Bug 1355191 - Add a test for bad signature in TLS 1.3 in both directi…

…ons. r=mt Summary: Reviewers: mt Differential Revision: https://nss-review.dev.mozaws.net/D283
sailfishos-mirror · Apr 10, 2017 · 87d18bf · 87d18bf
1 parent e0e39b7
commit 87d18bf
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 24 deletions.
diff --git a/gtests/ssl_gtest/ssl_damage_unittest.cc b/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -63,4 +63,65 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
   server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
 }
 
+TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
+  EnsureTlsSetup();
+  auto filter =
+      std::make_shared<TlsLastByteDamager>(kTlsHandshakeServerKeyExchange);
+  server_->SetTlsRecordFilter(filter);
+  ExpectAlert(client_, kTlsAlertDecryptError);
+  ConnectExpectFail();
+  // TODO(ttaubert@mozilla.com): This is the wrong error code in
+  // 1.1 and below. Bug 1354488.
+  client_->CheckErrorCode(version_ >= SSL_LIBRARY_VERSION_TLS_1_2
+                              ? SEC_ERROR_BAD_SIGNATURE
+                              : SEC_ERROR_PKCS11_DEVICE_ERROR);
+  server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+TEST_P(TlsConnectTls13, DamageServerSignature) {
+  EnsureTlsSetup();
+  auto filter =
+      std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
+  server_->SetTlsRecordFilter(filter);
+  filter->EnableDecryption();
+  client_->ExpectSendAlert(kTlsAlertDecryptError);
+  // The server can't read the client's alert, so it also sends an alert.
+  if (mode_ == STREAM) {
+    server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+    ConnectExpectFail();
+    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  } else {
+    ConnectExpectFailOneSide(TlsAgent::CLIENT);
+  }
+  client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+}
+
+TEST_P(TlsConnectGeneric, DamageClientSignature) {
+  EnsureTlsSetup();
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  auto filter =
+      std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
+  client_->SetTlsRecordFilter(filter);
+  server_->ExpectSendAlert(kTlsAlertDecryptError);
+  filter->EnableDecryption();
+  // Do these handshakes by hand to avoid race condition on
+  // the client processing the server's alert.
+  client_->StartConnect();
+  server_->StartConnect();
+  client_->Handshake();
+  server_->Handshake();
+  client_->Handshake();
+  server_->Handshake();
+  EXPECT_EQ(version_ >= SSL_LIBRARY_VERSION_TLS_1_3
+                ? TlsAgent::STATE_CONNECTED
+                : TlsAgent::STATE_CONNECTING,
+            client_->state());
+  // TODO(ttaubert@mozilla.com): This is the wrong error code in
+  // 1.1 and below. Bug 1354488.
+  server_->CheckErrorCode(version_ >= SSL_LIBRARY_VERSION_TLS_1_2
+                              ? SEC_ERROR_BAD_SIGNATURE
+                              : SEC_ERROR_PKCS11_DEVICE_ERROR);
+}
+
 }  // namespace nspr_test
diff --git a/gtests/ssl_gtest/ssl_fuzz_unittest.cc b/gtests/ssl_gtest/ssl_fuzz_unittest.cc
@@ -45,28 +45,6 @@ class TlsApplicationDataRecorder : public TlsRecordFilter {
   DataBuffer buffer_;
 };
 
-// Damages an SKE or CV signature.
-class TlsSignatureDamager : public TlsHandshakeFilter {
- public:
-  TlsSignatureDamager(uint8_t type) : type_(type) {}
-  virtual PacketFilter::Action FilterHandshake(
-      const TlsHandshakeFilter::HandshakeHeader& header,
-      const DataBuffer& input, DataBuffer* output) {
-    if (header.handshake_type() != type_) {
-      return KEEP;
-    }
-
-    *output = input;
-
-    // Modify the last byte of the signature.
-    output->data()[output->len() - 1]++;
-    return CHANGE;
-  }
-
- private:
-  uint8_t type_;
-};
-
 // Ensure that ssl_Time() returns a constant value.
 FUZZ_F(TlsFuzzTest, SSL_Time_Constant) {
   PRUint32 now = ssl_Time();
@@ -209,7 +187,7 @@ FUZZ_P(TlsConnectGeneric, BogusServerAuthSignature) {
   uint8_t msg_type = version_ == SSL_LIBRARY_VERSION_TLS_1_3
                          ? kTlsHandshakeCertificateVerify
                          : kTlsHandshakeServerKeyExchange;
-  server_->SetPacketFilter(std::make_shared<TlsSignatureDamager>(msg_type));
+  server_->SetPacketFilter(std::make_shared<TlsLastByteDamager>(msg_type));
   Connect();
   SendReceive();
 }
@@ -220,7 +198,7 @@ FUZZ_P(TlsConnectGeneric, BogusClientAuthSignature) {
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   client_->SetPacketFilter(
-      std::make_shared<TlsSignatureDamager>(kTlsHandshakeCertificateVerify));
+      std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify));
   Connect();
 }
 

diff --git a/gtests/ssl_gtest/tls_filter.h b/gtests/ssl_gtest/tls_filter.h
@@ -390,6 +390,27 @@ class TlsInspectorClientHelloVersionSetter : public TlsHandshakeFilter {
   uint16_t version_;
 };
 
+// Damages the last byte of a handshake message.
+class TlsLastByteDamager : public TlsHandshakeFilter {
+ public:
+  TlsLastByteDamager(uint8_t type) : type_(type) {}
+  PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) override {
+    if (header.handshake_type() != type_) {
+      return KEEP;
+    }
+
+    *output = input;
+
+    output->data()[output->len() - 1]++;
+    return CHANGE;
+  }
+
+ private:
+  uint8_t type_;
+};
+
 }  // namespace nss_test
 
 #endif