Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 9114fae39e86c067d5451a4e23730fc0a7f2de58 / . / ssl / test / runner / runner.go
blob: 2c897177cc99bd99e14db4a52fa472e0c16e2cf5 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1package main
2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]14 "net"
15 "os"
16 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]17 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]18 "runtime"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]19 "strings"
20 "sync"
21 "syscall"
22)
23
24var useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]25var useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
26var flagDebug *bool = flag.Bool("debug", false, "Hexdump the contents of the connection")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]27
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]28const (
29 rsaCertificateFile = "cert.pem"
30 ecdsaCertificateFile = "ecdsa_cert.pem"
31)
32
33const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]34 rsaKeyFile = "key.pem"
35 ecdsaKeyFile = "ecdsa_key.pem"
36 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]37)
38
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]39var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]40var channelIDKey *ecdsa.PrivateKey
41var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]42
43func initCertificates() {
44 var err error
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]45 rsaCertificate, err = LoadX509KeyPair(rsaCertificateFile, rsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]46 if err != nil {
47 panic(err)
48 }
49
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]50 ecdsaCertificate, err = LoadX509KeyPair(ecdsaCertificateFile, ecdsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]51 if err != nil {
52 panic(err)
53 }
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]54
55 channelIDPEMBlock, err := ioutil.ReadFile(channelIDKeyFile)
56 if err != nil {
57 panic(err)
58 }
59 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
60 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
61 panic("bad key type")
62 }
63 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
64 if err != nil {
65 panic(err)
66 }
67 if channelIDKey.Curve != elliptic.P256() {
68 panic("bad curve")
69 }
70
71 channelIDBytes = make([]byte, 64)
72 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
73 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]74}
75
76var certificateOnce sync.Once
77
78func getRSACertificate() Certificate {
79 certificateOnce.Do(initCertificates)
80 return rsaCertificate
81}
82
83func getECDSACertificate() Certificate {
84 certificateOnce.Do(initCertificates)
85 return ecdsaCertificate
86}
87
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]88type testType int
89
90const (
91 clientTest testType = iota
92 serverTest
93)
94
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]95type protocol int
96
97const (
98 tls protocol = iota
99 dtls
100)
101
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]102const (
103 alpn = 1
104 npn = 2
105)
106
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]107type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]108 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]109 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]110 name string
111 config Config
112 shouldFail bool
113 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]114 // expectedLocalError, if not empty, contains a substring that must be
115 // found in the local error.
116 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]117 // expectedVersion, if non-zero, specifies the TLS version that must be
118 // negotiated.
119 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]120 // expectedResumeVersion, if non-zero, specifies the TLS version that
121 // must be negotiated on resumption. If zero, expectedVersion is used.
122 expectedResumeVersion uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]123 // expectChannelID controls whether the connection should have
124 // negotiated a Channel ID with channelIDKey.
125 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]126 // expectedNextProto controls whether the connection should
127 // negotiate a next protocol via NPN or ALPN.
128 expectedNextProto string
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]129 // expectedNextProtoType, if non-zero, is the expected next
130 // protocol negotiation mechanism.
131 expectedNextProtoType int
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]132 // messageLen is the length, in bytes, of the test message that will be
133 // sent.
134 messageLen int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]135 // certFile is the path to the certificate to use for the server.
136 certFile string
137 // keyFile is the path to the private key to use for the server.
138 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]139 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]140 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]141 resumeSession bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]142 // resumeConfig, if not nil, points to a Config to be used on
143 // resumption. SessionTicketKey and ClientSessionCache are copied from
144 // the initial connection's config. If nil, the initial connection's
145 // config is used.
146 resumeConfig *Config
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]147 // sendPrefix sends a prefix on the socket before actually performing a
148 // handshake.
149 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]150 // shimWritesFirst controls whether the shim sends an initial "hello"
151 // message before doing a roundtrip with the runner.
152 shimWritesFirst bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]153 // renegotiate indicates the the connection should be renegotiated
154 // during the exchange.
155 renegotiate bool
156 // renegotiateCiphers is a list of ciphersuite ids that will be
157 // switched in just before renegotiation.
158 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]159 // replayWrites, if true, configures the underlying transport
160 // to replay every write it makes in DTLS tests.
161 replayWrites bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]162 // flags, if not empty, contains a list of command-line flags that will
163 // be passed to the shim program.
164 flags []string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]165}
166
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]167var testCases = []testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]168 {
169 name: "BadRSASignature",
170 config: Config{
171 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
172 Bugs: ProtocolBugs{
173 InvalidSKXSignature: true,
174 },
175 },
176 shouldFail: true,
177 expectedError: ":BAD_SIGNATURE:",
178 },
179 {
180 name: "BadECDSASignature",
181 config: Config{
182 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
183 Bugs: ProtocolBugs{
184 InvalidSKXSignature: true,
185 },
186 Certificates: []Certificate{getECDSACertificate()},
187 },
188 shouldFail: true,
189 expectedError: ":BAD_SIGNATURE:",
190 },
191 {
192 name: "BadECDSACurve",
193 config: Config{
194 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
195 Bugs: ProtocolBugs{
196 InvalidSKXCurve: true,
197 },
198 Certificates: []Certificate{getECDSACertificate()},
199 },
200 shouldFail: true,
201 expectedError: ":WRONG_CURVE:",
202 },
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]203 {
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]204 testType: serverTest,
205 name: "BadRSAVersion",
206 config: Config{
207 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
208 Bugs: ProtocolBugs{
209 RsaClientKeyExchangeVersion: VersionTLS11,
210 },
211 },
212 shouldFail: true,
213 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
214 },
215 {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]216 name: "NoFallbackSCSV",
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]217 config: Config{
218 Bugs: ProtocolBugs{
219 FailIfNotFallbackSCSV: true,
220 },
221 },
222 shouldFail: true,
223 expectedLocalError: "no fallback SCSV found",
224 },
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]225 {
David Benjamin2a0c4962014-08-22 23:46:35 -0400[diff] [blame]226 name: "SendFallbackSCSV",
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]227 config: Config{
228 Bugs: ProtocolBugs{
229 FailIfNotFallbackSCSV: true,
230 },
231 },
232 flags: []string{"-fallback-scsv"},
233 },
David Benjamin197b3ab2014-07-02 18:37:33 -0400[diff] [blame]234 {
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]235 name: "ClientCertificateTypes",
236 config: Config{
237 ClientAuth: RequestClientCert,
238 ClientCertificateTypes: []byte{
239 CertTypeDSSSign,
240 CertTypeRSASign,
