Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 3cd8196f14d8fd762f06ce2e20a23cd912eb06f2 / . / ssl / test / runner / runner.go
blob: b74f66bb029800c60e8e402693962b667746bec9 [file] [log] [blame]
Adam Langleydc7e9c42015-09-29 15:21:04 -0700[diff] [blame]1package runner
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2
3import (
4 "bytes"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]5 "crypto/ecdsa"
6 "crypto/elliptic"
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]7 "crypto/x509"
David Benjamin2561dc32014-08-24 01:25:27 -0400[diff] [blame]8 "encoding/base64"
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]9 "encoding/pem"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]10 "flag"
11 "fmt"
12 "io"
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]13 "io/ioutil"
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]14 "math/big"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 "net"
16 "os"
17 "os/exec"
David Benjamin884fdf12014-08-02 15:28:23 -0400[diff] [blame]18 "path"
David Benjamin2bc8e6f2014-08-02 15:22:37 -0400[diff] [blame]19 "runtime"
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]20 "strconv"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]21 "strings"
22 "sync"
23 "syscall"
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]24 "time"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]25)
26
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]27var (
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]28 useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind")
29 useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb")
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]30 useLLDB = flag.Bool("lldb", false, "If true, run BoringSSL code under lldb")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]31 flagDebug = flag.Bool("debug", false, "Hexdump the contents of the connection")
32 mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.")
33 mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask bssl_shim to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.")
34 jsonOutput = flag.String("json-output", "", "The file to output JSON results to.")
35 pipe = flag.Bool("pipe", false, "If true, print status output suitable for piping into another program.")
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]36 testToRun = flag.String("test", "", "The name of a test to run, or empty to run all tests")
37 numWorkers = flag.Int("num-workers", runtime.NumCPU(), "The number of workers to run in parallel.")
38 shimPath = flag.String("shim-path", "../../../build/ssl/test/bssl_shim", "The location of the shim binary.")
39 resourceDir = flag.String("resource-dir", ".", "The directory in which to find certificate and key files.")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]40)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]41
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]42const (
43 rsaCertificateFile = "cert.pem"
44 ecdsaCertificateFile = "ecdsa_cert.pem"
45)
46
47const (
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]48 rsaKeyFile = "key.pem"
49 ecdsaKeyFile = "ecdsa_key.pem"
50 channelIDKeyFile = "channel_id_key.pem"
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]51)
52
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]53var rsaCertificate, ecdsaCertificate Certificate
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]54var channelIDKey *ecdsa.PrivateKey
55var channelIDBytes []byte
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]56
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]57var testOCSPResponse = []byte{1, 2, 3, 4}
58var testSCTList = []byte{5, 6, 7, 8}
59
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]60func initCertificates() {
61 var err error
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]62 rsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, rsaCertificateFile), path.Join(*resourceDir, rsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]63 if err != nil {
64 panic(err)
65 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]66 rsaCertificate.OCSPStaple = testOCSPResponse
67 rsaCertificate.SignedCertificateTimestampList = testSCTList
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]68
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]69 ecdsaCertificate, err = LoadX509KeyPair(path.Join(*resourceDir, ecdsaCertificateFile), path.Join(*resourceDir, ecdsaKeyFile))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]70 if err != nil {
71 panic(err)
72 }
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]73 ecdsaCertificate.OCSPStaple = testOCSPResponse
74 ecdsaCertificate.SignedCertificateTimestampList = testSCTList
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]75
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]76 channelIDPEMBlock, err := ioutil.ReadFile(path.Join(*resourceDir, channelIDKeyFile))
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]77 if err != nil {
78 panic(err)
79 }
80 channelIDDERBlock, _ := pem.Decode(channelIDPEMBlock)
81 if channelIDDERBlock.Type != "EC PRIVATE KEY" {
82 panic("bad key type")
83 }
84 channelIDKey, err = x509.ParseECPrivateKey(channelIDDERBlock.Bytes)
85 if err != nil {
86 panic(err)
87 }
88 if channelIDKey.Curve != elliptic.P256() {
89 panic("bad curve")
90 }
91
92 channelIDBytes = make([]byte, 64)
93 writeIntPadded(channelIDBytes[:32], channelIDKey.X)
94 writeIntPadded(channelIDBytes[32:], channelIDKey.Y)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]95}
96
97var certificateOnce sync.Once
98
99func getRSACertificate() Certificate {
100 certificateOnce.Do(initCertificates)
101 return rsaCertificate
102}
103
104func getECDSACertificate() Certificate {
105 certificateOnce.Do(initCertificates)
106 return ecdsaCertificate
107}
108
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]109type testType int
110
111const (
112 clientTest testType = iota
113 serverTest
114)
115
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]116type protocol int
117
118const (
119 tls protocol = iota
120 dtls
121)
122
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]123const (
124 alpn = 1
125 npn = 2
126)
127
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]128type testCase struct {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]129 testType testType
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]130 protocol protocol
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]131 name string
132 config Config
133 shouldFail bool
134 expectedError string
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]135 // expectedLocalError, if not empty, contains a substring that must be
136 // found in the local error.
137 expectedLocalError string
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]138 // expectedVersion, if non-zero, specifies the TLS version that must be
139 // negotiated.
140 expectedVersion uint16
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]141 // expectedResumeVersion, if non-zero, specifies the TLS version that
142 // must be negotiated on resumption. If zero, expectedVersion is used.
143 expectedResumeVersion uint16
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]144 // expectedCipher, if non-zero, specifies the TLS cipher suite that
145 // should be negotiated.
146 expectedCipher uint16
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]147 // expectChannelID controls whether the connection should have
148 // negotiated a Channel ID with channelIDKey.
149 expectChannelID bool
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]150 // expectedNextProto controls whether the connection should
151 // negotiate a next protocol via NPN or ALPN.
152 expectedNextProto string
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]153 // expectNoNextProto, if true, means that no next protocol should be
154 // negotiated.
155 expectNoNextProto bool
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]156 // expectedNextProtoType, if non-zero, is the expected next
157 // protocol negotiation mechanism.
158 expectedNextProtoType int
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]159 // expectedSRTPProtectionProfile is the DTLS-SRTP profile that
160 // should be negotiated. If zero, none should be negotiated.
161 expectedSRTPProtectionProfile uint16
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]162 // expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
163 expectedOCSPResponse []uint8
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]164 // expectedSCTList, if not nil, is the expected SCT list to be received.
165 expectedSCTList []uint8
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]166 // expectedClientCertSignatureHash, if not zero, is the TLS id of the
167 // hash function that the client should have used when signing the
168 // handshake with a client certificate.
169 expectedClientCertSignatureHash uint8
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]170 // messageLen is the length, in bytes, of the test message that will be
171 // sent.
172 messageLen int
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]173 // messageCount is the number of test messages that will be sent.
174 messageCount int
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]175 // digestPrefs is the list of digest preferences from the client.
176 digestPrefs string
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]177 // certFile is the path to the certificate to use for the server.
178 certFile string
179 // keyFile is the path to the private key to use for the server.
180 keyFile string
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]181 // resumeSession controls whether a second connection should be tested
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]182 // which attempts to resume the first session.
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]183 resumeSession bool
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]184 // expectResumeRejected, if true, specifies that the attempted
185 // resumption must be rejected by the client. This is only valid for a
186 // serverTest.
187 expectResumeRejected bool
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]188 // resumeConfig, if not nil, points to a Config to be used on
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]189 // resumption. Unless newSessionsOnResume is set,
190 // SessionTicketKey, ServerSessionCache, and
191 // ClientSessionCache are copied from the initial connection's
192 // config. If nil, the initial connection's config is used.
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]193 resumeConfig *Config
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]194 // newSessionsOnResume, if true, will cause resumeConfig to
195 // use a different session resumption context.
196 newSessionsOnResume bool
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]197 // noSessionCache, if true, will cause the server to run without a
198 // session cache.
199 noSessionCache bool
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]200 // sendPrefix sends a prefix on the socket before actually performing a
201 // handshake.
202 sendPrefix string
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]203 // shimWritesFirst controls whether the shim sends an initial "hello"
204 // message before doing a roundtrip with the runner.
205 shimWritesFirst bool
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]206 // shimShutsDown, if true, runs a test where the shim shuts down the
207 // connection immediately after the handshake rather than echoing
208 // messages from the runner.
209 shimShutsDown bool
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]210 // renegotiate indicates the number of times the connection should be
211 // renegotiated during the exchange.
212 renegotiate int
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]213 // renegotiateCiphers is a list of ciphersuite ids that will be
214 // switched in just before renegotiation.
215 renegotiateCiphers []uint16
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]216 // replayWrites, if true, configures the underlying transport
217 // to replay every write it makes in DTLS tests.
218 replayWrites bool
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]219 // damageFirstWrite, if true, configures the underlying transport to
220 // damage the final byte of the first application data write.
221 damageFirstWrite bool
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]222 // exportKeyingMaterial, if non-zero, configures the test to exchange
223 // keying material and verify they match.
224 exportKeyingMaterial int
225 exportLabel string
226 exportContext string
227 useExportContext bool
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]228 // flags, if not empty, contains a list of command-line flags that will
229 // be passed to the shim program.
230 flags []string
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]231 // testTLSUnique, if true, causes the shim to send the tls-unique value
232 // which will be compared against the expected value.
233 testTLSUnique bool
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]234 // sendEmptyRecords is the number of consecutive empty records to send
235 // before and after the test message.
236 sendEmptyRecords int
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]237 // sendWarningAlerts is the number of consecutive warning alerts to send
238 // before and after the test message.
239 sendWarningAlerts int
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]240 // expectMessageDropped, if true, means the test message is expected to
241 // be dropped by the client rather than echoed back.
242 expectMessageDropped bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]243}
244
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]245var testCases []testCase
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]246
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]247func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool) error {
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]248 var connDamage *damageAdaptor
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]249
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]250 if test.protocol == dtls {
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]251 config.Bugs.PacketAdaptor = newPacketAdaptor(conn)
252 conn = config.Bugs.PacketAdaptor
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]253 }
254
255 if *flagDebug {
256 local, peer := "client", "server"
257 if test.testType == clientTest {
258 local, peer = peer, local
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]259 }
David Benjaminebda9b32015-11-02 15:33:18 -0500[diff] [blame]260 connDebug := &recordingConn{
261 Conn: conn,
262 isDatagram: test.protocol == dtls,
263 local: local,
264 peer: peer,
265 }
266 conn = connDebug
267 defer func() {
268 connDebug.WriteTo(os.Stdout)
269 }()
270
271 if config.Bugs.PacketAdaptor != nil {
272 config.Bugs.PacketAdaptor.debug = connDebug
273 }
274 }
275
276 if test.replayWrites {
277 conn = newReplayAdaptor(conn)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]278 }
279
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]280 if test.damageFirstWrite {
281 connDamage = newDamageAdaptor(conn)
282 conn = connDamage
283 }
284
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]285 if test.sendPrefix != "" {
286 if _, err := conn.Write([]byte(test.sendPrefix)); err != nil {
287 return err
288 }
David Benjamin98e882e2014-08-08 13:24:34 -0400[diff] [blame]289 }
290
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]291 var tlsConn *Conn
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]292 if test.testType == clientTest {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]293 if test.protocol == dtls {
294 tlsConn = DTLSServer(conn, config)
295 } else {
296 tlsConn = Server(conn, config)
297 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]298 } else {
299 config.InsecureSkipVerify = true
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]300 if test.protocol == dtls {
301 tlsConn = DTLSClient(conn, config)
302 } else {
303 tlsConn = Client(conn, config)
304 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]305 }
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]306 defer tlsConn.Close()
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]307
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]308 if err := tlsConn.Handshake(); err != nil {
309 return err
310 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]311
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]312 // TODO(davidben): move all per-connection expectations into a dedicated
313 // expectations struct that can be specified separately for the two
314 // legs.
315 expectedVersion := test.expectedVersion
316 if isResume && test.expectedResumeVersion != 0 {
317 expectedVersion = test.expectedResumeVersion
318 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]319 connState := tlsConn.ConnectionState()
320 if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]321 return fmt.Errorf("got version %x, expected %x", vers, expectedVersion)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]322 }
323
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]324 if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher {
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]325 return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher)
326 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]327 if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected {
328 return fmt.Errorf("didResume is %t, but we expected the opposite", didResume)
329 }
David Benjamin90da8c82015-04-20 14:57:57 -0400[diff] [blame]330
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]331 if test.expectChannelID {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]332 channelID := connState.ChannelID
David Benjamina08e49d2014-08-24 01:46:07 -0400[diff] [blame]333 if channelID == nil {
334 return fmt.Errorf("no channel ID negotiated")
335 }
336 if channelID.Curve != channelIDKey.Curve ||
337 channelIDKey.X.Cmp(channelIDKey.X) != 0 ||
338 channelIDKey.Y.Cmp(channelIDKey.Y) != 0 {
339 return fmt.Errorf("incorrect channel ID")
340 }
341 }
342
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]343 if expected := test.expectedNextProto; expected != "" {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]344 if actual := connState.NegotiatedProtocol; actual != expected {
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]345 return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected)
346 }
347 }
348
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]349 if test.expectNoNextProto {
350 if actual := connState.NegotiatedProtocol; actual != "" {
351 return fmt.Errorf("got unexpected next proto %s", actual)
352 }
353 }
354
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]355 if test.expectedNextProtoType != 0 {
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]356 if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN {
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]357 return fmt.Errorf("next proto type mismatch")
358 }
359 }
360
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]361 if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]362 return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
363 }
364
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]365 if test.expectedOCSPResponse != nil && !bytes.Equal(test.expectedOCSPResponse, tlsConn.OCSPResponse()) {
366 return fmt.Errorf("OCSP Response mismatch")
367 }
368
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]369 if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
370 return fmt.Errorf("SCT list mismatch")
371 }
372
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]373 if expected := test.expectedClientCertSignatureHash; expected != 0 && expected != connState.ClientCertSignatureHash {
374 return fmt.Errorf("expected client to sign handshake with hash %d, but got %d", expected, connState.ClientCertSignatureHash)
375 }
376
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]377 if test.exportKeyingMaterial > 0 {
378 actual := make([]byte, test.exportKeyingMaterial)
379 if _, err := io.ReadFull(tlsConn, actual); err != nil {
380 return err
381 }
382 expected, err := tlsConn.ExportKeyingMaterial(test.exportKeyingMaterial, []byte(test.exportLabel), []byte(test.exportContext), test.useExportContext)
383 if err != nil {
384 return err
385 }
386 if !bytes.Equal(actual, expected) {
387 return fmt.Errorf("keying material mismatch")
388 }
389 }
390
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]391 if test.testTLSUnique {
392 var peersValue [12]byte
393 if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil {
394 return err
395 }
396 expected := tlsConn.ConnectionState().TLSUnique
397 if !bytes.Equal(peersValue[:], expected) {
398 return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected)
399 }
400 }
401
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]402 if test.shimWritesFirst {
403 var buf [5]byte
404 _, err := io.ReadFull(tlsConn, buf[:])
405 if err != nil {
406 return err
407 }
408 if string(buf[:]) != "hello" {
409 return fmt.Errorf("bad initial message")
410 }
411 }
412
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]413 for i := 0; i < test.sendEmptyRecords; i++ {
414 tlsConn.Write(nil)
415 }
416
David Benjamin24f346d2015-06-06 03:28:08 -0400[diff] [blame]417 for i := 0; i < test.sendWarningAlerts; i++ {
418 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
419 }
420
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]421 if test.renegotiate > 0 {
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]422 if test.renegotiateCiphers != nil {
423 config.CipherSuites = test.renegotiateCiphers
424 }
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]425 for i := 0; i < test.renegotiate; i++ {
426 if err := tlsConn.Renegotiate(); err != nil {
427 return err
428 }
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]429 }
430 } else if test.renegotiateCiphers != nil {
431 panic("renegotiateCiphers without renegotiate")
432 }
433
David Benjamin5fa3eba2015-01-22 16:35:40 -0500[diff] [blame]434 if test.damageFirstWrite {
435 connDamage.setDamage(true)
436 tlsConn.Write([]byte("DAMAGED WRITE"))
437 connDamage.setDamage(false)
438 }
439
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]440 messageLen := test.messageLen
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]441 if messageLen < 0 {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]442 if test.protocol == dtls {
443 return fmt.Errorf("messageLen < 0 not supported for DTLS tests")
444 }
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]445 // Read until EOF.
446 _, err := io.Copy(ioutil.Discard, tlsConn)
447 return err
448 }
David Benjamin4417d052015-04-05 04:17:25 -0400[diff] [blame]449 if messageLen == 0 {
450 messageLen = 32
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]451 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]452
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]453 messageCount := test.messageCount
454 if messageCount == 0 {
455 messageCount = 1
David Benjamina8ebe222015-06-06 03:04:39 -0400[diff] [blame]456 }
457
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]458 for j := 0; j < messageCount; j++ {
459 testMessage := make([]byte, messageLen)
460 for i := range testMessage {
461 testMessage[i] = 0x42 ^ byte(j)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]462 }
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]463 tlsConn.Write(testMessage)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]464
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]465 for i := 0; i < test.sendEmptyRecords; i++ {
466 tlsConn.Write(nil)
467 }
468
469 for i := 0; i < test.sendWarningAlerts; i++ {
470 tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
471 }
472
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]473 if test.shimShutsDown || test.expectMessageDropped {
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]474 // The shim will not respond.
475 continue
476 }
477
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]478 buf := make([]byte, len(testMessage))
479 if test.protocol == dtls {
480 bufTmp := make([]byte, len(buf)+1)
481 n, err := tlsConn.Read(bufTmp)
482 if err != nil {
483 return err
484 }
485 if n != len(buf) {
486 return fmt.Errorf("bad reply; length mismatch (%d vs %d)", n, len(buf))
487 }
488 copy(buf, bufTmp)
489 } else {
490 _, err := io.ReadFull(tlsConn, buf)
491 if err != nil {
492 return err
493 }
494 }
495
496 for i, v := range buf {
497 if v != testMessage[i]^0xff {
498 return fmt.Errorf("bad reply contents at byte %d", i)
499 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]500 }
501 }
502
503 return nil
504}
505
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]506func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd {
507 valgrindArgs := []string{"--error-exitcode=99", "--track-origins=yes", "--leak-check=full"}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]508 if dbAttach {
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]509 valgrindArgs = append(valgrindArgs, "--db-attach=yes", "--db-command=xterm -e gdb -nw %f %p")
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]510 }
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]511 valgrindArgs = append(valgrindArgs, path)
512 valgrindArgs = append(valgrindArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]513
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]514 return exec.Command("valgrind", valgrindArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]515}
516
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]517func gdbOf(path string, args ...string) *exec.Cmd {
518 xtermArgs := []string{"-e", "gdb", "--args"}
519 xtermArgs = append(xtermArgs, path)
520 xtermArgs = append(xtermArgs, args...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]521
David Benjamin325b5c32014-07-01 19:40:31 -0400[diff] [blame]522 return exec.Command("xterm", xtermArgs...)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]523}
524
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]525func lldbOf(path string, args ...string) *exec.Cmd {
526 xtermArgs := []string{"-e", "lldb", "--"}
527 xtermArgs = append(xtermArgs, path)
528 xtermArgs = append(xtermArgs, args...)
529
530 return exec.Command("xterm", xtermArgs...)
531}
532
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]533type moreMallocsError struct{}
534
535func (moreMallocsError) Error() string {
536 return "child process did not exhaust all allocation calls"
537}
538
539var errMoreMallocs = moreMallocsError{}
540
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]541// accept accepts a connection from listener, unless waitChan signals a process
542// exit first.
