Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1471126 - Rename SSL3ContentType and make it public, r=ekr
The renaming here is less widespread than I expected.  I removed the
content_alt_handshake while I was at this; no point in putting that in a public
API.

--HG--
extra : rebase_source : 5be9dcc2fea371eb56f8b9238bf669031d9dc369
  • Loading branch information
martinthomson committed Jun 26, 2018
1 parent 5bf6d70 commit f37cabf
Show file tree
Hide file tree
Showing 29 changed files with 162 additions and 170 deletions.
9 changes: 1 addition & 8 deletions cpputil/tls_parser.h
Expand Up @@ -20,13 +20,6 @@

namespace nss_test {

const uint8_t kTlsChangeCipherSpecType = 20;
const uint8_t kTlsAlertType = 21;
const uint8_t kTlsHandshakeType = 22;
const uint8_t kTlsApplicationDataType = 23;
const uint8_t kTlsAltHandshakeType = 24;
const uint8_t kTlsAckType = 25;

const uint8_t kTlsHandshakeClientHello = 1;
const uint8_t kTlsHandshakeServerHello = 2;
const uint8_t kTlsHandshakeNewSessionTicket = 4;
Expand Down Expand Up @@ -60,7 +53,7 @@ const uint8_t kTlsAlertUnrecognizedName = 112;
const uint8_t kTlsAlertNoApplicationProtocol = 120;

const uint8_t kTlsFakeChangeCipherSpec[] = {
kTlsChangeCipherSpecType, // Type
ssl_ct_change_cipher_spec, // Type
0xfe,
0xff, // Version
0x00,
Expand Down
28 changes: 14 additions & 14 deletions gtests/ssl_gtest/ssl_agent_unittest.cc
Expand Up @@ -64,8 +64,8 @@ TEST_P(TlsAgentTestClient13, CannedHello) {
auto sh = MakeCannedTls13ServerHello();
MakeHandshakeMessage(kTlsHandshakeServerHello, sh.data(), sh.len(),
&server_hello);
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello.data(), server_hello.len(), &buffer);
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3, server_hello.data(),
server_hello.len(), &buffer);
ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
}

Expand All @@ -79,8 +79,8 @@ TEST_P(TlsAgentTestClient13, EncryptedExtensionsInClear) {
&encrypted_extensions, 1);
server_hello.Append(encrypted_extensions);
DataBuffer buffer;
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello.data(), server_hello.len(), &buffer);
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3, server_hello.data(),
server_hello.len(), &buffer);
EnsureInit();
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
Expand All @@ -97,11 +97,11 @@ TEST_F(TlsAgentStreamTestClient, EncryptedExtensionsInClearTwoPieces) {
&encrypted_extensions, 1);
server_hello.Append(encrypted_extensions);
DataBuffer buffer;
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello.data(), kFirstFragmentSize, &buffer);
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3, server_hello.data(),
kFirstFragmentSize, &buffer);

DataBuffer buffer2;
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello.data() + kFirstFragmentSize,
server_hello.len() - kFirstFragmentSize, &buffer2);

Expand Down Expand Up @@ -129,11 +129,11 @@ TEST_F(TlsAgentDgramTestClient, EncryptedExtensionsInClearTwoPieces) {
&encrypted_extensions, 1);
server_hello_frag2.Append(encrypted_extensions);
DataBuffer buffer;
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello_frag1.data(), server_hello_frag1.len(), &buffer);

DataBuffer buffer2;
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello_frag2.data(), server_hello_frag2.len(), &buffer2, 1);

