summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
commitfba28f19754f62b5227650143d5441fc86d4c7d7 (patch)
tree26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
parentb4154e043bfc0d2f301d88304efc896989d650bf (diff)
downloadUXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip
Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc')
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc742
1 files changed, 8 insertions, 734 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
index c059e9938..3cc3b0e62 100644
--- a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
@@ -6,7 +6,6 @@
#include "secerr.h"
#include "ssl.h"
-#include "sslexp.h"
extern "C" {
// This is not something that should make you happy.
@@ -21,13 +20,13 @@ extern "C" {
namespace nss_test {
-TEST_P(TlsConnectDatagramPre13, DropClientFirstFlightOnce) {
+TEST_P(TlsConnectDatagram, DropClientFirstFlightOnce) {
client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x1));
Connect();
SendReceive();
}
-TEST_P(TlsConnectDatagramPre13, DropServerFirstFlightOnce) {
+TEST_P(TlsConnectDatagram, DropServerFirstFlightOnce) {
server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x1));
Connect();
SendReceive();
@@ -36,760 +35,36 @@ TEST_P(TlsConnectDatagramPre13, DropServerFirstFlightOnce) {
// This drops the first transmission from both the client and server of all
// flights that they send. Note: In DTLS 1.3, the shorter handshake means that
// this will also drop some application data, so we can't call SendReceive().
-TEST_P(TlsConnectDatagramPre13, DropAllFirstTransmissions) {
+TEST_P(TlsConnectDatagram, DropAllFirstTransmissions) {
client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x15));
server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x5));
Connect();
}
// This drops the server's first flight three times.
-TEST_P(TlsConnectDatagramPre13, DropServerFirstFlightThrice) {
+TEST_P(TlsConnectDatagram, DropServerFirstFlightThrice) {
server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x7));
Connect();
}
// This drops the client's second flight once
-TEST_P(TlsConnectDatagramPre13, DropClientSecondFlightOnce) {
+TEST_P(TlsConnectDatagram, DropClientSecondFlightOnce) {
client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x2));
Connect();
}
// This drops the client's second flight three times.
-TEST_P(TlsConnectDatagramPre13, DropClientSecondFlightThrice) {
+TEST_P(TlsConnectDatagram, DropClientSecondFlightThrice) {
client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0xe));
Connect();
}
// This drops the server's second flight three times.
-TEST_P(TlsConnectDatagramPre13, DropServerSecondFlightThrice) {
+TEST_P(TlsConnectDatagram, DropServerSecondFlightThrice) {
server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0xe));
Connect();
}
-class TlsDropDatagram13 : public TlsConnectDatagram13 {
- public:
- TlsDropDatagram13()
- : client_filters_(),
- server_filters_(),
- expected_client_acks_(0),
- expected_server_acks_(1) {}
-
- void SetUp() {
- TlsConnectDatagram13::SetUp();
- ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
- SetFilters();
- }
-
- void SetFilters() {
- EnsureTlsSetup();
- client_->SetPacketFilter(client_filters_.chain_);
- client_filters_.ack_->SetAgent(client_.get());
- client_filters_.ack_->EnableDecryption();
- server_->SetPacketFilter(server_filters_.chain_);
- server_filters_.ack_->SetAgent(server_.get());
- server_filters_.ack_->EnableDecryption();
- }
-
- void HandshakeAndAck(const std::shared_ptr<TlsAgent>& agent) {
- agent->Handshake(); // Read flight.
- ShiftDtlsTimers();
- agent->Handshake(); // Generate ACK.
- }
-
- void ShrinkPostServerHelloMtu() {
- // Abuse the custom extension mechanism to modify the MTU so that the
- // Certificate message is split into two pieces.
- ASSERT_EQ(
- SECSuccess,
- SSL_InstallExtensionHooks(
- server_->ssl_fd(), 1,
- [](PRFileDesc* fd, SSLHandshakeType message, PRUint8* data,
- unsigned int* len, unsigned int maxLen, void* arg) -> PRBool {
- SSLInt_SetMTU(fd, 500); // Splits the certificate.
