1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
23 &certificateRequestMsg
{},
24 &certificateVerifyMsg
{
25 hasSignatureAlgorithm
: true,
27 &certificateStatusMsg
{},
28 &clientKeyExchangeMsg
{},
29 &newSessionTicketMsg
{},
32 &encryptedExtensionsMsg
{},
35 &newSessionTicketMsgTLS13
{},
36 &certificateRequestMsgTLS13
{},
37 &certificateMsgTLS13
{},
40 func TestMarshalUnmarshal(t
*testing
.T
) {
41 rand
:= rand
.New(rand
.NewSource(time
.Now().UnixNano()))
43 for i
, iface
:= range tests
{
44 ty
:= reflect
.ValueOf(iface
).Type()
50 for j
:= 0; j
< n
; j
++ {
51 v
, ok
:= quick
.Value(ty
, rand
)
53 t
.Errorf("#%d: failed to create value", i
)
57 m1
:= v
.Interface().(handshakeMessage
)
58 marshaled
:= m1
.marshal()
59 m2
:= iface
.(handshakeMessage
)
60 if !m2
.unmarshal(marshaled
) {
61 t
.Errorf("#%d failed to unmarshal %#v %x", i
, m1
, marshaled
)
64 m2
.marshal() // to fill any marshal cache in the message
66 if !reflect
.DeepEqual(m1
, m2
) {
67 t
.Errorf("#%d got:%#v want:%#v %x", i
, m2
, m1
, marshaled
)
72 // The first three message types (ClientHello,
73 // ServerHello and Finished) are allowed to
74 // have parsable prefixes because the extension
75 // data is optional and the length of the
76 // Finished varies across versions.
77 for j
:= 0; j
< len(marshaled
); j
++ {
78 if m2
.unmarshal(marshaled
[0:j
]) {
79 t
.Errorf("#%d unmarshaled a prefix of length %d of %#v", i
, j
, m1
)
88 func TestFuzz(t
*testing
.T
) {
89 rand
:= rand
.New(rand
.NewSource(0))
90 for _
, iface
:= range tests
{
91 m
:= iface
.(handshakeMessage
)
93 for j
:= 0; j
< 1000; j
++ {
95 bytes
:= randomBytes(len, rand
)
96 // This just looks for crashes due to bounds errors etc.
102 func randomBytes(n
int, rand
*rand
.Rand
) []byte {
104 if _
, err
:= rand
.Read(r
); err
!= nil {
105 panic("rand.Read failed: " + err
.Error())
110 func randomString(n
int, rand
*rand
.Rand
) string {
111 b
:= randomBytes(n
, rand
)
115 func (*clientHelloMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
116 m
:= &clientHelloMsg
{}
117 m
.vers
= uint16(rand
.Intn(65536))
118 m
.random
= randomBytes(32, rand
)
119 m
.sessionId
= randomBytes(rand
.Intn(32), rand
)
120 m
.cipherSuites
= make([]uint16, rand
.Intn(63)+1)
121 for i
:= 0; i
< len(m
.cipherSuites
); i
++ {
122 cs
:= uint16(rand
.Int31())
123 if cs
== scsvRenegotiation
{
126 m
.cipherSuites
[i
] = cs
128 m
.compressionMethods
= randomBytes(rand
.Intn(63)+1, rand
)
129 if rand
.Intn(10) > 5 {
130 m
.serverName
= randomString(rand
.Intn(255), rand
)
131 for strings
.HasSuffix(m
.serverName
, ".") {
132 m
.serverName
= m
.serverName
[:len(m
.serverName
)-1]
135 m
.ocspStapling
= rand
.Intn(10) > 5
136 m
.supportedPoints
= randomBytes(rand
.Intn(5)+1, rand
)
137 m
.supportedCurves
= make([]CurveID
, rand
.Intn(5)+1)
138 for i
:= range m
.supportedCurves
{
139 m
.supportedCurves
[i
] = CurveID(rand
.Intn(30000) + 1)
141 if rand
.Intn(10) > 5 {
142 m
.ticketSupported
= true
143 if rand
.Intn(10) > 5 {
144 m
.sessionTicket
= randomBytes(rand
.Intn(300), rand
)
146 m
.sessionTicket
= make([]byte, 0)
149 if rand
.Intn(10) > 5 {
150 m
.supportedSignatureAlgorithms
= supportedSignatureAlgorithms
152 if rand
.Intn(10) > 5 {
153 m
.supportedSignatureAlgorithmsCert
= supportedSignatureAlgorithms
155 for i
:= 0; i
< rand
.Intn(5); i
++ {
156 m
.alpnProtocols
= append(m
.alpnProtocols
, randomString(rand
.Intn(20)+1, rand
))
158 if rand
.Intn(10) > 5 {
161 if rand
.Intn(10) > 5 {
162 m
.secureRenegotiationSupported
= true
163 m
.secureRenegotiation
= randomBytes(rand
.Intn(50)+1, rand
)
165 for i
:= 0; i
< rand
.Intn(5); i
++ {
166 m
.supportedVersions
= append(m
.supportedVersions
, uint16(rand
.Intn(0xffff)+1))
168 if rand
.Intn(10) > 5 {
169 m
.cookie
= randomBytes(rand
.Intn(500)+1, rand
)
171 for i
:= 0; i
< rand
.Intn(5); i
++ {
173 ks
.group
= CurveID(rand
.Intn(30000) + 1)
174 ks
.data
= randomBytes(rand
.Intn(200)+1, rand
)
175 m
.keyShares
= append(m
.keyShares
, ks
)
177 switch rand
.Intn(3) {
179 m
.pskModes
= []uint8{pskModeDHE
}
181 m
.pskModes
= []uint8{pskModeDHE
, pskModePlain
}
183 for i
:= 0; i
< rand
.Intn(5); i
++ {
185 psk
.obfuscatedTicketAge
= uint32(rand
.Intn(500000))
186 psk
.label
= randomBytes(rand
.Intn(500)+1, rand
)
187 m
.pskIdentities
= append(m
.pskIdentities
, psk
)
188 m
.pskBinders
= append(m
.pskBinders
, randomBytes(rand
.Intn(50)+32, rand
))
190 if rand
.Intn(10) > 5 {
194 return reflect
.ValueOf(m
)
197 func (*serverHelloMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
198 m
:= &serverHelloMsg
{}
199 m
.vers
= uint16(rand
.Intn(65536))
200 m
.random
= randomBytes(32, rand
)
201 m
.sessionId
= randomBytes(rand
.Intn(32), rand
)
202 m
.cipherSuite
= uint16(rand
.Int31())
203 m
.compressionMethod
= uint8(rand
.Intn(256))
204 m
.supportedPoints
= randomBytes(rand
.Intn(5)+1, rand
)
206 if rand
.Intn(10) > 5 {
207 m
.ocspStapling
= true
209 if rand
.Intn(10) > 5 {
210 m
.ticketSupported
= true
212 if rand
.Intn(10) > 5 {
213 m
.alpnProtocol
= randomString(rand
.Intn(32)+1, rand
)
216 for i
:= 0; i
< rand
.Intn(4); i
++ {
217 m
.scts
= append(m
.scts
, randomBytes(rand
.Intn(500)+1, rand
))
220 if rand
.Intn(10) > 5 {
221 m
.secureRenegotiationSupported
= true
222 m
.secureRenegotiation
= randomBytes(rand
.Intn(50)+1, rand
)
224 if rand
.Intn(10) > 5 {
225 m
.supportedVersion
= uint16(rand
.Intn(0xffff) + 1)
227 if rand
.Intn(10) > 5 {
228 m
.cookie
= randomBytes(rand
.Intn(500)+1, rand
)
230 if rand
.Intn(10) > 5 {
231 for i
:= 0; i
< rand
.Intn(5); i
++ {
232 m
.serverShare
.group
= CurveID(rand
.Intn(30000) + 1)
233 m
.serverShare
.data
= randomBytes(rand
.Intn(200)+1, rand
)
235 } else if rand
.Intn(10) > 5 {
236 m
.selectedGroup
= CurveID(rand
.Intn(30000) + 1)
238 if rand
.Intn(10) > 5 {
239 m
.selectedIdentityPresent
= true
240 m
.selectedIdentity
= uint16(rand
.Intn(0xffff))
243 return reflect
.ValueOf(m
)
246 func (*encryptedExtensionsMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
247 m
:= &encryptedExtensionsMsg
{}
249 if rand
.Intn(10) > 5 {
250 m
.alpnProtocol
= randomString(rand
.Intn(32)+1, rand
)
253 return reflect
.ValueOf(m
)
256 func (*certificateMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
257 m
:= &certificateMsg
{}
258 numCerts
:= rand
.Intn(20)
259 m
.certificates
= make([][]byte, numCerts
)
260 for i
:= 0; i
< numCerts
; i
++ {
261 m
.certificates
[i
] = randomBytes(rand
.Intn(10)+1, rand
)
263 return reflect
.ValueOf(m
)
266 func (*certificateRequestMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
267 m
:= &certificateRequestMsg
{}
268 m
.certificateTypes
= randomBytes(rand
.Intn(5)+1, rand
)
269 for i
:= 0; i
< rand
.Intn(100); i
++ {
270 m
.certificateAuthorities
= append(m
.certificateAuthorities
, randomBytes(rand
.Intn(15)+1, rand
))
272 return reflect
.ValueOf(m
)
275 func (*certificateVerifyMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
276 m
:= &certificateVerifyMsg
{}
277 m
.hasSignatureAlgorithm
= true
278 m
.signatureAlgorithm
= SignatureScheme(rand
.Intn(30000))
279 m
.signature
= randomBytes(rand
.Intn(15)+1, rand
)
280 return reflect
.ValueOf(m
)
283 func (*certificateStatusMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
284 m
:= &certificateStatusMsg
{}
285 m
.response
= randomBytes(rand
.Intn(10)+1, rand
)
286 return reflect
.ValueOf(m
)
289 func (*clientKeyExchangeMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
290 m
:= &clientKeyExchangeMsg
{}
291 m
.ciphertext
= randomBytes(rand
.Intn(1000)+1, rand
)
292 return reflect
.ValueOf(m
)
295 func (*finishedMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
297 m
.verifyData
= randomBytes(12, rand
)
298 return reflect
.ValueOf(m
)
301 func (*newSessionTicketMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
302 m
:= &newSessionTicketMsg
{}
303 m
.ticket
= randomBytes(rand
.Intn(4), rand
)
304 return reflect
.ValueOf(m
)
307 func (*sessionState
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
309 s
.vers
= uint16(rand
.Intn(10000))
310 s
.cipherSuite
= uint16(rand
.Intn(10000))
311 s
.masterSecret
= randomBytes(rand
.Intn(100)+1, rand
)
312 s
.createdAt
= uint64(rand
.Int63())
313 for i
:= 0; i
< rand
.Intn(20); i
++ {
314 s
.certificates
= append(s
.certificates
, randomBytes(rand
.Intn(500)+1, rand
))
316 return reflect
.ValueOf(s
)
319 func (*sessionStateTLS13
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
320 s
:= &sessionStateTLS13
{}
321 s
.cipherSuite
= uint16(rand
.Intn(10000))
322 s
.resumptionSecret
= randomBytes(rand
.Intn(100)+1, rand
)
323 s
.createdAt
= uint64(rand
.Int63())
324 for i
:= 0; i
< rand
.Intn(2)+1; i
++ {
325 s
.certificate
.Certificate
= append(
326 s
.certificate
.Certificate
, randomBytes(rand
.Intn(500)+1, rand
))
328 if rand
.Intn(10) > 5 {
329 s
.certificate
.OCSPStaple
= randomBytes(rand
.Intn(100)+1, rand
)
331 if rand
.Intn(10) > 5 {
332 for i
:= 0; i
< rand
.Intn(2)+1; i
++ {
333 s
.certificate
.SignedCertificateTimestamps
= append(
334 s
.certificate
.SignedCertificateTimestamps
, randomBytes(rand
.Intn(500)+1, rand
))
337 return reflect
.ValueOf(s
)
340 func (*endOfEarlyDataMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
341 m
:= &endOfEarlyDataMsg
{}
342 return reflect
.ValueOf(m
)
345 func (*keyUpdateMsg
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
347 m
.updateRequested
= rand
.Intn(10) > 5
348 return reflect
.ValueOf(m
)
351 func (*newSessionTicketMsgTLS13
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
352 m
:= &newSessionTicketMsgTLS13
{}
353 m
.lifetime
= uint32(rand
.Intn(500000))
354 m
.ageAdd
= uint32(rand
.Intn(500000))
355 m
.nonce
= randomBytes(rand
.Intn(100), rand
)
356 m
.label
= randomBytes(rand
.Intn(1000), rand
