Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 458334a1598a6ef7045f01cb0afda0384f205e46 / . / ssl / test / runner / runner.go
blob: 9822676270e75608d170ec49b2223614980b26b2 [file] [log] [blame]
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]1// Copyright (c) 2016, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
David Benjamin0d1b0962016-08-01 09:50:57 -0400[diff] [blame]13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]14
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]15package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]16
17import (
18 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]19 "crypto/ecdsa"
20 "crypto/elliptic"
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]21 "crypto/rand"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]22 "crypto/x509"
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]23 "crypto/x509/pkix"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]24 "encoding/base64"
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]25 "encoding/json"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]26 "encoding/pem"
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]27 "errors"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]28 "flag"
29 "fmt"
30 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]31 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]32 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]33 "net"
34 "os"
35 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]36 "path"
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]37 "path/filepath"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]38 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]39 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]40 "strings"
41 "sync"
42 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]43 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]44)
45
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]46var (
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]47 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
48 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
49 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
50 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
51 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
52 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
53 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
54 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]55 testToRun = flag.String("test", "", "The pattern to filter tests to run, or empty to run all tests")
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]56 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
57 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
58 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
59 fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
60 transcriptDir = flag.String("transcript-dir", "", "The directory in which to write transcripts.")
61 idleTimeout = flag.Duration("idle-timeout", 15*time.Second, "The number of seconds to wait for a read or write to bssl_shim.")
62 deterministic = flag.Bool("deterministic", false, "If true, uses a deterministic PRNG in the runner.")
63 allowUnimplemented = flag.Bool("allow-unimplemented", false, "If true, report pass even if some tests are unimplemented.")
EKR173bf932016-07-29 15:52:49 +0200[diff] [blame]64 looseErrors = flag.Bool("loose-errors", false, "If true, allow shims to report an untranslated error code.")
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]65 shimConfigFile = flag.String("shim-config", "", "A config file to use to configure the tests for this shim.")
66 includeDisabled = flag.Bool("include-disabled", false, "If true, also runs disabled tests.")
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]67 repeatUntilFailure = flag.Bool("repeat-until-failure", false, "If true, the first selected test will be run repeatedly until failure.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]68)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]69
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]70// ShimConfigurations is used with the “json” package and represents a shim
71// config file.
72type ShimConfiguration struct {
73 // DisabledTests maps from a glob-based pattern to a freeform string.
74 // The glob pattern is used to exclude tests from being run and the
75 // freeform string is unparsed but expected to explain why the test is
76 // disabled.
77 DisabledTests map[string]string
78
79 // ErrorMap maps from expected error strings to the correct error
80 // string for the shim in question. For example, it might map
81 // “:NO_SHARED_CIPHER:” (a BoringSSL error string) to something
82 // like “SSL_ERROR_NO_CYPHER_OVERLAP”.
83 ErrorMap map[string]string
84}
85
86var shimConfig ShimConfiguration
87
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]88type testCert int
89
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]90const (
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]91 testCertRSA testCert = iota
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]92 testCertRSA1024
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]93 testCertRSAChain
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]94 testCertECDSAP256
95 testCertECDSAP384
96 testCertECDSAP521
97)
98
99const (
100 rsaCertificateFile = "cert.pem"
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]101 rsa1024CertificateFile = "rsa_1024_cert.pem"
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]102 rsaChainCertificateFile = "rsa_chain_cert.pem"
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]103 ecdsaP256CertificateFile = "ecdsa_p256_cert.pem"
104 ecdsaP384CertificateFile = "ecdsa_p384_cert.pem"
105 ecdsaP521CertificateFile = "ecdsa_p521_cert.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]106)
107
108const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]109 rsaKeyFile = "key.pem"
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]110 rsa1024KeyFile = "rsa_1024_key.pem"
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]111 rsaChainKeyFile = "rsa_chain_key.pem"
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]112 ecdsaP256KeyFile = "ecdsa_p256_key.pem"
113 ecdsaP384KeyFile = "ecdsa_p384_key.pem"
114 ecdsaP521KeyFile = "ecdsa_p521_key.pem"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]115 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]116)
117
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]118var (
119 rsaCertificate Certificate
120 rsa1024Certificate Certificate
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]121 rsaChainCertificate Certificate
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]122 ecdsaP256Certificate Certificate
123 ecdsaP384Certificate Certificate
124 ecdsaP521Certificate Certificate
125)
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]126
127var testCerts = []struct {
128 id testCert
129 certFile, keyFile string
130 cert *Certificate
131}{
132 {
133 id: testCertRSA,
134 certFile: rsaCertificateFile,
135 keyFile: rsaKeyFile,
136 cert: &rsaCertificate,
137 },
138 {
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]139 id: testCertRSA1024,
140 certFile: rsa1024CertificateFile,
141 keyFile: rsa1024KeyFile,
142 cert: &rsa1024Certificate,
143 },
144 {
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]145 id: testCertRSAChain,
146 certFile: rsaChainCertificateFile,
147 keyFile: rsaChainKeyFile,
148 cert: &rsaChainCertificate,
149 },
150 {
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]151 id: testCertECDSAP256,
152 certFile: ecdsaP256CertificateFile,
153 keyFile: ecdsaP256KeyFile,
154 cert: &ecdsaP256Certificate,
155 },
156 {
157 id: testCertECDSAP384,
158 certFile: ecdsaP384CertificateFile,
159 keyFile: ecdsaP384KeyFile,
160 cert: &ecdsaP384Certificate,
161 },
162 {
163 id: testCertECDSAP521,
164 certFile: ecdsaP521CertificateFile,
165 keyFile: ecdsaP521KeyFile,
166 cert: &ecdsaP521Certificate,
167 },
168}
169
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]170var channelIDKey *ecdsa.PrivateKey
171var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]172
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]173var testOCSPResponse = []byte{1, 2, 3, 4}
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]174var testSCTList = []byte{0, 6, 0, 4, 5, 6, 7, 8}
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]175
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]176var testOCSPExtension = append([]byte{byte(extensionStatusRequest) >> 8, byte(extensionStatusRequest), 0, 8, statusTypeOCSP, 0, 0, 4}, testOCSPResponse...)
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]177var testSCTExtension = append([]byte{byte(extensionSignedCertificateTimestamp) >> 8, byte(extensionSignedCertificateTimestamp), 0, byte(len(testSCTList))}, testSCTList...)
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]178
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]179func initCertificates() {
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]180 for i := range testCerts {
181 cert, err := LoadX509KeyPair(path.Join(*resourceDir, testCerts[i].certFile), path.Join(*resourceDir, testCerts[i].keyFile))
182 if err != nil {
183 panic(err)
184 }
185 cert.OCSPStaple = testOCSPResponse
186 cert.SignedCertificateTimestampList = testSCTList
187 *testCerts[i].cert = cert
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]188 }
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]189
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]190 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]191 if err != nil {
192 panic(err)
193 }
194 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
195 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
196 panic("bad key type")
197 }
198 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
199 if err != nil {
200 panic(err)
201 }
202 if channelIDKey.Curve != elliptic.P256() {
203 panic("bad curve")
204 }
205
206 channelIDBytes = make([]byte, 64)
207 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
208 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]209}
210
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]211func getRunnerCertificate(t testCert) Certificate {
212 for _, cert := range testCerts {
213 if cert.id == t {
214 return *cert.cert
215 }
216 }
217 panic("Unknown test certificate")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]218}
219
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]220func getShimCertificate(t testCert) string {
221 for _, cert := range testCerts {
222 if cert.id == t {
223 return cert.certFile
224 }
225 }
226 panic("Unknown test certificate")
227}
228
229func getShimKey(t testCert) string {
230 for _, cert := range testCerts {
231 if cert.id == t {
232 return cert.keyFile
233 }
234 }
235 panic("Unknown test certificate")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]236}
237
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]238type testType int
239
240const (
241 clientTest testType = iota
242 serverTest
243)
244
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]245type protocol int
246
247const (
248 tls protocol = iota
249 dtls
250)
251
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]252const (
253 alpn = 1
254 npn = 2
255)
256
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]257type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]258 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]259 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]260 name string
261 config Config
262 shouldFail bool
263 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]264 // expectedLocalError, if not empty, contains a substring that must be
265 // found in the local error.
266 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]267 // expectedVersion, if non-zero, specifies the TLS version that must be
268 // negotiated.
269 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]270 // expectedResumeVersion, if non-zero, specifies the TLS version that
271 // must be negotiated on resumption. If zero, expectedVersion is used.
272 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]273 // expectedCipher, if non-zero, specifies the TLS cipher suite that
274 // should be negotiated.
275 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]276 // expectChannelID controls whether the connection should have
277 // negotiated a Channel ID with channelIDKey.
278 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]279 // expectedNextProto controls whether the connection should
280 // negotiate a next protocol via NPN or ALPN.
281 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]282 // expectNoNextProto, if true, means that no next protocol should be
283 // negotiated.
284 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]285 // expectedNextProtoType, if non-zero, is the expected next
286 // protocol negotiation mechanism.
287 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]288 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
289 // should be negotiated. If zero, none should be negotiated.
290 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]291 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
292 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]293 // expectedSCTList, if not nil, is the expected SCT list to be received.
294 expectedSCTList []uint8
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]295 // expectedPeerSignatureAlgorithm, if not zero, is the signature
296 // algorithm that the peer should have used in the handshake.
297 expectedPeerSignatureAlgorithm signatureAlgorithm
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]298 // expectedCurveID, if not zero, is the curve that the handshake should
299 // have used.
300 expectedCurveID CurveID
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]301 // messageLen is the length, in bytes, of the test message that will be
302 // sent.
303 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]304 // messageCount is the number of test messages that will be sent.
305 messageCount int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]306 // certFile is the path to the certificate to use for the server.
307 certFile string
308 // keyFile is the path to the private key to use for the server.
309 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]310 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]311 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]312 resumeSession bool
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]313 // resumeRenewedSession controls whether a third connection should be
314 // tested which attempts to resume the second connection's session.
315 resumeRenewedSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]316 // expectResumeRejected, if true, specifies that the attempted
317 // resumption must be rejected by the client. This is only valid for a
318 // serverTest.
319 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]320 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]321 // resumption. Unless newSessionsOnResume is set,
322 // SessionTicketKey, ServerSessionCache, and
323 // ClientSessionCache are copied from the initial connection's
324 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]325 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]326 // newSessionsOnResume, if true, will cause resumeConfig to
327 // use a different session resumption context.
328 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]329 // noSessionCache, if true, will cause the server to run without a
330 // session cache.
331 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]332 // sendPrefix sends a prefix on the socket before actually performing a
333 // handshake.
334 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]335 // shimWritesFirst controls whether the shim sends an initial "hello"
336 // message before doing a roundtrip with the runner.
337 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]338 // shimShutsDown, if true, runs a test where the shim shuts down the
339 // connection immediately after the handshake rather than echoing
340 // messages from the runner.
341 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]342 // renegotiate indicates the number of times the connection should be
343 // renegotiated during the exchange.
344 renegotiate int
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]345 // sendHalfHelloRequest, if true, causes the server to send half a
346 // HelloRequest when the handshake completes.
347 sendHalfHelloRequest bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]348 // renegotiateCiphers is a list of ciphersuite ids that will be
349 // switched in just before renegotiation.
350 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]351 // replayWrites, if true, configures the underlying transport
352 // to replay every write it makes in DTLS tests.
353 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]354 // damageFirstWrite, if true, configures the underlying transport to
355 // damage the final byte of the first application data write.
356 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]357 // exportKeyingMaterial, if non-zero, configures the test to exchange
358 // keying material and verify they match.
359 exportKeyingMaterial int
360 exportLabel string
361 exportContext string
362 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]363 // flags, if not empty, contains a list of command-line flags that will
364 // be passed to the shim program.
365 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]366 // testTLSUnique, if true, causes the shim to send the tls-unique value
367 // which will be compared against the expected value.
368 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]369 // sendEmptyRecords is the number of consecutive empty records to send
370 // before and after the test message.
371 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]372 // sendWarningAlerts is the number of consecutive warning alerts to send
373 // before and after the test message.
374 sendWarningAlerts int
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]375 // sendKeyUpdates is the number of consecutive key updates to send
376 // before and after the test message.
377 sendKeyUpdates int
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]378 // keyUpdateRequest is the KeyUpdateRequest value to send in KeyUpdate messages.
379 keyUpdateRequest byte
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]380 // expectMessageDropped, if true, means the test message is expected to
381 // be dropped by the client rather than echoed back.
382 expectMessageDropped bool
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]383 // expectPeerCertificate, if not nil, is the certificate chain the peer
384 // is expected to send.
385 expectPeerCertificate *Certificate
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]386}
387
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]388var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]389
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]390func writeTranscript(test *testCase, num int, data []byte) {
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]391 if len(data) == 0 {
392 return
393 }
394
395 protocol := "tls"
396 if test.protocol == dtls {
397 protocol = "dtls"
398 }
399
400 side := "client"
401 if test.testType == serverTest {
402 side = "server"
403 }
404
405 dir := path.Join(*transcriptDir, protocol, side)
406 if err := os.MkdirAll(dir, 0755); err != nil {
407 fmt.Fprintf(os.Stderr, "Error making %s: %s\n", dir, err)
408 return
409 }
410
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]411 name := fmt.Sprintf("%s-%d", test.name, num)
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]412 if err := ioutil.WriteFile(path.Join(dir, name), data, 0644); err != nil {
413 fmt.Fprintf(os.Stderr, "Error writing %s: %s\n", name, err)
414 }
415}
416
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]417// A timeoutConn implements an idle timeout on each Read and Write operation.
418type timeoutConn struct {
419 net.Conn
420 timeout time.Duration
421}
422
423func (t *timeoutConn) Read(b []byte) (int, error) {
424 if err := t.SetReadDeadline(time.Now().Add(t.timeout)); err != nil {
425 return 0, err
426 }
427 return t.Conn.Read(b)
428}
429
430func (t *timeoutConn) Write(b []byte) (int, error) {
431 if err := t.SetWriteDeadline(time.Now().Add(t.timeout)); err != nil {
432 return 0, err
433 }
434 return t.Conn.Write(b)
435}
436
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]437func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, num int) error {
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]438 if !test.noSessionCache {
439 if config.ClientSessionCache == nil {
440 config.ClientSessionCache = NewLRUClientSessionCache(1)
441 }
442 if config.ServerSessionCache == nil {
443 config.ServerSessionCache = NewLRUServerSessionCache(1)
444 }
445 }
446 if test.testType == clientTest {
447 if len(config.Certificates) == 0 {
448 config.Certificates = []Certificate{rsaCertificate}
449 }
450 } else {
451 // Supply a ServerName to ensure a constant session cache key,
452 // rather than falling back to net.Conn.RemoteAddr.
453 if len(config.ServerName) == 0 {
454 config.ServerName = "test"
455 }
456 }
457 if *fuzzer {
458 config.Bugs.NullAllCiphers = true
459 }
David Benjamin01a90572016-09-22 00:11:43 -0400[diff] [blame]460 if *deterministic {
461 config.Time = func() time.Time { return time.Unix(1234, 1234) }
462 }
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]463
David Benjamin01784b42016-06-07 18:00:52 -0400[diff] [blame]464 conn = &timeoutConn{conn, *idleTimeout}
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]465
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]466 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]467 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
468 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]469 }
470
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]471 if *flagDebug || len(*transcriptDir) != 0 {
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]472 local, peer := "client", "server"
473 if test.testType == clientTest {
474 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]475 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]476 connDebug := &recordingConn{
477 Conn: conn,
478 isDatagram: test.protocol == dtls,
479 local: local,
480 peer: peer,
481 }
482 conn = connDebug
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]483 if *flagDebug {
484 defer connDebug.WriteTo(os.Stdout)
485 }
486 if len(*transcriptDir) != 0 {
487 defer func() {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]488 writeTranscript(test, num, connDebug.Transcript())
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]489 }()
490 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]491
492 if config.Bugs.PacketAdaptor != nil {
493 config.Bugs.PacketAdaptor.debug = connDebug
494 }
495 }
496
497 if test.replayWrites {
498 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]499 }
500
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]501 var connDamage *damageAdaptor
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]502 if test.damageFirstWrite {
503 connDamage = newDamageAdaptor(conn)
504 conn = connDamage
505 }
506
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]507 if test.sendPrefix != "" {
508 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
509 return err
510 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]511 }
512
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]513 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]514 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]515 if test.protocol == dtls {
516 tlsConn = DTLSServer(conn, config)
517 } else {
518 tlsConn = Server(conn, config)
519 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]520 } else {
521 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]522 if test.protocol == dtls {
523 tlsConn = DTLSClient(conn, config)
524 } else {
525 tlsConn = Client(conn, config)
526 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]527 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]528 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]529
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]530 if err := tlsConn.Handshake(); err != nil {
531 return err
532 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]533
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]534 // TODO(davidben): move all per-connection expectations into a dedicated
535 // expectations struct that can be specified separately for the two
536 // legs.
537 expectedVersion := test.expectedVersion
538 if isResume && test.expectedResumeVersion != 0 {
539 expectedVersion = test.expectedResumeVersion
540 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]541 connState := tlsConn.ConnectionState()
542 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]543 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]544 }
545
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]546 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]547 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
548 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]549 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
550 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
551 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]552
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]553 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]554 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]555 if channelID == nil {
556 return fmt.Errorf("no channel ID negotiated")
557 }
558 if channelID.Curve != channelIDKey.Curve ||
559 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
560 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
561 return fmt.Errorf("incorrect channel ID")
562 }
563 }
564
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]565 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]566 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]567 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
568 }
569 }
570
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]571 if test.expectNoNextProto {
572 if actual := connState.NegotiatedProtocol; actual != "" {
573 return fmt.Errorf("got unexpected next proto %s", actual)
574 }
575 }
576
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]577 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]578 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]579 return fmt.Errorf("next proto type mismatch")
580 }
581 }
582
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]583 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]584 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
585 }
586
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]587 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]588 return fmt.Errorf("OCSP Response mismatch: got %x, wanted %x", tlsConn.OCSPResponse(), test.expectedOCSPResponse)
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]589 }
590
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]591 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
592 return fmt.Errorf("SCT list mismatch")
593 }
594
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]595 if expected := test.expectedPeerSignatureAlgorithm; expected != 0 && expected != connState.PeerSignatureAlgorithm {
596 return fmt.Errorf("expected peer to use signature algorithm %04x, but got %04x", expected, connState.PeerSignatureAlgorithm)
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]597 }
598
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]599 if expected := test.expectedCurveID; expected != 0 && expected != connState.CurveID {
600 return fmt.Errorf("expected peer to use curve %04x, but got %04x", expected, connState.CurveID)
601 }
602
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]603 if test.expectPeerCertificate != nil {
604 if len(connState.PeerCertificates) != len(test.expectPeerCertificate.Certificate) {
605 return fmt.Errorf("expected peer to send %d certificates, but got %d", len(connState.PeerCertificates), len(test.expectPeerCertificate.Certificate))
606 }
607 for i, cert := range connState.PeerCertificates {
608 if !bytes.Equal(cert.Raw, test.expectPeerCertificate.Certificate[i]) {
609 return fmt.Errorf("peer certificate %d did not match", i+1)
610 }
611 }
612 }
613
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]614 if test.exportKeyingMaterial > 0 {
615 actual := make([]byte, test.exportKeyingMaterial)
616 if _, err := io.ReadFull(tlsConn, actual); err != nil {
617 return err
618 }
619 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
620 if err != nil {
621 return err
622 }
623 if !bytes.Equal(actual, expected) {
624 return fmt.Errorf("keying material mismatch")
625 }
626 }
627
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]628 if test.testTLSUnique {
629 var peersValue [12]byte
630 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
631 return err
632 }
633 expected := tlsConn.ConnectionState().TLSUnique
634 if !bytes.Equal(peersValue[:], expected) {
635 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
636 }
637 }
638
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]639 if test.shimWritesFirst {
640 var buf [5]byte
641 _, err := io.ReadFull(tlsConn, buf[:])
642 if err != nil {
643 return err
644 }
645 if string(buf[:]) != "hello" {
646 return fmt.Errorf("bad initial message")
647 }
648 }
649
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]650 for i := 0; i < test.sendKeyUpdates; i++ {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]651 if err := tlsConn.SendKeyUpdate(test.keyUpdateRequest); err != nil {
David Benjamin7f0965a2016-09-30 15:14:01 -0400[diff] [blame]652 return err
653 }
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]654 }
655
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]656 for i := 0; i < test.sendEmptyRecords; i++ {
657 tlsConn.Write(nil)
658 }
659
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]660 for i := 0; i < test.sendWarningAlerts; i++ {
661 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
662 }
663
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]664 if test.sendHalfHelloRequest {
665 tlsConn.SendHalfHelloRequest()
666 }
667
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]668 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]669 if test.renegotiateCiphers != nil {
670 config.CipherSuites = test.renegotiateCiphers
671 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]672 for i := 0; i < test.renegotiate; i++ {
673 if err := tlsConn.Renegotiate(); err != nil {
674 return err
675 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]676 }
677 } else if test.renegotiateCiphers != nil {
678 panic("renegotiateCiphers without renegotiate")
679 }
680
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]681 if test.damageFirstWrite {
682 connDamage.setDamage(true)
683 tlsConn.Write([]byte("DAMAGED WRITE"))
684 connDamage.setDamage(false)
685 }
686
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]687 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]688 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]689 if test.protocol == dtls {
690 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
691 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]692 // Read until EOF.
693 _, err := io.Copy(ioutil.Discard, tlsConn)
694 return err
695 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]696 if messageLen == 0 {
697 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]698 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]699
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]700 messageCount := test.messageCount
701 if messageCount == 0 {
702 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]703 }
704
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]705 for j := 0; j < messageCount; j++ {
706 testMessage := make([]byte, messageLen)
707 for i := range testMessage {
708 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]709 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]710 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]711
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]712 for i := 0; i < test.sendKeyUpdates; i++ {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]713 tlsConn.SendKeyUpdate(test.keyUpdateRequest)
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]714 }
715
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]716 for i := 0; i < test.sendEmptyRecords; i++ {
717 tlsConn.Write(nil)
718 }
719
720 for i := 0; i < test.sendWarningAlerts; i++ {
721 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
722 }
723
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]724 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]725 // The shim will not respond.
726 continue
727 }
728
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]729 buf := make([]byte, len(testMessage))
730 if test.protocol == dtls {
731 bufTmp := make([]byte, len(buf)+1)
732 n, err := tlsConn.Read(bufTmp)
733 if err != nil {
734 return err
735 }
736 if n != len(buf) {
737 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
738 }
739 copy(buf, bufTmp)
740 } else {
741 _, err := io.ReadFull(tlsConn, buf)
742 if err != nil {
743 return err
744 }
745 }
746
747 for i, v := range buf {
748 if v != testMessage[i]^0xff {
749 return fmt.Errorf("bad reply contents at byte %d", i)
750 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]751 }
752 }
753
754 return nil
755}
756
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]757func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]758 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full", "--quiet"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]759 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]760 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]761 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]762 valgrindArgs = append(valgrindArgs, path)
763 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]764
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]765 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]766}
767
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]768func gdbOf(path string, args ...string) *exec.Cmd {
769 xtermArgs := []string{"-e", "gdb", "--args"}
770 xtermArgs = append(xtermArgs, path)
771 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]772
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]773 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]774}
775
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]776func lldbOf(path string, args ...string) *exec.Cmd {
777 xtermArgs := []string{"-e", "lldb", "--"}
778 xtermArgs = append(xtermArgs, path)
779 xtermArgs = append(xtermArgs, args...)
780
781 return exec.Command("xterm", xtermArgs...)
782}
783
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]784var (
785 errMoreMallocs = errors.New("child process did not exhaust all allocation calls")
786 errUnimplemented = errors.New("child process does not implement needed flags")
787)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]788
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]789// accept accepts a connection from listener, unless waitChan signals a process
790// exit first.
791func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
792 type connOrError struct {
793 conn net.Conn
794 err error
795 }
796 connChan := make(chan connOrError, 1)
797 go func() {
798 conn, err := listener.Accept()
799 connChan <- connOrError{conn, err}
800 close(connChan)
801 }()
802 select {
803 case result := <-connChan:
804 return result.conn, result.err
805 case childErr := <-waitChan:
806 waitChan <- childErr
807 return nil, fmt.Errorf("child exited early: %s", childErr)
808 }
809}
810
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]811func translateExpectedError(errorStr string) string {
812 if translated, ok := shimConfig.ErrorMap[errorStr]; ok {
813 return translated
814 }
815
816 if *looseErrors {
817 return ""
818 }
819
820 return errorStr
821}
822
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]823func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]824 // Help debugging panics on the Go side.
825 defer func() {
826 if r := recover(); r != nil {
827 fmt.Fprintf(os.Stderr, "Test '%s' panicked.\n", test.name)
828 panic(r)
829 }
830 }()
831
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]832 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
833 panic("Error expected without shouldFail in " + test.name)
834 }
835
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]836 if test.expectResumeRejected && !test.resumeSession {
837 panic("expectResumeRejected without resumeSession in " + test.name)
838 }
839
Adam Langley33b1d4f2016-12-07 15:03:45 -0800[diff] [blame]840 for _, ver := range tlsVersions {
841 if !strings.Contains("-"+test.name+"-", "-"+ver.name+"-") {
842 continue
843 }
844
845 if test.config.MaxVersion != 0 || test.config.MinVersion != 0 || test.expectedVersion != 0 {
846 continue
847 }
848
849 panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
850 }
851
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]852 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
853 if err != nil {
854 panic(err)
855 }
856 defer func() {
857 if listener != nil {
858 listener.Close()
859 }
860 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]861
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]862 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]863 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]864 flags = append(flags, "-server")
865
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]866 flags = append(flags, "-key-file")
867 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]868 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]869 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]870 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]871 }
872
873 flags = append(flags, "-cert-file")
874 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]875 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]876 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]877 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]878 }
879 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]880
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]881 if test.protocol == dtls {
882 flags = append(flags, "-dtls")
883 }
884
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]885 var resumeCount int
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]886 if test.resumeSession {
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]887 resumeCount++
888 if test.resumeRenewedSession {
889 resumeCount++
890 }
891 }
892
893 if resumeCount > 0 {
894 flags = append(flags, "-resume-count", strconv.Itoa(resumeCount))
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]895 }
896
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]897 if test.shimWritesFirst {
898 flags = append(flags, "-shim-writes-first")
899 }
900
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]901 if test.shimShutsDown {
902 flags = append(flags, "-shim-shuts-down")
903 }
904
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]905 if test.exportKeyingMaterial > 0 {
906 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
907 flags = append(flags, "-export-label", test.exportLabel)
908 flags = append(flags, "-export-context", test.exportContext)
909 if test.useExportContext {
910 flags = append(flags, "-use-export-context")
911 }
912 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]913 if test.expectResumeRejected {
914 flags = append(flags, "-expect-session-miss")
915 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]916
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]917 if test.testTLSUnique {
918 flags = append(flags, "-tls-unique")
919 }
920
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]921 flags = append(flags, test.flags...)
922
923 var shim *exec.Cmd
924 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]925 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]926 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]927 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]928 } else if *useLLDB {
929 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]930 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]931 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]932 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]933 shim.Stdin = os.Stdin
934 var stdoutBuf, stderrBuf bytes.Buffer
935 shim.Stdout = &stdoutBuf
936 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]937 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]938 shim.Env = os.Environ()
939 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]940 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]941 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]942 }
943 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
944 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]945
946 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]947 panic(err)
948 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]949 waitChan := make(chan error, 1)
950 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]951
952 config := test.config
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]953
David Benjamin7a4aaa42016-09-20 17:58:14 -0400[diff] [blame]954 if *deterministic {
955 config.Rand = &deterministicRand{}
956 }
957
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]958 conn, err := acceptOrWait(listener, waitChan)
959 if err == nil {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]960 err = doExchange(test, &config, conn, false /* not a resumption */, 0)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]961 conn.Close()
962 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]963
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]964 for i := 0; err == nil && i < resumeCount; i++ {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]965 var resumeConfig Config
966 if test.resumeConfig != nil {
967 resumeConfig = *test.resumeConfig
David Benjamine54af062016-08-08 19:21:18 -0400[diff] [blame]968 if !test.newSessionsOnResume {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]969 resumeConfig.SessionTicketKey = config.SessionTicketKey
970 resumeConfig.ClientSessionCache = config.ClientSessionCache
971 resumeConfig.ServerSessionCache = config.ServerSessionCache
972 }
David Benjamin2e045a92016-06-08 13:09:56 -0400[diff] [blame]973 resumeConfig.Rand = config.Rand
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]974 } else {
975 resumeConfig = config
976 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]977 var connResume net.Conn
978 connResume, err = acceptOrWait(listener, waitChan)
979 if err == nil {
David Benjaminc07afb72016-09-22 10:18:58 -0400[diff] [blame]980 err = doExchange(test, &resumeConfig, connResume, true /* resumption */, i+1)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]981 connResume.Close()
982 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]983 }
984
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]985 // Close the listener now. This is to avoid hangs should the shim try to
986 // open more connections than expected.
987 listener.Close()
988 listener = nil
989
990 childErr := <-waitChan
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]991 var isValgrindError bool
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]992 if exitError, ok := childErr.(*exec.ExitError); ok {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]993 switch exitError.Sys().(syscall.WaitStatus).ExitStatus() {
994 case 88:
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]995 return errMoreMallocs
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]996 case 89:
997 return errUnimplemented
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]998 case 99:
999 isValgrindError = true
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1000 }
1001 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1002
David Benjamin9bea3492016-03-02 10:59:16 -0500[diff] [blame]1003 // Account for Windows line endings.
1004 stdout := strings.Replace(string(stdoutBuf.Bytes()), "\r\n", "\n", -1)
1005 stderr := strings.Replace(string(stderrBuf.Bytes()), "\r\n", "\n", -1)
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]1006
1007 // Separate the errors from the shim and those from tools like
1008 // AddressSanitizer.
1009 var extraStderr string
1010 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
1011 stderr = stderrParts[0]
1012 extraStderr = stderrParts[1]
1013 }
1014
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1015 failed := err != nil || childErr != nil
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]1016 expectedError := translateExpectedError(test.expectedError)
1017 correctFailure := len(expectedError) == 0 || strings.Contains(stderr, expectedError)
EKR173bf932016-07-29 15:52:49 +0200[diff] [blame]1018
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1019 localError := "none"
1020 if err != nil {
1021 localError = err.Error()
1022 }
1023 if len(test.expectedLocalError) != 0 {
1024 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
1025 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1026
1027 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1028 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1029 if childErr != nil {
1030 childError = childErr.Error()
1031 }
1032
1033 var msg string
1034 switch {
1035 case failed && !test.shouldFail:
1036 msg = "unexpected failure"
1037 case !failed && test.shouldFail:
1038 msg = "unexpected success"
1039 case failed && !correctFailure:
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]1040 msg = "bad error (wanted '" + expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1041 default:
1042 panic("internal error")
1043 }
1044
David Benjamin9aafb642016-09-20 19:36:53 -0400[diff] [blame]1045 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s\n%s", msg, localError, childError, stdout, stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1046 }
1047
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1048 if len(extraStderr) > 0 || (!failed && len(stderr) > 0) {
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]1049 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1050 }
1051
David Benjamind2ba8892016-09-20 19:41:04 -0400[diff] [blame]1052 if *useValgrind && isValgrindError {
1053 return fmt.Errorf("valgrind error:\n%s\n%s", stderr, extraStderr)
1054 }
1055
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1056 return nil
1057}
1058
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1059type tlsVersion struct {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1060 name string
1061 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1062 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1063 hasDTLS bool
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1064}
1065
1066var tlsVersions = []tlsVersion{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1067 {"SSL3", VersionSSL30, "-no-ssl3", false},
1068 {"TLS1", VersionTLS10, "-no-tls1", true},
1069 {"TLS11", VersionTLS11, "-no-tls11", false},
1070 {"TLS12", VersionTLS12, "-no-tls12", true},
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1071 {"TLS13", VersionTLS13, "-no-tls13", false},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1072}
1073
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1074type testCipherSuite struct {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1075 name string
1076 id uint16
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]1077}
1078
1079var testCipherSuites = []testCipherSuite{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1080 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1081 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1082 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1083 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1084 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1085 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1086 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1087 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1088 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1089 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1090 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
1091 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1092 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1093 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1094 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1095 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
1096 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1097 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1098 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1099 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]1100 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1101 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1102 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1103 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1104 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1105 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1106 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1107 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]1108 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1109 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
1110 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]1111 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
1112 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1113 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1114 {"AEAD-CHACHA20-POLY1305", TLS_CHACHA20_POLY1305_SHA256},
1115 {"AEAD-AES128-GCM-SHA256", TLS_AES_128_GCM_SHA256},
1116 {"AEAD-AES256-GCM-SHA384", TLS_AES_256_GCM_SHA384},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1117 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1118}
1119
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1120func hasComponent(suiteName, component string) bool {
1121 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
1122}
1123
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1124func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1125 return hasComponent(suiteName, "GCM") ||
1126 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]1127 hasComponent(suiteName, "SHA384") ||
1128 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1129}
1130
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1131func isTLS13Suite(suiteName string) bool {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1132 return strings.HasPrefix(suiteName, "AEAD-")
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1133}
1134
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1135func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1136 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1137}
1138
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]1139func bigFromHex(hex string) *big.Int {
1140 ret, ok := new(big.Int).SetString(hex, 16)
1141 if !ok {
1142 panic("failed to parse hex number 0x" + hex)
1143 }
1144 return ret
1145}
1146
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1147func addBasicTests() {
1148 basicTests := []testCase{
1149 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1150 name: "NoFallbackSCSV",
1151 config: Config{
1152 Bugs: ProtocolBugs{
1153 FailIfNotFallbackSCSV: true,
1154 },
1155 },
1156 shouldFail: true,
1157 expectedLocalError: "no fallback SCSV found",
1158 },
1159 {
1160 name: "SendFallbackSCSV",
1161 config: Config{
1162 Bugs: ProtocolBugs{
1163 FailIfNotFallbackSCSV: true,
1164 },
1165 },
1166 flags: []string{"-fallback-scsv"},
1167 },
1168 {
1169 name: "ClientCertificateTypes",
1170 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1171 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1172 ClientAuth: RequestClientCert,
1173 ClientCertificateTypes: []byte{
1174 CertTypeDSSSign,
1175 CertTypeRSASign,
1176 CertTypeECDSASign,
1177 },
1178 },
1179 flags: []string{
1180 "-expect-certificate-types",
1181 base64.StdEncoding.EncodeToString([]byte{
1182 CertTypeDSSSign,
1183 CertTypeRSASign,
1184 CertTypeECDSASign,
1185 }),
1186 },
1187 },
1188 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1189 name: "UnauthenticatedECDH",
1190 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1191 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1192 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1193 Bugs: ProtocolBugs{
1194 UnauthenticatedECDH: true,
1195 },
1196 },
1197 shouldFail: true,
1198 expectedError: ":UNEXPECTED_MESSAGE:",
1199 },
1200 {
1201 name: "SkipCertificateStatus",
1202 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1203 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1204 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1205 Bugs: ProtocolBugs{
1206 SkipCertificateStatus: true,
1207 },
1208 },
1209 flags: []string{
1210 "-enable-ocsp-stapling",
1211 },
1212 },
1213 {
1214 name: "SkipServerKeyExchange",
1215 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1216 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1217 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1218 Bugs: ProtocolBugs{
1219 SkipServerKeyExchange: true,
1220 },
1221 },
1222 shouldFail: true,
1223 expectedError: ":UNEXPECTED_MESSAGE:",
1224 },
1225 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1226 testType: serverTest,
1227 name: "Alert",
1228 config: Config{
1229 Bugs: ProtocolBugs{
1230 SendSpuriousAlert: alertRecordOverflow,
1231 },
1232 },
1233 shouldFail: true,
1234 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1235 },
1236 {
1237 protocol: dtls,
1238 testType: serverTest,
1239 name: "Alert-DTLS",
1240 config: Config{
1241 Bugs: ProtocolBugs{
1242 SendSpuriousAlert: alertRecordOverflow,
1243 },
1244 },
1245 shouldFail: true,
1246 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1247 },
1248 {
1249 testType: serverTest,
1250 name: "FragmentAlert",
1251 config: Config{
1252 Bugs: ProtocolBugs{
1253 FragmentAlert: true,
1254 SendSpuriousAlert: alertRecordOverflow,
1255 },
1256 },
1257 shouldFail: true,
1258 expectedError: ":BAD_ALERT:",
1259 },
1260 {
1261 protocol: dtls,
1262 testType: serverTest,
1263 name: "FragmentAlert-DTLS",
1264 config: Config{
1265 Bugs: ProtocolBugs{
1266 FragmentAlert: true,
1267 SendSpuriousAlert: alertRecordOverflow,
1268 },
1269 },
1270 shouldFail: true,
1271 expectedError: ":BAD_ALERT:",
1272 },
1273 {
1274 testType: serverTest,
David Benjamin0d3a8c62016-03-11 22:25:18 -0500[diff] [blame]1275 name: "DoubleAlert",
1276 config: Config{
1277 Bugs: ProtocolBugs{
1278 DoubleAlert: true,
1279 SendSpuriousAlert: alertRecordOverflow,
1280 },
1281 },
1282 shouldFail: true,
1283 expectedError: ":BAD_ALERT:",
1284 },
1285 {
1286 protocol: dtls,
1287 testType: serverTest,
1288 name: "DoubleAlert-DTLS",
1289 config: Config{
1290 Bugs: ProtocolBugs{
1291 DoubleAlert: true,
1292 SendSpuriousAlert: alertRecordOverflow,
1293 },
1294 },
1295 shouldFail: true,
1296 expectedError: ":BAD_ALERT:",
1297 },
1298 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1299 name: "SkipNewSessionTicket",
1300 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1301 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1302 Bugs: ProtocolBugs{
1303 SkipNewSessionTicket: true,
1304 },
1305 },
1306 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1307 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1308 },
1309 {
1310 testType: serverTest,
1311 name: "FallbackSCSV",
1312 config: Config{
1313 MaxVersion: VersionTLS11,
1314 Bugs: ProtocolBugs{
1315 SendFallbackSCSV: true,
1316 },
1317 },
1318 shouldFail: true,
1319 expectedError: ":INAPPROPRIATE_FALLBACK:",
1320 },
1321 {
1322 testType: serverTest,
1323 name: "FallbackSCSV-VersionMatch",
1324 config: Config{
1325 Bugs: ProtocolBugs{
1326 SendFallbackSCSV: true,
1327 },
1328 },
1329 },
1330 {
1331 testType: serverTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1332 name: "FallbackSCSV-VersionMatch-TLS12",
1333 config: Config{
1334 MaxVersion: VersionTLS12,
1335 Bugs: ProtocolBugs{
1336 SendFallbackSCSV: true,
1337 },
1338 },
1339 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
1340 },
1341 {
1342 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1343 name: "FragmentedClientVersion",
1344 config: Config{
1345 Bugs: ProtocolBugs{
1346 MaxHandshakeRecordLength: 1,
1347 FragmentClientVersion: true,
1348 },
1349 },
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1350 expectedVersion: VersionTLS13,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1351 },
1352 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1353 testType: serverTest,
1354 name: "HttpGET",
1355 sendPrefix: "GET / HTTP/1.0\n",
1356 shouldFail: true,
1357 expectedError: ":HTTP_REQUEST:",
1358 },
1359 {
1360 testType: serverTest,
1361 name: "HttpPOST",
1362 sendPrefix: "POST / HTTP/1.0\n",
1363 shouldFail: true,
1364 expectedError: ":HTTP_REQUEST:",
1365 },
1366 {
1367 testType: serverTest,
1368 name: "HttpHEAD",
1369 sendPrefix: "HEAD / HTTP/1.0\n",
1370 shouldFail: true,
1371 expectedError: ":HTTP_REQUEST:",
1372 },
1373 {
1374 testType: serverTest,
1375 name: "HttpPUT",
1376 sendPrefix: "PUT / HTTP/1.0\n",
1377 shouldFail: true,
1378 expectedError: ":HTTP_REQUEST:",
1379 },
1380 {
1381 testType: serverTest,
1382 name: "HttpCONNECT",
1383 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1384 shouldFail: true,
1385 expectedError: ":HTTPS_PROXY_REQUEST:",
1386 },
1387 {
1388 testType: serverTest,
1389 name: "Garbage",
1390 sendPrefix: "blah",
1391 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1392 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1393 },
1394 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1395 name: "RSAEphemeralKey",
1396 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1397 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1398 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1399 Bugs: ProtocolBugs{
1400 RSAEphemeralKey: true,
1401 },
1402 },
1403 shouldFail: true,
1404 expectedError: ":UNEXPECTED_MESSAGE:",
1405 },
1406 {
1407 name: "DisableEverything",
Steven Valdez4f94b1c2016-05-24 12:31:07 -0400[diff] [blame]1408 flags: []string{"-no-tls13", "-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1409 shouldFail: true,
1410 expectedError: ":WRONG_SSL_VERSION:",
1411 },
1412 {
1413 protocol: dtls,
1414 name: "DisableEverything-DTLS",
1415 flags: []string{"-no-tls12", "-no-tls1"},
1416 shouldFail: true,
1417 expectedError: ":WRONG_SSL_VERSION:",
1418 },
1419 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1420 protocol: dtls,
1421 testType: serverTest,
1422 name: "MTU",
1423 config: Config{
1424 Bugs: ProtocolBugs{
1425 MaxPacketLength: 256,
1426 },
1427 },
1428 flags: []string{"-mtu", "256"},
1429 },
1430 {
1431 protocol: dtls,
1432 testType: serverTest,
1433 name: "MTUExceeded",
1434 config: Config{
1435 Bugs: ProtocolBugs{
1436 MaxPacketLength: 255,
1437 },
1438 },
1439 flags: []string{"-mtu", "256"},
1440 shouldFail: true,
1441 expectedLocalError: "dtls: exceeded maximum packet length",
1442 },
1443 {
1444 name: "CertMismatchRSA",
1445 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1446 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1447 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]1448 Certificates: []Certificate{ecdsaP256Certificate},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1449 Bugs: ProtocolBugs{
1450 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1451 },
1452 },
1453 shouldFail: true,
1454 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1455 },
1456 {
1457 name: "CertMismatchECDSA",
1458 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1459 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1460 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]1461 Certificates: []Certificate{rsaCertificate},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1462 Bugs: ProtocolBugs{
1463 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1464 },
1465 },
1466 shouldFail: true,
1467 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1468 },
1469 {
1470 name: "EmptyCertificateList",
1471 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1472 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1473 Bugs: ProtocolBugs{
1474 EmptyCertificateList: true,
1475 },
1476 },
1477 shouldFail: true,
1478 expectedError: ":DECODE_ERROR:",
1479 },
1480 {
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1481 name: "EmptyCertificateList-TLS13",
1482 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]1483 MaxVersion: VersionTLS13,
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1484 Bugs: ProtocolBugs{
1485 EmptyCertificateList: true,
1486 },
1487 },
1488 shouldFail: true,
David Benjamin4087df92016-08-01 20:16:31 -0400[diff] [blame]1489 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
David Benjamin9ec1c752016-07-14 12:45:01 -0400[diff] [blame]1490 },
1491 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1492 name: "TLSFatalBadPackets",
1493 damageFirstWrite: true,
1494 shouldFail: true,
1495 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1496 },
1497 {
1498 protocol: dtls,
1499 name: "DTLSIgnoreBadPackets",
1500 damageFirstWrite: true,
1501 },
1502 {
1503 protocol: dtls,
1504 name: "DTLSIgnoreBadPackets-Async",
1505 damageFirstWrite: true,
1506 flags: []string{"-async"},
1507 },
1508 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1509 name: "AppDataBeforeHandshake",
1510 config: Config{
1511 Bugs: ProtocolBugs{
1512 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1513 },
1514 },
1515 shouldFail: true,
1516 expectedError: ":UNEXPECTED_RECORD:",
1517 },
1518 {
1519 name: "AppDataBeforeHandshake-Empty",
1520 config: Config{
1521 Bugs: ProtocolBugs{
1522 AppDataBeforeHandshake: []byte{},
1523 },
1524 },
1525 shouldFail: true,
1526 expectedError: ":UNEXPECTED_RECORD:",
1527 },
1528 {
1529 protocol: dtls,
1530 name: "AppDataBeforeHandshake-DTLS",
1531 config: Config{
1532 Bugs: ProtocolBugs{
1533 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1534 },
1535 },
1536 shouldFail: true,
1537 expectedError: ":UNEXPECTED_RECORD:",
1538 },
1539 {
1540 protocol: dtls,
1541 name: "AppDataBeforeHandshake-DTLS-Empty",
1542 config: Config{
1543 Bugs: ProtocolBugs{
1544 AppDataBeforeHandshake: []byte{},
1545 },
1546 },
1547 shouldFail: true,
1548 expectedError: ":UNEXPECTED_RECORD:",
1549 },
1550 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1551 name: "AppDataAfterChangeCipherSpec",
1552 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1553 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1554 Bugs: ProtocolBugs{
1555 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1556 },
1557 },
1558 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1559 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1560 },
1561 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1562 name: "AppDataAfterChangeCipherSpec-Empty",
1563 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1564 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1565 Bugs: ProtocolBugs{
1566 AppDataAfterChangeCipherSpec: []byte{},
1567 },
1568 },
1569 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1570 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1571 },
1572 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1573 protocol: dtls,
1574 name: "AppDataAfterChangeCipherSpec-DTLS",
1575 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1576 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1577 Bugs: ProtocolBugs{
1578 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1579 },
1580 },
1581 // BoringSSL's DTLS implementation will drop the out-of-order
1582 // application data.
