diff options
| author | Juraj Somorovsky <[email protected]> | 2016-09-17 14:44:40 +0200 |
|---|---|---|
| committer | Juraj Somorovsky <[email protected]> | 2016-09-30 00:57:29 +0200 |
| commit | 863fc12c6ebcc96ed10a7c8896fea033a78fbb5d (patch) | |
| tree | 129adf63325c4dd6b9ea58b5e397fe3aee28bb41 /src/tests/data/tls | |
| parent | ebe2f21dde0bd26261af633a96867df2372779cb (diff) | |
New TLS positive and negative tests.
TLS message parsing:
- CertificateVerify
- HelloVerify
- ClientHello (with extensions)
- ServerHello (with extensions)
- NewSessionTicket
- Alert
TLS message processing:
- HelloVerify
TLS Policy tests
Unit tests with TLS client authentication
Added test_throws method that checks the correct exception message.
Diffstat (limited to 'src/tests/data/tls')
| -rw-r--r-- | src/tests/data/tls/alert.vec | 24 | ||||
| -rw-r--r-- | src/tests/data/tls/cert_verify.vec | 40 | ||||
| -rw-r--r-- | src/tests/data/tls/client_hello.vec | 68 | ||||
| -rw-r--r-- | src/tests/data/tls/hello_request.vec | 8 | ||||
| -rw-r--r-- | src/tests/data/tls/hello_verify.vec | 26 | ||||
| -rw-r--r-- | src/tests/data/tls/new_session_ticket.vec | 20 | ||||
| -rw-r--r-- | src/tests/data/tls/server_hello.vec | 48 |
7 files changed, 234 insertions, 0 deletions
diff --git a/src/tests/data/tls/alert.vec b/src/tests/data/tls/alert.vec new file mode 100644 index 000000000..19ec8839b --- /dev/null +++ b/src/tests/data/tls/alert.vec @@ -0,0 +1,24 @@ +# Alert message contains the following fields: +# - Fatal (1 byte): 1=false, 2=true +# - Type (1 byte) + +[alert] +Buffer = 0130 +Exception = + +Buffer = 0230 +Exception = + +Buffer = 0231 +Exception = + +Buffer = 0030 +Protocol = 0303 +Exception = Invalid argument Decoding error: Alert: Bad code for alert level + +Buffer = 02 +Exception = Invalid argument Decoding error: Alert: Bad size 1 for alert message + +Buffer = 020101 +Exception = Invalid argument Decoding error: Alert: Bad size 3 for alert message + diff --git a/src/tests/data/tls/cert_verify.vec b/src/tests/data/tls/cert_verify.vec new file mode 100644 index 000000000..f812d1c6a --- /dev/null +++ b/src/tests/data/tls/cert_verify.vec @@ -0,0 +1,40 @@ +# Tests generated partially with openssl 1.0.2g +# CertificateVerify message contains the following fields: +# - SignatureAndHash Algorithm (2 bytes) [only in TLS 1.2] +# - Certificate length (2 bytes) +# - Certificate + +[cert_verify] +Buffer = 06010080266481066a8431582157a9a591150d418b63d46154c4cd85bffcfdba8c7f6396f0ceb0402c2142c526a19659d58cd4111bf45f57a56e97d16eeecd350f6e9dc93662e4361053666e5a53c74fe11bd6cf86a9cf7a2488704c5121915820973280ed6afa3e8b79dfb799bddffb52caa2d1a0a895a0e7505d841a882bdd92ec9141 +Protocol = 0303 +Exception = + +Buffer = 008080c920a228dc3f32927fd8026a97fb8474603191a89c49aeeddd1b1caf7f28d6af7b9b7c0bc6b954e909f3d054eb3964d626402b7c932c019111bc854007c90c134d6adce505e5cd60292331f7645fba909017565fc60ee76a5eb6b6a89ab2a3d69be6c0e283ae5a84b1fc367c1a865c35dd8a1c93ac3d538d91a2d5128d8d52 +Protocol = 0302 +Exception = + +Buffer = 0080bb6b1df8c744f961ee3f5334448fac4af0f372763149972b88bec525a3196f87cf0204a50fd516b6808530252d1c6b79414b8b9194b3c5e2958adab5524bc124e16d9f3b05f5bf63c0b184709ce6586a0a4b267280b47576893406c381a401b10bcc5f111b14cd8ce889b5d48fbe47f465cf70bf23b71109f81d4574bbf6f93f +Protocol = 0301 +Exception = + +Buffer = 0601000100 +Protocol = 0303 +Exception = + +#Incomplete algorithm +Buffer = 06 +Protocol = 0303 +Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 1 bytes remaining, only 0 left + +#Incomplete certificate +Buffer = 0601000500 +Protocol = 0303 +Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 5 bytes remaining, only 1 left + +Buffer = 000200 +Protocol = 0302 +Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left + +Buffer = 000200 +Protocol = 0301 +Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
