Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / ef1b0093444e62644f9cdec4e516705cb79bcf79 / . / ssl / test / runner / runner.go
blob: b9d3f51025a9c183a3a44d9048aa6817348ebb66 [file] [log] [blame]
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]1package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]30 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]31 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
32 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
33 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
34 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
35 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]36 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
37 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
38 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
39 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]40)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]41
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]42const (
43 rsaCertificateFile = "cert.pem"
44 ecdsaCertificateFile = "ecdsa_cert.pem"
45)
46
47const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]48 rsaKeyFile = "key.pem"
49 ecdsaKeyFile = "ecdsa_key.pem"
50 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]51)
52
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]53var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]54var channelIDKey *ecdsa.PrivateKey
55var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]56
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]57var testOCSPResponse = []byte{1, 2, 3, 4}
58var testSCTList = []byte{5, 6, 7, 8}
59
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]60func initCertificates() {
61 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]62 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]63 if err != nil {
64 panic(err)
65 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]66 rsaCertificate.OCSPStaple = testOCSPResponse
67 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]68
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]69 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]70 if err != nil {
71 panic(err)
72 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]73 ecdsaCertificate.OCSPStaple = testOCSPResponse
74 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]75
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]76 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]77 if err != nil {
78 panic(err)
79 }
80 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
81 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
82 panic("bad key type")
83 }
84 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
85 if err != nil {
86 panic(err)
87 }
88 if channelIDKey.Curve != elliptic.P256() {
89 panic("bad curve")
90 }
91
92 channelIDBytes = make([]byte, 64)
93 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
94 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]95}
96
97var certificateOnce sync.Once
98
99func getRSACertificate() Certificate {
100 certificateOnce.Do(initCertificates)
101 return rsaCertificate
102}
103
104func getECDSACertificate() Certificate {
105 certificateOnce.Do(initCertificates)
106 return ecdsaCertificate
107}
108
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]109type testType int
110
111const (
112 clientTest testType = iota
113 serverTest
114)
115
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]116type protocol int
117
118const (
119 tls protocol = iota
120 dtls
121)
122
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]123const (
124 alpn = 1
125 npn = 2
126)
127
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]128type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]129 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]130 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]131 name string
132 config Config
133 shouldFail bool
134 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]135 // expectedLocalError, if not empty, contains a substring that must be
136 // found in the local error.
137 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]138 // expectedVersion, if non-zero, specifies the TLS version that must be
139 // negotiated.
140 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]141 // expectedResumeVersion, if non-zero, specifies the TLS version that
142 // must be negotiated on resumption. If zero, expectedVersion is used.
143 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]144 // expectedCipher, if non-zero, specifies the TLS cipher suite that
145 // should be negotiated.
146 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]147 // expectChannelID controls whether the connection should have
148 // negotiated a Channel ID with channelIDKey.
149 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]150 // expectedNextProto controls whether the connection should
151 // negotiate a next protocol via NPN or ALPN.
152 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]153 // expectNoNextProto, if true, means that no next protocol should be
154 // negotiated.
155 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]156 // expectedNextProtoType, if non-zero, is the expected next
157 // protocol negotiation mechanism.
158 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]159 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
160 // should be negotiated. If zero, none should be negotiated.
161 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]162 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
163 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]164 // expectedSCTList, if not nil, is the expected SCT list to be received.
165 expectedSCTList []uint8
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]166 // expectedClientCertSignatureHash, if not zero, is the TLS id of the
167 // hash function that the client should have used when signing the
168 // handshake with a client certificate.
169 expectedClientCertSignatureHash uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]170 // messageLen is the length, in bytes, of the test message that will be
171 // sent.
172 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]173 // messageCount is the number of test messages that will be sent.
174 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]175 // digestPrefs is the list of digest preferences from the client.
176 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]177 // certFile is the path to the certificate to use for the server.
178 certFile string
179 // keyFile is the path to the private key to use for the server.
180 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]181 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]182 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]183 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]184 // expectResumeRejected, if true, specifies that the attempted
185 // resumption must be rejected by the client. This is only valid for a
186 // serverTest.
187 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]188 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]189 // resumption. Unless newSessionsOnResume is set,
190 // SessionTicketKey, ServerSessionCache, and
191 // ClientSessionCache are copied from the initial connection's
192 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]193 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]194 // newSessionsOnResume, if true, will cause resumeConfig to
195 // use a different session resumption context.
196 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]197 // noSessionCache, if true, will cause the server to run without a
198 // session cache.
199 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]200 // sendPrefix sends a prefix on the socket before actually performing a
201 // handshake.
202 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]203 // shimWritesFirst controls whether the shim sends an initial "hello"
204 // message before doing a roundtrip with the runner.
205 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]206 // shimShutsDown, if true, runs a test where the shim shuts down the
207 // connection immediately after the handshake rather than echoing
208 // messages from the runner.
209 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]210 // renegotiate indicates the number of times the connection should be
211 // renegotiated during the exchange.
212 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]213 // renegotiateCiphers is a list of ciphersuite ids that will be
214 // switched in just before renegotiation.
215 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]216 // replayWrites, if true, configures the underlying transport
217 // to replay every write it makes in DTLS tests.
218 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]219 // damageFirstWrite, if true, configures the underlying transport to
220 // damage the final byte of the first application data write.
221 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]222 // exportKeyingMaterial, if non-zero, configures the test to exchange
223 // keying material and verify they match.
224 exportKeyingMaterial int
225 exportLabel string
226 exportContext string
227 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]228 // flags, if not empty, contains a list of command-line flags that will
229 // be passed to the shim program.
230 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]231 // testTLSUnique, if true, causes the shim to send the tls-unique value
232 // which will be compared against the expected value.
233 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]234 // sendEmptyRecords is the number of consecutive empty records to send
235 // before and after the test message.
236 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]237 // sendWarningAlerts is the number of consecutive warning alerts to send
238 // before and after the test message.
239 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]240 // expectMessageDropped, if true, means the test message is expected to
241 // be dropped by the client rather than echoed back.
242 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]243}
244
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]245var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]246
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]247func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]248 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]249
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]250 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]251 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
252 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]253 }
254
255 if *flagDebug {
256 local, peer := "client", "server"
257 if test.testType == clientTest {
258 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]259 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]260 connDebug := &recordingConn{
261 Conn: conn,
262 isDatagram: test.protocol == dtls,
263 local: local,
264 peer: peer,
265 }
266 conn = connDebug
267 defer func() {
268 connDebug.WriteTo(os.Stdout)
269 }()
270
271 if config.Bugs.PacketAdaptor != nil {
272 config.Bugs.PacketAdaptor.debug = connDebug
273 }
274 }
275
276 if test.replayWrites {
277 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]278 }
279
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]280 if test.damageFirstWrite {
281 connDamage = newDamageAdaptor(conn)
282 conn = connDamage
283 }
284
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]285 if test.sendPrefix != "" {
286 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
287 return err
288 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]289 }
290
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]291 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]292 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]293 if test.protocol == dtls {
294 tlsConn = DTLSServer(conn, config)
295 } else {
296 tlsConn = Server(conn, config)
297 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]298 } else {
299 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]300 if test.protocol == dtls {
301 tlsConn = DTLSClient(conn, config)
302 } else {
303 tlsConn = Client(conn, config)
304 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]305 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]306 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]307
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]308 if err := tlsConn.Handshake(); err != nil {
309 return err
310 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]311
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]312 // TODO(davidben): move all per-connection expectations into a dedicated
313 // expectations struct that can be specified separately for the two
314 // legs.
315 expectedVersion := test.expectedVersion
316 if isResume && test.expectedResumeVersion != 0 {
317 expectedVersion = test.expectedResumeVersion
318 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]319 connState := tlsConn.ConnectionState()
320 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]321 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]322 }
323
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]324 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]325 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
326 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]327 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
328 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
329 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]330
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]331 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]332 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]333 if channelID == nil {
334 return fmt.Errorf("no channel ID negotiated")
335 }
336 if channelID.Curve != channelIDKey.Curve ||
337 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
338 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
339 return fmt.Errorf("incorrect channel ID")
340 }
341 }
342
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]343 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]344 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]345 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
346 }
347 }
348
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]349 if test.expectNoNextProto {
350 if actual := connState.NegotiatedProtocol; actual != "" {
351 return fmt.Errorf("got unexpected next proto %s", actual)
352 }
353 }
354
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]355 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]356 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]357 return fmt.Errorf("next proto type mismatch")
358 }
359 }
360
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]361 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]362 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
363 }
364
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]365 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
366 return fmt.Errorf("OCSP Response mismatch")
367 }
368
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]369 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
370 return fmt.Errorf("SCT list mismatch")
371 }
372
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]373 if expected := test.expectedClientCertSignatureHash; expected != 0 && expected != connState.ClientCertSignatureHash {
374 return fmt.Errorf("expected client to sign handshake with hash %d, but got %d", expected, connState.ClientCertSignatureHash)
375 }
376
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]377 if test.exportKeyingMaterial > 0 {
378 actual := make([]byte, test.exportKeyingMaterial)
379 if _, err := io.ReadFull(tlsConn, actual); err != nil {
380 return err
381 }
382 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
383 if err != nil {
384 return err
385 }
386 if !bytes.Equal(actual, expected) {
387 return fmt.Errorf("keying material mismatch")
388 }
389 }
390
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]391 if test.testTLSUnique {
392 var peersValue [12]byte
393 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
394 return err
395 }
396 expected := tlsConn.ConnectionState().TLSUnique
397 if !bytes.Equal(peersValue[:], expected) {
398 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
399 }
400 }
401
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]402 if test.shimWritesFirst {
403 var buf [5]byte
404 _, err := io.ReadFull(tlsConn, buf[:])
405 if err != nil {
406 return err
407 }
408 if string(buf[:]) != "hello" {
409 return fmt.Errorf("bad initial message")
410 }
411 }
412
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]413 for i := 0; i < test.sendEmptyRecords; i++ {
414 tlsConn.Write(nil)
415 }
416
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]417 for i := 0; i < test.sendWarningAlerts; i++ {
418 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
419 }
420
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]421 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]422 if test.renegotiateCiphers != nil {
423 config.CipherSuites = test.renegotiateCiphers
424 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]425 for i := 0; i < test.renegotiate; i++ {
426 if err := tlsConn.Renegotiate(); err != nil {
427 return err
428 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]429 }
430 } else if test.renegotiateCiphers != nil {
431 panic("renegotiateCiphers without renegotiate")
432 }
433
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]434 if test.damageFirstWrite {
435 connDamage.setDamage(true)
436 tlsConn.Write([]byte("DAMAGED WRITE"))
437 connDamage.setDamage(false)
438 }
439
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]440 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]441 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]442 if test.protocol == dtls {
443 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
444 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]445 // Read until EOF.
446 _, err := io.Copy(ioutil.Discard, tlsConn)
447 return err
448 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]449 if messageLen == 0 {
450 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]451 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]452
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]453 messageCount := test.messageCount
454 if messageCount == 0 {
455 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]456 }
457
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]458 for j := 0; j < messageCount; j++ {
459 testMessage := make([]byte, messageLen)
460 for i := range testMessage {
461 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]462 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]463 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]464
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]465 for i := 0; i < test.sendEmptyRecords; i++ {
466 tlsConn.Write(nil)
467 }
468
469 for i := 0; i < test.sendWarningAlerts; i++ {
470 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
471 }
472
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]473 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]474 // The shim will not respond.
475 continue
476 }
477
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]478 buf := make([]byte, len(testMessage))
479 if test.protocol == dtls {
480 bufTmp := make([]byte, len(buf)+1)
481 n, err := tlsConn.Read(bufTmp)
482 if err != nil {
483 return err
484 }
485 if n != len(buf) {
486 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
487 }
488 copy(buf, bufTmp)
489 } else {
490 _, err := io.ReadFull(tlsConn, buf)
491 if err != nil {
492 return err
493 }
494 }
495
496 for i, v := range buf {
497 if v != testMessage[i]^0xff {
498 return fmt.Errorf("bad reply contents at byte %d", i)
499 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]500 }
501 }
502
503 return nil
504}
505
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]506func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
507 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]508 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]509 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]510 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]511 valgrindArgs = append(valgrindArgs, path)
512 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]513
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]514 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]515}
516
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]517func gdbOf(path string, args ...string) *exec.Cmd {
518 xtermArgs := []string{"-e", "gdb", "--args"}
519 xtermArgs = append(xtermArgs, path)
520 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]521
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]522 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]523}
524
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]525func lldbOf(path string, args ...string) *exec.Cmd {
526 xtermArgs := []string{"-e", "lldb", "--"}
527 xtermArgs = append(xtermArgs, path)
528 xtermArgs = append(xtermArgs, args...)
529
530 return exec.Command("xterm", xtermArgs...)
531}
532
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]533type moreMallocsError struct{}
534
535func (moreMallocsError) Error() string {
536 return "child process did not exhaust all allocation calls"
537}
538
539var errMoreMallocs = moreMallocsError{}
540
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]541// accept accepts a connection from listener, unless waitChan signals a process
542// exit first.
543func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
544 type connOrError struct {
545 conn net.Conn
546 err error
547 }
548 connChan := make(chan connOrError, 1)
549 go func() {
550 conn, err := listener.Accept()
551 connChan <- connOrError{conn, err}
552 close(connChan)
553 }()
554 select {
555 case result := <-connChan:
556 return result.conn, result.err
557 case childErr := <-waitChan:
558 waitChan <- childErr
559 return nil, fmt.Errorf("child exited early: %s", childErr)
560 }
561}
562
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]563func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]564 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
565 panic("Error expected without shouldFail in " + test.name)
566 }
567
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]568 if test.expectResumeRejected && !test.resumeSession {
569 panic("expectResumeRejected without resumeSession in " + test.name)
570 }
571
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]572 if test.testType != clientTest && test.expectedClientCertSignatureHash != 0 {
573 panic("expectedClientCertSignatureHash non-zero with serverTest in " + test.name)
574 }
575
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]576 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
577 if err != nil {
578 panic(err)
579 }
580 defer func() {
581 if listener != nil {
582 listener.Close()
583 }
584 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]585
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]586 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]587 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]588 flags = append(flags, "-server")
589
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]590 flags = append(flags, "-key-file")
591 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]592 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]593 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]594 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]595 }
596
597 flags = append(flags, "-cert-file")
598 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]599 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]600 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]601 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]602 }
603 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]604
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]605 if test.digestPrefs != "" {
606 flags = append(flags, "-digest-prefs")
607 flags = append(flags, test.digestPrefs)
608 }
609
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]610 if test.protocol == dtls {
611 flags = append(flags, "-dtls")
612 }
613
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]614 if test.resumeSession {
615 flags = append(flags, "-resume")
616 }
617
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]618 if test.shimWritesFirst {
619 flags = append(flags, "-shim-writes-first")
620 }
621
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]622 if test.shimShutsDown {
623 flags = append(flags, "-shim-shuts-down")
624 }
625
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]626 if test.exportKeyingMaterial > 0 {
627 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
628 flags = append(flags, "-export-label", test.exportLabel)
629 flags = append(flags, "-export-context", test.exportContext)
630 if test.useExportContext {
631 flags = append(flags, "-use-export-context")
632 }
633 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]634 if test.expectResumeRejected {
635 flags = append(flags, "-expect-session-miss")
636 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]637
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]638 if test.testTLSUnique {
639 flags = append(flags, "-tls-unique")
640 }
641
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]642 flags = append(flags, test.flags...)
643
644 var shim *exec.Cmd
645 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]646 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]647 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]648 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]649 } else if *useLLDB {
650 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]651 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]652 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]653 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]654 shim.Stdin = os.Stdin
655 var stdoutBuf, stderrBuf bytes.Buffer
656 shim.Stdout = &stdoutBuf
657 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]658 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]659 shim.Env = os.Environ()
660 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]661 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]662 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]663 }
664 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
665 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]666
667 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]668 panic(err)
669 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]670 waitChan := make(chan error, 1)
671 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]672
673 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]674 if !test.noSessionCache {
675 config.ClientSessionCache = NewLRUClientSessionCache(1)
676 config.ServerSessionCache = NewLRUServerSessionCache(1)
677 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]678 if test.testType == clientTest {
679 if len(config.Certificates) == 0 {
680 config.Certificates = []Certificate{getRSACertificate()}
681 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]682 } else {
683 // Supply a ServerName to ensure a constant session cache key,
684 // rather than falling back to net.Conn.RemoteAddr.
