]>
Commit | Line | Data |
---|---|---|
1 | # -*- mode: perl; -*- | |
2 | # Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | ## Test Renegotiation | |
11 | ||
12 | use strict; | |
13 | use warnings; | |
14 | ||
15 | package ssltests; | |
16 | use OpenSSL::Test::Utils; | |
17 | ||
18 | our $fips_mode; | |
19 | ||
20 | our @tests = (); | |
21 | ||
22 | foreach my $sctp ("No", "Yes") | |
23 | { | |
24 | next if disabled("sctp") && $sctp eq "Yes"; | |
25 | next if disabled("dtls1_2") && $fips_mode; | |
26 | ||
27 | my $suffix = ($sctp eq "No") ? "" : "-sctp"; | |
28 | our @tests_basic = ( | |
29 | { | |
30 | name => "renegotiate-client-no-resume".$suffix, | |
31 | server => { | |
32 | "MaxProtocol" => "DTLSv1.2", | |
33 | "CipherString" => 'DEFAULT:@SECLEVEL=0', | |
34 | "Options" => "NoResumptionOnRenegotiation" | |
35 | }, | |
36 | client => { | |
37 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
38 | }, | |
39 | test => { | |
40 | "Method" => "DTLS", | |
41 | "UseSCTP" => $sctp, | |
42 | "HandshakeMode" => "RenegotiateClient", | |
43 | "ResumptionExpected" => "No", | |
44 | "ExpectedResult" => "Success" | |
45 | } | |
46 | }, | |
47 | { | |
48 | name => "renegotiate-client-resume".$suffix, | |
49 | server => { | |
50 | "MaxProtocol" => "DTLSv1.2", | |
51 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
52 | }, | |
53 | client => { | |
54 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
55 | }, | |
56 | test => { | |
57 | "Method" => "DTLS", | |
58 | "UseSCTP" => $sctp, | |
59 | "HandshakeMode" => "RenegotiateClient", | |
60 | "ResumptionExpected" => "Yes", | |
61 | "ExpectedResult" => "Success" | |
62 | } | |
63 | }, | |
64 | # Note: Unlike the TLS tests, we will never do resumption with server | |
65 | # initiated reneg. This is because an OpenSSL DTLS client will always do a full | |
66 | # handshake (i.e. it doesn't supply a session id) when it receives a | |
67 | # HelloRequest. This is different to the OpenSSL TLS implementation where an | |
68 | # OpenSSL client will always try an abbreviated handshake (i.e. it will supply | |
69 | # the session id). This goes all the way to commit 48ae85b6f when abbreviated | |
70 | # handshake support was first added. Neither behaviour is wrong, but the | |
71 | # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, | |
72 | # and if so, what to? | |
73 | { | |
74 | name => "renegotiate-server-resume".$suffix, | |
75 | server => { | |
76 | "MaxProtocol" => "DTLSv1.2", | |
77 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
78 | }, | |
79 | client => { | |
80 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
81 | }, | |
82 | test => { | |
83 | "Method" => "DTLS", | |
84 | "UseSCTP" => $sctp, | |
85 | "HandshakeMode" => "RenegotiateServer", | |
86 | "ResumptionExpected" => "No", | |
87 | "ExpectedResult" => "Success" | |
88 | } | |
89 | }, | |
90 | { | |
91 | name => "renegotiate-client-auth-require".$suffix, | |
92 | server => { | |
93 | "MaxProtocol" => "DTLSv1.2", | |
94 | "VerifyCAFile" => test_pem("root-cert.pem"), | |
95 | "VerifyMode" => "Require", | |
96 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
97 | }, | |
98 | client => { | |
99 | "Certificate" => test_pem("ee-client-chain.pem"), | |
100 | "PrivateKey" => test_pem("ee-key.pem"), | |
101 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
102 | }, | |
103 | test => { | |
104 | "Method" => "DTLS", | |
105 | "UseSCTP" => $sctp, | |
