diff options
| author | Kiko Fernandez-Reyes <kiko@erlang.org> | 2023-02-22 11:59:41 +0100 |
|---|---|---|
| committer | Kiko Fernandez-Reyes <kiko@erlang.org> | 2023-03-30 20:24:45 +0200 |
| commit | 6e4d806edee17e0d0ea3e0362958d85f55ac1b45 (patch) | |
| tree | e10d7c5ab60f2f17300cdb3eedeca4549ff4dd90 /lib/ssl/test | |
| parent | a02e3a281151fc0d0c696d240a5b672d10ee388c (diff) | |
| download | erlang-6e4d806edee17e0d0ea3e0362958d85f55ac1b45.tar.gz | |
ssl: use macros instead of hardcoded version numbers
Diffstat (limited to 'lib/ssl/test')
| -rw-r--r-- | lib/ssl/test/property_test/ssl_eqc_handshake.erl | 51 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_ECC_SUITE.erl | 27 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_api_SUITE.erl | 96 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_cert_SUITE.erl | 3 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_cert_tests.erl | 4 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_cipher_SUITE.erl | 43 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_handshake_SUITE.erl | 45 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_mfl_SUITE.erl | 3 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_npn_hello_SUITE.erl | 4 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_reject_SUITE.erl | 23 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_renegotiate_SUITE.erl | 25 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_session_SUITE.erl | 6 | ||||
| -rw-r--r-- | lib/ssl/test/tls_1_3_record_SUITE.erl | 16 | ||||
| -rw-r--r-- | lib/ssl/test/tls_api_SUITE.erl | 14 | ||||
| -rw-r--r-- | lib/ssl/test/tls_server_session_ticket_SUITE.erl | 3 |
15 files changed, 174 insertions, 189 deletions
diff --git a/lib/ssl/test/property_test/ssl_eqc_handshake.erl b/lib/ssl/test/property_test/ssl_eqc_handshake.erl index 6fccaf6440..a3d6375de2 100644 --- a/lib/ssl/test/property_test/ssl_eqc_handshake.erl +++ b/lib/ssl/test/property_test/ssl_eqc_handshake.erl @@ -57,11 +57,8 @@ -include_lib("ssl/src/ssl_handshake.hrl"). -include_lib("ssl/src/ssl_alert.hrl"). -include_lib("ssl/src/ssl_internal.hrl"). +-include_lib("ssl/src/ssl_record.hrl"). --define('TLS_v1.3', {3,4}). --define('TLS_v1.2', {3,3}). --define('TLS_v1.1', {3,2}). --define('TLS_v1', {3,1}). %%-------------------------------------------------------------------- %% Properties -------------------------------------------------------- @@ -87,7 +84,7 @@ prop_tls_hs_encode_decode() -> %% Message Generators ----------------------------------------------- %%-------------------------------------------------------------------- -tls_msg(?'TLS_v1.3'= Version) -> +tls_msg(?'TLS-1.3'= Version) -> oneof([client_hello(Version), server_hello(Version), %%new_session_ticket() @@ -116,9 +113,9 @@ tls_msg(Version) -> %% %% Shared messages %% -client_hello(?'TLS_v1.3' = Version) -> +client_hello(?'TLS-1.3' = Version) -> #client_hello{session_id = session_id(), - client_version = ?'TLS_v1.2', + client_version = ?'TLS-1.2', cipher_suites = cipher_suites(Version), compression_methods = compressions(Version), random = client_random(Version), @@ -133,8 +130,8 @@ client_hello(Version) -> extensions = client_hello_extensions(Version) }. -server_hello(?'TLS_v1.3' = Version) -> - #server_hello{server_version = ?'TLS_v1.2', +server_hello(?'TLS-1.3' = Version) -> + #server_hello{server_version = ?'TLS-1.2', session_id = session_id(), random = server_random(Version), cipher_suite = cipher_suite(Version), @@ -184,7 +181,7 @@ finished() -> %% encrypted_extensions() -> - ?LET(Exts, extensions(?'TLS_v1.3', encrypted_extensions), + ?LET(Exts, extensions(?'TLS-1.3', encrypted_extensions), #encrypted_extensions{extensions = Exts}). @@ -197,7 +194,7 @@ key_update() -> %%-------------------------------------------------------------------- tls_version() -> - oneof([?'TLS_v1.3', ?'TLS_v1.2', ?'TLS_v1.1', ?'TLS_v1']). + oneof([?'TLS-1.3', ?'TLS-1.2', ?'TLS-1.1', ?'TLS-1.0']). cipher_suite(Version) -> oneof(cipher_suites(Version)). @@ -290,7 +287,7 @@ pre_shared_keyextension() -> %% | | | %% | signature_algorithms_cert (RFC 8446) | CH, CR | %% +--------------------------------------------------+-------------+ -extensions(?'TLS_v1.3' = Version, MsgType = client_hello) -> +extensions(?'TLS-1.3' = Version, MsgType = client_hello) -> ?LET({ ServerName, %% MaxFragmentLength, @@ -398,7 +395,7 @@ extensions(Version, client_hello) -> srp => SRP %% renegotiation_info => RenegotiationInfo })); -extensions(?'TLS_v1.3' = Version, MsgType = server_hello) -> +extensions(?'TLS-1.3' = Version, MsgType = server_hello) -> ?LET({ KeyShare, PreSharedKey, @@ -443,7 +440,7 @@ extensions(Version, server_hello) -> next_protocol_negotiation => NextP %% renegotiation_info => RenegotiationInfo })); -extensions(?'TLS_v1.3' = Version, encrypted_extensions) -> +extensions(?'TLS-1.3' = Version, encrypted_extensions) -> ?LET({ ServerName, %% MaxFragmentLength, @@ -551,7 +548,7 @@ signature() -> 76,105,212,176,25,6,148,49,194,106,253,241,212,200, 