EnsureInit();
Expand All @@ -150,7 +150,7 @@ TEST_F(TlsAgentDgramTestClient, AckWithBogusLengthField) {
// Length doesn't match
const uint8_t ackBuf[] = {0x00, 0x08, 0x00};
DataBuffer record;
MakeRecord(variant_, kTlsAckType, SSL_LIBRARY_VERSION_TLS_1_2, ackBuf,
MakeRecord(variant_, ssl_ct_ack, SSL_LIBRARY_VERSION_TLS_1_2, ackBuf,
sizeof(ackBuf), &record, 0);
agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
SSL_LIBRARY_VERSION_TLS_1_3);
Expand All @@ -164,7 +164,7 @@ TEST_F(TlsAgentDgramTestClient, AckWithNonEvenLength) {
// Length isn't a multiple of 8
const uint8_t ackBuf[] = {0x00, 0x01, 0x00};
DataBuffer record;
MakeRecord(variant_, kTlsAckType, SSL_LIBRARY_VERSION_TLS_1_2, ackBuf,
MakeRecord(variant_, ssl_ct_ack, SSL_LIBRARY_VERSION_TLS_1_2, ackBuf,
sizeof(ackBuf), &record, 0);
agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
SSL_LIBRARY_VERSION_TLS_1_3);
Expand Down Expand Up @@ -196,7 +196,7 @@ TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenRead) {
agent_->StartConnect();
agent_->Set0RttEnabled(true);
DataBuffer buffer;
MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
MakeRecord(ssl_ct_application_data, SSL_LIBRARY_VERSION_TLS_1_3,
reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
&buffer);
ExpectAlert(kTlsAlertUnexpectedMessage);
Expand All @@ -214,10 +214,10 @@ TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
agent_->StartConnect();
agent_->Set0RttEnabled(true);
DataBuffer buffer;
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3,
kCannedTls13ClientHello, sizeof(kCannedTls13ClientHello), &buffer);
ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
MakeRecord(ssl_ct_application_data, SSL_LIBRARY_VERSION_TLS_1_3,
reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
&buffer);
ExpectAlert(kTlsAlertBadRecordMac);
Expand Down
4 changes: 2 additions & 2 deletions gtests/ssl_gtest/ssl_auth_unittest.cc
Expand Up @@ -482,7 +482,7 @@ class BeforeFinished : public TlsRecordFilter {
switch (state_) {
case BEFORE_CCS:
// Awaken when we see the CCS.
if (header.content_type() == kTlsChangeCipherSpecType) {
if (header.content_type() == ssl_ct_change_cipher_spec) {
before_ccs_();

// Write the CCS out as a separate write, so that we can make
Expand All @@ -499,7 +499,7 @@ class BeforeFinished : public TlsRecordFilter {
break;

case AFTER_CCS:
EXPECT_EQ(kTlsHandshakeType, header.content_type());
EXPECT_EQ(ssl_ct_handshake, header.content_type());
// This could check that data contains a Finished message, but it's
// encrypted, so that's too much extra work.

Expand Down
2 changes: 1 addition & 1 deletion gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
Expand Up @@ -282,7 +282,7 @@ TEST_P(TlsCipherSuiteTest, ReadLimit) {
} else {
epoch = 0;
}
TlsAgentTestBase::MakeRecord(variant_, kTlsApplicationDataType, version_,
TlsAgentTestBase::MakeRecord(variant_, ssl_ct_application_data, version_,
payload, sizeof(payload), &record,
(epoch << 48) | record_limit());
client_->SendDirect(record);
Expand Down
8 changes: 4 additions & 4 deletions gtests/ssl_gtest/ssl_drop_unittest.cc
Expand Up @@ -123,7 +123,7 @@ class TlsDropDatagram13 : public TlsConnectDatagram13,

void Init(const std::shared_ptr<TlsAgent>& agent) {
records_ = std::make_shared<TlsRecordRecorder>(agent);
ack_ = std::make_shared<TlsRecordRecorder>(agent, content_ack);
ack_ = std::make_shared<TlsRecordRecorder>(agent, ssl_ct_ack);
ack_->EnableDecryption();
drop_ = std::make_shared<SelectiveRecordDropFilter>(agent, 0, false);
chain_ = std::make_shared<ChainedPacketFilter>(
Expand Down Expand Up @@ -670,7 +670,7 @@ TEST_P(TlsDropDatagram13, SendOutOfOrderAppWithHandshakeKey) {
ASSERT_NE(nullptr, spec.get());
ASSERT_EQ(2, spec->epoch());
ASSERT_TRUE(client_->SendEncryptedRecord(spec, 0x0002000000000002,
kTlsApplicationDataType,
ssl_ct_application_data,
DataBuffer(buf, sizeof(buf))));

