]>
Commit | Line | Data |
---|---|---|
ee700226 | 1 | #! /usr/bin/env perl |
6738bf14 | 2 | # Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. |
ee700226 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
ee700226 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; | |
11 | use OpenSSL::Test::Utils; | |
12 | use TLSProxy::Proxy; | |
13 | ||
14 | my $test_name = "test_tls13cookie"; | |
15 | setup($test_name); | |
16 | ||
17 | plan skip_all => "TLSProxy isn't usable on $^O" | |
c5856878 | 18 | if $^O =~ /^(VMS)$/; |
ee700226 MC |
19 | |
20 | plan skip_all => "$test_name needs the dynamic engine feature enabled" | |
21 | if disabled("engine") || disabled("dynamic-engine"); | |
22 | ||
23 | plan skip_all => "$test_name needs the sock feature enabled" | |
24 | if disabled("sock"); | |
25 | ||
26 | plan skip_all => "$test_name needs TLS1.3 enabled" | |
27 | if disabled("tls1_3"); | |
28 | ||
29 | $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; | |
30 | ||
c96ec6f8 MC |
31 | use constant { |
32 | COOKIE_ONLY => 0, | |
33 | COOKIE_AND_KEY_SHARE => 1 | |
34 | }; | |
35 | ||
ee700226 MC |
36 | my $proxy = TLSProxy::Proxy->new( |
37 | undef, | |
38 | cmdstr(app(["openssl"]), display => 1), | |
39 | srctop_file("apps", "server.pem"), | |
40 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
41 | ); | |
42 | ||
43 | my $cookieseen = 0; | |
c96ec6f8 | 44 | my $testtype; |
ee700226 MC |
45 | |
46 | #Test 1: Inserting a cookie into an HRR should see it echoed in the ClientHello | |
c96ec6f8 | 47 | $testtype = COOKIE_ONLY; |
ee700226 | 48 | $proxy->filter(\&cookie_filter); |
dbc6268f | 49 | $proxy->serverflags("-curves X25519") if !disabled("ec"); |
ee700226 | 50 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
c96ec6f8 | 51 | plan tests => 2; |
dbc6268f MC |
52 | SKIP: { |
53 | skip "EC disabled", 1, if disabled("ec"); | |
54 | ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); | |
55 | } | |
56 | ||
57 | ||
c96ec6f8 MC |
58 | |
59 | #Test 2: Same as test 1 but should also work where a new key_share is also | |
60 | # required | |
61 | $testtype = COOKIE_AND_KEY_SHARE; | |
62 | $proxy->clear(); | |
dbc6268f MC |
63 | if (disabled("ec")) { |
64 | $proxy->clientflags("-curves ffdhe3072:ffdhe2048"); | |
65 | $proxy->serverflags("-curves ffdhe2048"); | |
66 | } else { | |
67 | $proxy->clientflags("-curves P-256:X25519"); | |
68 | $proxy->serverflags("-curves X25519"); | |
69 | } | |
c96ec6f8 | 70 | $proxy->start(); |
ee700226 MC |
71 | ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); |
72 | ||
73 | sub cookie_filter | |
74 | { | |
75 | my $proxy = shift; | |
76 | ||
c96ec6f8 MC |
77 | # We're only interested in the HRR and both ClientHellos |
78 | return if ($proxy->flight > 2); | |
ee700226 MC |
79 | |
80 | my $ext = pack "C8", | |
81 | 0x00, 0x06, #Cookie Length | |
82 | 0x00, 0x01, #Dummy cookie data (6 bytes) | |
83 | 0x02, 0x03, | |
84 | 0x04, 0x05; | |
85 | ||
86 | foreach my $message (@{$proxy->message_list}) { | |
597c51bc | 87 | if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO |
c96ec6f8 MC |
88 | && ${$message->records}[0]->flight == 1) { |
89 | $message->delete_extension(TLSProxy::Message::EXT_KEY_SHARE) | |
90 | if ($testtype == COOKIE_ONLY); | |
ee700226 MC |
91 | $message->set_extension(TLSProxy::Message::EXT_COOKIE, $ext); |
92 | $message->repack(); | |
c96ec6f8 MC |
93 | } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { |
94 | if (${$message->records}[0]->flight == 0) { | |
95 | if ($testtype == COOKIE_ONLY) { | |
96 | my $ext = pack "C7", | |
97 | 0x00, 0x05, #List Length | |
98 | 0x00, 0x17, #P-256 | |
99 | 0x00, 0x01, #key_exchange data length | |
100 | 0xff; #Dummy key_share data | |
101 | # Trick the server into thinking we got an unacceptable | |
102 | # key_share | |
103 | $message->set_extension( | |
104 | TLSProxy::Message::EXT_KEY_SHARE, $ext); | |
105 | $message->repack(); | |
106 | } | |
107 | } else { | |
108 | #cmp can behave differently dependent on locale | |
109 | no locale; | |
110 | my $cookie = | |
111 | $message->extension_data->{TLSProxy::Message::EXT_COOKIE}; | |
112 | ||
113 | return if !defined($cookie); | |
114 | ||
115 | return if ($cookie cmp $ext) != 0; | |
116 | ||
117 | $cookieseen = 1; | |
118 | } | |
ee700226 MC |
119 | } |
120 | } | |
121 | } |