[thirdparty/openssl.git] / test / recipes / 70-test_sslmessages.t

#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
use OpenSSL::Test::Utils;
use File::Temp qw(tempfile);
use TLSProxy::Proxy;
use checkhandshake qw(checkhandshake @handmessages @extensions);

my $test_name = "test_sslmessages";
setup($test_name);

plan skip_all => "TLSProxy isn't usable on $^O"
    if $^O =~ /^(VMS|MSWin32)$/;

plan skip_all => "$test_name needs the dynamic engine feature enabled"
    if disabled("engine") || disabled("dynamic-engine");

plan skip_all => "$test_name needs the sock feature enabled"
    if disabled("sock");

plan skip_all => "$test_name needs TLS enabled"
    if alldisabled(available_protocols("tls"));

$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");

my $proxy = TLSProxy::Proxy->new(
    undef,
    cmdstr(app(["openssl"]), display => 1),
    srctop_file("apps", "server.pem"),
    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
);

@handmessages = (
    [TLSProxy::Message::MT_CLIENT_HELLO,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_SERVER_HELLO,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_CERTIFICATE,
        checkhandshake::ALL_HANDSHAKES
        & ~checkhandshake::RESUME_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE_STATUS,
        checkhandshake::OCSP_HANDSHAKE],
    #ServerKeyExchange handshakes not currently supported by TLSProxy
    [TLSProxy::Message::MT_CERTIFICATE_REQUEST,
        checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_SERVER_HELLO_DONE,
        checkhandshake::ALL_HANDSHAKES
        & ~checkhandshake::RESUME_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE,
        checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE,
        checkhandshake::ALL_HANDSHAKES
        & ~checkhandshake::RESUME_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
        checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_NEXT_PROTO,
        checkhandshake::NPN_HANDSHAKE],
    [TLSProxy::Message::MT_FINISHED,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_NEW_SESSION_TICKET,
        checkhandshake::ALL_HANDSHAKES
        & ~checkhandshake::RESUME_HANDSHAKE],
    [TLSProxy::Message::MT_FINISHED,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_CLIENT_HELLO,
        checkhandshake::RENEG_HANDSHAKE],
    [TLSProxy::Message::MT_SERVER_HELLO,
        checkhandshake::RENEG_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE,
        checkhandshake::RENEG_HANDSHAKE],
    [TLSProxy::Message::MT_SERVER_HELLO_DONE,
        checkhandshake::RENEG_HANDSHAKE],
    [TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE,
        checkhandshake::RENEG_HANDSHAKE],
    [TLSProxy::Message::MT_FINISHED,
        checkhandshake::RENEG_HANDSHAKE],
    [TLSProxy::Message::MT_NEW_SESSION_TICKET,
        checkhandshake::RENEG_HANDSHAKE],
    [TLSProxy::Message::MT_FINISHED,
        checkhandshake::RENEG_HANDSHAKE],
    [0, 0]
);

@extensions = (
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
        checkhandshake::SERVER_NAME_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
        checkhandshake::ALPN_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
        checkhandshake::SCT_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
        checkhandshake::RENEGOTIATE_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN,
        checkhandshake::NPN_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP,
        checkhandshake::SRP_CLI_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
        checkhandshake::SESSION_TICKET_SRV_EXTENSION],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
        checkhandshake::SERVER_NAME_SRV_EXTENSION],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
        checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN,
        checkhandshake::ALPN_SRV_EXTENSION],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT,
        checkhandshake::SCT_SRV_EXTENSION],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,
        checkhandshake::NPN_SRV_EXTENSION],
    [0,0,0]
);

#Test 1: Check we get all the right messages for a default handshake
(undef, my $session) = tempfile();
$proxy->serverconnects(2);
$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 20;
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
               "Default handshake test");

#Test 2: Resumption handshake
$proxy->clearClient();
$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
$proxy->clientstart();
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               & ~checkhandshake::SESSION_TICKET_SRV_EXTENSION,
               "Resumption handshake test");
unlink $session;

#Test 3: A status_request handshake (client request only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -status");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
               "status_request handshake test (client)");

#Test 4: A status_request handshake (server support only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
               "status_request handshake test (server)");