543func acceptOrWait(listener net.Listener, waitChan chan error) (net.Conn, error) {
544 type connOrError struct {
545 conn net.Conn
546 err error
547 }
548 connChan := make(chan connOrError, 1)
549 go func() {
550 conn, err := listener.Accept()
551 connChan <- connOrError{conn, err}
552 close(connChan)
553 }()
554 select {
555 case result := <-connChan:
556 return result.conn, result.err
557 case childErr := <-waitChan:
558 waitChan <- childErr
559 return nil, fmt.Errorf("child exited early: %s", childErr)
560 }
561}
562
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]563func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]564 if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
565 panic("Error expected without shouldFail in " + test.name)
566 }
567
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]568 if test.expectResumeRejected && !test.resumeSession {
569 panic("expectResumeRejected without resumeSession in " + test.name)
570 }
571
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]572 if test.testType != clientTest && test.expectedClientCertSignatureHash != 0 {
573 panic("expectedClientCertSignatureHash non-zero with serverTest in " + test.name)
574 }
575
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]576 listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}})
577 if err != nil {
578 panic(err)
579 }
580 defer func() {
581 if listener != nil {
582 listener.Close()
583 }
584 }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]585
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]586 flags := []string{"-port", strconv.Itoa(listener.Addr().(*net.TCPAddr).Port)}
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]587 if test.testType == serverTest {
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]588 flags = append(flags, "-server")
589
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]590 flags = append(flags, "-key-file")
591 if test.keyFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]592 flags = append(flags, path.Join(*resourceDir, rsaKeyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]593 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]594 flags = append(flags, path.Join(*resourceDir, test.keyFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]595 }
596
597 flags = append(flags, "-cert-file")
598 if test.certFile == "" {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]599 flags = append(flags, path.Join(*resourceDir, rsaCertificateFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]600 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]601 flags = append(flags, path.Join(*resourceDir, test.certFile))
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]602 }
603 }
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]604
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]605 if test.digestPrefs != "" {
606 flags = append(flags, "-digest-prefs")
607 flags = append(flags, test.digestPrefs)
608 }
609
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]610 if test.protocol == dtls {
611 flags = append(flags, "-dtls")
612 }
613
David Benjamin5a593af2014-08-11 19:51:50 -0400[diff] [blame]614 if test.resumeSession {
615 flags = append(flags, "-resume")
616 }
617
David Benjamine58c4f52014-08-24 03:47:07 -0400[diff] [blame]618 if test.shimWritesFirst {
619 flags = append(flags, "-shim-writes-first")
620 }
621
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]622 if test.shimShutsDown {
623 flags = append(flags, "-shim-shuts-down")
624 }
625
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]626 if test.exportKeyingMaterial > 0 {
627 flags = append(flags, "-export-keying-material", strconv.Itoa(test.exportKeyingMaterial))
628 flags = append(flags, "-export-label", test.exportLabel)
629 flags = append(flags, "-export-context", test.exportContext)
630 if test.useExportContext {
631 flags = append(flags, "-use-export-context")
632 }
633 }
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]634 if test.expectResumeRejected {
635 flags = append(flags, "-expect-session-miss")
636 }
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]637
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]638 if test.testTLSUnique {
639 flags = append(flags, "-tls-unique")
640 }
641
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]642 flags = append(flags, test.flags...)
643
644 var shim *exec.Cmd
645 if *useValgrind {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]646 shim = valgrindOf(false, shimPath, flags...)
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]647 } else if *useGDB {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]648 shim = gdbOf(shimPath, flags...)
David Benjamind16bf342015-12-18 00:53:12 -0500[diff] [blame]649 } else if *useLLDB {
650 shim = lldbOf(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]651 } else {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]652 shim = exec.Command(shimPath, flags...)
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]653 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]654 shim.Stdin = os.Stdin
655 var stdoutBuf, stderrBuf bytes.Buffer
656 shim.Stdout = &stdoutBuf
657 shim.Stderr = &stderrBuf
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]658 if mallocNumToFail >= 0 {
David Benjamin9e128b02015-02-09 13:13:09 -0500[diff] [blame]659 shim.Env = os.Environ()
660 shim.Env = append(shim.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10))
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]661 if *mallocTestDebug {
David Benjamin184494d2015-06-12 18:23:47 -0400[diff] [blame]662 shim.Env = append(shim.Env, "MALLOC_BREAK_ON_FAIL=1")
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]663 }
664 shim.Env = append(shim.Env, "_MALLOC_CHECK=1")
665 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]666
667 if err := shim.Start(); err != nil {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]668 panic(err)
669 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]670 waitChan := make(chan error, 1)
671 go func() { waitChan <- shim.Wait() }()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]672
673 config := test.config
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]674 if !test.noSessionCache {
675 config.ClientSessionCache = NewLRUClientSessionCache(1)
676 config.ServerSessionCache = NewLRUServerSessionCache(1)
677 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]678 if test.testType == clientTest {
679 if len(config.Certificates) == 0 {
680 config.Certificates = []Certificate{getRSACertificate()}
681 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]682 } else {
683 // Supply a ServerName to ensure a constant session cache key,
684 // rather than falling back to net.Conn.RemoteAddr.
685 if len(config.ServerName) == 0 {
686 config.ServerName = "test"
687 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]688 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]690 conn, err := acceptOrWait(listener, waitChan)
691 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]692 err = doExchange(test, &config, conn, false /* not a resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]693 conn.Close()
694 }
David Benjamin65ea8ff2014-11-23 03:01:00 -0500[diff] [blame]695
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]696 if err == nil && test.resumeSession {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]697 var resumeConfig Config
698 if test.resumeConfig != nil {
699 resumeConfig = *test.resumeConfig
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]700 if len(resumeConfig.ServerName) == 0 {
701 resumeConfig.ServerName = config.ServerName
702 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]703 if len(resumeConfig.Certificates) == 0 {
704 resumeConfig.Certificates = []Certificate{getRSACertificate()}
705 }
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]706 if test.newSessionsOnResume {
707 if !test.noSessionCache {
708 resumeConfig.ClientSessionCache = NewLRUClientSessionCache(1)
709 resumeConfig.ServerSessionCache = NewLRUServerSessionCache(1)
710 }
711 } else {
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]712 resumeConfig.SessionTicketKey = config.SessionTicketKey
713 resumeConfig.ClientSessionCache = config.ClientSessionCache
714 resumeConfig.ServerSessionCache = config.ServerSessionCache
715 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]716 } else {
717 resumeConfig = config
718 }
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]719 var connResume net.Conn
720 connResume, err = acceptOrWait(listener, waitChan)
721 if err == nil {
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]722 err = doExchange(test, &resumeConfig, connResume, true /* resumption */)
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]723 connResume.Close()
724 }
David Benjamin1d5c83e2014-07-22 19:20:02 -0400[diff] [blame]725 }
726
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]727 // Close the listener now. This is to avoid hangs should the shim try to
728 // open more connections than expected.
729 listener.Close()
730 listener = nil
731
732 childErr := <-waitChan
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]733 if exitError, ok := childErr.(*exec.ExitError); ok {
734 if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 {
735 return errMoreMallocs
736 }
737 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]738
739 stdout := string(stdoutBuf.Bytes())
740 stderr := string(stderrBuf.Bytes())
741 failed := err != nil || childErr != nil
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]742 correctFailure := len(test.expectedError) == 0 || strings.Contains(stderr, test.expectedError)
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]743 localError := "none"
744 if err != nil {
745 localError = err.Error()
746 }
747 if len(test.expectedLocalError) != 0 {
748 correctFailure = correctFailure && strings.Contains(localError, test.expectedLocalError)
749 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]750
751 if failed != test.shouldFail || failed && !correctFailure {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]752 childError := "none"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]753 if childErr != nil {
754 childError = childErr.Error()
755 }
756
757 var msg string
758 switch {
759 case failed && !test.shouldFail:
760 msg = "unexpected failure"
761 case !failed && test.shouldFail:
762 msg = "unexpected success"
763 case failed && !correctFailure:
Adam Langleyac61fa32014-06-23 12:03:11 -0700[diff] [blame]764 msg = "bad error (wanted '" + test.expectedError + "' / '" + test.expectedLocalError + "')"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]765 default:
766 panic("internal error")
767 }
768
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]769 return fmt.Errorf("%s: local error '%s', child error '%s', stdout:\n%s\nstderr:\n%s", msg, localError, childError, stdout, stderr)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]770 }
771
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]772 if !*useValgrind && !failed && len(stderr) > 0 {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]773 println(stderr)
774 }
775
776 return nil
777}
778
779var tlsVersions = []struct {
780 name string
781 version uint16
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]782 flag string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]783 hasDTLS bool
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]784}{
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]785 {"SSL3", VersionSSL30, "-no-ssl3", false},
786 {"TLS1", VersionTLS10, "-no-tls1", true},
787 {"TLS11", VersionTLS11, "-no-tls11", false},
788 {"TLS12", VersionTLS12, "-no-tls12", true},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]789}
790
791var testCipherSuites = []struct {
792 name string
793 id uint16
794}{
795 {"3DES-SHA", TLS_RSA_WITH_3DES_EDE_CBC_SHA},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]796 {"AES128-GCM", TLS_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]797 {"AES128-SHA", TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]798 {"AES128-SHA256", TLS_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]799 {"AES256-GCM", TLS_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]800 {"AES256-SHA", TLS_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]801 {"AES256-SHA256", TLS_RSA_WITH_AES_256_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]802 {"DHE-RSA-AES128-GCM", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
803 {"DHE-RSA-AES128-SHA", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]804 {"DHE-RSA-AES128-SHA256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]805 {"DHE-RSA-AES256-GCM", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
806 {"DHE-RSA-AES256-SHA", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]807 {"DHE-RSA-AES256-SHA256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]808 {"ECDHE-ECDSA-AES128-GCM", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
809 {"ECDHE-ECDSA-AES128-SHA", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]810 {"ECDHE-ECDSA-AES128-SHA256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
811 {"ECDHE-ECDSA-AES256-GCM", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]812 {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]813 {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]814 {"ECDHE-ECDSA-CHACHA20-POLY1305", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]815 {"ECDHE-ECDSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]816 {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]817 {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]818 {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]819 {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]820 {"ECDHE-RSA-AES256-GCM", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]821 {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]822 {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]823 {"ECDHE-RSA-CHACHA20-POLY1305", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
David Benjamine3203922015-12-09 21:21:31 -0500[diff] [blame]824 {"ECDHE-RSA-CHACHA20-POLY1305-OLD", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]825 {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]826 {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA},
827 {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA},
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]828 {"ECDHE-PSK-AES128-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA},
829 {"ECDHE-PSK-AES256-CBC-SHA", TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]830 {"ECDHE-PSK-CHACHA20-POLY1305", TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256},
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]831 {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]832 {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5},
David Benjaminf4e5c4e2014-08-02 17:35:45 -0400[diff] [blame]833 {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA},
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]834 {"NULL-SHA", TLS_RSA_WITH_NULL_SHA},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]835}
836
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]837func hasComponent(suiteName, component string) bool {
838 return strings.Contains("-"+suiteName+"-", "-"+component+"-")
839}
840
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]841func isTLSOnly(suiteName string) bool {
842 // BoringSSL doesn't support ECDHE without a curves extension, and
843 // SSLv3 doesn't contain extensions.
844 return hasComponent(suiteName, "ECDHE") || isTLS12Only(suiteName)
845}
846
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]847func isTLS12Only(suiteName string) bool {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]848 return hasComponent(suiteName, "GCM") ||
849 hasComponent(suiteName, "SHA256") ||
David Benjamine9a80ff2015-04-07 00:46:46 -0400[diff] [blame]850 hasComponent(suiteName, "SHA384") ||
851 hasComponent(suiteName, "POLY1305")
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]852}
853
854func isDTLSCipher(suiteName string) bool {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]855 return !hasComponent(suiteName, "RC4") && !hasComponent(suiteName, "NULL")
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]856}
857
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]858func bigFromHex(hex string) *big.Int {
859 ret, ok := new(big.Int).SetString(hex, 16)
860 if !ok {
861 panic("failed to parse hex number 0x" + hex)
862 }
863 return ret
864}
865
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]866func addBasicTests() {
867 basicTests := []testCase{
868 {
869 name: "BadRSASignature",
870 config: Config{
871 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
872 Bugs: ProtocolBugs{
873 InvalidSKXSignature: true,
874 },
875 },
876 shouldFail: true,
877 expectedError: ":BAD_SIGNATURE:",
878 },
879 {
880 name: "BadECDSASignature",
881 config: Config{
882 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
883 Bugs: ProtocolBugs{
884 InvalidSKXSignature: true,
885 },
886 Certificates: []Certificate{getECDSACertificate()},
887 },
888 shouldFail: true,
889 expectedError: ":BAD_SIGNATURE:",
890 },
891 {
David Benjamin6de0e532015-07-28 22:43:19 -0400[diff] [blame]892 testType: serverTest,
893 name: "BadRSASignature-ClientAuth",
894 config: Config{
895 Bugs: ProtocolBugs{
896 InvalidCertVerifySignature: true,
897 },
898 Certificates: []Certificate{getRSACertificate()},
899 },
900 shouldFail: true,
901 expectedError: ":BAD_SIGNATURE:",
902 flags: []string{"-require-any-client-certificate"},
903 },
904 {
905 testType: serverTest,
906 name: "BadECDSASignature-ClientAuth",
907 config: Config{
908 Bugs: ProtocolBugs{
909 InvalidCertVerifySignature: true,
910 },
911 Certificates: []Certificate{getECDSACertificate()},
912 },
913 shouldFail: true,
914 expectedError: ":BAD_SIGNATURE:",
915 flags: []string{"-require-any-client-certificate"},
916 },
917 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]918 name: "BadECDSACurve",
919 config: Config{
920 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
921 Bugs: ProtocolBugs{
922 InvalidSKXCurve: true,
923 },
924 Certificates: []Certificate{getECDSACertificate()},
925 },
926 shouldFail: true,
927 expectedError: ":WRONG_CURVE:",
928 },
929 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]930 name: "NoFallbackSCSV",
931 config: Config{
932 Bugs: ProtocolBugs{
933 FailIfNotFallbackSCSV: true,
934 },
935 },
936 shouldFail: true,
937 expectedLocalError: "no fallback SCSV found",
938 },
939 {
940 name: "SendFallbackSCSV",
941 config: Config{
942 Bugs: ProtocolBugs{
943 FailIfNotFallbackSCSV: true,
944 },
945 },
946 flags: []string{"-fallback-scsv"},
947 },
948 {
949 name: "ClientCertificateTypes",
950 config: Config{
951 ClientAuth: RequestClientCert,
952 ClientCertificateTypes: []byte{
953 CertTypeDSSSign,
954 CertTypeRSASign,
955 CertTypeECDSASign,
956 },
957 },
958 flags: []string{
959 "-expect-certificate-types",
960 base64.StdEncoding.EncodeToString([]byte{
961 CertTypeDSSSign,
962 CertTypeRSASign,
963 CertTypeECDSASign,
964 }),
965 },
966 },
967 {
968 name: "NoClientCertificate",
969 config: Config{
970 ClientAuth: RequireAnyClientCert,
971 },
972 shouldFail: true,
973 expectedLocalError: "client didn't provide a certificate",
974 },
975 {
976 name: "UnauthenticatedECDH",
977 config: Config{
978 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
979 Bugs: ProtocolBugs{
980 UnauthenticatedECDH: true,
981 },
982 },
983 shouldFail: true,
984 expectedError: ":UNEXPECTED_MESSAGE:",
985 },
986 {
987 name: "SkipCertificateStatus",
988 config: Config{
989 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
990 Bugs: ProtocolBugs{
991 SkipCertificateStatus: true,
992 },
993 },
994 flags: []string{
995 "-enable-ocsp-stapling",
996 },
997 },
998 {
999 name: "SkipServerKeyExchange",
1000 config: Config{
1001 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1002 Bugs: ProtocolBugs{
1003 SkipServerKeyExchange: true,
1004 },
1005 },
1006 shouldFail: true,
1007 expectedError: ":UNEXPECTED_MESSAGE:",
1008 },
1009 {
1010 name: "SkipChangeCipherSpec-Client",
1011 config: Config{
1012 Bugs: ProtocolBugs{
1013 SkipChangeCipherSpec: true,
1014 },
1015 },
1016 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1017 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1018 },
1019 {
1020 testType: serverTest,
1021 name: "SkipChangeCipherSpec-Server",
1022 config: Config{
1023 Bugs: ProtocolBugs{
1024 SkipChangeCipherSpec: true,
1025 },
1026 },
1027 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1028 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1029 },
1030 {
1031 testType: serverTest,
1032 name: "SkipChangeCipherSpec-Server-NPN",
1033 config: Config{
1034 NextProtos: []string{"bar"},
1035 Bugs: ProtocolBugs{
1036 SkipChangeCipherSpec: true,
1037 },
1038 },
1039 flags: []string{
1040 "-advertise-npn", "\x03foo\x03bar\x03baz",
1041 },
1042 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1043 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1044 },
1045 {
1046 name: "FragmentAcrossChangeCipherSpec-Client",
1047 config: Config{
1048 Bugs: ProtocolBugs{
1049 FragmentAcrossChangeCipherSpec: true,
1050 },
1051 },
1052 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1053 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1054 },
1055 {
1056 testType: serverTest,
1057 name: "FragmentAcrossChangeCipherSpec-Server",
1058 config: Config{
1059 Bugs: ProtocolBugs{
1060 FragmentAcrossChangeCipherSpec: true,
1061 },
1062 },
1063 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1064 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1065 },
1066 {
1067 testType: serverTest,
1068 name: "FragmentAcrossChangeCipherSpec-Server-NPN",
1069 config: Config{
1070 NextProtos: []string{"bar"},
1071 Bugs: ProtocolBugs{
1072 FragmentAcrossChangeCipherSpec: true,
1073 },
1074 },
1075 flags: []string{
1076 "-advertise-npn", "\x03foo\x03bar\x03baz",
1077 },
1078 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1079 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1080 },
1081 {
1082 testType: serverTest,
1083 name: "Alert",
1084 config: Config{
1085 Bugs: ProtocolBugs{
1086 SendSpuriousAlert: alertRecordOverflow,
1087 },
1088 },
1089 shouldFail: true,
1090 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1091 },
1092 {
1093 protocol: dtls,
1094 testType: serverTest,
1095 name: "Alert-DTLS",
1096 config: Config{
1097 Bugs: ProtocolBugs{
1098 SendSpuriousAlert: alertRecordOverflow,
1099 },
1100 },
1101 shouldFail: true,
1102 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1103 },
1104 {
1105 testType: serverTest,
1106 name: "FragmentAlert",
1107 config: Config{
1108 Bugs: ProtocolBugs{