685 if len(config.ServerName) == 0 {
686 config.ServerName = "test"
687 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]688 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]690 conn, err := acceptOrWait(listener, waitChan)
691 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]692 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]693 conn.Close()
694 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]695
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]696 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]697 var resumeConfig Config
698 if test.resumeConfig != nil {
699 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]700 if len(resumeConfig.ServerName) == 0 {
701 resumeConfig.ServerName = config.ServerName
702 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]703 if len(resumeConfig.Certificates) == 0 {
704 resumeConfig.Certificates = []Certificate{getRSACertificate()}
705 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]706 if test.newSessionsOnResume {
707 if !test.noSessionCache {
708 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
709 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
710 }
711 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]712 resumeConfig.SessionTicketKey = config.SessionTicketKey
713 resumeConfig.ClientSessionCache = config.ClientSessionCache
714 resumeConfig.ServerSessionCache = config.ServerSessionCache
715 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]716 } else {
717 resumeConfig = config
718 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]719 var connResume net.Conn
720 connResume, err = acceptOrWait(listener, waitChan)
721 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]722 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]723 connResume.Close()
724 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]725 }
726
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]727 // Close the listener now. This is to avoid hangs should the shim try to
728 // open more connections than expected.
729 listener.Close()
730 listener = nil
731
732 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]733 if exitError, ok := childErr.(*exec.ExitError); ok {
734 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
735 return errMoreMallocs
736 }
737 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]738
739 stdout := string(stdoutBuf.Bytes())
740 stderr := string(stderrBuf.Bytes())
741 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]742 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]743 localError := "none"
744 if err != nil {
745 localError = err.Error()
746 }
747 if len(test.expectedLocalError) != 0 {
748 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
749 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]750
751 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]752 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]753 if childErr != nil {
754 childError = childErr.Error()
755 }
756
757 var msg string
758 switch {
759 case failed && !test.shouldFail:
760 msg = "unexpected failure"
761 case !failed && test.shouldFail:
762 msg = "unexpected success"
763 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]764 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]765 default:
766 panic("internal error")
767 }
768
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]769 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]770 }
771
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]772 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]773 println(stderr)
774 }
775
776 return nil
777}
778
779var tlsVersions = []struct {
780 name string
781 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]782 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]783 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]784}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]785 {"SSL3", VersionSSL30, "-no-ssl3", false},
786 {"TLS1", VersionTLS10, "-no-tls1", true},
787 {"TLS11", VersionTLS11, "-no-tls11", false},
788 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]789}
790
791var testCipherSuites = []struct {
792 name string
793 id uint16
794}{
795 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]796 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]797 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]798 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]799 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]800 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]801 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]802 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
803 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]804 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]805 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
806 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]807 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]808 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
809 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]810 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
811 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]812 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]813 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]814 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]815 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]816 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]817 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]818 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]819 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]820 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]821 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]822 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]823 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]824 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]825 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]826 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
827 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]828 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
829 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]830 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]831 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]832 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]833 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]834 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]835}
836
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]837func hasComponent(suiteName, component string) bool {
838 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
839}
840
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]841func isTLSOnly(suiteName string) bool {
842 // BoringSSL doesn't support ECDHE without a curves extension, and
843 // SSLv3 doesn't contain extensions.
844 return hasComponent(suiteName, "ECDHE") || isTLS12Only(suiteName)
845}
846
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]847func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]848 return hasComponent(suiteName, "GCM") ||
849 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]850 hasComponent(suiteName, "SHA384") ||
851 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]852}
853
854func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]855 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]856}
857
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]858func bigFromHex(hex string) *big.Int {
859 ret, ok := new(big.Int).SetString(hex, 16)
860 if !ok {
861 panic("failed to parse hex number 0x" + hex)
862 }
863 return ret
864}
865
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]866func addBasicTests() {
867 basicTests := []testCase{
868 {
869 name: "BadRSASignature",
870 config: Config{
871 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
872 Bugs: ProtocolBugs{
873 InvalidSKXSignature: true,
874 },
875 },
876 shouldFail: true,
877 expectedError: ":BAD_SIGNATURE:",
878 },
879 {
880 name: "BadECDSASignature",
881 config: Config{
882 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
883 Bugs: ProtocolBugs{
884 InvalidSKXSignature: true,
885 },
886 Certificates: []Certificate{getECDSACertificate()},
887 },
888 shouldFail: true,
889 expectedError: ":BAD_SIGNATURE:",
890 },
891 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]892 testType: serverTest,
893 name: "BadRSASignature-ClientAuth",
894 config: Config{
895 Bugs: ProtocolBugs{
896 InvalidCertVerifySignature: true,
897 },
898 Certificates: []Certificate{getRSACertificate()},
899 },
900 shouldFail: true,
901 expectedError: ":BAD_SIGNATURE:",
902 flags: []string{"-require-any-client-certificate"},
903 },
904 {
905 testType: serverTest,
906 name: "BadECDSASignature-ClientAuth",
907 config: Config{
908 Bugs: ProtocolBugs{
909 InvalidCertVerifySignature: true,
910 },
911 Certificates: []Certificate{getECDSACertificate()},
912 },
913 shouldFail: true,
914 expectedError: ":BAD_SIGNATURE:",
915 flags: []string{"-require-any-client-certificate"},
916 },
917 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]918 name: "BadECDSACurve",
919 config: Config{
920 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
921 Bugs: ProtocolBugs{
922 InvalidSKXCurve: true,
923 },
924 Certificates: []Certificate{getECDSACertificate()},
925 },
926 shouldFail: true,
927 expectedError: ":WRONG_CURVE:",
928 },
929 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]930 name: "NoFallbackSCSV",
931 config: Config{
932 Bugs: ProtocolBugs{
933 FailIfNotFallbackSCSV: true,
934 },
935 },
936 shouldFail: true,
937 expectedLocalError: "no fallback SCSV found",
938 },
939 {
940 name: "SendFallbackSCSV",
941 config: Config{
942 Bugs: ProtocolBugs{
943 FailIfNotFallbackSCSV: true,
944 },
945 },
946 flags: []string{"-fallback-scsv"},
947 },
948 {
949 name: "ClientCertificateTypes",
950 config: Config{
951 ClientAuth: RequestClientCert,
952 ClientCertificateTypes: []byte{
953 CertTypeDSSSign,
954 CertTypeRSASign,
955 CertTypeECDSASign,
956 },
957 },
958 flags: []string{
959 "-expect-certificate-types",
960 base64.StdEncoding.EncodeToString([]byte{
961 CertTypeDSSSign,
962 CertTypeRSASign,
963 CertTypeECDSASign,
964 }),
965 },
966 },
967 {
968 name: "NoClientCertificate",
969 config: Config{
970 ClientAuth: RequireAnyClientCert,
971 },
972 shouldFail: true,
973 expectedLocalError: "client didn't provide a certificate",
974 },
975 {
976 name: "UnauthenticatedECDH",
977 config: Config{
978 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
979 Bugs: ProtocolBugs{
980 UnauthenticatedECDH: true,
981 },
982 },
983 shouldFail: true,
984 expectedError: ":UNEXPECTED_MESSAGE:",
985 },
986 {
987 name: "SkipCertificateStatus",
988 config: Config{
989 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
990 Bugs: ProtocolBugs{
991 SkipCertificateStatus: true,
992 },
993 },
994 flags: []string{
995 "-enable-ocsp-stapling",
996 },
997 },
998 {
999 name: "SkipServerKeyExchange",
1000 config: Config{
1001 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1002 Bugs: ProtocolBugs{
1003 SkipServerKeyExchange: true,
1004 },
1005 },
1006 shouldFail: true,
1007 expectedError: ":UNEXPECTED_MESSAGE:",
1008 },
1009 {
1010 name: "SkipChangeCipherSpec-Client",
1011 config: Config{
1012 Bugs: ProtocolBugs{
1013 SkipChangeCipherSpec: true,
1014 },
1015 },
1016 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1017 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1018 },
1019 {
1020 testType: serverTest,
1021 name: "SkipChangeCipherSpec-Server",
1022 config: Config{
1023 Bugs: ProtocolBugs{
1024 SkipChangeCipherSpec: true,
1025 },
1026 },
1027 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1028 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1029 },
1030 {
1031 testType: serverTest,
1032 name: "SkipChangeCipherSpec-Server-NPN",
1033 config: Config{
1034 NextProtos: []string{"bar"},
1035 Bugs: ProtocolBugs{
1036 SkipChangeCipherSpec: true,
1037 },
1038 },
1039 flags: []string{
1040 "-advertise-npn", "\x03foo\x03bar\x03baz",
1041 },
1042 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1043 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1044 },
1045 {
1046 name: "FragmentAcrossChangeCipherSpec-Client",
1047 config: Config{
1048 Bugs: ProtocolBugs{
1049 FragmentAcrossChangeCipherSpec: true,
1050 },
1051 },
1052 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1053 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1054 },
1055 {
1056 testType: serverTest,
1057 name: "FragmentAcrossChangeCipherSpec-Server",
1058 config: Config{
1059 Bugs: ProtocolBugs{
1060 FragmentAcrossChangeCipherSpec: true,
1061 },
1062 },
1063 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1064 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1065 },
1066 {
1067 testType: serverTest,
1068 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1069 config: Config{
1070 NextProtos: []string{"bar"},
1071 Bugs: ProtocolBugs{
1072 FragmentAcrossChangeCipherSpec: true,
1073 },
1074 },
1075 flags: []string{
1076 "-advertise-npn", "\x03foo\x03bar\x03baz",
1077 },
1078 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1079 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1080 },
1081 {
1082 testType: serverTest,
1083 name: "Alert",
1084 config: Config{
1085 Bugs: ProtocolBugs{
1086 SendSpuriousAlert: alertRecordOverflow,
1087 },
1088 },
1089 shouldFail: true,
1090 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1091 },
1092 {
1093 protocol: dtls,
1094 testType: serverTest,
1095 name: "Alert-DTLS",
1096 config: Config{
1097 Bugs: ProtocolBugs{
1098 SendSpuriousAlert: alertRecordOverflow,
1099 },
1100 },
1101 shouldFail: true,
1102 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1103 },
1104 {
1105 testType: serverTest,
1106 name: "FragmentAlert",
1107 config: Config{
1108 Bugs: ProtocolBugs{
1109 FragmentAlert: true,
1110 SendSpuriousAlert: alertRecordOverflow,
1111 },
1112 },
1113 shouldFail: true,
1114 expectedError: ":BAD_ALERT:",
1115 },
1116 {
1117 protocol: dtls,
1118 testType: serverTest,
1119 name: "FragmentAlert-DTLS",
1120 config: Config{
1121 Bugs: ProtocolBugs{
1122 FragmentAlert: true,
1123 SendSpuriousAlert: alertRecordOverflow,
1124 },
1125 },
1126 shouldFail: true,
1127 expectedError: ":BAD_ALERT:",
1128 },
1129 {
1130 testType: serverTest,
1131 name: "EarlyChangeCipherSpec-server-1",
1132 config: Config{
1133 Bugs: ProtocolBugs{
1134 EarlyChangeCipherSpec: 1,
1135 },
1136 },
1137 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1138 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1139 },
1140 {
1141 testType: serverTest,
1142 name: "EarlyChangeCipherSpec-server-2",
1143 config: Config{
1144 Bugs: ProtocolBugs{
1145 EarlyChangeCipherSpec: 2,
1146 },
1147 },
1148 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1149 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1150 },
1151 {
1152 name: "SkipNewSessionTicket",
1153 config: Config{
1154 Bugs: ProtocolBugs{
1155 SkipNewSessionTicket: true,
1156 },
1157 },
1158 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1159 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1160 },
1161 {
1162 testType: serverTest,
1163 name: "FallbackSCSV",
1164 config: Config{
1165 MaxVersion: VersionTLS11,
1166 Bugs: ProtocolBugs{
1167 SendFallbackSCSV: true,
1168 },
1169 },
1170 shouldFail: true,
1171 expectedError: ":INAPPROPRIATE_FALLBACK:",
1172 },
1173 {
1174 testType: serverTest,
1175 name: "FallbackSCSV-VersionMatch",
1176 config: Config{
1177 Bugs: ProtocolBugs{
1178 SendFallbackSCSV: true,
1179 },
1180 },
1181 },
1182 {
1183 testType: serverTest,
1184 name: "FragmentedClientVersion",
1185 config: Config{
1186 Bugs: ProtocolBugs{
1187 MaxHandshakeRecordLength: 1,
1188 FragmentClientVersion: true,
1189 },
1190 },
1191 expectedVersion: VersionTLS12,
1192 },
1193 {
1194 testType: serverTest,
1195 name: "MinorVersionTolerance",
1196 config: Config{
1197 Bugs: ProtocolBugs{
1198 SendClientVersion: 0x03ff,
1199 },
1200 },
1201 expectedVersion: VersionTLS12,
1202 },
1203 {
1204 testType: serverTest,
1205 name: "MajorVersionTolerance",
1206 config: Config{
1207 Bugs: ProtocolBugs{
1208 SendClientVersion: 0x0400,
1209 },
1210 },
1211 expectedVersion: VersionTLS12,
1212 },
1213 {
1214 testType: serverTest,
1215 name: "VersionTooLow",
1216 config: Config{
1217 Bugs: ProtocolBugs{
1218 SendClientVersion: 0x0200,
1219 },
1220 },
1221 shouldFail: true,
1222 expectedError: ":UNSUPPORTED_PROTOCOL:",
1223 },
1224 {
1225 testType: serverTest,
1226 name: "HttpGET",
1227 sendPrefix: "GET / HTTP/1.0\n",
1228 shouldFail: true,
1229 expectedError: ":HTTP_REQUEST:",
1230 },
1231 {
1232 testType: serverTest,
1233 name: "HttpPOST",
1234 sendPrefix: "POST / HTTP/1.0\n",
1235 shouldFail: true,
1236 expectedError: ":HTTP_REQUEST:",
1237 },
1238 {
1239 testType: serverTest,
1240 name: "HttpHEAD",
1241 sendPrefix: "HEAD / HTTP/1.0\n",
1242 shouldFail: true,
1243 expectedError: ":HTTP_REQUEST:",
1244 },
1245 {
1246 testType: serverTest,
1247 name: "HttpPUT",
1248 sendPrefix: "PUT / HTTP/1.0\n",
1249 shouldFail: true,
1250 expectedError: ":HTTP_REQUEST:",
1251 },
1252 {
1253 testType: serverTest,
1254 name: "HttpCONNECT",
1255 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1256 shouldFail: true,
1257 expectedError: ":HTTPS_PROXY_REQUEST:",
1258 },
1259 {
1260 testType: serverTest,
1261 name: "Garbage",
1262 sendPrefix: "blah",
1263 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1264 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1265 },
1266 {
1267 name: "SkipCipherVersionCheck",
1268 config: Config{
1269 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1270 MaxVersion: VersionTLS11,
1271 Bugs: ProtocolBugs{
1272 SkipCipherVersionCheck: true,
1273 },
1274 },
1275 shouldFail: true,
1276 expectedError: ":WRONG_CIPHER_RETURNED:",
1277 },
1278 {
1279 name: "RSAEphemeralKey",
1280 config: Config{
1281 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1282 Bugs: ProtocolBugs{
1283 RSAEphemeralKey: true,
1284 },
1285 },
1286 shouldFail: true,
1287 expectedError: ":UNEXPECTED_MESSAGE:",
1288 },
1289 {
1290 name: "DisableEverything",
1291 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1292 shouldFail: true,
1293 expectedError: ":WRONG_SSL_VERSION:",
1294 },
1295 {
1296 protocol: dtls,
1297 name: "DisableEverything-DTLS",
1298 flags: []string{"-no-tls12", "-no-tls1"},
1299 shouldFail: true,
1300 expectedError: ":WRONG_SSL_VERSION:",
1301 },
1302 {
1303 name: "NoSharedCipher",
1304 config: Config{
1305 CipherSuites: []uint16{},
1306 },
1307 shouldFail: true,
1308 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1309 },
1310 {
1311 protocol: dtls,
1312 testType: serverTest,
1313 name: "MTU",
1314 config: Config{
1315 Bugs: ProtocolBugs{
1316 MaxPacketLength: 256,
1317 },
1318 },
1319 flags: []string{"-mtu", "256"},
1320 },
1321 {
1322 protocol: dtls,
1323 testType: serverTest,
1324 name: "MTUExceeded",
1325 config: Config{
1326 Bugs: ProtocolBugs{
1327 MaxPacketLength: 255,
1328 },
1329 },
1330 flags: []string{"-mtu", "256"},
1331 shouldFail: true,
1332 expectedLocalError: "dtls: exceeded maximum packet length",
1333 },
1334 {
1335 name: "CertMismatchRSA",
1336 config: Config{
1337 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1338 Certificates: []Certificate{getECDSACertificate()},
1339 Bugs: ProtocolBugs{
1340 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1341 },
1342 },
1343 shouldFail: true,
1344 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1345 },
1346 {
1347 name: "CertMismatchECDSA",
1348 config: Config{
1349 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1350 Certificates: []Certificate{getRSACertificate()},
1351 Bugs: ProtocolBugs{
1352 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1353 },
1354 },
1355 shouldFail: true,
1356 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1357 },
1358 {
1359 name: "EmptyCertificateList",
1360 config: Config{
1361 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1362 Bugs: ProtocolBugs{
1363 EmptyCertificateList: true,
1364 },
1365 },
1366 shouldFail: true,
1367 expectedError: ":DECODE_ERROR:",
1368 },
1369 {
1370 name: "TLSFatalBadPackets",
1371 damageFirstWrite: true,
1372 shouldFail: true,
1373 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1374 },
1375 {
1376 protocol: dtls,
1377 name: "DTLSIgnoreBadPackets",
1378 damageFirstWrite: true,
1379 },
1380 {
1381 protocol: dtls,
1382 name: "DTLSIgnoreBadPackets-Async",
1383 damageFirstWrite: true,
1384 flags: []string{"-async"},
1385 },
1386 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1387 name: "AppDataBeforeHandshake",
1388 config: Config{
1389 Bugs: ProtocolBugs{
1390 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1391 },
1392 },
1393 shouldFail: true,
1394 expectedError: ":UNEXPECTED_RECORD:",
1395 },
1396 {
1397 name: "AppDataBeforeHandshake-Empty",
1398 config: Config{
1399 Bugs: ProtocolBugs{
1400 AppDataBeforeHandshake: []byte{},
1401 },
1402 },
1403 shouldFail: true,
1404 expectedError: ":UNEXPECTED_RECORD:",
1405 },
1406 {
1407 protocol: dtls,
1408 name: "AppDataBeforeHandshake-DTLS",
1409 config: Config{
1410 Bugs: ProtocolBugs{
1411 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1412 },
1413 },
1414 shouldFail: true,
1415 expectedError: ":UNEXPECTED_RECORD:",
1416 },
1417 {
1418 protocol: dtls,
1419 name: "AppDataBeforeHandshake-DTLS-Empty",
1420 config: Config{
1421 Bugs: ProtocolBugs{
1422 AppDataBeforeHandshake: []byte{},
1423 },
1424 },
1425 shouldFail: true,
1426 expectedError: ":UNEXPECTED_RECORD:",
1427 },
1428 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1429 name: "AppDataAfterChangeCipherSpec",
1430 config: Config{
1431 Bugs: ProtocolBugs{
1432 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1433 },
1434 },
1435 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1436 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1437 },
1438 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1439 name: "AppDataAfterChangeCipherSpec-Empty",
1440 config: Config{
1441 Bugs: ProtocolBugs{
1442 AppDataAfterChangeCipherSpec: []byte{},
1443 },
1444 },
1445 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1446 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1447 },
1448 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1449 protocol: dtls,
1450 name: "AppDataAfterChangeCipherSpec-DTLS",
1451 config: Config{
1452 Bugs: ProtocolBugs{
1453 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1454 },
1455 },
1456 // BoringSSL's DTLS implementation will drop the out-of-order
1457 // application data.
