Commit c546432a authored by Martin Thomson's avatar Martin Thomson

Bug 1363981 - Update tests to use SSLProtocolVariant instead of Mode, r=ttaubert

--HG--
extra : rebase_source : 3e2746698cf0e1a3c27188723a096e473cd82bd0
extra : amend_source : 1878c2012d137979fc475934a14920c53ea3f0f6
extra : histedit_source : 0b73652afa6c74fbf33cd62bda10769be14ca19a
parent e9be8de8
......@@ -16,7 +16,6 @@
#include <arpa/inet.h>
#endif
#include "databuffer.h"
#include "sslt.h"
namespace nss_test {
......@@ -79,6 +78,10 @@ static const uint8_t kTls13PskDhKe = 1;
static const uint8_t kTls13PskAuth = 0;
static const uint8_t kTls13PskSignAuth = 1;
inline std::ostream& operator<<(std::ostream& os, SSLProtocolVariant v) {
return os << ((v == ssl_variant_stream) ? "TLS" : "DTLS");
}
inline bool IsDtls(uint16_t version) { return (version & 0x8000) == 0x8000; }
inline uint16_t NormalizeTlsVersion(uint16_t version) {
......@@ -135,10 +138,6 @@ class TlsParser {
size_t offset_;
};
inline std::ostream& operator<<(std::ostream& os, SSLProtocolVariant v) {
return os << ((v == ssl_variant_stream) ? "TLS" : "DTLS");
}
} // namespace nss_test
#endif
......@@ -227,7 +227,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngrade) {
client_->Set0RttEnabled(true);
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
}
client_->Handshake();
......@@ -237,7 +237,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngrade) {
// DTLS will timeout as we bump the epoch when installing the early app data
// cipher suite. Thus the encrypted alert will be ignored.
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
// The client sends an encrypted alert message.
ASSERT_TRUE_WAIT(
(server_->error_code() == SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA),
......@@ -269,7 +269,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngradeEarlyData) {
client_->Set0RttEnabled(true);
ZeroRttSendReceive(true, false, [this]() {
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
}
return true;
......@@ -282,7 +282,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngradeEarlyData) {
// DTLS will timeout as we bump the epoch when installing the early app data
// cipher suite. Thus the encrypted alert will be ignored.
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
// The server sends an alert when receiving the early app data record.
ASSERT_TRUE_WAIT(
(server_->error_code() == SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA),
......@@ -316,7 +316,7 @@ TEST_P(TlsConnectTls13, SendTooMuchEarlyData) {
PRInt32 sent;
// Writing more than the limit will succeed in TLS, but fail in DTLS.
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
sent = PR_Write(client_->ssl_fd(), big_message,
static_cast<PRInt32>(strlen(big_message)));
} else {
......@@ -377,7 +377,7 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
const PRInt32 message_len = static_cast<PRInt32>(strlen(message));
EXPECT_EQ(message_len, PR_Write(client_->ssl_fd(), message, message_len));
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
// This error isn't fatal for DTLS.
ExpectAlert(server_, kTlsAlertUnexpectedMessage);
}
......@@ -388,13 +388,13 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
// Attempt to read early data.
std::vector<uint8_t> buf(strlen(message) + 1);
EXPECT_GT(0, PR_Read(server_->ssl_fd(), buf.data(), buf.capacity()));
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
server_->CheckErrorCode(SSL_ERROR_TOO_MUCH_EARLY_DATA);
}
client_->Handshake(); // Process the handshake.
client_->Handshake(); // Process the alert.
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
}
}
......
......@@ -204,14 +204,15 @@ TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
ProcessMessage(buffer, TlsAgent::STATE_ERROR, SSL_ERROR_BAD_MAC_READ);
}
INSTANTIATE_TEST_CASE_P(AgentTests, TlsAgentTest,
::testing::Combine(TlsAgentTestBase::kTlsRolesAll,
TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsVAll));
INSTANTIATE_TEST_CASE_P(
AgentTests, TlsAgentTest,
::testing::Combine(TlsAgentTestBase::kTlsRolesAll,
TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsVAll));
INSTANTIATE_TEST_CASE_P(ClientTests, TlsAgentTestClient,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsVAll));
INSTANTIATE_TEST_CASE_P(ClientTests13, TlsAgentTestClient13,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV13));
} // namespace nss_test
......@@ -716,8 +716,8 @@ TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPss) {
&ServerCertDataRsaPss));
}
// mode, version, certificate, auth type, signature scheme
typedef std::tuple<std::string, uint16_t, std::string, SSLAuthType,
// variant, version, certificate, auth type, signature scheme
typedef std::tuple<SSLProtocolVariant, uint16_t, std::string, SSLAuthType,
SSLSignatureScheme>
SignatureSchemeProfile;
......@@ -778,7 +778,7 @@ TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigBoth) {
INSTANTIATE_TEST_CASE_P(
SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
::testing::Combine(
TlsConnectTestBase::kTlsModesAll, TlsConnectTestBase::kTlsV12Plus,
TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
::testing::Values(TlsAgent::kServerRsaSign),
::testing::Values(ssl_auth_rsa_sign),
::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
......@@ -787,42 +787,42 @@ INSTANTIATE_TEST_CASE_P(
// PSS with SHA-512 needs a bigger key to work.
