Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / c574f4114da9c4b1a5fed3611bd4d414ea1850ec / . / ssl / test / runner / runner.go
blob: 8178def4838c2655e991111d93d45f78add90ce1 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1package main
2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]14 "net"
15 "os"
16 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]17 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]18 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]19 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]20 "strings"
21 "sync"
22 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]23 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]24)
25
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]26var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]27 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
28 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
29 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
30 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
31 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
32 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
33 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]34)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]35
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]36const (
37 rsaCertificateFile = "cert.pem"
38 ecdsaCertificateFile = "ecdsa_cert.pem"
39)
40
41const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]42 rsaKeyFile = "key.pem"
43 ecdsaKeyFile = "ecdsa_key.pem"
44 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]45)
46
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]47var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]48var channelIDKey *ecdsa.PrivateKey
49var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]50
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]51var testOCSPResponse = []byte{1, 2, 3, 4}
52var testSCTList = []byte{5, 6, 7, 8}
53
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]54func initCertificates() {
55 var err error
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]56 rsaCertificate, err = LoadX509KeyPair(rsaCertificateFile, rsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]57 if err != nil {
58 panic(err)
59 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]60 rsaCertificate.OCSPStaple = testOCSPResponse
61 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]62
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]63 ecdsaCertificate, err = LoadX509KeyPair(ecdsaCertificateFile, ecdsaKeyFile)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]64 if err != nil {
65 panic(err)
66 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]67 ecdsaCertificate.OCSPStaple = testOCSPResponse
68 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]69
70 channelIDPEMBlock, err := ioutil.ReadFile(channelIDKeyFile)
71 if err != nil {
72 panic(err)
73 }
74 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
75 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
76 panic("bad key type")
77 }
78 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
79 if err != nil {
80 panic(err)
81 }
82 if channelIDKey.Curve != elliptic.P256() {
83 panic("bad curve")
84 }
85
86 channelIDBytes = make([]byte, 64)
87 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
88 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]89}
90
91var certificateOnce sync.Once
92
93func getRSACertificate() Certificate {
94 certificateOnce.Do(initCertificates)
95 return rsaCertificate
96}
97
98func getECDSACertificate() Certificate {
99 certificateOnce.Do(initCertificates)
100 return ecdsaCertificate
101}
102
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]103type testType int
104
105const (
106 clientTest testType = iota
107 serverTest
108)
109
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]110type protocol int
111
112const (
113 tls protocol = iota
114 dtls
115)
116
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]117const (
118 alpn = 1
119 npn = 2
120)
121
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]122type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]123 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]124 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]125 name string
126 config Config
127 shouldFail bool
128 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]129 // expectedLocalError, if not empty, contains a substring that must be
130 // found in the local error.
131 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]132 // expectedVersion, if non-zero, specifies the TLS version that must be
133 // negotiated.
134 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]135 // expectedResumeVersion, if non-zero, specifies the TLS version that
136 // must be negotiated on resumption. If zero, expectedVersion is used.
137 expectedResumeVersion uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]138 // expectChannelID controls whether the connection should have
139 // negotiated a Channel ID with channelIDKey.
140 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]141 // expectedNextProto controls whether the connection should
142 // negotiate a next protocol via NPN or ALPN.
143 expectedNextProto string
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]144 // expectedNextProtoType, if non-zero, is the expected next
145 // protocol negotiation mechanism.
146 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]147 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
148 // should be negotiated. If zero, none should be negotiated.
149 expectedSRTPProtectionProfile uint16
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]150 // messageLen is the length, in bytes, of the test message that will be
151 // sent.
152 messageLen int
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]153 // certFile is the path to the certificate to use for the server.
154 certFile string
155 // keyFile is the path to the private key to use for the server.
156 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]157 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]158 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]159 resumeSession bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]160 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]161 // resumption. Unless newSessionsOnResume is set,
162 // SessionTicketKey, ServerSessionCache, and
163 // ClientSessionCache are copied from the initial connection's
164 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]165 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]166 // newSessionsOnResume, if true, will cause resumeConfig to
167 // use a different session resumption context.
168 newSessionsOnResume bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]169 // sendPrefix sends a prefix on the socket before actually performing a
170 // handshake.
171 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]172 // shimWritesFirst controls whether the shim sends an initial "hello"
173 // message before doing a roundtrip with the runner.
174 shimWritesFirst bool
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]175 // renegotiate indicates the the connection should be renegotiated
176 // during the exchange.
177 renegotiate bool
178 // renegotiateCiphers is a list of ciphersuite ids that will be
179 // switched in just before renegotiation.
180 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]181 // replayWrites, if true, configures the underlying transport
182 // to replay every write it makes in DTLS tests.
183 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]184 // damageFirstWrite, if true, configures the underlying transport to
185 // damage the final byte of the first application data write.
186 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]187 // exportKeyingMaterial, if non-zero, configures the test to exchange
188 // keying material and verify they match.
189 exportKeyingMaterial int
190 exportLabel string
191 exportContext string
192 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]193 // flags, if not empty, contains a list of command-line flags that will
194 // be passed to the shim program.
195 flags []string
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]196}
197
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]198var testCases = []testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]199 {
200 name: "BadRSASignature",
201 config: Config{
202 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
203 Bugs: ProtocolBugs{
204 InvalidSKXSignature: true,
205 },
206 },
207 shouldFail: true,
David Benjamin25f08462015-04-15 16:13:49 -0400[diff] [blame]208 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]209 },
210 {
211 name: "BadECDSASignature",
212 config: Config{
213 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
214 Bugs: ProtocolBugs{
215 InvalidSKXSignature: true,
216 },
217 Certificates: []Certificate{getECDSACertificate()},
218 },
219 shouldFail: true,
220 expectedError: ":BAD_SIGNATURE:",
221 },
222 {
223 name: "BadECDSACurve",
224 config: Config{
225 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
226 Bugs: ProtocolBugs{
227 InvalidSKXCurve: true,
228 },
229 Certificates: []Certificate{getECDSACertificate()},
230 },
231 shouldFail: true,
232 expectedError: ":WRONG_CURVE:",
233 },
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]234 {
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]235 testType: serverTest,
236 name: "BadRSAVersion",
237 config: Config{
238 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
239 Bugs: ProtocolBugs{
240 RsaClientKeyExchangeVersion: VersionTLS11,
241 },
242 },
243 shouldFail: true,
244 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
245 },
246 {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]247 name: "NoFallbackSCSV",
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]248 config: Config{
249 Bugs: ProtocolBugs{
250 FailIfNotFallbackSCSV: true,
251 },
252 },
253 shouldFail: true,
254 expectedLocalError: "no fallback SCSV found",
255 },
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]256 {
David Benjamin2a0c4962014-08-22 23:46:35 -0400[diff] [blame]257 name: "SendFallbackSCSV",
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]258 config: Config{
259 Bugs: ProtocolBugs{
260 FailIfNotFallbackSCSV: true,
261 },
262 },
263 flags: []string{"-fallback-scsv"},
264 },
David Benjamin197b3ab2014-07-02 18:37:33 -0400[diff] [blame]265 {
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]266 name: "ClientCertificateTypes",
267 config: Config{
268 ClientAuth: RequestClientCert,
269 ClientCertificateTypes: []byte{
270 CertTypeDSSSign,
271 CertTypeRSASign,
272 CertTypeECDSASign,
273 },
274 },
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]275 flags: []string{
276 "-expect-certificate-types",
277 base64.StdEncoding.EncodeToString([]byte{
278 CertTypeDSSSign,
279 CertTypeRSASign,
280 CertTypeECDSASign,
281 }),
282 },
David Benjamin7b030512014-07-08 17:30:11 -0400[diff] [blame]283 },
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]284 {
285 name: "NoClientCertificate",
286 config: Config{
287 ClientAuth: RequireAnyClientCert,
288 },
289 shouldFail: true,
290 expectedLocalError: "client didn't provide a certificate",
291 },
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]292 {
293 name: "UnauthenticatedECDH",
294 config: Config{
295 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
296 Bugs: ProtocolBugs{
297 UnauthenticatedECDH: true,
298 },
299 },
300 shouldFail: true,
David Benjamine8f3d662014-07-12 01:10:19 -0400[diff] [blame]301 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin1c375dd2014-07-12 00:48:23 -0400[diff] [blame]302 },
David Benjamin9c651c92014-07-12 13:27:45 -0400[diff] [blame]303 {
304 name: "SkipServerKeyExchange",
305 config: Config{
306 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
307 Bugs: ProtocolBugs{
308 SkipServerKeyExchange: true,
309 },
310 },
311 shouldFail: true,
312 expectedError: ":UNEXPECTED_MESSAGE:",
313 },
David Benjamin1f5f62b2014-07-12 16:18:02 -0400[diff] [blame]314 {
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]315 name: "SkipChangeCipherSpec-Client",
316 config: Config{
317 Bugs: ProtocolBugs{
318 SkipChangeCipherSpec: true,
319 },
320 },
