diff options
Diffstat (limited to 'nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc')
-rw-r--r-- | nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc | 122 |
1 files changed, 68 insertions, 54 deletions
diff --git a/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc b/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc index 01a0250..5a03733 100644 --- a/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc +++ b/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc @@ -221,6 +221,7 @@ class TLSCertificateToEncodedCertificateChanger : public TlsRecordFilter { static SECStatus SimpleXorCertCompEncode(const SECItem* input, SECItem* output) { SECITEM_CopyItem(NULL, output, input); + PORT_Memcpy(output->data, input->data, output->len); for (size_t i = 0; i < output->len; i++) { output->data[i] ^= 0x55; } @@ -228,12 +229,18 @@ static SECStatus SimpleXorCertCompEncode(const SECItem* input, } /* Test decoding function. */ -static SECStatus SimpleXorCertCompDecode(const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { - SECITEM_CopyItem(NULL, output, input); - for (size_t i = 0; i < output->len; i++) { - output->data[i] ^= 0x55; +static SECStatus SimpleXorCertCompDecode(const SECItem* input, uint8_t* output, + size_t outputLen, + size_t* receivedOutputLen) { + if (input->len != outputLen) { + return SECFailure; + } + + PORT_Memcpy(output, input->data, input->len); + for (size_t i = 0; i < outputLen; i++) { + output[i] ^= 0x55; } + *receivedOutputLen = outputLen; return SECSuccess; } @@ -248,13 +255,19 @@ static SECStatus SimpleXorWithDifferentValueEncode(const SECItem* input, } /* Test decoding function. */ -static SECStatus SimpleXorWithDifferentValueDecode( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { - SECITEM_CopyItem(NULL, output, input); - for (size_t i = 0; i < output->len; i++) { - output->data[i] ^= 0x77; +static SECStatus SimpleXorWithDifferentValueDecode(const SECItem* input, + uint8_t* output, + size_t outputLen, + size_t* receivedOutputLen) { + if (input->len != outputLen) { + return SECFailure; + } + + PORT_Memcpy(output, input->data, input->len); + for (size_t i = 0; i < outputLen; i++) { + output[i] ^= 0x77; } + *receivedOutputLen = outputLen; return SECSuccess; } @@ -1128,47 +1141,6 @@ TEST_F(TlsConnectStreamTls13, CertificateCompression_ReceivedWrongAlgorithm) { SEC_ERROR_CERTIFICATE_COMPRESSION_ALGORITHM_NOT_SUPPORTED); } -static SECStatus SimpleXorCertCompDecode_length_smaller_than_given( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { - SECITEM_MakeItem(NULL, output, input->data, input->len - 1); - return SECSuccess; -} - -/* - * The next test modifies the length of the received certificate - * (uncompressed_length field of CompressedCertificate). - */ -TEST_F(TlsConnectStreamTls13, CertificateCompression_ReceivedWrongLength) { - EnsureTlsSetup(); - auto filterExtension = - MakeTlsFilter<TLSCertificateCompressionCertificateModifier>(server_, 0x6, - 0xff); - SSLCertificateCompressionAlgorithm t = { - 0xff01, "test function", SimpleXorCertCompEncode, - SimpleXorCertCompDecode_length_smaller_than_given}; - - EXPECT_EQ(SECSuccess, - SSLExp_SetCertificateCompressionAlgorithm(server_->ssl_fd(), t)); - EXPECT_EQ(SECSuccess, - SSLExp_SetCertificateCompressionAlgorithm(client_->ssl_fd(), t)); - - ExpectAlert(client_, kTlsAlertBadCertificate); - StartConnect(); - - client_->SetServerKeyBits(server_->server_key_bits()); - client_->Handshake(); - server_->Handshake(); - - ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING), 5000); - ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state()); - - client_->ExpectSendAlert(kTlsAlertCloseNotify); - server_->ExpectReceiveAlert(kTlsAlertCloseNotify); - - client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CERTIFICATE); -} - /* The next test modifies the length of the encoded certificate * (compressed_certificate_message len); * the new length is compressed_certificate_message is equal to 0. @@ -1275,8 +1247,8 @@ static SECStatus SimpleXorCertCompEncode_always_error(const SECItem* input, /* Test decoding function. Returns error unconditionally. */ static SECStatus SimpleXorCertCompDecode_always_error( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { + const SECItem* input, uint8_t* output, size_t outputLen, + size_t* receivedOutputLen) { return SECFailure; } @@ -1333,6 +1305,48 @@ TEST_F(TlsConnectStreamTls13, CertificateCompression_CertificateCannotDecode) { client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CERTIFICATE); } +/* Decoding function returning unexpected decoded certificate length. */ +static SECStatus WrongUsedLenCertCompDecode(const SECItem* input, + uint8_t* output, size_t outputLen, + size_t* receivedOutputLen) { + if (input->len != outputLen) { + return SECFailure; + } + + PORT_Memcpy(output, input->data, input->len); + *receivedOutputLen = outputLen - 1; + + return SECSuccess; +} + +TEST_F(TlsConnectStreamTls13, + CertificateCompression_WrongDecodedCertificateLength) { + EnsureTlsSetup(); + + SSLCertificateCompressionAlgorithm t = {0xff01, "test function", + SimpleXorCertCompEncode, + WrongUsedLenCertCompDecode}; + + EXPECT_EQ(SECSuccess, + SSLExp_SetCertificateCompressionAlgorithm(server_->ssl_fd(), t)); + EXPECT_EQ(SECSuccess, + SSLExp_SetCertificateCompressionAlgorithm(client_->ssl_fd(), t)); + + ExpectAlert(client_, kTlsAlertBadCertificate); + StartConnect(); + + client_->SetServerKeyBits(server_->server_key_bits()); + client_->Handshake(); + server_->Handshake(); + + ASSERT_TRUE_WAIT(client_->state() != TlsAgent::STATE_CONNECTING, 5000); + + server_->ExpectReceiveAlert(kTlsAlertCloseNotify); + client_->ExpectSendAlert(kTlsAlertCloseNotify); + + client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CERTIFICATE); +} + /* The test checking the client authentification is successful using certificate * compression. */ TEST_F(TlsConnectStreamTls13, CertificateCompression_PostAuth) { |