- return PR_FALSE;
- },
- nullptr,
- [](PRFileDesc* fd, SSLHandshakeType message, const PRUint8* data,
- unsigned int len, SSLAlertDescription* alert,
- void* arg) -> SECStatus { return SECSuccess; },
- nullptr));
- }
-
- protected:
- class DropAckChain {
- public:
- DropAckChain()
- : records_(std::make_shared<TlsRecordRecorder>()),
- ack_(std::make_shared<TlsRecordRecorder>(content_ack)),
- drop_(std::make_shared<SelectiveRecordDropFilter>(0, false)),
- chain_(std::make_shared<ChainedPacketFilter>(
- ChainedPacketFilterInit({records_, ack_, drop_}))) {}
-
- const TlsRecord& record(size_t i) const { return records_->record(i); }
-
- std::shared_ptr<TlsRecordRecorder> records_;
- std::shared_ptr<TlsRecordRecorder> ack_;
- std::shared_ptr<SelectiveRecordDropFilter> drop_;
- std::shared_ptr<PacketFilter> chain_;
- };
-
- void CheckAcks(const DropAckChain& chain, size_t index,
- std::vector<uint64_t> acks) {
- const DataBuffer& buf = chain.ack_->record(index).buffer;
- size_t offset = 0;
-
- EXPECT_EQ(acks.size() * 8, buf.len());
- if ((acks.size() * 8) != buf.len()) {
- while (offset < buf.len()) {
- uint64_t ack;
- ASSERT_TRUE(buf.Read(offset, 8, &ack));
- offset += 8;
- std::cerr << "Ack=0x" << std::hex << ack << std::dec << std::endl;
- }
- return;
- }
-
- for (size_t i = 0; i < acks.size(); ++i) {
- uint64_t a = acks[i];
- uint64_t ack;
- ASSERT_TRUE(buf.Read(offset, 8, &ack));
- offset += 8;
- if (a != ack) {
- ADD_FAILURE() << "Wrong ack " << i << " expected=0x" << std::hex << a
- << " got=0x" << ack << std::dec;
- }
- }
- }
-
- void CheckedHandshakeSendReceive() {
- Handshake();
- CheckPostHandshake();
- }
-
- void CheckPostHandshake() {
- CheckConnected();
- SendReceive();
- EXPECT_EQ(expected_client_acks_, client_filters_.ack_->count());
- EXPECT_EQ(expected_server_acks_, server_filters_.ack_->count());
- }
-
- protected:
- DropAckChain client_filters_;
- DropAckChain server_filters_;
- size_t expected_client_acks_;
- size_t expected_server_acks_;
-};
-
-// All of these tests produce a minimum one ACK, from the server
-// to the client upon receiving the client Finished.
-// Dropping complete first and second flights does not produce
-// ACKs
-TEST_F(TlsDropDatagram13, DropClientFirstFlightOnce) {
- client_filters_.drop_->Reset({0});
- StartConnect();
- client_->Handshake();
- server_->Handshake();
- CheckedHandshakeSendReceive();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-TEST_F(TlsDropDatagram13, DropServerFirstFlightOnce) {
- server_filters_.drop_->Reset(0xff);
- StartConnect();
- client_->Handshake();
- // Send the first flight, all dropped.
- server_->Handshake();
- server_filters_.drop_->Disable();
- CheckedHandshakeSendReceive();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Dropping the server's first record also does not produce
-// an ACK because the next record is ignored.
-// TODO(ekr@rtfm.com): We should generate an empty ACK.
-TEST_F(TlsDropDatagram13, DropServerFirstRecordOnce) {
- server_filters_.drop_->Reset({0});
- StartConnect();
- client_->Handshake();
- server_->Handshake();
- Handshake();
- CheckedHandshakeSendReceive();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Dropping the second packet of the server's flight should
-// produce an ACK.
-TEST_F(TlsDropDatagram13, DropServerSecondRecordOnce) {
- server_filters_.drop_->Reset({1});
- StartConnect();
- client_->Handshake();
- server_->Handshake();
- HandshakeAndAck(client_);
- expected_client_acks_ = 1;
- CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0, {0});
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Drop the server ACK and verify that the client retransmits
-// the ClientHello.
-TEST_F(TlsDropDatagram13, DropServerAckOnce) {
- StartConnect();
- client_->Handshake();
- server_->Handshake();
- // At this point the server has sent it's first flight,
- // so make it drop the ACK.
- server_filters_.drop_->Reset({0});
- client_->Handshake(); // Send the client Finished.
- server_->Handshake(); // Receive the Finished and send the ACK.
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
- // Wait for the DTLS timeout to make sure we retransmit the
- // Finished.