INSTANTIATE_TEST_CASE_P(
SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12Plus,
::testing::Values(TlsAgent::kRsa2048),
::testing::Values(ssl_auth_rsa_sign),
::testing::Values(ssl_sig_rsa_pss_sha512)));
INSTANTIATE_TEST_CASE_P(
SignatureSchemeRsaSha1, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12,
::testing::Values(TlsAgent::kServerRsa),
::testing::Values(ssl_auth_rsa_sign),
::testing::Values(ssl_sig_rsa_pkcs1_sha1)));
INSTANTIATE_TEST_CASE_P(
SignatureSchemeEcdsaP256, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12Plus,
::testing::Values(TlsAgent::kServerEcdsa256),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
INSTANTIATE_TEST_CASE_P(
SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12Plus,
::testing::Values(TlsAgent::kServerEcdsa384),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_secp384r1_sha384)));
INSTANTIATE_TEST_CASE_P(
SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12Plus,
::testing::Values(TlsAgent::kServerEcdsa521),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_secp521r1_sha512)));
INSTANTIATE_TEST_CASE_P(
SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12,
::testing::Values(TlsAgent::kServerEcdsa256,
TlsAgent::kServerEcdsa384),
......
......@@ -22,17 +22,17 @@ extern "C" {
namespace nss_test {
// mode, version, cipher suite
typedef std::tuple<std::string, uint16_t, uint16_t, SSLNamedGroup,
// variant, version, cipher suite
typedef std::tuple<SSLProtocolVariant, uint16_t, uint16_t, SSLNamedGroup,
SSLSignatureScheme>
CipherSuiteProfile;
class TlsCipherSuiteTestBase : public TlsConnectTestBase {
public:
TlsCipherSuiteTestBase(const std::string &mode, uint16_t version,
TlsCipherSuiteTestBase(SSLProtocolVariant variant, uint16_t version,
uint16_t cipher_suite, SSLNamedGroup group,
SSLSignatureScheme signature_scheme)
: TlsConnectTestBase(mode, version),
: TlsConnectTestBase(variant, version),
cipher_suite_(cipher_suite),
group_(group),
signature_scheme_(signature_scheme),
......@@ -259,7 +259,7 @@ TEST_P(TlsCipherSuiteTest, ReadLimit) {
static const uint8_t payload[18] = {6};
DataBuffer record;
uint64_t epoch;
if (mode_ == DGRAM) {
if (variant_ == ssl_variant_datagram) {
if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
epoch = 3; // Application traffic keys.
} else {
......@@ -268,7 +268,7 @@ TEST_P(TlsCipherSuiteTest, ReadLimit) {
} else {
epoch = 0;
}
TlsAgentTestBase::MakeRecord(mode_, kTlsApplicationDataType, version_,
TlsAgentTestBase::MakeRecord(variant_, kTlsApplicationDataType, version_,
payload, sizeof(payload), &record,
(epoch << 48) | record_limit());
server_->adapter()->PacketReceived(record);
......@@ -296,7 +296,7 @@ TEST_P(TlsCipherSuiteTest, WriteLimit) {
k##name##Ciphers = ::testing::ValuesIn(k##name##CiphersArr); \
INSTANTIATE_TEST_CASE_P( \
CipherSuite##name, TlsCipherSuiteTest, \
::testing::Combine(TlsConnectTestBase::kTlsModes##modes, \
::testing::Combine(TlsConnectTestBase::kTlsVariants##modes, \
TlsConnectTestBase::kTls##versions, k##name##Ciphers, \
groups, sigalgs));
......@@ -405,7 +405,7 @@ class SecurityStatusTest
public ::testing::WithParamInterface<SecStatusParams> {
public:
SecurityStatusTest()
: TlsCipherSuiteTestBase("TLS", GetParam().version,
: TlsCipherSuiteTestBase(ssl_variant_stream, GetParam().version,
GetParam().cipher_suite, ssl_grp_none,
ssl_sig_none) {}
};
......
