Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / c660417bd7a7a438eddb0bc087931671b6a849e7 / . / ssl / test / runner / runner.go
blob: 71d14d2ad95016a9863d540b62a29fc88327f646 [file] [log] [blame]
Adam Langley7fcfd3b2016-05-20 11:02:50 -0700[diff] [blame]1// Copyright (c) 2016, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]15package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]16
17import (
18 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]19 "crypto/ecdsa"
20 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]21 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]22 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]23 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]24 "flag"
25 "fmt"
26 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]27 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]28 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]29 "net"
30 "os"
31 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]32 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]33 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]34 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]35 "strings"
36 "sync"
37 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]38 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]39)
40
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]41var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]42 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
43 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]44 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]45 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
46 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
47 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
48 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
49 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]50 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
51 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
52 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
53 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]54 fuzzer = flag.Bool("fuzzer", false, "If true, tests against a BoringSSL built in fuzzer mode.")
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]55 transcriptDir = flag.String("transcript-dir", "", "The directory in which to write transcripts.")
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]56 timeout = flag.Int("timeout", 15, "The number of seconds to wait for a read or write to bssl_shim.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]57)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]58
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]59const (
60 rsaCertificateFile = "cert.pem"
61 ecdsaCertificateFile = "ecdsa_cert.pem"
62)
63
64const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]65 rsaKeyFile = "key.pem"
66 ecdsaKeyFile = "ecdsa_key.pem"
67 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]68)
69
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]70var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]71var channelIDKey *ecdsa.PrivateKey
72var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]73
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]74var testOCSPResponse = []byte{1, 2, 3, 4}
75var testSCTList = []byte{5, 6, 7, 8}
76
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]77func initCertificates() {
78 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]79 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]80 if err != nil {
81 panic(err)
82 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]83 rsaCertificate.OCSPStaple = testOCSPResponse
84 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]85
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]86 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]87 if err != nil {
88 panic(err)
89 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]90 ecdsaCertificate.OCSPStaple = testOCSPResponse
91 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]92
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]93 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]94 if err != nil {
95 panic(err)
96 }
97 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
98 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
99 panic("bad key type")
100 }
101 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
102 if err != nil {
103 panic(err)
104 }
105 if channelIDKey.Curve != elliptic.P256() {
106 panic("bad curve")
107 }
108
109 channelIDBytes = make([]byte, 64)
110 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
111 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]112}
113
114var certificateOnce sync.Once
115
116func getRSACertificate() Certificate {
117 certificateOnce.Do(initCertificates)
118 return rsaCertificate
119}
120
121func getECDSACertificate() Certificate {
122 certificateOnce.Do(initCertificates)
123 return ecdsaCertificate
124}
125
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]126type testType int
127
128const (
129 clientTest testType = iota
130 serverTest
131)
132
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]133type protocol int
134
135const (
136 tls protocol = iota
137 dtls
138)
139
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]140const (
141 alpn = 1
142 npn = 2
143)
144
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]145type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]146 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]147 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]148 name string
149 config Config
150 shouldFail bool
151 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]152 // expectedLocalError, if not empty, contains a substring that must be
153 // found in the local error.
154 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]155 // expectedVersion, if non-zero, specifies the TLS version that must be
156 // negotiated.
157 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]158 // expectedResumeVersion, if non-zero, specifies the TLS version that
159 // must be negotiated on resumption. If zero, expectedVersion is used.
160 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]161 // expectedCipher, if non-zero, specifies the TLS cipher suite that
162 // should be negotiated.
163 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]164 // expectChannelID controls whether the connection should have
165 // negotiated a Channel ID with channelIDKey.
166 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]167 // expectedNextProto controls whether the connection should
168 // negotiate a next protocol via NPN or ALPN.
169 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]170 // expectNoNextProto, if true, means that no next protocol should be
171 // negotiated.
172 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]173 // expectedNextProtoType, if non-zero, is the expected next
174 // protocol negotiation mechanism.
175 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]176 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
177 // should be negotiated. If zero, none should be negotiated.
178 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]179 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
180 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]181 // expectedSCTList, if not nil, is the expected SCT list to be received.
182 expectedSCTList []uint8
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]183 // expectedClientCertSignatureHash, if not zero, is the TLS id of the
184 // hash function that the client should have used when signing the
185 // handshake with a client certificate.
186 expectedClientCertSignatureHash uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]187 // messageLen is the length, in bytes, of the test message that will be
188 // sent.
189 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]190 // messageCount is the number of test messages that will be sent.
191 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]192 // digestPrefs is the list of digest preferences from the client.
193 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]194 // certFile is the path to the certificate to use for the server.
195 certFile string
196 // keyFile is the path to the private key to use for the server.
197 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]198 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]199 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]200 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]201 // expectResumeRejected, if true, specifies that the attempted
202 // resumption must be rejected by the client. This is only valid for a
203 // serverTest.
204 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]205 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]206 // resumption. Unless newSessionsOnResume is set,
207 // SessionTicketKey, ServerSessionCache, and
208 // ClientSessionCache are copied from the initial connection's
209 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]210 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]211 // newSessionsOnResume, if true, will cause resumeConfig to
212 // use a different session resumption context.
213 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]214 // noSessionCache, if true, will cause the server to run without a
215 // session cache.
216 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]217 // sendPrefix sends a prefix on the socket before actually performing a
218 // handshake.
219 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]220 // shimWritesFirst controls whether the shim sends an initial "hello"
221 // message before doing a roundtrip with the runner.
222 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]223 // shimShutsDown, if true, runs a test where the shim shuts down the
224 // connection immediately after the handshake rather than echoing
225 // messages from the runner.
226 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]227 // renegotiate indicates the number of times the connection should be
228 // renegotiated during the exchange.
229 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]230 // renegotiateCiphers is a list of ciphersuite ids that will be
231 // switched in just before renegotiation.
232 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]233 // replayWrites, if true, configures the underlying transport
234 // to replay every write it makes in DTLS tests.
235 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]236 // damageFirstWrite, if true, configures the underlying transport to
237 // damage the final byte of the first application data write.
238 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]239 // exportKeyingMaterial, if non-zero, configures the test to exchange
240 // keying material and verify they match.
241 exportKeyingMaterial int
242 exportLabel string
243 exportContext string
244 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]245 // flags, if not empty, contains a list of command-line flags that will
246 // be passed to the shim program.
247 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]248 // testTLSUnique, if true, causes the shim to send the tls-unique value
249 // which will be compared against the expected value.
250 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]251 // sendEmptyRecords is the number of consecutive empty records to send
252 // before and after the test message.
253 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]254 // sendWarningAlerts is the number of consecutive warning alerts to send
255 // before and after the test message.
256 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]257 // expectMessageDropped, if true, means the test message is expected to
258 // be dropped by the client rather than echoed back.
259 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]260}
261
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]262var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]263
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]264func writeTranscript(test *testCase, isResume bool, data []byte) {
265 if len(data) == 0 {
266 return
267 }
268
269 protocol := "tls"
270 if test.protocol == dtls {
271 protocol = "dtls"
272 }
273
274 side := "client"
275 if test.testType == serverTest {
276 side = "server"
277 }
278
279 dir := path.Join(*transcriptDir, protocol, side)
280 if err := os.MkdirAll(dir, 0755); err != nil {
281 fmt.Fprintf(os.Stderr, "Error making %s: %s\n", dir, err)
282 return
283 }
284
285 name := test.name
286 if isResume {
287 name += "-Resume"
288 } else {
289 name += "-Normal"
290 }
291
292 if err := ioutil.WriteFile(path.Join(dir, name), data, 0644); err != nil {
293 fmt.Fprintf(os.Stderr, "Error writing %s: %s\n", name, err)
294 }
295}
296
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]297// A timeoutConn implements an idle timeout on each Read and Write operation.
298type timeoutConn struct {
299 net.Conn
300 timeout time.Duration
301}
302
303func (t *timeoutConn) Read(b []byte) (int, error) {
304 if err := t.SetReadDeadline(time.Now().Add(t.timeout)); err != nil {
305 return 0, err
306 }
307 return t.Conn.Read(b)
308}
309
310func (t *timeoutConn) Write(b []byte) (int, error) {
311 if err := t.SetWriteDeadline(time.Now().Add(t.timeout)); err != nil {
312 return 0, err
313 }
314 return t.Conn.Write(b)
315}
316
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]317func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]318 conn = &timeoutConn{conn, time.Duration(*timeout) * time.Second}
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]319
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]320 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]321 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
322 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]323 }
324
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]325 if *flagDebug || len(*transcriptDir) != 0 {
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]326 local, peer := "client", "server"
327 if test.testType == clientTest {
328 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]329 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]330 connDebug := &recordingConn{
331 Conn: conn,
332 isDatagram: test.protocol == dtls,
333 local: local,
334 peer: peer,
335 }
336 conn = connDebug
David Benjamin9867b7d2016-03-01 23:25:48 -0500[diff] [blame]337 if *flagDebug {
338 defer connDebug.WriteTo(os.Stdout)
339 }
340 if len(*transcriptDir) != 0 {
341 defer func() {
342 writeTranscript(test, isResume, connDebug.Transcript())
343 }()
344 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]345
346 if config.Bugs.PacketAdaptor != nil {
347 config.Bugs.PacketAdaptor.debug = connDebug
348 }
349 }
350
351 if test.replayWrites {
352 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]353 }
354
David Benjamin3ed59772016-03-08 12:50:21 -0500[diff] [blame]355 var connDamage *damageAdaptor
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]356 if test.damageFirstWrite {
357 connDamage = newDamageAdaptor(conn)
358 conn = connDamage
359 }
360
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]361 if test.sendPrefix != "" {
362 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
363 return err
364 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]365 }
366
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]367 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]368 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]369 if test.protocol == dtls {
370 tlsConn = DTLSServer(conn, config)
371 } else {
372 tlsConn = Server(conn, config)
373 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]374 } else {
375 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]376 if test.protocol == dtls {
377 tlsConn = DTLSClient(conn, config)
378 } else {
379 tlsConn = Client(conn, config)
380 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]381 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]382 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]383
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]384 if err := tlsConn.Handshake(); err != nil {
385 return err
386 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]387
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]388 // TODO(davidben): move all per-connection expectations into a dedicated
389 // expectations struct that can be specified separately for the two
390 // legs.
391 expectedVersion := test.expectedVersion
392 if isResume && test.expectedResumeVersion != 0 {
393 expectedVersion = test.expectedResumeVersion
394 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]395 connState := tlsConn.ConnectionState()
396 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]397 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]398 }
399
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]400 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]401 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
402 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]403 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
404 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
405 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]406
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]407 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]408 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]409 if channelID == nil {
410 return fmt.Errorf("no channel ID negotiated")
411 }
412 if channelID.Curve != channelIDKey.Curve ||
413 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
414 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
415 return fmt.Errorf("incorrect channel ID")
416 }
417 }
418
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]419 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]420 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]421 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
422 }
423 }
424
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]425 if test.expectNoNextProto {
426 if actual := connState.NegotiatedProtocol; actual != "" {
427 return fmt.Errorf("got unexpected next proto %s", actual)
428 }
429 }
430
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]431 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]432 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]433 return fmt.Errorf("next proto type mismatch")
434 }
435 }
436
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]437 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]438 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
439 }
440
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]441 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
442 return fmt.Errorf("OCSP Response mismatch")
443 }
444
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]445 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
446 return fmt.Errorf("SCT list mismatch")
447 }
448
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]449 if expected := test.expectedClientCertSignatureHash; expected != 0 && expected != connState.ClientCertSignatureHash {
450 return fmt.Errorf("expected client to sign handshake with hash %d, but got %d", expected, connState.ClientCertSignatureHash)
451 }
452
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]453 if test.exportKeyingMaterial > 0 {
454 actual := make([]byte, test.exportKeyingMaterial)
455 if _, err := io.ReadFull(tlsConn, actual); err != nil {
456 return err
457 }
458 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
459 if err != nil {
460 return err
461 }
462 if !bytes.Equal(actual, expected) {
463 return fmt.Errorf("keying material mismatch")
464 }
465 }
466
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]467 if test.testTLSUnique {
468 var peersValue [12]byte
469 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
470 return err
471 }
472 expected := tlsConn.ConnectionState().TLSUnique
473 if !bytes.Equal(peersValue[:], expected) {
474 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
475 }
476 }
477
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]478 if test.shimWritesFirst {
479 var buf [5]byte
480 _, err := io.ReadFull(tlsConn, buf[:])
481 if err != nil {
482 return err
483 }
484 if string(buf[:]) != "hello" {
485 return fmt.Errorf("bad initial message")
486 }
487 }
488
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]489 for i := 0; i < test.sendEmptyRecords; i++ {
490 tlsConn.Write(nil)
491 }
492
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]493 for i := 0; i < test.sendWarningAlerts; i++ {
494 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
495 }
496
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]497 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]498 if test.renegotiateCiphers != nil {
499 config.CipherSuites = test.renegotiateCiphers
500 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]501 for i := 0; i < test.renegotiate; i++ {
502 if err := tlsConn.Renegotiate(); err != nil {
503 return err
504 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]505 }
506 } else if test.renegotiateCiphers != nil {
507 panic("renegotiateCiphers without renegotiate")
508 }
509
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]510 if test.damageFirstWrite {
511 connDamage.setDamage(true)
512 tlsConn.Write([]byte("DAMAGED WRITE"))
513 connDamage.setDamage(false)
514 }
515
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]516 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]517 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]518 if test.protocol == dtls {
519 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
520 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]521 // Read until EOF.
522 _, err := io.Copy(ioutil.Discard, tlsConn)
523 return err
524 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]525 if messageLen == 0 {
526 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]527 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]528
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]529 messageCount := test.messageCount
530 if messageCount == 0 {
531 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]532 }
533
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]534 for j := 0; j < messageCount; j++ {
535 testMessage := make([]byte, messageLen)
536 for i := range testMessage {
537 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]538 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]539 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]540
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]541 for i := 0; i < test.sendEmptyRecords; i++ {
542 tlsConn.Write(nil)
543 }
544
545 for i := 0; i < test.sendWarningAlerts; i++ {
546 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
547 }
548
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]549 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]550 // The shim will not respond.
551 continue
552 }
553
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]554 buf := make([]byte, len(testMessage))
555 if test.protocol == dtls {
556 bufTmp := make([]byte, len(buf)+1)
557 n, err := tlsConn.Read(bufTmp)
558 if err != nil {
559 return err
560 }
561 if n != len(buf) {
562 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
563 }
564 copy(buf, bufTmp)
565 } else {
566 _, err := io.ReadFull(tlsConn, buf)
567 if err != nil {
568 return err
569 }
570 }
571
572 for i, v := range buf {
573 if v != testMessage[i]^0xff {
574 return fmt.Errorf("bad reply contents at byte %d", i)
575 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]576 }
577 }
578
579 return nil
580}
581
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]582func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
583 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]584 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]585 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]586 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]587 valgrindArgs = append(valgrindArgs, path)
588 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]589
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]590 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]591}
592
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]593func gdbOf(path string, args ...string) *exec.Cmd {
594 xtermArgs := []string{"-e", "gdb", "--args"}
595 xtermArgs = append(xtermArgs, path)
596 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]597
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]598 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]599}
600
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]601func lldbOf(path string, args ...string) *exec.Cmd {
602 xtermArgs := []string{"-e", "lldb", "--"}
603 xtermArgs = append(xtermArgs, path)
604 xtermArgs = append(xtermArgs, args...)
605
606 return exec.Command("xterm", xtermArgs...)
607}
608
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]609type moreMallocsError struct{}
610
611func (moreMallocsError) Error() string {
612 return "child process did not exhaust all allocation calls"
613}
614
615var errMoreMallocs = moreMallocsError{}
616
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]617// accept accepts a connection from listener, unless waitChan signals a process
618// exit first.
619func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
620 type connOrError struct {
621 conn net.Conn
622 err error
623 }
624 connChan := make(chan connOrError, 1)
625 go func() {
626 conn, err := listener.Accept()
627 connChan <- connOrError{conn, err}
628 close(connChan)
629 }()
630 select {
631 case result := <-connChan:
632 return result.conn, result.err
633 case childErr := <-waitChan:
634 waitChan <- childErr
635 return nil, fmt.Errorf("child exited early: %s", childErr)
636 }
637}
638
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]639func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]640 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
641 panic("Error expected without shouldFail in " + test.name)
642 }
643
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]644 if test.expectResumeRejected && !test.resumeSession {
645 panic("expectResumeRejected without resumeSession in " + test.name)
646 }
647
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]648 if test.testType != clientTest && test.expectedClientCertSignatureHash != 0 {
649 panic("expectedClientCertSignatureHash non-zero with serverTest in " + test.name)
650 }
651
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]652 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
653 if err != nil {
654 panic(err)
655 }
656 defer func() {
657 if listener != nil {
658 listener.Close()
659 }
660 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]661
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]662 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]663 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]664 flags = append(flags, "-server")
665
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]666 flags = append(flags, "-key-file")
667 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]668 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]669 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]670 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]671 }
672
673 flags = append(flags, "-cert-file")
674 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]675 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]676 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]677 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]678 }
679 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]680
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]681 if test.digestPrefs != "" {
682 flags = append(flags, "-digest-prefs")
683 flags = append(flags, test.digestPrefs)
684 }
685
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]686 if test.protocol == dtls {
687 flags = append(flags, "-dtls")
688 }
689
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]690 if test.resumeSession {
691 flags = append(flags, "-resume")
692 }
693
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]694 if test.shimWritesFirst {
695 flags = append(flags, "-shim-writes-first")
696 }
697
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]698 if test.shimShutsDown {
699 flags = append(flags, "-shim-shuts-down")
700 }
701
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]702 if test.exportKeyingMaterial > 0 {
703 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
704 flags = append(flags, "-export-label", test.exportLabel)
705 flags = append(flags, "-export-context", test.exportContext)
706 if test.useExportContext {
707 flags = append(flags, "-use-export-context")
708 }
709 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]710 if test.expectResumeRejected {
711 flags = append(flags, "-expect-session-miss")
712 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]713
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]714 if test.testTLSUnique {
715 flags = append(flags, "-tls-unique")
716 }
717
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]718 flags = append(flags, test.flags...)
719
720 var shim *exec.Cmd
721 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]722 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]723 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]724 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]725 } else if *useLLDB {
726 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]727 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]728 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]729 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]730 shim.Stdin = os.Stdin
731 var stdoutBuf, stderrBuf bytes.Buffer
732 shim.Stdout = &stdoutBuf
733 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]734 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]735 shim.Env = os.Environ()
736 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]737 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]738 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]739 }
740 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
741 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]742
743 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]744 panic(err)
745 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]746 waitChan := make(chan error, 1)
747 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]748
749 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]750 if !test.noSessionCache {
751 config.ClientSessionCache = NewLRUClientSessionCache(1)
752 config.ServerSessionCache = NewLRUServerSessionCache(1)
753 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]754 if test.testType == clientTest {
755 if len(config.Certificates) == 0 {
756 config.Certificates = []Certificate{getRSACertificate()}
757 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]758 } else {
759 // Supply a ServerName to ensure a constant session cache key,
760 // rather than falling back to net.Conn.RemoteAddr.