- ShiftDtlsTimers();
- client_->Handshake(); // Retransmit the Finished.
- server_->Handshake(); // Read the Finished and send an ACK.
- uint8_t buf[1];
- PRInt32 rv = PR_Read(client_->ssl_fd(), buf, sizeof(buf));
- expected_server_acks_ = 2;
- EXPECT_GT(0, rv);
- EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
- CheckPostHandshake();
- // There should be two copies of the finished ACK
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Drop the client certificate verify.
-TEST_F(TlsDropDatagram13, DropClientCertVerify) {
- StartConnect();
- client_->SetupClientAuth();
- server_->RequestClientAuth(true);
- client_->Handshake();
- server_->Handshake();
- // Have the client drop Cert Verify
- client_filters_.drop_->Reset({1});
- expected_server_acks_ = 2;
- CheckedHandshakeSendReceive();
- // Ack of the Cert.
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- // Ack of the whole client handshake.
- CheckAcks(
- server_filters_, 1,
- {0x0002000000000000ULL, // CH (we drop everything after this on client)
- 0x0002000000000003ULL, // CT (2)
- 0x0002000000000004ULL} // FIN (2)
- );
-}
-
-// Shrink the MTU down so that certs get split and drop the first piece.
-TEST_F(TlsDropDatagram13, DropFirstHalfOfServerCertificate) {
- server_filters_.drop_->Reset({2});
- StartConnect();
- ShrinkPostServerHelloMtu();
- client_->Handshake();
- server_->Handshake();
- // Check that things got split.
- EXPECT_EQ(6UL,
- server_filters_.records_->count()); // SH, EE, CT1, CT2, CV, FIN
- size_t ct1_size = server_filters_.record(2).buffer.len();
- server_filters_.records_->Clear();
- expected_client_acks_ = 1;
- HandshakeAndAck(client_);
- server_->Handshake(); // Retransmit
- EXPECT_EQ(3UL, server_filters_.records_->count()); // CT2, CV, FIN
- // Check that the first record is CT1 (which is identical to the same
- // as the previous CT1).
- EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len());
- CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0,
- {0, // SH
- 0x0002000000000000ULL, // EE
- 0x0002000000000002ULL} // CT2
- );
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// Shrink the MTU down so that certs get split and drop the second piece.
-TEST_F(TlsDropDatagram13, DropSecondHalfOfServerCertificate) {
- server_filters_.drop_->Reset({3});
- StartConnect();
- ShrinkPostServerHelloMtu();
- client_->Handshake();
- server_->Handshake();
- // Check that things got split.
- EXPECT_EQ(6UL,
- server_filters_.records_->count()); // SH, EE, CT1, CT2, CV, FIN
- size_t ct1_size = server_filters_.record(3).buffer.len();
- server_filters_.records_->Clear();
- expected_client_acks_ = 1;
- HandshakeAndAck(client_);
- server_->Handshake(); // Retransmit
- EXPECT_EQ(3UL, server_filters_.records_->count()); // CT1, CV, FIN
- // Check that the first record is CT1
- EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len());
- CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0,
- {
- 0, // SH
- 0x0002000000000000ULL, // EE
- 0x0002000000000001ULL, // CT1
- });
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// In this test, the Certificate message is sent four times, we drop all or part
-// of the first three attempts:
-// 1. Without fragmentation so that we can see how big it is - we drop that.
-// 2. In two pieces - we drop half AND the resulting ACK.
-// 3. In three pieces - we drop the middle piece.
-//
-// After that we let all the ACKs through and allow the handshake to complete
-// without further interference.
-//
-// This allows us to test that ranges of handshake messages are sent correctly
-// even when there are overlapping acknowledgments; that ACKs with duplicate or
-// overlapping message ranges are handled properly; and that extra
-// retransmissions are handled properly.
-class TlsFragmentationAndRecoveryTest : public TlsDropDatagram13 {
- public:
- TlsFragmentationAndRecoveryTest() : cert_len_(0) {}
-
- protected:
- void RunTest(size_t dropped_half) {
- FirstFlightDropCertificate();
-
- SecondAttemptDropHalf(dropped_half);
- size_t dropped_half_size = server_record_len(dropped_half);
- size_t second_flight_count = server_filters_.records_->count();
-
- ThirdAttemptDropMiddle();
- size_t repaired_third_size = server_record_len((dropped_half == 0) ? 0 : 2);
- size_t third_flight_count = server_filters_.records_->count();
-
- AckAndCompleteRetransmission();
- size_t final_server_flight_count = server_filters_.records_->count();
- EXPECT_LE(3U, final_server_flight_count); // CT(sixth), CV, Fin
- CheckSizeOfSixth(dropped_half_size, repaired_third_size);
-
- SendDelayedAck();
- // Same number of messages as the last flight.
