[thirdparty/openssl.git] / test / recipes / 70-test_sslextension.t

#! /usr/bin/env perl
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use feature 'state';

use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;
use TLSProxy::Proxy;

my $test_name = "test_sslextension";
setup($test_name);

plan skip_all => "TLSProxy isn't usable on $^O"
    if $^O =~ /^(VMS)$/;

plan skip_all => "$test_name needs the dynamic engine feature enabled"
    if disabled("engine") || disabled("dynamic-engine");

plan skip_all => "$test_name needs the sock feature enabled"
    if disabled("sock");

plan skip_all => "$test_name needs TLS enabled"
    if alldisabled(available_protocols("tls"));

my $no_below_tls13 = alldisabled(("tls1", "tls1_1", "tls1_2"))
                     || (!disabled("tls1_3") && disabled("tls1_2"));

use constant {
    UNSOLICITED_SERVER_NAME => 0,
    UNSOLICITED_SERVER_NAME_TLS13 => 1,
    UNSOLICITED_SCT => 2,
    NONCOMPLIANT_SUPPORTED_GROUPS => 3
};

my $testtype;
my $fatal_alert = 0;    # set by filter on fatal alert

my $proxy = TLSProxy::Proxy->new(
    \&inject_duplicate_extension_clienthello,
    cmdstr(app(["openssl"]), display => 1),
    srctop_file("apps", "server.pem"),
    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
);


sub extension_filter
{
    my $proxy = shift;

    if ($proxy->flight == 1) {
        # Change the ServerRandom so that the downgrade sentinel doesn't cause
        # the connection to fail
        my $message = ${$proxy->message_list}[1];
        $message->random("\0"x32);
        $message->repack();
        return;
    }

    # We're only interested in the initial ClientHello
    if ($proxy->flight != 0) {
        return;
    }

    foreach my $message (@{$proxy->message_list}) {
        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
            # Remove all extensions and set the extension len to zero
            $message->extension_data({});
            $message->extensions_len(0);
            # Extensions have been removed so make sure we don't try to use them
            $message->process_extensions();

            $message->repack();
        }
    }
}

sub inject_duplicate_extension
{
  my ($proxy, $message_type) = @_;

    foreach my $message (@{$proxy->message_list}) {
        if ($message->mt == $message_type) {
          my %extensions = %{$message->extension_data};
            # Add a duplicate extension. We use cryptopro_bug since we never
            # normally write that one, and it is allowed as unsolicited in the
            # ServerHello
            $message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
            $message->dupext(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION);
            $message->repack();
        }
    }
}

sub inject_duplicate_extension_clienthello
{
    my $proxy = shift;

    # We're only interested in the initial ClientHello
    if ($proxy->flight == 0) {
        inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO);
        return;
    }

    my $last_record = @{$proxy->{record_list}}[-1];
    $fatal_alert = 1 if $last_record->is_fatal_alert(1);
}

sub inject_duplicate_extension_serverhello
{
    my $proxy = shift;

    # We're only interested in the initial ServerHello
    if ($proxy->flight == 0) {
        return;
    } elsif ($proxy->flight == 1) {
        inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO);
        return;
    }

    my $last_record = @{$proxy->{record_list}}[-1];
    $fatal_alert = 1 if $last_record->is_fatal_alert(0);
}

sub inject_unsolicited_extension
{
    my $proxy = shift;
    my $message;
    state $sent_unsolisited_extension;

    if ($proxy->flight == 0) {
        $sent_unsolisited_extension = 0;
        return;
    }