321 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]322 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]323 },
324 {
325 testType: serverTest,
326 name: "SkipChangeCipherSpec-Server",
327 config: Config{
328 Bugs: ProtocolBugs{
329 SkipChangeCipherSpec: true,
330 },
331 },
332 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]333 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamina0e52232014-07-19 17:39:58 -0400[diff] [blame]334 },
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]335 {
336 testType: serverTest,
337 name: "SkipChangeCipherSpec-Server-NPN",
338 config: Config{
339 NextProtos: []string{"bar"},
340 Bugs: ProtocolBugs{
341 SkipChangeCipherSpec: true,
342 },
343 },
344 flags: []string{
345 "-advertise-npn", "\x03foo\x03bar\x03baz",
346 },
347 shouldFail: true,
David Benjamin86271ee2014-07-21 16:14:03 -0400[diff] [blame]348 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
349 },
350 {
351 name: "FragmentAcrossChangeCipherSpec-Client",
352 config: Config{
353 Bugs: ProtocolBugs{
354 FragmentAcrossChangeCipherSpec: true,
355 },
356 },
357 shouldFail: true,
358 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
359 },
360 {
361 testType: serverTest,
362 name: "FragmentAcrossChangeCipherSpec-Server",
363 config: Config{
364 Bugs: ProtocolBugs{
365 FragmentAcrossChangeCipherSpec: true,
366 },
367 },
368 shouldFail: true,
369 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
370 },
371 {
372 testType: serverTest,
373 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
374 config: Config{
375 NextProtos: []string{"bar"},
376 Bugs: ProtocolBugs{
377 FragmentAcrossChangeCipherSpec: true,
378 },
379 },
380 flags: []string{
381 "-advertise-npn", "\x03foo\x03bar\x03baz",
382 },
383 shouldFail: true,
384 expectedError: ":HANDSHAKE_RECORD_BEFORE_CCS:",
David Benjamin42be6452014-07-21 14:50:23 -0400[diff] [blame]385 },
David Benjaminf3ec83d2014-07-21 22:42:34 -0400[diff] [blame]386 {
387 testType: serverTest,
David Benjamin3fd1fbd2015-02-03 16:07:32 -0500[diff] [blame]388 name: "Alert",
389 config: Config{
390 Bugs: ProtocolBugs{
391 SendSpuriousAlert: alertRecordOverflow,
392 },
393 },
394 shouldFail: true,
395 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
396 },
397 {
398 protocol: dtls,
399 testType: serverTest,
400 name: "Alert-DTLS",
401 config: Config{
402 Bugs: ProtocolBugs{
403 SendSpuriousAlert: alertRecordOverflow,
404 },
405 },
406 shouldFail: true,
407 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
408 },
409 {
410 testType: serverTest,
Alex Chernyakhovsky4cd8c432014-11-01 19:39:08 -0400[diff] [blame]411 name: "FragmentAlert",
412 config: Config{
413 Bugs: ProtocolBugs{
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]414 FragmentAlert: true,
David Benjamin3fd1fbd2015-02-03 16:07:32 -0500[diff] [blame]415 SendSpuriousAlert: alertRecordOverflow,
Alex Chernyakhovsky4cd8c432014-11-01 19:39:08 -0400[diff] [blame]416 },
417 },
418 shouldFail: true,
419 expectedError: ":BAD_ALERT:",
420 },
421 {
David Benjamin0ea8dda2015-01-31 20:33:40 -0500[diff] [blame]422 protocol: dtls,
423 testType: serverTest,
424 name: "FragmentAlert-DTLS",
425 config: Config{
426 Bugs: ProtocolBugs{
427 FragmentAlert: true,
David Benjamin3fd1fbd2015-02-03 16:07:32 -0500[diff] [blame]428 SendSpuriousAlert: alertRecordOverflow,
David Benjamin0ea8dda2015-01-31 20:33:40 -0500[diff] [blame]429 },
430 },
431 shouldFail: true,
432 expectedError: ":BAD_ALERT:",
433 },
434 {
Alex Chernyakhovsky4cd8c432014-11-01 19:39:08 -0400[diff] [blame]435 testType: serverTest,
David Benjaminf3ec83d2014-07-21 22:42:34 -0400[diff] [blame]436 name: "EarlyChangeCipherSpec-server-1",
437 config: Config{
438 Bugs: ProtocolBugs{
439 EarlyChangeCipherSpec: 1,
440 },
441 },
442 shouldFail: true,
443 expectedError: ":CCS_RECEIVED_EARLY:",
444 },
445 {
446 testType: serverTest,
447 name: "EarlyChangeCipherSpec-server-2",
448 config: Config{
449 Bugs: ProtocolBugs{
450 EarlyChangeCipherSpec: 2,
451 },
452 },
453 shouldFail: true,
454 expectedError: ":CCS_RECEIVED_EARLY:",
455 },
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]456 {
David Benjamind23f4122014-07-23 15:09:48 -0400[diff] [blame]457 name: "SkipNewSessionTicket",
458 config: Config{
459 Bugs: ProtocolBugs{
460 SkipNewSessionTicket: true,
461 },
462 },
463 shouldFail: true,
464 expectedError: ":CCS_RECEIVED_EARLY:",
465 },
David Benjamin7e3305e2014-07-28 14:52:32 -0400[diff] [blame]466 {
David Benjamind86c7672014-08-02 04:07:12 -0400[diff] [blame]467 testType: serverTest,
David Benjaminbef270a2014-08-02 04:22:02 -0400[diff] [blame]468 name: "FallbackSCSV",
469 config: Config{
470 MaxVersion: VersionTLS11,
471 Bugs: ProtocolBugs{
472 SendFallbackSCSV: true,
473 },
474 },
475 shouldFail: true,
476 expectedError: ":INAPPROPRIATE_FALLBACK:",
477 },
478 {
479 testType: serverTest,
480 name: "FallbackSCSV-VersionMatch",
481 config: Config{
482 Bugs: ProtocolBugs{
483 SendFallbackSCSV: true,
484 },
485 },
486 },
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]487 {
488 testType: serverTest,
489 name: "FragmentedClientVersion",
490 config: Config{
491 Bugs: ProtocolBugs{
492 MaxHandshakeRecordLength: 1,
493 FragmentClientVersion: true,
494 },
495 },
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]496 expectedVersion: VersionTLS12,
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]497 },
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]498 {
499 testType: serverTest,
500 name: "MinorVersionTolerance",
501 config: Config{
502 Bugs: ProtocolBugs{
503 SendClientVersion: 0x03ff,
504 },
505 },
506 expectedVersion: VersionTLS12,
507 },
508 {
509 testType: serverTest,
510 name: "MajorVersionTolerance",
511 config: Config{
512 Bugs: ProtocolBugs{
513 SendClientVersion: 0x0400,
514 },
515 },
516 expectedVersion: VersionTLS12,
517 },
518 {
519 testType: serverTest,
520 name: "VersionTooLow",
521 config: Config{
522 Bugs: ProtocolBugs{
523 SendClientVersion: 0x0200,
524 },
525 },
526 shouldFail: true,
527 expectedError: ":UNSUPPORTED_PROTOCOL:",
528 },
529 {
530 testType: serverTest,
531 name: "HttpGET",
532 sendPrefix: "GET / HTTP/1.0\n",
533 shouldFail: true,
534 expectedError: ":HTTP_REQUEST:",
535 },
536 {
537 testType: serverTest,
538 name: "HttpPOST",
539 sendPrefix: "POST / HTTP/1.0\n",
540 shouldFail: true,
541 expectedError: ":HTTP_REQUEST:",
542 },
543 {
544 testType: serverTest,
545 name: "HttpHEAD",
546 sendPrefix: "HEAD / HTTP/1.0\n",
547 shouldFail: true,
548 expectedError: ":HTTP_REQUEST:",
549 },
550 {
551 testType: serverTest,
552 name: "HttpPUT",
553 sendPrefix: "PUT / HTTP/1.0\n",
554 shouldFail: true,
555 expectedError: ":HTTP_REQUEST:",
556 },
557 {
558 testType: serverTest,
559 name: "HttpCONNECT",
560 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
561 shouldFail: true,
562 expectedError: ":HTTPS_PROXY_REQUEST:",
563 },
David Benjamin39ebf532014-08-31 02:23:49 -0400[diff] [blame]564 {
David Benjaminf080ecd2014-12-11 18:48:59 -0500[diff] [blame]565 testType: serverTest,
566 name: "Garbage",
567 sendPrefix: "blah",
568 shouldFail: true,
569 expectedError: ":UNKNOWN_PROTOCOL:",
570 },
571 {
David Benjamin39ebf532014-08-31 02:23:49 -0400[diff] [blame]572 name: "SkipCipherVersionCheck",
573 config: Config{
574 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
575 MaxVersion: VersionTLS11,
576 Bugs: ProtocolBugs{
577 SkipCipherVersionCheck: true,
578 },
579 },
580 shouldFail: true,
581 expectedError: ":WRONG_CIPHER_RETURNED:",
582 },
David Benjamin9114fae2014-11-08 11:41:14 -0500[diff] [blame]583 {
David Benjamina3e89492015-02-26 15:16:22 -0500[diff] [blame]584 name: "RSAEphemeralKey",
David Benjamin9114fae2014-11-08 11:41:14 -0500[diff] [blame]585 config: Config{
586 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
587 Bugs: ProtocolBugs{
David Benjamina3e89492015-02-26 15:16:22 -0500[diff] [blame]588 RSAEphemeralKey: true,
David Benjamin9114fae2014-11-08 11:41:14 -0500[diff] [blame]589 },
590 },
591 shouldFail: true,
592 expectedError: ":UNEXPECTED_MESSAGE:",
593 },
David Benjamin128dbc32014-12-01 01:27:42 -0500[diff] [blame]594 {
595 name: "DisableEverything",
596 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
597 shouldFail: true,
598 expectedError: ":WRONG_SSL_VERSION:",
599 },
600 {
601 protocol: dtls,
602 name: "DisableEverything-DTLS",
603 flags: []string{"-no-tls12", "-no-tls1"},
604 shouldFail: true,
605 expectedError: ":WRONG_SSL_VERSION:",
606 },
David Benjamin780d6dd2015-01-06 12:03:19 -0500[diff] [blame]607 {
608 name: "NoSharedCipher",
609 config: Config{
610 CipherSuites: []uint16{},
611 },
612 shouldFail: true,
613 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
614 },
David Benjamin13be1de2015-01-11 16:29:36 -0500[diff] [blame]615 {
616 protocol: dtls,
617 testType: serverTest,
618 name: "MTU",
619 config: Config{
620 Bugs: ProtocolBugs{
621 MaxPacketLength: 256,
622 },
623 },
624 flags: []string{"-mtu", "256"},
625 },
626 {
627 protocol: dtls,
628 testType: serverTest,
629 name: "MTUExceeded",
630 config: Config{
631 Bugs: ProtocolBugs{
632 MaxPacketLength: 255,
633 },
634 },
635 flags: []string{"-mtu", "256"},
636 shouldFail: true,
637 expectedLocalError: "dtls: exceeded maximum packet length",
638 },
David Benjamin6095de82014-12-27 01:50:38 -0500[diff] [blame]639 {
640 name: "CertMismatchRSA",
641 config: Config{
642 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
643 Certificates: []Certificate{getECDSACertificate()},
644 Bugs: ProtocolBugs{
645 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
646 },
647 },
648 shouldFail: true,
649 expectedError: ":WRONG_CERTIFICATE_TYPE:",
650 },
651 {
652 name: "CertMismatchECDSA",
653 config: Config{
654 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
655 Certificates: []Certificate{getRSACertificate()},
656 Bugs: ProtocolBugs{
657 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
658 },
659 },
660 shouldFail: true,
661 expectedError: ":WRONG_CERTIFICATE_TYPE:",
662 },
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]663 {
664 name: "TLSFatalBadPackets",
665 damageFirstWrite: true,
666 shouldFail: true,
667 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
668 },
669 {
670 protocol: dtls,
671 name: "DTLSIgnoreBadPackets",
672 damageFirstWrite: true,
673 },
674 {
675 protocol: dtls,
676 name: "DTLSIgnoreBadPackets-Async",
677 damageFirstWrite: true,
678 flags: []string{"-async"},
679 },
David Benjamin4189bd92015-01-25 23:52:39 -0500[diff] [blame]680 {
681 name: "AppDataAfterChangeCipherSpec",
682 config: Config{
683 Bugs: ProtocolBugs{
684 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
685 },
686 },
687 shouldFail: true,
688 expectedError: ":DATA_BETWEEN_CCS_AND_FINISHED:",
689 },
690 {
691 protocol: dtls,
692 name: "AppDataAfterChangeCipherSpec-DTLS",
693 config: Config{
694 Bugs: ProtocolBugs{
695 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
696 },
697 },
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]698 // BoringSSL's DTLS implementation will drop the out-of-order
699 // application data.
David Benjamin4189bd92015-01-25 23:52:39 -0500[diff] [blame]700 },
David Benjaminb3774b92015-01-31 17:16:01 -0500[diff] [blame]701 {
David Benjamindc3da932015-03-12 15:09:02 -0400[diff] [blame]702 name: "AlertAfterChangeCipherSpec",
703 config: Config{
704 Bugs: ProtocolBugs{
705 AlertAfterChangeCipherSpec: alertRecordOverflow,
706 },
707 },
708 shouldFail: true,
709 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
710 },
711 {
712 protocol: dtls,
713 name: "AlertAfterChangeCipherSpec-DTLS",
714 config: Config{
715 Bugs: ProtocolBugs{
716 AlertAfterChangeCipherSpec: alertRecordOverflow,
717 },
718 },
719 shouldFail: true,
720 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
721 },
722 {
David Benjaminb3774b92015-01-31 17:16:01 -0500[diff] [blame]723 protocol: dtls,
724 name: "ReorderHandshakeFragments-Small-DTLS",
725 config: Config{
726 Bugs: ProtocolBugs{
727 ReorderHandshakeFragments: true,
728 // Small enough that every handshake message is
729 // fragmented.
730 MaxHandshakeRecordLength: 2,
731 },
732 },
733 },
734 {
735 protocol: dtls,
736 name: "ReorderHandshakeFragments-Large-DTLS",
737 config: Config{
738 Bugs: ProtocolBugs{
739 ReorderHandshakeFragments: true,
740 // Large enough that no handshake message is
741 // fragmented.
