diff --git a/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/external_tests/ssl_gtest/ssl_loopback_unittest.cc --- a/external_tests/ssl_gtest/ssl_loopback_unittest.cc +++ b/external_tests/ssl_gtest/ssl_loopback_unittest.cc @@ -516,134 +516,16 @@ TEST_P(TlsConnectStream, ShortRead) { // Read the first tranche. WAIT_(client_->received_bytes() == 1024, 2000); ASSERT_EQ(1024U, client_->received_bytes()); // The second tranche should now immediately be available. client_->ReadBytes(); ASSERT_EQ(1200U, client_->received_bytes()); } -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecret) { - EnableExtendedMasterSecret(); - Connect(); - ResetRsa(); - ExpectResumption(RESUME_SESSIONID); - EnableExtendedMasterSecret(); - Connect(); -} - - -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretStaticRSA) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - Connect(); -} - -// This test is stream so we can catch the bad_record_mac alert. -TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusCKE) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - TlsInspectorReplaceHandshakeMessage* inspect = - new TlsInspectorReplaceHandshakeMessage(kTlsHandshakeClientKeyExchange, - DataBuffer( - kBogusClientKeyExchange, - sizeof(kBogusClientKeyExchange))); - client_->SetPacketFilter(inspect); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description()); -} - -// This test is stream so we can catch the bad_record_mac alert. -TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionDetect) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger( - server_)); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description()); -} - -TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionIgnore) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger( - server_)); - server_->DisableRollbackDetection(); - Connect(); -} - -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretECDHE) { - EnableExtendedMasterSecret(); - Connect(); - - ResetRsa(); - EnableExtendedMasterSecret(); - ExpectResumption(RESUME_SESSIONID); - Connect(); -} - -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretTicket) { - ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); - EnableExtendedMasterSecret(); - Connect(); - - ResetRsa(); - ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); - - EnableExtendedMasterSecret(); - ExpectResumption(RESUME_TICKET); - Connect(); -} - -TEST_P(TlsConnectGeneric, - ConnectExtendedMasterSecretClientOnly) { - client_->EnableExtendedMasterSecret(); - ExpectExtendedMasterSecret(false); - Connect(); -} - -TEST_P(TlsConnectGeneric, - ConnectExtendedMasterSecretServerOnly) { - server_->EnableExtendedMasterSecret(); - ExpectExtendedMasterSecret(false); - Connect(); -} - -TEST_P(TlsConnectGeneric, - ConnectExtendedMasterSecretResumeWithout) { - EnableExtendedMasterSecret(); - Connect(); - - ResetRsa(); - server_->EnableExtendedMasterSecret(); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description()); -} - -TEST_P(TlsConnectGeneric, - ConnectNormalResumeWithExtendedMasterSecret) { - ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID); - ExpectExtendedMasterSecret(false); - Connect(); - - ResetRsa(); - EnableExtendedMasterSecret(); - ExpectResumption(RESUME_NONE); - Connect(); -} - INSTANTIATE_TEST_CASE_P(VariantsStream10, TlsConnectGeneric, ::testing::Combine( TlsConnectTestBase::kTlsModesStream, TlsConnectTestBase::kTlsV10)); INSTANTIATE_TEST_CASE_P(VariantsAll, TlsConnectGeneric, ::testing::Combine( TlsConnectTestBase::kTlsModesAll, TlsConnectTestBase::kTlsV11V12)); diff --git a/external_tests/ssl_gtest/ssl_prf_unittest.cc b/external_tests/ssl_gtest/ssl_prf_unittest.cc --- a/external_tests/ssl_gtest/ssl_prf_unittest.cc +++ b/external_tests/ssl_gtest/ssl_prf_unittest.cc @@ -201,53 +201,9 @@ TEST_F(TlsPrfTest, ExtendedMsParamErr) { CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0); // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0); // !CKM_TLS_PRF && seed length != hash output length CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0); } - -// Test matrix: -// -// DH RSA -// TLS_PRF 1 2 -// SHA256 3 4 -TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, - CKM_TLS_PRF, - nullptr, - kExpectedOutputEmsTlsPrf); -} - -TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, - CKM_TLS_PRF, - &pms_version_, - kExpectedOutputEmsTlsPrf); - EXPECT_EQ(0, pms_version_.major); - EXPECT_EQ(1, pms_version_.minor); -} - - -TEST_F(TlsPrfTest, ExtendedMsDhSha256) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, - CKM_SHA256, - nullptr, - kExpectedOutputEmsSha256); -} - -TEST_F(TlsPrfTest, ExtendedMsRsaSha256) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, - CKM_SHA256, - &pms_version_, - kExpectedOutputEmsSha256); - EXPECT_EQ(0, pms_version_.major); - EXPECT_EQ(1, pms_version_.minor); -} - } // namespace nss_test -