PageRenderTime 95ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/libgo/go/crypto/tls/handshake_messages_test.go

https://gitlab.com/adotout/gcc
Go | 465 lines | 400 code | 49 blank | 16 comment | 68 complexity | 0945ccb0c15b2deb95d8ca2b33b0ea54 MD5 | raw file
  1. // Copyright 2009 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package tls
  5. import (
  6. "bytes"
  7. "math/rand"
  8. "reflect"
  9. "strings"
  10. "testing"
  11. "testing/quick"
  12. "time"
  13. )
  14. var tests = []any{
  15. &clientHelloMsg{},
  16. &serverHelloMsg{},
  17. &finishedMsg{},
  18. &certificateMsg{},
  19. &certificateRequestMsg{},
  20. &certificateVerifyMsg{
  21. hasSignatureAlgorithm: true,
  22. },
  23. &certificateStatusMsg{},
  24. &clientKeyExchangeMsg{},
  25. &newSessionTicketMsg{},
  26. &sessionState{},
  27. &sessionStateTLS13{},
  28. &encryptedExtensionsMsg{},
  29. &endOfEarlyDataMsg{},
  30. &keyUpdateMsg{},
  31. &newSessionTicketMsgTLS13{},
  32. &certificateRequestMsgTLS13{},
  33. &certificateMsgTLS13{},
  34. }
  35. func TestMarshalUnmarshal(t *testing.T) {
  36. rand := rand.New(rand.NewSource(time.Now().UnixNano()))
  37. for i, iface := range tests {
  38. ty := reflect.ValueOf(iface).Type()
  39. n := 100
  40. if testing.Short() {
  41. n = 5
  42. }
  43. for j := 0; j < n; j++ {
  44. v, ok := quick.Value(ty, rand)
  45. if !ok {
  46. t.Errorf("#%d: failed to create value", i)
  47. break
  48. }
  49. m1 := v.Interface().(handshakeMessage)
  50. marshaled := m1.marshal()
  51. m2 := iface.(handshakeMessage)
  52. if !m2.unmarshal(marshaled) {
  53. t.Errorf("#%d failed to unmarshal %#v %x", i, m1, marshaled)
  54. break
  55. }
  56. m2.marshal() // to fill any marshal cache in the message
  57. if !reflect.DeepEqual(m1, m2) {
  58. t.Errorf("#%d got:%#v want:%#v %x", i, m2, m1, marshaled)
  59. break
  60. }
  61. if i >= 3 {
  62. // The first three message types (ClientHello,
  63. // ServerHello and Finished) are allowed to
  64. // have parsable prefixes because the extension
  65. // data is optional and the length of the
  66. // Finished varies across versions.
  67. for j := 0; j < len(marshaled); j++ {
  68. if m2.unmarshal(marshaled[0:j]) {
  69. t.Errorf("#%d unmarshaled a prefix of length %d of %#v", i, j, m1)
  70. break
  71. }
  72. }
  73. }
  74. }
  75. }
  76. }
  77. func TestFuzz(t *testing.T) {
  78. rand := rand.New(rand.NewSource(0))
  79. for _, iface := range tests {
  80. m := iface.(handshakeMessage)
  81. for j := 0; j < 1000; j++ {
  82. len := rand.Intn(100)
  83. bytes := randomBytes(len, rand)
  84. // This just looks for crashes due to bounds errors etc.
