test-tls13-finished.py has 70 failing tests that expect a "decode_error"

instead of the "decrypt_error" sent by tls13_server_finished_recv(). Both alerts appear to be reasonable in this context, so enable the tests while working around this.
author: tb <> 2020-09-25 08:38:25 +0000
committer: tb <> 2020-09-25 08:38:25 +0000
commit: d5311b6952fd15727b6ce34e0b122ed100fd08d7 (patch)
tree: dd0c033584b514452182959cb33bfb86b3812ae9
parent: 76e22d934eaa70b1c3299ebd0292b3ee4e5ccf9f (diff)
download: openbsd-d5311b6952fd15727b6ce34e0b122ed100fd08d7.tar.gz
openbsd-d5311b6952fd15727b6ce34e0b122ed100fd08d7.tar.bz2
openbsd-d5311b6952fd15727b6ce34e0b122ed100fd08d7.zip
1 files changed, 94 insertions, 6 deletions
diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
index c473382621..4e8f2c60a3 100644
--- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
@@ -1,4 +1,4 @@
-#   $OpenBSD: tlsfuzzer.py,v 1.18 2020/09/25 06:34:59 tb Exp $
+#   $OpenBSD: tlsfuzzer.py,v 1.19 2020/09/25 08:38:25 tb Exp $
 #
 # Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
 #
@@ -92,6 +92,97 @@ tls13_tests = TestGroup("TLSv1.3 tests", [
    ]),
 ])
+# test-tls13-finished.py has 70 failing tests that expect a "decode_error"
+# instead of the "decrypt_error" sent by tls13_server_finished_recv().
+# Both alerts appear to be reasonable in this context, so work around this
+# in the test instead of the library.
+def generate_test_tls13_finished_args():
+    assertion = "Expected alert description \"decode_error\" does not match received \"decrypt_error\""
+    paddings = [
+        ("TLS_AES_128_GCM_SHA256", 0, 1),
+        ("TLS_AES_128_GCM_SHA256", 0, 2),
+        ("TLS_AES_128_GCM_SHA256", 0, 4),
+        ("TLS_AES_128_GCM_SHA256", 0, 8),
+        ("TLS_AES_128_GCM_SHA256", 0, 16),
+        ("TLS_AES_128_GCM_SHA256", 0, 32),
+        ("TLS_AES_128_GCM_SHA256", 0, 48),
+        ("TLS_AES_128_GCM_SHA256", 0, 2**14-4-32),
+        ("TLS_AES_128_GCM_SHA256", 0, 0x20000),
+        ("TLS_AES_128_GCM_SHA256", 0, 0x30000),
+        ("TLS_AES_128_GCM_SHA256", 1, 0),
+        ("TLS_AES_128_GCM_SHA256", 2, 0),
+        ("TLS_AES_128_GCM_SHA256", 4, 0),
+        ("TLS_AES_128_GCM_SHA256", 8, 0),
+        ("TLS_AES_128_GCM_SHA256", 16, 0),
+        ("TLS_AES_128_GCM_SHA256", 32, 0),
+        ("TLS_AES_128_GCM_SHA256", 48, 0),
+        ("TLS_AES_128_GCM_SHA256", 2**14-4-32, 0),
+        ("TLS_AES_128_GCM_SHA256", 12, 0),
+        ("TLS_AES_128_GCM_SHA256", 1, 1),
+        ("TLS_AES_128_GCM_SHA256", 8, 8),
+        ("TLS_AES_256_GCM_SHA384", 0, 1),
+        ("TLS_AES_256_GCM_SHA384", 0, 2),
+        ("TLS_AES_256_GCM_SHA384", 0, 4),
+        ("TLS_AES_256_GCM_SHA384", 0, 8),
+        ("TLS_AES_256_GCM_SHA384", 0, 16),
+        ("TLS_AES_256_GCM_SHA384", 0, 32),
+        ("TLS_AES_256_GCM_SHA384", 0, 48),
+        ("TLS_AES_256_GCM_SHA384", 0, 2**14-4-48),
+        ("TLS_AES_256_GCM_SHA384", 0, 0x20000),
+        ("TLS_AES_256_GCM_SHA384", 0, 0x30000),
+        ("TLS_AES_256_GCM_SHA384", 0, 12),
+        ("TLS_AES_256_GCM_SHA384", 1, 0),
+        ("TLS_AES_256_GCM_SHA384", 2, 0),
+        ("TLS_AES_256_GCM_SHA384", 4, 0),
+        ("TLS_AES_256_GCM_SHA384", 8, 0),
+        ("TLS_AES_256_GCM_SHA384", 16, 0),
+        ("TLS_AES_256_GCM_SHA384", 32, 0),
+        ("TLS_AES_256_GCM_SHA384", 48, 0),
+        ("TLS_AES_256_GCM_SHA384", 2**14-4-48, 0),
+        ("TLS_AES_256_GCM_SHA384", 1, 1),
+        ("TLS_AES_256_GCM_SHA384", 8, 8),
+    ]
+    truncations = [
+        ("TLS_AES_128_GCM_SHA256", 0,  -1),
+        ("TLS_AES_128_GCM_SHA256", 0,  -2),
+        ("TLS_AES_128_GCM_SHA256", 0,  -4),
+        ("TLS_AES_128_GCM_SHA256", 0,  -8),
+        ("TLS_AES_128_GCM_SHA256", 0,  -16),
+        ("TLS_AES_128_GCM_SHA256", 0,  -32),
+        ("TLS_AES_128_GCM_SHA256", 0,  12),
+        ("TLS_AES_128_GCM_SHA256", 1,  None),
+        ("TLS_AES_128_GCM_SHA256", 2,  None),
+        ("TLS_AES_128_GCM_SHA256", 4,  None),
+        ("TLS_AES_128_GCM_SHA256", 8,  None),
+        ("TLS_AES_128_GCM_SHA256", 16, None),
+        ("TLS_AES_128_GCM_SHA256", 32, None),
+        ("TLS_AES_256_GCM_SHA384", 0,  -1),
+        ("TLS_AES_256_GCM_SHA384", 0,  -2),
+        ("TLS_AES_256_GCM_SHA384", 0,  -4),
+        ("TLS_AES_256_GCM_SHA384", 0,  -8),
+        ("TLS_AES_256_GCM_SHA384", 0,  -16),
+        ("TLS_AES_256_GCM_SHA384", 0,  -32),
+        ("TLS_AES_256_GCM_SHA384", 0,  12),
+        ("TLS_AES_256_GCM_SHA384", 1,  None),
+        ("TLS_AES_256_GCM_SHA384", 2,  None),
+        ("TLS_AES_256_GCM_SHA384", 4,  None),
+        ("TLS_AES_256_GCM_SHA384", 8,  None),
+        ("TLS_AES_256_GCM_SHA384", 16, None),
+        ("TLS_AES_256_GCM_SHA384", 32, None),
+    ]
+    args = [
+            "-x", "empty - cipher TLS_AES_128_GCM_SHA256", "-X", assertion,
+            "-x", "empty - cipher TLS_AES_256_GCM_SHA384", "-X", assertion,
+    ]
+    padding_fmt = "padding - cipher %s, pad_byte 0, pad_left %d, pad_right %d"
+    for padding in paddings:
+        args += ["-x", padding_fmt % padding, "-X", assertion]
+    truncation_fmt = "truncation - cipher %s, start %d, end %s"
+    for truncation in truncations:
+        args += ["-x", truncation_fmt % truncation, "-X", assertion]
+    return args
 # Tests that take a lot of time (> ~30s on an x280)
 tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
    # XXX: Investigate the occasional message
@@ -101,6 +192,8 @@ tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
    Test("test-tls13-invalid-ciphers.py"),
    Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers),
+    Test("test-tls13-finished.py", generate_test_tls13_finished_args()),
    # Mark two tests cases as xfail for now. The tests expect an arguably
    # correct decode_error while we send a decrypt_error (like fizz/boring).
    Test("test-tls13-record-layer-limits.py", [
@@ -161,11 +254,6 @@ tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
    Test("test-tls13-symetric-ciphers.py"),       # unexpected message from peer
-    # 70 fail and 644 pass. For some reason the tests expect a decode_error
-    # but we send a decrypt_error after the CBS_mem_equal() fails in
-    # tls13_server_finished_recv() (which is correct).
-    Test("test-tls13-finished.py"),               # decrypt_error -> decode_error?
    # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
    # We send server hello, but the test expects handshake_failure
    Test("test-tls13-pkcs-signature.py"),
author	tb <>	2020-09-25 08:38:25 +0000
committer	tb <>	2020-09-25 08:38:25 +0000
commit	d5311b6952fd15727b6ce34e0b122ed100fd08d7 (patch)
tree	dd0c033584b514452182959cb33bfb86b3812ae9
parent	76e22d934eaa70b1c3299ebd0292b3ee4e5ccf9f (diff)
download	openbsd-d5311b6952fd15727b6ce34e0b122ed100fd08d7.tar.gz openbsd-d5311b6952fd15727b6ce34e0b122ed100fd08d7.tar.bz2 openbsd-d5311b6952fd15727b6ce34e0b122ed100fd08d7.zip

diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py index c473382621..4e8f2c60a3 100644 --- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py +++ b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
@@ -1,4 +1,4 @@
1	# $OpenBSD: tlsfuzzer.py,v 1.18 2020/09/25 06:34:59 tb Exp $	1	# $OpenBSD: tlsfuzzer.py,v 1.19 2020/09/25 08:38:25 tb Exp $
2	#	2	#
3	# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>	3	# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4	#	4	#
@@ -92,6 +92,97 @@ tls13_tests = TestGroup("TLSv1.3 tests", [
92	]),	92	]),
93	])	93	])
94		94
		95	# test-tls13-finished.py has 70 failing tests that expect a "decode_error"
		96	# instead of the "decrypt_error" sent by tls13_server_finished_recv().
		97	# Both alerts appear to be reasonable in this context, so work around this
		98	# in the test instead of the library.
		99	def generate_test_tls13_finished_args():
		100	assertion = "Expected alert description \"decode_error\" does not match received \"decrypt_error\""
		101	paddings = [
		102	("TLS_AES_128_GCM_SHA256", 0, 1),
		103	("TLS_AES_128_GCM_SHA256", 0, 2),
		104	("TLS_AES_128_GCM_SHA256", 0, 4),
		105	("TLS_AES_128_GCM_SHA256", 0, 8),
		106	("TLS_AES_128_GCM_SHA256", 0, 16),
		107	("TLS_AES_128_GCM_SHA256", 0, 32),
		108	("TLS_AES_128_GCM_SHA256", 0, 48),
		109	("TLS_AES_128_GCM_SHA256", 0, 2**14-4-32),
		110	("TLS_AES_128_GCM_SHA256", 0, 0x20000),
		111	("TLS_AES_128_GCM_SHA256", 0, 0x30000),
		112	("TLS_AES_128_GCM_SHA256", 1, 0),
		113	("TLS_AES_128_GCM_SHA256", 2, 0),
		114	("TLS_AES_128_GCM_SHA256", 4, 0),
		115	("TLS_AES_128_GCM_SHA256", 8, 0),
		116	("TLS_AES_128_GCM_SHA256", 16, 0),
		117	("TLS_AES_128_GCM_SHA256", 32, 0),
		118	("TLS_AES_128_GCM_SHA256", 48, 0),
		119	("TLS_AES_128_GCM_SHA256", 2**14-4-32, 0),
		120	("TLS_AES_128_GCM_SHA256", 12, 0),
		121	("TLS_AES_128_GCM_SHA256", 1, 1),
		122	("TLS_AES_128_GCM_SHA256", 8, 8),
		123	("TLS_AES_256_GCM_SHA384", 0, 1),
		124	("TLS_AES_256_GCM_SHA384", 0, 2),
		125	("TLS_AES_256_GCM_SHA384", 0, 4),
		126	("TLS_AES_256_GCM_SHA384", 0, 8),
		127	("TLS_AES_256_GCM_SHA384", 0, 16),
		128	("TLS_AES_256_GCM_SHA384", 0, 32),
		129	("TLS_AES_256_GCM_SHA384", 0, 48),
		130	("TLS_AES_256_GCM_SHA384", 0, 2**14-4-48),
		131	("TLS_AES_256_GCM_SHA384", 0, 0x20000),
		132	("TLS_AES_256_GCM_SHA384", 0, 0x30000),
		133	("TLS_AES_256_GCM_SHA384", 0, 12),
		134	("TLS_AES_256_GCM_SHA384", 1, 0),
		135	("TLS_AES_256_GCM_SHA384", 2, 0),
		136	("TLS_AES_256_GCM_SHA384", 4, 0),
		137	("TLS_AES_256_GCM_SHA384", 8, 0),
		138	("TLS_AES_256_GCM_SHA384", 16, 0),
		139	("TLS_AES_256_GCM_SHA384", 32, 0),
		140	("TLS_AES_256_GCM_SHA384", 48, 0),
		141	("TLS_AES_256_GCM_SHA384", 2**14-4-48, 0),
		142	("TLS_AES_256_GCM_SHA384", 1, 1),
		143	("TLS_AES_256_GCM_SHA384", 8, 8),
		144	]
		145	truncations = [
		146	("TLS_AES_128_GCM_SHA256", 0, -1),
		147	("TLS_AES_128_GCM_SHA256", 0, -2),