#Test 5: A status_request handshake (client and server)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -status");
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
               | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
               "status_request handshake test");

#Test 6: A client auth handshake
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -cert ".srctop_file("apps", "server.pem"));
$proxy->serverflags("-Verify 5");
$proxy->start();
checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
               "Client auth handshake test");

#Test 7: A handshake with a renegotiation
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
$proxy->reneg(1);
$proxy->start();
checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
               "Rengotiation handshake test");

#Test 8: Server name handshake (client request only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -servername testhost");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::SERVER_NAME_CLI_EXTENSION,
               "Server name handshake test (client)");

#Test 9: Server name handshake (server support only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
$proxy->serverflags("-servername testhost");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
               "Server name handshake test (server)");

#Test 10: Server name handshake (client and server)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -servername testhost");
$proxy->serverflags("-servername testhost");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::SERVER_NAME_CLI_EXTENSION
               | checkhandshake::SERVER_NAME_SRV_EXTENSION,
               "Server name handshake test");

#Test 11: ALPN handshake (client request only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -alpn test");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::ALPN_CLI_EXTENSION,
               "ALPN handshake test (client)");

#Test 12: ALPN handshake (server support only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
$proxy->serverflags("-alpn test");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
               "ALPN handshake test (server)");

#Test 13: ALPN handshake (client and server)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -alpn test");
$proxy->serverflags("-alpn test");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::ALPN_CLI_EXTENSION
               | checkhandshake::ALPN_SRV_EXTENSION,
               "ALPN handshake test");

#Test 14: SCT handshake (client request only)
$proxy->clear();
#Note: -ct also sends status_request
$proxy->clientflags("-no_tls1_3 -ct");
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::SCT_CLI_EXTENSION
               | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
               | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
               "SCT handshake test (client)");

#Test 15: SCT handshake (server support only)
$proxy->clear();
#Note: -ct also sends status_request
$proxy->clientflags("-no_tls1_3");
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der"));
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
               "SCT handshake test (server)");

#Test 16: SCT handshake (client and server)
#There is no built-in server side support for this so we are actually also
#testing custom extensions here
$proxy->clear();
#Note: -ct also sends status_request
$proxy->clientflags("-no_tls1_3 -ct");
$proxy->serverflags("-status_file "
                    .srctop_file("test", "recipes", "ocsp-response.der")
                    ." -serverinfo ".srctop_file("test", "serverinfo.pem"));
$proxy->start();
checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::SCT_CLI_EXTENSION
               | checkhandshake::SCT_SRV_EXTENSION
               | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
               | checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
               "SCT handshake test");


#Test 17: NPN handshake (client request only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -nextprotoneg test");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::NPN_CLI_EXTENSION,
              "NPN handshake test (client)");

#Test 18: NPN handshake (server support only)
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
$proxy->serverflags("-nextprotoneg test");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS,
              "NPN handshake test (server)");

#Test 19: NPN handshake (client and server)
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -nextprotoneg test");
$proxy->serverflags("-nextprotoneg test");
$proxy->start();
checkhandshake($proxy, checkhandshake::NPN_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::NPN_CLI_EXTENSION
               | checkhandshake::NPN_SRV_EXTENSION,
               "NPN handshake test");

