PageRenderTime 63ms CodeModel.GetById 23ms RepoModel.GetById 1ms app.codeStats 0ms

/libgo/go/crypto/tls/handshake_messages_test.go

https://gitlab.com/4144/gcc
Go | 482 lines | 415 code | 51 blank | 16 comment | 71 complexity | 6f2307b390f9ba547ece1ac8e69c89da MD5 | raw file
  1. // Copyright 2009 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package tls
  5. import (
  6. "bytes"
  7. "math/rand"
  8. "reflect"
  9. "strings"
  10. "testing"
  11. "testing/quick"
  12. "time"
  13. )
  14. var tests = []interface{}{
  15. &clientHelloMsg{},
  16. &serverHelloMsg{},
  17. &finishedMsg{},
  18. &certificateMsg{},
  19. &certificateRequestMsg{},
  20. &certificateVerifyMsg{
  21. hasSignatureAlgorithm: true,
  22. },
  23. &certificateStatusMsg{},
  24. &clientKeyExchangeMsg{},
  25. &nextProtoMsg{},
  26. &newSessionTicketMsg{},
  27. &sessionState{},
  28. &sessionStateTLS13{},
  29. &encryptedExtensionsMsg{},
  30. &endOfEarlyDataMsg{},
  31. &keyUpdateMsg{},
  32. &newSessionTicketMsgTLS13{},
  33. &certificateRequestMsgTLS13{},
  34. &certificateMsgTLS13{},
  35. }
  36. func TestMarshalUnmarshal(t *testing.T) {
  37. rand := rand.New(rand.NewSource(time.Now().UnixNano()))
  38. for i, iface := range tests {
  39. ty := reflect.ValueOf(iface).Type()
  40. n := 100
  41. if testing.Short() {
  42. n = 5
  43. }
  44. for j := 0; j < n; j++ {
  45. v, ok := quick.Value(ty, rand)
  46. if !ok {
  47. t.Errorf("#%d: failed to create value", i)
  48. break
  49. }
  50. m1 := v.Interface().(handshakeMessage)
  51. marshaled := m1.marshal()
  52. m2 := iface.(handshakeMessage)
  53. if !m2.unmarshal(marshaled) {
  54. t.Errorf("#%d failed to unmarshal %#v %x", i, m1, marshaled)
  55. break
  56. }
  57. m2.marshal() // to fill any marshal cache in the message
  58. if !reflect.DeepEqual(m1, m2) {
  59. t.Errorf("#%d got:%#v want:%#v %x", i, m2, m1, marshaled)
  60. break
  61. }
  62. if i >= 3 {
  63. // The first three message types (ClientHello,
  64. // ServerHello and Finished) are allowed to
  65. // have parsable prefixes because the extension
  66. // data is optional and the length of the
  67. // Finished varies across versions.
  68. for j := 0; j < len(marshaled); j++ {
  69. if m2.unmarshal(marshaled[0:j]) {
  70. t.Errorf("#%d unmarshaled a prefix of length %d of %#v", i, j, m1)
  71. break
  72. }
  73. }
  74. }
  75. }
  76. }
  77. }
  78. func TestFuzz(t *testing.T) {
  79. rand := rand.New(rand.NewSource(0))
  80. for _, iface := range tests {
  81. m := iface.(handshakeMessage)
  82. for j := 0; j < 1000; j++ {
  83. len := rand.Intn(100)
  84. bytes := randomBytes(len, rand)
  85. // This just looks for crashes due to bounds errors etc.
  86. m.unmarshal(bytes)
  87. }
  88. }
  89. }
  90. func randomBytes(n int, rand *rand.Rand) []byte {
  91. r := make([]byte, n)
  92. if _, err := rand.Read(r); err != nil {
  93. panic("rand.Read failed: " + err.Error())
  94. }
  95. return r
  96. }
  97. func randomString(n int, rand *rand.Rand) string {
  98. b := randomBytes(n, rand)
  99. return string(b)
  100. }
  101. func (*clientHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  102. m := &clientHelloMsg{}
  103. m.vers = uint16(rand.Intn(65536))
  104. m.random = randomBytes(32, rand)
  105. m.sessionId = randomBytes(rand.Intn(32), rand)
  106. m.cipherSuites = make([]uint16, rand.Intn(63)+1)
  107. for i := 0; i < len(m.cipherSuites); i++ {
  108. cs := uint16(rand.Int31())
  109. if cs == scsvRenegotiation {
  110. cs += 1
  111. }
  112. m.cipherSuites[i] = cs
  113. }
  114. m.compressionMethods = randomBytes(rand.Intn(63)+1, rand)
  115. if rand.Intn(10) > 5 {
  116. m.nextProtoNeg = true
  117. }
  118. if rand.Intn(10) > 5 {
  119. m.serverName = randomString(rand.Intn(255), rand)
  120. for strings.HasSuffix(m.serverName, ".") {
  121. m.serverName = m.serverName[:len(m.serverName)-1]
  122. }
  123. }
  124. m.ocspStapling = rand.Intn(10) > 5
  125. m.supportedPoints = randomBytes(rand.Intn(5)+1, rand)
  126. m.supportedCurves = make([]CurveID, rand.Intn(5)+1)
  127. for i := range m.supportedCurves {
  128. m.supportedCurves[i] = CurveID(rand.Intn(30000) + 1)
  129. }
  130. if rand.Intn(10) > 5 {
  131. m.ticketSupported = true
  132. if rand.Intn(10) > 5 {
  133. m.sessionTicket = randomBytes(rand.Intn(300), rand)
  134. } else {
  135. m.sessionTicket = make([]byte, 0)
  136. }
  137. }
  138. if rand.Intn(10) > 5 {
  139. m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
  140. }
  141. if rand.Intn(10) > 5 {
  142. m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
  143. }
  144. for i := 0; i < rand.Intn(5); i++ {
  145. m.alpnProtocols = append(m.alpnProtocols, randomString(rand.Intn(20)+1, rand))
  146. }
  147. if rand.Intn(10) > 5 {
  148. m.scts = true
  149. }
  150. if rand.Intn(10) > 5 {
  151. m.secureRenegotiationSupported = true
  152. m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
  153. }
  154. for i := 0; i < rand.Intn(5); i++ {
  155. m.supportedVersions = append(m.supportedVersions, uint16(rand.Intn(0xffff)+1))
  156. }
  157. if rand.Intn(10) > 5 {
  158. m.cookie = randomBytes(rand.Intn(500)+1, rand)
  159. }
  160. for i := 0; i < rand.Intn(5); i++ {
  161. var ks keyShare
  162. ks.group = CurveID(rand.Intn(30000) + 1)
  163. ks.data = randomBytes(rand.Intn(200)+1, rand)
  164. m.keyShares = append(m.keyShares, ks)
  165. }
  166. switch rand.Intn(3) {
  167. case 1:
  168. m.pskModes = []uint8{pskModeDHE}
  169. case 2:
  170. m.pskModes = []uint8{pskModeDHE, pskModePlain}
  171. }
  172. for i := 0; i < rand.Intn(5); i++ {
  173. var psk pskIdentity
  174. psk.obfuscatedTicketAge = uint32(rand.Intn(500000))
  175. psk.label = randomBytes(rand.Intn(500)+1, rand)
  176. m.pskIdentities = append(m.pskIdentities, psk)
  177. m.pskBinders = append(m.pskBinders, randomBytes(rand.Intn(50)+32, rand))
  178. }
  179. if rand.Intn(10) > 5 {
  180. m.earlyData = true
  181. }
  182. return reflect.ValueOf(m)
  183. }
  184. func (*serverHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  185. m := &serverHelloMsg{}
  186. m.vers = uint16(rand.Intn(65536))
  187. m.random = randomBytes(32, rand)
  188. m.sessionId = randomBytes(rand.Intn(32), rand)
  189. m.cipherSuite = uint16(rand.Int31())
  190. m.compressionMethod = uint8(rand.Intn(256))
  191. if rand.Intn(10) > 5 {
  192. m.nextProtoNeg = true
  193. for i := 0; i < rand.Intn(10); i++ {
  194. m.nextProtos = append(m.nextProtos, randomString(20, rand))
  195. }
  196. }
  197. if rand.Intn(10) > 5 {
  198. m.ocspStapling = true
  199. }
  200. if rand.Intn(10) > 5 {
  201. m.ticketSupported = true
  202. }
  203. if rand.Intn(10) > 5 {
  204. m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
  205. }
  206. for i := 0; i < rand.Intn(4); i++ {
  207. m.scts = append(m.scts, randomBytes(rand.Intn(500)+1, rand))
  208. }
  209. if rand.Intn(10) > 5 {
  210. m.secureRenegotiationSupported = true
  211. m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
  212. }
  213. if rand.Intn(10) > 5 {
  214. m.supportedVersion = uint16(rand.Intn(0xffff) + 1)
  215. }
  216. if rand.Intn(10) > 5 {
  217. m.cookie = randomBytes(rand.Intn(500)+1, rand)
  218. }
  219. if rand.Intn(10) > 5 {
  220. for i := 0; i < rand.Intn(5); i++ {
  221. m.serverShare.group = CurveID(rand.Intn(30000) + 1)
  222. m.serverShare.data = randomBytes(rand.Intn(200)+1, rand)
  223. }
  224. } else if rand.Intn(10) > 5 {
  225. m.selectedGroup = CurveID(rand.Intn(30000) + 1)
  226. }
  227. if rand.Intn(10) > 5 {
  228. m.selectedIdentityPresent = true
  229. m.selectedIdentity = uint16(rand.Intn(0xffff))
  230. }
  231. return reflect.ValueOf(m)
  232. }
  233. func (*encryptedExtensionsMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  234. m := &encryptedExtensionsMsg{}
  235. if rand.Intn(10) > 5 {
  236. m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
  237. }
  238. return reflect.ValueOf(m)
  239. }
  240. func (*certificateMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  241. m := &certificateMsg{}
  242. numCerts := rand.Intn(20)
  243. m.certificates = make([][]byte, numCerts)
  244. for i := 0; i < numCerts; i++ {
  245. m.certificates[i] = randomBytes(rand.Intn(10)+1, rand)
  246. }
  247. return reflect.ValueOf(m)
  248. }
  249. func (*certificateRequestMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  250. m := &certificateRequestMsg{}
  251. m.certificateTypes = randomBytes(rand.Intn(5)+1, rand)
  252. for i := 0; i < rand.Intn(100); i++ {
  253. m.certificateAuthorities = append(m.certificateAuthorities, randomBytes(rand.Intn(15)+1, rand))
  254. }
  255. return reflect.ValueOf(m)
  256. }
  257. func (*certificateVerifyMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  258. m := &certificateVerifyMsg{}
  259. m.hasSignatureAlgorithm = true
  260. m.signatureAlgorithm = SignatureScheme(rand.Intn(30000))
  261. m.signature = randomBytes(rand.Intn(15)+1, rand)
  262. return reflect.ValueOf(m)
  263. }
  264. func (*certificateStatusMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  265. m := &certificateStatusMsg{}
  266. m.response = randomBytes(rand.Intn(10)+1, rand)
  267. return reflect.ValueOf(m)
  268. }
  269. func (*clientKeyExchangeMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  270. m := &clientKeyExchangeMsg{}
  271. m.ciphertext = randomBytes(rand.Intn(1000)+1, rand)
  272. return reflect.ValueOf(m)
  273. }
  274. func (*finishedMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  275. m := &finishedMsg{}
  276. m.verifyData = randomBytes(12, rand)
  277. return reflect.ValueOf(m)
  278. }
  279. func (*nextProtoMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  280. m := &nextProtoMsg{}
  281. m.proto = randomString(rand.Intn(255), rand)
  282. return reflect.ValueOf(m)
  283. }
  284. func (*newSessionTicketMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  285. m := &newSessionTicketMsg{}
  286. m.ticket = randomBytes(rand.Intn(4), rand)
  287. return reflect.ValueOf(m)
  288. }
  289. func (*sessionState) Generate(rand *rand.Rand, size int) reflect.Value {
  290. s := &sessionState{}
  291. s.vers = uint16(rand.Intn(10000))
  292. s.cipherSuite = uint16(rand.Intn(10000))
  293. s.masterSecret = randomBytes(rand.Intn(100), rand)
  294. numCerts := rand.Intn(20)
  295. s.certificates = make([][]byte, numCerts)
  296. for i := 0; i < numCerts; i++ {
  297. s.certificates[i] = randomBytes(rand.Intn(10)+1, rand)
  298. }
  299. return reflect.ValueOf(s)
  300. }
  301. func (*sessionStateTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  302. s := &sessionStateTLS13{}
  303. s.cipherSuite = uint16(rand.Intn(10000))
  304. s.resumptionSecret = randomBytes(rand.Intn(100)+1, rand)
  305. s.createdAt = uint64(rand.Int63())
  306. for i := 0; i < rand.Intn(2)+1; i++ {
  307. s.certificate.Certificate = append(
  308. s.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
  309. }
  310. if rand.Intn(10) > 5 {
  311. s.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
  312. }
  313. if rand.Intn(10) > 5 {
  314. for i := 0; i < rand.Intn(2)+1; i++ {
  315. s.certificate.SignedCertificateTimestamps = append(
  316. s.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
  317. }
  318. }
  319. return reflect.ValueOf(s)
  320. }