1458 },
1459 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1460 protocol: dtls,
1461 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1462 config: Config{
1463 Bugs: ProtocolBugs{
1464 AppDataAfterChangeCipherSpec: []byte{},
1465 },
1466 },
1467 // BoringSSL's DTLS implementation will drop the out-of-order
1468 // application data.
1469 },
1470 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1471 name: "AlertAfterChangeCipherSpec",
1472 config: Config{
1473 Bugs: ProtocolBugs{
1474 AlertAfterChangeCipherSpec: alertRecordOverflow,
1475 },
1476 },
1477 shouldFail: true,
1478 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1479 },
1480 {
1481 protocol: dtls,
1482 name: "AlertAfterChangeCipherSpec-DTLS",
1483 config: Config{
1484 Bugs: ProtocolBugs{
1485 AlertAfterChangeCipherSpec: alertRecordOverflow,
1486 },
1487 },
1488 shouldFail: true,
1489 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1490 },
1491 {
1492 protocol: dtls,
1493 name: "ReorderHandshakeFragments-Small-DTLS",
1494 config: Config{
1495 Bugs: ProtocolBugs{
1496 ReorderHandshakeFragments: true,
1497 // Small enough that every handshake message is
1498 // fragmented.
1499 MaxHandshakeRecordLength: 2,
1500 },
1501 },
1502 },
1503 {
1504 protocol: dtls,
1505 name: "ReorderHandshakeFragments-Large-DTLS",
1506 config: Config{
1507 Bugs: ProtocolBugs{
1508 ReorderHandshakeFragments: true,
1509 // Large enough that no handshake message is
1510 // fragmented.
1511 MaxHandshakeRecordLength: 2048,
1512 },
1513 },
1514 },
1515 {
1516 protocol: dtls,
1517 name: "MixCompleteMessageWithFragments-DTLS",
1518 config: Config{
1519 Bugs: ProtocolBugs{
1520 ReorderHandshakeFragments: true,
1521 MixCompleteMessageWithFragments: true,
1522 MaxHandshakeRecordLength: 2,
1523 },
1524 },
1525 },
1526 {
1527 name: "SendInvalidRecordType",
1528 config: Config{
1529 Bugs: ProtocolBugs{
1530 SendInvalidRecordType: true,
1531 },
1532 },
1533 shouldFail: true,
1534 expectedError: ":UNEXPECTED_RECORD:",
1535 },
1536 {
1537 protocol: dtls,
1538 name: "SendInvalidRecordType-DTLS",
1539 config: Config{
1540 Bugs: ProtocolBugs{
1541 SendInvalidRecordType: true,
1542 },
1543 },
1544 shouldFail: true,
1545 expectedError: ":UNEXPECTED_RECORD:",
1546 },
1547 {
1548 name: "FalseStart-SkipServerSecondLeg",
1549 config: Config{
1550 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1551 NextProtos: []string{"foo"},
1552 Bugs: ProtocolBugs{
1553 SkipNewSessionTicket: true,
1554 SkipChangeCipherSpec: true,
1555 SkipFinished: true,
1556 ExpectFalseStart: true,
1557 },
1558 },
1559 flags: []string{
1560 "-false-start",
1561 "-handshake-never-done",
1562 "-advertise-alpn", "\x03foo",
1563 },
1564 shimWritesFirst: true,
1565 shouldFail: true,
1566 expectedError: ":UNEXPECTED_RECORD:",
1567 },
1568 {
1569 name: "FalseStart-SkipServerSecondLeg-Implicit",
1570 config: Config{
1571 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1572 NextProtos: []string{"foo"},
1573 Bugs: ProtocolBugs{
1574 SkipNewSessionTicket: true,
1575 SkipChangeCipherSpec: true,
1576 SkipFinished: true,
1577 },
1578 },
1579 flags: []string{
1580 "-implicit-handshake",
1581 "-false-start",
1582 "-handshake-never-done",
1583 "-advertise-alpn", "\x03foo",
1584 },
1585 shouldFail: true,
1586 expectedError: ":UNEXPECTED_RECORD:",
1587 },
1588 {
1589 testType: serverTest,
1590 name: "FailEarlyCallback",
1591 flags: []string{"-fail-early-callback"},
1592 shouldFail: true,
1593 expectedError: ":CONNECTION_REJECTED:",
1594 expectedLocalError: "remote error: access denied",
1595 },
1596 {
1597 name: "WrongMessageType",
1598 config: Config{
1599 Bugs: ProtocolBugs{
1600 WrongCertificateMessageType: true,
1601 },
1602 },
1603 shouldFail: true,
1604 expectedError: ":UNEXPECTED_MESSAGE:",
1605 expectedLocalError: "remote error: unexpected message",
1606 },
1607 {
1608 protocol: dtls,
1609 name: "WrongMessageType-DTLS",
1610 config: Config{
1611 Bugs: ProtocolBugs{
1612 WrongCertificateMessageType: true,
1613 },
1614 },
1615 shouldFail: true,
1616 expectedError: ":UNEXPECTED_MESSAGE:",
1617 expectedLocalError: "remote error: unexpected message",
1618 },
1619 {
1620 protocol: dtls,
1621 name: "FragmentMessageTypeMismatch-DTLS",
1622 config: Config{
1623 Bugs: ProtocolBugs{
1624 MaxHandshakeRecordLength: 2,
1625 FragmentMessageTypeMismatch: true,
1626 },
1627 },
1628 shouldFail: true,
1629 expectedError: ":FRAGMENT_MISMATCH:",
1630 },
1631 {
1632 protocol: dtls,
1633 name: "FragmentMessageLengthMismatch-DTLS",
1634 config: Config{
1635 Bugs: ProtocolBugs{
1636 MaxHandshakeRecordLength: 2,
1637 FragmentMessageLengthMismatch: true,
1638 },
1639 },
1640 shouldFail: true,
1641 expectedError: ":FRAGMENT_MISMATCH:",
1642 },
1643 {
1644 protocol: dtls,
1645 name: "SplitFragments-Header-DTLS",
1646 config: Config{
1647 Bugs: ProtocolBugs{
1648 SplitFragments: 2,
1649 },
1650 },
1651 shouldFail: true,
1652 expectedError: ":UNEXPECTED_MESSAGE:",
1653 },
1654 {
1655 protocol: dtls,
1656 name: "SplitFragments-Boundary-DTLS",
1657 config: Config{
1658 Bugs: ProtocolBugs{
1659 SplitFragments: dtlsRecordHeaderLen,
1660 },
1661 },
1662 shouldFail: true,
1663 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1664 },
1665 {
1666 protocol: dtls,
1667 name: "SplitFragments-Body-DTLS",
1668 config: Config{
1669 Bugs: ProtocolBugs{
1670 SplitFragments: dtlsRecordHeaderLen + 1,
1671 },
1672 },
1673 shouldFail: true,
1674 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1675 },
1676 {
1677 protocol: dtls,
1678 name: "SendEmptyFragments-DTLS",
1679 config: Config{
1680 Bugs: ProtocolBugs{
1681 SendEmptyFragments: true,
1682 },
1683 },
1684 },
1685 {
1686 name: "UnsupportedCipherSuite",
1687 config: Config{
1688 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1689 Bugs: ProtocolBugs{
1690 IgnorePeerCipherPreferences: true,
1691 },
1692 },
1693 flags: []string{"-cipher", "DEFAULT:!RC4"},
1694 shouldFail: true,
1695 expectedError: ":WRONG_CIPHER_RETURNED:",
1696 },
1697 {
1698 name: "UnsupportedCurve",
1699 config: Config{
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1700 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1701 CurvePreferences: []CurveID{CurveP256},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1702 Bugs: ProtocolBugs{
1703 IgnorePeerCurvePreferences: true,
1704 },
1705 },
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1706 flags: []string{"-p384-only"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1707 shouldFail: true,
1708 expectedError: ":WRONG_CURVE:",
1709 },
1710 {
1711 name: "BadFinished",
1712 config: Config{
1713 Bugs: ProtocolBugs{
1714 BadFinished: true,
1715 },
1716 },
1717 shouldFail: true,
1718 expectedError: ":DIGEST_CHECK_FAILED:",
1719 },
1720 {
1721 name: "FalseStart-BadFinished",
1722 config: Config{
1723 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1724 NextProtos: []string{"foo"},
1725 Bugs: ProtocolBugs{
1726 BadFinished: true,
1727 ExpectFalseStart: true,
1728 },
1729 },
1730 flags: []string{
1731 "-false-start",
1732 "-handshake-never-done",
1733 "-advertise-alpn", "\x03foo",
1734 },
1735 shimWritesFirst: true,
1736 shouldFail: true,
1737 expectedError: ":DIGEST_CHECK_FAILED:",
1738 },
1739 {
1740 name: "NoFalseStart-NoALPN",
1741 config: Config{
1742 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1743 Bugs: ProtocolBugs{
1744 ExpectFalseStart: true,
1745 AlertBeforeFalseStartTest: alertAccessDenied,
1746 },
1747 },
1748 flags: []string{
1749 "-false-start",
1750 },
1751 shimWritesFirst: true,
1752 shouldFail: true,
1753 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1754 expectedLocalError: "tls: peer did not false start: EOF",
1755 },
1756 {
1757 name: "NoFalseStart-NoAEAD",
1758 config: Config{
1759 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1760 NextProtos: []string{"foo"},
1761 Bugs: ProtocolBugs{
1762 ExpectFalseStart: true,
1763 AlertBeforeFalseStartTest: alertAccessDenied,
1764 },
1765 },
1766 flags: []string{
1767 "-false-start",
1768 "-advertise-alpn", "\x03foo",
1769 },
1770 shimWritesFirst: true,
1771 shouldFail: true,
1772 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1773 expectedLocalError: "tls: peer did not false start: EOF",
1774 },
1775 {
1776 name: "NoFalseStart-RSA",
1777 config: Config{
1778 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1779 NextProtos: []string{"foo"},
1780 Bugs: ProtocolBugs{
1781 ExpectFalseStart: true,
1782 AlertBeforeFalseStartTest: alertAccessDenied,
1783 },
1784 },
1785 flags: []string{
1786 "-false-start",
1787 "-advertise-alpn", "\x03foo",
1788 },
1789 shimWritesFirst: true,
1790 shouldFail: true,
1791 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1792 expectedLocalError: "tls: peer did not false start: EOF",
1793 },
1794 {
1795 name: "NoFalseStart-DHE_RSA",
1796 config: Config{
1797 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1798 NextProtos: []string{"foo"},
1799 Bugs: ProtocolBugs{
1800 ExpectFalseStart: true,
1801 AlertBeforeFalseStartTest: alertAccessDenied,
1802 },
1803 },
1804 flags: []string{
1805 "-false-start",
1806 "-advertise-alpn", "\x03foo",
1807 },
1808 shimWritesFirst: true,
1809 shouldFail: true,
1810 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1811 expectedLocalError: "tls: peer did not false start: EOF",
1812 },
1813 {
1814 testType: serverTest,
1815 name: "NoSupportedCurves",
1816 config: Config{
1817 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1818 Bugs: ProtocolBugs{
1819 NoSupportedCurves: true,
1820 },
1821 },
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]1822 shouldFail: true,
1823 expectedError: ":NO_SHARED_CIPHER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1824 },
1825 {
1826 testType: serverTest,
1827 name: "NoCommonCurves",
1828 config: Config{
1829 CipherSuites: []uint16{
1830 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1831 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1832 },
1833 CurvePreferences: []CurveID{CurveP224},
1834 },
1835 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1836 },
1837 {
1838 protocol: dtls,
1839 name: "SendSplitAlert-Sync",
1840 config: Config{
1841 Bugs: ProtocolBugs{
1842 SendSplitAlert: true,
1843 },
1844 },
1845 },
1846 {
1847 protocol: dtls,
1848 name: "SendSplitAlert-Async",
1849 config: Config{
1850 Bugs: ProtocolBugs{
1851 SendSplitAlert: true,
1852 },
1853 },
1854 flags: []string{"-async"},
1855 },
1856 {
1857 protocol: dtls,
1858 name: "PackDTLSHandshake",
1859 config: Config{
1860 Bugs: ProtocolBugs{
1861 MaxHandshakeRecordLength: 2,
1862 PackHandshakeFragments: 20,
1863 PackHandshakeRecords: 200,
1864 },
1865 },
1866 },
1867 {
1868 testType: serverTest,
1869 protocol: dtls,
1870 name: "NoRC4-DTLS",
1871 config: Config{
1872 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1873 Bugs: ProtocolBugs{
1874 EnableAllCiphersInDTLS: true,
1875 },
1876 },
1877 shouldFail: true,
1878 expectedError: ":NO_SHARED_CIPHER:",
1879 },
1880 {
1881 name: "SendEmptyRecords-Pass",
1882 sendEmptyRecords: 32,
1883 },
1884 {
1885 name: "SendEmptyRecords",
1886 sendEmptyRecords: 33,
1887 shouldFail: true,
1888 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1889 },
1890 {
1891 name: "SendEmptyRecords-Async",
1892 sendEmptyRecords: 33,
1893 flags: []string{"-async"},
1894 shouldFail: true,
1895 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1896 },
1897 {
1898 name: "SendWarningAlerts-Pass",
1899 sendWarningAlerts: 4,
1900 },
1901 {
1902 protocol: dtls,
1903 name: "SendWarningAlerts-DTLS-Pass",
1904 sendWarningAlerts: 4,
1905 },
1906 {
1907 name: "SendWarningAlerts",
1908 sendWarningAlerts: 5,
1909 shouldFail: true,
1910 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1911 },
1912 {
1913 name: "SendWarningAlerts-Async",
1914 sendWarningAlerts: 5,
1915 flags: []string{"-async"},
1916 shouldFail: true,
1917 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1918 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1919 {
1920 name: "EmptySessionID",
1921 config: Config{
1922 SessionTicketsDisabled: true,
1923 },
1924 noSessionCache: true,
1925 flags: []string{"-expect-no-session"},
1926 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1927 {
1928 name: "Unclean-Shutdown",
1929 config: Config{
1930 Bugs: ProtocolBugs{
1931 NoCloseNotify: true,
1932 ExpectCloseNotify: true,
1933 },
1934 },
1935 shimShutsDown: true,
1936 flags: []string{"-check-close-notify"},
1937 shouldFail: true,
1938 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1939 },
1940 {
1941 name: "Unclean-Shutdown-Ignored",
1942 config: Config{
1943 Bugs: ProtocolBugs{
1944 NoCloseNotify: true,
1945 },
1946 },
1947 shimShutsDown: true,
1948 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]1949 {
1950 name: "LargePlaintext",
1951 config: Config{
1952 Bugs: ProtocolBugs{
1953 SendLargeRecords: true,
1954 },
1955 },
1956 messageLen: maxPlaintext + 1,
1957 shouldFail: true,
1958 expectedError: ":DATA_LENGTH_TOO_LONG:",
1959 },
1960 {
1961 protocol: dtls,
1962 name: "LargePlaintext-DTLS",
1963 config: Config{
1964 Bugs: ProtocolBugs{
1965 SendLargeRecords: true,
1966 },
1967 },
1968 messageLen: maxPlaintext + 1,
1969 shouldFail: true,
1970 expectedError: ":DATA_LENGTH_TOO_LONG:",
1971 },
1972 {
1973 name: "LargeCiphertext",
1974 config: Config{
1975 Bugs: ProtocolBugs{
1976 SendLargeRecords: true,
1977 },
1978 },
1979 messageLen: maxPlaintext * 2,
1980 shouldFail: true,
1981 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
1982 },
1983 {
1984 protocol: dtls,
1985 name: "LargeCiphertext-DTLS",
1986 config: Config{
1987 Bugs: ProtocolBugs{
1988 SendLargeRecords: true,
1989 },
1990 },
1991 messageLen: maxPlaintext * 2,
1992 // Unlike the other four cases, DTLS drops records which
1993 // are invalid before authentication, so the connection
1994 // does not fail.
