ssl_damage_unittest.cc (3564B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 5 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #include <functional> 8 #include <memory> 9 #include "secerr.h" 10 #include "ssl.h" 11 #include "sslerr.h" 12 #include "sslproto.h" 13 14 extern "C" { 15 // This is not something that should make you happy. 16 #include "libssl_internals.h" 17 } 18 19 #include "gtest_utils.h" 20 #include "nss_scoped_ptrs.h" 21 #include "tls_connect.h" 22 #include "tls_filter.h" 23 #include "tls_parser.h" 24 25 namespace nss_test { 26 27 TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) { 28 client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, 29 SSL_LIBRARY_VERSION_TLS_1_3); 30 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, 31 SSL_LIBRARY_VERSION_TLS_1_3); 32 StartConnect(); 33 client_->Handshake(); 34 server_->Handshake(); 35 std::cerr << "Damaging HS secret" << std::endl; 36 SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd()); 37 client_->Handshake(); 38 // The client thinks it has connected. 39 EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); 40 41 ExpectAlert(server_, kTlsAlertDecryptError); 42 server_->Handshake(); 43 server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); 44 client_->Handshake(); 45 client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT); 46 } 47 48 TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) { 49 client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, 50 SSL_LIBRARY_VERSION_TLS_1_3); 51 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, 52 SSL_LIBRARY_VERSION_TLS_1_3); 53 MakeTlsFilter<AfterRecordN>( 54 server_, client_, 55 0, // ServerHello. 56 [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); }); 57 ConnectExpectAlert(client_, kTlsAlertDecryptError); 58 client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); 59 } 60 61 TEST_P(TlsConnectGenericPre13, DamageServerSignature) { 62 EnsureTlsSetup(); 63 auto filter = MakeTlsFilter<TlsLastByteDamager>( 64 server_, kTlsHandshakeServerKeyExchange); 65 ExpectAlert(client_, kTlsAlertDecryptError); 66 ConnectExpectFail(); 67 client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE); 68 server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT); 69 } 70 71 TEST_P(TlsConnectTls13, DamageServerSignature) { 72 EnsureTlsSetup(); 73 auto filter = MakeTlsFilter<TlsLastByteDamager>( 74 server_, kTlsHandshakeCertificateVerify); 75 filter->EnableDecryption(); 76 ConnectExpectAlert(client_, kTlsAlertDecryptError); 77 client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE); 78 } 79 80 TEST_P(TlsConnectGeneric, DamageClientSignature) { 81 EnsureTlsSetup(); 82 client_->SetupClientAuth(); 83 server_->RequestClientAuth(true); 84 auto filter = MakeTlsFilter<TlsLastByteDamager>( 85 client_, kTlsHandshakeCertificateVerify); 86 if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { 87 filter->EnableDecryption(); 88 } 89 server_->ExpectSendAlert(kTlsAlertDecryptError); 90 // Do these handshakes by hand to avoid race condition on 91 // the client processing the server's alert. 92 StartConnect(); 93 client_->Handshake(); 94 server_->Handshake(); 95 client_->Handshake(); 96 server_->Handshake(); 97 EXPECT_EQ(version_ >= SSL_LIBRARY_VERSION_TLS_1_3 98 ? TlsAgent::STATE_CONNECTED 99 : TlsAgent::STATE_CONNECTING, 100 client_->state()); 101 server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE); 102 } 103 104 } // namespace nss_test