- EXPECT_EQ(final_server_flight_count, server_filters_.records_->count());
- // Double check that the Certificate size is still correct.
- CheckSizeOfSixth(dropped_half_size, repaired_third_size);
-
- CompleteHandshake(final_server_flight_count);
-
- // This is the ACK for the first attempt to send a whole certificate.
- std::vector<uint64_t> client_acks = {
- 0, // SH
- 0x0002000000000000ULL // EE
- };
- CheckAcks(client_filters_, 0, client_acks);
- // And from the second attempt for the half was kept (we delayed this ACK).
- client_acks.push_back(0x0002000000000000ULL + second_flight_count +
- ~dropped_half % 2);
- CheckAcks(client_filters_, 1, client_acks);
- // And the third attempt where the first and last thirds got through.
- client_acks.push_back(0x0002000000000000ULL + second_flight_count +
- third_flight_count - 1);
- client_acks.push_back(0x0002000000000000ULL + second_flight_count +
- third_flight_count + 1);
- CheckAcks(client_filters_, 2, client_acks);
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- }
-
- private:
- void FirstFlightDropCertificate() {
- StartConnect();
- client_->Handshake();
-
- // Note: 1 << N is the Nth packet, starting from zero.
- server_filters_.drop_->Reset(1 << 2); // Drop Cert0.
- server_->Handshake();
- EXPECT_EQ(5U, server_filters_.records_->count()); // SH, EE, CT, CV, Fin
- cert_len_ = server_filters_.records_->record(2).buffer.len();
-
- HandshakeAndAck(client_);
- EXPECT_EQ(2U, client_filters_.records_->count());
- }
-
- // Lower the MTU so that the server has to split the certificate in two
- // pieces. The server resends Certificate (in two), plus CV and Fin.
- void SecondAttemptDropHalf(size_t dropped_half) {
- ASSERT_LE(0U, dropped_half);
- ASSERT_GT(2U, dropped_half);
- server_filters_.records_->Clear();
- server_filters_.drop_->Reset({dropped_half}); // Drop Cert1[half]
- SplitServerMtu(2);
- server_->Handshake();
- EXPECT_LE(4U, server_filters_.records_->count()); // CT x2, CV, Fin
-
- // Generate and capture the ACK from the client.
- client_filters_.drop_->Reset({0});
- HandshakeAndAck(client_);
- EXPECT_EQ(3U, client_filters_.records_->count());
- }
-
- // Lower the MTU again so that the server sends Certificate cut into three
- // pieces. Drop the middle piece.
- void ThirdAttemptDropMiddle() {
- server_filters_.records_->Clear();
- server_filters_.drop_->Reset({1}); // Drop Cert2[1] (of 3)
- SplitServerMtu(3);
- // Because we dropped the client ACK, the server retransmits on a timer.
- ShiftDtlsTimers();
- server_->Handshake();
- EXPECT_LE(5U, server_filters_.records_->count()); // CT x3, CV, Fin
- }
-
- void AckAndCompleteRetransmission() {
- // Generate ACKs.
- HandshakeAndAck(client_);
- // The server should send the final sixth of the certificate: the client has
- // acknowledged the first half and the last third. Also send CV and Fin.
- server_filters_.records_->Clear();
- server_->Handshake();
- }
-
- void CheckSizeOfSixth(size_t size_of_half, size_t size_of_third) {
- // Work out if the final sixth is the right size. We get the records with
- // overheads added, which obscures the length of the payload. We want to
- // ensure that the server only sent the missing sixth of the Certificate.
- //
- // We captured |size_of_half + overhead| and |size_of_third + overhead| and
- // want to calculate |size_of_third - size_of_third + overhead|. We can't
- // calculate |overhead|, but it is is (currently) always a handshake message
- // header, a content type, and an authentication tag:
- static const size_t record_overhead = 12 + 1 + 16;
- EXPECT_EQ(size_of_half - size_of_third + record_overhead,
- server_filters_.records_->record(0).buffer.len());
- }
-
- void SendDelayedAck() {
- // Send the ACK we held back. The reordered ACK doesn't add new
- // information,
- // but triggers an extra retransmission of the missing records again (even
- // though the client has all that it needs).
