Commit e0a8d0e9 authored by Kevin Jacobs's avatar Kevin Jacobs

Bug 1590001 - Additional HRR Tests. r=mt

This patch adds new tests for version limitations after a HRR.

Differential Revision: https://phabricator.services.mozilla.com/D51023

--HG--
extra : moz-landing-system : lando
parent 7a530724
......@@ -1213,6 +1213,114 @@ TEST_P(TlsConnectStreamPre13, HrrRandomOnTls10) {
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
}
TEST_F(TlsConnectStreamTls13, HrrThenTls12) {
StartConnect();
size_t cb_called = 0;
EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
RetryHello, &cb_called));
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_3);
client_->Handshake(); // Send CH (1.3)
server_->Handshake(); // Send HRR.
EXPECT_EQ(1U, cb_called);
// Replace the client with a new TLS 1.2 client. Don't call Init(), since
// it will artifically limit the server's vrange.
client_.reset(
new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
client_->SetPeer(server_);
server_->SetPeer(client_);
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_2);
client_->StartConnect();
client_->Handshake(); // Send CH (1.2)
ExpectAlert(server_, kTlsAlertProtocolVersion);
server_->Handshake();
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
client_->Handshake();
client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
}
TEST_F(TlsConnectStreamTls13, ZeroRttHrrThenTls12) {
SetupForZeroRtt();
client_->Set0RttEnabled(true);
size_t cb_called = 0;
EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
RetryHello, &cb_called));
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_3);
client_->Handshake(); // Send CH (1.3)
ZeroRttSendReceive(true, false);
server_->Handshake(); // Send HRR.
EXPECT_EQ(1U, cb_called);
// Replace the client with a new TLS 1.2 client. Don't call Init(), since
// it will artifically limit the server's vrange.
client_.reset(
new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
client_->SetPeer(server_);
server_->SetPeer(client_);
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_2);
client_->StartConnect();
client_->Handshake(); // Send CH (1.2)
ExpectAlert(server_, kTlsAlertProtocolVersion);
server_->Handshake();
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
client_->Handshake();
client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
// Try to write something
server_->Handshake();
client_->ExpectReadWriteError();
client_->SendData(1);
uint8_t buf[1];
EXPECT_EQ(-1, PR_Read(server_->ssl_fd(), buf, sizeof(buf)));
EXPECT_EQ(SSL_ERROR_HANDSHAKE_FAILED, PR_GetError());
}
TEST_F(TlsConnectStreamTls13, HrrThenTls12SupportedVersions) {
SetupForZeroRtt();
client_->Set0RttEnabled(true);
size_t cb_called = 0;
EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
RetryHello, &cb_called));
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_3);
client_->Handshake(); // Send CH (1.3)
ZeroRttSendReceive(true, false);
server_->Handshake(); // Send HRR.
EXPECT_EQ(1U, cb_called);
// Replace the client with a new TLS 1.2 client. Don't call Init(), since
// it will artifically limit the server's vrange.
client_.reset(
new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
client_->SetPeer(server_);
server_->SetPeer(client_);
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_2);
// Negotiate via supported_versions
static const uint8_t tls12[] = {0x02, 0x03, 0x03};
auto replacer = MakeTlsFilter<TlsExtensionInjector>(
client_, ssl_tls13_supported_versions_xtn,
DataBuffer(tls12, sizeof(tls12)));
client_->StartConnect();
client_->Handshake(); // Send CH (1.2)
ExpectAlert(server_, kTlsAlertProtocolVersion);
server_->Handshake();
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
client_->Handshake();
client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
}
INSTANTIATE_TEST_CASE_P(HelloRetryRequestAgentTests, HelloRetryRequestAgentTest,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV13));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment