2010-11-03 23:04:03 +00:00
|
|
|
{-# LANGUAGE CPP #-}
|
2010-09-09 21:47:19 +00:00
|
|
|
|
2011-03-19 09:19:35 +00:00
|
|
|
import Test.QuickCheck
|
2011-11-14 22:12:09 +00:00
|
|
|
import Test.QuickCheck.Monadic
|
2011-11-12 16:09:39 +00:00
|
|
|
import Test.Framework (defaultMain, testGroup)
|
2011-10-23 16:54:07 +00:00
|
|
|
import Test.Framework.Providers.QuickCheck2 (testProperty)
|
2011-03-19 09:19:35 +00:00
|
|
|
|
2012-12-05 07:57:13 +00:00
|
|
|
import Certificate
|
|
|
|
import PipeChan
|
|
|
|
import Connection
|
2011-03-19 09:19:35 +00:00
|
|
|
|
2011-12-20 07:49:28 +00:00
|
|
|
import Data.Maybe
|
2011-03-19 09:19:35 +00:00
|
|
|
import Data.Word
|
|
|
|
|
|
|
|
import qualified Data.ByteString as B
|
2012-02-16 08:06:12 +00:00
|
|
|
import qualified Data.ByteString.Char8 as C8
|
2011-11-14 22:12:09 +00:00
|
|
|
import qualified Data.ByteString.Lazy as L
|
2012-02-16 08:06:12 +00:00
|
|
|
import Network.TLS
|
2012-12-05 07:57:13 +00:00
|
|
|
import Network.TLS.Internal
|
2011-10-23 17:00:45 +00:00
|
|
|
import Control.Applicative
|
2011-11-14 22:12:09 +00:00
|
|
|
import Control.Concurrent
|
2012-09-23 21:54:43 +00:00
|
|
|
import Control.Exception (throw, SomeException)
|
|
|
|
import qualified Control.Exception as E
|
2011-11-14 22:12:09 +00:00
|
|
|
import Control.Monad
|
|
|
|
|
2011-12-20 07:49:28 +00:00
|
|
|
import Data.IORef
|
2013-05-19 07:05:46 +00:00
|
|
|
import Data.X509
|
2011-12-20 07:49:28 +00:00
|
|
|
|
2011-03-19 09:19:35 +00:00
|
|
|
genByteString :: Int -> Gen B.ByteString
|
|
|
|
genByteString i = B.pack <$> vector i
|
|
|
|
|
|
|
|
instance Arbitrary Version where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = elements [ SSL2, SSL3, TLS10, TLS11, TLS12 ]
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
instance Arbitrary ProtocolType where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = elements
|
|
|
|
[ ProtocolType_ChangeCipherSpec
|
|
|
|
, ProtocolType_Alert
|
|
|
|
, ProtocolType_Handshake
|
|
|
|
, ProtocolType_AppData ]
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
#if MIN_VERSION_QuickCheck(2,3,0)
|
|
|
|
#else
|
|
|
|
instance Arbitrary Word8 where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = fromIntegral <$> (choose (0,255) :: Gen Int)
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
instance Arbitrary Word16 where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = fromIntegral <$> (choose (0,65535) :: Gen Int)
|
2011-03-19 09:19:35 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
instance Arbitrary Header where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = Header <$> arbitrary <*> arbitrary <*> arbitrary
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
instance Arbitrary ClientRandom where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = ClientRandom <$> (genByteString 32)
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
instance Arbitrary ServerRandom where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = ServerRandom <$> (genByteString 32)
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
instance Arbitrary Session where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = do
|
|
|
|
i <- choose (1,2) :: Gen Int
|
|
|
|
case i of
|
|
|
|
2 -> liftM (Session . Just) (genByteString 32)
|
|
|
|
_ -> return $ Session Nothing
|
2011-03-19 09:19:35 +00:00
|
|
|
|
2012-07-28 12:40:37 +00:00
|
|
|
instance Arbitrary CertVerifyData where
|
|
|
|
arbitrary = do
|
|
|
|
liftM CertVerifyData (genByteString 128)
|
|
|
|
|
2011-03-19 09:19:35 +00:00
|
|
|
arbitraryCiphersIDs :: Gen [Word16]
|
|
|
|
arbitraryCiphersIDs = choose (0,200) >>= vector
|
|
|
|
|
|
|
|
arbitraryCompressionIDs :: Gen [Word8]
