From e0a8d0e90a4e6cc9865afdf1185b81bb282d2afa Mon Sep 17 00:00:00 2001
From: Kevin Jacobs <kjacobs@mozilla.com>
Date: Tue, 10 Dec 2019 20:16:48 +0000
Subject: [PATCH] Bug 1590001 - Additional HRR Tests. r=mt

This patch adds new tests for version limitations after a HRR.

Differential Revision: https://phabricator.services.mozilla.com/D51023

--HG--
extra : moz-landing-system : lando
---
 gtests/ssl_gtest/ssl_hrr_unittest.cc | 108 +++++++++++++++++++++++++++
 1 file changed, 108 insertions(+)

diff --git a/gtests/ssl_gtest/ssl_hrr_unittest.cc b/gtests/ssl_gtest/ssl_hrr_unittest.cc
index 264c761347..56b7a2bf0c 100644
--- a/gtests/ssl_gtest/ssl_hrr_unittest.cc
+++ b/gtests/ssl_gtest/ssl_hrr_unittest.cc
@@ -1213,6 +1213,114 @@ TEST_P(TlsConnectStreamPre13, HrrRandomOnTls10) {
   server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
+TEST_F(TlsConnectStreamTls13, HrrThenTls12) {
+  StartConnect();
+  size_t cb_called = 0;
+  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+                                                      RetryHello, &cb_called));
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  client_->Handshake();  // Send CH (1.3)
+  server_->Handshake();  // Send HRR.
+  EXPECT_EQ(1U, cb_called);
+
+  // Replace the client with a new TLS 1.2 client. Don't call Init(), since
+  // it will artifically limit the server's vrange.
+  client_.reset(
+      new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+
+  client_->StartConnect();
+  client_->Handshake();  // Send CH (1.2)
+  ExpectAlert(server_, kTlsAlertProtocolVersion);
+  server_->Handshake();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+}
+
+TEST_F(TlsConnectStreamTls13, ZeroRttHrrThenTls12) {
+  SetupForZeroRtt();
+
+  client_->Set0RttEnabled(true);
+  size_t cb_called = 0;
+  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+                                                      RetryHello, &cb_called));
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  client_->Handshake();  // Send CH (1.3)
+  ZeroRttSendReceive(true, false);
+  server_->Handshake();  // Send HRR.
+  EXPECT_EQ(1U, cb_called);
+
+  // Replace the client with a new TLS 1.2 client. Don't call Init(), since
+  // it will artifically limit the server's vrange.
+  client_.reset(
+      new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+
+  client_->StartConnect();
+  client_->Handshake();  // Send CH (1.2)
+  ExpectAlert(server_, kTlsAlertProtocolVersion);
+  server_->Handshake();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+
+  // Try to write something
+  server_->Handshake();
+  client_->ExpectReadWriteError();
+  client_->SendData(1);
+  uint8_t buf[1];
+  EXPECT_EQ(-1, PR_Read(server_->ssl_fd(), buf, sizeof(buf)));
+  EXPECT_EQ(SSL_ERROR_HANDSHAKE_FAILED, PR_GetError());
+}
+
+TEST_F(TlsConnectStreamTls13, HrrThenTls12SupportedVersions) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  size_t cb_called = 0;
+  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+                                                      RetryHello, &cb_called));
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  client_->Handshake();  // Send CH (1.3)
+  ZeroRttSendReceive(true, false);
+  server_->Handshake();  // Send HRR.
+  EXPECT_EQ(1U, cb_called);
+
+  // Replace the client with a new TLS 1.2 client. Don't call Init(), since
+  // it will artifically limit the server's vrange.
+  client_.reset(
+      new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  // Negotiate via supported_versions
+  static const uint8_t tls12[] = {0x02, 0x03, 0x03};
+  auto replacer = MakeTlsFilter<TlsExtensionInjector>(
+      client_, ssl_tls13_supported_versions_xtn,
+      DataBuffer(tls12, sizeof(tls12)));
+
+  client_->StartConnect();
+  client_->Handshake();  // Send CH (1.2)
+  ExpectAlert(server_, kTlsAlertProtocolVersion);
+  server_->Handshake();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+}
+
 INSTANTIATE_TEST_CASE_P(HelloRetryRequestAgentTests, HelloRetryRequestAgentTest,
                         ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
                                            TlsConnectTestBase::kTlsV13));