diff options
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc')
| -rw-r--r-- | security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc index 42f1065f6..ecb63d476 100644 --- a/security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc @@ -82,7 +82,7 @@ class Tls13CompatTest : public TlsConnectStreamTls13 { // Only the second record can be a CCS. bool expected_match = expected && (i == 1); EXPECT_EQ(expected_match, - kTlsChangeCipherSpecType == + ssl_ct_change_cipher_spec == records_->record(i).header.content_type()); } } @@ -299,15 +299,15 @@ TEST_F(TlsConnectTest, TLS13NonCompatModeSessionID) { MakeTlsFilter<TlsSessionIDInjectFilter>(server_); client_->ExpectSendAlert(kTlsAlertIllegalParameter); - server_->ExpectSendAlert(kTlsAlertBadRecordMac); + server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); ConnectExpectFail(); client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); - server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ); + server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE); } static const uint8_t kCannedCcs[] = { - kTlsChangeCipherSpecType, + ssl_ct_change_cipher_spec, SSL_LIBRARY_VERSION_TLS_1_2 >> 8, SSL_LIBRARY_VERSION_TLS_1_2 & 0xff, 0, @@ -362,6 +362,19 @@ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHello12) { client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); } +TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterFinished13) { + EnsureTlsSetup(); + ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); + Connect(); + SendReceive(10); + // Client sends CCS after the handshake. + client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); + server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); + server_->ExpectReadWriteError(); + server_->ReadBytes(); + EXPECT_EQ(SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE, server_->error_code()); +} + TEST_F(TlsConnectDatagram13, CompatModeDtlsClient) { EnsureTlsSetup(); client_->SetOption(SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE); @@ -370,14 +383,14 @@ TEST_F(TlsConnectDatagram13, CompatModeDtlsClient) { Connect(); ASSERT_EQ(2U, client_records->count()); // CH, Fin - EXPECT_EQ(kTlsHandshakeType, client_records->record(0).header.content_type()); - EXPECT_EQ(kTlsApplicationDataType, + EXPECT_EQ(ssl_ct_handshake, client_records->record(0).header.content_type()); + EXPECT_EQ(ssl_ct_application_data, client_records->record(1).header.content_type()); ASSERT_EQ(6U, server_records->count()); // SH, EE, CT, CV, Fin, Ack - EXPECT_EQ(kTlsHandshakeType, server_records->record(0).header.content_type()); + EXPECT_EQ(ssl_ct_handshake, server_records->record(0).header.content_type()); for (size_t i = 1; i < server_records->count(); ++i) { - EXPECT_EQ(kTlsApplicationDataType, + EXPECT_EQ(ssl_ct_application_data, server_records->record(i).header.content_type()); } } @@ -422,12 +435,12 @@ TEST_F(TlsConnectDatagram13, CompatModeDtlsServer) { client_->Handshake(); ASSERT_EQ(1U, client_records->count()); - EXPECT_EQ(kTlsHandshakeType, client_records->record(0).header.content_type()); + EXPECT_EQ(ssl_ct_handshake, client_records->record(0).header.content_type()); ASSERT_EQ(5U, server_records->count()); // SH, EE, CT, CV, Fin - EXPECT_EQ(kTlsHandshakeType, server_records->record(0).header.content_type()); + EXPECT_EQ(ssl_ct_handshake, server_records->record(0).header.content_type()); for (size_t i = 1; i < server_records->count(); ++i) { - EXPECT_EQ(kTlsApplicationDataType, + EXPECT_EQ(ssl_ct_application_data, server_records->record(i).header.content_type()); } |