|
|
|
|
arbitraryCompressionIDs = choose (0,200) >>= vector
|
|
|
|
|
2011-12-11 20:43:53 +00:00
|
|
|
someWords8 :: Int -> Gen [Word8]
|
|
|
|
someWords8 i = replicateM i (fromIntegral <$> (choose (0,255) :: Gen Int))
|
|
|
|
|
2011-03-19 09:19:35 +00:00
|
|
|
instance Arbitrary CertificateType where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = elements
|
|
|
|
[ CertificateType_RSA_Sign, CertificateType_DSS_Sign
|
|
|
|
, CertificateType_RSA_Fixed_DH, CertificateType_DSS_Fixed_DH
|
|
|
|
, CertificateType_RSA_Ephemeral_DH, CertificateType_DSS_Ephemeral_DH
|
|
|
|
, CertificateType_fortezza_dms ]
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
instance Arbitrary Handshake where
|
2012-03-28 07:06:13 +00:00
|
|
|
arbitrary = oneof
|
|
|
|
[ ClientHello
|
|
|
|
<$> arbitrary
|
|
|
|
<*> arbitrary
|
|
|
|
<*> arbitrary
|
|
|
|
<*> arbitraryCiphersIDs
|
|
|
|
<*> arbitraryCompressionIDs
|
|
|
|
<*> (return [])
|
2012-11-09 16:02:50 +00:00
|
|
|
<*> (return Nothing)
|
2012-03-28 07:06:13 +00:00
|
|
|
, ServerHello
|
|
|
|
<$> arbitrary
|
|
|
|
<*> arbitrary
|
|
|
|
<*> arbitrary
|
|
|
|
<*> arbitrary
|
|
|
|
<*> arbitrary
|
|
|
|
<*> (return [])
|
2013-05-19 07:05:46 +00:00
|
|
|
, liftM Certificates (CertificateChain <$> (resize 2 $ listOf $ arbitraryX509))
|
2012-03-28 07:06:13 +00:00
|
|
|
, pure HelloRequest
|
|
|
|
, pure ServerHelloDone
|
|
|
|
, ClientKeyXchg <$> genByteString 48
|
|
|
|
--, liftM ServerKeyXchg
|
2012-07-28 12:40:37 +00:00
|
|
|
, liftM3 CertRequest arbitrary (return Nothing) (return [])
|
|
|
|
, liftM2 CertVerify (return Nothing) arbitrary
|
2012-03-28 07:06:13 +00:00
|
|
|
, Finished <$> (genByteString 12)
|
|
|
|
]
|
2011-03-19 09:19:35 +00:00
|
|
|
|
|
|
|
{- quickcheck property -}
|
|
|
|
|
2011-12-01 08:52:01 +00:00
|
|
|
prop_header_marshalling_id :: Header -> Bool
|
2011-03-19 09:19:35 +00:00
|
|
|
prop_header_marshalling_id x = (decodeHeader $ encodeHeader x) == Right x
|
2011-12-01 08:52:01 +00:00
|
|
|
|
|
|
|
prop_handshake_marshalling_id :: Handshake -> Bool
|
2011-03-19 09:19:35 +00:00
|
|
|
prop_handshake_marshalling_id x = (decodeHs $ encodeHandshake x) == Right x
|
2012-03-28 07:06:13 +00:00
|
|
|
where
|
|
|
|
decodeHs b = either (Left . id) (uncurry (decodeHandshake cp) . head) $ decodeHandshakes b
|
|
|
|
cp = CurrentParams { cParamsVersion = TLS10, cParamsKeyXchgType = CipherKeyExchange_RSA, cParamsSupportNPN = True }
|
2011-03-19 09:19:35 +00:00
|
|
|
|
2011-12-01 08:52:01 +00:00
|
|
|
prop_pipe_work :: PropertyM IO ()
|
2011-11-14 22:12:09 +00:00
|
|
|
prop_pipe_work = do
|
2012-03-28 07:06:13 +00:00
|
|
|
pipe <- run newPipe
|
|
|
|
_ <- run (runPipe pipe)
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2012-03-28 07:06:13 +00:00
|
|
|
let bSize = 16
|
|
|
|
n <- pick (choose (1, 32))
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2012-03-28 07:06:13 +00:00
|
|
|
let d1 = B.replicate (bSize * n) 40
|
|
|
|
let d2 = B.replicate (bSize * n) 45
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2012-03-28 07:06:13 +00:00
|
|
|
d1' <- run (writePipeA pipe d1 >> readPipeB pipe (B.length d1))
|
|
|
|
d1 `assertEq` d1'
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2012-03-28 07:06:13 +00:00
|
|
|
d2' <- run (writePipeB pipe d2 >> readPipeA pipe (B.length d2))
|
|
|
|
d2 `assertEq` d2'
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2012-03-28 07:06:13 +00:00
|
|
|
return ()
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2011-12-11 20:43:53 +00:00
|
|
|
establish_data_pipe params tlsServer tlsClient = do
|
2012-03-28 07:06:13 +00:00
|
|
|
-- initial setup
|
|
|
|
pipe <- newPipe
|
|
|
|
_ <- (runPipe pipe)
|
|
|
|
