diff options
author | Android Chromium Automerger <chromium-automerger@android> | 2014-10-30 02:15:04 +0000 |
---|---|---|
committer | Android Chromium Automerger <chromium-automerger@android> | 2014-10-30 02:15:04 +0000 |
commit | ecf09ca1bc8a217d707f2aa2d90ede43404e47d3 (patch) | |
tree | 6d02d5ea2674d24bb2066859bec5b3c8104a84ff /ssl/test/runner/runner.go | |
parent | 71eedb007c5f4cb91a666d7ea5d814c567f31deb (diff) | |
parent | 03a739d8d2cdc2560531a7446ead0f705409670a (diff) | |
download | src-ecf09ca1bc8a217d707f2aa2d90ede43404e47d3.tar.gz |
Merge third_party/boringssl/src from https://boringssl.googlesource.com/boringssl.git at 03a739d8d2cdc2560531a7446ead0f705409670a
This commit was generated by merge_from_chromium.py.
Change-Id: I52d83e7a5a0a9b94fd10dbaf5350aef57d1c1f88
Diffstat (limited to 'ssl/test/runner/runner.go')
-rw-r--r-- | ssl/test/runner/runner.go | 161 |
1 files changed, 143 insertions, 18 deletions
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index b4c2e61..1b461e2 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -22,6 +22,8 @@ import ( ) var useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind") +var useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb") +var flagDebug *bool = flag.Bool("debug", false, "Hexdump the contents of the connection") const ( rsaCertificateFile = "cert.pem" @@ -693,10 +695,11 @@ func runTest(test *testCase, buildDir string) error { var shim *exec.Cmd if *useValgrind { shim = valgrindOf(false, shim_path, flags...) + } else if *useGDB { + shim = gdbOf(shim_path, flags...) } else { shim = exec.Command(shim_path, flags...) } - // shim = gdbOf(shim_path, flags...) shim.ExtraFiles = []*os.File{shimEnd, shimEndResume} shim.Stdin = os.Stdin var stdoutBuf, stderrBuf bytes.Buffer @@ -717,8 +720,19 @@ func runTest(test *testCase, buildDir string) error { } } + var connDebug *recordingConn + if *flagDebug { + connDebug = &recordingConn{Conn: conn} + conn = connDebug + } + err := doExchange(test, &config, conn, test.messageLen, false /* not a resumption */) + + if *flagDebug { + connDebug.WriteTo(os.Stdout) + } + conn.Close() if err == nil && test.resumeSession { var resumeConfig Config @@ -814,6 +828,7 @@ var testCipherSuites = []struct { {"ECDHE-ECDSA-AES256-SHA", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, {"ECDHE-ECDSA-AES256-SHA384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384}, {"ECDHE-ECDSA-RC4-SHA", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}, + {"ECDHE-PSK-WITH-AES-128-GCM-SHA256", TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256}, {"ECDHE-RSA-AES128-GCM", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, {"ECDHE-RSA-AES128-SHA", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, {"ECDHE-RSA-AES128-SHA256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256}, @@ -821,6 +836,9 @@ var testCipherSuites = []struct { {"ECDHE-RSA-AES256-SHA", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, {"ECDHE-RSA-AES256-SHA384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384}, {"ECDHE-RSA-RC4-SHA", TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + {"PSK-AES128-CBC-SHA", TLS_PSK_WITH_AES_128_CBC_SHA}, + {"PSK-AES256-CBC-SHA", TLS_PSK_WITH_AES_256_CBC_SHA}, + {"PSK-RC4-SHA", TLS_PSK_WITH_RC4_128_SHA}, {"RC4-MD5", TLS_RSA_WITH_RC4_128_MD5}, {"RC4-SHA", TLS_RSA_WITH_RC4_128_SHA}, } @@ -833,6 +851,9 @@ func isTLS12Only(suiteName string) bool { func addCipherSuiteTests() { for _, suite := range testCipherSuites { + const psk = "12345" + const pskIdentity = "luggage combo" + var cert Certificate var certFile string var keyFile string @@ -846,6 +867,13 @@ func addCipherSuiteTests() { keyFile = rsaKeyFile } + var flags []string + if strings.HasPrefix(suite.name, "PSK-") || strings.Contains(suite.name, "-PSK-") { + flags = append(flags, + "-psk", psk, + "-psk-identity", pskIdentity) + } + for _, ver := range tlsVersions { if ver.version < VersionTLS12 && isTLS12Only(suite.name) { continue @@ -860,11 +888,14 @@ func addCipherSuiteTests() { testType: clientTest, name: ver.name + "-" + suite.name + "-client", config: Config{ - MinVersion: ver.version, - MaxVersion: ver.version, - CipherSuites: []uint16{suite.id}, - Certificates: []Certificate{cert}, + MinVersion: ver.version, + MaxVersion: ver.version, + CipherSuites: []uint16{suite.id}, + Certificates: []Certificate{cert}, + PreSharedKey: []byte(psk), + PreSharedKeyIdentity: pskIdentity, }, + flags: flags, resumeSession: resumeSession, }) @@ -872,13 +903,16 @@ func addCipherSuiteTests() { testType: serverTest, name: ver.name + "-" + suite.name + "-server", config: Config{ - MinVersion: ver.version, - MaxVersion: ver.version, - CipherSuites: []uint16{suite.id}, - Certificates: []Certificate{cert}, + MinVersion: ver.version, + MaxVersion: ver.version, + CipherSuites: []uint16{suite.id}, + Certificates: []Certificate{cert}, + PreSharedKey: []byte(psk), + PreSharedKeyIdentity: pskIdentity, }, certFile: certFile, keyFile: keyFile, + flags: flags, resumeSession: resumeSession, }) @@ -889,11 +923,14 @@ func addCipherSuiteTests() { protocol: dtls, name: "D" + ver.name + "-" + suite.name + "-client", config: Config{ - MinVersion: ver.version, - MaxVersion: ver.version, - CipherSuites: []uint16{suite.id}, - Certificates: []Certificate{cert}, + MinVersion: ver.version, + MaxVersion: ver.version, + CipherSuites: []uint16{suite.id}, + Certificates: []Certificate{cert}, + PreSharedKey: []byte(psk), + PreSharedKeyIdentity: pskIdentity, }, + flags: flags, resumeSession: resumeSession, }) testCases = append(testCases, testCase{ @@ -901,13 +938,16 @@ func addCipherSuiteTests() { protocol: dtls, name: "D" + ver.name + "-" + suite.name + "-server", config: Config{ - MinVersion: ver.version, - MaxVersion: ver.version, - CipherSuites: []uint16{suite.id}, - Certificates: []Certificate{cert}, + MinVersion: ver.version, + MaxVersion: ver.version, + CipherSuites: []uint16{suite.id}, + Certificates: []Certificate{cert}, + PreSharedKey: []byte(psk), + PreSharedKeyIdentity: pskIdentity, }, certFile: certFile, keyFile: keyFile, + flags: flags, resumeSession: resumeSession, }) } @@ -1070,6 +1110,62 @@ func addClientAuthTests() { } } +func addExtendedMasterSecretTests() { + const expectEMSFlag = "-expect-extended-master-secret" + + for _, with := range []bool{false, true} { + prefix := "No" + var flags []string + if with { + prefix = "" + flags = []string{expectEMSFlag} + } + + for _, isClient := range []bool{false, true} { + suffix := "-Server" + testType := serverTest + if isClient { + suffix = "-Client" + testType = clientTest + } + + for _, ver := range tlsVersions { + test := testCase{ + testType: testType, + name: prefix + "ExtendedMasterSecret-" + ver.name + suffix, + config: Config{ + MinVersion: ver.version, + MaxVersion: ver.version, + Bugs: ProtocolBugs{ + NoExtendedMasterSecret: !with, + RequireExtendedMasterSecret: with, + }, + }, + flags: flags, + shouldFail: ver.version == VersionSSL30 && with, + } + if test.shouldFail { + test.expectedLocalError = "extended master secret required but not supported by peer" + } + testCases = append(testCases, test) + } + } + } + + // When a session is resumed, it should still be aware that its master + // secret was generated via EMS and thus it's safe to use tls-unique. + testCases = append(testCases, testCase{ + name: "ExtendedMasterSecret-Resume", + config: Config{ + Bugs: ProtocolBugs{ + RequireExtendedMasterSecret: true, + }, + }, + flags: []string{expectEMSFlag}, + resumeSession: true, + }) +} + // Adds tests that try to cover the range of the handshake state machine, under // various conditions. Some of these are redundant with other tests, but they // only cover the synchronous case. @@ -1178,6 +1274,34 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) flags: flags, }) + // Skip ServerKeyExchange in PSK key exchange if there's no + // identity hint. + testCases = append(testCases, testCase{ + protocol: protocol, + name: "EmptyPSKHint-Client" + suffix, + config: Config{ + CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA}, + PreSharedKey: []byte("secret"), + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: maxHandshakeRecordLength, + }, + }, + flags: append(flags, "-psk", "secret"), + }) + testCases = append(testCases, testCase{ + protocol: protocol, + testType: serverTest, + name: "EmptyPSKHint-Server" + suffix, + config: Config{ + CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA}, + PreSharedKey: []byte("secret"), + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: maxHandshakeRecordLength, + }, + }, + flags: append(flags, "-psk", "secret"), + }) + if protocol == tls { // NPN on client and server; results in post-handshake message. testCases = append(testCases, testCase{ @@ -1568,7 +1692,7 @@ func addExtensionTests() { }, }, resumeSession: true, - shouldFail: true, + shouldFail: true, expectedError: ":DECODE_ERROR:", }) } @@ -1690,6 +1814,7 @@ func main() { addD5BugTests() addExtensionTests() addResumptionVersionTests() + addExtendedMasterSecretTests() for _, async := range []bool{false, true} { for _, splitHandshake := range []bool{false, true} { for _, protocol := range []protocol{tls, dtls} { |