1109 FragmentAlert: true,
1110 SendSpuriousAlert: alertRecordOverflow,
1111 },
1112 },
1113 shouldFail: true,
1114 expectedError: ":BAD_ALERT:",
1115 },
1116 {
1117 protocol: dtls,
1118 testType: serverTest,
1119 name: "FragmentAlert-DTLS",
1120 config: Config{
1121 Bugs: ProtocolBugs{
1122 FragmentAlert: true,
1123 SendSpuriousAlert: alertRecordOverflow,
1124 },
1125 },
1126 shouldFail: true,
1127 expectedError: ":BAD_ALERT:",
1128 },
1129 {
1130 testType: serverTest,
1131 name: "EarlyChangeCipherSpec-server-1",
1132 config: Config{
1133 Bugs: ProtocolBugs{
1134 EarlyChangeCipherSpec: 1,
1135 },
1136 },
1137 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1138 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1139 },
1140 {
1141 testType: serverTest,
1142 name: "EarlyChangeCipherSpec-server-2",
1143 config: Config{
1144 Bugs: ProtocolBugs{
1145 EarlyChangeCipherSpec: 2,
1146 },
1147 },
1148 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1149 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1150 },
1151 {
1152 name: "SkipNewSessionTicket",
1153 config: Config{
1154 Bugs: ProtocolBugs{
1155 SkipNewSessionTicket: true,
1156 },
1157 },
1158 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1159 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1160 },
1161 {
1162 testType: serverTest,
1163 name: "FallbackSCSV",
1164 config: Config{
1165 MaxVersion: VersionTLS11,
1166 Bugs: ProtocolBugs{
1167 SendFallbackSCSV: true,
1168 },
1169 },
1170 shouldFail: true,
1171 expectedError: ":INAPPROPRIATE_FALLBACK:",
1172 },
1173 {
1174 testType: serverTest,
1175 name: "FallbackSCSV-VersionMatch",
1176 config: Config{
1177 Bugs: ProtocolBugs{
1178 SendFallbackSCSV: true,
1179 },
1180 },
1181 },
1182 {
1183 testType: serverTest,
1184 name: "FragmentedClientVersion",
1185 config: Config{
1186 Bugs: ProtocolBugs{
1187 MaxHandshakeRecordLength: 1,
1188 FragmentClientVersion: true,
1189 },
1190 },
1191 expectedVersion: VersionTLS12,
1192 },
1193 {
1194 testType: serverTest,
1195 name: "MinorVersionTolerance",
1196 config: Config{
1197 Bugs: ProtocolBugs{
1198 SendClientVersion: 0x03ff,
1199 },
1200 },
1201 expectedVersion: VersionTLS12,
1202 },
1203 {
1204 testType: serverTest,
1205 name: "MajorVersionTolerance",
1206 config: Config{
1207 Bugs: ProtocolBugs{
1208 SendClientVersion: 0x0400,
1209 },
1210 },
1211 expectedVersion: VersionTLS12,
1212 },
1213 {
1214 testType: serverTest,
1215 name: "VersionTooLow",
1216 config: Config{
1217 Bugs: ProtocolBugs{
1218 SendClientVersion: 0x0200,
1219 },
1220 },
1221 shouldFail: true,
1222 expectedError: ":UNSUPPORTED_PROTOCOL:",
1223 },
1224 {
1225 testType: serverTest,
1226 name: "HttpGET",
1227 sendPrefix: "GET / HTTP/1.0\n",
1228 shouldFail: true,
1229 expectedError: ":HTTP_REQUEST:",
1230 },
1231 {
1232 testType: serverTest,
1233 name: "HttpPOST",
1234 sendPrefix: "POST / HTTP/1.0\n",
1235 shouldFail: true,
1236 expectedError: ":HTTP_REQUEST:",
1237 },
1238 {
1239 testType: serverTest,
1240 name: "HttpHEAD",
1241 sendPrefix: "HEAD / HTTP/1.0\n",
1242 shouldFail: true,
1243 expectedError: ":HTTP_REQUEST:",
1244 },
1245 {
1246 testType: serverTest,
1247 name: "HttpPUT",
1248 sendPrefix: "PUT / HTTP/1.0\n",
1249 shouldFail: true,
1250 expectedError: ":HTTP_REQUEST:",
1251 },
1252 {
1253 testType: serverTest,
1254 name: "HttpCONNECT",
1255 sendPrefix: "CONNECT www.google.com:443 HTTP/1.0\n",
1256 shouldFail: true,
1257 expectedError: ":HTTPS_PROXY_REQUEST:",
1258 },
1259 {
1260 testType: serverTest,
1261 name: "Garbage",
1262 sendPrefix: "blah",
1263 shouldFail: true,
David Benjamin97760d52015-07-24 23:02:49 -0400[diff] [blame]1264 expectedError: ":WRONG_VERSION_NUMBER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1265 },
1266 {
1267 name: "SkipCipherVersionCheck",
1268 config: Config{
1269 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1270 MaxVersion: VersionTLS11,
1271 Bugs: ProtocolBugs{
1272 SkipCipherVersionCheck: true,
1273 },
1274 },
1275 shouldFail: true,
1276 expectedError: ":WRONG_CIPHER_RETURNED:",
1277 },
1278 {
1279 name: "RSAEphemeralKey",
1280 config: Config{
1281 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
1282 Bugs: ProtocolBugs{
1283 RSAEphemeralKey: true,
1284 },
1285 },
1286 shouldFail: true,
1287 expectedError: ":UNEXPECTED_MESSAGE:",
1288 },
1289 {
1290 name: "DisableEverything",
1291 flags: []string{"-no-tls12", "-no-tls11", "-no-tls1", "-no-ssl3"},
1292 shouldFail: true,
1293 expectedError: ":WRONG_SSL_VERSION:",
1294 },
1295 {
1296 protocol: dtls,
1297 name: "DisableEverything-DTLS",
1298 flags: []string{"-no-tls12", "-no-tls1"},
1299 shouldFail: true,
1300 expectedError: ":WRONG_SSL_VERSION:",
1301 },
1302 {
1303 name: "NoSharedCipher",
1304 config: Config{
1305 CipherSuites: []uint16{},
1306 },
1307 shouldFail: true,
1308 expectedError: ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:",
1309 },
1310 {
1311 protocol: dtls,
1312 testType: serverTest,
1313 name: "MTU",
1314 config: Config{
1315 Bugs: ProtocolBugs{
1316 MaxPacketLength: 256,
1317 },
1318 },
1319 flags: []string{"-mtu", "256"},
1320 },
1321 {
1322 protocol: dtls,
1323 testType: serverTest,
1324 name: "MTUExceeded",
1325 config: Config{
1326 Bugs: ProtocolBugs{
1327 MaxPacketLength: 255,
1328 },
1329 },
1330 flags: []string{"-mtu", "256"},
1331 shouldFail: true,
1332 expectedLocalError: "dtls: exceeded maximum packet length",
1333 },
1334 {
1335 name: "CertMismatchRSA",
1336 config: Config{
1337 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
1338 Certificates: []Certificate{getECDSACertificate()},
1339 Bugs: ProtocolBugs{
1340 SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1341 },
1342 },
1343 shouldFail: true,
1344 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1345 },
1346 {
1347 name: "CertMismatchECDSA",
1348 config: Config{
1349 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1350 Certificates: []Certificate{getRSACertificate()},
1351 Bugs: ProtocolBugs{
1352 SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1353 },
1354 },
1355 shouldFail: true,
1356 expectedError: ":WRONG_CERTIFICATE_TYPE:",
1357 },
1358 {
1359 name: "EmptyCertificateList",
1360 config: Config{
1361 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1362 Bugs: ProtocolBugs{
1363 EmptyCertificateList: true,
1364 },
1365 },
1366 shouldFail: true,
1367 expectedError: ":DECODE_ERROR:",
1368 },
1369 {
1370 name: "TLSFatalBadPackets",
1371 damageFirstWrite: true,
1372 shouldFail: true,
1373 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
1374 },
1375 {
1376 protocol: dtls,
1377 name: "DTLSIgnoreBadPackets",
1378 damageFirstWrite: true,
1379 },
1380 {
1381 protocol: dtls,
1382 name: "DTLSIgnoreBadPackets-Async",
1383 damageFirstWrite: true,
1384 flags: []string{"-async"},
1385 },
1386 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1387 name: "AppDataBeforeHandshake",
1388 config: Config{
1389 Bugs: ProtocolBugs{
1390 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1391 },
1392 },
1393 shouldFail: true,
1394 expectedError: ":UNEXPECTED_RECORD:",
1395 },
1396 {
1397 name: "AppDataBeforeHandshake-Empty",
1398 config: Config{
1399 Bugs: ProtocolBugs{
1400 AppDataBeforeHandshake: []byte{},
1401 },
1402 },
1403 shouldFail: true,
1404 expectedError: ":UNEXPECTED_RECORD:",
1405 },
1406 {
1407 protocol: dtls,
1408 name: "AppDataBeforeHandshake-DTLS",
1409 config: Config{
1410 Bugs: ProtocolBugs{
1411 AppDataBeforeHandshake: []byte("TEST MESSAGE"),
1412 },
1413 },
1414 shouldFail: true,
1415 expectedError: ":UNEXPECTED_RECORD:",
1416 },
1417 {
1418 protocol: dtls,
1419 name: "AppDataBeforeHandshake-DTLS-Empty",
1420 config: Config{
1421 Bugs: ProtocolBugs{
1422 AppDataBeforeHandshake: []byte{},
1423 },
1424 },
1425 shouldFail: true,
1426 expectedError: ":UNEXPECTED_RECORD:",
1427 },
1428 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1429 name: "AppDataAfterChangeCipherSpec",
1430 config: Config{
1431 Bugs: ProtocolBugs{
1432 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1433 },
1434 },
1435 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1436 expectedError: ":UNEXPECTED_RECORD:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1437 },
1438 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1439 name: "AppDataAfterChangeCipherSpec-Empty",
1440 config: Config{
1441 Bugs: ProtocolBugs{
1442 AppDataAfterChangeCipherSpec: []byte{},
1443 },
1444 },
1445 shouldFail: true,
David Benjamina41280d2015-11-26 02:16:49 -0500[diff] [blame]1446 expectedError: ":UNEXPECTED_RECORD:",
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1447 },
1448 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1449 protocol: dtls,
1450 name: "AppDataAfterChangeCipherSpec-DTLS",
1451 config: Config{
1452 Bugs: ProtocolBugs{
1453 AppDataAfterChangeCipherSpec: []byte("TEST MESSAGE"),
1454 },
1455 },
1456 // BoringSSL's DTLS implementation will drop the out-of-order
1457 // application data.
1458 },
1459 {
David Benjamin4cf369b2015-08-22 01:35:43 -0400[diff] [blame]1460 protocol: dtls,
1461 name: "AppDataAfterChangeCipherSpec-DTLS-Empty",
1462 config: Config{
1463 Bugs: ProtocolBugs{
1464 AppDataAfterChangeCipherSpec: []byte{},
1465 },
1466 },
1467 // BoringSSL's DTLS implementation will drop the out-of-order
1468 // application data.
1469 },
1470 {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1471 name: "AlertAfterChangeCipherSpec",
1472 config: Config{
1473 Bugs: ProtocolBugs{
1474 AlertAfterChangeCipherSpec: alertRecordOverflow,
1475 },
1476 },
1477 shouldFail: true,
1478 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1479 },
1480 {
1481 protocol: dtls,
1482 name: "AlertAfterChangeCipherSpec-DTLS",
1483 config: Config{
1484 Bugs: ProtocolBugs{
1485 AlertAfterChangeCipherSpec: alertRecordOverflow,
1486 },
1487 },
1488 shouldFail: true,
1489 expectedError: ":TLSV1_ALERT_RECORD_OVERFLOW:",
1490 },
1491 {
1492 protocol: dtls,
1493 name: "ReorderHandshakeFragments-Small-DTLS",
1494 config: Config{
1495 Bugs: ProtocolBugs{
1496 ReorderHandshakeFragments: true,
1497 // Small enough that every handshake message is
1498 // fragmented.
1499 MaxHandshakeRecordLength: 2,
1500 },
1501 },
1502 },
1503 {
1504 protocol: dtls,
1505 name: "ReorderHandshakeFragments-Large-DTLS",
1506 config: Config{
1507 Bugs: ProtocolBugs{
1508 ReorderHandshakeFragments: true,
1509 // Large enough that no handshake message is
1510 // fragmented.
1511 MaxHandshakeRecordLength: 2048,
1512 },
1513 },
1514 },
1515 {
1516 protocol: dtls,
1517 name: "MixCompleteMessageWithFragments-DTLS",
1518 config: Config{
1519 Bugs: ProtocolBugs{
1520 ReorderHandshakeFragments: true,
1521 MixCompleteMessageWithFragments: true,
1522 MaxHandshakeRecordLength: 2,
1523 },
1524 },
1525 },
1526 {
1527 name: "SendInvalidRecordType",
1528 config: Config{
1529 Bugs: ProtocolBugs{
1530 SendInvalidRecordType: true,
1531 },
1532 },
1533 shouldFail: true,
1534 expectedError: ":UNEXPECTED_RECORD:",
1535 },
1536 {
1537 protocol: dtls,
1538 name: "SendInvalidRecordType-DTLS",
1539 config: Config{
1540 Bugs: ProtocolBugs{
1541 SendInvalidRecordType: true,
1542 },
1543 },
1544 shouldFail: true,
1545 expectedError: ":UNEXPECTED_RECORD:",
1546 },
1547 {
1548 name: "FalseStart-SkipServerSecondLeg",
1549 config: Config{
1550 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1551 NextProtos: []string{"foo"},
1552 Bugs: ProtocolBugs{
1553 SkipNewSessionTicket: true,
1554 SkipChangeCipherSpec: true,
1555 SkipFinished: true,
1556 ExpectFalseStart: true,
1557 },
1558 },
1559 flags: []string{
1560 "-false-start",
1561 "-handshake-never-done",
1562 "-advertise-alpn", "\x03foo",
1563 },
1564 shimWritesFirst: true,
1565 shouldFail: true,
1566 expectedError: ":UNEXPECTED_RECORD:",
1567 },
1568 {
1569 name: "FalseStart-SkipServerSecondLeg-Implicit",
1570 config: Config{
1571 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1572 NextProtos: []string{"foo"},
1573 Bugs: ProtocolBugs{
1574 SkipNewSessionTicket: true,
1575 SkipChangeCipherSpec: true,
1576 SkipFinished: true,
1577 },
1578 },
1579 flags: []string{
1580 "-implicit-handshake",
1581 "-false-start",
1582 "-handshake-never-done",
1583 "-advertise-alpn", "\x03foo",
1584 },
1585 shouldFail: true,
1586 expectedError: ":UNEXPECTED_RECORD:",
1587 },
1588 {
1589 testType: serverTest,
1590 name: "FailEarlyCallback",
1591 flags: []string{"-fail-early-callback"},
1592 shouldFail: true,
1593 expectedError: ":CONNECTION_REJECTED:",
1594 expectedLocalError: "remote error: access denied",
1595 },
1596 {
1597 name: "WrongMessageType",
1598 config: Config{
1599 Bugs: ProtocolBugs{
1600 WrongCertificateMessageType: true,
1601 },
1602 },
1603 shouldFail: true,
1604 expectedError: ":UNEXPECTED_MESSAGE:",
1605 expectedLocalError: "remote error: unexpected message",
1606 },
1607 {
1608 protocol: dtls,
1609 name: "WrongMessageType-DTLS",
1610 config: Config{
1611 Bugs: ProtocolBugs{
1612 WrongCertificateMessageType: true,
1613 },
1614 },
1615 shouldFail: true,
1616 expectedError: ":UNEXPECTED_MESSAGE:",
1617 expectedLocalError: "remote error: unexpected message",
1618 },
1619 {
1620 protocol: dtls,
1621 name: "FragmentMessageTypeMismatch-DTLS",
1622 config: Config{
1623 Bugs: ProtocolBugs{
1624 MaxHandshakeRecordLength: 2,
1625 FragmentMessageTypeMismatch: true,
1626 },
1627 },
1628 shouldFail: true,
1629 expectedError: ":FRAGMENT_MISMATCH:",
1630 },
1631 {
1632 protocol: dtls,
1633 name: "FragmentMessageLengthMismatch-DTLS",
1634 config: Config{
1635 Bugs: ProtocolBugs{
1636 MaxHandshakeRecordLength: 2,
1637 FragmentMessageLengthMismatch: true,
1638 },
1639 },
1640 shouldFail: true,
1641 expectedError: ":FRAGMENT_MISMATCH:",
1642 },
1643 {
1644 protocol: dtls,
1645 name: "SplitFragments-Header-DTLS",
1646 config: Config{
1647 Bugs: ProtocolBugs{
1648 SplitFragments: 2,
1649 },
1650 },
1651 shouldFail: true,
1652 expectedError: ":UNEXPECTED_MESSAGE:",
1653 },
1654 {
1655 protocol: dtls,
1656 name: "SplitFragments-Boundary-DTLS",
1657 config: Config{
1658 Bugs: ProtocolBugs{
1659 SplitFragments: dtlsRecordHeaderLen,
1660 },
1661 },
1662 shouldFail: true,
1663 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1664 },
1665 {
1666 protocol: dtls,
1667 name: "SplitFragments-Body-DTLS",
1668 config: Config{
1669 Bugs: ProtocolBugs{
1670 SplitFragments: dtlsRecordHeaderLen + 1,
1671 },
1672 },
1673 shouldFail: true,
1674 expectedError: ":EXCESSIVE_MESSAGE_SIZE:",
1675 },
1676 {
1677 protocol: dtls,
1678 name: "SendEmptyFragments-DTLS",
1679 config: Config{
1680 Bugs: ProtocolBugs{
1681 SendEmptyFragments: true,
1682 },
1683 },
1684 },
1685 {
1686 name: "UnsupportedCipherSuite",
1687 config: Config{
1688 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1689 Bugs: ProtocolBugs{
1690 IgnorePeerCipherPreferences: true,
1691 },
1692 },
1693 flags: []string{"-cipher", "DEFAULT:!RC4"},
1694 shouldFail: true,
1695 expectedError: ":WRONG_CIPHER_RETURNED:",
1696 },
1697 {
1698 name: "UnsupportedCurve",
1699 config: Config{
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1700 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1701 CurvePreferences: []CurveID{CurveP256},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1702 Bugs: ProtocolBugs{
1703 IgnorePeerCurvePreferences: true,
1704 },
1705 },
David Benjamin64d92502015-12-19 02:20:57 -0500[diff] [blame]1706 flags: []string{"-p384-only"},
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1707 shouldFail: true,
1708 expectedError: ":WRONG_CURVE:",
1709 },
1710 {
1711 name: "BadFinished",
1712 config: Config{
1713 Bugs: ProtocolBugs{
1714 BadFinished: true,
1715 },
1716 },
1717 shouldFail: true,
1718 expectedError: ":DIGEST_CHECK_FAILED:",
1719 },
1720 {
1721 name: "FalseStart-BadFinished",
1722 config: Config{
1723 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1724 NextProtos: []string{"foo"},
1725 Bugs: ProtocolBugs{
1726 BadFinished: true,
1727 ExpectFalseStart: true,
1728 },
1729 },
1730 flags: []string{
1731 "-false-start",
1732 "-handshake-never-done",
1733 "-advertise-alpn", "\x03foo",
1734 },
1735 shimWritesFirst: true,
1736 shouldFail: true,
1737 expectedError: ":DIGEST_CHECK_FAILED:",
1738 },
1739 {
1740 name: "NoFalseStart-NoALPN",
1741 config: Config{
1742 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1743 Bugs: ProtocolBugs{
1744 ExpectFalseStart: true,
1745 AlertBeforeFalseStartTest: alertAccessDenied,
1746 },
1747 },
1748 flags: []string{
1749 "-false-start",
1750 },
1751 shimWritesFirst: true,
1752 shouldFail: true,
1753 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1754 expectedLocalError: "tls: peer did not false start: EOF",
1755 },
1756 {
1757 name: "NoFalseStart-NoAEAD",
1758 config: Config{
1759 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
1760 NextProtos: []string{"foo"},
1761 Bugs: ProtocolBugs{
1762 ExpectFalseStart: true,
1763 AlertBeforeFalseStartTest: alertAccessDenied,
1764 },
1765 },
1766 flags: []string{
1767 "-false-start",
1768 "-advertise-alpn", "\x03foo",
1769 },
1770 shimWritesFirst: true,
1771 shouldFail: true,
1772 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1773 expectedLocalError: "tls: peer did not false start: EOF",
1774 },
1775 {
1776 name: "NoFalseStart-RSA",
1777 config: Config{
1778 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
1779 NextProtos: []string{"foo"},
1780 Bugs: ProtocolBugs{
1781 ExpectFalseStart: true,
1782 AlertBeforeFalseStartTest: alertAccessDenied,
1783 },
1784 },
1785 flags: []string{
1786 "-false-start",
1787 "-advertise-alpn", "\x03foo",
1788 },
1789 shimWritesFirst: true,
1790 shouldFail: true,
1791 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1792 expectedLocalError: "tls: peer did not false start: EOF",
1793 },
1794 {
1795 name: "NoFalseStart-DHE_RSA",
1796 config: Config{
1797 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
1798 NextProtos: []string{"foo"},
1799 Bugs: ProtocolBugs{
1800 ExpectFalseStart: true,
1801 AlertBeforeFalseStartTest: alertAccessDenied,
1802 },
1803 },
1804 flags: []string{
1805 "-false-start",
1806 "-advertise-alpn", "\x03foo",
1807 },
1808 shimWritesFirst: true,
1809 shouldFail: true,
1810 expectedError: ":TLSV1_ALERT_ACCESS_DENIED:",
1811 expectedLocalError: "tls: peer did not false start: EOF",
1812 },
1813 {
1814 testType: serverTest,
1815 name: "NoSupportedCurves",
1816 config: Config{
1817 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
1818 Bugs: ProtocolBugs{
1819 NoSupportedCurves: true,
1820 },
1821 },
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]1822 shouldFail: true,
1823 expectedError: ":NO_SHARED_CIPHER:",
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]1824 },
1825 {
1826 testType: serverTest,
1827 name: "NoCommonCurves",
1828 config: Config{
1829 CipherSuites: []uint16{
1830 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1831 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1832 },
1833 CurvePreferences: []CurveID{CurveP224},
1834 },
1835 expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
1836 },
1837 {
1838 protocol: dtls,
1839 name: "SendSplitAlert-Sync",
1840 config: Config{
1841 Bugs: ProtocolBugs{
1842 SendSplitAlert: true,
1843 },
1844 },
1845 },
1846 {
1847 protocol: dtls,
1848 name: "SendSplitAlert-Async",
1849 config: Config{
1850 Bugs: ProtocolBugs{
1851 SendSplitAlert: true,
1852 },
1853 },
1854 flags: []string{"-async"},
1855 },
1856 {
1857 protocol: dtls,
1858 name: "PackDTLSHandshake",
1859 config: Config{
1860 Bugs: ProtocolBugs{
1861 MaxHandshakeRecordLength: 2,
1862 PackHandshakeFragments: 20,
1863 PackHandshakeRecords: 200,
1864 },
1865 },
1866 },
1867 {
1868 testType: serverTest,
1869 protocol: dtls,
1870 name: "NoRC4-DTLS",
1871 config: Config{
1872 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA},
1873 Bugs: ProtocolBugs{
1874 EnableAllCiphersInDTLS: true,
1875 },
1876 },
1877 shouldFail: true,
1878 expectedError: ":NO_SHARED_CIPHER:",
1879 },
1880 {
1881 name: "SendEmptyRecords-Pass",
1882 sendEmptyRecords: 32,
1883 },
1884 {
1885 name: "SendEmptyRecords",
1886 sendEmptyRecords: 33,
1887 shouldFail: true,
1888 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1889 },
1890 {
1891 name: "SendEmptyRecords-Async",
1892 sendEmptyRecords: 33,
1893 flags: []string{"-async"},
1894 shouldFail: true,
1895 expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
1896 },
1897 {
1898 name: "SendWarningAlerts-Pass",
1899 sendWarningAlerts: 4,
1900 },
1901 {
1902 protocol: dtls,
1903 name: "SendWarningAlerts-DTLS-Pass",
1904 sendWarningAlerts: 4,
1905 },
1906 {
1907 name: "SendWarningAlerts",
1908 sendWarningAlerts: 5,
1909 shouldFail: true,
1910 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1911 },
1912 {
1913 name: "SendWarningAlerts-Async",
1914 sendWarningAlerts: 5,
1915 flags: []string{"-async"},
1916 shouldFail: true,
1917 expectedError: ":TOO_MANY_WARNING_ALERTS:",
1918 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]1919 {
1920 name: "EmptySessionID",
1921 config: Config{
1922 SessionTicketsDisabled: true,
1923 },
1924 noSessionCache: true,
1925 flags: []string{"-expect-no-session"},
1926 },
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]1927 {
1928 name: "Unclean-Shutdown",
1929 config: Config{
1930 Bugs: ProtocolBugs{
1931 NoCloseNotify: true,
1932 ExpectCloseNotify: true,
1933 },
1934 },
1935 shimShutsDown: true,
1936 flags: []string{"-check-close-notify"},
1937 shouldFail: true,
1938 expectedError: "Unexpected SSL_shutdown result: -1 != 1",
1939 },
1940 {
1941 name: "Unclean-Shutdown-Ignored",
1942 config: Config{
1943 Bugs: ProtocolBugs{
1944 NoCloseNotify: true,
1945 },
1946 },
1947 shimShutsDown: true,
1948 },
David Benjamin4f75aaf2015-09-01 16:53:10 -0400[diff] [blame]1949 {
1950 name: "LargePlaintext",
1951 config: Config{
1952 Bugs: ProtocolBugs{
1953 SendLargeRecords: true,
1954 },
1955 },
1956 messageLen: maxPlaintext + 1,
1957 shouldFail: true,
1958 expectedError: ":DATA_LENGTH_TOO_LONG:",
1959 },
1960 {
1961 protocol: dtls,
1962 name: "LargePlaintext-DTLS",
1963 config: Config{
1964 Bugs: ProtocolBugs{
1965 SendLargeRecords: true,
1966 },
1967 },
1968 messageLen: maxPlaintext + 1,
1969 shouldFail: true,
1970 expectedError: ":DATA_LENGTH_TOO_LONG:",
1971 },
1972 {
1973 name: "LargeCiphertext",
1974 config: Config{
1975 Bugs: ProtocolBugs{
1976 SendLargeRecords: true,
1977 },
1978 },
1979 messageLen: maxPlaintext * 2,
1980 shouldFail: true,
1981 expectedError: ":ENCRYPTED_LENGTH_TOO_LONG:",
1982 },
1983 {
1984 protocol: dtls,
1985 name: "LargeCiphertext-DTLS",
1986 config: Config{
1987 Bugs: ProtocolBugs{
1988 SendLargeRecords: true,
1989 },
1990 },
1991 messageLen: maxPlaintext * 2,
1992 // Unlike the other four cases, DTLS drops records which
1993 // are invalid before authentication, so the connection
1994 // does not fail.