  321. func (*endOfEarlyDataMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  322. m := &endOfEarlyDataMsg{}
  323. return reflect.ValueOf(m)
  324. }
  325. func (*keyUpdateMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  326. m := &keyUpdateMsg{}
  327. m.updateRequested = rand.Intn(10) > 5
  328. return reflect.ValueOf(m)
  329. }
  330. func (*newSessionTicketMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  331. m := &newSessionTicketMsgTLS13{}
  332. m.lifetime = uint32(rand.Intn(500000))
  333. m.ageAdd = uint32(rand.Intn(500000))
  334. m.nonce = randomBytes(rand.Intn(100), rand)
  335. m.label = randomBytes(rand.Intn(1000), rand)
  336. if rand.Intn(10) > 5 {
  337. m.maxEarlyData = uint32(rand.Intn(500000))
  338. }
  339. return reflect.ValueOf(m)
  340. }
  341. func (*certificateRequestMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  342. m := &certificateRequestMsgTLS13{}
  343. if rand.Intn(10) > 5 {
  344. m.ocspStapling = true
  345. }
  346. if rand.Intn(10) > 5 {
  347. m.scts = true
  348. }
  349. if rand.Intn(10) > 5 {
  350. m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
  351. }
  352. if rand.Intn(10) > 5 {
  353. m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
  354. }
  355. if rand.Intn(10) > 5 {
  356. m.certificateAuthorities = make([][]byte, 3)
  357. for i := 0; i < 3; i++ {
  358. m.certificateAuthorities[i] = randomBytes(rand.Intn(10)+1, rand)
  359. }
  360. }
  361. return reflect.ValueOf(m)
  362. }
  363. func (*certificateMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  364. m := &certificateMsgTLS13{}
  365. for i := 0; i < rand.Intn(2)+1; i++ {
  366. m.certificate.Certificate = append(
  367. m.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
  368. }
  369. if rand.Intn(10) > 5 {
  370. m.ocspStapling = true
  371. m.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
  372. }
  373. if rand.Intn(10) > 5 {
  374. m.scts = true
  375. for i := 0; i < rand.Intn(2)+1; i++ {
  376. m.certificate.SignedCertificateTimestamps = append(
  377. m.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
  378. }
  379. }
  380. return reflect.ValueOf(m)
  381. }
  382. func TestRejectEmptySCTList(t *testing.T) {
  383. // RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid.
  384. var random [32]byte
  385. sct := []byte{0x42, 0x42, 0x42, 0x42}
  386. serverHello := serverHelloMsg{
  387. vers: VersionTLS12,
  388. random: random[:],
  389. scts: [][]byte{sct},
  390. }
  391. serverHelloBytes := serverHello.marshal()
  392. var serverHelloCopy serverHelloMsg
  393. if !serverHelloCopy.unmarshal(serverHelloBytes) {
  394. t.Fatal("Failed to unmarshal initial message")
  395. }
  396. // Change serverHelloBytes so that the SCT list is empty
  397. i := bytes.Index(serverHelloBytes, sct)
  398. if i < 0 {
  399. t.Fatal("Cannot find SCT in ServerHello")
  400. }
  401. var serverHelloEmptySCT []byte
  402. serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[:i-6]...)
  403. // Append the extension length and SCT list length for an empty list.
  404. serverHelloEmptySCT = append(serverHelloEmptySCT, []byte{0, 2, 0, 0}...)
  405. serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[i+4:]...)
  406. // Update the handshake message length.
  407. serverHelloEmptySCT[1] = byte((len(serverHelloEmptySCT) - 4) >> 16)
  408. serverHelloEmptySCT[2] = byte((len(serverHelloEmptySCT) - 4) >> 8)
  409. serverHelloEmptySCT[3] = byte(len(serverHelloEmptySCT) - 4)
  410. // Update the extensions length
  411. serverHelloEmptySCT[42] = byte((len(serverHelloEmptySCT) - 44) >> 8)
  412. serverHelloEmptySCT[43] = byte((len(serverHelloEmptySCT) - 44))
  413. if serverHelloCopy.unmarshal(serverHelloEmptySCT) {
  414. t.Fatal("Unmarshaled ServerHello with empty SCT list")
  415. }
  416. }
  417. func TestRejectEmptySCT(t *testing.T) {
  418. // Not only must the SCT list be non-empty, but the SCT elements must
  419. // not be zero length.
  420. var random [32]byte
  421. serverHello := serverHelloMsg{
  422. vers: VersionTLS12,
  423. random: random[:],
  424. scts: [][]byte{nil},
  425. }
  426. serverHelloBytes := serverHello.marshal()
  427. var serverHelloCopy serverHelloMsg
  428. if serverHelloCopy.unmarshal(serverHelloBytes) {
  429. t.Fatal("Unmarshaled ServerHello with zero-length SCT")
  430. }
  431. }