......@@ -82,7 +82,7 @@ TEST_P(TlsConnectTls13, DamageServerSignature) {
filter->EnableDecryption();
client_->ExpectSendAlert(kTlsAlertDecryptError);
// The server can't read the client's alert, so it also sends an alert.
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
......
......@@ -272,10 +272,11 @@ class TlsDheSkeChangeYClient : public TlsDheSkeChangeY {
std::shared_ptr<const TlsDheSkeChangeYServer> server_filter_;
};
/* This matrix includes: mode (stream/datagram), TLS version, what change to
/* This matrix includes: variant (stream/datagram), TLS version, what change to
* make to dh_Ys, whether the client will be configured to require DH named
* groups. Test all combinations. */
typedef std::tuple<std::string, uint16_t, TlsDheSkeChangeY::ChangeYTo, bool>
typedef std::tuple<SSLProtocolVariant, uint16_t, TlsDheSkeChangeY::ChangeYTo,
bool>
DamageDHYProfile;
class TlsDamageDHYTest
: public TlsConnectTestBase,
......@@ -358,13 +359,13 @@ static const bool kTrueFalseArr[] = {true, false};
static ::testing::internal::ParamGenerator<bool> kTrueFalse =
::testing::ValuesIn(kTrueFalseArr);
INSTANTIATE_TEST_CASE_P(DamageYStream, TlsDamageDHYTest,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10ToV12,
kAllY, kTrueFalse));
INSTANTIATE_TEST_CASE_P(
DamageYStream, TlsDamageDHYTest,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10ToV12, kAllY, kTrueFalse));
INSTANTIATE_TEST_CASE_P(
DamageYDatagram, TlsDamageDHYTest,
::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
TlsConnectTestBase::kTlsV11V12, kAllY, kTrueFalse));
class TlsDheSkeMakePEven : public TlsHandshakeFilter {
......
......@@ -574,12 +574,12 @@ TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyClientPoint) {
}
INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV11Plus));
#ifndef NSS_DISABLE_TLS_1_3
INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest13,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV13));
#endif
......
......@@ -166,10 +166,8 @@ class TlsExtensionAppender : public TlsHandshakeFilter {
class TlsExtensionTestBase : public TlsConnectTestBase {
protected:
TlsExtensionTestBase(Mode mode, uint16_t version)
: TlsConnectTestBase(mode, version) {}
TlsExtensionTestBase(const std::string& mode, uint16_t version)
: TlsConnectTestBase(mode, version) {}
TlsExtensionTestBase(SSLProtocolVariant variant, uint16_t version)
: TlsConnectTestBase(variant, version) {}
void ClientHelloErrorTest(std::shared_ptr<PacketFilter> filter,
uint8_t desc = kTlsAlertDecodeError) {
......@@ -216,29 +214,31 @@ class TlsExtensionTestBase : public TlsConnectTestBase {
class TlsExtensionTestDtls : public TlsExtensionTestBase,
public ::testing::WithParamInterface<uint16_t> {
public:
TlsExtensionTestDtls() : TlsExtensionTestBase(DGRAM, GetParam()) {}
TlsExtensionTestDtls()
: TlsExtensionTestBase(ssl_variant_datagram, GetParam()) {}
};
class TlsExtensionTest12Plus
: public TlsExtensionTestBase,
public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
class TlsExtensionTest12Plus : public TlsExtensionTestBase,
public ::testing::WithParamInterface<
std::tuple<SSLProtocolVariant, uint16_t>> {
public:
TlsExtensionTest12Plus()
: TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
}
};
class TlsExtensionTest12
: public TlsExtensionTestBase,
public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
class TlsExtensionTest12 : public TlsExtensionTestBase,
public ::testing::WithParamInterface<
std::tuple<SSLProtocolVariant, uint16_t>> {
public:
TlsExtensionTest12()
: TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
}
};
class TlsExtensionTest13 : public TlsExtensionTestBase,
public ::testing::WithParamInterface<std::string> {
class TlsExtensionTest13
: public TlsExtensionTestBase,
public ::testing::WithParamInterface<SSLProtocolVariant> {
public:
TlsExtensionTest13()
: TlsExtensionTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_3) {}
......@@ -266,21 +266,21 @@ class TlsExtensionTest13 : public TlsExtensionTestBase,
class TlsExtensionTest13Stream : public TlsExtensionTestBase {
public:
TlsExtensionTest13Stream()
: TlsExtensionTestBase(STREAM, SSL_LIBRARY_VERSION_TLS_1_3) {}
: TlsExtensionTestBase(ssl_variant_stream, SSL_LIBRARY_VERSION_TLS_1_3) {}
};
class TlsExtensionTestGeneric
: public TlsExtensionTestBase,
public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
class TlsExtensionTestGeneric : public TlsExtensionTestBase,
public ::testing::WithParamInterface<
std::tuple<SSLProtocolVariant, uint16_t>> {
public:
TlsExtensionTestGeneric()
: TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
}
};
class TlsExtensionTestPre13
: public TlsExtensionTestBase,
public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
class TlsExtensionTestPre13 : public TlsExtensionTestBase,
public ::testing::WithParamInterface<
std::tuple<SSLProtocolVariant, uint16_t>> {
public:
TlsExtensionTestPre13()
: TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
......@@ -992,9 +992,9 @@ TEST_P(TlsExtensionTest13, OddVersionList) {
// TODO: this only tests extensions in server messages. The client can extend
// Certificate messages, which is not checked here.
