diff options
Diffstat (limited to 'gtests/ssl_gtest')
-rw-r--r-- | gtests/ssl_gtest/libssl_internals.c | 21 | ||||
-rw-r--r-- | gtests/ssl_gtest/libssl_internals.h | 1 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_connect.cc | 15 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_connect.h | 10 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_ech_unittest.cc | 319 |
5 files changed, 182 insertions, 184 deletions
diff --git a/gtests/ssl_gtest/libssl_internals.c b/gtests/ssl_gtest/libssl_internals.c index db0c9e86b..b6a2bd3be 100644 --- a/gtests/ssl_gtest/libssl_internals.c +++ b/gtests/ssl_gtest/libssl_internals.c @@ -497,24 +497,3 @@ SECStatus SSLInt_SetRawEchConfigForRetry(PRFileDesc *fd, const uint8_t *buf, PORT_Memcpy(cfg->raw.data, buf, len); return SECSuccess; } - -// Zero the echConfig.config_id for all configured echConfigs. -// This mimics a collision on the 8B config ID so that we can -// test trial decryption. -SECStatus SSLInt_ZeroEchConfigIds(PRFileDesc *fd) { - if (!fd) { - return SECFailure; - } - sslSocket *ss = ssl_FindSocket(fd); - if (!ss) { - return SECFailure; - } - - for (PRCList *cur_p = PR_LIST_HEAD(&ss->echConfigs); cur_p != &ss->echConfigs; - cur_p = PR_NEXT_LINK(cur_p)) { - PORT_Memset(((sslEchConfig *)cur_p)->configId, 0, - sizeof(((sslEchConfig *)cur_p)->configId)); - } - - return SECSuccess; -} diff --git a/gtests/ssl_gtest/libssl_internals.h b/gtests/ssl_gtest/libssl_internals.h index 372f254d6..c21c4a7da 100644 --- a/gtests/ssl_gtest/libssl_internals.h +++ b/gtests/ssl_gtest/libssl_internals.h @@ -51,5 +51,4 @@ SECStatus SSLInt_SetDCAdvertisedSigSchemes(PRFileDesc *fd, SECStatus SSLInt_RemoveServerCertificates(PRFileDesc *fd); SECStatus SSLInt_SetRawEchConfigForRetry(PRFileDesc *fd, const uint8_t *buf, size_t len); -SECStatus SSLInt_ZeroEchConfigIds(PRFileDesc *fd); #endif // ifndef libssl_internals_h_ diff --git a/gtests/ssl_gtest/tls_connect.cc b/gtests/ssl_gtest/tls_connect.cc index 6456bff56..b5438f793 100644 --- a/gtests/ssl_gtest/tls_connect.cc +++ b/gtests/ssl_gtest/tls_connect.cc @@ -262,7 +262,7 @@ void TlsConnectTestBase::MakeEcKeyParams(SECItem* params, SSLNamedGroup group) { } void TlsConnectTestBase::GenerateEchConfig( - HpkeKemId kem_id, const std::vector<uint32_t>& cipher_suites, + HpkeKemId kem_id, const std::vector<HpkeSymmetricSuite>& cipher_suites, const std::string& public_name, uint16_t max_name_len, DataBuffer& record, ScopedSECKEYPublicKey& pubKey, ScopedSECKEYPrivateKey& privKey) { bool gen_keys = !pubKey && !privKey; @@ -282,9 +282,9 @@ void TlsConnectTestBase::GenerateEchConfig( SECITEM_FreeItem(&ecParams, PR_FALSE); PRUint8 encoded[1024]; unsigned int encoded_len = 0; - SECStatus rv = SSL_EncodeEchConfig( - public_name.c_str(), cipher_suites.data(), cipher_suites.size(), kem_id, - pub, max_name_len, encoded, &encoded_len, sizeof(encoded)); + SECStatus rv = SSL_EncodeEchConfigId( + 77, public_name.c_str(), max_name_len, kem_id, pub, cipher_suites.data(), + cipher_suites.size(), encoded, &encoded_len, sizeof(encoded)); EXPECT_EQ(SECSuccess, rv); EXPECT_GT(encoded_len, 0U); @@ -305,10 +305,9 @@ void TlsConnectTestBase::SetupEch(std::shared_ptr<TlsAgent>& client, ScopedSECKEYPublicKey pub; ScopedSECKEYPrivateKey priv; DataBuffer record; - static const std::vector<uint32_t> kDefaultSuites = { - (static_cast<uint16_t>(HpkeKdfHkdfSha256) << 