[thirdparty/openssl.git] / test / ssl-tests / 18-dtls-renegotiate.cnf.in

# -*- mode: perl; -*-
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


## Test Renegotiation

use strict;
use warnings;

package ssltests;
use OpenSSL::Test::Utils;

our @tests = ();

foreach my $sctp ("No", "Yes")
{
    next if disabled("sctp") && $sctp eq "Yes";

    my $suffix = ($sctp eq "No") ? "" : "-sctp";
    our @tests_basic = (
        {
            name => "renegotiate-client-no-resume".$suffix,
            server => {
                "Options" => "NoResumptionOnRenegotiation"
            },
            client => {},
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateClient",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        },
        {
            name => "renegotiate-client-resume".$suffix,
            server => {},
            client => {},
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateClient",
                "ResumptionExpected" => "Yes",
                "ExpectedResult" => "Success"
            }
        },
        # Note: Unlike the TLS tests, we will never do resumption with server
        # initiated reneg. This is because an OpenSSL DTLS client will always do a full
        # handshake (i.e. it doesn't supply a session id) when it receives a
        # HelloRequest. This is different to the OpenSSL TLS implementation where an
        # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
        # the session id). This goes all the way to commit 48ae85b6f when abbreviated
        # handshake support was first added. Neither behaviour is wrong, but the
        # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
        # and if so, what to?
        {
            name => "renegotiate-server-resume".$suffix,
            server => {},
            client => {},
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateServer",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        },
        {
            name => "renegotiate-client-auth-require".$suffix,
            server => {
                "VerifyCAFile" => test_pem("root-cert.pem"),
                "VerifyMode" => "Require",
            },
            client => {
                "Certificate" => test_pem("ee-client-chain.pem"),
                "PrivateKey"  => test_pem("ee-key.pem"),
            },
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateServer",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        },
        {
            name => "renegotiate-client-auth-once".$suffix,
            server => {
                "VerifyCAFile" => test_pem("root-cert.pem"),
                "VerifyMode" => "Once",
            },
            client => {
                "Certificate" => test_pem("ee-client-chain.pem"),
                "PrivateKey"  => test_pem("ee-key.pem"),
            },
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateServer",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        }
    );
    push @tests, @tests_basic;

