testCase{
3273 testType: clientTest,
3274 name: "DuplicateExtensionClient",
3275 config: Config{
3276 Bugs: ProtocolBugs{
3277 DuplicateExtension: true,
3278 },
3279 },
3280 shouldFail: true,
3281 expectedLocalError: "remote error: error decoding message",
3282 })
3283 testCases = append(testCases, testCase{
3284 testType: serverTest,
3285 name: "DuplicateExtensionServer",
3286 config: Config{
3287 Bugs: ProtocolBugs{
3288 DuplicateExtension: true,
3289 },
3290 },
3291 shouldFail: true,
3292 expectedLocalError: "remote error: error decoding message",
3293 })
3294 testCases = append(testCases, testCase{
3295 testType: clientTest,
3296 name: "ServerNameExtensionClient",
3297 config: Config{
3298 Bugs: ProtocolBugs{
3299 ExpectServerName: "example.com",
3300 },
3301 },
3302 flags: []string{"-host-name", "example.com"},
3303 })
3304 testCases = append(testCases, testCase{
3305 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3306 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3307 config: Config{
3308 Bugs: ProtocolBugs{
3309 ExpectServerName: "mismatch.com",
3310 },
3311 },
3312 flags: []string{"-host-name", "example.com"},
3313 shouldFail: true,
3314 expectedLocalError: "tls: unexpected server name",
3315 })
3316 testCases = append(testCases, testCase{
3317 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3318 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3319 config: Config{
3320 Bugs: ProtocolBugs{
3321 ExpectServerName: "missing.com",
3322 },
3323 },
3324 shouldFail: true,
3325 expectedLocalError: "tls: unexpected server name",
3326 })
3327 testCases = append(testCases, testCase{
3328 testType: serverTest,
3329 name: "ServerNameExtensionServer",
3330 config: Config{
3331 ServerName: "example.com",
3332 },
3333 flags: []string{"-expect-server-name", "example.com"},
3334 resumeSession: true,
3335 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3336 testCases = append(testCases, testCase{
3337 testType: clientTest,
3338 name: "ALPNClient",
3339 config: Config{
3340 NextProtos: []string{"foo"},
3341 },
3342 flags: []string{
3343 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3344 "-expect-alpn", "foo",
3345 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3346 expectedNextProto: "foo",
3347 expectedNextProtoType: alpn,
3348 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3349 })
3350 testCases = append(testCases, testCase{
3351 testType: serverTest,
3352 name: "ALPNServer",
3353 config: Config{
3354 NextProtos: []string{"foo", "bar", "baz"},
3355 },
3356 flags: []string{
3357 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3358 "-select-alpn", "foo",
3359 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3360 expectedNextProto: "foo",
3361 expectedNextProtoType: alpn,
3362 resumeSession: true,
3363 })
3364 // Test that the server prefers ALPN over NPN.
3365 testCases = append(testCases, testCase{
3366 testType: serverTest,
3367 name: "ALPNServer-Preferred",
3368 config: Config{
3369 NextProtos: []string{"foo", "bar", "baz"},
3370 },
3371 flags: []string{
3372 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3373 "-select-alpn", "foo",
3374 "-advertise-npn", "\x03foo\x03bar\x03baz",
3375 },
3376 expectedNextProto: "foo",
3377 expectedNextProtoType: alpn,
3378 resumeSession: true,
3379 })
3380 testCases = append(testCases, testCase{
3381 testType: serverTest,
3382 name: "ALPNServer-Preferred-Swapped",
3383 config: Config{
3384 NextProtos: []string{"foo", "bar", "baz"},
3385 Bugs: ProtocolBugs{
3386 SwapNPNAndALPN: true,
3387 },
3388 },
3389 flags: []string{
3390 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3391 "-select-alpn", "foo",
3392 "-advertise-npn", "\x03foo\x03bar\x03baz",
3393 },
3394 expectedNextProto: "foo",
3395 expectedNextProtoType: alpn,
3396 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3397 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3398 var emptyString string
3399 testCases = append(testCases, testCase{
3400 testType: clientTest,
3401 name: "ALPNClient-EmptyProtocolName",
3402 config: Config{
3403 NextProtos: []string{""},
3404 Bugs: ProtocolBugs{
3405 // A server returning an empty ALPN protocol
3406 // should be rejected.
3407 ALPNProtocol: &emptyString,
3408 },
3409 },
3410 flags: []string{
3411 "-advertise-alpn", "\x03foo",
3412 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3413 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3414 expectedError: ":PARSE_TLSEXT:",
3415 })
3416 testCases = append(testCases, testCase{
3417 testType: serverTest,
3418 name: "ALPNServer-EmptyProtocolName",
3419 config: Config{
3420 // A ClientHello containing an empty ALPN protocol
3421 // should be rejected.
3422 NextProtos: []string{"foo", "", "baz"},
3423 },
3424 flags: []string{
3425 "-select-alpn", "foo",
3426 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3427 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3428 expectedError: ":PARSE_TLSEXT:",
3429 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3430 // Test that negotiating both NPN and ALPN is forbidden.