37,154,227,53,49,216,72,82,163>>. -client_hello_versions(?'TLS_v1.3') -> +client_hello_versions(?'TLS-1.3') -> ?LET(SupportedVersions, oneof([[{3,4}], %% This list breaks the property but can be used for negative tests @@ -626,11 +623,11 @@ cert_conf()-> peer => [{key, ssl_test_lib:hardcode_rsa_key(6)}]}}). cert_auths() -> - certificate_authorities(?'TLS_v1.3'). + certificate_authorities(?'TLS-1.3'). certificate_request_1_3() -> #certificate_request_1_3{certificate_request_context = <<>>, - extensions = #{certificate_authorities => certificate_authorities(?'TLS_v1.3')} + extensions = #{certificate_authorities => certificate_authorities(?'TLS-1.3')} }. certificate_request(Version) -> #certificate_request{certificate_types = certificate_types(Version), @@ -666,9 +663,9 @@ hash_alg(Version) -> {hash_algorithm(Version, Alg), Alg} ). -hash_algorithm(?'TLS_v1.3', _) -> +hash_algorithm(?'TLS-1.3', _) -> oneof([sha, sha224, sha256, sha384, sha512]); -hash_algorithm(?'TLS_v1.2', rsa) -> +hash_algorithm(?'TLS-1.2', rsa) -> oneof([sha, sha224, sha256, sha384, sha512]); hash_algorithm(_, rsa) -> oneof([md5, sha, sha224, sha256, sha384, sha512]); @@ -677,19 +674,19 @@ hash_algorithm(_, ecdsa) -> hash_algorithm(_, dsa) -> sha. -sign_algorithm(?'TLS_v1.3') -> +sign_algorithm(?'TLS-1.3') -> oneof([rsa, ecdsa]); sign_algorithm(_) -> oneof([rsa, dsa, ecdsa]). - use_srtp() -> FullProfiles = [<<0,1>>, <<0,2>>, <<0,5>>], NullProfiles = [<<0,5>>], ?LET(PP, oneof([FullProfiles, NullProfiles]), #use_srtp{protection_profiles = PP, mki = <<>>}). -certificate_authorities(?'TLS_v1.3') -> - Auths = certificate_authorities(?'TLS_v1.2'), +certificate_authorities(?'TLS-1.3') -> + Auths = certificate_authorities(?'TLS-1.2'), + #certificate_authorities{authorities = Auths}; certificate_authorities(_) -> #{server_config := ServerConf} = cert_conf(), @@ -718,13 +715,13 @@ ec_point_formats() -> ec_point_format_list() -> [?ECPOINT_UNCOMPRESSED]. -elliptic_curves({_, Minor}) when Minor < 4 -> - Curves = tls_v1:ecc_curves(Minor), +elliptic_curves(Version) when Version < ?'TLS-1.3' -> + Curves = tls_v1:ecc_curves(Version), #elliptic_curves{elliptic_curve_list = Curves}. %% RFC 8446 (TLS 1.3) renamed the "elliptic_curve" extension. -supported_groups({_, Minor}) when Minor >= 4 -> - SupportedGroups = tls_v1:groups(Minor), +supported_groups(?'TLS-1.X'=Version) when Version >= ?'TLS-1.3' -> + SupportedGroups = tls_v1:groups(), #supported_groups{supported_groups = SupportedGroups}. diff --git a/lib/ssl/test/ssl_ECC_SUITE.erl b/lib/ssl/test/ssl_ECC_SUITE.erl index 7d4633095d..ed11926469 100644 --- a/lib/ssl/test/ssl_ECC_SUITE.erl +++ b/lib/ssl/test/ssl_ECC_SUITE.erl @@ -24,6 +24,7 @@ -behaviour(ct_suite). +-include_lib("ssl/src/ssl_record.hrl"). -include_lib("common_test/include/ct.hrl"). -include_lib("public_key/include/public_key.hrl"). @@ -180,7 +181,7 @@ client_ecdsa_server_ecdsa_with_raw_key(Config) when is_list(Config) -> ecc_default_order(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_ecdsa, ecdhe_ecdsa, @@ -195,7 +196,7 @@ ecc_default_order(Config) -> ecc_default_order_custom_curves(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_ecdsa, ecdhe_ecdsa, @@ -210,7 +211,7 @@ ecc_default_order_custom_curves(Config) -> ecc_client_order(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_ecdsa, ecdhe_ecdsa, @@ -225,7 +226,7 @@ ecc_client_order(Config) -> ecc_client_order_custom_curves(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_ecdsa, ecdhe_ecdsa, @@ -252,7 +253,7 @@ ecc_unknown_curve(Config) -> client_ecdh_rsa_server_ecdhe_ecdsa_server_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdh_rsa, ecdhe_ecdsa, Config), @@ -266,7 +267,7 @@ client_ecdh_rsa_server_ecdhe_ecdsa_server_custom(Config) -> client_ecdh_rsa_server_ecdhe_rsa_server_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdh_rsa, ecdhe_rsa, Config), @@ -281,7 +282,7 @@ client_ecdh_rsa_server_ecdhe_rsa_server_custom(Config) -> client_ecdhe_rsa_server_ecdhe_ecdsa_server_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_rsa, ecdhe_ecdsa, Config), @@ -295,7 +296,7 @@ client_ecdhe_rsa_server_ecdhe_ecdsa_server_custom(Config) -> client_ecdhe_rsa_server_ecdhe_rsa_server_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_rsa, ecdhe_rsa, Config), @@ -309,7 +310,7 @@ client_ecdhe_rsa_server_ecdhe_rsa_server_custom(Config) -> end. client_ecdhe_rsa_server_ecdh_rsa_server_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), Ext = x509_test:extensions([{key_usage, [keyEncipherment]}]), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, [[], [], [{extensions, Ext}]]}, {client_chain, Default}], @@ -327,7 +328,7 @@ client_ecdhe_rsa_server_ecdh_rsa_server_custom(Config) -> client_ecdhe_ecdsa_server_ecdhe_ecdsa_server_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_ecdsa, ecdhe_ecdsa, Config), @@ -341,7 +342,7 @@ client_ecdhe_ecdsa_server_ecdhe_ecdsa_server_custom(Config) -> client_ecdhe_ecdsa_server_ecdhe_rsa_server_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_ecdsa, ecdhe_rsa, Config), @@ -355,7 +356,7 @@ client_ecdhe_ecdsa_server_ecdhe_rsa_server_custom(Config) -> client_ecdhe_ecdsa_server_ecdhe_ecdsa_client_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_ecdsa, ecdhe_ecdsa, Config), @@ -369,7 +370,7 @@ client_ecdhe_ecdsa_server_ecdhe_ecdsa_client_custom(Config) -> client_ecdhe_rsa_server_ecdhe_ecdsa_client_custom(Config) -> Default = ssl_test_lib:default_cert_chain_conf(), - DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(1))), + DefaultCurve = pubkey_cert_records:namedCurves(hd(tls_v1:ecc_curves(?'TLS-1.0'))), {COpts0, SOpts0} = ssl_test_lib:make_ec_cert_chains([{server_chain, Default}, {client_chain, Default}], ecdhe_rsa, ecdhe_ecdsa, Config), diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl index 664f59a47d..c922339541 100644 --- a/lib/ssl/test/ssl_api_SUITE.erl +++ b/lib/ssl/test/ssl_api_SUITE.erl @@ -27,6 +27,7 @@ -include_lib("ssl/src/ssl_api.hrl"). -include_lib("ssl/src/ssl_internal.hrl"). -include_lib("public_key/include/public_key.hrl"). +-include("ssl_record.hrl"). %% Common test -export([all/0, @@ -3856,13 +3857,10 @@ active_n_common(S, N) -> ok({ok,V}) -> V. repeat(N, Fun) -> - repeat(N, N, Fun). + Repeat = fun F(Arg) when is_integer(Arg), Arg > 0 -> Fun(N - Arg), F(Arg - 1); + F(_) -> ok end, + Repeat(N). -repeat(N, T, Fun) when is_integer(N), N > 0 -> - Fun(T-N), - repeat(N-1, T, Fun); -repeat(_, _, _) -> - ok. get_close(Pid, Where) -> receive @@ -4022,55 +4020,63 @@ log(#{msg:={report,_Report}},#{config:=Pid}) -> log(_,_) -> ok. -length_exclusive({3,_} = Version) -> +length_exclusive(?'TLS-1.X' = Version) -> length(exclusive_default_up_to_version(Version, [])) + length(exclusive_non_default_up_to_version(Version, [])); -length_exclusive({254,_} = Version) -> +length_exclusive(?'DTLS-1.X' = Version) -> length(dtls_exclusive_default_up_to_version(Version, [])) + length(dtls_exclusive_non_default_up_to_version(Version, [])). length_all(Version) -> length(ssl:cipher_suites(all, Version)). -exclusive_default_up_to_version({3, 1} = Version, Acc) -> - ssl:cipher_suites(exclusive, Version) ++ Acc; -exclusive_default_up_to_version({3, Minor} = Version, Acc) when Minor =< 4 -> - Suites = ssl:cipher_suites(exclusive, Version), - exclusive_default_up_to_version({3, Minor-1}, Suites ++ Acc). - -dtls_exclusive_default_up_to_version({254, 255} = Version, Acc) -> - ssl:cipher_suites(exclusive, Version) ++ Acc; -dtls_exclusive_default_up_to_version({254, 253} = Version, Acc) -> - Suites = ssl:cipher_suites(exclusive, Version), - dtls_exclusive_default_up_to_version({254, 255}, Suites ++ Acc). - -exclusive_non_default_up_to_version({3, 1} = Version, Acc) -> - exclusive_non_default_version(Version) ++ Acc; -exclusive_non_default_up_to_version({3, 4}, Acc) -> - exclusive_non_default_up_to_version({3, 3}, Acc); -exclusive_non_default_up_to_version({3, Minor} = Version, Acc) when Minor =< 3 -> - Suites = exclusive_non_default_version(Version), - exclusive_non_default_up_to_version({3, Minor-1}, Suites ++ Acc). - -dtls_exclusive_non_default_up_to_version({254, 255} = Version, Acc) -> - dtls_exclusive_non_default_version(Version) ++ Acc; -dtls_exclusive_non_default_up_to_version({254, 253} = Version, Acc) -> - Suites = dtls_exclusive_non_default_version(Version), - dtls_exclusive_non_default_up_to_version({254, 255}, Suites ++ Acc). - -exclusive_non_default_version({_, Minor}) -> - tls_v1:psk_exclusive(Minor) ++ - tls_v1:srp_exclusive(Minor) ++ - tls_v1:rsa_exclusive(Minor) ++ - tls_v1:des_exclusive(Minor) ++ - tls_v1:rc4_exclusive(Minor). +exclusive_default_up_to_version(?'TLS-1.0', Acc) -> + lists:flatmap(fun (Vsn) -> ssl:cipher_suites(exclusive, Vsn) end + , [?'TLS-1.0' | Acc]); +exclusive_default_up_to_version(?'TLS-1.1', Acc) -> + exclusive_default_up_to_version(?'TLS-1.0', [?'TLS-1.1' | Acc]); +exclusive_default_up_to_version(?'TLS-1.2', Acc) -> + exclusive_default_up_to_version(?'TLS-1.1', [?'TLS-1.2' | Acc]); +exclusive_default_up_to_version(?'TLS-1.3', Acc) -> + exclusive_default_up_to_version(?'TLS-1.2', [?'TLS-1.3' | Acc]). + +dtls_exclusive_default_up_to_version(?'DTLS-1.0', Acc) -> + lists:flatmap( fun (Vsn) -> ssl:cipher_suites(exclusive, Vsn) end + , [?'DTLS-1.0' | Acc]); +dtls_exclusive_default_up_to_version(?'DTLS-1.2', Acc) -> + dtls_exclusive_default_up_to_version(?'DTLS-1.0', [?'DTLS-1.2' | Acc]). + +%% TODO: wip +exclusive_non_default_up_to_version(?'TLS-1.0', Acc) -> + lists:flatmap(fun exclusive_non_default_version/1, [?'TLS-1.0' | Acc]); +exclusive_non_default_up_to_version(?'TLS-1.1', Acc) -> + exclusive_non_default_up_to_version(?'TLS-1.0', [?'TLS-1.1' | Acc]); +exclusive_non_default_up_to_version(?'TLS-1.2', Acc) -> + exclusive_non_default_up_to_version(?'TLS-1.1', [?'TLS-1.2' | Acc]); +exclusive_non_default_up_to_version(?'TLS-1.3', Acc) -> + exclusive_non_default_up_to_version(?'TLS-1.2', Acc). + + +dtls_exclusive_non_default_up_to_version(?'DTLS-1.0', Acc) -> + lists:flatmap(fun