class TlsBogusExtensionTest
: public TlsConnectTestBase,
public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
class TlsBogusExtensionTest : public TlsConnectTestBase,
public ::testing::WithParamInterface<
std::tuple<SSLProtocolVariant, uint16_t>> {
public:
TlsBogusExtensionTest()
: TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
......@@ -1044,7 +1044,7 @@ class TlsBogusExtensionTest13 : public TlsBogusExtensionTest {
client_->ExpectSendAlert(kTlsAlertUnsupportedExtension);
client_->Handshake();
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
}
server_->Handshake();
......@@ -1139,40 +1139,43 @@ TEST_P(TlsConnectStream, IncludePadding) {
EXPECT_TRUE(capture->captured());
}
INSTANTIATE_TEST_CASE_P(ExtensionStream, TlsExtensionTestGeneric,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsVAll));
INSTANTIATE_TEST_CASE_P(
ExtensionStream, TlsExtensionTestGeneric,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsVAll));
INSTANTIATE_TEST_CASE_P(
ExtensionDatagram, TlsExtensionTestGeneric,
::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
TlsConnectTestBase::kTlsV11Plus));
INSTANTIATE_TEST_CASE_P(ExtensionDatagramOnly, TlsExtensionTestDtls,
TlsConnectTestBase::kTlsV11Plus);
INSTANTIATE_TEST_CASE_P(ExtensionTls12Plus, TlsExtensionTest12Plus,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12Plus));
INSTANTIATE_TEST_CASE_P(ExtensionPre13Stream, TlsExtensionTestPre13,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10ToV12));
INSTANTIATE_TEST_CASE_P(
ExtensionPre13Stream, TlsExtensionTestPre13,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10ToV12));
INSTANTIATE_TEST_CASE_P(ExtensionPre13Datagram, TlsExtensionTestPre13,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV11V12));
INSTANTIATE_TEST_CASE_P(ExtensionTls13, TlsExtensionTest13,
TlsConnectTestBase::kTlsModesAll);
TlsConnectTestBase::kTlsVariantsAll);
INSTANTIATE_TEST_CASE_P(BogusExtensionStream, TlsBogusExtensionTestPre13,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10ToV12));
INSTANTIATE_TEST_CASE_P(
BogusExtensionStream, TlsBogusExtensionTestPre13,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10ToV12));
INSTANTIATE_TEST_CASE_P(
BogusExtensionDatagram, TlsBogusExtensionTestPre13,
::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
TlsConnectTestBase::kTlsV11V12));
INSTANTIATE_TEST_CASE_P(BogusExtension13, TlsBogusExtensionTest13,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV13));
} // namespace nss_test
......@@ -11,7 +11,7 @@ namespace nss_test {
class GatherV2ClientHelloTest : public TlsConnectTestBase {
public:
GatherV2ClientHelloTest() : TlsConnectTestBase(STREAM, 0) {}
GatherV2ClientHelloTest() : TlsConnectTestBase(ssl_variant_stream, 0) {}
void ConnectExpectMalformedClientHello(const DataBuffer &data) {
EnsureTlsSetup();
......