16) | - HpkeAeadChaCha20Poly1305, - (static_cast<uint16_t>(HpkeKdfHkdfSha256) << 16) | HpkeAeadAes128Gcm}; + static const std::vector<HpkeSymmetricSuite> kDefaultSuites = { + {HpkeKdfHkdfSha256, HpkeAeadChaCha20Poly1305}, + {HpkeKdfHkdfSha256, HpkeAeadAes128Gcm}}; GenerateEchConfig(kem_id, kDefaultSuites, "public.name", 100, record, pub, priv); diff --git a/gtests/ssl_gtest/tls_connect.h b/gtests/ssl_gtest/tls_connect.h index 6acb80977..a44846bcf 100644 --- a/gtests/ssl_gtest/tls_connect.h +++ b/gtests/ssl_gtest/tls_connect.h @@ -147,12 +147,10 @@ class TlsConnectTestBase : public ::testing::Test { void RestoreAlgorithmPolicy(); static void MakeEcKeyParams(SECItem* params, SSLNamedGroup group); - static void GenerateEchConfig(HpkeKemId kem_id, - const std::vector<uint32_t>& cipher_suites, - const std::string& public_name, - uint16_t max_name_len, DataBuffer& record, - ScopedSECKEYPublicKey& pubKey, - ScopedSECKEYPrivateKey& privKey); + static void GenerateEchConfig( + HpkeKemId kem_id, const std::vector<HpkeSymmetricSuite>& cipher_suites, + const std::string& public_name, uint16_t max_name_len, DataBuffer& record, + ScopedSECKEYPublicKey& pubKey, ScopedSECKEYPrivateKey& privKey); void SetupEch(std::shared_ptr<TlsAgent>& client, std::shared_ptr<TlsAgent>& server, HpkeKemId kem_id = HpkeDhKemX25519Sha256, diff --git a/gtests/ssl_gtest/tls_ech_unittest.cc b/gtests/ssl_gtest/tls_ech_unittest.cc index f78bfe377..9d082c6f5 100644 --- a/gtests/ssl_gtest/tls_ech_unittest.cc +++ b/gtests/ssl_gtest/tls_ech_unittest.cc @@ -35,18 +35,18 @@ class TlsAgentEchTest : public TlsAgentTestClient13 { static std::string kPublicName("public.name"); -static const std::vector<uint32_t> kDefaultSuites = { - (static_cast<uint32_t>(HpkeKdfHkdfSha256) << 16) | HpkeAeadChaCha20Poly1305, - (static_cast<uint32_t>(HpkeKdfHkdfSha256) << 16) | HpkeAeadAes128Gcm}; -static const std::vector<uint32_t> kSuiteChaCha = { - (static_cast<uint32_t>(HpkeKdfHkdfSha256) << 16) | - HpkeAeadChaCha20Poly1305}; -static const std::vector<uint32_t> kSuiteAes = { - (static_cast<uint32_t>(HpkeKdfHkdfSha256) << 16) | HpkeAeadAes128Gcm}; -std::vector<uint32_t> kBogusSuite = {0xfefefefe}; -static const std::vector<uint32_t> kUnknownFirstSuite = { - 0xfefefefe, - (static_cast<uint32_t>(HpkeKdfHkdfSha256) << 16) | HpkeAeadAes128Gcm}; +static const std::vector<HpkeSymmetricSuite> kDefaultSuites = { + {HpkeKdfHkdfSha256, HpkeAeadChaCha20Poly1305}, + {HpkeKdfHkdfSha256, HpkeAeadAes128Gcm}}; +static const std::vector<HpkeSymmetricSuite> kSuiteChaCha = { + {HpkeKdfHkdfSha256, HpkeAeadChaCha20Poly1305}}; +static const std::vector<HpkeSymmetricSuite> kSuiteAes = { + {HpkeKdfHkdfSha256, HpkeAeadAes128Gcm}}; +std::vector<HpkeSymmetricSuite> kBogusSuite = { + {static_cast<HpkeKdfId>(0xfefe), static_cast<HpkeAeadId>(0xfefe)}}; +static const std::vector<HpkeSymmetricSuite> kUnknownFirstSuite = { + {static_cast<HpkeKdfId>(0xfefe), static_cast<HpkeAeadId>(0xfefe)}, + {HpkeKdfHkdfSha256, HpkeAeadAes128Gcm}}; class TlsConnectStreamTls13Ech : public TlsConnectTestBase { public: @@ -149,7 +149,7 @@ class TlsConnectStreamTls13Ech : public TlsConnectTestBase { ADD_FAILURE() << "No slot"; return; } - std::vector<uint8_t> pkcs8_r = hex_string_to_bytes(kFixedServerPubkey); + std::vector<uint8_t> pkcs8_r = hex_string_to_bytes(kFixedServerKey); SECItem pkcs8_r_item = {siBuffer, toUcharPtr(pkcs8_r.data()), static_cast<unsigned int>(pkcs8_r.size())}; @@ -163,18 +163,6 @@ class TlsConnectStreamTls13Ech : public TlsConnectTestBase { ASSERT_NE(nullptr, tmp_pub); } - private: - // Testing certan invalid CHInner configurations is tricky, particularly - // since the CHOuter forms AAD and isn't available in filters. Instead of - // generating these inputs on the fly, use a fixed server keypair so that - // the input can be generated once (e.g. via a debugger) and replayed in - // each invocation of the test. - std::string kFixedServerPubkey = - "3067020100301406072a8648ce3d020106092b06010401da470f01044c304a" - "02010104205a8aa0d2476b28521588e0c704b14db82cdd4970d340d293a957" - "6deaee9ec1c7a1230321008756e2580c07c1d2ffcb662f5fadc6d6ff13da85" - "abd7adfecf984aaa102c1269"; - void SetMutualEchConfigs(ScopedSECKEYPublicKey& pub, ScopedSECKEYPrivateKey& priv) { DataBuffer echconfig; @@ -188,6 +176,18 @@ class TlsConnectStreamTls13Ech : public TlsConnectTestBase { SSL_SetClientEchConfigs(client_->ssl_fd(), echconfig.data(), echconfig.len())); } + + private: + // Testing certan invalid CHInner configurations is tricky, particularly + // since the CHOuter forms AAD and isn't available in filters. Instead of + // generating these inputs on the fly, use a fixed server keypair so that + // the input can be generated once (e.g. via a debugger) and replayed in + // each invocation of the test. + std::string kFixedServerKey = + "3067020100301406072a8648ce3d020106092b06010401da470f01044c304a" + "02010104205a8aa0d2476b28521588e0c704b14db82cdd4970d340d293a957" + "6deaee9ec1c7a1230321008756e2580c07c1d2ffcb662f5fadc6d6ff13da85" + "abd7adfecf984aaa102c1269"; }; static void CheckCertVerifyPublicName(TlsAgent* agent) { @@ -225,10 +225,10 @@ TEST_P(TlsAgentEchTest, EchConfigsSupportedYesNo) { // ECHConfig 2 cipher_suites are unsupported. const std::string mixed = - "0086FE09003F000B7075626C69632E6E616D6500203BB6D46C201B820F1AE4AFD4DEC304" - "444156E4E04D1BF0FFDA7783B6B457F75600200008000100030001000100640000FE0900" - "3F000B7075626C69632E6E616D6500203BB6D46C201B820F1AE4AFD4DEC304444156E4E0" - "4D1BF0FFDA7783B6B457F756002000080001FFFFFFFF000100640000"; + "0088FE0A004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA" + "7783B6B457F756000800010003000100010064000B7075626C69632E6E616D650000FE0A" + "004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA7783B6B4" + "57F75600080001FFFFFFFF00010064000B7075626C69632E6E616D650000"; std::vector<uint8_t> config = hex_string_to_bytes(mixed); DataBuffer echconfig(config.data(), config.size()); @@ -250,10 +250,10 @@ TEST_P(TlsAgentEchTest, EchConfigsSupportedNoYes) { // ECHConfig 1 cipher_suites are unsupported. const std::string mixed = - "0086FE09003F000B7075626C69632E6E616D6500203BB6D46C201B820F1AE4AFD4DEC304" - "444156E4E04D1BF0FFDA7783B6B457F756002000080001FFFFFFFF000100640000FE0900" - "3F000B7075626C69632E6E616D6500203BB6D46C201B820F1AE4AFD4DEC304444156E4E0" - "4D1BF0FFDA7783B6B457F75600200008000100030001000100640000"; + "0088FE0A004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA" + "7783B6B457F75600080001FFFFFFFF00010064000B7075626C69632E6E616D650000FE0A" + "004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA7783B6B4" + "57F756000800010003000100010064000B7075626C69632E6E616D650000"; std::vector<uint8_t> config = hex_string_to_bytes(mixed); DataBuffer echconfig(config.data(), config.size()); @@ -275,10 +275,10 @@ TEST_P(TlsAgentEchTest, EchConfigsSupportedNoNo) { // ECHConfig 