    # We're only interested in the initial ServerHello/EncryptedExtensions
    if ($proxy->flight != 1) {
        if ($sent_unsolisited_extension) {
            my $last_record = @{$proxy->record_list}[-1];
            $fatal_alert = 1 if $last_record->is_fatal_alert(0);
        }
        return;
    }

    if ($testtype == UNSOLICITED_SERVER_NAME_TLS13) {
        return if (!defined($message = ${$proxy->message_list}[2]));
        die "Expecting EE message ".($message->mt).","
                                   .${$proxy->message_list}[1]->mt.", "
                                   .${$proxy->message_list}[3]->mt
            if $message->mt != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS;
    } else {
        $message = ${$proxy->message_list}[1];
    }

    my $ext = pack "C2",
        0x00, 0x00; #Extension length

    my $type;
    if ($testtype == UNSOLICITED_SERVER_NAME
            || $testtype == UNSOLICITED_SERVER_NAME_TLS13) {
        $type = TLSProxy::Message::EXT_SERVER_NAME;
    } elsif ($testtype == UNSOLICITED_SCT) {
        $type = TLSProxy::Message::EXT_SCT;
    } elsif ($testtype == NONCOMPLIANT_SUPPORTED_GROUPS) {
        $type = TLSProxy::Message::EXT_SUPPORTED_GROUPS;
    }
    $message->set_extension($type, $ext);
    $message->repack();
    $sent_unsolisited_extension = 1;
}

sub inject_cryptopro_extension
{
    my $proxy = shift;

    # We're only interested in the initial ClientHello
    if ($proxy->flight != 0) {
        return;
    }

    my $message = ${$proxy->message_list}[0];
    $message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
    $message->repack();
}

# Test 1-2: Sending a duplicate extension should fail.
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 8;
ok($fatal_alert, "Duplicate ClientHello extension");

SKIP: {
    skip "TLS <= 1.2 disabled", 4 if $no_below_tls13;

    $fatal_alert = 0;
    $proxy->clear();
    $proxy->filter(\&inject_duplicate_extension_serverhello);
    $proxy->clientflags("-no_tls1_3");
    $proxy->start();
    ok($fatal_alert, "Duplicate ServerHello extension");

    #Test 3: Sending a zero length extension block should pass
    $proxy->clear();
    $proxy->filter(\&extension_filter);
    $proxy->cipherc("DEFAULT:\@SECLEVEL=0");
    $proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
    $proxy->clientflags("-no_tls1_3");
    $proxy->start();
    ok(TLSProxy::Message->success, "Zero extension length test");

    #Test 4: Inject an unsolicited extension (<= TLSv1.2)
    $fatal_alert = 0;
    $proxy->clear();
    $proxy->filter(\&inject_unsolicited_extension);
    $testtype = UNSOLICITED_SERVER_NAME;
    $proxy->clientflags("-no_tls1_3 -noservername");
    $proxy->start();
    ok($fatal_alert, "Unsolicited server name extension");

    #Test 5: Send the cryptopro extension in a ClientHello. Normally this is an
    #        unsolicited extension only ever seen in the ServerHello. We should
    #        ignore it in a ClientHello
    $proxy->clear();
    $proxy->filter(\&inject_cryptopro_extension);
    $proxy->clientflags("-no_tls1_3");
    $proxy->start();
    ok(TLSProxy::Message->success(), "Cryptopro extension in ClientHello");
}

SKIP: {
    skip "TLS <= 1.2 disabled or EC disabled", 1
        if $no_below_tls13 || disabled("ec");
    #Test 6: Inject a noncompliant supported_groups extension (<= TLSv1.2)
    $proxy->clear();
    $proxy->filter(\&inject_unsolicited_extension);
    $testtype = NONCOMPLIANT_SUPPORTED_GROUPS;
    $proxy->clientflags("-no_tls1_3");
    $proxy->start();
    ok(TLSProxy::Message->success(), "Noncompliant supported_groups extension");
}

SKIP: {
    skip "TLS <= 1.2 or CT disabled", 1
        if $no_below_tls13 || disabled("ct");
    #Test 7: Same as above for the SCT extension which has special handling
    $fatal_alert = 0;
    $proxy->clear();
    $proxy->filter(\&inject_unsolicited_extension);
    $testtype = UNSOLICITED_SCT;
    $proxy->clientflags("-no_tls1_3");
    $proxy->start();
    ok($fatal_alert, "Unsolicited sct extension");
}