- client_->SendRecordDirect(client_filters_.records_->record(2));
- server_filters_.records_->Clear();
- server_->Handshake();
- }
-
- void CompleteHandshake(size_t extra_retransmissions) {
- // All this messing around shouldn't cause a failure...
- Handshake();
- // ...but it leaves a mess. Add an extra few calls to Handshake() for the
- // client so that it absorbs the extra retransmissions.
- for (size_t i = 0; i < extra_retransmissions; ++i) {
- client_->Handshake();
- }
- CheckConnected();
- }
-
- // Split the server MTU so that the Certificate is split into |count| pieces.
- // The calculation doesn't need to be perfect as long as the Certificate
- // message is split into the right number of pieces.
- void SplitServerMtu(size_t count) {
- // Set the MTU based on the formula:
- // bare_size = cert_len_ - actual_overhead
- // MTU = ceil(bare_size / count) + pessimistic_overhead
- //
- // actual_overhead is the amount of actual overhead on the record we
- // captured, which is (note that our length doesn't include the header):
- static const size_t actual_overhead = 12 + // handshake message header
- 1 + // content type
- 16; // authentication tag
- size_t bare_size = cert_len_ - actual_overhead;
-
- // pessimistic_overhead is the amount of expansion that NSS assumes will be
- // added to each handshake record. Right now, that is DTLS_MIN_FRAGMENT:
- static const size_t pessimistic_overhead =
- 12 + // handshake message header
- 1 + // content type
- 13 + // record header length
- 64; // maximum record expansion: IV, MAC and block cipher expansion
-
- size_t mtu = (bare_size + count - 1) / count + pessimistic_overhead;
- if (g_ssl_gtest_verbose) {
- std::cerr << "server: set MTU to " << mtu << std::endl;
- }
- EXPECT_EQ(SECSuccess, SSLInt_SetMTU(server_->ssl_fd(), mtu));
- }
-
- size_t server_record_len(size_t index) const {
- return server_filters_.records_->record(index).buffer.len();
- }
-
- size_t cert_len_;
-};
-
-TEST_F(TlsFragmentationAndRecoveryTest, DropFirstHalf) { RunTest(0); }
-
-TEST_F(TlsFragmentationAndRecoveryTest, DropSecondHalf) { RunTest(1); }
-
-TEST_F(TlsDropDatagram13, NoDropsDuringZeroRtt) {
- SetupForZeroRtt();
- SetFilters();
- std::cerr << "Starting second handshake" << std::endl;
- client_->Set0RttEnabled(true);
- server_->Set0RttEnabled(true);
- ExpectResumption(RESUME_TICKET);
- ZeroRttSendReceive(true, true);
- Handshake();
- ExpectEarlyDataAccepted(true);
- CheckConnected();
- SendReceive();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-TEST_F(TlsDropDatagram13, DropEEDuringZeroRtt) {
- SetupForZeroRtt();
- SetFilters();
- std::cerr << "Starting second handshake" << std::endl;
- client_->Set0RttEnabled(true);
- server_->Set0RttEnabled(true);
- ExpectResumption(RESUME_TICKET);
- server_filters_.drop_->Reset({1});
- ZeroRttSendReceive(true, true);
- HandshakeAndAck(client_);
- Handshake();
- ExpectEarlyDataAccepted(true);
- CheckConnected();
- SendReceive();
- CheckAcks(client_filters_, 0, {0});
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-class TlsReorderDatagram13 : public TlsDropDatagram13 {
- public:
- TlsReorderDatagram13() {}
-
- // Send records from the records buffer in the given order.
- void ReSend(TlsAgent::Role side, std::vector<size_t> indices) {
- std::shared_ptr<TlsAgent> agent;
- std::shared_ptr<TlsRecordRecorder> records;
-
- if (side == TlsAgent::CLIENT) {
- agent = client_;
- records = client_filters_.records_;
- } else {
- agent = server_;
- records = server_filters_.records_;
- }
-
- for (auto i : indices) {
- agent->SendRecordDirect(records->record(i));
- }
- }
-};
-
-// Reorder the server records so that EE comes at the end
-// of the flight and will still produce an ACK.
