]>
Commit | Line | Data |
---|---|---|
ddcc5e5b MC |
1 | #!/usr/bin/perl |
2 | # Written by Matt Caswell for the OpenSSL project. | |
3 | # ==================================================================== | |
4 | # Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. | |
5 | # | |
6 | # Redistribution and use in source and binary forms, with or without | |
7 | # modification, are permitted provided that the following conditions | |
8 | # are met: | |
9 | # | |
10 | # 1. Redistributions of source code must retain the above copyright | |
11 | # notice, this list of conditions and the following disclaimer. | |
12 | # | |
13 | # 2. Redistributions in binary form must reproduce the above copyright | |
14 | # notice, this list of conditions and the following disclaimer in | |
15 | # the documentation and/or other materials provided with the | |
16 | # distribution. | |
17 | # | |
18 | # 3. All advertising materials mentioning features or use of this | |
19 | # software must display the following acknowledgment: | |
20 | # "This product includes software developed by the OpenSSL Project | |
21 | # for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
22 | # | |
23 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
24 | # endorse or promote products derived from this software without | |
25 | # prior written permission. For written permission, please contact | |
26 | # openssl-core@openssl.org. | |
27 | # | |
28 | # 5. Products derived from this software may not be called "OpenSSL" | |
29 | # nor may "OpenSSL" appear in their names without prior written | |
30 | # permission of the OpenSSL Project. | |
31 | # | |
32 | # 6. Redistributions of any form whatsoever must retain the following | |
33 | # acknowledgment: | |
34 | # "This product includes software developed by the OpenSSL Project | |
35 | # for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
36 | # | |
37 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
38 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
39 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
40 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
41 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
42 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
43 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
44 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
45 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
46 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
47 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
48 | # OF THE POSSIBILITY OF SUCH DAMAGE. | |
49 | # ==================================================================== | |
50 | # | |
51 | # This product includes cryptographic software written by Eric Young | |
52 | # (eay@cryptsoft.com). This product includes software written by Tim | |
53 | # Hudson (tjh@cryptsoft.com). | |
54 | ||
55 | use strict; | |
42e0ccdf | 56 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; |
3f22ed2f | 57 | use OpenSSL::Test::Utils; |
ddcc5e5b MC |
58 | use TLSProxy::Proxy; |
59 | use File::Temp qw(tempfile); | |
60 | ||
c27a4049 RL |
61 | my $test_name = "test_sslsessiontick"; |
62 | setup($test_name); | |
63 | ||
60f9f1e1 RL |
64 | plan skip_all => "TLSProxy isn't usable on $^O" |
65 | if $^O =~ /^VMS$/; | |
66 | ||
2dd400bd | 67 | plan skip_all => "$test_name needs the dynamic engine feature enabled" |
19ab5790 | 68 | if disabled("engine") || disabled("dynamic-engine"); |
c27a4049 | 69 | |
42e0ccdf | 70 | $ENV{OPENSSL_ENGINES} = bldtop_dir("engines"); |
c27a4049 RL |
71 | $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; |
72 | ||
73 | sub checkmessages($$$$$$); | |
74 | sub clearall(); | |
75 | ||
ddcc5e5b MC |
76 | my $chellotickext = 0; |
77 | my $shellotickext = 0; | |
78 | my $fullhand = 0; | |
79 | my $ticketseen = 0; | |
80 | ||
81 | my $proxy = TLSProxy::Proxy->new( | |
82 | undef, | |