SKIP: {
    skip "TLS 1.3 disabled", 1
        if disabled("tls1_3") || (disabled("ec") && disabled("dh"));
    #Test 8: Inject an unsolicited extension (TLSv1.3)
    $fatal_alert = 0;
    $proxy->clear();
    $proxy->filter(\&inject_unsolicited_extension);
    $testtype = UNSOLICITED_SERVER_NAME_TLS13;
    $proxy->clientflags("-noservername");
    $proxy->start();
    ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)");
}
Commit	Line	Data
596d6b7e	1	#! /usr/bin/env perl
a28d06f3	2	# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
011467ee	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
596d6b7e RS	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
011467ee MC	8
011467ee MC	9	use strict;
c4220c0f AP	10	use feature 'state';
c4220c0f AP	11
42e0ccdf	12	use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
3f22ed2f	13	use OpenSSL::Test::Utils;
011467ee MC	14	use TLSProxy::Proxy;
011467ee MC	15
25be5f44 RL	16	my $test_name = "test_sslextension";
	17	setup($test_name);
	18
60f9f1e1	19	plan skip_all => "TLSProxy isn't usable on $^O"
c5856878	20	if $^O =~ /^(VMS)$/;
60f9f1e1	21
2dd400bd	22	plan skip_all => "$test_name needs the dynamic engine feature enabled"
19ab5790	23	if disabled("engine") \|\| disabled("dynamic-engine");
25be5f44	24
f9e55034 MC	25	plan skip_all => "$test_name needs the sock feature enabled"
	26	if disabled("sock");
	27
b273fcc5 MC	28	plan skip_all => "$test_name needs TLS enabled"
	29	if alldisabled(available_protocols("tls"));
	30
c423ecaa MC	31	my $no_below_tls13 = alldisabled(("tls1", "tls1_1", "tls1_2"))
	32	\|\| (!disabled("tls1_3") && disabled("tls1_2"));
	33
56c2a6d7 MC	34	use constant {
	35	UNSOLICITED_SERVER_NAME => 0,
	36	UNSOLICITED_SERVER_NAME_TLS13 => 1,
767938fa BK	37	UNSOLICITED_SCT => 2,
767938fa BK	38	NONCOMPLIANT_SUPPORTED_GROUPS => 3
56c2a6d7 MC	39	};
	40
	41	my $testtype;
c4220c0f	42	my $fatal_alert = 0; # set by filter on fatal alert
56c2a6d7	43
011467ee	44	my $proxy = TLSProxy::Proxy->new(
c423ecaa	45	\&inject_duplicate_extension_clienthello,
25c78440	46	cmdstr(app(["openssl"]), display => 1),
b44b935e RL	47	srctop_file("apps", "server.pem"),
b44b935e RL	48	(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})
011467ee MC	49	);
011467ee MC	50
011467ee MC	51
	52	sub extension_filter
	53	{
	54	my $proxy = shift;
	55
b9647e34 MC	56	if ($proxy->flight == 1) {
	57	# Change the ServerRandom so that the downgrade sentinel doesn't cause
	58	# the connection to fail
	59	my $message = ${$proxy->message_list}[1];
	60	$message->random("\0"x32);
	61	$message->repack();
	62	return;
	63	}
	64
011467ee MC	65	# We're only interested in the initial ClientHello
	66	if ($proxy->flight != 0) {
	67	return;
	68	}
	69
	70	foreach my $message (@{$proxy->message_list}) {
	71	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
aa474d1f	72	# Remove all extensions and set the extension len to zero
011467ee MC	73	$message->extension_data({});
011467ee MC	74	$message->extensions_len(0);
aa474d1f	75	# Extensions have been removed so make sure we don't try to use them
011467ee MC	76	$message->process_extensions();
	77
	78	$message->repack();
	79	}
	80	}
	81	}
aa474d1f	82
aa474d1f EK	83	sub inject_duplicate_extension
	84	{
	85	my ($proxy, $message_type) = @_;
	86
	87	foreach my $message (@{$proxy->message_list}) {
	88	if ($message->mt == $message_type) {