1583 },
1584 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1585 protocol: dtls,
1586 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1587 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1588 MaxVersion: VersionTLS12,
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1589 Bugs: ProtocolBugs{
1590 AppDataAfterChangeCipherSpec: []byte{},
1591 },
1592 },
1593 // BoringSSL's DTLS implementation will drop the out-of-order
1594 // application data.
1595 },
1596 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1597 name: "AlertAfterChangeCipherSpec",
1598 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1599 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1600 Bugs: ProtocolBugs{
1601 AlertAfterChangeCipherSpec: alertRecordOverflow,
1602 },
1603 },
1604 shouldFail: true,
1605 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1606 },
1607 {
1608 protocol: dtls,
1609 name: "AlertAfterChangeCipherSpec-DTLS",
1610 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1611 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1612 Bugs: ProtocolBugs{
1613 AlertAfterChangeCipherSpec: alertRecordOverflow,
1614 },
1615 },
1616 shouldFail: true,
1617 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1618 },
1619 {
1620 protocol: dtls,
1621 name: "ReorderHandshakeFragments-Small-DTLS",
1622 config: Config{
1623 Bugs: ProtocolBugs{
1624 ReorderHandshakeFragments: true,
1625 // Small enough that every handshake message is
1626 // fragmented.
1627 MaxHandshakeRecordLength: 2,
1628 },
1629 },
1630 },
1631 {
1632 protocol: dtls,
1633 name: "ReorderHandshakeFragments-Large-DTLS",
1634 config: Config{
1635 Bugs: ProtocolBugs{
1636 ReorderHandshakeFragments: true,
1637 // Large enough that no handshake message is
1638 // fragmented.
1639 MaxHandshakeRecordLength: 2048,
1640 },
1641 },
1642 },
1643 {
1644 protocol: dtls,
1645 name: "MixCompleteMessageWithFragments-DTLS",
1646 config: Config{
1647 Bugs: ProtocolBugs{
1648 ReorderHandshakeFragments: true,
1649 MixCompleteMessageWithFragments: true,
1650 MaxHandshakeRecordLength: 2,
1651 },
1652 },
1653 },
1654 {
1655 name: "SendInvalidRecordType",
1656 config: Config{
1657 Bugs: ProtocolBugs{
1658 SendInvalidRecordType: true,
1659 },
1660 },
1661 shouldFail: true,
1662 expectedError: ":UNEXPECTED_RECORD:",
1663 },
1664 {
1665 protocol: dtls,
1666 name: "SendInvalidRecordType-DTLS",
1667 config: Config{
1668 Bugs: ProtocolBugs{
1669 SendInvalidRecordType: true,
1670 },
1671 },
1672 shouldFail: true,
1673 expectedError: ":UNEXPECTED_RECORD:",
1674 },
1675 {
1676 name: "FalseStart-SkipServerSecondLeg",
1677 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1678 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1679 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1680 NextProtos: []string{"foo"},
1681 Bugs: ProtocolBugs{
1682 SkipNewSessionTicket: true,
1683 SkipChangeCipherSpec: true,
1684 SkipFinished: true,
1685 ExpectFalseStart: true,
1686 },
1687 },
1688 flags: []string{
1689 "-false-start",
1690 "-handshake-never-done",
1691 "-advertise-alpn", "\x03foo",
1692 },
1693 shimWritesFirst: true,
1694 shouldFail: true,
1695 expectedError: ":UNEXPECTED_RECORD:",
1696 },
1697 {
1698 name: "FalseStart-SkipServerSecondLeg-Implicit",
1699 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1700 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1701 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1702 NextProtos: []string{"foo"},
1703 Bugs: ProtocolBugs{
1704 SkipNewSessionTicket: true,
1705 SkipChangeCipherSpec: true,
1706 SkipFinished: true,
1707 },
1708 },
1709 flags: []string{
1710 "-implicit-handshake",
1711 "-false-start",
1712 "-handshake-never-done",
1713 "-advertise-alpn", "\x03foo",
1714 },
1715 shouldFail: true,
1716 expectedError: ":UNEXPECTED_RECORD:",
1717 },
1718 {
1719 testType: serverTest,
1720 name: "FailEarlyCallback",
1721 flags: []string{"-fail-early-callback"},
1722 shouldFail: true,
1723 expectedError: ":CONNECTION_REJECTED:",
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]1724 expectedLocalError: "remote error: handshake failure",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1725 },
1726 {
David Benjaminb8d74f52016-11-14 22:02:50 +0900[diff] [blame]1727 name: "FailCertCallback-Client-TLS12",
1728 config: Config{
1729 MaxVersion: VersionTLS12,
1730 ClientAuth: RequestClientCert,
1731 },
1732 flags: []string{"-fail-cert-callback"},
1733 shouldFail: true,
1734 expectedError: ":CERT_CB_ERROR:",
1735 expectedLocalError: "remote error: internal error",
1736 },
1737 {
1738 testType: serverTest,
1739 name: "FailCertCallback-Server-TLS12",
1740 config: Config{
1741 MaxVersion: VersionTLS12,
1742 },
1743 flags: []string{"-fail-cert-callback"},
1744 shouldFail: true,
1745 expectedError: ":CERT_CB_ERROR:",
1746 expectedLocalError: "remote error: internal error",
1747 },
1748 {
1749 name: "FailCertCallback-Client-TLS13",
1750 config: Config{
1751 MaxVersion: VersionTLS13,
1752 ClientAuth: RequestClientCert,
1753 },
1754 flags: []string{"-fail-cert-callback"},
1755 shouldFail: true,
1756 expectedError: ":CERT_CB_ERROR:",
1757 expectedLocalError: "remote error: internal error",
1758 },
1759 {
1760 testType: serverTest,
1761 name: "FailCertCallback-Server-TLS13",
1762 config: Config{
1763 MaxVersion: VersionTLS13,
1764 },
1765 flags: []string{"-fail-cert-callback"},
1766 shouldFail: true,
1767 expectedError: ":CERT_CB_ERROR:",
1768 expectedLocalError: "remote error: internal error",
1769 },
1770 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1771 protocol: dtls,
1772 name: "FragmentMessageTypeMismatch-DTLS",
1773 config: Config{
1774 Bugs: ProtocolBugs{
1775 MaxHandshakeRecordLength: 2,
1776 FragmentMessageTypeMismatch: true,
1777 },
1778 },
1779 shouldFail: true,
1780 expectedError: ":FRAGMENT_MISMATCH:",
1781 },
1782 {
1783 protocol: dtls,
1784 name: "FragmentMessageLengthMismatch-DTLS",
1785 config: Config{
1786 Bugs: ProtocolBugs{
1787 MaxHandshakeRecordLength: 2,
1788 FragmentMessageLengthMismatch: true,
1789 },
1790 },
1791 shouldFail: true,
1792 expectedError: ":FRAGMENT_MISMATCH:",
1793 },
1794 {
1795 protocol: dtls,
1796 name: "SplitFragments-Header-DTLS",
1797 config: Config{
1798 Bugs: ProtocolBugs{
1799 SplitFragments: 2,
1800 },
1801 },
1802 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1803 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1804 },
1805 {
1806 protocol: dtls,
1807 name: "SplitFragments-Boundary-DTLS",
1808 config: Config{
1809 Bugs: ProtocolBugs{
1810 SplitFragments: dtlsRecordHeaderLen,
1811 },
1812 },
1813 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1814 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1815 },
1816 {
1817 protocol: dtls,
1818 name: "SplitFragments-Body-DTLS",
1819 config: Config{
1820 Bugs: ProtocolBugs{
1821 SplitFragments: dtlsRecordHeaderLen + 1,
1822 },
1823 },
1824 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame]1825 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1826 },
1827 {
1828 protocol: dtls,
1829 name: "SendEmptyFragments-DTLS",
1830 config: Config{
1831 Bugs: ProtocolBugs{
1832 SendEmptyFragments: true,
1833 },
1834 },
1835 },
1836 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1837 name: "BadFinished-Client",
1838 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1839 MaxVersion: VersionTLS12,
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1840 Bugs: ProtocolBugs{
1841 BadFinished: true,
1842 },
1843 },
1844 shouldFail: true,
1845 expectedError: ":DIGEST_CHECK_FAILED:",
1846 },
1847 {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1848 name: "BadFinished-Client-TLS13",
1849 config: Config{
1850 MaxVersion: VersionTLS13,
1851 Bugs: ProtocolBugs{
1852 BadFinished: true,
1853 },
1854 },
1855 shouldFail: true,
1856 expectedError: ":DIGEST_CHECK_FAILED:",
1857 },
1858 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1859 testType: serverTest,
1860 name: "BadFinished-Server",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1861 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]1862 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1863 Bugs: ProtocolBugs{
1864 BadFinished: true,
1865 },
1866 },
1867 shouldFail: true,
1868 expectedError: ":DIGEST_CHECK_FAILED:",
1869 },
1870 {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]1871 testType: serverTest,
1872 name: "BadFinished-Server-TLS13",
1873 config: Config{
1874 MaxVersion: VersionTLS13,
1875 Bugs: ProtocolBugs{
1876 BadFinished: true,
1877 },
1878 },
1879 shouldFail: true,
1880 expectedError: ":DIGEST_CHECK_FAILED:",
1881 },
1882 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1883 name: "FalseStart-BadFinished",
1884 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1885 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1886 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1887 NextProtos: []string{"foo"},
1888 Bugs: ProtocolBugs{
1889 BadFinished: true,
1890 ExpectFalseStart: true,
1891 },
1892 },
1893 flags: []string{
1894 "-false-start",
1895 "-handshake-never-done",
1896 "-advertise-alpn", "\x03foo",
1897 },
1898 shimWritesFirst: true,
1899 shouldFail: true,
1900 expectedError: ":DIGEST_CHECK_FAILED:",
1901 },
1902 {
1903 name: "NoFalseStart-NoALPN",
1904 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1905 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1906 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1907 Bugs: ProtocolBugs{
1908 ExpectFalseStart: true,
1909 AlertBeforeFalseStartTest: alertAccessDenied,
1910 },
1911 },
1912 flags: []string{
1913 "-false-start",
1914 },
1915 shimWritesFirst: true,
1916 shouldFail: true,
1917 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1918 expectedLocalError: "tls: peer did not false start: EOF",
1919 },
1920 {
1921 name: "NoFalseStart-NoAEAD",
1922 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1923 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1924 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1925 NextProtos: []string{"foo"},
1926 Bugs: ProtocolBugs{
1927 ExpectFalseStart: true,
1928 AlertBeforeFalseStartTest: alertAccessDenied,
1929 },
1930 },
1931 flags: []string{
1932 "-false-start",
1933 "-advertise-alpn", "\x03foo",
1934 },
1935 shimWritesFirst: true,
1936 shouldFail: true,
1937 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1938 expectedLocalError: "tls: peer did not false start: EOF",
1939 },
1940 {
1941 name: "NoFalseStart-RSA",
1942 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1943 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1944 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1945 NextProtos: []string{"foo"},
1946 Bugs: ProtocolBugs{
1947 ExpectFalseStart: true,
1948 AlertBeforeFalseStartTest: alertAccessDenied,
1949 },
1950 },
1951 flags: []string{
1952 "-false-start",
1953 "-advertise-alpn", "\x03foo",
1954 },
1955 shimWritesFirst: true,
1956 shouldFail: true,
1957 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1958 expectedLocalError: "tls: peer did not false start: EOF",
1959 },
1960 {
1961 name: "NoFalseStart-DHE_RSA",
1962 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]1963 MaxVersion: VersionTLS12,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1964 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1965 NextProtos: []string{"foo"},
1966 Bugs: ProtocolBugs{
1967 ExpectFalseStart: true,
1968 AlertBeforeFalseStartTest: alertAccessDenied,
1969 },
1970 },
1971 flags: []string{
1972 "-false-start",
1973 "-advertise-alpn", "\x03foo",
1974 },
1975 shimWritesFirst: true,
1976 shouldFail: true,
1977 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1978 expectedLocalError: "tls: peer did not false start: EOF",
1979 },
1980 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1981 protocol: dtls,
1982 name: "SendSplitAlert-Sync",
1983 config: Config{
1984 Bugs: ProtocolBugs{
1985 SendSplitAlert: true,
1986 },
1987 },
1988 },
1989 {
1990 protocol: dtls,
1991 name: "SendSplitAlert-Async",
1992 config: Config{
1993 Bugs: ProtocolBugs{
1994 SendSplitAlert: true,
1995 },
1996 },
1997 flags: []string{"-async"},
1998 },
1999 {
2000 protocol: dtls,
2001 name: "PackDTLSHandshake",
2002 config: Config{
2003 Bugs: ProtocolBugs{
2004 MaxHandshakeRecordLength: 2,
2005 PackHandshakeFragments: 20,
2006 PackHandshakeRecords: 200,
2007 },
2008 },
2009 },
2010 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2011 name: "SendEmptyRecords-Pass",
2012 sendEmptyRecords: 32,
2013 },
2014 {
2015 name: "SendEmptyRecords",
2016 sendEmptyRecords: 33,
2017 shouldFail: true,
2018 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2019 },
2020 {
2021 name: "SendEmptyRecords-Async",
2022 sendEmptyRecords: 33,
2023 flags: []string{"-async"},
2024 shouldFail: true,
2025 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2026 },
2027 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2028 name: "SendWarningAlerts-Pass",
2029 config: Config{
2030 MaxVersion: VersionTLS12,
2031 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2032 sendWarningAlerts: 4,
2033 },
2034 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2035 protocol: dtls,
2036 name: "SendWarningAlerts-DTLS-Pass",
2037 config: Config{
2038 MaxVersion: VersionTLS12,
2039 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2040 sendWarningAlerts: 4,
2041 },
2042 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2043 name: "SendWarningAlerts-TLS13",
2044 config: Config{
2045 MaxVersion: VersionTLS13,
2046 },
2047 sendWarningAlerts: 4,
2048 shouldFail: true,
2049 expectedError: ":BAD_ALERT:",
2050 expectedLocalError: "remote error: error decoding message",
2051 },
2052 {
2053 name: "SendWarningAlerts",
2054 config: Config{
2055 MaxVersion: VersionTLS12,
2056 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2057 sendWarningAlerts: 5,
2058 shouldFail: true,
2059 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2060 },
2061 {
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]2062 name: "SendWarningAlerts-Async",
2063 config: Config{
2064 MaxVersion: VersionTLS12,
2065 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2066 sendWarningAlerts: 5,
2067 flags: []string{"-async"},
2068 shouldFail: true,
2069 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2070 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2071 {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2072 name: "TooManyKeyUpdates",
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]2073 config: Config{
2074 MaxVersion: VersionTLS13,
2075 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2076 sendKeyUpdates: 33,
2077 keyUpdateRequest: keyUpdateNotRequested,
2078 shouldFail: true,
2079 expectedError: ":TOO_MANY_KEY_UPDATES:",
Steven Valdez32635b82016-08-16 11:25:03 -0400[diff] [blame]2080 },
2081 {
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2082 name: "EmptySessionID",
2083 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2084 MaxVersion: VersionTLS12,
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2085 SessionTicketsDisabled: true,
2086 },
2087 noSessionCache: true,
2088 flags: []string{"-expect-no-session"},
2089 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2090 {
2091 name: "Unclean-Shutdown",
2092 config: Config{
2093 Bugs: ProtocolBugs{
2094 NoCloseNotify: true,
2095 ExpectCloseNotify: true,
2096 },
2097 },
2098 shimShutsDown: true,
2099 flags: []string{"-check-close-notify"},
2100 shouldFail: true,
2101 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
2102 },
2103 {
2104 name: "Unclean-Shutdown-Ignored",
2105 config: Config{
2106 Bugs: ProtocolBugs{
2107 NoCloseNotify: true,
2108 },
2109 },
2110 shimShutsDown: true,
2111 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2112 {
David Benjaminfa214e42016-05-10 17:03:10 -0400[diff] [blame]2113 name: "Unclean-Shutdown-Alert",
2114 config: Config{
2115 Bugs: ProtocolBugs{
2116 SendAlertOnShutdown: alertDecompressionFailure,
2117 ExpectCloseNotify: true,
2118 },
2119 },
2120 shimShutsDown: true,
2121 flags: []string{"-check-close-notify"},
2122 shouldFail: true,
2123 expectedError: ":SSLV3_ALERT_DECOMPRESSION_FAILURE:",
2124 },
2125 {
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2126 name: "LargePlaintext",
2127 config: Config{
2128 Bugs: ProtocolBugs{
2129 SendLargeRecords: true,
2130 },
2131 },
2132 messageLen: maxPlaintext + 1,
2133 shouldFail: true,
2134 expectedError: ":DATA_LENGTH_TOO_LONG:",
2135 },
2136 {
2137 protocol: dtls,
2138 name: "LargePlaintext-DTLS",
2139 config: Config{
2140 Bugs: ProtocolBugs{
2141 SendLargeRecords: true,
2142 },
2143 },
2144 messageLen: maxPlaintext + 1,
2145 shouldFail: true,
2146 expectedError: ":DATA_LENGTH_TOO_LONG:",
2147 },
2148 {
2149 name: "LargeCiphertext",
2150 config: Config{
2151 Bugs: ProtocolBugs{
2152 SendLargeRecords: true,
2153 },
2154 },
2155 messageLen: maxPlaintext * 2,
2156 shouldFail: true,
2157 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
2158 },
2159 {
2160 protocol: dtls,
2161 name: "LargeCiphertext-DTLS",
2162 config: Config{
2163 Bugs: ProtocolBugs{
2164 SendLargeRecords: true,
2165 },
2166 },
2167 messageLen: maxPlaintext * 2,
2168 // Unlike the other four cases, DTLS drops records which
2169 // are invalid before authentication, so the connection
2170 // does not fail.
2171 expectMessageDropped: true,
2172 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2173 {
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2174 name: "BadHelloRequest-1",
2175 renegotiate: 1,
2176 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2177 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2178 Bugs: ProtocolBugs{
2179 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2180 },
2181 },
2182 flags: []string{
2183 "-renegotiate-freely",
2184 "-expect-total-renegotiations", "1",
2185 },
2186 shouldFail: true,
David Benjamin163f29a2016-07-28 11:05:58 -0400[diff] [blame]2187 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2188 },
2189 {
2190 name: "BadHelloRequest-2",
2191 renegotiate: 1,
2192 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2193 MaxVersion: VersionTLS12,
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2194 Bugs: ProtocolBugs{
2195 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2196 },
2197 },
2198 flags: []string{
2199 "-renegotiate-freely",
2200 "-expect-total-renegotiations", "1",
2201 },
2202 shouldFail: true,
2203 expectedError: ":BAD_HELLO_REQUEST:",
2204 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2205 {
2206 testType: serverTest,
2207 name: "SupportTicketsWithSessionID",
2208 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2209 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2210 SessionTicketsDisabled: true,
2211 },
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2212 resumeConfig: &Config{
2213 MaxVersion: VersionTLS12,
2214 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2215 resumeSession: true,
2216 },
David Benjamin02edcd02016-07-27 17:40:37 -0400[diff] [blame]2217 {
2218 protocol: dtls,
2219 name: "DTLS-SendExtraFinished",
2220 config: Config{
2221 Bugs: ProtocolBugs{
2222 SendExtraFinished: true,
2223 },
2224 },
2225 shouldFail: true,
2226 expectedError: ":UNEXPECTED_RECORD:",
2227 },
2228 {
2229 protocol: dtls,
2230 name: "DTLS-SendExtraFinished-Reordered",
2231 config: Config{
2232 Bugs: ProtocolBugs{
2233 MaxHandshakeRecordLength: 2,
2234 ReorderHandshakeFragments: true,
2235 SendExtraFinished: true,
2236 },
2237 },
2238 shouldFail: true,
2239 expectedError: ":UNEXPECTED_RECORD:",
2240 },
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2241 {
2242 testType: serverTest,
2243 name: "V2ClientHello-EmptyRecordPrefix",
2244 config: Config{
2245 // Choose a cipher suite that does not involve
2246 // elliptic curves, so no extensions are
2247 // involved.
2248 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]2249 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2250 Bugs: ProtocolBugs{
2251 SendV2ClientHello: true,
2252 },
2253 },
2254 sendPrefix: string([]byte{
2255 byte(recordTypeHandshake),
2256 3, 1, // version
2257 0, 0, // length
2258 }),
2259 // A no-op empty record may not be sent before V2ClientHello.
2260 shouldFail: true,
2261 expectedError: ":WRONG_VERSION_NUMBER:",
2262 },
2263 {
2264 testType: serverTest,
2265 name: "V2ClientHello-WarningAlertPrefix",
2266 config: Config{
2267 // Choose a cipher suite that does not involve
2268 // elliptic curves, so no extensions are
2269 // involved.
2270 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]2271 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamine97fb482016-07-29 09:23:07 -0400[diff] [blame]2272 Bugs: ProtocolBugs{
2273 SendV2ClientHello: true,
2274 },
2275 },
2276 sendPrefix: string([]byte{
2277 byte(recordTypeAlert),
2278 3, 1, // version
2279 0, 2, // length
2280 alertLevelWarning, byte(alertDecompressionFailure),
2281 }),
2282 // A no-op warning alert may not be sent before V2ClientHello.
2283 shouldFail: true,
2284 expectedError: ":WRONG_VERSION_NUMBER:",
2285 },
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2286 {
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2287 name: "KeyUpdate",
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2288 config: Config{
2289 MaxVersion: VersionTLS13,
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2290 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]2291 sendKeyUpdates: 1,
2292 keyUpdateRequest: keyUpdateNotRequested,
2293 },
2294 {
2295 name: "KeyUpdate-InvalidRequestMode",
2296 config: Config{
2297 MaxVersion: VersionTLS13,
2298 },
2299 sendKeyUpdates: 1,
2300 keyUpdateRequest: 42,
2301 shouldFail: true,
2302 expectedError: ":DECODE_ERROR:",
Steven Valdez1dc53d22016-07-26 12:27:38 -0400[diff] [blame]2303 },
David Benjaminabe94e32016-09-04 14:18:58 -0400[diff] [blame]2304 {
2305 name: "SendSNIWarningAlert",
2306 config: Config{
2307 MaxVersion: VersionTLS12,
2308 Bugs: ProtocolBugs{
2309 SendSNIWarningAlert: true,
2310 },
2311 },
2312 },
David Benjaminc241d792016-09-09 10:34:20 -0400[diff] [blame]2313 {
2314 testType: serverTest,
2315 name: "ExtraCompressionMethods-TLS12",
2316 config: Config{
2317 MaxVersion: VersionTLS12,
2318 Bugs: ProtocolBugs{
2319 SendCompressionMethods: []byte{1, 2, 3, compressionNone, 4, 5, 6},
2320 },
2321 },
2322 },
2323 {
2324 testType: serverTest,
2325 name: "ExtraCompressionMethods-TLS13",
2326 config: Config{
2327 MaxVersion: VersionTLS13,
2328 Bugs: ProtocolBugs{
2329 SendCompressionMethods: []byte{1, 2, 3, compressionNone, 4, 5, 6},
2330 },
2331 },
2332 shouldFail: true,
2333 expectedError: ":INVALID_COMPRESSION_LIST:",
2334 expectedLocalError: "remote error: illegal parameter",
2335 },
2336 {
2337 testType: serverTest,
2338 name: "NoNullCompression-TLS12",
2339 config: Config{
2340 MaxVersion: VersionTLS12,
2341 Bugs: ProtocolBugs{
2342 SendCompressionMethods: []byte{1, 2, 3, 4, 5, 6},
2343 },
2344 },
2345 shouldFail: true,
2346 expectedError: ":NO_COMPRESSION_SPECIFIED:",
2347 expectedLocalError: "remote error: illegal parameter",
2348 },
2349 {
2350 testType: serverTest,
2351 name: "NoNullCompression-TLS13",
2352 config: Config{
2353 MaxVersion: VersionTLS13,
2354 Bugs: ProtocolBugs{
2355 SendCompressionMethods: []byte{1, 2, 3, 4, 5, 6},
2356 },
2357 },
2358 shouldFail: true,
2359 expectedError: ":INVALID_COMPRESSION_LIST:",
2360 expectedLocalError: "remote error: illegal parameter",
2361 },
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2362 {
David Benjamin1a5e8ec2016-10-07 15:19:18 -0400[diff] [blame]2363 name: "GREASE-Client-TLS12",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2364 config: Config{
2365 MaxVersion: VersionTLS12,
2366 Bugs: ProtocolBugs{
2367 ExpectGREASE: true,
2368 },
2369 },
2370 flags: []string{"-enable-grease"},
2371 },
2372 {
David Benjamin1a5e8ec2016-10-07 15:19:18 -0400[diff] [blame]2373 name: "GREASE-Client-TLS13",
2374 config: Config{
2375 MaxVersion: VersionTLS13,
2376 Bugs: ProtocolBugs{
2377 ExpectGREASE: true,
2378 },
2379 },
2380 flags: []string{"-enable-grease"},
2381 },
2382 {
2383 testType: serverTest,
2384 name: "GREASE-Server-TLS13",
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2385 config: Config{
2386 MaxVersion: VersionTLS13,
2387 Bugs: ProtocolBugs{
David Benjamin079b3942016-10-20 13:19:20 -0400[diff] [blame]2388 // TLS 1.3 servers are expected to
2389 // always enable GREASE. TLS 1.3 is new,
2390 // so there is no existing ecosystem to
2391 // worry about.
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2392 ExpectGREASE: true,
2393 },
2394 },
David Benjamin65ac9972016-09-02 21:35:25 -0400[diff] [blame]2395 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2396 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2397 testCases = append(testCases, basicTests...)
David Benjamina252b342016-09-26 19:57:53 -0400[diff] [blame]2398
2399 // Test that very large messages can be received.
2400 cert := rsaCertificate
2401 for i := 0; i < 50; i++ {
2402 cert.Certificate = append(cert.Certificate, cert.Certificate[0])
2403 }
2404 testCases = append(testCases, testCase{
2405 name: "LargeMessage",
2406 config: Config{
2407 Certificates: []Certificate{cert},
2408 },
2409 })
2410 testCases = append(testCases, testCase{
2411 protocol: dtls,
2412 name: "LargeMessage-DTLS",
2413 config: Config{
2414 Certificates: []Certificate{cert},
2415 },
2416 })
2417
2418 // They are rejected if the maximum certificate chain length is capped.
2419 testCases = append(testCases, testCase{
2420 name: "LargeMessage-Reject",
2421 config: Config{
2422 Certificates: []Certificate{cert},
2423 },
2424 flags: []string{"-max-cert-list", "16384"},
2425 shouldFail: true,
2426 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
2427 })
2428 testCases = append(testCases, testCase{
2429 protocol: dtls,
2430 name: "LargeMessage-Reject-DTLS",
2431 config: Config{
2432 Certificates: []Certificate{cert},
2433 },
2434 flags: []string{"-max-cert-list", "16384"},
2435 shouldFail: true,
2436 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
2437 })
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2438}
2439
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2440func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol protocol) {
2441 const psk = "12345"
2442 const pskIdentity = "luggage combo"
2443
2444 var prefix string
2445 if protocol == dtls {
2446 if !ver.hasDTLS {
2447 return
2448 }
2449 prefix = "D"
2450 }
2451
2452 var cert Certificate
2453 var certFile string
2454 var keyFile string
2455 if hasComponent(suite.name, "ECDSA") {
2456 cert = ecdsaP256Certificate
2457 certFile = ecdsaP256CertificateFile
2458 keyFile = ecdsaP256KeyFile
2459 } else {
2460 cert = rsaCertificate
2461 certFile = rsaCertificateFile
2462 keyFile = rsaKeyFile
2463 }
2464
2465 var flags []string
2466 if hasComponent(suite.name, "PSK") {
2467 flags = append(flags,
2468 "-psk", psk,
2469 "-psk-identity", pskIdentity)
2470 }
2471 if hasComponent(suite.name, "NULL") {
2472 // NULL ciphers must be explicitly enabled.
2473 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2474 }
2475 if hasComponent(suite.name, "ECDHE-PSK") && hasComponent(suite.name, "GCM") {
2476 // ECDHE_PSK AES_GCM ciphers must be explicitly enabled
2477 // for now.
2478 flags = append(flags, "-cipher", suite.name)
2479 }
2480
2481 var shouldServerFail, shouldClientFail bool
2482 if hasComponent(suite.name, "ECDHE") && ver.version == VersionSSL30 {
2483 // BoringSSL clients accept ECDHE on SSLv3, but
2484 // a BoringSSL server will never select it
2485 // because the extension is missing.
2486 shouldServerFail = true
2487 }
2488 if isTLS12Only(suite.name) && ver.version < VersionTLS12 {
2489 shouldClientFail = true
2490 shouldServerFail = true
2491 }
2492 if !isTLS13Suite(suite.name) && ver.version >= VersionTLS13 {
2493 shouldClientFail = true
2494 shouldServerFail = true
2495 }
2496 if isTLS13Suite(suite.name) && ver.version < VersionTLS13 {
2497 shouldClientFail = true
2498 shouldServerFail = true
2499 }
2500 if !isDTLSCipher(suite.name) && protocol == dtls {
2501 shouldClientFail = true
2502 shouldServerFail = true
2503 }
2504
2505 var sendCipherSuite uint16
2506 var expectedServerError, expectedClientError string
2507 serverCipherSuites := []uint16{suite.id}
2508 if shouldServerFail {
2509 expectedServerError = ":NO_SHARED_CIPHER:"
2510 }
2511 if shouldClientFail {
2512 expectedClientError = ":WRONG_CIPHER_RETURNED:"
2513 // Configure the server to select ciphers as normal but
2514 // select an incompatible cipher in ServerHello.
2515 serverCipherSuites = nil
2516 sendCipherSuite = suite.id
2517 }
2518
2519 testCases = append(testCases, testCase{
2520 testType: serverTest,
2521 protocol: protocol,
2522 name: prefix + ver.name + "-" + suite.name + "-server",
2523 config: Config{
2524 MinVersion: ver.version,
2525 MaxVersion: ver.version,
2526 CipherSuites: []uint16{suite.id},
2527 Certificates: []Certificate{cert},
2528 PreSharedKey: []byte(psk),
2529 PreSharedKeyIdentity: pskIdentity,
2530 Bugs: ProtocolBugs{
2531 AdvertiseAllConfiguredCiphers: true,
2532 },
2533 },
2534 certFile: certFile,
2535 keyFile: keyFile,
2536 flags: flags,
2537 resumeSession: true,
2538 shouldFail: shouldServerFail,
2539 expectedError: expectedServerError,
2540 })
2541
2542 testCases = append(testCases, testCase{
2543 testType: clientTest,
2544 protocol: protocol,
2545 name: prefix + ver.name + "-" + suite.name + "-client",
2546 config: Config{
2547 MinVersion: ver.version,
2548 MaxVersion: ver.version,
2549 CipherSuites: serverCipherSuites,
2550 Certificates: []Certificate{cert},
2551 PreSharedKey: []byte(psk),
2552 PreSharedKeyIdentity: pskIdentity,
2553 Bugs: ProtocolBugs{
2554 IgnorePeerCipherPreferences: shouldClientFail,
2555 SendCipherSuite: sendCipherSuite,
2556 },
2557 },
2558 flags: flags,
2559 resumeSession: true,
2560 shouldFail: shouldClientFail,
2561 expectedError: expectedClientError,
2562 })
2563
2564 if !shouldClientFail {
2565 // Ensure the maximum record size is accepted.
2566 testCases = append(testCases, testCase{
2567 protocol: protocol,
2568 name: prefix + ver.name + "-" + suite.name + "-LargeRecord",
2569 config: Config{
2570 MinVersion: ver.version,
2571 MaxVersion: ver.version,
2572 CipherSuites: []uint16{suite.id},
2573 Certificates: []Certificate{cert},
2574 PreSharedKey: []byte(psk),
2575 PreSharedKeyIdentity: pskIdentity,
2576 },
2577 flags: flags,
2578 messageLen: maxPlaintext,
2579 })
2580
2581 // Test bad records for all ciphers. Bad records are fatal in TLS
2582 // and ignored in DTLS.
2583 var shouldFail bool
2584 var expectedError string
2585 if protocol == tls {
2586 shouldFail = true
2587 expectedError = ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:"
2588 }
2589
2590 testCases = append(testCases, testCase{
2591 protocol: protocol,
2592 name: prefix + ver.name + "-" + suite.name + "-BadRecord",
2593 config: Config{
2594 MinVersion: ver.version,
2595 MaxVersion: ver.version,
2596 CipherSuites: []uint16{suite.id},
2597 Certificates: []Certificate{cert},
2598 PreSharedKey: []byte(psk),
2599 PreSharedKeyIdentity: pskIdentity,
2600 },
2601 flags: flags,
2602 damageFirstWrite: true,
2603 messageLen: maxPlaintext,
2604 shouldFail: shouldFail,
2605 expectedError: expectedError,
2606 })
2607 }
2608}
2609
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2610func addCipherSuiteTests() {
David Benjamine470e662016-07-18 15:47:32 +0200[diff] [blame]2611 const bogusCipher = 0xfe00
2612
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2613 for _, suite := range testCipherSuites {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2614 for _, ver := range tlsVersions {
David Benjamin0407e762016-06-17 16:41:18 -0400[diff] [blame]2615 for _, protocol := range []protocol{tls, dtls} {
David Benjaminaa012042016-12-10 13:33:05 -0500[diff] [blame]2616 addTestForCipherSuite(suite, ver, protocol)
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2617 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2618 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2619 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2620
2621 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2622 name: "NoSharedCipher",
2623 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2624 MaxVersion: VersionTLS12,
2625 CipherSuites: []uint16{},
2626 },
2627 shouldFail: true,
2628 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
2629 })
2630
2631 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]2632 name: "NoSharedCipher-TLS13",
2633 config: Config{
2634 MaxVersion: VersionTLS13,
2635 CipherSuites: []uint16{},
2636 },
2637 shouldFail: true,
2638 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
2639 })
2640
2641 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2642 name: "UnsupportedCipherSuite",
2643 config: Config{
2644 MaxVersion: VersionTLS12,
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2645 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2646 Bugs: ProtocolBugs{
2647 IgnorePeerCipherPreferences: true,
2648 },
2649 },
Matt Braithwaite9c8c4182016-08-24 14:36:54 -0700[diff] [blame]2650 flags: []string{"-cipher", "DEFAULT:!AES"},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]2651 shouldFail: true,
2652 expectedError: ":WRONG_CIPHER_RETURNED:",
2653 })
2654
2655 testCases = append(testCases, testCase{
David Benjamine470e662016-07-18 15:47:32 +0200[diff] [blame]2656 name: "ServerHelloBogusCipher",
2657 config: Config{
2658 MaxVersion: VersionTLS12,
2659 Bugs: ProtocolBugs{
2660 SendCipherSuite: bogusCipher,
2661 },
2662 },
2663 shouldFail: true,
2664 expectedError: ":UNKNOWN_CIPHER_RETURNED:",
2665 })
2666 testCases = append(testCases, testCase{
2667 name: "ServerHelloBogusCipher-TLS13",
2668 config: Config{
2669 MaxVersion: VersionTLS13,
2670 Bugs: ProtocolBugs{
2671 SendCipherSuite: bogusCipher,
2672 },
2673 },
2674 shouldFail: true,
2675 expectedError: ":UNKNOWN_CIPHER_RETURNED:",
2676 })
2677
2678 testCases = append(testCases, testCase{
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2679 name: "WeakDH",
2680 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2681 MaxVersion: VersionTLS12,
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2682 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2683 Bugs: ProtocolBugs{
2684 // This is a 1023-bit prime number, generated
2685 // with:
2686 // openssl gendh 1023 | openssl asn1parse -i
2687 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2688 },
2689 },
2690 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2691 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2692 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2693
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2694 testCases = append(testCases, testCase{
2695 name: "SillyDH",
2696 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2697 MaxVersion: VersionTLS12,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2698 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2699 Bugs: ProtocolBugs{
2700 // This is a 4097-bit prime number, generated
2701 // with:
2702 // openssl gendh 4097 | openssl asn1parse -i
2703 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2704 },
2705 },
2706 shouldFail: true,
2707 expectedError: ":DH_P_TOO_LONG:",
2708 })
2709
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2710 // This test ensures that Diffie-Hellman public values are padded with
2711 // zeros so that they're the same length as the prime. This is to avoid
2712 // hitting a bug in yaSSL.