-TEST_F(TlsDropDatagram13, ReorderServerEE) {
- server_filters_.drop_->Reset({1});
- StartConnect();
- client_->Handshake();
- server_->Handshake();
- // We dropped EE, now reinject.
- server_->SendRecordDirect(server_filters_.record(1));
- expected_client_acks_ = 1;
- HandshakeAndAck(client_);
- CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0,
- {
- 0, // SH
- 0x0002000000000000, // EE
- });
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-// The client sends an out of order non-handshake message
-// but with the handshake key.
-class TlsSendCipherSpecCapturer {
- public:
- TlsSendCipherSpecCapturer(std::shared_ptr<TlsAgent>& agent)
- : send_cipher_specs_() {
- SSLInt_SetCipherSpecChangeFunc(agent->ssl_fd(), CipherSpecChanged,
- (void*)this);
- }
-
- std::shared_ptr<TlsCipherSpec> spec(size_t i) {
- if (i >= send_cipher_specs_.size()) {
- return nullptr;
- }
- return send_cipher_specs_[i];
- }
-
- private:
- static void CipherSpecChanged(void* arg, PRBool sending,
- ssl3CipherSpec* newSpec) {
- if (!sending) {
- return;
- }
-
- auto self = static_cast<TlsSendCipherSpecCapturer*>(arg);
-
- auto spec = std::make_shared<TlsCipherSpec>();
- bool ret = spec->Init(SSLInt_CipherSpecToEpoch(newSpec),
- SSLInt_CipherSpecToAlgorithm(newSpec),
- SSLInt_CipherSpecToKey(newSpec),
- SSLInt_CipherSpecToIv(newSpec));
- EXPECT_EQ(true, ret);
- self->send_cipher_specs_.push_back(spec);
- }
-
- std::vector<std::shared_ptr<TlsCipherSpec>> send_cipher_specs_;
-};
-
-TEST_F(TlsDropDatagram13, SendOutOfOrderAppWithHandshakeKey) {
- StartConnect();
- TlsSendCipherSpecCapturer capturer(client_);
- client_->Handshake();
- server_->Handshake();
- client_->Handshake();
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
- server_->Handshake();
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
- // After the client sends Finished, inject an app data record
- // with the handshake key. This should produce an alert.
- uint8_t buf[] = {'a', 'b', 'c'};
- auto spec = capturer.spec(0);
- ASSERT_NE(nullptr, spec.get());
- ASSERT_EQ(2, spec->epoch());
- ASSERT_TRUE(client_->SendEncryptedRecord(
- spec, SSL_LIBRARY_VERSION_DTLS_1_2_WIRE, 0x0002000000000002,
- kTlsApplicationDataType, DataBuffer(buf, sizeof(buf))));
-
- // Now have the server consume the bogus message.
- server_->ExpectSendAlert(illegal_parameter, kTlsAlertFatal);
- server_->Handshake();
- EXPECT_EQ(TlsAgent::STATE_ERROR, server_->state());
- EXPECT_EQ(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, PORT_GetError());
-}
-
-TEST_F(TlsDropDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) {
- StartConnect();
- TlsSendCipherSpecCapturer capturer(client_);
- client_->Handshake();
- server_->Handshake();
- client_->Handshake();
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
- server_->Handshake();
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
- // Inject a new bogus handshake record, which the server responds
- // to by just ACKing the original one (we ignore the contents).
- uint8_t buf[] = {'a', 'b', 'c'};
- auto spec = capturer.spec(0);
- ASSERT_NE(nullptr, spec.get());
- ASSERT_EQ(2, spec->epoch());
- ASSERT_TRUE(client_->SendEncryptedRecord(
- spec, SSL_LIBRARY_VERSION_DTLS_1_2_WIRE, 0x0002000000000002,
- kTlsHandshakeType, DataBuffer(buf, sizeof(buf))));
- server_->Handshake();
- EXPECT_EQ(2UL, server_filters_.ack_->count());
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- CheckAcks(server_filters_, 1, {0x0002000000000000ULL});
-}
-
-// Shrink the MTU down so that certs get split and then swap the first and
-// second pieces of the server certificate.
-TEST_F(TlsReorderDatagram13, ReorderServerCertificate) {
- StartConnect();
- ShrinkPostServerHelloMtu();
- client_->Handshake();
- // Drop the entire handshake flight so we can reorder.