	89	my %extensions = %{$message->extension_data};
9effc496 MC	90	# Add a duplicate extension. We use cryptopro_bug since we never
	91	# normally write that one, and it is allowed as unsolicited in the
	92	# ServerHello
	93	$message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
	94	$message->dupext(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION);
aa474d1f EK	95	$message->repack();
	96	}
	97	}
	98	}
	99
	100	sub inject_duplicate_extension_clienthello
	101	{
	102	my $proxy = shift;
	103
	104	# We're only interested in the initial ClientHello
c4220c0f AP	105	if ($proxy->flight == 0) {
c4220c0f AP	106	inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO);
aa474d1f EK	107	return;
	108	}
	109
c4220c0f AP	110	my $last_record = @{$proxy->{record_list}}[-1];
c4220c0f AP	111	$fatal_alert = 1 if $last_record->is_fatal_alert(1);
aa474d1f EK	112	}
	113
	114	sub inject_duplicate_extension_serverhello
	115	{
	116	my $proxy = shift;
	117
	118	# We're only interested in the initial ServerHello
c4220c0f AP	119	if ($proxy->flight == 0) {
	120	return;
	121	} elsif ($proxy->flight == 1) {
	122	inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO);
aa474d1f EK	123	return;
	124	}
	125
c4220c0f AP	126	my $last_record = @{$proxy->{record_list}}[-1];
c4220c0f AP	127	$fatal_alert = 1 if $last_record->is_fatal_alert(0);
aa474d1f EK	128	}
aa474d1f EK	129
56c2a6d7 MC	130	sub inject_unsolicited_extension
	131	{
	132	my $proxy = shift;
	133	my $message;
c4220c0f AP	134	state $sent_unsolisited_extension;
	135
	136	if ($proxy->flight == 0) {
	137	$sent_unsolisited_extension = 0;
	138	return;
	139	}
56c2a6d7 MC	140
	141	# We're only interested in the initial ServerHello/EncryptedExtensions
	142	if ($proxy->flight != 1) {
c4220c0f AP	143	if ($sent_unsolisited_extension) {
	144	my $last_record = @{$proxy->record_list}[-1];
	145	$fatal_alert = 1 if $last_record->is_fatal_alert(0);
	146	}
56c2a6d7 MC	147	return;
	148	}
	149
	150	if ($testtype == UNSOLICITED_SERVER_NAME_TLS13) {
c4220c0f AP	151	return if (!defined($message = ${$proxy->message_list}[2]));
	152	die "Expecting EE message ".($message->mt).","
	153	.${$proxy->message_list}[1]->mt.", "
	154	.${$proxy->message_list}[3]->mt
	155	if $message->mt != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS;
56c2a6d7 MC	156	} else {
	157	$message = ${$proxy->message_list}[1];
	158	}
	159
	160	my $ext = pack "C2",
	161	0x00, 0x00; #Extension length
	162
	163	my $type;
	164	if ($testtype == UNSOLICITED_SERVER_NAME
	165	\|\| $testtype == UNSOLICITED_SERVER_NAME_TLS13) {
	166	$type = TLSProxy::Message::EXT_SERVER_NAME;
	167	} elsif ($testtype == UNSOLICITED_SCT) {
	168	$type = TLSProxy::Message::EXT_SCT;
767938fa BK	169	} elsif ($testtype == NONCOMPLIANT_SUPPORTED_GROUPS) {
767938fa BK	170	$type = TLSProxy::Message::EXT_SUPPORTED_GROUPS;
56c2a6d7 MC	171	}
	172	$message->set_extension($type, $ext);
	173	$message->repack();
c4220c0f	174	$sent_unsolisited_extension = 1;
56c2a6d7 MC	175	}
56c2a6d7 MC	176
9effc496 MC	177	sub inject_cryptopro_extension
	178	{
	179	my $proxy = shift;
	180
	181	# We're only interested in the initial ClientHello
	182	if ($proxy->flight != 0) {
	183	return;
	184	}
	185
	186	my $message = ${$proxy->message_list}[0];
	187	$message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
	188	$message->repack();
	189	}
	190
