diff options
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc')
-rw-r--r-- | security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc | 64 |
1 files changed, 61 insertions, 3 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc index 9dadcbdf6..69fd00331 100644 --- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc @@ -33,12 +33,14 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) { client_->StartConnect(); client_->Handshake(); server_->Handshake(); - std::cerr << "Damaging HS secret\n"; + std::cerr << "Damaging HS secret" << std::endl; SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd()); client_->Handshake(); - server_->Handshake(); // The client thinks it has connected. EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + + ExpectAlert(server_, kTlsAlertDecryptError); + server_->Handshake(); server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); client_->Handshake(); client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT); @@ -49,7 +51,10 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) { SSL_LIBRARY_VERSION_TLS_1_3); server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_3); - server_->SetPacketFilter(new AfterRecordN( + client_->ExpectSendAlert(kTlsAlertDecryptError); + // The server can't read the client's alert, so it also sends an alert. + server_->ExpectSendAlert(kTlsAlertBadRecordMac); + server_->SetPacketFilter(std::make_shared<AfterRecordN>( server_, client_, 0, // ServerHello. [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); })); @@ -58,4 +63,57 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) { server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ); } +TEST_P(TlsConnectGenericPre13, DamageServerSignature) { + EnsureTlsSetup(); + auto filter = + std::make_shared<TlsLastByteDamager>(kTlsHandshakeServerKeyExchange); + server_->SetTlsRecordFilter(filter); + ExpectAlert(client_, kTlsAlertDecryptError); + ConnectExpectFail(); + client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE); + server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT); +} + +TEST_P(TlsConnectTls13, DamageServerSignature) { + EnsureTlsSetup(); + auto filter = + std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify); + server_->SetTlsRecordFilter(filter); + filter->EnableDecryption(); + client_->ExpectSendAlert(kTlsAlertDecryptError); + // The server can't read the client's alert, so it also sends an alert. + if (variant_ == ssl_variant_stream) { + server_->ExpectSendAlert(kTlsAlertBadRecordMac); + ConnectExpectFail(); + server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ); + } else { + ConnectExpectFailOneSide(TlsAgent::CLIENT); + } + client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE); +} + +TEST_P(TlsConnectGeneric, DamageClientSignature) { + EnsureTlsSetup(); + client_->SetupClientAuth(); + server_->RequestClientAuth(true); + auto filter = + std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify); + client_->SetTlsRecordFilter(filter); + server_->ExpectSendAlert(kTlsAlertDecryptError); + filter->EnableDecryption(); + // Do these handshakes by hand to avoid race condition on + // the client processing the server's alert. + client_->StartConnect(); + server_->StartConnect(); + client_->Handshake(); + server_->Handshake(); + client_->Handshake(); + server_->Handshake(); + EXPECT_EQ(version_ >= SSL_LIBRARY_VERSION_TLS_1_3 + ? TlsAgent::STATE_CONNECTED + : TlsAgent::STATE_CONNECTING, + client_->state()); + server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE); +} + } // namespace nspr_test |