1 and 2 cipher_suites are unsupported. const std::string unsupported = - "0086FE09003F000B7075626C69632E6E616D6500203BB6D46C201B820F1AE4AFD4DEC304" - "444156E4E04D1BF0FFDA7783B6B457F756002000080001FFFF0001FFFF00640000FE0900" - "3F000B7075626C69632E6E616D6500203BB6D46C201B820F1AE4AFD4DEC304444156E4E0" - "4D1BF0FFDA7783B6B457F75600200008FFFF0003FFFF000100640000"; + "0088FE0A004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA" + "7783B6B457F75600080001FFFF0001FFFF0064000B7075626C69632E6E616D650000FE0A" + "004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA7783B6B4" + "57F7560008FFFF0003FFFF00010064000B7075626C69632E6E616D650000"; std::vector<uint8_t> config = hex_string_to_bytes(unsupported); DataBuffer echconfig(config.data(), config.size()); @@ -354,7 +354,7 @@ TEST_P(TlsAgentEchTest, UnsupportedHpkeKem) { ScopedSECKEYPublicKey pub; ScopedSECKEYPrivateKey priv; DataBuffer echconfig; - // SSL_EncodeEchConfig encodes without validation. + // SSL_EncodeEchConfigId encodes without validation. TlsConnectTestBase::GenerateEchConfig(static_cast<HpkeKemId>(0xff), kDefaultSuites, kPublicName, 100, echconfig, pub, priv); @@ -451,50 +451,50 @@ TEST_P(TlsAgentEchTest, ApiInvalidArgs) { // GetRetries EXPECT_EQ(SECFailure, SSL_GetEchRetryConfigs(agent_->ssl_fd(), nullptr)); - // EncodeEchConfig + // EncodeEchConfigId EXPECT_EQ(SECFailure, - SSL_EncodeEchConfig(nullptr, reinterpret_cast<uint32_t*>(1), 1, - static_cast<HpkeKemId>(1), - reinterpret_cast<SECKEYPublicKey*>(1), 1, - reinterpret_cast<uint8_t*>(1), - reinterpret_cast<uint32_t*>(1), 1)); + SSL_EncodeEchConfigId(0, nullptr, 1, static_cast<HpkeKemId>(1), + reinterpret_cast<SECKEYPublicKey*>(1), + reinterpret_cast<HpkeSymmetricSuite*>(1), 1, + reinterpret_cast<uint8_t*>(1), + reinterpret_cast<unsigned int*>(1), 1)); EXPECT_EQ(SECFailure, - SSL_EncodeEchConfig("name", nullptr, 1, static_cast<HpkeKemId>(1), - reinterpret_cast<SECKEYPublicKey*>(1), 1, - reinterpret_cast<uint8_t*>(1), - reinterpret_cast<uint32_t*>(1), 1)); - EXPECT_EQ(SECFailure, - SSL_EncodeEchConfig("name", reinterpret_cast<uint32_t*>(1), 0, - static_cast<HpkeKemId>(1), - reinterpret_cast<SECKEYPublicKey*>(1), 1, - reinterpret_cast<uint8_t*>(1), - reinterpret_cast<uint32_t*>(1), 1)); - + SSL_EncodeEchConfigId(0, "name", 1, static_cast<HpkeKemId>(1), + reinterpret_cast<SECKEYPublicKey*>(1), + nullptr, 1, reinterpret_cast<uint8_t*>(1), + reinterpret_cast<unsigned int*>(1), 1)); EXPECT_EQ(SECFailure, - SSL_EncodeEchConfig("name", reinterpret_cast<uint32_t*>(1), 1, - static_cast<HpkeKemId>(1), nullptr, 1, - reinterpret_cast<uint8_t*>(1), - reinterpret_cast<uint32_t*>(1), 1)); + SSL_EncodeEchConfigId(0, "name", 1, static_cast<HpkeKemId>(1), + reinterpret_cast<SECKEYPublicKey*>(1), + reinterpret_cast<HpkeSymmetricSuite*>(1), 0, + reinterpret_cast<uint8_t*>(1), + reinterpret_cast<unsigned int*>(1), 1)); + + EXPECT_EQ(SECFailure, SSL_EncodeEchConfigId( + 0, "name", 1, static_cast<HpkeKemId>(1), nullptr, + reinterpret_cast<HpkeSymmetricSuite*>(1), 1, + reinterpret_cast<uint8_t*>(1), + reinterpret_cast<unsigned int*>(1), 1)); EXPECT_EQ(SECFailure, - SSL_EncodeEchConfig(nullptr, reinterpret_cast<uint32_t*>(1), 1, - static_cast<HpkeKemId>(1), - reinterpret_cast<SECKEYPublicKey*>(1), 0, - reinterpret_cast<uint8_t*>(1), - reinterpret_cast<uint32_t*>(1), 1)); + SSL_EncodeEchConfigId(0, nullptr, 