761 if len(config.ServerName) == 0 {
762 config.ServerName = "test"
763 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]764 }
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]765 if *fuzzer {
766 config.Bugs.NullAllCiphers = true
767 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]768
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]769 conn, err := acceptOrWait(listener, waitChan)
770 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]771 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]772 conn.Close()
773 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]774
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]775 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]776 var resumeConfig Config
777 if test.resumeConfig != nil {
778 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]779 if len(resumeConfig.ServerName) == 0 {
780 resumeConfig.ServerName = config.ServerName
781 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]782 if len(resumeConfig.Certificates) == 0 {
783 resumeConfig.Certificates = []Certificate{getRSACertificate()}
784 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]785 if test.newSessionsOnResume {
786 if !test.noSessionCache {
787 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
788 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
789 }
790 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]791 resumeConfig.SessionTicketKey = config.SessionTicketKey
792 resumeConfig.ClientSessionCache = config.ClientSessionCache
793 resumeConfig.ServerSessionCache = config.ServerSessionCache
794 }
David Benjaminf2b83632016-03-01 22:57:46 -0500[diff] [blame]795 if *fuzzer {
796 resumeConfig.Bugs.NullAllCiphers = true
797 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]798 } else {
799 resumeConfig = config
800 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]801 var connResume net.Conn
802 connResume, err = acceptOrWait(listener, waitChan)
803 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]804 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]805 connResume.Close()
806 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]807 }
808
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]809 // Close the listener now. This is to avoid hangs should the shim try to
810 // open more connections than expected.
811 listener.Close()
812 listener = nil
813
814 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]815 if exitError, ok := childErr.(*exec.ExitError); ok {
816 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
817 return errMoreMallocs
818 }
819 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]820
David Benjamin9bea3492016-03-02 10:59:16 -0500[diff] [blame]821 // Account for Windows line endings.
822 stdout := strings.Replace(string(stdoutBuf.Bytes()), "\r\n", "\n", -1)
823 stderr := strings.Replace(string(stderrBuf.Bytes()), "\r\n", "\n", -1)
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]824
825 // Separate the errors from the shim and those from tools like
826 // AddressSanitizer.
827 var extraStderr string
828 if stderrParts := strings.SplitN(stderr, "--- DONE ---\n", 2); len(stderrParts) == 2 {
829 stderr = stderrParts[0]
830 extraStderr = stderrParts[1]
831 }
832
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]833 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]834 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]835 localError := "none"
836 if err != nil {
837 localError = err.Error()
838 }
839 if len(test.expectedLocalError) != 0 {
840 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
841 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]842
843 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]844 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]845 if childErr != nil {
846 childError = childErr.Error()
847 }
848
849 var msg string
850 switch {
851 case failed && !test.shouldFail:
852 msg = "unexpected failure"
853 case !failed && test.shouldFail:
854 msg = "unexpected success"
855 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]856 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]857 default:
858 panic("internal error")
859 }
860
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]861 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]862 }
863
David Benjaminff3a1492016-03-02 10:12:06 -0500[diff] [blame]864 if !*useValgrind && (len(extraStderr) > 0 || (!failed && len(stderr) > 0)) {
865 return fmt.Errorf("unexpected error output:\n%s\n%s", stderr, extraStderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]866 }
867
868 return nil
869}
870
871var tlsVersions = []struct {
872 name string
873 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]874 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]875 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]876}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]877 {"SSL3", VersionSSL30, "-no-ssl3", false},
878 {"TLS1", VersionTLS10, "-no-tls1", true},
879 {"TLS11", VersionTLS11, "-no-tls11", false},
880 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]881}
882
883var testCipherSuites = []struct {
884 name string
885 id uint16
886}{
887 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]888 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]889 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]890 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]891 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]892 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]893 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]894 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
895 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]896 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]897 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
898 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]899 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]900 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
901 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]902 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
903 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]904 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]905 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]906 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]907 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]908 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]909 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]910 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]911 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]912 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]913 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]914 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]915 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]916 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]917 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]918 {"CECPQ1-RSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256},
919 {"CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256", TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
920 {"CECPQ1-RSA-AES256-GCM-SHA384", TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
921 {"CECPQ1-ECDSA-AES256-GCM-SHA384", TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]922 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
923 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]924 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
925 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]926 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
Steven Valdez3084e7b2016-06-02 12:07:20 -0400[diff] [blame]927 {"ECDHE-PSK-AES128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256},
928 {"ECDHE-PSK-AES256-GCM-SHA384", TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]929 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]930 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]931 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]932 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]933}
934
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]935func hasComponent(suiteName, component string) bool {
936 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
937}
938
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]939func isTLSOnly(suiteName string) bool {
940 // BoringSSL doesn't support ECDHE without a curves extension, and
941 // SSLv3 doesn't contain extensions.
942 return hasComponent(suiteName, "ECDHE") || isTLS12Only(suiteName)
943}
944
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]945func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]946 return hasComponent(suiteName, "GCM") ||
947 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]948 hasComponent(suiteName, "SHA384") ||
949 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]950}
951
952func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]953 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]954}
955
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]956func bigFromHex(hex string) *big.Int {
957 ret, ok := new(big.Int).SetString(hex, 16)
958 if !ok {
959 panic("failed to parse hex number 0x" + hex)
960 }
961 return ret
962}
963
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]964func addBasicTests() {
965 basicTests := []testCase{
966 {
967 name: "BadRSASignature",
968 config: Config{
969 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
970 Bugs: ProtocolBugs{
971 InvalidSKXSignature: true,
972 },
973 },
974 shouldFail: true,
975 expectedError: ":BAD_SIGNATURE:",
976 },
977 {
978 name: "BadECDSASignature",
979 config: Config{
980 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
981 Bugs: ProtocolBugs{
982 InvalidSKXSignature: true,
983 },
984 Certificates: []Certificate{getECDSACertificate()},
985 },
986 shouldFail: true,
987 expectedError: ":BAD_SIGNATURE:",
988 },
989 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]990 testType: serverTest,
991 name: "BadRSASignature-ClientAuth",
992 config: Config{
993 Bugs: ProtocolBugs{
994 InvalidCertVerifySignature: true,
995 },
996 Certificates: []Certificate{getRSACertificate()},
997 },
998 shouldFail: true,
999 expectedError: ":BAD_SIGNATURE:",
1000 flags: []string{"-require-any-client-certificate"},
1001 },
1002 {
1003 testType: serverTest,
1004 name: "BadECDSASignature-ClientAuth",
1005 config: Config{
1006 Bugs: ProtocolBugs{
1007 InvalidCertVerifySignature: true,
1008 },
1009 Certificates: []Certificate{getECDSACertificate()},
1010 },
1011 shouldFail: true,
1012 expectedError: ":BAD_SIGNATURE:",
1013 flags: []string{"-require-any-client-certificate"},
1014 },
1015 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1016 name: "BadECDSACurve",
1017 config: Config{
1018 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1019 Bugs: ProtocolBugs{
1020 InvalidSKXCurve: true,
1021 },
1022 Certificates: []Certificate{getECDSACertificate()},
1023 },
1024 shouldFail: true,
1025 expectedError: ":WRONG_CURVE:",
1026 },
1027 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1028 name: "NoFallbackSCSV",
1029 config: Config{
1030 Bugs: ProtocolBugs{
1031 FailIfNotFallbackSCSV: true,
1032 },
1033 },
1034 shouldFail: true,
1035 expectedLocalError: "no fallback SCSV found",
1036 },
1037 {
1038 name: "SendFallbackSCSV",
1039 config: Config{
1040 Bugs: ProtocolBugs{
1041 FailIfNotFallbackSCSV: true,
1042 },
1043 },
1044 flags: []string{"-fallback-scsv"},
1045 },
1046 {
1047 name: "ClientCertificateTypes",
1048 config: Config{
1049 ClientAuth: RequestClientCert,
1050 ClientCertificateTypes: []byte{
1051 CertTypeDSSSign,
1052 CertTypeRSASign,
1053 CertTypeECDSASign,
1054 },
1055 },
1056 flags: []string{
1057 "-expect-certificate-types",
1058 base64.StdEncoding.EncodeToString([]byte{
1059 CertTypeDSSSign,
1060 CertTypeRSASign,
1061 CertTypeECDSASign,
1062 }),
1063 },
1064 },
1065 {
1066 name: "NoClientCertificate",
1067 config: Config{
1068 ClientAuth: RequireAnyClientCert,
1069 },
1070 shouldFail: true,
1071 expectedLocalError: "client didn't provide a certificate",
1072 },
1073 {
1074 name: "UnauthenticatedECDH",
1075 config: Config{
1076 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1077 Bugs: ProtocolBugs{
1078 UnauthenticatedECDH: true,
1079 },
1080 },
1081 shouldFail: true,
1082 expectedError: ":UNEXPECTED_MESSAGE:",
1083 },
1084 {
1085 name: "SkipCertificateStatus",
1086 config: Config{
1087 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1088 Bugs: ProtocolBugs{
1089 SkipCertificateStatus: true,
1090 },
1091 },
1092 flags: []string{
1093 "-enable-ocsp-stapling",
1094 },
1095 },
1096 {
1097 name: "SkipServerKeyExchange",
1098 config: Config{
1099 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1100 Bugs: ProtocolBugs{
1101 SkipServerKeyExchange: true,
1102 },
1103 },
1104 shouldFail: true,
1105 expectedError: ":UNEXPECTED_MESSAGE:",
1106 },
1107 {
1108 name: "SkipChangeCipherSpec-Client",
1109 config: Config{
1110 Bugs: ProtocolBugs{
1111 SkipChangeCipherSpec: true,
1112 },
1113 },
1114 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1115 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1116 },
1117 {
1118 testType: serverTest,
1119 name: "SkipChangeCipherSpec-Server",
1120 config: Config{
1121 Bugs: ProtocolBugs{
1122 SkipChangeCipherSpec: true,
1123 },
1124 },
1125 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1126 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1127 },
1128 {
1129 testType: serverTest,
1130 name: "SkipChangeCipherSpec-Server-NPN",
1131 config: Config{
1132 NextProtos: []string{"bar"},
1133 Bugs: ProtocolBugs{
1134 SkipChangeCipherSpec: true,
1135 },
1136 },
1137 flags: []string{
1138 "-advertise-npn", "\x03foo\x03bar\x03baz",
1139 },
1140 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1141 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1142 },
1143 {
1144 name: "FragmentAcrossChangeCipherSpec-Client",
1145 config: Config{
1146 Bugs: ProtocolBugs{
1147 FragmentAcrossChangeCipherSpec: true,
1148 },
1149 },
1150 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1151 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1152 },
1153 {
1154 testType: serverTest,
1155 name: "FragmentAcrossChangeCipherSpec-Server",
1156 config: Config{
1157 Bugs: ProtocolBugs{
1158 FragmentAcrossChangeCipherSpec: true,
1159 },
1160 },
1161 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1162 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1163 },
1164 {
1165 testType: serverTest,
1166 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1167 config: Config{
1168 NextProtos: []string{"bar"},
1169 Bugs: ProtocolBugs{
1170 FragmentAcrossChangeCipherSpec: true,
1171 },
1172 },
1173 flags: []string{
1174 "-advertise-npn", "\x03foo\x03bar\x03baz",
1175 },
1176 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1177 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1178 },
1179 {
1180 testType: serverTest,
1181 name: "Alert",
1182 config: Config{
1183 Bugs: ProtocolBugs{
1184 SendSpuriousAlert: alertRecordOverflow,
1185 },
1186 },
1187 shouldFail: true,
1188 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1189 },
1190 {
1191 protocol: dtls,
1192 testType: serverTest,
1193 name: "Alert-DTLS",
1194 config: Config{
1195 Bugs: ProtocolBugs{
1196 SendSpuriousAlert: alertRecordOverflow,
1197 },
1198 },
1199 shouldFail: true,
1200 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1201 },
1202 {
1203 testType: serverTest,
1204 name: "FragmentAlert",
1205 config: Config{
1206 Bugs: ProtocolBugs{
1207 FragmentAlert: true,
1208 SendSpuriousAlert: alertRecordOverflow,
1209 },
1210 },
1211 shouldFail: true,
1212 expectedError: ":BAD_ALERT:",
1213 },
1214 {
1215 protocol: dtls,
1216 testType: serverTest,
1217 name: "FragmentAlert-DTLS",
1218 config: Config{
1219 Bugs: ProtocolBugs{
1220 FragmentAlert: true,
1221 SendSpuriousAlert: alertRecordOverflow,
1222 },
1223 },
1224 shouldFail: true,
1225 expectedError: ":BAD_ALERT:",
1226 },
1227 {
1228 testType: serverTest,
David Benjamin0d3a8c62016-03-11 22:25:18 -0500[diff] [blame]1229 name: "DoubleAlert",
1230 config: Config{
1231 Bugs: ProtocolBugs{
1232 DoubleAlert: true,
1233 SendSpuriousAlert: alertRecordOverflow,
1234 },
1235 },
1236 shouldFail: true,
1237 expectedError: ":BAD_ALERT:",
1238 },
1239 {
1240 protocol: dtls,
1241 testType: serverTest,
1242 name: "DoubleAlert-DTLS",
1243 config: Config{
1244 Bugs: ProtocolBugs{
1245 DoubleAlert: true,
1246 SendSpuriousAlert: alertRecordOverflow,
1247 },
1248 },
1249 shouldFail: true,
1250 expectedError: ":BAD_ALERT:",
1251 },
1252 {
1253 testType: serverTest,
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1254 name: "EarlyChangeCipherSpec-server-1",
1255 config: Config{
1256 Bugs: ProtocolBugs{
1257 EarlyChangeCipherSpec: 1,
1258 },
1259 },
1260 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1261 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1262 },
1263 {
1264 testType: serverTest,
1265 name: "EarlyChangeCipherSpec-server-2",
1266 config: Config{
1267 Bugs: ProtocolBugs{
1268 EarlyChangeCipherSpec: 2,
1269 },
1270 },
1271 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1272 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1273 },
1274 {
1275 name: "SkipNewSessionTicket",
1276 config: Config{
1277 Bugs: ProtocolBugs{
1278 SkipNewSessionTicket: true,
1279 },
1280 },
1281 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1282 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1283 },
1284 {
1285 testType: serverTest,
1286 name: "FallbackSCSV",
1287 config: Config{
1288 MaxVersion: VersionTLS11,
1289 Bugs: ProtocolBugs{
1290 SendFallbackSCSV: true,
1291 },
1292 },
1293 shouldFail: true,
1294 expectedError: ":INAPPROPRIATE_FALLBACK:",
1295 },
1296 {
1297 testType: serverTest,
1298 name: "FallbackSCSV-VersionMatch",
1299 config: Config{
1300 Bugs: ProtocolBugs{
1301 SendFallbackSCSV: true,
1302 },
1303 },
1304 },
1305 {
1306 testType: serverTest,
1307 name: "FragmentedClientVersion",
1308 config: Config{
1309 Bugs: ProtocolBugs{
1310 MaxHandshakeRecordLength: 1,
1311 FragmentClientVersion: true,
1312 },
1313 },
1314 expectedVersion: VersionTLS12,
1315 },
1316 {
1317 testType: serverTest,
1318 name: "MinorVersionTolerance",
1319 config: Config{
1320 Bugs: ProtocolBugs{
1321 SendClientVersion: 0x03ff,
1322 },
1323 },
1324 expectedVersion: VersionTLS12,
1325 },
1326 {
1327 testType: serverTest,
1328 name: "MajorVersionTolerance",
1329 config: Config{
1330 Bugs: ProtocolBugs{
1331 SendClientVersion: 0x0400,
1332 },
1333 },
1334 expectedVersion: VersionTLS12,
1335 },
1336 {
1337 testType: serverTest,
1338 name: "VersionTooLow",
1339 config: Config{
1340 Bugs: ProtocolBugs{
1341 SendClientVersion: 0x0200,
1342 },
1343 },
1344 shouldFail: true,
1345 expectedError: ":UNSUPPORTED_PROTOCOL:",
1346 },
1347 {
1348 testType: serverTest,
1349 name: "HttpGET",
1350 sendPrefix: "GET / HTTP/1.0\n",
1351 shouldFail: true,
1352 expectedError: ":HTTP_REQUEST:",
1353 },
1354 {
1355 testType: serverTest,
1356 name: "HttpPOST",
1357 sendPrefix: "POST / HTTP/1.0\n",
1358 shouldFail: true,
1359 expectedError: ":HTTP_REQUEST:",
1360 },
1361 {
1362 testType: serverTest,
1363 name: "HttpHEAD",
1364 sendPrefix: "HEAD / HTTP/1.0\n",
1365 shouldFail: true,
1366 expectedError: ":HTTP_REQUEST:",
1367 },
1368 {
1369 testType: serverTest,
1370 name: "HttpPUT",
1371 sendPrefix: "PUT / HTTP/1.0\n",
1372 shouldFail: true,
1373 expectedError: ":HTTP_REQUEST:",
1374 },
1375 {
1376 testType: serverTest,
1377 name: "HttpCONNECT",
1378 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1379 shouldFail: true,
1380 expectedError: ":HTTPS_PROXY_REQUEST:",
1381 },
1382 {
1383 testType: serverTest,
1384 name: "Garbage",
1385 sendPrefix: "blah",
1386 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1387 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1388 },
1389 {
1390 name: "SkipCipherVersionCheck",
1391 config: Config{
1392 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1393 MaxVersion: VersionTLS11,
1394 Bugs: ProtocolBugs{
1395 SkipCipherVersionCheck: true,
1396 },
1397 },
1398 shouldFail: true,
1399 expectedError: ":WRONG_CIPHER_RETURNED:",
1400 },
1401 {
1402 name: "RSAEphemeralKey",
1403 config: Config{
1404 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1405 Bugs: ProtocolBugs{
1406 RSAEphemeralKey: true,
1407 },
1408 },
1409 shouldFail: true,
1410 expectedError: ":UNEXPECTED_MESSAGE:",
1411 },
1412 {
1413 name: "DisableEverything",
Steven Valdez4f94b1c2016-05-24 12:31:07 -0400[diff] [blame]1414 flags: []string{"-no-tls13", "-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1415 shouldFail: true,
1416 expectedError: ":WRONG_SSL_VERSION:",
1417 },
1418 {
1419 protocol: dtls,
1420 name: "DisableEverything-DTLS",
1421 flags: []string{"-no-tls12", "-no-tls1"},
1422 shouldFail: true,
1423 expectedError: ":WRONG_SSL_VERSION:",
1424 },
1425 {
1426 name: "NoSharedCipher",
1427 config: Config{
1428 CipherSuites: []uint16{},
1429 },
1430 shouldFail: true,
1431 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1432 },
1433 {
1434 protocol: dtls,
1435 testType: serverTest,
1436 name: "MTU",
1437 config: Config{
1438 Bugs: ProtocolBugs{
1439 MaxPacketLength: 256,
1440 },
1441 },
1442 flags: []string{"-mtu", "256"},
1443 },
1444 {
1445 protocol: dtls,
1446 testType: serverTest,
1447 name: "MTUExceeded",
1448 config: Config{
1449 Bugs: ProtocolBugs{
1450 MaxPacketLength: 255,
1451 },
1452 },
1453 flags: []string{"-mtu", "256"},
1454 shouldFail: true,
1455 expectedLocalError: "dtls: exceeded maximum packet length",
1456 },
1457 {
1458 name: "CertMismatchRSA",
1459 config: Config{
1460 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1461 Certificates: []Certificate{getECDSACertificate()},
1462 Bugs: ProtocolBugs{
1463 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1464 },
1465 },
1466 shouldFail: true,
1467 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1468 },
1469 {
1470 name: "CertMismatchECDSA",
1471 config: Config{
1472 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1473 Certificates: []Certificate{getRSACertificate()},
1474 Bugs: ProtocolBugs{
1475 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1476 },
1477 },
1478 shouldFail: true,
1479 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1480 },
1481 {
1482 name: "EmptyCertificateList",
1483 config: Config{
1484 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1485 Bugs: ProtocolBugs{
1486 EmptyCertificateList: true,
1487 },
1488 },
1489 shouldFail: true,
1490 expectedError: ":DECODE_ERROR:",
1491 },
1492 {
1493 name: "TLSFatalBadPackets",
1494 damageFirstWrite: true,
1495 shouldFail: true,
1496 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1497 },
1498 {
1499 protocol: dtls,
1500 name: "DTLSIgnoreBadPackets",
1501 damageFirstWrite: true,
1502 },
1503 {
1504 protocol: dtls,
1505 name: "DTLSIgnoreBadPackets-Async",
1506 damageFirstWrite: true,
1507 flags: []string{"-async"},
1508 },
1509 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1510 name: "AppDataBeforeHandshake",
1511 config: Config{
1512 Bugs: ProtocolBugs{
1513 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1514 },
1515 },
1516 shouldFail: true,
1517 expectedError: ":UNEXPECTED_RECORD:",
1518 },
1519 {
1520 name: "AppDataBeforeHandshake-Empty",
1521 config: Config{
1522 Bugs: ProtocolBugs{
1523 AppDataBeforeHandshake: []byte{},
1524 },
1525 },
1526 shouldFail: true,
1527 expectedError: ":UNEXPECTED_RECORD:",
1528 },
1529 {
1530 protocol: dtls,
1531 name: "AppDataBeforeHandshake-DTLS",
1532 config: Config{
1533 Bugs: ProtocolBugs{
1534 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1535 },
1536 },
1537 shouldFail: true,
1538 expectedError: ":UNEXPECTED_RECORD:",
1539 },
1540 {
1541 protocol: dtls,
1542 name: "AppDataBeforeHandshake-DTLS-Empty",
1543 config: Config{
1544 Bugs: ProtocolBugs{
1545 AppDataBeforeHandshake: []byte{},
1546 },
1547 },
1548 shouldFail: true,
1549 expectedError: ":UNEXPECTED_RECORD:",
1550 },
1551 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1552 name: "AppDataAfterChangeCipherSpec",
1553 config: Config{
1554 Bugs: ProtocolBugs{
1555 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1556 },
1557 },
1558 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1559 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1560 },
1561 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1562 name: "AppDataAfterChangeCipherSpec-Empty",
1563 config: Config{
1564 Bugs: ProtocolBugs{
1565 AppDataAfterChangeCipherSpec: []byte{},
1566 },
1567 },
1568 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1569 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1570 },
1571 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1572 protocol: dtls,
1573 name: "AppDataAfterChangeCipherSpec-DTLS",
1574 config: Config{
1575 Bugs: ProtocolBugs{
1576 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1577 },
1578 },
1579 // BoringSSL's DTLS implementation will drop the out-of-order
1580 // application data.
