mirror of https://github.com/ctz/rustls
Coverage improvements in suites/server
This commit is contained in:
parent
69e3b6a12d
commit
1c83b3ac03
|
@ -181,6 +181,8 @@ impl server::ResolvesServerCert for ResolvesServerCertUsingSNI {
|
|||
mod test {
|
||||
use super::*;
|
||||
use crate::StoresServerSessions;
|
||||
use crate::server::ProducesTickets;
|
||||
use crate::server::ResolvesServerCert;
|
||||
|
||||
#[test]
|
||||
fn test_noserversessionstorage_drops_put() {
|
||||
|
@ -197,6 +199,14 @@ mod test {
|
|||
assert_eq!(c.get(&[0x02]), None);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_noserversessionstorage_denies_takes() {
|
||||
let c = NoServerSessionStorage {};
|
||||
assert_eq!(c.take(&[]), None);
|
||||
assert_eq!(c.take(&[0x01]), None);
|
||||
assert_eq!(c.take(&[0x02]), None);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_serversessionmemorycache_accepts_put() {
|
||||
let c = ServerSessionMemoryCache::new(4);
|
||||
|
@ -237,4 +247,32 @@ mod test {
|
|||
|
||||
assert_eq!(count, 4);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_neverproducestickets_does_nothing() {
|
||||
let npt = NeverProducesTickets {};
|
||||
assert_eq!(false, npt.enabled());
|
||||
assert_eq!(0, npt.get_lifetime());
|
||||
assert_eq!(None, npt.encrypt(&[]));
|
||||
assert_eq!(None, npt.decrypt(&[]));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_failresolvechain_does_nothing() {
|
||||
let frc = FailResolveChain {};
|
||||
assert!(frc.resolve(ClientHello::new(None, &[], None)).is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_resolvesservercertusingsni_requires_sni() {
|
||||
let rscsni = ResolvesServerCertUsingSNI::new();
|
||||
assert!(rscsni.resolve(ClientHello::new(None, &[], None)).is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_resolvesservercertusingsni_handles_unknown_name() {
|
||||
let rscsni = ResolvesServerCertUsingSNI::new();
|
||||
let name = webpki::DNSNameRef::try_from_ascii_str("hello.com").unwrap();
|
||||
assert!(rscsni.resolve(ClientHello::new(Some(name), &[], None)).is_none());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -112,8 +112,9 @@ pub struct ClientHello<'a> {
|
|||
|
||||
impl<'a> ClientHello<'a> {
|
||||
/// Creates a new ClientHello
|
||||
fn new(server_name: Option<webpki::DNSNameRef<'a>>, sigschemes: &'a [SignatureScheme],
|
||||
alpn: Option<&'a[&'a[u8]]>)->Self {
|
||||
fn new(server_name: Option<webpki::DNSNameRef<'a>>,
|
||||
sigschemes: &'a [SignatureScheme],
|
||||
alpn: Option<&'a[&'a[u8]]>) -> Self {
|
||||
ClientHello {server_name, sigschemes, alpn}
|
||||
}
|
||||
|
||||
|
|
|
@ -145,31 +145,16 @@ mod tests {
|
|||
|
||||
#[test]
|
||||
fn stream_can_be_created_for_session_and_tcpstream() {
|
||||
fn _foo<'a>(sess: &'a mut dyn Session, sock: &'a mut TcpStream) -> Stream<'a, dyn Session, TcpStream> {
|
||||
Stream {
|
||||
sess,
|
||||
sock,
|
||||
}
|
||||
}
|
||||
type _Test<'a> = Stream<'a, dyn Session, TcpStream>;
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn streamowned_can_be_created_for_client_and_tcpstream() {
|
||||
fn _foo(sess: ClientSession, sock: TcpStream) -> StreamOwned<ClientSession, TcpStream> {
|
||||
StreamOwned {
|
||||
sess,
|
||||
sock,
|
||||
}
|
||||
}
|
||||
type _Test = StreamOwned<ClientSession, TcpStream>;
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn streamowned_can_be_created_for_server_and_tcpstream() {
|
||||
fn _foo(sess: ServerSession, sock: TcpStream) -> StreamOwned<ServerSession, TcpStream> {
|
||||
StreamOwned {
|
||||
sess,
|
||||
sock,
|
||||
}
|
||||
}
|
||||
type _Test = StreamOwned<ServerSession, TcpStream>;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -375,19 +375,20 @@ pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite
|
|||
};
|
||||
|
||||
/// A list of all the cipher suites supported by rustls.