2713 testCases = append(testCases, testCase{
2714 testType: serverTest,
2715 name: "DHPublicValuePadded",
2716 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2717 MaxVersion: VersionTLS12,
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2718 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2719 Bugs: ProtocolBugs{
2720 RequireDHPublicValueLen: (1025 + 7) / 8,
2721 },
2722 },
2723 flags: []string{"-use-sparse-dh-prime"},
2724 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2725
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2726 // The server must be tolerant to bogus ciphers.
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2727 testCases = append(testCases, testCase{
2728 testType: serverTest,
2729 name: "UnknownCipher",
2730 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2731 MaxVersion: VersionTLS12,
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2732 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2733 Bugs: ProtocolBugs{
2734 AdvertiseAllConfiguredCiphers: true,
2735 },
2736 },
2737 })
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2738
2739 // The server must be tolerant to bogus ciphers.
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2740 testCases = append(testCases, testCase{
2741 testType: serverTest,
2742 name: "UnknownCipher-TLS13",
2743 config: Config{
2744 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2745 CipherSuites: []uint16{bogusCipher, TLS_AES_128_GCM_SHA256},
David Benjamin5ecb88b2016-10-04 17:51:35 -0400[diff] [blame]2746 Bugs: ProtocolBugs{
2747 AdvertiseAllConfiguredCiphers: true,
2748 },
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2749 },
2750 })
2751
David Benjamin78679342016-09-16 19:42:05 -0400[diff] [blame]2752 // Test empty ECDHE_PSK identity hints work as expected.
2753 testCases = append(testCases, testCase{
2754 name: "EmptyECDHEPSKHint",
2755 config: Config{
2756 MaxVersion: VersionTLS12,
2757 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
2758 PreSharedKey: []byte("secret"),
2759 },
2760 flags: []string{"-psk", "secret"},
2761 })
2762
2763 // Test empty PSK identity hints work as expected, even if an explicit
2764 // ServerKeyExchange is sent.
2765 testCases = append(testCases, testCase{
2766 name: "ExplicitEmptyPSKHint",
2767 config: Config{
2768 MaxVersion: VersionTLS12,
2769 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2770 PreSharedKey: []byte("secret"),
2771 Bugs: ProtocolBugs{
2772 AlwaysSendPreSharedKeyIdentityHint: true,
2773 },
2774 },
2775 flags: []string{"-psk", "secret"},
2776 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2777}
2778
2779func addBadECDSASignatureTests() {
2780 for badR := BadValue(1); badR < NumBadValues; badR++ {
2781 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2782 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2783 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2784 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2785 MaxVersion: VersionTLS12,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2786 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]2787 Certificates: []Certificate{ecdsaP256Certificate},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2788 Bugs: ProtocolBugs{
2789 BadECDSAR: badR,
2790 BadECDSAS: badS,
2791 },
2792 },
2793 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2794 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2795 })
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]2796 testCases = append(testCases, testCase{
2797 name: fmt.Sprintf("BadECDSA-%d-%d-TLS13", badR, badS),
2798 config: Config{
2799 MaxVersion: VersionTLS13,
2800 Certificates: []Certificate{ecdsaP256Certificate},
2801 Bugs: ProtocolBugs{
2802 BadECDSAR: badR,
2803 BadECDSAS: badS,
2804 },
2805 },
2806 shouldFail: true,
2807 expectedError: ":BAD_SIGNATURE:",
2808 })
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2809 }
2810 }
2811}
2812
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2813func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2814 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2815 name: "MaxCBCPadding",
2816 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2817 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2818 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2819 Bugs: ProtocolBugs{
2820 MaxPadding: true,
2821 },
2822 },
2823 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2824 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2825 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2826 name: "BadCBCPadding",
2827 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2828 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2829 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2830 Bugs: ProtocolBugs{
2831 PaddingFirstByteBad: true,
2832 },
2833 },
2834 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2835 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2836 })
2837 // OpenSSL previously had an issue where the first byte of padding in
2838 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2839 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2840 name: "BadCBCPadding255",
2841 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]2842 MaxVersion: VersionTLS12,
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2843 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2844 Bugs: ProtocolBugs{
2845 MaxPadding: true,
2846 PaddingFirstByteBadIf255: true,
2847 },
2848 },
2849 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2850 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2851 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2852 })
2853}
2854
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2855func addCBCSplittingTests() {
2856 testCases = append(testCases, testCase{
2857 name: "CBCRecordSplitting",
2858 config: Config{
2859 MaxVersion: VersionTLS10,
2860 MinVersion: VersionTLS10,
2861 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2862 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2863 messageLen: -1, // read until EOF
2864 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2865 flags: []string{
2866 "-async",
2867 "-write-different-record-sizes",
2868 "-cbc-record-splitting",
2869 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2870 })
2871 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2872 name: "CBCRecordSplittingPartialWrite",
2873 config: Config{
2874 MaxVersion: VersionTLS10,
2875 MinVersion: VersionTLS10,
2876 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2877 },
2878 messageLen: -1, // read until EOF
2879 flags: []string{
2880 "-async",
2881 "-write-different-record-sizes",
2882 "-cbc-record-splitting",
2883 "-partial-write",
2884 },
2885 })
2886}
2887
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2888func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2889 // Add a dummy cert pool to stress certificate authority parsing.
2890 // TODO(davidben): Add tests that those values parse out correctly.
2891 certPool := x509.NewCertPool()
2892 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2893 if err != nil {
2894 panic(err)
2895 }
2896 certPool.AddCert(cert)
2897
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2898 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2899 testCases = append(testCases, testCase{
2900 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2901 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2902 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2903 MinVersion: ver.version,
2904 MaxVersion: ver.version,
2905 ClientAuth: RequireAnyClientCert,
2906 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2907 },
2908 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2909 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2910 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2911 },
2912 })
2913 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2914 testType: serverTest,
2915 name: ver.name + "-Server-ClientAuth-RSA",
2916 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2917 MinVersion: ver.version,
2918 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2919 Certificates: []Certificate{rsaCertificate},
2920 },
2921 flags: []string{"-require-any-client-certificate"},
2922 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2923 if ver.version != VersionSSL30 {
2924 testCases = append(testCases, testCase{
2925 testType: serverTest,
2926 name: ver.name + "-Server-ClientAuth-ECDSA",
2927 config: Config{
2928 MinVersion: ver.version,
2929 MaxVersion: ver.version,
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]2930 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2931 },
2932 flags: []string{"-require-any-client-certificate"},
2933 })
2934 testCases = append(testCases, testCase{
2935 testType: clientTest,
2936 name: ver.name + "-Client-ClientAuth-ECDSA",
2937 config: Config{
2938 MinVersion: ver.version,
2939 MaxVersion: ver.version,
2940 ClientAuth: RequireAnyClientCert,
2941 ClientCAs: certPool,
2942 },
2943 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]2944 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
2945 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2946 },
2947 })
2948 }
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2949
2950 testCases = append(testCases, testCase{
2951 name: "NoClientCertificate-" + ver.name,
2952 config: Config{
2953 MinVersion: ver.version,
2954 MaxVersion: ver.version,
2955 ClientAuth: RequireAnyClientCert,
2956 },
2957 shouldFail: true,
2958 expectedLocalError: "client didn't provide a certificate",
2959 })
2960
2961 testCases = append(testCases, testCase{
2962 // Even if not configured to expect a certificate, OpenSSL will
2963 // return X509_V_OK as the verify_result.
2964 testType: serverTest,
2965 name: "NoClientCertificateRequested-Server-" + ver.name,
2966 config: Config{
2967 MinVersion: ver.version,
2968 MaxVersion: ver.version,
2969 },
2970 flags: []string{
2971 "-expect-verify-result",
2972 },
David Benjamin5d9ba812016-10-07 20:51:20 -0400[diff] [blame]2973 resumeSession: true,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2974 })
2975
2976 testCases = append(testCases, testCase{
2977 // If a client certificate is not provided, OpenSSL will still
2978 // return X509_V_OK as the verify_result.
2979 testType: serverTest,
2980 name: "NoClientCertificate-Server-" + ver.name,
2981 config: Config{
2982 MinVersion: ver.version,
2983 MaxVersion: ver.version,
2984 },
2985 flags: []string{
2986 "-expect-verify-result",
2987 "-verify-peer",
2988 },
David Benjamin5d9ba812016-10-07 20:51:20 -0400[diff] [blame]2989 resumeSession: true,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2990 })
2991
David Benjamin1db9e1b2016-10-07 20:51:43 -0400[diff] [blame]2992 certificateRequired := "remote error: certificate required"
2993 if ver.version < VersionTLS13 {
2994 // Prior to TLS 1.3, the generic handshake_failure alert
2995 // was used.
2996 certificateRequired = "remote error: handshake failure"
2997 }
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]2998 testCases = append(testCases, testCase{
2999 testType: serverTest,
3000 name: "RequireAnyClientCertificate-" + ver.name,
3001 config: Config{
3002 MinVersion: ver.version,
3003 MaxVersion: ver.version,
3004 },
David Benjamin1db9e1b2016-10-07 20:51:43 -0400[diff] [blame]3005 flags: []string{"-require-any-client-certificate"},
3006 shouldFail: true,
3007 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
3008 expectedLocalError: certificateRequired,
Adam Langley37646832016-08-01 16:16:46 -0700[diff] [blame]3009 })
3010
3011 if ver.version != VersionSSL30 {
3012 testCases = append(testCases, testCase{
3013 testType: serverTest,
3014 name: "SkipClientCertificate-" + ver.name,
3015 config: Config{
3016 MinVersion: ver.version,
3017 MaxVersion: ver.version,
3018 Bugs: ProtocolBugs{
3019 SkipClientCertificate: true,
3020 },
3021 },
3022 // Setting SSL_VERIFY_PEER allows anonymous clients.
3023 flags: []string{"-verify-peer"},
3024 shouldFail: true,
3025 expectedError: ":UNEXPECTED_MESSAGE:",
3026 })
3027 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]3028 }
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3029
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3030 // Client auth is only legal in certificate-based ciphers.
3031 testCases = append(testCases, testCase{
3032 testType: clientTest,
3033 name: "ClientAuth-PSK",
3034 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3035 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3036 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3037 PreSharedKey: []byte("secret"),
3038 ClientAuth: RequireAnyClientCert,
3039 },
3040 flags: []string{
3041 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3042 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3043 "-psk", "secret",
3044 },
3045 shouldFail: true,
3046 expectedError: ":UNEXPECTED_MESSAGE:",
3047 })
3048 testCases = append(testCases, testCase{
3049 testType: clientTest,
3050 name: "ClientAuth-ECDHE_PSK",
3051 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3052 MaxVersion: VersionTLS12,
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]3053 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
3054 PreSharedKey: []byte("secret"),
3055 ClientAuth: RequireAnyClientCert,
3056 },
3057 flags: []string{
3058 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3059 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3060 "-psk", "secret",
3061 },
3062 shouldFail: true,
3063 expectedError: ":UNEXPECTED_MESSAGE:",
3064 })
David Benjamin2f8935d2016-07-13 19:47:39 -0400[diff] [blame]3065
3066 // Regression test for a bug where the client CA list, if explicitly
3067 // set to NULL, was mis-encoded.
3068 testCases = append(testCases, testCase{
3069 testType: serverTest,
3070 name: "Null-Client-CA-List",
3071 config: Config{
3072 MaxVersion: VersionTLS12,
3073 Certificates: []Certificate{rsaCertificate},
3074 },
3075 flags: []string{
3076 "-require-any-client-certificate",
3077 "-use-null-client-ca-list",
3078 },
3079 })
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]3080}
3081
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3082func addExtendedMasterSecretTests() {
3083 const expectEMSFlag = "-expect-extended-master-secret"
3084
3085 for _, with := range []bool{false, true} {
3086 prefix := "No"
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3087 if with {
3088 prefix = ""
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3089 }
3090
3091 for _, isClient := range []bool{false, true} {
3092 suffix := "-Server"
3093 testType := serverTest
3094 if isClient {
3095 suffix = "-Client"
3096 testType = clientTest
3097 }
3098
3099 for _, ver := range tlsVersions {
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3100 // In TLS 1.3, the extension is irrelevant and
3101 // always reports as enabled.
3102 var flags []string
3103 if with || ver.version >= VersionTLS13 {
3104 flags = []string{expectEMSFlag}
3105 }
3106
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3107 test := testCase{
3108 testType: testType,
3109 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
3110 config: Config{
3111 MinVersion: ver.version,
3112 MaxVersion: ver.version,
3113 Bugs: ProtocolBugs{
3114 NoExtendedMasterSecret: !with,
3115 RequireExtendedMasterSecret: with,
3116 },
3117 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]3118 flags: flags,
3119 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3120 }
3121 if test.shouldFail {
3122 test.expectedLocalError = "extended master secret required but not supported by peer"
3123 }
3124 testCases = append(testCases, test)
3125 }
3126 }
3127 }
3128
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3129 for _, isClient := range []bool{false, true} {
3130 for _, supportedInFirstConnection := range []bool{false, true} {
3131 for _, supportedInResumeConnection := range []bool{false, true} {
3132 boolToWord := func(b bool) string {
3133 if b {
3134 return "Yes"
3135 }
3136 return "No"
3137 }
3138 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
3139 if isClient {
3140 suffix += "Client"
3141 } else {
3142 suffix += "Server"
3143 }
3144
3145 supportedConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3146 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3147 Bugs: ProtocolBugs{
3148 RequireExtendedMasterSecret: true,
3149 },
3150 }
3151
3152 noSupportConfig := Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3153 MaxVersion: VersionTLS12,
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]3154 Bugs: ProtocolBugs{
3155 NoExtendedMasterSecret: true,
3156 },
3157 }
3158
3159 test := testCase{
3160 name: "ExtendedMasterSecret-" + suffix,
3161 resumeSession: true,
3162 }
3163
3164 if !isClient {
3165 test.testType = serverTest
3166 }
3167
3168 if supportedInFirstConnection {
3169 test.config = supportedConfig
3170 } else {
3171 test.config = noSupportConfig
3172 }
3173
3174 if supportedInResumeConnection {
3175 test.resumeConfig = &supportedConfig
3176 } else {
3177 test.resumeConfig = &noSupportConfig
3178 }
3179
3180 switch suffix {
3181 case "YesToYes-Client", "YesToYes-Server":
3182 // When a session is resumed, it should
3183 // still be aware that its master
3184 // secret was generated via EMS and
3185 // thus it's safe to use tls-unique.
3186 test.flags = []string{expectEMSFlag}
3187 case "NoToYes-Server":
3188 // If an original connection did not
3189 // contain EMS, but a resumption
3190 // handshake does, then a server should
3191 // not resume the session.
3192 test.expectResumeRejected = true
3193 case "YesToNo-Server":
3194 // Resuming an EMS session without the
3195 // EMS extension should cause the
3196 // server to abort the connection.
3197 test.shouldFail = true
3198 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
3199 case "NoToYes-Client":
3200 // A client should abort a connection
3201 // where the server resumed a non-EMS
3202 // session but echoed the EMS
3203 // extension.
3204 test.shouldFail = true
3205 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
3206 case "YesToNo-Client":
3207 // A client should abort a connection
3208 // where the server didn't echo EMS
3209 // when the session used it.
3210 test.shouldFail = true
3211 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
3212 }
3213
3214 testCases = append(testCases, test)
3215 }
3216 }
3217 }
David Benjamin163c9562016-08-29 23:14:17 -0400[diff] [blame]3218
3219 // Switching EMS on renegotiation is forbidden.
3220 testCases = append(testCases, testCase{
3221 name: "ExtendedMasterSecret-Renego-NoEMS",
3222 config: Config{
3223 MaxVersion: VersionTLS12,
3224 Bugs: ProtocolBugs{
3225 NoExtendedMasterSecret: true,
3226 NoExtendedMasterSecretOnRenegotiation: true,
3227 },
3228 },
3229 renegotiate: 1,
3230 flags: []string{
3231 "-renegotiate-freely",
3232 "-expect-total-renegotiations", "1",
3233 },
3234 })
3235
3236 testCases = append(testCases, testCase{
3237 name: "ExtendedMasterSecret-Renego-Upgrade",
3238 config: Config{
3239 MaxVersion: VersionTLS12,
3240 Bugs: ProtocolBugs{
3241 NoExtendedMasterSecret: true,
3242 },
3243 },
3244 renegotiate: 1,
3245 flags: []string{
3246 "-renegotiate-freely",
3247 "-expect-total-renegotiations", "1",
3248 },
3249 shouldFail: true,
3250 expectedError: ":RENEGOTIATION_EMS_MISMATCH:",
3251 })
3252
3253 testCases = append(testCases, testCase{
3254 name: "ExtendedMasterSecret-Renego-Downgrade",
3255 config: Config{
3256 MaxVersion: VersionTLS12,
3257 Bugs: ProtocolBugs{
3258 NoExtendedMasterSecretOnRenegotiation: true,
3259 },
3260 },
3261 renegotiate: 1,
3262 flags: []string{
3263 "-renegotiate-freely",
3264 "-expect-total-renegotiations", "1",
3265 },
3266 shouldFail: true,
3267 expectedError: ":RENEGOTIATION_EMS_MISMATCH:",
3268 })
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3269}
3270
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3271type stateMachineTestConfig struct {
3272 protocol protocol
3273 async bool
3274 splitHandshake, packHandshakeFlight bool
3275}
3276
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3277// Adds tests that try to cover the range of the handshake state machine, under
3278// various conditions. Some of these are redundant with other tests, but they
3279// only cover the synchronous case.
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3280func addAllStateMachineCoverageTests() {
3281 for _, async := range []bool{false, true} {
3282 for _, protocol := range []protocol{tls, dtls} {
3283 addStateMachineCoverageTests(stateMachineTestConfig{
3284 protocol: protocol,
3285 async: async,
3286 })
3287 addStateMachineCoverageTests(stateMachineTestConfig{
3288 protocol: protocol,
3289 async: async,
3290 splitHandshake: true,
3291 })
3292 if protocol == tls {
3293 addStateMachineCoverageTests(stateMachineTestConfig{
3294 protocol: protocol,
3295 async: async,
3296 packHandshakeFlight: true,
3297 })
3298 }
3299 }
3300 }
3301}
3302
3303func addStateMachineCoverageTests(config stateMachineTestConfig) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3304 var tests []testCase
3305
3306 // Basic handshake, with resumption. Client and server,
3307 // session ID and session ticket.
3308 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3309 name: "Basic-Client",
3310 config: Config{
3311 MaxVersion: VersionTLS12,
3312 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3313 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3314 // Ensure session tickets are used, not session IDs.
3315 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3316 })
3317 tests = append(tests, testCase{
3318 name: "Basic-Client-RenewTicket",
3319 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3320 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3321 Bugs: ProtocolBugs{
3322 RenewTicketOnResume: true,
3323 },
3324 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3325 flags: []string{"-expect-ticket-renewal"},
3326 resumeSession: true,
3327 resumeRenewedSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3328 })
3329 tests = append(tests, testCase{
3330 name: "Basic-Client-NoTicket",
3331 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3332 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3333 SessionTicketsDisabled: true,
3334 },
3335 resumeSession: true,
3336 })
3337 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3338 name: "Basic-Client-Implicit",
3339 config: Config{
3340 MaxVersion: VersionTLS12,
3341 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3342 flags: []string{"-implicit-handshake"},
3343 resumeSession: true,
3344 })
3345 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3346 testType: serverTest,
3347 name: "Basic-Server",
3348 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3349 MaxVersion: VersionTLS12,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]3350 Bugs: ProtocolBugs{
3351 RequireSessionTickets: true,
3352 },
3353 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3354 resumeSession: true,
3355 })
3356 tests = append(tests, testCase{
3357 testType: serverTest,
3358 name: "Basic-Server-NoTickets",
3359 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3360 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3361 SessionTicketsDisabled: true,
3362 },
3363 resumeSession: true,
3364 })
3365 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3366 testType: serverTest,
3367 name: "Basic-Server-Implicit",
3368 config: Config{
3369 MaxVersion: VersionTLS12,
3370 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3371 flags: []string{"-implicit-handshake"},
3372 resumeSession: true,
3373 })
3374 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3375 testType: serverTest,
3376 name: "Basic-Server-EarlyCallback",
3377 config: Config{
3378 MaxVersion: VersionTLS12,
3379 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3380 flags: []string{"-use-early-callback"},
3381 resumeSession: true,
3382 })
3383
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3384 // TLS 1.3 basic handshake shapes.
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3385 if config.protocol == tls {
3386 tests = append(tests, testCase{
3387 name: "TLS13-1RTT-Client",
3388 config: Config{
3389 MaxVersion: VersionTLS13,
3390 MinVersion: VersionTLS13,
3391 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3392 resumeSession: true,
3393 resumeRenewedSession: true,
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3394 })
3395
3396 tests = append(tests, testCase{
3397 testType: serverTest,
3398 name: "TLS13-1RTT-Server",
3399 config: Config{
3400 MaxVersion: VersionTLS13,
3401 MinVersion: VersionTLS13,
3402 },
David Benjamin46662482016-08-17 00:51:00 -0400[diff] [blame]3403 resumeSession: true,
3404 resumeRenewedSession: true,
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3405 })
3406
3407 tests = append(tests, testCase{
3408 name: "TLS13-HelloRetryRequest-Client",
3409 config: Config{
3410 MaxVersion: VersionTLS13,
3411 MinVersion: VersionTLS13,
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]3412 // P-384 requires a HelloRetryRequest against BoringSSL's default
3413 // configuration. Assert this with ExpectMissingKeyShare.
David Benjamine73c7f42016-08-17 00:29:33 -0400[diff] [blame]3414 CurvePreferences: []CurveID{CurveP384},
3415 Bugs: ProtocolBugs{
3416 ExpectMissingKeyShare: true,
3417 },
3418 },
3419 // Cover HelloRetryRequest during an ECDHE-PSK resumption.
3420 resumeSession: true,
3421 })
3422
3423 tests = append(tests, testCase{
3424 testType: serverTest,
3425 name: "TLS13-HelloRetryRequest-Server",
3426 config: Config{
3427 MaxVersion: VersionTLS13,
3428 MinVersion: VersionTLS13,
3429 // Require a HelloRetryRequest for every curve.
3430 DefaultCurves: []CurveID{},
3431 },
3432 // Cover HelloRetryRequest during an ECDHE-PSK resumption.
3433 resumeSession: true,
3434 })
3435 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3436
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3437 // TLS client auth.
3438 tests = append(tests, testCase{
3439 testType: clientTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3440 name: "ClientAuth-NoCertificate-Client",
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3441 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3442 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3443 ClientAuth: RequestClientCert,
3444 },
3445 })
3446 tests = append(tests, testCase{
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3447 testType: serverTest,
3448 name: "ClientAuth-NoCertificate-Server",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3449 config: Config{
3450 MaxVersion: VersionTLS12,
3451 },
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3452 // Setting SSL_VERIFY_PEER allows anonymous clients.
3453 flags: []string{"-verify-peer"},
3454 })
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3455 if config.protocol == tls {
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3456 tests = append(tests, testCase{
3457 testType: clientTest,
3458 name: "ClientAuth-NoCertificate-Client-SSL3",
3459 config: Config{
3460 MaxVersion: VersionSSL30,
3461 ClientAuth: RequestClientCert,
3462 },
3463 })
3464 tests = append(tests, testCase{
3465 testType: serverTest,
3466 name: "ClientAuth-NoCertificate-Server-SSL3",
3467 config: Config{
3468 MaxVersion: VersionSSL30,
3469 },
3470 // Setting SSL_VERIFY_PEER allows anonymous clients.
3471 flags: []string{"-verify-peer"},
3472 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3473 tests = append(tests, testCase{
3474 testType: clientTest,
3475 name: "ClientAuth-NoCertificate-Client-TLS13",
3476 config: Config{
3477 MaxVersion: VersionTLS13,
3478 ClientAuth: RequestClientCert,
3479 },
3480 })
3481 tests = append(tests, testCase{
3482 testType: serverTest,
3483 name: "ClientAuth-NoCertificate-Server-TLS13",
3484 config: Config{
3485 MaxVersion: VersionTLS13,
3486 },
3487 // Setting SSL_VERIFY_PEER allows anonymous clients.
3488 flags: []string{"-verify-peer"},
3489 })
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]3490 }
3491 tests = append(tests, testCase{
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3492 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3493 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3494 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3495 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3496 ClientAuth: RequireAnyClientCert,
3497 },
3498 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3499 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3500 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3501 },
3502 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3503 tests = append(tests, testCase{
3504 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3505 name: "ClientAuth-RSA-Client-TLS13",
3506 config: Config{
3507 MaxVersion: VersionTLS13,
3508 ClientAuth: RequireAnyClientCert,
3509 },
3510 flags: []string{
3511 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3512 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3513 },
3514 })
3515 tests = append(tests, testCase{
3516 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3517 name: "ClientAuth-ECDSA-Client",
3518 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3519 MaxVersion: VersionTLS12,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3520 ClientAuth: RequireAnyClientCert,
3521 },
3522 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3523 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3524 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3525 },
3526 })
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3527 tests = append(tests, testCase{
3528 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3529 name: "ClientAuth-ECDSA-Client-TLS13",
3530 config: Config{
3531 MaxVersion: VersionTLS13,
3532 ClientAuth: RequireAnyClientCert,
3533 },
3534 flags: []string{
3535 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3536 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
3537 },
3538 })
3539 tests = append(tests, testCase{
3540 testType: clientTest,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3541 name: "ClientAuth-NoCertificate-OldCallback",
3542 config: Config{
3543 MaxVersion: VersionTLS12,
3544 ClientAuth: RequestClientCert,
3545 },
3546 flags: []string{"-use-old-client-cert-callback"},
3547 })
3548 tests = append(tests, testCase{
3549 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3550 name: "ClientAuth-NoCertificate-OldCallback-TLS13",
3551 config: Config{
3552 MaxVersion: VersionTLS13,
3553 ClientAuth: RequestClientCert,
3554 },
3555 flags: []string{"-use-old-client-cert-callback"},
3556 })
3557 tests = append(tests, testCase{
3558 testType: clientTest,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3559 name: "ClientAuth-OldCallback",
3560 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3561 MaxVersion: VersionTLS12,
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3562 ClientAuth: RequireAnyClientCert,
3563 },
3564 flags: []string{
3565 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3566 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3567 "-use-old-client-cert-callback",
3568 },
3569 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3570 tests = append(tests, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3571 testType: clientTest,
3572 name: "ClientAuth-OldCallback-TLS13",
3573 config: Config{
3574 MaxVersion: VersionTLS13,
3575 ClientAuth: RequireAnyClientCert,
3576 },
3577 flags: []string{
3578 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3579 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3580 "-use-old-client-cert-callback",
3581 },
3582 })
3583 tests = append(tests, testCase{
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3584 testType: serverTest,
3585 name: "ClientAuth-Server",
3586 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3587 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3588 Certificates: []Certificate{rsaCertificate},
3589 },
3590 flags: []string{"-require-any-client-certificate"},
3591 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3592 tests = append(tests, testCase{
3593 testType: serverTest,
3594 name: "ClientAuth-Server-TLS13",
3595 config: Config{
3596 MaxVersion: VersionTLS13,
3597 Certificates: []Certificate{rsaCertificate},
3598 },
3599 flags: []string{"-require-any-client-certificate"},
3600 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3601
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3602 // Test each key exchange on the server side for async keys.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3603 tests = append(tests, testCase{
3604 testType: serverTest,
3605 name: "Basic-Server-RSA",
3606 config: Config{
3607 MaxVersion: VersionTLS12,
3608 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3609 },
3610 flags: []string{
3611 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3612 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3613 },
3614 })
3615 tests = append(tests, testCase{
3616 testType: serverTest,
3617 name: "Basic-Server-ECDHE-RSA",
3618 config: Config{
3619 MaxVersion: VersionTLS12,
3620 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3621 },
3622 flags: []string{
3623 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3624 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3625 },
3626 })
3627 tests = append(tests, testCase{
3628 testType: serverTest,
3629 name: "Basic-Server-ECDHE-ECDSA",
3630 config: Config{
3631 MaxVersion: VersionTLS12,
3632 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
3633 },
3634 flags: []string{
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]3635 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
3636 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3637 },
3638 })
3639
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3640 // No session ticket support; server doesn't send NewSessionTicket.
3641 tests = append(tests, testCase{
3642 name: "SessionTicketsDisabled-Client",
3643 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3644 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3645 SessionTicketsDisabled: true,
3646 },
3647 })
3648 tests = append(tests, testCase{
3649 testType: serverTest,
3650 name: "SessionTicketsDisabled-Server",
3651 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3652 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3653 SessionTicketsDisabled: true,
3654 },
3655 })
3656
3657 // Skip ServerKeyExchange in PSK key exchange if there's no
3658 // identity hint.
3659 tests = append(tests, testCase{
3660 name: "EmptyPSKHint-Client",
3661 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3662 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3663 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3664 PreSharedKey: []byte("secret"),
3665 },
3666 flags: []string{"-psk", "secret"},
3667 })
3668 tests = append(tests, testCase{
3669 testType: serverTest,
3670 name: "EmptyPSKHint-Server",
3671 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3672 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3673 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3674 PreSharedKey: []byte("secret"),
3675 },
3676 flags: []string{"-psk", "secret"},
3677 })
3678
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3679 // OCSP stapling tests.
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3680 tests = append(tests, testCase{
3681 testType: clientTest,
3682 name: "OCSPStapling-Client",
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3683 config: Config{
3684 MaxVersion: VersionTLS12,
3685 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3686 flags: []string{
3687 "-enable-ocsp-stapling",
3688 "-expect-ocsp-response",
3689 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3690 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3691 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3692 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3693 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3694 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3695 testType: serverTest,
3696 name: "OCSPStapling-Server",
3697 config: Config{
3698 MaxVersion: VersionTLS12,
3699 },
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3700 expectedOCSPResponse: testOCSPResponse,
3701 flags: []string{
3702 "-ocsp-response",
3703 base64.StdEncoding.EncodeToString(testOCSPResponse),
3704 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3705 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3706 })
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3707 tests = append(tests, testCase{
3708 testType: clientTest,
3709 name: "OCSPStapling-Client-TLS13",
3710 config: Config{
3711 MaxVersion: VersionTLS13,
3712 },
3713 flags: []string{
3714 "-enable-ocsp-stapling",
3715 "-expect-ocsp-response",
3716 base64.StdEncoding.EncodeToString(testOCSPResponse),
3717 "-verify-peer",
3718 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3719 resumeSession: true,
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3720 })
3721 tests = append(tests, testCase{
3722 testType: serverTest,
3723 name: "OCSPStapling-Server-TLS13",
3724 config: Config{
3725 MaxVersion: VersionTLS13,
3726 },
3727 expectedOCSPResponse: testOCSPResponse,
3728 flags: []string{
3729 "-ocsp-response",
3730 base64.StdEncoding.EncodeToString(testOCSPResponse),
3731 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3732 resumeSession: true,
David Benjamin942f4ed2016-07-16 19:03:49 +0300[diff] [blame]3733 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3734
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3735 // Certificate verification tests.
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3736 for _, vers := range tlsVersions {
3737 if config.protocol == dtls && !vers.hasDTLS {
3738 continue
3739 }
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3740 for _, testType := range []testType{clientTest, serverTest} {
3741 suffix := "-Client"
3742 if testType == serverTest {
3743 suffix = "-Server"
3744 }
3745 suffix += "-" + vers.name
3746
3747 flag := "-verify-peer"
3748 if testType == serverTest {
3749 flag = "-require-any-client-certificate"
3750 }
3751
3752 tests = append(tests, testCase{
3753 testType: testType,
3754 name: "CertificateVerificationSucceed" + suffix,
3755 config: Config{
3756 MaxVersion: vers.version,
3757 Certificates: []Certificate{rsaCertificate},
3758 },
3759 flags: []string{
3760 flag,
3761 "-expect-verify-result",
3762 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3763 resumeSession: true,
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3764 })
3765 tests = append(tests, testCase{
3766 testType: testType,
3767 name: "CertificateVerificationFail" + suffix,
3768 config: Config{
3769 MaxVersion: vers.version,
3770 Certificates: []Certificate{rsaCertificate},
3771 },
3772 flags: []string{
3773 flag,
3774 "-verify-fail",
3775 },
3776 shouldFail: true,
3777 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
3778 })
3779 }
3780
3781 // By default, the client is in a soft fail mode where the peer
3782 // certificate is verified but failures are non-fatal.
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3783 tests = append(tests, testCase{
3784 testType: clientTest,
3785 name: "CertificateVerificationSoftFail-" + vers.name,
3786 config: Config{
David Benjaminbb9e36e2016-08-03 14:14:47 -0400[diff] [blame]3787 MaxVersion: vers.version,
3788 Certificates: []Certificate{rsaCertificate},
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3789 },
3790 flags: []string{
3791 "-verify-fail",
3792 "-expect-verify-result",
3793 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]3794 resumeSession: true,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]3795 })
3796 }
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3797
David Benjamin1d4f4c02016-07-26 18:03:08 -0400[diff] [blame]3798 tests = append(tests, testCase{
3799 name: "ShimSendAlert",
3800 flags: []string{"-send-alert"},
3801 shimWritesFirst: true,
3802 shouldFail: true,
3803 expectedLocalError: "remote error: decompression failure",
3804 })
3805
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]3806 if config.protocol == tls {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3807 tests = append(tests, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3808 name: "Renegotiate-Client",
3809 config: Config{
3810 MaxVersion: VersionTLS12,
3811 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3812 renegotiate: 1,
3813 flags: []string{
3814 "-renegotiate-freely",
3815 "-expect-total-renegotiations", "1",
3816 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3817 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3818
David Benjamin47921102016-07-28 11:29:18 -0400[diff] [blame]3819 tests = append(tests, testCase{
3820 name: "SendHalfHelloRequest",
3821 config: Config{
3822 MaxVersion: VersionTLS12,
3823 Bugs: ProtocolBugs{
3824 PackHelloRequestWithFinished: config.packHandshakeFlight,
3825 },
3826 },
3827 sendHalfHelloRequest: true,
3828 flags: []string{"-renegotiate-ignore"},
3829 shouldFail: true,
3830 expectedError: ":UNEXPECTED_RECORD:",
3831 })
3832
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3833 // NPN on client and server; results in post-handshake message.
3834 tests = append(tests, testCase{
3835 name: "NPN-Client",
3836 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3837 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3838 NextProtos: []string{"foo"},
3839 },
3840 flags: []string{"-select-next-proto", "foo"},
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3841 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3842 expectedNextProto: "foo",
3843 expectedNextProtoType: npn,
3844 })
3845 tests = append(tests, testCase{
3846 testType: serverTest,
3847 name: "NPN-Server",
3848 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]3849 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3850 NextProtos: []string{"bar"},
3851 },
3852 flags: []string{
3853 "-advertise-npn", "\x03foo\x03bar\x03baz",
3854 "-expect-next-proto", "bar",
3855 },
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]3856 resumeSession: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3857 expectedNextProto: "bar",
3858 expectedNextProtoType: npn,
3859 })
3860
3861 // TODO(davidben): Add tests for when False Start doesn't trigger.
3862
3863 // Client does False Start and negotiates NPN.
3864 tests = append(tests, testCase{
3865 name: "FalseStart",
3866 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3867 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3868 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3869 NextProtos: []string{"foo"},
3870 Bugs: ProtocolBugs{
3871 ExpectFalseStart: true,
3872 },
3873 },
3874 flags: []string{
3875 "-false-start",
3876 "-select-next-proto", "foo",
3877 },
3878 shimWritesFirst: true,
3879 resumeSession: true,
3880 })
3881
3882 // Client does False Start and negotiates ALPN.
3883 tests = append(tests, testCase{
3884 name: "FalseStart-ALPN",
3885 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3886 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3887 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3888 NextProtos: []string{"foo"},
3889 Bugs: ProtocolBugs{
3890 ExpectFalseStart: true,
3891 },
3892 },
3893 flags: []string{
3894 "-false-start",
3895 "-advertise-alpn", "\x03foo",
3896 },
3897 shimWritesFirst: true,
3898 resumeSession: true,
3899 })
3900
3901 // Client does False Start but doesn't explicitly call
3902 // SSL_connect.
3903 tests = append(tests, testCase{
3904 name: "FalseStart-Implicit",
3905 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3906 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3907 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3908 NextProtos: []string{"foo"},
3909 },
3910 flags: []string{
3911 "-implicit-handshake",
3912 "-false-start",
3913 "-advertise-alpn", "\x03foo",
3914 },
3915 })
3916
3917 // False Start without session tickets.
3918 tests = append(tests, testCase{
3919 name: "FalseStart-SessionTicketsDisabled",
3920 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3921 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3922 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3923 NextProtos: []string{"foo"},
3924 SessionTicketsDisabled: true,
3925 Bugs: ProtocolBugs{
3926 ExpectFalseStart: true,
3927 },
3928 },
3929 flags: []string{
3930 "-false-start",
3931 "-select-next-proto", "foo",
3932 },
3933 shimWritesFirst: true,
3934 })
3935
3936 // Server parses a V2ClientHello.
3937 tests = append(tests, testCase{
3938 testType: serverTest,
3939 name: "SendV2ClientHello",
3940 config: Config{
3941 // Choose a cipher suite that does not involve
3942 // elliptic curves, so no extensions are
3943 // involved.
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]3944 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]3945 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3946 Bugs: ProtocolBugs{
3947 SendV2ClientHello: true,
3948 },
3949 },
3950 })
3951
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]3952 // Test Channel ID
3953 for _, ver := range tlsVersions {
Nick Harperc9846112016-10-17 15:05:35 -0700[diff] [blame]3954 if ver.version < VersionTLS10 {
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]3955 continue
3956 }
3957 // Client sends a Channel ID.
3958 tests = append(tests, testCase{
3959 name: "ChannelID-Client-" + ver.name,
3960 config: Config{
3961 MaxVersion: ver.version,
3962 RequestChannelID: true,
3963 },
3964 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
3965 resumeSession: true,
3966 expectChannelID: true,
3967 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3968
Nick Harper60a85cb2016-09-23 16:25:11 -0700[diff] [blame]3969 // Server accepts a Channel ID.
3970 tests = append(tests, testCase{
3971 testType: serverTest,
3972 name: "ChannelID-Server-" + ver.name,
3973 config: Config{
3974 MaxVersion: ver.version,
3975 ChannelID: channelIDKey,
3976 },
3977 flags: []string{
3978 "-expect-channel-id",
3979 base64.StdEncoding.EncodeToString(channelIDBytes),
3980 },
3981 resumeSession: true,
3982 expectChannelID: true,
3983 })
3984
3985 tests = append(tests, testCase{
3986 testType: serverTest,
3987 name: "InvalidChannelIDSignature-" + ver.name,
3988 config: Config{
3989 MaxVersion: ver.version,
3990 ChannelID: channelIDKey,
3991 Bugs: ProtocolBugs{
3992 InvalidChannelIDSignature: true,
3993 },
3994 },
3995 flags: []string{"-enable-channel-id"},
3996 shouldFail: true,
3997 expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:",
3998 })
3999 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4000
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4001 // Channel ID and NPN at the same time, to ensure their relative
4002 // ordering is correct.
4003 tests = append(tests, testCase{
4004 name: "ChannelID-NPN-Client",
4005 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4006 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4007 RequestChannelID: true,
4008 NextProtos: []string{"foo"},
4009 },
4010 flags: []string{
4011 "-send-channel-id", path.Join(*resourceDir, channelIDKeyFile),
4012 "-select-next-proto", "foo",
4013 },
4014 resumeSession: true,
4015 expectChannelID: true,
4016 expectedNextProto: "foo",
4017 expectedNextProtoType: npn,
4018 })
4019 tests = append(tests, testCase{
4020 testType: serverTest,
4021 name: "ChannelID-NPN-Server",
4022 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4023 MaxVersion: VersionTLS12,
David Benjaminf8fcdf32016-06-08 15:56:13 -0400[diff] [blame]4024 ChannelID: channelIDKey,
4025 NextProtos: []string{"bar"},
4026 },
4027 flags: []string{
4028 "-expect-channel-id",
4029 base64.StdEncoding.EncodeToString(channelIDBytes),
4030 "-advertise-npn", "\x03foo\x03bar\x03baz",
4031 "-expect-next-proto", "bar",
4032 },
4033 resumeSession: true,
4034 expectChannelID: true,
4035 expectedNextProto: "bar",
4036 expectedNextProtoType: npn,
4037 })
4038
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4039 // Bidirectional shutdown with the runner initiating.
4040 tests = append(tests, testCase{
4041 name: "Shutdown-Runner",
4042 config: Config{
4043 Bugs: ProtocolBugs{
4044 ExpectCloseNotify: true,
4045 },
4046 },
4047 flags: []string{"-check-close-notify"},
4048 })
4049
4050 // Bidirectional shutdown with the shim initiating. The runner,
4051 // in the meantime, sends garbage before the close_notify which
4052 // the shim must ignore.
4053 tests = append(tests, testCase{
4054 name: "Shutdown-Shim",
4055 config: Config{
David Benjamine8e84b92016-08-03 15:39:47 -0400[diff] [blame]4056 MaxVersion: VersionTLS12,
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]4057 Bugs: ProtocolBugs{
4058 ExpectCloseNotify: true,
4059 },
4060 },
4061 shimShutsDown: true,
4062 sendEmptyRecords: 1,
4063 sendWarningAlerts: 1,
4064 flags: []string{"-check-close-notify"},
4065 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4066 } else {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4067 // TODO(davidben): DTLS 1.3 will want a similar thing for
4068 // HelloRetryRequest.
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4069 tests = append(tests, testCase{
4070 name: "SkipHelloVerifyRequest",
4071 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4072 MaxVersion: VersionTLS12,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4073 Bugs: ProtocolBugs{
4074 SkipHelloVerifyRequest: true,
4075 },
4076 },
4077 })
4078 }
4079
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4080 for _, test := range tests {
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4081 test.protocol = config.protocol
4082 if config.protocol == dtls {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4083 test.name += "-DTLS"
4084 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4085 if config.async {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4086 test.name += "-Async"
4087 test.flags = append(test.flags, "-async")
4088 } else {
4089 test.name += "-Sync"
4090 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4091 if config.splitHandshake {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4092 test.name += "-SplitHandshakeRecords"
4093 test.config.Bugs.MaxHandshakeRecordLength = 1
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4094 if config.protocol == dtls {
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]4095 test.config.Bugs.MaxPacketLength = 256
4096 test.flags = append(test.flags, "-mtu", "256")
4097 }
4098 }
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]4099 if config.packHandshakeFlight {
4100 test.name += "-PackHandshakeFlight"
4101 test.config.Bugs.PackHandshakeFlight = true
4102 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]4103 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4104 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4105}
4106
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4107func addDDoSCallbackTests() {
4108 // DDoS callback.
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4109 for _, resume := range []bool{false, true} {
4110 suffix := "Resume"
4111 if resume {
4112 suffix = "No" + suffix
4113 }
4114
4115 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4116 testType: serverTest,
4117 name: "Server-DDoS-OK-" + suffix,
4118 config: Config{
4119 MaxVersion: VersionTLS12,
4120 },
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4121 flags: []string{"-install-ddos-callback"},
4122 resumeSession: resume,
4123 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4124 testCases = append(testCases, testCase{
4125 testType: serverTest,
4126 name: "Server-DDoS-OK-" + suffix + "-TLS13",
4127 config: Config{
4128 MaxVersion: VersionTLS13,
4129 },
4130 flags: []string{"-install-ddos-callback"},
4131 resumeSession: resume,
4132 })
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4133
4134 failFlag := "-fail-ddos-callback"
4135 if resume {
4136 failFlag = "-fail-second-ddos-callback"
4137 }
4138 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4139 testType: serverTest,
4140 name: "Server-DDoS-Reject-" + suffix,
4141 config: Config{
4142 MaxVersion: VersionTLS12,
4143 },
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]4144 flags: []string{"-install-ddos-callback", failFlag},
4145 resumeSession: resume,
4146 shouldFail: true,
4147 expectedError: ":CONNECTION_REJECTED:",
4148 expectedLocalError: "remote error: internal error",
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4149 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4150 testCases = append(testCases, testCase{
4151 testType: serverTest,
4152 name: "Server-DDoS-Reject-" + suffix + "-TLS13",
4153 config: Config{
4154 MaxVersion: VersionTLS13,
4155 },
David Benjamin2c66e072016-09-16 15:58:00 -0400[diff] [blame]4156 flags: []string{"-install-ddos-callback", failFlag},
4157 resumeSession: resume,
4158 shouldFail: true,
4159 expectedError: ":CONNECTION_REJECTED:",
4160 expectedLocalError: "remote error: internal error",
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4161 })
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4162 }
4163}
4164
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4165func addVersionNegotiationTests() {
4166 for i, shimVers := range tlsVersions {
4167 // Assemble flags to disable all newer versions on the shim.
4168 var flags []string
4169 for _, vers := range tlsVersions[i+1:] {
4170 flags = append(flags, vers.flag)
4171 }
4172
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4173 // Test configuring the runner's maximum version.
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4174 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4175 protocols := []protocol{tls}
4176 if runnerVers.hasDTLS && shimVers.hasDTLS {
4177 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4178 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4179 for _, protocol := range protocols {
4180 expectedVersion := shimVers.version
4181 if runnerVers.version < shimVers.version {
4182 expectedVersion = runnerVers.version
4183 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4184
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4185 suffix := shimVers.name + "-" + runnerVers.name
4186 if protocol == dtls {
4187 suffix += "-DTLS"
4188 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4189
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4190 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
4191
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4192 // Determine the expected initial record-layer versions.
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4193 clientVers := shimVers.version
4194 if clientVers > VersionTLS10 {
4195 clientVers = VersionTLS10
4196 }
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4197 clientVers = versionToWire(clientVers, protocol == dtls)
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4198 serverVers := expectedVersion
4199 if expectedVersion >= VersionTLS13 {
4200 serverVers = VersionTLS10
4201 }
David Benjaminb1dd8cd2016-09-26 19:20:48 -0400[diff] [blame]4202 serverVers = versionToWire(serverVers, protocol == dtls)
4203
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4204 testCases = append(testCases, testCase{
4205 protocol: protocol,
4206 testType: clientTest,
4207 name: "VersionNegotiation-Client-" + suffix,
4208 config: Config{
4209 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4210 Bugs: ProtocolBugs{
4211 ExpectInitialRecordVersion: clientVers,
4212 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4213 },
4214 flags: flags,
4215 expectedVersion: expectedVersion,
4216 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4217 testCases = append(testCases, testCase{
4218 protocol: protocol,
4219 testType: clientTest,
4220 name: "VersionNegotiation-Client2-" + suffix,
4221 config: Config{
4222 MaxVersion: runnerVers.version,
4223 Bugs: ProtocolBugs{
4224 ExpectInitialRecordVersion: clientVers,
4225 },
4226 },
4227 flags: []string{"-max-version", shimVersFlag},
4228 expectedVersion: expectedVersion,
4229 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4230
4231 testCases = append(testCases, testCase{
4232 protocol: protocol,
4233 testType: serverTest,
4234 name: "VersionNegotiation-Server-" + suffix,
4235 config: Config{
4236 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4237 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4238 ExpectInitialRecordVersion: serverVers,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]4239 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4240 },
4241 flags: flags,
4242 expectedVersion: expectedVersion,
4243 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4244 testCases = append(testCases, testCase{
4245 protocol: protocol,
4246 testType: serverTest,
4247 name: "VersionNegotiation-Server2-" + suffix,
4248 config: Config{
4249 MaxVersion: runnerVers.version,
4250 Bugs: ProtocolBugs{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]4251 ExpectInitialRecordVersion: serverVers,
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]4252 },
4253 },
4254 flags: []string{"-max-version", shimVersFlag},
4255 expectedVersion: expectedVersion,
4256 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4257 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4258 }
4259 }
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4260
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4261 // Test the version extension at all versions.
4262 for _, vers := range tlsVersions {
4263 protocols := []protocol{tls}
4264 if vers.hasDTLS {
4265 protocols = append(protocols, dtls)
4266 }
4267 for _, protocol := range protocols {
4268 suffix := vers.name
4269 if protocol == dtls {
4270 suffix += "-DTLS"
4271 }
4272
4273 wireVersion := versionToWire(vers.version, protocol == dtls)
4274 testCases = append(testCases, testCase{
4275 protocol: protocol,
4276 testType: serverTest,
4277 name: "VersionNegotiationExtension-" + suffix,
4278 config: Config{
4279 Bugs: ProtocolBugs{
4280 SendSupportedVersions: []uint16{0x1111, wireVersion, 0x2222},
4281 },
4282 },
4283 expectedVersion: vers.version,
4284 })
4285 }
4286
4287 }
4288
4289 // If all versions are unknown, negotiation fails.
4290 testCases = append(testCases, testCase{
4291 testType: serverTest,
4292 name: "NoSupportedVersions",
4293 config: Config{
4294 Bugs: ProtocolBugs{
4295 SendSupportedVersions: []uint16{0x1111},
4296 },
4297 },
4298 shouldFail: true,
4299 expectedError: ":UNSUPPORTED_PROTOCOL:",
4300 })
4301 testCases = append(testCases, testCase{
4302 protocol: dtls,
4303 testType: serverTest,
4304 name: "NoSupportedVersions-DTLS",
4305 config: Config{
4306 Bugs: ProtocolBugs{
4307 SendSupportedVersions: []uint16{0x1111},
4308 },
4309 },
4310 shouldFail: true,
4311 expectedError: ":UNSUPPORTED_PROTOCOL:",
4312 })
4313
4314 testCases = append(testCases, testCase{
4315 testType: serverTest,
4316 name: "ClientHelloVersionTooHigh",
4317 config: Config{
4318 MaxVersion: VersionTLS13,
4319 Bugs: ProtocolBugs{
4320 SendClientVersion: 0x0304,
4321 OmitSupportedVersions: true,
4322 },
4323 },
4324 expectedVersion: VersionTLS12,
4325 })
4326
4327 testCases = append(testCases, testCase{
4328 testType: serverTest,
4329 name: "ConflictingVersionNegotiation",
4330 config: Config{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4331 Bugs: ProtocolBugs{
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4332 SendClientVersion: VersionTLS12,
4333 SendSupportedVersions: []uint16{VersionTLS11},
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4334 },
4335 },
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4336 // The extension takes precedence over the ClientHello version.
4337 expectedVersion: VersionTLS11,
4338 })
4339
4340 testCases = append(testCases, testCase{
4341 testType: serverTest,
4342 name: "ConflictingVersionNegotiation-2",
4343 config: Config{
4344 Bugs: ProtocolBugs{
4345 SendClientVersion: VersionTLS11,
4346 SendSupportedVersions: []uint16{VersionTLS12},
4347 },
4348 },
4349 // The extension takes precedence over the ClientHello version.
4350 expectedVersion: VersionTLS12,
4351 })
4352
4353 testCases = append(testCases, testCase{
4354 testType: serverTest,
4355 name: "RejectFinalTLS13",
4356 config: Config{
4357 Bugs: ProtocolBugs{
4358 SendSupportedVersions: []uint16{VersionTLS13, VersionTLS12},
4359 },
4360 },
4361 // We currently implement a draft TLS 1.3 version. Ensure that
4362 // the true TLS 1.3 value is ignored for now.
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4363 expectedVersion: VersionTLS12,
4364 })
4365
Brian Smithf85d3232016-10-28 10:34:06 -1000[diff] [blame]4366 // Test that the maximum version is selected regardless of the
4367 // client-sent order.
4368 testCases = append(testCases, testCase{
4369 testType: serverTest,
4370 name: "IgnoreClientVersionOrder",
4371 config: Config{
4372 Bugs: ProtocolBugs{
4373 SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
4374 },
4375 },
4376 expectedVersion: VersionTLS13,
4377 })
4378
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4379 // Test for version tolerance.
4380 testCases = append(testCases, testCase{
4381 testType: serverTest,
4382 name: "MinorVersionTolerance",
4383 config: Config{
4384 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4385 SendClientVersion: 0x03ff,
4386 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4387 },
4388 },
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4389 expectedVersion: VersionTLS12,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4390 })
4391 testCases = append(testCases, testCase{
4392 testType: serverTest,
4393 name: "MajorVersionTolerance",
4394 config: Config{
4395 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4396 SendClientVersion: 0x0400,
4397 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4398 },
4399 },
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4400 // TLS 1.3 must be negotiated with the supported_versions
4401 // extension, not ClientHello.version.
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4402 expectedVersion: VersionTLS12,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4403 })
David Benjaminad75a662016-09-30 15:42:59 -0400[diff] [blame]4404 testCases = append(testCases, testCase{
4405 testType: serverTest,
4406 name: "VersionTolerance-TLS13",
4407 config: Config{
4408 Bugs: ProtocolBugs{
4409 // Although TLS 1.3 does not use
4410 // ClientHello.version, it still tolerates high
4411 // values there.
4412 SendClientVersion: 0x0400,
4413 },
4414 },
4415 expectedVersion: VersionTLS13,
4416 })
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4417
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4418 testCases = append(testCases, testCase{
4419 protocol: dtls,
4420 testType: serverTest,
4421 name: "MinorVersionTolerance-DTLS",
4422 config: Config{
4423 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4424 SendClientVersion: 0xfe00,
4425 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4426 },
4427 },
4428 expectedVersion: VersionTLS12,
4429 })
4430 testCases = append(testCases, testCase{
4431 protocol: dtls,
4432 testType: serverTest,
4433 name: "MajorVersionTolerance-DTLS",
4434 config: Config{
4435 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4436 SendClientVersion: 0xfdff,
4437 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4438 },
4439 },
4440 expectedVersion: VersionTLS12,
4441 })
4442
4443 // Test that versions below 3.0 are rejected.
4444 testCases = append(testCases, testCase{
4445 testType: serverTest,
4446 name: "VersionTooLow",
4447 config: Config{
4448 Bugs: ProtocolBugs{
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4449 SendClientVersion: 0x0200,
4450 OmitSupportedVersions: true,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4451 },
4452 },
4453 shouldFail: true,
4454 expectedError: ":UNSUPPORTED_PROTOCOL:",
4455 })
4456 testCases = append(testCases, testCase{
4457 protocol: dtls,
4458 testType: serverTest,
4459 name: "VersionTooLow-DTLS",
4460 config: Config{
4461 Bugs: ProtocolBugs{
David Benjamin3c6a1ea2016-09-26 18:30:05 -0400[diff] [blame]4462 SendClientVersion: 0xffff,
David Benjamin95c69562016-06-29 18:15:03 -0400[diff] [blame]4463 },
4464 },
4465 shouldFail: true,
4466 expectedError: ":UNSUPPORTED_PROTOCOL:",
4467 })
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4468
David Benjamin2dc02042016-09-19 19:57:37 -0400[diff] [blame]4469 testCases = append(testCases, testCase{
4470 name: "ServerBogusVersion",
4471 config: Config{
4472 Bugs: ProtocolBugs{
4473 SendServerHelloVersion: 0x1234,
4474 },
4475 },
4476 shouldFail: true,
4477 expectedError: ":UNSUPPORTED_PROTOCOL:",
4478 })
4479
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4480 // Test TLS 1.3's downgrade signal.
4481 testCases = append(testCases, testCase{
4482 name: "Downgrade-TLS12-Client",
4483 config: Config{
4484 Bugs: ProtocolBugs{
4485 NegotiateVersion: VersionTLS12,
4486 },
4487 },
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4488 expectedVersion: VersionTLS12,
David Benjamin55108632016-08-11 22:01:18 -0400[diff] [blame]4489 // TODO(davidben): This test should fail once TLS 1.3 is final
4490 // and the fallback signal restored.
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4491 })
4492 testCases = append(testCases, testCase{
4493 testType: serverTest,
4494 name: "Downgrade-TLS12-Server",
4495 config: Config{
4496 Bugs: ProtocolBugs{
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4497 SendSupportedVersions: []uint16{VersionTLS12},
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4498 },
4499 },
David Benjamin592b5322016-09-30 15:15:01 -0400[diff] [blame]4500 expectedVersion: VersionTLS12,
David Benjamin55108632016-08-11 22:01:18 -0400[diff] [blame]4501 // TODO(davidben): This test should fail once TLS 1.3 is final
4502 // and the fallback signal restored.
David Benjamin1f61f0d2016-07-10 12:20:35 -0400[diff] [blame]4503 })
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4504}
4505
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4506func addMinimumVersionTests() {
4507 for i, shimVers := range tlsVersions {
4508 // Assemble flags to disable all older versions on the shim.
4509 var flags []string
4510 for _, vers := range tlsVersions[:i] {
4511 flags = append(flags, vers.flag)
4512 }
4513
4514 for _, runnerVers := range tlsVersions {
4515 protocols := []protocol{tls}
4516 if runnerVers.hasDTLS && shimVers.hasDTLS {
4517 protocols = append(protocols, dtls)
4518 }
4519 for _, protocol := range protocols {
4520 suffix := shimVers.name + "-" + runnerVers.name
4521 if protocol == dtls {
4522 suffix += "-DTLS"
4523 }
4524 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
4525
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4526 var expectedVersion uint16
4527 var shouldFail bool
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4528 var expectedError, expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4529 if runnerVers.version >= shimVers.version {
4530 expectedVersion = runnerVers.version
4531 } else {
4532 shouldFail = true
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4533 expectedError = ":UNSUPPORTED_PROTOCOL:"
4534 expectedLocalError = "remote error: protocol version not supported"
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4535 }
4536
4537 testCases = append(testCases, testCase{
4538 protocol: protocol,
4539 testType: clientTest,
4540 name: "MinimumVersion-Client-" + suffix,
4541 config: Config{
4542 MaxVersion: runnerVers.version,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4543 Bugs: ProtocolBugs{
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4544 // Ensure the server does not decline to
4545 // select a version (versions extension) or
4546 // cipher (some ciphers depend on versions).
4547 NegotiateVersion: runnerVers.version,
4548 IgnorePeerCipherPreferences: shouldFail,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4549 },
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4550 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4551 flags: flags,
4552 expectedVersion: expectedVersion,
4553 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4554 expectedError: expectedError,
4555 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4556 })
4557 testCases = append(testCases, testCase{
4558 protocol: protocol,
4559 testType: clientTest,
4560 name: "MinimumVersion-Client2-" + suffix,
4561 config: Config{
4562 MaxVersion: runnerVers.version,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4563 Bugs: ProtocolBugs{
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4564 // Ensure the server does not decline to
4565 // select a version (versions extension) or
4566 // cipher (some ciphers depend on versions).
4567 NegotiateVersion: runnerVers.version,
4568 IgnorePeerCipherPreferences: shouldFail,
Steven Valdezfdd10992016-09-15 16:27:05 -0400[diff] [blame]4569 },
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4570 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4571 flags: []string{"-min-version", shimVersFlag},
4572 expectedVersion: expectedVersion,
4573 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4574 expectedError: expectedError,
4575 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4576 })
4577
4578 testCases = append(testCases, testCase{
4579 protocol: protocol,
4580 testType: serverTest,
4581 name: "MinimumVersion-Server-" + suffix,
4582 config: Config{
4583 MaxVersion: runnerVers.version,
4584 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4585 flags: flags,
4586 expectedVersion: expectedVersion,
4587 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4588 expectedError: expectedError,
4589 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4590 })
4591 testCases = append(testCases, testCase{
4592 protocol: protocol,
4593 testType: serverTest,
4594 name: "MinimumVersion-Server2-" + suffix,
4595 config: Config{
4596 MaxVersion: runnerVers.version,
4597 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]4598 flags: []string{"-min-version", shimVersFlag},
4599 expectedVersion: expectedVersion,
4600 shouldFail: shouldFail,
David Benjamin6dbde982016-10-03 19:11:14 -0400[diff] [blame]4601 expectedError: expectedError,
4602 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4603 })
4604 }
4605 }
4606 }
4607}
4608
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4609func addExtensionTests() {
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]4610 // TODO(davidben): Extensions, where applicable, all move their server
4611 // halves to EncryptedExtensions in TLS 1.3. Duplicate each of these
4612 // tests for both. Also test interaction with 0-RTT when implemented.
4613
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4614 // Repeat extensions tests all versions except SSL 3.0.
4615 for _, ver := range tlsVersions {
4616 if ver.version == VersionSSL30 {
4617 continue
4618 }
4619
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4620 // Test that duplicate extensions are rejected.
4621 testCases = append(testCases, testCase{
4622 testType: clientTest,
4623 name: "DuplicateExtensionClient-" + ver.name,
4624 config: Config{
4625 MaxVersion: ver.version,
4626 Bugs: ProtocolBugs{
4627 DuplicateExtension: true,
4628 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4629 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4630 shouldFail: true,
4631 expectedLocalError: "remote error: error decoding message",
4632 })
4633 testCases = append(testCases, testCase{
4634 testType: serverTest,
4635 name: "DuplicateExtensionServer-" + ver.name,
4636 config: Config{
4637 MaxVersion: ver.version,
4638 Bugs: ProtocolBugs{
4639 DuplicateExtension: true,
4640 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4641 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4642 shouldFail: true,
4643 expectedLocalError: "remote error: error decoding message",
4644 })
4645
4646 // Test SNI.
4647 testCases = append(testCases, testCase{
4648 testType: clientTest,
4649 name: "ServerNameExtensionClient-" + ver.name,
4650 config: Config{
4651 MaxVersion: ver.version,
4652 Bugs: ProtocolBugs{
4653 ExpectServerName: "example.com",
4654 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4655 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4656 flags: []string{"-host-name", "example.com"},
4657 })
4658 testCases = append(testCases, testCase{
4659 testType: clientTest,
4660 name: "ServerNameExtensionClientMismatch-" + ver.name,
4661 config: Config{
4662 MaxVersion: ver.version,
4663 Bugs: ProtocolBugs{
4664 ExpectServerName: "mismatch.com",
4665 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4666 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4667 flags: []string{"-host-name", "example.com"},
4668 shouldFail: true,
4669 expectedLocalError: "tls: unexpected server name",
4670 })
4671 testCases = append(testCases, testCase{
4672 testType: clientTest,
4673 name: "ServerNameExtensionClientMissing-" + ver.name,
4674 config: Config{
4675 MaxVersion: ver.version,
4676 Bugs: ProtocolBugs{
4677 ExpectServerName: "missing.com",
4678 },
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4679 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4680 shouldFail: true,
4681 expectedLocalError: "tls: unexpected server name",
4682 })
4683 testCases = append(testCases, testCase{
4684 testType: serverTest,
4685 name: "ServerNameExtensionServer-" + ver.name,
4686 config: Config{
4687 MaxVersion: ver.version,
4688 ServerName: "example.com",
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]4689 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4690 flags: []string{"-expect-server-name", "example.com"},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4691 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4692 })
4693
4694 // Test ALPN.
4695 testCases = append(testCases, testCase{
4696 testType: clientTest,
4697 name: "ALPNClient-" + ver.name,
4698 config: Config{
4699 MaxVersion: ver.version,
4700 NextProtos: []string{"foo"},
4701 },
4702 flags: []string{
4703 "-advertise-alpn", "\x03foo\x03bar\x03baz",
4704 "-expect-alpn", "foo",
4705 },
4706 expectedNextProto: "foo",
4707 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4708 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4709 })
4710 testCases = append(testCases, testCase{
David Benjamin3e517572016-08-11 11:52:23 -0400[diff] [blame]4711 testType: clientTest,
4712 name: "ALPNClient-Mismatch-" + ver.name,
4713 config: Config{
4714 MaxVersion: ver.version,
4715 Bugs: ProtocolBugs{
4716 SendALPN: "baz",
4717 },
4718 },
4719 flags: []string{
4720 "-advertise-alpn", "\x03foo\x03bar",
4721 },
4722 shouldFail: true,
4723 expectedError: ":INVALID_ALPN_PROTOCOL:",
4724 expectedLocalError: "remote error: illegal parameter",
4725 })
4726 testCases = append(testCases, testCase{
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4727 testType: serverTest,
4728 name: "ALPNServer-" + ver.name,
4729 config: Config{
4730 MaxVersion: ver.version,
4731 NextProtos: []string{"foo", "bar", "baz"},
4732 },
4733 flags: []string{
4734 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4735 "-select-alpn", "foo",
4736 },
4737 expectedNextProto: "foo",
4738 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4739 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4740 })
4741 testCases = append(testCases, testCase{
4742 testType: serverTest,
4743 name: "ALPNServer-Decline-" + ver.name,
4744 config: Config{
4745 MaxVersion: ver.version,
4746 NextProtos: []string{"foo", "bar", "baz"},
4747 },
4748 flags: []string{"-decline-alpn"},
4749 expectNoNextProto: true,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4750 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4751 })
4752
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4753 // Test ALPN in async mode as well to ensure that extensions callbacks are only
4754 // called once.
4755 testCases = append(testCases, testCase{
4756 testType: serverTest,
4757 name: "ALPNServer-Async-" + ver.name,
4758 config: Config{
4759 MaxVersion: ver.version,
4760 NextProtos: []string{"foo", "bar", "baz"},
David Benjamin4eb95cc2016-11-16 17:08:23 +0900[diff] [blame]4761 // Prior to TLS 1.3, exercise the asynchronous session callback.
4762 SessionTicketsDisabled: ver.version < VersionTLS13,
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4763 },
4764 flags: []string{
4765 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4766 "-select-alpn", "foo",
4767 "-async",
4768 },
4769 expectedNextProto: "foo",
4770 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4771 resumeSession: true,
David Benjamin25fe85b2016-08-09 20:00:32 -0400[diff] [blame]4772 })
4773
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4774 var emptyString string
4775 testCases = append(testCases, testCase{
4776 testType: clientTest,
4777 name: "ALPNClient-EmptyProtocolName-" + ver.name,
4778 config: Config{
4779 MaxVersion: ver.version,
4780 NextProtos: []string{""},
4781 Bugs: ProtocolBugs{
4782 // A server returning an empty ALPN protocol
4783 // should be rejected.
4784 ALPNProtocol: &emptyString,
4785 },
4786 },
4787 flags: []string{
4788 "-advertise-alpn", "\x03foo",
4789 },
4790 shouldFail: true,
4791 expectedError: ":PARSE_TLSEXT:",
4792 })
4793 testCases = append(testCases, testCase{
4794 testType: serverTest,
4795 name: "ALPNServer-EmptyProtocolName-" + ver.name,
4796 config: Config{
4797 MaxVersion: ver.version,
4798 // A ClientHello containing an empty ALPN protocol
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]4799 // should be rejected.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4800 NextProtos: []string{"foo", "", "baz"},
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]4801 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4802 flags: []string{
4803 "-select-alpn", "foo",
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]4804 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4805 shouldFail: true,
4806 expectedError: ":PARSE_TLSEXT:",
4807 })
4808
4809 // Test NPN and the interaction with ALPN.
4810 if ver.version < VersionTLS13 {
4811 // Test that the server prefers ALPN over NPN.
4812 testCases = append(testCases, testCase{
4813 testType: serverTest,
4814 name: "ALPNServer-Preferred-" + ver.name,
4815 config: Config{
4816 MaxVersion: ver.version,
4817 NextProtos: []string{"foo", "bar", "baz"},
4818 },
4819 flags: []string{
4820 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4821 "-select-alpn", "foo",
4822 "-advertise-npn", "\x03foo\x03bar\x03baz",
4823 },
4824 expectedNextProto: "foo",
4825 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4826 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4827 })
4828 testCases = append(testCases, testCase{
4829 testType: serverTest,
4830 name: "ALPNServer-Preferred-Swapped-" + ver.name,
4831 config: Config{
4832 MaxVersion: ver.version,
4833 NextProtos: []string{"foo", "bar", "baz"},
4834 Bugs: ProtocolBugs{
4835 SwapNPNAndALPN: true,
4836 },
4837 },
4838 flags: []string{
4839 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
4840 "-select-alpn", "foo",
4841 "-advertise-npn", "\x03foo\x03bar\x03baz",
4842 },
4843 expectedNextProto: "foo",
4844 expectedNextProtoType: alpn,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4845 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4846 })
4847
4848 // Test that negotiating both NPN and ALPN is forbidden.
4849 testCases = append(testCases, testCase{
4850 name: "NegotiateALPNAndNPN-" + ver.name,
4851 config: Config{
4852 MaxVersion: ver.version,
4853 NextProtos: []string{"foo", "bar", "baz"},
4854 Bugs: ProtocolBugs{
4855 NegotiateALPNAndNPN: true,
4856 },
4857 },
4858 flags: []string{
4859 "-advertise-alpn", "\x03foo",
4860 "-select-next-proto", "foo",
4861 },
4862 shouldFail: true,
4863 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
4864 })
4865 testCases = append(testCases, testCase{
4866 name: "NegotiateALPNAndNPN-Swapped-" + ver.name,
4867 config: Config{
4868 MaxVersion: ver.version,
4869 NextProtos: []string{"foo", "bar", "baz"},
4870 Bugs: ProtocolBugs{
4871 NegotiateALPNAndNPN: true,
4872 SwapNPNAndALPN: true,
4873 },
4874 },
4875 flags: []string{
4876 "-advertise-alpn", "\x03foo",
4877 "-select-next-proto", "foo",
4878 },
4879 shouldFail: true,
4880 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
4881 })
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4882 }
4883
4884 // Test ticket behavior.
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4885
4886 // Resume with a corrupt ticket.
4887 testCases = append(testCases, testCase{
4888 testType: serverTest,
4889 name: "CorruptTicket-" + ver.name,
4890 config: Config{
4891 MaxVersion: ver.version,
4892 Bugs: ProtocolBugs{
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]4893 FilterTicket: func(in []byte) ([]byte, error) {
4894 in[len(in)-1] ^= 1
4895 return in, nil
4896 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4897 },
4898 },
4899 resumeSession: true,
4900 expectResumeRejected: true,
4901 })
4902 // Test the ticket callback, with and without renewal.
4903 testCases = append(testCases, testCase{
4904 testType: serverTest,
4905 name: "TicketCallback-" + ver.name,
4906 config: Config{
4907 MaxVersion: ver.version,
4908 },
4909 resumeSession: true,
4910 flags: []string{"-use-ticket-callback"},
4911 })
4912 testCases = append(testCases, testCase{
4913 testType: serverTest,
4914 name: "TicketCallback-Renew-" + ver.name,
4915 config: Config{
4916 MaxVersion: ver.version,
4917 Bugs: ProtocolBugs{
4918 ExpectNewTicket: true,
4919 },
4920 },
4921 flags: []string{"-use-ticket-callback", "-renew-ticket"},
4922 resumeSession: true,
4923 })
4924
4925 // Test that the ticket callback is only called once when everything before
4926 // it in the ClientHello is asynchronous. This corrupts the ticket so
4927 // certificate selection callbacks run.
4928 testCases = append(testCases, testCase{
4929 testType: serverTest,
4930 name: "TicketCallback-SingleCall-" + ver.name,
4931 config: Config{
4932 MaxVersion: ver.version,
4933 Bugs: ProtocolBugs{
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]4934 FilterTicket: func(in []byte) ([]byte, error) {
4935 in[len(in)-1] ^= 1
4936 return in, nil
4937 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]4938 },
4939 },
4940 resumeSession: true,
4941 expectResumeRejected: true,
4942 flags: []string{
4943 "-use-ticket-callback",
4944 "-async",
4945 },
4946 })
4947
4948 // Resume with an oversized session id.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4949 if ver.version < VersionTLS13 {
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]4950 testCases = append(testCases, testCase{
4951 testType: serverTest,
4952 name: "OversizedSessionId-" + ver.name,
4953 config: Config{
4954 MaxVersion: ver.version,
4955 Bugs: ProtocolBugs{
4956 OversizedSessionId: true,
4957 },
4958 },
4959 resumeSession: true,
4960 shouldFail: true,
4961 expectedError: ":DECODE_ERROR:",
4962 })
4963 }
4964
4965 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
4966 // are ignored.
4967 if ver.hasDTLS {
4968 testCases = append(testCases, testCase{
4969 protocol: dtls,
4970 name: "SRTP-Client-" + ver.name,
4971 config: Config{
4972 MaxVersion: ver.version,
4973 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
4974 },
4975 flags: []string{
4976 "-srtp-profiles",
4977 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4978 },
4979 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4980 })
4981 testCases = append(testCases, testCase{
4982 protocol: dtls,
4983 testType: serverTest,
4984 name: "SRTP-Server-" + ver.name,
4985 config: Config{
4986 MaxVersion: ver.version,
4987 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
4988 },
4989 flags: []string{
4990 "-srtp-profiles",
4991 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
4992 },
4993 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
4994 })
4995 // Test that the MKI is ignored.
4996 testCases = append(testCases, testCase{
4997 protocol: dtls,
4998 testType: serverTest,
4999 name: "SRTP-Server-IgnoreMKI-" + ver.name,
5000 config: Config{
5001 MaxVersion: ver.version,
5002 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
5003 Bugs: ProtocolBugs{
5004 SRTPMasterKeyIdentifer: "bogus",
5005 },
5006 },
5007 flags: []string{
5008 "-srtp-profiles",
5009 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5010 },
5011 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
5012 })
5013 // Test that SRTP isn't negotiated on the server if there were
5014 // no matching profiles.
5015 testCases = append(testCases, testCase{
5016 protocol: dtls,
5017 testType: serverTest,
5018 name: "SRTP-Server-NoMatch-" + ver.name,
5019 config: Config{
5020 MaxVersion: ver.version,
5021 SRTPProtectionProfiles: []uint16{100, 101, 102},
5022 },
5023 flags: []string{
5024 "-srtp-profiles",
5025 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
5026 },
5027 expectedSRTPProtectionProfile: 0,
5028 })
5029 // Test that the server returning an invalid SRTP profile is
5030 // flagged as an error by the client.
5031 testCases = append(testCases, testCase{
5032 protocol: dtls,
5033 name: "SRTP-Client-NoMatch-" + ver.name,
5034 config: Config{
5035 MaxVersion: ver.version,
5036 Bugs: ProtocolBugs{
5037 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
5038 },
5039 },
5040 flags: []string{
5041 "-srtp-profiles",
5042 "SRTP_AES128_CM_SHA1_80",
5043 },
5044 shouldFail: true,
5045 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
5046 })
5047 }
5048
5049 // Test SCT list.
5050 testCases = append(testCases, testCase{
5051 name: "SignedCertificateTimestampList-Client-" + ver.name,
5052 testType: clientTest,
5053 config: Config{
5054 MaxVersion: ver.version,
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]5055 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5056 flags: []string{
5057 "-enable-signed-cert-timestamps",
5058 "-expect-signed-cert-timestamps",
5059 base64.StdEncoding.EncodeToString(testSCTList),
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]5060 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5061 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5062 })
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5063
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5064 var differentSCTList []byte
5065 differentSCTList = append(differentSCTList, testSCTList...)
5066 differentSCTList[len(differentSCTList)-1] ^= 1
5067
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5068 // The SCT extension did not specify that it must only be sent on resumption as it
5069 // should have, so test that we tolerate but ignore it.
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5070 testCases = append(testCases, testCase{
5071 name: "SendSCTListOnResume-" + ver.name,
5072 config: Config{
5073 MaxVersion: ver.version,
5074 Bugs: ProtocolBugs{
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5075 SendSCTListOnResume: differentSCTList,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5076 },
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]5077 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5078 flags: []string{
5079 "-enable-signed-cert-timestamps",
5080 "-expect-signed-cert-timestamps",
5081 base64.StdEncoding.EncodeToString(testSCTList),
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]5082 },
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5083 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5084 })
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5085
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5086 testCases = append(testCases, testCase{
5087 name: "SignedCertificateTimestampList-Server-" + ver.name,
5088 testType: serverTest,
5089 config: Config{
5090 MaxVersion: ver.version,
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]5091 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5092 flags: []string{
5093 "-signed-cert-timestamps",
5094 base64.StdEncoding.EncodeToString(testSCTList),
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]5095 },
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5096 expectedSCTList: testSCTList,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5097 resumeSession: true,
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5098 })
David Benjamin53210cb2016-11-16 09:01:48 +0900[diff] [blame]5099
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5100 emptySCTListCert := *testCerts[0].cert
5101 emptySCTListCert.SignedCertificateTimestampList = []byte{0, 0}
5102
5103 // Test empty SCT list.
5104 testCases = append(testCases, testCase{
5105 name: "SignedCertificateTimestampListEmpty-Client-" + ver.name,
5106 testType: clientTest,
5107 config: Config{
5108 MaxVersion: ver.version,
5109 Certificates: []Certificate{emptySCTListCert},
5110 },
5111 flags: []string{
5112 "-enable-signed-cert-timestamps",
5113 },
5114 shouldFail: true,
5115 expectedError: ":ERROR_PARSING_EXTENSION:",
5116 })
5117
5118 emptySCTCert := *testCerts[0].cert
5119 emptySCTCert.SignedCertificateTimestampList = []byte{0, 6, 0, 2, 1, 2, 0, 0}
5120
5121 // Test empty SCT in non-empty list.
5122 testCases = append(testCases, testCase{
5123 name: "SignedCertificateTimestampListEmptySCT-Client-" + ver.name,
5124 testType: clientTest,
5125 config: Config{
5126 MaxVersion: ver.version,
5127 Certificates: []Certificate{emptySCTCert},
5128 },
5129 flags: []string{
5130 "-enable-signed-cert-timestamps",
5131 },
5132 shouldFail: true,
5133 expectedError: ":ERROR_PARSING_EXTENSION:",
5134 })
5135
David Benjamin53210cb2016-11-16 09:01:48 +0900[diff] [blame]5136 // Test that certificate-related extensions are not sent unsolicited.
5137 testCases = append(testCases, testCase{
5138 testType: serverTest,
5139 name: "UnsolicitedCertificateExtensions-" + ver.name,
5140 config: Config{
5141 MaxVersion: ver.version,
5142 Bugs: ProtocolBugs{
5143 NoOCSPStapling: true,
5144 NoSignedCertificateTimestamps: true,
5145 },
5146 },
5147 flags: []string{
5148 "-ocsp-response",
5149 base64.StdEncoding.EncodeToString(testOCSPResponse),
5150 "-signed-cert-timestamps",
5151 base64.StdEncoding.EncodeToString(testSCTList),
5152 },
5153 })
David Benjamin97d17d92016-07-14 16:12:00 -0400[diff] [blame]5154 }
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5155
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]5156 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]5157 testType: clientTest,
5158 name: "ClientHelloPadding",
5159 config: Config{
5160 Bugs: ProtocolBugs{
5161 RequireClientHelloSize: 512,
5162 },
5163 },
5164 // This hostname just needs to be long enough to push the
5165 // ClientHello into F5's danger zone between 256 and 511 bytes
5166 // long.
5167 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
5168 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]5169
5170 // Extensions should not function in SSL 3.0.