David Benjaminb3774b92015-01-31 17:16:01 -0500[diff] [blame]742 MaxHandshakeRecordLength: 2048,
743 },
744 },
745 },
David Benjaminddb9f152015-02-03 15:44:39 -0500[diff] [blame]746 {
David Benjamin75381222015-03-02 19:30:30 -0500[diff] [blame]747 protocol: dtls,
748 name: "MixCompleteMessageWithFragments-DTLS",
749 config: Config{
750 Bugs: ProtocolBugs{
751 ReorderHandshakeFragments: true,
752 MixCompleteMessageWithFragments: true,
753 MaxHandshakeRecordLength: 2,
754 },
755 },
756 },
757 {
David Benjaminddb9f152015-02-03 15:44:39 -0500[diff] [blame]758 name: "SendInvalidRecordType",
759 config: Config{
760 Bugs: ProtocolBugs{
761 SendInvalidRecordType: true,
762 },
763 },
764 shouldFail: true,
765 expectedError: ":UNEXPECTED_RECORD:",
766 },
767 {
768 protocol: dtls,
769 name: "SendInvalidRecordType-DTLS",
770 config: Config{
771 Bugs: ProtocolBugs{
772 SendInvalidRecordType: true,
773 },
774 },
775 shouldFail: true,
776 expectedError: ":UNEXPECTED_RECORD:",
777 },
David Benjaminb80168e2015-02-08 18:30:14 -0500[diff] [blame]778 {
779 name: "FalseStart-SkipServerSecondLeg",
780 config: Config{
781 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
782 NextProtos: []string{"foo"},
783 Bugs: ProtocolBugs{
784 SkipNewSessionTicket: true,
785 SkipChangeCipherSpec: true,
786 SkipFinished: true,
787 ExpectFalseStart: true,
788 },
789 },
790 flags: []string{
791 "-false-start",
David Benjamin87e4acd2015-04-02 19:57:35 -0400[diff] [blame]792 "-handshake-never-done",
David Benjaminb80168e2015-02-08 18:30:14 -0500[diff] [blame]793 "-advertise-alpn", "\x03foo",
794 },
795 shimWritesFirst: true,
796 shouldFail: true,
797 expectedError: ":UNEXPECTED_RECORD:",
798 },
David Benjamin931ab342015-02-08 19:46:57 -0500[diff] [blame]799 {
800 name: "FalseStart-SkipServerSecondLeg-Implicit",
801 config: Config{
802 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
803 NextProtos: []string{"foo"},
804 Bugs: ProtocolBugs{
805 SkipNewSessionTicket: true,
806 SkipChangeCipherSpec: true,
807 SkipFinished: true,
808 },
809 },
810 flags: []string{
811 "-implicit-handshake",
812 "-false-start",
David Benjamin87e4acd2015-04-02 19:57:35 -0400[diff] [blame]813 "-handshake-never-done",
David Benjamin931ab342015-02-08 19:46:57 -0500[diff] [blame]814 "-advertise-alpn", "\x03foo",
815 },
816 shouldFail: true,
817 expectedError: ":UNEXPECTED_RECORD:",
818 },
David Benjamin6f5c0f42015-02-24 01:23:21 -0500[diff] [blame]819 {
820 testType: serverTest,
821 name: "FailEarlyCallback",
822 flags: []string{"-fail-early-callback"},
823 shouldFail: true,
824 expectedError: ":CONNECTION_REJECTED:",
825 expectedLocalError: "remote error: access denied",
826 },
David Benjaminbcb2d912015-02-24 23:45:43 -0500[diff] [blame]827 {
828 name: "WrongMessageType",
829 config: Config{
830 Bugs: ProtocolBugs{
831 WrongCertificateMessageType: true,
832 },
833 },
834 shouldFail: true,
835 expectedError: ":UNEXPECTED_MESSAGE:",
836 expectedLocalError: "remote error: unexpected message",
837 },
838 {
839 protocol: dtls,
840 name: "WrongMessageType-DTLS",
841 config: Config{
842 Bugs: ProtocolBugs{
843 WrongCertificateMessageType: true,
844 },
845 },
846 shouldFail: true,
847 expectedError: ":UNEXPECTED_MESSAGE:",
848 expectedLocalError: "remote error: unexpected message",
849 },
David Benjamin75381222015-03-02 19:30:30 -0500[diff] [blame]850 {
851 protocol: dtls,
852 name: "FragmentMessageTypeMismatch-DTLS",
853 config: Config{
854 Bugs: ProtocolBugs{
855 MaxHandshakeRecordLength: 2,
856 FragmentMessageTypeMismatch: true,
857 },
858 },
859 shouldFail: true,
860 expectedError: ":FRAGMENT_MISMATCH:",
861 },
862 {
863 protocol: dtls,
864 name: "FragmentMessageLengthMismatch-DTLS",
865 config: Config{
866 Bugs: ProtocolBugs{
867 MaxHandshakeRecordLength: 2,
868 FragmentMessageLengthMismatch: true,
869 },
870 },
871 shouldFail: true,
872 expectedError: ":FRAGMENT_MISMATCH:",
873 },
874 {
875 protocol: dtls,
876 name: "SplitFragmentHeader-DTLS",
877 config: Config{
878 Bugs: ProtocolBugs{
879 SplitFragmentHeader: true,
880 },
881 },
882 shouldFail: true,
883 expectedError: ":UNEXPECTED_MESSAGE:",
884 },
885 {
886 protocol: dtls,
887 name: "SplitFragmentBody-DTLS",
888 config: Config{
889 Bugs: ProtocolBugs{
890 SplitFragmentBody: true,
891 },
892 },
893 shouldFail: true,
894 expectedError: ":UNEXPECTED_MESSAGE:",
895 },
896 {
897 protocol: dtls,
898 name: "SendEmptyFragments-DTLS",
899 config: Config{
900 Bugs: ProtocolBugs{
901 SendEmptyFragments: true,
902 },
903 },
904 },
David Benjamin67d1fb52015-03-16 15:16:23 -0400[diff] [blame]905 {
906 name: "UnsupportedCipherSuite",
907 config: Config{
908 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
909 Bugs: ProtocolBugs{
910 IgnorePeerCipherPreferences: true,
911 },
912 },
913 flags: []string{"-cipher", "DEFAULT:!RC4"},
914 shouldFail: true,
915 expectedError: ":WRONG_CIPHER_RETURNED:",
916 },
David Benjamin340d5ed2015-03-21 02:21:37 -0400[diff] [blame]917 {
David Benjaminc574f412015-04-20 11:13:01 -0400[diff] [blame^]918 name: "UnsupportedCurve",
919 config: Config{
920 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
921 // BoringSSL implements P-224 but doesn't enable it by
922 // default.
923 CurvePreferences: []CurveID{CurveP224},
924 Bugs: ProtocolBugs{
925 IgnorePeerCurvePreferences: true,
926 },
927 },
928 shouldFail: true,
929 expectedError: ":WRONG_CURVE:",
930 },
931 {
David Benjamin340d5ed2015-03-21 02:21:37 -0400[diff] [blame]932 name: "SendWarningAlerts",
933 config: Config{
934 Bugs: ProtocolBugs{
935 SendWarningAlerts: alertAccessDenied,
936 },
937 },
938 },
939 {
940 protocol: dtls,
941 name: "SendWarningAlerts-DTLS",
942 config: Config{
943 Bugs: ProtocolBugs{
944 SendWarningAlerts: alertAccessDenied,
945 },
946 },
947 },
David Benjamin513f0ea2015-04-02 19:33:31 -0400[diff] [blame]948 {
949 name: "BadFinished",
950 config: Config{
951 Bugs: ProtocolBugs{
952 BadFinished: true,
953 },
954 },
955 shouldFail: true,
956 expectedError: ":DIGEST_CHECK_FAILED:",
957 },
958 {
959 name: "FalseStart-BadFinished",
960 config: Config{
961 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
962 NextProtos: []string{"foo"},
963 Bugs: ProtocolBugs{
964 BadFinished: true,
965 ExpectFalseStart: true,
966 },
967 },
968 flags: []string{
969 "-false-start",
David Benjamin87e4acd2015-04-02 19:57:35 -0400[diff] [blame]970 "-handshake-never-done",
David Benjamin513f0ea2015-04-02 19:33:31 -0400[diff] [blame]971 "-advertise-alpn", "\x03foo",
972 },
973 shimWritesFirst: true,
974 shouldFail: true,
975 expectedError: ":DIGEST_CHECK_FAILED:",
976 },
David Benjamin1c633152015-04-02 20:19:11 -0400[diff] [blame]977 {
978 name: "NoFalseStart-NoALPN",
979 config: Config{
980 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
981 Bugs: ProtocolBugs{
982 ExpectFalseStart: true,
983 AlertBeforeFalseStartTest: alertAccessDenied,
984 },
985 },
986 flags: []string{
987 "-false-start",
988 },
989 shimWritesFirst: true,
990 shouldFail: true,
991 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
992 expectedLocalError: "tls: peer did not false start: EOF",
993 },
994 {
995 name: "NoFalseStart-NoAEAD",
996 config: Config{
997 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
998 NextProtos: []string{"foo"},
999 Bugs: ProtocolBugs{
1000 ExpectFalseStart: true,
1001 AlertBeforeFalseStartTest: alertAccessDenied,
1002 },
1003 },
1004 flags: []string{
1005 "-false-start",
1006 "-advertise-alpn", "\x03foo",
1007 },
1008 shimWritesFirst: true,
1009 shouldFail: true,
1010 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1011 expectedLocalError: "tls: peer did not false start: EOF",
1012 },
1013 {
1014 name: "NoFalseStart-RSA",
1015 config: Config{
1016 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1017 NextProtos: []string{"foo"},
1018 Bugs: ProtocolBugs{
1019 ExpectFalseStart: true,
1020 AlertBeforeFalseStartTest: alertAccessDenied,
1021 },
1022 },
1023 flags: []string{
1024 "-false-start",
1025 "-advertise-alpn", "\x03foo",
1026 },
1027 shimWritesFirst: true,
1028 shouldFail: true,
1029 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1030 expectedLocalError: "tls: peer did not false start: EOF",
1031 },
1032 {
1033 name: "NoFalseStart-DHE_RSA",
1034 config: Config{
1035 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1036 NextProtos: []string{"foo"},
1037 Bugs: ProtocolBugs{
1038 ExpectFalseStart: true,
1039 AlertBeforeFalseStartTest: alertAccessDenied,
1040 },
1041 },
1042 flags: []string{
1043 "-false-start",
1044 "-advertise-alpn", "\x03foo",
1045 },
1046 shimWritesFirst: true,
1047 shouldFail: true,
1048 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1049 expectedLocalError: "tls: peer did not false start: EOF",
1050 },
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1051}
1052
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1053func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]1054 var connDebug *recordingConn
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]1055 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]1056 if *flagDebug {
1057 connDebug = &recordingConn{Conn: conn}
1058 conn = connDebug
1059 defer func() {
1060 connDebug.WriteTo(os.Stdout)
1061 }()
1062 }
1063
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1064 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]1065 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
1066 conn = config.Bugs.PacketAdaptor
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]1067 if test.replayWrites {
1068 conn = newReplayAdaptor(conn)
1069 }
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1070 }
1071
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]1072 if test.damageFirstWrite {
1073 connDamage = newDamageAdaptor(conn)
1074 conn = connDamage
1075 }
1076
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1077 if test.sendPrefix != "" {
1078 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
1079 return err
1080 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]1081 }
1082
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1083 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1084 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1085 if test.protocol == dtls {
1086 tlsConn = DTLSServer(conn, config)
1087 } else {
1088 tlsConn = Server(conn, config)
1089 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1090 } else {
1091 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1092 if test.protocol == dtls {
1093 tlsConn = DTLSClient(conn, config)
1094 } else {
1095 tlsConn = Client(conn, config)
1096 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1097 }
1098
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1099 if err := tlsConn.Handshake(); err != nil {
1100 return err
1101 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1102
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1103 // TODO(davidben): move all per-connection expectations into a dedicated
1104 // expectations struct that can be specified separately for the two
1105 // legs.
1106 expectedVersion := test.expectedVersion
1107 if isResume && test.expectedResumeVersion != 0 {
1108 expectedVersion = test.expectedResumeVersion
1109 }
1110 if vers := tlsConn.ConnectionState().Version; expectedVersion != 0 && vers != expectedVersion {
1111 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1112 }
1113
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]1114 if test.expectChannelID {
1115 channelID := tlsConn.ConnectionState().ChannelID
1116 if channelID == nil {
1117 return fmt.Errorf("no channel ID negotiated")
1118 }
1119 if channelID.Curve != channelIDKey.Curve ||
1120 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
1121 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
1122 return fmt.Errorf("incorrect channel ID")
1123 }
1124 }
1125
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]1126 if expected := test.expectedNextProto; expected != "" {
1127 if actual := tlsConn.ConnectionState().NegotiatedProtocol; actual != expected {
1128 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
1129 }
1130 }
1131
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]1132 if test.expectedNextProtoType != 0 {
1133 if (test.expectedNextProtoType == alpn) != tlsConn.ConnectionState().NegotiatedProtocolFromALPN {
1134 return fmt.Errorf("next proto type mismatch")
1135 }
1136 }
1137
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]1138 if p := tlsConn.ConnectionState().SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
1139 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
1140 }
1141
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]1142 if test.exportKeyingMaterial > 0 {
1143 actual := make([]byte, test.exportKeyingMaterial)
1144 if _, err := io.ReadFull(tlsConn, actual); err != nil {
1145 return err
1146 }
1147 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
1148 if err != nil {
1149 return err
1150 }
1151 if !bytes.Equal(actual, expected) {
1152 return fmt.Errorf("keying material mismatch")
1153 }
1154 }
1155
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1156 if test.shimWritesFirst {
1157 var buf [5]byte
1158 _, err := io.ReadFull(tlsConn, buf[:])
1159 if err != nil {
1160 return err
1161 }
1162 if string(buf[:]) != "hello" {
1163 return fmt.Errorf("bad initial message")
1164 }
1165 }
1166
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]1167 if test.renegotiate {
1168 if test.renegotiateCiphers != nil {
1169 config.CipherSuites = test.renegotiateCiphers
1170 }
1171 if err := tlsConn.Renegotiate(); err != nil {
1172 return err
1173 }
1174 } else if test.renegotiateCiphers != nil {
1175 panic("renegotiateCiphers without renegotiate")
1176 }
1177
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]1178 if test.damageFirstWrite {
1179 connDamage.setDamage(true)
1180 tlsConn.Write([]byte("DAMAGED WRITE"))
1181 connDamage.setDamage(false)
1182 }
1183
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1184 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1185 if test.protocol == dtls {
1186 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
1187 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1188 // Read until EOF.
1189 _, err := io.Copy(ioutil.Discard, tlsConn)
1190 return err
1191 }
1192
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]1193 if messageLen == 0 {
1194 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1195 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]1196 testMessage := make([]byte, messageLen)
1197 for i := range testMessage {
1198 testMessage[i] = 0x42
1199 }
1200 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1201
1202 buf := make([]byte, len(testMessage))
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1203 if test.protocol == dtls {
1204 bufTmp := make([]byte, len(buf)+1)
1205 n, err := tlsConn.Read(bufTmp)
1206 if err != nil {
1207 return err
1208 }
1209 if n != len(buf) {
1210 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
1211 }
1212 copy(buf, bufTmp)
1213 } else {
1214 _, err := io.ReadFull(tlsConn, buf)
1215 if err != nil {
1216 return err
1217 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1218 }
1219
1220 for i, v := range buf {
1221 if v != testMessage[i]^0xff {
1222 return fmt.Errorf("bad reply contents at byte %d", i)
1223 }
1224 }
1225
1226 return nil
1227}
1228
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]1229func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
1230 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1231 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]1232 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1233 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]1234 valgrindArgs = append(valgrindArgs, path)
1235 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1236
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]1237 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1238}
1239
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]1240func gdbOf(path string, args ...string) *exec.Cmd {
1241 xtermArgs := []string{"-e", "gdb", "--args"}
1242 xtermArgs = append(xtermArgs, path)
1243 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1244
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]1245 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1246}
1247
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1248type moreMallocsError struct{}
1249
1250func (moreMallocsError) Error() string {
1251 return "child process did not exhaust all allocation calls"
1252}
1253
1254var errMoreMallocs = moreMallocsError{}
1255
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1256// accept accepts a connection from listener, unless waitChan signals a process
1257// exit first.
