diff options
author | Jack Lloyd <[email protected]> | 2017-01-04 15:57:30 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-01-04 15:57:30 -0500 |
commit | 8285fe04ae8a5c41ae2606bd08aed9aa1bd3126f (patch) | |
tree | d9ded2b0899d0270d0f747c8ef1032c567c92b85 /src | |
parent | 51b83c2f3807cfd36744b94dfe337a6d31f00847 (diff) |
Add tests for certificate status message
Currently untested by TLS crosstalk tests because it is not
supported on the server side.
Exposes the rest of TLS message types to application.
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/tls/tls_messages.h | 16 | ||||
-rw-r--r-- | src/tests/data/tls/cert_status.vec | 17 | ||||
-rw-r--r-- | src/tests/data/tls/cert_verify.vec | 2 | ||||
-rw-r--r-- | src/tests/test_tls_messages.cpp | 40 |
4 files changed, 62 insertions, 13 deletions
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 8e08b6e87..5a1f03a06 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -394,7 +394,7 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message /** * Client Key Exchange Message */ -class Client_Key_Exchange final : public Handshake_Message +class BOTAN_DLL Client_Key_Exchange final : public Handshake_Message { public: Handshake_Type type() const override { return CLIENT_KEX; } @@ -428,7 +428,7 @@ class Client_Key_Exchange final : public Handshake_Message /** * Certificate Message */ -class Certificate final : public Handshake_Message +class BOTAN_DLL Certificate final : public Handshake_Message { public: Handshake_Type type() const override { return CERTIFICATE; } @@ -451,7 +451,7 @@ class Certificate final : public Handshake_Message /** * Certificate Status (RFC 6066) */ -class Certificate_Status final : public Handshake_Message +class BOTAN_DLL Certificate_Status final : public Handshake_Message { public: Handshake_Type type() const override { return CERTIFICATE_STATUS; } @@ -472,7 +472,7 @@ class Certificate_Status final : public Handshake_Message /** * Certificate Request Message */ -class Certificate_Req final : public Handshake_Message +class BOTAN_DLL Certificate_Req final : public Handshake_Message { public: Handshake_Type type() const override { return CERTIFICATE_REQUEST; } @@ -539,7 +539,7 @@ class BOTAN_DLL Certificate_Verify final : public Handshake_Message /** * Finished Message */ -class Finished final : public Handshake_Message +class BOTAN_DLL Finished final : public Handshake_Message { public: Handshake_Type type() const override { return FINISHED; } @@ -578,7 +578,7 @@ class BOTAN_DLL Hello_Request final : public Handshake_Message /** * Server Key Exchange Message */ -class Server_Key_Exchange final : public Handshake_Message +class BOTAN_DLL Server_Key_Exchange final : public Handshake_Message { public: Handshake_Type type() const override { return SERVER_KEX; } @@ -646,7 +646,7 @@ class Server_Key_Exchange final : public Handshake_Message /** * Server Hello Done Message */ -class Server_Hello_Done final : public Handshake_Message +class BOTAN_DLL Server_Hello_Done final : public Handshake_Message { public: Handshake_Type type() const override { return SERVER_HELLO_DONE; } @@ -687,7 +687,7 @@ class BOTAN_DLL New_Session_Ticket final : public Handshake_Message /** * Change Cipher Spec */ -class Change_Cipher_Spec final : public Handshake_Message +class BOTAN_DLL Change_Cipher_Spec final : public Handshake_Message { public: Handshake_Type type() const override { return HANDSHAKE_CCS; } diff --git a/src/tests/data/tls/cert_status.vec b/src/tests/data/tls/cert_status.vec new file mode 100644 index 000000000..d93f800ab --- /dev/null +++ b/src/tests/data/tls/cert_status.vec @@ -0,0 +1,17 @@ + +[cert_status] +Buffer = 00 +Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small + +Buffer = 01 +Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small + +Buffer = 01000000 +Exception = Invalid argument Decoding error: Invalid Certificate_Status message: too small + +Buffer = 010FFFF000 +Exception = Invalid argument Decoding error: Invalid Certificate_Status: invalid length field + +Buffer = 