kris
/
th5
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Alternative TLS implementation in Go
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
355 Révisions
3 Branches
2.6 MiB
 
 
Aborescence: df557b2b05
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'df557b2b05'
${ noResults }
th5/handshake_messages_test.go

410 lignes
11 KiB
Brut Annotations Historique 

  1. // Copyright 2009 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package tls

  6. 

  7. import (

  8. 	"bytes"

  9. 	"math/rand"

  10. 	"reflect"

  11. 	"strings"

  12. 	"testing"

  13. 	"testing/quick"

  14. )

  15. 

  16. var tests = []interface{}{

  17. 	&clientHelloMsg{},

  18. 	&serverHelloMsg{},

  19. 	&finishedMsg{},

  20. 

  21. 	&certificateMsg{},

  22. 	&certificateRequestMsg{},

  23. 	&certificateVerifyMsg{},

  24. 	&certificateStatusMsg{},

  25. 	&clientKeyExchangeMsg{},

  26. 	&nextProtoMsg{},

  27. 	&newSessionTicketMsg{},

  28. 	&sessionState{},

  29. 	&serverHelloMsg13{},

  30. 	&encryptedExtensionsMsg{},

  31. 	&certificateMsg13{},

  32. 	&newSessionTicketMsg13{},

  33. 	&sessionState13{},

  34. }

  35. 

  36. type testMessage interface {

  37. 	marshal() []byte

  38. 	unmarshal([]byte) bool

  39. 	equal(interface{}) bool

  40. }

  41. 

  42. func TestMarshalUnmarshal(t *testing.T) {

  43. 	rand := rand.New(rand.NewSource(0))

  44. 

  45. 	for i, iface := range tests {

  46. 		ty := reflect.ValueOf(iface).Type()

  47. 

  48. 		n := 100

  49. 		if testing.Short() {

  50. 			n = 5

  51. 		}

  52. 		for j := 0; j < n; j++ {

  53. 			v, ok := quick.Value(ty, rand)

  54. 			if !ok {

  55. 				t.Errorf("#%d: failed to create value", i)

  56. 				break

  57. 			}

  58. 

  59. 			m1 := v.Interface().(testMessage)

  60. 			marshaled := m1.marshal()

  61. 			m2 := iface.(testMessage)

  62. 			if !m2.unmarshal(marshaled) {

  63. 				t.Errorf("#%d.%d failed to unmarshal %#v %x", i, j, m1, marshaled)

  64. 				break

  65. 			}

  66. 			m2.marshal() // to fill any marshal cache in the message

  67. 

  68. 			if !m1.equal(m2) {

  69. 				t.Errorf("#%d.%d got:%#v want:%#v %x", i, j, m2, m1, marshaled)

  70. 				break

  71. 			}

  72. 

  73. 			if i >= 3 {

  74. 				// The first three message types (ClientHello,

  75. 				// ServerHello and Finished) are allowed to

  76. 				// have parsable prefixes because the extension

  77. 				// data is optional and the length of the

  78. 				// Finished varies across versions.

  79. 				for j := 0; j < len(marshaled); j++ {

  80. 					if m2.unmarshal(marshaled[0:j]) {

  81. 						t.Errorf("#%d unmarshaled a prefix of length %d of %#v", i, j, m1)

  82. 						break

  83. 					}

  84. 				}

  85. 			}

  86. 		}

  87. 	}

  88. }

  89. 

  90. func TestFuzz(t *testing.T) {

  91. 	rand := rand.New(rand.NewSource(0))

  92. 	for _, iface := range tests {

  93. 		m := iface.(testMessage)

  94. 

  95. 		for j := 0; j < 1000; j++ {

  96. 			len := rand.Intn(100)

  97. 			bytes := randomBytes(len, rand)

  98. 			// This just looks for crashes due to bounds errors etc.

  99. 			m.unmarshal(bytes)

  100. 		}

  101. 	}

  102. }

  103. 

  104. func randomBytes(n int, rand *rand.Rand) []byte {

  105. 	r := make([]byte, n)

  106. 	for i := 0; i < n; i++ {

  107. 		r[i] = byte(rand.Int31())

  108. 	}

  109. 	return r

  110. }

  111. 

  112. func randomString(n int, rand *rand.Rand) string {

  113. 	b := randomBytes(n, rand)

  114. 	return string(b)

  115. }

  116. 

