ssl_gather_unittest.cc

Enable keyboard shortcuts

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

/* vim: set ts=2 et sw=2 tw=80: */

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this file,

 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "gtest_utils.h"

#include "tls_connect.h"

namespace nss_test {

class GatherV2ClientHelloTest : public TlsConnectTestBase {

 public:

  GatherV2ClientHelloTest() : TlsConnectTestBase(ssl_variant_stream, 0) {}

  void ConnectExpectMalformedClientHello(const DataBuffer &data) {

    EnsureTlsSetup();

    server_->SetOption(SSL_ENABLE_V2_COMPATIBLE_HELLO, PR_TRUE);

    server_->ExpectSendAlert(kTlsAlertIllegalParameter);

    client_->SendDirect(data);

    server_->StartConnect();

    server_->Handshake();

    ASSERT_TRUE_WAIT(

        (server_->error_code() == SSL_ERROR_RX_MALFORMED_CLIENT_HELLO), 2000);

};

// Gather a 5-byte v3 record, with a fragment length exceeding the maximum.

TEST_F(TlsConnectTest, GatherExcessiveV3Record) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0x16, 1);                            // handshake

  idx = buffer.Write(idx, 0x0301, 2);                          // record_version

  (void)buffer.Write(idx, MAX_FRAGMENT_LENGTH + 2048 + 1, 2);  // length=max+1

  EnsureTlsSetup();

  server_->ExpectSendAlert(kTlsAlertRecordOverflow);

  client_->SendDirect(buffer);

  server_->StartConnect();

  server_->Handshake();

  ASSERT_TRUE_WAIT((server_->error_code() == SSL_ERROR_RX_RECORD_TOO_LONG),

                   2000);

// Gather a 3-byte v2 header, with a fragment length of 2.

TEST_F(GatherV2ClientHelloTest, GatherV2RecordLongHeader) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0x0002, 2);  // length=2 (long header)

  idx = buffer.Write(idx, 0U, 1);      // padding=0

  (void)buffer.Write(idx, 0U, 2);      // data

  ConnectExpectMalformedClientHello(buffer);

// Gather a 3-byte v2 header, with a fragment length of 1.

TEST_F(GatherV2ClientHelloTest, GatherV2RecordLongHeader2) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0x0001, 2);  // length=1 (long header)

  idx = buffer.Write(idx, 0U, 1);      // padding=0

  idx = buffer.Write(idx, 0U, 1);      // data

  (void)buffer.Write(idx, 0U, 1);      // surplus (need 5 bytes total)

  ConnectExpectMalformedClientHello(buffer);

// Gather a 3-byte v2 header, with a zero fragment length.

TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordLongHeader) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0U, 2);  // length=0 (long header)

  idx = buffer.Write(idx, 0U, 1);  // padding=0

  (void)buffer.Write(idx, 0U, 2);  // surplus (need 5 bytes total)

  ConnectExpectMalformedClientHello(buffer);

// Gather a 2-byte v2 header, with a fragment length of 3.

TEST_F(GatherV2ClientHelloTest, GatherV2RecordShortHeader) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0x8003, 2);  // length=3 (short header)

  (void)buffer.Write(idx, 0U, 3);      // data

  ConnectExpectMalformedClientHello(buffer);

// Gather a 2-byte v2 header, with a fragment length of 2.

TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordShortHeader2) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0x8002, 2);  // length=2 (short header)

  idx = buffer.Write(idx, 0U, 2);      // data

  (void)buffer.Write(idx, 0U, 1);      // surplus (need 5 bytes total)

  ConnectExpectMalformedClientHello(buffer);

// Gather a 2-byte v2 header, with a fragment length of 1.

TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordShortHeader3) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0x8001, 2);  // length=1 (short header)

  idx = buffer.Write(idx, 0U, 1);      // data

  (void)buffer.Write(idx, 0U, 2);      // surplus (need 5 bytes total)

  ConnectExpectMalformedClientHello(buffer);

// Gather a 2-byte v2 header, with a zero fragment length.

TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordShortHeader) {

  DataBuffer buffer;

  size_t idx = 0;

  idx = buffer.Write(idx, 0x8000, 2);  // length=0 (short header)

  (void)buffer.Write(idx, 0U, 3);      // surplus (need 5 bytes total)

  ConnectExpectMalformedClientHello(buffer);

/* Test correct gather buffer clearing/freeing and (re-)allocation.

 * Freeing and (re-)allocation of the gather buffers after reception of single

 * records is only done in DEBUG builds. Normally they are created and

 * destroyed with the SSL socket.

 * TLS 1.0 record splitting leads to implicit complete read of the data.

 * The NSS DTLS impelmentation does not allow partial reads

 * (see sslsecur.c, line 535-543). */

TEST_P(TlsConnectStream, GatherBufferPartialReadTest) {

  EnsureTlsSetup();

  Connect();

  client_->SendData(1000);

  if (version_ > SSL_LIBRARY_VERSION_TLS_1_0) {

    for (unsigned i = 1; i <= 20; i++) {

      server_->ReadBytes(50);

      ASSERT_EQ(server_->received_bytes(), 50U * i);

  } else {

    server_->ReadBytes(50);

    ASSERT_EQ(server_->received_bytes(), 1000U);

}  // namespace nss_test