// Now have the server consume the bogus message.
Expand All @@ -696,7 +696,7 @@ TEST_P(TlsDropDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) {
ASSERT_NE(nullptr, spec.get());
ASSERT_EQ(2, spec->epoch());
ASSERT_TRUE(client_->SendEncryptedRecord(spec, 0x0002000000000002,
kTlsHandshakeType,
ssl_ct_handshake,
DataBuffer(buf, sizeof(buf))));
server_->Handshake();
EXPECT_EQ(2UL, server_filters_.ack_->count());
Expand Down Expand Up @@ -899,7 +899,7 @@ class TlsReplaceFirstRecordWithJunk : public TlsRecordFilter {
}
replaced_ = true;
TlsRecordHeader out_header(header.variant(), header.version(),
kTlsApplicationDataType,
ssl_ct_application_data,
header.sequence_number());

static const uint8_t junk[] = {1, 2, 3, 4};
Expand Down
4 changes: 2 additions & 2 deletions gtests/ssl_gtest/ssl_fragment_unittest.cc
Expand Up @@ -106,8 +106,8 @@ class RecordFragmenter : public PacketFilter {
}

// Just rewrite the sequence number (CCS only).
if (header.content_type() != kTlsHandshakeType) {
EXPECT_EQ(kTlsChangeCipherSpecType, header.content_type());
if (header.content_type() != ssl_ct_handshake) {
EXPECT_EQ(ssl_ct_change_cipher_spec, header.content_type());
WriteRecord(header, record);
continue;
}
Expand Down
2 changes: 1 addition & 1 deletion gtests/ssl_gtest/ssl_fuzz_unittest.cc
Expand Up @@ -33,7 +33,7 @@ class TlsApplicationDataRecorder : public TlsRecordFilter {
virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
const DataBuffer& input,
DataBuffer* output) {
if (header.content_type() == kTlsApplicationDataType) {
if (header.content_type() == ssl_ct_application_data) {
buffer_.Append(input);
}

Expand Down
4 changes: 2 additions & 2 deletions gtests/ssl_gtest/ssl_hrr_unittest.cc
Expand Up @@ -76,7 +76,7 @@ class CorrectMessageSeqAfterHrrFilter : public TlsRecordFilter {
PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
const DataBuffer& record, size_t* offset,
DataBuffer* output) {
if (filtered_packets() > 0 || header.content_type() != content_handshake) {
if (filtered_packets() > 0 || header.content_type() != ssl_ct_handshake) {
return KEEP;
}

Expand Down Expand Up @@ -1014,7 +1014,7 @@ class HelloRetryRequestAgentTest : public TlsAgentTestClient {
DataBuffer hrr;
MakeHandshakeMessage(kTlsHandshakeServerHello, hrr_data.data(),
hrr_data.len(), &hrr, seq_num);
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3, hrr.data(),
MakeRecord(ssl_ct_handshake, SSL_LIBRARY_VERSION_TLS_1_3, hrr.data(),
hrr.len(), hrr_record, seq_num);
}

Expand Down
8 changes: 5 additions & 3 deletions gtests/ssl_gtest/ssl_loopback_unittest.cc
Expand Up @@ -65,7 +65,7 @@ class TlsAlertRecorder : public TlsRecordFilter {
if (level_ != 255) { // Already captured.
return KEEP;
}
if (header.content_type() != kTlsAlertType) {
if (header.content_type() != ssl_ct_alert) {
return KEEP;
}

Expand Down Expand Up @@ -426,13 +426,15 @@ class TlsPreCCSHeaderInjector : public TlsRecordFilter {
virtual PacketFilter::Action FilterRecord(
const TlsRecordHeader& record_header, const DataBuffer& input,
size_t* offset, DataBuffer* output) override {
if (record_header.content_type() != kTlsChangeCipherSpecType) return KEEP;
if (record_header.content_type() != ssl_ct_change_cipher_spec) {
return KEEP;
}