  85. m.unmarshal(bytes)
  86. }
  87. }
  88. }
  89. func randomBytes(n int, rand *rand.Rand) []byte {
  90. r := make([]byte, n)
  91. if _, err := rand.Read(r); err != nil {
  92. panic("rand.Read failed: " + err.Error())
  93. }
  94. return r
  95. }
  96. func randomString(n int, rand *rand.Rand) string {
  97. b := randomBytes(n, rand)
  98. return string(b)
  99. }
  100. func (*clientHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  101. m := &clientHelloMsg{}
  102. m.vers = uint16(rand.Intn(65536))
  103. m.random = randomBytes(32, rand)
  104. m.sessionId = randomBytes(rand.Intn(32), rand)
  105. m.cipherSuites = make([]uint16, rand.Intn(63)+1)
  106. for i := 0; i < len(m.cipherSuites); i++ {
  107. cs := uint16(rand.Int31())
  108. if cs == scsvRenegotiation {
  109. cs += 1
  110. }
  111. m.cipherSuites[i] = cs
  112. }
  113. m.compressionMethods = randomBytes(rand.Intn(63)+1, rand)
  114. if rand.Intn(10) > 5 {
  115. m.serverName = randomString(rand.Intn(255), rand)
  116. for strings.HasSuffix(m.serverName, ".") {
  117. m.serverName = m.serverName[:len(m.serverName)-1]
  118. }
  119. }
  120. m.ocspStapling = rand.Intn(10) > 5
  121. m.supportedPoints = randomBytes(rand.Intn(5)+1, rand)
  122. m.supportedCurves = make([]CurveID, rand.Intn(5)+1)
  123. for i := range m.supportedCurves {
  124. m.supportedCurves[i] = CurveID(rand.Intn(30000) + 1)
  125. }
  126. if rand.Intn(10) > 5 {
  127. m.ticketSupported = true
  128. if rand.Intn(10) > 5 {
  129. m.sessionTicket = randomBytes(rand.Intn(300), rand)
  130. } else {
  131. m.sessionTicket = make([]byte, 0)
  132. }
  133. }
  134. if rand.Intn(10) > 5 {
  135. m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
  136. }
  137. if rand.Intn(10) > 5 {
  138. m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
  139. }
  140. for i := 0; i < rand.Intn(5); i++ {
  141. m.alpnProtocols = append(m.alpnProtocols, randomString(rand.Intn(20)+1, rand))
  142. }
  143. if rand.Intn(10) > 5 {
  144. m.scts = true
  145. }
  146. if rand.Intn(10) > 5 {
  147. m.secureRenegotiationSupported = true
  148. m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
  149. }
  150. for i := 0; i < rand.Intn(5); i++ {
  151. m.supportedVersions = append(m.supportedVersions, uint16(rand.Intn(0xffff)+1))
  152. }
  153. if rand.Intn(10) > 5 {
  154. m.cookie = randomBytes(rand.Intn(500)+1, rand)
  155. }
  156. for i := 0; i < rand.Intn(5); i++ {
  157. var ks keyShare
  158. ks.group = CurveID(rand.Intn(30000) + 1)
  159. ks.data = randomBytes(rand.Intn(200)+1, rand)
  160. m.keyShares = append(m.keyShares, ks)
  161. }
  162. switch rand.Intn(3) {
  163. case 1:
  164. m.pskModes = []uint8{pskModeDHE}
  165. case 2:
  166. m.pskModes = []uint8{pskModeDHE, pskModePlain}
  167. }
  168. for i := 0; i < rand.Intn(5); i++ {
  169. var psk pskIdentity
  170. psk.obfuscatedTicketAge = uint32(rand.Intn(500000))
  171. psk.label = randomBytes(rand.Intn(500)+1, rand)
  172. m.pskIdentities = append(m.pskIdentities, psk)
  173. m.pskBinders = append(m.pskBinders, randomBytes(rand.Intn(50)+32, rand))
  174. }
  175. if rand.Intn(10) > 5 {
  176. m.earlyData = true
  177. }
  178. return reflect.ValueOf(m)
  179. }
  180. func (*serverHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  181. m := &serverHelloMsg{}
  182. m.vers = uint16(rand.Intn(65536))
  183. m.random = randomBytes(32, rand)
  184. m.sessionId = randomBytes(rand.Intn(32), rand)
  185. m.cipherSuite = uint16(rand.Int31())
  186. m.compressionMethod = uint8(rand.Intn(256))
  187. m.supportedPoints = randomBytes(rand.Intn(5)+1, rand)
  188. if rand.Intn(10) > 5 {
  189. m.ocspStapling = true
  190. }
  191. if rand.Intn(10) > 5 {
  192. m.ticketSupported = true
  193. }
  194. if rand.Intn(10) > 5 {
  195. m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
  196. }
  197. for i := 0; i < rand.Intn(4); i++ {
  198. m.scts = append(m.scts, randomBytes(rand.Intn(500)+1, rand))
  199. }
  200. if rand.Intn(10) > 5 {
  201. m.secureRenegotiationSupported = true
  202. m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
  203. }
  204. if rand.Intn(10) > 5 {
  205. m.supportedVersion = uint16(rand.Intn(0xffff) + 1)