3431 testCases = append(testCases, testCase{
3432 name: "NegotiateALPNAndNPN",
3433 config: Config{
3434 NextProtos: []string{"foo", "bar", "baz"},
3435 Bugs: ProtocolBugs{
3436 NegotiateALPNAndNPN: true,
3437 },
3438 },
3439 flags: []string{
3440 "-advertise-alpn", "\x03foo",
3441 "-select-next-proto", "foo",
3442 },
3443 shouldFail: true,
3444 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3445 })
3446 testCases = append(testCases, testCase{
3447 name: "NegotiateALPNAndNPN-Swapped",
3448 config: Config{
3449 NextProtos: []string{"foo", "bar", "baz"},
3450 Bugs: ProtocolBugs{
3451 NegotiateALPNAndNPN: true,
3452 SwapNPNAndALPN: true,
3453 },
3454 },
3455 flags: []string{
3456 "-advertise-alpn", "\x03foo",
3457 "-select-next-proto", "foo",
3458 },
3459 shouldFail: true,
3460 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3461 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3462 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3463 testCases = append(testCases, testCase{
3464 name: "DisableNPN",
3465 config: Config{
3466 NextProtos: []string{"foo"},
3467 },
3468 flags: []string{
3469 "-select-next-proto", "foo",
3470 "-disable-npn",
3471 },
3472 expectNoNextProto: true,
3473 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3474 // Resume with a corrupt ticket.
3475 testCases = append(testCases, testCase{
3476 testType: serverTest,
3477 name: "CorruptTicket",
3478 config: Config{
3479 Bugs: ProtocolBugs{
3480 CorruptTicket: true,
3481 },
3482 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3483 resumeSession: true,
3484 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3485 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3486 // Test the ticket callback, with and without renewal.
3487 testCases = append(testCases, testCase{
3488 testType: serverTest,
3489 name: "TicketCallback",
3490 resumeSession: true,
3491 flags: []string{"-use-ticket-callback"},
3492 })
3493 testCases = append(testCases, testCase{
3494 testType: serverTest,
3495 name: "TicketCallback-Renew",
3496 config: Config{
3497 Bugs: ProtocolBugs{
3498 ExpectNewTicket: true,
3499 },
3500 },
3501 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3502 resumeSession: true,
3503 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3504 // Resume with an oversized session id.
3505 testCases = append(testCases, testCase{
3506 testType: serverTest,
3507 name: "OversizedSessionId",
3508 config: Config{
3509 Bugs: ProtocolBugs{
3510 OversizedSessionId: true,
3511 },
3512 },
3513 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3514 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3515 expectedError: ":DECODE_ERROR:",
3516 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3517 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3518 // are ignored.
3519 testCases = append(testCases, testCase{
3520 protocol: dtls,
3521 name: "SRTP-Client",
3522 config: Config{
3523 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3524 },
3525 flags: []string{
3526 "-srtp-profiles",
3527 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3528 },
3529 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3530 })
3531 testCases = append(testCases, testCase{
3532 protocol: dtls,
3533 testType: serverTest,
3534 name: "SRTP-Server",
3535 config: Config{
3536 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3537 },
3538 flags: []string{
3539 "-srtp-profiles",
3540 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3541 },
3542 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3543 })
3544 // Test that the MKI is ignored.
3545 testCases = append(testCases, testCase{
3546 protocol: dtls,
3547 testType: serverTest,
3548 name: "SRTP-Server-IgnoreMKI",
3549 config: Config{
3550 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3551 Bugs: ProtocolBugs{
3552 SRTPMasterKeyIdentifer: "bogus",
3553 },
3554 },
3555 flags: []string{
3556 "-srtp-profiles",
3557 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3558 },
3559 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3560 })
3561 // Test that SRTP isn't negotiated on the server if there were
3562 // no matching profiles.
3563 testCases = append(testCases, testCase{
3564 protocol: dtls,
3565 testType: serverTest,
3566 name: "SRTP-Server-NoMatch",
3567 config: Config{
3568 SRTPProtectionProfiles: []uint16{100, 101, 102},
3569 },
3570 flags: []string{
3571 "-srtp-profiles",
3572 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3573 },
3574 expectedSRTPProtectionProfile: 0,
3575 })
3576 // Test that the server returning an invalid SRTP profile is
3577 // flagged as an error by the client.
3578 testCases = append(testCases, testCase{
3579 protocol: dtls,
3580 name: "SRTP-Client-NoMatch",
3581 config: Config{
3582 Bugs: ProtocolBugs{
3583 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3584 },
3585 },
3586 flags: []string{
3587 "-srtp-profiles",
3588 "SRTP_AES128_CM_SHA1_80",
3589 },
3590 shouldFail: true,
3591 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3592 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3593 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3594 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3595 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3596 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3597 flags: []string{
3598 "-enable-signed-cert-timestamps",
3599 "-expect-signed-cert-timestamps",
3600 base64.StdEncoding.EncodeToString(testSCTList),
3601 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3602 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3603 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3604 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3605 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3606 testType: serverTest,
3607 flags: []string{
3608 "-signed-cert-timestamps",
3609 base64.StdEncoding.EncodeToString(testSCTList),
3610 },
3611 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3612 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3613 })
3614 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3615 testType: clientTest,
3616 name: "ClientHelloPadding",
3617 config: Config{
3618 Bugs: ProtocolBugs{
3619 RequireClientHelloSize: 512,
3620 },
3621 },
3622 // This hostname just needs to be long enough to push the
3623 // ClientHello into F5's danger zone between 256 and 511 bytes
3624 // long.
3625 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3626 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]3627
3628 // Extensions should not function in SSL 3.0.