#Test 20: SRP extension
#Note: We are not actually going to perform an SRP handshake (TLSProxy does not
#support it). However it is sufficient for us to check that the SRP extension
#gets added on the client side. There is no SRP extension generated on the
#server side anyway.
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -srpuser user -srppass pass:pass");
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::SRP_CLI_EXTENSION,
               "SRP extension test");
Commit	Line	Data
0bfe166b MC	1	#! /usr/bin/env perl
	2	# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
	3	#
	4	# Licensed under the OpenSSL license (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	use strict;
f50306c2	10	use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
0bfe166b MC	11	use OpenSSL::Test::Utils;
	12	use File::Temp qw(tempfile);
	13	use TLSProxy::Proxy;
1e566129	14	use checkhandshake qw(checkhandshake @handmessages @extensions);
f50306c2	15
1e566129 MC	16	my $test_name = "test_sslmessages";
1e566129 MC	17	setup($test_name);
f50306c2	18
0bfe166b MC	19	plan skip_all => "TLSProxy isn't usable on $^O"
	20	if $^O =~ /^(VMS\|MSWin32)$/;
	21
	22	plan skip_all => "$test_name needs the dynamic engine feature enabled"
	23	if disabled("engine") \|\| disabled("dynamic-engine");
	24
	25	plan skip_all => "$test_name needs the sock feature enabled"
	26	if disabled("sock");
	27
	28	plan skip_all => "$test_name needs TLS enabled"
	29	if alldisabled(available_protocols("tls"));
	30
	31	$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
60ea0034	32	$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
6ca94f10	33
0bfe166b MC	34	my $proxy = TLSProxy::Proxy->new(
	35	undef,
	36	cmdstr(app(["openssl"]), display => 1),
	37	srctop_file("apps", "server.pem"),
	38	(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})
	39	);
	40
f50306c2 MC	41	@handmessages = (
f50306c2 MC	42	[TLSProxy::Message::MT_CLIENT_HELLO,
1e566129	43	checkhandshake::ALL_HANDSHAKES],
f50306c2	44	[TLSProxy::Message::MT_SERVER_HELLO,
1e566129	45	checkhandshake::ALL_HANDSHAKES],
f50306c2	46	[TLSProxy::Message::MT_CERTIFICATE,
1e566129 MC	47	checkhandshake::ALL_HANDSHAKES
1e566129 MC	48	& ~checkhandshake::RESUME_HANDSHAKE],
f50306c2	49	[TLSProxy::Message::MT_CERTIFICATE_STATUS,
1e566129	50	checkhandshake::OCSP_HANDSHAKE],
f50306c2 MC	51	#ServerKeyExchange handshakes not currently supported by TLSProxy
f50306c2 MC	52	[TLSProxy::Message::MT_CERTIFICATE_REQUEST,
1e566129	53	checkhandshake::CLIENT_AUTH_HANDSHAKE],
f50306c2	54	[TLSProxy::Message::MT_SERVER_HELLO_DONE,
1e566129 MC	55	checkhandshake::ALL_HANDSHAKES
1e566129 MC	56	& ~checkhandshake::RESUME_HANDSHAKE],
f50306c2	57	[TLSProxy::Message::MT_CERTIFICATE,
1e566129	58	checkhandshake::CLIENT_AUTH_HANDSHAKE],
f50306c2	59	[TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE,
1e566129 MC	60	checkhandshake::ALL_HANDSHAKES
1e566129 MC	61	& ~checkhandshake::RESUME_HANDSHAKE],
f50306c2	62	[TLSProxy::Message::MT_CERTIFICATE_VERIFY,
1e566129	63	checkhandshake::CLIENT_AUTH_HANDSHAKE],
60ea0034	64	[TLSProxy::Message::MT_NEXT_PROTO,
1e566129	65	checkhandshake::NPN_HANDSHAKE],
f50306c2	66	[TLSProxy::Message::MT_FINISHED,
1e566129	67	checkhandshake::ALL_HANDSHAKES],
f50306c2	68	[TLSProxy::Message::MT_NEW_SESSION_TICKET,
1e566129 MC	69	checkhandshake::ALL_HANDSHAKES
1e566129 MC	70	& ~checkhandshake::RESUME_HANDSHAKE],
f50306c2	71	[TLSProxy::Message::MT_FINISHED,
1e566129	72	checkhandshake::ALL_HANDSHAKES],
f50306c2	73	[TLSProxy::Message::MT_CLIENT_HELLO,
1e566129	74	checkhandshake::RENEG_HANDSHAKE],
f50306c2	75	[TLSProxy::Message::MT_SERVER_HELLO,
1e566129	76	checkhandshake::RENEG_HANDSHAKE],
f50306c2	77	[TLSProxy::Message::MT_CERTIFICATE,
1e566129	78	checkhandshake::RENEG_HANDSHAKE],
f50306c2	79	[TLSProxy::Message::MT_SERVER_HELLO_DONE,
1e566129	80	checkhandshake::RENEG_HANDSHAKE],
f50306c2	81	[TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE,
1e566129	82	checkhandshake::RENEG_HANDSHAKE],
f50306c2	83	[TLSProxy::Message::MT_FINISHED,
1e566129	84	checkhandshake::RENEG_HANDSHAKE],