1995 expectMessageDropped: true,
1996 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]1997 {
1998 name: "SendEmptySessionTicket",
1999 config: Config{
2000 Bugs: ProtocolBugs{
2001 SendEmptySessionTicket: true,
2002 FailIfSessionOffered: true,
2003 },
2004 },
2005 flags: []string{"-expect-no-session"},
2006 resumeSession: true,
2007 expectResumeRejected: true,
2008 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]2009 {
2010 name: "CheckLeafCurve",
2011 config: Config{
2012 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2013 Certificates: []Certificate{getECDSACertificate()},
2014 },
2015 flags: []string{"-p384-only"},
2016 shouldFail: true,
2017 expectedError: ":BAD_ECC_CERT:",
2018 },
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2019 {
2020 name: "BadChangeCipherSpec-1",
2021 config: Config{
2022 Bugs: ProtocolBugs{
2023 BadChangeCipherSpec: []byte{2},
2024 },
2025 },
2026 shouldFail: true,
2027 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2028 },
2029 {
2030 name: "BadChangeCipherSpec-2",
2031 config: Config{
2032 Bugs: ProtocolBugs{
2033 BadChangeCipherSpec: []byte{1, 1},
2034 },
2035 },
2036 shouldFail: true,
2037 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2038 },
2039 {
2040 protocol: dtls,
2041 name: "BadChangeCipherSpec-DTLS-1",
2042 config: Config{
2043 Bugs: ProtocolBugs{
2044 BadChangeCipherSpec: []byte{2},
2045 },
2046 },
2047 shouldFail: true,
2048 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2049 },
2050 {
2051 protocol: dtls,
2052 name: "BadChangeCipherSpec-DTLS-2",
2053 config: Config{
2054 Bugs: ProtocolBugs{
2055 BadChangeCipherSpec: []byte{1, 1},
2056 },
2057 },
2058 shouldFail: true,
2059 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2060 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2061 {
2062 name: "BadHelloRequest-1",
2063 renegotiate: 1,
2064 config: Config{
2065 Bugs: ProtocolBugs{
2066 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2067 },
2068 },
2069 flags: []string{
2070 "-renegotiate-freely",
2071 "-expect-total-renegotiations", "1",
2072 },
2073 shouldFail: true,
2074 expectedError: ":BAD_HELLO_REQUEST:",
2075 },
2076 {
2077 name: "BadHelloRequest-2",
2078 renegotiate: 1,
2079 config: Config{
2080 Bugs: ProtocolBugs{
2081 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2082 },
2083 },
2084 flags: []string{
2085 "-renegotiate-freely",
2086 "-expect-total-renegotiations", "1",
2087 },
2088 shouldFail: true,
2089 expectedError: ":BAD_HELLO_REQUEST:",
2090 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame^]2091 {
2092 testType: serverTest,
2093 name: "SupportTicketsWithSessionID",
2094 config: Config{
2095 SessionTicketsDisabled: true,
2096 },
2097 resumeConfig: &Config{},
2098 resumeSession: true,
2099 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2100 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2101 testCases = append(testCases, basicTests...)
2102}
2103
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2104func addCipherSuiteTests() {
2105 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2106 const psk = "12345"
2107 const pskIdentity = "luggage combo"
2108
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2109 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2110 var certFile string
2111 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2112 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2113 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2114 certFile = ecdsaCertificateFile
2115 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2116 } else {
2117 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2118 certFile = rsaCertificateFile
2119 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2120 }
2121
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2122 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2123 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2124 flags = append(flags,
2125 "-psk", psk,
2126 "-psk-identity", pskIdentity)
2127 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2128 if hasComponent(suite.name, "NULL") {
2129 // NULL ciphers must be explicitly enabled.
2130 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2131 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2132
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2133 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]2134 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2135 continue
2136 }
2137
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2138 shouldFail := isTLSOnly(suite.name) && ver.version == VersionSSL30
2139
2140 expectedError := ""
2141 if shouldFail {
2142 expectedError = ":NO_SHARED_CIPHER:"
2143 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2144
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2145 testCases = append(testCases, testCase{
2146 testType: serverTest,
2147 name: ver.name + "-" + suite.name + "-server",
2148 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2149 MinVersion: ver.version,
2150 MaxVersion: ver.version,
2151 CipherSuites: []uint16{suite.id},
2152 Certificates: []Certificate{cert},
2153 PreSharedKey: []byte(psk),
2154 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2155 },
2156 certFile: certFile,
2157 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2158 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2159 resumeSession: true,
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2160 shouldFail: shouldFail,
2161 expectedError: expectedError,
2162 })
2163
2164 if shouldFail {
2165 continue
2166 }
2167
2168 testCases = append(testCases, testCase{
2169 testType: clientTest,
2170 name: ver.name + "-" + suite.name + "-client",
2171 config: Config{
2172 MinVersion: ver.version,
2173 MaxVersion: ver.version,
2174 CipherSuites: []uint16{suite.id},
2175 Certificates: []Certificate{cert},
2176 PreSharedKey: []byte(psk),
2177 PreSharedKeyIdentity: pskIdentity,
2178 },
2179 flags: flags,
2180 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2181 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2182
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2183 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2184 testCases = append(testCases, testCase{
2185 testType: clientTest,
2186 protocol: dtls,
2187 name: "D" + ver.name + "-" + suite.name + "-client",
2188 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2189 MinVersion: ver.version,
2190 MaxVersion: ver.version,
2191 CipherSuites: []uint16{suite.id},
2192 Certificates: []Certificate{cert},
2193 PreSharedKey: []byte(psk),
2194 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2195 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2196 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2197 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2198 })
2199 testCases = append(testCases, testCase{
2200 testType: serverTest,
2201 protocol: dtls,
2202 name: "D" + ver.name + "-" + suite.name + "-server",
2203 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2204 MinVersion: ver.version,
2205 MaxVersion: ver.version,
2206 CipherSuites: []uint16{suite.id},
2207 Certificates: []Certificate{cert},
2208 PreSharedKey: []byte(psk),
2209 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2210 },
2211 certFile: certFile,
2212 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2213 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2214 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2215 })
2216 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2217 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2218
2219 // Ensure both TLS and DTLS accept their maximum record sizes.
2220 testCases = append(testCases, testCase{
2221 name: suite.name + "-LargeRecord",
2222 config: Config{
2223 CipherSuites: []uint16{suite.id},
2224 Certificates: []Certificate{cert},
2225 PreSharedKey: []byte(psk),
2226 PreSharedKeyIdentity: pskIdentity,
2227 },
2228 flags: flags,
2229 messageLen: maxPlaintext,
2230 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2231 if isDTLSCipher(suite.name) {
2232 testCases = append(testCases, testCase{
2233 protocol: dtls,
2234 name: suite.name + "-LargeRecord-DTLS",
2235 config: Config{
2236 CipherSuites: []uint16{suite.id},
2237 Certificates: []Certificate{cert},
2238 PreSharedKey: []byte(psk),
2239 PreSharedKeyIdentity: pskIdentity,
2240 },
2241 flags: flags,
2242 messageLen: maxPlaintext,
2243 })
2244 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2245 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2246
2247 testCases = append(testCases, testCase{
2248 name: "WeakDH",
2249 config: Config{
2250 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2251 Bugs: ProtocolBugs{
2252 // This is a 1023-bit prime number, generated
2253 // with:
2254 // openssl gendh 1023 | openssl asn1parse -i
2255 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2256 },
2257 },
2258 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2259 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2260 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2261
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2262 testCases = append(testCases, testCase{
2263 name: "SillyDH",
2264 config: Config{
2265 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2266 Bugs: ProtocolBugs{
2267 // This is a 4097-bit prime number, generated
2268 // with:
2269 // openssl gendh 4097 | openssl asn1parse -i
2270 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2271 },
2272 },
2273 shouldFail: true,
2274 expectedError: ":DH_P_TOO_LONG:",
2275 })
2276
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2277 // This test ensures that Diffie-Hellman public values are padded with
2278 // zeros so that they're the same length as the prime. This is to avoid
2279 // hitting a bug in yaSSL.
2280 testCases = append(testCases, testCase{
2281 testType: serverTest,
2282 name: "DHPublicValuePadded",
2283 config: Config{
2284 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2285 Bugs: ProtocolBugs{
2286 RequireDHPublicValueLen: (1025 + 7) / 8,
2287 },
2288 },
2289 flags: []string{"-use-sparse-dh-prime"},
2290 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2291
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2292 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2293 // 1.1 specific cipher suite settings. A server is setup with the given
2294 // cipher lists and then a connection is made for each member of
2295 // expectations. The cipher suite that the server selects must match
2296 // the specified one.
2297 var versionSpecificCiphersTest = []struct {
2298 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2299 // expectations is a map from TLS version to cipher suite id.
2300 expectations map[uint16]uint16
2301 }{
2302 {
2303 // Test that the null case (where no version-specific ciphers are set)
2304 // works as expected.
2305 "RC4-SHA:AES128-SHA", // default ciphers
2306 "", // no ciphers specifically for TLS ≥ 1.0
2307 "", // no ciphers specifically for TLS ≥ 1.1
2308 map[uint16]uint16{
2309 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2310 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2311 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2312 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2313 },
2314 },
2315 {
2316 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2317 // cipher.
2318 "RC4-SHA:AES128-SHA", // default
2319 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2320 "", // no ciphers specifically for TLS ≥ 1.1
2321 map[uint16]uint16{
2322 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2323 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2324 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2325 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2326 },
2327 },
2328 {
2329 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2330 // cipher.
2331 "RC4-SHA:AES128-SHA", // default
2332 "", // no ciphers specifically for TLS ≥ 1.0
2333 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2334 map[uint16]uint16{
2335 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2336 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2337 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2338 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2339 },
2340 },
2341 {
2342 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2343 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2344 "RC4-SHA:AES128-SHA", // default
2345 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2346 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2347 map[uint16]uint16{
2348 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2349 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2350 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2351 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2352 },
2353 },
2354 }
2355
2356 for i, test := range versionSpecificCiphersTest {
2357 for version, expectedCipherSuite := range test.expectations {
2358 flags := []string{"-cipher", test.ciphersDefault}
2359 if len(test.ciphersTLS10) > 0 {
2360 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2361 }
2362 if len(test.ciphersTLS11) > 0 {
2363 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2364 }
2365
2366 testCases = append(testCases, testCase{
2367 testType: serverTest,
2368 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2369 config: Config{
2370 MaxVersion: version,
2371 MinVersion: version,
2372 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2373 },
2374 flags: flags,
2375 expectedCipher: expectedCipherSuite,
2376 })
2377 }
2378 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2379}
2380
2381func addBadECDSASignatureTests() {
2382 for badR := BadValue(1); badR < NumBadValues; badR++ {
2383 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2384 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2385 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2386 config: Config{
2387 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2388 Certificates: []Certificate{getECDSACertificate()},
2389 Bugs: ProtocolBugs{
2390 BadECDSAR: badR,
2391 BadECDSAS: badS,
2392 },
2393 },
2394 shouldFail: true,
2395 expectedError: "SIGNATURE",
2396 })
2397 }
2398 }
2399}
2400
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2401func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2402 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2403 name: "MaxCBCPadding",
2404 config: Config{
2405 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2406 Bugs: ProtocolBugs{
2407 MaxPadding: true,
2408 },
2409 },
2410 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2411 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2412 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2413 name: "BadCBCPadding",
2414 config: Config{
2415 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2416 Bugs: ProtocolBugs{
2417 PaddingFirstByteBad: true,
2418 },
2419 },
2420 shouldFail: true,
2421 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2422 })
2423 // OpenSSL previously had an issue where the first byte of padding in
2424 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2425 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2426 name: "BadCBCPadding255",
2427 config: Config{
2428 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2429 Bugs: ProtocolBugs{
2430 MaxPadding: true,
2431 PaddingFirstByteBadIf255: true,
2432 },
2433 },
2434 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2435 shouldFail: true,
2436 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2437 })
2438}
2439
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2440func addCBCSplittingTests() {
2441 testCases = append(testCases, testCase{
2442 name: "CBCRecordSplitting",
2443 config: Config{
2444 MaxVersion: VersionTLS10,
2445 MinVersion: VersionTLS10,
2446 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2447 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2448 messageLen: -1, // read until EOF
2449 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2450 flags: []string{
2451 "-async",
2452 "-write-different-record-sizes",
2453 "-cbc-record-splitting",
2454 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2455 })
2456 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2457 name: "CBCRecordSplittingPartialWrite",
2458 config: Config{
2459 MaxVersion: VersionTLS10,
2460 MinVersion: VersionTLS10,
2461 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2462 },
2463 messageLen: -1, // read until EOF
2464 flags: []string{
2465 "-async",
2466 "-write-different-record-sizes",
2467 "-cbc-record-splitting",
2468 "-partial-write",
2469 },
2470 })
2471}
2472
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2473func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2474 // Add a dummy cert pool to stress certificate authority parsing.
2475 // TODO(davidben): Add tests that those values parse out correctly.