\ No newline at end of file diff --git a/src/tests/data/tls/client_hello.vec b/src/tests/data/tls/client_hello.vec new file mode 100644 index 000000000..d629e3f6e --- /dev/null +++ b/src/tests/data/tls/client_hello.vec @@ -0,0 +1,68 @@ +# Tests generated partially with openssl 1.0.2g/1.1.0a and TLS-Attacker +# ClientHello message contains many fields, the following fields are checked: +# - Protocol Version +# - Extensions + +[client_hello] +# no extension (empty renegotiation generated) +Buffer = 030320f3dc33f90be6509e6133a1819f2b80fe6ccc6268d9195ca4ead7504ffe7e2a0000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000000 +Protocol = 0303 +AdditionalData = FF01 +Exception = + +# with extensions: point formats, ec curves, session ticket, signature algorithms, heartbeat (point formats and heartbeat not supported, empty renegotiation generated) +Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 +Protocol = 0303 +AdditionalData = 000A000D0023FF01 +Exception = + +# with extensions: point formats, ec curves, session ticket, signature algorithms, heartbeat, Encrypt-then-MAC, Extended Master Secret (point formats and heartbeat not supported, empty renegotiation generated) +Buffer = 0303e00da23523058b5dc9c445d97b2bb6315b019e97838ac4f16c23b2cb031b6a490000e2c0afc0adc030c02cc028c024c014c00ac0a3c09f00a500a300a1009f006b006a006900680039003800370036cca9cca8c077c073ccaa00c400c300c200c10088008700860085c032c02ec02ac026c00fc005c079c075c0a1c09d009d003d003500c00084c0aec0acc02fc02bc027c023c013c009c0a2c09e00a400a200a0009e00670040003f003e0033003200310030c076c07200be00bd00bc00bb009a0099009800970045004400430042c031c02dc029c025c00ec004c078c074c0a0c09c009c003c002f00ba009600410007c012c008001600130010000dc00dc003000a00ff0100005f000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d00220020060106020603050105020503040104020403030103020303020102020203eded000f0001010016000000170000 +Protocol = 0303 +AdditionalData = 000A000D001600170023FF01 +Exception = + +# empty +Buffer = +Protocol = 0303 +Exception = Invalid argument Decoding error: Client_Hello: Packet corrupted + +Buffer = 00 +Protocol = 0303 +Exception = Invalid argument Decoding error: Client_Hello: Packet corrupted + +# Invalid cipher suite length (0xf0e2 instead of 0x00e2) +Buffer = 0303e00da23523058b5dc9c445d97b2bb6315b019e97838ac4f16c23b2cb031b6a4900f0e2c0afc0adc030c02cc028c024c014c00ac0a3c09f00a500a300a1009f006b006a006900680039003800370036cca9cca8c077c073ccaa00c400c300c200c10088008700860085c032c02ec02ac026c00fc005c079c075c0a1c09d009d003d003500c00084c0aec0acc02fc02bc027c023c013c009c0a2c09e00a400a200a0009e00670040003f003e0033003200310030c076c07200be00bd00bc00bb009a0099009800970045004400430042c031c02dc029c025c00ec004c078c074c0a0c09c009c003c002f00ba009600410007c012c008001600130010000dc00dc003000a00ff01000000 +Protocol = 0303 +AdditionalData = +Exception = Invalid argument Decoding error: Invalid ClientHello: Expected 61666 bytes remaining, only 230 left + +#invalid extensions length +Buffer = 030320f3dc33f90be6509e6133a1819f2b80fe6ccc6268d9195ca4ead7504ffe7e2a0000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000001 +Protocol = 0303 +Exception = Invalid argument Decoding error: Bad extension size + +#invalid extensions length 2 +Buffer = 030320f3dc33f90be6509e6133a1819f2b80fe6ccc6268d9195ca4ead7504ffe7e2a0000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff010000010000 +Protocol = 0303 +Exception = Invalid argument Decoding error: Bad extension size + +#invalid length of the elliptic curve extension (0xf01c instead of 0x001c) +Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000af01c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 +Protocol = 0303 +Exception = Invalid argument Decoding error: Inconsistent length field in elliptic curve list + +#invalid length of the elliptic curve extension (0xf01a instead of 0x001a) +Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001cf01a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 +Protocol = 0303 +Exception = Invalid argument Decoding error: Inconsistent length field in elliptic curve list + +#invalid length of the session ticket extension +Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a002300ff000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 +Protocol = 0303 +Exception = Invalid argument Decoding error: Invalid ClientHello: Expected 255 bytes remaining, only 41 left + +#invalid length of the heartbeat extension +Buffer = 0303871e18983024eaee1be8ae6607d5ecad941d33fd7fc1d8554a9e1fbfda8d30880000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000055000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000201 +Protocol = 0303 +Exception = Invalid argument Decoding error: Invalid ClientHello: Expected 2 bytes remaining, only 1 left
\ No newline at end of file diff --git a/src/tests/data/tls/hello_request.vec b/src/tests/data/tls/hello_request.vec new file mode 100644 index 000000000..3a7471ae4 --- /dev/null +++ b/src/tests/data/tls/hello_request.vec @@ -0,0 +1,8 @@ +# HelloRequest message does not contain any bytes + +[hello_request] +Buffer = +Exception = + +Buffer = 01 +Exception = Invalid argument Decoding error: Bad Hello_Request, has non-zero size diff --git a/src/tests/data/tls/hello_verify.vec b/src/tests/data/tls/hello_verify.vec new file mode 100644 index 000000000..f5db9e085 --- /dev/null +++ b/src/tests/data/tls/hello_verify.vec @@ -0,0 +1,26 @@ +# Tests generated partially with openssl 1.0.2g +# HelloVerify message contains the following fields: +# - Protocol version (2 bytes) +# - Cookie length (1 byte) +# - Cookie + +[hello_verify] +Buffer = feff14925523e7539a13d9782af6d771b97d0032c61800 +Exception = + +# HelloVerify request has to contain at least 3 bytes +Buffer = 0101 +Exception = Invalid argument Decoding error: Hello verify request too small + +# HelloVerify has to contain valid protocol version +Buffer = 010100 +Exception = Invalid argument Decoding error: Unknown version from server in hello verify request + +# HelloVerify has to contain valid number of bytes +Buffer = FEFD0000 +Exception = Invalid argument Decoding error: Bad length in hello verify request + +# HelloVerify has to contain valid number of bytes +Buffer = FEFD0500 +Exception = Invalid argument Decoding error: Bad length in hello verify request + diff --git a/src/tests/data/tls/new_session_ticket.vec b/src/tests/data/tls/new_session_ticket.vec new file mode 100644 index 000000000..22c03611e --- /dev/null +++ b/src/tests/data/tls/new_session_ticket.vec @@ -0,0 +1,20 @@ +# NewSessionTicket message contains the following fields: +# - lifetime (4 bytes) +# - length (2 bytes) +# - session ticket + +[new_session_ticket] +Buffer = 000000000000 +Exception = + +Buffer = 00000000000100 +Exception = + +Buffer = 0000000000051122334455 +Exception = + +Buffer = 0001 +Exception = Invalid argument Decoding error: Session ticket message too short to be valid + +Buffer = 00010203000500 +Exception = Invalid argument Decoding error: Invalid SessionTicket: Expected 5 bytes remaining, only 1 left
\ No newline at end of file diff --git a/src/tests/data/tls/server_hello.vec b/src/tests/data/tls/server_hello.vec new file mode 100644 index 000000000..64ec40b80 --- /dev/null +++ b/src/tests/data/tls/server_hello.vec @@ -0,0 +1,48 @@ +# Tests generated partially with openssl 1.0.2g +# ServerHello message contains many fields, the following fields are checked: +# - Protocol Version +# - Cipher suite +# - Extensions + +[server_hello] +# correct, with session ticket and renegotiation info +Buffer = 0303ffea0bcfba564a4ce177c6a444b0ebdff5629b277293c618c1125f231e8628dd00c030000016ff01000100000b00040300010200230000000f000101 +Protocol = 0303 +Ciphersuite = C030 +AdditionalData = 0023FF01 +Exception = + +# correct, with session ticket, extended master secret, and renegotiation info +Buffer = 03019f9cafa88664d9095f85dd64a39e5dd5c09f5a4a5362938af3718ee4e818af6a00c03000001aff01000100000b00040300010200230000000f00010100170000 +Protocol = 0301 +Ciphersuite = C030 +AdditionalData = 00170023FF01 +Exception = + +# incorrect, corrupted +Buffer = +Protocol = 0303 +Ciphersuite = C030 +AdditionalData = +Exception = Invalid argument Decoding error: Server_Hello: Packet corrupted + +# incorrect, corrupted +Buffer = 00 +Protocol = 0303 +Ciphersuite = C030 +AdditionalData = +Exception = Invalid argument Decoding error: Server_Hello: Packet corrupted + +# invalid extensions length +Buffer = 03039f9cafa88664d9095f85dd64a39e5dd5c09f5a4a5362938af3718ee4e818af6a00c03000001cff01000100000b00040300010200230000000f00010100170000 +Protocol = 0303 +Ciphersuite = C030 +AdditionalData = 00170023FF01 +Exception = Invalid argument Decoding error: Bad extension size + +# invalid extension length +Buffer = 03039f9cafa88664d9095f85dd64a39e5dd5c09f5a4a5362938af3718ee4e818af6a00c03000001aff01000100000b00040300010200230100000f00010100170000 +Protocol = 0303 +Ciphersuite = C030 +AdditionalData = 00170023FF01 +Exception = Invalid argument Decoding error: Invalid ServerHello: Expected 256 bytes remaining, only 9 left
\ No newline at end of file |