diff options
author | EKR <ekr@rtfm.com> | 2018-06-02 11:10:37 -0700 |
---|---|---|
committer | EKR <ekr@rtfm.com> | 2018-06-02 11:10:37 -0700 |
commit | 3a0f03d7d95453adf56a43caf0e0b893a1516467 (patch) | |
tree | a3715e608b383178e8ebbe0e077d3cd1aaa4d135 | |
parent | 1ee76b91c89ce6e6166d3631e07d23e836e9dc26 (diff) | |
download | nss-hg-3a0f03d7d95453adf56a43caf0e0b893a1516467.tar.gz |
Bug 1466365 - Add a missing test for MAC failure. r=mt
Reviewers: mt
Tags: #secure-revision
Differential Revision: https://phabricator.services.mozilla.com/D1517
-rw-r--r-- | gtests/ssl_gtest/ssl_record_unittest.cc | 19 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_filter.h | 16 |
2 files changed, 35 insertions, 0 deletions
diff --git a/gtests/ssl_gtest/ssl_record_unittest.cc b/gtests/ssl_gtest/ssl_record_unittest.cc index 4c33c1936..53b11c61a 100644 --- a/gtests/ssl_gtest/ssl_record_unittest.cc +++ b/gtests/ssl_gtest/ssl_record_unittest.cc @@ -126,6 +126,25 @@ class RecordReplacer : public TlsRecordFilter { size_t size_; }; +TEST_P(TlsConnectStream, BadRecordMac) { + EnsureTlsSetup(); + Connect(); + client_->SetFilter(std::make_shared<TlsRecordLastByteDamager>(client_)); + ExpectAlert(server_, kTlsAlertBadRecordMac); + client_->SendData(10); + + // Read from the client, get error. + uint8_t buf[10]; + PRInt32 rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf)); + EXPECT_GT(0, rv); + EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, PORT_GetError()); + + // Read the server alert. + rv = PR_Read(client_->ssl_fd(), buf, sizeof(buf)); + EXPECT_GT(0, rv); + EXPECT_EQ(SSL_ERROR_BAD_MAC_ALERT, PORT_GetError()); +} + TEST_F(TlsConnectStreamTls13, LargeRecord) { EnsureTlsSetup(); diff --git a/gtests/ssl_gtest/tls_filter.h b/gtests/ssl_gtest/tls_filter.h index 80c60b42f..effda4aa0 100644 --- a/gtests/ssl_gtest/tls_filter.h +++ b/gtests/ssl_gtest/tls_filter.h @@ -507,6 +507,22 @@ class TlsClientHelloVersionChanger : public TlsHandshakeFilter { std::weak_ptr<TlsAgent> server_; }; +// Damage a record. +class TlsRecordLastByteDamager : public TlsRecordFilter { + public: + TlsRecordLastByteDamager(const std::shared_ptr<TlsAgent>& a) + : TlsRecordFilter(a) {} + + protected: + PacketFilter::Action FilterRecord(const TlsRecordHeader& header, + const DataBuffer& data, + DataBuffer* changed) override { + *changed = data; + changed->data()[changed->len() - 1]++; + return CHANGE; + } +}; + // This class selectively drops complete writes. This relies on the fact that // writes in libssl are on record boundaries. class SelectiveDropFilter : public PacketFilter { |