c423ecaa MC	191	# Test 1-2: Sending a duplicate extension should fail.
c423ecaa MC	192	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
9effc496	193	plan tests => 8;
c4220c0f	194	ok($fatal_alert, "Duplicate ClientHello extension");
c423ecaa	195
56c2a6d7	196	SKIP: {
64c609e7 TM	197	skip "TLS <= 1.2 disabled", 4 if $no_below_tls13;
	198
	199	$fatal_alert = 0;
	200	$proxy->clear();
	201	$proxy->filter(\&inject_duplicate_extension_serverhello);
	202	$proxy->clientflags("-no_tls1_3");
	203	$proxy->start();
	204	ok($fatal_alert, "Duplicate ServerHello extension");
c423ecaa MC	205
	206	#Test 3: Sending a zero length extension block should pass
	207	$proxy->clear();
	208	$proxy->filter(\&extension_filter);
972ee925	209	$proxy->cipherc("DEFAULT:\@SECLEVEL=0");
aba03ae5	210	$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
a763ca11	211	$proxy->clientflags("-no_tls1_3");
c423ecaa MC	212	$proxy->start();
	213	ok(TLSProxy::Message->success, "Zero extension length test");
	214
56c2a6d7	215	#Test 4: Inject an unsolicited extension (<= TLSv1.2)
c4220c0f	216	$fatal_alert = 0;
56c2a6d7 MC	217	$proxy->clear();
	218	$proxy->filter(\&inject_unsolicited_extension);
	219	$testtype = UNSOLICITED_SERVER_NAME;
	220	$proxy->clientflags("-no_tls1_3 -noservername");
	221	$proxy->start();
c4220c0f	222	ok($fatal_alert, "Unsolicited server name extension");
64c609e7 TM	223
	224	#Test 5: Send the cryptopro extension in a ClientHello. Normally this is an
	225	# unsolicited extension only ever seen in the ServerHello. We should
	226	# ignore it in a ClientHello
	227	$proxy->clear();
	228	$proxy->filter(\&inject_cryptopro_extension);
	229	$proxy->clientflags("-no_tls1_3");
	230	$proxy->start();
	231	ok(TLSProxy::Message->success(), "Cryptopro extension in ClientHello");
dbc6268f	232	}
64c609e7	233
dbc6268f MC	234	SKIP: {
	235	skip "TLS <= 1.2 disabled or EC disabled", 1
	236	if $no_below_tls13 \|\| disabled("ec");
64c609e7	237	#Test 6: Inject a noncompliant supported_groups extension (<= TLSv1.2)
767938fa BK	238	$proxy->clear();
	239	$proxy->filter(\&inject_unsolicited_extension);
	240	$testtype = NONCOMPLIANT_SUPPORTED_GROUPS;
	241	$proxy->clientflags("-no_tls1_3");
	242	$proxy->start();
	243	ok(TLSProxy::Message->success(), "Noncompliant supported_groups extension");
a5e65f7c	244	}
56c2a6d7	245
a5e65f7c MC	246	SKIP: {
a5e65f7c MC	247	skip "TLS <= 1.2 or CT disabled", 1
c423ecaa	248	if $no_below_tls13 \|\| disabled("ct");
64c609e7	249	#Test 7: Same as above for the SCT extension which has special handling
c4220c0f	250	$fatal_alert = 0;
56c2a6d7	251	$proxy->clear();
64c609e7	252	$proxy->filter(\&inject_unsolicited_extension);
56c2a6d7 MC	253	$testtype = UNSOLICITED_SCT;
	254	$proxy->clientflags("-no_tls1_3");
	255	$proxy->start();
c4220c0f	256	ok($fatal_alert, "Unsolicited sct extension");
56c2a6d7 MC	257	}
	258
	259	SKIP: {
a763ca11 MC	260	skip "TLS 1.3 disabled", 1
a763ca11 MC	261	if disabled("tls1_3") \|\| (disabled("ec") && disabled("dh"));
64c609e7	262	#Test 8: Inject an unsolicited extension (TLSv1.3)
c4220c0f	263	$fatal_alert = 0;
56c2a6d7 MC	264	$proxy->clear();
	265	$proxy->filter(\&inject_unsolicited_extension);
	266	$testtype = UNSOLICITED_SERVER_NAME_TLS13;
	267	$proxy->clientflags("-noservername");
	268	$proxy->start();
c4220c0f	269	ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)");
56c2a6d7	270	}