241 CertTypeECDSASign,
242 },
243 },
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]244 flags: []string{
245 "-expect-certificate-types",
246 base64.StdEncoding.EncodeToString([]byte{
247 CertTypeDSSSign,
248 CertTypeRSASign,
249 CertTypeECDSASign,
250 }),
251 },
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]252 },
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]253 {
254 name: "NoClientCertificate",
255 config: Config{
256 ClientAuth: RequireAnyClientCert,
257 },
258 shouldFail: true,
259 expectedLocalError: "client didn't provide a certificate",
260 },
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]261 {
262 name: "UnauthenticatedECDH",
263 config: Config{
264 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
265 Bugs: ProtocolBugs{
266 UnauthenticatedECDH: true,
267 },
268 },
269 shouldFail: true,
David Benjamine8f3d662014-07-12 01:10:19 -0400[diff] [blame]270 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]271 },
David Benjamin9c651c92014-07-12 13:27:45 -0400[diff] [blame]272 {
273 name: "SkipServerKeyExchange",
274 config: Config{
275 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
276 Bugs: ProtocolBugs{
277 SkipServerKeyExchange: true,
278 },
279 },
280 shouldFail: true,
281 expectedError: ":UNEXPECTED_MESSAGE:",
282 },
David Benjamin1f5f62b2014-07-12 16:18:02 -0400[diff] [blame]283 {
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]284 name: "SkipChangeCipherSpec-Client",
285 config: Config{
286 Bugs: ProtocolBugs{
287 SkipChangeCipherSpec: true,
288 },
289 },
290 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]291 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]292 },
293 {
294 testType: serverTest,
295 name: "SkipChangeCipherSpec-Server",
296 config: Config{
297 Bugs: ProtocolBugs{
298 SkipChangeCipherSpec: true,
299 },
300 },
301 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]302 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]303 },
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]304 {
305 testType: serverTest,
306 name: "SkipChangeCipherSpec-Server-NPN",
307 config: Config{
308 NextProtos: []string{"bar"},
309 Bugs: ProtocolBugs{
310 SkipChangeCipherSpec: true,
311 },
312 },
313 flags: []string{
314 "-advertise-npn", "\x03foo\x03bar\x03baz",
315 },
316 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]317 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
318 },
319 {
320 name: "FragmentAcrossChangeCipherSpec-Client",
321 config: Config{
322 Bugs: ProtocolBugs{
323 FragmentAcrossChangeCipherSpec: true,
324 },
325 },
326 shouldFail: true,
327 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
328 },
329 {
330 testType: serverTest,
331 name: "FragmentAcrossChangeCipherSpec-Server",
332 config: Config{
333 Bugs: ProtocolBugs{
334 FragmentAcrossChangeCipherSpec: true,
335 },
336 },
337 shouldFail: true,
338 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
339 },
340 {
341 testType: serverTest,
342 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
343 config: Config{
344 NextProtos: []string{"bar"},
345 Bugs: ProtocolBugs{
346 FragmentAcrossChangeCipherSpec: true,
347 },
348 },
349 flags: []string{
350 "-advertise-npn", "\x03foo\x03bar\x03baz",
351 },
352 shouldFail: true,
353 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]354 },
David Benjaminf3ec83d2014-07-21 22:42:34 -0400[diff] [blame]355 {
356 testType: serverTest,
357 name: "EarlyChangeCipherSpec-server-1",
358 config: Config{
359 Bugs: ProtocolBugs{
360 EarlyChangeCipherSpec: 1,
361 },
362 },
363 shouldFail: true,
364 expectedError: ":CCS_RECEIVED_EARLY:",
365 },
366 {
367 testType: serverTest,
368 name: "EarlyChangeCipherSpec-server-2",
369 config: Config{
370 Bugs: ProtocolBugs{
371 EarlyChangeCipherSpec: 2,
372 },
373 },
374 shouldFail: true,
375 expectedError: ":CCS_RECEIVED_EARLY:",
376 },
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]377 {
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]378 name: "SkipNewSessionTicket",
379 config: Config{
380 Bugs: ProtocolBugs{
381 SkipNewSessionTicket: true,
382 },
383 },
384 shouldFail: true,
385 expectedError: ":CCS_RECEIVED_EARLY:",
386 },
David Benjamin7e3305e2014-07-28 14:52:32 -0400[diff] [blame]387 {
David Benjamind86c7672014-08-02 04:07:12 -0400[diff] [blame]388 testType: serverTest,
David Benjaminbef270a2014-08-02 04:22:02 -0400[diff] [blame]389 name: "FallbackSCSV",
390 config: Config{
391 MaxVersion: VersionTLS11,
392 Bugs: ProtocolBugs{
393 SendFallbackSCSV: true,
394 },
395 },
396 shouldFail: true,
397 expectedError: ":INAPPROPRIATE_FALLBACK:",
398 },
399 {
400 testType: serverTest,
401 name: "FallbackSCSV-VersionMatch",
402 config: Config{
403 Bugs: ProtocolBugs{
404 SendFallbackSCSV: true,
405 },
406 },
407 },
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]408 {
409 testType: serverTest,
410 name: "FragmentedClientVersion",
411 config: Config{
412 Bugs: ProtocolBugs{
413 MaxHandshakeRecordLength: 1,
414 FragmentClientVersion: true,
415 },
416 },
417 shouldFail: true,
418 expectedError: ":RECORD_TOO_SMALL:",
419 },
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]420 {
421 testType: serverTest,
422 name: "MinorVersionTolerance",
423 config: Config{
424 Bugs: ProtocolBugs{
425 SendClientVersion: 0x03ff,
426 },
427 },
428 expectedVersion: VersionTLS12,
429 },
430 {
431 testType: serverTest,
432 name: "MajorVersionTolerance",
433 config: Config{
434 Bugs: ProtocolBugs{
435 SendClientVersion: 0x0400,
436 },
437 },
438 expectedVersion: VersionTLS12,
439 },
440 {
441 testType: serverTest,
442 name: "VersionTooLow",
443 config: Config{
444 Bugs: ProtocolBugs{
445 SendClientVersion: 0x0200,
446 },
447 },
448 shouldFail: true,
449 expectedError: ":UNSUPPORTED_PROTOCOL:",
450 },
451 {
452 testType: serverTest,
453 name: "HttpGET",
454 sendPrefix: "GET / HTTP/1.0\n",
455 shouldFail: true,
456 expectedError: ":HTTP_REQUEST:",
457 },
458 {
459 testType: serverTest,
460 name: "HttpPOST",
461 sendPrefix: "POST / HTTP/1.0\n",
462 shouldFail: true,
463 expectedError: ":HTTP_REQUEST:",
464 },
465 {
466 testType: serverTest,
467 name: "HttpHEAD",
468 sendPrefix: "HEAD / HTTP/1.0\n",
469 shouldFail: true,
470 expectedError: ":HTTP_REQUEST:",
471 },
472 {
473 testType: serverTest,
474 name: "HttpPUT",
475 sendPrefix: "PUT / HTTP/1.0\n",
476 shouldFail: true,
477 expectedError: ":HTTP_REQUEST:",
478 },
479 {
480 testType: serverTest,
481 name: "HttpCONNECT",
482 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
483 shouldFail: true,
484 expectedError: ":HTTPS_PROXY_REQUEST:",
485 },
David Benjamin39ebf532014-08-31 02:23:49 -0400[diff] [blame]486 {
487 name: "SkipCipherVersionCheck",
488 config: Config{
489 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
490 MaxVersion: VersionTLS11,
491 Bugs: ProtocolBugs{
492 SkipCipherVersionCheck: true,
493 },
494 },
495 shouldFail: true,
496 expectedError: ":WRONG_CIPHER_RETURNED:",
497 },
David Benjamin9114fae2014-11-08 11:41:14 -0500[diff] [blame^]498 {
499 name: "RSAServerKeyExchange",
500 config: Config{
501 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
502 Bugs: ProtocolBugs{
503 RSAServerKeyExchange: true,
504 },
505 },
506 shouldFail: true,
507 expectedError: ":UNEXPECTED_MESSAGE:",
508 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]509}
510
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]511func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]512 if test.protocol == dtls {
513 conn = newPacketAdaptor(conn)
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]514 if test.replayWrites {
515 conn = newReplayAdaptor(conn)
516 }
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]517 }
518
519 if test.sendPrefix != "" {
520 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
521 return err
522 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]523 }
524
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]525 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]526 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]527 if test.protocol == dtls {
528 tlsConn = DTLSServer(conn, config)
529 } else {
530 tlsConn = Server(conn, config)
531 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]532 } else {
533 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]534 if test.protocol == dtls {
535 tlsConn = DTLSClient(conn, config)
536 } else {
537 tlsConn = Client(conn, config)
538 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]539 }
540
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]541 if err := tlsConn.Handshake(); err != nil {
542 return err
543 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]544
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]545 // TODO(davidben): move all per-connection expectations into a dedicated
546 // expectations struct that can be specified separately for the two
547 // legs.