5171 testCases = append(testCases, testCase{
5172 testType: serverTest,
5173 name: "SSLv3Extensions-NoALPN",
5174 config: Config{
5175 MaxVersion: VersionSSL30,
5176 NextProtos: []string{"foo", "bar", "baz"},
5177 },
5178 flags: []string{
5179 "-select-alpn", "foo",
5180 },
5181 expectNoNextProto: true,
5182 })
5183
5184 // Test session tickets separately as they follow a different codepath.
5185 testCases = append(testCases, testCase{
5186 testType: serverTest,
5187 name: "SSLv3Extensions-NoTickets",
5188 config: Config{
5189 MaxVersion: VersionSSL30,
5190 Bugs: ProtocolBugs{
5191 // Historically, session tickets in SSL 3.0
5192 // failed in different ways depending on whether
5193 // the client supported renegotiation_info.
5194 NoRenegotiationInfo: true,
5195 },
5196 },
5197 resumeSession: true,
5198 })
5199 testCases = append(testCases, testCase{
5200 testType: serverTest,
5201 name: "SSLv3Extensions-NoTickets2",
5202 config: Config{
5203 MaxVersion: VersionSSL30,
5204 },
5205 resumeSession: true,
5206 })
5207
5208 // But SSL 3.0 does send and process renegotiation_info.
5209 testCases = append(testCases, testCase{
5210 testType: serverTest,
5211 name: "SSLv3Extensions-RenegotiationInfo",
5212 config: Config{
5213 MaxVersion: VersionSSL30,
5214 Bugs: ProtocolBugs{
5215 RequireRenegotiationInfo: true,
5216 },
5217 },
5218 })
5219 testCases = append(testCases, testCase{
5220 testType: serverTest,
5221 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
5222 config: Config{
5223 MaxVersion: VersionSSL30,
5224 Bugs: ProtocolBugs{
5225 NoRenegotiationInfo: true,
5226 SendRenegotiationSCSV: true,
5227 RequireRenegotiationInfo: true,
5228 },
5229 },
5230 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5231
5232 // Test that illegal extensions in TLS 1.3 are rejected by the client if
5233 // in ServerHello.
5234 testCases = append(testCases, testCase{
5235 name: "NPN-Forbidden-TLS13",
5236 config: Config{
5237 MaxVersion: VersionTLS13,
5238 NextProtos: []string{"foo"},
5239 Bugs: ProtocolBugs{
5240 NegotiateNPNAtAllVersions: true,
5241 },
5242 },
5243 flags: []string{"-select-next-proto", "foo"},
5244 shouldFail: true,
5245 expectedError: ":ERROR_PARSING_EXTENSION:",
5246 })
5247 testCases = append(testCases, testCase{
5248 name: "EMS-Forbidden-TLS13",
5249 config: Config{
5250 MaxVersion: VersionTLS13,
5251 Bugs: ProtocolBugs{
5252 NegotiateEMSAtAllVersions: true,
5253 },
5254 },
5255 shouldFail: true,
5256 expectedError: ":ERROR_PARSING_EXTENSION:",
5257 })
5258 testCases = append(testCases, testCase{
5259 name: "RenegotiationInfo-Forbidden-TLS13",
5260 config: Config{
5261 MaxVersion: VersionTLS13,
5262 Bugs: ProtocolBugs{
5263 NegotiateRenegotiationInfoAtAllVersions: true,
5264 },
5265 },
5266 shouldFail: true,
5267 expectedError: ":ERROR_PARSING_EXTENSION:",
5268 })
5269 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5270 name: "Ticket-Forbidden-TLS13",
5271 config: Config{
5272 MaxVersion: VersionTLS12,
5273 },
5274 resumeConfig: &Config{
5275 MaxVersion: VersionTLS13,
5276 Bugs: ProtocolBugs{
5277 AdvertiseTicketExtension: true,
5278 },
5279 },
5280 resumeSession: true,
5281 shouldFail: true,
5282 expectedError: ":ERROR_PARSING_EXTENSION:",
5283 })
5284
5285 // Test that illegal extensions in TLS 1.3 are declined by the server if
5286 // offered in ClientHello. The runner's server will fail if this occurs,
5287 // so we exercise the offering path. (EMS and Renegotiation Info are
5288 // implicit in every test.)
5289 testCases = append(testCases, testCase{
5290 testType: serverTest,
David Benjamin73647192016-09-22 16:24:04 -0400[diff] [blame]5291 name: "NPN-Declined-TLS13",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]5292 config: Config{
5293 MaxVersion: VersionTLS13,
5294 NextProtos: []string{"bar"},
5295 },
5296 flags: []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
5297 })
David Benjamin196df5b2016-09-21 16:23:27 -0400[diff] [blame]5298
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5299 // OpenSSL sends the status_request extension on resumption in TLS 1.2. Test that this is
5300 // tolerated.
5301 testCases = append(testCases, testCase{
5302 name: "SendOCSPResponseOnResume-TLS12",
5303 config: Config{
5304 MaxVersion: VersionTLS12,
5305 Bugs: ProtocolBugs{
5306 SendOCSPResponseOnResume: []byte("bogus"),
5307 },
5308 },
5309 flags: []string{
5310 "-enable-ocsp-stapling",
5311 "-expect-ocsp-response",
5312 base64.StdEncoding.EncodeToString(testOCSPResponse),
5313 },
5314 resumeSession: true,
5315 })
5316
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5317 testCases = append(testCases, testCase{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5318 name: "SendUnsolicitedOCSPOnCertificate-TLS13",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5319 config: Config{
5320 MaxVersion: VersionTLS13,
5321 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5322 SendExtensionOnCertificate: testOCSPExtension,
5323 },
5324 },
5325 shouldFail: true,
5326 expectedError: ":UNEXPECTED_EXTENSION:",
5327 })
5328
5329 testCases = append(testCases, testCase{
5330 name: "SendUnsolicitedSCTOnCertificate-TLS13",
5331 config: Config{
5332 MaxVersion: VersionTLS13,
5333 Bugs: ProtocolBugs{
5334 SendExtensionOnCertificate: testSCTExtension,
5335 },
5336 },
5337 shouldFail: true,
5338 expectedError: ":UNEXPECTED_EXTENSION:",
5339 })
5340
5341 // Test that extensions on client certificates are never accepted.
5342 testCases = append(testCases, testCase{
5343 name: "SendExtensionOnClientCertificate-TLS13",
5344 testType: serverTest,
5345 config: Config{
5346 MaxVersion: VersionTLS13,
5347 Certificates: []Certificate{rsaCertificate},
5348 Bugs: ProtocolBugs{
5349 SendExtensionOnCertificate: testOCSPExtension,
5350 },
5351 },
5352 flags: []string{
5353 "-enable-ocsp-stapling",
5354 "-require-any-client-certificate",
5355 },
5356 shouldFail: true,
5357 expectedError: ":UNEXPECTED_EXTENSION:",
5358 })
5359
5360 testCases = append(testCases, testCase{
5361 name: "SendUnknownExtensionOnCertificate-TLS13",
5362 config: Config{
5363 MaxVersion: VersionTLS13,
5364 Bugs: ProtocolBugs{
5365 SendExtensionOnCertificate: []byte{0x00, 0x7f, 0, 0},
5366 },
5367 },
5368 shouldFail: true,
5369 expectedError: ":UNEXPECTED_EXTENSION:",
5370 })
5371
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5372 var differentSCTList []byte
5373 differentSCTList = append(differentSCTList, testSCTList...)
5374 differentSCTList[len(differentSCTList)-1] ^= 1
5375
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5376 // Test that extensions on intermediates are allowed but ignored.
5377 testCases = append(testCases, testCase{
5378 name: "IgnoreExtensionsOnIntermediates-TLS13",
5379 config: Config{
5380 MaxVersion: VersionTLS13,
5381 Certificates: []Certificate{rsaChainCertificate},
5382 Bugs: ProtocolBugs{
5383 // Send different values on the intermediate. This tests
5384 // the intermediate's extensions do not override the
5385 // leaf's.
5386 SendOCSPOnIntermediates: []byte{1, 3, 3, 7},
Adam Langleycfa08c32016-11-17 13:21:27 -0800[diff] [blame]5387 SendSCTOnIntermediates: differentSCTList,
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5388 },
5389 },
5390 flags: []string{
5391 "-enable-ocsp-stapling",
5392 "-expect-ocsp-response",
5393 base64.StdEncoding.EncodeToString(testOCSPResponse),
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5394 "-enable-signed-cert-timestamps",
5395 "-expect-signed-cert-timestamps",
5396 base64.StdEncoding.EncodeToString(testSCTList),
5397 },
5398 resumeSession: true,
5399 })
5400
5401 // Test that extensions are not sent on intermediates when configured
5402 // only for a leaf.
5403 testCases = append(testCases, testCase{
5404 testType: serverTest,
5405 name: "SendNoExtensionsOnIntermediate-TLS13",
5406 config: Config{
5407 MaxVersion: VersionTLS13,
5408 Bugs: ProtocolBugs{
5409 ExpectNoExtensionsOnIntermediate: true,
5410 },
5411 },
5412 flags: []string{
5413 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
5414 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
5415 "-ocsp-response",
5416 base64.StdEncoding.EncodeToString(testOCSPResponse),
5417 "-signed-cert-timestamps",
5418 base64.StdEncoding.EncodeToString(testSCTList),
5419 },
5420 })
5421
5422 // Test that extensions are not sent on client certificates.
5423 testCases = append(testCases, testCase{
5424 name: "SendNoClientCertificateExtensions-TLS13",
5425 config: Config{
5426 MaxVersion: VersionTLS13,
5427 ClientAuth: RequireAnyClientCert,
5428 },
5429 flags: []string{
5430 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
5431 "-key-file", path.Join(*resourceDir, rsaKeyFile),
5432 "-ocsp-response",
5433 base64.StdEncoding.EncodeToString(testOCSPResponse),
5434 "-signed-cert-timestamps",
5435 base64.StdEncoding.EncodeToString(testSCTList),
5436 },
5437 })
5438
5439 testCases = append(testCases, testCase{
5440 name: "SendDuplicateExtensionsOnCerts-TLS13",
5441 config: Config{
5442 MaxVersion: VersionTLS13,
5443 Bugs: ProtocolBugs{
5444 SendDuplicateCertExtensions: true,
5445 },
5446 },
5447 flags: []string{
5448 "-enable-ocsp-stapling",
5449 "-enable-signed-cert-timestamps",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5450 },
5451 resumeSession: true,
5452 shouldFail: true,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5453 expectedError: ":DUPLICATE_EXTENSION:",
David Benjamindaa88502016-10-04 16:32:16 -0400[diff] [blame]5454 })
Adam Langley9b885c52016-11-18 14:21:03 -0800[diff] [blame]5455
5456 testCases = append(testCases, testCase{
5457 name: "SignedCertificateTimestampListInvalid-Server",
5458 testType: serverTest,
5459 flags: []string{
5460 "-signed-cert-timestamps",
5461 base64.StdEncoding.EncodeToString([]byte{0, 0}),
5462 },
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]5463 shouldFail: true,
Adam Langley9b885c52016-11-18 14:21:03 -0800[diff] [blame]5464 expectedError: ":INVALID_SCT_LIST:",
5465 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]5466}
5467
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5468func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5469 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5470 for _, resumeVers := range tlsVersions {
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5471 // SSL 3.0 does not have tickets and TLS 1.3 does not
5472 // have session IDs, so skip their cross-resumption
5473 // tests.
5474 if (sessionVers.version >= VersionTLS13 && resumeVers.version == VersionSSL30) ||
5475 (resumeVers.version >= VersionTLS13 && sessionVers.version == VersionSSL30) {
5476 continue
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5477 }
5478
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5479 protocols := []protocol{tls}
5480 if sessionVers.hasDTLS && resumeVers.hasDTLS {
5481 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]5482 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5483 for _, protocol := range protocols {
5484 suffix := "-" + sessionVers.name + "-" + resumeVers.name
5485 if protocol == dtls {
5486 suffix += "-DTLS"
5487 }
5488
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5489 if sessionVers.version == resumeVers.version {
5490 testCases = append(testCases, testCase{
5491 protocol: protocol,
5492 name: "Resume-Client" + suffix,
5493 resumeSession: true,
5494 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5495 MaxVersion: sessionVers.version,
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5496 Bugs: ProtocolBugs{
5497 ExpectNoTLS12Session: sessionVers.version >= VersionTLS13,
5498 ExpectNoTLS13PSK: sessionVers.version < VersionTLS13,
5499 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5500 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5501 expectedVersion: sessionVers.version,
5502 expectedResumeVersion: resumeVers.version,
5503 })
5504 } else {
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5505 error := ":OLD_SESSION_VERSION_NOT_RETURNED:"
5506
5507 // Offering a TLS 1.3 session sends an empty session ID, so
5508 // there is no way to convince a non-lookahead client the
5509 // session was resumed. It will appear to the client that a
5510 // stray ChangeCipherSpec was sent.
5511 if resumeVers.version < VersionTLS13 && sessionVers.version >= VersionTLS13 {
5512 error = ":UNEXPECTED_RECORD:"
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5513 }
5514
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5515 testCases = append(testCases, testCase{
5516 protocol: protocol,
5517 name: "Resume-Client-Mismatch" + suffix,
5518 resumeSession: true,
5519 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5520 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5521 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5522 expectedVersion: sessionVers.version,
5523 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5524 MaxVersion: resumeVers.version,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5525 Bugs: ProtocolBugs{
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5526 AcceptAnySession: true,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5527 },
5528 },
5529 expectedResumeVersion: resumeVers.version,
5530 shouldFail: true,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5531 expectedError: error,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5532 })
5533 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5534
5535 testCases = append(testCases, testCase{
5536 protocol: protocol,
5537 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5538 resumeSession: true,
5539 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5540 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5541 },
5542 expectedVersion: sessionVers.version,
5543 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5544 MaxVersion: resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5545 },
5546 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]5547 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5548 expectedResumeVersion: resumeVers.version,
5549 })
5550
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5551 testCases = append(testCases, testCase{
5552 protocol: protocol,
5553 testType: serverTest,
5554 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5555 resumeSession: true,
5556 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5557 MaxVersion: sessionVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5558 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]5559 expectedVersion: sessionVers.version,
5560 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5561 resumeConfig: &Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5562 MaxVersion: resumeVers.version,
David Benjamin405da482016-08-08 17:25:07 -0400[diff] [blame]5563 Bugs: ProtocolBugs{
5564 SendBothTickets: true,
5565 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]5566 },
5567 expectedResumeVersion: resumeVers.version,
5568 })
5569 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5570 }
5571 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5572
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5573 // Make sure shim ticket mutations are functional.
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5574 testCases = append(testCases, testCase{
5575 testType: serverTest,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5576 name: "ShimTicketRewritable",
5577 resumeSession: true,
5578 config: Config{
5579 MaxVersion: VersionTLS12,
5580 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5581 Bugs: ProtocolBugs{
5582 FilterTicket: func(in []byte) ([]byte, error) {
5583 in, err := SetShimTicketVersion(in, VersionTLS12)
5584 if err != nil {
5585 return nil, err
5586 }
5587 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
5588 },
5589 },
5590 },
5591 flags: []string{
5592 "-ticket-key",
5593 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5594 },
5595 })
5596
5597 // Resumptions are declined if the version does not match.
5598 testCases = append(testCases, testCase{
5599 testType: serverTest,
5600 name: "Resume-Server-DeclineCrossVersion",
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5601 resumeSession: true,
5602 config: Config{
5603 MaxVersion: VersionTLS12,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5604 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5605 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5606 FilterTicket: func(in []byte) ([]byte, error) {
5607 return SetShimTicketVersion(in, VersionTLS13)
5608 },
5609 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5610 },
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5611 flags: []string{
5612 "-ticket-key",
5613 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5614 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5615 expectResumeRejected: true,
5616 })
5617
5618 testCases = append(testCases, testCase{
5619 testType: serverTest,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5620 name: "Resume-Server-DeclineCrossVersion-TLS13",
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5621 resumeSession: true,
5622 config: Config{
5623 MaxVersion: VersionTLS13,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5624 Bugs: ProtocolBugs{
5625 FilterTicket: func(in []byte) ([]byte, error) {
5626 return SetShimTicketVersion(in, VersionTLS12)
5627 },
5628 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5629 },
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5630 flags: []string{
5631 "-ticket-key",
5632 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5633 },
Steven Valdezb6b6ff32016-10-26 11:56:35 -0400[diff] [blame]5634 expectResumeRejected: true,
5635 })
5636
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5637 // Resumptions are declined if the cipher is invalid or disabled.
5638 testCases = append(testCases, testCase{
5639 testType: serverTest,
5640 name: "Resume-Server-DeclineBadCipher",
5641 resumeSession: true,
5642 config: Config{
5643 MaxVersion: VersionTLS12,
5644 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5645 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5646 FilterTicket: func(in []byte) ([]byte, error) {
5647 return SetShimTicketCipherSuite(in, TLS_AES_128_GCM_SHA256)
5648 },
5649 },
5650 },
5651 flags: []string{
5652 "-ticket-key",
5653 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5654 },
5655 expectResumeRejected: true,
5656 })
5657
5658 testCases = append(testCases, testCase{
5659 testType: serverTest,
5660 name: "Resume-Server-DeclineBadCipher-2",
5661 resumeSession: true,
5662 config: Config{
5663 MaxVersion: VersionTLS12,
5664 Bugs: ProtocolBugs{
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5665 ExpectNewTicket: true,
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5666 FilterTicket: func(in []byte) ([]byte, error) {
5667 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
5668 },
5669 },
5670 },
5671 flags: []string{
5672 "-cipher", "AES128",
5673 "-ticket-key",
5674 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5675 },
5676 expectResumeRejected: true,
5677 })
5678
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5679 // Sessions are not resumed if they do not use the preferred cipher.
5680 testCases = append(testCases, testCase{
5681 testType: serverTest,
5682 name: "Resume-Server-CipherNotPreferred",
5683 resumeSession: true,
5684 config: Config{
5685 MaxVersion: VersionTLS12,
5686 Bugs: ProtocolBugs{
5687 ExpectNewTicket: true,
5688 FilterTicket: func(in []byte) ([]byte, error) {
5689 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
5690 },
5691 },
5692 },
5693 flags: []string{
5694 "-ticket-key",
5695 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5696 },
5697 shouldFail: false,
5698 expectResumeRejected: true,
5699 })
5700
5701 // TLS 1.3 allows sessions to be resumed at a different cipher if their
5702 // PRF hashes match, but BoringSSL will always decline such resumptions.
5703 testCases = append(testCases, testCase{
5704 testType: serverTest,
5705 name: "Resume-Server-CipherNotPreferred-TLS13",
5706 resumeSession: true,
5707 config: Config{
5708 MaxVersion: VersionTLS13,
5709 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256},
5710 Bugs: ProtocolBugs{
5711 FilterTicket: func(in []byte) ([]byte, error) {
5712 // If the client (runner) offers ChaCha20-Poly1305 first, the
5713 // server (shim) always prefers it. Switch it to AES-GCM.
5714 return SetShimTicketCipherSuite(in, TLS_AES_128_GCM_SHA256)
5715 },
5716 },
5717 },
5718 flags: []string{
5719 "-ticket-key",
5720 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5721 },
5722 shouldFail: false,
5723 expectResumeRejected: true,
5724 })
5725
5726 // Sessions may not be resumed if they contain another version's cipher.
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5727 testCases = append(testCases, testCase{
5728 testType: serverTest,
5729 name: "Resume-Server-DeclineBadCipher-TLS13",
5730 resumeSession: true,
5731 config: Config{
5732 MaxVersion: VersionTLS13,
5733 Bugs: ProtocolBugs{
5734 FilterTicket: func(in []byte) ([]byte, error) {
5735 return SetShimTicketCipherSuite(in, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
5736 },
5737 },
5738 },
5739 flags: []string{
5740 "-ticket-key",
5741 base64.StdEncoding.EncodeToString(TestShimTicketKey),
5742 },
5743 expectResumeRejected: true,
5744 })
5745
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5746 // If the client does not offer the cipher from the session, decline to
5747 // resume. Clients are forbidden from doing this, but BoringSSL selects
5748 // the cipher first, so we only decline.
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5749 testCases = append(testCases, testCase{
5750 testType: serverTest,
5751 name: "Resume-Server-UnofferedCipher",
5752 resumeSession: true,
5753 config: Config{
5754 MaxVersion: VersionTLS12,
5755 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
5756 },
5757 resumeConfig: &Config{
5758 MaxVersion: VersionTLS12,
5759 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
5760 Bugs: ProtocolBugs{
5761 SendCipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5762 },
5763 },
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5764 expectResumeRejected: true,
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5765 })
5766
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5767 // In TLS 1.3, clients may advertise a cipher list which does not
5768 // include the selected cipher. Test that we tolerate this. Servers may
5769 // resume at another cipher if the PRF matches, but BoringSSL will
5770 // always decline.
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5771 testCases = append(testCases, testCase{
5772 testType: serverTest,
5773 name: "Resume-Server-UnofferedCipher-TLS13",
5774 resumeSession: true,
5775 config: Config{
5776 MaxVersion: VersionTLS13,
5777 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5778 },
5779 resumeConfig: &Config{
5780 MaxVersion: VersionTLS13,
5781 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5782 Bugs: ProtocolBugs{
5783 SendCipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
5784 },
5785 },
David Benjaminf01f42a2016-11-16 19:05:33 +0900[diff] [blame]5786 expectResumeRejected: true,
David Benjamin75f99142016-11-12 12:36:06 +0900[diff] [blame]5787 })
5788
David Benjamin4199b0d2016-11-01 13:58:25 -0400[diff] [blame]5789 // Sessions may not be resumed at a different cipher.
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5790 testCases = append(testCases, testCase{
5791 name: "Resume-Client-CipherMismatch",
5792 resumeSession: true,
5793 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5794 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5795 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5796 },
5797 resumeConfig: &Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]5798 MaxVersion: VersionTLS12,
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]5799 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5800 Bugs: ProtocolBugs{
5801 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
5802 },
5803 },
5804 shouldFail: true,
5805 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
5806 })
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5807
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5808 // Session resumption in TLS 1.3 may change the cipher suite if the PRF
5809 // matches.
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5810 testCases = append(testCases, testCase{
5811 name: "Resume-Client-CipherMismatch-TLS13",
5812 resumeSession: true,
5813 config: Config{
5814 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5815 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5816 },
5817 resumeConfig: &Config{
5818 MaxVersion: VersionTLS13,
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5819 CipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
5820 },
5821 })
5822
5823 // Session resumption in TLS 1.3 is forbidden if the PRF does not match.
5824 testCases = append(testCases, testCase{
5825 name: "Resume-Client-PRFMismatch-TLS13",
5826 resumeSession: true,
5827 config: Config{
5828 MaxVersion: VersionTLS13,
5829 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
5830 },
5831 resumeConfig: &Config{
5832 MaxVersion: VersionTLS13,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5833 CipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5834 Bugs: ProtocolBugs{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]5835 SendCipherSuite: TLS_AES_256_GCM_SHA384,
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5836 },
5837 },
5838 shouldFail: true,
David Benjamine1cc35e2016-11-16 16:25:58 +0900[diff] [blame]5839 expectedError: ":OLD_SESSION_PRF_HASH_MISMATCH:",
Steven Valdez4aa154e2016-07-29 14:32:55 -0400[diff] [blame]5840 })
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5841
5842 testCases = append(testCases, testCase{
5843 testType: serverTest,
5844 name: "Resume-Server-BinderWrongLength",
5845 resumeSession: true,
5846 config: Config{
5847 MaxVersion: VersionTLS13,
5848 Bugs: ProtocolBugs{
5849 SendShortPSKBinder: true,
5850 },
5851 },
5852 shouldFail: true,
5853 expectedLocalError: "remote error: error decrypting message",
5854 expectedError: ":DIGEST_CHECK_FAILED:",
5855 })
5856
5857 testCases = append(testCases, testCase{
5858 testType: serverTest,
5859 name: "Resume-Server-NoPSKBinder",
5860 resumeSession: true,
5861 config: Config{
5862 MaxVersion: VersionTLS13,
5863 Bugs: ProtocolBugs{
5864 SendNoPSKBinder: true,
5865 },
5866 },
5867 shouldFail: true,
5868 expectedLocalError: "remote error: error decoding message",
5869 expectedError: ":DECODE_ERROR:",
5870 })
5871
5872 testCases = append(testCases, testCase{
5873 testType: serverTest,
David Benjaminaedf3032016-12-01 16:47:56 -0500[diff] [blame]5874 name: "Resume-Server-ExtraPSKBinder",
5875 resumeSession: true,
5876 config: Config{
5877 MaxVersion: VersionTLS13,
5878 Bugs: ProtocolBugs{
5879 SendExtraPSKBinder: true,
5880 },
5881 },
5882 shouldFail: true,
5883 expectedLocalError: "remote error: illegal parameter",
5884 expectedError: ":PSK_IDENTITY_BINDER_COUNT_MISMATCH:",
5885 })
5886
5887 testCases = append(testCases, testCase{
5888 testType: serverTest,
5889 name: "Resume-Server-ExtraIdentityNoBinder",
5890 resumeSession: true,
5891 config: Config{
5892 MaxVersion: VersionTLS13,
5893 Bugs: ProtocolBugs{
5894 ExtraPSKIdentity: true,
5895 },
5896 },
5897 shouldFail: true,
5898 expectedLocalError: "remote error: illegal parameter",
5899 expectedError: ":PSK_IDENTITY_BINDER_COUNT_MISMATCH:",
5900 })
5901
5902 testCases = append(testCases, testCase{
5903 testType: serverTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]5904 name: "Resume-Server-InvalidPSKBinder",
5905 resumeSession: true,
5906 config: Config{
5907 MaxVersion: VersionTLS13,
5908 Bugs: ProtocolBugs{
5909 SendInvalidPSKBinder: true,
5910 },
5911 },
5912 shouldFail: true,
5913 expectedLocalError: "remote error: error decrypting message",
5914 expectedError: ":DIGEST_CHECK_FAILED:",
5915 })
5916
5917 testCases = append(testCases, testCase{
5918 testType: serverTest,
5919 name: "Resume-Server-PSKBinderFirstExtension",
5920 resumeSession: true,
5921 config: Config{
5922 MaxVersion: VersionTLS13,
5923 Bugs: ProtocolBugs{
5924 PSKBinderFirst: true,
5925 },
5926 },
5927 shouldFail: true,
5928 expectedLocalError: "remote error: illegal parameter",
5929 expectedError: ":PRE_SHARED_KEY_MUST_BE_LAST:",
5930 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5931}
5932
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]5933func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]5934 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]5935 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5936 testType: serverTest,
5937 name: "Renegotiate-Server-Forbidden",
5938 config: Config{
5939 MaxVersion: VersionTLS12,
5940 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5941 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]5942 shouldFail: true,
5943 expectedError: ":NO_RENEGOTIATION:",
5944 expectedLocalError: "remote error: no renegotiation",
5945 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]5946 // The server shouldn't echo the renegotiation extension unless
5947 // requested by the client.
5948 testCases = append(testCases, testCase{
5949 testType: serverTest,
5950 name: "Renegotiate-Server-NoExt",
5951 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5952 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]5953 Bugs: ProtocolBugs{
5954 NoRenegotiationInfo: true,
5955 RequireRenegotiationInfo: true,
5956 },
5957 },
5958 shouldFail: true,
5959 expectedLocalError: "renegotiation extension missing",
5960 })
5961 // The renegotiation SCSV should be sufficient for the server to echo
5962 // the extension.
5963 testCases = append(testCases, testCase{
5964 testType: serverTest,
5965 name: "Renegotiate-Server-NoExt-SCSV",
5966 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5967 MaxVersion: VersionTLS12,
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]5968 Bugs: ProtocolBugs{
5969 NoRenegotiationInfo: true,
5970 SendRenegotiationSCSV: true,
5971 RequireRenegotiationInfo: true,
5972 },
5973 },
5974 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5975 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]5976 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5977 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5978 MaxVersion: VersionTLS12,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5979 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]5980 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5981 },
5982 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5983 renegotiate: 1,
5984 flags: []string{
5985 "-renegotiate-freely",
5986 "-expect-total-renegotiations", "1",
5987 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]5988 })
5989 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5990 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5991 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5992 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]5993 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5994 Bugs: ProtocolBugs{
5995 EmptyRenegotiationInfo: true,
5996 },
5997 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]5998 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]5999 shouldFail: true,
6000 expectedError: ":RENEGOTIATION_MISMATCH:",
6001 })
6002 testCases = append(testCases, testCase{
6003 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6004 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6005 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6006 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6007 Bugs: ProtocolBugs{
6008 BadRenegotiationInfo: true,
6009 },
6010 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6011 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6012 shouldFail: true,
6013 expectedError: ":RENEGOTIATION_MISMATCH:",
6014 })
6015 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6016 name: "Renegotiate-Client-Downgrade",
6017 renegotiate: 1,
6018 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6019 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6020 Bugs: ProtocolBugs{
6021 NoRenegotiationInfoAfterInitial: true,
6022 },
6023 },
6024 flags: []string{"-renegotiate-freely"},
6025 shouldFail: true,
6026 expectedError: ":RENEGOTIATION_MISMATCH:",
6027 })
6028 testCases = append(testCases, testCase{
6029 name: "Renegotiate-Client-Upgrade",
6030 renegotiate: 1,
6031 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6032 MaxVersion: VersionTLS12,
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]6033 Bugs: ProtocolBugs{
6034 NoRenegotiationInfoInInitial: true,
6035 },
6036 },
6037 flags: []string{"-renegotiate-freely"},
6038 shouldFail: true,
6039 expectedError: ":RENEGOTIATION_MISMATCH:",
6040 })
6041 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6042 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6043 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6044 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6045 MaxVersion: VersionTLS12,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6046 Bugs: ProtocolBugs{
6047 NoRenegotiationInfo: true,
6048 },
6049 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6050 flags: []string{
6051 "-renegotiate-freely",
6052 "-expect-total-renegotiations", "1",
6053 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6054 })
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6055
6056 // Test that the server may switch ciphers on renegotiation without
6057 // problems.
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]6058 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6059 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6060 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6061 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6062 MaxVersion: VersionTLS12,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]6063 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6064 },
6065 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6066 flags: []string{
6067 "-renegotiate-freely",
6068 "-expect-total-renegotiations", "1",
6069 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6070 })
6071 testCases = append(testCases, testCase{
6072 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6073 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6074 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6075 MaxVersion: VersionTLS12,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]6076 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
6077 },
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]6078 renegotiateCiphers: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6079 flags: []string{
6080 "-renegotiate-freely",
6081 "-expect-total-renegotiations", "1",
6082 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6083 })
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6084
6085 // Test that the server may not switch versions on renegotiation.
6086 testCases = append(testCases, testCase{
6087 name: "Renegotiate-Client-SwitchVersion",
6088 config: Config{
6089 MaxVersion: VersionTLS12,
6090 // Pick a cipher which exists at both versions.
6091 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
6092 Bugs: ProtocolBugs{
6093 NegotiateVersionOnRenego: VersionTLS11,
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]6094 // Avoid failing early at the record layer.
6095 SendRecordVersion: VersionTLS12,
David Benjamine7e36aa2016-08-08 12:39:41 -0400[diff] [blame]6096 },
6097 },
6098 renegotiate: 1,
6099 flags: []string{
6100 "-renegotiate-freely",
6101 "-expect-total-renegotiations", "1",
6102 },
6103 shouldFail: true,
6104 expectedError: ":WRONG_SSL_VERSION:",
6105 })
6106
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]6107 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6108 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6109 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6110 config: Config{
6111 MaxVersion: VersionTLS10,
6112 Bugs: ProtocolBugs{
6113 RequireSameRenegoClientVersion: true,
6114 },
6115 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6116 flags: []string{
6117 "-renegotiate-freely",
6118 "-expect-total-renegotiations", "1",
6119 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]6120 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6121 testCases = append(testCases, testCase{
6122 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6123 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6124 config: Config{
Nick Harper1fd39d82016-06-14 18:14:35 -0700[diff] [blame]6125 MaxVersion: VersionTLS12,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6126 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
6127 NextProtos: []string{"foo"},
6128 },
6129 flags: []string{
6130 "-false-start",
6131 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6132 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]6133 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]6134 },
6135 shimWritesFirst: true,
6136 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6137
6138 // Client-side renegotiation controls.
6139 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6140 name: "Renegotiate-Client-Forbidden-1",
6141 config: Config{
6142 MaxVersion: VersionTLS12,
6143 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6144 renegotiate: 1,
6145 shouldFail: true,
6146 expectedError: ":NO_RENEGOTIATION:",
6147 expectedLocalError: "remote error: no renegotiation",
6148 })
6149 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6150 name: "Renegotiate-Client-Once-1",
6151 config: Config{
6152 MaxVersion: VersionTLS12,
6153 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6154 renegotiate: 1,
6155 flags: []string{
6156 "-renegotiate-once",
6157 "-expect-total-renegotiations", "1",
6158 },
6159 })
6160 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6161 name: "Renegotiate-Client-Freely-1",
6162 config: Config{
6163 MaxVersion: VersionTLS12,
6164 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6165 renegotiate: 1,
6166 flags: []string{
6167 "-renegotiate-freely",
6168 "-expect-total-renegotiations", "1",
6169 },
6170 })
6171 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6172 name: "Renegotiate-Client-Once-2",
6173 config: Config{
6174 MaxVersion: VersionTLS12,
6175 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6176 renegotiate: 2,
6177 flags: []string{"-renegotiate-once"},
6178 shouldFail: true,
6179 expectedError: ":NO_RENEGOTIATION:",
6180 expectedLocalError: "remote error: no renegotiation",
6181 })
6182 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6183 name: "Renegotiate-Client-Freely-2",
6184 config: Config{
6185 MaxVersion: VersionTLS12,
6186 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]6187 renegotiate: 2,
6188 flags: []string{
6189 "-renegotiate-freely",
6190 "-expect-total-renegotiations", "2",
6191 },
6192 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6193 testCases = append(testCases, testCase{
6194 name: "Renegotiate-Client-NoIgnore",
6195 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6196 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6197 Bugs: ProtocolBugs{
6198 SendHelloRequestBeforeEveryAppDataRecord: true,
6199 },
6200 },
6201 shouldFail: true,
6202 expectedError: ":NO_RENEGOTIATION:",
6203 })
6204 testCases = append(testCases, testCase{
6205 name: "Renegotiate-Client-Ignore",
6206 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6207 MaxVersion: VersionTLS12,
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]6208 Bugs: ProtocolBugs{
6209 SendHelloRequestBeforeEveryAppDataRecord: true,
6210 },
6211 },
6212 flags: []string{
6213 "-renegotiate-ignore",
6214 "-expect-total-renegotiations", "0",
6215 },
6216 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6217
David Benjamin34941c02016-10-08 11:45:31 -0400[diff] [blame]6218 // Renegotiation is not allowed at SSL 3.0.
6219 testCases = append(testCases, testCase{
6220 name: "Renegotiate-Client-SSL3",
6221 config: Config{
6222 MaxVersion: VersionSSL30,
6223 },
6224 renegotiate: 1,
6225 flags: []string{
6226 "-renegotiate-freely",
6227 "-expect-total-renegotiations", "1",
6228 },
6229 shouldFail: true,
6230 expectedError: ":NO_RENEGOTIATION:",
6231 expectedLocalError: "remote error: no renegotiation",
6232 })
6233
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6234 // Stray HelloRequests during the handshake are ignored in TLS 1.2.
David Benjamin71dd6662016-07-08 14:10:48 -0700[diff] [blame]6235 testCases = append(testCases, testCase{
6236 name: "StrayHelloRequest",
6237 config: Config{
6238 MaxVersion: VersionTLS12,
6239 Bugs: ProtocolBugs{
6240 SendHelloRequestBeforeEveryHandshakeMessage: true,
6241 },
6242 },
6243 })
6244 testCases = append(testCases, testCase{
6245 name: "StrayHelloRequest-Packed",
6246 config: Config{
6247 MaxVersion: VersionTLS12,
6248 Bugs: ProtocolBugs{
6249 PackHandshakeFlight: true,
6250 SendHelloRequestBeforeEveryHandshakeMessage: true,
6251 },
6252 },
6253 })
6254
David Benjamin12d2c482016-07-24 10:56:51 -0400[diff] [blame]6255 // Test renegotiation works if HelloRequest and server Finished come in
6256 // the same record.
6257 testCases = append(testCases, testCase{
6258 name: "Renegotiate-Client-Packed",
6259 config: Config{
6260 MaxVersion: VersionTLS12,
6261 Bugs: ProtocolBugs{
6262 PackHandshakeFlight: true,
6263 PackHelloRequestWithFinished: true,
6264 },
6265 },
6266 renegotiate: 1,
6267 flags: []string{
6268 "-renegotiate-freely",
6269 "-expect-total-renegotiations", "1",
6270 },
6271 })
6272
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6273 // Renegotiation is forbidden in TLS 1.3.
6274 testCases = append(testCases, testCase{
6275 name: "Renegotiate-Client-TLS13",
6276 config: Config{
6277 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6278 Bugs: ProtocolBugs{
6279 SendHelloRequestBeforeEveryAppDataRecord: true,
6280 },
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6281 },
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6282 flags: []string{
6283 "-renegotiate-freely",
6284 },
Steven Valdez8e1c7be2016-07-26 12:39:22 -0400[diff] [blame]6285 shouldFail: true,
6286 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin397c8e62016-07-08 14:14:36 -0700[diff] [blame]6287 })
6288
6289 // Stray HelloRequests during the handshake are forbidden in TLS 1.3.
6290 testCases = append(testCases, testCase{
6291 name: "StrayHelloRequest-TLS13",
6292 config: Config{
6293 MaxVersion: VersionTLS13,
6294 Bugs: ProtocolBugs{
6295 SendHelloRequestBeforeEveryHandshakeMessage: true,
6296 },
6297 },
6298 shouldFail: true,
6299 expectedError: ":UNEXPECTED_MESSAGE:",
6300 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]6301}
6302
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6303func addDTLSReplayTests() {
6304 // Test that sequence number replays are detected.
6305 testCases = append(testCases, testCase{
6306 protocol: dtls,
6307 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6308 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6309 replayWrites: true,
6310 })
6311
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6312 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6313 // than the retransmit window.
6314 testCases = append(testCases, testCase{
6315 protocol: dtls,
6316 name: "DTLS-Replay-LargeGaps",
6317 config: Config{
6318 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6319 SequenceNumberMapping: func(in uint64) uint64 {
6320 return in * 127
6321 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6322 },
6323 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]6324 messageCount: 200,
6325 replayWrites: true,
6326 })
6327
6328 // Test the incoming sequence number changing non-monotonically.
6329 testCases = append(testCases, testCase{
6330 protocol: dtls,
6331 name: "DTLS-Replay-NonMonotonic",
6332 config: Config{
6333 Bugs: ProtocolBugs{
6334 SequenceNumberMapping: func(in uint64) uint64 {
6335 return in ^ 31
6336 },
6337 },
6338 },
6339 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]6340 replayWrites: true,
6341 })
6342}
6343
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6344var testSignatureAlgorithms = []struct {
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6345 name string
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6346 id signatureAlgorithm
6347 cert testCert
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6348}{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6349 {"RSA-PKCS1-SHA1", signatureRSAPKCS1WithSHA1, testCertRSA},
6350 {"RSA-PKCS1-SHA256", signatureRSAPKCS1WithSHA256, testCertRSA},
6351 {"RSA-PKCS1-SHA384", signatureRSAPKCS1WithSHA384, testCertRSA},
6352 {"RSA-PKCS1-SHA512", signatureRSAPKCS1WithSHA512, testCertRSA},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]6353 {"ECDSA-SHA1", signatureECDSAWithSHA1, testCertECDSAP256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]6354 {"ECDSA-P256-SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP256},
6355 {"ECDSA-P384-SHA384", signatureECDSAWithP384AndSHA384, testCertECDSAP384},
6356 {"ECDSA-P521-SHA512", signatureECDSAWithP521AndSHA512, testCertECDSAP521},
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6357 {"RSA-PSS-SHA256", signatureRSAPSSWithSHA256, testCertRSA},
6358 {"RSA-PSS-SHA384", signatureRSAPSSWithSHA384, testCertRSA},
6359 {"RSA-PSS-SHA512", signatureRSAPSSWithSHA512, testCertRSA},
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6360 // Tests for key types prior to TLS 1.2.