std::cerr << "Injecting Finished header before CCS\n";
const uint8_t hhdr[] = {kTlsHandshakeFinished, 0x00, 0x00, 0x0c};
DataBuffer hhdr_buf(hhdr, sizeof(hhdr));
TlsRecordHeader nhdr(record_header.variant(), record_header.version(),
kTlsHandshakeType, 0);
ssl_ct_handshake, 0);
*offset = nhdr.Write(output, *offset, hhdr_buf);
*offset = record_header.Write(output, *offset, input);
return CHANGE;
Expand Down
2 changes: 1 addition & 1 deletion gtests/ssl_gtest/ssl_record_unittest.cc
Expand Up @@ -111,7 +111,7 @@ class RecordReplacer : public TlsRecordFilter {
PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
const DataBuffer& data,
DataBuffer* changed) override {
EXPECT_EQ(kTlsApplicationDataType, header.content_type());
EXPECT_EQ(ssl_ct_application_data, header.content_type());
changed->Allocate(size_);

for (size_t i = 0; i < size_; ++i) {
Expand Down
8 changes: 4 additions & 4 deletions gtests/ssl_gtest/ssl_recordsize_unittest.cc
Expand Up @@ -34,7 +34,7 @@ class TlsRecordMaximum : public TlsRecordFilter {
DataBuffer* output) override {
std::cerr << "max: " << record << std::endl;
// Ignore unprotected packets.
if (header.content_type() != kTlsApplicationDataType) {
if (header.content_type() != ssl_ct_application_data) {
return KEEP;
}

Expand Down Expand Up @@ -187,7 +187,7 @@ class TlsRecordExpander : public TlsRecordFilter {
virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
const DataBuffer& data,
DataBuffer* changed) {
if (header.content_type() != kTlsApplicationDataType) {
if (header.content_type() != ssl_ct_application_data) {
return KEEP;
}
changed->Allocate(data.len() + expansion_);
Expand Down Expand Up @@ -252,7 +252,7 @@ class TlsRecordPadder : public TlsRecordFilter {
PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
const DataBuffer& record, size_t* offset,
DataBuffer* output) override {
if (header.content_type() != kTlsApplicationDataType) {
if (header.content_type() != ssl_ct_application_data) {
return KEEP;
}

Expand All @@ -262,7 +262,7 @@ class TlsRecordPadder : public TlsRecordFilter {
return KEEP;
}

if (inner_content_type != kTlsApplicationDataType) {
if (inner_content_type != ssl_ct_application_data) {
return KEEP;
}

Expand Down
2 changes: 1 addition & 1 deletion gtests/ssl_gtest/ssl_skip_unittest.cc
Expand Up @@ -32,7 +32,7 @@ class TlsHandshakeSkipFilter : public TlsRecordFilter {
virtual PacketFilter::Action FilterRecord(
const TlsRecordHeader& record_header, const DataBuffer& input,
DataBuffer* output) {
if (record_header.content_type() != kTlsHandshakeType) {
if (record_header.content_type() != ssl_ct_handshake) {
return KEEP;
}

Expand Down
18 changes: 9 additions & 9 deletions gtests/ssl_gtest/ssl_tls13compat_unittest.cc
Expand Up @@ -82,7 +82,7 @@ class Tls13CompatTest : public TlsConnectStreamTls13 {
// Only the second record can be a CCS.
bool expected_match = expected && (i == 1);
EXPECT_EQ(expected_match,
kTlsChangeCipherSpecType ==
ssl_ct_change_cipher_spec ==
records_->record(i).header.content_type());
}
}
Expand Down Expand Up @@ -307,7 +307,7 @@ TEST_F(TlsConnectTest, TLS13NonCompatModeSessionID) {
}

static const uint8_t kCannedCcs[] = {
kTlsChangeCipherSpecType,
ssl_ct_change_cipher_spec,
SSL_LIBRARY_VERSION_TLS_1_2 >> 8,
SSL_LIBRARY_VERSION_TLS_1_2 & 0xff,
0,
Expand Down Expand Up @@ -370,14 +370,14 @@ TEST_F(TlsConnectDatagram13, CompatModeDtlsClient) {
Connect();

ASSERT_EQ(2U, client_records->count()); // CH, Fin
EXPECT_EQ(kTlsHandshakeType, client_records->record(0).header.content_type());
EXPECT_EQ(kTlsApplicationDataType,
EXPECT_EQ(ssl_ct_handshake, client_records->record(0).header.content_type());
EXPECT_EQ(ssl_ct_application_data,
client_records->record(1).header.content_type());