|
||||
pub static ALL_CIPHERSUITES: [&SupportedCipherSuite; 9] =
|
||||
[// TLS1.3 suites
|
||||
&TLS13_CHACHA20_POLY1305_SHA256,
|
||||
&TLS13_AES_256_GCM_SHA384,
|
||||
&TLS13_AES_128_GCM_SHA256,
|
||||
pub static ALL_CIPHERSUITES: [&SupportedCipherSuite; 9] = [
|
||||
// TLS1.3 suites
|
||||
&TLS13_CHACHA20_POLY1305_SHA256,
|
||||
&TLS13_AES_256_GCM_SHA384,
|
||||
&TLS13_AES_128_GCM_SHA256,
|
||||
|
||||
// TLS1.2 suites
|
||||
&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
&TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
&TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
&TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
|
||||
// TLS1.2 suites
|
||||
&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
&TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
&TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
&TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
];
|
||||
|
||||
// These both O(N^2)!
|
||||
pub fn choose_ciphersuite_preferring_client(client_suites: &[CipherSuite],
|
||||
|
@ -445,29 +446,76 @@ pub fn compatible_sigscheme_for_suites(sigscheme: SignatureScheme,
|
|||
|
||||
#[cfg(test)]
|
||||
mod test {
|
||||
use super::*;
|
||||
use crate::msgs::enums::CipherSuite;
|
||||
|
||||
#[test]
|
||||
fn test_client_pref() {
|
||||
let client = vec![CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384];
|
||||
let server = vec![&super::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
&super::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
|
||||
let chosen = super::choose_ciphersuite_preferring_client(&client, &server);
|
||||
let server = vec![&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
|
||||
let chosen = choose_ciphersuite_preferring_client(&client, &server);
|
||||
assert!(chosen.is_some());
|
||||
assert_eq!(chosen.unwrap(),
|
||||
&super::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
|
||||
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_server_pref() {
|
||||
let client = vec![CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384];
|
||||
let server = vec![&super::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
&super::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
|
||||
let chosen = super::choose_ciphersuite_preferring_server(&client, &server);
|
||||
let server = vec![&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
&TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256];
|
||||
let chosen = choose_ciphersuite_preferring_server(&client, &server);
|
||||
assert!(chosen.is_some());
|
||||
assert_eq!(chosen.unwrap(),
|
||||
&super::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
|
||||
&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_pref_fails() {
|
||||
assert!(choose_ciphersuite_preferring_client(&[CipherSuite::TLS_NULL_WITH_NULL_NULL], &ALL_CIPHERSUITES).is_none());
|
||||
assert!(choose_ciphersuite_preferring_server(&[CipherSuite::TLS_NULL_WITH_NULL_NULL], &ALL_CIPHERSUITES).is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_scs_is_debug() {
|
||||
println!("{:?}", ALL_CIPHERSUITES);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_usable_for_version() {
|
||||
fn ok_tls13(scs: &SupportedCipherSuite) {
|
||||
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_0));
|
||||
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_2));
|
||||
assert!(scs.usable_for_version(ProtocolVersion::TLSv1_3));
|
||||
}
|
||||
|
||||
fn ok_tls12(scs: &SupportedCipherSuite) {
|
||||
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_0));
|
||||
assert!(scs.usable_for_version(ProtocolVersion::TLSv1_2));
|
||||
assert!(!scs.usable_for_version(ProtocolVersion::TLSv1_3));
|
||||
}
|
||||
|
||||
ok_tls13(&TLS13_CHACHA20_POLY1305_SHA256);
|
||||
ok_tls13(&TLS13_AES_256_GCM_SHA384);
|
||||
ok_tls13(&TLS13_AES_128_GCM_SHA256);
|
||||
|
||||
ok_tls12(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
|
||||
ok_tls12(&TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
|
||||
ok_tls12(&TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
|
||||
ok_tls12(&TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
|
||||
ok_tls12(&TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_can_resume_to() {
|
||||
assert!(TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS13_AES_128_GCM_SHA256));
|
||||
assert!(!TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS13_AES_256_GCM_SHA384));
|
||||
assert!(!TLS13_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256));
|
||||
assert!(!TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.can_resume_to(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256));
|
||||
assert!(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.can_resume_to(&TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue