summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc')
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc531
1 files changed, 531 insertions, 0 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
new file mode 100644
index 0000000000..db0618e042
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -0,0 +1,531 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// variant, version, cipher suite
+typedef std::tuple<SSLProtocolVariant, uint16_t, uint16_t, SSLNamedGroup,
+ SSLSignatureScheme>
+ CipherSuiteProfile;
+
+class TlsCipherSuiteTestBase : public TlsConnectTestBase {
+ public:
+ TlsCipherSuiteTestBase(SSLProtocolVariant variant, uint16_t version,
+ uint16_t cipher_suite, SSLNamedGroup group,
+ SSLSignatureScheme sig_scheme)
+ : TlsConnectTestBase(variant, version),
+ cipher_suite_(cipher_suite),
+ group_(group),
+ sig_scheme_(sig_scheme),
+ csinfo_({0}) {
+ SECStatus rv =
+ SSL_GetCipherSuiteInfo(cipher_suite_, &csinfo_, sizeof(csinfo_));
+ EXPECT_EQ(SECSuccess, rv);
+ if (rv == SECSuccess) {
+ std::cerr << "Cipher suite: " << csinfo_.cipherSuiteName << std::endl;
+ }
+ auth_type_ = csinfo_.authType;
+ kea_type_ = csinfo_.keaType;
+ }
+
+ protected:
+ void EnableSingleCipher() {
+ EnsureTlsSetup();
+ // It doesn't matter which does this, but the test is better if both do it.
+ client_->EnableSingleCipher(cipher_suite_);
+ server_->EnableSingleCipher(cipher_suite_);
+
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ std::vector<SSLNamedGroup> groups = {group_};
+ if (cert_group_ != ssl_grp_none) {
+ groups.push_back(cert_group_);
+ }
+ client_->ConfigNamedGroups(groups);
+ server_->ConfigNamedGroups(groups);
+ kea_type_ = SSLInt_GetKEAType(group_);
+
+ client_->SetSignatureSchemes(&sig_scheme_, 1);
+ server_->SetSignatureSchemes(&sig_scheme_, 1);
+ }
+ }
+
+ virtual void SetupCertificate() {
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ switch (sig_scheme_) {
+ case ssl_sig_rsa_pss_rsae_sha256:
+ std::cerr << "Signature scheme: rsa_pss_rsae_sha256" << std::endl;
+ Reset(TlsAgent::kServerRsaSign);
+ auth_type_ = ssl_auth_rsa_sign;
+ break;
+ case ssl_sig_rsa_pss_rsae_sha384:
+ std::cerr << "Signature scheme: rsa_pss_rsae_sha384" << std::endl;
+ Reset(TlsAgent::kServerRsaSign);
+ auth_type_ = ssl_auth_rsa_sign;
+ break;
+ case ssl_sig_rsa_pss_rsae_sha512:
+ // You can't fit SHA-512 PSS in a 1024-bit key.