1995 expectMessageDropped: true,
1996 },
David Benjamindd6fed92015-10-23 17:41:12 -0400[diff] [blame]1997 {
1998 name: "SendEmptySessionTicket",
1999 config: Config{
2000 Bugs: ProtocolBugs{
2001 SendEmptySessionTicket: true,
2002 FailIfSessionOffered: true,
2003 },
2004 },
2005 flags: []string{"-expect-no-session"},
2006 resumeSession: true,
2007 expectResumeRejected: true,
2008 },
David Benjamin99fdfb92015-11-02 12:11:35 -0500[diff] [blame]2009 {
2010 name: "CheckLeafCurve",
2011 config: Config{
2012 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2013 Certificates: []Certificate{getECDSACertificate()},
2014 },
2015 flags: []string{"-p384-only"},
2016 shouldFail: true,
2017 expectedError: ":BAD_ECC_CERT:",
2018 },
David Benjamin8411b242015-11-26 12:07:28 -0500[diff] [blame]2019 {
2020 name: "BadChangeCipherSpec-1",
2021 config: Config{
2022 Bugs: ProtocolBugs{
2023 BadChangeCipherSpec: []byte{2},
2024 },
2025 },
2026 shouldFail: true,
2027 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2028 },
2029 {
2030 name: "BadChangeCipherSpec-2",
2031 config: Config{
2032 Bugs: ProtocolBugs{
2033 BadChangeCipherSpec: []byte{1, 1},
2034 },
2035 },
2036 shouldFail: true,
2037 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2038 },
2039 {
2040 protocol: dtls,
2041 name: "BadChangeCipherSpec-DTLS-1",
2042 config: Config{
2043 Bugs: ProtocolBugs{
2044 BadChangeCipherSpec: []byte{2},
2045 },
2046 },
2047 shouldFail: true,
2048 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2049 },
2050 {
2051 protocol: dtls,
2052 name: "BadChangeCipherSpec-DTLS-2",
2053 config: Config{
2054 Bugs: ProtocolBugs{
2055 BadChangeCipherSpec: []byte{1, 1},
2056 },
2057 },
2058 shouldFail: true,
2059 expectedError: ":BAD_CHANGE_CIPHER_SPEC:",
2060 },
David Benjaminef5dfd22015-12-06 13:17:07 -0500[diff] [blame]2061 {
2062 name: "BadHelloRequest-1",
2063 renegotiate: 1,
2064 config: Config{
2065 Bugs: ProtocolBugs{
2066 BadHelloRequest: []byte{typeHelloRequest, 0, 0, 1, 1},
2067 },
2068 },
2069 flags: []string{
2070 "-renegotiate-freely",
2071 "-expect-total-renegotiations", "1",
2072 },
2073 shouldFail: true,
2074 expectedError: ":BAD_HELLO_REQUEST:",
2075 },
2076 {
2077 name: "BadHelloRequest-2",
2078 renegotiate: 1,
2079 config: Config{
2080 Bugs: ProtocolBugs{
2081 BadHelloRequest: []byte{typeServerKeyExchange, 0, 0, 0},
2082 },
2083 },
2084 flags: []string{
2085 "-renegotiate-freely",
2086 "-expect-total-renegotiations", "1",
2087 },
2088 shouldFail: true,
2089 expectedError: ":BAD_HELLO_REQUEST:",
2090 },
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2091 {
2092 testType: serverTest,
2093 name: "SupportTicketsWithSessionID",
2094 config: Config{
2095 SessionTicketsDisabled: true,
2096 },
2097 resumeConfig: &Config{},
2098 resumeSession: true,
2099 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2100 }
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2101 testCases = append(testCases, basicTests...)
2102}
2103
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2104func addCipherSuiteTests() {
2105 for _, suite := range testCipherSuites {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2106 const psk = "12345"
2107 const pskIdentity = "luggage combo"
2108
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2109 var cert Certificate
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2110 var certFile string
2111 var keyFile string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2112 if hasComponent(suite.name, "ECDSA") {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2113 cert = getECDSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2114 certFile = ecdsaCertificateFile
2115 keyFile = ecdsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2116 } else {
2117 cert = getRSACertificate()
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2118 certFile = rsaCertificateFile
2119 keyFile = rsaKeyFile
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2120 }
2121
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2122 var flags []string
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2123 if hasComponent(suite.name, "PSK") {
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2124 flags = append(flags,
2125 "-psk", psk,
2126 "-psk-identity", pskIdentity)
2127 }
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]2128 if hasComponent(suite.name, "NULL") {
2129 // NULL ciphers must be explicitly enabled.
2130 flags = append(flags, "-cipher", "DEFAULT:NULL-SHA")
2131 }
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2132
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2133 for _, ver := range tlsVersions {
David Benjaminf7768e42014-08-31 02:06:47 -0400[diff] [blame]2134 if ver.version < VersionTLS12 && isTLS12Only(suite.name) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2135 continue
2136 }
2137
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2138 shouldFail := isTLSOnly(suite.name) && ver.version == VersionSSL30
2139
2140 expectedError := ""
2141 if shouldFail {
2142 expectedError = ":NO_SHARED_CIPHER:"
2143 }
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2144
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2145 testCases = append(testCases, testCase{
2146 testType: serverTest,
2147 name: ver.name + "-" + suite.name + "-server",
2148 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2149 MinVersion: ver.version,
2150 MaxVersion: ver.version,
2151 CipherSuites: []uint16{suite.id},
2152 Certificates: []Certificate{cert},
2153 PreSharedKey: []byte(psk),
2154 PreSharedKeyIdentity: pskIdentity,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2155 },
2156 certFile: certFile,
2157 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2158 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2159 resumeSession: true,
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]2160 shouldFail: shouldFail,
2161 expectedError: expectedError,
2162 })
2163
2164 if shouldFail {
2165 continue
2166 }
2167
2168 testCases = append(testCases, testCase{
2169 testType: clientTest,
2170 name: ver.name + "-" + suite.name + "-client",
2171 config: Config{
2172 MinVersion: ver.version,
2173 MaxVersion: ver.version,
2174 CipherSuites: []uint16{suite.id},
2175 Certificates: []Certificate{cert},
2176 PreSharedKey: []byte(psk),
2177 PreSharedKeyIdentity: pskIdentity,
2178 },
2179 flags: flags,
2180 resumeSession: true,
David Benjamin76d8abe2014-08-14 16:25:34 -0400[diff] [blame]2181 })
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2182
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]2183 if ver.hasDTLS && isDTLSCipher(suite.name) {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2184 testCases = append(testCases, testCase{
2185 testType: clientTest,
2186 protocol: dtls,
2187 name: "D" + ver.name + "-" + suite.name + "-client",
2188 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2189 MinVersion: ver.version,
2190 MaxVersion: ver.version,
2191 CipherSuites: []uint16{suite.id},
2192 Certificates: []Certificate{cert},
2193 PreSharedKey: []byte(psk),
2194 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2195 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2196 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2197 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2198 })
2199 testCases = append(testCases, testCase{
2200 testType: serverTest,
2201 protocol: dtls,
2202 name: "D" + ver.name + "-" + suite.name + "-server",
2203 config: Config{
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2204 MinVersion: ver.version,
2205 MaxVersion: ver.version,
2206 CipherSuites: []uint16{suite.id},
2207 Certificates: []Certificate{cert},
2208 PreSharedKey: []byte(psk),
2209 PreSharedKeyIdentity: pskIdentity,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2210 },
2211 certFile: certFile,
2212 keyFile: keyFile,
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2213 flags: flags,
David Benjaminfe8eb9a2014-11-17 03:19:02 -0500[diff] [blame]2214 resumeSession: true,
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2215 })
2216 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2217 }
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2218
2219 // Ensure both TLS and DTLS accept their maximum record sizes.
2220 testCases = append(testCases, testCase{
2221 name: suite.name + "-LargeRecord",
2222 config: Config{
2223 CipherSuites: []uint16{suite.id},
2224 Certificates: []Certificate{cert},
2225 PreSharedKey: []byte(psk),
2226 PreSharedKeyIdentity: pskIdentity,
2227 },
2228 flags: flags,
2229 messageLen: maxPlaintext,
2230 })
David Benjamin2c99d282015-09-01 10:23:00 -0400[diff] [blame]2231 if isDTLSCipher(suite.name) {
2232 testCases = append(testCases, testCase{
2233 protocol: dtls,
2234 name: suite.name + "-LargeRecord-DTLS",
2235 config: Config{
2236 CipherSuites: []uint16{suite.id},
2237 Certificates: []Certificate{cert},
2238 PreSharedKey: []byte(psk),
2239 PreSharedKeyIdentity: pskIdentity,
2240 },
2241 flags: flags,
2242 messageLen: maxPlaintext,
2243 })
2244 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2245 }
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2246
2247 testCases = append(testCases, testCase{
2248 name: "WeakDH",
2249 config: Config{
2250 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2251 Bugs: ProtocolBugs{
2252 // This is a 1023-bit prime number, generated
2253 // with:
2254 // openssl gendh 1023 | openssl asn1parse -i
2255 DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"),
2256 },
2257 },
2258 shouldFail: true,
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2259 expectedError: ":BAD_DH_P_LENGTH:",
Adam Langleya7997f12015-05-14 17:38:50 -0700[diff] [blame]2260 })
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2261
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2262 testCases = append(testCases, testCase{
2263 name: "SillyDH",
2264 config: Config{
2265 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2266 Bugs: ProtocolBugs{
2267 // This is a 4097-bit prime number, generated
2268 // with:
2269 // openssl gendh 4097 | openssl asn1parse -i
2270 DHGroupPrime: bigFromHex("01D366FA64A47419B0CD4A45918E8D8C8430F674621956A9F52B0CA592BC104C6E38D60C58F2CA66792A2B7EBDC6F8FFE75AB7D6862C261F34E96A2AEEF53AB7C21365C2E8FB0582F71EB57B1C227C0E55AE859E9904A25EFECD7B435C4D4357BD840B03649D4A1F8037D89EA4E1967DBEEF1CC17A6111C48F12E9615FFF336D3F07064CB17C0B765A012C850B9E3AA7A6984B96D8C867DDC6D0F4AB52042572244796B7ECFF681CD3B3E2E29AAECA391A775BEE94E502FB15881B0F4AC60314EA947C0C82541C3D16FD8C0E09BB7F8F786582032859D9C13187CE6C0CB6F2D3EE6C3C9727C15F14B21D3CD2E02BDB9D119959B0E03DC9E5A91E2578762300B1517D2352FC1D0BB934A4C3E1B20CE9327DB102E89A6C64A8C3148EDFC5A94913933853442FA84451B31FD21E492F92DD5488E0D871AEBFE335A4B92431DEC69591548010E76A5B365D346786E9A2D3E589867D796AA5E25211201D757560D318A87DFB27F3E625BC373DB48BF94A63161C674C3D4265CB737418441B7650EABC209CF675A439BEB3E9D1AA1B79F67198A40CEFD1C89144F7D8BAF61D6AD36F466DA546B4174A0E0CAF5BD788C8243C7C2DDDCC3DB6FC89F12F17D19FBD9B0BC76FE92891CD6BA07BEA3B66EF12D0D85E788FD58675C1B0FBD16029DCC4D34E7A1A41471BDEDF78BF591A8B4E96D88BEC8EDC093E616292BFC096E69A916E8D624B"),
2271 },
2272 },
2273 shouldFail: true,
2274 expectedError: ":DH_P_TOO_LONG:",
2275 })
2276
Adam Langleyc4f25ce2015-11-26 16:39:08 -0800[diff] [blame]2277 // This test ensures that Diffie-Hellman public values are padded with
2278 // zeros so that they're the same length as the prime. This is to avoid
2279 // hitting a bug in yaSSL.
2280 testCases = append(testCases, testCase{
2281 testType: serverTest,
2282 name: "DHPublicValuePadded",
2283 config: Config{
2284 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
2285 Bugs: ProtocolBugs{
2286 RequireDHPublicValueLen: (1025 + 7) / 8,
2287 },
2288 },
2289 flags: []string{"-use-sparse-dh-prime"},
2290 })
David Benjamincd24a392015-11-11 13:23:05 -0800[diff] [blame]2291
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]2292 // The server must be tolerant to bogus ciphers.
2293 const bogusCipher = 0x1234
2294 testCases = append(testCases, testCase{
2295 testType: serverTest,
2296 name: "UnknownCipher",
2297 config: Config{
2298 CipherSuites: []uint16{bogusCipher, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2299 },
2300 })
2301
Adam Langleycef75832015-09-03 14:51:12 -0700[diff] [blame]2302 // versionSpecificCiphersTest specifies a test for the TLS 1.0 and TLS
2303 // 1.1 specific cipher suite settings. A server is setup with the given
2304 // cipher lists and then a connection is made for each member of
2305 // expectations. The cipher suite that the server selects must match
2306 // the specified one.
2307 var versionSpecificCiphersTest = []struct {
2308 ciphersDefault, ciphersTLS10, ciphersTLS11 string
2309 // expectations is a map from TLS version to cipher suite id.
2310 expectations map[uint16]uint16
2311 }{
2312 {
2313 // Test that the null case (where no version-specific ciphers are set)
2314 // works as expected.
2315 "RC4-SHA:AES128-SHA", // default ciphers
2316 "", // no ciphers specifically for TLS ≥ 1.0
2317 "", // no ciphers specifically for TLS ≥ 1.1
2318 map[uint16]uint16{
2319 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2320 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2321 VersionTLS11: TLS_RSA_WITH_RC4_128_SHA,
2322 VersionTLS12: TLS_RSA_WITH_RC4_128_SHA,
2323 },
2324 },
2325 {
2326 // With ciphers_tls10 set, TLS 1.0, 1.1 and 1.2 should get a different
2327 // cipher.
2328 "RC4-SHA:AES128-SHA", // default
2329 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2330 "", // no ciphers specifically for TLS ≥ 1.1
2331 map[uint16]uint16{
2332 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2333 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2334 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2335 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2336 },
2337 },
2338 {
2339 // With ciphers_tls11 set, TLS 1.1 and 1.2 should get a different
2340 // cipher.
2341 "RC4-SHA:AES128-SHA", // default
2342 "", // no ciphers specifically for TLS ≥ 1.0
2343 "AES128-SHA", // these ciphers for TLS ≥ 1.1
2344 map[uint16]uint16{
2345 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2346 VersionTLS10: TLS_RSA_WITH_RC4_128_SHA,
2347 VersionTLS11: TLS_RSA_WITH_AES_128_CBC_SHA,
2348 VersionTLS12: TLS_RSA_WITH_AES_128_CBC_SHA,
2349 },
2350 },
2351 {
2352 // With both ciphers_tls10 and ciphers_tls11 set, ciphers_tls11 should
2353 // mask ciphers_tls10 for TLS 1.1 and 1.2.
2354 "RC4-SHA:AES128-SHA", // default
2355 "AES128-SHA", // these ciphers for TLS ≥ 1.0
2356 "AES256-SHA", // these ciphers for TLS ≥ 1.1
2357 map[uint16]uint16{
2358 VersionSSL30: TLS_RSA_WITH_RC4_128_SHA,
2359 VersionTLS10: TLS_RSA_WITH_AES_128_CBC_SHA,
2360 VersionTLS11: TLS_RSA_WITH_AES_256_CBC_SHA,
2361 VersionTLS12: TLS_RSA_WITH_AES_256_CBC_SHA,
2362 },
2363 },
2364 }
2365
2366 for i, test := range versionSpecificCiphersTest {
2367 for version, expectedCipherSuite := range test.expectations {
2368 flags := []string{"-cipher", test.ciphersDefault}
2369 if len(test.ciphersTLS10) > 0 {
2370 flags = append(flags, "-cipher-tls10", test.ciphersTLS10)
2371 }
2372 if len(test.ciphersTLS11) > 0 {
2373 flags = append(flags, "-cipher-tls11", test.ciphersTLS11)
2374 }
2375
2376 testCases = append(testCases, testCase{
2377 testType: serverTest,
2378 name: fmt.Sprintf("VersionSpecificCiphersTest-%d-%x", i, version),
2379 config: Config{
2380 MaxVersion: version,
2381 MinVersion: version,
2382 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA},
2383 },
2384 flags: flags,
2385 expectedCipher: expectedCipherSuite,
2386 })
2387 }
2388 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2389}
2390
2391func addBadECDSASignatureTests() {
2392 for badR := BadValue(1); badR < NumBadValues; badR++ {
2393 for badS := BadValue(1); badS < NumBadValues; badS++ {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2394 testCases = append(testCases, testCase{
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]2395 name: fmt.Sprintf("BadECDSA-%d-%d", badR, badS),
2396 config: Config{
2397 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2398 Certificates: []Certificate{getECDSACertificate()},
2399 Bugs: ProtocolBugs{
2400 BadECDSAR: badR,
2401 BadECDSAS: badS,
2402 },
2403 },
2404 shouldFail: true,
2405 expectedError: "SIGNATURE",
2406 })
2407 }
2408 }
2409}
2410
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2411func addCBCPaddingTests() {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2412 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2413 name: "MaxCBCPadding",
2414 config: Config{
2415 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2416 Bugs: ProtocolBugs{
2417 MaxPadding: true,
2418 },
2419 },
2420 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2421 })
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2422 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2423 name: "BadCBCPadding",
2424 config: Config{
2425 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2426 Bugs: ProtocolBugs{
2427 PaddingFirstByteBad: true,
2428 },
2429 },
2430 shouldFail: true,
2431 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2432 })
2433 // OpenSSL previously had an issue where the first byte of padding in
2434 // 255 bytes of padding wasn't checked.
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]2435 testCases = append(testCases, testCase{
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]2436 name: "BadCBCPadding255",
2437 config: Config{
2438 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2439 Bugs: ProtocolBugs{
2440 MaxPadding: true,
2441 PaddingFirstByteBadIf255: true,
2442 },
2443 },
2444 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size
2445 shouldFail: true,
2446 expectedError: "DECRYPTION_FAILED_OR_BAD_RECORD_MAC",
2447 })
2448}
2449
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2450func addCBCSplittingTests() {
2451 testCases = append(testCases, testCase{
2452 name: "CBCRecordSplitting",
2453 config: Config{
2454 MaxVersion: VersionTLS10,
2455 MinVersion: VersionTLS10,
2456 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2457 },
David Benjaminac8302a2015-09-01 17:18:15 -0400[diff] [blame]2458 messageLen: -1, // read until EOF
2459 resumeSession: true,
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2460 flags: []string{
2461 "-async",
2462 "-write-different-record-sizes",
2463 "-cbc-record-splitting",
2464 },
David Benjamina8e3e0e2014-08-06 22:11:10 -0400[diff] [blame]2465 })
2466 testCases = append(testCases, testCase{
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]2467 name: "CBCRecordSplittingPartialWrite",
2468 config: Config{
2469 MaxVersion: VersionTLS10,
2470 MinVersion: VersionTLS10,
2471 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
2472 },
2473 messageLen: -1, // read until EOF
2474 flags: []string{
2475 "-async",
2476 "-write-different-record-sizes",
2477 "-cbc-record-splitting",
2478 "-partial-write",
2479 },
2480 })
2481}
2482
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2483func addClientAuthTests() {
David Benjamin407a10c2014-07-16 12:58:59 -0400[diff] [blame]2484 // Add a dummy cert pool to stress certificate authority parsing.