c27a4049 | 83 | cmdstr(app(["openssl"])), |
b44b935e RL |
84 | srctop_file("apps", "server.pem"), |
85 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
ddcc5e5b MC |
86 | ); |
87 | ||
cf7f8592 | 88 | plan tests => 8; |
c27a4049 | 89 | |
ddcc5e5b MC |
90 | #Test 1: By default with no existing session we should get a session ticket |
91 | #Expected result: ClientHello extension seen; ServerHello extension seen | |
92 | # NewSessionTicket message seen; Full handshake | |
93 | $proxy->start(); | |
94 | checkmessages(1, "Default session ticket test", 1, 1, 1, 1); | |
95 | ||
96 | #Test 2: If the server does not accept tickets we should get a normal handshake | |
97 | #with no session tickets | |
98 | #Expected result: ClientHello extension seen; ServerHello extension not seen | |
99 | # NewSessionTicket message not seen; Full handshake | |
100 | clearall(); | |
101 | $proxy->serverflags("-no_ticket"); | |
102 | $proxy->start(); | |
103 | checkmessages(2, "No server support session ticket test", 1, 0, 0, 1); | |
104 | ||
105 | #Test 3: If the client does not accept tickets we should get a normal handshake | |
106 | #with no session tickets | |
107 | #Expected result: ClientHello extension not seen; ServerHello extension not seen | |
108 | # NewSessionTicket message not seen; Full handshake | |
109 | clearall(); | |
110 | $proxy->clientflags("-no_ticket"); | |
111 | $proxy->start(); | |
112 | checkmessages(3, "No client support session ticket test", 0, 0, 0, 1); | |
113 | ||
114 | #Test 4: Test session resumption with session ticket | |
115 | #Expected result: ClientHello extension seen; ServerHello extension not seen | |
116 | # NewSessionTicket message not seen; Abbreviated handshake | |
117 | clearall(); | |
118 | (my $fh, my $session) = tempfile(); | |
119 | $proxy->serverconnects(2); | |
120 | $proxy->clientflags("-sess_out ".$session); | |
121 | $proxy->start(); | |
122 | $proxy->clear(); | |
123 | $proxy->clientflags("-sess_in ".$session); | |
124 | $proxy->clientstart(); | |
125 | checkmessages(4, "Session resumption session ticket test", 1, 0, 0, 0); | |
126 | ||
127 | #Test 5: Test session resumption with ticket capable client without a ticket | |
128 | #Expected result: ClientHello extension seen; ServerHello extension seen | |
129 | # NewSessionTicket message seen; Abbreviated handshake | |
130 | clearall(); | |
c27a4049 | 131 | ($fh, $session) = tempfile(); |
ddcc5e5b MC |
132 | $proxy->serverconnects(2); |
133 | $proxy->clientflags("-sess_out ".$session." -no_ticket"); | |
134 | $proxy->start(); | |
135 | $proxy->clear(); | |
136 | $proxy->clientflags("-sess_in ".$session); | |
137 | $proxy->clientstart(); | |
138 | checkmessages(5, "Session resumption with ticket capable client without a " | |
139 | ."ticket", 1, 1, 1, 0); | |
140 | ||
7f6d90ac EK |
141 | #Test 6: Client accepts empty ticket. |
142 | #Expected result: ClientHello extension seen; ServerHello extension seen; | |
143 | # NewSessionTicket message seen; Full handshake. | |
144 | clearall(); | |
145 | $proxy->filter(\&ticket_filter); | |
146 | $proxy->start(); | |
147 | checkmessages(6, "Empty ticket test", 1, 1, 1, 1); | |
148 | ||
cf7f8592 EK |
149 | #Test 7-8: Client keeps existing ticket on empty ticket. |
150 | clearall(); | |
151 | ($fh, $session) = tempfile(); | |
152 | $proxy->serverconnects(3); | |
153 | $proxy->filter(undef); | |
154 | $proxy->clientflags("-sess_out ".$session); | |
155 | $proxy->start(); | |
156 | $proxy->clear(); | |
157 | $proxy->clientflags("-sess_in ".$session." -sess_out ".$session); | |
158 | $proxy->filter(\&inject_empty_ticket_filter); | |
159 | $proxy->clientstart(); | |
160 | #Expected result: ClientHello extension seen; ServerHello extension seen; | |
161 | # NewSessionTicket message seen; Abbreviated handshake. | |
162 | checkmessages(7, "Empty ticket resumption test", 1, 1, 1, 0); | |
163 | clearall(); | |