3629 testCases = append(testCases, testCase{
3630 testType: serverTest,
3631 name: "SSLv3Extensions-NoALPN",
3632 config: Config{
3633 MaxVersion: VersionSSL30,
3634 NextProtos: []string{"foo", "bar", "baz"},
3635 },
3636 flags: []string{
3637 "-select-alpn", "foo",
3638 },
3639 expectNoNextProto: true,
3640 })
3641
3642 // Test session tickets separately as they follow a different codepath.
3643 testCases = append(testCases, testCase{
3644 testType: serverTest,
3645 name: "SSLv3Extensions-NoTickets",
3646 config: Config{
3647 MaxVersion: VersionSSL30,
3648 Bugs: ProtocolBugs{
3649 // Historically, session tickets in SSL 3.0
3650 // failed in different ways depending on whether
3651 // the client supported renegotiation_info.
3652 NoRenegotiationInfo: true,
3653 },
3654 },
3655 resumeSession: true,
3656 })
3657 testCases = append(testCases, testCase{
3658 testType: serverTest,
3659 name: "SSLv3Extensions-NoTickets2",
3660 config: Config{
3661 MaxVersion: VersionSSL30,
3662 },
3663 resumeSession: true,
3664 })
3665
3666 // But SSL 3.0 does send and process renegotiation_info.
3667 testCases = append(testCases, testCase{
3668 testType: serverTest,
3669 name: "SSLv3Extensions-RenegotiationInfo",
3670 config: Config{
3671 MaxVersion: VersionSSL30,
3672 Bugs: ProtocolBugs{
3673 RequireRenegotiationInfo: true,
3674 },
3675 },
3676 })
3677 testCases = append(testCases, testCase{
3678 testType: serverTest,
3679 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
3680 config: Config{
3681 MaxVersion: VersionSSL30,
3682 Bugs: ProtocolBugs{
3683 NoRenegotiationInfo: true,
3684 SendRenegotiationSCSV: true,
3685 RequireRenegotiationInfo: true,
3686 },
3687 },
3688 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3689}
3690
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3691func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3692 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3693 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3694 protocols := []protocol{tls}
3695 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3696 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3697 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3698 for _, protocol := range protocols {
3699 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3700 if protocol == dtls {
3701 suffix += "-DTLS"
3702 }
3703
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3704 if sessionVers.version == resumeVers.version {
3705 testCases = append(testCases, testCase{
3706 protocol: protocol,
3707 name: "Resume-Client" + suffix,
3708 resumeSession: true,
3709 config: Config{
3710 MaxVersion: sessionVers.version,
3711 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3712 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3713 expectedVersion: sessionVers.version,
3714 expectedResumeVersion: resumeVers.version,
3715 })
3716 } else {
3717 testCases = append(testCases, testCase{
3718 protocol: protocol,
3719 name: "Resume-Client-Mismatch" + suffix,
3720 resumeSession: true,
3721 config: Config{
3722 MaxVersion: sessionVers.version,
3723 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3724 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3725 expectedVersion: sessionVers.version,
3726 resumeConfig: &Config{
3727 MaxVersion: resumeVers.version,
3728 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3729 Bugs: ProtocolBugs{
3730 AllowSessionVersionMismatch: true,
3731 },
3732 },
3733 expectedResumeVersion: resumeVers.version,
3734 shouldFail: true,
3735 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3736 })
3737 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3738
3739 testCases = append(testCases, testCase{
3740 protocol: protocol,
3741 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3742 resumeSession: true,
3743 config: Config{
3744 MaxVersion: sessionVers.version,
3745 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3746 },
3747 expectedVersion: sessionVers.version,
3748 resumeConfig: &Config{
3749 MaxVersion: resumeVers.version,
3750 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3751 },
3752 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3753 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3754 expectedResumeVersion: resumeVers.version,
3755 })
3756
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3757 testCases = append(testCases, testCase{
3758 protocol: protocol,
3759 testType: serverTest,
3760 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3761 resumeSession: true,
3762 config: Config{
3763 MaxVersion: sessionVers.version,
3764 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3765 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3766 expectedVersion: sessionVers.version,
3767 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3768 resumeConfig: &Config{
3769 MaxVersion: resumeVers.version,
3770 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3771 },
3772 expectedResumeVersion: resumeVers.version,
3773 })
3774 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3775 }
3776 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3777
3778 testCases = append(testCases, testCase{
3779 name: "Resume-Client-CipherMismatch",
3780 resumeSession: true,
3781 config: Config{
3782 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3783 },
3784 resumeConfig: &Config{
3785 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3786 Bugs: ProtocolBugs{
3787 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3788 },
3789 },
3790 shouldFail: true,
3791 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3792 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3793}
3794
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3795func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3796 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3797 testCases = append(testCases, testCase{
3798 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3799 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3800 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3801 shouldFail: true,
3802 expectedError: ":NO_RENEGOTIATION:",
3803 expectedLocalError: "remote error: no renegotiation",
3804 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3805 // The server shouldn't echo the renegotiation extension unless
3806 // requested by the client.
3807 testCases = append(testCases, testCase{
3808 testType: serverTest,
3809 name: "Renegotiate-Server-NoExt",
3810 config: Config{
3811 Bugs: ProtocolBugs{
3812 NoRenegotiationInfo: true,
3813 RequireRenegotiationInfo: true,
3814 },
3815 },
3816 shouldFail: true,
3817 expectedLocalError: "renegotiation extension missing",
3818 })
3819 // The renegotiation SCSV should be sufficient for the server to echo
3820 // the extension.