1258func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
1259 type connOrError struct {
1260 conn net.Conn
1261 err error
1262 }
1263 connChan := make(chan connOrError, 1)
1264 go func() {
1265 conn, err := listener.Accept()
1266 connChan <- connOrError{conn, err}
1267 close(connChan)
1268 }()
1269 select {
1270 case result := <-connChan:
1271 return result.conn, result.err
1272 case childErr := <-waitChan:
1273 waitChan <- childErr
1274 return nil, fmt.Errorf("child exited early: %s", childErr)
1275 }
1276}
1277
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1278func runTest(test *testCase, buildDir string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]1279 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
1280 panic("Error expected without shouldFail in " + test.name)
1281 }
1282
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1283 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
1284 if err != nil {
1285 panic(err)
1286 }
1287 defer func() {
1288 if listener != nil {
1289 listener.Close()
1290 }
1291 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1292
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]1293 shim_path := path.Join(buildDir, "ssl/test/bssl_shim")
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1294 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1295 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]1296 flags = append(flags, "-server")
1297
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1298 flags = append(flags, "-key-file")
1299 if test.keyFile == "" {
1300 flags = append(flags, rsaKeyFile)
1301 } else {
1302 flags = append(flags, test.keyFile)
1303 }
1304
1305 flags = append(flags, "-cert-file")
1306 if test.certFile == "" {
1307 flags = append(flags, rsaCertificateFile)
1308 } else {
1309 flags = append(flags, test.certFile)
1310 }
1311 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]1312
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1313 if test.protocol == dtls {
1314 flags = append(flags, "-dtls")
1315 }
1316
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]1317 if test.resumeSession {
1318 flags = append(flags, "-resume")
1319 }
1320
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]1321 if test.shimWritesFirst {
1322 flags = append(flags, "-shim-writes-first")
1323 }
1324
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]1325 if test.exportKeyingMaterial > 0 {
1326 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
1327 flags = append(flags, "-export-label", test.exportLabel)
1328 flags = append(flags, "-export-context", test.exportContext)
1329 if test.useExportContext {
1330 flags = append(flags, "-use-export-context")
1331 }
1332 }
1333
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1334 flags = append(flags, test.flags...)
1335
1336 var shim *exec.Cmd
1337 if *useValgrind {
1338 shim = valgrindOf(false, shim_path, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1339 } else if *useGDB {
1340 shim = gdbOf(shim_path, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1341 } else {
1342 shim = exec.Command(shim_path, flags...)
1343 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1344 shim.Stdin = os.Stdin
1345 var stdoutBuf, stderrBuf bytes.Buffer
1346 shim.Stdout = &stdoutBuf
1347 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1348 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]1349 shim.Env = os.Environ()
1350 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1351 if *mallocTestDebug {
1352 shim.Env = append(shim.Env, "MALLOC_ABORT_ON_FAIL=1")
1353 }
1354 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
1355 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1356
1357 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1358 panic(err)
1359 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1360 waitChan := make(chan error, 1)
1361 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1362
1363 config := test.config
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1364 config.ClientSessionCache = NewLRUClientSessionCache(1)
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1365 config.ServerSessionCache = NewLRUServerSessionCache(1)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1366 if test.testType == clientTest {
1367 if len(config.Certificates) == 0 {
1368 config.Certificates = []Certificate{getRSACertificate()}
1369 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1370 } else {
1371 // Supply a ServerName to ensure a constant session cache key,
1372 // rather than falling back to net.Conn.RemoteAddr.
1373 if len(config.ServerName) == 0 {
1374 config.ServerName = "test"
1375 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1376 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1377
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1378 conn, err := acceptOrWait(listener, waitChan)
1379 if err == nil {
1380 err = doExchange(test, &config, conn, test.messageLen, false /* not a resumption */)
1381 conn.Close()
1382 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]1383
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1384 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1385 var resumeConfig Config
1386 if test.resumeConfig != nil {
1387 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1388 if len(resumeConfig.ServerName) == 0 {
1389 resumeConfig.ServerName = config.ServerName
1390 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1391 if len(resumeConfig.Certificates) == 0 {
1392 resumeConfig.Certificates = []Certificate{getRSACertificate()}
1393 }
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1394 if !test.newSessionsOnResume {
1395 resumeConfig.SessionTicketKey = config.SessionTicketKey
1396 resumeConfig.ClientSessionCache = config.ClientSessionCache
1397 resumeConfig.ServerSessionCache = config.ServerSessionCache
1398 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]1399 } else {
1400 resumeConfig = config
1401 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1402 var connResume net.Conn
1403 connResume, err = acceptOrWait(listener, waitChan)
1404 if err == nil {
1405 err = doExchange(test, &resumeConfig, connResume, test.messageLen, true /* resumption */)
1406 connResume.Close()
1407 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]1408 }
1409
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]1410 // Close the listener now. This is to avoid hangs should the shim try to
1411 // open more connections than expected.
1412 listener.Close()
1413 listener = nil
1414
1415 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]1416 if exitError, ok := childErr.(*exec.ExitError); ok {
1417 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
1418 return errMoreMallocs
1419 }
1420 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1421
1422 stdout := string(stdoutBuf.Bytes())
1423 stderr := string(stderrBuf.Bytes())
1424 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]1425 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1426 localError := "none"
1427 if err != nil {
1428 localError = err.Error()
1429 }
1430 if len(test.expectedLocalError) != 0 {
1431 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
1432 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1433
1434 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1435 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1436 if childErr != nil {
1437 childError = childErr.Error()
1438 }
1439
1440 var msg string
1441 switch {
1442 case failed && !test.shouldFail:
1443 msg = "unexpected failure"
1444 case !failed && test.shouldFail:
1445 msg = "unexpected success"
1446 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]1447 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1448 default:
1449 panic("internal error")
1450 }
1451
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]1452 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1453 }
1454
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]1455 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1456 println(stderr)
1457 }
1458
1459 return nil
1460}
1461
1462var tlsVersions = []struct {
1463 name string
1464 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]1465 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1466 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1467}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1468 {"SSL3", VersionSSL30, "-no-ssl3", false},
1469 {"TLS1", VersionTLS10, "-no-tls1", true},
1470 {"TLS11", VersionTLS11, "-no-tls11", false},
1471 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1472}
1473
1474var testCipherSuites = []struct {
1475 name string
1476 id uint16
1477}{
1478 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1479 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1480 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1481 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1482 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1483 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1484 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1485 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1486 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1487 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1488 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
1489 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1490 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]1491 {"DHE-RSA-CHACHA20-POLY1305", TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1492 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1493 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1494 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
1495 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1496 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1497 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]1498 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1499 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
David Benjamin2af684f2014-10-27 02:23:15 -0400[diff] [blame]1500 {"ECDHE-PSK-WITH-AES-128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1501 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1502 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1503 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1504 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1505 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1506 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]1507 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1508 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1509 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
1510 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
1511 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1512 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]1513 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1514}
1515
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1516func hasComponent(suiteName, component string) bool {
1517 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
1518}
1519
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1520func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1521 return hasComponent(suiteName, "GCM") ||
1522 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]1523 hasComponent(suiteName, "SHA384") ||
1524 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1525}
1526
1527func isDTLSCipher(suiteName string) bool {
David Benjamine95d20d2014-12-23 11:16:01 -0500[diff] [blame]1528 return !hasComponent(suiteName, "RC4")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1529}
1530
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1531func addCipherSuiteTests() {
1532 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1533 const psk = "12345"
1534 const pskIdentity = "luggage combo"
1535
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1536 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1537 var certFile string
1538 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1539 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1540 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1541 certFile = ecdsaCertificateFile
1542 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1543 } else {
1544 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1545 certFile = rsaCertificateFile
1546 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1547 }
1548
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1549 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1550 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1551 flags = append(flags,
1552 "-psk", psk,
1553 "-psk-identity", pskIdentity)
1554 }
1555
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1556 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]1557 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1558 continue
1559 }
1560
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1561 testCases = append(testCases, testCase{
1562 testType: clientTest,
1563 name: ver.name + "-" + suite.name + "-client",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1564 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1565 MinVersion: ver.version,
1566 MaxVersion: ver.version,
1567 CipherSuites: []uint16{suite.id},
1568 Certificates: []Certificate{cert},
1569 PreSharedKey: []byte(psk),
1570 PreSharedKeyIdentity: pskIdentity,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1571 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1572 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1573 resumeSession: true,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1574 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1575
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1576 testCases = append(testCases, testCase{
1577 testType: serverTest,
1578 name: ver.name + "-" + suite.name + "-server",
1579 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1580 MinVersion: ver.version,
1581 MaxVersion: ver.version,
1582 CipherSuites: []uint16{suite.id},
1583 Certificates: []Certificate{cert},
1584 PreSharedKey: []byte(psk),
1585 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1586 },
1587 certFile: certFile,
1588 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1589 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1590 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]1591 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1592
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]1593 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1594 testCases = append(testCases, testCase{
1595 testType: clientTest,
1596 protocol: dtls,
1597 name: "D" + ver.name + "-" + suite.name + "-client",
1598 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1599 MinVersion: ver.version,
1600 MaxVersion: ver.version,
1601 CipherSuites: []uint16{suite.id},
1602 Certificates: []Certificate{cert},
1603 PreSharedKey: []byte(psk),
1604 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1605 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1606 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1607 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1608 })
1609 testCases = append(testCases, testCase{
1610 testType: serverTest,
1611 protocol: dtls,
1612 name: "D" + ver.name + "-" + suite.name + "-server",
1613 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1614 MinVersion: ver.version,
1615 MaxVersion: ver.version,
1616 CipherSuites: []uint16{suite.id},
1617 Certificates: []Certificate{cert},
1618 PreSharedKey: []byte(psk),
1619 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1620 },
1621 certFile: certFile,
1622 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1623 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1624 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1625 })
1626 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1627 }
1628 }
1629}
1630
1631func addBadECDSASignatureTests() {
1632 for badR := BadValue(1); badR < NumBadValues; badR++ {
1633 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1634 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1635 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
1636 config: Config{
1637 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1638 Certificates: []Certificate{getECDSACertificate()},
1639 Bugs: ProtocolBugs{
1640 BadECDSAR: badR,
1641 BadECDSAS: badS,
1642 },
1643 },
1644 shouldFail: true,
1645 expectedError: "SIGNATURE",
1646 })
1647 }
1648 }
1649}
1650
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1651func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1652 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1653 name: "MaxCBCPadding",
1654 config: Config{
1655 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1656 Bugs: ProtocolBugs{
1657 MaxPadding: true,
1658 },
1659 },
1660 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1661 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1662 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1663 name: "BadCBCPadding",
1664 config: Config{
1665 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1666 Bugs: ProtocolBugs{
1667 PaddingFirstByteBad: true,
1668 },
1669 },
1670 shouldFail: true,
1671 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1672 })
1673 // OpenSSL previously had an issue where the first byte of padding in
1674 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]1675 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]1676 name: "BadCBCPadding255",
1677 config: Config{
1678 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1679 Bugs: ProtocolBugs{
1680 MaxPadding: true,
1681 PaddingFirstByteBadIf255: true,
1682 },
1683 },
1684 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
1685 shouldFail: true,
1686 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
1687 })
1688}
1689
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1690func addCBCSplittingTests() {
1691 testCases = append(testCases, testCase{
1692 name: "CBCRecordSplitting",
1693 config: Config{
1694 MaxVersion: VersionTLS10,
1695 MinVersion: VersionTLS10,
1696 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1697 },
1698 messageLen: -1, // read until EOF
1699 flags: []string{
1700 "-async",
1701 "-write-different-record-sizes",
1702 "-cbc-record-splitting",
1703 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]1704 })
1705 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]1706 name: "CBCRecordSplittingPartialWrite",
1707 config: Config{
1708 MaxVersion: VersionTLS10,
1709 MinVersion: VersionTLS10,
1710 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1711 },
1712 messageLen: -1, // read until EOF
1713 flags: []string{
1714 "-async",
1715 "-write-different-record-sizes",
1716 "-cbc-record-splitting",
1717 "-partial-write",
1718 },
1719 })
1720}
1721
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1722func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]1723 // Add a dummy cert pool to stress certificate authority parsing.
1724 // TODO(davidben): Add tests that those values parse out correctly.
