summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc')
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc64
1 files changed, 61 insertions, 3 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
index 9dadcbdf6..69fd00331 100644
--- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -33,12 +33,14 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
client_->StartConnect();
client_->Handshake();
server_->Handshake();
- std::cerr << "Damaging HS secret\n";
+ std::cerr << "Damaging HS secret" << std::endl;
SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd());
client_->Handshake();
- server_->Handshake();
// The client thinks it has connected.
EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+
+ ExpectAlert(server_, kTlsAlertDecryptError);
+ server_->Handshake();
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
client_->Handshake();
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
@@ -49,7 +51,10 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_3);
- server_->SetPacketFilter(new AfterRecordN(
+ client_->ExpectSendAlert(kTlsAlertDecryptError);
+ // The server can't read the client's alert, so it also sends an alert.
+ server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+ server_->SetPacketFilter(std::make_shared<AfterRecordN>(
server_, client_,
0, // ServerHello.
[this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); }));
@@ -58,4 +63,57 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
}
+TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
+ EnsureTlsSetup();
+ auto filter =
+ std::make_shared<TlsLastByteDamager>(kTlsHandshakeServerKeyExchange);
+ server_->SetTlsRecordFilter(filter);
+ ExpectAlert(client_, kTlsAlertDecryptError);
+ ConnectExpectFail();
+ client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+ server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+TEST_P(TlsConnectTls13, DamageServerSignature) {
+ EnsureTlsSetup();
+ auto filter =
+ std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
+ server_->SetTlsRecordFilter(filter);
+ filter->EnableDecryption();
+ client_->ExpectSendAlert(kTlsAlertDecryptError);
+ // The server can't read the client's alert, so it also sends an alert.
+ if (variant_ == ssl_variant_stream) {
+ server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+ ConnectExpectFail();
+ server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+ } else {
+ ConnectExpectFailOneSide(TlsAgent::CLIENT);
+ }
+ client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+}
+
+TEST_P(TlsConnectGeneric, DamageClientSignature) {
+ EnsureTlsSetup();
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+ auto filter =
+ std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
+ client_->SetTlsRecordFilter(filter);
+ server_->ExpectSendAlert(kTlsAlertDecryptError);
+ filter->EnableDecryption();
+ // Do these handshakes by hand to avoid race condition on
+ // the client processing the server's alert.
+ client_->StartConnect();
+ server_->StartConnect();
+ client_->Handshake();
+ server_->Handshake();
+ client_->Handshake();
+ server_->Handshake();
+ EXPECT_EQ(version_ >= SSL_LIBRARY_VERSION_TLS_1_3
+ ? TlsAgent::STATE_CONNECTED
+ : TlsAgent::STATE_CONNECTING,
+ client_->state());
+ server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+}
+
} // namespace nspr_test