3821 testCases = append(testCases, testCase{
3822 testType: serverTest,
3823 name: "Renegotiate-Server-NoExt-SCSV",
3824 config: Config{
3825 Bugs: ProtocolBugs{
3826 NoRenegotiationInfo: true,
3827 SendRenegotiationSCSV: true,
3828 RequireRenegotiationInfo: true,
3829 },
3830 },
3831 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3832 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3833 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3834 config: Config{
3835 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3836 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3837 },
3838 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3839 renegotiate: 1,
3840 flags: []string{
3841 "-renegotiate-freely",
3842 "-expect-total-renegotiations", "1",
3843 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3844 })
3845 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3846 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3847 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3848 config: Config{
3849 Bugs: ProtocolBugs{
3850 EmptyRenegotiationInfo: true,
3851 },
3852 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3853 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3854 shouldFail: true,
3855 expectedError: ":RENEGOTIATION_MISMATCH:",
3856 })
3857 testCases = append(testCases, testCase{
3858 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3859 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3860 config: Config{
3861 Bugs: ProtocolBugs{
3862 BadRenegotiationInfo: true,
3863 },
3864 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3865 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3866 shouldFail: true,
3867 expectedError: ":RENEGOTIATION_MISMATCH:",
3868 })
3869 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]3870 name: "Renegotiate-Client-Downgrade",
3871 renegotiate: 1,
3872 config: Config{
3873 Bugs: ProtocolBugs{
3874 NoRenegotiationInfoAfterInitial: true,
3875 },
3876 },
3877 flags: []string{"-renegotiate-freely"},
3878 shouldFail: true,
3879 expectedError: ":RENEGOTIATION_MISMATCH:",
3880 })
3881 testCases = append(testCases, testCase{
3882 name: "Renegotiate-Client-Upgrade",
3883 renegotiate: 1,
3884 config: Config{
3885 Bugs: ProtocolBugs{
3886 NoRenegotiationInfoInInitial: true,
3887 },
3888 },
3889 flags: []string{"-renegotiate-freely"},
3890 shouldFail: true,
3891 expectedError: ":RENEGOTIATION_MISMATCH:",
3892 })
3893 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3894 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3895 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3896 config: Config{
3897 Bugs: ProtocolBugs{
3898 NoRenegotiationInfo: true,
3899 },
3900 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3901 flags: []string{
3902 "-renegotiate-freely",
3903 "-expect-total-renegotiations", "1",
3904 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3905 })
3906 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3907 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3908 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3909 config: Config{
3910 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3911 },
3912 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3913 flags: []string{
3914 "-renegotiate-freely",
3915 "-expect-total-renegotiations", "1",
3916 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3917 })
3918 testCases = append(testCases, testCase{
3919 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3920 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3921 config: Config{
3922 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3923 },
3924 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3925 flags: []string{
3926 "-renegotiate-freely",
3927 "-expect-total-renegotiations", "1",
3928 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3929 })
3930 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3931 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3932 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3933 config: Config{
3934 MaxVersion: VersionTLS10,
3935 Bugs: ProtocolBugs{
3936 RequireSameRenegoClientVersion: true,
3937 },
3938 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3939 flags: []string{
3940 "-renegotiate-freely",
3941 "-expect-total-renegotiations", "1",
3942 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3943 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3944 testCases = append(testCases, testCase{
3945 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3946 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3947 config: Config{
3948 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3949 NextProtos: []string{"foo"},
3950 },
3951 flags: []string{
3952 "-false-start",
3953 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3954 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]3955 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3956 },
3957 shimWritesFirst: true,
3958 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3959
3960 // Client-side renegotiation controls.
3961 testCases = append(testCases, testCase{
3962 name: "Renegotiate-Client-Forbidden-1",
3963 renegotiate: 1,
3964 shouldFail: true,
3965 expectedError: ":NO_RENEGOTIATION:",
3966 expectedLocalError: "remote error: no renegotiation",
3967 })
3968 testCases = append(testCases, testCase{
3969 name: "Renegotiate-Client-Once-1",
3970 renegotiate: 1,
3971 flags: []string{
3972 "-renegotiate-once",
3973 "-expect-total-renegotiations", "1",
3974 },
3975 })
3976 testCases = append(testCases, testCase{
3977 name: "Renegotiate-Client-Freely-1",
3978 renegotiate: 1,
3979 flags: []string{
3980 "-renegotiate-freely",
3981 "-expect-total-renegotiations", "1",
3982 },
3983 })
3984 testCases = append(testCases, testCase{
3985 name: "Renegotiate-Client-Once-2",
3986 renegotiate: 2,
3987 flags: []string{"-renegotiate-once"},
3988 shouldFail: true,
3989 expectedError: ":NO_RENEGOTIATION:",
3990 expectedLocalError: "remote error: no renegotiation",
3991 })
3992 testCases = append(testCases, testCase{
3993 name: "Renegotiate-Client-Freely-2",
3994 renegotiate: 2,
3995 flags: []string{
3996 "-renegotiate-freely",
3997 "-expect-total-renegotiations", "2",
3998 },
3999 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4000 testCases = append(testCases, testCase{
4001 name: "Renegotiate-Client-NoIgnore",
4002 config: Config{
4003 Bugs: ProtocolBugs{
4004 SendHelloRequestBeforeEveryAppDataRecord: true,
4005 },
4006 },
4007 shouldFail: true,
4008 expectedError: ":NO_RENEGOTIATION:",
4009 })
4010 testCases = append(testCases, testCase{
4011 name: "Renegotiate-Client-Ignore",
4012 config: Config{
4013 Bugs: ProtocolBugs{
4014 SendHelloRequestBeforeEveryAppDataRecord: true,
4015 },
4016 },
4017 flags: []string{
4018 "-renegotiate-ignore",
4019 "-expect-total-renegotiations", "0",
4020 },
4021 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4022}
4023
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4024func addDTLSReplayTests() {
4025 // Test that sequence number replays are detected.
