diff options
| author | Tim Taubert <ttaubert@mozilla.com> | 2016-11-07 15:36:10 +0100 |
|---|---|---|
| committer | Tim Taubert <ttaubert@mozilla.com> | 2016-11-07 15:36:10 +0100 |
| commit | 0c3f7ead824174429dbe673cefe644c80e4416f7 (patch) | |
| tree | 71ed10c28ebae930f37862fbfe8784f8015031b9 | |
| parent | 7db205e81b7c9fb95577bfc59621898b4a31ff64 (diff) | |
| download | nss-hg-0c3f7ead824174429dbe673cefe644c80e4416f7.tar.gz | |
Bug 1315252 - Fuzzing mode: Check that SSL_ExportKeyingMaterial() is deterministic r=franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D20
| -rw-r--r-- | gtests/ssl_gtest/ssl_fuzz_unittest.cc | 48 | ||||
| -rw-r--r-- | gtests/ssl_gtest/ssl_gtest.gyp | 2 | ||||
| -rw-r--r-- | gtests/ssl_gtest/tls_agent.cc | 6 | ||||
| -rw-r--r-- | gtests/ssl_gtest/tls_agent.h | 1 | ||||
| -rw-r--r-- | gtests/ssl_gtest/tls_connect.cc | 4 | ||||
| -rw-r--r-- | gtests/ssl_gtest/tls_connect.h | 1 |
6 files changed, 61 insertions, 1 deletions
diff --git a/gtests/ssl_gtest/ssl_fuzz_unittest.cc b/gtests/ssl_gtest/ssl_fuzz_unittest.cc index d84fef8ef..722e020e1 100644 --- a/gtests/ssl_gtest/ssl_fuzz_unittest.cc +++ b/gtests/ssl_gtest/ssl_fuzz_unittest.cc @@ -2,8 +2,10 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "blapi.h" #include "ssl.h" #include "sslimpl.h" +#include "tls_connect.h" #include "gtest/gtest.h" @@ -13,6 +15,17 @@ namespace nss_test { class TlsFuzzTest : public ::testing::Test {}; +void ResetState() { + // Clear the list of RSA blinding params. + BL_Cleanup(); + + // Reinit the list of RSA blinding params. + EXPECT_EQ(SECSuccess, BL_Init()); + + // Reset the RNG state. + EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing()); +} + // Ensure that ssl_Time() returns a constant value. TEST_F(TlsFuzzTest, Fuzz_SSL_Time_Constant) { PRInt32 now = ssl_Time(); @@ -20,5 +33,40 @@ TEST_F(TlsFuzzTest, Fuzz_SSL_Time_Constant) { EXPECT_EQ(ssl_Time(), now); } +// Check that due to the deterministic PRNG we derive +// the same master secret in two consecutive TLS sessions. +TEST_P(TlsConnectGeneric, Fuzz_DeterministicExporter) { + const char kLabel[] = "label"; + std::vector<unsigned char> out1(32), out2(32); + + ConfigureSessionCache(RESUME_NONE, RESUME_NONE); + DisableECDHEServerKeyReuse(); + + ResetState(); + Connect(); + + // Export a key derived from the MS and nonces. + SECStatus rv = SSL_ExportKeyingMaterial(client_->ssl_fd(), + kLabel, strlen(kLabel), + false, NULL, 0, + out1.data(), out1.size()); + EXPECT_EQ(SECSuccess, rv); + + Reset(); + ConfigureSessionCache(RESUME_NONE, RESUME_NONE); + DisableECDHEServerKeyReuse(); + + ResetState(); + Connect(); + + // Export another key derived from the MS and nonces. + rv = SSL_ExportKeyingMaterial(client_->ssl_fd(), kLabel, strlen(kLabel), + false, NULL, 0, out2.data(), out2.size()); + EXPECT_EQ(SECSuccess, rv); + + // The two exported keys should be the same. + EXPECT_EQ(out1, out2); +} + #endif } diff --git a/gtests/ssl_gtest/ssl_gtest.gyp b/gtests/ssl_gtest/ssl_gtest.gyp index 1199ee4ae..aa646911d 100644 --- a/gtests/ssl_gtest/ssl_gtest.gyp +++ b/gtests/ssl_gtest/ssl_gtest.gyp @@ -60,7 +60,7 @@ '<(DEPTH)/lib/pki/pki.gyp:nsspki', '<(DEPTH)/lib/dev/dev.gyp:nssdev', '<(DEPTH)/lib/base/base.gyp:nssb', - '<(DEPTH)/lib/freebl/freebl.gyp:freebl', + '<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)', '<(DEPTH)/lib/nss/nss.gyp:nss_static', '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap', '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc index 53ead7e5b..d7c9858db 100644 --- a/gtests/ssl_gtest/tls_agent.cc +++ b/gtests/ssl_gtest/tls_agent.cc @@ -819,6 +819,12 @@ void TlsAgent::ConfigureSessionCache(SessionResumptionMode mode) { EXPECT_EQ(SECSuccess, rv); } +void TlsAgent::DisableECDHEServerKeyReuse() { + ASSERT_EQ(TlsAgent::SERVER, role_); + SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE); + EXPECT_EQ(SECSuccess, rv); +} + static const std::string kTlsRolesAllArr[] = {"CLIENT", "SERVER"}; ::testing::internal::ParamGenerator<std::string> TlsAgentTestBase::kTlsRolesAll = ::testing::ValuesIn(kTlsRolesAllArr); diff --git a/gtests/ssl_gtest/tls_agent.h b/gtests/ssl_gtest/tls_agent.h index 707cb8db0..e4d785bec 100644 --- a/gtests/ssl_gtest/tls_agent.h +++ b/gtests/ssl_gtest/tls_agent.h @@ -150,6 +150,7 @@ class TlsAgent : public PollTarget { void SetDowngradeCheckVersion(uint16_t version); void CheckSecretsDestroyed(); void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups); + void DisableECDHEServerKeyReuse(); const std::string& name() const { return name_; } diff --git a/gtests/ssl_gtest/tls_connect.cc b/gtests/ssl_gtest/tls_connect.cc index 30df367ca..73ff92da0 100644 --- a/gtests/ssl_gtest/tls_connect.cc +++ b/gtests/ssl_gtest/tls_connect.cc @@ -595,6 +595,10 @@ void TlsConnectTestBase::CheckEarlyDataAccepted() { server_->CheckEarlyDataAccepted(expect_early_data_accepted_); } +void TlsConnectTestBase::DisableECDHEServerKeyReuse() { + server_->DisableECDHEServerKeyReuse(); +} + TlsConnectGeneric::TlsConnectGeneric() : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {} diff --git a/gtests/ssl_gtest/tls_connect.h b/gtests/ssl_gtest/tls_connect.h index efeb73c70..2615c9f4b 100644 --- a/gtests/ssl_gtest/tls_connect.h +++ b/gtests/ssl_gtest/tls_connect.h @@ -107,6 +107,7 @@ class TlsConnectTestBase : public ::testing::Test { void Receive(size_t amount); void ExpectExtendedMasterSecret(bool expected); void ExpectEarlyDataAccepted(bool expected); + void DisableECDHEServerKeyReuse(); protected: Mode mode_; |