tls_psk_unittest.cc (19050B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 5 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #include <functional> 8 #include <memory> 9 #include "secerr.h" 10 #include "ssl.h" 11 #include "sslerr.h" 12 #include "sslproto.h" 13 14 #include "gtest_utils.h" 15 #include "tls_connect.h" 16 17 namespace nss_test { 18 19 class Tls13PskTest : public TlsConnectTestBase, 20 public ::testing::WithParamInterface< 21 std::tuple<SSLProtocolVariant, uint16_t>> { 22 public: 23 Tls13PskTest() 24 : TlsConnectTestBase(std::get<0>(GetParam()), 25 SSL_LIBRARY_VERSION_TLS_1_3), 26 suite_(std::get<1>(GetParam())) {} 27 28 void SetUp() override { 29 TlsConnectTestBase::SetUp(); 30 scoped_psk_.reset(GetPsk()); 31 ASSERT_TRUE(!!scoped_psk_); 32 } 33 34 private: 35 PK11SymKey* GetPsk() { 36 ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); 37 if (!slot) { 38 ADD_FAILURE(); 39 return nullptr; 40 } 41 42 SECItem psk_item; 43 psk_item.type = siBuffer; 44 psk_item.len = sizeof(kPskDummyVal_); 45 psk_item.data = const_cast<uint8_t*>(kPskDummyVal_); 46 47 PK11SymKey* key = 48 PK11_ImportSymKey(slot.get(), CKM_HKDF_KEY_GEN, PK11_OriginUnwrap, 49 CKA_DERIVE, &psk_item, NULL); 50 if (!key) { 51 ADD_FAILURE(); 52 } 53 return key; 54 } 55 56 protected: 57 ScopedPK11SymKey scoped_psk_; 58 const uint16_t suite_; 59 const uint8_t kPskDummyVal_[16] = {0x01, 0x02, 0x03, 0x04, 0x05, 60 0x06, 0x07, 0x08, 0x09, 0x0a, 61 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}; 62 const std::string kPskDummyLabel_ = "NSS PSK GTEST label"; 63 const SSLHashType kPskHash_ = ssl_hash_sha384; 64 }; 65 66 // TLS 1.3 PSK connection test. 67 TEST_P(Tls13PskTest, NormalExternal) { 68 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 69 Connect(); 70 SendReceive(); 71 CheckKeys(ssl_auth_psk, ssl_sig_none); 72 client_->RemovePsk(kPskDummyLabel_); 73 server_->RemovePsk(kPskDummyLabel_); 74 75 // Removing it again should fail. 76 EXPECT_EQ(SECFailure, SSL_RemoveExternalPsk(client_->ssl_fd(), 77 reinterpret_cast<const uint8_t*>( 78 kPskDummyLabel_.data()), 79 kPskDummyLabel_.length())); 80 EXPECT_EQ(SECFailure, SSL_RemoveExternalPsk(server_->ssl_fd(), 81 reinterpret_cast<const uint8_t*>( 82 kPskDummyLabel_.data()), 83 kPskDummyLabel_.length())); 84 } 85 86 TEST_P(Tls13PskTest, KeyTooLarge) { 87 ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); 88 ASSERT_TRUE(!!slot); 89 ScopedPK11SymKey scoped_psk(PK11_KeyGen( 90 slot.get(), CKM_GENERIC_SECRET_KEY_GEN, nullptr, 128, nullptr)); 91 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 92 Connect(); 93 SendReceive(); 94 CheckKeys(ssl_auth_psk, ssl_sig_none); 95 } 96 97 // Attempt to use a PSK with the wrong PRF hash. 98 // "Clients MUST verify that...the server selected a cipher suite 99 // indicating a Hash associated with the PSK" 100 TEST_P(Tls13PskTest, ClientVerifyHashType) { 101 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 102 MakeTlsFilter<SelectedCipherSuiteReplacer>(server_, 103 TLS_CHACHA20_POLY1305_SHA256); 104 client_->ExpectSendAlert(kTlsAlertIllegalParameter); 105 if (variant_ == ssl_variant_stream) { 106 server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); 107 ConnectExpectFail(); 108 EXPECT_EQ(SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE, server_->error_code()); 109 } else { 110 ConnectExpectFailOneSide(TlsAgent::CLIENT); 111 } 112 EXPECT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code()); 113 } 114 115 // Different EPSKs (by label) on each endpoint. Expect cert auth. 116 TEST_P(Tls13PskTest, LabelMismatch) { 117 client_->AddPsk(scoped_psk_, std::string("foo"), kPskHash_); 118 server_->AddPsk(scoped_psk_, std::string("bar"), kPskHash_); 119 Connect(); 120 CheckKeys(); 121 } 122 123 SSLHelloRetryRequestAction RetryFirstHello( 124 PRBool firstHello, const PRUint8* clientToken, unsigned int clientTokenLen, 125 PRUint8* appToken, unsigned int* appTokenLen, unsigned int appTokenMax, 126 void* arg) { 127 auto* called = reinterpret_cast<size_t*>(arg); 128 ++*called; 129 EXPECT_EQ(0U, clientTokenLen); 130 EXPECT_EQ(*called, firstHello ? 