1581 },
1582 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1583 protocol: dtls,
1584 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1585 config: Config{
1586 Bugs: ProtocolBugs{
1587 AppDataAfterChangeCipherSpec: []byte{},
1588 },
1589 },
1590 // BoringSSL's DTLS implementation will drop the out-of-order
1591 // application data.
1592 },
1593 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1594 name: "AlertAfterChangeCipherSpec",
1595 config: Config{
1596 Bugs: ProtocolBugs{
1597 AlertAfterChangeCipherSpec: alertRecordOverflow,
1598 },
1599 },
1600 shouldFail: true,
1601 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1602 },
1603 {
1604 protocol: dtls,
1605 name: "AlertAfterChangeCipherSpec-DTLS",
1606 config: Config{
1607 Bugs: ProtocolBugs{
1608 AlertAfterChangeCipherSpec: alertRecordOverflow,
1609 },
1610 },
1611 shouldFail: true,
1612 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1613 },
1614 {
1615 protocol: dtls,
1616 name: "ReorderHandshakeFragments-Small-DTLS",
1617 config: Config{
1618 Bugs: ProtocolBugs{
1619 ReorderHandshakeFragments: true,
1620 // Small enough that every handshake message is
1621 // fragmented.
1622 MaxHandshakeRecordLength: 2,
1623 },
1624 },
1625 },
1626 {
1627 protocol: dtls,
1628 name: "ReorderHandshakeFragments-Large-DTLS",
1629 config: Config{
1630 Bugs: ProtocolBugs{
1631 ReorderHandshakeFragments: true,
1632 // Large enough that no handshake message is
1633 // fragmented.
1634 MaxHandshakeRecordLength: 2048,
1635 },
1636 },
1637 },
1638 {
1639 protocol: dtls,
1640 name: "MixCompleteMessageWithFragments-DTLS",
1641 config: Config{
1642 Bugs: ProtocolBugs{
1643 ReorderHandshakeFragments: true,
1644 MixCompleteMessageWithFragments: true,
1645 MaxHandshakeRecordLength: 2,
1646 },
1647 },
1648 },
1649 {
1650 name: "SendInvalidRecordType",
1651 config: Config{
1652 Bugs: ProtocolBugs{
1653 SendInvalidRecordType: true,
1654 },
1655 },
1656 shouldFail: true,
1657 expectedError: ":UNEXPECTED_RECORD:",
1658 },
1659 {
1660 protocol: dtls,
1661 name: "SendInvalidRecordType-DTLS",
1662 config: Config{
1663 Bugs: ProtocolBugs{
1664 SendInvalidRecordType: true,
1665 },
1666 },
1667 shouldFail: true,
1668 expectedError: ":UNEXPECTED_RECORD:",
1669 },
1670 {
1671 name: "FalseStart-SkipServerSecondLeg",
1672 config: Config{
1673 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1674 NextProtos: []string{"foo"},
1675 Bugs: ProtocolBugs{
1676 SkipNewSessionTicket: true,
1677 SkipChangeCipherSpec: true,
1678 SkipFinished: true,
1679 ExpectFalseStart: true,
1680 },
1681 },
1682 flags: []string{
1683 "-false-start",
1684 "-handshake-never-done",
1685 "-advertise-alpn", "\x03foo",
1686 },
1687 shimWritesFirst: true,
1688 shouldFail: true,
1689 expectedError: ":UNEXPECTED_RECORD:",
1690 },
1691 {
1692 name: "FalseStart-SkipServerSecondLeg-Implicit",
1693 config: Config{
1694 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1695 NextProtos: []string{"foo"},
1696 Bugs: ProtocolBugs{
1697 SkipNewSessionTicket: true,
1698 SkipChangeCipherSpec: true,
1699 SkipFinished: true,
1700 },
1701 },
1702 flags: []string{
1703 "-implicit-handshake",
1704 "-false-start",
1705 "-handshake-never-done",
1706 "-advertise-alpn", "\x03foo",
1707 },
1708 shouldFail: true,
1709 expectedError: ":UNEXPECTED_RECORD:",
1710 },
1711 {
1712 testType: serverTest,
1713 name: "FailEarlyCallback",
1714 flags: []string{"-fail-early-callback"},
1715 shouldFail: true,
1716 expectedError: ":CONNECTION_REJECTED:",
1717 expectedLocalError: "remote error: access denied",
1718 },
1719 {
1720 name: "WrongMessageType",
1721 config: Config{
1722 Bugs: ProtocolBugs{
1723 WrongCertificateMessageType: true,
1724 },
1725 },
1726 shouldFail: true,
1727 expectedError: ":UNEXPECTED_MESSAGE:",
1728 expectedLocalError: "remote error: unexpected message",
1729 },
1730 {
1731 protocol: dtls,
1732 name: "WrongMessageType-DTLS",
1733 config: Config{
1734 Bugs: ProtocolBugs{
1735 WrongCertificateMessageType: true,
1736 },
1737 },
1738 shouldFail: true,
1739 expectedError: ":UNEXPECTED_MESSAGE:",
1740 expectedLocalError: "remote error: unexpected message",
1741 },
1742 {
1743 protocol: dtls,
1744 name: "FragmentMessageTypeMismatch-DTLS",
1745 config: Config{
1746 Bugs: ProtocolBugs{
1747 MaxHandshakeRecordLength: 2,
1748 FragmentMessageTypeMismatch: true,
1749 },
1750 },
1751 shouldFail: true,
1752 expectedError: ":FRAGMENT_MISMATCH:",
1753 },
1754 {
1755 protocol: dtls,
1756 name: "FragmentMessageLengthMismatch-DTLS",
1757 config: Config{
1758 Bugs: ProtocolBugs{
1759 MaxHandshakeRecordLength: 2,
1760 FragmentMessageLengthMismatch: true,
1761 },
1762 },
1763 shouldFail: true,
1764 expectedError: ":FRAGMENT_MISMATCH:",
1765 },
1766 {
1767 protocol: dtls,
1768 name: "SplitFragments-Header-DTLS",
1769 config: Config{
1770 Bugs: ProtocolBugs{
1771 SplitFragments: 2,
1772 },
1773 },
1774 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame^]1775 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1776 },
1777 {
1778 protocol: dtls,
1779 name: "SplitFragments-Boundary-DTLS",
1780 config: Config{
1781 Bugs: ProtocolBugs{
1782 SplitFragments: dtlsRecordHeaderLen,
1783 },
1784 },
1785 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame^]1786 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1787 },
1788 {
1789 protocol: dtls,
1790 name: "SplitFragments-Body-DTLS",
1791 config: Config{
1792 Bugs: ProtocolBugs{
1793 SplitFragments: dtlsRecordHeaderLen + 1,
1794 },
1795 },
1796 shouldFail: true,
David Benjaminc6604172016-06-02 16:38:35 -0400[diff] [blame^]1797 expectedError: ":BAD_HANDSHAKE_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1798 },
1799 {
1800 protocol: dtls,
1801 name: "SendEmptyFragments-DTLS",
1802 config: Config{
1803 Bugs: ProtocolBugs{
1804 SendEmptyFragments: true,
1805 },
1806 },
1807 },
1808 {
1809 name: "UnsupportedCipherSuite",
1810 config: Config{
1811 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1812 Bugs: ProtocolBugs{
1813 IgnorePeerCipherPreferences: true,
1814 },
1815 },
1816 flags: []string{"-cipher", "DEFAULT:!RC4"},
1817 shouldFail: true,
1818 expectedError: ":WRONG_CIPHER_RETURNED:",
1819 },
1820 {
1821 name: "UnsupportedCurve",
1822 config: Config{
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1823 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1824 CurvePreferences: []CurveID{CurveP256},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1825 Bugs: ProtocolBugs{
1826 IgnorePeerCurvePreferences: true,
1827 },
1828 },
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1829 flags: []string{"-p384-only"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1830 shouldFail: true,
1831 expectedError: ":WRONG_CURVE:",
1832 },
1833 {
David Benjaminbf82aed2016-03-01 22:57:40 -0500[diff] [blame]1834 name: "BadFinished-Client",
1835 config: Config{
1836 Bugs: ProtocolBugs{
1837 BadFinished: true,
1838 },
1839 },
1840 shouldFail: true,
1841 expectedError: ":DIGEST_CHECK_FAILED:",
1842 },
1843 {
1844 testType: serverTest,
1845 name: "BadFinished-Server",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1846 config: Config{
1847 Bugs: ProtocolBugs{
1848 BadFinished: true,
1849 },
1850 },
1851 shouldFail: true,
1852 expectedError: ":DIGEST_CHECK_FAILED:",
1853 },
1854 {
1855 name: "FalseStart-BadFinished",
1856 config: Config{
1857 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1858 NextProtos: []string{"foo"},
1859 Bugs: ProtocolBugs{
1860 BadFinished: true,
1861 ExpectFalseStart: true,
1862 },
1863 },
1864 flags: []string{
1865 "-false-start",
1866 "-handshake-never-done",
1867 "-advertise-alpn", "\x03foo",
1868 },
1869 shimWritesFirst: true,
1870 shouldFail: true,
1871 expectedError: ":DIGEST_CHECK_FAILED:",
1872 },
1873 {
1874 name: "NoFalseStart-NoALPN",
1875 config: Config{
1876 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1877 Bugs: ProtocolBugs{
1878 ExpectFalseStart: true,
1879 AlertBeforeFalseStartTest: alertAccessDenied,
1880 },
1881 },
1882 flags: []string{
1883 "-false-start",
1884 },
1885 shimWritesFirst: true,
1886 shouldFail: true,
1887 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1888 expectedLocalError: "tls: peer did not false start: EOF",
1889 },
1890 {
1891 name: "NoFalseStart-NoAEAD",
1892 config: Config{
1893 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1894 NextProtos: []string{"foo"},
1895 Bugs: ProtocolBugs{
1896 ExpectFalseStart: true,
1897 AlertBeforeFalseStartTest: alertAccessDenied,
1898 },
1899 },
1900 flags: []string{
1901 "-false-start",
1902 "-advertise-alpn", "\x03foo",
1903 },
1904 shimWritesFirst: true,
1905 shouldFail: true,
1906 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1907 expectedLocalError: "tls: peer did not false start: EOF",
1908 },
1909 {
1910 name: "NoFalseStart-RSA",
1911 config: Config{
1912 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1913 NextProtos: []string{"foo"},
1914 Bugs: ProtocolBugs{
1915 ExpectFalseStart: true,
1916 AlertBeforeFalseStartTest: alertAccessDenied,
1917 },
1918 },
1919 flags: []string{
1920 "-false-start",
1921 "-advertise-alpn", "\x03foo",
1922 },
1923 shimWritesFirst: true,
1924 shouldFail: true,
1925 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1926 expectedLocalError: "tls: peer did not false start: EOF",
1927 },
1928 {
1929 name: "NoFalseStart-DHE_RSA",
1930 config: Config{
1931 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1932 NextProtos: []string{"foo"},
1933 Bugs: ProtocolBugs{
1934 ExpectFalseStart: true,
1935 AlertBeforeFalseStartTest: alertAccessDenied,
1936 },
1937 },
1938 flags: []string{
1939 "-false-start",
1940 "-advertise-alpn", "\x03foo",
1941 },
1942 shimWritesFirst: true,
1943 shouldFail: true,
1944 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1945 expectedLocalError: "tls: peer did not false start: EOF",
1946 },
1947 {
1948 testType: serverTest,
1949 name: "NoSupportedCurves",
1950 config: Config{
1951 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1952 Bugs: ProtocolBugs{
1953 NoSupportedCurves: true,
1954 },
1955 },
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]1956 shouldFail: true,
1957 expectedError: ":NO_SHARED_CIPHER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1958 },
1959 {
1960 testType: serverTest,
1961 name: "NoCommonCurves",
1962 config: Config{
1963 CipherSuites: []uint16{
1964 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1965 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1966 },
1967 CurvePreferences: []CurveID{CurveP224},
1968 },
1969 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1970 },
1971 {
1972 protocol: dtls,
1973 name: "SendSplitAlert-Sync",
1974 config: Config{
1975 Bugs: ProtocolBugs{
1976 SendSplitAlert: true,
1977 },
1978 },
1979 },
1980 {
1981 protocol: dtls,
1982 name: "SendSplitAlert-Async",
1983 config: Config{
1984 Bugs: ProtocolBugs{
1985 SendSplitAlert: true,
1986 },
1987 },
1988 flags: []string{"-async"},
1989 },
1990 {
1991 protocol: dtls,
1992 name: "PackDTLSHandshake",
1993 config: Config{
1994 Bugs: ProtocolBugs{
1995 MaxHandshakeRecordLength: 2,
1996 PackHandshakeFragments: 20,
1997 PackHandshakeRecords: 200,
1998 },
1999 },
2000 },
2001 {
2002 testType: serverTest,
2003 protocol: dtls,
2004 name: "NoRC4-DTLS",
2005 config: Config{
2006 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
2007 Bugs: ProtocolBugs{
2008 EnableAllCiphersInDTLS: true,
2009 },
2010 },
2011 shouldFail: true,
2012 expectedError: ":NO_SHARED_CIPHER:",
2013 },
2014 {
2015 name: "SendEmptyRecords-Pass",
2016 sendEmptyRecords: 32,
2017 },
2018 {
2019 name: "SendEmptyRecords",
2020 sendEmptyRecords: 33,
2021 shouldFail: true,
2022 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2023 },
2024 {
2025 name: "SendEmptyRecords-Async",
2026 sendEmptyRecords: 33,
2027 flags: []string{"-async"},
2028 shouldFail: true,
2029 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
2030 },
2031 {
2032 name: "SendWarningAlerts-Pass",
2033 sendWarningAlerts: 4,
2034 },
2035 {
2036 protocol: dtls,
2037 name: "SendWarningAlerts-DTLS-Pass",
2038 sendWarningAlerts: 4,
2039 },
2040 {
2041 name: "SendWarningAlerts",
2042 sendWarningAlerts: 5,
2043 shouldFail: true,
2044 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2045 },
2046 {
2047 name: "SendWarningAlerts-Async",
2048 sendWarningAlerts: 5,
2049 flags: []string{"-async"},
2050 shouldFail: true,
2051 expectedError: ":TOO_MANY_WARNING_ALERTS:",
2052 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2053 {
2054 name: "EmptySessionID",
2055 config: Config{
2056 SessionTicketsDisabled: true,
2057 },
2058 noSessionCache: true,
2059 flags: []string{"-expect-no-session"},
2060 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]2061 {
2062 name: "Unclean-Shutdown",
2063 config: Config{
2064 Bugs: ProtocolBugs{
2065 NoCloseNotify: true,
2066 ExpectCloseNotify: true,
2067 },
2068 },
2069 shimShutsDown: true,
2070 flags: []string{"-check-close-notify"},
2071 shouldFail: true,
2072 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
2073 },
2074 {
2075 name: "Unclean-Shutdown-Ignored",
2076 config: Config{
2077 Bugs: ProtocolBugs{
2078 NoCloseNotify: true,
2079 },
2080 },
2081 shimShutsDown: true,
2082 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2083 {
David Benjaminfa214e42016-05-10 17:03:10 -0400[diff] [blame]2084 name: "Unclean-Shutdown-Alert",
2085 config: Config{
2086 Bugs: ProtocolBugs{
2087 SendAlertOnShutdown: alertDecompressionFailure,
2088 ExpectCloseNotify: true,
2089 },
2090 },
2091 shimShutsDown: true,
2092 flags: []string{"-check-close-notify"},
2093 shouldFail: true,
2094 expectedError: ":SSLV3_ALERT_DECOMPRESSION_FAILURE:",
2095 },
2096 {
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]2097 name: "LargePlaintext",
2098 config: Config{
2099 Bugs: ProtocolBugs{
2100 SendLargeRecords: true,
2101 },
2102 },
2103 messageLen: maxPlaintext + 1,
2104 shouldFail: true,
2105 expectedError: ":DATA_LENGTH_TOO_LONG:",
2106 },
2107 {
2108 protocol: dtls,
2109 name: "LargePlaintext-DTLS",
2110 config: Config{
2111 Bugs: ProtocolBugs{
2112 SendLargeRecords: true,
2113 },
2114 },
2115 messageLen: maxPlaintext + 1,
2116 shouldFail: true,
2117 expectedError: ":DATA_LENGTH_TOO_LONG:",
2118 },
2119 {
2120 name: "LargeCiphertext",
2121 config: Config{
2122 Bugs: ProtocolBugs{
2123 SendLargeRecords: true,
2124 },
2125 },
2126 messageLen: maxPlaintext * 2,
2127 shouldFail: true,
2128 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
2129 },
2130 {
2131 protocol: dtls,
2132 name: "LargeCiphertext-DTLS",
2133 config: Config{
2134 Bugs: ProtocolBugs{
2135 SendLargeRecords: true,
2136 },
2137 },
2138 messageLen: maxPlaintext * 2,
2139 // Unlike the other four cases, DTLS drops records which
2140 // are invalid before authentication, so the connection
2141 // does not fail.