1725 certPool := x509.NewCertPool()
1726 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
1727 if err != nil {
1728 panic(err)
1729 }
1730 certPool.AddCert(cert)
1731
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1732 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1733 testCases = append(testCases, testCase{
1734 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1735 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1736 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1737 MinVersion: ver.version,
1738 MaxVersion: ver.version,
1739 ClientAuth: RequireAnyClientCert,
1740 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1741 },
1742 flags: []string{
1743 "-cert-file", rsaCertificateFile,
1744 "-key-file", rsaKeyFile,
1745 },
1746 })
1747 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1748 testType: serverTest,
1749 name: ver.name + "-Server-ClientAuth-RSA",
1750 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1751 MinVersion: ver.version,
1752 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]1753 Certificates: []Certificate{rsaCertificate},
1754 },
1755 flags: []string{"-require-any-client-certificate"},
1756 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1757 if ver.version != VersionSSL30 {
1758 testCases = append(testCases, testCase{
1759 testType: serverTest,
1760 name: ver.name + "-Server-ClientAuth-ECDSA",
1761 config: Config{
1762 MinVersion: ver.version,
1763 MaxVersion: ver.version,
1764 Certificates: []Certificate{ecdsaCertificate},
1765 },
1766 flags: []string{"-require-any-client-certificate"},
1767 })
1768 testCases = append(testCases, testCase{
1769 testType: clientTest,
1770 name: ver.name + "-Client-ClientAuth-ECDSA",
1771 config: Config{
1772 MinVersion: ver.version,
1773 MaxVersion: ver.version,
1774 ClientAuth: RequireAnyClientCert,
1775 ClientCAs: certPool,
1776 },
1777 flags: []string{
1778 "-cert-file", ecdsaCertificateFile,
1779 "-key-file", ecdsaKeyFile,
1780 },
1781 })
1782 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]1783 }
1784}
1785
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1786func addExtendedMasterSecretTests() {
1787 const expectEMSFlag = "-expect-extended-master-secret"
1788
1789 for _, with := range []bool{false, true} {
1790 prefix := "No"
1791 var flags []string
1792 if with {
1793 prefix = ""
1794 flags = []string{expectEMSFlag}
1795 }
1796
1797 for _, isClient := range []bool{false, true} {
1798 suffix := "-Server"
1799 testType := serverTest
1800 if isClient {
1801 suffix = "-Client"
1802 testType = clientTest
1803 }
1804
1805 for _, ver := range tlsVersions {
1806 test := testCase{
1807 testType: testType,
1808 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
1809 config: Config{
1810 MinVersion: ver.version,
1811 MaxVersion: ver.version,
1812 Bugs: ProtocolBugs{
1813 NoExtendedMasterSecret: !with,
1814 RequireExtendedMasterSecret: with,
1815 },
1816 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]1817 flags: flags,
1818 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]1819 }
1820 if test.shouldFail {
1821 test.expectedLocalError = "extended master secret required but not supported by peer"
1822 }
1823 testCases = append(testCases, test)
1824 }
1825 }
1826 }
1827
1828 // When a session is resumed, it should still be aware that its master
1829 // secret was generated via EMS and thus it's safe to use tls-unique.
1830 testCases = append(testCases, testCase{
1831 name: "ExtendedMasterSecret-Resume",
1832 config: Config{
1833 Bugs: ProtocolBugs{
1834 RequireExtendedMasterSecret: true,
1835 },
1836 },
1837 flags: []string{expectEMSFlag},
1838 resumeSession: true,
1839 })
1840}
1841
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1842// Adds tests that try to cover the range of the handshake state machine, under
1843// various conditions. Some of these are redundant with other tests, but they
1844// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1845func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1846 var suffix string
1847 var flags []string
1848 var maxHandshakeRecordLength int
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1849 if protocol == dtls {
1850 suffix = "-DTLS"
1851 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1852 if async {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1853 suffix += "-Async"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1854 flags = append(flags, "-async")
1855 } else {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1856 suffix += "-Sync"
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1857 }
1858 if splitHandshake {
1859 suffix += "-SplitHandshakeRecords"
David Benjamin98214542014-08-07 18:02:39 -0400[diff] [blame]1860 maxHandshakeRecordLength = 1
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1861 }
1862
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1863 // Basic handshake, with resumption. Client and server,
1864 // session ID and session ticket.
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1865 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1866 protocol: protocol,
1867 name: "Basic-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1868 config: Config{
1869 Bugs: ProtocolBugs{
1870 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1871 },
1872 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1873 flags: flags,
1874 resumeSession: true,
1875 })
1876 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1877 protocol: protocol,
1878 name: "Basic-Client-RenewTicket" + suffix,
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1879 config: Config{
1880 Bugs: ProtocolBugs{
1881 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1882 RenewTicketOnResume: true,
1883 },
1884 },
1885 flags: flags,
1886 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1887 })
1888 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1889 protocol: protocol,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1890 name: "Basic-Client-NoTicket" + suffix,
1891 config: Config{
1892 SessionTicketsDisabled: true,
1893 Bugs: ProtocolBugs{
1894 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1895 },
1896 },
1897 flags: flags,
1898 resumeSession: true,
1899 })
1900 testCases = append(testCases, testCase{
1901 protocol: protocol,
David Benjamine0e7d0d2015-02-08 19:33:25 -0500[diff] [blame]1902 name: "Basic-Client-Implicit" + suffix,
1903 config: Config{
1904 Bugs: ProtocolBugs{
1905 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1906 },
1907 },
1908 flags: append(flags, "-implicit-handshake"),
1909 resumeSession: true,
1910 })
1911 testCases = append(testCases, testCase{
1912 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1913 testType: serverTest,
1914 name: "Basic-Server" + suffix,
1915 config: Config{
1916 Bugs: ProtocolBugs{
1917 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1918 },
1919 },
David Benjaminbed9aae2014-08-07 19:13:38 -0400[diff] [blame]1920 flags: flags,
1921 resumeSession: true,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1922 })
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]1923 testCases = append(testCases, testCase{
1924 protocol: protocol,
1925 testType: serverTest,
1926 name: "Basic-Server-NoTickets" + suffix,
1927 config: Config{
1928 SessionTicketsDisabled: true,
1929 Bugs: ProtocolBugs{
1930 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1931 },
1932 },
1933 flags: flags,
1934 resumeSession: true,
1935 })
David Benjamine0e7d0d2015-02-08 19:33:25 -0500[diff] [blame]1936 testCases = append(testCases, testCase{
1937 protocol: protocol,
1938 testType: serverTest,
1939 name: "Basic-Server-Implicit" + suffix,
1940 config: Config{
1941 Bugs: ProtocolBugs{
1942 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1943 },
1944 },
1945 flags: append(flags, "-implicit-handshake"),
1946 resumeSession: true,
1947 })
David Benjamin6f5c0f42015-02-24 01:23:21 -0500[diff] [blame]1948 testCases = append(testCases, testCase{
1949 protocol: protocol,
1950 testType: serverTest,
1951 name: "Basic-Server-EarlyCallback" + suffix,
1952 config: Config{
1953 Bugs: ProtocolBugs{
1954 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1955 },
1956 },
1957 flags: append(flags, "-use-early-callback"),
1958 resumeSession: true,
1959 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1960
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1961 // TLS client auth.
1962 testCases = append(testCases, testCase{
1963 protocol: protocol,
1964 testType: clientTest,
1965 name: "ClientAuth-Client" + suffix,
1966 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]1967 ClientAuth: RequireAnyClientCert,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1968 Bugs: ProtocolBugs{
1969 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1970 },
1971 },
1972 flags: append(flags,
1973 "-cert-file", rsaCertificateFile,
1974 "-key-file", rsaKeyFile),
1975 })
1976 testCases = append(testCases, testCase{
1977 protocol: protocol,
1978 testType: serverTest,
1979 name: "ClientAuth-Server" + suffix,
1980 config: Config{
1981 Certificates: []Certificate{rsaCertificate},
1982 },
1983 flags: append(flags, "-require-any-client-certificate"),
1984 })
1985
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1986 // No session ticket support; server doesn't send NewSessionTicket.
1987 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1988 protocol: protocol,
1989 name: "SessionTicketsDisabled-Client" + suffix,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]1990 config: Config{
1991 SessionTicketsDisabled: true,
1992 Bugs: ProtocolBugs{
1993 MaxHandshakeRecordLength: maxHandshakeRecordLength,
1994 },
1995 },
1996 flags: flags,
1997 })
1998 testCases = append(testCases, testCase{
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]1999 protocol: protocol,
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2000 testType: serverTest,
2001 name: "SessionTicketsDisabled-Server" + suffix,
2002 config: Config{
2003 SessionTicketsDisabled: true,
2004 Bugs: ProtocolBugs{
2005 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2006 },
2007 },
2008 flags: flags,
2009 })
2010
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2011 // Skip ServerKeyExchange in PSK key exchange if there's no
2012 // identity hint.
2013 testCases = append(testCases, testCase{
2014 protocol: protocol,
2015 name: "EmptyPSKHint-Client" + suffix,
2016 config: Config{
2017 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2018 PreSharedKey: []byte("secret"),
2019 Bugs: ProtocolBugs{
2020 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2021 },
2022 },
2023 flags: append(flags, "-psk", "secret"),
2024 })
2025 testCases = append(testCases, testCase{
2026 protocol: protocol,
2027 testType: serverTest,
2028 name: "EmptyPSKHint-Server" + suffix,
2029 config: Config{
2030 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2031 PreSharedKey: []byte("secret"),
2032 Bugs: ProtocolBugs{
2033 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2034 },
2035 },
2036 flags: append(flags, "-psk", "secret"),
2037 })
2038
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2039 if protocol == tls {
2040 // NPN on client and server; results in post-handshake message.
2041 testCases = append(testCases, testCase{
2042 protocol: protocol,
2043 name: "NPN-Client" + suffix,
2044 config: Config{
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2045 NextProtos: []string{"foo"},
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2046 Bugs: ProtocolBugs{
2047 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2048 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2049 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2050 flags: append(flags, "-select-next-proto", "foo"),
2051 expectedNextProto: "foo",
2052 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2053 })
2054 testCases = append(testCases, testCase{
2055 protocol: protocol,
2056 testType: serverTest,
2057 name: "NPN-Server" + suffix,
2058 config: Config{
2059 NextProtos: []string{"bar"},
2060 Bugs: ProtocolBugs{
2061 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2062 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2063 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2064 flags: append(flags,
2065 "-advertise-npn", "\x03foo\x03bar\x03baz",
2066 "-expect-next-proto", "bar"),
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2067 expectedNextProto: "bar",
2068 expectedNextProtoType: npn,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2069 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2070
David Benjamin195dc782015-02-19 13:27:05 -0500[diff] [blame]2071 // TODO(davidben): Add tests for when False Start doesn't trigger.
2072
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2073 // Client does False Start and negotiates NPN.
2074 testCases = append(testCases, testCase{
2075 protocol: protocol,
2076 name: "FalseStart" + suffix,
2077 config: Config{
2078 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2079 NextProtos: []string{"foo"},
2080 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]2081 ExpectFalseStart: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2082 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2083 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2084 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2085 flags: append(flags,
2086 "-false-start",
2087 "-select-next-proto", "foo"),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]2088 shimWritesFirst: true,
2089 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2090 })
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2091
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2092 // Client does False Start and negotiates ALPN.
2093 testCases = append(testCases, testCase{
2094 protocol: protocol,
2095 name: "FalseStart-ALPN" + suffix,
2096 config: Config{
2097 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2098 NextProtos: []string{"foo"},
2099 Bugs: ProtocolBugs{
2100 ExpectFalseStart: true,
2101 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2102 },
2103 },
2104 flags: append(flags,
2105 "-false-start",
2106 "-advertise-alpn", "\x03foo"),
2107 shimWritesFirst: true,
2108 resumeSession: true,
2109 })
2110
David Benjamin931ab342015-02-08 19:46:57 -0500[diff] [blame]2111 // Client does False Start but doesn't explicitly call
2112 // SSL_connect.
2113 testCases = append(testCases, testCase{
2114 protocol: protocol,
2115 name: "FalseStart-Implicit" + suffix,
2116 config: Config{
2117 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2118 NextProtos: []string{"foo"},
2119 Bugs: ProtocolBugs{
2120 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2121 },
2122 },
2123 flags: append(flags,
2124 "-implicit-handshake",
2125 "-false-start",
2126 "-advertise-alpn", "\x03foo"),
2127 })
2128
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2129 // False Start without session tickets.
2130 testCases = append(testCases, testCase{
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]2131 name: "FalseStart-SessionTicketsDisabled" + suffix,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2132 config: Config{
2133 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2134 NextProtos: []string{"foo"},
2135 SessionTicketsDisabled: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]2136 Bugs: ProtocolBugs{
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]2137 ExpectFalseStart: true,
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]2138 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2139 },
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2140 },
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]2141 flags: append(flags,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2142 "-false-start",
2143 "-select-next-proto", "foo",
David Benjamin4e99c522014-08-24 01:45:30 -0400[diff] [blame]2144 ),
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]2145 shimWritesFirst: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2146 })
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]2147
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]2148 // Server parses a V2ClientHello.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2149 testCases = append(testCases, testCase{
2150 protocol: protocol,
2151 testType: serverTest,
2152 name: "SendV2ClientHello" + suffix,
2153 config: Config{
2154 // Choose a cipher suite that does not involve
2155 // elliptic curves, so no extensions are
2156 // involved.
2157 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2158 Bugs: ProtocolBugs{
2159 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2160 SendV2ClientHello: true,
2161 },
David Benjamin1e7f8d72014-08-08 12:27:04 -0400[diff] [blame]2162 },
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2163 flags: flags,
2164 })
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]2165
2166 // Client sends a Channel ID.
2167 testCases = append(testCases, testCase{
2168 protocol: protocol,
2169 name: "ChannelID-Client" + suffix,
2170 config: Config{
2171 RequestChannelID: true,
2172 Bugs: ProtocolBugs{
2173 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2174 },
2175 },
2176 flags: append(flags,
2177 "-send-channel-id", channelIDKeyFile,
2178 ),
2179 resumeSession: true,
2180 expectChannelID: true,
2181 })
2182
2183 // Server accepts a Channel ID.