0100020F3082020B0A0100A08202043082020006092B0601050507300101048201F1308201ED3081D6A14C304A310B300906035504061302555331163014060355040A130D4C6574277320456E6372797074312330210603550403131A4C6574277320456E637279707420417574686F72697479205833180F32303136313131383132313630305A30753073304B300906052B0E03021A050004147EE66AE7729AB3FCF8A220646C16A12D6071085D0414A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1021203E89ED07A424B72A35FAD167F48A4F25AD28000180F32303136313131383132303030305AA011180F32303136313132353132303030305A300D06092A864886F70D01010B050003820101007CB8774D813E6E0FBFA816BE53F5F3131EF9DED7B0928BBE50AC628C90C811DBBFE0E43A98BF3FB608CC230EFE31FE98BE99016D98DE73028F6C1AE8C34B0F20DD7E688604322538E721EF9D0D353EADE8818BFB63DA8078A7E2BF9E637282DE6C79B2289F0C13807A9D3B7532970FF0AA77CE06A06299B02274ED6C62DFC672485405C1859FEBDFC3B5B2D81A0A45382FFABBF75D6EAC1AD1AF12701DCDF87F0EFEB41933AED08EF78B35F48362A792E55027F00B3EE4571F30212A3EB7BE4B934F67685A4AF2BBF428280BC20D1A42E75DBE42C459541B4E1EE5BB99E0CCA166C2E9C2E6054F147F2FDF33F104E9076061640EDDB12B62BEAA82E0D60ED128 +Name = Let's Encrypt Authority X3 +Exception = diff --git a/src/tests/data/tls/cert_verify.vec b/src/tests/data/tls/cert_verify.vec index f812d1c6a..7f09002ce 100644 --- a/src/tests/data/tls/cert_verify.vec +++ b/src/tests/data/tls/cert_verify.vec @@ -37,4 +37,4 @@ Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected Buffer = 000200 Protocol = 0301 -Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
\ No newline at end of file +Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left diff --git a/src/tests/test_tls_messages.cpp b/src/tests/test_tls_messages.cpp index d4a9a27fd..d04bea8a0 100644 --- a/src/tests/test_tls_messages.cpp +++ b/src/tests/test_tls_messages.cpp @@ -47,7 +47,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test { public: TLS_Message_Parsing_Test() : - Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Exception") + Text_Based_Test("tls", "Buffer,Protocol,Ciphersuite,AdditionalData,Name,Exception") {} Test::Result run_one_test(const std::string& algo, const VarMap& vars) override @@ -56,6 +56,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test const std::vector<uint8_t> protocol = get_opt_bin(vars, "Protocol"); const std::vector<uint8_t> ciphersuite = get_opt_bin(vars, "Ciphersuite"); const std::string exception = get_req_str(vars, "Exception"); + const std::string expected_name = get_opt_str(vars, "Name", ""); const bool is_positive_test = exception.empty(); Test::Result result(algo + " parsing"); @@ -69,7 +70,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]); Botan::TLS::Certificate_Verify message(buffer, pv); } - if(algo == "client_hello") + else if(algo == "client_hello") { const std::string extensions = get_req_str(vars, "AdditionalData"); Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]); @@ -96,7 +97,7 @@ class TLS_Message_Parsing_Test : public Text_Based_Test { Botan::TLS::New_Session_Ticket message(buffer); } - if(algo == "server_hello") + else if(algo == "server_hello") { const std::string extensions = get_req_str(vars, "AdditionalData"); Botan::TLS::Protocol_Version pv(protocol[0], protocol[1]); @@ -120,6 +121,26 @@ class TLS_Message_Parsing_Test : public Text_Based_Test result.test_lt("Alert type vectors result to UNKNOWN_CA or ACCESS_DENIED, which is shorter than 15", message.type_string().size(), 15); } + else if(algo == "cert_status") + { + Botan::TLS::Certificate_Status message(buffer); + std::shared_ptr<const Botan::OCSP::Response> resp = message.response(); + + if(result.confirm("Decoded response", resp != nullptr)) + { + const std::vector<std::string> CNs = resp->signer_name().get_attribute("CN"); + + // This is not requird by OCSP protocol, we are just using it as a test here + if(result.test_eq("OCSP response has signer name", CNs.size(), 1)) + { + result.test_eq("Expected name", CNs[0], expected_name); + } + } + } + else + { + throw Test_Error("Unknown message type " + algo + " in TLS parsing tests"); + } result.test_success("Correct parsing"); } catch(std::exception& e) @@ -158,6 +179,13 @@ class TLS_Message_Parsing_Test : public Text_Based_Test Botan::TLS::Hello_Request message(buffer); }); } + else if(algo == "cert_status") + { + result.test_throws("invalid cert_status input", exception, [&buffer]() + { + Botan::TLS::Certificate_Status message(buffer); + }); + } else if(algo == "new_session_ticket") { result.test_throws("invalid new_session_ticket input", exception, [&buffer]() @@ -180,11 +208,15 @@ class TLS_Message_Parsing_Test : public Text_Based_Test Botan::TLS::Alert message(sb); }); } + else + { + throw Test_Error("Unknown message type " + algo + " in TLS parsing tests"); + } } return result; } - + std::vector<Test::Result> run_final_tests() override { std::vector<Test::Result> results; |