// Copyright 2011 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/ssl/ssl_cipher_suite_names.h" #include "net/ssl/ssl_connection_status_flags.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/boringssl/src/include/openssl/ssl.h" namespace net { namespace { int kObsoleteVersion = SSL_CONNECTION_VERSION_TLS1; int kModernVersion = SSL_CONNECTION_VERSION_TLS1_2; uint16_t kModernCipherSuite = 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ uint16_t kObsoleteCipherObsoleteKeyExchange = 0x2f; /* TLS_RSA_WITH_AES_128_CBC_SHA */ uint16_t kObsoleteCipherModernKeyExchange = 0xc014; /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ uint16_t kModernCipherObsoleteKeyExchange = 0x9c; /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ uint16_t kModernCipherModernKeyExchange = 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ uint16_t kObsoleteSignature = SSL_SIGN_RSA_PKCS1_SHA1; uint16_t kModernSignature = SSL_SIGN_RSA_PSS_RSAE_SHA256; int MakeConnectionStatus(int version, uint16_t cipher_suite) { int connection_status = 0; SSLConnectionStatusSetVersion(version, &connection_status); SSLConnectionStatusSetCipherSuite(cipher_suite, &connection_status); return connection_status; } TEST(CipherSuiteNamesTest, Basic) { const char *key_exchange, *cipher, *mac; bool is_aead, is_tls13; SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0x000a); EXPECT_STREQ("RSA", key_exchange); EXPECT_STREQ("3DES_EDE_CBC", cipher); EXPECT_STREQ("HMAC-SHA1", mac); EXPECT_FALSE(is_aead); EXPECT_FALSE(is_tls13); SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0x002f); EXPECT_STREQ("RSA", key_exchange); EXPECT_STREQ("AES_128_CBC", cipher); EXPECT_STREQ("HMAC-SHA1", mac); EXPECT_FALSE(is_aead); EXPECT_FALSE(is_tls13); SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0xc030); EXPECT_STREQ("ECDHE_RSA", key_exchange); EXPECT_STREQ("AES_256_GCM", cipher); EXPECT_TRUE(is_aead); EXPECT_FALSE(is_tls13); EXPECT_EQ(nullptr, mac); SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0xcca9); EXPECT_STREQ("ECDHE_ECDSA", key_exchange); EXPECT_STREQ("CHACHA20_POLY1305", cipher); EXPECT_TRUE(is_aead); EXPECT_FALSE(is_tls13); EXPECT_EQ(nullptr, mac); SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0xff31); EXPECT_STREQ("???", key_exchange); EXPECT_STREQ("???", cipher); EXPECT_STREQ("???", mac); EXPECT_FALSE(is_aead); EXPECT_FALSE(is_tls13); SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0x1301); EXPECT_STREQ("AES_128_GCM", cipher); EXPECT_TRUE(is_aead); EXPECT_TRUE(is_tls13); EXPECT_EQ(nullptr, mac); EXPECT_EQ(nullptr, key_exchange); SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0x1302); EXPECT_STREQ("AES_256_GCM", cipher); EXPECT_TRUE(is_aead); EXPECT_TRUE(is_tls13); EXPECT_EQ(nullptr, mac); EXPECT_EQ(nullptr, key_exchange); SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, &is_tls13, 0x1303); EXPECT_STREQ("CHACHA20_POLY1305", cipher); EXPECT_TRUE(is_aead); EXPECT_TRUE(is_tls13); EXPECT_EQ(nullptr, mac); EXPECT_EQ(nullptr, key_exchange); } TEST(CipherSuiteNamesTest, ParseSSLCipherString) { uint16_t cipher_suite = 0; EXPECT_TRUE(ParseSSLCipherString("0x0004", &cipher_suite)); EXPECT_EQ(0x00004u, cipher_suite); EXPECT_TRUE(ParseSSLCipherString("0xBEEF", &cipher_suite)); EXPECT_EQ(0xBEEFu, cipher_suite); } TEST(CipherSuiteNamesTest, ParseSSLCipherStringFails) { const char* const cipher_strings[] = { "0004", "0x004", "0xBEEFY", }; for (const auto* cipher_string : cipher_strings) { uint16_t cipher_suite = 0; EXPECT_FALSE(ParseSSLCipherString(cipher_string, &cipher_suite)); } } TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocol) { // Obsolete // Note all of these combinations are impossible; TLS 1.2 is necessary for // kModernCipherSuite. EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL2, kModernCipherSuite), kModernSignature)); EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL3, kModernCipherSuite), kModernSignature)); EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_TLS1, kModernCipherSuite), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_MASK_PROTOCOL, ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_TLS1_1, kModernCipherSuite), kModernSignature)); // Modern EXPECT_EQ( OBSOLETE_SSL_NONE, ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_TLS1_2, kModernCipherSuite), kModernSignature)); EXPECT_EQ(OBSOLETE_SSL_NONE, ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_QUIC, kModernCipherSuite), kModernSignature)); } TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocolAndCipherSuite) { // Cartesian combos // As above, some of these combinations can't happen in practice. EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE | OBSOLETE_SSL_MASK_CIPHER | OBSOLETE_SSL_MASK_SIGNATURE, ObsoleteSSLStatus( MakeConnectionStatus(kObsoleteVersion, kObsoleteCipherObsoleteKeyExchange), kObsoleteSignature)); EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE | OBSOLETE_SSL_MASK_CIPHER, ObsoleteSSLStatus( MakeConnectionStatus(kObsoleteVersion, kObsoleteCipherObsoleteKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE, ObsoleteSSLStatus(MakeConnectionStatus(kObsoleteVersion, kModernCipherObsoleteKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_CIPHER, ObsoleteSSLStatus(MakeConnectionStatus(kObsoleteVersion, kObsoleteCipherModernKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_MASK_PROTOCOL, ObsoleteSSLStatus(MakeConnectionStatus(kObsoleteVersion, kModernCipherModernKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_MASK_KEY_EXCHANGE | OBSOLETE_SSL_MASK_CIPHER, ObsoleteSSLStatus(MakeConnectionStatus( kModernVersion, kObsoleteCipherObsoleteKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_MASK_KEY_EXCHANGE, ObsoleteSSLStatus(MakeConnectionStatus(kModernVersion, kModernCipherObsoleteKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_MASK_CIPHER, ObsoleteSSLStatus(MakeConnectionStatus(kModernVersion, kObsoleteCipherModernKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_NONE, ObsoleteSSLStatus( MakeConnectionStatus(kModernVersion, kModernCipherModernKeyExchange), kModernSignature)); EXPECT_EQ( OBSOLETE_SSL_NONE, ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_TLS1_3, 0x1301 /* AES_128_GCM_SHA256 */), kModernSignature)); // Don't flag the signature as obsolete if not present. It may be an old cache // entry or a key exchange that doesn't involve a signature. (Though, in the // latter case, we would always flag a bad key exchange.) EXPECT_EQ( OBSOLETE_SSL_NONE, ObsoleteSSLStatus( MakeConnectionStatus(kModernVersion, kModernCipherModernKeyExchange), 0)); EXPECT_EQ( OBSOLETE_SSL_MASK_KEY_EXCHANGE, ObsoleteSSLStatus(MakeConnectionStatus(kModernVersion, kModernCipherObsoleteKeyExchange), 0)); // Flag obsolete signatures. EXPECT_EQ( OBSOLETE_SSL_MASK_SIGNATURE, ObsoleteSSLStatus( MakeConnectionStatus(kModernVersion, kModernCipherModernKeyExchange), kObsoleteSignature)); } TEST(CipherSuiteNamesTest, HTTP2CipherSuites) { // Picked some random cipher suites. EXPECT_FALSE( IsTLSCipherSuiteAllowedByHTTP2(0x0 /* TLS_NULL_WITH_NULL_NULL */)); EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2( 0xc014 /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */)); EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2( 0x9c /* TLS_RSA_WITH_AES_128_GCM_SHA256 */)); // Non-existent cipher suite. EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(0xffff)) << "Doesn't exist!"; // HTTP/2-compatible ones. EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2( 0xc02f /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */)); EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2( 0xcca8 /* ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */)); EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2( 0xcca9 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */)); EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(0x1301 /* AES_128_GCM_SHA256 */)); EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(0x1302 /* AES_256_GCM_SHA384 */)); EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(0x1303 /* CHACHA20_POLY1305 */)); } } // anonymous namespace } // namespace net