6361 {"RSA", 0, testCertRSA},
6362 {"ECDSA", 0, testCertECDSAP256},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6363}
6364
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6365const fakeSigAlg1 signatureAlgorithm = 0x2a01
6366const fakeSigAlg2 signatureAlgorithm = 0xff01
6367
6368func addSignatureAlgorithmTests() {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6369 // Not all ciphers involve a signature. Advertise a list which gives all
6370 // versions a signing cipher.
6371 signingCiphers := []uint16{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6372 TLS_AES_128_GCM_SHA256,
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6373 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
6374 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
6375 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
6376 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
6377 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
6378 }
6379
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6380 var allAlgorithms []signatureAlgorithm
6381 for _, alg := range testSignatureAlgorithms {
6382 if alg.id != 0 {
6383 allAlgorithms = append(allAlgorithms, alg.id)
6384 }
6385 }
6386
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6387 // Make sure each signature algorithm works. Include some fake values in
6388 // the list and ensure they're ignored.
6389 for _, alg := range testSignatureAlgorithms {
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6390 for _, ver := range tlsVersions {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6391 if (ver.version < VersionTLS12) != (alg.id == 0) {
6392 continue
6393 }
6394
6395 // TODO(davidben): Support ECDSA in SSL 3.0 in Go for testing
6396 // or remove it in C.
6397 if ver.version == VersionSSL30 && alg.cert != testCertRSA {
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6398 continue
6399 }
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6400
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6401 var shouldSignFail, shouldVerifyFail bool
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6402 // ecdsa_sha1 does not exist in TLS 1.3.
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6403 if ver.version >= VersionTLS13 && alg.id == signatureECDSAWithSHA1 {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6404 shouldSignFail = true
6405 shouldVerifyFail = true
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6406 }
Steven Valdez54ed58e2016-08-18 14:03:49 -0400[diff] [blame]6407 // RSA-PKCS1 does not exist in TLS 1.3.
6408 if ver.version == VersionTLS13 && hasComponent(alg.name, "PKCS1") {
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6409 shouldSignFail = true
6410 shouldVerifyFail = true
6411 }
6412
6413 // BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.
6414 if alg.id == signatureECDSAWithSHA1 || alg.id == signatureECDSAWithP521AndSHA512 {
6415 shouldVerifyFail = true
Steven Valdez54ed58e2016-08-18 14:03:49 -0400[diff] [blame]6416 }
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6417
6418 var signError, verifyError string
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6419 if shouldSignFail {
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6420 signError = ":NO_COMMON_SIGNATURE_ALGORITHMS:"
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6421 }
6422 if shouldVerifyFail {
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6423 verifyError = ":WRONG_SIGNATURE_TYPE:"
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6424 }
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6425
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6426 suffix := "-" + alg.name + "-" + ver.name
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]6427
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6428 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6429 name: "ClientAuth-Sign" + suffix,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6430 config: Config{
6431 MaxVersion: ver.version,
6432 ClientAuth: RequireAnyClientCert,
6433 VerifySignatureAlgorithms: []signatureAlgorithm{
6434 fakeSigAlg1,
6435 alg.id,
6436 fakeSigAlg2,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6437 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6438 },
6439 flags: []string{
6440 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6441 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6442 "-enable-all-curves",
6443 },
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6444 shouldFail: shouldSignFail,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6445 expectedError: signError,
6446 expectedPeerSignatureAlgorithm: alg.id,
6447 })
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6448
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6449 testCases = append(testCases, testCase{
6450 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6451 name: "ClientAuth-Verify" + suffix,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6452 config: Config{
6453 MaxVersion: ver.version,
6454 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6455 SignSignatureAlgorithms: []signatureAlgorithm{
6456 alg.id,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6457 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6458 Bugs: ProtocolBugs{
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6459 SkipECDSACurveCheck: shouldVerifyFail,
6460 IgnoreSignatureVersionChecks: shouldVerifyFail,
6461 // Some signature algorithms may not be advertised.
6462 IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6463 },
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6464 },
6465 flags: []string{
6466 "-require-any-client-certificate",
6467 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
6468 "-enable-all-curves",
6469 },
David Benjaminf1050fd2016-12-13 20:05:36 -0500[diff] [blame]6470 // Resume the session to assert the peer signature
6471 // algorithm is reported on both handshakes.
6472 resumeSession: !shouldVerifyFail,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6473 shouldFail: shouldVerifyFail,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6474 expectedError: verifyError,
6475 })
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6476
6477 testCases = append(testCases, testCase{
6478 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6479 name: "ServerAuth-Sign" + suffix,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6480 config: Config{
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6481 MaxVersion: ver.version,
6482 CipherSuites: signingCiphers,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6483 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6484 fakeSigAlg1,
6485 alg.id,
6486 fakeSigAlg2,
6487 },
6488 },
6489 flags: []string{
6490 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6491 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6492 "-enable-all-curves",
6493 },
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6494 shouldFail: shouldSignFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6495 expectedError: signError,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6496 expectedPeerSignatureAlgorithm: alg.id,
6497 })
6498
6499 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6500 name: "ServerAuth-Verify" + suffix,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6501 config: Config{
6502 MaxVersion: ver.version,
6503 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6504 CipherSuites: signingCiphers,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6505 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6506 alg.id,
6507 },
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6508 Bugs: ProtocolBugs{
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6509 SkipECDSACurveCheck: shouldVerifyFail,
6510 IgnoreSignatureVersionChecks: shouldVerifyFail,
6511 // Some signature algorithms may not be advertised.
6512 IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6513 },
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6514 },
6515 flags: []string{
6516 "-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
6517 "-enable-all-curves",
6518 },
David Benjaminf1050fd2016-12-13 20:05:36 -0500[diff] [blame]6519 // Resume the session to assert the peer signature
6520 // algorithm is reported on both handshakes.
6521 resumeSession: !shouldVerifyFail,
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6522 shouldFail: shouldVerifyFail,
Steven Valdezeff1e8d2016-07-06 14:24:47 -0400[diff] [blame]6523 expectedError: verifyError,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6524 })
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6525
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6526 if !shouldVerifyFail {
David Benjamin5208fd42016-07-13 21:43:25 -0400[diff] [blame]6527 testCases = append(testCases, testCase{
6528 testType: serverTest,
6529 name: "ClientAuth-InvalidSignature" + suffix,
6530 config: Config{
6531 MaxVersion: ver.version,
6532 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6533 SignSignatureAlgorithms: []signatureAlgorithm{
6534 alg.id,
6535 },
6536 Bugs: ProtocolBugs{
6537 InvalidSignature: true,
6538 },
6539 },
6540 flags: []string{
6541 "-require-any-client-certificate",
6542 "-enable-all-curves",
6543 },
6544 shouldFail: true,
6545 expectedError: ":BAD_SIGNATURE:",
6546 })
6547
6548 testCases = append(testCases, testCase{
6549 name: "ServerAuth-InvalidSignature" + suffix,
6550 config: Config{
6551 MaxVersion: ver.version,
6552 Certificates: []Certificate{getRunnerCertificate(alg.cert)},
6553 CipherSuites: signingCiphers,
6554 SignSignatureAlgorithms: []signatureAlgorithm{
6555 alg.id,
6556 },
6557 Bugs: ProtocolBugs{
6558 InvalidSignature: true,
6559 },
6560 },
6561 flags: []string{"-enable-all-curves"},
6562 shouldFail: true,
6563 expectedError: ":BAD_SIGNATURE:",
6564 })
6565 }
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6566
David Benjamin3ef76972016-10-17 17:59:54 -0400[diff] [blame]6567 if ver.version >= VersionTLS12 && !shouldSignFail {
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6568 testCases = append(testCases, testCase{
6569 name: "ClientAuth-Sign-Negotiate" + suffix,
6570 config: Config{
6571 MaxVersion: ver.version,
6572 ClientAuth: RequireAnyClientCert,
6573 VerifySignatureAlgorithms: allAlgorithms,
6574 },
6575 flags: []string{
6576 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6577 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6578 "-enable-all-curves",
6579 "-signing-prefs", strconv.Itoa(int(alg.id)),
6580 },
6581 expectedPeerSignatureAlgorithm: alg.id,
6582 })
6583
6584 testCases = append(testCases, testCase{
6585 testType: serverTest,
6586 name: "ServerAuth-Sign-Negotiate" + suffix,
6587 config: Config{
6588 MaxVersion: ver.version,
6589 CipherSuites: signingCiphers,
6590 VerifySignatureAlgorithms: allAlgorithms,
6591 },
6592 flags: []string{
6593 "-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
6594 "-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
6595 "-enable-all-curves",
6596 "-signing-prefs", strconv.Itoa(int(alg.id)),
6597 },
6598 expectedPeerSignatureAlgorithm: alg.id,
6599 })
6600 }
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]6601 }
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6602 }
6603
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6604 // Test that algorithm selection takes the key type into account.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6605 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6606 name: "ClientAuth-SignatureType",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6607 config: Config{
6608 ClientAuth: RequireAnyClientCert,
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6609 MaxVersion: VersionTLS12,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6610 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6611 signatureECDSAWithP521AndSHA512,
6612 signatureRSAPKCS1WithSHA384,
6613 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6614 },
6615 },
6616 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]6617 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6618 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6619 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6620 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6621 })
6622
6623 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6624 name: "ClientAuth-SignatureType-TLS13",
6625 config: Config{
6626 ClientAuth: RequireAnyClientCert,
6627 MaxVersion: VersionTLS13,
6628 VerifySignatureAlgorithms: []signatureAlgorithm{
6629 signatureECDSAWithP521AndSHA512,
6630 signatureRSAPKCS1WithSHA384,
6631 signatureRSAPSSWithSHA384,
6632 signatureECDSAWithSHA1,
6633 },
6634 },
6635 flags: []string{
6636 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6637 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6638 },
6639 expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384,
6640 })
6641
6642 testCases = append(testCases, testCase{
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6643 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6644 name: "ServerAuth-SignatureType",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6645 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6646 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6647 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6648 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6649 signatureECDSAWithP521AndSHA512,
6650 signatureRSAPKCS1WithSHA384,
6651 signatureECDSAWithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6652 },
6653 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6654 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA384,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6655 })
6656
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6657 testCases = append(testCases, testCase{
6658 testType: serverTest,
6659 name: "ServerAuth-SignatureType-TLS13",
6660 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6661 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6662 VerifySignatureAlgorithms: []signatureAlgorithm{
6663 signatureECDSAWithP521AndSHA512,
6664 signatureRSAPKCS1WithSHA384,
6665 signatureRSAPSSWithSHA384,
6666 signatureECDSAWithSHA1,
6667 },
6668 },
6669 expectedPeerSignatureAlgorithm: signatureRSAPSSWithSHA384,
6670 })
6671
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6672 // Test that signature verification takes the key type into account.
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6673 testCases = append(testCases, testCase{
6674 testType: serverTest,
6675 name: "Verify-ClientAuth-SignatureType",
6676 config: Config{
6677 MaxVersion: VersionTLS12,
6678 Certificates: []Certificate{rsaCertificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6679 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6680 signatureRSAPKCS1WithSHA256,
6681 },
6682 Bugs: ProtocolBugs{
6683 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6684 },
6685 },
6686 flags: []string{
6687 "-require-any-client-certificate",
6688 },
6689 shouldFail: true,
6690 expectedError: ":WRONG_SIGNATURE_TYPE:",
6691 })
6692
6693 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6694 testType: serverTest,
6695 name: "Verify-ClientAuth-SignatureType-TLS13",
6696 config: Config{
6697 MaxVersion: VersionTLS13,
6698 Certificates: []Certificate{rsaCertificate},
6699 SignSignatureAlgorithms: []signatureAlgorithm{
6700 signatureRSAPSSWithSHA256,
6701 },
6702 Bugs: ProtocolBugs{
6703 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6704 },
6705 },
6706 flags: []string{
6707 "-require-any-client-certificate",
6708 },
6709 shouldFail: true,
6710 expectedError: ":WRONG_SIGNATURE_TYPE:",
6711 })
6712
6713 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6714 name: "Verify-ServerAuth-SignatureType",
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6715 config: Config{
6716 MaxVersion: VersionTLS12,
6717 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6718 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamina95e9f32016-07-08 16:28:04 -0700[diff] [blame]6719 signatureRSAPKCS1WithSHA256,
6720 },
6721 Bugs: ProtocolBugs{
6722 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6723 },
6724 },
6725 shouldFail: true,
6726 expectedError: ":WRONG_SIGNATURE_TYPE:",
6727 })
6728
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6729 testCases = append(testCases, testCase{
6730 name: "Verify-ServerAuth-SignatureType-TLS13",
6731 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6732 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]6733 SignSignatureAlgorithms: []signatureAlgorithm{
6734 signatureRSAPSSWithSHA256,
6735 },
6736 Bugs: ProtocolBugs{
6737 SendSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
6738 },
6739 },
6740 shouldFail: true,
6741 expectedError: ":WRONG_SIGNATURE_TYPE:",
6742 })
6743
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6744 // Test that, if the list is missing, the peer falls back to SHA-1 in
6745 // TLS 1.2, but not TLS 1.3.
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6746 testCases = append(testCases, testCase{
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6747 name: "ClientAuth-SHA1-Fallback-RSA",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6748 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6749 MaxVersion: VersionTLS12,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6750 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6751 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6752 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6753 },
6754 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6755 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6756 },
6757 },
6758 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]6759 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6760 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6761 },
6762 })
6763
6764 testCases = append(testCases, testCase{
6765 testType: serverTest,
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6766 name: "ServerAuth-SHA1-Fallback-RSA",
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6767 config: Config{
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6768 MaxVersion: VersionTLS12,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6769 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6770 signatureRSAPKCS1WithSHA1,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6771 },
6772 Bugs: ProtocolBugs{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6773 NoSignatureAlgorithms: true,
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6774 },
6775 },
David Benjaminee32bea2016-08-17 13:36:44 -0400[diff] [blame]6776 flags: []string{
6777 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6778 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6779 },
6780 })
6781
6782 testCases = append(testCases, testCase{
6783 name: "ClientAuth-SHA1-Fallback-ECDSA",
6784 config: Config{
6785 MaxVersion: VersionTLS12,
6786 ClientAuth: RequireAnyClientCert,
6787 VerifySignatureAlgorithms: []signatureAlgorithm{
6788 signatureECDSAWithSHA1,
6789 },
6790 Bugs: ProtocolBugs{
6791 NoSignatureAlgorithms: true,
6792 },
6793 },
6794 flags: []string{
6795 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
6796 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
6797 },
6798 })
6799
6800 testCases = append(testCases, testCase{
6801 testType: serverTest,
6802 name: "ServerAuth-SHA1-Fallback-ECDSA",
6803 config: Config{
6804 MaxVersion: VersionTLS12,
6805 VerifySignatureAlgorithms: []signatureAlgorithm{
6806 signatureECDSAWithSHA1,
6807 },
6808 Bugs: ProtocolBugs{
6809 NoSignatureAlgorithms: true,
6810 },
6811 },
6812 flags: []string{
6813 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
6814 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
6815 },
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]6816 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6817
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6818 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6819 name: "ClientAuth-NoFallback-TLS13",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6820 config: Config{
6821 MaxVersion: VersionTLS13,
6822 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6823 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6824 signatureRSAPKCS1WithSHA1,
6825 },
6826 Bugs: ProtocolBugs{
6827 NoSignatureAlgorithms: true,
6828 },
6829 },
6830 flags: []string{
6831 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6832 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6833 },
David Benjamin48901652016-08-01 12:12:47 -0400[diff] [blame]6834 shouldFail: true,
6835 // An empty CertificateRequest signature algorithm list is a
6836 // syntax error in TLS 1.3.
6837 expectedError: ":DECODE_ERROR:",
6838 expectedLocalError: "remote error: error decoding message",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6839 })
6840
6841 testCases = append(testCases, testCase{
6842 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6843 name: "ServerAuth-NoFallback-TLS13",
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6844 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6845 MaxVersion: VersionTLS13,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6846 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin51dd7d62016-07-08 16:07:01 -0700[diff] [blame]6847 signatureRSAPKCS1WithSHA1,
6848 },
6849 Bugs: ProtocolBugs{
6850 NoSignatureAlgorithms: true,
6851 },
6852 },
6853 shouldFail: true,
6854 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
6855 })
6856
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]6857 // Test that hash preferences are enforced. BoringSSL does not implement
6858 // MD5 signatures.
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6859 testCases = append(testCases, testCase{
6860 testType: serverTest,
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6861 name: "ClientAuth-Enforced",
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6862 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6863 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6864 Certificates: []Certificate{rsaCertificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6865 SignSignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6866 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6867 },
6868 Bugs: ProtocolBugs{
6869 IgnorePeerSignatureAlgorithmPreferences: true,
6870 },
6871 },
6872 flags: []string{"-require-any-client-certificate"},
6873 shouldFail: true,
6874 expectedError: ":WRONG_SIGNATURE_TYPE:",
6875 })
6876
6877 testCases = append(testCases, testCase{
David Benjaminbbfff7c2016-07-13 21:08:33 -0400[diff] [blame]6878 name: "ServerAuth-Enforced",
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6879 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6880 MaxVersion: VersionTLS12,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6881 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6882 SignSignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6883 signatureRSAPKCS1WithMD5,
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]6884 },
6885 Bugs: ProtocolBugs{
6886 IgnorePeerSignatureAlgorithmPreferences: true,
6887 },
6888 },
6889 shouldFail: true,
6890 expectedError: ":WRONG_SIGNATURE_TYPE:",
6891 })
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]6892 testCases = append(testCases, testCase{
6893 testType: serverTest,
6894 name: "ClientAuth-Enforced-TLS13",
6895 config: Config{
6896 MaxVersion: VersionTLS13,
6897 Certificates: []Certificate{rsaCertificate},
6898 SignSignatureAlgorithms: []signatureAlgorithm{
6899 signatureRSAPKCS1WithMD5,
6900 },
6901 Bugs: ProtocolBugs{
6902 IgnorePeerSignatureAlgorithmPreferences: true,
6903 IgnoreSignatureVersionChecks: true,
6904 },
6905 },
6906 flags: []string{"-require-any-client-certificate"},
6907 shouldFail: true,
6908 expectedError: ":WRONG_SIGNATURE_TYPE:",
6909 })
6910
6911 testCases = append(testCases, testCase{
6912 name: "ServerAuth-Enforced-TLS13",
6913 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]6914 MaxVersion: VersionTLS13,
David Benjaminb62d2872016-07-18 14:55:02 +0200[diff] [blame]6915 SignSignatureAlgorithms: []signatureAlgorithm{
6916 signatureRSAPKCS1WithMD5,
6917 },
6918 Bugs: ProtocolBugs{
6919 IgnorePeerSignatureAlgorithmPreferences: true,
6920 IgnoreSignatureVersionChecks: true,
6921 },
6922 },
6923 shouldFail: true,
6924 expectedError: ":WRONG_SIGNATURE_TYPE:",
6925 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6926
6927 // Test that the agreed upon digest respects the client preferences and
6928 // the server digests.
6929 testCases = append(testCases, testCase{
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6930 name: "NoCommonAlgorithms-Digests",
6931 config: Config{
6932 MaxVersion: VersionTLS12,
6933 ClientAuth: RequireAnyClientCert,
6934 VerifySignatureAlgorithms: []signatureAlgorithm{
6935 signatureRSAPKCS1WithSHA512,
6936 signatureRSAPKCS1WithSHA1,
6937 },
6938 },
6939 flags: []string{
6940 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6941 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6942 "-digest-prefs", "SHA256",
6943 },
6944 shouldFail: true,
6945 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
6946 })
6947 testCases = append(testCases, testCase{
David Benjaminea9a0d52016-07-08 15:52:59 -0700[diff] [blame]6948 name: "NoCommonAlgorithms",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6949 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6950 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6951 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6952 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6953 signatureRSAPKCS1WithSHA512,
6954 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6955 },
6956 },
6957 flags: []string{
6958 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6959 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6960 "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)),
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6961 },
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6962 shouldFail: true,
6963 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
6964 })
6965 testCases = append(testCases, testCase{
6966 name: "NoCommonAlgorithms-TLS13",
6967 config: Config{
6968 MaxVersion: VersionTLS13,
6969 ClientAuth: RequireAnyClientCert,
6970 VerifySignatureAlgorithms: []signatureAlgorithm{
6971 signatureRSAPSSWithSHA512,
6972 signatureRSAPSSWithSHA384,
6973 },
6974 },
6975 flags: []string{
6976 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6977 "-key-file", path.Join(*resourceDir, rsaKeyFile),
6978 "-signing-prefs", strconv.Itoa(int(signatureRSAPSSWithSHA256)),
6979 },
David Benjaminea9a0d52016-07-08 15:52:59 -0700[diff] [blame]6980 shouldFail: true,
6981 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6982 })
6983 testCases = append(testCases, testCase{
6984 name: "Agree-Digest-SHA256",
6985 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]6986 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6987 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]6988 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6989 signatureRSAPKCS1WithSHA1,
6990 signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6991 },
6992 },
6993 flags: []string{
6994 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
6995 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]6996 "-digest-prefs", "SHA256,SHA1",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6997 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]6998 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]6999 })
7000 testCases = append(testCases, testCase{
7001 name: "Agree-Digest-SHA1",
7002 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7003 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7004 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7005 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7006 signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7007 },
7008 },
7009 flags: []string{
7010 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7011 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7012 "-digest-prefs", "SHA512,SHA256,SHA1",
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7013 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7014 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7015 })
7016 testCases = append(testCases, testCase{
7017 name: "Agree-Digest-Default",
7018 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7019 MaxVersion: VersionTLS12,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7020 ClientAuth: RequireAnyClientCert,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7021 VerifySignatureAlgorithms: []signatureAlgorithm{
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7022 signatureRSAPKCS1WithSHA256,
7023 signatureECDSAWithP256AndSHA256,
7024 signatureRSAPKCS1WithSHA1,
7025 signatureECDSAWithSHA1,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7026 },
7027 },
7028 flags: []string{
7029 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7030 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7031 },
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]7032 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]7033 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7034
David Benjaminca3d5452016-07-14 12:51:01 -0400[diff] [blame]7035 // Test that the signing preference list may include extra algorithms
7036 // without negotiation problems.
7037 testCases = append(testCases, testCase{
7038 testType: serverTest,
7039 name: "FilterExtraAlgorithms",
7040 config: Config{
7041 MaxVersion: VersionTLS12,
7042 VerifySignatureAlgorithms: []signatureAlgorithm{
7043 signatureRSAPKCS1WithSHA256,
7044 },
7045 },
7046 flags: []string{
7047 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
7048 "-key-file", path.Join(*resourceDir, rsaKeyFile),
7049 "-signing-prefs", strconv.Itoa(int(fakeSigAlg1)),
7050 "-signing-prefs", strconv.Itoa(int(signatureECDSAWithP256AndSHA256)),
7051 "-signing-prefs", strconv.Itoa(int(signatureRSAPKCS1WithSHA256)),
7052 "-signing-prefs", strconv.Itoa(int(fakeSigAlg2)),
7053 },
7054 expectedPeerSignatureAlgorithm: signatureRSAPKCS1WithSHA256,
7055 })
7056
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7057 // In TLS 1.2 and below, ECDSA uses the curve list rather than the
7058 // signature algorithms.
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7059 testCases = append(testCases, testCase{
7060 name: "CheckLeafCurve",
7061 config: Config{
7062 MaxVersion: VersionTLS12,
7063 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]7064 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7065 },
7066 flags: []string{"-p384-only"},
7067 shouldFail: true,
7068 expectedError: ":BAD_ECC_CERT:",
7069 })
David Benjamin75ea5bb2016-07-08 17:43:29 -0700[diff] [blame]7070
7071 // In TLS 1.3, ECDSA does not use the ECDHE curve list.
7072 testCases = append(testCases, testCase{
7073 name: "CheckLeafCurve-TLS13",
7074 config: Config{
7075 MaxVersion: VersionTLS13,
David Benjamin75ea5bb2016-07-08 17:43:29 -0700[diff] [blame]7076 Certificates: []Certificate{ecdsaP256Certificate},
7077 },
7078 flags: []string{"-p384-only"},
7079 })
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7080
7081 // In TLS 1.2, the ECDSA curve is not in the signature algorithm.
7082 testCases = append(testCases, testCase{
7083 name: "ECDSACurveMismatch-Verify-TLS12",
7084 config: Config{
7085 MaxVersion: VersionTLS12,
7086 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
7087 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7088 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7089 signatureECDSAWithP384AndSHA384,
7090 },
7091 },
7092 })
7093
7094 // In TLS 1.3, the ECDSA curve comes from the signature algorithm.
7095 testCases = append(testCases, testCase{
7096 name: "ECDSACurveMismatch-Verify-TLS13",
7097 config: Config{
7098 MaxVersion: VersionTLS13,
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7099 Certificates: []Certificate{ecdsaP256Certificate},
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7100 SignSignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7101 signatureECDSAWithP384AndSHA384,
7102 },
7103 Bugs: ProtocolBugs{
7104 SkipECDSACurveCheck: true,
7105 },
7106 },
7107 shouldFail: true,
7108 expectedError: ":WRONG_SIGNATURE_TYPE:",
7109 })
7110
7111 // Signature algorithm selection in TLS 1.3 should take the curve into
7112 // account.
7113 testCases = append(testCases, testCase{
7114 testType: serverTest,
7115 name: "ECDSACurveMismatch-Sign-TLS13",
7116 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7117 MaxVersion: VersionTLS13,
David Benjamin7a41d372016-07-09 11:21:54 -0700[diff] [blame]7118 VerifySignatureAlgorithms: []signatureAlgorithm{
David Benjamin1fb125c2016-07-08 18:52:12 -0700[diff] [blame]7119 signatureECDSAWithP384AndSHA384,
7120 signatureECDSAWithP256AndSHA256,
7121 },
7122 },
7123 flags: []string{
7124 "-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
7125 "-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
7126 },
7127 expectedPeerSignatureAlgorithm: signatureECDSAWithP256AndSHA256,
7128 })
David Benjamin7944a9f2016-07-12 22:27:01 -0400[diff] [blame]7129
7130 // RSASSA-PSS with SHA-512 is too large for 1024-bit RSA. Test that the
7131 // server does not attempt to sign in that case.
7132 testCases = append(testCases, testCase{
7133 testType: serverTest,
7134 name: "RSA-PSS-Large",
7135 config: Config{
7136 MaxVersion: VersionTLS13,
7137 VerifySignatureAlgorithms: []signatureAlgorithm{
7138 signatureRSAPSSWithSHA512,
7139 },
7140 },
7141 flags: []string{
7142 "-cert-file", path.Join(*resourceDir, rsa1024CertificateFile),
7143 "-key-file", path.Join(*resourceDir, rsa1024KeyFile),
7144 },
7145 shouldFail: true,
7146 expectedError: ":NO_COMMON_SIGNATURE_ALGORITHMS:",
7147 })
David Benjamin57e929f2016-08-30 00:30:38 -0400[diff] [blame]7148
7149 // Test that RSA-PSS is enabled by default for TLS 1.2.
7150 testCases = append(testCases, testCase{
7151 testType: clientTest,
7152 name: "RSA-PSS-Default-Verify",
7153 config: Config{
7154 MaxVersion: VersionTLS12,
7155 SignSignatureAlgorithms: []signatureAlgorithm{
7156 signatureRSAPSSWithSHA256,
7157 },
7158 },
7159 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7160 })
7161
7162 testCases = append(testCases, testCase{
7163 testType: serverTest,
7164 name: "RSA-PSS-Default-Sign",
7165 config: Config{
7166 MaxVersion: VersionTLS12,
7167 VerifySignatureAlgorithms: []signatureAlgorithm{
7168 signatureRSAPSSWithSHA256,
7169 },
7170 },
7171 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7172 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]7173}
7174
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7175// timeouts is the retransmit schedule for BoringSSL. It doubles and
7176// caps at 60 seconds. On the 13th timeout, it gives up.
7177var timeouts = []time.Duration{
7178 1 * time.Second,
7179 2 * time.Second,
7180 4 * time.Second,
7181 8 * time.Second,
7182 16 * time.Second,
7183 32 * time.Second,
7184 60 * time.Second,
7185 60 * time.Second,
7186 60 * time.Second,
7187 60 * time.Second,
7188 60 * time.Second,
7189 60 * time.Second,
7190 60 * time.Second,
7191}
7192
Taylor Brandstetter376a0fe2016-05-10 19:30:28 -0700[diff] [blame]7193// shortTimeouts is an alternate set of timeouts which would occur if the
7194// initial timeout duration was set to 250ms.
7195var shortTimeouts = []time.Duration{
7196 250 * time.Millisecond,
7197 500 * time.Millisecond,
7198 1 * time.Second,
7199 2 * time.Second,
7200 4 * time.Second,
7201 8 * time.Second,
7202 16 * time.Second,
7203 32 * time.Second,
7204 60 * time.Second,
7205 60 * time.Second,
7206 60 * time.Second,
7207 60 * time.Second,
7208 60 * time.Second,
7209}
7210
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7211func addDTLSRetransmitTests() {
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7212 // These tests work by coordinating some behavior on both the shim and
7213 // the runner.
7214 //
7215 // TimeoutSchedule configures the runner to send a series of timeout
7216 // opcodes to the shim (see packetAdaptor) immediately before reading
7217 // each peer handshake flight N. The timeout opcode both simulates a
7218 // timeout in the shim and acts as a synchronization point to help the
7219 // runner bracket each handshake flight.
7220 //
7221 // We assume the shim does not read from the channel eagerly. It must
7222 // first wait until it has sent flight N and is ready to receive
7223 // handshake flight N+1. At this point, it will process the timeout
7224 // opcode. It must then immediately respond with a timeout ACK and act
7225 // as if the shim was idle for the specified amount of time.
7226 //
7227 // The runner then drops all packets received before the ACK and
7228 // continues waiting for flight N. This ordering results in one attempt
7229 // at sending flight N to be dropped. For the test to complete, the
7230 // shim must send flight N again, testing that the shim implements DTLS
7231 // retransmit on a timeout.
7232
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7233 // TODO(davidben): Add DTLS 1.3 versions of these tests. There will
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7234 // likely be more epochs to cross and the final message's retransmit may
7235 // be more complex.
7236
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7237 for _, async := range []bool{true, false} {
7238 var tests []testCase
7239
7240 // Test that this is indeed the timeout schedule. Stress all
7241 // four patterns of handshake.
7242 for i := 1; i < len(timeouts); i++ {
7243 number := strconv.Itoa(i)
7244 tests = append(tests, testCase{
7245 protocol: dtls,
7246 name: "DTLS-Retransmit-Client-" + number,
7247 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7248 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7249 Bugs: ProtocolBugs{
7250 TimeoutSchedule: timeouts[:i],
7251 },
7252 },
7253 resumeSession: true,
7254 })
7255 tests = append(tests, testCase{
7256 protocol: dtls,
7257 testType: serverTest,
7258 name: "DTLS-Retransmit-Server-" + number,
7259 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7260 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7261 Bugs: ProtocolBugs{
7262 TimeoutSchedule: timeouts[:i],
7263 },
7264 },
7265 resumeSession: true,
7266 })
7267 }
7268
7269 // Test that exceeding the timeout schedule hits a read
7270 // timeout.
7271 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7272 protocol: dtls,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7273 name: "DTLS-Retransmit-Timeout",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7274 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7275 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7276 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7277 TimeoutSchedule: timeouts,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7278 },
7279 },
7280 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7281 shouldFail: true,
7282 expectedError: ":READ_TIMEOUT_EXPIRED:",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7283 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7284
7285 if async {
7286 // Test that timeout handling has a fudge factor, due to API
7287 // problems.
7288 tests = append(tests, testCase{
7289 protocol: dtls,
7290 name: "DTLS-Retransmit-Fudge",
7291 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7292 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7293 Bugs: ProtocolBugs{
7294 TimeoutSchedule: []time.Duration{
7295 timeouts[0] - 10*time.Millisecond,
7296 },
7297 },
7298 },
7299 resumeSession: true,
7300 })
7301 }
7302
7303 // Test that the final Finished retransmitting isn't
7304 // duplicated if the peer badly fragments everything.
7305 tests = append(tests, testCase{
7306 testType: serverTest,
7307 protocol: dtls,
7308 name: "DTLS-Retransmit-Fragmented",
7309 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7310 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7311 Bugs: ProtocolBugs{
7312 TimeoutSchedule: []time.Duration{timeouts[0]},
7313 MaxHandshakeRecordLength: 2,
7314 },
7315 },
7316 })
7317
7318 // Test the timeout schedule when a shorter initial timeout duration is set.
7319 tests = append(tests, testCase{
7320 protocol: dtls,
7321 name: "DTLS-Retransmit-Short-Client",
7322 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7323 MaxVersion: VersionTLS12,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7324 Bugs: ProtocolBugs{
7325 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
7326 },
7327 },
7328 resumeSession: true,
7329 flags: []string{"-initial-timeout-duration-ms", "250"},
7330 })
7331 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7332 protocol: dtls,
7333 testType: serverTest,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7334 name: "DTLS-Retransmit-Short-Server",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7335 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7336 MaxVersion: VersionTLS12,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7337 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7338 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7339 },
7340 },
7341 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7342 flags: []string{"-initial-timeout-duration-ms", "250"},
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7343 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]7344
7345 for _, test := range tests {
7346 if async {
7347 test.name += "-Async"
7348 test.flags = append(test.flags, "-async")
7349 }
7350
7351 testCases = append(testCases, test)
7352 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7353 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]7354}
7355
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7356func addExportKeyingMaterialTests() {
7357 for _, vers := range tlsVersions {
7358 if vers.version == VersionSSL30 {
7359 continue
7360 }
7361 testCases = append(testCases, testCase{
7362 name: "ExportKeyingMaterial-" + vers.name,
7363 config: Config{
7364 MaxVersion: vers.version,
7365 },
7366 exportKeyingMaterial: 1024,
7367 exportLabel: "label",
7368 exportContext: "context",
7369 useExportContext: true,
7370 })
7371 testCases = append(testCases, testCase{
7372 name: "ExportKeyingMaterial-NoContext-" + vers.name,
7373 config: Config{
7374 MaxVersion: vers.version,
7375 },
7376 exportKeyingMaterial: 1024,
7377 })
7378 testCases = append(testCases, testCase{
7379 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
7380 config: Config{
7381 MaxVersion: vers.version,
7382 },
7383 exportKeyingMaterial: 1024,
7384 useExportContext: true,
7385 })
7386 testCases = append(testCases, testCase{
7387 name: "ExportKeyingMaterial-Small-" + vers.name,
7388 config: Config{
7389 MaxVersion: vers.version,
7390 },
7391 exportKeyingMaterial: 1,
7392 exportLabel: "label",
7393 exportContext: "context",
7394 useExportContext: true,
7395 })
7396 }
David Benjamin7bb1d292016-11-01 19:45:06 -0400[diff] [blame]7397
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7398 testCases = append(testCases, testCase{
7399 name: "ExportKeyingMaterial-SSL3",
7400 config: Config{
7401 MaxVersion: VersionSSL30,
7402 },
7403 exportKeyingMaterial: 1024,
7404 exportLabel: "label",
7405 exportContext: "context",
7406 useExportContext: true,
7407 shouldFail: true,
7408 expectedError: "failed to export keying material",
7409 })
David Benjamin7bb1d292016-11-01 19:45:06 -0400[diff] [blame]7410
7411 // Exporters work during a False Start.
7412 testCases = append(testCases, testCase{
7413 name: "ExportKeyingMaterial-FalseStart",
7414 config: Config{
7415 MaxVersion: VersionTLS12,
7416 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7417 NextProtos: []string{"foo"},
7418 Bugs: ProtocolBugs{
7419 ExpectFalseStart: true,
7420 },
7421 },
7422 flags: []string{
7423 "-false-start",
7424 "-advertise-alpn", "\x03foo",
7425 },
7426 shimWritesFirst: true,
7427 exportKeyingMaterial: 1024,
7428 exportLabel: "label",
7429 exportContext: "context",
7430 useExportContext: true,
7431 })
7432
7433 // Exporters do not work in the middle of a renegotiation. Test this by
7434 // triggering the exporter after every SSL_read call and configuring the
7435 // shim to run asynchronously.
7436 testCases = append(testCases, testCase{
7437 name: "ExportKeyingMaterial-Renegotiate",
7438 config: Config{
7439 MaxVersion: VersionTLS12,
7440 },
7441 renegotiate: 1,
7442 flags: []string{
7443 "-async",
7444 "-use-exporter-between-reads",
7445 "-renegotiate-freely",
7446 "-expect-total-renegotiations", "1",
7447 },
7448 shouldFail: true,
7449 expectedError: "failed to export keying material",
7450 })
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]7451}
7452
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7453func addTLSUniqueTests() {
7454 for _, isClient := range []bool{false, true} {
7455 for _, isResumption := range []bool{false, true} {
7456 for _, hasEMS := range []bool{false, true} {
7457 var suffix string
7458 if isResumption {
7459 suffix = "Resume-"
7460 } else {
7461 suffix = "Full-"
7462 }
7463
7464 if hasEMS {
7465 suffix += "EMS-"
7466 } else {
7467 suffix += "NoEMS-"
7468 }
7469
7470 if isClient {
7471 suffix += "Client"
7472 } else {
7473 suffix += "Server"
7474 }
7475
7476 test := testCase{
7477 name: "TLSUnique-" + suffix,
7478 testTLSUnique: true,
7479 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7480 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7481 Bugs: ProtocolBugs{
7482 NoExtendedMasterSecret: !hasEMS,
7483 },
7484 },
7485 }
7486
7487 if isResumption {
7488 test.resumeSession = true
7489 test.resumeConfig = &Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7490 MaxVersion: VersionTLS12,
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]7491 Bugs: ProtocolBugs{
7492 NoExtendedMasterSecret: !hasEMS,
7493 },
7494 }
7495 }
7496
7497 if isResumption && !hasEMS {
7498 test.shouldFail = true
7499 test.expectedError = "failed to get tls-unique"
7500 }
7501
7502 testCases = append(testCases, test)
7503 }
7504 }
7505 }
7506}
7507
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7508func addCustomExtensionTests() {
7509 expectedContents := "custom extension"
7510 emptyString := ""
7511
7512 for _, isClient := range []bool{false, true} {
7513 suffix := "Server"
7514 flag := "-enable-server-custom-extension"
7515 testType := serverTest
7516 if isClient {
7517 suffix = "Client"
7518 flag = "-enable-client-custom-extension"
7519 testType = clientTest
7520 }
7521
7522 testCases = append(testCases, testCase{
7523 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7524 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7525 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7526 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7527 Bugs: ProtocolBugs{
7528 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7529 ExpectedCustomExtension: &expectedContents,
7530 },
7531 },
7532 flags: []string{flag},
7533 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7534 testCases = append(testCases, testCase{
7535 testType: testType,
7536 name: "CustomExtensions-" + suffix + "-TLS13",
7537 config: Config{
7538 MaxVersion: VersionTLS13,
7539 Bugs: ProtocolBugs{
7540 CustomExtension: expectedContents,
7541 ExpectedCustomExtension: &expectedContents,
7542 },
7543 },
7544 flags: []string{flag},
7545 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7546
7547 // If the parse callback fails, the handshake should also fail.
7548 testCases = append(testCases, testCase{
7549 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7550 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7551 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7552 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7553 Bugs: ProtocolBugs{
7554 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7555 ExpectedCustomExtension: &expectedContents,
7556 },
7557 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7558 flags: []string{flag},
7559 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7560 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7561 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7562 testCases = append(testCases, testCase{
7563 testType: testType,
7564 name: "CustomExtensions-ParseError-" + suffix + "-TLS13",
7565 config: Config{
7566 MaxVersion: VersionTLS13,
7567 Bugs: ProtocolBugs{
7568 CustomExtension: expectedContents + "foo",
7569 ExpectedCustomExtension: &expectedContents,
7570 },
7571 },
7572 flags: []string{flag},
7573 shouldFail: true,
7574 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7575 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7576
7577 // If the add callback fails, the handshake should also fail.