  117. func (*clientHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  118. 	m := &clientHelloMsg{}

  119. 	m.vers = uint16(rand.Intn(65536))

  120. 	m.random = randomBytes(32, rand)

  121. 	m.sessionId = randomBytes(rand.Intn(32), rand)

  122. 	m.cipherSuites = make([]uint16, rand.Intn(63)+1)

  123. 	for i := 0; i < len(m.cipherSuites); i++ {

  124. 		m.cipherSuites[i] = uint16(rand.Int31())

  125. 	}

  126. 	m.compressionMethods = randomBytes(rand.Intn(63)+1, rand)

  127. 	if rand.Intn(10) > 5 {

  128. 		m.nextProtoNeg = true

  129. 	}

  130. 	if rand.Intn(10) > 5 {

  131. 		m.serverName = randomString(rand.Intn(255), rand)

  132. 		for strings.HasSuffix(m.serverName, ".") {

  133. 			m.serverName = m.serverName[:len(m.serverName)-1]

  134. 		}

  135. 	}

  136. 	m.ocspStapling = rand.Intn(10) > 5

  137. 	m.supportedPoints = randomBytes(rand.Intn(5)+1, rand)

  138. 	m.supportedCurves = make([]CurveID, rand.Intn(5)+1)

  139. 	for i := range m.supportedCurves {

  140. 		m.supportedCurves[i] = CurveID(rand.Intn(30000))

  141. 	}

  142. 	if rand.Intn(10) > 5 {

  143. 		m.ticketSupported = true

  144. 		if rand.Intn(10) > 5 {

  145. 			m.sessionTicket = randomBytes(rand.Intn(300), rand)

  146. 		}

  147. 	}

  148. 	if rand.Intn(10) > 5 {

  149. 		m.signatureAndHashes = supportedSignatureAlgorithms

  150. 	}

  151. 	m.alpnProtocols = make([]string, rand.Intn(5))

  152. 	for i := range m.alpnProtocols {

  153. 		m.alpnProtocols[i] = randomString(rand.Intn(20)+1, rand)

  154. 	}

  155. 	if rand.Intn(10) > 5 {

  156. 		m.scts = true

  157. 	}

  158. 	m.keyShares = make([]keyShare, rand.Intn(4))

  159. 	for i := range m.keyShares {

  160. 		m.keyShares[i].group = CurveID(rand.Intn(30000))

  161. 		m.keyShares[i].data = randomBytes(rand.Intn(300), rand)

  162. 	}

  163. 	m.supportedVersions = make([]uint16, rand.Intn(5))

  164. 	for i := range m.supportedVersions {

  165. 		m.supportedVersions[i] = uint16(rand.Intn(30000))

  166. 	}

  167. 	if rand.Intn(10) > 5 {

  168. 		m.earlyData = true

  169. 	}

  170. 

  171. 	return reflect.ValueOf(m)

  172. }

  173. 

  174. func (*serverHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  175. 	m := &serverHelloMsg{}

  176. 	m.vers = uint16(rand.Intn(65536))

  177. 	m.random = randomBytes(32, rand)

  178. 	m.sessionId = randomBytes(rand.Intn(32), rand)

  179. 	m.cipherSuite = uint16(rand.Int31())

  180. 	m.compressionMethod = uint8(rand.Intn(256))

  181. 

  182. 	if rand.Intn(10) > 5 {

  183. 		m.nextProtoNeg = true

  184. 

  185. 		n := rand.Intn(10)

  186. 		m.nextProtos = make([]string, n)

  187. 		for i := 0; i < n; i++ {

  188. 			m.nextProtos[i] = randomString(20, rand)

  189. 		}

  190. 	}

  191. 

  192. 	if rand.Intn(10) > 5 {

  193. 		m.ocspStapling = true

  194. 	}

  195. 	if rand.Intn(10) > 5 {

  196. 		m.ticketSupported = true

  197. 	}

  198. 	m.alpnProtocol = randomString(rand.Intn(32)+1, rand)

  199. 

  200. 	if rand.Intn(10) > 5 {

  201. 		numSCTs := rand.Intn(4)

  202. 		m.scts = make([][]byte, numSCTs)

  203. 		for i := range m.scts {

  204. 			m.scts[i] = randomBytes(rand.Intn(500), rand)

  205. 		}

  206. 	}

  207. 

  208. 	return reflect.ValueOf(m)

  209. }

  210. 

  211. func (*serverHelloMsg13) Generate(rand *rand.Rand, size int) reflect.Value {

  212. 	m := &serverHelloMsg13{}

  213. 	m.vers = uint16(rand.Intn(65536))

  214. 	m.random = randomBytes(32, rand)

  215. 	m.cipherSuite = uint16(rand.Int31())

  216. 	m.keyShare.group = CurveID(rand.Intn(30000))

  217. 	m.keyShare.data = randomBytes(rand.Intn(300), rand)

  218. 	if rand.Intn(10) > 5 {

  219. 		m.psk = true

  220. 		m.pskIdentity = uint16(rand.Int31())

  221. 	}

  222. 