1U : 2U); 131 return firstHello ? ssl_hello_retry_request : ssl_hello_retry_accept; 132 } 133 134 // Test resumption PSK with HRR. 135 TEST_P(Tls13PskTest, ResPskRetryStateless) { 136 ConfigureSelfEncrypt(); 137 ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); 138 Connect(); 139 SendReceive(); // Need to read so that we absorb the session ticket. 140 CheckKeys(); 141 142 Reset(); 143 StartConnect(); 144 size_t cb_called = 0; 145 EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback( 146 server_->ssl_fd(), RetryFirstHello, &cb_called)); 147 ExpectResumption(RESUME_TICKET); 148 Handshake(); 149 CheckConnected(); 150 EXPECT_EQ(2U, cb_called); 151 CheckKeys(); 152 SendReceive(); 153 } 154 155 // Test external PSK with HRR. 156 TEST_P(Tls13PskTest, ExtPskRetryStateless) { 157 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 158 size_t cb_called = 0; 159 EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback( 160 server_->ssl_fd(), RetryFirstHello, &cb_called)); 161 StartConnect(); 162 client_->Handshake(); 163 server_->Handshake(); 164 EXPECT_EQ(1U, cb_called); 165 auto replacement = std::make_shared<TlsAgent>( 166 server_->name(), TlsAgent::SERVER, server_->variant()); 167 server_ = replacement; 168 server_->SetVersionRange(version_, version_); 169 client_->SetPeer(server_); 170 server_->SetPeer(client_); 171 server_->AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 172 server_->ExpectPsk(); 173 server_->StartConnect(); 174 Handshake(); 175 CheckConnected(); 176 SendReceive(); 177 CheckKeys(ssl_auth_psk, ssl_sig_none); 178 } 179 180 // Server not configured with PSK and sends a certificate instead of 181 // a selected_identity. Client should attempt certificate authentication. 182 TEST_P(Tls13PskTest, ClientOnly) { 183 client_->AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 184 Connect(); 185 CheckKeys(); 186 } 187 188 // Set a PSK, remove psk_key_exchange_modes. 189 TEST_P(Tls13PskTest, DropKexModes) { 190 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 191 StartConnect(); 192 MakeTlsFilter<TlsExtensionDropper>(client_, 193 ssl_tls13_psk_key_exchange_modes_xtn); 194 ConnectExpectAlert(server_, kTlsAlertMissingExtension); 195 client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT); 196 server_->CheckErrorCode(SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES); 197 } 198 199 // "Clients MUST verify that...a server "key_share" extension is present 200 // if required by the ClientHello "psk_key_exchange_modes" extension." 201 // As we don't support PSK without DH, it is always required. 202 TEST_P(Tls13PskTest, DropRequiredKeyShare) { 203 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 204 StartConnect(); 205 MakeTlsFilter<TlsExtensionDropper>(server_, ssl_tls13_key_share_xtn); 206 client_->ExpectSendAlert(kTlsAlertMissingExtension); 207 if (variant_ == ssl_variant_stream) { 208 server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); 209 ConnectExpectFail(); 210 } else { 211 ConnectExpectFailOneSide(TlsAgent::CLIENT); 212 } 213 client_->CheckErrorCode(SSL_ERROR_MISSING_KEY_SHARE); 214 } 215 216 // "Clients MUST verify that...the server's selected_identity is 217 // within the range supplied by the client". We send one OfferedPsk. 