2485 // TODO(davidben): Add tests that those values parse out correctly.
2486 certPool := x509.NewCertPool()
2487 cert, err := x509.ParseCertificate(rsaCertificate.Certificate[0])
2488 if err != nil {
2489 panic(err)
2490 }
2491 certPool.AddCert(cert)
2492
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2493 for _, ver := range tlsVersions {
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2494 testCases = append(testCases, testCase{
2495 testType: clientTest,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2496 name: ver.name + "-Client-ClientAuth-RSA",
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2497 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2498 MinVersion: ver.version,
2499 MaxVersion: ver.version,
2500 ClientAuth: RequireAnyClientCert,
2501 ClientCAs: certPool,
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2502 },
2503 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2504 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2505 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2506 },
2507 })
2508 testCases = append(testCases, testCase{
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2509 testType: serverTest,
2510 name: ver.name + "-Server-ClientAuth-RSA",
2511 config: Config{
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2512 MinVersion: ver.version,
2513 MaxVersion: ver.version,
David Benjamin67666e72014-07-12 15:47:52 -0400[diff] [blame]2514 Certificates: []Certificate{rsaCertificate},
2515 },
2516 flags: []string{"-require-any-client-certificate"},
2517 })
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2518 if ver.version != VersionSSL30 {
2519 testCases = append(testCases, testCase{
2520 testType: serverTest,
2521 name: ver.name + "-Server-ClientAuth-ECDSA",
2522 config: Config{
2523 MinVersion: ver.version,
2524 MaxVersion: ver.version,
2525 Certificates: []Certificate{ecdsaCertificate},
2526 },
2527 flags: []string{"-require-any-client-certificate"},
2528 })
2529 testCases = append(testCases, testCase{
2530 testType: clientTest,
2531 name: ver.name + "-Client-ClientAuth-ECDSA",
2532 config: Config{
2533 MinVersion: ver.version,
2534 MaxVersion: ver.version,
2535 ClientAuth: RequireAnyClientCert,
2536 ClientCAs: certPool,
2537 },
2538 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2539 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2540 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
David Benjamine098ec22014-08-27 23:13:20 -0400[diff] [blame]2541 },
2542 })
2543 }
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]2544 }
2545}
2546
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2547func addExtendedMasterSecretTests() {
2548 const expectEMSFlag = "-expect-extended-master-secret"
2549
2550 for _, with := range []bool{false, true} {
2551 prefix := "No"
2552 var flags []string
2553 if with {
2554 prefix = ""
2555 flags = []string{expectEMSFlag}
2556 }
2557
2558 for _, isClient := range []bool{false, true} {
2559 suffix := "-Server"
2560 testType := serverTest
2561 if isClient {
2562 suffix = "-Client"
2563 testType = clientTest
2564 }
2565
2566 for _, ver := range tlsVersions {
2567 test := testCase{
2568 testType: testType,
2569 name: prefix + "ExtendedMasterSecret-" + ver.name + suffix,
2570 config: Config{
2571 MinVersion: ver.version,
2572 MaxVersion: ver.version,
2573 Bugs: ProtocolBugs{
2574 NoExtendedMasterSecret: !with,
2575 RequireExtendedMasterSecret: with,
2576 },
2577 },
David Benjamin48cae082014-10-27 01:06:24 -0400[diff] [blame]2578 flags: flags,
2579 shouldFail: ver.version == VersionSSL30 && with,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2580 }
2581 if test.shouldFail {
2582 test.expectedLocalError = "extended master secret required but not supported by peer"
2583 }
2584 testCases = append(testCases, test)
2585 }
2586 }
2587 }
2588
Adam Langleyba5934b2015-06-02 10:50:35 -0700[diff] [blame]2589 for _, isClient := range []bool{false, true} {
2590 for _, supportedInFirstConnection := range []bool{false, true} {
2591 for _, supportedInResumeConnection := range []bool{false, true} {
2592 boolToWord := func(b bool) string {
2593 if b {
2594 return "Yes"
2595 }
2596 return "No"
2597 }
2598 suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-"
2599 if isClient {
2600 suffix += "Client"
2601 } else {
2602 suffix += "Server"
2603 }
2604
2605 supportedConfig := Config{
2606 Bugs: ProtocolBugs{
2607 RequireExtendedMasterSecret: true,
2608 },
2609 }
2610
2611 noSupportConfig := Config{
2612 Bugs: ProtocolBugs{
2613 NoExtendedMasterSecret: true,
2614 },
2615 }
2616
2617 test := testCase{
2618 name: "ExtendedMasterSecret-" + suffix,
2619 resumeSession: true,
2620 }
2621
2622 if !isClient {
2623 test.testType = serverTest
2624 }
2625
2626 if supportedInFirstConnection {
2627 test.config = supportedConfig
2628 } else {
2629 test.config = noSupportConfig
2630 }
2631
2632 if supportedInResumeConnection {
2633 test.resumeConfig = &supportedConfig
2634 } else {
2635 test.resumeConfig = &noSupportConfig
2636 }
2637
2638 switch suffix {
2639 case "YesToYes-Client", "YesToYes-Server":
2640 // When a session is resumed, it should
2641 // still be aware that its master
2642 // secret was generated via EMS and
2643 // thus it's safe to use tls-unique.
2644 test.flags = []string{expectEMSFlag}
2645 case "NoToYes-Server":
2646 // If an original connection did not
2647 // contain EMS, but a resumption
2648 // handshake does, then a server should
2649 // not resume the session.
2650 test.expectResumeRejected = true
2651 case "YesToNo-Server":
2652 // Resuming an EMS session without the
2653 // EMS extension should cause the
2654 // server to abort the connection.
2655 test.shouldFail = true
2656 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2657 case "NoToYes-Client":
2658 // A client should abort a connection
2659 // where the server resumed a non-EMS
2660 // session but echoed the EMS
2661 // extension.
2662 test.shouldFail = true
2663 test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:"
2664 case "YesToNo-Client":
2665 // A client should abort a connection
2666 // where the server didn't echo EMS
2667 // when the session used it.
2668 test.shouldFail = true
2669 test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:"
2670 }
2671
2672 testCases = append(testCases, test)
2673 }
2674 }
2675 }
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]2676}
2677
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]2678// Adds tests that try to cover the range of the handshake state machine, under
2679// various conditions. Some of these are redundant with other tests, but they
2680// only cover the synchronous case.
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]2681func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) {
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2682 var tests []testCase
2683
2684 // Basic handshake, with resumption. Client and server,
2685 // session ID and session ticket.
2686 tests = append(tests, testCase{
2687 name: "Basic-Client",
2688 resumeSession: true,
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2689 // Ensure session tickets are used, not session IDs.
2690 noSessionCache: true,
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2691 })
2692 tests = append(tests, testCase{
2693 name: "Basic-Client-RenewTicket",
2694 config: Config{
2695 Bugs: ProtocolBugs{
2696 RenewTicketOnResume: true,
2697 },
2698 },
David Benjaminba4594a2015-06-18 18:36:15 -0400[diff] [blame]2699 flags: []string{"-expect-ticket-renewal"},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2700 resumeSession: true,
2701 })
2702 tests = append(tests, testCase{
2703 name: "Basic-Client-NoTicket",
2704 config: Config{
2705 SessionTicketsDisabled: true,
2706 },
2707 resumeSession: true,
2708 })
2709 tests = append(tests, testCase{
2710 name: "Basic-Client-Implicit",
2711 flags: []string{"-implicit-handshake"},
2712 resumeSession: true,
2713 })
2714 tests = append(tests, testCase{
David Benjaminef1b0092015-11-21 14:05:44 -0500[diff] [blame]2715 testType: serverTest,
2716 name: "Basic-Server",
2717 config: Config{
2718 Bugs: ProtocolBugs{
2719 RequireSessionTickets: true,
2720 },
2721 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2722 resumeSession: true,
2723 })
2724 tests = append(tests, testCase{
2725 testType: serverTest,
2726 name: "Basic-Server-NoTickets",
2727 config: Config{
2728 SessionTicketsDisabled: true,
2729 },
2730 resumeSession: true,
2731 })
2732 tests = append(tests, testCase{
2733 testType: serverTest,
2734 name: "Basic-Server-Implicit",
2735 flags: []string{"-implicit-handshake"},
2736 resumeSession: true,
2737 })
2738 tests = append(tests, testCase{
2739 testType: serverTest,
2740 name: "Basic-Server-EarlyCallback",
2741 flags: []string{"-use-early-callback"},
2742 resumeSession: true,
2743 })
2744
2745 // TLS client auth.
2746 tests = append(tests, testCase{
2747 testType: clientTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2748 name: "ClientAuth-RSA-Client",
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2749 config: Config{
2750 ClientAuth: RequireAnyClientCert,
2751 },
2752 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]2753 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2754 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2755 },
2756 })
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2757 tests = append(tests, testCase{
2758 testType: clientTest,
2759 name: "ClientAuth-ECDSA-Client",
2760 config: Config{
2761 ClientAuth: RequireAnyClientCert,
2762 },
2763 flags: []string{
2764 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2765 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
2766 },
2767 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2768 if async {
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2769 // Test async keys against each key exchange.
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2770 tests = append(tests, testCase{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2771 testType: serverTest,
2772 name: "Basic-Server-RSA",
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2773 config: Config{
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2774 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2775 },
2776 flags: []string{
Adam Langley288d8d52015-06-18 16:24:31 -0700[diff] [blame]2777 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2778 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2779 },
2780 })
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2781 tests = append(tests, testCase{
2782 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2783 name: "Basic-Server-ECDHE-RSA",
2784 config: Config{
2785 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2786 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2787 flags: []string{
2788 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
2789 "-key-file", path.Join(*resourceDir, rsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2790 },
2791 })
2792 tests = append(tests, testCase{
2793 testType: serverTest,
nagendra modadugu3398dbf2015-08-07 14:07:52 -0700[diff] [blame]2794 name: "Basic-Server-ECDHE-ECDSA",
2795 config: Config{
2796 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
2797 },
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2798 flags: []string{
2799 "-cert-file", path.Join(*resourceDir, ecdsaCertificateFile),
2800 "-key-file", path.Join(*resourceDir, ecdsaKeyFile),
nagendra modadugu601448a2015-07-24 09:31:31 -0700[diff] [blame]2801 },
2802 })
David Benjaminb4d65fd2015-05-29 17:11:21 -0400[diff] [blame]2803 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2804 tests = append(tests, testCase{
2805 testType: serverTest,
2806 name: "ClientAuth-Server",
2807 config: Config{
2808 Certificates: []Certificate{rsaCertificate},
2809 },
2810 flags: []string{"-require-any-client-certificate"},
2811 })
2812
2813 // No session ticket support; server doesn't send NewSessionTicket.
2814 tests = append(tests, testCase{
2815 name: "SessionTicketsDisabled-Client",
2816 config: Config{
2817 SessionTicketsDisabled: true,
2818 },
2819 })
2820 tests = append(tests, testCase{
2821 testType: serverTest,
2822 name: "SessionTicketsDisabled-Server",
2823 config: Config{
2824 SessionTicketsDisabled: true,
2825 },
2826 })
2827
2828 // Skip ServerKeyExchange in PSK key exchange if there's no
2829 // identity hint.
2830 tests = append(tests, testCase{
2831 name: "EmptyPSKHint-Client",
2832 config: Config{
2833 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2834 PreSharedKey: []byte("secret"),
2835 },
2836 flags: []string{"-psk", "secret"},
2837 })
2838 tests = append(tests, testCase{
2839 testType: serverTest,
2840 name: "EmptyPSKHint-Server",
2841 config: Config{
2842 CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA},
2843 PreSharedKey: []byte("secret"),
2844 },
2845 flags: []string{"-psk", "secret"},
2846 })
2847
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2848 tests = append(tests, testCase{
2849 testType: clientTest,
2850 name: "OCSPStapling-Client",
2851 flags: []string{
2852 "-enable-ocsp-stapling",
2853 "-expect-ocsp-response",
2854 base64.StdEncoding.EncodeToString(testOCSPResponse),
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2855 "-verify-peer",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2856 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2857 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2858 })
2859
2860 tests = append(tests, testCase{
David Benjaminec435342015-08-21 13:44:06 -0400[diff] [blame]2861 testType: serverTest,
2862 name: "OCSPStapling-Server",
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2863 expectedOCSPResponse: testOCSPResponse,
2864 flags: []string{
2865 "-ocsp-response",
2866 base64.StdEncoding.EncodeToString(testOCSPResponse),
2867 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]2868 resumeSession: true,
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]2869 })
2870
Paul Lietar8f1c2682015-08-18 12:21:54 +0100[diff] [blame]2871 tests = append(tests, testCase{
2872 testType: clientTest,
2873 name: "CertificateVerificationSucceed",
2874 flags: []string{
2875 "-verify-peer",
2876 },
2877 })
2878
2879 tests = append(tests, testCase{
2880 testType: clientTest,
2881 name: "CertificateVerificationFail",
2882 flags: []string{
2883 "-verify-fail",
2884 "-verify-peer",
2885 },
2886 shouldFail: true,
2887 expectedError: ":CERTIFICATE_VERIFY_FAILED:",
2888 })
2889
2890 tests = append(tests, testCase{
2891 testType: clientTest,
2892 name: "CertificateVerificationSoftFail",
2893 flags: []string{
2894 "-verify-fail",
2895 "-expect-verify-result",
2896 },
2897 })
2898
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2899 if protocol == tls {
2900 tests = append(tests, testCase{
2901 name: "Renegotiate-Client",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]2902 renegotiate: 1,
2903 flags: []string{
2904 "-renegotiate-freely",
2905 "-expect-total-renegotiations", "1",
2906 },
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]2907 })
2908 // NPN on client and server; results in post-handshake message.
2909 tests = append(tests, testCase{
2910 name: "NPN-Client",
2911 config: Config{
2912 NextProtos: []string{"foo"},
2913 },
2914 flags: []string{"-select-next-proto", "foo"},
2915 expectedNextProto: "foo",
2916 expectedNextProtoType: npn,
2917 })
2918 tests = append(tests, testCase{
2919 testType: serverTest,
2920 name: "NPN-Server",
2921 config: Config{
2922 NextProtos: []string{"bar"},
2923 },
2924 flags: []string{
2925 "-advertise-npn", "\x03foo\x03bar\x03baz",
2926 "-expect-next-proto", "bar",
2927 },
2928 expectedNextProto: "bar",
2929 expectedNextProtoType: npn,
2930 })
2931
2932 // TODO(davidben): Add tests for when False Start doesn't trigger.
2933
2934 // Client does False Start and negotiates NPN.
2935 tests = append(tests, testCase{
2936 name: "FalseStart",
2937 config: Config{
2938 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2939 NextProtos: []string{"foo"},
2940 Bugs: ProtocolBugs{
2941 ExpectFalseStart: true,
2942 },
2943 },
2944 flags: []string{
2945 "-false-start",
2946 "-select-next-proto", "foo",
2947 },
2948 shimWritesFirst: true,
2949 resumeSession: true,
2950 })
2951
2952 // Client does False Start and negotiates ALPN.
2953 tests = append(tests, testCase{
2954 name: "FalseStart-ALPN",
2955 config: Config{
2956 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2957 NextProtos: []string{"foo"},
2958 Bugs: ProtocolBugs{
2959 ExpectFalseStart: true,
2960 },
2961 },
2962 flags: []string{
2963 "-false-start",
2964 "-advertise-alpn", "\x03foo",
2965 },
2966 shimWritesFirst: true,
2967 resumeSession: true,
2968 })
2969
2970 // Client does False Start but doesn't explicitly call
2971 // SSL_connect.
2972 tests = append(tests, testCase{
2973 name: "FalseStart-Implicit",
2974 config: Config{
2975 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2976 NextProtos: []string{"foo"},
2977 },
2978 flags: []string{
2979 "-implicit-handshake",
2980 "-false-start",
2981 "-advertise-alpn", "\x03foo",
2982 },
2983 })
2984
2985 // False Start without session tickets.
2986 tests = append(tests, testCase{
2987 name: "FalseStart-SessionTicketsDisabled",
2988 config: Config{
2989 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
2990 NextProtos: []string{"foo"},
2991 SessionTicketsDisabled: true,
2992 Bugs: ProtocolBugs{
2993 ExpectFalseStart: true,
2994 },
2995 },
2996 flags: []string{
2997 "-false-start",
2998 "-select-next-proto", "foo",
2999 },
3000 shimWritesFirst: true,
3001 })
3002
3003 // Server parses a V2ClientHello.
3004 tests = append(tests, testCase{
3005 testType: serverTest,
3006 name: "SendV2ClientHello",
3007 config: Config{
3008 // Choose a cipher suite that does not involve
3009 // elliptic curves, so no extensions are
3010 // involved.
3011 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3012 Bugs: ProtocolBugs{
3013 SendV2ClientHello: true,
3014 },
3015 },
3016 })
3017
3018 // Client sends a Channel ID.
3019 tests = append(tests, testCase{
3020 name: "ChannelID-Client",
3021 config: Config{
3022 RequestChannelID: true,
3023 },
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]3024 flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3025 resumeSession: true,
3026 expectChannelID: true,
3027 })
3028
3029 // Server accepts a Channel ID.
3030 tests = append(tests, testCase{
3031 testType: serverTest,
3032 name: "ChannelID-Server",
3033 config: Config{
3034 ChannelID: channelIDKey,
3035 },
3036 flags: []string{
3037 "-expect-channel-id",
3038 base64.StdEncoding.EncodeToString(channelIDBytes),
3039 },
3040 resumeSession: true,
3041 expectChannelID: true,
3042 })
David Benjamin30789da2015-08-29 22:56:45 -0400[diff] [blame]3043
3044 // Bidirectional shutdown with the runner initiating.
3045 tests = append(tests, testCase{
3046 name: "Shutdown-Runner",
3047 config: Config{
3048 Bugs: ProtocolBugs{
3049 ExpectCloseNotify: true,
3050 },
3051 },
3052 flags: []string{"-check-close-notify"},
3053 })
3054
3055 // Bidirectional shutdown with the shim initiating. The runner,
3056 // in the meantime, sends garbage before the close_notify which
3057 // the shim must ignore.
3058 tests = append(tests, testCase{
3059 name: "Shutdown-Shim",
3060 config: Config{
3061 Bugs: ProtocolBugs{
3062 ExpectCloseNotify: true,
3063 },
3064 },
3065 shimShutsDown: true,
3066 sendEmptyRecords: 1,
3067 sendWarningAlerts: 1,
3068 flags: []string{"-check-close-notify"},
3069 })
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3070 } else {
3071 tests = append(tests, testCase{
3072 name: "SkipHelloVerifyRequest",
3073 config: Config{
3074 Bugs: ProtocolBugs{
3075 SkipHelloVerifyRequest: true,
3076 },
3077 },
3078 })
3079 }
3080
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3081 for _, test := range tests {
3082 test.protocol = protocol
David Benjamin16285ea2015-11-03 15:39:45 -0500[diff] [blame]3083 if protocol == dtls {
3084 test.name += "-DTLS"
3085 }
3086 if async {
3087 test.name += "-Async"
3088 test.flags = append(test.flags, "-async")
3089 } else {
3090 test.name += "-Sync"
3091 }
3092 if splitHandshake {
3093 test.name += "-SplitHandshakeRecords"
3094 test.config.Bugs.MaxHandshakeRecordLength = 1
3095 if protocol == dtls {
3096 test.config.Bugs.MaxPacketLength = 256
3097 test.flags = append(test.flags, "-mtu", "256")
3098 }
3099 }
David Benjamin760b1dd2015-05-15 23:33:48 -0400[diff] [blame]3100 testCases = append(testCases, test)
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]3101 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]3102}
3103
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]3104func addDDoSCallbackTests() {
3105 // DDoS callback.
