Bug 1590001 - Additional HRR Tests. r=mt
authorKevin Jacobs <kjacobs@mozilla.com>
Tue, 10 Dec 2019 20:16:48 +0000
changeset 15432 8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78
parent 15431 014f37ecee3e4a6e47e620572ba75abf38eb0be9
child 15433 9ca79efd6d2980fa2f3d4f0b59d0398c8fea8dfc
push id3614
push userjjones@mozilla.com
push dateThu, 12 Dec 2019 21:10:38 +0000
reviewersmt
bugs1590001
Bug 1590001 - Additional HRR Tests. r=mt This patch adds new tests for version limitations after a HRR. Differential Revision: https://phabricator.services.mozilla.com/D51023
gtests/ssl_gtest/ssl_hrr_unittest.cc
--- a/gtests/ssl_gtest/ssl_hrr_unittest.cc
+++ b/gtests/ssl_gtest/ssl_hrr_unittest.cc
@@ -1208,16 +1208,124 @@ TEST_P(TlsConnectStreamPre13, HrrRandomO
   EnsureTlsSetup();
   MakeTlsFilter<ReplaceRandom>(server_,
                                DataBuffer(hrr_random, sizeof(hrr_random)));
   ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
   client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
   server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
+TEST_F(TlsConnectStreamTls13, HrrThenTls12) {
+  StartConnect();
+  size_t cb_called = 0;
+  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+                                                      RetryHello, &cb_called));
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  client_->Handshake();  // Send CH (1.3)
+  server_->Handshake();  // Send HRR.
+  EXPECT_EQ(1U, cb_called);
+
+  // Replace the client with a new TLS 1.2 client. Don't call Init(), since
+  // it will artifically limit the server's vrange.
+  client_.reset(
+      new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+
+  client_->StartConnect();
+  client_->Handshake();  // Send CH (1.2)
+  ExpectAlert(server_, kTlsAlertProtocolVersion);
+  server_->Handshake();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+}
+
+TEST_F(TlsConnectStreamTls13, ZeroRttHrrThenTls12) {
+  SetupForZeroRtt();
+
+  client_->Set0RttEnabled(true);
+  size_t cb_called = 0;
+  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+                                                      RetryHello, &cb_called));
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  client_->Handshake();  // Send CH (1.3)
+  ZeroRttSendReceive(true, false);
+  server_->Handshake();  // Send HRR.
+  EXPECT_EQ(1U, cb_called);
+
+  // Replace the client with a new TLS 1.2 client. Don't call Init(), since
+  // it will artifically limit the server's vrange.
+  client_.reset(
+      new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+
+  client_->StartConnect();
+  client_->Handshake();  // Send CH (1.2)
+  ExpectAlert(server_, kTlsAlertProtocolVersion);
+  server_->Handshake();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+
+  // Try to write something
+  server_->Handshake();
+  client_->ExpectReadWriteError();
+  client_->SendData(1);
+  uint8_t buf[1];
+  EXPECT_EQ(-1, PR_Read(server_->ssl_fd(), buf, sizeof(buf)));
+  EXPECT_EQ(SSL_ERROR_HANDSHAKE_FAILED, PR_GetError());
+}
+
+TEST_F(TlsConnectStreamTls13, HrrThenTls12SupportedVersions) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  size_t cb_called = 0;
+  EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+                                                      RetryHello, &cb_called));
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  client_->Handshake();  // Send CH (1.3)
+  ZeroRttSendReceive(true, false);
+  server_->Handshake();  // Send HRR.
+  EXPECT_EQ(1U, cb_called);
+
+  // Replace the client with a new TLS 1.2 client. Don't call Init(), since
+  // it will artifically limit the server's vrange.
+  client_.reset(
+      new TlsAgent(client_->name(), TlsAgent::CLIENT, ssl_variant_stream));
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  // Negotiate via supported_versions
+  static const uint8_t tls12[] = {0x02, 0x03, 0x03};
+  auto replacer = MakeTlsFilter<TlsExtensionInjector>(
+      client_, ssl_tls13_supported_versions_xtn,
+      DataBuffer(tls12, sizeof(tls12)));
+
+  client_->StartConnect();
+  client_->Handshake();  // Send CH (1.2)
+  ExpectAlert(server_, kTlsAlertProtocolVersion);
+  server_->Handshake();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+}
+
 INSTANTIATE_TEST_CASE_P(HelloRetryRequestAgentTests, HelloRetryRequestAgentTest,
                         ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
                                            TlsConnectTestBase::kTlsV13));
 #ifndef NSS_DISABLE_TLS_1_3
 INSTANTIATE_TEST_CASE_P(HelloRetryRequestKeyExchangeTests, TlsKeyExchange13,
                         ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
                                            TlsConnectTestBase::kTlsV13));
 #endif