rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

Coverage improvements in suites/server

This commit is contained in:
Joseph Birr-Pixton 2020-05-08 18:51:05 +01:00
parent 69e3b6a12d
commit 1c83b3ac03
4 changed files with 112 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
rustls/src/server/handy.rs
View File

@ -181,6 +181,8 @@ impl server::ResolvesServerCert for ResolvesServerCertUsingSNI {
mod test {
use super::*;
use crate::StoresServerSessions;
use crate::server::ProducesTickets;
use crate::server::ResolvesServerCert;
#[test]
fn test_noserversessionstorage_drops_put() {
@ -197,6 +199,14 @@ mod test {
assert_eq!(c.get(&[0x02]), None);
}
#[test]
fn test_noserversessionstorage_denies_takes() {
let c = NoServerSessionStorage {};
assert_eq!(c.take(&[]), None);
assert_eq!(c.take(&[0x01]), None);
assert_eq!(c.take(&[0x02]), None);
}
#[test]
fn test_serversessionmemorycache_accepts_put() {
let c = ServerSessionMemoryCache::new(4);
@ -237,4 +247,32 @@ mod test {
assert_eq!(count, 4);
}
#[test]
fn test_neverproducestickets_does_nothing() {
let npt = NeverProducesTickets {};
assert_eq!(false, npt.enabled());
assert_eq!(0, npt.get_lifetime());
assert_eq!(None, npt.encrypt(&[]));
assert_eq!(None, npt.decrypt(&[]));
}
#[test]
fn test_failresolvechain_does_nothing() {
let frc = FailResolveChain {};
assert!(frc.resolve(ClientHello::new(None, &[], None)).is_none());
}
#[test]
fn test_resolvesservercertusingsni_requires_sni() {
let rscsni = ResolvesServerCertUsingSNI::new();
assert!(rscsni.resolve(ClientHello::new(None, &[], None)).is_none());
}
#[test]
fn test_resolvesservercertusingsni_handles_unknown_name() {
let rscsni = ResolvesServerCertUsingSNI::new();
let name = webpki::DNSNameRef::try_from_ascii_str("hello.com").unwrap();
assert!(rscsni.resolve(ClientHello::new(Some(name), &[], None)).is_none());
}
}

5
rustls/src/server/mod.rs
View File

@ -112,8 +112,9 @@ pub struct ClientHello<'a> {
impl<'a> ClientHello<'a> {
/// Creates a new ClientHello
fn new(server_name: Option<webpki::DNSNameRef<'a>>, sigschemes: &'a [SignatureScheme],
alpn: Option<&'a[&'a[u8]]>)->Self {
fn new(server_name: Option<webpki::DNSNameRef<'a>>,
sigschemes: &'a [SignatureScheme],
alpn: Option<&'a[&'a[u8]]>) -> Self {
ClientHello {server_name, sigschemes, alpn}
}

21
rustls/src/stream.rs
View File

@ -145,31 +145,16 @@ mod tests {
#[test]
fn stream_can_be_created_for_session_and_tcpstream() {
fn _foo<'a>(sess: &'a mut dyn Session, sock: &'a mut TcpStream) -> Stream<'a, dyn Session, TcpStream> {
Stream {
sess,
sock,
}
}
type _Test<'a> = Stream<'a, dyn Session, TcpStream>;
}
#[test]
fn streamowned_can_be_created_for_client_and_tcpstream() {
fn _foo(sess: ClientSession, sock: TcpStream) -> StreamOwned<ClientSession, TcpStream> {
StreamOwned {
sess,
sock,
}
}
type _Test = StreamOwned<ClientSession, TcpStream>;
}
#[test]
fn streamowned_can_be_created_for_server_and_tcpstream() {
fn _foo(sess: ServerSession, sock: TcpStream) -> StreamOwned<ServerSession, TcpStream> {
StreamOwned {
sess,
sock,
}
}
type _Test = StreamOwned<ServerSession, TcpStream>;
}
}

88
rustls/src/suites.rs
View File

@ -375,19 +375,20 @@ pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite
};
/// A list of all the cipher suites supported by rustls.
pub static ALL_CIPHERSUITES: [&SupportedCipherSuite; 9] =
[// TLS1.3 suites
&TLS13_CHACHA20_POLY1305_SHA256,
&TLS13_AES_256_GCM_SHA384,
&TLS13_AES_128_GCM_SHA256,
pub static ALL_CIPHERSUITES: [&SupportedCipherSuite; 9] = [
// TLS1.3 suites
&TLS13_CHACHA20_POLY1305_SHA256,
&TLS13_AES_256_GCM_SHA384,
&TLS13_AES_128_GCM_SHA256,
// TLS1.2 suites
&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
&TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
&TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
&TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
// TLS1.2 suites
&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
&TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
&TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
&TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
];
// These both O(N^2)!
pub fn choose_ciphersuite_preferring_client(client_suites: &[CipherSuite],
@ -445,29 +446,76 @@ pub fn compatible_sigscheme_for_suites(sigscheme: SignatureScheme,
#[cfg(test)]
mod test {
use super::*;
use crate::msgs::enums::CipherSuite;
#[test]
fn test_client_pref() {
let client = vec![CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384];
let server = vec![&super::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
&super::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
let chosen = super::choose_ciphersuite_preferring_client(&client, &server);
let server = vec![&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
let chosen = choose_ciphersuite_preferring_client(&client, &server);
assert!(chosen.is_some());
assert_eq!(chosen.unwrap(),
&super::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
}
#[test]
fn test_server_pref() {
let client = vec![CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384];
let server = vec![&super::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
&super::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
let chosen = super::choose_ciphersuite_preferring_server(&client, &server);
let server = vec![&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
let chosen = choose_ciphersuite_preferring_server(&client, &server);
assert!(chosen.is_some());
assert_eq!(chosen.unwrap(),
&super::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
}
#[test]
fn test_pref_fails() {
assert!(choose_ciphersuite_preferring_client(&[CipherSuite::TLS_NULL_WITH_NULL_NULL], &ALL_CIPHERSUITES).is_none());
assert!(choose_ciphersuite_preferring_server(&[CipherSuite::TLS_NULL_WITH_NULL_NULL], &ALL_CIPHERSUITES).is_none());
}
#[test]
fn test_scs_is_debug() {
println!("{:?}", ALL_CIPHERSUITES);
}
#[test]
fn test_usable_for_version() {
fn ok_tls13(scs: &SupportedCipherSuite) {
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_0));
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_2));
assert!(scs.usable_for_version(ProtocolVersion::TLSv1_3));
}
fn ok_tls12(scs: &SupportedCipherSuite) {
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_0));
assert!(scs.usable_for_version(ProtocolVersion::TLSv1_2));
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_3));
}
ok_tls13(&TLS13_CHACHA20_POLY1305_SHA256);
ok_tls13(&TLS13_AES_256_GCM_SHA384);
ok_tls13(&TLS13_AES_128_GCM_SHA256);
ok_tls12(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
ok_tls12(&TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
ok_tls12(&TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
ok_tls12(&TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
ok_tls12(&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
}
#[test]
fn test_can_resume_to() {
assert!(TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS13_AES_128_GCM_SHA256));
assert!(!TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS13_AES_256_GCM_SHA384));
assert!(!TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256));
assert!(!TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.can_resume_to(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256));
assert!(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256));
}
}