  223. 	return reflect.ValueOf(m)

  224. }

  225. 

  226. func (*encryptedExtensionsMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  227. 	m := &encryptedExtensionsMsg{}

  228. 	if rand.Intn(10) > 5 {

  229. 		m.alpnProtocol = randomString(rand.Intn(32)+1, rand)

  230. 	}

  231. 	if rand.Intn(10) > 5 {

  232. 		m.earlyData = true

  233. 	}

  234. 

  235. 	return reflect.ValueOf(m)

  236. }

  237. 

  238. func (*certificateMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  239. 	m := &certificateMsg{}

  240. 	numCerts := rand.Intn(20)

  241. 	m.certificates = make([][]byte, numCerts)

  242. 	for i := 0; i < numCerts; i++ {

  243. 		m.certificates[i] = randomBytes(rand.Intn(10)+1, rand)

  244. 	}

  245. 	return reflect.ValueOf(m)

  246. }

  247. 

  248. func (*certificateMsg13) Generate(rand *rand.Rand, size int) reflect.Value {

  249. 	m := &certificateMsg13{}

  250. 	numCerts := rand.Intn(20)

  251. 	m.certificates = make([][]byte, numCerts)

  252. 	for i := 0; i < numCerts; i++ {

  253. 		m.certificates[i] = randomBytes(rand.Intn(10)+1, rand)

  254. 	}

  255. 	m.requestContext = randomBytes(rand.Intn(5), rand)

  256. 	return reflect.ValueOf(m)

  257. }

  258. 

  259. func (*certificateRequestMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  260. 	m := &certificateRequestMsg{}

  261. 	m.certificateTypes = randomBytes(rand.Intn(5)+1, rand)

  262. 	numCAs := rand.Intn(100)

  263. 	m.certificateAuthorities = make([][]byte, numCAs)

  264. 	for i := 0; i < numCAs; i++ {

  265. 		m.certificateAuthorities[i] = randomBytes(rand.Intn(15)+1, rand)

  266. 	}

  267. 	return reflect.ValueOf(m)

  268. }

  269. 

  270. func (*certificateVerifyMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  271. 	m := &certificateVerifyMsg{}

  272. 	m.signature = randomBytes(rand.Intn(15)+1, rand)

  273. 	return reflect.ValueOf(m)

  274. }

  275. 

  276. func (*certificateStatusMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  277. 	m := &certificateStatusMsg{}

  278. 	if rand.Intn(10) > 5 {

  279. 		m.statusType = statusTypeOCSP

  280. 		m.response = randomBytes(rand.Intn(10)+1, rand)

  281. 	} else {

  282. 		m.statusType = 42

  283. 	}

  284. 	return reflect.ValueOf(m)

  285. }

  286. 

  287. func (*clientKeyExchangeMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  288. 	m := &clientKeyExchangeMsg{}

  289. 	m.ciphertext = randomBytes(rand.Intn(1000)+1, rand)

  290. 	return reflect.ValueOf(m)

  291. }

  292. 

  293. func (*finishedMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  294. 	m := &finishedMsg{}

  295. 	m.verifyData = randomBytes(12, rand)

  296. 	return reflect.ValueOf(m)

  297. }

  298. 

  299. func (*nextProtoMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  300. 	m := &nextProtoMsg{}

  301. 	m.proto = randomString(rand.Intn(255), rand)

  302. 	return reflect.ValueOf(m)

  303. }

  304. 

  305. func (*newSessionTicketMsg) Generate(rand *rand.Rand, size int) reflect.Value {

  306. 	m := &newSessionTicketMsg{}

  307. 	m.ticket = randomBytes(rand.Intn(4), rand)

  308. 	return reflect.ValueOf(m)

  309. }

  310. 

  311. func (*newSessionTicketMsg13) Generate(rand *rand.Rand, size int) reflect.Value {

  312. 	m := &newSessionTicketMsg13{}

  313. 	m.ageAdd = uint32(rand.Intn(0xffffffff))

  314. 	m.lifetime = uint32(rand.Intn(0xffffffff))

  315. 	m.ticket = randomBytes(rand.Intn(40), rand)

  316. 	if rand.Intn(10) > 5 {

  317. 		m.withEarlyDataInfo = true

  318. 		m.maxEarlyDataLength = uint32(rand.Intn(0xffffffff))

  319. 	}

  320. 	return reflect.ValueOf(m)

  321. }

  322. 