7578 testCases = append(testCases, testCase{
7579 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7580 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7581 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7582 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7583 Bugs: ProtocolBugs{
7584 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7585 ExpectedCustomExtension: &expectedContents,
7586 },
7587 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7588 flags: []string{flag, "-custom-extension-fail-add"},
7589 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7590 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7591 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7592 testCases = append(testCases, testCase{
7593 testType: testType,
7594 name: "CustomExtensions-FailAdd-" + suffix + "-TLS13",
7595 config: Config{
7596 MaxVersion: VersionTLS13,
7597 Bugs: ProtocolBugs{
7598 CustomExtension: expectedContents,
7599 ExpectedCustomExtension: &expectedContents,
7600 },
7601 },
7602 flags: []string{flag, "-custom-extension-fail-add"},
7603 shouldFail: true,
7604 expectedError: ":CUSTOM_EXTENSION_ERROR:",
7605 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7606
7607 // If the add callback returns zero, no extension should be
7608 // added.
7609 skipCustomExtension := expectedContents
7610 if isClient {
7611 // For the case where the client skips sending the
7612 // custom extension, the server must not “echo” it.
7613 skipCustomExtension = ""
7614 }
7615 testCases = append(testCases, testCase{
7616 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7617 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7618 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7619 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7620 Bugs: ProtocolBugs{
7621 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7622 ExpectedCustomExtension: &emptyString,
7623 },
7624 },
7625 flags: []string{flag, "-custom-extension-skip"},
7626 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7627 testCases = append(testCases, testCase{
7628 testType: testType,
7629 name: "CustomExtensions-Skip-" + suffix + "-TLS13",
7630 config: Config{
7631 MaxVersion: VersionTLS13,
7632 Bugs: ProtocolBugs{
7633 CustomExtension: skipCustomExtension,
7634 ExpectedCustomExtension: &emptyString,
7635 },
7636 },
7637 flags: []string{flag, "-custom-extension-skip"},
7638 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7639 }
7640
7641 // The custom extension add callback should not be called if the client
7642 // doesn't send the extension.
7643 testCases = append(testCases, testCase{
7644 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7645 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7646 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7647 MaxVersion: VersionTLS12,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]7648 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7649 ExpectedCustomExtension: &emptyString,
7650 },
7651 },
7652 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
7653 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7654
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7655 testCases = append(testCases, testCase{
7656 testType: serverTest,
7657 name: "CustomExtensions-NotCalled-Server-TLS13",
7658 config: Config{
7659 MaxVersion: VersionTLS13,
7660 Bugs: ProtocolBugs{
7661 ExpectedCustomExtension: &emptyString,
7662 },
7663 },
7664 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
7665 })
7666
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7667 // Test an unknown extension from the server.
7668 testCases = append(testCases, testCase{
7669 testType: clientTest,
7670 name: "UnknownExtension-Client",
7671 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7672 MaxVersion: VersionTLS12,
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7673 Bugs: ProtocolBugs{
7674 CustomExtension: expectedContents,
7675 },
7676 },
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7677 shouldFail: true,
7678 expectedError: ":UNEXPECTED_EXTENSION:",
7679 expectedLocalError: "remote error: unsupported extension",
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]7680 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7681 testCases = append(testCases, testCase{
7682 testType: clientTest,
7683 name: "UnknownExtension-Client-TLS13",
7684 config: Config{
7685 MaxVersion: VersionTLS13,
7686 Bugs: ProtocolBugs{
7687 CustomExtension: expectedContents,
7688 },
7689 },
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7690 shouldFail: true,
7691 expectedError: ":UNEXPECTED_EXTENSION:",
7692 expectedLocalError: "remote error: unsupported extension",
7693 })
David Benjamin490469f2016-10-05 22:44:38 -0400[diff] [blame]7694 testCases = append(testCases, testCase{
7695 testType: clientTest,
7696 name: "UnknownUnencryptedExtension-Client-TLS13",
7697 config: Config{
7698 MaxVersion: VersionTLS13,
7699 Bugs: ProtocolBugs{
7700 CustomUnencryptedExtension: expectedContents,
7701 },
7702 },
7703 shouldFail: true,
7704 expectedError: ":UNEXPECTED_EXTENSION:",
7705 // The shim must send an alert, but alerts at this point do not
7706 // get successfully decrypted by the runner.
7707 expectedLocalError: "local error: bad record MAC",
7708 })
7709 testCases = append(testCases, testCase{
7710 testType: clientTest,
7711 name: "UnexpectedUnencryptedExtension-Client-TLS13",
7712 config: Config{
7713 MaxVersion: VersionTLS13,
7714 Bugs: ProtocolBugs{
7715 SendUnencryptedALPN: "foo",
7716 },
7717 },
7718 flags: []string{
7719 "-advertise-alpn", "\x03foo\x03bar",
7720 },
7721 shouldFail: true,
7722 expectedError: ":UNEXPECTED_EXTENSION:",
7723 // The shim must send an alert, but alerts at this point do not
7724 // get successfully decrypted by the runner.
7725 expectedLocalError: "local error: bad record MAC",
7726 })
David Benjamin0c40a962016-08-01 12:05:50 -0400[diff] [blame]7727
7728 // Test a known but unoffered extension from the server.
7729 testCases = append(testCases, testCase{
7730 testType: clientTest,
7731 name: "UnofferedExtension-Client",
7732 config: Config{
7733 MaxVersion: VersionTLS12,
7734 Bugs: ProtocolBugs{
7735 SendALPN: "alpn",
7736 },
7737 },
7738 shouldFail: true,
7739 expectedError: ":UNEXPECTED_EXTENSION:",
7740 expectedLocalError: "remote error: unsupported extension",
7741 })
7742 testCases = append(testCases, testCase{
7743 testType: clientTest,
7744 name: "UnofferedExtension-Client-TLS13",
7745 config: Config{
7746 MaxVersion: VersionTLS13,
7747 Bugs: ProtocolBugs{
7748 SendALPN: "alpn",
7749 },
7750 },
7751 shouldFail: true,
7752 expectedError: ":UNEXPECTED_EXTENSION:",
7753 expectedLocalError: "remote error: unsupported extension",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7754 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]7755}
7756
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]7757func addRSAClientKeyExchangeTests() {
7758 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
7759 testCases = append(testCases, testCase{
7760 testType: serverTest,
7761 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
7762 config: Config{
7763 // Ensure the ClientHello version and final
7764 // version are different, to detect if the
7765 // server uses the wrong one.
7766 MaxVersion: VersionTLS11,
Matt Braithwaite07e78062016-08-21 14:50:43 -0700[diff] [blame]7767 CipherSuites: []uint16{TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]7768 Bugs: ProtocolBugs{
7769 BadRSAClientKeyExchange: bad,
7770 },
7771 },
7772 shouldFail: true,
7773 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
7774 })
7775 }
David Benjamine63d9d72016-09-19 18:27:34 -0400[diff] [blame]7776
7777 // The server must compare whatever was in ClientHello.version for the
7778 // RSA premaster.
7779 testCases = append(testCases, testCase{
7780 testType: serverTest,
7781 name: "SendClientVersion-RSA",
7782 config: Config{
7783 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
7784 Bugs: ProtocolBugs{
7785 SendClientVersion: 0x1234,
7786 },
7787 },
7788 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
7789 })
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]7790}
7791
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7792var testCurves = []struct {
7793 name string
7794 id CurveID
7795}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7796 {"P-256", CurveP256},
7797 {"P-384", CurveP384},
7798 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]7799 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7800}
7801
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7802const bogusCurve = 0x1234
7803
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7804func addCurveTests() {
7805 for _, curve := range testCurves {
7806 testCases = append(testCases, testCase{
7807 name: "CurveTest-Client-" + curve.name,
7808 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7809 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7810 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7811 CurvePreferences: []CurveID{curve.id},
7812 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7813 flags: []string{
7814 "-enable-all-curves",
7815 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7816 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7817 expectedCurveID: curve.id,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7818 })
7819 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7820 name: "CurveTest-Client-" + curve.name + "-TLS13",
7821 config: Config{
7822 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7823 CurvePreferences: []CurveID{curve.id},
7824 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7825 flags: []string{
7826 "-enable-all-curves",
7827 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7828 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7829 expectedCurveID: curve.id,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7830 })
7831 testCases = append(testCases, testCase{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7832 testType: serverTest,
7833 name: "CurveTest-Server-" + curve.name,
7834 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7835 MaxVersion: VersionTLS12,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7836 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7837 CurvePreferences: []CurveID{curve.id},
7838 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7839 flags: []string{
7840 "-enable-all-curves",
7841 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7842 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7843 expectedCurveID: curve.id,
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7844 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7845 testCases = append(testCases, testCase{
7846 testType: serverTest,
7847 name: "CurveTest-Server-" + curve.name + "-TLS13",
7848 config: Config{
7849 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7850 CurvePreferences: []CurveID{curve.id},
7851 },
David Benjamin5c4e8572016-08-19 17:44:53 -0400[diff] [blame]7852 flags: []string{
7853 "-enable-all-curves",
7854 "-expect-curve-id", strconv.Itoa(int(curve.id)),
7855 },
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]7856 expectedCurveID: curve.id,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7857 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]7858 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]7859
7860 // The server must be tolerant to bogus curves.
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]7861 testCases = append(testCases, testCase{
7862 testType: serverTest,
7863 name: "UnknownCurve",
7864 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7865 MaxVersion: VersionTLS12,
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]7866 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7867 CurvePreferences: []CurveID{bogusCurve, CurveP256},
7868 },
7869 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7870
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7871 // The server must be tolerant to bogus curves.
7872 testCases = append(testCases, testCase{
7873 testType: serverTest,
7874 name: "UnknownCurve-TLS13",
7875 config: Config{
7876 MaxVersion: VersionTLS13,
7877 CurvePreferences: []CurveID{bogusCurve, CurveP256},
7878 },
7879 })
7880
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7881 // The server must not consider ECDHE ciphers when there are no
7882 // supported curves.
7883 testCases = append(testCases, testCase{
7884 testType: serverTest,
7885 name: "NoSupportedCurves",
7886 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7887 MaxVersion: VersionTLS12,
7888 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7889 Bugs: ProtocolBugs{
7890 NoSupportedCurves: true,
7891 },
7892 },
7893 shouldFail: true,
7894 expectedError: ":NO_SHARED_CIPHER:",
7895 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7896 testCases = append(testCases, testCase{
7897 testType: serverTest,
7898 name: "NoSupportedCurves-TLS13",
7899 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7900 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7901 Bugs: ProtocolBugs{
7902 NoSupportedCurves: true,
7903 },
7904 },
7905 shouldFail: true,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7906 expectedError: ":NO_SHARED_GROUP:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7907 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7908
7909 // The server must fall back to another cipher when there are no
7910 // supported curves.
7911 testCases = append(testCases, testCase{
7912 testType: serverTest,
7913 name: "NoCommonCurves",
7914 config: Config{
7915 MaxVersion: VersionTLS12,
7916 CipherSuites: []uint16{
7917 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
7918 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
7919 },
7920 CurvePreferences: []CurveID{CurveP224},
7921 },
7922 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
7923 })
7924
7925 // The client must reject bogus curves and disabled curves.
7926 testCases = append(testCases, testCase{
7927 name: "BadECDHECurve",
7928 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7929 MaxVersion: VersionTLS12,
7930 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7931 Bugs: ProtocolBugs{
7932 SendCurve: bogusCurve,
7933 },
7934 },
7935 shouldFail: true,
7936 expectedError: ":WRONG_CURVE:",
7937 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7938 testCases = append(testCases, testCase{
7939 name: "BadECDHECurve-TLS13",
7940 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7941 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7942 Bugs: ProtocolBugs{
7943 SendCurve: bogusCurve,
7944 },
7945 },
7946 shouldFail: true,
7947 expectedError: ":WRONG_CURVE:",
7948 })
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7949
7950 testCases = append(testCases, testCase{
7951 name: "UnsupportedCurve",
7952 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7953 MaxVersion: VersionTLS12,
7954 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7955 CurvePreferences: []CurveID{CurveP256},
7956 Bugs: ProtocolBugs{
7957 IgnorePeerCurvePreferences: true,
7958 },
7959 },
7960 flags: []string{"-p384-only"},
7961 shouldFail: true,
7962 expectedError: ":WRONG_CURVE:",
7963 })
7964
David Benjamin4f921572016-07-17 14:20:10 +0200[diff] [blame]7965 testCases = append(testCases, testCase{
7966 // TODO(davidben): Add a TLS 1.3 version where
7967 // HelloRetryRequest requests an unsupported curve.
7968 name: "UnsupportedCurve-ServerHello-TLS13",
7969 config: Config{
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]7970 MaxVersion: VersionTLS13,
David Benjamin4f921572016-07-17 14:20:10 +0200[diff] [blame]7971 CurvePreferences: []CurveID{CurveP384},
7972 Bugs: ProtocolBugs{
7973 SendCurve: CurveP256,
7974 },
7975 },
7976 flags: []string{"-p384-only"},
7977 shouldFail: true,
7978 expectedError: ":WRONG_CURVE:",
7979 })
7980
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7981 // Test invalid curve points.
7982 testCases = append(testCases, testCase{
7983 name: "InvalidECDHPoint-Client",
7984 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]7985 MaxVersion: VersionTLS12,
7986 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
7987 CurvePreferences: []CurveID{CurveP256},
7988 Bugs: ProtocolBugs{
7989 InvalidECDHPoint: true,
7990 },
7991 },
7992 shouldFail: true,
7993 expectedError: ":INVALID_ENCODING:",
7994 })
7995 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7996 name: "InvalidECDHPoint-Client-TLS13",
7997 config: Config{
7998 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]7999 CurvePreferences: []CurveID{CurveP256},
8000 Bugs: ProtocolBugs{
8001 InvalidECDHPoint: true,
8002 },
8003 },
8004 shouldFail: true,
8005 expectedError: ":INVALID_ENCODING:",
8006 })
8007 testCases = append(testCases, testCase{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8008 testType: serverTest,
8009 name: "InvalidECDHPoint-Server",
8010 config: Config{
David Benjamin4c3ddf72016-06-29 18:13:53 -0400[diff] [blame]8011 MaxVersion: VersionTLS12,
8012 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8013 CurvePreferences: []CurveID{CurveP256},
8014 Bugs: ProtocolBugs{
8015 InvalidECDHPoint: true,
8016 },
8017 },
8018 shouldFail: true,
8019 expectedError: ":INVALID_ENCODING:",
8020 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8021 testCases = append(testCases, testCase{
8022 testType: serverTest,
8023 name: "InvalidECDHPoint-Server-TLS13",
8024 config: Config{
8025 MaxVersion: VersionTLS13,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8026 CurvePreferences: []CurveID{CurveP256},
8027 Bugs: ProtocolBugs{
8028 InvalidECDHPoint: true,
8029 },
8030 },
8031 shouldFail: true,
8032 expectedError: ":INVALID_ENCODING:",
8033 })
David Benjamin8a55ce42016-12-11 03:03:42 -0500[diff] [blame]8034
8035 // The previous curve ID should be reported on TLS 1.2 resumption.
8036 testCases = append(testCases, testCase{
8037 name: "CurveID-Resume-Client",
8038 config: Config{
8039 MaxVersion: VersionTLS12,
8040 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8041 CurvePreferences: []CurveID{CurveX25519},
8042 },
8043 flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
8044 resumeSession: true,
8045 })
8046 testCases = append(testCases, testCase{
8047 testType: serverTest,
8048 name: "CurveID-Resume-Server",
8049 config: Config{
8050 MaxVersion: VersionTLS12,
8051 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
8052 CurvePreferences: []CurveID{CurveX25519},
8053 },
8054 flags: []string{"-expect-curve-id", strconv.Itoa(int(CurveX25519))},
8055 resumeSession: true,
8056 })
8057
8058 // TLS 1.3 allows resuming at a differet curve. If this happens, the new
8059 // one should be reported.
8060 testCases = append(testCases, testCase{
8061 name: "CurveID-Resume-Client-TLS13",
8062 config: Config{
8063 MaxVersion: VersionTLS13,
8064 CurvePreferences: []CurveID{CurveX25519},
8065 },
8066 resumeConfig: &Config{
8067 MaxVersion: VersionTLS13,
8068 CurvePreferences: []CurveID{CurveP256},
8069 },
8070 flags: []string{
8071 "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
8072 "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
8073 },
8074 resumeSession: true,
8075 })
8076 testCases = append(testCases, testCase{
8077 testType: serverTest,
8078 name: "CurveID-Resume-Server-TLS13",
8079 config: Config{
8080 MaxVersion: VersionTLS13,
8081 CurvePreferences: []CurveID{CurveX25519},
8082 },
8083 resumeConfig: &Config{
8084 MaxVersion: VersionTLS13,
8085 CurvePreferences: []CurveID{CurveP256},
8086 },
8087 flags: []string{
8088 "-expect-curve-id", strconv.Itoa(int(CurveX25519)),
8089 "-expect-resume-curve-id", strconv.Itoa(int(CurveP256)),
8090 },
8091 resumeSession: true,
8092 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]8093}
8094
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]8095func addTLS13RecordTests() {
8096 testCases = append(testCases, testCase{
8097 name: "TLS13-RecordPadding",
8098 config: Config{
8099 MaxVersion: VersionTLS13,
8100 MinVersion: VersionTLS13,
8101 Bugs: ProtocolBugs{
8102 RecordPadding: 10,
8103 },
8104 },
8105 })
8106
8107 testCases = append(testCases, testCase{
8108 name: "TLS13-EmptyRecords",
8109 config: Config{
8110 MaxVersion: VersionTLS13,
8111 MinVersion: VersionTLS13,
8112 Bugs: ProtocolBugs{
8113 OmitRecordContents: true,
8114 },
8115 },
8116 shouldFail: true,
8117 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8118 })
8119
8120 testCases = append(testCases, testCase{
8121 name: "TLS13-OnlyPadding",
8122 config: Config{
8123 MaxVersion: VersionTLS13,
8124 MinVersion: VersionTLS13,
8125 Bugs: ProtocolBugs{
8126 OmitRecordContents: true,
8127 RecordPadding: 10,
8128 },
8129 },
8130 shouldFail: true,
8131 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8132 })
8133
8134 testCases = append(testCases, testCase{
8135 name: "TLS13-WrongOuterRecord",
8136 config: Config{
8137 MaxVersion: VersionTLS13,
8138 MinVersion: VersionTLS13,
8139 Bugs: ProtocolBugs{
8140 OuterRecordType: recordTypeHandshake,
8141 },
8142 },
8143 shouldFail: true,
8144 expectedError: ":INVALID_OUTER_RECORD_TYPE:",
8145 })
8146}
8147
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8148func addSessionTicketTests() {
8149 testCases = append(testCases, testCase{
8150 // In TLS 1.2 and below, empty NewSessionTicket messages
8151 // mean the server changed its mind on sending a ticket.
8152 name: "SendEmptySessionTicket",
8153 config: Config{
8154 MaxVersion: VersionTLS12,
8155 Bugs: ProtocolBugs{
8156 SendEmptySessionTicket: true,
8157 },
8158 },
8159 flags: []string{"-expect-no-session"},
8160 })
8161
8162 // Test that the server ignores unknown PSK modes.
8163 testCases = append(testCases, testCase{
8164 testType: serverTest,
8165 name: "TLS13-SendUnknownModeSessionTicket-Server",
8166 config: Config{
8167 MaxVersion: VersionTLS13,
8168 Bugs: ProtocolBugs{
8169 SendPSKKeyExchangeModes: []byte{0x1a, pskDHEKEMode, 0x2a},
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8170 },
8171 },
8172 resumeSession: true,
8173 expectedResumeVersion: VersionTLS13,
8174 })
8175
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8176 // Test that the server does not send session tickets with no matching key exchange mode.
8177 testCases = append(testCases, testCase{
8178 testType: serverTest,
8179 name: "TLS13-ExpectNoSessionTicketOnBadKEMode-Server",
8180 config: Config{
8181 MaxVersion: VersionTLS13,
8182 Bugs: ProtocolBugs{
8183 SendPSKKeyExchangeModes: []byte{0x1a},
8184 ExpectNoNewSessionTicket: true,
8185 },
8186 },
8187 })
8188
8189 // Test that the server does not accept a session with no matching key exchange mode.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8190 testCases = append(testCases, testCase{
8191 testType: serverTest,
8192 name: "TLS13-SendBadKEModeSessionTicket-Server",
8193 config: Config{
8194 MaxVersion: VersionTLS13,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8195 },
8196 resumeConfig: &Config{
8197 MaxVersion: VersionTLS13,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8198 Bugs: ProtocolBugs{
8199 SendPSKKeyExchangeModes: []byte{0x1a},
8200 },
8201 },
8202 resumeSession: true,
8203 expectResumeRejected: true,
8204 })
8205
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8206 // Test that the client ticket age is sent correctly.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8207 testCases = append(testCases, testCase{
8208 testType: clientTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8209 name: "TLS13-TestValidTicketAge-Client",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8210 config: Config{
8211 MaxVersion: VersionTLS13,
8212 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8213 ExpectTicketAge: 10 * time.Second,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8214 },
8215 },
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8216 resumeSession: true,
8217 flags: []string{
8218 "-resumption-delay", "10",
8219 },
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8220 })
8221
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8222 // Test that the client ticket age is enforced.
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8223 testCases = append(testCases, testCase{
8224 testType: clientTest,
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8225 name: "TLS13-TestBadTicketAge-Client",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8226 config: Config{
8227 MaxVersion: VersionTLS13,
8228 Bugs: ProtocolBugs{
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8229 ExpectTicketAge: 1000 * time.Second,
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8230 },
8231 },
Steven Valdeza833c352016-11-01 13:39:36 -0400[diff] [blame]8232 resumeSession: true,
8233 shouldFail: true,
8234 expectedLocalError: "tls: invalid ticket age",
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8235 })
8236
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]8237}
8238
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8239func addChangeCipherSpecTests() {
8240 // Test missing ChangeCipherSpecs.
8241 testCases = append(testCases, testCase{
8242 name: "SkipChangeCipherSpec-Client",
8243 config: Config{
8244 MaxVersion: VersionTLS12,
8245 Bugs: ProtocolBugs{
8246 SkipChangeCipherSpec: true,
8247 },
8248 },
8249 shouldFail: true,
8250 expectedError: ":UNEXPECTED_RECORD:",
8251 })
8252 testCases = append(testCases, testCase{
8253 testType: serverTest,
8254 name: "SkipChangeCipherSpec-Server",
8255 config: Config{
8256 MaxVersion: VersionTLS12,
8257 Bugs: ProtocolBugs{
8258 SkipChangeCipherSpec: true,
8259 },
8260 },
8261 shouldFail: true,
8262 expectedError: ":UNEXPECTED_RECORD:",
8263 })
8264 testCases = append(testCases, testCase{
8265 testType: serverTest,
8266 name: "SkipChangeCipherSpec-Server-NPN",
8267 config: Config{
8268 MaxVersion: VersionTLS12,
8269 NextProtos: []string{"bar"},
8270 Bugs: ProtocolBugs{
8271 SkipChangeCipherSpec: true,
8272 },
8273 },
8274 flags: []string{
8275 "-advertise-npn", "\x03foo\x03bar\x03baz",
8276 },
8277 shouldFail: true,
8278 expectedError: ":UNEXPECTED_RECORD:",
8279 })
8280
8281 // Test synchronization between the handshake and ChangeCipherSpec.
8282 // Partial post-CCS handshake messages before ChangeCipherSpec should be
8283 // rejected. Test both with and without handshake packing to handle both
8284 // when the partial post-CCS message is in its own record and when it is
8285 // attached to the pre-CCS message.
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8286 for _, packed := range []bool{false, true} {
8287 var suffix string
8288 if packed {
8289 suffix = "-Packed"
8290 }
8291
8292 testCases = append(testCases, testCase{
8293 name: "FragmentAcrossChangeCipherSpec-Client" + suffix,
8294 config: Config{
8295 MaxVersion: VersionTLS12,
8296 Bugs: ProtocolBugs{
8297 FragmentAcrossChangeCipherSpec: true,
8298 PackHandshakeFlight: packed,
8299 },
8300 },
8301 shouldFail: true,
8302 expectedError: ":UNEXPECTED_RECORD:",
8303 })
8304 testCases = append(testCases, testCase{
8305 name: "FragmentAcrossChangeCipherSpec-Client-Resume" + suffix,
8306 config: Config{
8307 MaxVersion: VersionTLS12,
8308 },
8309 resumeSession: true,
8310 resumeConfig: &Config{
8311 MaxVersion: VersionTLS12,
8312 Bugs: ProtocolBugs{
8313 FragmentAcrossChangeCipherSpec: true,
8314 PackHandshakeFlight: packed,
8315 },
8316 },
8317 shouldFail: true,
8318 expectedError: ":UNEXPECTED_RECORD:",
8319 })
8320 testCases = append(testCases, testCase{
8321 testType: serverTest,
8322 name: "FragmentAcrossChangeCipherSpec-Server" + suffix,
8323 config: Config{
8324 MaxVersion: VersionTLS12,
8325 Bugs: ProtocolBugs{
8326 FragmentAcrossChangeCipherSpec: true,
8327 PackHandshakeFlight: packed,
8328 },
8329 },
8330 shouldFail: true,
8331 expectedError: ":UNEXPECTED_RECORD:",
8332 })
8333 testCases = append(testCases, testCase{
8334 testType: serverTest,
8335 name: "FragmentAcrossChangeCipherSpec-Server-Resume" + suffix,
8336 config: Config{
8337 MaxVersion: VersionTLS12,
8338 },
8339 resumeSession: true,
8340 resumeConfig: &Config{
8341 MaxVersion: VersionTLS12,
8342 Bugs: ProtocolBugs{
8343 FragmentAcrossChangeCipherSpec: true,
8344 PackHandshakeFlight: packed,
8345 },
8346 },
8347 shouldFail: true,
8348 expectedError: ":UNEXPECTED_RECORD:",
8349 })
8350 testCases = append(testCases, testCase{
8351 testType: serverTest,
8352 name: "FragmentAcrossChangeCipherSpec-Server-NPN" + suffix,
8353 config: Config{
8354 MaxVersion: VersionTLS12,
8355 NextProtos: []string{"bar"},
8356 Bugs: ProtocolBugs{
8357 FragmentAcrossChangeCipherSpec: true,
8358 PackHandshakeFlight: packed,
8359 },
8360 },
8361 flags: []string{
8362 "-advertise-npn", "\x03foo\x03bar\x03baz",
8363 },
8364 shouldFail: true,
8365 expectedError: ":UNEXPECTED_RECORD:",
8366 })
8367 }
8368
David Benjamin61672812016-07-14 23:10:43 -0400[diff] [blame]8369 // Test that, in DTLS, ChangeCipherSpec is not allowed when there are
8370 // messages in the handshake queue. Do this by testing the server
8371 // reading the client Finished, reversing the flight so Finished comes
8372 // first.
8373 testCases = append(testCases, testCase{
8374 protocol: dtls,
8375 testType: serverTest,
8376 name: "SendUnencryptedFinished-DTLS",
8377 config: Config{
8378 MaxVersion: VersionTLS12,
8379 Bugs: ProtocolBugs{
8380 SendUnencryptedFinished: true,
8381 ReverseHandshakeFragments: true,
8382 },
8383 },
8384 shouldFail: true,
8385 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8386 })
8387
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8388 // Test synchronization between encryption changes and the handshake in
8389 // TLS 1.3, where ChangeCipherSpec is implicit.
8390 testCases = append(testCases, testCase{
8391 name: "PartialEncryptedExtensionsWithServerHello",
8392 config: Config{
8393 MaxVersion: VersionTLS13,
8394 Bugs: ProtocolBugs{
8395 PartialEncryptedExtensionsWithServerHello: true,
8396 },
8397 },
8398 shouldFail: true,
8399 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8400 })
8401 testCases = append(testCases, testCase{
8402 testType: serverTest,
8403 name: "PartialClientFinishedWithClientHello",
8404 config: Config{
8405 MaxVersion: VersionTLS13,
8406 Bugs: ProtocolBugs{
8407 PartialClientFinishedWithClientHello: true,
8408 },
8409 },
8410 shouldFail: true,
8411 expectedError: ":BUFFERED_MESSAGES_ON_CIPHER_CHANGE:",
8412 })
8413
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]8414 // Test that early ChangeCipherSpecs are handled correctly.
8415 testCases = append(testCases, testCase{
8416 testType: serverTest,
8417 name: "EarlyChangeCipherSpec-server-1",
8418 config: Config{
8419 MaxVersion: VersionTLS12,
8420 Bugs: ProtocolBugs{
8421 EarlyChangeCipherSpec: 1,
8422 },
8423 },
8424 shouldFail: true,
8425 expectedError: ":UNEXPECTED_RECORD:",
8426 })
8427 testCases = append(testCases, testCase{
8428 testType: serverTest,
8429 name: "EarlyChangeCipherSpec-server-2",
8430 config: Config{
8431 MaxVersion: VersionTLS12,
8432 Bugs: ProtocolBugs{
8433 EarlyChangeCipherSpec: 2,
8434 },
8435 },
8436 shouldFail: true,
8437 expectedError: ":UNEXPECTED_RECORD:",
8438 })
8439 testCases = append(testCases, testCase{
8440 protocol: dtls,
8441 name: "StrayChangeCipherSpec",
8442 config: Config{
8443 // TODO(davidben): Once DTLS 1.3 exists, test
8444 // that stray ChangeCipherSpec messages are
8445 // rejected.
8446 MaxVersion: VersionTLS12,
8447 Bugs: ProtocolBugs{
8448 StrayChangeCipherSpec: true,
8449 },
8450 },
8451 })
8452
8453 // Test that the contents of ChangeCipherSpec are checked.
8454 testCases = append(testCases, testCase{
8455 name: "BadChangeCipherSpec-1",
8456 config: Config{
8457 MaxVersion: VersionTLS12,
8458 Bugs: ProtocolBugs{
8459 BadChangeCipherSpec: []byte{2},
8460 },
8461 },
8462 shouldFail: true,
8463 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8464 })
8465 testCases = append(testCases, testCase{
8466 name: "BadChangeCipherSpec-2",
8467 config: Config{
8468 MaxVersion: VersionTLS12,
8469 Bugs: ProtocolBugs{
8470 BadChangeCipherSpec: []byte{1, 1},
8471 },
8472 },
8473 shouldFail: true,
8474 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8475 })
8476 testCases = append(testCases, testCase{
8477 protocol: dtls,
8478 name: "BadChangeCipherSpec-DTLS-1",
8479 config: Config{
8480 MaxVersion: VersionTLS12,
8481 Bugs: ProtocolBugs{
8482 BadChangeCipherSpec: []byte{2},
8483 },
8484 },
8485 shouldFail: true,
8486 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8487 })
8488 testCases = append(testCases, testCase{
8489 protocol: dtls,
8490 name: "BadChangeCipherSpec-DTLS-2",
8491 config: Config{
8492 MaxVersion: VersionTLS12,
8493 Bugs: ProtocolBugs{
8494 BadChangeCipherSpec: []byte{1, 1},
8495 },
8496 },
8497 shouldFail: true,
8498 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
8499 })
8500}
8501
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8502type perMessageTest struct {
8503 messageType uint8
8504 test testCase
8505}
8506
8507// makePerMessageTests returns a series of test templates which cover each
8508// message in the TLS handshake. These may be used with bugs like
8509// WrongMessageType to fully test a per-message bug.
8510func makePerMessageTests() []perMessageTest {
8511 var ret []perMessageTest
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8512 for _, protocol := range []protocol{tls, dtls} {
8513 var suffix string
8514 if protocol == dtls {
8515 suffix = "-DTLS"
8516 }
8517
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8518 ret = append(ret, perMessageTest{
8519 messageType: typeClientHello,
8520 test: testCase{
8521 protocol: protocol,
8522 testType: serverTest,
8523 name: "ClientHello" + suffix,
8524 config: Config{
8525 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8526 },
8527 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8528 })
8529
8530 if protocol == dtls {
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8531 ret = append(ret, perMessageTest{
8532 messageType: typeHelloVerifyRequest,
8533 test: testCase{
8534 protocol: protocol,
8535 name: "HelloVerifyRequest" + suffix,
8536 config: Config{
8537 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8538 },
8539 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8540 })
8541 }
8542
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8543 ret = append(ret, perMessageTest{
8544 messageType: typeServerHello,
8545 test: testCase{
8546 protocol: protocol,
8547 name: "ServerHello" + suffix,
8548 config: Config{
8549 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8550 },
8551 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8552 })
8553
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8554 ret = append(ret, perMessageTest{
8555 messageType: typeCertificate,
8556 test: testCase{
8557 protocol: protocol,
8558 name: "ServerCertificate" + suffix,
8559 config: Config{
8560 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8561 },
8562 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8563 })
8564
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8565 ret = append(ret, perMessageTest{
8566 messageType: typeCertificateStatus,
8567 test: testCase{
8568 protocol: protocol,
8569 name: "CertificateStatus" + suffix,
8570 config: Config{
8571 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8572 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8573 flags: []string{"-enable-ocsp-stapling"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8574 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8575 })
8576
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8577 ret = append(ret, perMessageTest{
8578 messageType: typeServerKeyExchange,
8579 test: testCase{
8580 protocol: protocol,
8581 name: "ServerKeyExchange" + suffix,
8582 config: Config{
8583 MaxVersion: VersionTLS12,
8584 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8585 },
8586 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8587 })
8588
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8589 ret = append(ret, perMessageTest{
8590 messageType: typeCertificateRequest,
8591 test: testCase{
8592 protocol: protocol,
8593 name: "CertificateRequest" + suffix,
8594 config: Config{
8595 MaxVersion: VersionTLS12,
8596 ClientAuth: RequireAnyClientCert,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8597 },
8598 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8599 })
8600
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8601 ret = append(ret, perMessageTest{
8602 messageType: typeServerHelloDone,
8603 test: testCase{
8604 protocol: protocol,
8605 name: "ServerHelloDone" + suffix,
8606 config: Config{
8607 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8608 },
8609 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8610 })
8611
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8612 ret = append(ret, perMessageTest{
8613 messageType: typeCertificate,
8614 test: testCase{
8615 testType: serverTest,
8616 protocol: protocol,
8617 name: "ClientCertificate" + suffix,
8618 config: Config{
8619 Certificates: []Certificate{rsaCertificate},
8620 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8621 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8622 flags: []string{"-require-any-client-certificate"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8623 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8624 })
8625
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8626 ret = append(ret, perMessageTest{
8627 messageType: typeCertificateVerify,
8628 test: testCase{
8629 testType: serverTest,
8630 protocol: protocol,
8631 name: "CertificateVerify" + suffix,
8632 config: Config{
8633 Certificates: []Certificate{rsaCertificate},
8634 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8635 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8636 flags: []string{"-require-any-client-certificate"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8637 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8638 })
8639
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8640 ret = append(ret, perMessageTest{
8641 messageType: typeClientKeyExchange,
8642 test: testCase{
8643 testType: serverTest,
8644 protocol: protocol,
8645 name: "ClientKeyExchange" + suffix,
8646 config: Config{
8647 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8648 },
8649 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8650 })
8651
8652 if protocol != dtls {
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8653 ret = append(ret, perMessageTest{
8654 messageType: typeNextProtocol,
8655 test: testCase{
8656 testType: serverTest,
8657 protocol: protocol,
8658 name: "NextProtocol" + suffix,
8659 config: Config{
8660 MaxVersion: VersionTLS12,
8661 NextProtos: []string{"bar"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8662 },
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8663 flags: []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8664 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8665 })
8666
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8667 ret = append(ret, perMessageTest{
8668 messageType: typeChannelID,
8669 test: testCase{
8670 testType: serverTest,
8671 protocol: protocol,
8672 name: "ChannelID" + suffix,
8673 config: Config{
8674 MaxVersion: VersionTLS12,
8675 ChannelID: channelIDKey,
8676 },
8677 flags: []string{
8678 "-expect-channel-id",
8679 base64.StdEncoding.EncodeToString(channelIDBytes),
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8680 },
8681 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8682 })
8683 }
8684
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8685 ret = append(ret, perMessageTest{
8686 messageType: typeFinished,
8687 test: testCase{
8688 testType: serverTest,
8689 protocol: protocol,
8690 name: "ClientFinished" + suffix,
8691 config: Config{
8692 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8693 },
8694 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8695 })
8696
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8697 ret = append(ret, perMessageTest{
8698 messageType: typeNewSessionTicket,
8699 test: testCase{
8700 protocol: protocol,
8701 name: "NewSessionTicket" + suffix,
8702 config: Config{
8703 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8704 },
8705 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8706 })
8707
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8708 ret = append(ret, perMessageTest{
8709 messageType: typeFinished,
8710 test: testCase{
8711 protocol: protocol,
8712 name: "ServerFinished" + suffix,
8713 config: Config{
8714 MaxVersion: VersionTLS12,
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8715 },
8716 },
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8717 })
8718
8719 }
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8720
8721 ret = append(ret, perMessageTest{
8722 messageType: typeClientHello,
8723 test: testCase{
8724 testType: serverTest,
8725 name: "TLS13-ClientHello",
8726 config: Config{
8727 MaxVersion: VersionTLS13,
8728 },
8729 },
8730 })
8731
8732 ret = append(ret, perMessageTest{
8733 messageType: typeServerHello,
8734 test: testCase{
8735 name: "TLS13-ServerHello",
8736 config: Config{
8737 MaxVersion: VersionTLS13,
8738 },
8739 },
8740 })
8741
8742 ret = append(ret, perMessageTest{
8743 messageType: typeEncryptedExtensions,
8744 test: testCase{
8745 name: "TLS13-EncryptedExtensions",
8746 config: Config{
8747 MaxVersion: VersionTLS13,
8748 },
8749 },
8750 })
8751
8752 ret = append(ret, perMessageTest{
8753 messageType: typeCertificateRequest,
8754 test: testCase{
8755 name: "TLS13-CertificateRequest",
8756 config: Config{
8757 MaxVersion: VersionTLS13,
8758 ClientAuth: RequireAnyClientCert,
8759 },
8760 },
8761 })
8762
8763 ret = append(ret, perMessageTest{
8764 messageType: typeCertificate,
8765 test: testCase{
8766 name: "TLS13-ServerCertificate",
8767 config: Config{
8768 MaxVersion: VersionTLS13,
8769 },
8770 },
8771 })
8772
8773 ret = append(ret, perMessageTest{
8774 messageType: typeCertificateVerify,
8775 test: testCase{
8776 name: "TLS13-ServerCertificateVerify",
8777 config: Config{
8778 MaxVersion: VersionTLS13,
8779 },
8780 },
8781 })
8782
8783 ret = append(ret, perMessageTest{
8784 messageType: typeFinished,
8785 test: testCase{
8786 name: "TLS13-ServerFinished",
8787 config: Config{
8788 MaxVersion: VersionTLS13,
8789 },
8790 },
8791 })
8792
8793 ret = append(ret, perMessageTest{
8794 messageType: typeCertificate,
8795 test: testCase{
8796 testType: serverTest,
8797 name: "TLS13-ClientCertificate",
8798 config: Config{
8799 Certificates: []Certificate{rsaCertificate},
8800 MaxVersion: VersionTLS13,
8801 },
8802 flags: []string{"-require-any-client-certificate"},
8803 },
8804 })
8805
8806 ret = append(ret, perMessageTest{
8807 messageType: typeCertificateVerify,
8808 test: testCase{
8809 testType: serverTest,
8810 name: "TLS13-ClientCertificateVerify",
8811 config: Config{
8812 Certificates: []Certificate{rsaCertificate},
8813 MaxVersion: VersionTLS13,
8814 },
8815 flags: []string{"-require-any-client-certificate"},
8816 },
8817 })
8818
8819 ret = append(ret, perMessageTest{
8820 messageType: typeFinished,
8821 test: testCase{
8822 testType: serverTest,
8823 name: "TLS13-ClientFinished",
8824 config: Config{
8825 MaxVersion: VersionTLS13,
8826 },
8827 },
8828 })
8829
8830 return ret
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]8831}
8832
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8833func addWrongMessageTypeTests() {
8834 for _, t := range makePerMessageTests() {
8835 t.test.name = "WrongMessageType-" + t.test.name
8836 t.test.config.Bugs.SendWrongMessageType = t.messageType
8837 t.test.shouldFail = true
8838 t.test.expectedError = ":UNEXPECTED_MESSAGE:"
8839 t.test.expectedLocalError = "remote error: unexpected message"
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8840
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8841 if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
8842 // In TLS 1.3, a bad ServerHello means the client sends
8843 // an unencrypted alert while the server expects
8844 // encryption, so the alert is not readable by runner.
