]>
Commit | Line | Data |
---|---|---|
ee700226 | 1 | #! /usr/bin/env perl |
a28d06f3 | 2 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. |
ee700226 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
ee700226 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; | |
11 | use OpenSSL::Test::Utils; | |
12 | use TLSProxy::Proxy; | |
13 | ||
14 | my $test_name = "test_tls13cookie"; | |
15 | setup($test_name); | |
16 | ||
17 | plan skip_all => "TLSProxy isn't usable on $^O" | |
c5856878 | 18 | if $^O =~ /^(VMS)$/; |
ee700226 MC |
19 | |
20 | plan skip_all => "$test_name needs the dynamic engine feature enabled" | |
21 | if disabled("engine") || disabled("dynamic-engine"); | |
22 | ||
23 | plan skip_all => "$test_name needs the sock feature enabled" | |
24 | if disabled("sock"); | |
25 | ||
26 | plan skip_all => "$test_name needs TLS1.3 enabled" | |
a763ca11 | 27 | if disabled("tls1_3") || (disabled("ec") && disabled("dh")); |
ee700226 | 28 | |
c96ec6f8 MC |
29 | use constant { |
30 | COOKIE_ONLY => 0, | |
31 | COOKIE_AND_KEY_SHARE => 1 | |
32 | }; | |
33 | ||
ee700226 MC |
34 | my $proxy = TLSProxy::Proxy->new( |
35 | undef, | |
36 | cmdstr(app(["openssl"]), display => 1), | |
37 | srctop_file("apps", "server.pem"), | |
38 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
39 | ); | |
40 | ||
41 | my $cookieseen = 0; | |
c96ec6f8 | 42 | my $testtype; |
ee700226 MC |
43 | |
44 | #Test 1: Inserting a cookie into an HRR should see it echoed in the ClientHello | |
c96ec6f8 | 45 | $testtype = COOKIE_ONLY; |
ee700226 | 46 | $proxy->filter(\&cookie_filter); |
4032cd9a | 47 | $proxy->serverflags("-curves X25519") if !disabled("ecx"); |
ee700226 | 48 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
c96ec6f8 | 49 | plan tests => 2; |
dbc6268f | 50 | SKIP: { |
4032cd9a | 51 | skip "ECX disabled", 1, if (disabled("ecx")); |
dbc6268f MC |
52 | ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); |
53 | } | |
54 | ||
55 | ||
c96ec6f8 MC |
56 | |
57 | #Test 2: Same as test 1 but should also work where a new key_share is also | |
58 | # required | |
59 | $testtype = COOKIE_AND_KEY_SHARE; | |
60 | $proxy->clear(); | |
4032cd9a | 61 | if (disabled("ecx")) { |
dbc6268f MC |
62 | $proxy->clientflags("-curves ffdhe3072:ffdhe2048"); |
63 | $proxy->serverflags("-curves ffdhe2048"); | |
64 | } else { | |
65 | $proxy->clientflags("-curves P-256:X25519"); | |
66 | $proxy->serverflags("-curves X25519"); | |
67 | } | |
c96ec6f8 | 68 | $proxy->start(); |
ee700226 MC |
69 | ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen"); |
70 | ||
71 | sub cookie_filter | |
72 | { | |
73 | my $proxy = shift; | |
74 | ||
c96ec6f8 MC |
75 | # We're only interested in the HRR and both ClientHellos |
76 | return if ($proxy->flight > 2); | |
ee700226 MC |
77 | |
78 | my $ext = pack "C8", | |
79 | 0x00, 0x06, #Cookie Length | |
80 | 0x00, 0x01, #Dummy cookie data (6 bytes) | |
81 | 0x02, 0x03, | |
82 | 0x04, 0x05; | |
83 | ||
84 | foreach my $message (@{$proxy->message_list}) { | |
597c51bc | 85 | if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO |
c96ec6f8 MC |
86 | && ${$message->records}[0]->flight == 1) { |
87 | $message->delete_extension(TLSProxy::Message::EXT_KEY_SHARE) | |
88 | if ($testtype == COOKIE_ONLY); | |
ee700226 MC |
89 | $message->set_extension(TLSProxy::Message::EXT_COOKIE, $ext); |
90 | $message->repack(); | |
c96ec6f8 MC |
91 | } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { |
92 | if (${$message->records}[0]->flight == 0) { | |
93 | if ($testtype == COOKIE_ONLY) { | |
94 | my $ext = pack "C7", | |
95 | 0x00, 0x05, #List Length | |
96 | 0x00, 0x17, #P-256 | |
97 | 0x00, 0x01, #key_exchange data length | |
98 | 0xff; #Dummy key_share data | |
99 | # Trick the server into thinking we got an unacceptable | |
100 | # key_share | |
101 | $message->set_extension( | |
102 | TLSProxy::Message::EXT_KEY_SHARE, $ext); | |
103 | $message->repack(); | |
104 | } | |
105 | } else { | |
106 | #cmp can behave differently dependent on locale | |
107 | no locale; | |
108 | my $cookie = | |
109 | $message->extension_data->{TLSProxy::Message::EXT_COOKIE}; | |
110 | ||
111 | return if !defined($cookie); | |
112 | ||
113 | return if ($cookie cmp $ext) != 0; | |
114 | ||
115 | $cookieseen = 1; | |
116 | } | |
ee700226 MC |
117 | } |
118 | } | |
119 | } |