crypto/tls: fix test data generation

- Multiple GetCertificate tests shared the same name and were
  overwriting each other, each test now has a unique name.
- expectAlert was not implemented in the data updater, the single
  test that used it has been replaced with a ClientHello failure
  test.

Fixes #10470

Change-Id: I500738f6302ffa863d7ee45d85fa8773155e0614
Reviewed-on: https://go-review.googlesource.com/8959
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>

diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index ed0248f53a3f46ce50b1d8699cc3fba471028e22..ccf00fe44009b27115999781992990d05fb10c39 100644 (file)
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -385,9 +385,6 @@ type serverTest struct {
        expectedPeerCerts []string
        // config, if not nil, contains a custom Config to use for this test.
        config *Config
-       // expectAlert, if true, indicates that a fatal alert should be returned
-       // when handshaking with the server.
-       expectAlert bool
        // expectHandshakeErrorIncluding, when not empty, contains a string
        // that must be a substring of the error resulting from the handshake.
        expectHandshakeErrorIncluding string
@@ -512,9 +509,7 @@ func (test *serverTest) run(t *testing.T, write bool) {
        if !write {
                flows, err := test.loadData()
                if err != nil {
-                       if !test.expectAlert {
-                               t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath())
-                       }
+                       t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath())
                }
                for i, b := range flows {
                        if i%2 == 0 {
@@ -523,17 +518,11 @@ func (test *serverTest) run(t *testing.T, write bool) {
                        }
                        bb := make([]byte, len(b))
                        n, err := io.ReadFull(clientConn, bb)
-                       if test.expectAlert {
-                               if err == nil {
-                                       t.Fatal("Expected read failure but read succeeded")
-                               }
-                       } else {
-                               if err != nil {
-                                       t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b)
-                               }
-                               if !bytes.Equal(b, bb) {
-                                       t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b)
-                               }
+                       if err != nil {
+                               t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b)
+                       }
+                       if !bytes.Equal(b, bb) {
+                               t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b)
                        }
                }
                clientConn.Close()
@@ -735,7 +724,7 @@ func TestHandshakeServerSNIGetCertificate(t *testing.T) {
                return cert, nil
        }
        test := &serverTest{
-               name:    "SNI",
+               name:    "SNI-GetCertificate",
                command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
                config:  &config,
        }