4026 testCases = append(testCases, testCase{
4027 protocol: dtls,
4028 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4029 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4030 replayWrites: true,
4031 })
4032
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4033 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4034 // than the retransmit window.
4035 testCases = append(testCases, testCase{
4036 protocol: dtls,
4037 name: "DTLS-Replay-LargeGaps",
4038 config: Config{
4039 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4040 SequenceNumberMapping: func(in uint64) uint64 {
4041 return in * 127
4042 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4043 },
4044 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4045 messageCount: 200,
4046 replayWrites: true,
4047 })
4048
4049 // Test the incoming sequence number changing non-monotonically.
4050 testCases = append(testCases, testCase{
4051 protocol: dtls,
4052 name: "DTLS-Replay-NonMonotonic",
4053 config: Config{
4054 Bugs: ProtocolBugs{
4055 SequenceNumberMapping: func(in uint64) uint64 {
4056 return in ^ 31
4057 },
4058 },
4059 },
4060 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4061 replayWrites: true,
4062 })
4063}
4064
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4065var testHashes = []struct {
4066 name string
4067 id uint8
4068}{
4069 {"SHA1", hashSHA1},
4070 {"SHA224", hashSHA224},
4071 {"SHA256", hashSHA256},
4072 {"SHA384", hashSHA384},
4073 {"SHA512", hashSHA512},
4074}
4075
4076func addSigningHashTests() {
4077 // Make sure each hash works. Include some fake hashes in the list and
4078 // ensure they're ignored.
4079 for _, hash := range testHashes {
4080 testCases = append(testCases, testCase{
4081 name: "SigningHash-ClientAuth-" + hash.name,
4082 config: Config{
4083 ClientAuth: RequireAnyClientCert,
4084 SignatureAndHashes: []signatureAndHash{
4085 {signatureRSA, 42},
4086 {signatureRSA, hash.id},
4087 {signatureRSA, 255},
4088 },
4089 },
4090 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4091 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4092 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4093 },
4094 })
4095
4096 testCases = append(testCases, testCase{
4097 testType: serverTest,
4098 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
4099 config: Config{
4100 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4101 SignatureAndHashes: []signatureAndHash{
4102 {signatureRSA, 42},
4103 {signatureRSA, hash.id},
4104 {signatureRSA, 255},
4105 },
4106 },
4107 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4108
4109 testCases = append(testCases, testCase{
4110 name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
4111 config: Config{
4112 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4113 SignatureAndHashes: []signatureAndHash{
4114 {signatureRSA, 42},
4115 {signatureRSA, hash.id},
4116 {signatureRSA, 255},
4117 },
4118 },
4119 flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
4120 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4121 }
4122
4123 // Test that hash resolution takes the signature type into account.
4124 testCases = append(testCases, testCase{
4125 name: "SigningHash-ClientAuth-SignatureType",
4126 config: Config{
4127 ClientAuth: RequireAnyClientCert,
4128 SignatureAndHashes: []signatureAndHash{
4129 {signatureECDSA, hashSHA512},
4130 {signatureRSA, hashSHA384},
4131 {signatureECDSA, hashSHA1},
4132 },
4133 },
4134 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4135 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4136 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4137 },
4138 })
4139
4140 testCases = append(testCases, testCase{
4141 testType: serverTest,
4142 name: "SigningHash-ServerKeyExchange-SignatureType",
4143 config: Config{
4144 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4145 SignatureAndHashes: []signatureAndHash{
4146 {signatureECDSA, hashSHA512},
4147 {signatureRSA, hashSHA384},
4148 {signatureECDSA, hashSHA1},
4149 },
4150 },
4151 })
4152
4153 // Test that, if the list is missing, the peer falls back to SHA-1.
4154 testCases = append(testCases, testCase{
4155 name: "SigningHash-ClientAuth-Fallback",
4156 config: Config{
4157 ClientAuth: RequireAnyClientCert,
4158 SignatureAndHashes: []signatureAndHash{
4159 {signatureRSA, hashSHA1},
4160 },
4161 Bugs: ProtocolBugs{
4162 NoSignatureAndHashes: true,
4163 },
4164 },
4165 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4166 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4167 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4168 },
4169 })
4170
4171 testCases = append(testCases, testCase{
4172 testType: serverTest,
4173 name: "SigningHash-ServerKeyExchange-Fallback",
4174 config: Config{
4175 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4176 SignatureAndHashes: []signatureAndHash{
4177 {signatureRSA, hashSHA1},
4178 },
4179 Bugs: ProtocolBugs{
4180 NoSignatureAndHashes: true,
4181 },
4182 },
4183 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4184
4185 // Test that hash preferences are enforced. BoringSSL defaults to
4186 // rejecting MD5 signatures.
4187 testCases = append(testCases, testCase{
4188 testType: serverTest,
4189 name: "SigningHash-ClientAuth-Enforced",
4190 config: Config{
4191 Certificates: []Certificate{rsaCertificate},
4192 SignatureAndHashes: []signatureAndHash{
4193 {signatureRSA, hashMD5},
4194 // Advertise SHA-1 so the handshake will
4195 // proceed, but the shim's preferences will be
4196 // ignored in CertificateVerify generation, so
4197 // MD5 will be chosen.
