diff options
| author | Kenny Root <kroot@google.com> | 2014-10-03 04:03:25 -0700 |
|---|---|---|
| committer | Neil Fuller <nfuller@google.com> | 2014-10-06 20:47:12 +0100 |
| commit | e6a6e935e98f426c7000b2bf4086f87101f4441c (patch) | |
| tree | 939cde0af50bff9ea6e62307061b6f343fd85e30 /luni/src/test | |
| parent | a912bd88ce8001c65d367d06cde1680bd344b9ce (diff) | |
| download | libcore-e6a6e935e98f426c7000b2bf4086f87101f4441c.zip libcore-e6a6e935e98f426c7000b2bf4086f87101f4441c.tar.gz libcore-e6a6e935e98f426c7000b2bf4086f87101f4441c.tar.bz2 | |
Add support for TLS_FALLBACK_SCSV
Bug: 17750026
Change-Id: I8dec89ae59a6f745f63120b11b4f6dbe9b21a139
Diffstat (limited to 'luni/src/test')
| -rw-r--r-- | luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java | 8 | ||||
| -rw-r--r-- | luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java | 92 |
2 files changed, 96 insertions, 4 deletions
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java index 8e29e71..fb7e0c9 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLEngineTest.java @@ -154,11 +154,11 @@ public class SSLEngineTest extends TestCase { continue; } /* - * TLS_EMPTY_RENEGOTIATION_INFO_SCSV cannot be used on - * its own, but instead in conjunction with other - * cipher suites. + * Signaling Cipher Suite Values (SCSV) cannot be used on their own, but instead in + * conjunction with other cipher suites. */ - if (cipherSuite.equals(StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION)) { + if (cipherSuite.equals(StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION) + || cipherSuite.equals(StandardNames.CIPHER_SUITE_FALLBACK)) { continue; } /* diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index d24ef0b..10cf159 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -126,6 +126,14 @@ public class SSLSocketTest extends TestCase { continue; } /* + * Similarly with the TLS_FALLBACK_SCSV suite, it is not + * a selectable suite, but is used in conjunction with + * other cipher suites. + */ + if (cipherSuite.equals(StandardNames.CIPHER_SUITE_FALLBACK)) { + continue; + } + /* * Kerberos cipher suites require external setup. See "Kerberos Requirements" in * https://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html * #KRBRequire @@ -1562,6 +1570,90 @@ public class SSLSocketTest extends TestCase { } } + public void test_SSLSocket_sendsTlsFallbackScsv_Fallback_Success() throws Exception { + TestSSLContext context = TestSSLContext.create(); + + final SSLSocket client = (SSLSocket) + context.clientContext.getSocketFactory().createSocket(context.host, context.port); + final SSLSocket server = (SSLSocket) context.serverSocket.accept(); + + final String[] serverCipherSuites = server.getEnabledCipherSuites(); + final String[] clientCipherSuites = new String[serverCipherSuites.length + 1]; + System.arraycopy(serverCipherSuites, 0, clientCipherSuites, 0, serverCipherSuites.length); + clientCipherSuites[serverCipherSuites.length] = StandardNames.CIPHER_SUITE_FALLBACK; + + ExecutorService executor = Executors.newFixedThreadPool(2); + Future<Void> s = executor.submit(new Callable<Void>() { + public Void call() throws Exception { + server.setEnabledProtocols(new String[] { "TLSv1.2" }); + server.setEnabledCipherSuites(serverCipherSuites); + server.startHandshake(); + return null; + } + }); + Future<Void> c = executor.submit(new Callable<Void>() { + public Void call() throws Exception { + client.setEnabledProtocols(new String[] { "TLSv1.2" }); + client.setEnabledCipherSuites(clientCipherSuites); + client.startHandshake(); + return null; + } + }); + executor.shutdown(); + + s.get(); + c.get(); + client.close(); + server.close(); + context.close(); + } + + public void test_SSLSocket_sendsTlsFallbackScsv_InappropriateFallback_Failure() throws Exception { + TestSSLContext context = TestSSLContext.create(); + + final SSLSocket client = (SSLSocket) + context.clientContext.getSocketFactory().createSocket(context.host, context.port); + final SSLSocket server = (SSLSocket) context.serverSocket.accept(); + + final String[] serverCipherSuites = server.getEnabledCipherSuites(); + final String[] clientCipherSuites = new String[serverCipherSuites.length + 1]; + System.arraycopy(serverCipherSuites, 0, clientCipherSuites, 0, serverCipherSuites.length); + clientCipherSuites[serverCipherSuites.length] = StandardNames.CIPHER_SUITE_FALLBACK; + + ExecutorService executor = Executors.newFixedThreadPool(2); + Future<Void> s = executor.submit(new Callable<Void>() { + public Void call() throws Exception { + server.setEnabledProtocols(new String[] { "TLSv1", "SSLv3" }); + server.setEnabledCipherSuites(serverCipherSuites); + try { + server.startHandshake(); + fail("Should result in inappropriate fallback"); + } catch (SSLHandshakeException expected) { + } + return null; + } + }); + Future<Void> c = executor.submit(new Callable<Void>() { + public Void call() throws Exception { + client.setEnabledProtocols(new String[] { "SSLv3" }); + client.setEnabledCipherSuites(clientCipherSuites); + try { + client.startHandshake(); + fail("Should receive TLS alert inappropriate fallback"); + } catch (SSLHandshakeException expected) { + } + return null; + } + }); + executor.shutdown(); + + s.get(); + c.get(); + client.close(); + server.close(); + context.close(); + } + /** * Not run by default by JUnit, but can be run by Vogar by * specifying it explicitly (or with main method below) |