|
|
aed691 |
diff --git a/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/external_tests/ssl_gtest/ssl_loopback_unittest.cc
|
|
|
aed691 |
--- a/external_tests/ssl_gtest/ssl_loopback_unittest.cc
|
|
|
aed691 |
+++ b/external_tests/ssl_gtest/ssl_loopback_unittest.cc
|
|
|
aed691 |
@@ -516,134 +516,16 @@ TEST_P(TlsConnectStream, ShortRead) {
|
|
|
aed691 |
// Read the first tranche.
|
|
|
aed691 |
WAIT_(client_->received_bytes() == 1024, 2000);
|
|
|
aed691 |
ASSERT_EQ(1024U, client_->received_bytes());
|
|
|
aed691 |
// The second tranche should now immediately be available.
|
|
|
aed691 |
client_->ReadBytes();
|
|
|
aed691 |
ASSERT_EQ(1200U, client_->received_bytes());
|
|
|
aed691 |
}
|
|
|
aed691 |
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecret) {
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
- ResetRsa();
|
|
|
aed691 |
- ExpectResumption(RESUME_SESSIONID);
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretStaticRSA) {
|
|
|
aed691 |
- DisableDheAndEcdheCiphers();
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-// This test is stream so we can catch the bad_record_mac alert.
|
|
|
aed691 |
-TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusCKE) {
|
|
|
aed691 |
- DisableDheAndEcdheCiphers();
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- TlsInspectorReplaceHandshakeMessage* inspect =
|
|
|
aed691 |
- new TlsInspectorReplaceHandshakeMessage(kTlsHandshakeClientKeyExchange,
|
|
|
aed691 |
- DataBuffer(
|
|
|
aed691 |
- kBogusClientKeyExchange,
|
|
|
aed691 |
- sizeof(kBogusClientKeyExchange)));
|
|
|
aed691 |
- client_->SetPacketFilter(inspect);
|
|
|
aed691 |
- auto alert_recorder = new TlsAlertRecorder();
|
|
|
aed691 |
- server_->SetPacketFilter(alert_recorder);
|
|
|
aed691 |
- ConnectExpectFail();
|
|
|
aed691 |
- EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
|
|
|
aed691 |
- EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-// This test is stream so we can catch the bad_record_mac alert.
|
|
|
aed691 |
-TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionDetect) {
|
|
|
aed691 |
- DisableDheAndEcdheCiphers();
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(
|
|
|
aed691 |
- server_));
|
|
|
aed691 |
- auto alert_recorder = new TlsAlertRecorder();
|
|
|
aed691 |
- server_->SetPacketFilter(alert_recorder);
|
|
|
aed691 |
- ConnectExpectFail();
|
|
|
aed691 |
- EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
|
|
|
aed691 |
- EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionIgnore) {
|
|
|
aed691 |
- DisableDheAndEcdheCiphers();
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(
|
|
|
aed691 |
- server_));
|
|
|
aed691 |
- server_->DisableRollbackDetection();
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretECDHE) {
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-
|
|
|
aed691 |
- ResetRsa();
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- ExpectResumption(RESUME_SESSIONID);
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretTicket) {
|
|
|
aed691 |
- ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-
|
|
|
aed691 |
- ResetRsa();
|
|
|
aed691 |
- ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
|
|
|
aed691 |
-
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- ExpectResumption(RESUME_TICKET);
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric,
|
|
|
aed691 |
- ConnectExtendedMasterSecretClientOnly) {
|
|
|
aed691 |
- client_->EnableExtendedMasterSecret();
|
|
|
aed691 |
- ExpectExtendedMasterSecret(false);
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric,
|
|
|
aed691 |
- ConnectExtendedMasterSecretServerOnly) {
|
|
|
aed691 |
- server_->EnableExtendedMasterSecret();
|
|
|
aed691 |
- ExpectExtendedMasterSecret(false);
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric,
|
|
|
aed691 |
- ConnectExtendedMasterSecretResumeWithout) {
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-
|
|
|
aed691 |
- ResetRsa();
|
|
|
aed691 |
- server_->EnableExtendedMasterSecret();
|
|
|
aed691 |
- auto alert_recorder = new TlsAlertRecorder();
|
|
|
aed691 |
- server_->SetPacketFilter(alert_recorder);
|
|
|
aed691 |
- ConnectExpectFail();
|
|
|
aed691 |
- EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
|
|
|
aed691 |
- EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description());
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_P(TlsConnectGeneric,
|
|
|
aed691 |
- ConnectNormalResumeWithExtendedMasterSecret) {
|
|
|
aed691 |
- ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
|
|
|
aed691 |
- ExpectExtendedMasterSecret(false);
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-
|
|
|
aed691 |
- ResetRsa();
|
|
|
aed691 |
- EnableExtendedMasterSecret();
|
|
|
aed691 |
- ExpectResumption(RESUME_NONE);
|
|
|
aed691 |
- Connect();
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
INSTANTIATE_TEST_CASE_P(VariantsStream10, TlsConnectGeneric,
|
|
|
aed691 |
::testing::Combine(
|
|
|
aed691 |
TlsConnectTestBase::kTlsModesStream,
|
|
|
aed691 |
TlsConnectTestBase::kTlsV10));
|
|
|
aed691 |
INSTANTIATE_TEST_CASE_P(VariantsAll, TlsConnectGeneric,
|
|
|
aed691 |
::testing::Combine(
|
|
|
aed691 |
TlsConnectTestBase::kTlsModesAll,
|
|
|
aed691 |
TlsConnectTestBase::kTlsV11V12));
|
|
|
aed691 |
diff --git a/external_tests/ssl_gtest/ssl_prf_unittest.cc b/external_tests/ssl_gtest/ssl_prf_unittest.cc
|
|
|
aed691 |
--- a/external_tests/ssl_gtest/ssl_prf_unittest.cc
|
|
|
aed691 |
+++ b/external_tests/ssl_gtest/ssl_prf_unittest.cc
|
|
|
aed691 |
@@ -201,53 +201,9 @@ TEST_F(TlsPrfTest, ExtendedMsParamErr) {
|
|
|
aed691 |
CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
|
|
|
aed691 |
|
|
|
aed691 |
// CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
|
|
|
aed691 |
CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0);
|
|
|
aed691 |
|
|
|
aed691 |
// !CKM_TLS_PRF && seed length != hash output length
|
|
|
aed691 |
CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0);
|
|
|
aed691 |
}
|
|
|
aed691 |
-
|
|
|
aed691 |
-// Test matrix:
|
|
|
aed691 |
-//
|
|
|
aed691 |
-// DH RSA
|
|
|
aed691 |
-// TLS_PRF 1 2
|
|
|
aed691 |
-// SHA256 3 4
|
|
|
aed691 |
-TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
|
|
|
aed691 |
- Init();
|
|
|
aed691 |
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
|
|
|
aed691 |
- CKM_TLS_PRF,
|
|
|
aed691 |
- nullptr,
|
|
|
aed691 |
- kExpectedOutputEmsTlsPrf);
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
|
|
|
aed691 |
- Init();
|
|
|
aed691 |
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
|
|
|
aed691 |
- CKM_TLS_PRF,
|
|
|
aed691 |
- &pms_version_,
|
|
|
aed691 |
- kExpectedOutputEmsTlsPrf);
|
|
|
aed691 |
- EXPECT_EQ(0, pms_version_.major);
|
|
|
aed691 |
- EXPECT_EQ(1, pms_version_.minor);
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
|
|
|
aed691 |
- Init();
|
|
|
aed691 |
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
|
|
|
aed691 |
- CKM_SHA256,
|
|
|
aed691 |
- nullptr,
|
|
|
aed691 |
- kExpectedOutputEmsSha256);
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
-TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
|
|
|
aed691 |
- Init();
|
|
|
aed691 |
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
|
|
|
aed691 |
- CKM_SHA256,
|
|
|
aed691 |
- &pms_version_,
|
|
|
aed691 |
- kExpectedOutputEmsSha256);
|
|
|
aed691 |
- EXPECT_EQ(0, pms_version_.major);
|
|
|
aed691 |
- EXPECT_EQ(1, pms_version_.minor);
|
|
|
aed691 |
-}
|
|
|
aed691 |
-
|
|
|
aed691 |
} // namespace nss_test
|
|
|
aed691 |
-
|