3106
3107 for _, resume := range []bool{false, true} {
3108 suffix := "Resume"
3109 if resume {
3110 suffix = "No" + suffix
3111 }
3112
3113 testCases = append(testCases, testCase{
3114 testType: serverTest,
3115 name: "Server-DDoS-OK-" + suffix,
3116 flags: []string{"-install-ddos-callback"},
3117 resumeSession: resume,
3118 })
3119
3120 failFlag := "-fail-ddos-callback"
3121 if resume {
3122 failFlag = "-fail-second-ddos-callback"
3123 }
3124 testCases = append(testCases, testCase{
3125 testType: serverTest,
3126 name: "Server-DDoS-Reject-" + suffix,
3127 flags: []string{"-install-ddos-callback", failFlag},
3128 resumeSession: resume,
3129 shouldFail: true,
3130 expectedError: ":CONNECTION_REJECTED:",
3131 })
3132 }
3133}
3134
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3135func addVersionNegotiationTests() {
3136 for i, shimVers := range tlsVersions {
3137 // Assemble flags to disable all newer versions on the shim.
3138 var flags []string
3139 for _, vers := range tlsVersions[i+1:] {
3140 flags = append(flags, vers.flag)
3141 }
3142
3143 for _, runnerVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3144 protocols := []protocol{tls}
3145 if runnerVers.hasDTLS && shimVers.hasDTLS {
3146 protocols = append(protocols, dtls)
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3147 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3148 for _, protocol := range protocols {
3149 expectedVersion := shimVers.version
3150 if runnerVers.version < shimVers.version {
3151 expectedVersion = runnerVers.version
3152 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3153
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3154 suffix := shimVers.name + "-" + runnerVers.name
3155 if protocol == dtls {
3156 suffix += "-DTLS"
3157 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3158
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3159 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3160
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3161 clientVers := shimVers.version
3162 if clientVers > VersionTLS10 {
3163 clientVers = VersionTLS10
3164 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3165 testCases = append(testCases, testCase{
3166 protocol: protocol,
3167 testType: clientTest,
3168 name: "VersionNegotiation-Client-" + suffix,
3169 config: Config{
3170 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3171 Bugs: ProtocolBugs{
3172 ExpectInitialRecordVersion: clientVers,
3173 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3174 },
3175 flags: flags,
3176 expectedVersion: expectedVersion,
3177 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3178 testCases = append(testCases, testCase{
3179 protocol: protocol,
3180 testType: clientTest,
3181 name: "VersionNegotiation-Client2-" + suffix,
3182 config: Config{
3183 MaxVersion: runnerVers.version,
3184 Bugs: ProtocolBugs{
3185 ExpectInitialRecordVersion: clientVers,
3186 },
3187 },
3188 flags: []string{"-max-version", shimVersFlag},
3189 expectedVersion: expectedVersion,
3190 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3191
3192 testCases = append(testCases, testCase{
3193 protocol: protocol,
3194 testType: serverTest,
3195 name: "VersionNegotiation-Server-" + suffix,
3196 config: Config{
3197 MaxVersion: runnerVers.version,
David Benjamin1e29a6b2014-12-10 02:27:24 -0500[diff] [blame]3198 Bugs: ProtocolBugs{
3199 ExpectInitialRecordVersion: expectedVersion,
3200 },
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3201 },
3202 flags: flags,
3203 expectedVersion: expectedVersion,
3204 })
David Benjamin1eb367c2014-12-12 18:17:51 -0500[diff] [blame]3205 testCases = append(testCases, testCase{
3206 protocol: protocol,
3207 testType: serverTest,
3208 name: "VersionNegotiation-Server2-" + suffix,
3209 config: Config{
3210 MaxVersion: runnerVers.version,
3211 Bugs: ProtocolBugs{
3212 ExpectInitialRecordVersion: expectedVersion,
3213 },
3214 },
3215 flags: []string{"-max-version", shimVersFlag},
3216 expectedVersion: expectedVersion,
3217 })
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3218 }
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]3219 }
3220 }
3221}
3222
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3223func addMinimumVersionTests() {
3224 for i, shimVers := range tlsVersions {
3225 // Assemble flags to disable all older versions on the shim.
3226 var flags []string
3227 for _, vers := range tlsVersions[:i] {
3228 flags = append(flags, vers.flag)
3229 }
3230
3231 for _, runnerVers := range tlsVersions {
3232 protocols := []protocol{tls}
3233 if runnerVers.hasDTLS && shimVers.hasDTLS {
3234 protocols = append(protocols, dtls)
3235 }
3236 for _, protocol := range protocols {
3237 suffix := shimVers.name + "-" + runnerVers.name
3238 if protocol == dtls {
3239 suffix += "-DTLS"
3240 }
3241 shimVersFlag := strconv.Itoa(int(versionToWire(shimVers.version, protocol == dtls)))
3242
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3243 var expectedVersion uint16
3244 var shouldFail bool
3245 var expectedError string
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3246 var expectedLocalError string
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3247 if runnerVers.version >= shimVers.version {
3248 expectedVersion = runnerVers.version
3249 } else {
3250 shouldFail = true
3251 expectedError = ":UNSUPPORTED_PROTOCOL:"
David Benjamina565d292015-12-30 16:51:32 -0500[diff] [blame]3252 expectedLocalError = "remote error: protocol version not supported"
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3253 }
3254
3255 testCases = append(testCases, testCase{
3256 protocol: protocol,
3257 testType: clientTest,
3258 name: "MinimumVersion-Client-" + suffix,
3259 config: Config{
3260 MaxVersion: runnerVers.version,
3261 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3262 flags: flags,
3263 expectedVersion: expectedVersion,
3264 shouldFail: shouldFail,
3265 expectedError: expectedError,
3266 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3267 })
3268 testCases = append(testCases, testCase{
3269 protocol: protocol,
3270 testType: clientTest,
3271 name: "MinimumVersion-Client2-" + suffix,
3272 config: Config{
3273 MaxVersion: runnerVers.version,
3274 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3275 flags: []string{"-min-version", shimVersFlag},
3276 expectedVersion: expectedVersion,
3277 shouldFail: shouldFail,
3278 expectedError: expectedError,
3279 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3280 })
3281
3282 testCases = append(testCases, testCase{
3283 protocol: protocol,
3284 testType: serverTest,
3285 name: "MinimumVersion-Server-" + suffix,
3286 config: Config{
3287 MaxVersion: runnerVers.version,
3288 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3289 flags: flags,
3290 expectedVersion: expectedVersion,
3291 shouldFail: shouldFail,
3292 expectedError: expectedError,
3293 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3294 })
3295 testCases = append(testCases, testCase{
3296 protocol: protocol,
3297 testType: serverTest,
3298 name: "MinimumVersion-Server2-" + suffix,
3299 config: Config{
3300 MaxVersion: runnerVers.version,
3301 },
David Benjamin87909c02014-12-13 01:55:01 -0500[diff] [blame]3302 flags: []string{"-min-version", shimVersFlag},
3303 expectedVersion: expectedVersion,
3304 shouldFail: shouldFail,
3305 expectedError: expectedError,
3306 expectedLocalError: expectedLocalError,
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]3307 })
3308 }
3309 }
3310 }
3311}
3312
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3313func addExtensionTests() {
3314 testCases = append(testCases, testCase{
3315 testType: clientTest,
3316 name: "DuplicateExtensionClient",
3317 config: Config{
3318 Bugs: ProtocolBugs{
3319 DuplicateExtension: true,
3320 },
3321 },
3322 shouldFail: true,
3323 expectedLocalError: "remote error: error decoding message",
3324 })
3325 testCases = append(testCases, testCase{
3326 testType: serverTest,
3327 name: "DuplicateExtensionServer",
3328 config: Config{
3329 Bugs: ProtocolBugs{
3330 DuplicateExtension: true,
3331 },
3332 },
3333 shouldFail: true,
3334 expectedLocalError: "remote error: error decoding message",
3335 })
3336 testCases = append(testCases, testCase{
3337 testType: clientTest,
3338 name: "ServerNameExtensionClient",
3339 config: Config{
3340 Bugs: ProtocolBugs{
3341 ExpectServerName: "example.com",
3342 },
3343 },
3344 flags: []string{"-host-name", "example.com"},
3345 })
3346 testCases = append(testCases, testCase{
3347 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3348 name: "ServerNameExtensionClientMismatch",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3349 config: Config{
3350 Bugs: ProtocolBugs{
3351 ExpectServerName: "mismatch.com",
3352 },
3353 },
3354 flags: []string{"-host-name", "example.com"},
3355 shouldFail: true,
3356 expectedLocalError: "tls: unexpected server name",
3357 })
3358 testCases = append(testCases, testCase{
3359 testType: clientTest,
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]3360 name: "ServerNameExtensionClientMissing",
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3361 config: Config{
3362 Bugs: ProtocolBugs{
3363 ExpectServerName: "missing.com",
3364 },
3365 },
3366 shouldFail: true,
3367 expectedLocalError: "tls: unexpected server name",
3368 })
3369 testCases = append(testCases, testCase{
3370 testType: serverTest,
3371 name: "ServerNameExtensionServer",
3372 config: Config{
3373 ServerName: "example.com",
3374 },
3375 flags: []string{"-expect-server-name", "example.com"},
3376 resumeSession: true,
3377 })
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3378 testCases = append(testCases, testCase{
3379 testType: clientTest,
3380 name: "ALPNClient",
3381 config: Config{
3382 NextProtos: []string{"foo"},
3383 },
3384 flags: []string{
3385 "-advertise-alpn", "\x03foo\x03bar\x03baz",
3386 "-expect-alpn", "foo",
3387 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3388 expectedNextProto: "foo",
3389 expectedNextProtoType: alpn,
3390 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3391 })
3392 testCases = append(testCases, testCase{
3393 testType: serverTest,
3394 name: "ALPNServer",
3395 config: Config{
3396 NextProtos: []string{"foo", "bar", "baz"},
3397 },
3398 flags: []string{
3399 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3400 "-select-alpn", "foo",
3401 },
David Benjaminfc7b0862014-09-06 13:21:53 -0400[diff] [blame]3402 expectedNextProto: "foo",
3403 expectedNextProtoType: alpn,
3404 resumeSession: true,
3405 })
3406 // Test that the server prefers ALPN over NPN.
3407 testCases = append(testCases, testCase{
3408 testType: serverTest,
3409 name: "ALPNServer-Preferred",
3410 config: Config{
3411 NextProtos: []string{"foo", "bar", "baz"},
3412 },
3413 flags: []string{
3414 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3415 "-select-alpn", "foo",
3416 "-advertise-npn", "\x03foo\x03bar\x03baz",
3417 },
3418 expectedNextProto: "foo",
3419 expectedNextProtoType: alpn,
3420 resumeSession: true,
3421 })
3422 testCases = append(testCases, testCase{
3423 testType: serverTest,
3424 name: "ALPNServer-Preferred-Swapped",
3425 config: Config{
3426 NextProtos: []string{"foo", "bar", "baz"},
3427 Bugs: ProtocolBugs{
3428 SwapNPNAndALPN: true,
3429 },
3430 },
3431 flags: []string{
3432 "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
3433 "-select-alpn", "foo",
3434 "-advertise-npn", "\x03foo\x03bar\x03baz",
3435 },
3436 expectedNextProto: "foo",
3437 expectedNextProtoType: alpn,
3438 resumeSession: true,
David Benjaminae2888f2014-09-06 12:58:58 -0400[diff] [blame]3439 })
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3440 var emptyString string
3441 testCases = append(testCases, testCase{
3442 testType: clientTest,
3443 name: "ALPNClient-EmptyProtocolName",
3444 config: Config{
3445 NextProtos: []string{""},
3446 Bugs: ProtocolBugs{
3447 // A server returning an empty ALPN protocol
3448 // should be rejected.
3449 ALPNProtocol: &emptyString,
3450 },
3451 },
3452 flags: []string{
3453 "-advertise-alpn", "\x03foo",
3454 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3455 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3456 expectedError: ":PARSE_TLSEXT:",
3457 })
3458 testCases = append(testCases, testCase{
3459 testType: serverTest,
3460 name: "ALPNServer-EmptyProtocolName",
3461 config: Config{
3462 // A ClientHello containing an empty ALPN protocol
3463 // should be rejected.
3464 NextProtos: []string{"foo", "", "baz"},
3465 },
3466 flags: []string{
3467 "-select-alpn", "foo",
3468 },
Doug Hoganecdf7f92015-07-09 18:27:28 -0700[diff] [blame]3469 shouldFail: true,
Adam Langleyefb0e162015-07-09 11:35:04 -0700[diff] [blame]3470 expectedError: ":PARSE_TLSEXT:",
3471 })
David Benjamin76c2efc2015-08-31 14:24:29 -0400[diff] [blame]3472 // Test that negotiating both NPN and ALPN is forbidden.
3473 testCases = append(testCases, testCase{
3474 name: "NegotiateALPNAndNPN",
3475 config: Config{
3476 NextProtos: []string{"foo", "bar", "baz"},
3477 Bugs: ProtocolBugs{
3478 NegotiateALPNAndNPN: true,
3479 },
3480 },
3481 flags: []string{
3482 "-advertise-alpn", "\x03foo",
3483 "-select-next-proto", "foo",
3484 },
3485 shouldFail: true,
3486 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3487 })
3488 testCases = append(testCases, testCase{
3489 name: "NegotiateALPNAndNPN-Swapped",
3490 config: Config{
3491 NextProtos: []string{"foo", "bar", "baz"},
3492 Bugs: ProtocolBugs{
3493 NegotiateALPNAndNPN: true,
3494 SwapNPNAndALPN: true,
3495 },
3496 },
3497 flags: []string{
3498 "-advertise-alpn", "\x03foo",
3499 "-select-next-proto", "foo",
3500 },
3501 shouldFail: true,
3502 expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
3503 })
David Benjamin091c4b92015-10-26 13:33:21 -0400[diff] [blame]3504 // Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
3505 testCases = append(testCases, testCase{
3506 name: "DisableNPN",
3507 config: Config{
3508 NextProtos: []string{"foo"},
3509 },
3510 flags: []string{
3511 "-select-next-proto", "foo",
3512 "-disable-npn",
3513 },
3514 expectNoNextProto: true,
3515 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3516 // Resume with a corrupt ticket.
3517 testCases = append(testCases, testCase{
3518 testType: serverTest,
3519 name: "CorruptTicket",
3520 config: Config{
3521 Bugs: ProtocolBugs{
3522 CorruptTicket: true,
3523 },
3524 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3525 resumeSession: true,
3526 expectResumeRejected: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3527 })
David Benjamind98452d2015-06-16 14:16:23 -0400[diff] [blame]3528 // Test the ticket callback, with and without renewal.
3529 testCases = append(testCases, testCase{
3530 testType: serverTest,
3531 name: "TicketCallback",
3532 resumeSession: true,
3533 flags: []string{"-use-ticket-callback"},
3534 })
3535 testCases = append(testCases, testCase{
3536 testType: serverTest,
3537 name: "TicketCallback-Renew",
3538 config: Config{
3539 Bugs: ProtocolBugs{
3540 ExpectNewTicket: true,
3541 },
3542 },
3543 flags: []string{"-use-ticket-callback", "-renew-ticket"},
3544 resumeSession: true,
3545 })
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3546 // Resume with an oversized session id.
3547 testCases = append(testCases, testCase{
3548 testType: serverTest,
3549 name: "OversizedSessionId",
3550 config: Config{
3551 Bugs: ProtocolBugs{
3552 OversizedSessionId: true,
3553 },
3554 },
3555 resumeSession: true,
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]3556 shouldFail: true,
Adam Langley38311732014-10-16 19:04:35 -0700[diff] [blame]3557 expectedError: ":DECODE_ERROR:",
3558 })
David Benjaminca6c8262014-11-15 19:06:08 -0500[diff] [blame]3559 // Basic DTLS-SRTP tests. Include fake profiles to ensure they
3560 // are ignored.
3561 testCases = append(testCases, testCase{
3562 protocol: dtls,
3563 name: "SRTP-Client",
3564 config: Config{
3565 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3566 },
3567 flags: []string{
3568 "-srtp-profiles",
3569 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3570 },
3571 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3572 })
3573 testCases = append(testCases, testCase{
3574 protocol: dtls,
3575 testType: serverTest,
3576 name: "SRTP-Server",
3577 config: Config{
3578 SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
3579 },
3580 flags: []string{
3581 "-srtp-profiles",
3582 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3583 },
3584 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3585 })
3586 // Test that the MKI is ignored.
3587 testCases = append(testCases, testCase{
3588 protocol: dtls,
3589 testType: serverTest,
3590 name: "SRTP-Server-IgnoreMKI",
3591 config: Config{
3592 SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
3593 Bugs: ProtocolBugs{
3594 SRTPMasterKeyIdentifer: "bogus",
3595 },
3596 },
3597 flags: []string{
3598 "-srtp-profiles",
3599 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3600 },
3601 expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
3602 })
3603 // Test that SRTP isn't negotiated on the server if there were
3604 // no matching profiles.
3605 testCases = append(testCases, testCase{
3606 protocol: dtls,
3607 testType: serverTest,
3608 name: "SRTP-Server-NoMatch",
3609 config: Config{
3610 SRTPProtectionProfiles: []uint16{100, 101, 102},
3611 },
3612 flags: []string{
3613 "-srtp-profiles",
3614 "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
3615 },
3616 expectedSRTPProtectionProfile: 0,
3617 })
3618 // Test that the server returning an invalid SRTP profile is
3619 // flagged as an error by the client.
3620 testCases = append(testCases, testCase{
3621 protocol: dtls,
3622 name: "SRTP-Client-NoMatch",
3623 config: Config{
3624 Bugs: ProtocolBugs{
3625 SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
3626 },
3627 },
3628 flags: []string{
3629 "-srtp-profiles",
3630 "SRTP_AES128_CM_SHA1_80",
3631 },
3632 shouldFail: true,
3633 expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
3634 })
Paul Lietaraeeff2c2015-08-12 11:47:11 +0100[diff] [blame]3635 // Test SCT list.
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3636 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3637 name: "SignedCertificateTimestampList-Client",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3638 testType: clientTest,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3639 flags: []string{
3640 "-enable-signed-cert-timestamps",
3641 "-expect-signed-cert-timestamps",
3642 base64.StdEncoding.EncodeToString(testSCTList),
3643 },
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3644 resumeSession: true,
David Benjamin61f95272014-11-25 01:55:35 -0500[diff] [blame]3645 })
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3646 testCases = append(testCases, testCase{
David Benjaminc0577622015-09-12 18:28:38 -0400[diff] [blame]3647 name: "SignedCertificateTimestampList-Server",
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3648 testType: serverTest,
3649 flags: []string{
3650 "-signed-cert-timestamps",
3651 base64.StdEncoding.EncodeToString(testSCTList),
3652 },
3653 expectedSCTList: testSCTList,
Paul Lietar62be8ac2015-09-16 10:03:30 +0100[diff] [blame]3654 resumeSession: true,
Paul Lietar4fac72e2015-09-09 13:44:55 +0100[diff] [blame]3655 })
3656 testCases = append(testCases, testCase{
Adam Langley33ad2b52015-07-20 17:43:53 -0700[diff] [blame]3657 testType: clientTest,
3658 name: "ClientHelloPadding",
3659 config: Config{
3660 Bugs: ProtocolBugs{
3661 RequireClientHelloSize: 512,
3662 },
3663 },
3664 // This hostname just needs to be long enough to push the
3665 // ClientHello into F5's danger zone between 256 and 511 bytes
3666 // long.
3667 flags: []string{"-host-name", "01234567890123456789012345678901234567890123456789012345678901234567890123456789.com"},
3668 })
David Benjaminc7ce9772015-10-09 19:32:41 -0400[diff] [blame]3669
3670 // Extensions should not function in SSL 3.0.
3671 testCases = append(testCases, testCase{
3672 testType: serverTest,
3673 name: "SSLv3Extensions-NoALPN",
3674 config: Config{
3675 MaxVersion: VersionSSL30,
3676 NextProtos: []string{"foo", "bar", "baz"},
3677 },
3678 flags: []string{
3679 "-select-alpn", "foo",
3680 },
3681 expectNoNextProto: true,
3682 })
3683
3684 // Test session tickets separately as they follow a different codepath.
3685 testCases = append(testCases, testCase{
3686 testType: serverTest,
3687 name: "SSLv3Extensions-NoTickets",
3688 config: Config{
3689 MaxVersion: VersionSSL30,
3690 Bugs: ProtocolBugs{
3691 // Historically, session tickets in SSL 3.0
3692 // failed in different ways depending on whether
3693 // the client supported renegotiation_info.
3694 NoRenegotiationInfo: true,
3695 },
3696 },
3697 resumeSession: true,
3698 })
3699 testCases = append(testCases, testCase{
3700 testType: serverTest,
3701 name: "SSLv3Extensions-NoTickets2",
3702 config: Config{
3703 MaxVersion: VersionSSL30,
3704 },
3705 resumeSession: true,
3706 })
3707
3708 // But SSL 3.0 does send and process renegotiation_info.