2184 testCases = append(testCases, testCase{
2185 protocol: protocol,
2186 testType: serverTest,
2187 name: "ChannelID-Server" + suffix,
2188 config: Config{
2189 ChannelID: channelIDKey,
2190 Bugs: ProtocolBugs{
2191 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2192 },
2193 },
2194 flags: append(flags,
2195 "-expect-channel-id",
2196 base64.StdEncoding.EncodeToString(channelIDBytes),
2197 ),
2198 resumeSession: true,
2199 expectChannelID: true,
2200 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2201 } else {
2202 testCases = append(testCases, testCase{
2203 protocol: protocol,
2204 name: "SkipHelloVerifyRequest" + suffix,
2205 config: Config{
2206 Bugs: ProtocolBugs{
2207 MaxHandshakeRecordLength: maxHandshakeRecordLength,
2208 SkipHelloVerifyRequest: true,
2209 },
2210 },
2211 flags: flags,
2212 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2213 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2214}
2215
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]2216func addDDoSCallbackTests() {
2217 // DDoS callback.
2218
2219 for _, resume := range []bool{false, true} {
2220 suffix := "Resume"
2221 if resume {
2222 suffix = "No" + suffix
2223 }
2224
2225 testCases = append(testCases, testCase{
2226 testType: serverTest,
2227 name: "Server-DDoS-OK-" + suffix,
2228 flags: []string{"-install-ddos-callback"},
2229 resumeSession: resume,
2230 })
2231
2232 failFlag := "-fail-ddos-callback"
2233 if resume {
2234 failFlag = "-fail-second-ddos-callback"
2235 }
2236 testCases = append(testCases, testCase{
2237 testType: serverTest,
2238 name: "Server-DDoS-Reject-" + suffix,
2239 flags: []string{"-install-ddos-callback", failFlag},
2240 resumeSession: resume,
2241 shouldFail: true,
2242 expectedError: ":CONNECTION_REJECTED:",
2243 })
2244 }
2245}
2246
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2247func addVersionNegotiationTests() {
2248 for i, shimVers := range tlsVersions {
2249 // Assemble flags to disable all newer versions on the shim.
2250 var flags []string
2251 for _, vers := range tlsVersions[i+1:] {
2252 flags = append(flags, vers.flag)
2253 }
2254
2255 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2256 protocols := []protocol{tls}
2257 if runnerVers.hasDTLS && shimVers.hasDTLS {
2258 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2259 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2260 for _, protocol := range protocols {
2261 expectedVersion := shimVers.version
2262 if runnerVers.version < shimVers.version {
2263 expectedVersion = runnerVers.version
2264 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2265
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2266 suffix := shimVers.name + "-" + runnerVers.name
2267 if protocol == dtls {
2268 suffix += "-DTLS"
2269 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2270
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2271 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
2272
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2273 clientVers := shimVers.version
2274 if clientVers > VersionTLS10 {
2275 clientVers = VersionTLS10
2276 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2277 testCases = append(testCases, testCase{
2278 protocol: protocol,
2279 testType: clientTest,
2280 name: "VersionNegotiation-Client-" + suffix,
2281 config: Config{
2282 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2283 Bugs: ProtocolBugs{
2284 ExpectInitialRecordVersion: clientVers,
2285 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2286 },
2287 flags: flags,
2288 expectedVersion: expectedVersion,
2289 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2290 testCases = append(testCases, testCase{
2291 protocol: protocol,
2292 testType: clientTest,
2293 name: "VersionNegotiation-Client2-" + suffix,
2294 config: Config{
2295 MaxVersion: runnerVers.version,
2296 Bugs: ProtocolBugs{
2297 ExpectInitialRecordVersion: clientVers,
2298 },
2299 },
2300 flags: []string{"-max-version", shimVersFlag},
2301 expectedVersion: expectedVersion,
2302 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2303
2304 testCases = append(testCases, testCase{
2305 protocol: protocol,
2306 testType: serverTest,
2307 name: "VersionNegotiation-Server-" + suffix,
2308 config: Config{
2309 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]2310 Bugs: ProtocolBugs{
2311 ExpectInitialRecordVersion: expectedVersion,
2312 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2313 },
2314 flags: flags,
2315 expectedVersion: expectedVersion,
2316 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]2317 testCases = append(testCases, testCase{
2318 protocol: protocol,
2319 testType: serverTest,
2320 name: "VersionNegotiation-Server2-" + suffix,
2321 config: Config{
2322 MaxVersion: runnerVers.version,
2323 Bugs: ProtocolBugs{
2324 ExpectInitialRecordVersion: expectedVersion,
2325 },
2326 },
2327 flags: []string{"-max-version", shimVersFlag},
2328 expectedVersion: expectedVersion,
2329 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2330 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]2331 }
2332 }
2333}
2334
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2335func addMinimumVersionTests() {
2336 for i, shimVers := range tlsVersions {
2337 // Assemble flags to disable all older versions on the shim.
2338 var flags []string
2339 for _, vers := range tlsVersions[:i] {
2340 flags = append(flags, vers.flag)
2341 }
2342
2343 for _, runnerVers := range tlsVersions {
2344 protocols := []protocol{tls}
2345 if runnerVers.hasDTLS && shimVers.hasDTLS {
2346 protocols = append(protocols, dtls)
2347 }
2348 for _, protocol := range protocols {
2349 suffix := shimVers.name + "-" + runnerVers.name
2350 if protocol == dtls {
2351 suffix += "-DTLS"
2352 }
2353 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
2354
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2355 var expectedVersion uint16
2356 var shouldFail bool
2357 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2358 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2359 if runnerVers.version >= shimVers.version {
2360 expectedVersion = runnerVers.version
2361 } else {
2362 shouldFail = true
2363 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2364 if runnerVers.version > VersionSSL30 {
2365 expectedLocalError = "remote error: protocol version not supported"
2366 } else {
2367 expectedLocalError = "remote error: handshake failure"
2368 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2369 }
2370
2371 testCases = append(testCases, testCase{
2372 protocol: protocol,
2373 testType: clientTest,
2374 name: "MinimumVersion-Client-" + suffix,
2375 config: Config{
2376 MaxVersion: runnerVers.version,
2377 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2378 flags: flags,
2379 expectedVersion: expectedVersion,
2380 shouldFail: shouldFail,
2381 expectedError: expectedError,
2382 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2383 })
2384 testCases = append(testCases, testCase{
2385 protocol: protocol,
2386 testType: clientTest,
2387 name: "MinimumVersion-Client2-" + suffix,
2388 config: Config{
2389 MaxVersion: runnerVers.version,
2390 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2391 flags: []string{"-min-version", shimVersFlag},
2392 expectedVersion: expectedVersion,
2393 shouldFail: shouldFail,
2394 expectedError: expectedError,
2395 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2396 })
2397
2398 testCases = append(testCases, testCase{
2399 protocol: protocol,
2400 testType: serverTest,
2401 name: "MinimumVersion-Server-" + suffix,
2402 config: Config{
2403 MaxVersion: runnerVers.version,
2404 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2405 flags: flags,
2406 expectedVersion: expectedVersion,
2407 shouldFail: shouldFail,
2408 expectedError: expectedError,
2409 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2410 })
2411 testCases = append(testCases, testCase{
2412 protocol: protocol,
2413 testType: serverTest,
2414 name: "MinimumVersion-Server2-" + suffix,
2415 config: Config{
2416 MaxVersion: runnerVers.version,
2417 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]2418 flags: []string{"-min-version", shimVersFlag},
2419 expectedVersion: expectedVersion,
2420 shouldFail: shouldFail,
2421 expectedError: expectedError,
2422 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]2423 })
2424 }
2425 }
2426 }
2427}
2428
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]2429func addD5BugTests() {
2430 testCases = append(testCases, testCase{
2431 testType: serverTest,
2432 name: "D5Bug-NoQuirk-Reject",
2433 config: Config{
2434 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2435 Bugs: ProtocolBugs{
2436 SSL3RSAKeyExchange: true,
2437 },
2438 },
2439 shouldFail: true,
2440 expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
2441 })
2442 testCases = append(testCases, testCase{
2443 testType: serverTest,
2444 name: "D5Bug-Quirk-Normal",
2445 config: Config{
2446 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2447 },
2448 flags: []string{"-tls-d5-bug"},
2449 })
2450 testCases = append(testCases, testCase{
2451 testType: serverTest,
2452 name: "D5Bug-Quirk-Bug",
2453 config: Config{
2454 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2455 Bugs: ProtocolBugs{
2456 SSL3RSAKeyExchange: true,
2457 },
2458 },
2459 flags: []string{"-tls-d5-bug"},
2460 })
2461}
2462
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2463func addExtensionTests() {
2464 testCases = append(testCases, testCase{
2465 testType: clientTest,
2466 name: "DuplicateExtensionClient",
2467 config: Config{
2468 Bugs: ProtocolBugs{
2469 DuplicateExtension: true,
2470 },
2471 },
2472 shouldFail: true,
2473 expectedLocalError: "remote error: error decoding message",
2474 })
2475 testCases = append(testCases, testCase{
2476 testType: serverTest,
2477 name: "DuplicateExtensionServer",
2478 config: Config{
2479 Bugs: ProtocolBugs{
2480 DuplicateExtension: true,
2481 },
2482 },
2483 shouldFail: true,
2484 expectedLocalError: "remote error: error decoding message",
2485 })
2486 testCases = append(testCases, testCase{
2487 testType: clientTest,
2488 name: "ServerNameExtensionClient",
2489 config: Config{
2490 Bugs: ProtocolBugs{
2491 ExpectServerName: "example.com",
2492 },
2493 },
2494 flags: []string{"-host-name", "example.com"},
2495 })
2496 testCases = append(testCases, testCase{
2497 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]2498 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2499 config: Config{
2500 Bugs: ProtocolBugs{
2501 ExpectServerName: "mismatch.com",
2502 },
2503 },
2504 flags: []string{"-host-name", "example.com"},
2505 shouldFail: true,
2506 expectedLocalError: "tls: unexpected server name",
2507 })
2508 testCases = append(testCases, testCase{
2509 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]2510 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2511 config: Config{
2512 Bugs: ProtocolBugs{
2513 ExpectServerName: "missing.com",
2514 },
2515 },
2516 shouldFail: true,
2517 expectedLocalError: "tls: unexpected server name",
2518 })
2519 testCases = append(testCases, testCase{
2520 testType: serverTest,
2521 name: "ServerNameExtensionServer",
2522 config: Config{
2523 ServerName: "example.com",
2524 },
2525 flags: []string{"-expect-server-name", "example.com"},
2526 resumeSession: true,
2527 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2528 testCases = append(testCases, testCase{
2529 testType: clientTest,
2530 name: "ALPNClient",
2531 config: Config{
2532 NextProtos: []string{"foo"},
2533 },
2534 flags: []string{
2535 "-advertise-alpn", "\x03foo\x03bar\x03baz",
2536 "-expect-alpn", "foo",
2537 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2538 expectedNextProto: "foo",
2539 expectedNextProtoType: alpn,
2540 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2541 })
2542 testCases = append(testCases, testCase{
2543 testType: serverTest,
2544 name: "ALPNServer",
2545 config: Config{
2546 NextProtos: []string{"foo", "bar", "baz"},
2547 },
2548 flags: []string{
2549 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
2550 "-select-alpn", "foo",
2551 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]2552 expectedNextProto: "foo",
2553 expectedNextProtoType: alpn,
2554 resumeSession: true,
2555 })
2556 // Test that the server prefers ALPN over NPN.
2557 testCases = append(testCases, testCase{
2558 testType: serverTest,
2559 name: "ALPNServer-Preferred",
2560 config: Config{
2561 NextProtos: []string{"foo", "bar", "baz"},
2562 },
2563 flags: []string{
2564 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
2565 "-select-alpn", "foo",
2566 "-advertise-npn", "\x03foo\x03bar\x03baz",
2567 },
2568 expectedNextProto: "foo",
2569 expectedNextProtoType: alpn,
2570 resumeSession: true,
2571 })
2572 testCases = append(testCases, testCase{
2573 testType: serverTest,
2574 name: "ALPNServer-Preferred-Swapped",
2575 config: Config{
2576 NextProtos: []string{"foo", "bar", "baz"},
2577 Bugs: ProtocolBugs{
2578 SwapNPNAndALPN: true,
2579 },
2580 },
2581 flags: []string{
2582 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
2583 "-select-alpn", "foo",
2584 "-advertise-npn", "\x03foo\x03bar\x03baz",
2585 },
2586 expectedNextProto: "foo",
2587 expectedNextProtoType: alpn,
2588 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]2589 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]2590 // Resume with a corrupt ticket.
2591 testCases = append(testCases, testCase{
2592 testType: serverTest,
2593 name: "CorruptTicket",
2594 config: Config{
2595 Bugs: ProtocolBugs{
2596 CorruptTicket: true,
2597 },
2598 },
2599 resumeSession: true,
2600 flags: []string{"-expect-session-miss"},
2601 })
2602 // Resume with an oversized session id.
2603 testCases = append(testCases, testCase{
2604 testType: serverTest,
2605 name: "OversizedSessionId",
2606 config: Config{
2607 Bugs: ProtocolBugs{
2608 OversizedSessionId: true,
2609 },
2610 },
2611 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2612 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]2613 expectedError: ":DECODE_ERROR:",
2614 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]2615 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
2616 // are ignored.