  206. }
  207. if rand.Intn(10) > 5 {
  208. m.cookie = randomBytes(rand.Intn(500)+1, rand)
  209. }
  210. if rand.Intn(10) > 5 {
  211. for i := 0; i < rand.Intn(5); i++ {
  212. m.serverShare.group = CurveID(rand.Intn(30000) + 1)
  213. m.serverShare.data = randomBytes(rand.Intn(200)+1, rand)
  214. }
  215. } else if rand.Intn(10) > 5 {
  216. m.selectedGroup = CurveID(rand.Intn(30000) + 1)
  217. }
  218. if rand.Intn(10) > 5 {
  219. m.selectedIdentityPresent = true
  220. m.selectedIdentity = uint16(rand.Intn(0xffff))
  221. }
  222. return reflect.ValueOf(m)
  223. }
  224. func (*encryptedExtensionsMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  225. m := &encryptedExtensionsMsg{}
  226. if rand.Intn(10) > 5 {
  227. m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
  228. }
  229. return reflect.ValueOf(m)
  230. }
  231. func (*certificateMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  232. m := &certificateMsg{}
  233. numCerts := rand.Intn(20)
  234. m.certificates = make([][]byte, numCerts)
  235. for i := 0; i < numCerts; i++ {
  236. m.certificates[i] = randomBytes(rand.Intn(10)+1, rand)
  237. }
  238. return reflect.ValueOf(m)
  239. }
  240. func (*certificateRequestMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  241. m := &certificateRequestMsg{}
  242. m.certificateTypes = randomBytes(rand.Intn(5)+1, rand)
  243. for i := 0; i < rand.Intn(100); i++ {
  244. m.certificateAuthorities = append(m.certificateAuthorities, randomBytes(rand.Intn(15)+1, rand))
  245. }
  246. return reflect.ValueOf(m)
  247. }
  248. func (*certificateVerifyMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  249. m := &certificateVerifyMsg{}
  250. m.hasSignatureAlgorithm = true
  251. m.signatureAlgorithm = SignatureScheme(rand.Intn(30000))
  252. m.signature = randomBytes(rand.Intn(15)+1, rand)
  253. return reflect.ValueOf(m)
  254. }
  255. func (*certificateStatusMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  256. m := &certificateStatusMsg{}
  257. m.response = randomBytes(rand.Intn(10)+1, rand)
  258. return reflect.ValueOf(m)
  259. }
  260. func (*clientKeyExchangeMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  261. m := &clientKeyExchangeMsg{}
  262. m.ciphertext = randomBytes(rand.Intn(1000)+1, rand)
  263. return reflect.ValueOf(m)
  264. }
  265. func (*finishedMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  266. m := &finishedMsg{}
  267. m.verifyData = randomBytes(12, rand)
  268. return reflect.ValueOf(m)
  269. }
  270. func (*newSessionTicketMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  271. m := &newSessionTicketMsg{}
  272. m.ticket = randomBytes(rand.Intn(4), rand)
  273. return reflect.ValueOf(m)
  274. }
  275. func (*sessionState) Generate(rand *rand.Rand, size int) reflect.Value {
  276. s := &sessionState{}
  277. s.vers = uint16(rand.Intn(10000))
  278. s.cipherSuite = uint16(rand.Intn(10000))
  279. s.masterSecret = randomBytes(rand.Intn(100)+1, rand)
  280. s.createdAt = uint64(rand.Int63())
  281. for i := 0; i < rand.Intn(20); i++ {
  282. s.certificates = append(s.certificates, randomBytes(rand.Intn(500)+1, rand))
  283. }
  284. return reflect.ValueOf(s)
  285. }
  286. func (*sessionStateTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  287. s := &sessionStateTLS13{}
  288. s.cipherSuite = uint16(rand.Intn(10000))
  289. s.resumptionSecret = randomBytes(rand.Intn(100)+1, rand)
  290. s.createdAt = uint64(rand.Int63())
  291. for i := 0; i < rand.Intn(2)+1; i++ {
  292. s.certificate.Certificate = append(
  293. s.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
  294. }
  295. if rand.Intn(10) > 5 {
  296. s.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
  297. }
  298. if rand.Intn(10) > 5 {
  299. for i := 0; i < rand.Intn(2)+1; i++ {
  300. s.certificate.SignedCertificateTimestamps = append(
  301. s.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
  302. }
  303. }
  304. return reflect.ValueOf(s)
  305. }
  306. func (*endOfEarlyDataMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  307. m := &endOfEarlyDataMsg{}
  308. return reflect.ValueOf(m)
  309. }