2476 certPool := x509.NewCertPool()
2477 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2478 if err != nil {
2479 panic(err)
2480 }
2481 certPool.AddCert(cert)
2482
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2483 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2484 testCases = append(testCases, testCase{
2485 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2486 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2487 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2488 MinVersion: ver.version,
2489 MaxVersion: ver.version,
2490 ClientAuth: RequireAnyClientCert,
2491 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2492 },
2493 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2494 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2495 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2496 },
2497 })
2498 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2499 testType: serverTest,
2500 name: ver.name + "-Server-ClientAuth-RSA",
2501 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2502 MinVersion: ver.version,
2503 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2504 Certificates: []Certificate{rsaCertificate},
2505 },
2506 flags: []string{"-require-any-client-certificate"},
2507 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2508 if ver.version != VersionSSL30 {
2509 testCases = append(testCases, testCase{
2510 testType: serverTest,
2511 name: ver.name + "-Server-ClientAuth-ECDSA",
2512 config: Config{
2513 MinVersion: ver.version,
2514 MaxVersion: ver.version,
2515 Certificates: []Certificate{ecdsaCertificate},
2516 },
2517 flags: []string{"-require-any-client-certificate"},
2518 })
2519 testCases = append(testCases, testCase{
2520 testType: clientTest,
2521 name: ver.name + "-Client-ClientAuth-ECDSA",
2522 config: Config{
2523 MinVersion: ver.version,
2524 MaxVersion: ver.version,
2525 ClientAuth: RequireAnyClientCert,
2526 ClientCAs: certPool,
2527 },
2528 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2529 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2530 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2531 },
2532 })
2533 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2534 }
2535}
2536
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2537func addExtendedMasterSecretTests() {
2538 const expectEMSFlag = "-expect-extended-master-secret"
2539
2540 for _, with := range []bool{false, true} {
2541 prefix := "No"
2542 var flags []string
2543 if with {
2544 prefix = ""
2545 flags = []string{expectEMSFlag}
2546 }
2547
2548 for _, isClient := range []bool{false, true} {
2549 suffix := "-Server"
2550 testType := serverTest
2551 if isClient {
2552 suffix = "-Client"
2553 testType = clientTest
2554 }
2555
2556 for _, ver := range tlsVersions {
2557 test := testCase{
2558 testType: testType,
2559 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2560 config: Config{
2561 MinVersion: ver.version,
2562 MaxVersion: ver.version,
2563 Bugs: ProtocolBugs{
2564 NoExtendedMasterSecret: !with,
2565 RequireExtendedMasterSecret: with,
2566 },
2567 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2568 flags: flags,
2569 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2570 }
2571 if test.shouldFail {
2572 test.expectedLocalError = "extended master secret required but not supported by peer"
2573 }
2574 testCases = append(testCases, test)
2575 }
2576 }
2577 }
2578
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2579 for _, isClient := range []bool{false, true} {
2580 for _, supportedInFirstConnection := range []bool{false, true} {
2581 for _, supportedInResumeConnection := range []bool{false, true} {
2582 boolToWord := func(b bool) string {
2583 if b {
2584 return "Yes"
2585 }
2586 return "No"
2587 }
2588 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2589 if isClient {
2590 suffix += "Client"
2591 } else {
2592 suffix += "Server"
2593 }
2594
2595 supportedConfig := Config{
2596 Bugs: ProtocolBugs{
2597 RequireExtendedMasterSecret: true,
2598 },
2599 }
2600
2601 noSupportConfig := Config{
2602 Bugs: ProtocolBugs{
2603 NoExtendedMasterSecret: true,
2604 },
2605 }
2606
2607 test := testCase{
2608 name: "ExtendedMasterSecret-" + suffix,
2609 resumeSession: true,
2610 }
2611
2612 if !isClient {
2613 test.testType = serverTest
2614 }
2615
2616 if supportedInFirstConnection {
2617 test.config = supportedConfig
2618 } else {
2619 test.config = noSupportConfig
2620 }
2621
2622 if supportedInResumeConnection {
2623 test.resumeConfig = &supportedConfig
2624 } else {
2625 test.resumeConfig = &noSupportConfig
2626 }
2627
2628 switch suffix {
2629 case "YesToYes-Client", "YesToYes-Server":
2630 // When a session is resumed, it should
2631 // still be aware that its master
2632 // secret was generated via EMS and
2633 // thus it's safe to use tls-unique.
2634 test.flags = []string{expectEMSFlag}
2635 case "NoToYes-Server":
2636 // If an original connection did not
2637 // contain EMS, but a resumption
2638 // handshake does, then a server should
2639 // not resume the session.
2640 test.expectResumeRejected = true
2641 case "YesToNo-Server":
2642 // Resuming an EMS session without the
2643 // EMS extension should cause the
2644 // server to abort the connection.
2645 test.shouldFail = true
2646 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2647 case "NoToYes-Client":
2648 // A client should abort a connection
2649 // where the server resumed a non-EMS
2650 // session but echoed the EMS
2651 // extension.
2652 test.shouldFail = true
2653 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2654 case "YesToNo-Client":
2655 // A client should abort a connection
2656 // where the server didn't echo EMS
2657 // when the session used it.
2658 test.shouldFail = true
2659 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2660 }
2661
2662 testCases = append(testCases, test)
2663 }
2664 }
2665 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2666}
2667
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2668// Adds tests that try to cover the range of the handshake state machine, under
2669// various conditions. Some of these are redundant with other tests, but they
2670// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2671func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2672 var tests []testCase
2673
2674 // Basic handshake, with resumption. Client and server,
2675 // session ID and session ticket.
2676 tests = append(tests, testCase{
2677 name: "Basic-Client",
2678 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame^]2679 // Ensure session tickets are used, not session IDs.
2680 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2681 })
2682 tests = append(tests, testCase{
2683 name: "Basic-Client-RenewTicket",
2684 config: Config{
2685 Bugs: ProtocolBugs{
2686 RenewTicketOnResume: true,
2687 },
2688 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2689 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2690 resumeSession: true,
2691 })
2692 tests = append(tests, testCase{
2693 name: "Basic-Client-NoTicket",
2694 config: Config{
2695 SessionTicketsDisabled: true,
2696 },
2697 resumeSession: true,
2698 })
2699 tests = append(tests, testCase{
2700 name: "Basic-Client-Implicit",
2701 flags: []string{"-implicit-handshake"},
2702 resumeSession: true,
2703 })
2704 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame^]2705 testType: serverTest,
2706 name: "Basic-Server",
2707 config: Config{
2708 Bugs: ProtocolBugs{
2709 RequireSessionTickets: true,
2710 },
2711 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2712 resumeSession: true,
2713 })
2714 tests = append(tests, testCase{
2715 testType: serverTest,
2716 name: "Basic-Server-NoTickets",
2717 config: Config{
2718 SessionTicketsDisabled: true,
2719 },
2720 resumeSession: true,
2721 })
2722 tests = append(tests, testCase{
2723 testType: serverTest,
2724 name: "Basic-Server-Implicit",
2725 flags: []string{"-implicit-handshake"},
2726 resumeSession: true,
2727 })
2728 tests = append(tests, testCase{
2729 testType: serverTest,
2730 name: "Basic-Server-EarlyCallback",
2731 flags: []string{"-use-early-callback"},
2732 resumeSession: true,
2733 })
2734
2735 // TLS client auth.
2736 tests = append(tests, testCase{
2737 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2738 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2739 config: Config{
2740 ClientAuth: RequireAnyClientCert,
2741 },
2742 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2743 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2744 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2745 },
2746 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2747 tests = append(tests, testCase{
2748 testType: clientTest,
2749 name: "ClientAuth-ECDSA-Client",
2750 config: Config{
2751 ClientAuth: RequireAnyClientCert,
2752 },
2753 flags: []string{
2754 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2755 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2756 },
2757 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2758 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2759 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2760 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2761 testType: serverTest,
2762 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2763 config: Config{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2764 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2765 },
2766 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2767 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2768 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2769 },
2770 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2771 tests = append(tests, testCase{
2772 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2773 name: "Basic-Server-ECDHE-RSA",
2774 config: Config{
2775 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2776 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2777 flags: []string{
2778 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2779 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2780 },
2781 })
2782 tests = append(tests, testCase{
2783 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2784 name: "Basic-Server-ECDHE-ECDSA",
2785 config: Config{
2786 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2787 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2788 flags: []string{
2789 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2790 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2791 },
2792 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2793 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2794 tests = append(tests, testCase{
2795 testType: serverTest,
2796 name: "ClientAuth-Server",
2797 config: Config{
2798 Certificates: []Certificate{rsaCertificate},
2799 },
2800 flags: []string{"-require-any-client-certificate"},
2801 })
2802
2803 // No session ticket support; server doesn't send NewSessionTicket.
2804 tests = append(tests, testCase{
2805 name: "SessionTicketsDisabled-Client",
2806 config: Config{
2807 SessionTicketsDisabled: true,
2808 },
2809 })
2810 tests = append(tests, testCase{
2811 testType: serverTest,
2812 name: "SessionTicketsDisabled-Server",
2813 config: Config{
2814 SessionTicketsDisabled: true,
2815 },
2816 })
2817
2818 // Skip ServerKeyExchange in PSK key exchange if there's no
2819 // identity hint.
2820 tests = append(tests, testCase{
2821 name: "EmptyPSKHint-Client",
2822 config: Config{
2823 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2824 PreSharedKey: []byte("secret"),
2825 },
2826 flags: []string{"-psk", "secret"},
2827 })
2828 tests = append(tests, testCase{
2829 testType: serverTest,
2830 name: "EmptyPSKHint-Server",
2831 config: Config{
2832 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2833 PreSharedKey: []byte("secret"),
2834 },
2835 flags: []string{"-psk", "secret"},
2836 })
2837
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2838 tests = append(tests, testCase{
2839 testType: clientTest,
2840 name: "OCSPStapling-Client",
2841 flags: []string{
2842 "-enable-ocsp-stapling",
2843 "-expect-ocsp-response",
2844 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2845 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2846 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2847 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2848 })
2849
2850 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2851 testType: serverTest,
2852 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2853 expectedOCSPResponse: testOCSPResponse,
2854 flags: []string{
2855 "-ocsp-response",
2856 base64.StdEncoding.EncodeToString(testOCSPResponse),
2857 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2858 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2859 })
2860
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2861 tests = append(tests, testCase{
2862 testType: clientTest,
2863 name: "CertificateVerificationSucceed",
2864 flags: []string{
2865 "-verify-peer",
2866 },
2867 })
2868
2869 tests = append(tests, testCase{
2870 testType: clientTest,
2871 name: "CertificateVerificationFail",
2872 flags: []string{
2873 "-verify-fail",
2874 "-verify-peer",
2875 },
2876 shouldFail: true,
2877 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
2878 })
2879
2880 tests = append(tests, testCase{
2881 testType: clientTest,
2882 name: "CertificateVerificationSoftFail",
2883 flags: []string{
2884 "-verify-fail",
2885 "-expect-verify-result",
2886 },
2887 })
2888
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2889 if protocol == tls {
2890 tests = append(tests, testCase{
2891 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]2892 renegotiate: 1,
2893 flags: []string{
2894 "-renegotiate-freely",
2895 "-expect-total-renegotiations", "1",
2896 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2897 })
2898 // NPN on client and server; results in post-handshake message.
2899 tests = append(tests, testCase{
2900 name: "NPN-Client",
2901 config: Config{
2902 NextProtos: []string{"foo"},
2903 },
2904 flags: []string{"-select-next-proto", "foo"},
2905 expectedNextProto: "foo",
2906 expectedNextProtoType: npn,
2907 })
2908 tests = append(tests, testCase{
2909 testType: serverTest,
2910 name: "NPN-Server",
2911 config: Config{
2912 NextProtos: []string{"bar"},
2913 },
2914 flags: []string{
2915 "-advertise-npn", "\x03foo\x03bar\x03baz",
2916 "-expect-next-proto", "bar",
2917 },
2918 expectedNextProto: "bar",
2919 expectedNextProtoType: npn,
2920 })
2921
2922 // TODO(davidben): Add tests for when False Start doesn't trigger.
2923
2924 // Client does False Start and negotiates NPN.
2925 tests = append(tests, testCase{
2926 name: "FalseStart",
2927 config: Config{
2928 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2929 NextProtos: []string{"foo"},
2930 Bugs: ProtocolBugs{
2931 ExpectFalseStart: true,
2932 },
2933 },
2934 flags: []string{
2935 "-false-start",
2936 "-select-next-proto", "foo",
2937 },
2938 shimWritesFirst: true,
2939 resumeSession: true,
2940 })
2941
2942 // Client does False Start and negotiates ALPN.
2943 tests = append(tests, testCase{
2944 name: "FalseStart-ALPN",
2945 config: Config{
2946 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2947 NextProtos: []string{"foo"},
2948 Bugs: ProtocolBugs{
2949 ExpectFalseStart: true,
2950 },
2951 },
2952 flags: []string{
2953 "-false-start",
2954 "-advertise-alpn", "\x03foo",
2955 },
2956 shimWritesFirst: true,
2957 resumeSession: true,
2958 })
2959
2960 // Client does False Start but doesn't explicitly call
2961 // SSL_connect.
2962 tests = append(tests, testCase{
2963 name: "FalseStart-Implicit",
2964 config: Config{
2965 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2966 NextProtos: []string{"foo"},
2967 },
2968 flags: []string{
2969 "-implicit-handshake",
2970 "-false-start",
2971 "-advertise-alpn", "\x03foo",
2972 },
2973 })
2974
2975 // False Start without session tickets.
2976 tests = append(tests, testCase{
2977 name: "FalseStart-SessionTicketsDisabled",
2978 config: Config{
2979 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2980 NextProtos: []string{"foo"},
2981 SessionTicketsDisabled: true,
2982 Bugs: ProtocolBugs{
2983 ExpectFalseStart: true,
2984 },
2985 },
2986 flags: []string{
2987 "-false-start",
2988 "-select-next-proto", "foo",
2989 },
2990 shimWritesFirst: true,
2991 })
2992
2993 // Server parses a V2ClientHello.
2994 tests = append(tests, testCase{
2995 testType: serverTest,
2996 name: "SendV2ClientHello",
2997 config: Config{
2998 // Choose a cipher suite that does not involve
2999 // elliptic curves, so no extensions are
3000 // involved.
3001 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3002 Bugs: ProtocolBugs{
3003 SendV2ClientHello: true,
3004 },
3005 },
3006 })
3007
3008 // Client sends a Channel ID.
3009 tests = append(tests, testCase{
3010 name: "ChannelID-Client",
3011 config: Config{
3012 RequestChannelID: true,
3013 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3014 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3015 resumeSession: true,
3016 expectChannelID: true,
3017 })
3018
3019 // Server accepts a Channel ID.
3020 tests = append(tests, testCase{
3021 testType: serverTest,
3022 name: "ChannelID-Server",
3023 config: Config{
3024 ChannelID: channelIDKey,
3025 },
3026 flags: []string{
3027 "-expect-channel-id",
3028 base64.StdEncoding.EncodeToString(channelIDBytes),
3029 },
3030 resumeSession: true,
3031 expectChannelID: true,
3032 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3033
3034 // Bidirectional shutdown with the runner initiating.
3035 tests = append(tests, testCase{
3036 name: "Shutdown-Runner",
3037 config: Config{
3038 Bugs: ProtocolBugs{
3039 ExpectCloseNotify: true,
3040 },
3041 },
3042 flags: []string{"-check-close-notify"},
3043 })
3044
3045 // Bidirectional shutdown with the shim initiating. The runner,
3046 // in the meantime, sends garbage before the close_notify which
3047 // the shim must ignore.
3048 tests = append(tests, testCase{
3049 name: "Shutdown-Shim",
3050 config: Config{
3051 Bugs: ProtocolBugs{
3052 ExpectCloseNotify: true,
3053 },
3054 },
3055 shimShutsDown: true,
3056 sendEmptyRecords: 1,
3057 sendWarningAlerts: 1,
3058 flags: []string{"-check-close-notify"},
3059 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3060 } else {
3061 tests = append(tests, testCase{
3062 name: "SkipHelloVerifyRequest",
3063 config: Config{
3064 Bugs: ProtocolBugs{
3065 SkipHelloVerifyRequest: true,
3066 },
3067 },
3068 })
3069 }
3070
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3071 for _, test := range tests {
3072 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3073 if protocol == dtls {
3074 test.name += "-DTLS"
3075 }
3076 if async {
3077 test.name += "-Async"
3078 test.flags = append(test.flags, "-async")
3079 } else {
3080 test.name += "-Sync"
3081 }
3082 if splitHandshake {
3083 test.name += "-SplitHandshakeRecords"
3084 test.config.Bugs.MaxHandshakeRecordLength = 1
3085 if protocol == dtls {
3086 test.config.Bugs.MaxPacketLength = 256
3087 test.flags = append(test.flags, "-mtu", "256")
3088 }
3089 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3090 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3091 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3092}
3093
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3094func addDDoSCallbackTests() {
3095 // DDoS callback.
3096
3097 for _, resume := range []bool{false, true} {
3098 suffix := "Resume"
3099 if resume {
3100 suffix = "No" + suffix
3101 }
3102
3103 testCases = append(testCases, testCase{
3104 testType: serverTest,
3105 name: "Server-DDoS-OK-" + suffix,
3106 flags: []string{"-install-ddos-callback"},
3107 resumeSession: resume,
3108 })
3109
3110 failFlag := "-fail-ddos-callback"
3111 if resume {
3112 failFlag = "-fail-second-ddos-callback"
3113 }
3114 testCases = append(testCases, testCase{
3115 testType: serverTest,
3116 name: "Server-DDoS-Reject-" + suffix,
3117 flags: []string{"-install-ddos-callback", failFlag},
3118 resumeSession: resume,
3119 shouldFail: true,
3120 expectedError: ":CONNECTION_REJECTED:",
3121 })
3122 }
3123}
3124
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3125func addVersionNegotiationTests() {
3126 for i, shimVers := range tlsVersions {
3127 // Assemble flags to disable all newer versions on the shim.