106 | "HandshakeMode" => "RenegotiateServer", | |
107 | "ResumptionExpected" => "No", | |
108 | "ExpectedResult" => "Success" | |
109 | } | |
110 | }, | |
111 | { | |
112 | name => "renegotiate-client-auth-once".$suffix, | |
113 | server => { | |
114 | "MaxProtocol" => "DTLSv1.2", | |
115 | "VerifyCAFile" => test_pem("root-cert.pem"), | |
116 | "VerifyMode" => "Once", | |
117 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
118 | }, | |
119 | client => { | |
120 | "Certificate" => test_pem("ee-client-chain.pem"), | |
121 | "PrivateKey" => test_pem("ee-key.pem"), | |
122 | "CipherString" => 'DEFAULT:@SECLEVEL=0' | |
123 | }, | |
124 | test => { | |
125 | "Method" => "DTLS", | |
126 | "UseSCTP" => $sctp, | |
127 | "HandshakeMode" => "RenegotiateServer", | |
128 | "ResumptionExpected" => "No", | |
129 | "ExpectedResult" => "Success" | |
130 | } | |
131 | } | |
132 | ); | |
133 | push @tests, @tests_basic; | |
134 | ||
135 | next if disabled("dtls1_2"); | |
136 | our @tests_dtls1_2 = ( | |
137 | { | |
138 | name => "renegotiate-aead-to-non-aead".$suffix, | |
139 | server => { | |
140 | "Options" => "NoResumptionOnRenegotiation" | |
141 | }, | |
142 | client => { | |
143 | "MaxProtocol" => "DTLSv1.2", | |
144 | "CipherString" => "AES128-GCM-SHA256", | |
145 | extra => { | |
146 | "RenegotiateCiphers" => "AES128-SHA" | |
147 | } | |
148 | }, | |
149 | test => { | |
150 | "Method" => "DTLS", | |
151 | "UseSCTP" => $sctp, | |
152 | "HandshakeMode" => "RenegotiateClient", | |
153 | "ResumptionExpected" => "No", | |
154 | "ExpectedResult" => "Success" | |
155 | } | |
156 | }, | |
157 | { | |
158 | name => "renegotiate-non-aead-to-aead".$suffix, | |
159 | server => { | |
160 | "Options" => "NoResumptionOnRenegotiation" | |
161 | }, | |
162 | client => { | |
163 | "MaxProtocol" => "DTLSv1.2", | |
164 | "CipherString" => "AES128-SHA", | |
165 | extra => { | |
166 | "RenegotiateCiphers" => "AES128-GCM-SHA256" | |
167 | } | |
168 | }, | |
169 | test => { | |
170 | "Method" => "DTLS", | |
171 | "UseSCTP" => $sctp, | |
172 | "HandshakeMode" => "RenegotiateClient", | |
173 | "ResumptionExpected" => "No", | |
174 | "ExpectedResult" => "Success" | |
175 | } | |
176 | }, | |
177 | { | |
178 | name => "renegotiate-non-aead-to-non-aead".$suffix, | |
179 | server => { | |
180 | "Options" => "NoResumptionOnRenegotiation" | |
181 | }, | |
182 | client => { | |
183 | "MaxProtocol" => "DTLSv1.2", | |
184 | "CipherString" => "AES128-SHA", | |
185 | extra => { | |
186 | "RenegotiateCiphers" => "AES256-SHA" | |
187 | } | |
188 | }, | |
189 | test => { | |
190 | "Method" => "DTLS", | |
191 | "UseSCTP" => $sctp, | |
192 | "HandshakeMode" => "RenegotiateClient", | |
193 | "ResumptionExpected" => "No", | |
194 | "ExpectedResult" => "Success" | |
195 | } | |
196 | }, | |
197 | { | |
198 | name => "renegotiate-aead-to-aead".$suffix, | |
199 | server => { | |
200 | "Options" => "NoResumptionOnRenegotiation" | |
201 | }, | |
202 | client => { | |
203 | "MaxProtocol" => "DTLSv1.2", | |
204 | "CipherString" => "AES128-GCM-SHA256", | |
205 | extra => { | |
206 | "RenegotiateCiphers" => "AES256-GCM-SHA384" | |
207 | } | |
208 | }, | |
209 | test => { | |
210 | "Method" => "DTLS", | |
211 | "UseSCTP" => $sctp, | |
212 | "HandshakeMode" => "RenegotiateClient", | |
213 | "ResumptionExpected" => "No", | |
214 | "ExpectedResult" => "Success" | |
215 | } | |
216 | }, | |
217 | ); | |
218 | push @tests, @tests_dtls1_2; | |
219 | } |