@@ -753,7 +742,7 @@ func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) {
                return nil, nil
        }
        test := &serverTest{
-               name:    "SNI",
+               name:    "SNI-GetCertificateNotFound",
                command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
                config:  &config,
        }
@@ -763,18 +752,20 @@ func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) {
 // TestHandshakeServerSNICertForNameError tests to make sure that errors in
 // GetCertificate result in a tls alert.
 func TestHandshakeServerSNIGetCertificateError(t *testing.T) {
-       config := *testConfig
+       const errMsg = "TestHandshakeServerSNIGetCertificateError error"
 
-       config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
-               return nil, fmt.Errorf("Test error in GetCertificate")
+       serverConfig := *testConfig
+       serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
+               return nil, errors.New(errMsg)
        }
-       test := &serverTest{
-               name:        "SNI",
-               command:     []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
-               config:      &config,
-               expectAlert: true,
+
+       clientHello := &clientHelloMsg{
+               vers:               0x0301,
+               cipherSuites:       []uint16{TLS_RSA_WITH_RC4_128_SHA},
+               compressionMethods: []uint8{0},
+               serverName:         "test",
        }
-       runServerTestTLS12(t, test)
+       testClientHelloFailure(t, &serverConfig, clientHello, errMsg)
 }
 
 // TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with

diff --git a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate
new file mode 100644 (file)
index 0000000..88884ac
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificate
@@ -0,0 +1,76 @@
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 6f 01 00 00  6b 03 03 6a 01 e6 6b 95  |....o...k..j..k.|
+00000010  30 a8 26 2a ba 53 dd 79  6e 54 fa 69 ee e0 23 d8  |0.&*.S.ynT.i..#.|
+00000020  1c 9e 7a 9a ea 7d 13 30  c1 00 d6 00 00 04 00 2f  |..z..}.0......./|
+00000030  00 ff 02 01 00 00 3d 00  00 00 10 00 0e 00 00 0b  |......=.........|
+00000040  73 6e 69 74 65 73 74 2e  63 6f 6d 00 0d 00 20 00  |snitest.com... .|
+00000050  1e 06 01 06 02 06 03 05  01 05 02 05 03 04 01 04  |................|
+00000060  02 04 03 03 01 03 02 03  03 02 01 02 02 02 03 00  |................|
+00000070  0f 00 01 01                                       |....|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
+00000030  05 ff 01 00 01 00 16 03  03 02 00 0b 00 01 fc 00  |................|
+00000040  01 f9 00 01 f6 30 82 01  f2 30 82 01 5d a0 03 02  |.....0...0..]...|
+00000050  01 02 02 01 00 30 0b 06  09 2a 86 48 86 f7 0d 01  |.....0...*.H....|
+00000060  01 05 30 28 31 10 30 0e  06 03 55 04 0a 13 07 41  |..0(1.0...U....A|
+00000070  63 6d 65 20 43 6f 31 14  30 12 06 03 55 04 03 13  |cme Co1.0...U...|
+00000080  0b 73 6e 69 74 65 73 74  2e 63 6f 6d 30 1e 17 0d  |.snitest.com0...|
+00000090  31 32 30 34 31 31 31 37  34 30 33 35 5a 17 0d 31  |120411174035Z..1|
+000000a0  33 30 34 31 31 31 37 34  35 33 35 5a 30 28 31 10  |30411174535Z0(1.|
+000000b0  30 0e 06 03 55 04 0a 13  07 41 63 6d 65 20 43 6f  |0...U....Acme Co|