3128 var flags []string
3129 for _, vers := range tlsVersions[i+1:] {
3130 flags = append(flags, vers.flag)
3131 }
3132
3133 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3134 protocols := []protocol{tls}
3135 if runnerVers.hasDTLS && shimVers.hasDTLS {
3136 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3137 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3138 for _, protocol := range protocols {
3139 expectedVersion := shimVers.version
3140 if runnerVers.version < shimVers.version {
3141 expectedVersion = runnerVers.version
3142 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3143
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3144 suffix := shimVers.name + "-" + runnerVers.name
3145 if protocol == dtls {
3146 suffix += "-DTLS"
3147 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3148
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3149 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3150
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3151 clientVers := shimVers.version
3152 if clientVers > VersionTLS10 {
3153 clientVers = VersionTLS10
3154 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3155 testCases = append(testCases, testCase{
3156 protocol: protocol,
3157 testType: clientTest,
3158 name: "VersionNegotiation-Client-" + suffix,
3159 config: Config{
3160 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3161 Bugs: ProtocolBugs{
3162 ExpectInitialRecordVersion: clientVers,
3163 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3164 },
3165 flags: flags,
3166 expectedVersion: expectedVersion,
3167 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3168 testCases = append(testCases, testCase{
3169 protocol: protocol,
3170 testType: clientTest,
3171 name: "VersionNegotiation-Client2-" + suffix,
3172 config: Config{
3173 MaxVersion: runnerVers.version,
3174 Bugs: ProtocolBugs{
3175 ExpectInitialRecordVersion: clientVers,
3176 },
3177 },
3178 flags: []string{"-max-version", shimVersFlag},
3179 expectedVersion: expectedVersion,
3180 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3181
3182 testCases = append(testCases, testCase{
3183 protocol: protocol,
3184 testType: serverTest,
3185 name: "VersionNegotiation-Server-" + suffix,
3186 config: Config{
3187 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3188 Bugs: ProtocolBugs{
3189 ExpectInitialRecordVersion: expectedVersion,
3190 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3191 },
3192 flags: flags,
3193 expectedVersion: expectedVersion,
3194 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3195 testCases = append(testCases, testCase{
3196 protocol: protocol,
3197 testType: serverTest,
3198 name: "VersionNegotiation-Server2-" + suffix,
3199 config: Config{
3200 MaxVersion: runnerVers.version,
3201 Bugs: ProtocolBugs{
3202 ExpectInitialRecordVersion: expectedVersion,
3203 },
3204 },
3205 flags: []string{"-max-version", shimVersFlag},
3206 expectedVersion: expectedVersion,
3207 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3208 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3209 }
3210 }
3211}
3212
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3213func addMinimumVersionTests() {
3214 for i, shimVers := range tlsVersions {
3215 // Assemble flags to disable all older versions on the shim.
3216 var flags []string
3217 for _, vers := range tlsVersions[:i] {
3218 flags = append(flags, vers.flag)
3219 }
3220
3221 for _, runnerVers := range tlsVersions {
3222 protocols := []protocol{tls}
3223 if runnerVers.hasDTLS && shimVers.hasDTLS {
3224 protocols = append(protocols, dtls)
3225 }
3226 for _, protocol := range protocols {
3227 suffix := shimVers.name + "-" + runnerVers.name
3228 if protocol == dtls {
3229 suffix += "-DTLS"
3230 }
3231 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3232
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3233 var expectedVersion uint16
3234 var shouldFail bool
3235 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3236 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3237 if runnerVers.version >= shimVers.version {
3238 expectedVersion = runnerVers.version
3239 } else {
3240 shouldFail = true
3241 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3242 if runnerVers.version > VersionSSL30 {
3243 expectedLocalError = "remote error: protocol version not supported"
3244 } else {
3245 expectedLocalError = "remote error: handshake failure"
3246 }
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3247 }
3248
3249 testCases = append(testCases, testCase{
3250 protocol: protocol,
3251 testType: clientTest,
3252 name: "MinimumVersion-Client-" + suffix,
3253 config: Config{
3254 MaxVersion: runnerVers.version,
3255 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3256 flags: flags,
3257 expectedVersion: expectedVersion,
3258 shouldFail: shouldFail,
3259 expectedError: expectedError,
3260 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3261 })
3262 testCases = append(testCases, testCase{
3263 protocol: protocol,
3264 testType: clientTest,
3265 name: "MinimumVersion-Client2-" + suffix,
3266 config: Config{
3267 MaxVersion: runnerVers.version,
3268 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3269 flags: []string{"-min-version", shimVersFlag},
3270 expectedVersion: expectedVersion,
3271 shouldFail: shouldFail,
3272 expectedError: expectedError,
3273 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3274 })
3275
3276 testCases = append(testCases, testCase{
3277 protocol: protocol,
3278 testType: serverTest,
3279 name: "MinimumVersion-Server-" + suffix,
3280 config: Config{
3281 MaxVersion: runnerVers.version,
3282 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3283 flags: flags,
3284 expectedVersion: expectedVersion,
3285 shouldFail: shouldFail,
3286 expectedError: expectedError,
3287 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3288 })
3289 testCases = append(testCases, testCase{
3290 protocol: protocol,
3291 testType: serverTest,
3292 name: "MinimumVersion-Server2-" + suffix,
3293 config: Config{
3294 MaxVersion: runnerVers.version,
3295 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3296 flags: []string{"-min-version", shimVersFlag},
3297 expectedVersion: expectedVersion,
3298 shouldFail: shouldFail,
3299 expectedError: expectedError,
3300 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3301 })
3302 }
3303 }
3304 }
3305}
3306
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3307func addExtensionTests() {
3308 testCases = append(testCases, testCase{
3309 testType: clientTest,
3310 name: "DuplicateExtensionClient",
3311 config: Config{
3312 Bugs: ProtocolBugs{
3313 DuplicateExtension: true,
3314 },
3315 },
3316 shouldFail: true,
3317 expectedLocalError: "remote error: error decoding message",
3318 })
3319 testCases = append(testCases, testCase{
3320 testType: serverTest,
3321 name: "DuplicateExtensionServer",
3322 config: Config{
3323 Bugs: ProtocolBugs{
3324 DuplicateExtension: true,
3325 },
3326 },
3327 shouldFail: true,
3328 expectedLocalError: "remote error: error decoding message",
3329 })
3330 testCases = append(testCases, testCase{
3331 testType: clientTest,
3332 name: "ServerNameExtensionClient",
3333 config: Config{
3334 Bugs: ProtocolBugs{
3335 ExpectServerName: "example.com",
3336 },
3337 },
3338 flags: []string{"-host-name", "example.com"},
3339 })
3340 testCases = append(testCases, testCase{
3341 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3342 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3343 config: Config{
3344 Bugs: ProtocolBugs{
3345 ExpectServerName: "mismatch.com",
3346 },
3347 },
3348 flags: []string{"-host-name", "example.com"},
3349 shouldFail: true,
3350 expectedLocalError: "tls: unexpected server name",
3351 })
3352 testCases = append(testCases, testCase{
3353 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3354 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3355 config: Config{
3356 Bugs: ProtocolBugs{
3357 ExpectServerName: "missing.com",
3358 },
3359 },
3360 shouldFail: true,
3361 expectedLocalError: "tls: unexpected server name",
3362 })
3363 testCases = append(testCases, testCase{
3364 testType: serverTest,
3365 name: "ServerNameExtensionServer",
3366 config: Config{
3367 ServerName: "example.com",
3368 },
3369 flags: []string{"-expect-server-name", "example.com"},
3370 resumeSession: true,
3371 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3372 testCases = append(testCases, testCase{
3373 testType: clientTest,
3374 name: "ALPNClient",
3375 config: Config{
3376 NextProtos: []string{"foo"},
3377 },
3378 flags: []string{
3379 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3380 "-expect-alpn", "foo",
3381 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3382 expectedNextProto: "foo",
3383 expectedNextProtoType: alpn,
3384 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3385 })
3386 testCases = append(testCases, testCase{
3387 testType: serverTest,
3388 name: "ALPNServer",
3389 config: Config{
3390 NextProtos: []string{"foo", "bar", "baz"},
3391 },
3392 flags: []string{
3393 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3394 "-select-alpn", "foo",
3395 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3396 expectedNextProto: "foo",
3397 expectedNextProtoType: alpn,
3398 resumeSession: true,
3399 })
3400 // Test that the server prefers ALPN over NPN.
3401 testCases = append(testCases, testCase{
3402 testType: serverTest,
3403 name: "ALPNServer-Preferred",
3404 config: Config{
3405 NextProtos: []string{"foo", "bar", "baz"},
3406 },
3407 flags: []string{
3408 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3409 "-select-alpn", "foo",
3410 "-advertise-npn", "\x03foo\x03bar\x03baz",
3411 },
3412 expectedNextProto: "foo",
3413 expectedNextProtoType: alpn,
3414 resumeSession: true,
3415 })
3416 testCases = append(testCases, testCase{
3417 testType: serverTest,
3418 name: "ALPNServer-Preferred-Swapped",
3419 config: Config{
3420 NextProtos: []string{"foo", "bar", "baz"},
3421 Bugs: ProtocolBugs{
3422 SwapNPNAndALPN: true,
3423 },
3424 },
3425 flags: []string{
3426 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3427 "-select-alpn", "foo",
3428 "-advertise-npn", "\x03foo\x03bar\x03baz",
3429 },
3430 expectedNextProto: "foo",
3431 expectedNextProtoType: alpn,
3432 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3433 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3434 var emptyString string
3435 testCases = append(testCases, testCase{
3436 testType: clientTest,
3437 name: "ALPNClient-EmptyProtocolName",
3438 config: Config{
3439 NextProtos: []string{""},
3440 Bugs: ProtocolBugs{
3441 // A server returning an empty ALPN protocol
3442 // should be rejected.
3443 ALPNProtocol: &emptyString,
3444 },
3445 },
3446 flags: []string{
3447 "-advertise-alpn", "\x03foo",
3448 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3449 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3450 expectedError: ":PARSE_TLSEXT:",
3451 })
3452 testCases = append(testCases, testCase{
3453 testType: serverTest,
3454 name: "ALPNServer-EmptyProtocolName",
3455 config: Config{
3456 // A ClientHello containing an empty ALPN protocol
3457 // should be rejected.
3458 NextProtos: []string{"foo", "", "baz"},
3459 },
3460 flags: []string{
3461 "-select-alpn", "foo",
3462 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3463 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3464 expectedError: ":PARSE_TLSEXT:",
3465 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3466 // Test that negotiating both NPN and ALPN is forbidden.
3467 testCases = append(testCases, testCase{
3468 name: "NegotiateALPNAndNPN",
3469 config: Config{
3470 NextProtos: []string{"foo", "bar", "baz"},
3471 Bugs: ProtocolBugs{
3472 NegotiateALPNAndNPN: true,
3473 },
3474 },
3475 flags: []string{
3476 "-advertise-alpn", "\x03foo",
3477 "-select-next-proto", "foo",
3478 },
3479 shouldFail: true,
3480 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3481 })
3482 testCases = append(testCases, testCase{
3483 name: "NegotiateALPNAndNPN-Swapped",
3484 config: Config{
3485 NextProtos: []string{"foo", "bar", "baz"},
3486 Bugs: ProtocolBugs{
3487 NegotiateALPNAndNPN: true,
3488 SwapNPNAndALPN: true,
3489 },
3490 },
3491 flags: []string{
3492 "-advertise-alpn", "\x03foo",
3493 "-select-next-proto", "foo",
3494 },
3495 shouldFail: true,
3496 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3497 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3498 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3499 testCases = append(testCases, testCase{
3500 name: "DisableNPN",
3501 config: Config{
3502 NextProtos: []string{"foo"},
3503 },
3504 flags: []string{
3505 "-select-next-proto", "foo",
3506 "-disable-npn",
3507 },
3508 expectNoNextProto: true,
3509 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3510 // Resume with a corrupt ticket.
3511 testCases = append(testCases, testCase{
3512 testType: serverTest,
3513 name: "CorruptTicket",
3514 config: Config{
3515 Bugs: ProtocolBugs{
3516 CorruptTicket: true,
3517 },
3518 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3519 resumeSession: true,
3520 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3521 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3522 // Test the ticket callback, with and without renewal.
3523 testCases = append(testCases, testCase{
3524 testType: serverTest,
3525 name: "TicketCallback",
3526 resumeSession: true,
3527 flags: []string{"-use-ticket-callback"},
3528 })
3529 testCases = append(testCases, testCase{
3530 testType: serverTest,
3531 name: "TicketCallback-Renew",
3532 config: Config{
3533 Bugs: ProtocolBugs{
3534 ExpectNewTicket: true,
3535 },
3536 },
3537 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3538 resumeSession: true,
3539 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3540 // Resume with an oversized session id.
3541 testCases = append(testCases, testCase{
3542 testType: serverTest,
3543 name: "OversizedSessionId",
3544 config: Config{
3545 Bugs: ProtocolBugs{
3546 OversizedSessionId: true,
3547 },
3548 },
3549 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3550 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3551 expectedError: ":DECODE_ERROR:",
3552 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3553 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3554 // are ignored.
3555 testCases = append(testCases, testCase{
3556 protocol: dtls,
3557 name: "SRTP-Client",
3558 config: Config{
3559 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3560 },
3561 flags: []string{
3562 "-srtp-profiles",
3563 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3564 },
3565 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3566 })
3567 testCases = append(testCases, testCase{
3568 protocol: dtls,
3569 testType: serverTest,
3570 name: "SRTP-Server",
3571 config: Config{
3572 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3573 },
3574 flags: []string{
3575 "-srtp-profiles",
3576 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3577 },
3578 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3579 })
3580 // Test that the MKI is ignored.
3581 testCases = append(testCases, testCase{
3582 protocol: dtls,
3583 testType: serverTest,
3584 name: "SRTP-Server-IgnoreMKI",
3585 config: Config{
3586 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3587 Bugs: ProtocolBugs{
3588 SRTPMasterKeyIdentifer: "bogus",
3589 },
3590 },
3591 flags: []string{
3592 "-srtp-profiles",
3593 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3594 },
3595 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3596 })
3597 // Test that SRTP isn't negotiated on the server if there were
3598 // no matching profiles.
3599 testCases = append(testCases, testCase{
3600 protocol: dtls,
3601 testType: serverTest,
3602 name: "SRTP-Server-NoMatch",
3603 config: Config{
3604 SRTPProtectionProfiles: []uint16{100, 101, 102},
3605 },
3606 flags: []string{
3607 "-srtp-profiles",
3608 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3609 },
3610 expectedSRTPProtectionProfile: 0,
3611 })
3612 // Test that the server returning an invalid SRTP profile is
3613 // flagged as an error by the client.
3614 testCases = append(testCases, testCase{
3615 protocol: dtls,
3616 name: "SRTP-Client-NoMatch",
3617 config: Config{
3618 Bugs: ProtocolBugs{
3619 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3620 },
3621 },
3622 flags: []string{
3623 "-srtp-profiles",
3624 "SRTP_AES128_CM_SHA1_80",
3625 },
3626 shouldFail: true,
3627 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3628 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3629 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3630 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3631 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3632 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3633 flags: []string{
3634 "-enable-signed-cert-timestamps",
3635 "-expect-signed-cert-timestamps",
3636 base64.StdEncoding.EncodeToString(testSCTList),
3637 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3638 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3639 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3640 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3641 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3642 testType: serverTest,
3643 flags: []string{
3644 "-signed-cert-timestamps",
3645 base64.StdEncoding.EncodeToString(testSCTList),
3646 },
3647 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3648 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3649 })
3650 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3651 testType: clientTest,
3652 name: "ClientHelloPadding",
3653 config: Config{
3654 Bugs: ProtocolBugs{
3655 RequireClientHelloSize: 512,
3656 },
3657 },
3658 // This hostname just needs to be long enough to push the
3659 // ClientHello into F5's danger zone between 256 and 511 bytes
3660 // long.
3661 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3662 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]3663
3664 // Extensions should not function in SSL 3.0.
3665 testCases = append(testCases, testCase{
3666 testType: serverTest,
3667 name: "SSLv3Extensions-NoALPN",
3668 config: Config{
3669 MaxVersion: VersionSSL30,
3670 NextProtos: []string{"foo", "bar", "baz"},
3671 },
3672 flags: []string{
3673 "-select-alpn", "foo",
3674 },
3675 expectNoNextProto: true,
3676 })
3677
3678 // Test session tickets separately as they follow a different codepath.