2142 expectMessageDropped: true,
2143 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]2144 {
2145 name: "SendEmptySessionTicket",
2146 config: Config{
2147 Bugs: ProtocolBugs{
2148 SendEmptySessionTicket: true,
2149 FailIfSessionOffered: true,
2150 },
2151 },
2152 flags: []string{"-expect-no-session"},
2153 resumeSession: true,
2154 expectResumeRejected: true,
2155 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]2156 {
2157 name: "CheckLeafCurve",
2158 config: Config{
2159 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2160 Certificates: []Certificate{getECDSACertificate()},
2161 },
2162 flags: []string{"-p384-only"},
2163 shouldFail: true,
2164 expectedError: ":BAD_ECC_CERT:",
2165 },
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2166 {
2167 name: "BadChangeCipherSpec-1",
2168 config: Config{
2169 Bugs: ProtocolBugs{
2170 BadChangeCipherSpec: []byte{2},
2171 },
2172 },
2173 shouldFail: true,
2174 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2175 },
2176 {
2177 name: "BadChangeCipherSpec-2",
2178 config: Config{
2179 Bugs: ProtocolBugs{
2180 BadChangeCipherSpec: []byte{1, 1},
2181 },
2182 },
2183 shouldFail: true,
2184 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2185 },
2186 {
2187 protocol: dtls,
2188 name: "BadChangeCipherSpec-DTLS-1",
2189 config: Config{
2190 Bugs: ProtocolBugs{
2191 BadChangeCipherSpec: []byte{2},
2192 },
2193 },
2194 shouldFail: true,
2195 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2196 },
2197 {
2198 protocol: dtls,
2199 name: "BadChangeCipherSpec-DTLS-2",
2200 config: Config{
2201 Bugs: ProtocolBugs{
2202 BadChangeCipherSpec: []byte{1, 1},
2203 },
2204 },
2205 shouldFail: true,
2206 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2207 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2208 {
2209 name: "BadHelloRequest-1",
2210 renegotiate: 1,
2211 config: Config{
2212 Bugs: ProtocolBugs{
2213 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2214 },
2215 },
2216 flags: []string{
2217 "-renegotiate-freely",
2218 "-expect-total-renegotiations", "1",
2219 },
2220 shouldFail: true,
2221 expectedError: ":BAD_HELLO_REQUEST:",
2222 },
2223 {
2224 name: "BadHelloRequest-2",
2225 renegotiate: 1,
2226 config: Config{
2227 Bugs: ProtocolBugs{
2228 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2229 },
2230 },
2231 flags: []string{
2232 "-renegotiate-freely",
2233 "-expect-total-renegotiations", "1",
2234 },
2235 shouldFail: true,
2236 expectedError: ":BAD_HELLO_REQUEST:",
2237 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2238 {
2239 testType: serverTest,
2240 name: "SupportTicketsWithSessionID",
2241 config: Config{
2242 SessionTicketsDisabled: true,
2243 },
2244 resumeConfig: &Config{},
2245 resumeSession: true,
2246 },
David Benjamin2b07fa42016-03-02 00:23:57 -0500[diff] [blame]2247 {
2248 name: "InvalidECDHPoint-Client",
2249 config: Config{
2250 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2251 CurvePreferences: []CurveID{CurveP256},
2252 Bugs: ProtocolBugs{
2253 InvalidECDHPoint: true,
2254 },
2255 },
2256 shouldFail: true,
2257 expectedError: ":INVALID_ENCODING:",
2258 },
2259 {
2260 testType: serverTest,
2261 name: "InvalidECDHPoint-Server",
2262 config: Config{
2263 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2264 CurvePreferences: []CurveID{CurveP256},
2265 Bugs: ProtocolBugs{
2266 InvalidECDHPoint: true,
2267 },
2268 },
2269 shouldFail: true,
2270 expectedError: ":INVALID_ENCODING:",
2271 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2272 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2273 testCases = append(testCases, basicTests...)
2274}
2275
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2276func addCipherSuiteTests() {
2277 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2278 const psk = "12345"
2279 const pskIdentity = "luggage combo"
2280
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2281 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2282 var certFile string
2283 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2284 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2285 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2286 certFile = ecdsaCertificateFile
2287 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2288 } else {
2289 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2290 certFile = rsaCertificateFile
2291 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2292 }
2293
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2294 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2295 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2296 flags = append(flags,
2297 "-psk", psk,
2298 "-psk-identity", pskIdentity)
2299 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2300 if hasComponent(suite.name, "NULL") {
2301 // NULL ciphers must be explicitly enabled.
2302 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2303 }
Matt Braithwaite053931e2016-05-25 12:06:05 -0700[diff] [blame]2304 if hasComponent(suite.name, "CECPQ1") {
2305 // CECPQ1 ciphers must be explicitly enabled.
2306 flags = append(flags, "-cipher", "DEFAULT:kCECPQ1")
2307 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2308
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2309 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]2310 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2311 continue
2312 }
2313
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2314 shouldFail := isTLSOnly(suite.name) && ver.version == VersionSSL30
2315
2316 expectedError := ""
2317 if shouldFail {
2318 expectedError = ":NO_SHARED_CIPHER:"
2319 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2320
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2321 testCases = append(testCases, testCase{
2322 testType: serverTest,
2323 name: ver.name + "-" + suite.name + "-server",
2324 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2325 MinVersion: ver.version,
2326 MaxVersion: ver.version,
2327 CipherSuites: []uint16{suite.id},
2328 Certificates: []Certificate{cert},
2329 PreSharedKey: []byte(psk),
2330 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2331 },
2332 certFile: certFile,
2333 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2334 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2335 resumeSession: true,
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2336 shouldFail: shouldFail,
2337 expectedError: expectedError,
2338 })
2339
2340 if shouldFail {
2341 continue
2342 }
2343
2344 testCases = append(testCases, testCase{
2345 testType: clientTest,
2346 name: ver.name + "-" + suite.name + "-client",
2347 config: Config{
2348 MinVersion: ver.version,
2349 MaxVersion: ver.version,
2350 CipherSuites: []uint16{suite.id},
2351 Certificates: []Certificate{cert},
2352 PreSharedKey: []byte(psk),
2353 PreSharedKeyIdentity: pskIdentity,
2354 },
2355 flags: flags,
2356 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2357 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2358
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2359 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2360 testCases = append(testCases, testCase{
2361 testType: clientTest,
2362 protocol: dtls,
2363 name: "D" + ver.name + "-" + suite.name + "-client",
2364 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2365 MinVersion: ver.version,
2366 MaxVersion: ver.version,
2367 CipherSuites: []uint16{suite.id},
2368 Certificates: []Certificate{cert},
2369 PreSharedKey: []byte(psk),
2370 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2371 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2372 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2373 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2374 })
2375 testCases = append(testCases, testCase{
2376 testType: serverTest,
2377 protocol: dtls,
2378 name: "D" + ver.name + "-" + suite.name + "-server",
2379 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2380 MinVersion: ver.version,
2381 MaxVersion: ver.version,
2382 CipherSuites: []uint16{suite.id},
2383 Certificates: []Certificate{cert},
2384 PreSharedKey: []byte(psk),
2385 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2386 },
2387 certFile: certFile,
2388 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2389 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2390 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2391 })
2392 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2393 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2394
2395 // Ensure both TLS and DTLS accept their maximum record sizes.
2396 testCases = append(testCases, testCase{
2397 name: suite.name + "-LargeRecord",
2398 config: Config{
2399 CipherSuites: []uint16{suite.id},
2400 Certificates: []Certificate{cert},
2401 PreSharedKey: []byte(psk),
2402 PreSharedKeyIdentity: pskIdentity,
2403 },
2404 flags: flags,
2405 messageLen: maxPlaintext,
2406 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2407 if isDTLSCipher(suite.name) {
2408 testCases = append(testCases, testCase{
2409 protocol: dtls,
2410 name: suite.name + "-LargeRecord-DTLS",
2411 config: Config{
2412 CipherSuites: []uint16{suite.id},
2413 Certificates: []Certificate{cert},
2414 PreSharedKey: []byte(psk),
2415 PreSharedKeyIdentity: pskIdentity,
2416 },
2417 flags: flags,
2418 messageLen: maxPlaintext,
2419 })
2420 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2421 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2422
2423 testCases = append(testCases, testCase{
2424 name: "WeakDH",
2425 config: Config{
2426 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2427 Bugs: ProtocolBugs{
2428 // This is a 1023-bit prime number, generated
2429 // with:
2430 // openssl gendh 1023 | openssl asn1parse -i
2431 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2432 },
2433 },
2434 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2435 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2436 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2437
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2438 testCases = append(testCases, testCase{
2439 name: "SillyDH",
2440 config: Config{
2441 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2442 Bugs: ProtocolBugs{
2443 // This is a 4097-bit prime number, generated
2444 // with:
2445 // openssl gendh 4097 | openssl asn1parse -i
2446 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2447 },
2448 },
2449 shouldFail: true,
2450 expectedError: ":DH_P_TOO_LONG:",
2451 })
2452
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2453 // This test ensures that Diffie-Hellman public values are padded with
2454 // zeros so that they're the same length as the prime. This is to avoid
2455 // hitting a bug in yaSSL.
2456 testCases = append(testCases, testCase{
2457 testType: serverTest,
2458 name: "DHPublicValuePadded",
2459 config: Config{
2460 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2461 Bugs: ProtocolBugs{
2462 RequireDHPublicValueLen: (1025 + 7) / 8,
2463 },
2464 },
2465 flags: []string{"-use-sparse-dh-prime"},
2466 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2467
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2468 // The server must be tolerant to bogus ciphers.
2469 const bogusCipher = 0x1234
2470 testCases = append(testCases, testCase{
2471 testType: serverTest,
2472 name: "UnknownCipher",
2473 config: Config{
2474 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2475 },
2476 })
2477
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2478 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2479 // 1.1 specific cipher suite settings. A server is setup with the given
2480 // cipher lists and then a connection is made for each member of
2481 // expectations. The cipher suite that the server selects must match
2482 // the specified one.
2483 var versionSpecificCiphersTest = []struct {
2484 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2485 // expectations is a map from TLS version to cipher suite id.
2486 expectations map[uint16]uint16
2487 }{
2488 {
2489 // Test that the null case (where no version-specific ciphers are set)
2490 // works as expected.
2491 "RC4-SHA:AES128-SHA", // default ciphers
2492 "", // no ciphers specifically for TLS ≥ 1.0
2493 "", // no ciphers specifically for TLS ≥ 1.1
2494 map[uint16]uint16{
2495 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2496 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2497 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2498 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2499 },
2500 },
2501 {
2502 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2503 // cipher.
2504 "RC4-SHA:AES128-SHA", // default
2505 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2506 "", // no ciphers specifically for TLS ≥ 1.1
2507 map[uint16]uint16{
2508 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2509 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2510 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2511 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2512 },
2513 },
2514 {
2515 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2516 // cipher.
2517 "RC4-SHA:AES128-SHA", // default
2518 "", // no ciphers specifically for TLS ≥ 1.0
2519 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2520 map[uint16]uint16{
2521 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2522 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2523 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2524 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2525 },
2526 },
2527 {
2528 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2529 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2530 "RC4-SHA:AES128-SHA", // default
2531 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2532 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2533 map[uint16]uint16{
2534 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2535 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2536 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2537 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2538 },
2539 },
2540 }
2541
2542 for i, test := range versionSpecificCiphersTest {
2543 for version, expectedCipherSuite := range test.expectations {
2544 flags := []string{"-cipher", test.ciphersDefault}
2545 if len(test.ciphersTLS10) > 0 {
2546 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2547 }
2548 if len(test.ciphersTLS11) > 0 {
2549 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2550 }
2551
2552 testCases = append(testCases, testCase{
2553 testType: serverTest,
2554 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2555 config: Config{
2556 MaxVersion: version,
2557 MinVersion: version,
2558 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2559 },
2560 flags: flags,
2561 expectedCipher: expectedCipherSuite,
2562 })
2563 }
2564 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2565}
2566
2567func addBadECDSASignatureTests() {
2568 for badR := BadValue(1); badR < NumBadValues; badR++ {
2569 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2570 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2571 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2572 config: Config{
2573 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2574 Certificates: []Certificate{getECDSACertificate()},
2575 Bugs: ProtocolBugs{
2576 BadECDSAR: badR,
2577 BadECDSAS: badS,
2578 },
2579 },
2580 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2581 expectedError: ":BAD_SIGNATURE:",
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2582 })
2583 }
2584 }
2585}
2586
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2587func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2588 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2589 name: "MaxCBCPadding",
2590 config: Config{
2591 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2592 Bugs: ProtocolBugs{
2593 MaxPadding: true,
2594 },
2595 },
2596 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2597 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2598 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2599 name: "BadCBCPadding",
2600 config: Config{
2601 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2602 Bugs: ProtocolBugs{
2603 PaddingFirstByteBad: true,
2604 },
2605 },
2606 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2607 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2608 })
2609 // OpenSSL previously had an issue where the first byte of padding in
2610 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2611 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2612 name: "BadCBCPadding255",
2613 config: Config{
2614 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2615 Bugs: ProtocolBugs{
2616 MaxPadding: true,
2617 PaddingFirstByteBadIf255: true,
2618 },
2619 },
2620 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2621 shouldFail: true,
David Benjamin11d50f92016-03-10 15:55:45 -0500[diff] [blame]2622 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2623 })
2624}
2625
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2626func addCBCSplittingTests() {
2627 testCases = append(testCases, testCase{
2628 name: "CBCRecordSplitting",
2629 config: Config{
2630 MaxVersion: VersionTLS10,
2631 MinVersion: VersionTLS10,
2632 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2633 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2634 messageLen: -1, // read until EOF
2635 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2636 flags: []string{
2637 "-async",
2638 "-write-different-record-sizes",
2639 "-cbc-record-splitting",
2640 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2641 })
2642 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2643 name: "CBCRecordSplittingPartialWrite",
2644 config: Config{
2645 MaxVersion: VersionTLS10,
2646 MinVersion: VersionTLS10,
2647 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2648 },
2649 messageLen: -1, // read until EOF
2650 flags: []string{
2651 "-async",
2652 "-write-different-record-sizes",
2653 "-cbc-record-splitting",
2654 "-partial-write",
2655 },
2656 })
2657}
2658
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2659func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2660 // Add a dummy cert pool to stress certificate authority parsing.
2661 // TODO(davidben): Add tests that those values parse out correctly.
2662 certPool := x509.NewCertPool()
2663 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2664 if err != nil {
2665 panic(err)
2666 }
2667 certPool.AddCert(cert)
2668
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2669 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2670 testCases = append(testCases, testCase{
2671 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2672 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2673 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2674 MinVersion: ver.version,
2675 MaxVersion: ver.version,
2676 ClientAuth: RequireAnyClientCert,
2677 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2678 },
2679 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2680 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2681 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2682 },
2683 })
2684 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2685 testType: serverTest,
2686 name: ver.name + "-Server-ClientAuth-RSA",
2687 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2688 MinVersion: ver.version,
2689 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2690 Certificates: []Certificate{rsaCertificate},
2691 },
2692 flags: []string{"-require-any-client-certificate"},
2693 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2694 if ver.version != VersionSSL30 {
2695 testCases = append(testCases, testCase{
2696 testType: serverTest,
2697 name: ver.name + "-Server-ClientAuth-ECDSA",
2698 config: Config{
2699 MinVersion: ver.version,
2700 MaxVersion: ver.version,
2701 Certificates: []Certificate{ecdsaCertificate},
2702 },
2703 flags: []string{"-require-any-client-certificate"},
2704 })
2705 testCases = append(testCases, testCase{
2706 testType: clientTest,
2707 name: ver.name + "-Client-ClientAuth-ECDSA",
2708 config: Config{
2709 MinVersion: ver.version,
2710 MaxVersion: ver.version,
2711 ClientAuth: RequireAnyClientCert,
2712 ClientCAs: certPool,
2713 },
2714 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2715 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2716 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2717 },
2718 })
2719 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2720 }
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2721
2722 testCases = append(testCases, testCase{
2723 testType: serverTest,
2724 name: "RequireAnyClientCertificate",
2725 flags: []string{"-require-any-client-certificate"},
2726 shouldFail: true,
2727 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2728 })
2729
2730 testCases = append(testCases, testCase{
2731 testType: serverTest,
David Benjamindf28c3a2016-03-10 16:11:51 -0500[diff] [blame]2732 name: "RequireAnyClientCertificate-SSL3",
2733 config: Config{
2734 MaxVersion: VersionSSL30,
2735 },
2736 flags: []string{"-require-any-client-certificate"},
2737 shouldFail: true,
2738 expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
2739 })
2740
2741 testCases = append(testCases, testCase{
2742 testType: serverTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2743 name: "SkipClientCertificate",
2744 config: Config{
2745 Bugs: ProtocolBugs{
2746 SkipClientCertificate: true,
2747 },
2748 },
2749 // Setting SSL_VERIFY_PEER allows anonymous clients.
2750 flags: []string{"-verify-peer"},
2751 shouldFail: true,
David Benjamindf28c3a2016-03-10 16:11:51 -0500[diff] [blame]2752 expectedError: ":UNEXPECTED_MESSAGE:",
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2753 })
David Benjaminc032dfa2016-05-12 14:54:57 -0400[diff] [blame]2754
2755 // Client auth is only legal in certificate-based ciphers.
2756 testCases = append(testCases, testCase{
2757 testType: clientTest,
2758 name: "ClientAuth-PSK",
2759 config: Config{
2760 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2761 PreSharedKey: []byte("secret"),
2762 ClientAuth: RequireAnyClientCert,
2763 },
2764 flags: []string{
2765 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2766 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2767 "-psk", "secret",
2768 },
2769 shouldFail: true,
2770 expectedError: ":UNEXPECTED_MESSAGE:",
2771 })
2772 testCases = append(testCases, testCase{
2773 testType: clientTest,
2774 name: "ClientAuth-ECDHE_PSK",
2775 config: Config{
2776 CipherSuites: []uint16{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
2777 PreSharedKey: []byte("secret"),
2778 ClientAuth: RequireAnyClientCert,
2779 },
2780 flags: []string{
2781 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2782 "-key-file", path.Join(*resourceDir, rsaKeyFile),
2783 "-psk", "secret",
2784 },
2785 shouldFail: true,
2786 expectedError: ":UNEXPECTED_MESSAGE:",
2787 })
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2788}
2789
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2790func addExtendedMasterSecretTests() {
2791 const expectEMSFlag = "-expect-extended-master-secret"
2792
2793 for _, with := range []bool{false, true} {
2794 prefix := "No"
2795 var flags []string
2796 if with {
2797 prefix = ""
2798 flags = []string{expectEMSFlag}
2799 }
2800
2801 for _, isClient := range []bool{false, true} {
2802 suffix := "-Server"
2803 testType := serverTest
2804 if isClient {
2805 suffix = "-Client"
2806 testType = clientTest
2807 }
2808
2809 for _, ver := range tlsVersions {
2810 test := testCase{
2811 testType: testType,
2812 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2813 config: Config{
2814 MinVersion: ver.version,
2815 MaxVersion: ver.version,
2816 Bugs: ProtocolBugs{
2817 NoExtendedMasterSecret: !with,
2818 RequireExtendedMasterSecret: with,
2819 },
2820 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2821 flags: flags,
2822 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2823 }
2824 if test.shouldFail {
2825 test.expectedLocalError = "extended master secret required but not supported by peer"
2826 }
2827 testCases = append(testCases, test)
2828 }
2829 }
2830 }
2831
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2832 for _, isClient := range []bool{false, true} {
2833 for _, supportedInFirstConnection := range []bool{false, true} {
2834 for _, supportedInResumeConnection := range []bool{false, true} {
2835 boolToWord := func(b bool) string {
2836 if b {
2837 return "Yes"
2838 }
2839 return "No"
2840 }
2841 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2842 if isClient {
2843 suffix += "Client"
2844 } else {
2845 suffix += "Server"
2846 }
2847
2848 supportedConfig := Config{
2849 Bugs: ProtocolBugs{
2850 RequireExtendedMasterSecret: true,
2851 },
2852 }
2853
2854 noSupportConfig := Config{
2855 Bugs: ProtocolBugs{
2856 NoExtendedMasterSecret: true,
2857 },
2858 }
2859
2860 test := testCase{
2861 name: "ExtendedMasterSecret-" + suffix,
2862 resumeSession: true,
2863 }
2864
2865 if !isClient {
2866 test.testType = serverTest
2867 }
2868
2869 if supportedInFirstConnection {
2870 test.config = supportedConfig
2871 } else {
2872 test.config = noSupportConfig
2873 }
2874
2875 if supportedInResumeConnection {
2876 test.resumeConfig = &supportedConfig
2877 } else {
2878 test.resumeConfig = &noSupportConfig
2879 }
2880
2881 switch suffix {
2882 case "YesToYes-Client", "YesToYes-Server":
2883 // When a session is resumed, it should
2884 // still be aware that its master
2885 // secret was generated via EMS and
2886 // thus it's safe to use tls-unique.
2887 test.flags = []string{expectEMSFlag}
2888 case "NoToYes-Server":
2889 // If an original connection did not
2890 // contain EMS, but a resumption
2891 // handshake does, then a server should
2892 // not resume the session.
2893 test.expectResumeRejected = true
2894 case "YesToNo-Server":
2895 // Resuming an EMS session without the
2896 // EMS extension should cause the
2897 // server to abort the connection.
2898 test.shouldFail = true
2899 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2900 case "NoToYes-Client":
2901 // A client should abort a connection
2902 // where the server resumed a non-EMS
2903 // session but echoed the EMS
2904 // extension.
2905 test.shouldFail = true
2906 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2907 case "YesToNo-Client":
2908 // A client should abort a connection
2909 // where the server didn't echo EMS
2910 // when the session used it.
2911 test.shouldFail = true
2912 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2913 }
2914
2915 testCases = append(testCases, test)
2916 }
2917 }
2918 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2919}
2920
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2921// Adds tests that try to cover the range of the handshake state machine, under
2922// various conditions. Some of these are redundant with other tests, but they
2923// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2924func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2925 var tests []testCase
2926
2927 // Basic handshake, with resumption. Client and server,
2928 // session ID and session ticket.
2929 tests = append(tests, testCase{
2930 name: "Basic-Client",
2931 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2932 // Ensure session tickets are used, not session IDs.
2933 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2934 })
2935 tests = append(tests, testCase{
2936 name: "Basic-Client-RenewTicket",
2937 config: Config{
2938 Bugs: ProtocolBugs{
2939 RenewTicketOnResume: true,
2940 },
2941 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2942 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2943 resumeSession: true,
2944 })
2945 tests = append(tests, testCase{
2946 name: "Basic-Client-NoTicket",
2947 config: Config{
2948 SessionTicketsDisabled: true,
2949 },
2950 resumeSession: true,
2951 })
2952 tests = append(tests, testCase{
2953 name: "Basic-Client-Implicit",
2954 flags: []string{"-implicit-handshake"},
2955 resumeSession: true,
2956 })
2957 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2958 testType: serverTest,
2959 name: "Basic-Server",
2960 config: Config{
2961 Bugs: ProtocolBugs{
2962 RequireSessionTickets: true,
2963 },
2964 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2965 resumeSession: true,
2966 })
2967 tests = append(tests, testCase{
2968 testType: serverTest,
2969 name: "Basic-Server-NoTickets",
2970 config: Config{
2971 SessionTicketsDisabled: true,
2972 },
2973 resumeSession: true,
2974 })
2975 tests = append(tests, testCase{
2976 testType: serverTest,
2977 name: "Basic-Server-Implicit",
2978 flags: []string{"-implicit-handshake"},
2979 resumeSession: true,
2980 })
2981 tests = append(tests, testCase{
2982 testType: serverTest,
2983 name: "Basic-Server-EarlyCallback",
2984 flags: []string{"-use-early-callback"},
2985 resumeSession: true,
2986 })
2987
2988 // TLS client auth.
2989 tests = append(tests, testCase{
2990 testType: clientTest,
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2991 name: "ClientAuth-NoCertificate-Client",
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]2992 config: Config{
2993 ClientAuth: RequestClientCert,
2994 },
2995 })
2996 tests = append(tests, testCase{
David Benjamin0b7ca7d2016-03-10 15:44:22 -0500[diff] [blame]2997 testType: serverTest,
2998 name: "ClientAuth-NoCertificate-Server",
2999 // Setting SSL_VERIFY_PEER allows anonymous clients.
3000 flags: []string{"-verify-peer"},
3001 })
3002 if protocol == tls {
3003 tests = append(tests, testCase{
3004 testType: clientTest,
3005 name: "ClientAuth-NoCertificate-Client-SSL3",
3006 config: Config{
3007 MaxVersion: VersionSSL30,
3008 ClientAuth: RequestClientCert,
3009 },
3010 })
3011 tests = append(tests, testCase{
3012 testType: serverTest,
3013 name: "ClientAuth-NoCertificate-Server-SSL3",
3014 config: Config{
3015 MaxVersion: VersionSSL30,
3016 },
3017 // Setting SSL_VERIFY_PEER allows anonymous clients.
3018 flags: []string{"-verify-peer"},
3019 })
3020 }
3021 tests = append(tests, testCase{
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3022 testType: clientTest,
3023 name: "ClientAuth-NoCertificate-OldCallback",
3024 config: Config{
3025 ClientAuth: RequestClientCert,
3026 },
3027 flags: []string{"-use-old-client-cert-callback"},
3028 })
3029 tests = append(tests, testCase{
3030 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3031 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3032 config: Config{
3033 ClientAuth: RequireAnyClientCert,
3034 },
3035 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3036 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3037 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3038 },
3039 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3040 tests = append(tests, testCase{
3041 testType: clientTest,
3042 name: "ClientAuth-ECDSA-Client",
3043 config: Config{
3044 ClientAuth: RequireAnyClientCert,
3045 },
3046 flags: []string{
3047 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3048 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
3049 },
3050 })
David Benjaminacb6dcc2016-03-10 09:15:01 -0500[diff] [blame]3051 tests = append(tests, testCase{
3052 testType: clientTest,
3053 name: "ClientAuth-OldCallback",
3054 config: Config{
3055 ClientAuth: RequireAnyClientCert,
3056 },
3057 flags: []string{
3058 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3059 "-key-file", path.Join(*resourceDir, rsaKeyFile),
3060 "-use-old-client-cert-callback",
3061 },
3062 })
3063
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3064 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3065 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3066 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3067 testType: serverTest,
3068 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3069 config: Config{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3070 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3071 },
3072 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]3073 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3074 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3075 },
3076 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3077 tests = append(tests, testCase{
3078 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3079 name: "Basic-Server-ECDHE-RSA",
3080 config: Config{
3081 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3082 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3083 flags: []string{
3084 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
3085 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3086 },
3087 })
3088 tests = append(tests, testCase{
3089 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]3090 name: "Basic-Server-ECDHE-ECDSA",
3091 config: Config{
3092 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
3093 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3094 flags: []string{
3095 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
3096 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]3097 },
3098 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]3099 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3100 tests = append(tests, testCase{
3101 testType: serverTest,
3102 name: "ClientAuth-Server",
3103 config: Config{
3104 Certificates: []Certificate{rsaCertificate},
3105 },
3106 flags: []string{"-require-any-client-certificate"},
3107 })
3108
3109 // No session ticket support; server doesn't send NewSessionTicket.
3110 tests = append(tests, testCase{
3111 name: "SessionTicketsDisabled-Client",
3112 config: Config{
3113 SessionTicketsDisabled: true,
3114 },
3115 })
3116 tests = append(tests, testCase{
3117 testType: serverTest,
3118 name: "SessionTicketsDisabled-Server",
3119 config: Config{
3120 SessionTicketsDisabled: true,
3121 },
3122 })
3123
3124 // Skip ServerKeyExchange in PSK key exchange if there's no
3125 // identity hint.
3126 tests = append(tests, testCase{
3127 name: "EmptyPSKHint-Client",
3128 config: Config{
3129 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3130 PreSharedKey: []byte("secret"),
3131 },
3132 flags: []string{"-psk", "secret"},
3133 })
3134 tests = append(tests, testCase{
3135 testType: serverTest,
3136 name: "EmptyPSKHint-Server",
3137 config: Config{
3138 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
3139 PreSharedKey: []byte("secret"),
3140 },
3141 flags: []string{"-psk", "secret"},
3142 })
3143
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3144 tests = append(tests, testCase{
3145 testType: clientTest,
3146 name: "OCSPStapling-Client",
3147 flags: []string{
3148 "-enable-ocsp-stapling",
3149 "-expect-ocsp-response",
3150 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3151 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3152 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3153 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3154 })
3155
3156 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]3157 testType: serverTest,
3158 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3159 expectedOCSPResponse: testOCSPResponse,
3160 flags: []string{
3161 "-ocsp-response",
3162 base64.StdEncoding.EncodeToString(testOCSPResponse),
3163 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3164 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3165 })
3166
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]3167 tests = append(tests, testCase{
3168 testType: clientTest,
3169 name: "CertificateVerificationSucceed",
3170 flags: []string{
3171 "-verify-peer",
3172 },
3173 })
3174
3175 tests = append(tests, testCase{
3176 testType: clientTest,
3177 name: "CertificateVerificationFail",
3178 flags: []string{
3179 "-verify-fail",
3180 "-verify-peer",
3181 },
3182 shouldFail: true,
3183 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
3184 })
3185
3186 tests = append(tests, testCase{
3187 testType: clientTest,
3188 name: "CertificateVerificationSoftFail",
3189 flags: []string{
3190 "-verify-fail",
3191 "-expect-verify-result",
3192 },
3193 })
3194
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3195 if protocol == tls {
3196 tests = append(tests, testCase{
3197 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3198 renegotiate: 1,
3199 flags: []string{
3200 "-renegotiate-freely",
3201 "-expect-total-renegotiations", "1",
3202 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3203 })
3204 // NPN on client and server; results in post-handshake message.
3205 tests = append(tests, testCase{
3206 name: "NPN-Client",
3207 config: Config{
3208 NextProtos: []string{"foo"},
3209 },
3210 flags: []string{"-select-next-proto", "foo"},
3211 expectedNextProto: "foo",
3212 expectedNextProtoType: npn,
3213 })
3214 tests = append(tests, testCase{
3215 testType: serverTest,
3216 name: "NPN-Server",
3217 config: Config{
3218 NextProtos: []string{"bar"},
3219 },
3220 flags: []string{
3221 "-advertise-npn", "\x03foo\x03bar\x03baz",
3222 "-expect-next-proto", "bar",
3223 },
3224 expectedNextProto: "bar",
3225 expectedNextProtoType: npn,
3226 })
3227
3228 // TODO(davidben): Add tests for when False Start doesn't trigger.
3229
3230 // Client does False Start and negotiates NPN.
3231 tests = append(tests, testCase{
3232 name: "FalseStart",
3233 config: Config{
3234 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3235 NextProtos: []string{"foo"},
3236 Bugs: ProtocolBugs{
3237 ExpectFalseStart: true,
3238 },
3239 },
3240 flags: []string{
3241 "-false-start",
3242 "-select-next-proto", "foo",
3243 },
3244 shimWritesFirst: true,
3245 resumeSession: true,
3246 })
3247
3248 // Client does False Start and negotiates ALPN.
3249 tests = append(tests, testCase{
3250 name: "FalseStart-ALPN",
3251 config: Config{
3252 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3253 NextProtos: []string{"foo"},
3254 Bugs: ProtocolBugs{
3255 ExpectFalseStart: true,
3256 },
3257 },
3258 flags: []string{
3259 "-false-start",
3260 "-advertise-alpn", "\x03foo",
3261 },
3262 shimWritesFirst: true,
3263 resumeSession: true,
3264 })
3265
3266 // Client does False Start but doesn't explicitly call
3267 // SSL_connect.
3268 tests = append(tests, testCase{
3269 name: "FalseStart-Implicit",
3270 config: Config{
3271 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3272 NextProtos: []string{"foo"},
3273 },
3274 flags: []string{
3275 "-implicit-handshake",
3276 "-false-start",
3277 "-advertise-alpn", "\x03foo",
3278 },
3279 })
3280
3281 // False Start without session tickets.
3282 tests = append(tests, testCase{
3283 name: "FalseStart-SessionTicketsDisabled",
3284 config: Config{
3285 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3286 NextProtos: []string{"foo"},
3287 SessionTicketsDisabled: true,
3288 Bugs: ProtocolBugs{
3289 ExpectFalseStart: true,
3290 },
3291 },
3292 flags: []string{
3293 "-false-start",
3294 "-select-next-proto", "foo",
3295 },
3296 shimWritesFirst: true,
3297 })
3298
3299 // Server parses a V2ClientHello.
3300 tests = append(tests, testCase{
3301 testType: serverTest,
3302 name: "SendV2ClientHello",
3303 config: Config{
3304 // Choose a cipher suite that does not involve
3305 // elliptic curves, so no extensions are
3306 // involved.
3307 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3308 Bugs: ProtocolBugs{
3309 SendV2ClientHello: true,
3310 },
3311 },
3312 })
3313
3314 // Client sends a Channel ID.
3315 tests = append(tests, testCase{
3316 name: "ChannelID-Client",
3317 config: Config{
3318 RequestChannelID: true,
3319 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3320 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3321 resumeSession: true,
3322 expectChannelID: true,
3323 })
3324
3325 // Server accepts a Channel ID.
3326 tests = append(tests, testCase{
3327 testType: serverTest,
3328 name: "ChannelID-Server",
3329 config: Config{
3330 ChannelID: channelIDKey,
3331 },
3332 flags: []string{
3333 "-expect-channel-id",
3334 base64.StdEncoding.EncodeToString(channelIDBytes),
3335 },
3336 resumeSession: true,
3337 expectChannelID: true,
3338 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3339
3340 // Bidirectional shutdown with the runner initiating.
3341 tests = append(tests, testCase{
3342 name: "Shutdown-Runner",
3343 config: Config{
3344 Bugs: ProtocolBugs{
3345 ExpectCloseNotify: true,
3346 },
3347 },
3348 flags: []string{"-check-close-notify"},
3349 })
3350
3351 // Bidirectional shutdown with the shim initiating. The runner,
3352 // in the meantime, sends garbage before the close_notify which
3353 // the shim must ignore.
3354 tests = append(tests, testCase{
3355 name: "Shutdown-Shim",
3356 config: Config{
3357 Bugs: ProtocolBugs{
3358 ExpectCloseNotify: true,
3359 },
3360 },
3361 shimShutsDown: true,
3362 sendEmptyRecords: 1,
3363 sendWarningAlerts: 1,
3364 flags: []string{"-check-close-notify"},
3365 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3366 } else {
3367 tests = append(tests, testCase{
3368 name: "SkipHelloVerifyRequest",
3369 config: Config{
3370 Bugs: ProtocolBugs{
3371 SkipHelloVerifyRequest: true,
3372 },
3373 },
3374 })
3375 }
3376
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3377 for _, test := range tests {
3378 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3379 if protocol == dtls {
3380 test.name += "-DTLS"
3381 }
3382 if async {
3383 test.name += "-Async"
3384 test.flags = append(test.flags, "-async")
3385 } else {
3386 test.name += "-Sync"
3387 }
3388 if splitHandshake {
3389 test.name += "-SplitHandshakeRecords"
3390 test.config.Bugs.MaxHandshakeRecordLength = 1
3391 if protocol == dtls {
3392 test.config.Bugs.MaxPacketLength = 256
3393 test.flags = append(test.flags, "-mtu", "256")
3394 }
3395 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3396 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3397 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3398}
3399
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3400func addDDoSCallbackTests() {
3401 // DDoS callback.
3402
3403 for _, resume := range []bool{false, true} {
3404 suffix := "Resume"
3405 if resume {
3406 suffix = "No" + suffix
3407 }
3408
3409 testCases = append(testCases, testCase{
3410 testType: serverTest,
3411 name: "Server-DDoS-OK-" + suffix,
3412 flags: []string{"-install-ddos-callback"},
3413 resumeSession: resume,
3414 })
3415
3416 failFlag := "-fail-ddos-callback"
3417 if resume {
3418 failFlag = "-fail-second-ddos-callback"
3419 }
3420 testCases = append(testCases, testCase{
3421 testType: serverTest,
3422 name: "Server-DDoS-Reject-" + suffix,
3423 flags: []string{"-install-ddos-callback", failFlag},
3424 resumeSession: resume,
3425 shouldFail: true,
3426 expectedError: ":CONNECTION_REJECTED:",
3427 })
3428 }
3429}
3430
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3431func addVersionNegotiationTests() {
3432 for i, shimVers := range tlsVersions {
3433 // Assemble flags to disable all newer versions on the shim.
3434 var flags []string
3435 for _, vers := range tlsVersions[i+1:] {
3436 flags = append(flags, vers.flag)
3437 }
3438
3439 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3440 protocols := []protocol{tls}
3441 if runnerVers.hasDTLS && shimVers.hasDTLS {
3442 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3443 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3444 for _, protocol := range protocols {
3445 expectedVersion := shimVers.version
3446 if runnerVers.version < shimVers.version {
3447 expectedVersion = runnerVers.version
3448 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3449
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3450 suffix := shimVers.name + "-" + runnerVers.name
3451 if protocol == dtls {
3452 suffix += "-DTLS"
3453 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3454
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3455 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3456
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3457 clientVers := shimVers.version
3458 if clientVers > VersionTLS10 {
3459 clientVers = VersionTLS10
3460 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3461 testCases = append(testCases, testCase{
3462 protocol: protocol,
3463 testType: clientTest,
3464 name: "VersionNegotiation-Client-" + suffix,
3465 config: Config{
3466 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3467 Bugs: ProtocolBugs{
3468 ExpectInitialRecordVersion: clientVers,
3469 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3470 },
3471 flags: flags,
3472 expectedVersion: expectedVersion,
3473 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3474 testCases = append(testCases, testCase{
3475 protocol: protocol,
3476 testType: clientTest,
3477 name: "VersionNegotiation-Client2-" + suffix,
3478 config: Config{
3479 MaxVersion: runnerVers.version,
3480 Bugs: ProtocolBugs{
3481 ExpectInitialRecordVersion: clientVers,
3482 },
3483 },
3484 flags: []string{"-max-version", shimVersFlag},
3485 expectedVersion: expectedVersion,
3486 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3487
3488 testCases = append(testCases, testCase{
3489 protocol: protocol,
3490 testType: serverTest,
3491 name: "VersionNegotiation-Server-" + suffix,
3492 config: Config{
3493 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3494 Bugs: ProtocolBugs{
3495 ExpectInitialRecordVersion: expectedVersion,
3496 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3497 },
3498 flags: flags,
3499 expectedVersion: expectedVersion,
3500 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3501 testCases = append(testCases, testCase{
3502 protocol: protocol,
3503 testType: serverTest,
3504 name: "VersionNegotiation-Server2-" + suffix,
3505 config: Config{
3506 MaxVersion: runnerVers.version,
3507 Bugs: ProtocolBugs{
3508 ExpectInitialRecordVersion: expectedVersion,
3509 },
3510 },
3511 flags: []string{"-max-version", shimVersFlag},
3512 expectedVersion: expectedVersion,
3513 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3514 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3515 }
3516 }
3517}
3518
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3519func addMinimumVersionTests() {
3520 for i, shimVers := range tlsVersions {
3521 // Assemble flags to disable all older versions on the shim.
3522 var flags []string
3523 for _, vers := range tlsVersions[:i] {
3524 flags = append(flags, vers.flag)
3525 }
3526
3527 for _, runnerVers := range tlsVersions {
3528 protocols := []protocol{tls}
3529 if runnerVers.hasDTLS && shimVers.hasDTLS {
3530 protocols = append(protocols, dtls)
3531 }
3532 for _, protocol := range protocols {
3533 suffix := shimVers.name + "-" + runnerVers.name
3534 if protocol == dtls {
3535 suffix += "-DTLS"
3536 }
3537 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3538
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3539 var expectedVersion uint16
3540 var shouldFail bool
3541 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3542 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3543 if runnerVers.version >= shimVers.version {
3544 expectedVersion = runnerVers.version
3545 } else {
3546 shouldFail = true
3547 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamina565d292015-12-30 16:51:32 -0500[diff] [blame]3548 expectedLocalError = "remote error: protocol version not supported"
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3549 }
3550
3551 testCases = append(testCases, testCase{
3552 protocol: protocol,
3553 testType: clientTest,
3554 name: "MinimumVersion-Client-" + suffix,
3555 config: Config{
3556 MaxVersion: runnerVers.version,
3557 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3558 flags: flags,
3559 expectedVersion: expectedVersion,
3560 shouldFail: shouldFail,
3561 expectedError: expectedError,
3562 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3563 })
3564 testCases = append(testCases, testCase{
3565 protocol: protocol,
3566 testType: clientTest,
3567 name: "MinimumVersion-Client2-" + suffix,
3568 config: Config{
3569 MaxVersion: runnerVers.version,
3570 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3571 flags: []string{"-min-version", shimVersFlag},
3572 expectedVersion: expectedVersion,
3573 shouldFail: shouldFail,
3574 expectedError: expectedError,
3575 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3576 })
3577
3578 testCases = append(testCases, testCase{
3579 protocol: protocol,
3580 testType: serverTest,
3581 name: "MinimumVersion-Server-" + suffix,
3582 config: Config{
3583 MaxVersion: runnerVers.version,
3584 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3585 flags: flags,
3586 expectedVersion: expectedVersion,
3587 shouldFail: shouldFail,
3588 expectedError: expectedError,
3589 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3590 })
3591 testCases = append(testCases, testCase{
3592 protocol: protocol,
3593 testType: serverTest,
3594 name: "MinimumVersion-Server2-" + suffix,
3595 config: Config{
3596 MaxVersion: runnerVers.version,
3597 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3598 flags: []string{"-min-version", shimVersFlag},
3599 expectedVersion: expectedVersion,
3600 shouldFail: shouldFail,
3601 expectedError: expectedError,
3602 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3603 })
3604 }
3605 }
3606 }
3607}
3608
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3609func addExtensionTests() {
3610 testCases = append(testCases, testCase{
3611 testType: clientTest,
3612 name: "DuplicateExtensionClient",
3613 config: Config{
3614 Bugs: ProtocolBugs{
3615 DuplicateExtension: true,
3616 },
3617 },
3618 shouldFail: true,
3619 expectedLocalError: "remote error: error decoding message",
3620 })
3621 testCases = append(testCases, testCase{
3622 testType: serverTest,
3623 name: "DuplicateExtensionServer",
3624 config: Config{
3625 Bugs: ProtocolBugs{
3626 DuplicateExtension: true,
3627 },
3628 },
3629 shouldFail: true,
3630 expectedLocalError: "remote error: error decoding message",
3631 })
3632 testCases = append(testCases, testCase{
3633 testType: clientTest,
3634 name: "ServerNameExtensionClient",
3635 config: Config{
3636 Bugs: ProtocolBugs{
3637 ExpectServerName: "example.com",
3638 },
3639 },
3640 flags: []string{"-host-name", "example.com"},
3641 })
3642 testCases = append(testCases, testCase{
3643 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3644 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3645 config: Config{
3646 Bugs: ProtocolBugs{
3647 ExpectServerName: "mismatch.com",
3648 },
3649 },
3650 flags: []string{"-host-name", "example.com"},
3651 shouldFail: true,
3652 expectedLocalError: "tls: unexpected server name",
3653 })
3654 testCases = append(testCases, testCase{
3655 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3656 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3657 config: Config{
3658 Bugs: ProtocolBugs{
3659 ExpectServerName: "missing.com",
3660 },
3661 },
3662 shouldFail: true,
3663 expectedLocalError: "tls: unexpected server name",
3664 })
3665 testCases = append(testCases, testCase{
3666 testType: serverTest,
3667 name: "ServerNameExtensionServer",
3668 config: Config{
3669 ServerName: "example.com",
3670 },
3671 flags: []string{"-expect-server-name", "example.com"},
3672 resumeSession: true,
3673 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3674 testCases = append(testCases, testCase{
3675 testType: clientTest,
3676 name: "ALPNClient",
3677 config: Config{
3678 NextProtos: []string{"foo"},
3679 },
3680 flags: []string{
3681 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3682 "-expect-alpn", "foo",
3683 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3684 expectedNextProto: "foo",
3685 expectedNextProtoType: alpn,
3686 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3687 })
3688 testCases = append(testCases, testCase{
3689 testType: serverTest,
3690 name: "ALPNServer",
3691 config: Config{
3692 NextProtos: []string{"foo", "bar", "baz"},
3693 },
3694 flags: []string{
3695 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3696 "-select-alpn", "foo",
3697 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3698 expectedNextProto: "foo",
3699 expectedNextProtoType: alpn,
3700 resumeSession: true,
3701 })
David Benjamin594e7d22016-03-17 17:49:56 -0400[diff] [blame]3702 testCases = append(testCases, testCase{
3703 testType: serverTest,
3704 name: "ALPNServer-Decline",
3705 config: Config{
3706 NextProtos: []string{"foo", "bar", "baz"},
3707 },
3708 flags: []string{"-decline-alpn"},
3709 expectNoNextProto: true,
3710 resumeSession: true,
3711 })
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3712 // Test that the server prefers ALPN over NPN.
3713 testCases = append(testCases, testCase{
3714 testType: serverTest,
3715 name: "ALPNServer-Preferred",
3716 config: Config{
3717 NextProtos: []string{"foo", "bar", "baz"},
3718 },
3719 flags: []string{
3720 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3721 "-select-alpn", "foo",
3722 "-advertise-npn", "\x03foo\x03bar\x03baz",
3723 },
3724 expectedNextProto: "foo",
3725 expectedNextProtoType: alpn,
3726 resumeSession: true,
3727 })
3728 testCases = append(testCases, testCase{
3729 testType: serverTest,
3730 name: "ALPNServer-Preferred-Swapped",
3731 config: Config{
3732 NextProtos: []string{"foo", "bar", "baz"},
3733 Bugs: ProtocolBugs{
3734 SwapNPNAndALPN: true,
3735 },
3736 },
3737 flags: []string{
3738 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3739 "-select-alpn", "foo",
3740 "-advertise-npn", "\x03foo\x03bar\x03baz",
3741 },
3742 expectedNextProto: "foo",
3743 expectedNextProtoType: alpn,
3744 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3745 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3746 var emptyString string
3747 testCases = append(testCases, testCase{
3748 testType: clientTest,
3749 name: "ALPNClient-EmptyProtocolName",
3750 config: Config{
3751 NextProtos: []string{""},
3752 Bugs: ProtocolBugs{
3753 // A server returning an empty ALPN protocol
3754 // should be rejected.
3755 ALPNProtocol: &emptyString,
3756 },
3757 },
3758 flags: []string{
3759 "-advertise-alpn", "\x03foo",
3760 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3761 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3762 expectedError: ":PARSE_TLSEXT:",
3763 })
3764 testCases = append(testCases, testCase{
3765 testType: serverTest,
3766 name: "ALPNServer-EmptyProtocolName",
3767 config: Config{
3768 // A ClientHello containing an empty ALPN protocol
3769 // should be rejected.
3770 NextProtos: []string{"foo", "", "baz"},
3771 },
3772 flags: []string{
3773 "-select-alpn", "foo",
3774 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3775 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3776 expectedError: ":PARSE_TLSEXT:",
3777 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3778 // Test that negotiating both NPN and ALPN is forbidden.
3779 testCases = append(testCases, testCase{
3780 name: "NegotiateALPNAndNPN",
3781 config: Config{
3782 NextProtos: []string{"foo", "bar", "baz"},
3783 Bugs: ProtocolBugs{
3784 NegotiateALPNAndNPN: true,
3785 },
3786 },
3787 flags: []string{
3788 "-advertise-alpn", "\x03foo",
3789 "-select-next-proto", "foo",
3790 },
3791 shouldFail: true,
3792 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3793 })
3794 testCases = append(testCases, testCase{
3795 name: "NegotiateALPNAndNPN-Swapped",
3796 config: Config{
3797 NextProtos: []string{"foo", "bar", "baz"},
3798 Bugs: ProtocolBugs{
3799 NegotiateALPNAndNPN: true,
3800 SwapNPNAndALPN: true,
3801 },
3802 },
3803 flags: []string{
3804 "-advertise-alpn", "\x03foo",
3805 "-select-next-proto", "foo",
3806 },
3807 shouldFail: true,
3808 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3809 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3810 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3811 testCases = append(testCases, testCase{
3812 name: "DisableNPN",
3813 config: Config{
3814 NextProtos: []string{"foo"},
3815 },
3816 flags: []string{
3817 "-select-next-proto", "foo",
3818 "-disable-npn",
3819 },
3820 expectNoNextProto: true,
3821 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3822 // Resume with a corrupt ticket.
3823 testCases = append(testCases, testCase{
3824 testType: serverTest,
3825 name: "CorruptTicket",
3826 config: Config{
3827 Bugs: ProtocolBugs{
3828 CorruptTicket: true,
3829 },
3830 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3831 resumeSession: true,
3832 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3833 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3834 // Test the ticket callback, with and without renewal.
3835 testCases = append(testCases, testCase{
3836 testType: serverTest,
3837 name: "TicketCallback",
3838 resumeSession: true,
3839 flags: []string{"-use-ticket-callback"},
3840 })
3841 testCases = append(testCases, testCase{
3842 testType: serverTest,
3843 name: "TicketCallback-Renew",
3844 config: Config{
3845 Bugs: ProtocolBugs{
3846 ExpectNewTicket: true,
3847 },
3848 },
3849 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3850 resumeSession: true,
3851 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3852 // Resume with an oversized session id.
3853 testCases = append(testCases, testCase{
3854 testType: serverTest,
3855 name: "OversizedSessionId",
3856 config: Config{
3857 Bugs: ProtocolBugs{
3858 OversizedSessionId: true,
3859 },
3860 },
3861 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3862 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3863 expectedError: ":DECODE_ERROR:",
3864 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3865 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3866 // are ignored.
3867 testCases = append(testCases, testCase{
3868 protocol: dtls,
3869 name: "SRTP-Client",
3870 config: Config{
3871 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3872 },
3873 flags: []string{
3874 "-srtp-profiles",
3875 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3876 },
3877 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3878 })
3879 testCases = append(testCases, testCase{
3880 protocol: dtls,
3881 testType: serverTest,
3882 name: "SRTP-Server",
3883 config: Config{
3884 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3885 },
3886 flags: []string{
3887 "-srtp-profiles",
3888 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3889 },
3890 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3891 })
3892 // Test that the MKI is ignored.
3893 testCases = append(testCases, testCase{
3894 protocol: dtls,
3895 testType: serverTest,
3896 name: "SRTP-Server-IgnoreMKI",
3897 config: Config{
3898 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3899 Bugs: ProtocolBugs{
3900 SRTPMasterKeyIdentifer: "bogus",
3901 },
3902 },
3903 flags: []string{
3904 "-srtp-profiles",
3905 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3906 },
3907 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3908 })
3909 // Test that SRTP isn't negotiated on the server if there were
3910 // no matching profiles.
3911 testCases = append(testCases, testCase{
3912 protocol: dtls,
3913 testType: serverTest,
3914 name: "SRTP-Server-NoMatch",
3915 config: Config{
3916 SRTPProtectionProfiles: []uint16{100, 101, 102},
3917 },
3918 flags: []string{
3919 "-srtp-profiles",
3920 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3921 },
3922 expectedSRTPProtectionProfile: 0,
3923 })
3924 // Test that the server returning an invalid SRTP profile is
3925 // flagged as an error by the client.
3926 testCases = append(testCases, testCase{
3927 protocol: dtls,
3928 name: "SRTP-Client-NoMatch",
3929 config: Config{
3930 Bugs: ProtocolBugs{
3931 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3932 },
3933 },
3934 flags: []string{
3935 "-srtp-profiles",
3936 "SRTP_AES128_CM_SHA1_80",
3937 },
3938 shouldFail: true,
3939 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3940 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3941 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3942 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3943 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3944 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3945 flags: []string{
3946 "-enable-signed-cert-timestamps",
3947 "-expect-signed-cert-timestamps",
3948 base64.StdEncoding.EncodeToString(testSCTList),
3949 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3950 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3951 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3952 testCases = append(testCases, testCase{
David Benjamin80d1b352016-05-04 19:19:06 -0400[diff] [blame]3953 name: "SendSCTListOnResume",
3954 config: Config{
3955 Bugs: ProtocolBugs{
3956 SendSCTListOnResume: []byte("bogus"),
3957 },
3958 },
3959 flags: []string{
3960 "-enable-signed-cert-timestamps",
3961 "-expect-signed-cert-timestamps",
3962 base64.StdEncoding.EncodeToString(testSCTList),
3963 },
3964 resumeSession: true,
3965 })
3966 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3967 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3968 testType: serverTest,
3969 flags: []string{
3970 "-signed-cert-timestamps",
3971 base64.StdEncoding.EncodeToString(testSCTList),
3972 },
3973 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3974 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3975 })
3976 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3977 testType: clientTest,
3978 name: "ClientHelloPadding",
3979 config: Config{
3980 Bugs: ProtocolBugs{
3981 RequireClientHelloSize: 512,
3982 },
3983 },
3984 // This hostname just needs to be long enough to push the
3985 // ClientHello into F5's danger zone between 256 and 511 bytes
3986 // long.