+000000c0  31 14 30 12 06 03 55 04  03 13 0b 73 6e 69 74 65  |1.0...U....snite|
+000000d0  73 74 2e 63 6f 6d 30 81  9d 30 0b 06 09 2a 86 48  |st.com0..0...*.H|
+000000e0  86 f7 0d 01 01 01 03 81  8d 00 30 81 89 02 81 81  |..........0.....|
+000000f0  00 bb 79 d6 f5 17 b5 e5  bf 46 10 d0 dc 69 be e6  |..y......F...i..|
+00000100  2b 07 43 5a d0 03 2d 8a  7a 43 85 b7 14 52 e7 a5  |+.CZ..-.zC...R..|
+00000110  65 4c 2c 78 b8 23 8c b5  b4 82 e5 de 1f 95 3b 7e  |eL,x.#........;~|
+00000120  62 a5 2c a5 33 d6 fe 12  5c 7a 56 fc f5 06 bf fa  |b.,.3...\zV.....|
+00000130  58 7b 26 3f b5 cd 04 d3  d0 c9 21 96 4a c7 f4 54  |X{&?......!.J..T|
+00000140  9f 5a bf ef 42 71 00 fe  18 99 07 7f 7e 88 7d 7d  |.Z..Bq......~.}}|
+00000150  f1 04 39 c4 a2 2e db 51  c9 7c e3 c0 4c 3b 32 66  |..9....Q.|..L;2f|
+00000160  01 cf af b1 1d b8 71 9a  1d db db 89 6b ae da 2d  |......q.....k..-|
+00000170  79 02 03 01 00 01 a3 32  30 30 30 0e 06 03 55 1d  |y......2000...U.|
+00000180  0f 01 01 ff 04 04 03 02  00 a0 30 0d 06 03 55 1d  |..........0...U.|
+00000190  0e 04 06 04 04 01 02 03  04 30 0f 06 03 55 1d 23  |.........0...U.#|
+000001a0  04 08 30 06 80 04 01 02  03 04 30 0b 06 09 2a 86  |..0.......0...*.|
+000001b0  48 86 f7 0d 01 01 05 03  81 81 00 89 c6 45 5f 1c  |H............E_.|
+000001c0  1f 5e f8 eb 1a b1 74 ee  24 39 05 9f 5c 42 59 bb  |.^....t.$9..\BY.|
+000001d0  1a 8d 86 cd b1 d0 56 f5  6a 71 7d a4 0e 95 ab 90  |......V.jq}.....|
+000001e0  f5 9e 8d ea f6 27 c1 57  99 50 94 db 08 02 26 6e  |.....'.W.P....&n|
+000001f0  b3 4f c6 84 2d ea 8a 4b  68 d9 c1 38 91 03 ab 84  |.O..-..Kh..8....|
+00000200  fb 9e 1f 85 d9 b5 d2 3f  f2 31 2c 86 70 fb b5 40  |.......?.1,.p..@|
+00000210  14 82 45 a4 eb af e2 64  d9 0c 8a 4c f4 f8 5b 0f  |..E....d...L..[.|
+00000220  ac 12 ac 2f c4 a3 15 4b  ad 52 46 28 68 af 96 c6  |.../...K.RF(h...|
+00000230  2c 65 25 d6 52 b6 e3 18  45 bd cc 16 03 03 00 04  |,e%.R...E.......|
+00000240  0e 00 00 00                                       |....|
+>>> Flow 3 (client to server)
+00000000  16 03 03 00 86 10 00 00  82 00 80 03 e1 70 db fd  |.............p..|
+00000010  a5 69 b6 da ef 2a 3b 81  4a 2a bc 21 fb ae a2 31  |.i...*;.J*.!...1|
+00000020  ac d9 34 f0 62 ff da 86  9c b1 c6 e1 cd 63 dc 42  |..4.b........c.B|
+00000030  9a 72 b2 cf 6c 6a e0 f5  30 b7 7e 9e 4e a1 fe 64  |.r..lj..0.~.N..d|
+00000040  f8 a3 f6 f2 d1 44 3a 82  5a 39 c1 ac 29 22 f7 90  |.....D:.Z9..)"..|
+00000050  71 ee 2e 62 c1 1a 22 6f  00 7d 73 4c e4 a3 d2 9a  |q..b.."o.}sL....|
+00000060  a4 34 4d fb 68 8e 99 91  e3 6d 14 f2 ac 4d 36 60  |.4M.h....m...M6`|
+00000070  9b 79 26 4b ff cf 80 3b  8d 8a 04 20 86 73 bb ff  |.y&K...;... .s..|
+00000080  c3 99 22 04 89 0c 2c 65  a0 d6 4d 14 03 03 00 01  |.."...,e..M.....|
+00000090  01 16 03 03 00 40 a9 0b  6e 2d 74 2a ae 5e c3 36  |.....@..n-t*.^.6|
+000000a0  50 80 8a d0 81 b6 b4 76  56 39 c0 b6 f8 d9 d6 fb  |P......vV9......|
+000000b0  bb 24 2d 82 ec 9f f7 d3  4d 9d e1 78 df ea 6a 0a  |.$-.....M..x..j.|
+000000c0  59 e8 b2 36 31 8e 70 eb  3e e5 e9 1b 9d f3 d7 09  |Y..61.p.>.......|
+000000d0  9b 80 55 b5 e4 e4                                 |..U...|
+>>> Flow 4 (server to client)
+00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
+00000010  00 00 00 00 00 00 00 00  00 00 00 a4 81 32 49 09  |.............2I.|
