summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
commitfba28f19754f62b5227650143d5441fc86d4c7d7 (patch)
tree26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
parentb4154e043bfc0d2f301d88304efc896989d650bf (diff)
downloadUXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip
Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc')
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc178
1 files changed, 0 insertions, 178 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
deleted file mode 100644
index d03775c25..000000000
--- a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
+++ /dev/null
@@ -1,178 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "secerr.h"
-#include "ssl.h"
-#include "sslerr.h"
-#include "sslproto.h"
-
-extern "C" {
-// This is not something that should make you happy.
-#include "libssl_internals.h"
-}
-
-#include "gtest_utils.h"
-#include "scoped_ptrs.h"
-#include "tls_connect.h"
-#include "tls_filter.h"
-#include "tls_parser.h"
-
-namespace nss_test {
-
-// All stream only tests; DTLS isn't supported yet.
-
-TEST_F(TlsConnectTest, KeyUpdateClient) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE));
- SendReceive(50);
- SendReceive(60);
- CheckEpochs(4, 3);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateClientRequestUpdate) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_TRUE));
- // SendReceive() only gives each peer one chance to read. This isn't enough
- // when the read on one side generates another handshake message. A second
- // read gives each peer an extra chance to consume the KeyUpdate.
- SendReceive(50);
- SendReceive(60); // Cumulative count.
- CheckEpochs(4, 4);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateServer) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_FALSE));
- SendReceive(50);
- SendReceive(60);
- CheckEpochs(3, 4);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateServerRequestUpdate) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
- SendReceive(50);
- SendReceive(60);
- CheckEpochs(4, 4);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateConsecutiveRequests) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
- SendReceive(50);
- SendReceive(60);
- // The server should have updated twice, but the client should have declined
- // to respond to the second request from the server, since it doesn't send
- // anything in between those two requests.
- CheckEpochs(4, 5);
-}
-
-// Check that a local update can be immediately followed by a remotely triggered
-// update even if there is no use of the keys.
-TEST_F(TlsConnectTest, KeyUpdateLocalUpdateThenConsecutiveRequests) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- // This should trigger an update on the client.
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE));
- // The client should update for the first request.
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
- // ...but not the second.
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
- SendReceive(50);
- SendReceive(60);
- // Both should have updated twice.
- CheckEpochs(5, 5);
-}
-
-TEST_F(TlsConnectTest, KeyUpdateMultiple) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_FALSE));
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_FALSE));
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE));
- SendReceive(50);
- SendReceive(60);
- CheckEpochs(5, 6);
-}
-
-// Both ask the other for an update, and both should react.
-TEST_F(TlsConnectTest, KeyUpdateBothRequest) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- Connect();
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_TRUE));
- EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
- SendReceive(50);
- SendReceive(60);
- CheckEpochs(5, 5);
-}
-
-// If the sequence number exceeds the number of writes before an automatic
-// update (currently 3/4 of the max records for the cipher suite), then the
-// stack should send an update automatically (but not request one).
-TEST_F(TlsConnectTest, KeyUpdateAutomaticOnWrite) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- ConnectWithCipherSuite(TLS_AES_128_GCM_SHA256);
-
- // Set this to one below the write threshold.
- uint64_t threshold = (0x5aULL << 28) * 3 / 4;
- EXPECT_EQ(SECSuccess,
- SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), threshold));
- EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), threshold));
-
- // This should be OK.
- client_->SendData(10);
- server_->ReadBytes();
-
- // This should cause the client to update.
- client_->SendData(10);
- server_->ReadBytes();
-
- SendReceive(100);
- CheckEpochs(4, 3);
-}
-
-// If the sequence number exceeds a certain number of reads (currently 7/8 of
-// the max records for the cipher suite), then the stack should send AND request
-// an update automatically. However, the sender (client) will be above its
-// automatic update threshold, so the KeyUpdate - that it sends with the old
-// cipher spec - will exceed the receiver (server) automatic update threshold.
-// The receiver gets a packet with a sequence number over its automatic read
-// update threshold. Even though the sender has updated, the code that checks
-// the sequence numbers at the receiver doesn't know this and it will request an
-// update. This causes two updates: one from the sender (without requesting a
-// response) and one from the receiver (which does request a response).
-TEST_F(TlsConnectTest, KeyUpdateAutomaticOnRead) {
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- ConnectWithCipherSuite(TLS_AES_128_GCM_SHA256);
-
- // Move to right at the read threshold. Unlike the write test, we can't send
- // packets because that would cause the client to update, which would spoil
- // the test.
- uint64_t threshold = ((0x5aULL << 28) * 7 / 8) + 1;
- EXPECT_EQ(SECSuccess,
- SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), threshold));
- EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), threshold));
-
- // This should cause the client to update, but not early enough to prevent the
- // server from updating also.
- client_->SendData(10);
- server_->ReadBytes();
-
- // Need two SendReceive() calls to ensure that the update that the server
- // requested is properly generated and consumed.
- SendReceive(70);
- SendReceive(80);
- CheckEpochs(5, 4);
-}
-
-} // namespace nss_test