3709 testCases = append(testCases, testCase{
3710 testType: serverTest,
3711 name: "SSLv3Extensions-RenegotiationInfo",
3712 config: Config{
3713 MaxVersion: VersionSSL30,
3714 Bugs: ProtocolBugs{
3715 RequireRenegotiationInfo: true,
3716 },
3717 },
3718 })
3719 testCases = append(testCases, testCase{
3720 testType: serverTest,
3721 name: "SSLv3Extensions-RenegotiationInfo-SCSV",
3722 config: Config{
3723 MaxVersion: VersionSSL30,
3724 Bugs: ProtocolBugs{
3725 NoRenegotiationInfo: true,
3726 SendRenegotiationSCSV: true,
3727 RequireRenegotiationInfo: true,
3728 },
3729 },
3730 })
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]3731}
3732
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3733func addResumptionVersionTests() {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3734 for _, sessionVers := range tlsVersions {
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3735 for _, resumeVers := range tlsVersions {
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3736 protocols := []protocol{tls}
3737 if sessionVers.hasDTLS && resumeVers.hasDTLS {
3738 protocols = append(protocols, dtls)
David Benjaminbdf5e722014-11-11 00:52:15 -0500[diff] [blame]3739 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3740 for _, protocol := range protocols {
3741 suffix := "-" + sessionVers.name + "-" + resumeVers.name
3742 if protocol == dtls {
3743 suffix += "-DTLS"
3744 }
3745
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3746 if sessionVers.version == resumeVers.version {
3747 testCases = append(testCases, testCase{
3748 protocol: protocol,
3749 name: "Resume-Client" + suffix,
3750 resumeSession: true,
3751 config: Config{
3752 MaxVersion: sessionVers.version,
3753 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3754 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3755 expectedVersion: sessionVers.version,
3756 expectedResumeVersion: resumeVers.version,
3757 })
3758 } else {
3759 testCases = append(testCases, testCase{
3760 protocol: protocol,
3761 name: "Resume-Client-Mismatch" + suffix,
3762 resumeSession: true,
3763 config: Config{
3764 MaxVersion: sessionVers.version,
3765 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3766 },
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3767 expectedVersion: sessionVers.version,
3768 resumeConfig: &Config{
3769 MaxVersion: resumeVers.version,
3770 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3771 Bugs: ProtocolBugs{
3772 AllowSessionVersionMismatch: true,
3773 },
3774 },
3775 expectedResumeVersion: resumeVers.version,
3776 shouldFail: true,
3777 expectedError: ":OLD_SESSION_VERSION_NOT_RETURNED:",
3778 })
3779 }
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3780
3781 testCases = append(testCases, testCase{
3782 protocol: protocol,
3783 name: "Resume-Client-NoResume" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3784 resumeSession: true,
3785 config: Config{
3786 MaxVersion: sessionVers.version,
3787 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3788 },
3789 expectedVersion: sessionVers.version,
3790 resumeConfig: &Config{
3791 MaxVersion: resumeVers.version,
3792 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3793 },
3794 newSessionsOnResume: true,
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3795 expectResumeRejected: true,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3796 expectedResumeVersion: resumeVers.version,
3797 })
3798
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3799 testCases = append(testCases, testCase{
3800 protocol: protocol,
3801 testType: serverTest,
3802 name: "Resume-Server" + suffix,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3803 resumeSession: true,
3804 config: Config{
3805 MaxVersion: sessionVers.version,
3806 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3807 },
Adam Langleyb0eef0a2015-06-02 10:47:39 -0700[diff] [blame]3808 expectedVersion: sessionVers.version,
3809 expectResumeRejected: sessionVers.version != resumeVers.version,
David Benjamin8b8c0062014-11-23 02:47:52 -0500[diff] [blame]3810 resumeConfig: &Config{
3811 MaxVersion: resumeVers.version,
3812 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
3813 },
3814 expectedResumeVersion: resumeVers.version,
3815 })
3816 }
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3817 }
3818 }
David Benjaminece3de92015-03-16 18:02:20 -0400[diff] [blame]3819
3820 testCases = append(testCases, testCase{
3821 name: "Resume-Client-CipherMismatch",
3822 resumeSession: true,
3823 config: Config{
3824 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3825 },
3826 resumeConfig: &Config{
3827 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
3828 Bugs: ProtocolBugs{
3829 SendCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA,
3830 },
3831 },
3832 shouldFail: true,
3833 expectedError: ":OLD_SESSION_CIPHER_NOT_RETURNED:",
3834 })
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]3835}
3836
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]3837func addRenegotiationTests() {
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3838 // Servers cannot renegotiate.
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3839 testCases = append(testCases, testCase{
3840 testType: serverTest,
David Benjamin44d3eed2015-05-21 01:29:55 -0400[diff] [blame]3841 name: "Renegotiate-Server-Forbidden",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3842 renegotiate: 1,
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3843 shouldFail: true,
3844 expectedError: ":NO_RENEGOTIATION:",
3845 expectedLocalError: "remote error: no renegotiation",
3846 })
Adam Langley5021b222015-06-12 18:27:58 -0700[diff] [blame]3847 // The server shouldn't echo the renegotiation extension unless
3848 // requested by the client.
3849 testCases = append(testCases, testCase{
3850 testType: serverTest,
3851 name: "Renegotiate-Server-NoExt",
3852 config: Config{
3853 Bugs: ProtocolBugs{
3854 NoRenegotiationInfo: true,
3855 RequireRenegotiationInfo: true,
3856 },
3857 },
3858 shouldFail: true,
3859 expectedLocalError: "renegotiation extension missing",
3860 })
3861 // The renegotiation SCSV should be sufficient for the server to echo
3862 // the extension.
3863 testCases = append(testCases, testCase{
3864 testType: serverTest,
3865 name: "Renegotiate-Server-NoExt-SCSV",
3866 config: Config{
3867 Bugs: ProtocolBugs{
3868 NoRenegotiationInfo: true,
3869 SendRenegotiationSCSV: true,
3870 RequireRenegotiationInfo: true,
3871 },
3872 },
3873 })
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3874 testCases = append(testCases, testCase{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3875 name: "Renegotiate-Client",
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3876 config: Config{
3877 Bugs: ProtocolBugs{
David Benjamin4b27d9f2015-05-12 22:42:52 -0400[diff] [blame]3878 FailIfResumeOnRenego: true,
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3879 },
3880 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3881 renegotiate: 1,
3882 flags: []string{
3883 "-renegotiate-freely",
3884 "-expect-total-renegotiations", "1",
3885 },
David Benjamincdea40c2015-03-19 14:09:43 -0400[diff] [blame]3886 })
3887 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3888 name: "Renegotiate-Client-EmptyExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3889 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3890 config: Config{
3891 Bugs: ProtocolBugs{
3892 EmptyRenegotiationInfo: true,
3893 },
3894 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3895 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3896 shouldFail: true,
3897 expectedError: ":RENEGOTIATION_MISMATCH:",
3898 })
3899 testCases = append(testCases, testCase{
3900 name: "Renegotiate-Client-BadExt",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3901 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3902 config: Config{
3903 Bugs: ProtocolBugs{
3904 BadRenegotiationInfo: true,
3905 },
3906 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3907 flags: []string{"-renegotiate-freely"},
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3908 shouldFail: true,
3909 expectedError: ":RENEGOTIATION_MISMATCH:",
3910 })
3911 testCases = append(testCases, testCase{
David Benjamin3e052de2015-11-25 20:10:31 -0500[diff] [blame]3912 name: "Renegotiate-Client-Downgrade",
3913 renegotiate: 1,
3914 config: Config{
3915 Bugs: ProtocolBugs{
3916 NoRenegotiationInfoAfterInitial: true,
3917 },
3918 },
3919 flags: []string{"-renegotiate-freely"},
3920 shouldFail: true,
3921 expectedError: ":RENEGOTIATION_MISMATCH:",
3922 })
3923 testCases = append(testCases, testCase{
3924 name: "Renegotiate-Client-Upgrade",
3925 renegotiate: 1,
3926 config: Config{
3927 Bugs: ProtocolBugs{
3928 NoRenegotiationInfoInInitial: true,
3929 },
3930 },
3931 flags: []string{"-renegotiate-freely"},
3932 shouldFail: true,
3933 expectedError: ":RENEGOTIATION_MISMATCH:",
3934 })
3935 testCases = append(testCases, testCase{
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3936 name: "Renegotiate-Client-NoExt-Allowed",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3937 renegotiate: 1,
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3938 config: Config{
3939 Bugs: ProtocolBugs{
3940 NoRenegotiationInfo: true,
3941 },
3942 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3943 flags: []string{
3944 "-renegotiate-freely",
3945 "-expect-total-renegotiations", "1",
3946 },
David Benjamincff0b902015-05-15 23:09:47 -0400[diff] [blame]3947 })
3948 testCases = append(testCases, testCase{
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3949 name: "Renegotiate-Client-SwitchCiphers",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3950 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3951 config: Config{
3952 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
3953 },
3954 renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3955 flags: []string{
3956 "-renegotiate-freely",
3957 "-expect-total-renegotiations", "1",
3958 },
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3959 })
3960 testCases = append(testCases, testCase{
3961 name: "Renegotiate-Client-SwitchCiphers2",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3962 renegotiate: 1,
Adam Langleycf2d4f42014-10-28 19:06:14 -0700[diff] [blame]3963 config: Config{
3964 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3965 },
3966 renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3967 flags: []string{
3968 "-renegotiate-freely",
3969 "-expect-total-renegotiations", "1",
3970 },
David Benjaminb16346b2015-04-08 19:16:58 -0400[diff] [blame]3971 })
3972 testCases = append(testCases, testCase{
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3973 name: "Renegotiate-SameClientVersion",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3974 renegotiate: 1,
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3975 config: Config{
3976 MaxVersion: VersionTLS10,
3977 Bugs: ProtocolBugs{
3978 RequireSameRenegoClientVersion: true,
3979 },
3980 },
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3981 flags: []string{
3982 "-renegotiate-freely",
3983 "-expect-total-renegotiations", "1",
3984 },
David Benjaminc44b1df2014-11-23 12:11:01 -0500[diff] [blame]3985 })
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3986 testCases = append(testCases, testCase{
3987 name: "Renegotiate-FalseStart",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3988 renegotiate: 1,
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3989 config: Config{
3990 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
3991 NextProtos: []string{"foo"},
3992 },
3993 flags: []string{
3994 "-false-start",
3995 "-select-next-proto", "foo",
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]3996 "-renegotiate-freely",
David Benjamin324dce42015-10-12 19:49:00 -0400[diff] [blame]3997 "-expect-total-renegotiations", "1",
Adam Langleyb558c4c2015-07-08 12:16:38 -0700[diff] [blame]3998 },
3999 shimWritesFirst: true,
4000 })
David Benjamin1d5ef3b2015-10-12 19:54:18 -0400[diff] [blame]4001
4002 // Client-side renegotiation controls.
4003 testCases = append(testCases, testCase{
4004 name: "Renegotiate-Client-Forbidden-1",
4005 renegotiate: 1,
4006 shouldFail: true,
4007 expectedError: ":NO_RENEGOTIATION:",
4008 expectedLocalError: "remote error: no renegotiation",
4009 })
4010 testCases = append(testCases, testCase{
4011 name: "Renegotiate-Client-Once-1",
4012 renegotiate: 1,
4013 flags: []string{
4014 "-renegotiate-once",
4015 "-expect-total-renegotiations", "1",
4016 },
4017 })
4018 testCases = append(testCases, testCase{
4019 name: "Renegotiate-Client-Freely-1",
4020 renegotiate: 1,
4021 flags: []string{
4022 "-renegotiate-freely",
4023 "-expect-total-renegotiations", "1",
4024 },
4025 })
4026 testCases = append(testCases, testCase{
4027 name: "Renegotiate-Client-Once-2",
4028 renegotiate: 2,
4029 flags: []string{"-renegotiate-once"},
4030 shouldFail: true,
4031 expectedError: ":NO_RENEGOTIATION:",
4032 expectedLocalError: "remote error: no renegotiation",
4033 })
4034 testCases = append(testCases, testCase{
4035 name: "Renegotiate-Client-Freely-2",
4036 renegotiate: 2,
4037 flags: []string{
4038 "-renegotiate-freely",
4039 "-expect-total-renegotiations", "2",
4040 },
4041 })
Adam Langley27a0d082015-11-03 13:34:10 -0800[diff] [blame]4042 testCases = append(testCases, testCase{
4043 name: "Renegotiate-Client-NoIgnore",
4044 config: Config{
4045 Bugs: ProtocolBugs{
4046 SendHelloRequestBeforeEveryAppDataRecord: true,
4047 },
4048 },
4049 shouldFail: true,
4050 expectedError: ":NO_RENEGOTIATION:",
4051 })
4052 testCases = append(testCases, testCase{
4053 name: "Renegotiate-Client-Ignore",
4054 config: Config{
4055 Bugs: ProtocolBugs{
4056 SendHelloRequestBeforeEveryAppDataRecord: true,
4057 },
4058 },
4059 flags: []string{
4060 "-renegotiate-ignore",
4061 "-expect-total-renegotiations", "0",
4062 },
4063 })
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4064}
4065
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4066func addDTLSReplayTests() {
4067 // Test that sequence number replays are detected.
4068 testCases = append(testCases, testCase{
4069 protocol: dtls,
4070 name: "DTLS-Replay",
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4071 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4072 replayWrites: true,
4073 })
4074
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4075 // Test the incoming sequence number skipping by values larger
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4076 // than the retransmit window.
4077 testCases = append(testCases, testCase{
4078 protocol: dtls,
4079 name: "DTLS-Replay-LargeGaps",
4080 config: Config{
4081 Bugs: ProtocolBugs{
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4082 SequenceNumberMapping: func(in uint64) uint64 {
4083 return in * 127
4084 },
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4085 },
4086 },
David Benjamin8e6db492015-07-25 18:29:23 -0400[diff] [blame]4087 messageCount: 200,
4088 replayWrites: true,
4089 })
4090
4091 // Test the incoming sequence number changing non-monotonically.
4092 testCases = append(testCases, testCase{
4093 protocol: dtls,
4094 name: "DTLS-Replay-NonMonotonic",
4095 config: Config{
4096 Bugs: ProtocolBugs{
4097 SequenceNumberMapping: func(in uint64) uint64 {
4098 return in ^ 31
4099 },
4100 },
4101 },
4102 messageCount: 200,
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4103 replayWrites: true,
4104 })
4105}
4106
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4107var testHashes = []struct {
4108 name string
4109 id uint8
4110}{
4111 {"SHA1", hashSHA1},
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4112 {"SHA256", hashSHA256},
4113 {"SHA384", hashSHA384},
4114 {"SHA512", hashSHA512},
4115}
4116
4117func addSigningHashTests() {
4118 // Make sure each hash works. Include some fake hashes in the list and
4119 // ensure they're ignored.
4120 for _, hash := range testHashes {
4121 testCases = append(testCases, testCase{
4122 name: "SigningHash-ClientAuth-" + hash.name,
4123 config: Config{
4124 ClientAuth: RequireAnyClientCert,
4125 SignatureAndHashes: []signatureAndHash{
4126 {signatureRSA, 42},
4127 {signatureRSA, hash.id},
4128 {signatureRSA, 255},
4129 },
4130 },
4131 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4132 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4133 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4134 },
4135 })
4136
4137 testCases = append(testCases, testCase{
4138 testType: serverTest,
4139 name: "SigningHash-ServerKeyExchange-Sign-" + hash.name,
4140 config: Config{
4141 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4142 SignatureAndHashes: []signatureAndHash{
4143 {signatureRSA, 42},
4144 {signatureRSA, hash.id},
4145 {signatureRSA, 255},
4146 },
4147 },
4148 })
David Benjamin6e807652015-11-02 12:02:20 -0500[diff] [blame]4149
4150 testCases = append(testCases, testCase{
4151 name: "SigningHash-ServerKeyExchange-Verify-" + hash.name,
4152 config: Config{
4153 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4154 SignatureAndHashes: []signatureAndHash{
4155 {signatureRSA, 42},
4156 {signatureRSA, hash.id},
4157 {signatureRSA, 255},
4158 },
4159 },
4160 flags: []string{"-expect-server-key-exchange-hash", strconv.Itoa(int(hash.id))},
4161 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4162 }
4163
4164 // Test that hash resolution takes the signature type into account.
4165 testCases = append(testCases, testCase{
4166 name: "SigningHash-ClientAuth-SignatureType",
4167 config: Config{
4168 ClientAuth: RequireAnyClientCert,
4169 SignatureAndHashes: []signatureAndHash{
4170 {signatureECDSA, hashSHA512},
4171 {signatureRSA, hashSHA384},
4172 {signatureECDSA, hashSHA1},
4173 },
4174 },
4175 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4176 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4177 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4178 },
4179 })
4180
4181 testCases = append(testCases, testCase{
4182 testType: serverTest,
4183 name: "SigningHash-ServerKeyExchange-SignatureType",
4184 config: Config{
4185 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4186 SignatureAndHashes: []signatureAndHash{
4187 {signatureECDSA, hashSHA512},
4188 {signatureRSA, hashSHA384},
4189 {signatureECDSA, hashSHA1},
4190 },
4191 },
4192 })
4193
4194 // Test that, if the list is missing, the peer falls back to SHA-1.
4195 testCases = append(testCases, testCase{
4196 name: "SigningHash-ClientAuth-Fallback",
4197 config: Config{
4198 ClientAuth: RequireAnyClientCert,
4199 SignatureAndHashes: []signatureAndHash{
4200 {signatureRSA, hashSHA1},
4201 },
4202 Bugs: ProtocolBugs{
4203 NoSignatureAndHashes: true,
4204 },
4205 },
4206 flags: []string{
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4207 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4208 "-key-file", path.Join(*resourceDir, rsaKeyFile),
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4209 },
4210 })
4211
4212 testCases = append(testCases, testCase{
4213 testType: serverTest,
4214 name: "SigningHash-ServerKeyExchange-Fallback",
4215 config: Config{
4216 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4217 SignatureAndHashes: []signatureAndHash{
4218 {signatureRSA, hashSHA1},
4219 },
4220 Bugs: ProtocolBugs{
4221 NoSignatureAndHashes: true,
4222 },
4223 },
4224 })
David Benjamin72dc7832015-03-16 17:49:43 -0400[diff] [blame]4225
4226 // Test that hash preferences are enforced. BoringSSL defaults to
4227 // rejecting MD5 signatures.
4228 testCases = append(testCases, testCase{
4229 testType: serverTest,
4230 name: "SigningHash-ClientAuth-Enforced",
4231 config: Config{
4232 Certificates: []Certificate{rsaCertificate},
4233 SignatureAndHashes: []signatureAndHash{
4234 {signatureRSA, hashMD5},
4235 // Advertise SHA-1 so the handshake will
4236 // proceed, but the shim's preferences will be
4237 // ignored in CertificateVerify generation, so
4238 // MD5 will be chosen.
4239 {signatureRSA, hashSHA1},
4240 },
4241 Bugs: ProtocolBugs{
4242 IgnorePeerSignatureAlgorithmPreferences: true,
4243 },
4244 },
4245 flags: []string{"-require-any-client-certificate"},
4246 shouldFail: true,
4247 expectedError: ":WRONG_SIGNATURE_TYPE:",
4248 })
4249
4250 testCases = append(testCases, testCase{
4251 name: "SigningHash-ServerKeyExchange-Enforced",
4252 config: Config{
4253 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4254 SignatureAndHashes: []signatureAndHash{
4255 {signatureRSA, hashMD5},
4256 },
4257 Bugs: ProtocolBugs{
4258 IgnorePeerSignatureAlgorithmPreferences: true,
4259 },
4260 },
4261 shouldFail: true,
4262 expectedError: ":WRONG_SIGNATURE_TYPE:",
4263 })
Steven Valdez0d62f262015-09-04 12:41:04 -0400[diff] [blame]4264
4265 // Test that the agreed upon digest respects the client preferences and
4266 // the server digests.
4267 testCases = append(testCases, testCase{
4268 name: "Agree-Digest-Fallback",
4269 config: Config{
4270 ClientAuth: RequireAnyClientCert,
4271 SignatureAndHashes: []signatureAndHash{
4272 {signatureRSA, hashSHA512},
4273 {signatureRSA, hashSHA1},
4274 },
4275 },
4276 flags: []string{
4277 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4278 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4279 },
4280 digestPrefs: "SHA256",
4281 expectedClientCertSignatureHash: hashSHA1,
4282 })
4283 testCases = append(testCases, testCase{
4284 name: "Agree-Digest-SHA256",
4285 config: Config{
4286 ClientAuth: RequireAnyClientCert,
4287 SignatureAndHashes: []signatureAndHash{
4288 {signatureRSA, hashSHA1},
4289 {signatureRSA, hashSHA256},
4290 },
4291 },
4292 flags: []string{
4293 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4294 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4295 },
4296 digestPrefs: "SHA256,SHA1",
4297 expectedClientCertSignatureHash: hashSHA256,
4298 })
4299 testCases = append(testCases, testCase{
4300 name: "Agree-Digest-SHA1",
4301 config: Config{
4302 ClientAuth: RequireAnyClientCert,
4303 SignatureAndHashes: []signatureAndHash{
4304 {signatureRSA, hashSHA1},
4305 },
4306 },
4307 flags: []string{
4308 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4309 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4310 },
4311 digestPrefs: "SHA512,SHA256,SHA1",
4312 expectedClientCertSignatureHash: hashSHA1,
4313 })
4314 testCases = append(testCases, testCase{
4315 name: "Agree-Digest-Default",
4316 config: Config{
4317 ClientAuth: RequireAnyClientCert,
4318 SignatureAndHashes: []signatureAndHash{
4319 {signatureRSA, hashSHA256},
4320 {signatureECDSA, hashSHA256},
4321 {signatureRSA, hashSHA1},
4322 {signatureECDSA, hashSHA1},
4323 },
4324 },
4325 flags: []string{
4326 "-cert-file", path.Join(*resourceDir, rsaCertificateFile),
4327 "-key-file", path.Join(*resourceDir, rsaKeyFile),
4328 },
4329 expectedClientCertSignatureHash: hashSHA256,
4330 })
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4331}
4332
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4333// timeouts is the retransmit schedule for BoringSSL. It doubles and
4334// caps at 60 seconds. On the 13th timeout, it gives up.