3987 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3988 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]3989
3990 // Extensions should not function in SSL 3.0.
3991 testCases = append(testCases, testCase{
3992 testType: serverTest,
3993 name: "SSLv3Extensions-NoALPN",
3994 config: Config{
3995 MaxVersion: VersionSSL30,
3996 NextProtos: []string{"foo", "bar", "baz"},
3997 },
3998 flags: []string{
3999 "-select-alpn", "foo",
4000 },
4001 expectNoNextProto: true,
4002 })
4003
4004 // Test session tickets separately as they follow a different codepath.
4005 testCases = append(testCases, testCase{
4006 testType: serverTest,
4007 name: "SSLv3Extensions-NoTickets",
4008 config: Config{
4009 MaxVersion: VersionSSL30,
4010 Bugs: ProtocolBugs{
4011 // Historically, session tickets in SSL 3.0
4012 // failed in different ways depending on whether
4013 // the client supported renegotiation_info.
4014 NoRenegotiationInfo: true,
4015 },
4016 },
4017 resumeSession: true,
4018 })
4019 testCases = append(testCases, testCase{
4020 testType: serverTest,
4021 name: "SSLv3Extensions-NoTickets2",
4022 config: Config{
4023 MaxVersion: VersionSSL30,
4024 },
4025 resumeSession: true,
4026 })
4027
4028 // But SSL 3.0 does send and process renegotiation_info.
4029 testCases = append(testCases, testCase{
4030 testType: serverTest,
4031 name: "SSLv3Extensions-RenegotiationInfo",
4032 config: Config{
4033 MaxVersion: VersionSSL30,
4034 Bugs: ProtocolBugs{
4035 RequireRenegotiationInfo: true,
4036 },
4037 },
4038 })
4039 testCases = append(testCases, testCase{
4040 testType: serverTest,
4041 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
4042 config: Config{
4043 MaxVersion: VersionSSL30,
4044 Bugs: ProtocolBugs{
4045 NoRenegotiationInfo: true,
4046 SendRenegotiationSCSV: true,
4047 RequireRenegotiationInfo: true,
4048 },
4049 },
4050 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4051}
4052
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4053func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4054 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4055 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4056 protocols := []protocol{tls}
4057 if sessionVers.hasDTLS && resumeVers.hasDTLS {
4058 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]4059 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4060 for _, protocol := range protocols {
4061 suffix := "-" + sessionVers.name + "-" + resumeVers.name
4062 if protocol == dtls {
4063 suffix += "-DTLS"
4064 }
4065
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4066 if sessionVers.version == resumeVers.version {
4067 testCases = append(testCases, testCase{
4068 protocol: protocol,
4069 name: "Resume-Client" + suffix,
4070 resumeSession: true,
4071 config: Config{
4072 MaxVersion: sessionVers.version,
4073 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4074 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4075 expectedVersion: sessionVers.version,
4076 expectedResumeVersion: resumeVers.version,
4077 })
4078 } else {
4079 testCases = append(testCases, testCase{
4080 protocol: protocol,
4081 name: "Resume-Client-Mismatch" + suffix,
4082 resumeSession: true,
4083 config: Config{
4084 MaxVersion: sessionVers.version,
4085 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4086 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4087 expectedVersion: sessionVers.version,
4088 resumeConfig: &Config{
4089 MaxVersion: resumeVers.version,
4090 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4091 Bugs: ProtocolBugs{
4092 AllowSessionVersionMismatch: true,
4093 },
4094 },
4095 expectedResumeVersion: resumeVers.version,
4096 shouldFail: true,
4097 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
4098 })
4099 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4100
4101 testCases = append(testCases, testCase{
4102 protocol: protocol,
4103 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4104 resumeSession: true,
4105 config: Config{
4106 MaxVersion: sessionVers.version,
4107 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4108 },
4109 expectedVersion: sessionVers.version,
4110 resumeConfig: &Config{
4111 MaxVersion: resumeVers.version,
4112 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4113 },
4114 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]4115 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4116 expectedResumeVersion: resumeVers.version,
4117 })
4118
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4119 testCases = append(testCases, testCase{
4120 protocol: protocol,
4121 testType: serverTest,
4122 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4123 resumeSession: true,
4124 config: Config{
4125 MaxVersion: sessionVers.version,
4126 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4127 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]4128 expectedVersion: sessionVers.version,
4129 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]4130 resumeConfig: &Config{
4131 MaxVersion: resumeVers.version,
4132 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
4133 },
4134 expectedResumeVersion: resumeVers.version,
4135 })
4136 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4137 }
4138 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]4139
4140 testCases = append(testCases, testCase{
4141 name: "Resume-Client-CipherMismatch",
4142 resumeSession: true,
4143 config: Config{
4144 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4145 },
4146 resumeConfig: &Config{
4147 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4148 Bugs: ProtocolBugs{
4149 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
4150 },
4151 },
4152 shouldFail: true,
4153 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
4154 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4155}
4156
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4157func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]4158 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4159 testCases = append(testCases, testCase{
4160 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]4161 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4162 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4163 shouldFail: true,
4164 expectedError: ":NO_RENEGOTIATION:",
4165 expectedLocalError: "remote error: no renegotiation",
4166 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]4167 // The server shouldn't echo the renegotiation extension unless
4168 // requested by the client.
4169 testCases = append(testCases, testCase{
4170 testType: serverTest,
4171 name: "Renegotiate-Server-NoExt",
4172 config: Config{
4173 Bugs: ProtocolBugs{
4174 NoRenegotiationInfo: true,
4175 RequireRenegotiationInfo: true,
4176 },
4177 },
4178 shouldFail: true,
4179 expectedLocalError: "renegotiation extension missing",
4180 })
4181 // The renegotiation SCSV should be sufficient for the server to echo
4182 // the extension.
4183 testCases = append(testCases, testCase{
4184 testType: serverTest,
4185 name: "Renegotiate-Server-NoExt-SCSV",
4186 config: Config{
4187 Bugs: ProtocolBugs{
4188 NoRenegotiationInfo: true,
4189 SendRenegotiationSCSV: true,
4190 RequireRenegotiationInfo: true,
4191 },
4192 },
4193 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4194 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]4195 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4196 config: Config{
4197 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]4198 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4199 },
4200 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4201 renegotiate: 1,
4202 flags: []string{
4203 "-renegotiate-freely",
4204 "-expect-total-renegotiations", "1",
4205 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]4206 })
4207 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4208 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4209 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4210 config: Config{
4211 Bugs: ProtocolBugs{
4212 EmptyRenegotiationInfo: true,
4213 },
4214 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4215 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4216 shouldFail: true,
4217 expectedError: ":RENEGOTIATION_MISMATCH:",
4218 })
4219 testCases = append(testCases, testCase{
4220 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4221 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4222 config: Config{
4223 Bugs: ProtocolBugs{
4224 BadRenegotiationInfo: true,
4225 },
4226 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4227 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4228 shouldFail: true,
4229 expectedError: ":RENEGOTIATION_MISMATCH:",
4230 })
4231 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]4232 name: "Renegotiate-Client-Downgrade",
4233 renegotiate: 1,
4234 config: Config{
4235 Bugs: ProtocolBugs{
4236 NoRenegotiationInfoAfterInitial: true,
4237 },
4238 },
4239 flags: []string{"-renegotiate-freely"},
4240 shouldFail: true,
4241 expectedError: ":RENEGOTIATION_MISMATCH:",
4242 })
4243 testCases = append(testCases, testCase{
4244 name: "Renegotiate-Client-Upgrade",
4245 renegotiate: 1,
4246 config: Config{
4247 Bugs: ProtocolBugs{
4248 NoRenegotiationInfoInInitial: true,
4249 },
4250 },
4251 flags: []string{"-renegotiate-freely"},
4252 shouldFail: true,
4253 expectedError: ":RENEGOTIATION_MISMATCH:",
4254 })
4255 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4256 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4257 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4258 config: Config{
4259 Bugs: ProtocolBugs{
4260 NoRenegotiationInfo: true,
4261 },
4262 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4263 flags: []string{
4264 "-renegotiate-freely",
4265 "-expect-total-renegotiations", "1",
4266 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]4267 })
4268 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4269 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4270 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4271 config: Config{
4272 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4273 },
4274 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4275 flags: []string{
4276 "-renegotiate-freely",
4277 "-expect-total-renegotiations", "1",
4278 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4279 })
4280 testCases = append(testCases, testCase{
4281 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4282 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]4283 config: Config{
4284 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4285 },
4286 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4287 flags: []string{
4288 "-renegotiate-freely",
4289 "-expect-total-renegotiations", "1",
4290 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]4291 })
4292 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4293 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4294 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4295 config: Config{
4296 MaxVersion: VersionTLS10,
4297 Bugs: ProtocolBugs{
4298 RequireSameRenegoClientVersion: true,
4299 },
4300 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4301 flags: []string{
4302 "-renegotiate-freely",
4303 "-expect-total-renegotiations", "1",
4304 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]4305 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4306 testCases = append(testCases, testCase{
4307 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4308 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4309 config: Config{
4310 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4311 NextProtos: []string{"foo"},
4312 },
4313 flags: []string{
4314 "-false-start",
4315 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4316 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]4317 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]4318 },
4319 shimWritesFirst: true,
4320 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4321
4322 // Client-side renegotiation controls.
4323 testCases = append(testCases, testCase{
4324 name: "Renegotiate-Client-Forbidden-1",
4325 renegotiate: 1,
4326 shouldFail: true,
4327 expectedError: ":NO_RENEGOTIATION:",
4328 expectedLocalError: "remote error: no renegotiation",
4329 })
4330 testCases = append(testCases, testCase{
4331 name: "Renegotiate-Client-Once-1",
4332 renegotiate: 1,
4333 flags: []string{
4334 "-renegotiate-once",
4335 "-expect-total-renegotiations", "1",
4336 },
4337 })
4338 testCases = append(testCases, testCase{
4339 name: "Renegotiate-Client-Freely-1",
4340 renegotiate: 1,
4341 flags: []string{
4342 "-renegotiate-freely",
4343 "-expect-total-renegotiations", "1",
4344 },
4345 })
4346 testCases = append(testCases, testCase{
4347 name: "Renegotiate-Client-Once-2",
4348 renegotiate: 2,
4349 flags: []string{"-renegotiate-once"},
4350 shouldFail: true,
4351 expectedError: ":NO_RENEGOTIATION:",
4352 expectedLocalError: "remote error: no renegotiation",
4353 })
4354 testCases = append(testCases, testCase{
4355 name: "Renegotiate-Client-Freely-2",
4356 renegotiate: 2,
4357 flags: []string{
4358 "-renegotiate-freely",
4359 "-expect-total-renegotiations", "2",
4360 },
4361 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4362 testCases = append(testCases, testCase{
4363 name: "Renegotiate-Client-NoIgnore",
4364 config: Config{
4365 Bugs: ProtocolBugs{
4366 SendHelloRequestBeforeEveryAppDataRecord: true,
4367 },
4368 },
4369 shouldFail: true,
4370 expectedError: ":NO_RENEGOTIATION:",
4371 })
4372 testCases = append(testCases, testCase{
4373 name: "Renegotiate-Client-Ignore",
4374 config: Config{
4375 Bugs: ProtocolBugs{
4376 SendHelloRequestBeforeEveryAppDataRecord: true,
4377 },
4378 },
4379 flags: []string{
4380 "-renegotiate-ignore",
4381 "-expect-total-renegotiations", "0",
4382 },
4383 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4384}
4385
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4386func addDTLSReplayTests() {
4387 // Test that sequence number replays are detected.
4388 testCases = append(testCases, testCase{
4389 protocol: dtls,
4390 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4391 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4392 replayWrites: true,
4393 })
4394
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4395 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4396 // than the retransmit window.
4397 testCases = append(testCases, testCase{
4398 protocol: dtls,
4399 name: "DTLS-Replay-LargeGaps",
4400 config: Config{
4401 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4402 SequenceNumberMapping: func(in uint64) uint64 {
4403 return in * 127
4404 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4405 },
4406 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4407 messageCount: 200,
4408 replayWrites: true,
4409 })
4410
4411 // Test the incoming sequence number changing non-monotonically.
4412 testCases = append(testCases, testCase{
4413 protocol: dtls,
4414 name: "DTLS-Replay-NonMonotonic",
4415 config: Config{
4416 Bugs: ProtocolBugs{
4417 SequenceNumberMapping: func(in uint64) uint64 {
4418 return in ^ 31
4419 },
4420 },
4421 },
4422 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4423 replayWrites: true,
4424 })
4425}
4426
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4427var testHashes = []struct {
4428 name string
4429 id uint8
4430}{
4431 {"SHA1", hashSHA1},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4432 {"SHA256", hashSHA256},
4433 {"SHA384", hashSHA384},
4434 {"SHA512", hashSHA512},
4435}
4436
4437func addSigningHashTests() {
4438 // Make sure each hash works. Include some fake hashes in the list and
4439 // ensure they're ignored.
4440 for _, hash := range testHashes {
4441 testCases = append(testCases, testCase{
4442 name: "SigningHash-ClientAuth-" + hash.name,
4443 config: Config{
4444 ClientAuth: RequireAnyClientCert,
4445 SignatureAndHashes: []signatureAndHash{
4446 {signatureRSA, 42},
4447 {signatureRSA, hash.id},
4448 {signatureRSA, 255},
4449 },
4450 },
4451 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4452 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4453 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4454 },
4455 })
4456
4457 testCases = append(testCases, testCase{
4458 testType: serverTest,
4459 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
4460 config: Config{
4461 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4462 SignatureAndHashes: []signatureAndHash{
4463 {signatureRSA, 42},
4464 {signatureRSA, hash.id},
4465 {signatureRSA, 255},
4466 },
4467 },
4468 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4469
4470 testCases = append(testCases, testCase{
4471 name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
4472 config: Config{
4473 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4474 SignatureAndHashes: []signatureAndHash{
4475 {signatureRSA, 42},
4476 {signatureRSA, hash.id},
4477 {signatureRSA, 255},
4478 },
4479 },
4480 flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
4481 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4482 }
4483
4484 // Test that hash resolution takes the signature type into account.
4485 testCases = append(testCases, testCase{
4486 name: "SigningHash-ClientAuth-SignatureType",
4487 config: Config{
4488 ClientAuth: RequireAnyClientCert,
4489 SignatureAndHashes: []signatureAndHash{
4490 {signatureECDSA, hashSHA512},
4491 {signatureRSA, hashSHA384},
4492 {signatureECDSA, hashSHA1},
4493 },
4494 },
4495 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4496 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4497 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4498 },
4499 })
4500
4501 testCases = append(testCases, testCase{
4502 testType: serverTest,
4503 name: "SigningHash-ServerKeyExchange-SignatureType",
4504 config: Config{
4505 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4506 SignatureAndHashes: []signatureAndHash{
4507 {signatureECDSA, hashSHA512},
4508 {signatureRSA, hashSHA384},
4509 {signatureECDSA, hashSHA1},
4510 },
4511 },
4512 })
4513
4514 // Test that, if the list is missing, the peer falls back to SHA-1.
4515 testCases = append(testCases, testCase{
4516 name: "SigningHash-ClientAuth-Fallback",
4517 config: Config{
4518 ClientAuth: RequireAnyClientCert,
4519 SignatureAndHashes: []signatureAndHash{
4520 {signatureRSA, hashSHA1},
4521 },
4522 Bugs: ProtocolBugs{
4523 NoSignatureAndHashes: true,
4524 },
4525 },
4526 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4527 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4528 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4529 },
4530 })
4531
4532 testCases = append(testCases, testCase{
4533 testType: serverTest,
4534 name: "SigningHash-ServerKeyExchange-Fallback",
4535 config: Config{
4536 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4537 SignatureAndHashes: []signatureAndHash{
4538 {signatureRSA, hashSHA1},
4539 },
4540 Bugs: ProtocolBugs{
4541 NoSignatureAndHashes: true,
4542 },
4543 },
4544 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4545
4546 // Test that hash preferences are enforced. BoringSSL defaults to
4547 // rejecting MD5 signatures.
4548 testCases = append(testCases, testCase{
4549 testType: serverTest,
4550 name: "SigningHash-ClientAuth-Enforced",
4551 config: Config{
4552 Certificates: []Certificate{rsaCertificate},
4553 SignatureAndHashes: []signatureAndHash{
4554 {signatureRSA, hashMD5},
4555 // Advertise SHA-1 so the handshake will
4556 // proceed, but the shim's preferences will be
4557 // ignored in CertificateVerify generation, so
4558 // MD5 will be chosen.
4559 {signatureRSA, hashSHA1},
4560 },
4561 Bugs: ProtocolBugs{
4562 IgnorePeerSignatureAlgorithmPreferences: true,
4563 },
4564 },
4565 flags: []string{"-require-any-client-certificate"},
4566 shouldFail: true,
4567 expectedError: ":WRONG_SIGNATURE_TYPE:",
4568 })
4569
4570 testCases = append(testCases, testCase{
4571 name: "SigningHash-ServerKeyExchange-Enforced",
4572 config: Config{
4573 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4574 SignatureAndHashes: []signatureAndHash{
4575 {signatureRSA, hashMD5},
4576 },
4577 Bugs: ProtocolBugs{
4578 IgnorePeerSignatureAlgorithmPreferences: true,
4579 },
4580 },
4581 shouldFail: true,
4582 expectedError: ":WRONG_SIGNATURE_TYPE:",
4583 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4584
4585 // Test that the agreed upon digest respects the client preferences and
4586 // the server digests.
4587 testCases = append(testCases, testCase{
4588 name: "Agree-Digest-Fallback",
4589 config: Config{
4590 ClientAuth: RequireAnyClientCert,
4591 SignatureAndHashes: []signatureAndHash{
4592 {signatureRSA, hashSHA512},
4593 {signatureRSA, hashSHA1},
4594 },
4595 },
4596 flags: []string{
4597 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4598 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4599 },
4600 digestPrefs: "SHA256",
4601 expectedClientCertSignatureHash: hashSHA1,
4602 })
4603 testCases = append(testCases, testCase{
4604 name: "Agree-Digest-SHA256",
4605 config: Config{
4606 ClientAuth: RequireAnyClientCert,
4607 SignatureAndHashes: []signatureAndHash{
4608 {signatureRSA, hashSHA1},
4609 {signatureRSA, hashSHA256},
4610 },
4611 },
4612 flags: []string{
4613 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4614 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4615 },
4616 digestPrefs: "SHA256,SHA1",
4617 expectedClientCertSignatureHash: hashSHA256,
4618 })
4619 testCases = append(testCases, testCase{
4620 name: "Agree-Digest-SHA1",
4621 config: Config{
4622 ClientAuth: RequireAnyClientCert,
4623 SignatureAndHashes: []signatureAndHash{
4624 {signatureRSA, hashSHA1},
4625 },
4626 },
4627 flags: []string{
4628 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4629 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4630 },
4631 digestPrefs: "SHA512,SHA256,SHA1",
4632 expectedClientCertSignatureHash: hashSHA1,
4633 })
4634 testCases = append(testCases, testCase{
4635 name: "Agree-Digest-Default",
4636 config: Config{
4637 ClientAuth: RequireAnyClientCert,
4638 SignatureAndHashes: []signatureAndHash{
4639 {signatureRSA, hashSHA256},
4640 {signatureECDSA, hashSHA256},
4641 {signatureRSA, hashSHA1},
4642 {signatureECDSA, hashSHA1},
4643 },
4644 },
4645 flags: []string{
4646 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4647 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4648 },
4649 expectedClientCertSignatureHash: hashSHA256,
4650 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4651}
4652
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4653// timeouts is the retransmit schedule for BoringSSL. It doubles and
4654// caps at 60 seconds. On the 13th timeout, it gives up.