548 expectedVersion := test.expectedVersion
549 if isResume && test.expectedResumeVersion != 0 {
550 expectedVersion = test.expectedResumeVersion
551 }
552 if vers := tlsConn.ConnectionState().Version; expectedVersion != 0 && vers != expectedVersion {
553 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]554 }
555
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]556 if test.expectChannelID {
557 channelID := tlsConn.ConnectionState().ChannelID
558 if channelID == nil {
559 return fmt.Errorf("no channel ID negotiated")
560 }
561 if channelID.Curve != channelIDKey.Curve ||
562 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
563 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
564 return fmt.Errorf("incorrect channel ID")
565 }
566 }
567
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]568 if expected := test.expectedNextProto; expected != "" {
569 if actual := tlsConn.ConnectionState().NegotiatedProtocol; actual != expected {
570 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
571 }
572 }
573
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]574 if test.expectedNextProtoType != 0 {
575 if (test.expectedNextProtoType == alpn) != tlsConn.ConnectionState().NegotiatedProtocolFromALPN {
576 return fmt.Errorf("next proto type mismatch")
577 }
578 }
579
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]580 if test.shimWritesFirst {
581 var buf [5]byte
582 _, err := io.ReadFull(tlsConn, buf[:])
583 if err != nil {
584 return err
585 }
586 if string(buf[:]) != "hello" {
587 return fmt.Errorf("bad initial message")
588 }
589 }
590
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]591 if test.renegotiate {
592 if test.renegotiateCiphers != nil {
593 config.CipherSuites = test.renegotiateCiphers
594 }
595 if err := tlsConn.Renegotiate(); err != nil {
596 return err
597 }
598 } else if test.renegotiateCiphers != nil {
599 panic("renegotiateCiphers without renegotiate")
600 }
601
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]602 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]603 if test.protocol == dtls {
604 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
605 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]606 // Read until EOF.
607 _, err := io.Copy(ioutil.Discard, tlsConn)
608 return err
609 }
610
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]611 if messageLen == 0 {
612 messageLen = 32
613 }
614 testMessage := make([]byte, messageLen)
615 for i := range testMessage {
616 testMessage[i] = 0x42
617 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]618 tlsConn.Write(testMessage)
619
620 buf := make([]byte, len(testMessage))
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]621 if test.protocol == dtls {
622 bufTmp := make([]byte, len(buf)+1)
623 n, err := tlsConn.Read(bufTmp)
624 if err != nil {
625 return err
626 }
627 if n != len(buf) {
628 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
629 }
630 copy(buf, bufTmp)
631 } else {
632 _, err := io.ReadFull(tlsConn, buf)
633 if err != nil {
634 return err
635 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]636 }
637
638 for i, v := range buf {
639 if v != testMessage[i]^0xff {
640 return fmt.Errorf("bad reply contents at byte %d", i)
641 }
642 }
643
644 return nil
645}
646
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]647func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
648 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]649 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]650 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]651 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]652 valgrindArgs = append(valgrindArgs, path)
653 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]654
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]655 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]656}
657
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]658func gdbOf(path string, args ...string) *exec.Cmd {
659 xtermArgs := []string{"-e", "gdb", "--args"}
660 xtermArgs = append(xtermArgs, path)
661 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]662
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]663 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]664}
665
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]666func openSocketPair() (shimEnd *os.File, conn net.Conn) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]667 socks, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
668 if err != nil {
669 panic(err)
670 }
671
672 syscall.CloseOnExec(socks[0])
673 syscall.CloseOnExec(socks[1])
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]674 shimEnd = os.NewFile(uintptr(socks[0]), "shim end")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]675 connFile := os.NewFile(uintptr(socks[1]), "our end")
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]676 conn, err = net.FileConn(connFile)
677 if err != nil {
678 panic(err)
679 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]680 connFile.Close()
681 if err != nil {
682 panic(err)
683 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]684 return shimEnd, conn
685}
686
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]687func runTest(test *testCase, buildDir string) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]688 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
689 panic("Error expected without shouldFail in " + test.name)
690 }
691
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]692 shimEnd, conn := openSocketPair()
693 shimEndResume, connResume := openSocketPair()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]694
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]695 shim_path := path.Join(buildDir, "ssl/test/bssl_shim")
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]696 var flags []string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]697 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]698 flags = append(flags, "-server")
699
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]700 flags = append(flags, "-key-file")
701 if test.keyFile == "" {
702 flags = append(flags, rsaKeyFile)
703 } else {
704 flags = append(flags, test.keyFile)
705 }
706
707 flags = append(flags, "-cert-file")
708 if test.certFile == "" {
709 flags = append(flags, rsaCertificateFile)
710 } else {
711 flags = append(flags, test.certFile)
712 }
713 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]714
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]715 if test.protocol == dtls {
716 flags = append(flags, "-dtls")
717 }
718
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]719 if test.resumeSession {
720 flags = append(flags, "-resume")
721 }
722
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]723 if test.shimWritesFirst {
724 flags = append(flags, "-shim-writes-first")
725 }
726
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]727 flags = append(flags, test.flags...)
728
729 var shim *exec.Cmd
730 if *useValgrind {
731 shim = valgrindOf(false, shim_path, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]732 } else if *useGDB {
733 shim = gdbOf(shim_path, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]734 } else {
735 shim = exec.Command(shim_path, flags...)
