1// Copyright 2025 The BoringSSL Authors 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// https://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15package runner 16 17func addCBCPaddingTests() { 18 testCases = append(testCases, testCase{ 19 name: "MaxCBCPadding", 20 config: Config{ 21 MaxVersion: VersionTLS12, 22 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, 23 Bugs: ProtocolBugs{ 24 MaxPadding: true, 25 }, 26 }, 27 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size 28 }) 29 testCases = append(testCases, testCase{ 30 name: "BadCBCPadding", 31 config: Config{ 32 MaxVersion: VersionTLS12, 33 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, 34 Bugs: ProtocolBugs{ 35 PaddingFirstByteBad: true, 36 }, 37 }, 38 shouldFail: true, 39 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", 40 }) 41 // OpenSSL previously had an issue where the first byte of padding in 42 // 255 bytes of padding wasn't checked. 43 testCases = append(testCases, testCase{ 44 name: "BadCBCPadding255", 45 config: Config{ 46 MaxVersion: VersionTLS12, 47 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, 48 Bugs: ProtocolBugs{ 49 MaxPadding: true, 50 PaddingFirstByteBadIf255: true, 51 }, 52 }, 53 messageLen: 12, // 20 bytes of SHA-1 + 12 == 0 % block size 54 shouldFail: true, 55 expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", 56 }) 57} 58 59func addCBCSplittingTests() { 60 cbcCiphers := []struct { 61 name string 62 cipher uint16 63 }{ 64 {"3DES", TLS_RSA_WITH_3DES_EDE_CBC_SHA}, 65 {"AES128", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, 66 {"AES256", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, 67 } 68 for _, t := range cbcCiphers { 69 testCases = append(testCases, testCase{ 70 name: "CBCRecordSplitting-" + t.name, 71 config: Config{ 72 MaxVersion: VersionTLS10, 73 MinVersion: VersionTLS10, 74 CipherSuites: []uint16{t.cipher}, 75 Bugs: ProtocolBugs{ 76 ExpectRecordSplitting: true, 77 }, 78 }, 79 messageLen: -1, // read until EOF 80 resumeSession: true, 81 flags: []string{ 82 "-async", 83 "-write-different-record-sizes", 84 "-cbc-record-splitting", 85 // BoringSSL disables 3DES by default. 86 "-cipher", "ALL:3DES", 87 }, 88 }) 89 testCases = append(testCases, testCase{ 90 name: "CBCRecordSplittingPartialWrite-" + t.name, 91 config: Config{ 92 MaxVersion: VersionTLS10, 93 MinVersion: VersionTLS10, 94 CipherSuites: []uint16{t.cipher}, 95 Bugs: ProtocolBugs{ 96 ExpectRecordSplitting: true, 97 }, 98 }, 99 messageLen: -1, // read until EOF 100 flags: []string{ 101 "-async", 102 "-write-different-record-sizes", 103 "-cbc-record-splitting", 104 "-partial-write", 105 // BoringSSL disables 3DES by default. 106 "-cipher", "ALL:3DES", 107 }, 108 }) 109 } 110} 111