4198 {signatureRSA, hashSHA1},
4199 },
4200 Bugs: ProtocolBugs{
4201 IgnorePeerSignatureAlgorithmPreferences: true,
4202 },
4203 },
4204 flags: []string{"-require-any-client-certificate"},
4205 shouldFail: true,
4206 expectedError: ":WRONG_SIGNATURE_TYPE:",
4207 })
4208
4209 testCases = append(testCases, testCase{
4210 name: "SigningHash-ServerKeyExchange-Enforced",
4211 config: Config{
4212 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4213 SignatureAndHashes: []signatureAndHash{
4214 {signatureRSA, hashMD5},
4215 },
4216 Bugs: ProtocolBugs{
4217 IgnorePeerSignatureAlgorithmPreferences: true,
4218 },
4219 },
4220 shouldFail: true,
4221 expectedError: ":WRONG_SIGNATURE_TYPE:",
4222 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4223
4224 // Test that the agreed upon digest respects the client preferences and
4225 // the server digests.
4226 testCases = append(testCases, testCase{
4227 name: "Agree-Digest-Fallback",
4228 config: Config{
4229 ClientAuth: RequireAnyClientCert,
4230 SignatureAndHashes: []signatureAndHash{
4231 {signatureRSA, hashSHA512},
4232 {signatureRSA, hashSHA1},
4233 },
4234 },
4235 flags: []string{
4236 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4237 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4238 },
4239 digestPrefs: "SHA256",
4240 expectedClientCertSignatureHash: hashSHA1,
4241 })
4242 testCases = append(testCases, testCase{
4243 name: "Agree-Digest-SHA256",
4244 config: Config{
4245 ClientAuth: RequireAnyClientCert,
4246 SignatureAndHashes: []signatureAndHash{
4247 {signatureRSA, hashSHA1},
4248 {signatureRSA, hashSHA256},
4249 },
4250 },
4251 flags: []string{
4252 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4253 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4254 },
4255 digestPrefs: "SHA256,SHA1",
4256 expectedClientCertSignatureHash: hashSHA256,
4257 })
4258 testCases = append(testCases, testCase{
4259 name: "Agree-Digest-SHA1",
4260 config: Config{
4261 ClientAuth: RequireAnyClientCert,
4262 SignatureAndHashes: []signatureAndHash{
4263 {signatureRSA, hashSHA1},
4264 },
4265 },
4266 flags: []string{
4267 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4268 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4269 },
4270 digestPrefs: "SHA512,SHA256,SHA1",
4271 expectedClientCertSignatureHash: hashSHA1,
4272 })
4273 testCases = append(testCases, testCase{
4274 name: "Agree-Digest-Default",
4275 config: Config{
4276 ClientAuth: RequireAnyClientCert,
4277 SignatureAndHashes: []signatureAndHash{
4278 {signatureRSA, hashSHA256},
4279 {signatureECDSA, hashSHA256},
4280 {signatureRSA, hashSHA1},
4281 {signatureECDSA, hashSHA1},
4282 },
4283 },
4284 flags: []string{
4285 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4286 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4287 },
4288 expectedClientCertSignatureHash: hashSHA256,
4289 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4290}
4291
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4292// timeouts is the retransmit schedule for BoringSSL. It doubles and
4293// caps at 60 seconds. On the 13th timeout, it gives up.
4294var timeouts = []time.Duration{
4295 1 * time.Second,
4296 2 * time.Second,
4297 4 * time.Second,
4298 8 * time.Second,
4299 16 * time.Second,
4300 32 * time.Second,
4301 60 * time.Second,
4302 60 * time.Second,
4303 60 * time.Second,
4304 60 * time.Second,
4305 60 * time.Second,
4306 60 * time.Second,
4307 60 * time.Second,
4308}
4309
4310func addDTLSRetransmitTests() {
4311 // Test that this is indeed the timeout schedule. Stress all
4312 // four patterns of handshake.
4313 for i := 1; i < len(timeouts); i++ {
4314 number := strconv.Itoa(i)
4315 testCases = append(testCases, testCase{
4316 protocol: dtls,
4317 name: "DTLS-Retransmit-Client-" + number,
4318 config: Config{
4319 Bugs: ProtocolBugs{
4320 TimeoutSchedule: timeouts[:i],
4321 },
4322 },
4323 resumeSession: true,
4324 flags: []string{"-async"},
4325 })
4326 testCases = append(testCases, testCase{
4327 protocol: dtls,
4328 testType: serverTest,
4329 name: "DTLS-Retransmit-Server-" + number,
4330 config: Config{
4331 Bugs: ProtocolBugs{
4332 TimeoutSchedule: timeouts[:i],
4333 },
4334 },
4335 resumeSession: true,
4336 flags: []string{"-async"},
4337 })
4338 }
4339
4340 // Test that exceeding the timeout schedule hits a read
4341 // timeout.
4342 testCases = append(testCases, testCase{
4343 protocol: dtls,
4344 name: "DTLS-Retransmit-Timeout",
4345 config: Config{
4346 Bugs: ProtocolBugs{
4347 TimeoutSchedule: timeouts,
4348 },
4349 },
4350 resumeSession: true,
4351 flags: []string{"-async"},
4352 shouldFail: true,
4353 expectedError: ":READ_TIMEOUT_EXPIRED:",
4354 })
4355
4356 // Test that timeout handling has a fudge factor, due to API
4357 // problems.