736 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]737 shim.ExtraFiles = []*os.File{shimEnd, shimEndResume}
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]738 shim.Stdin = os.Stdin
739 var stdoutBuf, stderrBuf bytes.Buffer
740 shim.Stdout = &stdoutBuf
741 shim.Stderr = &stderrBuf
742
743 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]744 panic(err)
745 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]746 shimEnd.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]747 shimEndResume.Close()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]748
749 config := test.config
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]750 config.ClientSessionCache = NewLRUClientSessionCache(1)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]751 if test.testType == clientTest {
752 if len(config.Certificates) == 0 {
753 config.Certificates = []Certificate{getRSACertificate()}
754 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]755 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]756
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]757 var connDebug *recordingConn
758 if *flagDebug {
759 connDebug = &recordingConn{Conn: conn}
760 conn = connDebug
761 }
762
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]763 err := doExchange(test, &config, conn, test.messageLen,
764 false /* not a resumption */)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]765
766 if *flagDebug {
767 connDebug.WriteTo(os.Stdout)
768 }
769
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]770 conn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]771 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]772 var resumeConfig Config
773 if test.resumeConfig != nil {
774 resumeConfig = *test.resumeConfig
775 if len(resumeConfig.Certificates) == 0 {
776 resumeConfig.Certificates = []Certificate{getRSACertificate()}
777 }
778 resumeConfig.SessionTicketKey = config.SessionTicketKey
779 resumeConfig.ClientSessionCache = config.ClientSessionCache
780 } else {
781 resumeConfig = config
782 }
783 err = doExchange(test, &resumeConfig, connResume, test.messageLen,
784 true /* resumption */)
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]785 }
David Benjamin812152a2014-09-06 12:49:07 -0400[diff] [blame]786 connResume.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]787
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]788 childErr := shim.Wait()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]789
790 stdout := string(stdoutBuf.Bytes())
791 stderr := string(stderrBuf.Bytes())
792 failed := err != nil || childErr != nil
793 correctFailure := len(test.expectedError) == 0 || strings.Contains(stdout, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]794 localError := "none"
795 if err != nil {
796 localError = err.Error()
797 }
798 if len(test.expectedLocalError) != 0 {
799 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
800 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]801
802 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]803 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]804 if childErr != nil {
805 childError = childErr.Error()
806 }
807
808 var msg string
809 switch {
810 case failed && !test.shouldFail:
811 msg = "unexpected failure"
812 case !failed && test.shouldFail:
813 msg = "unexpected success"
814 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]815 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]816 default:
817 panic("internal error")
818 }
819
820 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, string(stdoutBuf.Bytes()), stderr)
821 }
822
823 if !*useValgrind && len(stderr) > 0 {
824 println(stderr)
825 }
826
827 return nil
828}
829
830var tlsVersions = []struct {
831 name string
832 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]833 flag string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]834}{
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]835 {"SSL3", VersionSSL30, "-no-ssl3"},
836 {"TLS1", VersionTLS10, "-no-tls1"},
837 {"TLS11", VersionTLS11, "-no-tls11"},
838 {"TLS12", VersionTLS12, "-no-tls12"},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]839}
840
841var testCipherSuites = []struct {
842 name string
843 id uint16
844}{
845 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]846 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]847 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]848 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]849 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]850 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]851 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]852 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
853 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]854 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]855 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
856 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]857 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]858 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
859 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]860 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
861 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]862 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]863 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]864 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
David Benjamin2af684f2014-10-27 02:23:15 -0400[diff] [blame]865 {"ECDHE-PSK-WITH-AES-128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]866 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]867 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]868 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]869 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]870 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]871 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]872 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]873 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
874 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
875 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]876 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]877 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]878}
879
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]880func isTLS12Only(suiteName string) bool {
881 return strings.HasSuffix(suiteName, "-GCM") ||
882 strings.HasSuffix(suiteName, "-SHA256") ||
883 strings.HasSuffix(suiteName, "-SHA384")
884}
885
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]886func addCipherSuiteTests() {
887 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]888 const psk = "12345"
889 const pskIdentity = "luggage combo"
890
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]891 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]892 var certFile string
893 var keyFile string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]894 if strings.Contains(suite.name, "ECDSA") {
895 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]896 certFile = ecdsaCertificateFile
897 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]898 } else {
899 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]900 certFile = rsaCertificateFile
901 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]902 }
903
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]904 var flags []string
905 if strings.HasPrefix(suite.name, "PSK-") || strings.Contains(suite.name, "-PSK-") {
906 flags = append(flags,
907 "-psk", psk,
908 "-psk-identity", pskIdentity)
909 }
910
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]911 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]912 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]913 continue
914 }
915
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]916 // Go's TLS implementation only implements session
917 // resumption with tickets, so SSLv3 cannot resume
918 // sessions.
919 resumeSession := ver.version != VersionSSL30
920
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]921 testCases = append(testCases, testCase{
922 testType: clientTest,
923 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]924 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]925 MinVersion: ver.version,
926 MaxVersion: ver.version,
927 CipherSuites: []uint16{suite.id},
928 Certificates: []Certificate{cert},
929 PreSharedKey: []byte(psk),
930 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]931 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]932 flags: flags,
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]933 resumeSession: resumeSession,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]934 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]935
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]936 testCases = append(testCases, testCase{
937 testType: serverTest,
938 name: ver.name + "-" + suite.name + "-server",
939 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]940 MinVersion: ver.version,
941 MaxVersion: ver.version,
942 CipherSuites: []uint16{suite.id},
943 Certificates: []Certificate{cert},
944 PreSharedKey: []byte(psk),
945 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]946 },
947 certFile: certFile,
948 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]949 flags: flags,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]950 resumeSession: resumeSession,
951 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]952
953 // TODO(davidben): Fix DTLS 1.2 support and test that.
954 if ver.version == VersionTLS10 && strings.Index(suite.name, "RC4") == -1 {
955 testCases = append(testCases, testCase{
956 testType: clientTest,
957 protocol: dtls,
958 name: "D" + ver.name + "-" + suite.name + "-client",
959 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]960 MinVersion: ver.version,
961 MaxVersion: ver.version,
962 CipherSuites: []uint16{suite.id},
963 Certificates: []Certificate{cert},
964 PreSharedKey: []byte(psk),
965 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]966 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]967 flags: flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]968 resumeSession: resumeSession,
969 })
970 testCases = append(testCases, testCase{
971 testType: serverTest,
972 protocol: dtls,
973 name: "D" + ver.name + "-" + suite.name + "-server",
974 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]975 MinVersion: ver.version,
976 MaxVersion: ver.version,
977 CipherSuites: []uint16{suite.id},
978 Certificates: []Certificate{cert},
979 PreSharedKey: []byte(psk),
980 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]981 },
982 certFile: certFile,
983 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]984 flags: flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]985 resumeSession: resumeSession,
986 })
987 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]988 }
989 }
990}
991
992func addBadECDSASignatureTests() {
993 for badR := BadValue(1); badR < NumBadValues; badR++ {
994 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]995 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]996 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
997 config: Config{
998 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
999 Certificates: []Certificate{getECDSACertificate()},
1000 Bugs: ProtocolBugs{
1001 BadECDSAR: badR,
1002 BadECDSAS: badS,
1003 },
1004 },
1005 shouldFail: true,
1006 expectedError: "SIGNATURE",
1007 })
1008 }
1009 }
1010}
1011
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1012func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1013 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1014 name: "MaxCBCPadding",
1015 config: Config{
1016 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1017 Bugs: ProtocolBugs{
1018 MaxPadding: true,
1019 },
1020 },
1021 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1022 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1023 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1024 name: "BadCBCPadding",
1025 config: Config{
1026 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1027 Bugs: ProtocolBugs{
1028 PaddingFirstByteBad: true,
1029 },
1030 },
1031 shouldFail: true,
1032 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1033 })
1034 // OpenSSL previously had an issue where the first byte of padding in
1035 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1036 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1037 name: "BadCBCPadding255",
1038 config: Config{
1039 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1040 Bugs: ProtocolBugs{
1041 MaxPadding: true,
1042 PaddingFirstByteBadIf255: true,
1043 },
1044 },
1045 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1046 shouldFail: true,
1047 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1048 })
1049}
1050
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1051func addCBCSplittingTests() {
1052 testCases = append(testCases, testCase{
1053 name: "CBCRecordSplitting",
1054 config: Config{
1055 MaxVersion: VersionTLS10,
1056 MinVersion: VersionTLS10,
1057 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1058 },
1059 messageLen: -1, // read until EOF
1060 flags: []string{
1061 "-async",
1062 "-write-different-record-sizes",
1063 "-cbc-record-splitting",
1064 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]1065 })
1066 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1067 name: "CBCRecordSplittingPartialWrite",
1068 config: Config{
1069 MaxVersion: VersionTLS10,
1070 MinVersion: VersionTLS10,
1071 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1072 },
1073 messageLen: -1, // read until EOF
1074 flags: []string{
1075 "-async",
1076 "-write-different-record-sizes",
1077 "-cbc-record-splitting",
1078 "-partial-write",
1079 },
1080 })
1081}
1082
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1083func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]1084 // Add a dummy cert pool to stress certificate authority parsing.