+ std::cerr << "Signature scheme: rsa_pss_rsae_sha512" << std::endl;
+ Reset(TlsAgent::kRsa2048);
+ auth_type_ = ssl_auth_rsa_sign;
+ break;
+ case ssl_sig_rsa_pss_pss_sha256:
+ std::cerr << "Signature scheme: rsa_pss_pss_sha256" << std::endl;
+ Reset(TlsAgent::kServerRsaPss);
+ auth_type_ = ssl_auth_rsa_pss;
+ break;
+ case ssl_sig_rsa_pss_pss_sha384:
+ std::cerr << "Signature scheme: rsa_pss_pss_sha384" << std::endl;
+ Reset("rsa_pss384");
+ auth_type_ = ssl_auth_rsa_pss;
+ break;
+ case ssl_sig_rsa_pss_pss_sha512:
+ std::cerr << "Signature scheme: rsa_pss_pss_sha512" << std::endl;
+ Reset("rsa_pss512");
+ auth_type_ = ssl_auth_rsa_pss;
+ break;
+ case ssl_sig_ecdsa_secp256r1_sha256:
+ std::cerr << "Signature scheme: ecdsa_secp256r1_sha256" << std::endl;
+ Reset(TlsAgent::kServerEcdsa256);
+ auth_type_ = ssl_auth_ecdsa;
+ cert_group_ = ssl_grp_ec_secp256r1;
+ break;
+ case ssl_sig_ecdsa_secp384r1_sha384:
+ std::cerr << "Signature scheme: ecdsa_secp384r1_sha384" << std::endl;
+ Reset(TlsAgent::kServerEcdsa384);
+ auth_type_ = ssl_auth_ecdsa;
+ cert_group_ = ssl_grp_ec_secp384r1;
+ break;
+ default:
+ ADD_FAILURE() << "Unsupported signature scheme: " << sig_scheme_;
+ break;
+ }
+ } else {
+ switch (csinfo_.authType) {
+ case ssl_auth_rsa_sign:
+ Reset(TlsAgent::kServerRsaSign);
+ break;
+ case ssl_auth_rsa_decrypt:
+ Reset(TlsAgent::kServerRsaDecrypt);
+ break;
+ case ssl_auth_ecdsa:
+ Reset(TlsAgent::kServerEcdsa256);
+ cert_group_ = ssl_grp_ec_secp256r1;
+ break;
+ case ssl_auth_ecdh_ecdsa:
+ Reset(TlsAgent::kServerEcdhEcdsa);
+ cert_group_ = ssl_grp_ec_secp256r1;
+ break;
+ case ssl_auth_ecdh_rsa:
+ Reset(TlsAgent::kServerEcdhRsa);
+ break;
+ case ssl_auth_dsa:
+ Reset(TlsAgent::kServerDsa);
+ break;
+ default:
+ ASSERT_TRUE(false) << "Unsupported cipher suite: " << cipher_suite_;
+ break;
+ }
+ }
+ }
+
+ void ConnectAndCheckCipherSuite() {
+ Connect();
+ SendReceive();
+
+ // Check that we used the right cipher suite, auth type and kea type.
+ uint16_t actual = TLS_NULL_WITH_NULL_NULL;
+ EXPECT_TRUE(client_->cipher_suite(&actual));
+ EXPECT_EQ(cipher_suite_, actual);
+ EXPECT_TRUE(server_->cipher_suite(&actual));
+ EXPECT_EQ(cipher_suite_, actual);
+ SSLAuthType auth = ssl_auth_size;
+ EXPECT_TRUE(client_->auth_type(&auth));
+ EXPECT_EQ(auth_type_, auth);
+ EXPECT_TRUE(server_->auth_type(&auth));
+ EXPECT_EQ(auth_type_, auth);
+ SSLKEAType kea = ssl_kea_size;
+ EXPECT_TRUE(client_->kea_type(&kea));
+ EXPECT_EQ(kea_type_, kea);
+ EXPECT_TRUE(server_->kea_type(&kea));
+ EXPECT_EQ(kea_type_, kea);
+ }
+
+ // Get the expected limit on the number of records that can be sent for the
+ // cipher suite.
+ uint64_t record_limit() const {
+ switch (csinfo_.symCipher) {
+ case ssl_calg_rc4:
+ case ssl_calg_3des:
+ return 1ULL << 20;
+ case ssl_calg_aes:
+ case ssl_calg_aes_gcm:
+ return 0x5aULL << 28;
+ case ssl_calg_null:
+ case ssl_calg_chacha20:
+ return (1ULL << 48) - 1;
+ case ssl_calg_rc2:
+ case ssl_calg_des:
+ case ssl_calg_idea:
+ case ssl_calg_fortezza:
+ case ssl_calg_camellia:
+ case ssl_calg_seed:
+ break;
+ }
+ ADD_FAILURE() << "No limit for " << csinfo_.cipherSuiteName;
+ return 0;
+ }
+
+ uint64_t last_safe_write() const {
+ uint64_t limit = record_limit() - 1;
+ if (version_ < SSL_LIBRARY_VERSION_TLS_1_1 &&
+ (csinfo_.symCipher == ssl_calg_3des ||
+ csinfo_.symCipher == ssl_calg_aes)) {
+ // 1/n-1 record splitting needs space for two records.