dtls_exclusive_non_default_version/1, [?'DTLS-1.0' | Acc]); +dtls_exclusive_non_default_up_to_version(?'DTLS-1.2', Acc) -> + dtls_exclusive_non_default_up_to_version(?'DTLS-1.0', [?'DTLS-1.2' | Acc]). + +exclusive_non_default_version(Version) -> + Ls = [ fun tls_v1:psk_exclusive/1 + , fun tls_v1:srp_exclusive/1 + , fun tls_v1:rsa_exclusive/1 + , fun tls_v1:des_exclusive/1 + , fun tls_v1:rc4_exclusive/1], + lists:flatmap(fun(Fn) -> Fn(Version) end, Ls). dtls_exclusive_non_default_version(DTLSVersion) -> - {_,Minor} = ssl:tls_version(DTLSVersion), - tls_v1:psk_exclusive(Minor) ++ - tls_v1:srp_exclusive(Minor) ++ - tls_v1:rsa_exclusive(Minor) ++ - tls_v1:des_exclusive(Minor). + Version = ssl:tls_version(DTLSVersion), + Fns = [ fun tls_v1:psk_exclusive/1 + , fun tls_v1:srp_exclusive/1 + , fun tls_v1:rsa_exclusive/1 + , fun tls_v1:des_exclusive/1], + lists:flatmap(fun (Fn) -> Fn(Version) end, Fns). selected_peer(ExpectedClient, ExpectedServer, ClientOpts, ServerOpts, Config) -> diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl index d445072d7b..5b42624af6 100644 --- a/lib/ssl/test/ssl_cert_SUITE.erl +++ b/lib/ssl/test/ssl_cert_SUITE.erl @@ -25,6 +25,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("public_key/include/public_key.hrl"). +-include("ssl_record.hrl"). %% Common test -export([all/0, @@ -1377,7 +1378,7 @@ rsa_alg(rsa_pss_pss_1_3) -> rsa_alg(Atom) -> Atom. -no_reuse({3, N}) when N >= 4 -> +no_reuse(?'TLS-1.3') -> []; no_reuse(_) -> [{reuse_sessions, false}]. diff --git a/lib/ssl/test/ssl_cert_tests.erl b/lib/ssl/test/ssl_cert_tests.erl index be3f651a13..8df08398da 100644 --- a/lib/ssl/test/ssl_cert_tests.erl +++ b/lib/ssl/test/ssl_cert_tests.erl @@ -467,8 +467,8 @@ test_ciphers(_, 'tlsv1.3' = Version) -> end, Ciphers); test_ciphers(_, Version) when Version == 'dtlsv1'; Version == 'dtlsv1.2' -> - {_, Minor} = dtls_record:protocol_version(Version), - Ciphers = [ssl_cipher_format:suite_bin_to_map(Bin) || Bin <- dtls_v1:suites(Minor)], + NVersion = dtls_record:protocol_version(Version), + Ciphers = [ssl_cipher_format:suite_bin_to_map(Bin) || Bin <- dtls_v1:suites(NVersion)], ct:log("Version ~p Testing ~p~n", [Version, Ciphers]), OpenSSLCiphers = openssl_ciphers(), ct:log("OpenSSLCiphers ~p~n", [OpenSSLCiphers]), diff --git a/lib/ssl/test/ssl_cipher_SUITE.erl b/lib/ssl/test/ssl_cipher_SUITE.erl index def13d0860..c2d92e859d 100644 --- a/lib/ssl/test/ssl_cipher_SUITE.erl +++ b/lib/ssl/test/ssl_cipher_SUITE.erl @@ -25,6 +25,7 @@ -include_lib("common_test/include/ct.hrl"). -include("tls_record.hrl"). -include("ssl_cipher.hrl"). +-include("ssl_record.hrl"). %% Callback functions -export([all/0, @@ -96,10 +97,9 @@ aes_decipher_good() -> aes_decipher_good(Config) when is_list(Config) -> HashSz = 32, CipherState = correct_cipher_state(), - decipher_check_good(HashSz, CipherState, {3,0}), - decipher_check_good(HashSz, CipherState, {3,1}), - decipher_check_good(HashSz, CipherState, {3,2}), - decipher_check_good(HashSz, CipherState, {3,3}). + decipher_check_good(HashSz, CipherState, ?'TLS-1.0'), + decipher_check_good(HashSz, CipherState, ?'TLS-1.1'), + decipher_check_good(HashSz, CipherState, ?'TLS-1.2'). %%-------------------------------------------------------------------- aes_decipher_fail() -> @@ -108,19 +108,17 @@ aes_decipher_fail() -> aes_decipher_fail(Config) when is_list(Config) -> HashSz = 32, CipherState = incorrect_cipher_state(), - decipher_check_fail(HashSz, CipherState, {3,0}), - decipher_check_fail(HashSz, CipherState, {3,1}), - decipher_check_fail(HashSz, CipherState, {3,2}), - decipher_check_fail(HashSz, CipherState, {3,3}). + decipher_check_fail(HashSz, CipherState, ?'TLS-1.0'), + decipher_check_fail(HashSz, CipherState, ?'TLS-1.1'), + decipher_check_fail(HashSz, CipherState, ?'TLS-1.2'). %%-------------------------------------------------------------------- padding_test(Config) when is_list(Config) -> HashSz = 16, CipherState = correct_cipher_state(), - pad_test(HashSz, CipherState, {3,0}), - pad_test(HashSz, CipherState, {3,1}), - pad_test(HashSz, CipherState, {3,2}), - pad_test(HashSz, CipherState, {3,3}). + pad_test(HashSz, CipherState, ?'TLS-1.0'), + pad_test(HashSz, CipherState, ?'TLS-1.1'), + pad_test(HashSz, CipherState, ?'TLS-1.2'). %%-------------------------------------------------------------------- % Internal functions -------------------------------------------------------- @@ -135,21 +133,14 @@ decipher_check_fail(HashSz, CipherState, Version) -> true = {Content, Mac, #cipher_state{iv = NextIV}} =/= ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, aes_fragment(Version), Version, true). -pad_test(HashSz, CipherState, {3,0} = Version) -> - %% 3.0 does not have padding test - {Content, NextIV, Mac} = badpad_content_nextiv_mac(Version), - {Content, Mac, #cipher_state{iv = NextIV}} = - ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, badpad_aes_fragment({3,0}), {3,0}, true), - {Content, Mac, #cipher_state{iv = NextIV}} = - ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, badpad_aes_fragment({3,0}), {3,0}, false); -pad_test(HashSz, CipherState, {3,1} = Version) -> +pad_test(HashSz, CipherState, ?'TLS-1.0' = Version) -> %% 