+00000020  07 8c 05 d1 1c 18 fe ca  d7 b8 7f 66 b0 42 2b 6d  |...........f.B+m|
+00000030  5a cc 72 01 3e 75 3c 23  a2 b7 56 64 b2 b3 0f 1d  |Z.r.>u<#..Vd....|
+00000040  ce a7 02 f7 88 bf 78 93  37 85 12 17 03 03 00 40  |......x.7......@|
+00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000060  49 b3 f9 ba be 6f df 65  cd 37 79 07 57 40 a4 30  |I....o.e.7y.W@.0|
+00000070  f1 f6 d7 2e 87 d2 bd 5c  f9 cf 13 c5 91 eb 0c 41  |.......\.......A|
+00000080  c3 13 fb b2 de 0c 59 a9  1e e4 d5 b2 ea 4f 88 df  |......Y......O..|
+00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
+000000a0  00 00 00 00 00 b2 e1 cb  94 94 30 e1 da 42 ea df  |..........0..B..|
+000000b0  fc 8d 54 8d b2 d9 3b 33  4e 53 98 e9 14 e3 c1 d9  |..T...;3NS......|
+000000c0  de b8 e5 51 ca                                    |...Q.|

diff --git a/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
new file mode 100644 (file)
index 0000000..ebd284b
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv12-SNI-GetCertificateNotFound
@@ -0,0 +1,76 @@
+>>> Flow 1 (client to server)
+00000000  16 03 01 00 6f 01 00 00  6b 03 03 3d 70 50 1f cc  |....o...k..=pP..|
+00000010  5b 7a b5 67 c2 fc e8 65  a9 3d 7c 2a 93 ef 0d 41  |[z.g...e.=|*...A|
+00000020  a1 7d 78 a8 af 7d 70 af  ce 1b 0e 00 00 04 00 2f  |.}x..}p......../|
+00000030  00 ff 02 01 00 00 3d 00  00 00 10 00 0e 00 00 0b  |......=.........|
+00000040  73 6e 69 74 65 73 74 2e  63 6f 6d 00 0d 00 20 00  |snitest.com... .|
+00000050  1e 06 01 06 02 06 03 05  01 05 02 05 03 04 01 04  |................|
+00000060  02 04 03 03 01 03 02 03  03 02 01 02 02 02 03 00  |................|
+00000070  0f 00 01 01                                       |....|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 2f 00 00  |............./..|
+00000030  05 ff 01 00 01 00 16 03  03 02 00 0b 00 01 fc 00  |................|
+00000040  01 f9 00 01 f6 30 82 01  f2 30 82 01 5d a0 03 02  |.....0...0..]...|
+00000050  01 02 02 01 00 30 0b 06  09 2a 86 48 86 f7 0d 01  |.....0...*.H....|
+00000060  01 05 30 28 31 10 30 0e  06 03 55 04 0a 13 07 41  |..0(1.0...U....A|
+00000070  63 6d 65 20 43 6f 31 14  30 12 06 03 55 04 03 13  |cme Co1.0...U...|
+00000080  0b 73 6e 69 74 65 73 74  2e 63 6f 6d 30 1e 17 0d  |.snitest.com0...|
+00000090  31 32 30 34 31 31 31 37  34 30 33 35 5a 17 0d 31  |120411174035Z..1|
+000000a0  33 30 34 31 31 31 37 34  35 33 35 5a 30 28 31 10  |30411174535Z0(1.|
+000000b0  30 0e 06 03 55 04 0a 13  07 41 63 6d 65 20 43 6f  |0...U....Acme Co|
+000000c0  31 14 30 12 06 03 55 04  03 13 0b 73 6e 69 74 65  |1.0...U....snite|
+000000d0  73 74 2e 63 6f 6d 30 81  9d 30 0b 06 09 2a 86 48  |st.com0..0...*.H|
+000000e0  86 f7 0d 01 01 01 03 81  8d 00 30 81 89 02 81 81  |..........0.....|
+000000f0  00 bb 79 d6 f5 17 b5 e5  bf 46 10 d0 dc 69 be e6  |..y......F...i..|
+00000100  2b 07 43 5a d0 03 2d 8a  7a 43 85 b7 14 52 e7 a5  |+.CZ..-.zC...R..|
+00000110  65 4c 2c 78 b8 23 8c b5  b4 82 e5 de 1f 95 3b 7e  |eL,x.#........;~|
+00000120  62 a5 2c a5 33 d6 fe 12  5c 7a 56 fc f5 06 bf fa  |b.,.3...\zV.....|
+00000130  58 7b 26 3f b5 cd 04 d3  d0 c9 21 96 4a c7 f4 54  |X{&?......!.J..T|
+00000140  9f 5a bf ef 42 71 00 fe  18 99 07 7f 7e 88 7d 7d  |.Z..Bq......~.}}|
+00000150  f1 04 39 c4 a2 2e db 51  c9 7c e3 c0 4c 3b 32 66  |..9....Q.|..L;2f|