  310. func (*keyUpdateMsg) Generate(rand *rand.Rand, size int) reflect.Value {
  311. m := &keyUpdateMsg{}
  312. m.updateRequested = rand.Intn(10) > 5
  313. return reflect.ValueOf(m)
  314. }
  315. func (*newSessionTicketMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  316. m := &newSessionTicketMsgTLS13{}
  317. m.lifetime = uint32(rand.Intn(500000))
  318. m.ageAdd = uint32(rand.Intn(500000))
  319. m.nonce = randomBytes(rand.Intn(100), rand)
  320. m.label = randomBytes(rand.Intn(1000), rand)
  321. if rand.Intn(10) > 5 {
  322. m.maxEarlyData = uint32(rand.Intn(500000))
  323. }
  324. return reflect.ValueOf(m)
  325. }
  326. func (*certificateRequestMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  327. m := &certificateRequestMsgTLS13{}
  328. if rand.Intn(10) > 5 {
  329. m.ocspStapling = true
  330. }
  331. if rand.Intn(10) > 5 {
  332. m.scts = true
  333. }
  334. if rand.Intn(10) > 5 {
  335. m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
  336. }
  337. if rand.Intn(10) > 5 {
  338. m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
  339. }
  340. if rand.Intn(10) > 5 {
  341. m.certificateAuthorities = make([][]byte, 3)
  342. for i := 0; i < 3; i++ {
  343. m.certificateAuthorities[i] = randomBytes(rand.Intn(10)+1, rand)
  344. }
  345. }
  346. return reflect.ValueOf(m)
  347. }
  348. func (*certificateMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
  349. m := &certificateMsgTLS13{}
  350. for i := 0; i < rand.Intn(2)+1; i++ {
  351. m.certificate.Certificate = append(
  352. m.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
  353. }
  354. if rand.Intn(10) > 5 {
  355. m.ocspStapling = true
  356. m.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
  357. }
  358. if rand.Intn(10) > 5 {
  359. m.scts = true
  360. for i := 0; i < rand.Intn(2)+1; i++ {
  361. m.certificate.SignedCertificateTimestamps = append(
  362. m.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
  363. }
  364. }
  365. return reflect.ValueOf(m)
  366. }
  367. func TestRejectEmptySCTList(t *testing.T) {
  368. // RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid.
  369. var random [32]byte
  370. sct := []byte{0x42, 0x42, 0x42, 0x42}
  371. serverHello := serverHelloMsg{
  372. vers: VersionTLS12,
  373. random: random[:],
  374. scts: [][]byte{sct},
  375. }
  376. serverHelloBytes := serverHello.marshal()
  377. var serverHelloCopy serverHelloMsg
  378. if !serverHelloCopy.unmarshal(serverHelloBytes) {
  379. t.Fatal("Failed to unmarshal initial message")
  380. }
  381. // Change serverHelloBytes so that the SCT list is empty
  382. i := bytes.Index(serverHelloBytes, sct)
  383. if i < 0 {
  384. t.Fatal("Cannot find SCT in ServerHello")
  385. }
  386. var serverHelloEmptySCT []byte
  387. serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[:i-6]...)
  388. // Append the extension length and SCT list length for an empty list.
  389. serverHelloEmptySCT = append(serverHelloEmptySCT, []byte{0, 2, 0, 0}...)
  390. serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[i+4:]...)
  391. // Update the handshake message length.
  392. serverHelloEmptySCT[1] = byte((len(serverHelloEmptySCT) - 4) >> 16)
  393. serverHelloEmptySCT[2] = byte((len(serverHelloEmptySCT) - 4) >> 8)
  394. serverHelloEmptySCT[3] = byte(len(serverHelloEmptySCT) - 4)
  395. // Update the extensions length
  396. serverHelloEmptySCT[42] = byte((len(serverHelloEmptySCT) - 44) >> 8)
  397. serverHelloEmptySCT[43] = byte((len(serverHelloEmptySCT) - 44))
  398. if serverHelloCopy.unmarshal(serverHelloEmptySCT) {
  399. t.Fatal("Unmarshaled ServerHello with empty SCT list")
  400. }
  401. }
  402. func TestRejectEmptySCT(t *testing.T) {
  403. // Not only must the SCT list be non-empty, but the SCT elements must
  404. // not be zero length.
  405. var random [32]byte
  406. serverHello := serverHelloMsg{
  407. vers: VersionTLS12,
  408. random: random[:],
  409. scts: [][]byte{nil},
  410. }
  411. serverHelloBytes := serverHello.marshal()
  412. var serverHelloCopy serverHelloMsg
  413. if serverHelloCopy.unmarshal(serverHelloBytes) {
  414. t.Fatal("Unmarshaled ServerHello with zero-length SCT")
  415. }
  416. }