4358 testCases = append(testCases, testCase{
4359 protocol: dtls,
4360 name: "DTLS-Retransmit-Fudge",
4361 config: Config{
4362 Bugs: ProtocolBugs{
4363 TimeoutSchedule: []time.Duration{
4364 timeouts[0] - 10*time.Millisecond,
4365 },
4366 },
4367 },
4368 resumeSession: true,
4369 flags: []string{"-async"},
4370 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]4371
4372 // Test that the final Finished retransmitting isn't
4373 // duplicated if the peer badly fragments everything.
4374 testCases = append(testCases, testCase{
4375 testType: serverTest,
4376 protocol: dtls,
4377 name: "DTLS-Retransmit-Fragmented",
4378 config: Config{
4379 Bugs: ProtocolBugs{
4380 TimeoutSchedule: []time.Duration{timeouts[0]},
4381 MaxHandshakeRecordLength: 2,
4382 },
4383 },
4384 flags: []string{"-async"},
4385 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4386}
4387
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4388func addExportKeyingMaterialTests() {
4389 for _, vers := range tlsVersions {
4390 if vers.version == VersionSSL30 {
4391 continue
4392 }
4393 testCases = append(testCases, testCase{
4394 name: "ExportKeyingMaterial-" + vers.name,
4395 config: Config{
4396 MaxVersion: vers.version,
4397 },
4398 exportKeyingMaterial: 1024,
4399 exportLabel: "label",
4400 exportContext: "context",
4401 useExportContext: true,
4402 })
4403 testCases = append(testCases, testCase{
4404 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4405 config: Config{
4406 MaxVersion: vers.version,
4407 },
4408 exportKeyingMaterial: 1024,
4409 })
4410 testCases = append(testCases, testCase{
4411 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4412 config: Config{
4413 MaxVersion: vers.version,
4414 },
4415 exportKeyingMaterial: 1024,
4416 useExportContext: true,
4417 })
4418 testCases = append(testCases, testCase{
4419 name: "ExportKeyingMaterial-Small-" + vers.name,
4420 config: Config{
4421 MaxVersion: vers.version,
4422 },
4423 exportKeyingMaterial: 1,
4424 exportLabel: "label",
4425 exportContext: "context",
4426 useExportContext: true,
4427 })
4428 }
4429 testCases = append(testCases, testCase{
4430 name: "ExportKeyingMaterial-SSL3",
4431 config: Config{
4432 MaxVersion: VersionSSL30,
4433 },
4434 exportKeyingMaterial: 1024,
4435 exportLabel: "label",
4436 exportContext: "context",
4437 useExportContext: true,
4438 shouldFail: true,
4439 expectedError: "failed to export keying material",
4440 })
4441}
4442
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4443func addTLSUniqueTests() {
4444 for _, isClient := range []bool{false, true} {
4445 for _, isResumption := range []bool{false, true} {
4446 for _, hasEMS := range []bool{false, true} {
4447 var suffix string
4448 if isResumption {
4449 suffix = "Resume-"
4450 } else {
4451 suffix = "Full-"
4452 }
4453
4454 if hasEMS {
4455 suffix += "EMS-"
4456 } else {
4457 suffix += "NoEMS-"
4458 }
4459
4460 if isClient {
4461 suffix += "Client"
4462 } else {
4463 suffix += "Server"
4464 }
4465
4466 test := testCase{
4467 name: "TLSUnique-" + suffix,
4468 testTLSUnique: true,
4469 config: Config{
4470 Bugs: ProtocolBugs{
4471 NoExtendedMasterSecret: !hasEMS,
4472 },
4473 },
4474 }
4475
4476 if isResumption {
4477 test.resumeSession = true
4478 test.resumeConfig = &Config{
4479 Bugs: ProtocolBugs{
4480 NoExtendedMasterSecret: !hasEMS,
4481 },
4482 }
4483 }
4484
4485 if isResumption && !hasEMS {
4486 test.shouldFail = true
4487 test.expectedError = "failed to get tls-unique"
4488 }
4489
4490 testCases = append(testCases, test)
4491 }
4492 }
4493 }
4494}
4495
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4496func addCustomExtensionTests() {
4497 expectedContents := "custom extension"
4498 emptyString := ""
4499
4500 for _, isClient := range []bool{false, true} {
4501 suffix := "Server"
4502 flag := "-enable-server-custom-extension"
4503 testType := serverTest
4504 if isClient {
4505 suffix = "Client"
4506 flag = "-enable-client-custom-extension"
4507 testType = clientTest
4508 }
4509
4510 testCases = append(testCases, testCase{
4511 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4512 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4513 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4514 Bugs: ProtocolBugs{
4515 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4516 ExpectedCustomExtension: &expectedContents,
4517 },
4518 },
4519 flags: []string{flag},
4520 })
4521
4522 // If the parse callback fails, the handshake should also fail.
4523 testCases = append(testCases, testCase{
4524 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4525 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4526 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4527 Bugs: ProtocolBugs{
4528 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4529 ExpectedCustomExtension: &expectedContents,
4530 },
4531 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4532 flags: []string{flag},
4533 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4534 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4535 })
4536
4537 // If the add callback fails, the handshake should also fail.
4538 testCases = append(testCases, testCase{
4539 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4540 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4541 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4542 Bugs: ProtocolBugs{
4543 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4544 ExpectedCustomExtension: &expectedContents,
4545 },
4546 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4547 flags: []string{flag, "-custom-extension-fail-add"},
4548 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4549 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4550 })
4551
4552 // If the add callback returns zero, no extension should be
4553 // added.
4554 skipCustomExtension := expectedContents
4555 if isClient {
4556 // For the case where the client skips sending the
4557 // custom extension, the server must not “echo” it.
4558 skipCustomExtension = ""
4559 }
4560 testCases = append(testCases, testCase{
4561 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4562 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4563 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4564 Bugs: ProtocolBugs{
4565 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4566 ExpectedCustomExtension: &emptyString,
4567 },
4568 },
4569 flags: []string{flag, "-custom-extension-skip"},
4570 })
4571 }
4572
4573 // The custom extension add callback should not be called if the client
4574 // doesn't send the extension.
4575 testCases = append(testCases, testCase{
4576 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4577 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4578 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4579 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4580 ExpectedCustomExtension: &emptyString,
4581 },
4582 },
4583 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
4584 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]4585
4586 // Test an unknown extension from the server.
4587 testCases = append(testCases, testCase{
4588 testType: clientTest,
4589 name: "UnknownExtension-Client",
4590 config: Config{
4591 Bugs: ProtocolBugs{
4592 CustomExtension: expectedContents,
4593 },
4594 },
4595 shouldFail: true,
4596 expectedError: ":UNEXPECTED_EXTENSION:",
4597 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4598}
4599
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4600func addRSAClientKeyExchangeTests() {
4601 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
4602 testCases = append(testCases, testCase{
4603 testType: serverTest,
4604 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
4605 config: Config{
4606 // Ensure the ClientHello version and final
4607 // version are different, to detect if the
4608 // server uses the wrong one.
4609 MaxVersion: VersionTLS11,
4610 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4611 Bugs: ProtocolBugs{
4612 BadRSAClientKeyExchange: bad,
4613 },
4614 },
4615 shouldFail: true,
4616 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
4617 })
4618 }
4619}
4620
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame^]4621var testCurves = []struct {
4622 name string
4623 id CurveID
4624}{
4625 {"P-224", CurveP224},
4626 {"P-256", CurveP256},
4627 {"P-384", CurveP384},
4628 {"P-521", CurveP521},
4629}
4630
4631func addCurveTests() {
4632 for _, curve := range testCurves {
4633 testCases = append(testCases, testCase{
4634 name: "CurveTest-Client-" + curve.name,
4635 config: Config{
4636 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4637 CurvePreferences: []CurveID{curve.id},
4638 },
4639 flags: []string{"-enable-all-curves"},
4640 })
4641 testCases = append(testCases, testCase{
4642 testType: serverTest,
4643 name: "CurveTest-Server-" + curve.name,
4644 config: Config{
4645 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4646 CurvePreferences: []CurveID{curve.id},
4647 },
4648 flags: []string{"-enable-all-curves"},
4649 })
4650 }
4651}
4652
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4653func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4654 defer wg.Done()
4655
4656 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4657 var err error
4658
4659 if *mallocTest < 0 {
4660 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4661 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4662 } else {
4663 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
4664 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4665 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4666 if err != nil {
4667 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
4668 }
4669 break
4670 }
4671 }
4672 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4673 statusChan <- statusMsg{test: test, err: err}
4674 }
4675}
4676
4677type statusMsg struct {
4678 test *testCase
4679 started bool
4680 err error
4681}
4682
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4683func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4684 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4685
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4686 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4687 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4688 if !*pipe {
4689 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]4690 var erase string
4691 for i := 0; i < lineLen; i++ {
4692 erase += "\b \b"
4693 }
4694 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4695 }
4696
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4697 if msg.started {
4698 started++
4699 } else {
4700 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4701
4702 if msg.err != nil {
4703 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4704 failed++
4705 testOutput.addResult(msg.test.name, "FAIL")
4706 } else {
4707 if *pipe {
4708 // Print each test instead of a status line.
4709 fmt.Printf("PASSED (%s)\n", msg.test.name)
4710 }
4711 testOutput.addResult(msg.test.name, "PASS")
4712 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4713 }
4714
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4715 if !*pipe {
4716 // Print a new status line.
4717 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4718 lineLen = len(line)
4719 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4720 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4721 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4722
4723 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4724}
4725
4726func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4727 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4728 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4729
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4730 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4731 addCipherSuiteTests()
4732 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4733 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4734 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4735 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4736 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4737 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4738 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4739 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4740 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4741 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4742 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4743 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4744 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4745 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4746 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4747 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4748 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4749 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame^]4750 addCurveTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4751 for _, async := range []bool{false, true} {
4752 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4753 for _, protocol := range []protocol{tls, dtls} {
4754 addStateMachineCoverageTests(async, splitHandshake, protocol)
4755 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4756 }
4757 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4758
4759 var wg sync.WaitGroup
4760
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4761 statusChan := make(chan statusMsg, *numWorkers)
4762 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4763 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4764
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4765 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4766
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4767 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4768 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4769 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4770 }
4771
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4772 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4773 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4774 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4775 }
4776 }
4777
4778 close(testChan)
4779 wg.Wait()
4780 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4781 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4782
4783 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4784
4785 if *jsonOutput != "" {
4786 if err := testOutput.writeTo(*jsonOutput); err != nil {
4787 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4788 }
4789 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4790
4791 if !testOutput.allPassed {
4792 os.Exit(1)
4793 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4794}