summaryrefslogtreecommitdiff
path: root/gtests/ssl_gtest/tls_protect.cc
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1608892 - Update DTLS 1.3 to draft-34 r=mtKevin Jacobs2020-02-271-7/+9
| | | | | | | | | | | | | This patch updates the DTLS 1.3 implementation to draft-34. Notable changes: 1) Key separation via `ssl_protocol_variant`. 2) No longer apply sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed removal of workarounds for unpadded (<16B) ciphertexts being used as input to `SSL_CreateMask`. 3) Compile ssl_gtests in `UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all gtests are compiled this way if `--fuzz`, but lib/ssl only if `--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode, but not lib/ssl, since the masking mismatch will break filters). 4) Parameterize masking tests, as appropriate. 5) Reject non-empty legacy_cookie, and test. 6) Reject ciphertexts <16B in length in `dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`). Differential Revision: https://phabricator.services.mozilla.com/D62488
* Bug 1599514 - Update DTLS 1.3 support to draft-30 r=mtKevin Jacobs2020-01-061-24/+65
| | | | | | | | This patch updates the DTLS 1.3 implementation to draft version 30, including unified header format and sequence number encryption. Also added are new `SSL_CreateMask` experimental functions. Differential Revision: https://phabricator.services.mozilla.com/D51014
* Bug 1528175 - Include version in SSL_MakeAead arguments, r=ekrMartin Thomson2019-02-211-1/+3
| | | | | | | | | | | | | | | Summary: We should really include version with the ciphersuite in case we decide to reuse the ciphersuite definitions for TLS 1.4, but also change the way they operate. I also included a fixup for the clang4 build error from the last set. Reviewers: ekr Tags: #secure-revision Bug #: 1528175 Differential Revision: https://phabricator.services.mozilla.com/D20761
* Bug 1528175 - Expose an AEAD function, r=ekrMartin Thomson2019-02-171-135/+19
|
* Bug 1471126 - Provide extra information needed to use record layer ↵Martin Thomson2018-10-231-42/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | separation, r=ekr This started as an attempt to remove the cipher spec update callback we use for testing. Using the new, public secrets interface should be better for that. In doing so, it became apparent that we needed more interfaces to NSS to support the use of these secrets. In particular: 1. We need to know what the KDF hash function is for a given cipher suite. This allows users of the secret to use the right hash function. 2. We need to know what cipher spec was picked when sending 0-RTT. NSS currently doesn't expose that information. (When receiving 0-RTT you can safely assume that the negotiated cipher suite is good to use.) 3. We need to know what epoch NSS is currently using. Otherwise, we can't be sure which epoch to feed it. Data from a good epoch is saved, whereas data from a bad epoch is lost, so applications need to know. So this patch adds these functions to the appropriate info functions and uses that information in tests to remove and re-add protection. The test changes are considerable. The main effect of the changes is to rely on the new functions for managing secrets, rather than the old interface. But with the changes in the other CLs for this bug, secrets appear before they are used, which complicates things considerably. For that, I've moved more logic into the TlsCipherSpec class, which now tracks per-epoch state, like sequence numbers and record drops. Trial decryption (yep) is used to identify the right cipher spec every time when decrypting, so tests are no longer tolerant of failures to decrypt. It's no longer possible to have a test enable decryption and pass when decryption fails; this is particularly true for some parameterized tests that assumed it was OK to enable decryption even for TLS 1.2 and earlier.
* Bug 1446643 - Update to TLS 1.3 draft-26. r=mtEKR2018-03-151-12/+19
| | | | | | | | | | | | | - Update version number - Forbid negotiating < TLS 1.3 with supported_versions - Change to version number 0303 after HRR. Plus test - Update AAD. https://phabricator.services.mozilla.com/D753
* Bug 1309068 - Enable -Wshadow, r=franziskusMartin Thomson2018-02-141-2/+2
|
* Bug 1316231 - DTLS 1.3 ACKs. r=mtEKR2017-09-041-3/+3
|
* Bug 1320962 - Add decryption and reencryption to TLS 1.3 gtests. r=mtEKR2016-11-161-0/+145
Differential Revision: https://nss-review.dev.mozaws.net/D92