4655var timeouts = []time.Duration{
4656 1 * time.Second,
4657 2 * time.Second,
4658 4 * time.Second,
4659 8 * time.Second,
4660 16 * time.Second,
4661 32 * time.Second,
4662 60 * time.Second,
4663 60 * time.Second,
4664 60 * time.Second,
4665 60 * time.Second,
4666 60 * time.Second,
4667 60 * time.Second,
4668 60 * time.Second,
4669}
4670
Taylor Brandstetter376a0fe2016-05-10 19:30:28 -0700[diff] [blame]4671// shortTimeouts is an alternate set of timeouts which would occur if the
4672// initial timeout duration was set to 250ms.
4673var shortTimeouts = []time.Duration{
4674 250 * time.Millisecond,
4675 500 * time.Millisecond,
4676 1 * time.Second,
4677 2 * time.Second,
4678 4 * time.Second,
4679 8 * time.Second,
4680 16 * time.Second,
4681 32 * time.Second,
4682 60 * time.Second,
4683 60 * time.Second,
4684 60 * time.Second,
4685 60 * time.Second,
4686 60 * time.Second,
4687}
4688
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4689func addDTLSRetransmitTests() {
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4690 // These tests work by coordinating some behavior on both the shim and
4691 // the runner.
4692 //
4693 // TimeoutSchedule configures the runner to send a series of timeout
4694 // opcodes to the shim (see packetAdaptor) immediately before reading
4695 // each peer handshake flight N. The timeout opcode both simulates a
4696 // timeout in the shim and acts as a synchronization point to help the
4697 // runner bracket each handshake flight.
4698 //
4699 // We assume the shim does not read from the channel eagerly. It must
4700 // first wait until it has sent flight N and is ready to receive
4701 // handshake flight N+1. At this point, it will process the timeout
4702 // opcode. It must then immediately respond with a timeout ACK and act
4703 // as if the shim was idle for the specified amount of time.
4704 //
4705 // The runner then drops all packets received before the ACK and
4706 // continues waiting for flight N. This ordering results in one attempt
4707 // at sending flight N to be dropped. For the test to complete, the
4708 // shim must send flight N again, testing that the shim implements DTLS
4709 // retransmit on a timeout.
4710
4711 for _, async := range []bool{true, false} {
4712 var tests []testCase
4713
4714 // Test that this is indeed the timeout schedule. Stress all
4715 // four patterns of handshake.
4716 for i := 1; i < len(timeouts); i++ {
4717 number := strconv.Itoa(i)
4718 tests = append(tests, testCase{
4719 protocol: dtls,
4720 name: "DTLS-Retransmit-Client-" + number,
4721 config: Config{
4722 Bugs: ProtocolBugs{
4723 TimeoutSchedule: timeouts[:i],
4724 },
4725 },
4726 resumeSession: true,
4727 })
4728 tests = append(tests, testCase{
4729 protocol: dtls,
4730 testType: serverTest,
4731 name: "DTLS-Retransmit-Server-" + number,
4732 config: Config{
4733 Bugs: ProtocolBugs{
4734 TimeoutSchedule: timeouts[:i],
4735 },
4736 },
4737 resumeSession: true,
4738 })
4739 }
4740
4741 // Test that exceeding the timeout schedule hits a read
4742 // timeout.
4743 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4744 protocol: dtls,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4745 name: "DTLS-Retransmit-Timeout",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4746 config: Config{
4747 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4748 TimeoutSchedule: timeouts,
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4749 },
4750 },
4751 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4752 shouldFail: true,
4753 expectedError: ":READ_TIMEOUT_EXPIRED:",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4754 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4755
4756 if async {
4757 // Test that timeout handling has a fudge factor, due to API
4758 // problems.
4759 tests = append(tests, testCase{
4760 protocol: dtls,
4761 name: "DTLS-Retransmit-Fudge",
4762 config: Config{
4763 Bugs: ProtocolBugs{
4764 TimeoutSchedule: []time.Duration{
4765 timeouts[0] - 10*time.Millisecond,
4766 },
4767 },
4768 },
4769 resumeSession: true,
4770 })
4771 }
4772
4773 // Test that the final Finished retransmitting isn't
4774 // duplicated if the peer badly fragments everything.
4775 tests = append(tests, testCase{
4776 testType: serverTest,
4777 protocol: dtls,
4778 name: "DTLS-Retransmit-Fragmented",
4779 config: Config{
4780 Bugs: ProtocolBugs{
4781 TimeoutSchedule: []time.Duration{timeouts[0]},
4782 MaxHandshakeRecordLength: 2,
4783 },
4784 },
4785 })
4786
4787 // Test the timeout schedule when a shorter initial timeout duration is set.
4788 tests = append(tests, testCase{
4789 protocol: dtls,
4790 name: "DTLS-Retransmit-Short-Client",
4791 config: Config{
4792 Bugs: ProtocolBugs{
4793 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
4794 },
4795 },
4796 resumeSession: true,
4797 flags: []string{"-initial-timeout-duration-ms", "250"},
4798 })
4799 tests = append(tests, testCase{
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4800 protocol: dtls,
4801 testType: serverTest,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4802 name: "DTLS-Retransmit-Short-Server",
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4803 config: Config{
4804 Bugs: ProtocolBugs{
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4805 TimeoutSchedule: shortTimeouts[:len(shortTimeouts)-1],
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4806 },
4807 },
4808 resumeSession: true,
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4809 flags: []string{"-initial-timeout-duration-ms", "250"},
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4810 })
David Benjamin585d7a42016-06-02 14:58:00 -0400[diff] [blame]4811
4812 for _, test := range tests {
4813 if async {
4814 test.name += "-Async"
4815 test.flags = append(test.flags, "-async")
4816 }
4817
4818 testCases = append(testCases, test)
4819 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4820 }
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4821}
4822
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4823func addExportKeyingMaterialTests() {
4824 for _, vers := range tlsVersions {
4825 if vers.version == VersionSSL30 {
4826 continue
4827 }
4828 testCases = append(testCases, testCase{
4829 name: "ExportKeyingMaterial-" + vers.name,
4830 config: Config{
4831 MaxVersion: vers.version,
4832 },
4833 exportKeyingMaterial: 1024,
4834 exportLabel: "label",
4835 exportContext: "context",
4836 useExportContext: true,
4837 })
4838 testCases = append(testCases, testCase{
4839 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4840 config: Config{
4841 MaxVersion: vers.version,
4842 },
4843 exportKeyingMaterial: 1024,
4844 })
4845 testCases = append(testCases, testCase{
4846 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4847 config: Config{
4848 MaxVersion: vers.version,
4849 },
4850 exportKeyingMaterial: 1024,
4851 useExportContext: true,
4852 })
4853 testCases = append(testCases, testCase{
4854 name: "ExportKeyingMaterial-Small-" + vers.name,
4855 config: Config{
4856 MaxVersion: vers.version,
4857 },
4858 exportKeyingMaterial: 1,
4859 exportLabel: "label",
4860 exportContext: "context",
4861 useExportContext: true,
4862 })
4863 }
4864 testCases = append(testCases, testCase{
4865 name: "ExportKeyingMaterial-SSL3",
4866 config: Config{
4867 MaxVersion: VersionSSL30,
4868 },
4869 exportKeyingMaterial: 1024,
4870 exportLabel: "label",
4871 exportContext: "context",
4872 useExportContext: true,
4873 shouldFail: true,
4874 expectedError: "failed to export keying material",
4875 })
4876}
4877
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4878func addTLSUniqueTests() {
4879 for _, isClient := range []bool{false, true} {
4880 for _, isResumption := range []bool{false, true} {
4881 for _, hasEMS := range []bool{false, true} {
4882 var suffix string
4883 if isResumption {
4884 suffix = "Resume-"
4885 } else {
4886 suffix = "Full-"
4887 }
4888
4889 if hasEMS {
4890 suffix += "EMS-"
4891 } else {
4892 suffix += "NoEMS-"
4893 }
4894
4895 if isClient {
4896 suffix += "Client"
4897 } else {
4898 suffix += "Server"
4899 }
4900
4901 test := testCase{
4902 name: "TLSUnique-" + suffix,
4903 testTLSUnique: true,
4904 config: Config{
4905 Bugs: ProtocolBugs{
4906 NoExtendedMasterSecret: !hasEMS,
4907 },
4908 },
4909 }
4910
4911 if isResumption {
4912 test.resumeSession = true
4913 test.resumeConfig = &Config{
4914 Bugs: ProtocolBugs{
4915 NoExtendedMasterSecret: !hasEMS,
4916 },
4917 }
4918 }
4919
4920 if isResumption && !hasEMS {
4921 test.shouldFail = true
4922 test.expectedError = "failed to get tls-unique"
4923 }
4924
4925 testCases = append(testCases, test)
4926 }
4927 }
4928 }
4929}
4930
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4931func addCustomExtensionTests() {
4932 expectedContents := "custom extension"
4933 emptyString := ""
4934
4935 for _, isClient := range []bool{false, true} {
4936 suffix := "Server"
4937 flag := "-enable-server-custom-extension"
4938 testType := serverTest
4939 if isClient {
4940 suffix = "Client"
4941 flag = "-enable-client-custom-extension"
4942 testType = clientTest
4943 }
4944
4945 testCases = append(testCases, testCase{
4946 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4947 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4948 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4949 Bugs: ProtocolBugs{
4950 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4951 ExpectedCustomExtension: &expectedContents,
4952 },
4953 },
4954 flags: []string{flag},
4955 })
4956
4957 // If the parse callback fails, the handshake should also fail.
4958 testCases = append(testCases, testCase{
4959 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4960 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4961 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4962 Bugs: ProtocolBugs{
4963 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4964 ExpectedCustomExtension: &expectedContents,
4965 },
4966 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4967 flags: []string{flag},
4968 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4969 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4970 })
4971
4972 // If the add callback fails, the handshake should also fail.
4973 testCases = append(testCases, testCase{
4974 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4975 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4976 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4977 Bugs: ProtocolBugs{
4978 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4979 ExpectedCustomExtension: &expectedContents,
4980 },
4981 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4982 flags: []string{flag, "-custom-extension-fail-add"},
4983 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4984 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4985 })
4986
4987 // If the add callback returns zero, no extension should be
4988 // added.
4989 skipCustomExtension := expectedContents
4990 if isClient {
4991 // For the case where the client skips sending the
4992 // custom extension, the server must not “echo” it.
4993 skipCustomExtension = ""
4994 }
4995 testCases = append(testCases, testCase{
4996 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4997 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4998 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4999 Bugs: ProtocolBugs{
5000 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5001 ExpectedCustomExtension: &emptyString,
5002 },
5003 },
5004 flags: []string{flag, "-custom-extension-skip"},
5005 })
5006 }
5007
5008 // The custom extension add callback should not be called if the client
5009 // doesn't send the extension.
5010 testCases = append(testCases, testCase{
5011 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5012 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5013 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]5014 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5015 ExpectedCustomExtension: &emptyString,
5016 },
5017 },
5018 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
5019 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]5020
5021 // Test an unknown extension from the server.
5022 testCases = append(testCases, testCase{
5023 testType: clientTest,
5024 name: "UnknownExtension-Client",
5025 config: Config{
5026 Bugs: ProtocolBugs{
5027 CustomExtension: expectedContents,
5028 },
5029 },
5030 shouldFail: true,
5031 expectedError: ":UNEXPECTED_EXTENSION:",
5032 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5033}
5034
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]5035func addRSAClientKeyExchangeTests() {
5036 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
5037 testCases = append(testCases, testCase{
5038 testType: serverTest,
5039 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
5040 config: Config{
5041 // Ensure the ClientHello version and final
5042 // version are different, to detect if the
5043 // server uses the wrong one.
5044 MaxVersion: VersionTLS11,
5045 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
5046 Bugs: ProtocolBugs{
5047 BadRSAClientKeyExchange: bad,
5048 },
5049 },
5050 shouldFail: true,
5051 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
5052 })
5053 }
5054}
5055
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5056var testCurves = []struct {
5057 name string
5058 id CurveID
5059}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5060 {"P-256", CurveP256},
5061 {"P-384", CurveP384},
5062 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]5063 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5064}
5065
5066func addCurveTests() {
5067 for _, curve := range testCurves {
5068 testCases = append(testCases, testCase{
5069 name: "CurveTest-Client-" + curve.name,
5070 config: Config{
5071 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5072 CurvePreferences: []CurveID{curve.id},
5073 },
5074 flags: []string{"-enable-all-curves"},
5075 })
5076 testCases = append(testCases, testCase{
5077 testType: serverTest,
5078 name: "CurveTest-Server-" + curve.name,
5079 config: Config{
5080 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5081 CurvePreferences: []CurveID{curve.id},
5082 },
5083 flags: []string{"-enable-all-curves"},
5084 })
5085 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]5086
5087 // The server must be tolerant to bogus curves.
5088 const bogusCurve = 0x1234
5089 testCases = append(testCases, testCase{
5090 testType: serverTest,
5091 name: "UnknownCurve",
5092 config: Config{
5093 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5094 CurvePreferences: []CurveID{bogusCurve, CurveP256},
5095 },
5096 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5097}
5098
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5099func addKeyExchangeInfoTests() {
5100 testCases = append(testCases, testCase{
5101 name: "KeyExchangeInfo-RSA-Client",
5102 config: Config{
5103 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
5104 },
5105 // key.pem is a 1024-bit RSA key.
5106 flags: []string{"-expect-key-exchange-info", "1024"},
5107 })
5108 // TODO(davidben): key_exchange_info doesn't work for plain RSA on the
5109 // server. Either fix this or change the API as it's not very useful in
5110 // this case.
5111
5112 testCases = append(testCases, testCase{
5113 name: "KeyExchangeInfo-DHE-Client",
5114 config: Config{
5115 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5116 Bugs: ProtocolBugs{
5117 // This is a 1234-bit prime number, generated
5118 // with:
5119 // openssl gendh 1234 | openssl asn1parse -i
5120 DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
5121 },
5122 },
5123 flags: []string{"-expect-key-exchange-info", "1234"},
5124 })
5125 testCases = append(testCases, testCase{
5126 testType: serverTest,
5127 name: "KeyExchangeInfo-DHE-Server",
5128 config: Config{
5129 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
5130 },
5131 // bssl_shim as a server configures a 2048-bit DHE group.
5132 flags: []string{"-expect-key-exchange-info", "2048"},
5133 })
5134
5135 testCases = append(testCases, testCase{
5136 name: "KeyExchangeInfo-ECDHE-Client",
5137 config: Config{
5138 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5139 CurvePreferences: []CurveID{CurveX25519},
5140 },
5141 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
5142 })
5143 testCases = append(testCases, testCase{
5144 testType: serverTest,
5145 name: "KeyExchangeInfo-ECDHE-Server",
5146 config: Config{
5147 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
5148 CurvePreferences: []CurveID{CurveX25519},
5149 },
5150 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
5151 })
5152}
5153
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5154func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5155 defer wg.Done()
5156
5157 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5158 var err error
5159
5160 if *mallocTest < 0 {
5161 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5162 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5163 } else {
5164 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
5165 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5166 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]5167 if err != nil {
5168 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
5169 }
5170 break
5171 }
5172 }
5173 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5174 statusChan <- statusMsg{test: test, err: err}
5175 }
5176}
5177
5178type statusMsg struct {
5179 test *testCase
5180 started bool
5181 err error
5182}
5183
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5184func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5185 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5186
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5187 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5188 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5189 if !*pipe {
5190 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]5191 var erase string
5192 for i := 0; i < lineLen; i++ {
5193 erase += "\b \b"
5194 }
5195 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5196 }
5197
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5198 if msg.started {
5199 started++
5200 } else {
5201 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5202
5203 if msg.err != nil {
5204 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
5205 failed++
5206 testOutput.addResult(msg.test.name, "FAIL")
5207 } else {
5208 if *pipe {
5209 // Print each test instead of a status line.
5210 fmt.Printf("PASSED (%s)\n", msg.test.name)
5211 }
5212 testOutput.addResult(msg.test.name, "PASS")
5213 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5214 }
5215
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5216 if !*pipe {
5217 // Print a new status line.
5218 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
5219 lineLen = len(line)
5220 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5221 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5222 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5223
5224 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5225}
5226
5227func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5228 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5229 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5230
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5231 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5232 addCipherSuiteTests()
5233 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]5234 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]5235 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]5236 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]5237 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]5238 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]5239 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]5240 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]5241 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]5242 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]5243 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]5244 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]5245 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]5246 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]5247 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]5248 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]5249 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]5250 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]5251 addCurveTests()
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]5252 addKeyExchangeInfoTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]5253 for _, async := range []bool{false, true} {
5254 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]5255 for _, protocol := range []protocol{tls, dtls} {
5256 addStateMachineCoverageTests(async, splitHandshake, protocol)
5257 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]5258 }
5259 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5260
5261 var wg sync.WaitGroup
5262
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5263 statusChan := make(chan statusMsg, *numWorkers)
5264 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5265 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5266
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5267 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5268
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5269 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5270 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5271 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5272 }
5273
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5274 var foundTest bool
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5275 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]5276 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5277 foundTest = true
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]5278 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5279 }
5280 }
David Benjamin270f0a72016-03-17 14:41:36 -0400[diff] [blame]5281 if !foundTest {
5282 fmt.Fprintf(os.Stderr, "No test named '%s'\n", *testToRun)
5283 os.Exit(1)
5284 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5285
5286 close(testChan)
5287 wg.Wait()
5288 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5289 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5290
5291 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]5292
5293 if *jsonOutput != "" {
5294 if err := testOutput.writeTo(*jsonOutput); err != nil {
5295 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
5296 }
5297 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]5298
5299 if !testOutput.allPassed {
5300 os.Exit(1)
5301 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]5302}