2617 testCases = append(testCases, testCase{
2618 protocol: dtls,
2619 name: "SRTP-Client",
2620 config: Config{
2621 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
2622 },
2623 flags: []string{
2624 "-srtp-profiles",
2625 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2626 },
2627 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
2628 })
2629 testCases = append(testCases, testCase{
2630 protocol: dtls,
2631 testType: serverTest,
2632 name: "SRTP-Server",
2633 config: Config{
2634 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
2635 },
2636 flags: []string{
2637 "-srtp-profiles",
2638 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2639 },
2640 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
2641 })
2642 // Test that the MKI is ignored.
2643 testCases = append(testCases, testCase{
2644 protocol: dtls,
2645 testType: serverTest,
2646 name: "SRTP-Server-IgnoreMKI",
2647 config: Config{
2648 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
2649 Bugs: ProtocolBugs{
2650 SRTPMasterKeyIdentifer: "bogus",
2651 },
2652 },
2653 flags: []string{
2654 "-srtp-profiles",
2655 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2656 },
2657 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
2658 })
2659 // Test that SRTP isn't negotiated on the server if there were
2660 // no matching profiles.
2661 testCases = append(testCases, testCase{
2662 protocol: dtls,
2663 testType: serverTest,
2664 name: "SRTP-Server-NoMatch",
2665 config: Config{
2666 SRTPProtectionProfiles: []uint16{100, 101, 102},
2667 },
2668 flags: []string{
2669 "-srtp-profiles",
2670 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
2671 },
2672 expectedSRTPProtectionProfile: 0,
2673 })
2674 // Test that the server returning an invalid SRTP profile is
2675 // flagged as an error by the client.
2676 testCases = append(testCases, testCase{
2677 protocol: dtls,
2678 name: "SRTP-Client-NoMatch",
2679 config: Config{
2680 Bugs: ProtocolBugs{
2681 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
2682 },
2683 },
2684 flags: []string{
2685 "-srtp-profiles",
2686 "SRTP_AES128_CM_SHA1_80",
2687 },
2688 shouldFail: true,
2689 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
2690 })
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]2691 // Test OCSP stapling and SCT list.
2692 testCases = append(testCases, testCase{
2693 name: "OCSPStapling",
2694 flags: []string{
2695 "-enable-ocsp-stapling",
2696 "-expect-ocsp-response",
2697 base64.StdEncoding.EncodeToString(testOCSPResponse),
2698 },
2699 })
2700 testCases = append(testCases, testCase{
2701 name: "SignedCertificateTimestampList",
2702 flags: []string{
2703 "-enable-signed-cert-timestamps",
2704 "-expect-signed-cert-timestamps",
2705 base64.StdEncoding.EncodeToString(testSCTList),
2706 },
2707 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]2708}
2709
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2710func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2711 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2712 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2713 protocols := []protocol{tls}
2714 if sessionVers.hasDTLS && resumeVers.hasDTLS {
2715 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]2716 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2717 for _, protocol := range protocols {
2718 suffix := "-" + sessionVers.name + "-" + resumeVers.name
2719 if protocol == dtls {
2720 suffix += "-DTLS"
2721 }
2722
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]2723 if sessionVers.version == resumeVers.version {
2724 testCases = append(testCases, testCase{
2725 protocol: protocol,
2726 name: "Resume-Client" + suffix,
2727 resumeSession: true,
2728 config: Config{
2729 MaxVersion: sessionVers.version,
2730 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2731 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]2732 expectedVersion: sessionVers.version,
2733 expectedResumeVersion: resumeVers.version,
2734 })
2735 } else {
2736 testCases = append(testCases, testCase{
2737 protocol: protocol,
2738 name: "Resume-Client-Mismatch" + suffix,
2739 resumeSession: true,
2740 config: Config{
2741 MaxVersion: sessionVers.version,
2742 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2743 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]2744 expectedVersion: sessionVers.version,
2745 resumeConfig: &Config{
2746 MaxVersion: resumeVers.version,
2747 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2748 Bugs: ProtocolBugs{
2749 AllowSessionVersionMismatch: true,
2750 },
2751 },
2752 expectedResumeVersion: resumeVers.version,
2753 shouldFail: true,
2754 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
2755 })
2756 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2757
2758 testCases = append(testCases, testCase{
2759 protocol: protocol,
2760 name: "Resume-Client-NoResume" + suffix,
2761 flags: []string{"-expect-session-miss"},
2762 resumeSession: true,
2763 config: Config{
2764 MaxVersion: sessionVers.version,
2765 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2766 },
2767 expectedVersion: sessionVers.version,
2768 resumeConfig: &Config{
2769 MaxVersion: resumeVers.version,
2770 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2771 },
2772 newSessionsOnResume: true,
2773 expectedResumeVersion: resumeVers.version,
2774 })
2775
2776 var flags []string
2777 if sessionVers.version != resumeVers.version {
2778 flags = append(flags, "-expect-session-miss")
2779 }
2780 testCases = append(testCases, testCase{
2781 protocol: protocol,
2782 testType: serverTest,
2783 name: "Resume-Server" + suffix,
2784 flags: flags,
2785 resumeSession: true,
2786 config: Config{
2787 MaxVersion: sessionVers.version,
2788 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2789 },
2790 expectedVersion: sessionVers.version,
2791 resumeConfig: &Config{
2792 MaxVersion: resumeVers.version,
2793 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
2794 },
2795 expectedResumeVersion: resumeVers.version,
2796 })
2797 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2798 }
2799 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]2800
2801 testCases = append(testCases, testCase{
2802 name: "Resume-Client-CipherMismatch",
2803 resumeSession: true,
2804 config: Config{
2805 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2806 },
2807 resumeConfig: &Config{
2808 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
2809 Bugs: ProtocolBugs{
2810 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
2811 },
2812 },
2813 shouldFail: true,
2814 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
2815 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]2816}
2817
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2818func addRenegotiationTests() {
2819 testCases = append(testCases, testCase{
2820 testType: serverTest,
2821 name: "Renegotiate-Server",
2822 flags: []string{"-renegotiate"},
2823 shimWritesFirst: true,
2824 })
2825 testCases = append(testCases, testCase{
2826 testType: serverTest,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]2827 name: "Renegotiate-Server-Full",
2828 config: Config{
2829 Bugs: ProtocolBugs{
2830 NeverResumeOnRenego: true,
2831 },
2832 },
2833 flags: []string{"-renegotiate"},
2834 shimWritesFirst: true,
2835 })
2836 testCases = append(testCases, testCase{
2837 testType: serverTest,
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2838 name: "Renegotiate-Server-EmptyExt",
2839 config: Config{
2840 Bugs: ProtocolBugs{
2841 EmptyRenegotiationInfo: true,
2842 },
2843 },
2844 flags: []string{"-renegotiate"},
2845 shimWritesFirst: true,
2846 shouldFail: true,
2847 expectedError: ":RENEGOTIATION_MISMATCH:",
2848 })
2849 testCases = append(testCases, testCase{
2850 testType: serverTest,
2851 name: "Renegotiate-Server-BadExt",
2852 config: Config{
2853 Bugs: ProtocolBugs{
2854 BadRenegotiationInfo: true,
2855 },
2856 },
2857 flags: []string{"-renegotiate"},
2858 shimWritesFirst: true,
2859 shouldFail: true,
2860 expectedError: ":RENEGOTIATION_MISMATCH:",
2861 })
David Benjaminca6554b2014-11-08 12:31:52 -0500[diff] [blame]2862 testCases = append(testCases, testCase{
2863 testType: serverTest,
2864 name: "Renegotiate-Server-ClientInitiated",
2865 renegotiate: true,
2866 })
2867 testCases = append(testCases, testCase{
2868 testType: serverTest,
2869 name: "Renegotiate-Server-ClientInitiated-NoExt",
2870 renegotiate: true,
2871 config: Config{
2872 Bugs: ProtocolBugs{
2873 NoRenegotiationInfo: true,
2874 },
2875 },
2876 shouldFail: true,
2877 expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
2878 })
2879 testCases = append(testCases, testCase{
2880 testType: serverTest,
2881 name: "Renegotiate-Server-ClientInitiated-NoExt-Allowed",
2882 renegotiate: true,
2883 config: Config{
2884 Bugs: ProtocolBugs{
2885 NoRenegotiationInfo: true,
2886 },
2887 },
2888 flags: []string{"-allow-unsafe-legacy-renegotiation"},
2889 })
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]2890 testCases = append(testCases, testCase{
2891 testType: serverTest,
2892 name: "Renegotiate-Server-ClientInitiated-Forbidden",
2893 renegotiate: true,
2894 flags: []string{"-reject-peer-renegotiations"},
2895 shouldFail: true,
2896 expectedError: ":NO_RENEGOTIATION:",
2897 expectedLocalError: "remote error: no renegotiation",
2898 })
David Benjamin3c9746a2015-03-19 15:00:10 -0400[diff] [blame]2899 // Regression test for CVE-2015-0291.
2900 testCases = append(testCases, testCase{
2901 testType: serverTest,
2902 name: "Renegotiate-Server-NoSignatureAlgorithms",
2903 config: Config{
2904 Bugs: ProtocolBugs{
2905 NeverResumeOnRenego: true,
2906 NoSignatureAlgorithmsOnRenego: true,
2907 },
2908 },
2909 flags: []string{"-renegotiate"},
2910 shimWritesFirst: true,
2911 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2912 // TODO(agl): test the renegotiation info SCSV.
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]2913 testCases = append(testCases, testCase{
2914 name: "Renegotiate-Client",
2915 renegotiate: true,
2916 })
2917 testCases = append(testCases, testCase{
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]2918 name: "Renegotiate-Client-Full",
2919 config: Config{
2920 Bugs: ProtocolBugs{
2921 NeverResumeOnRenego: true,
2922 },
2923 },
2924 renegotiate: true,
2925 })
2926 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]2927 name: "Renegotiate-Client-EmptyExt",
2928 renegotiate: true,
2929 config: Config{
2930 Bugs: ProtocolBugs{
2931 EmptyRenegotiationInfo: true,
2932 },
2933 },
2934 shouldFail: true,
2935 expectedError: ":RENEGOTIATION_MISMATCH:",
2936 })
2937 testCases = append(testCases, testCase{
2938 name: "Renegotiate-Client-BadExt",
2939 renegotiate: true,
2940 config: Config{
2941 Bugs: ProtocolBugs{
2942 BadRenegotiationInfo: true,
2943 },
2944 },
2945 shouldFail: true,
2946 expectedError: ":RENEGOTIATION_MISMATCH:",
2947 })
2948 testCases = append(testCases, testCase{
2949 name: "Renegotiate-Client-SwitchCiphers",
2950 renegotiate: true,
2951 config: Config{
2952 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2953 },
2954 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2955 })
2956 testCases = append(testCases, testCase{
2957 name: "Renegotiate-Client-SwitchCiphers2",
2958 renegotiate: true,
2959 config: Config{
2960 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2961 },
2962 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
2963 })
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]2964 testCases = append(testCases, testCase{
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]2965 name: "Renegotiate-Client-Forbidden",
2966 renegotiate: true,
2967 flags: []string{"-reject-peer-renegotiations"},
2968 shouldFail: true,
2969 expectedError: ":NO_RENEGOTIATION:",
2970 expectedLocalError: "remote error: no renegotiation",
2971 })
2972 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]2973 name: "Renegotiate-SameClientVersion",
2974 renegotiate: true,
2975 config: Config{
2976 MaxVersion: VersionTLS10,
2977 Bugs: ProtocolBugs{
2978 RequireSameRenegoClientVersion: true,
2979 },
2980 },
2981 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]2982}
2983
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]2984func addDTLSReplayTests() {
2985 // Test that sequence number replays are detected.
2986 testCases = append(testCases, testCase{
2987 protocol: dtls,
2988 name: "DTLS-Replay",
2989 replayWrites: true,
2990 })
2991
2992 // Test the outgoing sequence number skipping by values larger
2993 // than the retransmit window.
2994 testCases = append(testCases, testCase{
2995 protocol: dtls,
2996 name: "DTLS-Replay-LargeGaps",
2997 config: Config{
2998 Bugs: ProtocolBugs{
2999 SequenceNumberIncrement: 127,
3000 },
3001 },
3002 replayWrites: true,
3003 })
3004}
3005
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]3006func addFastRadioPaddingTests() {
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3007 testCases = append(testCases, testCase{
3008 protocol: tls,
3009 name: "FastRadio-Padding",
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]3010 config: Config{
3011 Bugs: ProtocolBugs{
3012 RequireFastradioPadding: true,
3013 },
3014 },
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3015 flags: []string{"-fastradio-padding"},
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]3016 })
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3017 testCases = append(testCases, testCase{
3018 protocol: dtls,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3019 name: "FastRadio-Padding-DTLS",
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]3020 config: Config{
3021 Bugs: ProtocolBugs{
3022 RequireFastradioPadding: true,
3023 },
3024 },
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3025 flags: []string{"-fastradio-padding"},
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]3026 })
3027}
3028
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3029var testHashes = []struct {
3030 name string
3031 id uint8
3032}{
3033 {"SHA1", hashSHA1},
3034 {"SHA224", hashSHA224},
3035 {"SHA256", hashSHA256},
3036 {"SHA384", hashSHA384},
3037 {"SHA512", hashSHA512},
3038}
3039
3040func addSigningHashTests() {
3041 // Make sure each hash works. Include some fake hashes in the list and
3042 // ensure they're ignored.