164 | $proxy->clientflags("-sess_in ".$session); | |
165 | $proxy->filter(undef); | |
166 | $proxy->clientstart(); | |
167 | #Expected result: ClientHello extension seen; ServerHello extension not seen; | |
168 | # NewSessionTicket message not seen; Abbreviated handshake. | |
169 | checkmessages(8, "Empty ticket resumption test", 1, 0, 0, 0); | |
170 | ||
7f6d90ac EK |
171 | |
172 | sub ticket_filter | |
173 | { | |
174 | my $proxy = shift; | |
175 | ||
176 | foreach my $message (@{$proxy->message_list}) { | |
177 | if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { | |
178 | $message->ticket(""); | |
179 | $message->repack(); | |
180 | } | |
181 | } | |
182 | } | |
183 | ||
cf7f8592 EK |
184 | sub inject_empty_ticket_filter { |
185 | my $proxy = shift; | |
186 | ||
187 | foreach my $message (@{$proxy->message_list}) { | |
188 | if ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { | |
189 | # Only inject the message first time we're called. | |
190 | return; | |
191 | } | |
192 | } | |
193 | ||
194 | my @new_message_list = (); | |
195 | foreach my $message (@{$proxy->message_list}) { | |
196 | push @new_message_list, $message; | |
197 | if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO) { | |
aa474d1f | 198 | $message->set_extension(TLSProxy::Message::EXT_SESSION_TICKET, ""); |
cf7f8592 EK |
199 | $message->repack(); |
200 | # Tack NewSessionTicket onto the ServerHello record. | |
201 | # This only works if the ServerHello is exactly one record. | |
202 | my $record = ${$message->records}[0]; | |
203 | ||
204 | my $offset = $message->startoffset + $message->encoded_length; | |
205 | my $newsessionticket = TLSProxy::NewSessionTicket->new( | |
206 | 1, "", [$record], $offset, []); | |
207 | $newsessionticket->repack(); | |
208 | push @new_message_list, $newsessionticket; | |
209 | } | |
210 | } | |
211 | $proxy->message_list([@new_message_list]); | |
212 | } | |
213 | ||
c27a4049 | 214 | sub checkmessages($$$$$$) |
ddcc5e5b MC |
215 | { |
216 | my ($testno, $testname, $testch, $testsh, $testtickseen, $testhand) = @_; | |
217 | ||
c27a4049 RL |
218 | subtest $testname => sub { |
219 | ||
220 | foreach my $message (@{$proxy->message_list}) { | |
221 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO | |
ddcc5e5b | 222 | || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) { |
c27a4049 RL |
223 | #Get the extensions data |
224 | my %extensions = %{$message->extension_data}; | |
225 | if (defined | |
aa474d1f | 226 | $extensions{TLSProxy::Message::EXT_SESSION_TICKET}) { |
c27a4049 RL |
227 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { |
228 | $chellotickext = 1; | |
229 | } else { | |
230 | $shellotickext = 1; | |
231 | } | |
232 | } | |
233 | } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) { | |
234 | #Must be doing a full handshake | |
235 | $fullhand = 1; | |
236 | } elsif ($message->mt == TLSProxy::Message::MT_NEW_SESSION_TICKET) { | |
237 | $ticketseen = 1; | |
238 | } | |
239 | } | |
ddcc5e5b | 240 | |
c27a4049 RL |
241 | plan tests => 5; |
242 | ||
7f6d90ac | 243 | ok(TLSProxy::Message->success, "Handshake"); |
c27a4049 RL |
244 | ok(($testch && $chellotickext) || (!$testch && !$chellotickext), |
245 | "ClientHello extension Session Ticket check"); | |
246 | ok(($testsh && $shellotickext) || (!$testsh && !$shellotickext), | |
247 | "ServerHello extension Session Ticket check"); | |
248 | ok(($testtickseen && $ticketseen) || (!$testtickseen && !$ticketseen), | |
249 | "Session Ticket message presence check"); | |
250 | ok(($testhand && $fullhand) || (!$testhand && !$fullhand), | |
251 | "Session Ticket full handshake check"); | |
ddcc5e5b | 252 | } |
ddcc5e5b MC |
253 | } |
254 | ||
255 | sub clearall() | |
256 | { | |
257 | $chellotickext = 0; | |
258 | $shellotickext = 0; | |
259 | $fullhand = 0; | |
260 | $ticketseen = 0; | |
261 | $proxy->clear(); | |
262 | } |