  323. func (*sessionState) Generate(rand *rand.Rand, size int) reflect.Value {

  324. 	s := &sessionState{}

  325. 	s.vers = uint16(rand.Intn(10000))

  326. 	s.cipherSuite = uint16(rand.Intn(10000))

  327. 	s.masterSecret = randomBytes(rand.Intn(100), rand)

  328. 	numCerts := rand.Intn(20)

  329. 	s.certificates = make([][]byte, numCerts)

  330. 	for i := 0; i < numCerts; i++ {

  331. 		s.certificates[i] = randomBytes(rand.Intn(10)+1, rand)

  332. 	}

  333. 	return reflect.ValueOf(s)

  334. }

  335. 

  336. func (*sessionState13) Generate(rand *rand.Rand, size int) reflect.Value {

  337. 	s := &sessionState13{}

  338. 	s.vers = uint16(rand.Intn(10000))

  339. 	s.suite = uint16(rand.Intn(10000))

  340. 	s.ageAdd = uint32(rand.Intn(0xffffffff))

  341. 	s.maxEarlyDataLen = uint32(rand.Intn(0xffffffff))

  342. 	s.createdAt = uint64(rand.Int63n(0xfffffffffffffff))

  343. 	s.resumptionSecret = randomBytes(rand.Intn(100), rand)

  344. 	s.alpnProtocol = randomString(rand.Intn(100), rand)

  345. 	s.SNI = randomString(rand.Intn(100), rand)

  346. 	return reflect.ValueOf(s)

  347. }

  348. 

  349. func TestRejectEmptySCTList(t *testing.T) {

  350. 	// https://tools.ietf.org/html/rfc6962#section-3.3.1 specifies that

  351. 	// empty SCT lists are invalid.

  352. 

  353. 	var random [32]byte

  354. 	sct := []byte{0x42, 0x42, 0x42, 0x42}

  355. 	serverHello := serverHelloMsg{

  356. 		vers:   VersionTLS12,

  357. 		random: random[:],

  358. 		scts:   [][]byte{sct},

  359. 	}

  360. 	serverHelloBytes := serverHello.marshal()

  361. 

  362. 	var serverHelloCopy serverHelloMsg

  363. 	if !serverHelloCopy.unmarshal(serverHelloBytes) {

  364. 		t.Fatal("Failed to unmarshal initial message")

  365. 	}

  366. 

  367. 	// Change serverHelloBytes so that the SCT list is empty

  368. 	i := bytes.Index(serverHelloBytes, sct)

  369. 	if i < 0 {

  370. 		t.Fatal("Cannot find SCT in ServerHello")

  371. 	}

  372. 

  373. 	var serverHelloEmptySCT []byte

  374. 	serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[:i-6]...)

  375. 	// Append the extension length and SCT list length for an empty list.

  376. 	serverHelloEmptySCT = append(serverHelloEmptySCT, []byte{0, 2, 0, 0}...)

  377. 	serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[i+4:]...)

  378. 

  379. 	// Update the handshake message length.

  380. 	serverHelloEmptySCT[1] = byte((len(serverHelloEmptySCT) - 4) >> 16)

  381. 	serverHelloEmptySCT[2] = byte((len(serverHelloEmptySCT) - 4) >> 8)

  382. 	serverHelloEmptySCT[3] = byte(len(serverHelloEmptySCT) - 4)

  383. 

  384. 	// Update the extensions length

  385. 	serverHelloEmptySCT[42] = byte((len(serverHelloEmptySCT) - 44) >> 8)

  386. 	serverHelloEmptySCT[43] = byte((len(serverHelloEmptySCT) - 44))

  387. 

  388. 	if serverHelloCopy.unmarshal(serverHelloEmptySCT) {

  389. 		t.Fatal("Unmarshaled ServerHello with empty SCT list")

  390. 	}

  391. }

  392. 

  393. func TestRejectEmptySCT(t *testing.T) {

  394. 	// Not only must the SCT list be non-empty, but the SCT elements must

  395. 	// not be zero length.

  396. 

  397. 	var random [32]byte

  398. 	serverHello := serverHelloMsg{

  399. 		vers:   VersionTLS12,

  400. 		random: random[:],

  401. 		scts:   [][]byte{nil},

  402. 	}

  403. 	serverHelloBytes := serverHello.marshal()

  404. 

  405. 	var serverHelloCopy serverHelloMsg

  406. 	if serverHelloCopy.unmarshal(serverHelloBytes) {

  407. 		t.Fatal("Unmarshaled ServerHello with zero-length SCT")

  408. 	}

  409. }