)
357 if rand
.Intn(10) > 5 {
358 m
.maxEarlyData
= uint32(rand
.Intn(500000))
360 return reflect
.ValueOf(m
)
363 func (*certificateRequestMsgTLS13
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
364 m
:= &certificateRequestMsgTLS13
{}
365 if rand
.Intn(10) > 5 {
366 m
.ocspStapling
= true
368 if rand
.Intn(10) > 5 {
371 if rand
.Intn(10) > 5 {
372 m
.supportedSignatureAlgorithms
= supportedSignatureAlgorithms
374 if rand
.Intn(10) > 5 {
375 m
.supportedSignatureAlgorithmsCert
= supportedSignatureAlgorithms
377 if rand
.Intn(10) > 5 {
378 m
.certificateAuthorities
= make([][]byte, 3)
379 for i
:= 0; i
< 3; i
++ {
380 m
.certificateAuthorities
[i
] = randomBytes(rand
.Intn(10)+1, rand
)
383 return reflect
.ValueOf(m
)
386 func (*certificateMsgTLS13
) Generate(rand
*rand
.Rand
, size
int) reflect
.Value
{
387 m
:= &certificateMsgTLS13
{}
388 for i
:= 0; i
< rand
.Intn(2)+1; i
++ {
389 m
.certificate
.Certificate
= append(
390 m
.certificate
.Certificate
, randomBytes(rand
.Intn(500)+1, rand
))
392 if rand
.Intn(10) > 5 {
393 m
.ocspStapling
= true
394 m
.certificate
.OCSPStaple
= randomBytes(rand
.Intn(100)+1, rand
)
396 if rand
.Intn(10) > 5 {
398 for i
:= 0; i
< rand
.Intn(2)+1; i
++ {
399 m
.certificate
.SignedCertificateTimestamps
= append(
400 m
.certificate
.SignedCertificateTimestamps
, randomBytes(rand
.Intn(500)+1, rand
))
403 return reflect
.ValueOf(m
)
406 func TestRejectEmptySCTList(t
*testing
.T
) {
407 // RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid.
410 sct
:= []byte{0x42, 0x42, 0x42, 0x42}
411 serverHello
:= serverHelloMsg
{
416 serverHelloBytes
:= serverHello
.marshal()
418 var serverHelloCopy serverHelloMsg
419 if !serverHelloCopy
.unmarshal(serverHelloBytes
) {
420 t
.Fatal("Failed to unmarshal initial message")
423 // Change serverHelloBytes so that the SCT list is empty
424 i
:= bytes
.Index(serverHelloBytes
, sct
)
426 t
.Fatal("Cannot find SCT in ServerHello")
429 var serverHelloEmptySCT
[]byte
430 serverHelloEmptySCT
= append(serverHelloEmptySCT
, serverHelloBytes
[:i
-6]...)
431 // Append the extension length and SCT list length for an empty list.
432 serverHelloEmptySCT
= append(serverHelloEmptySCT
, []byte{0, 2, 0, 0}...)
433 serverHelloEmptySCT
= append(serverHelloEmptySCT
, serverHelloBytes
[i
+4:]...)
435 // Update the handshake message length.
436 serverHelloEmptySCT
[1] = byte((len(serverHelloEmptySCT
) - 4) >> 16)
437 serverHelloEmptySCT
[2] = byte((len(serverHelloEmptySCT
) - 4) >> 8)
438 serverHelloEmptySCT
[3] = byte(len(serverHelloEmptySCT
) - 4)
440 // Update the extensions length
441 serverHelloEmptySCT
[42] = byte((len(serverHelloEmptySCT
) - 44) >> 8)
442 serverHelloEmptySCT
[43] = byte((len(serverHelloEmptySCT
) - 44))
444 if serverHelloCopy
.unmarshal(serverHelloEmptySCT
) {
445 t
.Fatal("Unmarshaled ServerHello with empty SCT list")
449 func TestRejectEmptySCT(t
*testing
.T
) {
450 // Not only must the SCT list be non-empty, but the SCT elements must
451 // not be zero length.
454 serverHello
:= serverHelloMsg
{
459 serverHelloBytes
:= serverHello
.marshal()
461 var serverHelloCopy serverHelloMsg
462 if serverHelloCopy
.unmarshal(serverHelloBytes
) {
463 t
.Fatal("Unmarshaled ServerHello with zero-length SCT")