3043 for _, hash := range testHashes {
3044 testCases = append(testCases, testCase{
3045 name: "SigningHash-ClientAuth-" + hash.name,
3046 config: Config{
3047 ClientAuth: RequireAnyClientCert,
3048 SignatureAndHashes: []signatureAndHash{
3049 {signatureRSA, 42},
3050 {signatureRSA, hash.id},
3051 {signatureRSA, 255},
3052 },
3053 },
3054 flags: []string{
3055 "-cert-file", rsaCertificateFile,
3056 "-key-file", rsaKeyFile,
3057 },
3058 })
3059
3060 testCases = append(testCases, testCase{
3061 testType: serverTest,
3062 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
3063 config: Config{
3064 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3065 SignatureAndHashes: []signatureAndHash{
3066 {signatureRSA, 42},
3067 {signatureRSA, hash.id},
3068 {signatureRSA, 255},
3069 },
3070 },
3071 })
3072 }
3073
3074 // Test that hash resolution takes the signature type into account.
3075 testCases = append(testCases, testCase{
3076 name: "SigningHash-ClientAuth-SignatureType",
3077 config: Config{
3078 ClientAuth: RequireAnyClientCert,
3079 SignatureAndHashes: []signatureAndHash{
3080 {signatureECDSA, hashSHA512},
3081 {signatureRSA, hashSHA384},
3082 {signatureECDSA, hashSHA1},
3083 },
3084 },
3085 flags: []string{
3086 "-cert-file", rsaCertificateFile,
3087 "-key-file", rsaKeyFile,
3088 },
3089 })
3090
3091 testCases = append(testCases, testCase{
3092 testType: serverTest,
3093 name: "SigningHash-ServerKeyExchange-SignatureType",
3094 config: Config{
3095 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3096 SignatureAndHashes: []signatureAndHash{
3097 {signatureECDSA, hashSHA512},
3098 {signatureRSA, hashSHA384},
3099 {signatureECDSA, hashSHA1},
3100 },
3101 },
3102 })
3103
3104 // Test that, if the list is missing, the peer falls back to SHA-1.
3105 testCases = append(testCases, testCase{
3106 name: "SigningHash-ClientAuth-Fallback",
3107 config: Config{
3108 ClientAuth: RequireAnyClientCert,
3109 SignatureAndHashes: []signatureAndHash{
3110 {signatureRSA, hashSHA1},
3111 },
3112 Bugs: ProtocolBugs{
3113 NoSignatureAndHashes: true,
3114 },
3115 },
3116 flags: []string{
3117 "-cert-file", rsaCertificateFile,
3118 "-key-file", rsaKeyFile,
3119 },
3120 })
3121
3122 testCases = append(testCases, testCase{
3123 testType: serverTest,
3124 name: "SigningHash-ServerKeyExchange-Fallback",
3125 config: Config{
3126 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3127 SignatureAndHashes: []signatureAndHash{
3128 {signatureRSA, hashSHA1},
3129 },
3130 Bugs: ProtocolBugs{
3131 NoSignatureAndHashes: true,
3132 },
3133 },
3134 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]3135
3136 // Test that hash preferences are enforced. BoringSSL defaults to
3137 // rejecting MD5 signatures.
3138 testCases = append(testCases, testCase{
3139 testType: serverTest,
3140 name: "SigningHash-ClientAuth-Enforced",
3141 config: Config{
3142 Certificates: []Certificate{rsaCertificate},
3143 SignatureAndHashes: []signatureAndHash{
3144 {signatureRSA, hashMD5},
3145 // Advertise SHA-1 so the handshake will
3146 // proceed, but the shim's preferences will be
3147 // ignored in CertificateVerify generation, so
3148 // MD5 will be chosen.
3149 {signatureRSA, hashSHA1},
3150 },
3151 Bugs: ProtocolBugs{
3152 IgnorePeerSignatureAlgorithmPreferences: true,
3153 },
3154 },
3155 flags: []string{"-require-any-client-certificate"},
3156 shouldFail: true,
3157 expectedError: ":WRONG_SIGNATURE_TYPE:",
3158 })
3159
3160 testCases = append(testCases, testCase{
3161 name: "SigningHash-ServerKeyExchange-Enforced",
3162 config: Config{
3163 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3164 SignatureAndHashes: []signatureAndHash{
3165 {signatureRSA, hashMD5},
3166 },
3167 Bugs: ProtocolBugs{
3168 IgnorePeerSignatureAlgorithmPreferences: true,
3169 },
3170 },
3171 shouldFail: true,
3172 expectedError: ":WRONG_SIGNATURE_TYPE:",
3173 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3174}
3175
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3176// timeouts is the retransmit schedule for BoringSSL. It doubles and
3177// caps at 60 seconds. On the 13th timeout, it gives up.
3178var timeouts = []time.Duration{
3179 1 * time.Second,
3180 2 * time.Second,
3181 4 * time.Second,
3182 8 * time.Second,
3183 16 * time.Second,
3184 32 * time.Second,
3185 60 * time.Second,
3186 60 * time.Second,
3187 60 * time.Second,
3188 60 * time.Second,
3189 60 * time.Second,
3190 60 * time.Second,
3191 60 * time.Second,
3192}
3193
3194func addDTLSRetransmitTests() {
3195 // Test that this is indeed the timeout schedule. Stress all
3196 // four patterns of handshake.
3197 for i := 1; i < len(timeouts); i++ {
3198 number := strconv.Itoa(i)
3199 testCases = append(testCases, testCase{
3200 protocol: dtls,
3201 name: "DTLS-Retransmit-Client-" + number,
3202 config: Config{
3203 Bugs: ProtocolBugs{
3204 TimeoutSchedule: timeouts[:i],
3205 },
3206 },
3207 resumeSession: true,
3208 flags: []string{"-async"},
3209 })
3210 testCases = append(testCases, testCase{
3211 protocol: dtls,
3212 testType: serverTest,
3213 name: "DTLS-Retransmit-Server-" + number,
3214 config: Config{
3215 Bugs: ProtocolBugs{
3216 TimeoutSchedule: timeouts[:i],
3217 },
3218 },
3219 resumeSession: true,
3220 flags: []string{"-async"},
3221 })
3222 }
3223
3224 // Test that exceeding the timeout schedule hits a read
3225 // timeout.
3226 testCases = append(testCases, testCase{
3227 protocol: dtls,
3228 name: "DTLS-Retransmit-Timeout",
3229 config: Config{
3230 Bugs: ProtocolBugs{
3231 TimeoutSchedule: timeouts,
3232 },
3233 },
3234 resumeSession: true,
3235 flags: []string{"-async"},
3236 shouldFail: true,
3237 expectedError: ":READ_TIMEOUT_EXPIRED:",
3238 })
3239
3240 // Test that timeout handling has a fudge factor, due to API
3241 // problems.
3242 testCases = append(testCases, testCase{
3243 protocol: dtls,
3244 name: "DTLS-Retransmit-Fudge",
3245 config: Config{
3246 Bugs: ProtocolBugs{
3247 TimeoutSchedule: []time.Duration{
3248 timeouts[0] - 10*time.Millisecond,
3249 },
3250 },
3251 },
3252 resumeSession: true,
3253 flags: []string{"-async"},
3254 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]3255
3256 // Test that the final Finished retransmitting isn't
3257 // duplicated if the peer badly fragments everything.
3258 testCases = append(testCases, testCase{
3259 testType: serverTest,
3260 protocol: dtls,
3261 name: "DTLS-Retransmit-Fragmented",
3262 config: Config{
3263 Bugs: ProtocolBugs{
3264 TimeoutSchedule: []time.Duration{timeouts[0]},
3265 MaxHandshakeRecordLength: 2,
3266 },
3267 },
3268 flags: []string{"-async"},
3269 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3270}
3271
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]3272func addExportKeyingMaterialTests() {
3273 for _, vers := range tlsVersions {
3274 if vers.version == VersionSSL30 {
3275 continue
3276 }
3277 testCases = append(testCases, testCase{
3278 name: "ExportKeyingMaterial-" + vers.name,
3279 config: Config{
3280 MaxVersion: vers.version,
3281 },
3282 exportKeyingMaterial: 1024,
3283 exportLabel: "label",
3284 exportContext: "context",
3285 useExportContext: true,
3286 })
3287 testCases = append(testCases, testCase{
3288 name: "ExportKeyingMaterial-NoContext-" + vers.name,
3289 config: Config{
3290 MaxVersion: vers.version,
3291 },
3292 exportKeyingMaterial: 1024,
3293 })
3294 testCases = append(testCases, testCase{
3295 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
3296 config: Config{
3297 MaxVersion: vers.version,
3298 },
3299 exportKeyingMaterial: 1024,
3300 useExportContext: true,
3301 })
3302 testCases = append(testCases, testCase{
3303 name: "ExportKeyingMaterial-Small-" + vers.name,
3304 config: Config{
3305 MaxVersion: vers.version,
3306 },
3307 exportKeyingMaterial: 1,
3308 exportLabel: "label",
3309 exportContext: "context",
3310 useExportContext: true,
3311 })
3312 }
3313 testCases = append(testCases, testCase{
3314 name: "ExportKeyingMaterial-SSL3",
3315 config: Config{
3316 MaxVersion: VersionSSL30,
3317 },
3318 exportKeyingMaterial: 1024,
3319 exportLabel: "label",
3320 exportContext: "context",
3321 useExportContext: true,
3322 shouldFail: true,
3323 expectedError: "failed to export keying material",
3324 })
3325}
3326
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]3327func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3328 defer wg.Done()
3329
3330 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]3331 var err error
3332
3333 if *mallocTest < 0 {
3334 statusChan <- statusMsg{test: test, started: true}
3335 err = runTest(test, buildDir, -1)
3336 } else {
3337 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
3338 statusChan <- statusMsg{test: test, started: true}
3339 if err = runTest(test, buildDir, mallocNumToFail); err != errMoreMallocs {
3340 if err != nil {
3341 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
3342 }
3343 break
3344 }
3345 }
3346 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3347 statusChan <- statusMsg{test: test, err: err}
3348 }
3349}
3350
3351type statusMsg struct {
3352 test *testCase
3353 started bool
3354 err error
3355}
3356
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3357func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3358 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3359
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3360 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3361 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3362 if !*pipe {
3363 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]3364 var erase string
3365 for i := 0; i < lineLen; i++ {
3366 erase += "\b \b"
3367 }
3368 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3369 }
3370
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3371 if msg.started {
3372 started++
3373 } else {
3374 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3375
3376 if msg.err != nil {
3377 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
3378 failed++
3379 testOutput.addResult(msg.test.name, "FAIL")
3380 } else {
3381 if *pipe {
3382 // Print each test instead of a status line.
3383 fmt.Printf("PASSED (%s)\n", msg.test.name)
3384 }
3385 testOutput.addResult(msg.test.name, "PASS")
3386 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3387 }
3388
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3389 if !*pipe {
3390 // Print a new status line.
3391 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
3392 lineLen = len(line)
3393 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3394 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3395 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3396
3397 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3398}
3399
3400func main() {
3401 var flagTest *string = flag.String("test", "", "The name of a test to run, or empty to run all tests")
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]3402 var flagNumWorkers *int = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]3403 var flagBuildDir *string = flag.String("build-dir", "../../../build", "The build directory to run the shim from.")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3404
3405 flag.Parse()
3406
3407 addCipherSuiteTests()
3408 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]3409 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]3410 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]3411 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3412 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3413 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3414 addMinimumVersionTests()
David Benjamin5c24a1d2014-08-31 00:59:27 -0400[diff] [blame]3415 addD5BugTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3416 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3417 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3418 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3419 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]3420 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]3421 addSigningHashTests()
Feng Lu41aa3252014-11-21 22:47:56 -0800[diff] [blame]3422 addFastRadioPaddingTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]3423 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]3424 addExportKeyingMaterialTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3425 for _, async := range []bool{false, true} {
3426 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3427 for _, protocol := range []protocol{tls, dtls} {
3428 addStateMachineCoverageTests(async, splitHandshake, protocol)
3429 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3430 }
3431 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3432
3433 var wg sync.WaitGroup
3434
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]3435 numWorkers := *flagNumWorkers
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3436
3437 statusChan := make(chan statusMsg, numWorkers)
3438 testChan := make(chan *testCase, numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3439 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3440
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]3441 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3442
3443 for i := 0; i < numWorkers; i++ {
3444 wg.Add(1)
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]3445 go worker(statusChan, testChan, *flagBuildDir, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3446 }
3447
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]3448 for i := range testCases {
3449 if len(*flagTest) == 0 || *flagTest == testCases[i].name {
3450 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3451 }
3452 }
3453
3454 close(testChan)
3455 wg.Wait()
3456 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3457 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3458
3459 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3460
3461 if *jsonOutput != "" {
3462 if err := testOutput.writeTo(*jsonOutput); err != nil {
3463 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
3464 }
3465 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]3466
3467 if !testOutput.allPassed {
3468 os.Exit(1)
3469 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]3470}