startQueue <- newChan
|
|
|
|
resultQueue <- newChan
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2012-03-28 07:06:13 +00:00
|
|
|
(cCtx, sCtx) <- newPairContext pipe params
|
2011-12-11 20:43:53 +00:00
|
|
|
|
2012-09-23 21:54:43 +00:00
|
|
|
_ <- forkIO $ E.catch (tlsServer sCtx resultQueue) (printAndRaise "server")
|
|
|
|
_ <- forkIO $ E.catch (tlsClient startQueue cCtx) (printAndRaise "client")
|
2011-12-11 20:43:53 +00:00
|
|
|
|
2012-03-28 07:06:13 +00:00
|
|
|
return (startQueue, resultQueue)
|
|
|
|
where
|
|
|
|
printAndRaise :: String -> SomeException -> IO ()
|
|
|
|
printAndRaise s e = putStrLn (s ++ " exception: " ++ show e) >> throw e
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2012-10-16 07:02:18 +00:00
|
|
|
recvDataNonNull ctx = recvData ctx >>= \l -> if B.null l then recvDataNonNull ctx else return l
|
2012-09-01 13:19:25 +00:00
|
|
|
|
2013-07-13 07:03:59 +00:00
|
|
|
runTLSPipe params tlsServer tlsClient = do
|
|
|
|
(startQueue, resultQueue) <- run (establish_data_pipe params tlsServer tlsClient)
|
|
|
|
-- send some data
|
|
|
|
d <- B.pack <$> pick (someWords8 256)
|
|
|
|
run $ writeChan startQueue d
|
|
|
|
-- receive it
|
|
|
|
dres <- run $ readChan resultQueue
|
|
|
|
-- check if it equal
|
|
|
|
d `assertEq` dres
|
|
|
|
return ()
|
|
|
|
|
2011-12-11 20:43:53 +00:00
|
|
|
prop_handshake_initiate :: PropertyM IO ()
|
|
|
|
prop_handshake_initiate = do
|
2013-07-13 07:03:59 +00:00
|
|
|
params <- pick arbitraryPairParams
|
|
|
|
runTLSPipe params tlsServer tlsClient
|
|
|
|
where tlsServer ctx queue = do
|
|
|
|
handshake ctx
|
|
|
|
d <- recvDataNonNull ctx
|
|
|
|
writeChan queue d
|
|
|
|
return ()
|
|
|
|
tlsClient queue ctx = do
|
|
|
|
handshake ctx
|
|
|
|
d <- readChan queue
|
|
|
|
sendData ctx (L.fromChunks [d])
|
|
|
|
bye ctx
|
|
|
|
return ()
|
2011-12-11 20:43:53 +00:00
|
|
|
|
2012-02-16 08:06:12 +00:00
|
|
|
prop_handshake_npn_initiate :: PropertyM IO ()
|
|
|
|
prop_handshake_npn_initiate = do
|
2013-07-13 07:03:59 +00:00
|
|
|
(clientParam,serverParam) <- pick arbitraryPairParams
|
|
|
|
let clientParam' = updateClientParams (\cp -> cp { onNPNServerSuggest = Just $ \protos -> return (head protos) }) clientParam
|
|
|
|
serverParam' = updateServerParams (\sp -> sp { onSuggestNextProtocols = return $ Just [C8.pack "spdy/2", C8.pack "http/1.1"] }) serverParam
|
|
|
|
params' = (clientParam',serverParam')
|
|
|
|
runTLSPipe params' tlsServer tlsClient
|
|
|
|
where tlsServer ctx queue = do
|
|
|
|
handshake ctx
|
|
|
|
proto <- getNegotiatedProtocol ctx
|
|
|
|
Just (C8.pack "spdy/2") `assertEq` proto
|
|
|
|
d <- recvDataNonNull ctx
|
|
|
|
writeChan queue d
|
|
|
|
return ()
|
|
|
|
tlsClient queue ctx = do
|
|
|
|
handshake ctx
|
|
|
|
proto <- getNegotiatedProtocol ctx
|
|
|
|
Just (C8.pack "spdy/2") `assertEq` proto
|
|
|
|
d <- readChan queue
|
|
|
|
sendData ctx (L.fromChunks [d])
|
|
|
|
bye ctx
|
|
|
|
return ()
|
2012-02-16 08:06:12 +00:00
|
|
|
|
2011-12-11 20:43:53 +00:00
|
|
|
prop_handshake_renegociation :: PropertyM IO ()
|
|
|
|
prop_handshake_renegociation = do
|
2013-07-13 07:03:59 +00:00
|
|
|
params <- pick arbitraryPairParams
|
|
|
|
runTLSPipe params tlsServer tlsClient
|
|
|
|
where tlsServer ctx queue = do
|
|
|
|
handshake ctx
|
|
|
|
d <- recvDataNonNull ctx
|
|
|
|
writeChan queue d
|
|
|
|
return ()
|
|
|
|
tlsClient queue ctx = do
|
|
|
|
handshake ctx
|
|
|
|
handshake ctx
|
|
|
|
d <- readChan queue
|
|
|
|
sendData ctx (L.fromChunks [d])
|
|
|
|
bye ctx
|
|
|
|
return ()
|
2011-12-20 07:49:28 +00:00
|
|
|
|
2012-07-12 07:59:59 +00:00
|
|
|
-- | simple session manager to store one session id and session data for a single thread.
