1 files changed, 104 insertions, 0 deletions

diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
new file mode 100644
index 0000000000..9cbe9566f1
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -0,0 +1,104 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "nss_scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  StartConnect();
+  client_->Handshake();
+  server_->Handshake();
+  std::cerr << "Damaging HS secret" << std::endl;
+  SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd());
+  client_->Handshake();
+  // The client thinks it has connected.
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+
+  ExpectAlert(server_, kTlsAlertDecryptError);
+  server_->Handshake();
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  MakeTlsFilter<AfterRecordN>(
+      server_, client_,
+      0,  // ServerHello.
+      [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); });
+  ConnectExpectAlert(client_, kTlsAlertDecryptError);
+  client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+}
+
+TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
+  EnsureTlsSetup();
+  auto filter = MakeTlsFilter<TlsLastByteDamager>(
+      server_, kTlsHandshakeServerKeyExchange);
+  ExpectAlert(client_, kTlsAlertDecryptError);
+  ConnectExpectFail();
+  client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+  server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+TEST_P(TlsConnectTls13, DamageServerSignature) {
+  EnsureTlsSetup();
+  auto filter = MakeTlsFilter<TlsLastByteDamager>(
+      server_, kTlsHandshakeCertificateVerify);
+  filter->EnableDecryption();
+  ConnectExpectAlert(client_, kTlsAlertDecryptError);
+  client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+}
+
+TEST_P(TlsConnectGeneric, DamageClientSignature) {
+  EnsureTlsSetup();
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  auto filter = MakeTlsFilter<TlsLastByteDamager>(
+      client_, kTlsHandshakeCertificateVerify);
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    filter->EnableDecryption();
+  }
+  server_->ExpectSendAlert(kTlsAlertDecryptError);
+  // Do these handshakes by hand to avoid race condition on
+  // the client processing the server's alert.
+  StartConnect();
+  client_->Handshake();
+  server_->Handshake();
+  client_->Handshake();
+  server_->Handshake();
+  EXPECT_EQ(version_ >= SSL_LIBRARY_VERSION_TLS_1_3
+                ? TlsAgent::STATE_CONNECTED
+                : TlsAgent::STATE_CONNECTING,
+            client_->state());
+  server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+}
+
+}  // namespace nss_test