		148	("TLS_AES_128_GCM_SHA256", 0, -4),
		149	("TLS_AES_128_GCM_SHA256", 0, -8),
		150	("TLS_AES_128_GCM_SHA256", 0, -16),
		151	("TLS_AES_128_GCM_SHA256", 0, -32),
		152	("TLS_AES_128_GCM_SHA256", 0, 12),
		153	("TLS_AES_128_GCM_SHA256", 1, None),
		154	("TLS_AES_128_GCM_SHA256", 2, None),
		155	("TLS_AES_128_GCM_SHA256", 4, None),
		156	("TLS_AES_128_GCM_SHA256", 8, None),
		157	("TLS_AES_128_GCM_SHA256", 16, None),
		158	("TLS_AES_128_GCM_SHA256", 32, None),
		159	("TLS_AES_256_GCM_SHA384", 0, -1),
		160	("TLS_AES_256_GCM_SHA384", 0, -2),
		161	("TLS_AES_256_GCM_SHA384", 0, -4),
		162	("TLS_AES_256_GCM_SHA384", 0, -8),
		163	("TLS_AES_256_GCM_SHA384", 0, -16),
		164	("TLS_AES_256_GCM_SHA384", 0, -32),
		165	("TLS_AES_256_GCM_SHA384", 0, 12),
		166	("TLS_AES_256_GCM_SHA384", 1, None),
		167	("TLS_AES_256_GCM_SHA384", 2, None),
		168	("TLS_AES_256_GCM_SHA384", 4, None),
		169	("TLS_AES_256_GCM_SHA384", 8, None),
		170	("TLS_AES_256_GCM_SHA384", 16, None),
		171	("TLS_AES_256_GCM_SHA384", 32, None),
		172	]
		173
		174	args = [
		175	"-x", "empty - cipher TLS_AES_128_GCM_SHA256", "-X", assertion,
		176	"-x", "empty - cipher TLS_AES_256_GCM_SHA384", "-X", assertion,
		177	]
		178	padding_fmt = "padding - cipher %s, pad_byte 0, pad_left %d, pad_right %d"
		179	for padding in paddings:
		180	args += ["-x", padding_fmt % padding, "-X", assertion]
		181	truncation_fmt = "truncation - cipher %s, start %d, end %s"
		182	for truncation in truncations:
		183	args += ["-x", truncation_fmt % truncation, "-X", assertion]
		184	return args
		185
95	# Tests that take a lot of time (> ~30s on an x280)	186	# Tests that take a lot of time (> ~30s on an x280)
96	tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [	187	tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
97	# XXX: Investigate the occasional message	188	# XXX: Investigate the occasional message
@@ -101,6 +192,8 @@ tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
101	Test("test-tls13-invalid-ciphers.py"),	192	Test("test-tls13-invalid-ciphers.py"),
102	Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers),	193	Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers),
103		194
		195	Test("test-tls13-finished.py", generate_test_tls13_finished_args()),
		196
104	# Mark two tests cases as xfail for now. The tests expect an arguably	197	# Mark two tests cases as xfail for now. The tests expect an arguably
105	# correct decode_error while we send a decrypt_error (like fizz/boring).	198	# correct decode_error while we send a decrypt_error (like fizz/boring).
106	Test("test-tls13-record-layer-limits.py", [	199	Test("test-tls13-record-layer-limits.py", [
@@ -161,11 +254,6 @@ tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
161		254
162	Test("test-tls13-symetric-ciphers.py"), # unexpected message from peer	255	Test("test-tls13-symetric-ciphers.py"), # unexpected message from peer
163		256
164	# 70 fail and 644 pass. For some reason the tests expect a decode_error
165	# but we send a decrypt_error after the CBS_mem_equal() fails in
166	# tls13_server_finished_recv() (which is correct).
167	Test("test-tls13-finished.py"), # decrypt_error -> decode_error?
168
169	# 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'	257	# 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
170	# We send server hello, but the test expects handshake_failure	258	# We send server hello, but the test expects handshake_failure
171	Test("test-tls13-pkcs-signature.py"),	259	Test("test-tls13-pkcs-signature.py"),