0, static_cast<HpkeKemId>(1), + reinterpret_cast<SECKEYPublicKey*>(1), + reinterpret_cast<HpkeSymmetricSuite*>(1), 1, + reinterpret_cast<uint8_t*>(1), + reinterpret_cast<unsigned int*>(1), 1)); + + EXPECT_EQ(SECFailure, SSL_EncodeEchConfigId( + 0, "name", 1, static_cast<HpkeKemId>(1), + reinterpret_cast<SECKEYPublicKey*>(1), + reinterpret_cast<HpkeSymmetricSuite*>(1), 1, + nullptr, reinterpret_cast<unsigned int*>(1), 1)); EXPECT_EQ(SECFailure, - SSL_EncodeEchConfig("name", reinterpret_cast<uint32_t*>(1), 1, - static_cast<HpkeKemId>(1), - reinterpret_cast<SECKEYPublicKey*>(1), 1, - nullptr, reinterpret_cast<uint32_t*>(1), 1)); - - EXPECT_EQ(SECFailure, - SSL_EncodeEchConfig("name", reinterpret_cast<uint32_t*>(1), 1, - static_cast<HpkeKemId>(1), - reinterpret_cast<SECKEYPublicKey*>(1), 1, - reinterpret_cast<uint8_t*>(1), nullptr, 1)); + SSL_EncodeEchConfigId(0, "name", 1, static_cast<HpkeKemId>(1), + reinterpret_cast<SECKEYPublicKey*>(1), + reinterpret_cast<HpkeSymmetricSuite*>(1), 1, + reinterpret_cast<uint8_t*>(1), nullptr, 1)); } TEST_P(TlsAgentEchTest, NoEarlyRetryConfigs) { @@ -583,21 +583,45 @@ TEST_P(TlsAgentEchTest, EchConfigDuplicateExtensions) { ASSERT_FALSE(filter->captured()); } +TEST_F(TlsConnectStreamTls13Ech, EchFixedConfig) { + ScopedSECKEYPublicKey pub; + ScopedSECKEYPrivateKey priv; + EnsureTlsSetup(); + ImportFixedEchKeypair(pub, priv); + SetMutualEchConfigs(pub, priv); + + client_->ExpectEch(); + server_->ExpectEch(); + Connect(); +} + +// The next set of tests all use a fixed server key and a pre-built ClientHello. +// This ClientHelo can be constructed using the above EchFixedConfig test, +// modifying tls13_ConstructInnerExtensionsFromOuter as indicated. For this +// small number of tests, these fixed values are easier to construct than +// constructing ClientHello in the test that can be successfully decrypted. + // Test an encoded ClientHelloInner containing an extra extensionType // in outer_extensions, for which there is no corresponding (uncompressed) // extension in ClientHelloOuter. TEST_F(TlsConnectStreamTls13Ech, EchOuterExtensionsReferencesMissing) { + // Construct this by prepending 0xabcd to ssl_tls13_outer_extensions_xtn. std::string ch = - "010001580303dfff91b5e1ba00f29d2338419b3abf125ee1051a942ae25163bbf609a1ea" - "11920000061301130313020100012900000010000e00000b7075626c69632e6e616d65ff" + "01000200030341a6813ccf3eefc2deb9c78f7627715ae343f5236e7224f454c723c93e0b" + "d875000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff" "01000100000a00140012001d00170018001901000101010201030104003300260024001d" - "0020d94c1590c261e9ea8ae55bc9581f397cc598115f8b70aec1b0236f4c8c555537002b" + "00200573a70286658ad4bc166d8f5f237f035714ba5ae4e838c077677ccb6d619813002b" "0003020304000d0018001604030503060302030804080508060401050106010201002d00" - "020101001c00024001fe09009b0001000308fde4163c5c6e8bb6002067a895efa2721c88" - "63ecfa1bea1e520ae6f6cf938e3e37802688f7a83a871a04006aa693f053f87db87cf82a" - "7caa20670d79b92ccda97893fdf99352fc766fb3dd5570948311dddb6d41214234fae585" - "e354a048c072b3fb00a0a64e8e089e4a90152ee91a2c5b947c99d3dcebfb6334453b023d" - "4d725010996a290a0552e4b238ec91c21440adc0d51a4435"; + "020101001c00024001001500aa0000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000fe0a0095000100034d00209c68779a77e4bac0e9f39c2974b1900de044ae1510bf" + "d34fb5120a2a9d039607006c76c4571099733157eb8614ef2ad6049372e9fdf740f8ad4f" + "d24723702c9104a38ecc366eea78b0285422b3f119fc057e2282433a74d8c56b2135c785" + "bd5d01f89b2dbb42aa9a609eb1c6dd89252fa04cf8fbc4097e9c85da1e3eeebc188bbe16" + "db1166f6df1a0c7c6e0dce71"; ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter, SSL_ERROR_RX_MALFORMED_ECH_EXTENSION, SSL_ERROR_ILLEGAL_PARAMETER_ALERT); @@ -605,17 +629,23 @@ TEST_F(TlsConnectStreamTls13Ech, EchOuterExtensionsReferencesMissing) { // Drop supported_versions from CHInner, make sure we don't negotiate 1.2+ECH. TEST_F(TlsConnectStreamTls13Ech, EchVersion12Inner) { + // Construct this by removing ssl_tls13_supported_versions_xtn entirely. std::string ch = - "0100015103038fbe6f75b0123116fa5c4eccf0cf26c17ab1ded5529307e419c036ac7e9c" - "e8e30000061301130313020100012200000010000e00000b7075626c69632e6e616d65ff" + "010002000303baf30ea25e5056b659a4d55233922c4ee261a04e6d84c8200713edca2f55" + "d434000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff" "01000100000a00140012001d00170018001901000101010201030104003300260024001d" - "002078d644583b4f056bec4d8ae9bddd383aed6eb7cdb3294f88b0e37a4f26a02549002b" + "002081908a3cf3ed9ebf6d6b1f7082d77bb3bf8ff309c3c1255421720c4172548762002b" "0003020304000d0018001604030503060302030804080508060401050106010201002d00" - "020101001c00024001fe0900940001000308fde4163c5c6e8bb600208958e66d1d4bbd46" - "4792f392e119dbce91ee3e65067899b45c83855dae61e67a00637df038e7b35483786707" - "dd1b25be5cd3dd07f1ca4b33a3595ddb959e5c0da3d2f0b3314417614968691700c05232" - "07c729b34f3b5de62728b3cb6b45b00e6f94b204a9504d0e7e24c66f42aacc73591c86ef" - "571e61cebd6ba671081150a2dae89e7493"; + "020101001c00024001001500b30000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000fe0a008c000100034d0020305bc263a664387b90a6975b2a" + "3aa1e4358e80a8ca0841237035d2475628582d006352a2b49912a61543dfa045c1429582" + "540c8c7019968867fde698eb37667f9aa9c23d02757492a4580fb027bbe4ba7615eea118" + "ad3bf7f02a88f8372cfa01888e7be0c55616f846e902bbdfc7edf56994d6398f5a965d9e" + "c4b1bc7afc580b28b0ac91d8"; ReplayChWithMalformedInner(ch, kTlsAlertProtocolVersion, SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_PROTOCOL_VERSION_ALERT); @@ -623,35 +653,48 @@ TEST_F(TlsConnectStreamTls13Ech, EchVersion12Inner) { // Use CHInner supported_versions to negotiate 1.2. TEST_F(TlsConnectStreamTls13Ech, EchVersion12InnerSupportedVersions) { + // Construct this by changing ssl_tls13_supported_versions_xtn to write + // TLS 1.2 instead of TLS 1.3. std::string ch = - "01000158030378a601a3f12229e53e0b8d92c3599bf1782e8261d2ecaec9bbe595d4c901" - "98770000061301130313020100012900000010000e00000b7075626c69632e6e616d65ff" + "0100020003036c4a7f6f6b5479a5c1f769c7b04c082ba40b514522d193df855df8bea933" + "b565000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff" "01000100000a00140012001d00170018001901000101010201030104003300260024001d" - "00201c8017d6970f3a92ac1c9919c3a26788052f84599fb0c3cb7bd381304148724e002b" + "0020ee721b8fe89260f8987d0d21b628db136c6155793fa63f4f546b244ee5357761002b" "0003020304000d0018001604030503060302030804080508060401050106010201002d00" - "020101001c00024001fe09009b0001000308fde4163c5c6e8bb60020f7347d34f125e866" - "76b1cdc43455c6c00918a3c8a961335e1b9aa864da2b5313006a21e6ad81533e90cea24e" - "c2c3656f6b53114b4c63bf89462696f1c8ad4e1193d87062a5537edbe83c9b35c41e9763" - "1d2333270854758ee02548afb7f2264f904474465415a5085024487f22b017208e250ca4" - "7902d61d98fbd1cb8afc0a14dcd70a68343cf67c258758d9"; + "020101001c00024001001500ac0000