+ limit--;
+ }
+ return limit;
+ }
+
+ protected:
+ uint16_t cipher_suite_;
+ SSLAuthType auth_type_;
+ SSLKEAType kea_type_;
+ SSLNamedGroup group_;
+ SSLNamedGroup cert_group_ = ssl_grp_none;
+ SSLSignatureScheme sig_scheme_;
+ SSLCipherSuiteInfo csinfo_;
+};
+
+class TlsCipherSuiteTest
+ : public TlsCipherSuiteTestBase,
+ public ::testing::WithParamInterface<CipherSuiteProfile> {
+ public:
+ TlsCipherSuiteTest()
+ : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
+ std::get<2>(GetParam()), std::get<3>(GetParam()),
+ std::get<4>(GetParam())) {}
+
+ protected:
+ bool SkipIfCipherSuiteIsDSA() {
+ bool isDSA = csinfo_.authType == ssl_auth_dsa;
+ if (isDSA) {
+ std::cerr << "Skipping DSA suite: " << csinfo_.cipherSuiteName
+ << std::endl;
+ }
+ return isDSA;
+ }
+};
+
+TEST_P(TlsCipherSuiteTest, SingleCipherSuite) {
+ SetupCertificate();
+ EnableSingleCipher();
+ ConnectAndCheckCipherSuite();
+}
+
+TEST_P(TlsCipherSuiteTest, ResumeCipherSuite) {
+ if (SkipIfCipherSuiteIsDSA()) {
+ GTEST_SKIP() << "Tickets not supported with DSA (bug 1174677).";
+ }
+
+ SetupCertificate(); // This is only needed once.
+
+ ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+ EnableSingleCipher();
+
+ ConnectAndCheckCipherSuite();
+
+ Reset();
+ ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+ EnableSingleCipher();
+ ExpectResumption(RESUME_TICKET);
+ ConnectAndCheckCipherSuite();
+}
+
+TEST_P(TlsCipherSuiteTest, ReadLimit) {
+ SetupCertificate();
+ EnableSingleCipher();
+ TlsSendCipherSpecCapturer capturer(client_);
+ ConnectAndCheckCipherSuite();
+ if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
+ uint64_t last = last_safe_write();
+ EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last));
+ EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last));
+
+ client_->SendData(10, 10);
+ server_->ReadBytes(); // This should be OK.
+ server_->ReadBytes(); // Read twice to flush any 1,N-1 record splitting.
+ } else {
+ // In TLS 1.3, reading or writing triggers a KeyUpdate. That would mean
+ // that the sequence numbers would reset and we wouldn't hit the limit. So
+ // move the sequence number to the limit directly and don't test sending and
+ // receiving just before the limit.
+ uint64_t last = record_limit();
+ EXPECT_EQ(SECSuccess, SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last));
+ }
+
+ // The payload needs to be big enough to pass for encrypted. The code checks
+ // the limit before it tries to decrypt.
+ static const uint8_t payload[32] = {6};
+ DataBuffer record;
+ uint64_t epoch;
+ if (variant_ == ssl_variant_datagram) {
+ if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+ epoch = 3; // Application traffic keys.
+ } else {
+ epoch = 1;
+ }
+ } else {
+ epoch = 0;
+ }
+
+ uint64_t seqno = (epoch << 48) | record_limit();
+
+ // DTLS 1.3 masks the sequence number
+ if (variant_ == ssl_variant_datagram &&
+ version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ auto spec = capturer.spec(1);
+ ASSERT_NE(nullptr, spec.get());
+ ASSERT_EQ(3, spec->epoch());
+
+ DataBuffer pt, ct;
+ uint8_t dtls13_ctype = kCtDtlsCiphertext | kCtDtlsCiphertext16bSeqno |
+ kCtDtlsCiphertextLengthPresent;
+ TlsRecordHeader hdr(variant_, version_, dtls13_ctype, seqno);
+ pt.Assign(payload, sizeof(payload));
+ TlsRecordHeader out_hdr;
+ spec->Protect(hdr, pt, &ct, &out_hdr);
+
+ auto rv = out_hdr.Write(&record, 0, ct);
+ EXPECT_EQ(out_hdr.header_length() + ct.len(), rv);
+ } else {
+ TlsAgentTestBase::MakeRecord(variant_, ssl_ct_application_data, version_,
+ payload, sizeof(payload), &record, seqno);
+ }
+
+ client_->SendDirect(record);
+ server_->ExpectReadWriteError();
+ server_->ReadBytes();
+ EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, server_->error_code());
+}
+
+TEST_P(TlsCipherSuiteTest, WriteLimit) {
+ // This asserts in TLS 1.3 because we expect an automatic update.