|
|
|
|
-- a Real concurrent session manager would use an MVar and have multiples items.
|
2013-05-15 05:41:47 +00:00
|
|
|
oneSessionManager :: IORef (Maybe (SessionID, SessionData)) -> SessionManager
|
|
|
|
oneSessionManager ref = SessionManager
|
|
|
|
{ sessionResume = \myId -> (>>= maybeResume myId) <$> readIORef ref
|
|
|
|
, sessionEstablish = \myId dat -> writeIORef ref $ Just (myId, dat)
|
|
|
|
, sessionInvalidate = \_ -> return ()
|
|
|
|
}
|
|
|
|
where
|
|
|
|
maybeResume myId (sid, sdata)
|
|
|
|
| sid == myId = Just sdata
|
|
|
|
| otherwise = Nothing
|
2012-07-12 07:59:59 +00:00
|
|
|
|
2011-12-20 07:49:28 +00:00
|
|
|
prop_handshake_session_resumption :: PropertyM IO ()
|
|
|
|
prop_handshake_session_resumption = do
|
2013-07-13 07:03:59 +00:00
|
|
|
sessionRef <- run $ newIORef Nothing
|
|
|
|
let sessionManager = oneSessionManager sessionRef
|
|
|
|
|
|
|
|
plainParams <- pick arbitraryPairParams
|
|
|
|
let params = setPairParamsSessionManager sessionManager plainParams
|
|
|
|
|
|
|
|
runTLSPipe params tlsServer tlsClient
|
|
|
|
|
|
|
|
-- and resume
|
|
|
|
sessionParams <- run $ readIORef sessionRef
|
|
|
|
assert (isJust sessionParams)
|
|
|
|
let params2 = setPairParamsSessionResuming (fromJust sessionParams) params
|
|
|
|
|
|
|
|
runTLSPipe params2 tlsServer tlsClient
|
|
|
|
where tlsServer ctx queue = do
|
|
|
|
handshake ctx
|
|
|
|
d <- recvDataNonNull ctx
|
|
|
|
writeChan queue d
|
|
|
|
return ()
|
|
|
|
tlsClient queue ctx = do
|
|
|
|
handshake ctx
|
|
|
|
d <- readChan queue
|
|
|
|
sendData ctx (L.fromChunks [d])
|
|
|
|
bye ctx
|
|
|
|
return ()
|
2011-11-14 22:12:09 +00:00
|
|
|
|
2011-12-01 08:52:01 +00:00
|
|
|
assertEq :: (Show a, Monad m, Eq a) => a -> a -> m ()
|
2011-11-14 22:12:09 +00:00
|
|
|
assertEq expected got = unless (expected == got) $ error ("got " ++ show got ++ " but was expecting " ++ show expected)
|
|
|
|
|
2011-12-01 08:52:01 +00:00
|
|
|
main :: IO ()
|
2011-11-11 22:53:17 +00:00
|
|
|
main = defaultMain
|
2012-03-28 07:06:13 +00:00
|
|
|
[ tests_marshalling
|
|
|
|
, tests_handshake
|
|
|
|
]
|
|
|
|
where
|
|
|
|
-- lowlevel tests to check the packet marshalling.
|
|
|
|
tests_marshalling = testGroup "Marshalling"
|
|
|
|
[ testProperty "Header" prop_header_marshalling_id
|
|
|
|
, testProperty "Handshake" prop_handshake_marshalling_id
|
|
|
|
]
|
|
|
|
|
|
|
|
-- high level tests between a client and server with fake ciphers.
|
|
|
|
tests_handshake = testGroup "Handshakes"
|
|
|
|
[ testProperty "setup" (monadicIO prop_pipe_work)
|
|
|
|
, testProperty "initiate" (monadicIO prop_handshake_initiate)
|
|
|
|
, testProperty "initiate with npn" (monadicIO prop_handshake_npn_initiate)
|
|
|
|
, testProperty "renegociation" (monadicIO prop_handshake_renegociation)
|
|
|
|
, testProperty "resumption" (monadicIO prop_handshake_session_resumption)
|
|
|
|
]
|