8845 t.test.expectedLocalError = "local error: bad record MAC"
8846 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8847
David Benjamincd2c8062016-09-09 11:28:16 -0400[diff] [blame]8848 testCases = append(testCases, t.test)
8849 }
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8850}
8851
David Benjamin639846e2016-09-09 11:41:18 -0400[diff] [blame]8852func addTrailingMessageDataTests() {
8853 for _, t := range makePerMessageTests() {
8854 t.test.name = "TrailingMessageData-" + t.test.name
8855 t.test.config.Bugs.SendTrailingMessageData = t.messageType
8856 t.test.shouldFail = true
8857 t.test.expectedError = ":DECODE_ERROR:"
8858 t.test.expectedLocalError = "remote error: error decoding message"
8859
8860 if t.test.config.MaxVersion >= VersionTLS13 && t.messageType == typeServerHello {
8861 // In TLS 1.3, a bad ServerHello means the client sends
8862 // an unencrypted alert while the server expects
8863 // encryption, so the alert is not readable by runner.
8864 t.test.expectedLocalError = "local error: bad record MAC"
8865 }
8866
8867 if t.messageType == typeFinished {
8868 // Bad Finished messages read as the verify data having
8869 // the wrong length.
8870 t.test.expectedError = ":DIGEST_CHECK_FAILED:"
8871 t.test.expectedLocalError = "remote error: error decrypting message"
8872 }
8873
8874 testCases = append(testCases, t.test)
8875 }
8876}
8877
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8878func addTLS13HandshakeTests() {
8879 testCases = append(testCases, testCase{
8880 testType: clientTest,
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8881 name: "NegotiatePSKResumption-TLS13",
8882 config: Config{
8883 MaxVersion: VersionTLS13,
8884 Bugs: ProtocolBugs{
8885 NegotiatePSKResumption: true,
8886 },
8887 },
8888 resumeSession: true,
8889 shouldFail: true,
David Benjamindb5bd722016-12-08 18:21:27 -0500[diff] [blame]8890 expectedError: ":MISSING_KEY_SHARE:",
Steven Valdez803c77a2016-09-06 14:13:43 -0400[diff] [blame]8891 })
8892
8893 testCases = append(testCases, testCase{
8894 testType: clientTest,
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8895 name: "MissingKeyShare-Client",
8896 config: Config{
8897 MaxVersion: VersionTLS13,
8898 Bugs: ProtocolBugs{
8899 MissingKeyShare: true,
8900 },
8901 },
8902 shouldFail: true,
David Benjamindb5bd722016-12-08 18:21:27 -0500[diff] [blame]8903 expectedError: ":MISSING_KEY_SHARE:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8904 })
8905
8906 testCases = append(testCases, testCase{
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]8907 testType: serverTest,
8908 name: "MissingKeyShare-Server",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8909 config: Config{
8910 MaxVersion: VersionTLS13,
8911 Bugs: ProtocolBugs{
8912 MissingKeyShare: true,
8913 },
8914 },
8915 shouldFail: true,
8916 expectedError: ":MISSING_KEY_SHARE:",
8917 })
8918
8919 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8920 testType: serverTest,
8921 name: "DuplicateKeyShares",
8922 config: Config{
8923 MaxVersion: VersionTLS13,
8924 Bugs: ProtocolBugs{
8925 DuplicateKeyShares: true,
8926 },
8927 },
David Benjamin7e1f9842016-09-20 19:24:40 -0400[diff] [blame]8928 shouldFail: true,
8929 expectedError: ":DUPLICATE_KEY_SHARE:",
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]8930 })
8931
8932 testCases = append(testCases, testCase{
Steven Valdeza4ee74d2016-11-29 13:36:45 -0500[diff] [blame]8933 testType: serverTest,
8934 name: "SkipEarlyData",
8935 config: Config{
8936 MaxVersion: VersionTLS13,
8937 Bugs: ProtocolBugs{
8938 SendEarlyDataLength: 4,
8939 },
8940 },
8941 })
8942
8943 testCases = append(testCases, testCase{
8944 testType: serverTest,
8945 name: "SkipEarlyData-OmitEarlyDataExtension",
8946 config: Config{
8947 MaxVersion: VersionTLS13,
8948 Bugs: ProtocolBugs{
8949 SendEarlyDataLength: 4,
8950 OmitEarlyDataExtension: true,
8951 },
8952 },
8953 shouldFail: true,
8954 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8955 })
8956
8957 testCases = append(testCases, testCase{
8958 testType: serverTest,
8959 name: "SkipEarlyData-TooMuchData",
8960 config: Config{
8961 MaxVersion: VersionTLS13,
8962 Bugs: ProtocolBugs{
8963 SendEarlyDataLength: 16384 + 1,
8964 },
8965 },
8966 shouldFail: true,
8967 expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
8968 })
8969
8970 testCases = append(testCases, testCase{
8971 testType: serverTest,
8972 name: "SkipEarlyData-Interleaved",
8973 config: Config{
8974 MaxVersion: VersionTLS13,
8975 Bugs: ProtocolBugs{
8976 SendEarlyDataLength: 4,
8977 InterleaveEarlyData: true,
8978 },
8979 },
8980 shouldFail: true,
8981 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
8982 })
8983
8984 testCases = append(testCases, testCase{
8985 testType: serverTest,
8986 name: "SkipEarlyData-EarlyDataInTLS12",
8987 config: Config{
8988 MaxVersion: VersionTLS13,
8989 Bugs: ProtocolBugs{
8990 SendEarlyDataLength: 4,
8991 },
8992 },
8993 shouldFail: true,
8994 expectedError: ":UNEXPECTED_RECORD:",
8995 flags: []string{"-max-version", strconv.Itoa(VersionTLS12)},
8996 })
8997
8998 testCases = append(testCases, testCase{
8999 testType: serverTest,
9000 name: "SkipEarlyData-HRR",
9001 config: Config{
9002 MaxVersion: VersionTLS13,
9003 Bugs: ProtocolBugs{
9004 SendEarlyDataLength: 4,
9005 },
9006 DefaultCurves: []CurveID{},
9007 },
9008 })
9009
9010 testCases = append(testCases, testCase{
9011 testType: serverTest,
9012 name: "SkipEarlyData-HRR-Interleaved",
9013 config: Config{
9014 MaxVersion: VersionTLS13,
9015 Bugs: ProtocolBugs{
9016 SendEarlyDataLength: 4,
9017 InterleaveEarlyData: true,
9018 },
9019 DefaultCurves: []CurveID{},
9020 },
9021 shouldFail: true,
9022 expectedError: ":UNEXPECTED_RECORD:",
9023 })
9024
9025 testCases = append(testCases, testCase{
9026 testType: serverTest,
9027 name: "SkipEarlyData-HRR-TooMuchData",
9028 config: Config{
9029 MaxVersion: VersionTLS13,
9030 Bugs: ProtocolBugs{
9031 SendEarlyDataLength: 16384 + 1,
9032 },
9033 DefaultCurves: []CurveID{},
9034 },
9035 shouldFail: true,
9036 expectedError: ":TOO_MUCH_SKIPPED_EARLY_DATA:",
9037 })
9038
9039 // Test that skipping early data looking for cleartext correctly
9040 // processes an alert record.
9041 testCases = append(testCases, testCase{
9042 testType: serverTest,
9043 name: "SkipEarlyData-HRR-FatalAlert",
9044 config: Config{
9045 MaxVersion: VersionTLS13,
9046 Bugs: ProtocolBugs{
9047 SendEarlyAlert: true,
9048 SendEarlyDataLength: 4,
9049 },
9050 DefaultCurves: []CurveID{},
9051 },
9052 shouldFail: true,
9053 expectedError: ":SSLV3_ALERT_HANDSHAKE_FAILURE:",
9054 })
9055
9056 testCases = append(testCases, testCase{
9057 testType: serverTest,
9058 name: "SkipEarlyData-SecondClientHelloEarlyData",
9059 config: Config{
9060 MaxVersion: VersionTLS13,
9061 Bugs: ProtocolBugs{
9062 SendEarlyDataOnSecondClientHello: true,
9063 },
9064 DefaultCurves: []CurveID{},
9065 },
9066 shouldFail: true,
9067 expectedLocalError: "remote error: bad record MAC",
9068 })
9069
9070 testCases = append(testCases, testCase{
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9071 testType: clientTest,
9072 name: "EmptyEncryptedExtensions",
9073 config: Config{
9074 MaxVersion: VersionTLS13,
9075 Bugs: ProtocolBugs{
9076 EmptyEncryptedExtensions: true,
9077 },
9078 },
9079 shouldFail: true,
9080 expectedLocalError: "remote error: error decoding message",
9081 })
9082
9083 testCases = append(testCases, testCase{
9084 testType: clientTest,
9085 name: "EncryptedExtensionsWithKeyShare",
9086 config: Config{
9087 MaxVersion: VersionTLS13,
9088 Bugs: ProtocolBugs{
9089 EncryptedExtensionsWithKeyShare: true,
9090 },
9091 },
9092 shouldFail: true,
9093 expectedLocalError: "remote error: unsupported extension",
9094 })
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9095
9096 testCases = append(testCases, testCase{
9097 testType: serverTest,
9098 name: "SendHelloRetryRequest",
9099 config: Config{
9100 MaxVersion: VersionTLS13,
9101 // Require a HelloRetryRequest for every curve.
9102 DefaultCurves: []CurveID{},
9103 },
9104 expectedCurveID: CurveX25519,
9105 })
9106
9107 testCases = append(testCases, testCase{
9108 testType: serverTest,
9109 name: "SendHelloRetryRequest-2",
9110 config: Config{
9111 MaxVersion: VersionTLS13,
9112 DefaultCurves: []CurveID{CurveP384},
9113 },
9114 // Although the ClientHello did not predict our preferred curve,
9115 // we always select it whether it is predicted or not.
9116 expectedCurveID: CurveX25519,
9117 })
9118
9119 testCases = append(testCases, testCase{
9120 name: "UnknownCurve-HelloRetryRequest",
9121 config: Config{
9122 MaxVersion: VersionTLS13,
9123 // P-384 requires HelloRetryRequest in BoringSSL.
9124 CurvePreferences: []CurveID{CurveP384},
9125 Bugs: ProtocolBugs{
9126 SendHelloRetryRequestCurve: bogusCurve,
9127 },
9128 },
9129 shouldFail: true,
9130 expectedError: ":WRONG_CURVE:",
9131 })
9132
9133 testCases = append(testCases, testCase{
9134 name: "DisabledCurve-HelloRetryRequest",
9135 config: Config{
9136 MaxVersion: VersionTLS13,
9137 CurvePreferences: []CurveID{CurveP256},
9138 Bugs: ProtocolBugs{
9139 IgnorePeerCurvePreferences: true,
9140 },
9141 },
9142 flags: []string{"-p384-only"},
9143 shouldFail: true,
9144 expectedError: ":WRONG_CURVE:",
9145 })
9146
9147 testCases = append(testCases, testCase{
9148 name: "UnnecessaryHelloRetryRequest",
9149 config: Config{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9150 MaxVersion: VersionTLS13,
9151 CurvePreferences: []CurveID{CurveX25519},
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9152 Bugs: ProtocolBugs{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9153 SendHelloRetryRequestCurve: CurveX25519,
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9154 },
9155 },
9156 shouldFail: true,
9157 expectedError: ":WRONG_CURVE:",
9158 })
9159
9160 testCases = append(testCases, testCase{
9161 name: "SecondHelloRetryRequest",
9162 config: Config{
9163 MaxVersion: VersionTLS13,
9164 // P-384 requires HelloRetryRequest in BoringSSL.
9165 CurvePreferences: []CurveID{CurveP384},
9166 Bugs: ProtocolBugs{
9167 SecondHelloRetryRequest: true,
9168 },
9169 },
9170 shouldFail: true,
9171 expectedError: ":UNEXPECTED_MESSAGE:",
9172 })
9173
9174 testCases = append(testCases, testCase{
David Benjamin3baa6e12016-10-07 21:10:38 -0400[diff] [blame]9175 name: "HelloRetryRequest-Empty",
9176 config: Config{
9177 MaxVersion: VersionTLS13,
9178 Bugs: ProtocolBugs{
9179 AlwaysSendHelloRetryRequest: true,
9180 },
9181 },
9182 shouldFail: true,
9183 expectedError: ":DECODE_ERROR:",
9184 })
9185
9186 testCases = append(testCases, testCase{
9187 name: "HelloRetryRequest-DuplicateCurve",
9188 config: Config{
9189 MaxVersion: VersionTLS13,
9190 // P-384 requires a HelloRetryRequest against BoringSSL's default
9191 // configuration. Assert this ExpectMissingKeyShare.
9192 CurvePreferences: []CurveID{CurveP384},
9193 Bugs: ProtocolBugs{
9194 ExpectMissingKeyShare: true,
9195 DuplicateHelloRetryRequestExtensions: true,
9196 },
9197 },
9198 shouldFail: true,
9199 expectedError: ":DUPLICATE_EXTENSION:",
9200 expectedLocalError: "remote error: illegal parameter",
9201 })
9202
9203 testCases = append(testCases, testCase{
9204 name: "HelloRetryRequest-Cookie",
9205 config: Config{
9206 MaxVersion: VersionTLS13,
9207 Bugs: ProtocolBugs{
9208 SendHelloRetryRequestCookie: []byte("cookie"),
9209 },
9210 },
9211 })
9212
9213 testCases = append(testCases, testCase{
9214 name: "HelloRetryRequest-DuplicateCookie",
9215 config: Config{
9216 MaxVersion: VersionTLS13,
9217 Bugs: ProtocolBugs{
9218 SendHelloRetryRequestCookie: []byte("cookie"),
9219 DuplicateHelloRetryRequestExtensions: true,
9220 },
9221 },
9222 shouldFail: true,
9223 expectedError: ":DUPLICATE_EXTENSION:",
9224 expectedLocalError: "remote error: illegal parameter",
9225 })
9226
9227 testCases = append(testCases, testCase{
9228 name: "HelloRetryRequest-EmptyCookie",
9229 config: Config{
9230 MaxVersion: VersionTLS13,
9231 Bugs: ProtocolBugs{
9232 SendHelloRetryRequestCookie: []byte{},
9233 },
9234 },
9235 shouldFail: true,
9236 expectedError: ":DECODE_ERROR:",
9237 })
9238
9239 testCases = append(testCases, testCase{
9240 name: "HelloRetryRequest-Cookie-Curve",
9241 config: Config{
9242 MaxVersion: VersionTLS13,
9243 // P-384 requires HelloRetryRequest in BoringSSL.
9244 CurvePreferences: []CurveID{CurveP384},
9245 Bugs: ProtocolBugs{
9246 SendHelloRetryRequestCookie: []byte("cookie"),
9247 ExpectMissingKeyShare: true,
9248 },
9249 },
9250 })
9251
9252 testCases = append(testCases, testCase{
9253 name: "HelloRetryRequest-Unknown",
9254 config: Config{
9255 MaxVersion: VersionTLS13,
9256 Bugs: ProtocolBugs{
9257 CustomHelloRetryRequestExtension: "extension",
9258 },
9259 },
9260 shouldFail: true,
9261 expectedError: ":UNEXPECTED_EXTENSION:",
9262 expectedLocalError: "remote error: unsupported extension",
9263 })
9264
9265 testCases = append(testCases, testCase{
Steven Valdez5440fe02016-07-18 12:40:30 -0400[diff] [blame]9266 testType: serverTest,
9267 name: "SecondClientHelloMissingKeyShare",
9268 config: Config{
9269 MaxVersion: VersionTLS13,
9270 DefaultCurves: []CurveID{},
9271 Bugs: ProtocolBugs{
9272 SecondClientHelloMissingKeyShare: true,
9273 },
9274 },
9275 shouldFail: true,
9276 expectedError: ":MISSING_KEY_SHARE:",
9277 })
9278
9279 testCases = append(testCases, testCase{
9280 testType: serverTest,
9281 name: "SecondClientHelloWrongCurve",
9282 config: Config{
9283 MaxVersion: VersionTLS13,
9284 DefaultCurves: []CurveID{},
9285 Bugs: ProtocolBugs{
9286 MisinterpretHelloRetryRequestCurve: CurveP521,
9287 },
9288 },
9289 shouldFail: true,
9290 expectedError: ":WRONG_CURVE:",
9291 })
9292
9293 testCases = append(testCases, testCase{
9294 name: "HelloRetryRequestVersionMismatch",
9295 config: Config{
9296 MaxVersion: VersionTLS13,
9297 // P-384 requires HelloRetryRequest in BoringSSL.
9298 CurvePreferences: []CurveID{CurveP384},
9299 Bugs: ProtocolBugs{
9300 SendServerHelloVersion: 0x0305,
9301 },
9302 },
9303 shouldFail: true,
9304 expectedError: ":WRONG_VERSION_NUMBER:",
9305 })
9306
9307 testCases = append(testCases, testCase{
9308 name: "HelloRetryRequestCurveMismatch",
9309 config: Config{
9310 MaxVersion: VersionTLS13,
9311 // P-384 requires HelloRetryRequest in BoringSSL.
9312 CurvePreferences: []CurveID{CurveP384},
9313 Bugs: ProtocolBugs{
9314 // Send P-384 (correct) in the HelloRetryRequest.
9315 SendHelloRetryRequestCurve: CurveP384,
9316 // But send P-256 in the ServerHello.
9317 SendCurve: CurveP256,
9318 },
9319 },
9320 shouldFail: true,
9321 expectedError: ":WRONG_CURVE:",
9322 })
9323
9324 // Test the server selecting a curve that requires a HelloRetryRequest
9325 // without sending it.
9326 testCases = append(testCases, testCase{
9327 name: "SkipHelloRetryRequest",
9328 config: Config{
9329 MaxVersion: VersionTLS13,
9330 // P-384 requires HelloRetryRequest in BoringSSL.
9331 CurvePreferences: []CurveID{CurveP384},
9332 Bugs: ProtocolBugs{
9333 SkipHelloRetryRequest: true,
9334 },
9335 },
9336 shouldFail: true,
9337 expectedError: ":WRONG_CURVE:",
9338 })
David Benjamin8a8349b2016-08-18 02:32:23 -0400[diff] [blame]9339
9340 testCases = append(testCases, testCase{
9341 name: "TLS13-RequestContextInHandshake",
9342 config: Config{
9343 MaxVersion: VersionTLS13,
9344 MinVersion: VersionTLS13,
9345 ClientAuth: RequireAnyClientCert,
9346 Bugs: ProtocolBugs{
9347 SendRequestContext: []byte("request context"),
9348 },
9349 },
9350 flags: []string{
9351 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
9352 "-key-file", path.Join(*resourceDir, rsaKeyFile),
9353 },
9354 shouldFail: true,
9355 expectedError: ":DECODE_ERROR:",
9356 })
David Benjamin7e1f9842016-09-20 19:24:40 -0400[diff] [blame]9357
9358 testCases = append(testCases, testCase{
9359 testType: serverTest,
9360 name: "TLS13-TrailingKeyShareData",
9361 config: Config{
9362 MaxVersion: VersionTLS13,
9363 Bugs: ProtocolBugs{
9364 TrailingKeyShareData: true,
9365 },
9366 },
9367 shouldFail: true,
9368 expectedError: ":DECODE_ERROR:",
9369 })
David Benjamin7f78df42016-10-05 22:33:19 -0400[diff] [blame]9370
9371 testCases = append(testCases, testCase{
9372 name: "TLS13-AlwaysSelectPSKIdentity",
9373 config: Config{
9374 MaxVersion: VersionTLS13,
9375 Bugs: ProtocolBugs{
9376 AlwaysSelectPSKIdentity: true,
9377 },
9378 },
9379 shouldFail: true,
9380 expectedError: ":UNEXPECTED_EXTENSION:",
9381 })
9382
9383 testCases = append(testCases, testCase{
9384 name: "TLS13-InvalidPSKIdentity",
9385 config: Config{
9386 MaxVersion: VersionTLS13,
9387 Bugs: ProtocolBugs{
9388 SelectPSKIdentityOnResume: 1,
9389 },
9390 },
9391 resumeSession: true,
9392 shouldFail: true,
9393 expectedError: ":PSK_IDENTITY_NOT_FOUND:",
9394 })
David Benjamin1286bee2016-10-07 15:25:06 -0400[diff] [blame]9395
Steven Valdezaf3b8a92016-11-01 12:49:22 -0400[diff] [blame]9396 testCases = append(testCases, testCase{
9397 testType: serverTest,
9398 name: "TLS13-ExtraPSKIdentity",
9399 config: Config{
9400 MaxVersion: VersionTLS13,
9401 Bugs: ProtocolBugs{
David Benjaminaedf3032016-12-01 16:47:56 -0500[diff] [blame]9402 ExtraPSKIdentity: true,
9403 SendExtraPSKBinder: true,
Steven Valdezaf3b8a92016-11-01 12:49:22 -0400[diff] [blame]9404 },
9405 },
9406 resumeSession: true,
9407 })
9408
David Benjamin1286bee2016-10-07 15:25:06 -0400[diff] [blame]9409 // Test that unknown NewSessionTicket extensions are tolerated.
9410 testCases = append(testCases, testCase{
9411 name: "TLS13-CustomTicketExtension",
9412 config: Config{
9413 MaxVersion: VersionTLS13,
9414 Bugs: ProtocolBugs{
9415 CustomTicketExtension: "1234",
9416 },
9417 },
9418 })
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9419}
9420
David Benjaminabbbee12016-10-31 19:20:42 -0400[diff] [blame]9421func addTLS13CipherPreferenceTests() {
9422 // Test that client preference is honored if the shim has AES hardware
9423 // and ChaCha20-Poly1305 is preferred otherwise.
9424 testCases = append(testCases, testCase{
9425 testType: serverTest,
9426 name: "TLS13-CipherPreference-Server-ChaCha20-AES",
9427 config: Config{
9428 MaxVersion: VersionTLS13,
9429 CipherSuites: []uint16{
9430 TLS_CHACHA20_POLY1305_SHA256,
9431 TLS_AES_128_GCM_SHA256,
9432 },
9433 },
9434 flags: []string{
9435 "-expect-cipher-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9436 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9437 },
9438 })
9439
9440 testCases = append(testCases, testCase{
9441 testType: serverTest,
9442 name: "TLS13-CipherPreference-Server-AES-ChaCha20",
9443 config: Config{
9444 MaxVersion: VersionTLS13,
9445 CipherSuites: []uint16{
9446 TLS_AES_128_GCM_SHA256,
9447 TLS_CHACHA20_POLY1305_SHA256,
9448 },
9449 },
9450 flags: []string{
9451 "-expect-cipher-aes", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)),
9452 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9453 },
9454 })
9455
9456 // Test that the client orders ChaCha20-Poly1305 and AES-GCM based on
9457 // whether it has AES hardware.
9458 testCases = append(testCases, testCase{
9459 name: "TLS13-CipherPreference-Client",
9460 config: Config{
9461 MaxVersion: VersionTLS13,
9462 // Use the client cipher order. (This is the default but
9463 // is listed to be explicit.)
9464 PreferServerCipherSuites: false,
9465 },
9466 flags: []string{
9467 "-expect-cipher-aes", strconv.Itoa(int(TLS_AES_128_GCM_SHA256)),
9468 "-expect-cipher-no-aes", strconv.Itoa(int(TLS_CHACHA20_POLY1305_SHA256)),
9469 },
9470 })
9471}
9472
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9473func addPeekTests() {
9474 // Test SSL_peek works, including on empty records.
9475 testCases = append(testCases, testCase{
9476 name: "Peek-Basic",
9477 sendEmptyRecords: 1,
9478 flags: []string{"-peek-then-read"},
9479 })
9480
9481 // Test SSL_peek can drive the initial handshake.
9482 testCases = append(testCases, testCase{
9483 name: "Peek-ImplicitHandshake",
9484 flags: []string{
9485 "-peek-then-read",
9486 "-implicit-handshake",
9487 },
9488 })
9489
9490 // Test SSL_peek can discover and drive a renegotiation.
9491 testCases = append(testCases, testCase{
9492 name: "Peek-Renegotiate",
9493 config: Config{
9494 MaxVersion: VersionTLS12,
9495 },
9496 renegotiate: 1,
9497 flags: []string{
9498 "-peek-then-read",
9499 "-renegotiate-freely",
9500 "-expect-total-renegotiations", "1",
9501 },
9502 })
9503
9504 // Test SSL_peek can discover a close_notify.
9505 testCases = append(testCases, testCase{
9506 name: "Peek-Shutdown",
9507 config: Config{
9508 Bugs: ProtocolBugs{
9509 ExpectCloseNotify: true,
9510 },
9511 },
9512 flags: []string{
9513 "-peek-then-read",
9514 "-check-close-notify",
9515 },
9516 })
9517
9518 // Test SSL_peek can discover an alert.
9519 testCases = append(testCases, testCase{
9520 name: "Peek-Alert",
9521 config: Config{
9522 Bugs: ProtocolBugs{
9523 SendSpuriousAlert: alertRecordOverflow,
9524 },
9525 },
9526 flags: []string{"-peek-then-read"},
9527 shouldFail: true,
9528 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
9529 })
9530
9531 // Test SSL_peek can handle KeyUpdate.
9532 testCases = append(testCases, testCase{
9533 name: "Peek-KeyUpdate",
9534 config: Config{
9535 MaxVersion: VersionTLS13,
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9536 },
Steven Valdezc4aa7272016-10-03 12:25:56 -0400[diff] [blame]9537 sendKeyUpdates: 1,
9538 keyUpdateRequest: keyUpdateNotRequested,
9539 flags: []string{"-peek-then-read"},
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9540 })
9541}
9542
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]9543func addRecordVersionTests() {
9544 for _, ver := range tlsVersions {
9545 // Test that the record version is enforced.
9546 testCases = append(testCases, testCase{
9547 name: "CheckRecordVersion-" + ver.name,
9548 config: Config{
9549 MinVersion: ver.version,
9550 MaxVersion: ver.version,
9551 Bugs: ProtocolBugs{
9552 SendRecordVersion: 0x03ff,
9553 },
9554 },
9555 shouldFail: true,
9556 expectedError: ":WRONG_VERSION_NUMBER:",
9557 })
9558
9559 // Test that the ClientHello may use any record version, for
9560 // compatibility reasons.
9561 testCases = append(testCases, testCase{
9562 testType: serverTest,
9563 name: "LooseInitialRecordVersion-" + ver.name,
9564 config: Config{
9565 MinVersion: ver.version,
9566 MaxVersion: ver.version,
9567 Bugs: ProtocolBugs{
9568 SendInitialRecordVersion: 0x03ff,
9569 },
9570 },
9571 })
9572
9573 // Test that garbage ClientHello record versions are rejected.
9574 testCases = append(testCases, testCase{
9575 testType: serverTest,
9576 name: "GarbageInitialRecordVersion-" + ver.name,
9577 config: Config{
9578 MinVersion: ver.version,
9579 MaxVersion: ver.version,
9580 Bugs: ProtocolBugs{
9581 SendInitialRecordVersion: 0xffff,
9582 },
9583 },
9584 shouldFail: true,
9585 expectedError: ":WRONG_VERSION_NUMBER:",
9586 })
9587 }
9588}
9589
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9590func addCertificateTests() {
9591 // Test that a certificate chain with intermediate may be sent and
9592 // received as both client and server.
9593 for _, ver := range tlsVersions {
9594 testCases = append(testCases, testCase{
9595 testType: clientTest,
9596 name: "SendReceiveIntermediate-Client-" + ver.name,
9597 config: Config{
Adam Langleycd6cfb02016-12-06 15:11:00 -0800[diff] [blame]9598 MinVersion: ver.version,
9599 MaxVersion: ver.version,
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9600 Certificates: []Certificate{rsaChainCertificate},
9601 ClientAuth: RequireAnyClientCert,
9602 },
9603 expectPeerCertificate: &rsaChainCertificate,
9604 flags: []string{
9605 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9606 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
9607 "-expect-peer-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9608 },
9609 })
9610
9611 testCases = append(testCases, testCase{
9612 testType: serverTest,
9613 name: "SendReceiveIntermediate-Server-" + ver.name,
9614 config: Config{
Adam Langleycd6cfb02016-12-06 15:11:00 -0800[diff] [blame]9615 MinVersion: ver.version,
9616 MaxVersion: ver.version,
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9617 Certificates: []Certificate{rsaChainCertificate},
9618 },
9619 expectPeerCertificate: &rsaChainCertificate,
9620 flags: []string{
9621 "-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9622 "-key-file", path.Join(*resourceDir, rsaChainKeyFile),
9623 "-require-any-client-certificate",
9624 "-expect-peer-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
9625 },
9626 })
9627 }
9628}
9629
David Benjaminbbaf3672016-11-17 10:53:09 +0900[diff] [blame]9630func addRetainOnlySHA256ClientCertTests() {
9631 for _, ver := range tlsVersions {
9632 // Test that enabling
9633 // SSL_CTX_set_retain_only_sha256_of_client_certs without
9634 // actually requesting a client certificate is a no-op.
9635 testCases = append(testCases, testCase{
9636 testType: serverTest,
9637 name: "RetainOnlySHA256-NoCert-" + ver.name,
9638 config: Config{
9639 MinVersion: ver.version,
9640 MaxVersion: ver.version,
9641 },
9642 flags: []string{
9643 "-retain-only-sha256-client-cert-initial",
9644 "-retain-only-sha256-client-cert-resume",
9645 },
9646 resumeSession: true,
9647 })
9648
9649 // Test that when retaining only a SHA-256 certificate is
9650 // enabled, the hash appears as expected.
9651 testCases = append(testCases, testCase{
9652 testType: serverTest,
9653 name: "RetainOnlySHA256-Cert-" + ver.name,
9654 config: Config{
9655 MinVersion: ver.version,
9656 MaxVersion: ver.version,
9657 Certificates: []Certificate{rsaCertificate},
9658 },
9659 flags: []string{
9660 "-verify-peer",
9661 "-retain-only-sha256-client-cert-initial",
9662 "-retain-only-sha256-client-cert-resume",
9663 "-expect-sha256-client-cert-initial",
9664 "-expect-sha256-client-cert-resume",
9665 },
9666 resumeSession: true,
9667 })
9668
9669 // Test that when the config changes from on to off, a
9670 // resumption is rejected because the server now wants the full
9671 // certificate chain.
9672 testCases = append(testCases, testCase{
9673 testType: serverTest,
9674 name: "RetainOnlySHA256-OnOff-" + ver.name,
9675 config: Config{
9676 MinVersion: ver.version,
9677 MaxVersion: ver.version,
9678 Certificates: []Certificate{rsaCertificate},
9679 },
9680 flags: []string{
9681 "-verify-peer",
9682 "-retain-only-sha256-client-cert-initial",
9683 "-expect-sha256-client-cert-initial",
9684 },
9685 resumeSession: true,
9686 expectResumeRejected: true,
9687 })
9688
9689 // Test that when the config changes from off to on, a
9690 // resumption is rejected because the server now wants just the
9691 // hash.
9692 testCases = append(testCases, testCase{
9693 testType: serverTest,
9694 name: "RetainOnlySHA256-OffOn-" + ver.name,
9695 config: Config{
9696 MinVersion: ver.version,
9697 MaxVersion: ver.version,
9698 Certificates: []Certificate{rsaCertificate},
9699 },
9700 flags: []string{
9701 "-verify-peer",
9702 "-retain-only-sha256-client-cert-resume",
9703 "-expect-sha256-client-cert-resume",
9704 },
9705 resumeSession: true,
9706 expectResumeRejected: true,
9707 })
9708 }
9709}
9710
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]9711func addECDSAKeyUsageTests() {
9712 p256 := elliptic.P256()
9713 priv, err := ecdsa.GenerateKey(p256, rand.Reader)
9714 if err != nil {
9715 panic(err)
9716 }
9717
9718 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
9719 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
9720 if err != nil {
9721 panic(err)
9722 }
9723
9724 template := x509.Certificate{
9725 SerialNumber: serialNumber,
9726 Subject: pkix.Name{
9727 Organization: []string{"Acme Co"},
9728 },
9729 NotBefore: time.Now(),
9730 NotAfter: time.Now(),
9731
9732 // An ECC certificate with only the keyAgreement key usgae may
9733 // be used with ECDH, but not ECDSA.
9734 KeyUsage: x509.KeyUsageKeyAgreement,
9735 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
9736 BasicConstraintsValid: true,
9737 }
9738
9739 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
9740 if err != nil {
9741 panic(err)
9742 }
9743
9744 cert := Certificate{
9745 Certificate: [][]byte{derBytes},
9746 PrivateKey: priv,
9747 }
9748
9749 for _, ver := range tlsVersions {
9750 if ver.version < VersionTLS12 {
9751 continue
9752 }
9753
9754 testCases = append(testCases, testCase{
9755 testType: clientTest,
9756 name: "ECDSAKeyUsage-" + ver.name,
9757 config: Config{
9758 MinVersion: ver.version,
9759 MaxVersion: ver.version,
9760 Certificates: []Certificate{cert},
9761 },
9762 shouldFail: true,
9763 expectedError: ":ECC_CERT_NOT_FOR_SIGNING:",
9764 })
9765 }
9766}
9767
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9768func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9769 defer wg.Done()
9770
9771 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9772 var err error
9773
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]9774 if *mallocTest >= 0 {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9775 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
9776 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9777 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9778 if err != nil {
9779 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
9780 }
9781 break
9782 }
9783 }
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]9784 } else if *repeatUntilFailure {
9785 for err == nil {
9786 statusChan <- statusMsg{test: test, started: true}
9787 err = runTest(test, shimPath, -1)
9788 }
9789 } else {
9790 statusChan <- statusMsg{test: test, started: true}
9791 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]9792 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9793 statusChan <- statusMsg{test: test, err: err}
9794 }
9795}
9796
9797type statusMsg struct {
9798 test *testCase
9799 started bool
9800 err error
9801}
9802
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9803func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9804 var started, done, failed, unimplemented, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9805
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9806 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9807 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9808 if !*pipe {
9809 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]9810 var erase string
9811 for i := 0; i < lineLen; i++ {
9812 erase += "\b \b"
9813 }
9814 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9815 }
9816
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9817 if msg.started {
9818 started++
9819 } else {
9820 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9821
9822 if msg.err != nil {
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9823 if msg.err == errUnimplemented {
9824 if *pipe {
9825 // Print each test instead of a status line.
9826 fmt.Printf("UNIMPLEMENTED (%s)\n", msg.test.name)
9827 }
9828 unimplemented++
9829 testOutput.addResult(msg.test.name, "UNIMPLEMENTED")
9830 } else {
9831 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
9832 failed++
9833 testOutput.addResult(msg.test.name, "FAIL")
9834 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9835 } else {
9836 if *pipe {
9837 // Print each test instead of a status line.
9838 fmt.Printf("PASSED (%s)\n", msg.test.name)
9839 }
9840 testOutput.addResult(msg.test.name, "PASS")
9841 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9842 }
9843
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9844 if !*pipe {
9845 // Print a new status line.
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9846 line := fmt.Sprintf("%d/%d/%d/%d/%d", failed, unimplemented, done, started, total)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9847 lineLen = len(line)
9848 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9849 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9850 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9851
9852 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9853}
9854
9855func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9856 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9857 *resourceDir = path.Clean(*resourceDir)
David Benjamin33863262016-07-08 17:20:12 -0700[diff] [blame]9858 initCertificates()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9859
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9860 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9861 addCipherSuiteTests()
9862 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]9863 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]9864 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]9865 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]9866 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]9867 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]9868 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]9869 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]9870 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]9871 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]9872 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]9873 addDTLSReplayTests()
Nick Harper60edffd2016-06-21 15:19:24 -0700[diff] [blame]9874 addSignatureAlgorithmTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]9875 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]9876 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]9877 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]9878 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]9879 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]9880 addCurveTests()
Steven Valdez5b986082016-09-01 12:29:49 -0400[diff] [blame]9881 addSessionTicketTests()
David Benjaminc9ae27c2016-06-24 22:56:37 -0400[diff] [blame]9882 addTLS13RecordTests()
David Benjamin582ba042016-07-07 12:33:25 -0700[diff] [blame]9883 addAllStateMachineCoverageTests()
David Benjamin82261be2016-07-07 14:32:50 -0700[diff] [blame]9884 addChangeCipherSpecTests()
David Benjamin0b8d5da2016-07-15 00:39:56 -0400[diff] [blame]9885 addWrongMessageTypeTests()
David Benjamin639846e2016-09-09 11:41:18 -0400[diff] [blame]9886 addTrailingMessageDataTests()
Steven Valdez143e8b32016-07-11 13:19:03 -0400[diff] [blame]9887 addTLS13HandshakeTests()
David Benjaminabbbee12016-10-31 19:20:42 -0400[diff] [blame]9888 addTLS13CipherPreferenceTests()
David Benjaminf3fbade2016-09-19 13:08:16 -0400[diff] [blame]9889 addPeekTests()
David Benjamine6f22212016-11-08 14:28:24 -0500[diff] [blame]9890 addRecordVersionTests()
David Benjamin2c516452016-11-15 10:16:54 +0900[diff] [blame]9891 addCertificateTests()
David Benjaminbbaf3672016-11-17 10:53:09 +0900[diff] [blame]9892 addRetainOnlySHA256ClientCertTests()
Adam Langleya4b91982016-12-12 12:05:53 -0800[diff] [blame]9893 addECDSAKeyUsageTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9894
9895 var wg sync.WaitGroup
9896
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9897 statusChan := make(chan statusMsg, *numWorkers)
9898 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9899 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9900
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]9901 if len(*shimConfigFile) != 0 {
9902 encoded, err := ioutil.ReadFile(*shimConfigFile)
9903 if err != nil {
9904 fmt.Fprintf(os.Stderr, "Couldn't read config file %q: %s\n", *shimConfigFile, err)
9905 os.Exit(1)
9906 }
9907
9908 if err := json.Unmarshal(encoded, &shimConfig); err != nil {
9909 fmt.Fprintf(os.Stderr, "Couldn't decode config file %q: %s\n", *shimConfigFile, err)
9910 os.Exit(1)
9911 }
9912 }
9913
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]9914 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9915
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9916 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9917 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]9918 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9919 }
9920
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9921 var foundTest bool
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]9922 for i := range testCases {
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]9923 matched := true
9924 if len(*testToRun) != 0 {
9925 var err error
9926 matched, err = filepath.Match(*testToRun, testCases[i].name)
9927 if err != nil {
9928 fmt.Fprintf(os.Stderr, "Error matching pattern: %s\n", err)
9929 os.Exit(1)
9930 }
9931 }
9932
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]9933 if !*includeDisabled {
9934 for pattern := range shimConfig.DisabledTests {
9935 isDisabled, err := filepath.Match(pattern, testCases[i].name)
9936 if err != nil {
9937 fmt.Fprintf(os.Stderr, "Error matching pattern %q from config file: %s\n", pattern, err)
9938 os.Exit(1)
9939 }
9940
9941 if isDisabled {
9942 matched = false
9943 break
9944 }
9945 }
9946 }
9947
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]9948 if matched {
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9949 foundTest = true
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]9950 testChan <- &testCases[i]
David Benjaminba28dfc2016-11-15 17:47:21 +0900[diff] [blame]9951
9952 // Only run one test if repeating until failure.
9953 if *repeatUntilFailure {
9954 break
9955 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9956 }
9957 }
David Benjamin17e12922016-07-28 18:04:43 -0400[diff] [blame]9958
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9959 if !foundTest {
EKRf71d7ed2016-08-06 13:25:12 -0700[diff] [blame]9960 fmt.Fprintf(os.Stderr, "No tests run\n")
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]9961 os.Exit(1)
9962 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9963
9964 close(testChan)
9965 wg.Wait()
9966 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9967 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9968
9969 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]9970
9971 if *jsonOutput != "" {
9972 if err := testOutput.writeTo(*jsonOutput); err != nil {
9973 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
9974 }
9975 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]9976
EKR842ae6c2016-07-27 09:22:05 +0200[diff] [blame]9977 if !*allowUnimplemented && testOutput.NumFailuresByType["UNIMPLEMENTED"] > 0 {
9978 os.Exit(1)
9979 }
9980
9981 if !testOutput.noneFailed {
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]9982 os.Exit(1)
9983 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]9984}