218 TEST_P(Tls13PskTest, InvalidSelectedIdentity) { 219 static const uint8_t selected_identity[] = {0x00, 0x01}; 220 DataBuffer buf(selected_identity, sizeof(selected_identity)); 221 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 222 StartConnect(); 223 MakeTlsFilter<TlsExtensionReplacer>(server_, ssl_tls13_pre_shared_key_xtn, 224 buf); 225 client_->ExpectSendAlert(kTlsAlertIllegalParameter); 226 if (variant_ == ssl_variant_stream) { 227 server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); 228 ConnectExpectFail(); 229 } else { 230 ConnectExpectFailOneSide(TlsAgent::CLIENT); 231 } 232 client_->CheckErrorCode(SSL_ERROR_MALFORMED_PRE_SHARED_KEY); 233 } 234 235 // Resume-eligible reconnect with an EPSK configured. 236 // Expect the EPSK to be used. 237 TEST_P(Tls13PskTest, PreferEpsk) { 238 ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); 239 Connect(); 240 SendReceive(); // Need to read so that we absorb the session ticket. 241 CheckKeys(); 242 243 Reset(); 244 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 245 ExpectResumption(RESUME_NONE); 246 StartConnect(); 247 Handshake(); 248 CheckConnected(); 249 SendReceive(); 250 CheckKeys(ssl_auth_psk, ssl_sig_none); 251 } 252 253 // Enable resumption, but connect (initially) with an EPSK. 254 // Expect no session ticket. 255 TEST_P(Tls13PskTest, SuppressNewSessionTicket) { 256 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 257 ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); 258 auto nst_capture = 259 MakeTlsFilter<TlsHandshakeRecorder>(server_, ssl_hs_new_session_ticket); 260 nst_capture->EnableDecryption(); 261 Connect(); 262 SendReceive(); 263 CheckKeys(ssl_auth_psk, ssl_sig_none); 264 EXPECT_EQ(SECFailure, SSL_SendSessionTicket(server_->ssl_fd(), nullptr, 0)); 265 EXPECT_EQ(0U, nst_capture->buffer().len()); 266 if (variant_ == ssl_variant_stream) { 267 EXPECT_EQ(SSL_ERROR_FEATURE_DISABLED, PORT_GetError()); 268 } else { 269 EXPECT_EQ(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, PORT_GetError()); 270 } 271 272 Reset(); 273 ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); 274 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 275 ExpectResumption(RESUME_NONE); 276 Connect(); 277 SendReceive(); 278 CheckKeys(ssl_auth_psk, ssl_sig_none); 279 } 280 281 TEST_P(Tls13PskTest, BadConfigValues) { 282 EXPECT_TRUE(client_->EnsureTlsSetup()); 283 std::vector<uint8_t> label{'L', 'A', 'B', 'E', 'L'}; 284 EXPECT_EQ(SECFailure, 285 SSL_AddExternalPsk(client_->ssl_fd(), nullptr, label.data(), 286 label.size(), kPskHash_)); 287 EXPECT_EQ(SECFailure, SSL_AddExternalPsk(client_->ssl_fd(), scoped_psk_.get(), 288 nullptr, label.size(), kPskHash_)); 289 290 EXPECT_EQ(SECFailure, SSL_AddExternalPsk(client_->ssl_fd(), scoped_psk_.get(), 291 label.data(), 0, kPskHash_)); 292 EXPECT_EQ(SECSuccess, 293 SSL_AddExternalPsk(client_->ssl_fd(), scoped_psk_.get(), 294 label.data(), label.size(), ssl_hash_sha256)); 295 296 EXPECT_EQ(SECFailure, 297 SSL_RemoveExternalPsk(client_->ssl_fd(), nullptr, label.size())); 298 299 EXPECT_EQ(SECFailure, 300 SSL_RemoveExternalPsk(client_->ssl_fd(), label.data(), 0)); 301 302 EXPECT_EQ(SECSuccess, SSL_RemoveExternalPsk(client_->ssl_fd(), label.data(), 303 label.size())); 304 } 305 306 // If the server has an EPSK configured with a ciphersuite not supported 307 // by the client, it should use certificate authentication. 308 TEST_P(Tls13PskTest, FallbackUnsupportedCiphersuite) { 309 client_->AddPsk(scoped_psk_, kPskDummyLabel_, ssl_hash_sha256, 310 TLS_AES_128_GCM_SHA256); 311 server_->AddPsk(scoped_psk_, kPskDummyLabel_, ssl_hash_sha256, 312 TLS_CHACHA20_POLY1305_SHA256); 313 314 client_->EnableSingleCipher(TLS_AES_128_GCM_SHA256); 315 Connect(); 316 SendReceive(); 317 CheckKeys(); 318 } 319 320 // That fallback should not occur if there is no cipher overlap. 