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ GTEST_SKIP();
+ }
+ SetupCertificate();
+ EnableSingleCipher();
+ ConnectAndCheckCipherSuite();
+ EXPECT_EQ(SECSuccess,
+ SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
+ client_->SendData(10, 10);
+ client_->ExpectReadWriteError();
+ client_->SendData(10, 10);
+ EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, client_->error_code());
+}
+
+// This awful macro makes the test instantiations easier to read.
+#define INSTANTIATE_CIPHER_TEST_P(name, modes, versions, groups, sigalgs, ...) \
+ static const uint16_t k##name##CiphersArr[] = {__VA_ARGS__}; \
+ static const ::testing::internal::ParamGenerator<uint16_t> \
+ k##name##Ciphers = ::testing::ValuesIn(k##name##CiphersArr); \
+ INSTANTIATE_TEST_SUITE_P( \
+ CipherSuite##name, TlsCipherSuiteTest, \
+ ::testing::Combine(TlsConnectTestBase::kTlsVariants##modes, \
+ TlsConnectTestBase::kTls##versions, k##name##Ciphers, \
+ groups, sigalgs));
+
+static const auto kDummyNamedGroupParams = ::testing::Values(ssl_grp_none);
+static const auto kDummySignatureSchemesParams =
+ ::testing::Values(ssl_sig_none);
+
+static SSLSignatureScheme kSignatureSchemesParamsArr[] = {
+ ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
+ ssl_sig_rsa_pkcs1_sha512, ssl_sig_ecdsa_secp256r1_sha256,
+ ssl_sig_ecdsa_secp384r1_sha384, ssl_sig_rsa_pss_rsae_sha256,
+ ssl_sig_rsa_pss_rsae_sha384, ssl_sig_rsa_pss_rsae_sha512,
+ ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384,
+ ssl_sig_rsa_pss_pss_sha512};
+
+static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
+ ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
+ ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384,
+ ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256,
+ ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512};
+
+INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
+ kDummySignatureSchemesParams,
+ TLS_RSA_WITH_RC4_128_SHA,
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS_ECDH_RSA_WITH_RC4_128_SHA,
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V12, kDummyNamedGroupParams,
+ kDummySignatureSchemesParams,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
+INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12, kDummyNamedGroupParams,
+ kDummySignatureSchemesParams,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+INSTANTIATE_CIPHER_TEST_P(
+ CBC12, All, V12, kDummyNamedGroupParams, kDummySignatureSchemesParams,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+INSTANTIATE_CIPHER_TEST_P(
+ CBCStream, Stream, V10ToV12, kDummyNamedGroupParams,
+ kDummySignatureSchemesParams, TLS_ECDH_ECDSA_WITH_NULL_SHA,
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_NULL_SHA,
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+INSTANTIATE_CIPHER_TEST_P(
+ CBCDatagram, Datagram, V11V12, kDummyNamedGroupParams,
+ kDummySignatureSchemesParams, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+INSTANTIATE_CIPHER_TEST_P(
+ TLS12SigSchemes, All, V12, ::testing::ValuesIn(kFasterDHEGroups),
+ ::testing::ValuesIn(kSignatureSchemesParamsArr),
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
+ ::testing::ValuesIn(kFasterDHEGroups),
+ ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
+ TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
+ TLS_AES_256_GCM_SHA384);
+INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
+ ::testing::ValuesIn(kAllDHEGroups),
+ ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384),
+ TLS_AES_256_GCM_SHA384);
+#endif
+
+// Fields are: version, cipher suite, bulk cipher name, secretKeySize
+struct SecStatusParams {
+ uint16_t version;
+ uint16_t cipher_suite;
+ std::string name;
+ int keySize;
+};
+
+inline std::ostream &operator<<(std::ostream &stream,
+ const SecStatusParams &vals) {
+ SSLCipherSuiteInfo csinfo;
+ SECStatus rv =
+ SSL_GetCipherSuiteInfo(vals.cipher_suite, &csinfo, sizeof(csinfo));
+ if (rv != SECSuccess) {
+ return stream << "Error invoking SSL_GetCipherSuiteInfo()";
+ }
+
+ return stream << "TLS " << VersionString(vals.version) << ", "
+ << csinfo.cipherSuiteName << ", name = \"" << vals.name
+ << "\", key size = " << vals.keySize;
+}
+
+class SecurityStatusTest
+ : public TlsCipherSuiteTestBase,
+ public ::testing::WithParamInterface<SecStatusParams> {
+ public:
+ SecurityStatusTest()
+ : TlsCipherSuiteTestBase(ssl_variant_stream, GetParam().version,
+ GetParam().cipher_suite, ssl_grp_none,
+ ssl_sig_none) {}
+};
+
+// SSL_SecurityStatus produces fairly useless output when compared to
+// SSL_GetCipherSuiteInfo and SSL_GetChannelInfo, but we can't break it, so we
+// need to check it.
+TEST_P(SecurityStatusTest, CheckSecurityStatus) {
+ SetupCertificate();
+ EnableSingleCipher();
+ ConnectAndCheckCipherSuite();
+
+ int on;
+ char *cipher;
+ int keySize;
+ int secretKeySize;
+ char *issuer;
+ char *subject;
+ EXPECT_EQ(SECSuccess,
+ SSL_SecurityStatus(client_->ssl_fd(), &on, &cipher, &keySize,
+ &secretKeySize, &issuer, &subject));
+ if (std::string(cipher) == "NULL") {
+ EXPECT_EQ(0, on);
+ } else {
+ EXPECT_NE(0, on);
+ }
+ EXPECT_EQ(GetParam().name, std::string(cipher));
+ // All the ciphers we support have secret key size == key size.
+ EXPECT_EQ(GetParam().keySize, keySize);
+ EXPECT_EQ(GetParam().keySize, secretKeySize);
+ EXPECT_LT(0U, strlen(issuer));
+ EXPECT_LT(0U, strlen(subject));
+
+ PORT_Free(cipher);
+ PORT_Free(issuer);
+ PORT_Free(subject);
+}
+
+static const SecStatusParams kSecStatusTestValuesArr[] = {
+ {SSL_LIBRARY_VERSION_TLS_1_0, TLS_ECDHE_RSA_WITH_NULL_SHA, "NULL", 0},
+ {SSL_LIBRARY_VERSION_TLS_1_0, TLS_RSA_WITH_RC4_128_SHA, "RC4", 128},
+ {SSL_LIBRARY_VERSION_TLS_1_0, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ "3DES-EDE-CBC", 168},
+ {SSL_LIBRARY_VERSION_TLS_1_0, TLS_RSA_WITH_AES_128_CBC_SHA, "AES-128", 128},
+ {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_256_CBC_SHA256, "AES-256",
+ 256},
+ {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_128_GCM_SHA256,
+ "AES-128-GCM", 128},
+ {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_256_GCM_SHA384,
+ "AES-256-GCM", 256},
+ {SSL_LIBRARY_VERSION_TLS_1_2, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ "ChaCha20-Poly1305", 256}};
+INSTANTIATE_TEST_SUITE_P(TestSecurityStatus, SecurityStatusTest,
+ ::testing::ValuesIn(kSecStatusTestValuesArr));
+
+} // namespace nss_test
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 22:59:53 +0000