......@@ -106,7 +106,7 @@ TEST_P(TlsConnectTls13, SecondClientHelloRejectEarlyDataXtn) {
// A new client that tries to resume with 0-RTT but doesn't send the
// correct key share(s). The server will respond with an HRR.
auto orig_client =
std::make_shared<TlsAgent>(client_->name(), TlsAgent::CLIENT, mode_);
std::make_shared<TlsAgent>(client_->name(), TlsAgent::CLIENT, variant_);
client_.swap(orig_client);
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_3);
......@@ -130,7 +130,7 @@ TEST_P(TlsConnectTls13, SecondClientHelloRejectEarlyDataXtn) {
orig_client.reset();
// Correct the DTLS message sequence number after an HRR.
if (mode_ == DGRAM) {
if (variant_ == ssl_variant_datagram) {
client_->SetPacketFilter(
std::make_shared<CorrectMessageSeqAfterHrrFilter>());
}
......@@ -253,7 +253,7 @@ TEST_F(TlsConnectTest, Select12AfterHelloRetryRequest) {
// Here we replace the TLS server with one that does TLS 1.2 only.
// This will happily send the client a TLS 1.2 ServerHello.
server_.reset(new TlsAgent(server_->name(), TlsAgent::SERVER, mode_));
server_.reset(new TlsAgent(server_->name(), TlsAgent::SERVER, variant_));
client_->SetPeer(server_);
server_->SetPeer(client_);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
......@@ -357,11 +357,11 @@ TEST_P(HelloRetryRequestAgentTest, HandleHelloRetryRequestCookie) {
}
INSTANTIATE_TEST_CASE_P(HelloRetryRequestAgentTests, HelloRetryRequestAgentTest,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV13));
#ifndef NSS_DISABLE_TLS_1_3
INSTANTIATE_TEST_CASE_P(HelloRetryRequestKeyExchangeTests, TlsKeyExchange13,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV13));
#endif
......
......@@ -130,7 +130,7 @@ TEST_P(TlsConnectTls13, CaptureAlertClient) {
client_->ExpectSendAlert(kTlsAlertDecodeError);
server_->Handshake();
client_->Handshake();
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
// DTLS just drops the alert it can't decrypt.
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
}
......@@ -227,7 +227,8 @@ TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
client_->EnableCompression();
server_->EnableCompression();
Connect();
EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 && mode_ != DGRAM,
EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 &&
variant_ != ssl_variant_datagram,
client_->is_compressed());
SendReceive();
}
......@@ -320,12 +321,13 @@ TEST_F(TlsConnectStreamTls13, NegotiateShortHeaders) {
Connect();
}
INSTANTIATE_TEST_CASE_P(GenericStream, TlsConnectGeneric,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsVAll));
INSTANTIATE_TEST_CASE_P(
GenericStream, TlsConnectGeneric,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsVAll));
INSTANTIATE_TEST_CASE_P(
GenericDatagram, TlsConnectGeneric,
::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
TlsConnectTestBase::kTlsV11Plus));
INSTANTIATE_TEST_CASE_P(StreamOnly, TlsConnectStream,
......@@ -333,33 +335,35 @@ INSTANTIATE_TEST_CASE_P(StreamOnly, TlsConnectStream,
INSTANTIATE_TEST_CASE_P(DatagramOnly, TlsConnectDatagram,
TlsConnectTestBase::kTlsV11Plus);
INSTANTIATE_TEST_CASE_P(Pre12Stream, TlsConnectPre12,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10V11));
INSTANTIATE_TEST_CASE_P(
Pre12Stream, TlsConnectPre12,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10V11));
INSTANTIATE_TEST_CASE_P(
Pre12Datagram, TlsConnectPre12,
::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
TlsConnectTestBase::kTlsV11));
INSTANTIATE_TEST_CASE_P(Version12Only, TlsConnectTls12,
TlsConnectTestBase::kTlsModesAll);
TlsConnectTestBase::kTlsVariantsAll);
#ifndef NSS_DISABLE_TLS_1_3
INSTANTIATE_TEST_CASE_P(Version13Only, TlsConnectTls13,
TlsConnectTestBase::kTlsModesAll);
TlsConnectTestBase::kTlsVariantsAll);
#endif
INSTANTIATE_TEST_CASE_P(Pre13Stream, TlsConnectGenericPre13,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10ToV12));
INSTANTIATE_TEST_CASE_P(
Pre13Stream, TlsConnectGenericPre13,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10ToV12));
INSTANTIATE_TEST_CASE_P(
Pre13Datagram, TlsConnectGenericPre13,
::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
TlsConnectTestBase::kTlsV11V12));
INSTANTIATE_TEST_CASE_P(Pre13StreamOnly, TlsConnectStreamPre13,
TlsConnectTestBase::kTlsV10ToV12);
INSTANTIATE_TEST_CASE_P(Version12Plus, TlsConnectTls12Plus,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12Plus));
} // namespace nspr_test
......@@ -523,7 +523,7 @@ class SelectedVersionReplacer : public TlsHandshakeFilter {
// lower version number on resumption.