- server_filters_.drop_->Reset(0xff);
- server_->Handshake();
- // Check that things got split.
- EXPECT_EQ(6UL,
- server_filters_.records_->count()); // CH, EE, CT1, CT2, CV, FIN
- // Now re-send things in a different order.
- ReSend(TlsAgent::SERVER, std::vector<size_t>{0, 1, 3, 2, 4, 5});
- // Clear.
- server_filters_.drop_->Disable();
- server_filters_.records_->Clear();
- // Wait for client to send ACK.
- ShiftDtlsTimers();
- CheckedHandshakeSendReceive();
- EXPECT_EQ(2UL, server_filters_.records_->count()); // ACK + Data
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
-}
-
-TEST_F(TlsReorderDatagram13, DataAfterEOEDDuringZeroRtt) {
- SetupForZeroRtt();
- SetFilters();
- std::cerr << "Starting second handshake" << std::endl;
- client_->Set0RttEnabled(true);
- server_->Set0RttEnabled(true);
- ExpectResumption(RESUME_TICKET);
- // Send the client's first flight of zero RTT data.
- ZeroRttSendReceive(true, true);
- // Now send another client application data record but
- // capture it.
- client_filters_.records_->Clear();
- client_filters_.drop_->Reset(0xff);
- const char* k0RttData = "123456";
- const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
- PRInt32 rv =
- PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen); // 0-RTT write.
- EXPECT_EQ(k0RttDataLen, rv);
- EXPECT_EQ(1UL, client_filters_.records_->count()); // data
- server_->Handshake();
- client_->Handshake();
- ExpectEarlyDataAccepted(true);
- // The server still hasn't received anything at this point.
- EXPECT_EQ(3UL, client_filters_.records_->count()); // data, EOED, FIN
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
- EXPECT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
- // Now re-send the client's messages: EOED, data, FIN
- ReSend(TlsAgent::CLIENT, std::vector<size_t>({1, 0, 2}));
- server_->Handshake();
- CheckConnected();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- uint8_t buf[8];
- rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
- EXPECT_EQ(-1, rv);
- EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
-}
-
-TEST_F(TlsReorderDatagram13, DataAfterFinDuringZeroRtt) {
- SetupForZeroRtt();
- SetFilters();
- std::cerr << "Starting second handshake" << std::endl;
- client_->Set0RttEnabled(true);
- server_->Set0RttEnabled(true);
- ExpectResumption(RESUME_TICKET);
- // Send the client's first flight of zero RTT data.
- ZeroRttSendReceive(true, true);
- // Now send another client application data record but
- // capture it.
- client_filters_.records_->Clear();
- client_filters_.drop_->Reset(0xff);
- const char* k0RttData = "123456";
- const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
- PRInt32 rv =
- PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen); // 0-RTT write.
- EXPECT_EQ(k0RttDataLen, rv);
- EXPECT_EQ(1UL, client_filters_.records_->count()); // data
- server_->Handshake();
- client_->Handshake();
- ExpectEarlyDataAccepted(true);
- // The server still hasn't received anything at this point.
- EXPECT_EQ(3UL, client_filters_.records_->count()); // EOED, FIN, Data
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
- EXPECT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
- // Now re-send the client's messages: EOED, FIN, Data
- ReSend(TlsAgent::CLIENT, std::vector<size_t>({1, 2, 0}));
- server_->Handshake();
- CheckConnected();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- uint8_t buf[8];
- rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
- EXPECT_EQ(-1, rv);
- EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
-}
-
static void GetCipherAndLimit(uint16_t version, uint16_t* cipher,
uint64_t* limit = nullptr) {
uint64_t l;
@@ -836,6 +111,7 @@ TEST_P(TlsConnectDatagram12Plus, MissAWindow) {
GetCipherAndLimit(version_, &cipher);
server_->EnableSingleCipher(cipher);
Connect();
+
EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 0));
SendReceive();
}
@@ -853,7 +129,5 @@ TEST_P(TlsConnectDatagram12Plus, MissAWindowAndOne) {
INSTANTIATE_TEST_CASE_P(Datagram12Plus, TlsConnectDatagram12Plus,
TlsConnectTestBase::kTlsV12Plus);
-INSTANTIATE_TEST_CASE_P(DatagramPre13, TlsConnectDatagramPre13,
- TlsConnectTestBase::kTlsV11V12);
} // namespace nss_test