f50306c2	85	[TLSProxy::Message::MT_NEW_SESSION_TICKET,
1e566129	86	checkhandshake::RENEG_HANDSHAKE],
f50306c2	87	[TLSProxy::Message::MT_FINISHED,
1e566129	88	checkhandshake::RENEG_HANDSHAKE],
f50306c2 MC	89	[0, 0]
	90	);
	91
	92	@extensions = (
	93	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
1e566129	94	checkhandshake::SERVER_NAME_CLI_EXTENSION],
f50306c2	95	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
1e566129	96	checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
f50306c2	97	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
1e566129	98	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	99	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
1e566129	100	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	101	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
1e566129	102	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	103	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
1e566129	104	checkhandshake::ALPN_CLI_EXTENSION],
f50306c2	105	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
1e566129	106	checkhandshake::SCT_CLI_EXTENSION],
f50306c2	107	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
1e566129	108	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	109	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
1e566129	110	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	111	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
1e566129	112	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	113	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
1e566129	114	checkhandshake::RENEGOTIATE_CLI_EXTENSION],
60ea0034	115	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN,
1e566129	116	checkhandshake::NPN_CLI_EXTENSION],
60ea0034	117	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP,
1e566129	118	checkhandshake::SRP_CLI_EXTENSION],
f50306c2 MC	119
f50306c2 MC	120	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
1e566129	121	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	122	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
1e566129	123	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	124	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
1e566129	125	checkhandshake::DEFAULT_EXTENSIONS],
f50306c2	126	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
1e566129	127	checkhandshake::SESSION_TICKET_SRV_EXTENSION],
f50306c2	128	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
1e566129	129	checkhandshake::SERVER_NAME_SRV_EXTENSION],
f50306c2	130	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
1e566129	131	checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
f50306c2	132	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN,
1e566129	133	checkhandshake::ALPN_SRV_EXTENSION],
60ea0034	134	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT,
1e566129	135	checkhandshake::SCT_SRV_EXTENSION],
60ea0034	136	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,
1e566129	137	checkhandshake::NPN_SRV_EXTENSION],
f50306c2 MC	138	[0,0,0]
f50306c2 MC	139	);
0bfe166b MC	140
	141	#Test 1: Check we get all the right messages for a default handshake
	142	(undef, my $session) = tempfile();
	143	$proxy->serverconnects(2);
	144	$proxy->clientflags("-no_tls1_3 -sess_out ".$session);
	145	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
60ea0034	146	plan tests => 20;
1e566129 MC	147	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
1e566129 MC	148	checkhandshake::DEFAULT_EXTENSIONS,
f50306c2	149	"Default handshake test");
0bfe166b MC	150
	151	#Test 2: Resumption handshake
	152	$proxy->clearClient();
	153	$proxy->clientflags("-no_tls1_3 -sess_in ".$session);
	154	$proxy->clientstart();
1e566129 MC	155	checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
	156	checkhandshake::DEFAULT_EXTENSIONS
	157	& ~checkhandshake::SESSION_TICKET_SRV_EXTENSION,
f50306c2	158	"Resumption handshake test");
0bfe166b MC	159	unlink $session;
0bfe166b MC	160
60ea0034 MC	161	#Test 3: A status_request handshake (client request only)
	162	$proxy->clear();
	163	$proxy->clientflags("-no_tls1_3 -status");
	164	$proxy->start();
1e566129	165	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
96153874 MC	166	checkhandshake::DEFAULT_EXTENSIONS
	167	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
	168	"status_request handshake test (client)");
60ea0034 MC	169
	170	#Test 4: A status_request handshake (server support only)
	171	$proxy->clear();
	172	$proxy->clientflags("-no_tls1_3");
	173	$proxy->serverflags("-status_file "
	174	.srctop_file("test", "recipes", "ocsp-response.der"));
	175	$proxy->start();
1e566129 MC	176	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
1e566129 MC	177	checkhandshake::DEFAULT_EXTENSIONS,
96153874	178	"status_request handshake test (server)");
60ea0034 MC	179
60ea0034 MC	180	#Test 5: A status_request handshake (client and server)
2de94a36 MC	181	$proxy->clear();
	182	$proxy->clientflags("-no_tls1_3 -status");
	183	$proxy->serverflags("-status_file "
	184	.srctop_file("test", "recipes", "ocsp-response.der"));
	185	$proxy->start();
1e566129	186	checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
96153874 MC	187	checkhandshake::DEFAULT_EXTENSIONS
	188	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
	189	\| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
	190	"status_request handshake test");
0bfe166b	191
60ea0034	192	#Test 6: A client auth handshake
0bfe166b MC	193	$proxy->clear();
	194	$proxy->clientflags("-no_tls1_3 -cert ".srctop_file("apps", "server.pem"));
	195	$proxy->serverflags("-Verify 5");
	196	$proxy->start();
1e566129 MC	197	checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
1e566129 MC	198	checkhandshake::DEFAULT_EXTENSIONS,
f50306c2	199	"Client auth handshake test");
0bfe166b	200
60ea0034	201	#Test 7: A handshake with a renegotiation
0bfe166b MC	202	$proxy->clear();
	203	$proxy->clientflags("-no_tls1_3");
	204	$proxy->reneg(1);
	205	$proxy->start();
1e566129 MC	206	checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE,
1e566129 MC	207	checkhandshake::DEFAULT_EXTENSIONS,
f50306c2 MC	208	"Rengotiation handshake test");
f50306c2 MC	209
60ea0034 MC	210	#Test 8: Server name handshake (client request only)
	211	$proxy->clear();
	212	$proxy->clientflags("-no_tls1_3 -servername testhost");
	213	$proxy->start();
1e566129 MC	214	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
	215	checkhandshake::DEFAULT_EXTENSIONS
	216	\| checkhandshake::SERVER_NAME_CLI_EXTENSION,
96153874	217	"Server name handshake test (client)");
60ea0034 MC	218
	219	#Test 9: Server name handshake (server support only)
	220	$proxy->clear();
	221	$proxy->clientflags("-no_tls1_3");
	222	$proxy->serverflags("-servername testhost");
	223	$proxy->start();
1e566129 MC	224	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
1e566129 MC	225	checkhandshake::DEFAULT_EXTENSIONS,
96153874	226	"Server name handshake test (server)");
60ea0034 MC	227
	228	#Test 10: Server name handshake (client and server)
	229	$proxy->clear();
	230	$proxy->clientflags("-no_tls1_3 -servername testhost");
	231	$proxy->serverflags("-servername testhost");
	232	$proxy->start();
1e566129	233	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
96153874 MC	234	checkhandshake::DEFAULT_EXTENSIONS
	235	\| checkhandshake::SERVER_NAME_CLI_EXTENSION
	236	\| checkhandshake::SERVER_NAME_SRV_EXTENSION,
	237	"Server name handshake test");
60ea0034 MC	238
	239	#Test 11: ALPN handshake (client request only)
	240	$proxy->clear();
	241	$proxy->clientflags("-no_tls1_3 -alpn test");
	242	$proxy->start();
1e566129 MC	243	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
	244	checkhandshake::DEFAULT_EXTENSIONS
	245	\| checkhandshake::ALPN_CLI_EXTENSION,
96153874	246	"ALPN handshake test (client)");
f50306c2	247
60ea0034 MC	248	#Test 12: ALPN handshake (server support only)
	249	$proxy->clear();
	250	$proxy->clientflags("-no_tls1_3");
	251	$proxy->serverflags("-alpn test");
	252	$proxy->start();
1e566129 MC	253	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
1e566129 MC	254	checkhandshake::DEFAULT_EXTENSIONS,
96153874	255	"ALPN handshake test (server)");
a1448c26	256
60ea0034 MC	257	#Test 13: ALPN handshake (client and server)