TEST_P(TlsConnectGenericPre13, TestResumptionOverrideVersion) {
uint16_t override_version = 0;
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
switch (version_) {
case SSL_LIBRARY_VERSION_TLS_1_0:
return; // Skip the test.
......
......@@ -78,9 +78,9 @@ class TlsHandshakeSkipFilter : public TlsRecordFilter {
bool skipped_;
};
class TlsSkipTest
: public TlsConnectTestBase,
public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
class TlsSkipTest : public TlsConnectTestBase,
public ::testing::WithParamInterface<
std::tuple<SSLProtocolVariant, uint16_t>> {
protected:
TlsSkipTest()
: TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
......@@ -93,7 +93,7 @@ class TlsSkipTest
};
class Tls13SkipTest : public TlsConnectTestBase,
public ::testing::WithParamInterface<std::string> {
public ::testing::WithParamInterface<SSLProtocolVariant> {
protected:
Tls13SkipTest()
: TlsConnectTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_3) {}
......@@ -103,14 +103,14 @@ class Tls13SkipTest : public TlsConnectTestBase,
server_->SetTlsRecordFilter(filter);
filter->EnableDecryption();
client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
} else {
ConnectExpectFailOneSide(TlsAgent::CLIENT);
}
client_->CheckErrorCode(error);
if (mode_ == STREAM) {
if (variant_ == ssl_variant_stream) {
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
} else {
ASSERT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
......@@ -227,12 +227,13 @@ TEST_P(Tls13SkipTest, SkipClientCertificateVerify) {
SSL_ERROR_RX_UNEXPECTED_FINISHED);
}
INSTANTIATE_TEST_CASE_P(SkipTls10, TlsSkipTest,
::testing::Combine(TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10));
INSTANTIATE_TEST_CASE_P(
SkipTls10, TlsSkipTest,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10));
INSTANTIATE_TEST_CASE_P(SkipVariants, TlsSkipTest,
::testing::Combine(TlsConnectTestBase::kTlsModesAll,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV11V12));
INSTANTIATE_TEST_CASE_P(Skip13Variants, Tls13SkipTest,
TlsConnectTestBase::kTlsModesAll);
TlsConnectTestBase::kTlsVariantsAll);
} // namespace nss_test
......@@ -141,10 +141,11 @@ class SSLv2ClientHelloFilter : public PacketFilter {
class SSLv2ClientHelloTestF : public TlsConnectTestBase {
public:
SSLv2ClientHelloTestF() : TlsConnectTestBase(STREAM, 0), filter_(nullptr) {}
SSLv2ClientHelloTestF()
: TlsConnectTestBase(ssl_variant_stream, 0), filter_(nullptr) {}
SSLv2ClientHelloTestF(Mode mode, uint16_t version)
: TlsConnectTestBase(mode, version), filter_(nullptr) {}
SSLv2ClientHelloTestF(SSLProtocolVariant variant, uint16_t version)
: TlsConnectTestBase(variant, version), filter_(nullptr) {}
void SetUp() {
TlsConnectTestBase::SetUp();
......@@ -193,7 +194,8 @@ class SSLv2ClientHelloTestF : public TlsConnectTestBase {
class SSLv2ClientHelloTest : public SSLv2ClientHelloTestF,
public ::testing::WithParamInterface<uint16_t> {
public:
SSLv2ClientHelloTest() : SSLv2ClientHelloTestF(STREAM, GetParam()) {}
SSLv2ClientHelloTest()
: SSLv2ClientHelloTestF(ssl_variant_stream, GetParam()) {}
};
// Test negotiating TLS 1.0 - 1.2.
......
......@@ -260,7 +260,7 @@ TEST_P(TlsConnectGeneric, AlertBeforeServerHello) {
static const uint8_t kWarningAlert[] = {kTlsAlertWarning,
kTlsAlertUnrecognizedName};
DataBuffer alert;
TlsAgentTestBase::MakeRecord(mode_, kTlsAlertType,
TlsAgentTestBase::MakeRecord(variant_, kTlsAlertType,