Bug 956866 - Added gtests for SSL alert callbacks.

The TlsAgent class has been modified to record SSL alerts received and sent by the agent using the new SSL alert callback mechanism. One of the test cases in ssl_gtest has been modified to demonstrate how to test SSL alerts. https://bugzilla.mozilla.org/show_bug.cgi?id=956866
edewata · Mar 10, 2017 · 5daf937 · 5daf937
1 parent ab09f92
commit 5daf937
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 0 deletions.
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -172,18 +172,49 @@ class TlsExtensionTestBase : public TlsConnectTestBase {
     server_->SetPacketFilter(alert_recorder);
     client_->SetPacketFilter(filter);
     ConnectExpectFail();
+
     EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
     EXPECT_EQ(alert, alert_recorder->description());
+
+    EXPECT_EQ(0U, server_->AlertReceivedCount());
+
+    EXPECT_EQ(1U, server_->AlertSentCount());
+    EXPECT_EQ(kTlsAlertFatal, server_->LastAlertLevelSent());
+    EXPECT_EQ(alert, server_->LastAlertDescriptionSent());
+
+    EXPECT_EQ(1U, client_->AlertReceivedCount());
+    EXPECT_EQ(kTlsAlertFatal, client_->LastAlertLevelReceived());
+    EXPECT_EQ(alert, client_->LastAlertDescriptionReceived());
+
+    EXPECT_EQ(0U, client_->AlertSentCount());
   }
 
   void ServerHelloErrorTest(std::shared_ptr<PacketFilter> filter,
                             uint8_t alert = kTlsAlertDecodeError) {
+    SSLAlert alertSent;
+    SSLAlert alertReceived;
+
     auto alert_recorder = std::make_shared<TlsAlertRecorder>();
     client_->SetPacketFilter(alert_recorder);
     server_->SetPacketFilter(filter);
     ConnectExpectFail();
+
     EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
     EXPECT_EQ(alert, alert_recorder->description());
+
+    EXPECT_EQ(0U, client_->AlertReceivedCount());
+
+    EXPECT_EQ(1U, client_->AlertSentCount());
+    EXPECT_TRUE(client_->GetLastAlertSent(&alertSent));
+    EXPECT_EQ(kTlsAlertFatal, alertSent.level);
+    EXPECT_EQ(alert, alertSent.description);
+
+    EXPECT_EQ(1U, server_->AlertReceivedCount());
+    EXPECT_TRUE(server_->GetLastAlertReceived(&alertReceived));
+    EXPECT_EQ(kTlsAlertFatal, alertReceived.level);
+    EXPECT_EQ(alert, alertReceived.description);
+
+    EXPECT_EQ(0U, server_->AlertSentCount());
   }
 
   static void InitSimpleSni(DataBuffer* extension) {

diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc
@@ -60,6 +60,14 @@ TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode)
       can_falsestart_hook_called_(false),
       sni_hook_called_(false),
       auth_certificate_hook_called_(false),
+      alert_received_count_(0),
+      last_alert_received_(NULL),
+      last_alert_level_received_(0),
+      last_alert_description_received_(0),
+      alert_sent_count_(0),
+      last_alert_sent_(NULL),
+      last_alert_level_sent_(0),
+      last_alert_description_sent_(0),
       handshake_callback_called_(false),
       error_code_(0),
       send_ctr_(0),
@@ -175,6 +183,14 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
   EXPECT_EQ(SECSuccess, rv);
   if (rv != SECSuccess) return false;
 
+  rv = SSL_AlertReceivedCallback(ssl_fd(), AlertReceivedCallback, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  rv = SSL_AlertSentCallback(ssl_fd(), AlertSentCallback, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
   rv = SSL_HandshakeCallback(ssl_fd(), HandshakeCallback, this);
   EXPECT_EQ(SECSuccess, rv);
   if (rv != SECSuccess) return false;

diff --git a/gtests/ssl_gtest/tls_agent.h b/gtests/ssl_gtest/tls_agent.h
@@ -244,6 +244,40 @@ class TlsAgent : public PollTarget {
     sni_callback_ = sni_callback;
   }
 
+  size_t AlertReceivedCount() const { return alert_received_count_; }
+
+  bool GetLastAlertReceived(SSLAlert *alert) const {
+
+      if (alert == NULL || last_alert_received_ == NULL || alert_received_count_ == 0) {
+          return false;
+      }
+
+      alert->level = last_alert_received_->level;
+      alert->description = last_alert_received_->description;
+
+      return true;
+  }
+
+  SSLAlertLevel LastAlertLevelReceived() const { return last_alert_level_received_; }
+  SSLAlertDescription LastAlertDescriptionReceived() const { return last_alert_description_received_; }
+
+  size_t AlertSentCount() const { return alert_sent_count_; }
+
+  bool GetLastAlertSent(SSLAlert *alert) const {
+
+      if (alert == NULL || last_alert_sent_ == NULL || alert_sent_count_ == 0) {
+          return false;
+      }
+
+      alert->level = last_alert_sent_->level;
+      alert->description = last_alert_sent_->description;
+
+      return true;
+  }
+
+  SSLAlertLevel LastAlertLevelSent() const { return last_alert_level_sent_; }
+  SSLAlertDescription LastAlertDescriptionSent() const { return last_alert_description_sent_; }
+
  private:
   const static char* states[];
 
@@ -325,6 +359,28 @@ class TlsAgent : public PollTarget {
     return SECSuccess;
   }
 
+  static void AlertReceivedCallback(const PRFileDesc* fd, void* arg, const SSLAlert *alert) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+
+    fprintf(stderr, "%s: Alert received: level=%d desc=%d\n",
+            agent->role_str().c_str(), alert->level, alert->description);
+    agent->alert_received_count_++;
+    agent->last_alert_received_ = const_cast<SSLAlert*>(alert);
+    agent->last_alert_level_received_ = alert->level;
+    agent->last_alert_description_received_ = alert->description;
+  }
+
+  static void AlertSentCallback(const PRFileDesc* fd, void* arg, const SSLAlert *alert) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+
+    fprintf(stderr, "%s: Alert sent: level=%d desc=%d\n",
+            agent->role_str().c_str(), alert->level, alert->description);
+    agent->alert_sent_count_++;
+    agent->last_alert_sent_ = const_cast<SSLAlert*>(alert);
+    agent->last_alert_level_sent_ = alert->level;
+    agent->last_alert_description_sent_ = alert->description;
+  }
+
   static void HandshakeCallback(PRFileDesc* fd, void* arg) {
     TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
     agent->handshake_callback_called_ = true;
@@ -356,6 +412,14 @@ class TlsAgent : public PollTarget {
   bool can_falsestart_hook_called_;
   bool sni_hook_called_;
   bool auth_certificate_hook_called_;
+  size_t alert_received_count_;
+  SSLAlert *last_alert_received_;
+  SSLAlertLevel last_alert_level_received_;
+  SSLAlertDescription last_alert_description_received_;
+  size_t alert_sent_count_;
+  SSLAlert *last_alert_sent_;
+  SSLAlertLevel last_alert_level_sent_;
+  SSLAlertDescription last_alert_description_sent_;
   bool handshake_callback_called_;
   SSLChannelInfo info_;
   SSLCipherSuiteInfo csinfo_;