1085 // TODO(davidben): Add tests that those values parse out correctly.
1086 certPool := x509.NewCertPool()
1087 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
1088 if err != nil {
1089 panic(err)
1090 }
1091 certPool.AddCert(cert)
1092
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1093 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1094 testCases = append(testCases, testCase{
1095 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1096 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1097 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1098 MinVersion: ver.version,
1099 MaxVersion: ver.version,
1100 ClientAuth: RequireAnyClientCert,
1101 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1102 },
1103 flags: []string{
1104 "-cert-file", rsaCertificateFile,
1105 "-key-file", rsaKeyFile,
1106 },
1107 })
1108 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1109 testType: serverTest,
1110 name: ver.name + "-Server-ClientAuth-RSA",
1111 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1112 MinVersion: ver.version,
1113 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1114 Certificates: []Certificate{rsaCertificate},
1115 },
1116 flags: []string{"-require-any-client-certificate"},
1117 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1118 if ver.version != VersionSSL30 {
1119 testCases = append(testCases, testCase{
1120 testType: serverTest,
1121 name: ver.name + "-Server-ClientAuth-ECDSA",
1122 config: Config{
1123 MinVersion: ver.version,
1124 MaxVersion: ver.version,
1125 Certificates: []Certificate{ecdsaCertificate},
1126 },
1127 flags: []string{"-require-any-client-certificate"},
1128 })
1129 testCases = append(testCases, testCase{
1130 testType: clientTest,
1131 name: ver.name + "-Client-ClientAuth-ECDSA",
1132 config: Config{
1133 MinVersion: ver.version,
1134 MaxVersion: ver.version,
1135 ClientAuth: RequireAnyClientCert,
1136 ClientCAs: certPool,
1137 },
1138 flags: []string{
1139 "-cert-file", ecdsaCertificateFile,
1140 "-key-file", ecdsaKeyFile,
1141 },
1142 })
1143 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1144 }
1145}
1146
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1147func addExtendedMasterSecretTests() {
1148 const expectEMSFlag = "-expect-extended-master-secret"
1149
1150 for _, with := range []bool{false, true} {
1151 prefix := "No"
1152 var flags []string
1153 if with {
1154 prefix = ""
1155 flags = []string{expectEMSFlag}
1156 }
1157
1158 for _, isClient := range []bool{false, true} {
1159 suffix := "-Server"
1160 testType := serverTest
1161 if isClient {
1162 suffix = "-Client"
1163 testType = clientTest
1164 }
1165
1166 for _, ver := range tlsVersions {
1167 test := testCase{
1168 testType: testType,
1169 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
1170 config: Config{
1171 MinVersion: ver.version,
1172 MaxVersion: ver.version,
1173 Bugs: ProtocolBugs{
1174 NoExtendedMasterSecret: !with,
1175 RequireExtendedMasterSecret: with,
1176 },
1177 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1178 flags: flags,
1179 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1180 }
1181 if test.shouldFail {
1182 test.expectedLocalError = "extended master secret required but not supported by peer"
1183 }
1184 testCases = append(testCases, test)
1185 }
1186 }
1187 }
1188
1189 // When a session is resumed, it should still be aware that its master
1190 // secret was generated via EMS and thus it's safe to use tls-unique.
1191 testCases = append(testCases, testCase{
1192 name: "ExtendedMasterSecret-Resume",
1193 config: Config{
1194 Bugs: ProtocolBugs{
1195 RequireExtendedMasterSecret: true,
1196 },
1197 },
1198 flags: []string{expectEMSFlag},
1199 resumeSession: true,
1200 })
1201}
1202
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1203// Adds tests that try to cover the range of the handshake state machine, under
1204// various conditions. Some of these are redundant with other tests, but they
1205// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1206func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1207 var suffix string
1208 var flags []string
1209 var maxHandshakeRecordLength int
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1210 if protocol == dtls {
1211 suffix = "-DTLS"
1212 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1213 if async {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1214 suffix += "-Async"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1215 flags = append(flags, "-async")
1216 } else {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1217 suffix += "-Sync"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1218 }
1219 if splitHandshake {
1220 suffix += "-SplitHandshakeRecords"
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]1221 maxHandshakeRecordLength = 1
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1222 }
1223
1224 // Basic handshake, with resumption. Client and server.
1225 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1226 protocol: protocol,
1227 name: "Basic-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1228 config: Config{
1229 Bugs: ProtocolBugs{
1230 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1231 },
1232 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1233 flags: flags,
1234 resumeSession: true,
1235 })
1236 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1237 protocol: protocol,
1238 name: "Basic-Client-RenewTicket" + suffix,
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1239 config: Config{
1240 Bugs: ProtocolBugs{
1241 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1242 RenewTicketOnResume: true,
1243 },
1244 },
1245 flags: flags,
1246 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1247 })
1248 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1249 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1250 testType: serverTest,
1251 name: "Basic-Server" + suffix,
1252 config: Config{
1253 Bugs: ProtocolBugs{
1254 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1255 },
1256 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1257 flags: flags,
1258 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1259 })
1260
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1261 // TLS client auth.
1262 testCases = append(testCases, testCase{
1263 protocol: protocol,
1264 testType: clientTest,
1265 name: "ClientAuth-Client" + suffix,
1266 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1267 ClientAuth: RequireAnyClientCert,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1268 Bugs: ProtocolBugs{
1269 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1270 },
1271 },
1272 flags: append(flags,
1273 "-cert-file", rsaCertificateFile,
1274 "-key-file", rsaKeyFile),
1275 })
1276 testCases = append(testCases, testCase{
1277 protocol: protocol,
1278 testType: serverTest,
1279 name: "ClientAuth-Server" + suffix,
1280 config: Config{
1281 Certificates: []Certificate{rsaCertificate},
1282 },
1283 flags: append(flags, "-require-any-client-certificate"),
1284 })
1285
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1286 // No session ticket support; server doesn't send NewSessionTicket.
1287 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1288 protocol: protocol,
1289 name: "SessionTicketsDisabled-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1290 config: Config{
1291 SessionTicketsDisabled: true,
1292 Bugs: ProtocolBugs{
1293 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1294 },
1295 },
1296 flags: flags,
1297 })
1298 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1299 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1300 testType: serverTest,
1301 name: "SessionTicketsDisabled-Server" + suffix,
1302 config: Config{
1303 SessionTicketsDisabled: true,
1304 Bugs: ProtocolBugs{
1305 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1306 },
1307 },
1308 flags: flags,
1309 })
1310
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1311 // Skip ServerKeyExchange in PSK key exchange if there's no
1312 // identity hint.
1313 testCases = append(testCases, testCase{
1314 protocol: protocol,
1315 name: "EmptyPSKHint-Client" + suffix,
1316 config: Config{
1317 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
1318 PreSharedKey: []byte("secret"),
1319 Bugs: ProtocolBugs{
1320 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1321 },
1322 },
1323 flags: append(flags, "-psk", "secret"),
1324 })
1325 testCases = append(testCases, testCase{
1326 protocol: protocol,
1327 testType: serverTest,
1328 name: "EmptyPSKHint-Server" + suffix,
1329 config: Config{
1330 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
1331 PreSharedKey: []byte("secret"),
1332 Bugs: ProtocolBugs{
1333 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1334 },
1335 },
1336 flags: append(flags, "-psk", "secret"),
1337 })
1338
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1339 if protocol == tls {
1340 // NPN on client and server; results in post-handshake message.
1341 testCases = append(testCases, testCase{
1342 protocol: protocol,
1343 name: "NPN-Client" + suffix,
1344 config: Config{
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1345 NextProtos: []string{"foo"},
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1346 Bugs: ProtocolBugs{
1347 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1348 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1349 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1350 flags: append(flags, "-select-next-proto", "foo"),
1351 expectedNextProto: "foo",
1352 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1353 })
1354 testCases = append(testCases, testCase{
1355 protocol: protocol,
1356 testType: serverTest,
1357 name: "NPN-Server" + suffix,
1358 config: Config{
1359 NextProtos: []string{"bar"},
1360 Bugs: ProtocolBugs{
1361 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1362 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1363 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1364 flags: append(flags,
1365 "-advertise-npn", "\x03foo\x03bar\x03baz",
1366 "-expect-next-proto", "bar"),
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1367 expectedNextProto: "bar",
1368 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1369 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1370
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1371 // Client does False Start and negotiates NPN.
1372 testCases = append(testCases, testCase{
1373 protocol: protocol,
1374 name: "FalseStart" + suffix,
1375 config: Config{
1376 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1377 NextProtos: []string{"foo"},
1378 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1379 ExpectFalseStart: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1380 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1381 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1382 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1383 flags: append(flags,
1384 "-false-start",
1385 "-select-next-proto", "foo"),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1386 shimWritesFirst: true,
1387 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1388 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1389
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1390 // Client does False Start and negotiates ALPN.
1391 testCases = append(testCases, testCase{
1392 protocol: protocol,
1393 name: "FalseStart-ALPN" + suffix,
1394 config: Config{
1395 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1396 NextProtos: []string{"foo"},
1397 Bugs: ProtocolBugs{
1398 ExpectFalseStart: true,
1399 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1400 },
1401 },
1402 flags: append(flags,
1403 "-false-start",
1404 "-advertise-alpn", "\x03foo"),
1405 shimWritesFirst: true,
1406 resumeSession: true,
1407 })
1408
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1409 // False Start without session tickets.
1410 testCases = append(testCases, testCase{
1411 name: "FalseStart-SessionTicketsDisabled",
1412 config: Config{
1413 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1414 NextProtos: []string{"foo"},
1415 SessionTicketsDisabled: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1416 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1417 ExpectFalseStart: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1418 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1419 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1420 },
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1421 flags: append(flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1422 "-false-start",
1423 "-select-next-proto", "foo",
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]1424 ),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1425 shimWritesFirst: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1426 })
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]1427
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]1428 // Server parses a V2ClientHello.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1429 testCases = append(testCases, testCase{
1430 protocol: protocol,
1431 testType: serverTest,
1432 name: "SendV2ClientHello" + suffix,
1433 config: Config{
1434 // Choose a cipher suite that does not involve
1435 // elliptic curves, so no extensions are
1436 // involved.
1437 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1438 Bugs: ProtocolBugs{
1439 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1440 SendV2ClientHello: true,
1441 },
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]1442 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1443 flags: flags,
1444 })
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]1445
1446 // Client sends a Channel ID.
1447 testCases = append(testCases, testCase{
1448 protocol: protocol,
1449 name: "ChannelID-Client" + suffix,
1450 config: Config{
1451 RequestChannelID: true,
1452 Bugs: ProtocolBugs{
1453 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1454 },
1455 },
1456 flags: append(flags,
1457 "-send-channel-id", channelIDKeyFile,
1458 ),
1459 resumeSession: true,
1460 expectChannelID: true,
1461 })
1462
1463 // Server accepts a Channel ID.
1464 testCases = append(testCases, testCase{
1465 protocol: protocol,
1466 testType: serverTest,
1467 name: "ChannelID-Server" + suffix,
1468 config: Config{
1469 ChannelID: channelIDKey,
1470 Bugs: ProtocolBugs{
1471 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1472 },
1473 },
1474 flags: append(flags,
1475 "-expect-channel-id",
1476 base64.StdEncoding.EncodeToString(channelIDBytes),
1477 ),
1478 resumeSession: true,
1479 expectChannelID: true,
1480 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1481 } else {
1482 testCases = append(testCases, testCase{
1483 protocol: protocol,
1484 name: "SkipHelloVerifyRequest" + suffix,
1485 config: Config{
1486 Bugs: ProtocolBugs{
1487 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1488 SkipHelloVerifyRequest: true,
1489 },
1490 },
1491 flags: flags,
1492 })
1493
1494 testCases = append(testCases, testCase{
1495 testType: serverTest,
1496 protocol: protocol,
1497 name: "CookieExchange" + suffix,
1498 config: Config{
1499 Bugs: ProtocolBugs{
1500 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1501 },
1502 },
1503 flags: append(flags, "-cookie-exchange"),
1504 })
1505 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1506}
1507
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1508func addVersionNegotiationTests() {
1509 for i, shimVers := range tlsVersions {
1510 // Assemble flags to disable all newer versions on the shim.
1511 var flags []string
1512 for _, vers := range tlsVersions[i+1:] {
1513 flags = append(flags, vers.flag)
1514 }
1515
1516 for _, runnerVers := range tlsVersions {
1517 expectedVersion := shimVers.version
1518 if runnerVers.version < shimVers.version {
1519 expectedVersion = runnerVers.version
1520 }
1521 suffix := shimVers.name + "-" + runnerVers.name
1522
1523 testCases = append(testCases, testCase{
1524 testType: clientTest,
1525 name: "VersionNegotiation-Client-" + suffix,
1526 config: Config{
1527 MaxVersion: runnerVers.version,
1528 },
1529 flags: flags,
1530 expectedVersion: expectedVersion,
1531 })
1532
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1533 testCases = append(testCases, testCase{
1534 testType: serverTest,
1535 name: "VersionNegotiation-Server-" + suffix,
1536 config: Config{
1537 MaxVersion: runnerVers.version,
1538 },
1539 flags: flags,
1540 expectedVersion: expectedVersion,
1541 })
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1542 }
1543 }
1544}
1545
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]1546func addD5BugTests() {
1547 testCases = append(testCases, testCase{
1548 testType: serverTest,
1549 name: "D5Bug-NoQuirk-Reject",
1550 config: Config{
1551 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1552 Bugs: ProtocolBugs{
1553 SSL3RSAKeyExchange: true,
1554 },
1555 },
1556 shouldFail: true,
1557 expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
1558 })
1559 testCases = append(testCases, testCase{
1560 testType: serverTest,
1561 name: "D5Bug-Quirk-Normal",
1562 config: Config{
1563 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1564 },
1565 flags: []string{"-tls-d5-bug"},
1566 })
1567 testCases = append(testCases, testCase{
1568 testType: serverTest,
1569 name: "D5Bug-Quirk-Bug",
1570 config: Config{
1571 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1572 Bugs: ProtocolBugs{
1573 SSL3RSAKeyExchange: true,
1574 },
1575 },
1576 flags: []string{"-tls-d5-bug"},
1577 })
1578}
1579
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]1580func addExtensionTests() {
1581 testCases = append(testCases, testCase{
1582 testType: clientTest,
1583 name: "DuplicateExtensionClient",
1584 config: Config{
1585 Bugs: ProtocolBugs{
1586 DuplicateExtension: true,
1587 },
1588 },
1589 shouldFail: true,
1590 expectedLocalError: "remote error: error decoding message",
1591 })
1592 testCases = append(testCases, testCase{
1593 testType: serverTest,
1594 name: "DuplicateExtensionServer",
1595 config: Config{
1596 Bugs: ProtocolBugs{
1597 DuplicateExtension: true,
1598 },
1599 },
1600 shouldFail: true,
1601 expectedLocalError: "remote error: error decoding message",
1602 })
1603 testCases = append(testCases, testCase{
1604 testType: clientTest,
1605 name: "ServerNameExtensionClient",
1606 config: Config{
1607 Bugs: ProtocolBugs{
1608 ExpectServerName: "example.com",
1609 },
1610 },
1611 flags: []string{"-host-name", "example.com"},
1612 })
1613 testCases = append(testCases, testCase{
1614 testType: clientTest,
1615 name: "ServerNameExtensionClient",
1616 config: Config{
1617 Bugs: ProtocolBugs{
1618 ExpectServerName: "mismatch.com",
1619 },
1620 },
1621 flags: []string{"-host-name", "example.com"},
1622 shouldFail: true,
1623 expectedLocalError: "tls: unexpected server name",
1624 })
1625 testCases = append(testCases, testCase{
1626 testType: clientTest,
1627 name: "ServerNameExtensionClient",
1628 config: Config{
1629 Bugs: ProtocolBugs{
1630 ExpectServerName: "missing.com",
1631 },
1632 },
1633 shouldFail: true,
1634 expectedLocalError: "tls: unexpected server name",
1635 })
1636 testCases = append(testCases, testCase{
1637 testType: serverTest,
1638 name: "ServerNameExtensionServer",
1639 config: Config{
1640 ServerName: "example.com",
1641 },
1642 flags: []string{"-expect-server-name", "example.com"},
1643 resumeSession: true,
1644 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1645 testCases = append(testCases, testCase{
1646 testType: clientTest,
1647 name: "ALPNClient",
1648 config: Config{
1649 NextProtos: []string{"foo"},
1650 },
1651 flags: []string{
1652 "-advertise-alpn", "\x03foo\x03bar\x03baz",
1653 "-expect-alpn", "foo",
1654 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1655 expectedNextProto: "foo",
1656 expectedNextProtoType: alpn,
1657 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1658 })
1659 testCases = append(testCases, testCase{
1660 testType: serverTest,
1661 name: "ALPNServer",
1662 config: Config{
1663 NextProtos: []string{"foo", "bar", "baz"},
1664 },
1665 flags: []string{
1666 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
1667 "-select-alpn", "foo",
1668 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1669 expectedNextProto: "foo",
1670 expectedNextProtoType: alpn,
1671 resumeSession: true,
1672 })
1673 // Test that the server prefers ALPN over NPN.
1674 testCases = append(testCases, testCase{
1675 testType: serverTest,
1676 name: "ALPNServer-Preferred",
1677 config: Config{
1678 NextProtos: []string{"foo", "bar", "baz"},
1679 },
1680 flags: []string{
1681 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
1682 "-select-alpn", "foo",
1683 "-advertise-npn", "\x03foo\x03bar\x03baz",
1684 },
1685 expectedNextProto: "foo",
1686 expectedNextProtoType: alpn,
1687 resumeSession: true,
1688 })
1689 testCases = append(testCases, testCase{
1690 testType: serverTest,
1691 name: "ALPNServer-Preferred-Swapped",
1692 config: Config{
1693 NextProtos: []string{"foo", "bar", "baz"},
1694 Bugs: ProtocolBugs{
1695 SwapNPNAndALPN: true,
1696 },
1697 },
1698 flags: []string{
1699 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
1700 "-select-alpn", "foo",
1701 "-advertise-npn", "\x03foo\x03bar\x03baz",
1702 },
1703 expectedNextProto: "foo",
1704 expectedNextProtoType: alpn,
1705 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1706 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]1707 // Resume with a corrupt ticket.
1708 testCases = append(testCases, testCase{
1709 testType: serverTest,
1710 name: "CorruptTicket",
1711 config: Config{
1712 Bugs: ProtocolBugs{
1713 CorruptTicket: true,
1714 },
1715 },
1716 resumeSession: true,
1717 flags: []string{"-expect-session-miss"},
1718 })
1719 // Resume with an oversized session id.
1720 testCases = append(testCases, testCase{
1721 testType: serverTest,
1722 name: "OversizedSessionId",
1723 config: Config{
1724 Bugs: ProtocolBugs{
1725 OversizedSessionId: true,
1726 },
1727 },
1728 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1729 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]1730 expectedError: ":DECODE_ERROR:",
1731 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]1732}
1733
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1734func addResumptionVersionTests() {
1735 // TODO(davidben): Once DTLS 1.2 is working, test that as well.
1736 for _, sessionVers := range tlsVersions {
1737 // TODO(davidben): SSLv3 is omitted here because runner does not
1738 // support resumption with session IDs.
1739 if sessionVers.version == VersionSSL30 {
1740 continue
1741 }
1742 for _, resumeVers := range tlsVersions {
1743 if resumeVers.version == VersionSSL30 {
1744 continue
1745 }
1746 suffix := "-" + sessionVers.name + "-" + resumeVers.name
1747
1748 // TODO(davidben): Write equivalent tests for the server
1749 // and clean up the server's logic. This requires being
1750 // able to give the shim a different set of SSL_OP_NO_*
1751 // flags between the initial connection and the
1752 // resume. Perhaps resumption should be tested by
1753 // serializing the SSL_SESSION and starting a second
1754 // shim.
1755 testCases = append(testCases, testCase{
1756 name: "Resume-Client" + suffix,
1757 resumeSession: true,
1758 config: Config{
1759 MaxVersion: sessionVers.version,
1760 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1761 Bugs: ProtocolBugs{
1762 AllowSessionVersionMismatch: true,
1763 },
1764 },
1765 expectedVersion: sessionVers.version,
1766 resumeConfig: &Config{
1767 MaxVersion: resumeVers.version,
1768 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1769 Bugs: ProtocolBugs{
1770 AllowSessionVersionMismatch: true,
1771 },
1772 },
1773 expectedResumeVersion: resumeVers.version,
1774 })
1775
1776 testCases = append(testCases, testCase{
1777 name: "Resume-Client-NoResume" + suffix,
1778 flags: []string{"-expect-session-miss"},
1779 resumeSession: true,
1780 config: Config{
1781 MaxVersion: sessionVers.version,
1782 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1783 },
1784 expectedVersion: sessionVers.version,
1785 resumeConfig: &Config{
1786 MaxVersion: resumeVers.version,
1787 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1788 SessionTicketsDisabled: true,
1789 },
1790 expectedResumeVersion: resumeVers.version,
1791 })
1792 }
1793 }
1794}
1795
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]1796func addRenegotiationTests() {
1797 testCases = append(testCases, testCase{
1798 testType: serverTest,
1799 name: "Renegotiate-Server",
1800 flags: []string{"-renegotiate"},
1801 shimWritesFirst: true,
1802 })
1803 testCases = append(testCases, testCase{
1804 testType: serverTest,
1805 name: "Renegotiate-Server-EmptyExt",
1806 config: Config{
1807 Bugs: ProtocolBugs{
1808 EmptyRenegotiationInfo: true,
1809 },
1810 },
1811 flags: []string{"-renegotiate"},
1812 shimWritesFirst: true,
1813 shouldFail: true,
1814 expectedError: ":RENEGOTIATION_MISMATCH:",
1815 })
1816 testCases = append(testCases, testCase{
1817 testType: serverTest,
1818 name: "Renegotiate-Server-BadExt",
1819 config: Config{
1820 Bugs: ProtocolBugs{
1821 BadRenegotiationInfo: true,
1822 },
1823 },
1824 flags: []string{"-renegotiate"},
1825 shimWritesFirst: true,
1826 shouldFail: true,
1827 expectedError: ":RENEGOTIATION_MISMATCH:",
1828 })
1829 // TODO(agl): test the renegotiation info SCSV.
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]1830 testCases = append(testCases, testCase{
1831 name: "Renegotiate-Client",
1832 renegotiate: true,
1833 })
1834 testCases = append(testCases, testCase{
1835 name: "Renegotiate-Client-EmptyExt",
1836 renegotiate: true,
1837 config: Config{
1838 Bugs: ProtocolBugs{
1839 EmptyRenegotiationInfo: true,
1840 },
1841 },
1842 shouldFail: true,
1843 expectedError: ":RENEGOTIATION_MISMATCH:",
1844 })
1845 testCases = append(testCases, testCase{
1846 name: "Renegotiate-Client-BadExt",
1847 renegotiate: true,
1848 config: Config{
1849 Bugs: ProtocolBugs{
1850 BadRenegotiationInfo: true,
1851 },
1852 },
1853 shouldFail: true,
1854 expectedError: ":RENEGOTIATION_MISMATCH:",
1855 })
1856 testCases = append(testCases, testCase{
1857 name: "Renegotiate-Client-SwitchCiphers",
1858 renegotiate: true,
1859 config: Config{
1860 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1861 },
1862 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1863 })
1864 testCases = append(testCases, testCase{
1865 name: "Renegotiate-Client-SwitchCiphers2",
1866 renegotiate: true,
1867 config: Config{
1868 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1869 },
1870 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1871 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]1872}
1873
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]1874func addDTLSReplayTests() {
1875 // Test that sequence number replays are detected.
1876 testCases = append(testCases, testCase{
1877 protocol: dtls,
1878 name: "DTLS-Replay",
1879 replayWrites: true,
1880 })
1881
1882 // Test the outgoing sequence number skipping by values larger
1883 // than the retransmit window.
1884 testCases = append(testCases, testCase{
1885 protocol: dtls,
1886 name: "DTLS-Replay-LargeGaps",
1887 config: Config{
1888 Bugs: ProtocolBugs{
1889 SequenceNumberIncrement: 127,
1890 },
1891 },
1892 replayWrites: true,
1893 })
1894}
1895
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1896func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1897 defer wg.Done()
1898
1899 for test := range c {
1900 statusChan <- statusMsg{test: test, started: true}
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1901 err := runTest(test, buildDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1902 statusChan <- statusMsg{test: test, err: err}
1903 }
1904}
1905
1906type statusMsg struct {
1907 test *testCase
1908 started bool
1909 err error
1910}
1911
1912func statusPrinter(doneChan chan struct{}, statusChan chan statusMsg, total int) {
1913 var started, done, failed, lineLen int
1914 defer close(doneChan)
1915
1916 for msg := range statusChan {
1917 if msg.started {
1918 started++
1919 } else {
1920 done++
1921 }
1922
1923 fmt.Printf("\x1b[%dD\x1b[K", lineLen)
1924
1925 if msg.err != nil {
1926 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
1927 failed++
1928 }
1929 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
1930 lineLen = len(line)
1931 os.Stdout.WriteString(line)
1932 }
1933}
1934
1935func main() {
1936 var flagTest *string = flag.String("test", "", "The name of a test to run, or empty to run all tests")
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]1937 var flagNumWorkers *int = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1938 var flagBuildDir *string = flag.String("build-dir", "../../../build", "The build directory to run the shim from.")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1939
1940 flag.Parse()
1941
1942 addCipherSuiteTests()
1943 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1944 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1945 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1946 addClientAuthTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1947 addVersionNegotiationTests()
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]1948 addD5BugTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]1949 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1950 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1951 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]1952 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]1953 addDTLSReplayTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1954 for _, async := range []bool{false, true} {
1955 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1956 for _, protocol := range []protocol{tls, dtls} {
1957 addStateMachineCoverageTests(async, splitHandshake, protocol)
1958 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1959 }
1960 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1961
1962 var wg sync.WaitGroup
1963
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]1964 numWorkers := *flagNumWorkers
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1965
1966 statusChan := make(chan statusMsg, numWorkers)
1967 testChan := make(chan *testCase, numWorkers)
1968 doneChan := make(chan struct{})
1969
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1970 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1971
1972 for i := 0; i < numWorkers; i++ {
1973 wg.Add(1)
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1974 go worker(statusChan, testChan, *flagBuildDir, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1975 }
1976
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1977 for i := range testCases {
1978 if len(*flagTest) == 0 || *flagTest == testCases[i].name {
1979 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1980 }
1981 }
1982
1983 close(testChan)
1984 wg.Wait()
1985 close(statusChan)
1986 <-doneChan
1987
1988 fmt.Printf("\n")
1989}