321 TEST_P(Tls13PskTest, ExplicitSuiteNoOverlap) { 322 client_->AddPsk(scoped_psk_, kPskDummyLabel_, ssl_hash_sha256, 323 TLS_AES_128_GCM_SHA256); 324 server_->AddPsk(scoped_psk_, kPskDummyLabel_, ssl_hash_sha256, 325 TLS_CHACHA20_POLY1305_SHA256); 326 327 client_->EnableSingleCipher(TLS_AES_128_GCM_SHA256); 328 server_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256); 329 ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); 330 server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); 331 client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); 332 } 333 334 TEST_P(Tls13PskTest, SuppressHandshakeCertReq) { 335 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 336 server_->SetOption(SSL_REQUEST_CERTIFICATE, PR_TRUE); 337 server_->SetOption(SSL_REQUIRE_CERTIFICATE, PR_TRUE); 338 const std::set<uint8_t> hs_types = {ssl_hs_certificate, 339 ssl_hs_certificate_request}; 340 auto cr_cert_capture = MakeTlsFilter<TlsHandshakeRecorder>(server_, hs_types); 341 cr_cert_capture->EnableDecryption(); 342 343 Connect(); 344 SendReceive(); 345 CheckKeys(ssl_auth_psk, ssl_sig_none); 346 EXPECT_EQ(0U, cr_cert_capture->buffer().len()); 347 } 348 349 TEST_P(Tls13PskTest, DisallowClientConfigWithoutServerCert) { 350 AddPsk(scoped_psk_, kPskDummyLabel_, kPskHash_); 351 server_->SetOption(SSL_REQUEST_CERTIFICATE, PR_TRUE); 352 server_->SetOption(SSL_REQUIRE_CERTIFICATE, PR_TRUE); 353 const std::set<uint8_t> hs_types = {ssl_hs_certificate, 354 ssl_hs_certificate_request}; 355 auto cr_cert_capture = MakeTlsFilter<TlsHandshakeRecorder>(server_, hs_types); 356 cr_cert_capture->EnableDecryption(); 357 358 EXPECT_EQ(SECSuccess, SSLInt_RemoveServerCertificates(server_->ssl_fd())); 359 360 ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); 361 server_->CheckErrorCode(SSL_ERROR_NO_CERTIFICATE); 362 client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); 363 EXPECT_EQ(0U, cr_cert_capture->buffer().len()); 364 } 365 366 TEST_F(TlsConnectStreamTls13, ClientRejectHandshakeCertReq) { 367 // Stream only, as the filter doesn't support DTLS 1.3 yet. 368 ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); 369 ASSERT_TRUE(!!slot); 370 ScopedPK11SymKey scoped_psk(PK11_KeyGen( 371 slot.get(), CKM_GENERIC_SECRET_KEY_GEN, nullptr, 32, nullptr)); 372 AddPsk(scoped_psk, std::string("foo"), ssl_hash_sha256); 373 // Inject a CR after EE. This would be legal if not for ssl_auth_psk. 374 auto filter = MakeTlsFilter<TlsEncryptedHandshakeMessageReplacer>( 375 server_, kTlsHandshakeFinished, kTlsHandshakeCertificateRequest); 376 filter->EnableDecryption(); 377 378 ExpectAlert(client_, kTlsAlertUnexpectedMessage); 379 ConnectExpectFail(); 380 client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST); 381 server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); 382 } 383 384 TEST_F(TlsConnectStreamTls13, RejectPha) { 385 // Stream only, as the filter doesn't support DTLS 1.3 yet. 386 ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); 387 ASSERT_TRUE(!!slot); 388 ScopedPK11SymKey scoped_psk(PK11_KeyGen( 389 slot.get(), CKM_GENERIC_SECRET_KEY_GEN, nullptr, 32, nullptr)); 390 AddPsk(scoped_psk, std::string("foo"), ssl_hash_sha256); 391 server_->SetOption(SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE); 392 auto kuToCr = MakeTlsFilter<TlsEncryptedHandshakeMessageReplacer>( 393 server_, kTlsHandshakeKeyUpdate, kTlsHandshakeCertificateRequest); 394 kuToCr->EnableDecryption(); 395 Connect(); 396 397 // Make sure the direct path is blocked. 