3679 testCases = append(testCases, testCase{
3680 testType: serverTest,
3681 name: "SSLv3Extensions-NoTickets",
3682 config: Config{
3683 MaxVersion: VersionSSL30,
3684 Bugs: ProtocolBugs{
3685 // Historically, session tickets in SSL 3.0
3686 // failed in different ways depending on whether
3687 // the client supported renegotiation_info.
3688 NoRenegotiationInfo: true,
3689 },
3690 },
3691 resumeSession: true,
3692 })
3693 testCases = append(testCases, testCase{
3694 testType: serverTest,
3695 name: "SSLv3Extensions-NoTickets2",
3696 config: Config{
3697 MaxVersion: VersionSSL30,
3698 },
3699 resumeSession: true,
3700 })
3701
3702 // But SSL 3.0 does send and process renegotiation_info.
3703 testCases = append(testCases, testCase{
3704 testType: serverTest,
3705 name: "SSLv3Extensions-RenegotiationInfo",
3706 config: Config{
3707 MaxVersion: VersionSSL30,
3708 Bugs: ProtocolBugs{
3709 RequireRenegotiationInfo: true,
3710 },
3711 },
3712 })
3713 testCases = append(testCases, testCase{
3714 testType: serverTest,
3715 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
3716 config: Config{
3717 MaxVersion: VersionSSL30,
3718 Bugs: ProtocolBugs{
3719 NoRenegotiationInfo: true,
3720 SendRenegotiationSCSV: true,
3721 RequireRenegotiationInfo: true,
3722 },
3723 },
3724 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3725}
3726
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3727func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3728 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3729 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3730 protocols := []protocol{tls}
3731 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3732 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3733 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3734 for _, protocol := range protocols {
3735 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3736 if protocol == dtls {
3737 suffix += "-DTLS"
3738 }
3739
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3740 if sessionVers.version == resumeVers.version {
3741 testCases = append(testCases, testCase{
3742 protocol: protocol,
3743 name: "Resume-Client" + suffix,
3744 resumeSession: true,
3745 config: Config{
3746 MaxVersion: sessionVers.version,
3747 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3748 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3749 expectedVersion: sessionVers.version,
3750 expectedResumeVersion: resumeVers.version,
3751 })
3752 } else {
3753 testCases = append(testCases, testCase{
3754 protocol: protocol,
3755 name: "Resume-Client-Mismatch" + suffix,
3756 resumeSession: true,
3757 config: Config{
3758 MaxVersion: sessionVers.version,
3759 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3760 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3761 expectedVersion: sessionVers.version,
3762 resumeConfig: &Config{
3763 MaxVersion: resumeVers.version,
3764 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3765 Bugs: ProtocolBugs{
3766 AllowSessionVersionMismatch: true,
3767 },
3768 },
3769 expectedResumeVersion: resumeVers.version,
3770 shouldFail: true,
3771 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3772 })
3773 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3774
3775 testCases = append(testCases, testCase{
3776 protocol: protocol,
3777 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3778 resumeSession: true,
3779 config: Config{
3780 MaxVersion: sessionVers.version,
3781 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3782 },
3783 expectedVersion: sessionVers.version,
3784 resumeConfig: &Config{
3785 MaxVersion: resumeVers.version,
3786 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3787 },
3788 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3789 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3790 expectedResumeVersion: resumeVers.version,
3791 })
3792
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3793 testCases = append(testCases, testCase{
3794 protocol: protocol,
3795 testType: serverTest,
3796 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3797 resumeSession: true,
3798 config: Config{
3799 MaxVersion: sessionVers.version,
3800 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3801 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3802 expectedVersion: sessionVers.version,
3803 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3804 resumeConfig: &Config{
3805 MaxVersion: resumeVers.version,
3806 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3807 },
3808 expectedResumeVersion: resumeVers.version,
3809 })
3810 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3811 }
3812 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3813
3814 testCases = append(testCases, testCase{
3815 name: "Resume-Client-CipherMismatch",
3816 resumeSession: true,
3817 config: Config{
3818 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3819 },
3820 resumeConfig: &Config{
3821 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3822 Bugs: ProtocolBugs{
3823 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3824 },
3825 },
3826 shouldFail: true,
3827 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3828 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3829}
3830
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3831func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3832 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3833 testCases = append(testCases, testCase{
3834 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3835 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3836 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3837 shouldFail: true,
3838 expectedError: ":NO_RENEGOTIATION:",
3839 expectedLocalError: "remote error: no renegotiation",
3840 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3841 // The server shouldn't echo the renegotiation extension unless
3842 // requested by the client.
3843 testCases = append(testCases, testCase{
3844 testType: serverTest,
3845 name: "Renegotiate-Server-NoExt",
3846 config: Config{
3847 Bugs: ProtocolBugs{
3848 NoRenegotiationInfo: true,
3849 RequireRenegotiationInfo: true,
3850 },
3851 },
3852 shouldFail: true,
3853 expectedLocalError: "renegotiation extension missing",
3854 })
3855 // The renegotiation SCSV should be sufficient for the server to echo
3856 // the extension.
3857 testCases = append(testCases, testCase{
3858 testType: serverTest,
3859 name: "Renegotiate-Server-NoExt-SCSV",
3860 config: Config{
3861 Bugs: ProtocolBugs{
3862 NoRenegotiationInfo: true,
3863 SendRenegotiationSCSV: true,
3864 RequireRenegotiationInfo: true,
3865 },
3866 },
3867 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3868 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3869 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3870 config: Config{
3871 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3872 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3873 },
3874 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3875 renegotiate: 1,
3876 flags: []string{
3877 "-renegotiate-freely",
3878 "-expect-total-renegotiations", "1",
3879 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3880 })
3881 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3882 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3883 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3884 config: Config{
3885 Bugs: ProtocolBugs{
3886 EmptyRenegotiationInfo: true,
3887 },
3888 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3889 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3890 shouldFail: true,
3891 expectedError: ":RENEGOTIATION_MISMATCH:",
3892 })
3893 testCases = append(testCases, testCase{
3894 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3895 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3896 config: Config{
3897 Bugs: ProtocolBugs{
3898 BadRenegotiationInfo: true,
3899 },
3900 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3901 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3902 shouldFail: true,
3903 expectedError: ":RENEGOTIATION_MISMATCH:",
3904 })
3905 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]3906 name: "Renegotiate-Client-Downgrade",
3907 renegotiate: 1,
3908 config: Config{
3909 Bugs: ProtocolBugs{
3910 NoRenegotiationInfoAfterInitial: true,
3911 },
3912 },
3913 flags: []string{"-renegotiate-freely"},
3914 shouldFail: true,
3915 expectedError: ":RENEGOTIATION_MISMATCH:",
3916 })
3917 testCases = append(testCases, testCase{
3918 name: "Renegotiate-Client-Upgrade",
3919 renegotiate: 1,
3920 config: Config{
3921 Bugs: ProtocolBugs{
3922 NoRenegotiationInfoInInitial: true,
3923 },
3924 },
3925 flags: []string{"-renegotiate-freely"},
3926 shouldFail: true,
3927 expectedError: ":RENEGOTIATION_MISMATCH:",
3928 })
3929 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3930 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3931 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3932 config: Config{
3933 Bugs: ProtocolBugs{
3934 NoRenegotiationInfo: true,
3935 },
3936 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3937 flags: []string{
3938 "-renegotiate-freely",
3939 "-expect-total-renegotiations", "1",
3940 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3941 })
3942 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3943 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3944 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3945 config: Config{
3946 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3947 },
3948 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3949 flags: []string{
3950 "-renegotiate-freely",
3951 "-expect-total-renegotiations", "1",
3952 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3953 })
3954 testCases = append(testCases, testCase{
3955 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3956 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3957 config: Config{
3958 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3959 },
3960 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3961 flags: []string{
3962 "-renegotiate-freely",
3963 "-expect-total-renegotiations", "1",
3964 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3965 })
3966 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3967 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3968 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3969 config: Config{
3970 MaxVersion: VersionTLS10,
3971 Bugs: ProtocolBugs{
3972 RequireSameRenegoClientVersion: true,
3973 },
3974 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3975 flags: []string{
3976 "-renegotiate-freely",
3977 "-expect-total-renegotiations", "1",
3978 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3979 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3980 testCases = append(testCases, testCase{
3981 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3982 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3983 config: Config{
3984 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3985 NextProtos: []string{"foo"},
3986 },
3987 flags: []string{
3988 "-false-start",
3989 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3990 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]3991 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3992 },
3993 shimWritesFirst: true,
3994 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3995
3996 // Client-side renegotiation controls.
3997 testCases = append(testCases, testCase{
3998 name: "Renegotiate-Client-Forbidden-1",
3999 renegotiate: 1,
4000 shouldFail: true,
4001 expectedError: ":NO_RENEGOTIATION:",
4002 expectedLocalError: "remote error: no renegotiation",
4003 })
4004 testCases = append(testCases, testCase{
4005 name: "Renegotiate-Client-Once-1",
4006 renegotiate: 1,
4007 flags: []string{
4008 "-renegotiate-once",
4009 "-expect-total-renegotiations", "1",
4010 },
4011 })
4012 testCases = append(testCases, testCase{
4013 name: "Renegotiate-Client-Freely-1",
4014 renegotiate: 1,
4015 flags: []string{
4016 "-renegotiate-freely",
4017 "-expect-total-renegotiations", "1",
4018 },
4019 })
4020 testCases = append(testCases, testCase{
4021 name: "Renegotiate-Client-Once-2",
4022 renegotiate: 2,
4023 flags: []string{"-renegotiate-once"},
4024 shouldFail: true,
4025 expectedError: ":NO_RENEGOTIATION:",
4026 expectedLocalError: "remote error: no renegotiation",
4027 })
4028 testCases = append(testCases, testCase{
4029 name: "Renegotiate-Client-Freely-2",
4030 renegotiate: 2,
4031 flags: []string{
4032 "-renegotiate-freely",
4033 "-expect-total-renegotiations", "2",
4034 },
4035 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4036 testCases = append(testCases, testCase{
4037 name: "Renegotiate-Client-NoIgnore",
4038 config: Config{
4039 Bugs: ProtocolBugs{
4040 SendHelloRequestBeforeEveryAppDataRecord: true,
4041 },
4042 },
4043 shouldFail: true,
4044 expectedError: ":NO_RENEGOTIATION:",
4045 })
4046 testCases = append(testCases, testCase{
4047 name: "Renegotiate-Client-Ignore",
4048 config: Config{
4049 Bugs: ProtocolBugs{
4050 SendHelloRequestBeforeEveryAppDataRecord: true,
4051 },
4052 },
4053 flags: []string{
4054 "-renegotiate-ignore",
4055 "-expect-total-renegotiations", "0",
4056 },
4057 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4058}
4059
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4060func addDTLSReplayTests() {
4061 // Test that sequence number replays are detected.
4062 testCases = append(testCases, testCase{
4063 protocol: dtls,
4064 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4065 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4066 replayWrites: true,
4067 })
4068
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4069 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4070 // than the retransmit window.
4071 testCases = append(testCases, testCase{
4072 protocol: dtls,
4073 name: "DTLS-Replay-LargeGaps",
4074 config: Config{
4075 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4076 SequenceNumberMapping: func(in uint64) uint64 {
4077 return in * 127
4078 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4079 },
4080 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4081 messageCount: 200,
4082 replayWrites: true,
4083 })
4084
4085 // Test the incoming sequence number changing non-monotonically.
4086 testCases = append(testCases, testCase{
4087 protocol: dtls,
4088 name: "DTLS-Replay-NonMonotonic",
4089 config: Config{
4090 Bugs: ProtocolBugs{
4091 SequenceNumberMapping: func(in uint64) uint64 {
4092 return in ^ 31
4093 },
4094 },
4095 },
4096 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4097 replayWrites: true,
4098 })
4099}
4100
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4101var testHashes = []struct {
4102 name string
4103 id uint8
4104}{
4105 {"SHA1", hashSHA1},
4106 {"SHA224", hashSHA224},
4107 {"SHA256", hashSHA256},
4108 {"SHA384", hashSHA384},
4109 {"SHA512", hashSHA512},
4110}
4111
4112func addSigningHashTests() {
4113 // Make sure each hash works. Include some fake hashes in the list and
4114 // ensure they're ignored.
4115 for _, hash := range testHashes {
4116 testCases = append(testCases, testCase{
4117 name: "SigningHash-ClientAuth-" + hash.name,
4118 config: Config{
4119 ClientAuth: RequireAnyClientCert,
4120 SignatureAndHashes: []signatureAndHash{
4121 {signatureRSA, 42},
4122 {signatureRSA, hash.id},
4123 {signatureRSA, 255},
4124 },
4125 },
4126 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4127 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4128 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4129 },
4130 })
4131
4132 testCases = append(testCases, testCase{
4133 testType: serverTest,
4134 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
4135 config: Config{
4136 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4137 SignatureAndHashes: []signatureAndHash{
4138 {signatureRSA, 42},
4139 {signatureRSA, hash.id},
4140 {signatureRSA, 255},
4141 },
4142 },
4143 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4144
4145 testCases = append(testCases, testCase{
4146 name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
4147 config: Config{
4148 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4149 SignatureAndHashes: []signatureAndHash{
4150 {signatureRSA, 42},
4151 {signatureRSA, hash.id},
4152 {signatureRSA, 255},
4153 },
4154 },
4155 flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
4156 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4157 }
4158
4159 // Test that hash resolution takes the signature type into account.
4160 testCases = append(testCases, testCase{
4161 name: "SigningHash-ClientAuth-SignatureType",
4162 config: Config{
4163 ClientAuth: RequireAnyClientCert,
4164 SignatureAndHashes: []signatureAndHash{
4165 {signatureECDSA, hashSHA512},
4166 {signatureRSA, hashSHA384},
4167 {signatureECDSA, hashSHA1},
4168 },
4169 },
4170 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4171 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4172 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4173 },
4174 })
4175
4176 testCases = append(testCases, testCase{
4177 testType: serverTest,
4178 name: "SigningHash-ServerKeyExchange-SignatureType",
4179 config: Config{
4180 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4181 SignatureAndHashes: []signatureAndHash{
4182 {signatureECDSA, hashSHA512},
4183 {signatureRSA, hashSHA384},
4184 {signatureECDSA, hashSHA1},
4185 },
4186 },
4187 })
4188
4189 // Test that, if the list is missing, the peer falls back to SHA-1.
4190 testCases = append(testCases, testCase{
4191 name: "SigningHash-ClientAuth-Fallback",
4192 config: Config{
4193 ClientAuth: RequireAnyClientCert,
4194 SignatureAndHashes: []signatureAndHash{
4195 {signatureRSA, hashSHA1},
4196 },
4197 Bugs: ProtocolBugs{
4198 NoSignatureAndHashes: true,
4199 },
4200 },
4201 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4202 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4203 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4204 },
4205 })
4206
4207 testCases = append(testCases, testCase{
4208 testType: serverTest,
4209 name: "SigningHash-ServerKeyExchange-Fallback",
4210 config: Config{
4211 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4212 SignatureAndHashes: []signatureAndHash{
4213 {signatureRSA, hashSHA1},
4214 },
4215 Bugs: ProtocolBugs{
4216 NoSignatureAndHashes: true,
4217 },
4218 },
4219 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4220
4221 // Test that hash preferences are enforced. BoringSSL defaults to
4222 // rejecting MD5 signatures.
4223 testCases = append(testCases, testCase{
4224 testType: serverTest,
4225 name: "SigningHash-ClientAuth-Enforced",
4226 config: Config{
4227 Certificates: []Certificate{rsaCertificate},
4228 SignatureAndHashes: []signatureAndHash{
4229 {signatureRSA, hashMD5},
4230 // Advertise SHA-1 so the handshake will
4231 // proceed, but the shim's preferences will be
4232 // ignored in CertificateVerify generation, so
4233 // MD5 will be chosen.
4234 {signatureRSA, hashSHA1},
4235 },
4236 Bugs: ProtocolBugs{
4237 IgnorePeerSignatureAlgorithmPreferences: true,
4238 },
4239 },
4240 flags: []string{"-require-any-client-certificate"},
4241 shouldFail: true,
4242 expectedError: ":WRONG_SIGNATURE_TYPE:",
4243 })
4244
4245 testCases = append(testCases, testCase{
4246 name: "SigningHash-ServerKeyExchange-Enforced",
4247 config: Config{
4248 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4249 SignatureAndHashes: []signatureAndHash{
4250 {signatureRSA, hashMD5},
4251 },
4252 Bugs: ProtocolBugs{
4253 IgnorePeerSignatureAlgorithmPreferences: true,
4254 },
4255 },
4256 shouldFail: true,
4257 expectedError: ":WRONG_SIGNATURE_TYPE:",
4258 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4259
4260 // Test that the agreed upon digest respects the client preferences and
4261 // the server digests.
