summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/tls_agent.h
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-08-14 07:52:35 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-08-14 16:42:52 +0200
commitab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch)
tree5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/gtests/ssl_gtest/tls_agent.h
parentf44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff)
downloadUXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/gtests/ssl_gtest/tls_agent.h')
-rw-r--r--security/nss/gtests/ssl_gtest/tls_agent.h24
1 files changed, 16 insertions, 8 deletions
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h
index 6cd6d5073..a93d0c6ee 100644
--- a/security/nss/gtests/ssl_gtest/tls_agent.h
+++ b/security/nss/gtests/ssl_gtest/tls_agent.h
@@ -10,6 +10,9 @@
#include "prio.h"
#include "ssl.h"
+// This is an internal header, used to get TLS_1_3_DRAFT_VERSION.
+#include "ssl3prot.h"
+
#include <functional>
#include <iostream>
@@ -57,6 +60,8 @@ typedef std::function<int32_t(TlsAgent* agent, const SECItem* srvNameArr,
PRUint32 srvNameArrSize)>
SniCallbackFunction;
+static const uint8_t kD13 = TLS_1_3_DRAFT_VERSION;
+
class TlsAgent : public PollTarget {
public:
enum Role { CLIENT, SERVER };
@@ -64,6 +69,7 @@ class TlsAgent : public PollTarget {
static const std::string kClient; // the client key is sign only
static const std::string kRsa2048; // bigger sign and encrypt for either
+ static const std::string kRsa8192; // biggest sign and encrypt for either
static const std::string kServerRsa; // both sign and encrypt
static const std::string kServerRsaSign;
static const std::string kServerRsaPss;
@@ -143,8 +149,7 @@ class TlsAgent : public PollTarget {
void SendData(size_t bytes, size_t blocksize = 1024);
void SendBuffer(const DataBuffer& buf);
bool SendEncryptedRecord(const std::shared_ptr<TlsCipherSpec>& spec,
- uint16_t wireVersion, uint64_t seq, uint8_t ct,
- const DataBuffer& buf);
+ uint64_t seq, uint8_t ct, const DataBuffer& buf);
// Send data directly to the underlying socket, skipping the TLS layer.
void SendDirect(const DataBuffer& buf);
void SendRecordDirect(const TlsRecord& record);
@@ -209,10 +214,10 @@ class TlsAgent : public PollTarget {
return info_.protocolVersion;
}
- bool cipher_suite(uint16_t* cipher_suite) const {
+ bool cipher_suite(uint16_t* suite) const {
if (state_ != STATE_CONNECTED) return false;
- *cipher_suite = info_.cipherSuite;
+ *suite = info_.cipherSuite;
return true;
}
@@ -227,17 +232,17 @@ class TlsAgent : public PollTarget {
info_.sessionID + info_.sessionIDLength);
}
- bool auth_type(SSLAuthType* auth_type) const {
+ bool auth_type(SSLAuthType* a) const {
if (state_ != STATE_CONNECTED) return false;
- *auth_type = info_.authType;
+ *a = info_.authType;
return true;
}
- bool kea_type(SSLKEAType* kea_type) const {
+ bool kea_type(SSLKEAType* k) const {
if (state_ != STATE_CONNECTED) return false;
- *kea_type = info_.keaType;
+ *k = info_.keaType;
return true;
}
@@ -264,6 +269,8 @@ class TlsAgent : public PollTarget {
void ExpectReceiveAlert(uint8_t alert, uint8_t level = 0);
void ExpectSendAlert(uint8_t alert, uint8_t level = 0);
+ std::string alpn_value_to_use_ = "";
+
private:
const static char* states[];
@@ -443,6 +450,7 @@ class TlsAgentTestBase : public ::testing::Test {
size_t hs_len, DataBuffer* out,
uint64_t seq_num, uint32_t fragment_offset,
uint32_t fragment_length) const;
+ DataBuffer MakeCannedTls13ServerHello();
static void MakeTrivialHandshakeRecord(uint8_t hs_type, size_t hs_len,
DataBuffer* out);
static inline TlsAgent::Role ToRole(const std::string& str) {