    next if disabled("dtls1_2");
    our @tests_dtls1_2 = (
        {
            name => "renegotiate-aead-to-non-aead".$suffix,
            server => {
                "Options" => "NoResumptionOnRenegotiation"
            },
            client => {
                "CipherString" => "AES128-GCM-SHA256",
                extra => {
                    "RenegotiateCiphers" => "AES128-SHA"
                }
            },
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateClient",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        },
        {
            name => "renegotiate-non-aead-to-aead".$suffix,
            server => {
                "Options" => "NoResumptionOnRenegotiation"
            },
            client => {
                "CipherString" => "AES128-SHA",
                extra => {
                    "RenegotiateCiphers" => "AES128-GCM-SHA256"
                }
            },
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateClient",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        },
        {
            name => "renegotiate-non-aead-to-non-aead".$suffix,
            server => {
                "Options" => "NoResumptionOnRenegotiation"
            },
            client => {
                "CipherString" => "AES128-SHA",
                extra => {
                    "RenegotiateCiphers" => "AES256-SHA"
                }
            },
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateClient",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        },
        {
            name => "renegotiate-aead-to-aead".$suffix,
            server => {
                "Options" => "NoResumptionOnRenegotiation"
            },
            client => {
                "CipherString" => "AES128-GCM-SHA256",
                extra => {
                    "RenegotiateCiphers" => "AES256-GCM-SHA384"
                }
            },
            test => {
                "Method" => "DTLS",
                "UseSCTP" => $sctp,
                "HandshakeMode" => "RenegotiateClient",
                "ResumptionExpected" => "No",
                "ExpectedResult" => "Success"
            }
        },
    );
    push @tests, @tests_dtls1_2;
}
Commit	Line	Data
f9b1b664	1	# -- mode: perl; --
33388b44	2	# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
f9b1b664	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
f9b1b664 MC	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9
	10	## Test Renegotiation
	11
	12	use strict;
	13	use warnings;
	14
	15	package ssltests;
4d118fe0	16	use OpenSSL::Test::Utils;
f9b1b664	17
4ef8a6b2 MC	18	our @tests = ();
	19
	20	foreach my $sctp ("No", "Yes")
	21	{
ce466c96	22	next if disabled("sctp") && $sctp eq "Yes";
4ef8a6b2 MC	23
	24	my $suffix = ($sctp eq "No") ? "" : "-sctp";
	25	our @tests_basic = (
	26	{
	27	name => "renegotiate-client-no-resume".$suffix,
	28	server => {
	29	"Options" => "NoResumptionOnRenegotiation"
	30	},
	31	client => {},
	32	test => {
	33	"Method" => "DTLS",
	34	"UseSCTP" => $sctp,
	35	"HandshakeMode" => "RenegotiateClient",
	36	"ResumptionExpected" => "No",
	37	"ExpectedResult" => "Success"
	38	}
cc22cd54	39	},
4ef8a6b2 MC	40	{
	41	name => "renegotiate-client-resume".$suffix,
	42	server => {},
	43	client => {},
	44	test => {
	45	"Method" => "DTLS",
	46	"UseSCTP" => $sctp,
	47	"HandshakeMode" => "RenegotiateClient",
	48	"ResumptionExpected" => "Yes",
	49	"ExpectedResult" => "Success"
cc22cd54 MC	50	}
cc22cd54 MC	51	},
4ef8a6b2 MC	52	# Note: Unlike the TLS tests, we will never do resumption with server
	53	# initiated reneg. This is because an OpenSSL DTLS client will always do a full
	54	# handshake (i.e. it doesn't supply a session id) when it receives a
	55	# HelloRequest. This is different to the OpenSSL TLS implementation where an
	56	# OpenSSL client will always try an abbreviated handshake (i.e. it will supply
	57	# the session id). This goes all the way to commit 48ae85b6f when abbreviated
	58	# handshake support was first added. Neither behaviour is wrong, but the
	59	# discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
	60	# and if so, what to?
	61	{
	62	name => "renegotiate-server-resume".$suffix,
	63	server => {},
	64	client => {},
	65	test => {
	66	"Method" => "DTLS",
	67	"UseSCTP" => $sctp,
	68	"HandshakeMode" => "RenegotiateServer",
	69	"ResumptionExpected" => "No",
	70	"ExpectedResult" => "Success"
	71	}
cc22cd54	72	},
4ef8a6b2 MC	73	{
	74	name => "renegotiate-client-auth-require".$suffix,
	75	server => {
	76	"VerifyCAFile" => test_pem("root-cert.pem"),
	77	"VerifyMode" => "Require",
	78	},
	79	client => {
	80	"Certificate" => test_pem("ee-client-chain.pem"),
	81	"PrivateKey" => test_pem("ee-key.pem"),
	82	},
	83	test => {
	84	"Method" => "DTLS",
	85	"UseSCTP" => $sctp,
	86	"HandshakeMode" => "RenegotiateServer",
	87	"ResumptionExpected" => "No",
	88	"ExpectedResult" => "Success"
cc22cd54 MC	89	}
cc22cd54 MC	90	},
4ef8a6b2 MC	91	{
	92	name => "renegotiate-client-auth-once".$suffix,
	93	server => {
	94	"VerifyCAFile" => test_pem("root-cert.pem"),
	95	"VerifyMode" => "Once",
	96	},
	97	client => {
	98	"Certificate" => test_pem("ee-client-chain.pem"),
	99	"PrivateKey" => test_pem("ee-key.pem"),
	100	},
	101	test => {
	102	"Method" => "DTLS",
	103	"UseSCTP" => $sctp,
	104	"HandshakeMode" => "RenegotiateServer",
	105	"ResumptionExpected" => "No",
	106	"ExpectedResult" => "Success"
	107	}
cc22cd54	108	}
4ef8a6b2 MC	109	);
	110	push @tests, @tests_basic;
	111
	112	next if disabled("dtls1_2");
	113	our @tests_dtls1_2 = (
	114	{
	115	name => "renegotiate-aead-to-non-aead".$suffix,
	116	server => {
	117	"Options" => "NoResumptionOnRenegotiation"
	118	},
	119	client => {
	120	"CipherString" => "AES128-GCM-SHA256",
	121	extra => {
	122	"RenegotiateCiphers" => "AES128-SHA"
	123	}
	124	},
	125	test => {
	126	"Method" => "DTLS",
	127	"UseSCTP" => $sctp,
	128	"HandshakeMode" => "RenegotiateClient",
	129	"ResumptionExpected" => "No",
	130	"ExpectedResult" => "Success"
	131	}
cc22cd54	132	},
4ef8a6b2 MC	133	{
	134	name => "renegotiate-non-aead-to-aead".$suffix,
	135	server => {
	136	"Options" => "NoResumptionOnRenegotiation"
	137	},
	138	client => {
	139	"CipherString" => "AES128-SHA",
	140	extra => {
	141	"RenegotiateCiphers" => "AES128-GCM-SHA256"
	142	}
	143	},
	144	test => {
	145	"Method" => "DTLS",
	146	"UseSCTP" => $sctp,
	147	"HandshakeMode" => "RenegotiateClient",
	148	"ResumptionExpected" => "No",
	149	"ExpectedResult" => "Success"
cc22cd54 MC	150	}
cc22cd54 MC	151	},
4ef8a6b2 MC	152	{
	153	name => "renegotiate-non-aead-to-non-aead".$suffix,
	154	server => {
	155	"Options" => "NoResumptionOnRenegotiation"
	156	},
	157	client => {
	158	"CipherString" => "AES128-SHA",
	159	extra => {
	160	"RenegotiateCiphers" => "AES256-SHA"
	161	}
	162	},
	163	test => {
	164	"Method" => "DTLS",
	165	"UseSCTP" => $sctp,
	166	"HandshakeMode" => "RenegotiateClient",
	167	"ResumptionExpected" => "No",
	168	"ExpectedResult" => "Success"
	169	}
cc22cd54	170	},
4ef8a6b2 MC	171	{
	172	name => "renegotiate-aead-to-aead".$suffix,
	173	server => {
	174	"Options" => "NoResumptionOnRenegotiation"
	175	},
	176	client => {
	177	"CipherString" => "AES128-GCM-SHA256",
	178	extra => {
	179	"RenegotiateCiphers" => "AES256-GCM-SHA384"
	180	}
	181	},
	182	test => {
	183	"Method" => "DTLS",
	184	"UseSCTP" => $sctp,
	185	"HandshakeMode" => "RenegotiateClient",
	186	"ResumptionExpected" => "No",
	187	"ExpectedResult" => "Success"
cc22cd54 MC	188	}
cc22cd54 MC	189	},
4ef8a6b2 MC	190	);
	191	push @tests, @tests_dtls1_2;
	192	}