	258	$proxy->clear();
	259	$proxy->clientflags("-no_tls1_3 -alpn test");
	260	$proxy->serverflags("-alpn test");
	261	$proxy->start();
1e566129	262	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
96153874 MC	263	checkhandshake::DEFAULT_EXTENSIONS
	264	\| checkhandshake::ALPN_CLI_EXTENSION
	265	\| checkhandshake::ALPN_SRV_EXTENSION,
	266	"ALPN handshake test");
60ea0034 MC	267
	268	#Test 14: SCT handshake (client request only)
	269	$proxy->clear();
	270	#Note: -ct also sends status_request
	271	$proxy->clientflags("-no_tls1_3 -ct");
	272	$proxy->serverflags("-status_file "
	273	.srctop_file("test", "recipes", "ocsp-response.der"));
	274	$proxy->start();
1e566129	275	checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
96153874 MC	276	checkhandshake::DEFAULT_EXTENSIONS
	277	\| checkhandshake::SCT_CLI_EXTENSION
	278	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
	279	\| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
	280	"SCT handshake test (client)");
60ea0034 MC	281
	282	#Test 15: SCT handshake (server support only)
	283	$proxy->clear();
	284	#Note: -ct also sends status_request
	285	$proxy->clientflags("-no_tls1_3");
	286	$proxy->serverflags("-status_file "
	287	.srctop_file("test", "recipes", "ocsp-response.der"));
	288	$proxy->start();
1e566129	289	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
96153874 MC	290	checkhandshake::DEFAULT_EXTENSIONS,
96153874 MC	291	"SCT handshake test (server)");
60ea0034 MC	292
	293	#Test 16: SCT handshake (client and server)
	294	#There is no built-in server side support for this so we are actually also
	295	#testing custom extensions here
	296	$proxy->clear();
	297	#Note: -ct also sends status_request
	298	$proxy->clientflags("-no_tls1_3 -ct");
	299	$proxy->serverflags("-status_file "
	300	.srctop_file("test", "recipes", "ocsp-response.der")
	301	." -serverinfo ".srctop_file("test", "serverinfo.pem"));
	302	$proxy->start();
1e566129	303	checkhandshake($proxy, checkhandshake::OCSP_HANDSHAKE,
96153874 MC	304	checkhandshake::DEFAULT_EXTENSIONS
	305	\| checkhandshake::SCT_CLI_EXTENSION
	306	\| checkhandshake::SCT_SRV_EXTENSION
	307	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
	308	\| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
	309	"SCT handshake test");
60ea0034 MC	310
	311
	312	#Test 17: NPN handshake (client request only)
	313	$proxy->clear();
	314	$proxy->clientflags("-no_tls1_3 -nextprotoneg test");
	315	$proxy->start();
1e566129 MC	316	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
	317	checkhandshake::DEFAULT_EXTENSIONS
	318	\| checkhandshake::NPN_CLI_EXTENSION,
60ea0034 MC	319	"NPN handshake test (client)");
	320
	321	#Test 18: NPN handshake (server support only)
	322	$proxy->clear();
	323	$proxy->clientflags("-no_tls1_3");
	324	$proxy->serverflags("-nextprotoneg test");
	325	$proxy->start();
1e566129 MC	326	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
1e566129 MC	327	checkhandshake::DEFAULT_EXTENSIONS,
60ea0034	328	"NPN handshake test (server)");
a1448c26	329
60ea0034 MC	330	#Test 19: NPN handshake (client and server)
	331	$proxy->clear();
	332	$proxy->clientflags("-no_tls1_3 -nextprotoneg test");
	333	$proxy->serverflags("-nextprotoneg test");
	334	$proxy->start();
1e566129	335	checkhandshake($proxy, checkhandshake::NPN_HANDSHAKE,
96153874 MC	336	checkhandshake::DEFAULT_EXTENSIONS
	337	\| checkhandshake::NPN_CLI_EXTENSION
	338	\| checkhandshake::NPN_SRV_EXTENSION,
	339	"NPN handshake test");
60ea0034 MC	340
	341	#Test 20: SRP extension
	342	#Note: We are not actually going to perform an SRP handshake (TLSProxy does not
	343	#support it). However it is sufficient for us to check that the SRP extension
	344	#gets added on the client side. There is no SRP extension generated on the
	345	#server side anyway.
	346	$proxy->clear();
	347	$proxy->clientflags("-no_tls1_3 -srpuser user -srppass pass:pass");
	348	$proxy->start();
1e566129	349	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
96153874 MC	350	checkhandshake::DEFAULT_EXTENSIONS
	351	\| checkhandshake::SRP_CLI_EXTENSION,
	352	"SRP extension test");