3.1 should have padding test, but may be disabled {Content, NextIV, Mac} = badpad_content_nextiv_mac(Version), BadCont = badpad_content(Content), {Content, Mac, #cipher_state{iv = NextIV}} = - ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, badpad_aes_fragment({3,1}) , {3,1}, false), + ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, badpad_aes_fragment(?'TLS-1.0') , ?'TLS-1.0', false), {BadCont, Mac, #cipher_state{iv = NextIV}} = - ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, badpad_aes_fragment({3,1}), {3,1}, true); + ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, badpad_aes_fragment(?'TLS-1.0'), ?'TLS-1.0', true); pad_test(HashSz, CipherState, Version) -> %% 3.2 and 3.3 must have padding test {Content, NextIV, Mac} = badpad_content_nextiv_mac(Version), @@ -159,7 +150,7 @@ pad_test(HashSz, CipherState, Version) -> {BadCont, Mac, #cipher_state{iv = NextIV}} = ssl_cipher:decipher(?AES_CBC, HashSz, CipherState, badpad_aes_fragment(Version), Version, true). -aes_fragment({3,N}) when N == 0; N == 1-> +aes_fragment(?'TLS-1.0') -> <<197,9,6,109,242,87,80,154,85,250,110,81,119,95,65,185,53,206,216,153,246,169, 119,177,178,238,248,174,253,220,242,81,33,0,177,251,91,44,247,53,183,198,165, 63,20,194,159,107>>; @@ -170,7 +161,7 @@ aes_fragment(_) -> 198,181,81,19,98,162,213,228,74,224,253,168,156,59,195,122, 108,101,107,242,20,15,169,150,163,107,101,94,93,104,241,165>>. -badpad_aes_fragment({3,N}) when N == 0; N == 1 -> +badpad_aes_fragment(?'TLS-1.0') -> <<186,139,125,10,118,21,26,248,120,108,193,104,87,118,145,79,225,55,228,10,105, 30,190,37,1,88,139,243,210,99,65,41>>; badpad_aes_fragment(_) -> @@ -178,7 +169,7 @@ badpad_aes_fragment(_) -> 94,121,137,117,157,109,99,113,61,190,138,131,229,201,120,142,179,172,48,77, 234,19,240,33,38,91,93>>. -content_nextiv_mac({3,N}) when N == 0; N == 1 -> +content_nextiv_mac(?'TLS-1.0') -> {<<"HELLO\n">>, <<72,196,247,97,62,213,222,109,210,204,217,186,172,184, 197,148>>, <<71,136,212,107,223,200,70,232,127,116,148,205,232,35,158,113,237,174,15,217,192,168,35,8,6,107,107,233,25,174,90,111>>}; @@ -187,7 +178,7 @@ content_nextiv_mac(_) -> <<183,139,16,132,10,209,67,86,168,100,61,217,145,57,36,56>>, <<71,136,212,107,223,200,70,232,127,116,148,205,232,35,158,113,237,174,15,217,192,168,35,8,6,107,107,233,25,174,90,111>>}. -badpad_content_nextiv_mac({3,N}) when N == 0; N == 1 -> +badpad_content_nextiv_mac(?'TLS-1.0') -> {<<"HELLO\n">>, <<225,55,228,10,105,30,190,37,1,88,139,243,210,99,65,41>>, <<183,139,16,132,10,209,67,86,168,100,61,217,145,57,36,56>> diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl index 074a795556..b50d93b5d1 100644 --- a/lib/ssl/test/ssl_handshake_SUITE.erl +++ b/lib/ssl/test/ssl_handshake_SUITE.erl @@ -126,7 +126,7 @@ decode_hello_handshake(_Config) -> 16#00, 16#00, 16#33, 16#74, 16#00, 16#07, 16#06, 16#73, 16#70, 16#64, 16#79, 16#2f, 16#32>>, - Version = {3, 0}, + Version = ?'SSL-3.0', DefOpts = ssl:update_options([{verify, verify_none}], client, #{}), {Records, _Buffer} = tls_handshake:get_tls_handshakes(Version, HelloPacket, <<>>, DefOpts), @@ -136,7 +136,7 @@ decode_hello_handshake(_Config) -> decode_single_hello_extension_correctly(_Config) -> Renegotiation = <<?UINT16(?RENEGOTIATION_EXT), ?UINT16(1), 0>>, - Extensions = ssl_handshake:decode_extensions(Renegotiation, {3,3}, undefined), + Extensions = ssl_handshake:decode_extensions(Renegotiation, ?'TLS-1.2', undefined), #{renegotiation_info := #renegotiation_info{renegotiated_connection = <<0>>}} = Extensions. decode_supported_elliptic_curves_hello_extension_correctly(_Config) -> @@ -148,13 +148,13 @@ decode_supported_elliptic_curves_hello_extension_correctly(_Config) -> Len = ListLen + 2, Extension = <<?UINT16(?ELLIPTIC_CURVES_EXT), ?UINT16(Len), ?UINT16(ListLen), EllipticCurveList/binary>>, % after decoding we should see only valid curves - Extensions = ssl_handshake:decode_hello_extensions(Extension, {3,2}, {3,2}, client), + Extensions = ssl_handshake:decode_hello_extensions(Extension, ?'TLS-1.1', ?'TLS-1.1', client), #{elliptic_curves := #elliptic_curves{elliptic_curve_list = [?sect233k1, ?sect193r2]}} = Extensions. decode_unknown_hello_extension_correctly(_Config) -> FourByteUnknown = <<16#CA,16#FE, ?UINT16(4), 3, 0, 1, 2>>, Renegotiation = <<?UINT16(?RENEGOTIATION_EXT), ?UINT16(1), 0>>, - Extensions = ssl_handshake:decode_hello_extensions(<<FourByteUnknown/binary, Renegotiation/binary>>, {3,2}, {3,2}, client), + Extensions = ssl_handshake:decode_hello_extensions(<<FourByteUnknown/binary, Renegotiation/binary>>, ?'TLS-1.1', ?'TLS-1.1', client), #{renegotiation_info := #renegotiation_info{renegotiated_connection = <<0>>}} = Extensions. @@ -169,21 +169,21 @@ encode_single_hello_sni_extension_correctly(_Config) -> decode_single_hello_sni_extension_correctly(_Config) -> SNI = <<16#00, 16#00, 16#00, 16#0d, 16#00, 16#0b, 16#00, 16#00, 16#08, $t, $e, $s, $t, $., $c, $o, $m>>, - Decoded = ssl_handshake:decode_hello_extensions(SNI, {3,3}, {3,3}, client), + Decoded = ssl_handshake:decode_hello_extensions(SNI, ?'TLS-1.2', ?'TLS-1.2', client), #{sni := #sni{hostname = "test.com"}} = Decoded. decode_empty_server_sni_correctly(_Config) -> SNI = <<?UINT16(?SNI_EXT),?UINT16(0)>>, - Decoded = ssl_handshake:decode_hello_extensions(SNI, {3,3}, {3,3}, server), + Decoded = ssl_handshake:decode_hello_extensions(SNI, ?'TLS-1.2', ?'TLS-1.2', server), #{sni := #sni{hostname = ""}} = Decoded. select_proper_tls_1_2_rsa_default_hashsign(_Config) -> % RFC 5246 section 7.4.1.4.1 tells to use {sha1,rsa} as default signature_algorithm for RSA key exchanges - {sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, {3,3}), + {sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, ?'TLS-1.2'), % Older versions use MD5/SHA1 combination - {md5sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, {3,2}), - {md5sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, {3,0}). + {md5sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, ?'TLS-1.1'), + {md5sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, ?'SSL-3.0'). ignore_hassign_extension_pre_tls_1_2(Config) -> @@ -191,11 +191,10 @@ ignore_hassign_extension_pre_tls_1_2(Config) -> CertFile = proplists:get_value(certfile, Opts), [{_, Cert, _}] = ssl_test_lib:pem_to_der(CertFile), HashSigns = #hash_sign_algos{hash_sign_algos = [{sha512, rsa}, {sha, dsa}, {sha256, rsa}]}, - {sha512, rsa} = ssl_handshake:select_hashsign({HashSigns, undefined}, Cert, ecdhe_rsa, tls_v1:default_signature_algs([{3,3}]), {3,3}), + {sha512, rsa} = ssl_handshake:select_hashsign({HashSigns, undefined}, Cert, ecdhe_rsa, tls_v1:default_signature_algs([?'TLS-1.2']), ?'TLS-1.2'), %%% Ignore - {md5sha, rsa} = ssl_handshake:select_hashsign({HashSigns, undefined}, Cert, ecdhe_rsa, tls_v1:default_signature_algs([{3,2}]), {3,2}), - {md5sha, rsa} = ssl_handshake:select_hashsign({HashSigns, undefined}, Cert, ecdhe_rsa, tls_v1:default_signature_algs([{3,0}]), {3,0}). - + {md5sha, rsa} = ssl_handshake:select_hashsign({HashSigns, undefined}, Cert, ecdhe_rsa, tls_v1:default_signature_algs([?'TLS-1.1']), ?'TLS-1.1'), + {md5sha, rsa} = ssl_handshake:select_hashsign({HashSigns, undefined}, Cert, ecdhe_rsa, tls_v1:default_signature_algs([?'SSL-3.0']), ?'SSL-3.0'). signature_algorithms(Config) -> Opts = proplists:get_value(server_opts, Config), @@ -212,16 +211,16 @@ signature_algorithms(Config) -> {sha512, rsa} = ssl_handshake:select_hashsign( {HashSigns0, Schemes0}, Cert, ecdhe_rsa, - tls_v1:default_signature_algs([{3,3}]), - {3,3}), + tls_v1:default_signature_algs([?'TLS-1.2']), + ?'TLS-1.2'), HashSigns1 = #hash_sign_algos{ hash_sign_algos = [{sha, dsa}, {sha256, rsa}]}, {sha256, rsa} = ssl_handshake:select_hashsign( {HashSigns1, Schemes0}, Cert, ecdhe_rsa, - tls_v1:default_signature_algs([{3,3}]), - {3,3}), + tls_v1:default_signature_algs([?'TLS-1.2']), + ?'TLS-1.2'), Schemes1 = #signature_algorithms_cert{ signature_scheme_list = [rsa_pkcs1_sha1, ecdsa_sha1]}, @@ -229,22 +228,22 @@ signature_algorithms(Config) -> #alert{} = ssl_handshake:select_hashsign( {HashSigns1, Schemes1}, Cert, ecdhe_rsa, - tls_v1:default_signature_algs([{3,3}]), - {3,3}), + tls_v1:default_signature_algs([?'TLS-1.2']), + ?'TLS-1.2'), %% No scheme, hashsign is used {sha256, rsa} = ssl_handshake:select_hashsign( {HashSigns1, undefined}, Cert, ecdhe_rsa, - tls_v1:default_signature_algs([{3,3}]), - {3,3}), + tls_v1:default_signature_algs([?'TLS-1.2']), + ?'TLS-1.2'), HashSigns2 = #hash_sign_algos{ hash_sign_algos = [{sha, dsa}]}, %% Signature not supported #alert{} = ssl_handshake:select_hashsign( {HashSigns2, Schemes1}, Cert, ecdhe_rsa, - tls_v1:default_signature_algs([{3,3}]), - {3,3}). + tls_v1:default_signature_algs([?'TLS-1.2']), + ?'TLS-1.2'). %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ diff --git a/lib/ssl/test/ssl_mfl_SUITE.erl b/lib/ssl/test/ssl_mfl_SUITE.erl index 362cc3ac31..a9e1a6a8f9 100644 --- a/lib/ssl/test/ssl_mfl_SUITE.erl +++ b/lib/ssl/test/ssl_mfl_SUITE.erl @@ -22,6 +22,7 @@ -behaviour(ct_suite). -include_lib("common_test/include/ct.hrl"). +-include("ssl_record.hrl"). %% Common test -export([all/0, @@ -186,7 +187,7 @@ run_mfl_handshake_continue(Config, MFL) -> receive {Client, {ext, ClientExt}} -> ct:log("Client handshake Ext ~p~n", [ClientExt]), case maps:get(server_hello_selected_version, ClientExt, undefined) of - {3,4} -> + ?'TLS-1.3' -> %% For TLS 1.3 the ssl {handshake, hello} API is inconsistent: %% the server gets all the extensions CH+EE, but the client only CH ignore; diff --git a/lib/ssl/test/ssl_npn_hello_SUITE.erl b/lib/ssl/test/ssl_npn_hello_SUITE.erl index 2a98eb71d0..f1cd8f84b8 100644 --- a/lib/ssl/test/ssl_npn_hello_SUITE.erl +++ b/lib/ssl/test/ssl_npn_hello_SUITE.erl @@ -123,12 +123,12 @@ encode_and_decode_npn_server_hello_test(Config) -> %%-------------------------------------------------------------------- create_server_hello_with_no_advertised_protocols_test(_Config) -> - Hello = ssl_handshake:server_hello(<<>>, {3, 0}, create_connection_states(), #{}), + Hello = ssl_handshake:server_hello(<<>>, ?'SSL-3.0', create_connection_states(), #{}), Extensions = Hello#server_hello.extensions, #{} = Extensions. %%-------------------------------------------------------------------- create_server_hello_with_advertised_protocols_test(_Config) -> - Hello = ssl_handshake:server_hello(<<>>, {3, 0}, create_connection_states(), + Hello = ssl_handshake:server_hello(<<>>, ?'SSL-3.0', create_connection_states(), #{next_protocol_negotiation => [<<"spdy/1">>, <<"http/1.0">>, <<"http/1.1">>]}), Extensions = Hello#server_hello.extensions, #{next_protocol_negotiation := [<<"spdy/1">>, <<"http/1.0">>, <<"http/1.1">>]} = Extensions. diff --git a/lib/ssl/test/ssl_reject_SUITE.erl b/lib/ssl/test/ssl_reject_SUITE.erl index 7221b629ac..a068c4be36 100644 --- a/lib/ssl/test/ssl_reject_SUITE.erl +++ b/lib/ssl/test/ssl_reject_SUITE.erl @@ -22,7 +22,7 @@ -module(ssl_reject_SUITE). -include_lib("common_test/include/ct.hrl"). --include_lib("ssl/src/ssl_record.hrl"). +-include("ssl_record.hrl"). -include_lib("ssl/src/ssl_alert.hrl"). -include_lib("ssl/src/ssl_handshake.hrl"). @@ -48,15 +48,15 @@ accept_sslv3_record_hello/1 ]). --define(TLS_MAJOR, 3). --define(SSL_3_0_MAJOR, 3). --define(SSL_3_0_MINOR, 0). --define(TLS_1_0_MINOR, 1). --define(TLS_1_1_MINOR, 2). --define(TLS_1_2_MINOR, 3). --define(TLS_1_3_MINOR, 4). --define(SSL_2_0_MAJOR, 0). --define(SSL_2_0_MINOR, 1). +-define(TLS_MAJOR, (element(1, ?'TLS-1.2'))). +-define(SSL_3_0_MAJOR, (element(1, ?'SSL-3.0'))). +-define(SSL_3_0_MINOR, (element(2, ?'SSL-3.0'))). +-define(TLS_1_0_MINOR, (element(2, ?'TLS-1.0'))). +-define(TLS_1_1_MINOR, (element(2, ?'TLS-1.1'))). +-define(TLS_1_2_MINOR, (element(2, ?'TLS-1.2'))). +-define(TLS_1_3_MINOR, (element(2, ?'TLS-1.3'))). +-define(SSL_2_0_MAJOR, (element(1, ?'SSL-2.0'))). +-define(SSL_2_0_MINOR, (element(2, ?'SSL-2.0'))). %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- @@ -194,10 +194,11 @@ accept_sslv3_record_hello(Config) when is_list(Config) -> {ok, Socket} = gen_tcp:connect(Hostname, Port, [{active, false}]), gen_tcp:send(Socket, ClientHello), + TLS_Major = ?TLS_MAJOR, case gen_tcp:recv(Socket, 3, 5000) of %% Minor needs to be a TLS version that is a version %% above SSL-3.0 - {ok, [?HANDSHAKE, ?TLS_MAJOR, Minor]} when Minor > ?SSL_3_0_MINOR -> + {ok, [?HANDSHAKE, TLS_Major, Minor]} when Minor > ?SSL_3_0_MINOR -> ok; {error, timeout} -> ct:fail(ssl3_record_not_accepted) diff --git a/lib/ssl/test/ssl_renegotiate_SUITE.erl b/lib/ssl/test/ssl_renegotiate_SUITE.erl index 4b46863415..aa5a32c8aa 100644 --- a/lib/ssl/test/ssl_renegotiate_SUITE.erl +++ b/lib/ssl/test/ssl_renegotiate_SUITE.erl @@ -26,6 +26,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("public_key/include/public_key.hrl"). +-include("ssl_record.hrl"). %% Common test -export([all/0, @@ -87,11 +88,10 @@ all() -> groups() -> [{'dtlsv1.2', [], renegotiate_tests()}, - {'dtlsv1', [], renegotiate_tests()}, - {'tlsv1.3', [], renegotiate_tests()}, - {'tlsv1.2', [], renegotiate_tests()}, - {'tlsv1.1', [], renegotiate_tests()}, - {'tlsv1', [], renegotiate_tests()} + {'dtlsv1', [], renegotiate_tests()}, + {'tlsv1.2', [], renegotiate_tests()}, + {'tlsv1.1', [], renegotiate_tests()}, + {'tlsv1', [], renegotiate_tests()} ]. renegotiate_tests() -> @@ -107,17 +107,6 @@ renegotiate_tests() -> renegotiate_dos_mitigate_passive, renegotiate_dos_mitigate_absolute]. -ssl3_renegotiate_tests() -> - [client_renegotiate, - server_renegotiate, - client_renegotiate_reused_session, - server_renegotiate_reused_session, - client_no_wrap_sequence_number, - server_no_wrap_sequence_number, - renegotiate_dos_mitigate_active, - renegotiate_dos_mitigate_passive, - renegotiate_dos_mitigate_absolute]. - init_per_suite(Config) -> catch crypto:stop(), try crypto:start() of @@ -518,9 +507,7 @@ renegotiate_rejected(Socket) -> ok. %% First two clauses handles 1/n-1 splitting countermeasure Rizzo/Duong-Beast -treashold(N, {3,0}) -> - (N div 2) + 1; -treashold(N, {3,1}) -> +treashold(N, ?'TLS-1.0') -> (N div 2) + 1; treashold(N, _) -> N + 1. diff --git a/lib/ssl/test/ssl_session_SUITE.erl b/lib/ssl/test/ssl_session_SUITE.erl index 40fff3bbbd..f67f998806 100644 --- a/lib/ssl/test/ssl_session_SUITE.erl +++ b/lib/ssl/test/ssl_session_SUITE.erl @@ -660,9 +660,9 @@ faulty_client(Host, Port) -> encode_client_hello(CH, Random) -> - HSBin = tls_handshake:encode_handshake(CH, {3,3}), + HSBin = tls_handshake:encode_handshake(CH, ?'TLS-1.2'), CS = connection_states(Random), - {Encoded, _} = tls_record:encode_handshake(HSBin, {3,3}, CS), + {Encoded, _} = tls_record:encode_handshake(HSBin, ?'TLS-1.2', CS), Encoded. client_hello(Random) -> @@ -738,7 +738,7 @@ client_hello(Random) -> srp => undefined}, - #client_hello{client_version = {3,3}, + #client_hello{client_version = ?'TLS-1.2', random = Random, session_id = crypto:strong_rand_bytes(32), cipher_suites = CipherSuites, diff --git a/lib/ssl/test/tls_1_3_record_SUITE.erl b/lib/ssl/test/tls_1_3_record_SUITE.erl index 75819d0565..951df01810 100644 --- a/lib/ssl/test/tls_1_3_record_SUITE.erl +++ b/lib/ssl/test/tls_1_3_record_SUITE.erl @@ -174,9 +174,9 @@ encode_decode(_Config) -> 146,152,146,151,107,126,216,210,9,93,0,0>>], {[_Header|Encoded], _} = tls_record_1_3:encode_plain_text(22, PlainText, ConnectionStates), - CipherText = #ssl_tls{type = 23, version = {3,3}, fragment = Encoded}, + CipherText = #ssl_tls{type = 23, version = ?'TLS-1.2', fragment = Encoded}, - {#ssl_tls{type = 22, version = {3,4}, fragment = DecodedText}, _} = + {#ssl_tls{type = 22, version = ?'TLS-1.3', fragment = DecodedText}, _} = tls_record_1_3:decode_cipher_text(CipherText, ConnectionStates), DecodedText = iolist_to_binary(PlainText), @@ -260,7 +260,7 @@ encode_decode(_Config) -> 01 04 02 05 02 06 02 02 02 00 2d 00 02 01 01 00 1c 00 02 40 01"), {CHEncrypted, _} = - tls_record:encode_handshake(ClientHello, {3,4}, ConnStatesNull), + tls_record:encode_handshake(ClientHello, ?'TLS-1.3', ConnStatesNull), ClientHelloRecord = iolist_to_binary(CHEncrypted), %% {server} extract secret "early": @@ -515,7 +515,7 @@ encode_decode(_Config) -> cc 25 3b 83 3d f1 dd 69 b1 b0 4e 75 1f 0f 00 2b 00 02 03 04"), {SHEncrypted, _} = - tls_record:encode_handshake(ServerHello, {3,4}, ConnStatesNull), + tls_record:encode_handshake(ServerHello, ?'TLS-1.3', ConnStatesNull), ServerHelloRecord = iolist_to_binary(SHEncrypted), %% {server} derive write traffic keys for handshake data: @@ -685,7 +685,7 @@ encode_decode(_Config) -> FinishedHS = #finished{verify_data = FinishedVerifyData}, - FinishedIOList = tls_handshake:encode_handshake(FinishedHS, {3,4}), + FinishedIOList = tls_handshake:encode_handshake(FinishedHS, ?'TLS-1.3'), FinishedHSBin = iolist_to_binary(FinishedIOList), %% {server} derive secret "tls13 c ap traffic": @@ -907,7 +907,7 @@ encode_decode(_Config) -> CFinished = #finished{verify_data = CFinishedVerifyData}, - CFinishedIOList = tls_handshake:encode_handshake(CFinished, {3,4}), + CFinishedIOList = tls_handshake:encode_handshake(CFinished, ?'TLS-1.3'), CFinishedBin = iolist_to_binary(CFinishedIOList), %% {client} derive write traffic keys for application data: @@ -1054,7 +1054,7 @@ encode_decode(_Config) -> ticket_nonce = Nonce, ticket = Ticket, extensions = _Extensions - } = tls_handshake:decode_handshake({3,4}, NWT, TicketBody), + } = tls_handshake:decode_handshake(?'TLS-1.3', NWT, TicketBody), %% ResPRK = resumption master secret ResExpanded = tls_v1:pre_shared_key(ResPRK, Nonce, HKDFAlgo), @@ -1288,7 +1288,7 @@ encode_decode(_Config) -> <<?BYTE(CH), ?UINT24(_Length), ClientHelloBody/binary>> = ClientHelloRecord, #client_hello{extensions = #{pre_shared_key := PreSharedKey}} = - tls_handshake:decode_handshake({3,4}, CH, ClientHelloBody), + tls_handshake:decode_handshake(?'TLS-1.3', CH, ClientHelloBody), #pre_shared_key_client_hello{ offered_psks = #offered_psks{ diff --git a/lib/ssl/test/tls_api_SUITE.erl b/lib/ssl/test/tls_api_SUITE.erl index 69dde6b8b9..655b83d0e8 100644 --- a/lib/ssl/test/tls_api_SUITE.erl +++ b/lib/ssl/test/tls_api_SUITE.erl @@ -790,8 +790,8 @@ tls_reject_warning_alert_in_initial_hs(Config) when is_list(Config) -> ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), {Major, Minor} = case ssl_test_lib:protocol_version(Config, tuple) of - {3,4} -> - {3,3}; + ?'TLS-1.3' -> + ?'TLS-1.2'; Other -> Other end, @@ -814,8 +814,8 @@ tls_reject_fake_warning_alert_in_initial_hs(Config) when is_list(Config) -> ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), {Major, Minor} = case ssl_test_lib:protocol_version(Config, tuple) of - {3,4} -> - {3,3}; + ?'TLS-1.3' -> + ?'TLS-1.2'; Other -> Other end, @@ -840,8 +840,8 @@ tls_app_data_in_initial_hs_state(Config) when is_list(Config) -> {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), Version = ssl_test_lib:protocol_version(Config, tuple), {Major, Minor} = case Version of - {3,4} -> - {3,3}; + ?'TLS-1.3' -> + ?'TLS-1.2'; Other -> Other end, @@ -852,7 +852,7 @@ tls_app_data_in_initial_hs_state(Config) when is_list(Config) -> Port = ssl_test_lib:inet_port(Server), {ok, Socket} = gen_tcp:connect("localhost", Port, [{active, false}, binary]), AppData = case Version of - {3, 4} -> + ?'TLS-1.3' -> <<?BYTE(?APPLICATION_DATA), ?BYTE(3), ?BYTE(3), ?UINT16(4), ?BYTE($F), ?BYTE($O), ?BYTE($O), ?BYTE(?APPLICATION_DATA)>>; _ -> diff --git a/lib/ssl/test/tls_server_session_ticket_SUITE.erl b/lib/ssl/test/tls_server_session_ticket_SUITE.erl index e226ed3143..66e96b0a81 100644 --- a/lib/ssl/test/tls_server_session_ticket_SUITE.erl +++ b/lib/ssl/test/tls_server_session_ticket_SUITE.erl @@ -25,6 +25,7 @@ -include_lib("ssl/src/ssl_cipher.hrl"). -include_lib("ssl/src/ssl_internal.hrl"). -include_lib("ssl/src/tls_handshake_1_3.hrl"). +-include("ssl_record.hrl"). %% Callback functions -export([all/0, @@ -53,7 +54,7 @@ -define(TICKET_STORE_SIZE, 1). -define(MASTER_SECRET, "master_secret"). -define(PRF, sha). --define(VERSION, {3,4}). +-define(VERSION, ?'TLS-1.3'). -define(PSK, <<15,168,18,43,216,33,227,142,114,190,70,183,137,57,64,64,66,152,115,94>>). -define(WINDOW_SIZE, 1). -define(SEED, <<1,2,3,4,5>>). |