398 EXPECT_EQ(SECFailure, SSL_SendCertificateRequest(server_->ssl_fd())); 399 EXPECT_EQ(SSL_ERROR_FEATURE_DISABLED, PORT_GetError()); 400 401 // Inject a PHA CR. Since this is not allowed, send KeyUpdate 402 // and change the message type. 403 EXPECT_EQ(SECSuccess, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE)); 404 ExpectAlert(client_, kTlsAlertUnexpectedMessage); 405 client_->Handshake(); // Eat the CR. 406 server_->Handshake(); 407 client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST); 408 server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); 409 } 410 411 class Tls13PskTestWithCiphers : public Tls13PskTest {}; 412 413 TEST_P(Tls13PskTestWithCiphers, 0RttCiphers) { 414 RolloverAntiReplay(); 415 AddPsk(scoped_psk_, kPskDummyLabel_, tls13_GetHashForCipherSuite(suite_), 416 suite_); 417 StartConnect(); 418 client_->Set0RttEnabled(true); 419 server_->Set0RttEnabled(true); 420 ZeroRttSendReceive(true, true); 421 Handshake(); 422 ExpectEarlyDataAccepted(true); 423 CheckConnected(); 424 SendReceive(); 425 CheckKeys(ssl_auth_psk, ssl_sig_none); 426 } 427 428 TEST_P(Tls13PskTestWithCiphers, 0RttMaxEarlyData) { 429 EnsureTlsSetup(); 430 RolloverAntiReplay(); 431 const char* big_message = "0123456789abcdef"; 432 const size_t short_size = strlen(big_message) - 1; 433 const PRInt32 short_length = static_cast<PRInt32>(short_size); 434 435 // Set up the PSK 436 EXPECT_EQ(SECSuccess, 437 SSL_AddExternalPsk0Rtt( 438 client_->ssl_fd(), scoped_psk_.get(), 439 reinterpret_cast<const uint8_t*>(kPskDummyLabel_.data()), 440 kPskDummyLabel_.length(), tls13_GetHashForCipherSuite(suite_), 441 suite_, short_length)); 442 EXPECT_EQ(SECSuccess, 443 SSL_AddExternalPsk0Rtt( 444 server_->ssl_fd(), scoped_psk_.get(), 445 reinterpret_cast<const uint8_t*>(kPskDummyLabel_.data()), 446 kPskDummyLabel_.length(), tls13_GetHashForCipherSuite(suite_), 447 suite_, short_length)); 448 client_->ExpectPsk(); 449 server_->ExpectPsk(); 450 client_->expected_cipher_suite(suite_); 451 server_->expected_cipher_suite(suite_); 452 StartConnect(); 453 client_->Set0RttEnabled(true); 454 server_->Set0RttEnabled(true); 455 client_->Handshake(); 456 CheckEarlyDataLimit(client_, short_size); 457 458 PRInt32 sent; 459 // Writing more than the limit will succeed in TLS, but fail in DTLS. 460 if (variant_ == ssl_variant_stream) { 461 sent = PR_Write(client_->ssl_fd(), big_message, 462 static_cast<PRInt32>(strlen(big_message))); 463 } else { 464 sent = PR_Write(client_->ssl_fd(), big_message, 465 static_cast<PRInt32>(strlen(big_message))); 466 EXPECT_GE(0, sent); 467 EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); 468 469 // Try an exact-sized write now. 470 sent = PR_Write(client_->ssl_fd(), big_message, short_length); 471 } 472 EXPECT_EQ(short_length, sent); 473 474 // Even a single octet write should now fail. 475 sent = PR_Write(client_->ssl_fd(), big_message, 1); 476 EXPECT_GE(0, sent); 477 EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); 478 479 // Process the ClientHello and read 0-RTT. 480 server_->Handshake(); 481 CheckEarlyDataLimit(server_, short_size); 482 483 std::vector<uint8_t> buf(short_size + 1); 484 PRInt32 read = PR_Read(server_->ssl_fd(), buf.data(), buf.capacity()); 485 EXPECT_EQ(short_length, read); 486 EXPECT_EQ(0, memcmp(big_message, buf.data(), short_size)); 487 488 // Second read fails. 489 read = PR_Read(server_->ssl_fd(), buf.data(), buf.capacity()); 490 EXPECT_EQ(SECFailure, read); 491 EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); 492 493 Handshake(); 494 ExpectEarlyDataAccepted(true); 495 CheckConnected(); 496 SendReceive(); 497 } 498 499 static const uint16_t k0RttCipherDefs[] = {TLS_CHACHA20_POLY1305_SHA256, 500 TLS_AES_128_GCM_SHA256, 501 TLS_AES_256_GCM_SHA384}; 502 503 static const uint16_t kDefaultSuite[] = {TLS_CHACHA20_POLY1305_SHA256}; 504 505 INSTANTIATE_TEST_SUITE_P( 506 Tls13PskTest, Tls13PskTest, 507 ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, 508 ::testing::ValuesIn(kDefaultSuite))); 509 510 INSTANTIATE_TEST_SUITE_P( 511 Tls13PskTestWithCiphers, Tls13PskTestWithCiphers, 512 ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, 513 ::testing::ValuesIn(k0RttCipherDefs))); 514 515 } // namespace nss_test