1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include <functional>
8 #include <memory>
9 #include "secerr.h"
10 #include "ssl.h"
11 #include "sslerr.h"
12 #include "sslproto.h"
13
14 extern "C" {
15 // This is not something that should make you happy.
16 #include "libssl_internals.h"
17 }
18
19 #include "gtest_utils.h"
20 #include "tls_connect.h"
21
22 namespace nss_test {
23
24 // 1.3 is disabled in the next few tests because we don't
25 // presently support resumption in 1.3.
TEST_P(TlsConnectStreamPre13,RenegotiateClient)26 TEST_P(TlsConnectStreamPre13, RenegotiateClient) {
27 Connect();
28 server_->PrepareForRenegotiate();
29 client_->StartRenegotiate();
30 Handshake();
31 CheckConnected();
32 }
33
TEST_P(TlsConnectStreamPre13,RenegotiateServer)34 TEST_P(TlsConnectStreamPre13, RenegotiateServer) {
35 Connect();
36 client_->PrepareForRenegotiate();
37 server_->StartRenegotiate();
38 Handshake();
39 CheckConnected();
40 }
41
TEST_P(TlsConnectStreamPre13,RenegotiateRandoms)42 TEST_P(TlsConnectStreamPre13, RenegotiateRandoms) {
43 SSL3Random crand1, crand2, srand1, srand2;
44 Connect();
45 EXPECT_EQ(SECSuccess,
46 SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand1, srand1));
47
48 // Renegotiate and check that both randoms have changed.
49 client_->PrepareForRenegotiate();
50 server_->StartRenegotiate();
51 Handshake();
52 CheckConnected();
53 EXPECT_EQ(SECSuccess,
54 SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand2, srand2));
55
56 EXPECT_NE(0, memcmp(crand1, crand2, sizeof(SSL3Random)));
57 EXPECT_NE(0, memcmp(srand1, srand2, sizeof(SSL3Random)));
58 }
59
60 // The renegotiation options shouldn't cause an error if TLS 1.3 is chosen.
TEST_F(TlsConnectTest,RenegotiationConfigTls13)61 TEST_F(TlsConnectTest, RenegotiationConfigTls13) {
62 EnsureTlsSetup();
63 ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
64 server_->SetOption(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
65 server_->SetOption(SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
66 Connect();
67 SendReceive();
68 CheckKeys();
69 }
70
TEST_P(TlsConnectStream,ConnectTls10AndServerRenegotiateHigher)71 TEST_P(TlsConnectStream, ConnectTls10AndServerRenegotiateHigher) {
72 if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
73 GTEST_SKIP();
74 }
75 // Set the client so it will accept any version from 1.0
76 // to |version_|.
77 client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
78 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
79 SSL_LIBRARY_VERSION_TLS_1_0);
80 // Reset version so that the checks succeed.
81 uint16_t test_version = version_;
82 version_ = SSL_LIBRARY_VERSION_TLS_1_0;
83 Connect();
84
85 // Now renegotiate, with the server being set to do
86 // |version_|.
87 client_->PrepareForRenegotiate();
88 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
89 // Reset version and cipher suite so that the preinfo callback
90 // doesn't fail.
91 server_->ResetPreliminaryInfo();
92 server_->StartRenegotiate();
93
94 if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
95 ExpectAlert(server_, kTlsAlertUnexpectedMessage);
96 } else {
97 ExpectAlert(server_, kTlsAlertProtocolVersion);
98 }
99
100 Handshake();
101 if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
102 // In TLS 1.3, the server detects this problem.
103 client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
104 server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
105 } else {
106 client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
107 server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
108 }
109 }
110
TEST_P(TlsConnectStream,ConnectTls10AndClientRenegotiateHigher)111 TEST_P(TlsConnectStream, ConnectTls10AndClientRenegotiateHigher) {
112 if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
113 GTEST_SKIP();
114 }
115 // Set the client so it will accept any version from 1.0
116 // to |version_|.
117 client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
118 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
119 SSL_LIBRARY_VERSION_TLS_1_0);
120 // Reset version so that the checks succeed.
121 uint16_t test_version = version_;
122 version_ = SSL_LIBRARY_VERSION_TLS_1_0;
123 Connect();
124
125 // Now renegotiate, with the server being set to do
126 // |version_|.
127 server_->PrepareForRenegotiate();
128 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
129 // Reset version and cipher suite so that the preinfo callback
130 // doesn't fail.
131 server_->ResetPreliminaryInfo();
132 client_->StartRenegotiate();
133 if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
134 ExpectAlert(server_, kTlsAlertUnexpectedMessage);
135 } else {
136 ExpectAlert(server_, kTlsAlertProtocolVersion);
137 }
138 Handshake();
139 if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
140 // In TLS 1.3, the server detects this problem.
141 client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
142 server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
143 } else {
144 client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
145 server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
146 }
147 }
148
TEST_P(TlsConnectStream,ConnectAndServerRenegotiateLower)149 TEST_P(TlsConnectStream, ConnectAndServerRenegotiateLower) {
150 if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
151 GTEST_SKIP();
152 }
153 Connect();
154
155 // Now renegotiate with the server set to TLS 1.0.
156 client_->PrepareForRenegotiate();
157 server_->PrepareForRenegotiate();
158 client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
159 // Reset version and cipher suite so that the preinfo callback
160 // doesn't fail.
161 server_->ResetPreliminaryInfo();
162
163 SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
164 if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
165 EXPECT_EQ(SECFailure, rv);
166 return;
167 }
168 ASSERT_EQ(SECSuccess, rv);
169
170 // Now, before handshaking, tweak the server configuration.
171 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
172 SSL_LIBRARY_VERSION_TLS_1_0);
173
174 // The server should catch the own error.
175 ExpectAlert(server_, kTlsAlertProtocolVersion);
176
177 Handshake();
178 client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
179 server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
180 }
181
TEST_P(TlsConnectStream,ConnectAndServerWontRenegotiateLower)182 TEST_P(TlsConnectStream, ConnectAndServerWontRenegotiateLower) {
183 if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
184 GTEST_SKIP();
185 }
186 Connect();
187
188 // Now renegotiate with the server set to TLS 1.0.
189 client_->PrepareForRenegotiate();
190 server_->PrepareForRenegotiate();
191 client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
192 server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
193 SSL_LIBRARY_VERSION_TLS_1_0);
194 // Reset version and cipher suite so that the preinfo callback
195 // doesn't fail.
196 server_->ResetPreliminaryInfo();
197
198 EXPECT_EQ(SECFailure, SSL_ReHandshake(server_->ssl_fd(), PR_TRUE));
199 }
200
TEST_P(TlsConnectStream,ConnectAndClientWontRenegotiateLower)201 TEST_P(TlsConnectStream, ConnectAndClientWontRenegotiateLower) {
202 if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
203 GTEST_SKIP();
204 }
205 Connect();
206
207 // Now renegotiate with the client set to TLS 1.0.
208 client_->PrepareForRenegotiate();
209 server_->PrepareForRenegotiate();
210 server_->ResetPreliminaryInfo();
211 client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
212 SSL_LIBRARY_VERSION_TLS_1_0);
213 // The client will refuse to renegotiate down.
214 EXPECT_EQ(SECFailure, SSL_ReHandshake(client_->ssl_fd(), PR_TRUE));
215 }
216
TEST_F(TlsConnectTest,Tls13RejectsRehandshakeClient)217 TEST_F(TlsConnectTest, Tls13RejectsRehandshakeClient) {
218 EnsureTlsSetup();
219 ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
220 Connect();
221 SECStatus rv = SSL_ReHandshake(client_->ssl_fd(), PR_TRUE);
222 EXPECT_EQ(SECFailure, rv);
223 EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
224 }
225
TEST_F(TlsConnectTest,Tls13RejectsRehandshakeServer)226 TEST_F(TlsConnectTest, Tls13RejectsRehandshakeServer) {
227 EnsureTlsSetup();
228 ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
229 Connect();
230 SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
231 EXPECT_EQ(SECFailure, rv);
232 EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
233 }
234
235 } // namespace nss_test
236