4335var timeouts = []time.Duration{
4336 1 * time.Second,
4337 2 * time.Second,
4338 4 * time.Second,
4339 8 * time.Second,
4340 16 * time.Second,
4341 32 * time.Second,
4342 60 * time.Second,
4343 60 * time.Second,
4344 60 * time.Second,
4345 60 * time.Second,
4346 60 * time.Second,
4347 60 * time.Second,
4348 60 * time.Second,
4349}
4350
4351func addDTLSRetransmitTests() {
4352 // Test that this is indeed the timeout schedule. Stress all
4353 // four patterns of handshake.
4354 for i := 1; i < len(timeouts); i++ {
4355 number := strconv.Itoa(i)
4356 testCases = append(testCases, testCase{
4357 protocol: dtls,
4358 name: "DTLS-Retransmit-Client-" + number,
4359 config: Config{
4360 Bugs: ProtocolBugs{
4361 TimeoutSchedule: timeouts[:i],
4362 },
4363 },
4364 resumeSession: true,
4365 flags: []string{"-async"},
4366 })
4367 testCases = append(testCases, testCase{
4368 protocol: dtls,
4369 testType: serverTest,
4370 name: "DTLS-Retransmit-Server-" + number,
4371 config: Config{
4372 Bugs: ProtocolBugs{
4373 TimeoutSchedule: timeouts[:i],
4374 },
4375 },
4376 resumeSession: true,
4377 flags: []string{"-async"},
4378 })
4379 }
4380
4381 // Test that exceeding the timeout schedule hits a read
4382 // timeout.
4383 testCases = append(testCases, testCase{
4384 protocol: dtls,
4385 name: "DTLS-Retransmit-Timeout",
4386 config: Config{
4387 Bugs: ProtocolBugs{
4388 TimeoutSchedule: timeouts,
4389 },
4390 },
4391 resumeSession: true,
4392 flags: []string{"-async"},
4393 shouldFail: true,
4394 expectedError: ":READ_TIMEOUT_EXPIRED:",
4395 })
4396
4397 // Test that timeout handling has a fudge factor, due to API
4398 // problems.
4399 testCases = append(testCases, testCase{
4400 protocol: dtls,
4401 name: "DTLS-Retransmit-Fudge",
4402 config: Config{
4403 Bugs: ProtocolBugs{
4404 TimeoutSchedule: []time.Duration{
4405 timeouts[0] - 10*time.Millisecond,
4406 },
4407 },
4408 },
4409 resumeSession: true,
4410 flags: []string{"-async"},
4411 })
David Benjamin7eaab4c2015-03-02 19:01:16 -0500[diff] [blame]4412
4413 // Test that the final Finished retransmitting isn't
4414 // duplicated if the peer badly fragments everything.
4415 testCases = append(testCases, testCase{
4416 testType: serverTest,
4417 protocol: dtls,
4418 name: "DTLS-Retransmit-Fragmented",
4419 config: Config{
4420 Bugs: ProtocolBugs{
4421 TimeoutSchedule: []time.Duration{timeouts[0]},
4422 MaxHandshakeRecordLength: 2,
4423 },
4424 },
4425 flags: []string{"-async"},
4426 })
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4427}
4428
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4429func addExportKeyingMaterialTests() {
4430 for _, vers := range tlsVersions {
4431 if vers.version == VersionSSL30 {
4432 continue
4433 }
4434 testCases = append(testCases, testCase{
4435 name: "ExportKeyingMaterial-" + vers.name,
4436 config: Config{
4437 MaxVersion: vers.version,
4438 },
4439 exportKeyingMaterial: 1024,
4440 exportLabel: "label",
4441 exportContext: "context",
4442 useExportContext: true,
4443 })
4444 testCases = append(testCases, testCase{
4445 name: "ExportKeyingMaterial-NoContext-" + vers.name,
4446 config: Config{
4447 MaxVersion: vers.version,
4448 },
4449 exportKeyingMaterial: 1024,
4450 })
4451 testCases = append(testCases, testCase{
4452 name: "ExportKeyingMaterial-EmptyContext-" + vers.name,
4453 config: Config{
4454 MaxVersion: vers.version,
4455 },
4456 exportKeyingMaterial: 1024,
4457 useExportContext: true,
4458 })
4459 testCases = append(testCases, testCase{
4460 name: "ExportKeyingMaterial-Small-" + vers.name,
4461 config: Config{
4462 MaxVersion: vers.version,
4463 },
4464 exportKeyingMaterial: 1,
4465 exportLabel: "label",
4466 exportContext: "context",
4467 useExportContext: true,
4468 })
4469 }
4470 testCases = append(testCases, testCase{
4471 name: "ExportKeyingMaterial-SSL3",
4472 config: Config{
4473 MaxVersion: VersionSSL30,
4474 },
4475 exportKeyingMaterial: 1024,
4476 exportLabel: "label",
4477 exportContext: "context",
4478 useExportContext: true,
4479 shouldFail: true,
4480 expectedError: "failed to export keying material",
4481 })
4482}
4483
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4484func addTLSUniqueTests() {
4485 for _, isClient := range []bool{false, true} {
4486 for _, isResumption := range []bool{false, true} {
4487 for _, hasEMS := range []bool{false, true} {
4488 var suffix string
4489 if isResumption {
4490 suffix = "Resume-"
4491 } else {
4492 suffix = "Full-"
4493 }
4494
4495 if hasEMS {
4496 suffix += "EMS-"
4497 } else {
4498 suffix += "NoEMS-"
4499 }
4500
4501 if isClient {
4502 suffix += "Client"
4503 } else {
4504 suffix += "Server"
4505 }
4506
4507 test := testCase{
4508 name: "TLSUnique-" + suffix,
4509 testTLSUnique: true,
4510 config: Config{
4511 Bugs: ProtocolBugs{
4512 NoExtendedMasterSecret: !hasEMS,
4513 },
4514 },
4515 }
4516
4517 if isResumption {
4518 test.resumeSession = true
4519 test.resumeConfig = &Config{
4520 Bugs: ProtocolBugs{
4521 NoExtendedMasterSecret: !hasEMS,
4522 },
4523 }
4524 }
4525
4526 if isResumption && !hasEMS {
4527 test.shouldFail = true
4528 test.expectedError = "failed to get tls-unique"
4529 }
4530
4531 testCases = append(testCases, test)
4532 }
4533 }
4534 }
4535}
4536
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4537func addCustomExtensionTests() {
4538 expectedContents := "custom extension"
4539 emptyString := ""
4540
4541 for _, isClient := range []bool{false, true} {
4542 suffix := "Server"
4543 flag := "-enable-server-custom-extension"
4544 testType := serverTest
4545 if isClient {
4546 suffix = "Client"
4547 flag = "-enable-client-custom-extension"
4548 testType = clientTest
4549 }
4550
4551 testCases = append(testCases, testCase{
4552 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4553 name: "CustomExtensions-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4554 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4555 Bugs: ProtocolBugs{
4556 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4557 ExpectedCustomExtension: &expectedContents,
4558 },
4559 },
4560 flags: []string{flag},
4561 })
4562
4563 // If the parse callback fails, the handshake should also fail.
4564 testCases = append(testCases, testCase{
4565 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4566 name: "CustomExtensions-ParseError-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4567 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4568 Bugs: ProtocolBugs{
4569 CustomExtension: expectedContents + "foo",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4570 ExpectedCustomExtension: &expectedContents,
4571 },
4572 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4573 flags: []string{flag},
4574 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4575 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4576 })
4577
4578 // If the add callback fails, the handshake should also fail.
4579 testCases = append(testCases, testCase{
4580 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4581 name: "CustomExtensions-FailAdd-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4582 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4583 Bugs: ProtocolBugs{
4584 CustomExtension: expectedContents,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4585 ExpectedCustomExtension: &expectedContents,
4586 },
4587 },
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4588 flags: []string{flag, "-custom-extension-fail-add"},
4589 shouldFail: true,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4590 expectedError: ":CUSTOM_EXTENSION_ERROR:",
4591 })
4592
4593 // If the add callback returns zero, no extension should be
4594 // added.
4595 skipCustomExtension := expectedContents
4596 if isClient {
4597 // For the case where the client skips sending the
4598 // custom extension, the server must not “echo” it.
4599 skipCustomExtension = ""
4600 }
4601 testCases = append(testCases, testCase{
4602 testType: testType,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4603 name: "CustomExtensions-Skip-" + suffix,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4604 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4605 Bugs: ProtocolBugs{
4606 CustomExtension: skipCustomExtension,
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4607 ExpectedCustomExtension: &emptyString,
4608 },
4609 },
4610 flags: []string{flag, "-custom-extension-skip"},
4611 })
4612 }
4613
4614 // The custom extension add callback should not be called if the client
4615 // doesn't send the extension.
4616 testCases = append(testCases, testCase{
4617 testType: serverTest,
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4618 name: "CustomExtensions-NotCalled-Server",
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4619 config: Config{
David Benjamin399e7c92015-07-30 23:01:27 -0400[diff] [blame]4620 Bugs: ProtocolBugs{
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4621 ExpectedCustomExtension: &emptyString,
4622 },
4623 },
4624 flags: []string{"-enable-server-custom-extension", "-custom-extension-fail-add"},
4625 })
Adam Langley2deb9842015-08-07 11:15:37 -0700[diff] [blame]4626
4627 // Test an unknown extension from the server.
4628 testCases = append(testCases, testCase{
4629 testType: clientTest,
4630 name: "UnknownExtension-Client",
4631 config: Config{
4632 Bugs: ProtocolBugs{
4633 CustomExtension: expectedContents,
4634 },
4635 },
4636 shouldFail: true,
4637 expectedError: ":UNEXPECTED_EXTENSION:",
4638 })
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4639}
4640
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4641func addRSAClientKeyExchangeTests() {
4642 for bad := RSABadValue(1); bad < NumRSABadValues; bad++ {
4643 testCases = append(testCases, testCase{
4644 testType: serverTest,
4645 name: fmt.Sprintf("BadRSAClientKeyExchange-%d", bad),
4646 config: Config{
4647 // Ensure the ClientHello version and final
4648 // version are different, to detect if the
4649 // server uses the wrong one.
4650 MaxVersion: VersionTLS11,
4651 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
4652 Bugs: ProtocolBugs{
4653 BadRSAClientKeyExchange: bad,
4654 },
4655 },
4656 shouldFail: true,
4657 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
4658 })
4659 }
4660}
4661
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4662var testCurves = []struct {
4663 name string
4664 id CurveID
4665}{
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4666 {"P-256", CurveP256},
4667 {"P-384", CurveP384},
4668 {"P-521", CurveP521},
David Benjamin4298d772015-12-19 00:18:25 -0500[diff] [blame]4669 {"X25519", CurveX25519},
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4670}
4671
4672func addCurveTests() {
4673 for _, curve := range testCurves {
4674 testCases = append(testCases, testCase{
4675 name: "CurveTest-Client-" + curve.name,
4676 config: Config{
4677 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4678 CurvePreferences: []CurveID{curve.id},
4679 },
4680 flags: []string{"-enable-all-curves"},
4681 })
4682 testCases = append(testCases, testCase{
4683 testType: serverTest,
4684 name: "CurveTest-Server-" + curve.name,
4685 config: Config{
4686 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4687 CurvePreferences: []CurveID{curve.id},
4688 },
4689 flags: []string{"-enable-all-curves"},
4690 })
4691 }
David Benjamin241ae832016-01-15 03:04:54 -0500[diff] [blame]4692
4693 // The server must be tolerant to bogus curves.
4694 const bogusCurve = 0x1234
4695 testCases = append(testCases, testCase{
4696 testType: serverTest,
4697 name: "UnknownCurve",
4698 config: Config{
4699 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4700 CurvePreferences: []CurveID{bogusCurve, CurveP256},
4701 },
4702 })
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4703}
4704
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]4705func addKeyExchangeInfoTests() {
4706 testCases = append(testCases, testCase{
4707 name: "KeyExchangeInfo-RSA-Client",
4708 config: Config{
4709 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
4710 },
4711 // key.pem is a 1024-bit RSA key.
4712 flags: []string{"-expect-key-exchange-info", "1024"},
4713 })
4714 // TODO(davidben): key_exchange_info doesn't work for plain RSA on the
4715 // server. Either fix this or change the API as it's not very useful in
4716 // this case.
4717
4718 testCases = append(testCases, testCase{
4719 name: "KeyExchangeInfo-DHE-Client",
4720 config: Config{
4721 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
4722 Bugs: ProtocolBugs{
4723 // This is a 1234-bit prime number, generated
4724 // with:
4725 // openssl gendh 1234 | openssl asn1parse -i
4726 DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
4727 },
4728 },
4729 flags: []string{"-expect-key-exchange-info", "1234"},
4730 })
4731 testCases = append(testCases, testCase{
4732 testType: serverTest,
4733 name: "KeyExchangeInfo-DHE-Server",
4734 config: Config{
4735 CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
4736 },
4737 // bssl_shim as a server configures a 2048-bit DHE group.
4738 flags: []string{"-expect-key-exchange-info", "2048"},
4739 })
4740
4741 testCases = append(testCases, testCase{
4742 name: "KeyExchangeInfo-ECDHE-Client",
4743 config: Config{
4744 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4745 CurvePreferences: []CurveID{CurveX25519},
4746 },
4747 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
4748 })
4749 testCases = append(testCases, testCase{
4750 testType: serverTest,
4751 name: "KeyExchangeInfo-ECDHE-Server",
4752 config: Config{
4753 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
4754 CurvePreferences: []CurveID{CurveX25519},
4755 },
4756 flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
4757 })
4758}
4759
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4760func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4761 defer wg.Done()
4762
4763 for test := range c {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4764 var err error
4765
4766 if *mallocTest < 0 {
4767 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4768 err = runTest(test, shimPath, -1)
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4769 } else {
4770 for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ {
4771 statusChan <- statusMsg{test: test, started: true}
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4772 if err = runTest(test, shimPath, mallocNumToFail); err != errMoreMallocs {
Adam Langley69a01602014-11-17 17:26:55 -0800[diff] [blame]4773 if err != nil {
4774 fmt.Printf("\n\nmalloc test failed at %d: %s\n", mallocNumToFail, err)
4775 }
4776 break
4777 }
4778 }
4779 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4780 statusChan <- statusMsg{test: test, err: err}
4781 }
4782}
4783
4784type statusMsg struct {
4785 test *testCase
4786 started bool
4787 err error
4788}
4789
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4790func statusPrinter(doneChan chan *testOutput, statusChan chan statusMsg, total int) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4791 var started, done, failed, lineLen int
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4792
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4793 testOutput := newTestOutput()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4794 for msg := range statusChan {
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4795 if !*pipe {
4796 // Erase the previous status line.
David Benjamin87c8a642015-02-21 01:54:29 -0500[diff] [blame]4797 var erase string
4798 for i := 0; i < lineLen; i++ {
4799 erase += "\b \b"
4800 }
4801 fmt.Print(erase)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4802 }
4803
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4804 if msg.started {
4805 started++
4806 } else {
4807 done++
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4808
4809 if msg.err != nil {
4810 fmt.Printf("FAILED (%s)\n%s\n", msg.test.name, msg.err)
4811 failed++
4812 testOutput.addResult(msg.test.name, "FAIL")
4813 } else {
4814 if *pipe {
4815 // Print each test instead of a status line.
4816 fmt.Printf("PASSED (%s)\n", msg.test.name)
4817 }
4818 testOutput.addResult(msg.test.name, "PASS")
4819 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4820 }
4821
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4822 if !*pipe {
4823 // Print a new status line.
4824 line := fmt.Sprintf("%d/%d/%d/%d", failed, done, started, total)
4825 lineLen = len(line)
4826 os.Stdout.WriteString(line)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4827 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4828 }
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4829
4830 doneChan <- testOutput
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4831}
4832
4833func main() {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4834 flag.Parse()
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4835 *resourceDir = path.Clean(*resourceDir)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4836
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4837 addBasicTests()
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4838 addCipherSuiteTests()
4839 addBadECDSASignatureTests()
Adam Langley80842bd2014-06-20 12:00:00 -0700[diff] [blame]4840 addCBCPaddingTests()
Kenny Root7fdeaf12014-08-05 15:23:37 -0700[diff] [blame]4841 addCBCSplittingTests()
David Benjamin636293b2014-07-08 17:59:18 -0400[diff] [blame]4842 addClientAuthTests()
Adam Langley524e7172015-02-20 16:04:00 -0800[diff] [blame]4843 addDDoSCallbackTests()
David Benjamin7e2e6cf2014-08-07 17:44:24 -0400[diff] [blame]4844 addVersionNegotiationTests()
David Benjaminaccb4542014-12-12 23:44:33 -0500[diff] [blame]4845 addMinimumVersionTests()
David Benjamine78bfde2014-09-06 12:45:15 -0400[diff] [blame]4846 addExtensionTests()
David Benjamin01fe8202014-09-24 15:21:44 -0400[diff] [blame]4847 addResumptionVersionTests()
Adam Langley75712922014-10-10 16:23:43 -0700[diff] [blame]4848 addExtendedMasterSecretTests()
Adam Langley2ae77d22014-10-28 17:29:33 -0700[diff] [blame]4849 addRenegotiationTests()
David Benjamin5e961c12014-11-07 01:48:35 -0500[diff] [blame]4850 addDTLSReplayTests()
David Benjamin000800a2014-11-14 01:43:59 -0500[diff] [blame]4851 addSigningHashTests()
David Benjamin83f90402015-01-27 01:09:43 -0500[diff] [blame]4852 addDTLSRetransmitTests()
David Benjaminc565ebb2015-04-03 04:06:36 -0400[diff] [blame]4853 addExportKeyingMaterialTests()
Adam Langleyaf0e32c2015-06-03 09:57:23 -0700[diff] [blame]4854 addTLSUniqueTests()
Adam Langley09505632015-07-30 18:10:13 -0700[diff] [blame]4855 addCustomExtensionTests()
David Benjaminb36a3952015-12-01 18:53:13 -0500[diff] [blame]4856 addRSAClientKeyExchangeTests()
David Benjamin8c2b3bf2015-12-18 20:55:44 -0500[diff] [blame]4857 addCurveTests()
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]4858 addKeyExchangeInfoTests()
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4859 for _, async := range []bool{false, true} {
4860 for _, splitHandshake := range []bool{false, true} {
David Benjamin6fd297b2014-08-11 18:43:38 -0400[diff] [blame]4861 for _, protocol := range []protocol{tls, dtls} {
4862 addStateMachineCoverageTests(async, splitHandshake, protocol)
4863 }
David Benjamin43ec06f2014-08-05 02:28:57 -0400[diff] [blame]4864 }
4865 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4866
4867 var wg sync.WaitGroup
4868
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4869 statusChan := make(chan statusMsg, *numWorkers)
4870 testChan := make(chan *testCase, *numWorkers)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4871 doneChan := make(chan *testOutput)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4872
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4873 go statusPrinter(doneChan, statusChan, len(testCases))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4874
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4875 for i := 0; i < *numWorkers; i++ {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4876 wg.Add(1)
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4877 go worker(statusChan, testChan, *shimPath, &wg)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4878 }
4879
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4880 for i := range testCases {
Adam Langley7c803a62015-06-15 15:35:05 -0700[diff] [blame]4881 if len(*testToRun) == 0 || *testToRun == testCases[i].name {
David Benjamin025b3d32014-07-01 19:53:04 -0400[diff] [blame]4882 testChan <- &testCases[i]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4883 }
4884 }
4885
4886 close(testChan)
4887 wg.Wait()
4888 close(statusChan)
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4889 testOutput := <-doneChan
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4890
4891 fmt.Printf("\n")
David Benjamin5f237bc2015-02-11 17:14:15 -0500[diff] [blame]4892
4893 if *jsonOutput != "" {
4894 if err := testOutput.writeTo(*jsonOutput); err != nil {
4895 fmt.Fprintf(os.Stderr, "Error: %s\n", err)
4896 }
4897 }
David Benjamin2ab7a862015-04-04 17:02:18 -0400[diff] [blame]4898
4899 if !testOutput.allPassed {
4900 os.Exit(1)
4901 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4902}