4262 testCases = append(testCases, testCase{
4263 name: "Agree-Digest-Fallback",
4264 config: Config{
4265 ClientAuth: RequireAnyClientCert,
4266 SignatureAndHashes: []signatureAndHash{
4267 {signatureRSA, hashSHA512},
4268 {signatureRSA, hashSHA1},
4269 },
4270 },
4271 flags: []string{
4272 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4273 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4274 },
4275 digestPrefs: "SHA256",
4276 expectedClientCertSignatureHash: hashSHA1,
4277 })
4278 testCases = append(testCases, testCase{
4279 name: "Agree-Digest-SHA256",
4280 config: Config{
4281 ClientAuth: RequireAnyClientCert,
4282 SignatureAndHashes: []signatureAndHash{
4283 {signatureRSA, hashSHA1},
4284 {signatureRSA, hashSHA256},
4285 },
4286 },
4287 flags: []string{
4288 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4289 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4290 },
4291 digestPrefs: "SHA256,SHA1",
4292 expectedClientCertSignatureHash: hashSHA256,
4293 })
4294 testCases = append(testCases, testCase{
4295 name: "Agree-Digest-SHA1",
4296 config: Config{
4297 ClientAuth: RequireAnyClientCert,
4298 SignatureAndHashes: []signatureAndHash{
4299 {signatureRSA, hashSHA1},
4300 },
4301 },
4302 flags: []string{
4303 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4304 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4305 },
4306 digestPrefs: "SHA512,SHA256,SHA1",
4307 expectedClientCertSignatureHash: hashSHA1,
4308 })
4309 testCases = append(testCases, testCase{
4310 name: "Agree-Digest-Default",
4311 config: Config{
4312 ClientAuth: RequireAnyClientCert,
4313 SignatureAndHashes: []signatureAndHash{
4314 {signatureRSA, hashSHA256},
4315 {signatureECDSA, hashSHA256},
4316 {signatureRSA, hashSHA1},
4317 {signatureECDSA, hashSHA1},
4318 },
4319 },
4320 flags: []string{
4321 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4322 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4323 },
4324 expectedClientCertSignatureHash: hashSHA256,
4325 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4326}
4327
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4328// timeouts is the retransmit schedule for BoringSSL. It doubles and
4329// caps at 60 seconds. On the 13th timeout, it gives up.
4330var timeouts = []time.Duration{
4331 1 * time.Second,
4332 2 * time.Second,
4333 4 * time.Second,
4334 8 * time.Second,
4335 16 * time.Second,
4336 32 * time.Second,
4337 60 * time.Second,
4338 60 * time.Second,
4339 60 * time.Second,
4340 60 * time.Second,
4341 60 * time.Second,
4342 60 * time.Second,
4343 60 * time.Second,
4344}
4345
4346func addDTLSRetransmitTests() {
4347 // Test that this is indeed the timeout schedule. Stress all
4348 // four patterns of handshake.
4349 for i := 1; i < len(timeouts); i++ {
4350 number := strconv.Itoa(i)
4351 testCases = append(testCases, testCase{
4352 protocol: dtls,
4353 name: "DTLS-Retransmit-Client-" + number,
4354 config: Config{
4355 Bugs: ProtocolBugs{
4356 TimeoutSchedule: timeouts[:i],
4357 },
4358 },
4359 resumeSession: true,
4360 flags: []string{"-async"},
4361 })
4362 testCases = append(testCases, testCase{
4363 protocol: dtls,
4364 testType: serverTest,
4365 name: "DTLS-Retransmit-Server-" + number,
4366 config: Config{
4367 Bugs: ProtocolBugs{
4368 TimeoutSchedule: timeouts[:i],
4369 },
4370 },
4371 resumeSession: true,
4372 flags: []string{"-async"},
4373 })
4374 }
4375
4376 // Test that exceeding the timeout schedule hits a read
4377 // timeout.
4378 testCases = append(testCases, testCase{
4379 protocol: dtls,
4380 name: "DTLS-Retransmit-Timeout",
4381 config: Config{
4382 Bugs: ProtocolBugs{
4383 TimeoutSchedule: timeouts,
4384 },
4385 },
4386 resumeSession: true,
4387 flags: []string{"-async"},
4388 shouldFail: true,
4389 expectedError: ":READ_TIMEOUT_EXPIRED:",
4390 })
4391
4392 // Test that timeout handling has a fudge factor, due to API
4393 // problems.
4394 testCases = append(testCases, testCase{
4395 protocol: dtls,
4396 name: "DTLS-Retransmit-Fudge",
4397 config: Config{
4398 Bugs: ProtocolBugs{
4399 TimeoutSchedule: []time.Duration{
4400 timeouts[0] - 10*time.Millisecond,
4401 },
4402 },
4403 },
4404 resumeSession: true,
4405 flags: []string{"-async"},
4406 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]4407
4408 // Test that the final Finished retransmitting isn't
4409 // duplicated if the peer badly fragments everything.
4410 testCases = append(testCases, testCase{
4411 testType: serverTest,
4412 protocol: dtls,
4413 name: "DTLS-Retransmit-Fragmented",
4414 config: Config{
4415 Bugs: ProtocolBugs{
4416 TimeoutSchedule: []time.Duration{timeouts[0]},
4417 MaxHandshakeRecordLength: 2,
4418 },
4419 },
4420 flags: []string{"-async"},
4421 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4422}
4423
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4424func addExportKeyingMaterialTests() {
4425 for _, vers := range tlsVersions {
4426 if vers.version == VersionSSL30 {
4427 continue
4428 }
4429 testCases = append(testCases, testCase{
4430 name: "ExportKeyingMaterial-" + vers.name,
4431 config: Config{
4432 MaxVersion: vers.version,
4433 },
4434 exportKeyingMaterial: 1024,
4435 exportLabel: "label",
4436 exportContext: "context",
4437 useExportContext: true,
4438 })
4439 testCases = append(testCases, testCase{
4440 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4441 config: Config{
4442 MaxVersion: vers.version,
4443 },
4444 exportKeyingMaterial: 1024,
4445 })
4446 testCases = append(testCases, testCase{
4447 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4448 config: Config{
4449 MaxVersion: vers.version,
4450 },
4451 exportKeyingMaterial: 1024,
4452 useExportContext: true,
4453 })
4454 testCases = append(testCases, testCase{
4455 name: "ExportKeyingMaterial-Small-" + vers.name,
4456 config: Config{
4457 MaxVersion: vers.version,
4458 },
4459 exportKeyingMaterial: 1,
4460 exportLabel: "label",
4461 exportContext: "context",
4462 useExportContext: true,
4463 })
4464 }
4465 testCases = append(testCases, testCase{
4466 name: "ExportKeyingMaterial-SSL3",
4467 config: Config{
4468 MaxVersion: VersionSSL30,
4469 },
4470 exportKeyingMaterial: 1024,
4471 exportLabel: "label",
4472 exportContext: "context",
4473 useExportContext: true,
4474 shouldFail: true,
4475 expectedError: "failed to export keying material",
4476 })
4477}
4478
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4479func addTLSUniqueTests() {
4480 for _, isClient := range []bool{false, true} {
4481 for _, isResumption := range []bool{false, true} {
4482 for _, hasEMS := range []bool{false, true} {
4483 var suffix string
4484 if isResumption {
4485 suffix = "Resume-"
4486 } else {
4487 suffix = "Full-"
4488 }
4489
4490 if hasEMS {
4491 suffix += "EMS-"
4492 } else {
4493 suffix += "NoEMS-"
4494 }
4495
4496 if isClient {
4497 suffix += "Client"
4498 } else {
4499 suffix += "Server"
4500 }
4501
4502 test := testCase{
4503 name: "TLSUnique-" + suffix,
4504 testTLSUnique: true,
4505 config: Config{
4506 Bugs: ProtocolBugs{
4507 NoExtendedMasterSecret: !hasEMS,
4508 },
4509 },
4510 }
4511
4512 if isResumption {
4513 test.resumeSession = true
4514 test.resumeConfig = &Config{
4515 Bugs: ProtocolBugs{
4516 NoExtendedMasterSecret: !hasEMS,
4517 },
4518 }
4519 }
4520
4521 if isResumption && !hasEMS {
4522 test.shouldFail = true
4523 test.expectedError = "failed to get tls-unique"
4524 }
4525
4526 testCases = append(testCases, test)
4527 }
4528 }
4529 }
4530}
4531
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4532func addCustomExtensionTests() {
4533 expectedContents := "custom extension"
4534 emptyString := ""
4535
4536 for _, isClient := range []bool{false, true} {
4537 suffix := "Server"
4538 flag := "-enable-server-custom-extension"
4539 testType := serverTest
4540 if isClient {
4541 suffix = "Client"
4542 flag = "-enable-client-custom-extension"
4543 testType = clientTest
4544 }
4545
4546 testCases = append(testCases, testCase{
4547 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4548 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4549 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4550 Bugs: ProtocolBugs{
4551 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4552 ExpectedCustomExtension: &expectedContents,
4553 },
4554 },
4555 flags: []string{flag},
4556 })
4557
4558 // If the parse callback fails, the handshake should also fail.
4559 testCases = append(testCases, testCase{
4560 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4561 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4562 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4563 Bugs: ProtocolBugs{
4564 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4565 ExpectedCustomExtension: &expectedContents,
4566 },
4567 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4568 flags: []string{flag},
4569 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4570 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4571 })
4572
4573 // If the add callback fails, the handshake should also fail.
4574 testCases = append(testCases, testCase{
4575 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4576 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4577 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4578 Bugs: ProtocolBugs{
4579 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4580 ExpectedCustomExtension: &expectedContents,
4581 },
4582 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4583 flags: []string{flag, "-custom-extension-fail-add"},
4584 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4585 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4586 })
4587
4588 // If the add callback returns zero, no extension should be
4589 // added.
4590 skipCustomExtension := expectedContents
4591 if isClient {
4592 // For the case where the client skips sending the
4593 // custom extension, the server must not “echo” it.
4594 skipCustomExtension = ""
4595 }
4596 testCases = append(testCases, testCase{
4597 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4598 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4599 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4600 Bugs: ProtocolBugs{
4601 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4602 ExpectedCustomExtension: &emptyString,
4603 },
4604 },
4605 flags: []string{flag, "-custom-extension-skip"},
4606 })
4607 }
4608
4609 // The custom extension add callback should not be called if the client
4610 // doesn't send the extension.
4611 testCases = append(testCases, testCase{
4612 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4613 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4614 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4615 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4616 ExpectedCustomExtension: &emptyString,
4617 },
4618 },
4619 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
4620 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]4621
4622 // Test an unknown extension from the server.
4623 testCases = append(testCases, testCase{
4624 testType: clientTest,
4625 name: "UnknownExtension-Client",
4626 config: Config{
4627 Bugs: ProtocolBugs{
4628 CustomExtension: expectedContents,
4629 },
4630 },
4631 shouldFail: true,
4632 expectedError: ":UNEXPECTED_EXTENSION:",
4633 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4634}
4635
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4636func addRSAClientKeyExchangeTests() {
4637 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
4638 testCases = append(testCases, testCase{
4639 testType: serverTest,
4640 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
4641 config: Config{
4642 // Ensure the ClientHello version and final
4643 // version are different, to detect if the
4644 // server uses the wrong one.
4645 MaxVersion: VersionTLS11,
4646 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4647 Bugs: ProtocolBugs{
4648 BadRSAClientKeyExchange: bad,
4649 },
4650 },
4651 shouldFail: true,
4652 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
4653 })
4654 }
4655}
4656
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4657var testCurves = []struct {
4658 name string
4659 id CurveID
4660}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4661 {"P-256", CurveP256},
4662 {"P-384", CurveP384},
4663 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]4664 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4665}
4666
4667func addCurveTests() {
4668 for _, curve := range testCurves {
4669 testCases = append(testCases, testCase{
4670 name: "CurveTest-Client-" + curve.name,
4671 config: Config{
4672 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4673 CurvePreferences: []CurveID{curve.id},
4674 },
4675 flags: []string{"-enable-all-curves"},
4676 })
4677 testCases = append(testCases, testCase{
4678 testType: serverTest,
4679 name: "CurveTest-Server-" + curve.name,
4680 config: Config{
4681 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4682 CurvePreferences: []CurveID{curve.id},
4683 },
4684 flags: []string{"-enable-all-curves"},
4685 })
4686 }
4687}
4688
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]4689func addKeyExchangeInfoTests() {
4690 testCases = append(testCases, testCase{
4691 name: "KeyExchangeInfo-RSA-Client",
4692 config: Config{
4693 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4694 },
4695 // key.pem is a 1024-bit RSA key.
4696 flags: []string{"-expect-key-exchange-info", "1024"},
4697 })
4698 // TODO(davidben): key_exchange_info doesn't work for plain RSA on the
4699 // server. Either fix this or change the API as it's not very useful in
4700 // this case.
4701
4702 testCases = append(testCases, testCase{
4703 name: "KeyExchangeInfo-DHE-Client",
4704 config: Config{
4705 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
4706 Bugs: ProtocolBugs{
4707 // This is a 1234-bit prime number, generated
4708 // with:
4709 // openssl gendh 1234 | openssl asn1parse -i
4710 DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
4711 },
4712 },
4713 flags: []string{"-expect-key-exchange-info", "1234"},
4714 })
4715 testCases = append(testCases, testCase{
4716 testType: serverTest,
4717 name: "KeyExchangeInfo-DHE-Server",
4718 config: Config{
4719 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
4720 },
4721 // bssl_shim as a server configures a 2048-bit DHE group.
4722 flags: []string{"-expect-key-exchange-info", "2048"},
4723 })
4724
4725 testCases = append(testCases, testCase{
4726 name: "KeyExchangeInfo-ECDHE-Client",
4727 config: Config{
4728 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4729 CurvePreferences: []CurveID{CurveX25519},
4730 },
4731 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
4732 })
4733 testCases = append(testCases, testCase{
4734 testType: serverTest,
4735 name: "KeyExchangeInfo-ECDHE-Server",
4736 config: Config{
4737 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4738 CurvePreferences: []CurveID{CurveX25519},
4739 },
4740 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
4741 })
4742}
4743
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4744func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4745 defer wg.Done()
4746
4747 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4748 var err error
4749
4750 if *mallocTest < 0 {
4751 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4752 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4753 } else {
4754 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
4755 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4756 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4757 if err != nil {
4758 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
4759 }
4760 break
4761 }
4762 }
4763 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4764 statusChan <- statusMsg{test: test, err: err}
4765 }
4766}
4767
4768type statusMsg struct {
4769 test *testCase
4770 started bool
4771 err error
4772}
4773
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4774func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4775 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4776
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4777 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4778 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4779 if !*pipe {
4780 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]4781 var erase string
4782 for i := 0; i < lineLen; i++ {
4783 erase += "\b \b"
4784 }
4785 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4786 }
4787
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4788 if msg.started {
4789 started++
4790 } else {
4791 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4792
4793 if msg.err != nil {
4794 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4795 failed++
4796 testOutput.addResult(msg.test.name, "FAIL")
4797 } else {
4798 if *pipe {
4799 // Print each test instead of a status line.
4800 fmt.Printf("PASSED (%s)\n", msg.test.name)
4801 }
4802 testOutput.addResult(msg.test.name, "PASS")
4803 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4804 }
4805
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4806 if !*pipe {
4807 // Print a new status line.
4808 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4809 lineLen = len(line)
4810 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4811 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4812 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4813
4814 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4815}
4816
4817func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4818 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4819 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4820
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4821 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4822 addCipherSuiteTests()
4823 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4824 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4825 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4826 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4827 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4828 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4829 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4830 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4831 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4832 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4833 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4834 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4835 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4836 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4837 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4838 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4839 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4840 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4841 addCurveTests()
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]4842 addKeyExchangeInfoTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4843 for _, async := range []bool{false, true} {
4844 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4845 for _, protocol := range []protocol{tls, dtls} {
4846 addStateMachineCoverageTests(async, splitHandshake, protocol)
4847 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4848 }
4849 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4850
4851 var wg sync.WaitGroup
4852
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4853 statusChan := make(chan statusMsg, *numWorkers)
4854 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4855 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4856
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4857 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4858
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4859 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4860 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4861 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4862 }
4863
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4864 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4865 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4866 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4867 }
4868 }
4869
4870 close(testChan)
4871 wg.Wait()
4872 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4873 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4874
4875 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4876
4877 if *jsonOutput != "" {
4878 if err := testOutput.writeTo(*jsonOutput); err != nil {
4879 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4880 }
4881 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4882
4883 if !testOutput.allPassed {
4884 os.Exit(1)
4885 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4886}