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000000fe0a0093000100034d00205de27fe39481bfb370ee8441f12e28296bc5c8fe" + "b6a6198ddc6ab03b2d024638006a9e9f57c3f39c0ad1c3427549a77f301d01d718e09da4" + "5497df178c95fd598bf0c9098d68dfba80a05eeeabc84dc0bb3225cee4a74688d520c632" + "73612f98be847dea4f040a8d9b2b92bb4a44273d0cafafbfe1ee4ed69448bc243b4359c6" + "e1eb3971e125fbfb016245fa"; ReplayChWithMalformedInner(ch, kTlsAlertProtocolVersion, SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_PROTOCOL_VERSION_ALERT); } // Replay a CH for which CHInner lacks the required ech_is_inner extension. -TEST_F(TlsConnectStreamTls13Ech, EchInnerMissingEmptyEch) { +TEST_F(TlsConnectStreamTls13Ech, EchInnerMissing) { + // Construct by omitting ssl_tls13_ech_is_inner_xtn. std::string ch = - "010001540303033b3284790ada882445bfb38b8af3509659033c931e6ae97febbaa62b19" - "b4ac0000061301130313020100012500000010000e00000b7075626c69632e6e616d65ff" + "010002000303912d293136b843248ffeecdde6ef0d5bc5d0adb4d356b985c2fcec8fe2b0" + "8f5d000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff" "01000100000a00140012001d00170018001901000101010201030104003300260024001d" - "00209d1ed410ccb05ce9e424f52b1be3599bcc1efb0913ae14a24d9a69cbfbc39744002b" + "00209222e6b0c672fd1e564fbca5889155e9126e3b006a8ff77ff61898dd56a08429002b" "0003020304000d0018001604030503060302030804080508060401050106010201002d00" - "020101001c00024001fe0900970001000308fde4163c5c6e8bb600206321bdc543a23d47" - "7a7104ba69177cb722927c6c485117df4a077b8e82167f0b0066103d9aac7e5fc4ef990b" - "2ce38593589f7f6ba043847d7db6c9136adb811f63b956d56e6ca8cbe6864e3fc43a3bc5" - "94a332d4d63833e411c89ef14af63b5cd18c7adee99ffd1ad3112449ea18d6650bbaca66" - "528f7e4146fafbf338c27cf89b145a55022b26a3"; + "020101001c00024001001500b00000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000fe0a008f000100034d0020e1bc83c066a251621c4b055779789a2c" + "6ac4b9a3850366b2ea0d32a8e041181c0066a4e9cc6912b8bc6c1b54a2c6c40428ab01a3" + "0e4621ec65320df2beff846a606618429c108fdfe24a6fad5053f53fb36082bf7d80d6f4" + "73131a3d6c04e182595606070ac4e0be078ada56456c02d37a2fee7cb17accd273cbd810" + "30ee0dbe139e51ba1d2a471f"; ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter, SSL_ERROR_MISSING_ECH_EXTENSION, SSL_ERROR_ILLEGAL_PARAMETER_ALERT); @@ -660,17 +703,24 @@ TEST_F(TlsConnectStreamTls13Ech, EchInnerMissingEmptyEch) { // Replay a CH for which CHInner contains both an ECH and ech_is_inner // extension. TEST_F(TlsConnectStreamTls13Ech, InnerWithEchAndEchIsInner) { + // Construct by appending an empty ssl_tls13_encrypted_client_hello_xtn to + // CHInner. std::string ch = - "0100015c030383fb49c98b62bcdf04cbbae418dd684f8f9512f40fca6861ba40555269a9" - "789f0000061301130313020100012d00000010000e00000b7075626c69632e6e616d65ff" + "010002000303b690bc4090ecfd7ad167de639b1d1ea7682588ffefae1164179d370f6cd3" + "0864000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff" "01000100000a00140012001d00170018001901000101010201030104003300260024001d" - "00201e3d35a6755b7dddf7e481359429e9677baaa8dd99569c2bf0b0f7ea56e68b12002b" + "00200c3c15b0e9884d5f593634a168b70a62ae18c8d69a68f8e29c826fbabcd99b22002b" "0003020304000d0018001604030503060302030804080508060401050106010201002d00" - "020101001c00024001fe09009f0001000308fde4163c5c6e8bb6002090110b89c1ba6618" - "942ea7aae8c472c22e97f10bef7dd490bee50cc108082b48006eed016fa2b3e3419cf5ef" - "9b41ab9ecffa84a4b60e2f4cc710cf31c739d1f6f88b48207aaf7ccabdd744a25a8f2a38" - "029d1b133e9d990681cf08c07a255d9242b3a002bc0865935cbb609b2b1996fab0626cb0" - "2ece6544bbde0d3218333ffd95c383a41854b76b1a254bb346a2702b"; + "020101001c00024001001500a80000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "00fe0a0097000100034d0020d46cc9042eff6efee046a5ff653d1b6a60cfd5786afef5ce" + "43300bc515ef5f09006ea6bf626854596df74b2d8f81a479a6d2fef13295a81e0571008a" + "12fc92f82170fdb899cd22ebadc33a3147c2801619f7621ffe8684c96918443e3fbe9b17" + "34fbf678ba0b2abad7ab6b018bccc1034b9537a5d399fdb9a5ccb92360bde4a94a2f2509" + "0e7313dd9254eae3603e1fee"; ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, SSL_ERROR_ILLEGAL_PARAMETER_ALERT); @@ -700,13 +750,13 @@ TEST_F(TlsConnectStreamTls13Ech, EchConfigsTrialDecrypt) { ImportFixedEchKeypair(pub, priv); const std::string two_configs_str = - "007EFE09003B000B7075626C69632E6E616D650020111111111111111111111111111111" - "1111111111111111111111111111111111002000040001000100640000fe09003B000B70" - "75626C69632E6E616D6500208756E2580C07C1D2FFCB662F5FADC6D6FF13DA85ABD7ADFE" - "CF984AAA102C1269002000040001000100640000"; + "0080FE0A003C000020002011111111111111111111111111111111111111111111111111" + "111111111111110004000100010064000B7075626C69632E6E616D650000FE0A003C0000" + "2000208756E2580C07C1D2FFCB662F5FADC6D6FF13DA85ABD7ADFECF984AAA102C126900" + "04000100010064000B7075626C69632E6E616D650000"; const std::string second_config_str = - "003FFE09003B000B7075626C69632E6E616D6500208756E2580C07C1D2FFCB662F5FADC6" - "D6FF13DA85ABD7ADFECF984AAA102C1269002000040001000100640000"; + "0040FE0A003C00002000208756E2580C07C1D2FFCB662F5FADC6D6FF13DA85ABD7ADFECF" + "984AAA102C12690004000100010064000B7075626C69632E6E616D650000"; std::vector<uint8_t> two_configs = hex_string_to_bytes(two_configs_str); std::vector<uint8_t> second_config = hex_string_to_bytes(second_config_str); ASSERT_EQ(SECSuccess, @@ -716,38 +766,11 @@ TEST_F(TlsConnectStreamTls13Ech, EchConfigsTrialDecrypt) { SSL_SetClientEchConfigs(client_->ssl_fd(), second_config.data(), second_config.size())); - ASSERT_EQ(SECSuccess, SSLInt_ZeroEchConfigIds(client_->ssl_fd())); - ASSERT_EQ(SECSuccess, SSLInt_ZeroEchConfigIds(server_->ssl_fd())); client_->ExpectEch(); server_->ExpectEch(); Connect(); } -// An empty config_id should prompt an alert. We don't support -// Optional Configuration Identifiers. -TEST_F(TlsConnectStreamTls13, EchRejectEmptyConfigId) { - static const uint8_t junk[16] = {0}; - DataBuffer junk_buf(junk, sizeof(junk)); - DataBuffer ech_xtn; - ech_xtn.Write(ech_xtn.len(), HpkeKdfHkdfSha256, 2); - ech_xtn.Write(ech_xtn.len(), HpkeAeadAes128Gcm, 2); - ech_xtn.Write(ech_xtn.len(), 0U, 1); // empty config_id - ech_xtn.Write(ech_xtn.len(), junk_buf.len(), 2); // enc - ech_xtn.Append(junk_buf); - ech_xtn.Write(ech_xtn.len(), junk_buf.len(), 2); // payload - ech_xtn.Append(junk_buf); - - EnsureTlsSetup(); - EXPECT_EQ(SECSuccess, SSL_EnableTls13GreaseEch(client_->ssl_fd(), - PR_FALSE)); // Don't GREASE - MakeTlsFilter<TlsExtensionAppender>(client_, kTlsHandshakeClientHello, - ssl_tls13_encrypted_client_hello_xtn, - ech_xtn); - ConnectExpectAlert(server_, kTlsAlertDecodeError); - client_->CheckErrorCode(SSL_ERROR_DECODE_ERROR_ALERT); - server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_ECH_EXTENSION); -} - TEST_F(TlsConnectStreamTls13Ech, EchAcceptBasic) { EnsureTlsSetup(); SetupEch(client_, server_); |