ASSERT_EQ(6U, server_records->count()); // SH, EE, CT, CV, Fin, Ack
EXPECT_EQ(kTlsHandshakeType, server_records->record(0).header.content_type());
EXPECT_EQ(ssl_ct_handshake, server_records->record(0).header.content_type());
for (size_t i = 1; i < server_records->count(); ++i) {
EXPECT_EQ(kTlsApplicationDataType,
EXPECT_EQ(ssl_ct_application_data,
server_records->record(i).header.content_type());
}
}
Expand Down Expand Up @@ -422,12 +422,12 @@ TEST_F(TlsConnectDatagram13, CompatModeDtlsServer) {
client_->Handshake();

ASSERT_EQ(1U, client_records->count());
EXPECT_EQ(kTlsHandshakeType, client_records->record(0).header.content_type());
EXPECT_EQ(ssl_ct_handshake, client_records->record(0).header.content_type());

ASSERT_EQ(5U, server_records->count()); // SH, EE, CT, CV, Fin
EXPECT_EQ(kTlsHandshakeType, server_records->record(0).header.content_type());
EXPECT_EQ(ssl_ct_handshake, server_records->record(0).header.content_type());
for (size_t i = 1; i < server_records->count(); ++i) {
EXPECT_EQ(kTlsApplicationDataType,
EXPECT_EQ(ssl_ct_application_data,
server_records->record(i).header.content_type());
}

Expand Down
2 changes: 1 addition & 1 deletion gtests/ssl_gtest/ssl_version_unittest.cc
Expand Up @@ -158,7 +158,7 @@ TEST_P(TlsConnectGeneric, AlertBeforeServerHello) {
static const uint8_t kWarningAlert[] = {kTlsAlertWarning,
kTlsAlertUnrecognizedName};
DataBuffer alert;
TlsAgentTestBase::MakeRecord(variant_, kTlsAlertType,
TlsAgentTestBase::MakeRecord(variant_, ssl_ct_alert,
SSL_LIBRARY_VERSION_TLS_1_0, kWarningAlert,
PR_ARRAY_SIZE(kWarningAlert), &alert);
client_->adapter()->PacketReceived(alert);
Expand Down
12 changes: 6 additions & 6 deletions gtests/ssl_gtest/tls_agent.cc
Expand Up @@ -976,7 +976,7 @@ bool TlsAgent::SendEncryptedRecord(const std::shared_ptr<TlsCipherSpec>& spec,
LOGV("Encrypting " << buf.len() << " bytes");
// Ensure that we are doing TLS 1.3.
EXPECT_GE(expected_version_, SSL_LIBRARY_VERSION_TLS_1_3);
TlsRecordHeader header(variant_, expected_version_, kTlsApplicationDataType,
TlsRecordHeader header(variant_, expected_version_, ssl_ct_application_data,
seq);
DataBuffer padded = buf;
padded.Write(padded.len(), ct, 1);
Expand Down Expand Up @@ -1105,7 +1105,7 @@ void TlsAgentTestBase::MakeRecord(SSLProtocolVariant variant, uint8_t type,
if (variant == ssl_variant_stream) {
index = out->Write(index, version, 2);
} else if (version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
type == kTlsApplicationDataType) {
type == ssl_ct_application_data) {
uint32_t epoch = (sequence_number >> 48) & 0x3;
uint32_t seqno = sequence_number & ((1ULL << 30) - 1);
index = out->Write(index, (epoch << 30) | seqno, 4);
Expand Down Expand Up @@ -1158,10 +1158,10 @@ void TlsAgentTestBase::MakeTrivialHandshakeRecord(uint8_t hs_type,
size_t hs_len,
DataBuffer* out) {
size_t index = 0;
index = out->Write(index, kTlsHandshakeType, 1); // Content Type
index = out->Write(index, 3, 1); // Version high
index = out->Write(index, 1, 1); // Version low
index = out->Write(index, 4 + hs_len, 2); // Length
index = out->Write(index, ssl_ct_handshake, 1); // Content Type
index = out->Write(index, 3, 1); // Version high
index = out->Write(index, 1, 1); // Version low
index = out->Write(index, 4 + hs_len, 2); // Length

index = out->Write(index, hs_type, 1); // Handshake record type.
index = out->Write(index, hs_len, 3); // Handshake length
Expand Down

0 comments on commit f37cabf

Please sign in to comment.