+00000160  01 cf af b1 1d b8 71 9a  1d db db 89 6b ae da 2d  |......q.....k..-|
+00000170  79 02 03 01 00 01 a3 32  30 30 30 0e 06 03 55 1d  |y......2000...U.|
+00000180  0f 01 01 ff 04 04 03 02  00 a0 30 0d 06 03 55 1d  |..........0...U.|
+00000190  0e 04 06 04 04 01 02 03  04 30 0f 06 03 55 1d 23  |.........0...U.#|
+000001a0  04 08 30 06 80 04 01 02  03 04 30 0b 06 09 2a 86  |..0.......0...*.|
+000001b0  48 86 f7 0d 01 01 05 03  81 81 00 89 c6 45 5f 1c  |H............E_.|
+000001c0  1f 5e f8 eb 1a b1 74 ee  24 39 05 9f 5c 42 59 bb  |.^....t.$9..\BY.|
+000001d0  1a 8d 86 cd b1 d0 56 f5  6a 71 7d a4 0e 95 ab 90  |......V.jq}.....|
+000001e0  f5 9e 8d ea f6 27 c1 57  99 50 94 db 08 02 26 6e  |.....'.W.P....&n|
+000001f0  b3 4f c6 84 2d ea 8a 4b  68 d9 c1 38 91 03 ab 84  |.O..-..Kh..8....|
+00000200  fb 9e 1f 85 d9 b5 d2 3f  f2 31 2c 86 70 fb b5 40  |.......?.1,.p..@|
+00000210  14 82 45 a4 eb af e2 64  d9 0c 8a 4c f4 f8 5b 0f  |..E....d...L..[.|
+00000220  ac 12 ac 2f c4 a3 15 4b  ad 52 46 28 68 af 96 c6  |.../...K.RF(h...|
+00000230  2c 65 25 d6 52 b6 e3 18  45 bd cc 16 03 03 00 04  |,e%.R...E.......|
+00000240  0e 00 00 00                                       |....|
+>>> Flow 3 (client to server)
+00000000  16 03 03 00 86 10 00 00  82 00 80 1c 6d 66 c4 c1  |............mf..|
+00000010  92 07 67 6c f7 54 32 70  31 53 89 8d 60 29 d8 df  |..gl.T2p1S..`)..|
+00000020  8b b9 62 a0 3c 79 e3 67  45 e9 6d 6e f5 9b cd 18  |..b.<y.gE.mn....|
+00000030  13 4a 3b 14 11 2b 05 4c  e3 8a 7e 03 b5 ca 3d 14  |.J;..+.L..~...=.|
+00000040  da 84 6f cd 31 8b 4f 43  62 cf ff 39 a9 c6 95 5d  |..o.1.OCb..9...]|
+00000050  8a 54 b6 6f eb cf ed e7  05 33 b0 74 03 7e 49 6f  |.T.o.....3.t.~Io|
+00000060  88 6c c4 7d 3f 63 bd 49  11 57 e8 95 9f 4e ff 6f  |.l.}?c.I.W...N.o|
+00000070  92 20 fd fe 2b 07 22 ff  03 0a 36 0d 29 c7 21 a9  |. ..+."...6.).!.|
+00000080  50 28 73 f9 25 ce eb 16  90 0d d3 14 03 03 00 01  |P(s.%...........|
+00000090  01 16 03 03 00 40 f2 b1  15 c1 86 c7 63 b3 52 93  |.....@......c.R.|
+000000a0  c2 27 cc 1a 30 9a 59 1b  0c 92 11 ba bc 2b af ca  |.'..0.Y......+..|
+000000b0  b2 44 66 0f 86 19 2c 38  08 ca ee 40 67 60 21 39  |.Df...,8...@g`!9|
+000000c0  03 77 f5 5b c9 2e 62 6d  1a 0c 1e 86 cf 30 a9 89  |.w.[..bm.....0..|
+000000d0  ba f9 d7 ff ed 2c                                 |.....,|
+>>> Flow 4 (server to client)
+00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
+00000010  00 00 00 00 00 00 00 00  00 00 00 88 5b 91 f7 4e  |............[..N|
+00000020  07 30 30 98 88 5c de 79  e0 63 1a 91 17 3a 2f bf  |.00..\.y.c...:/.|
+00000030  8b 6b 61 f9 56 d7 43 bf  87 42 34 f3 09 b1 5e 67  |.ka.V.C..B4...^g|
+00000040  a2 33 0d 15 b8 7d c5 a8  35 50 4f 17 03 03 00 40  |.3...}..5PO....@|
+00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000060  50 27 94 e0 5a da 24 8f  b2 d3 f3 f6 a4 1e f6 ac  |P'..Z.$.........|
+00000070  b9 2a 48 85 41 f7 84 4c  1e f4 ca aa 90 1f f8 1b  |.*H.A..L........|
+00000080  2f 53 01 2b 5e 48 82 ab  f0 70 ad 4b 8f 5d bd 27  |/S.+^H...p.K.].'|
+00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
+000000a0  00 00 00 00 00 5c 38 ba  1e 5a 18 9a a0 31 aa 98  |.....\8..Z...1..|
+000000b0  68 3e ba 01 42 ee b7 78  1a ed 56 f8 b6 49 a7 4c  |h>..B..x..V..I.L|
+000000c0  e1 8d dd 1c 9c                                    |.....|