[thirdparty/openssl.git] / test / recipes / 70-test_tls13kexmodes.t

#! /usr/bin/env perl
# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
use OpenSSL::Test::Utils;
use File::Temp qw(tempfile);
use TLSProxy::Proxy;
use checkhandshake qw(checkhandshake @handmessages @extensions);

my $test_name = "test_tls13kexmodes";
setup($test_name);

plan skip_all => "TLSProxy isn't usable on $^O"
    if $^O =~ /^(VMS)$/;

plan skip_all => "$test_name needs the dynamic engine feature enabled"
    if disabled("engine") || disabled("dynamic-engine");

plan skip_all => "$test_name needs the sock feature enabled"
    if disabled("sock");

plan skip_all => "$test_name needs TLSv1.3 enabled"
    if disabled("tls1_3");

plan skip_all => "$test_name needs EC enabled"
    if disabled("ec");

$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");


@handmessages = (
    [TLSProxy::Message::MT_CLIENT_HELLO,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_SERVER_HELLO,
        checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE],
    [TLSProxy::Message::MT_CLIENT_HELLO,
        checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE],
    [TLSProxy::Message::MT_SERVER_HELLO,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_CERTIFICATE_REQUEST,
        checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE,
        checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)],
    [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
        checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)],
    [TLSProxy::Message::MT_FINISHED,
        checkhandshake::ALL_HANDSHAKES],
    [TLSProxy::Message::MT_CERTIFICATE,
        checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
        checkhandshake::CLIENT_AUTH_HANDSHAKE],
    [TLSProxy::Message::MT_FINISHED,
        checkhandshake::ALL_HANDSHAKES],
    [0, 0]
);

@extensions = (
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
        TLSProxy::Message::CLIENT,
        checkhandshake::SERVER_NAME_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
        TLSProxy::Message::CLIENT,
        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
        TLSProxy::Message::CLIENT,
        checkhandshake::ALPN_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
        TLSProxy::Message::CLIENT,
        checkhandshake::SCT_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
        TLSProxy::Message::CLIENT,
        checkhandshake::PSK_KEX_MODES_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
        TLSProxy::Message::CLIENT,
        checkhandshake::PSK_CLI_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
        TLSProxy::Message::SERVER,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
        TLSProxy::Message::SERVER,
        checkhandshake::KEY_SHARE_HRR_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
        TLSProxy::Message::CLIENT,
        checkhandshake::SERVER_NAME_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
        TLSProxy::Message::CLIENT,
        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
        TLSProxy::Message::CLIENT,
        checkhandshake::ALPN_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
        TLSProxy::Message::CLIENT,
        checkhandshake::SCT_CLI_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
        TLSProxy::Message::CLIENT,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
        TLSProxy::Message::CLIENT,
        checkhandshake::PSK_KEX_MODES_EXTENSION],
    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
        TLSProxy::Message::CLIENT,
        checkhandshake::PSK_CLI_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
        TLSProxy::Message::SERVER,
        checkhandshake::DEFAULT_EXTENSIONS],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
        TLSProxy::Message::SERVER,
        checkhandshake::KEY_SHARE_SRV_EXTENSION],
    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
        TLSProxy::Message::SERVER,
        checkhandshake::PSK_SRV_EXTENSION],

    [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
        TLSProxy::Message::SERVER,
        checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
    [0,0,0,0]
);

use constant {
    DELETE_EXTENSION => 0,
    EMPTY_EXTENSION => 1,
    NON_DHE_KEX_MODE_ONLY => 2,
    DHE_KEX_MODE_ONLY => 3,
    UNKNOWN_KEX_MODES => 4,
    BOTH_KEX_MODES => 5
};

my $proxy = TLSProxy::Proxy->new(
    undef,
    cmdstr(app(["openssl"]), display => 1),
    srctop_file("apps", "server.pem"),
    (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
);

#Test 1: First get a session
(undef, my $session) = tempfile();
$proxy->clientflags("-sess_out ".$session);
$proxy->serverflags("-servername localhost");
$proxy->sessionfile($session);
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 11;
ok(TLSProxy::Message->success(), "Initial connection");

#Test 2: Attempt a resume with no kex modes extension. Should not resume
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
my $testtype = DELETE_EXTENSION;
$proxy->filter(\&modify_kex_modes_filter);
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::KEY_SHARE_SRV_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION,
               "Resume with no kex modes");

#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty
#        extension is invalid)
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$testtype = EMPTY_EXTENSION;
$proxy->start();
ok(TLSProxy::Message->fail(), "Resume with empty kex modes");

#Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a
#        key_share
$proxy->clear();
$proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session);
$proxy->serverflags("-allow_no_dhe_kex");
$testtype = NON_DHE_KEX_MODE_ONLY;
$proxy->start();
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::PSK_KEX_MODES_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION
               | checkhandshake::PSK_SRV_EXTENSION,
               "Resume with non-dhe kex mode");

#Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$testtype = DHE_KEX_MODE_ONLY;
$proxy->start();
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::PSK_KEX_MODES_EXTENSION
               | checkhandshake::KEY_SHARE_SRV_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION
               | checkhandshake::PSK_SRV_EXTENSION,
               "Resume with non-dhe kex mode");

#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$testtype = UNKNOWN_KEX_MODES;
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::PSK_KEX_MODES_EXTENSION
               | checkhandshake::KEY_SHARE_SRV_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION,
               "Resume with empty kex modes");

#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with
#        a key_share
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$testtype = BOTH_KEX_MODES;
$proxy->start();
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::PSK_KEX_MODES_EXTENSION
               | checkhandshake::KEY_SHARE_SRV_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION
               | checkhandshake::PSK_SRV_EXTENSION,
               "Resume with non-dhe kex mode");

#Test 8: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable
#        initial key_share. Should resume with a key_share following an HRR
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$proxy->serverflags("-curves P-256");
$testtype = BOTH_KEX_MODES;
$proxy->start();
checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::PSK_KEX_MODES_EXTENSION
               | checkhandshake::KEY_SHARE_SRV_EXTENSION
               | checkhandshake::KEY_SHARE_HRR_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION
               | checkhandshake::PSK_SRV_EXTENSION,
               "Resume with both kex modes and HRR");

#Test 9: Attempt a resume with dhe kex mode only and an unacceptable initial
#        key_share. Should resume with a key_share following an HRR
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$proxy->serverflags("-curves P-256");
$testtype = DHE_KEX_MODE_ONLY;
$proxy->start();
checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::PSK_KEX_MODES_EXTENSION
               | checkhandshake::KEY_SHARE_SRV_EXTENSION
               | checkhandshake::KEY_SHARE_HRR_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION
               | checkhandshake::PSK_SRV_EXTENSION,
               "Resume with dhe kex mode and HRR");

#Test 10: Attempt a resume with both non-dhe and dhe kex mode, unacceptable
#         initial key_share and no overlapping groups. Should resume without a
#         key_share
$proxy->clear();
$proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session);
$proxy->serverflags("-allow_no_dhe_kex -curves P-256");
$testtype = BOTH_KEX_MODES;
$proxy->start();
checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
               checkhandshake::DEFAULT_EXTENSIONS
               | checkhandshake::PSK_KEX_MODES_EXTENSION
               | checkhandshake::PSK_CLI_EXTENSION
               | checkhandshake::PSK_SRV_EXTENSION,
               "Resume with both kex modes, no overlapping groups");

#Test 11: Attempt a resume with dhe kex mode only, unacceptable
#         initial key_share and no overlapping groups. Should fail
$proxy->clear();
$proxy->clientflags("-curves P-384 -sess_in ".$session);
$proxy->serverflags("-curves P-256");
$testtype = DHE_KEX_MODE_ONLY;
$proxy->start();
ok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups");

unlink $session;

sub modify_kex_modes_filter
{
    my $proxy = shift;

    # We're only interested in the initial ClientHello
    return if ($proxy->flight != 0);

    foreach my $message (@{$proxy->message_list}) {
        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
            my $ext;

            if ($testtype == EMPTY_EXTENSION) {
                $ext = pack "C",
                    0x00;       #List length
            } elsif ($testtype == NON_DHE_KEX_MODE_ONLY) {
                $ext = pack "C2",
                    0x01,       #List length
                    0x00;       #psk_ke
            } elsif ($testtype == DHE_KEX_MODE_ONLY) {
                $ext = pack "C2",
                    0x01,       #List length
                    0x01;       #psk_dhe_ke
            } elsif ($testtype == UNKNOWN_KEX_MODES) {
                $ext = pack "C3",
                    0x02,       #List length
                    0xfe,       #unknown
                    0xff;       #unknown
            } elsif ($testtype == BOTH_KEX_MODES) {
                #We deliberately list psk_ke first...should still use psk_dhe_ke
                $ext = pack "C3",
                    0x02,       #List length
                    0x00,       #psk_ke
                    0x01;       #psk_dhe_ke
            }

            if ($testtype == DELETE_EXTENSION) {
                $message->delete_extension(
                    TLSProxy::Message::EXT_PSK_KEX_MODES);
            } else {
                $message->set_extension(
                    TLSProxy::Message::EXT_PSK_KEX_MODES, $ext);
            }

            $message->repack();
        }
    }
}
Commit	Line	Data
3ae6b5f8	1	#! /usr/bin/env perl
6738bf14	2	# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
3ae6b5f8	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
3ae6b5f8 MC	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	use strict;
	10	use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
	11	use OpenSSL::Test::Utils;
	12	use File::Temp qw(tempfile);
	13	use TLSProxy::Proxy;
	14	use checkhandshake qw(checkhandshake @handmessages @extensions);
	15
	16	my $test_name = "test_tls13kexmodes";
	17	setup($test_name);
	18
	19	plan skip_all => "TLSProxy isn't usable on $^O"
c5856878	20	if $^O =~ /^(VMS)$/;
3ae6b5f8 MC	21
	22	plan skip_all => "$test_name needs the dynamic engine feature enabled"
	23	if disabled("engine") \|\| disabled("dynamic-engine");
	24
	25	plan skip_all => "$test_name needs the sock feature enabled"
	26	if disabled("sock");
	27
	28	plan skip_all => "$test_name needs TLSv1.3 enabled"
	29	if disabled("tls1_3");
	30
dbc6268f MC	31	plan skip_all => "$test_name needs EC enabled"
	32	if disabled("ec");
	33
3ae6b5f8	34	$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
433deaff	35	$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
3ae6b5f8 MC	36
	37
	38	@handmessages = (
	39	[TLSProxy::Message::MT_CLIENT_HELLO,
	40	checkhandshake::ALL_HANDSHAKES],
597c51bc	41	[TLSProxy::Message::MT_SERVER_HELLO,
d542790b MC	42	checkhandshake::HRR_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE],
	43	[TLSProxy::Message::MT_CLIENT_HELLO,
	44	checkhandshake::HRR_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE],
3ae6b5f8 MC	45	[TLSProxy::Message::MT_SERVER_HELLO,
	46	checkhandshake::ALL_HANDSHAKES],
	47	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
	48	checkhandshake::ALL_HANDSHAKES],
	49	[TLSProxy::Message::MT_CERTIFICATE_REQUEST,
	50	checkhandshake::CLIENT_AUTH_HANDSHAKE],
	51	[TLSProxy::Message::MT_CERTIFICATE,
d542790b	52	checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE)],
3ae6b5f8	53	[TLSProxy::Message::MT_CERTIFICATE_VERIFY,
d542790b	54	checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE)],
3ae6b5f8 MC	55	[TLSProxy::Message::MT_FINISHED,
	56	checkhandshake::ALL_HANDSHAKES],
	57	[TLSProxy::Message::MT_CERTIFICATE,
	58	checkhandshake::CLIENT_AUTH_HANDSHAKE],
	59	[TLSProxy::Message::MT_CERTIFICATE_VERIFY,
	60	checkhandshake::CLIENT_AUTH_HANDSHAKE],
	61	[TLSProxy::Message::MT_FINISHED,
	62	checkhandshake::ALL_HANDSHAKES],
	63	[0, 0]
	64	);
	65
	66	@extensions = (
	67	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
dc5bcb88	68	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	69	checkhandshake::SERVER_NAME_CLI_EXTENSION],
3ae6b5f8 MC	70	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
dc5bcb88	71	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	72	checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
3ae6b5f8 MC	73	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
dc5bcb88	74	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	75	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	76	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
dc5bcb88	77	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	78	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	79	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
dc5bcb88	80	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	81	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	82	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
dc5bcb88	83	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	84	checkhandshake::ALPN_CLI_EXTENSION],
3ae6b5f8 MC	85	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
dc5bcb88	86	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	87	checkhandshake::SCT_CLI_EXTENSION],
3ae6b5f8 MC	88	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
dc5bcb88	89	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	90	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	91	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
dc5bcb88	92	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	93	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	94	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
dc5bcb88	95	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	96	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	97	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88	98	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	99	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	100	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88	101	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	102	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8 MC	103	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
dc5bcb88	104	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	105	checkhandshake::PSK_KEX_MODES_EXTENSION],
3ae6b5f8 MC	106	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
dc5bcb88	107	TLSProxy::Message::CLIENT,
3ae6b5f8 MC	108	checkhandshake::PSK_CLI_EXTENSION],
3ae6b5f8 MC	109
426dfc9f	110	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88	111	TLSProxy::Message::SERVER,
426dfc9f	112	checkhandshake::DEFAULT_EXTENSIONS],
597c51bc	113	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88	114	TLSProxy::Message::SERVER,
d542790b MC	115	checkhandshake::KEY_SHARE_HRR_EXTENSION],
	116
	117	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
dc5bcb88	118	TLSProxy::Message::CLIENT,
d542790b MC	119	checkhandshake::SERVER_NAME_CLI_EXTENSION],
d542790b MC	120	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
dc5bcb88	121	TLSProxy::Message::CLIENT,
d542790b MC	122	checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
d542790b MC	123	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
dc5bcb88	124	TLSProxy::Message::CLIENT,
d542790b	125	checkhandshake::DEFAULT_EXTENSIONS],
a2b97bdf	126	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
dc5bcb88	127	TLSProxy::Message::CLIENT,
a2b97bdf	128	checkhandshake::DEFAULT_EXTENSIONS],
d542790b	129	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
dc5bcb88	130	TLSProxy::Message::CLIENT,
d542790b MC	131	checkhandshake::DEFAULT_EXTENSIONS],
d542790b MC	132	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
dc5bcb88	133	TLSProxy::Message::CLIENT,
d542790b MC	134	checkhandshake::ALPN_CLI_EXTENSION],
d542790b MC	135	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
dc5bcb88	136	TLSProxy::Message::CLIENT,
d542790b	137	checkhandshake::SCT_CLI_EXTENSION],
a2b97bdf	138	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
dc5bcb88	139	TLSProxy::Message::CLIENT,
a2b97bdf MC	140	checkhandshake::DEFAULT_EXTENSIONS],
a2b97bdf MC	141	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
dc5bcb88	142	TLSProxy::Message::CLIENT,
a2b97bdf MC	143	checkhandshake::DEFAULT_EXTENSIONS],
a2b97bdf MC	144	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
dc5bcb88	145	TLSProxy::Message::CLIENT,
a2b97bdf	146	checkhandshake::DEFAULT_EXTENSIONS],
d542790b	147	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88	148	TLSProxy::Message::CLIENT,
d542790b MC	149	checkhandshake::DEFAULT_EXTENSIONS],
d542790b MC	150	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88	151	TLSProxy::Message::CLIENT,
d542790b MC	152	checkhandshake::DEFAULT_EXTENSIONS],
d542790b MC	153	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
dc5bcb88	154	TLSProxy::Message::CLIENT,
d542790b MC	155	checkhandshake::PSK_KEX_MODES_EXTENSION],
d542790b MC	156	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
dc5bcb88	157	TLSProxy::Message::CLIENT,
d542790b MC	158	checkhandshake::PSK_CLI_EXTENSION],
d542790b MC	159
88050dd1	160	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
dc5bcb88	161	TLSProxy::Message::SERVER,
88050dd1	162	checkhandshake::DEFAULT_EXTENSIONS],
3ae6b5f8	163	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
dc5bcb88	164	TLSProxy::Message::SERVER,
3ae6b5f8 MC	165	checkhandshake::KEY_SHARE_SRV_EXTENSION],
3ae6b5f8 MC	166	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
dc5bcb88	167	TLSProxy::Message::SERVER,
3ae6b5f8 MC	168	checkhandshake::PSK_SRV_EXTENSION],
	169
	170	[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
dc5bcb88	171	TLSProxy::Message::SERVER,
3ae6b5f8	172	checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
dc5bcb88	173	[0,0,0,0]
3ae6b5f8 MC	174	);
	175
	176	use constant {
	177	DELETE_EXTENSION => 0,
	178	EMPTY_EXTENSION => 1,
	179	NON_DHE_KEX_MODE_ONLY => 2,
	180	DHE_KEX_MODE_ONLY => 3,
46f4e1be	181	UNKNOWN_KEX_MODES => 4,
3ae6b5f8 MC	182	BOTH_KEX_MODES => 5
	183	};
	184
	185	my $proxy = TLSProxy::Proxy->new(
	186	undef,
	187	cmdstr(app(["openssl"]), display => 1),
	188	srctop_file("apps", "server.pem"),
	189	(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})
	190	);
	191
	192	#Test 1: First get a session
	193	(undef, my $session) = tempfile();
	194	$proxy->clientflags("-sess_out ".$session);
db919b1e	195	$proxy->serverflags("-servername localhost");
3ae6b5f8 MC	196	$proxy->sessionfile($session);
3ae6b5f8 MC	197	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
d542790b	198	plan tests => 11;
3ae6b5f8 MC	199	ok(TLSProxy::Message->success(), "Initial connection");
	200
	201	#Test 2: Attempt a resume with no kex modes extension. Should not resume
	202	$proxy->clear();
	203	$proxy->clientflags("-sess_in ".$session);
	204	my $testtype = DELETE_EXTENSION;
	205	$proxy->filter(\&modify_kex_modes_filter);
	206	$proxy->start();
	207	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
	208	checkhandshake::DEFAULT_EXTENSIONS
	209	\| checkhandshake::KEY_SHARE_SRV_EXTENSION
	210	\| checkhandshake::PSK_CLI_EXTENSION,
	211	"Resume with no kex modes");
	212
	213	#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty
	214	# extension is invalid)
	215	$proxy->clear();
	216	$proxy->clientflags("-sess_in ".$session);
	217	$testtype = EMPTY_EXTENSION;
	218	$proxy->start();
	219	ok(TLSProxy::Message->fail(), "Resume with empty kex modes");
	220
	221	#Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a
	222	# key_share
	223	$proxy->clear();
e3c0d76b MC	224	$proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session);
e3c0d76b MC	225	$proxy->serverflags("-allow_no_dhe_kex");
3ae6b5f8 MC	226	$testtype = NON_DHE_KEX_MODE_ONLY;
	227	$proxy->start();
	228	checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
	229	checkhandshake::DEFAULT_EXTENSIONS
	230	\| checkhandshake::PSK_KEX_MODES_EXTENSION
	231	\| checkhandshake::PSK_CLI_EXTENSION
	232	\| checkhandshake::PSK_SRV_EXTENSION,
	233	"Resume with non-dhe kex mode");
	234
	235	#Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share
	236	$proxy->clear();
	237	$proxy->clientflags("-sess_in ".$session);
	238	$testtype = DHE_KEX_MODE_ONLY;
	239	$proxy->start();
	240	checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
	241	checkhandshake::DEFAULT_EXTENSIONS
	242	\| checkhandshake::PSK_KEX_MODES_EXTENSION
	243	\| checkhandshake::KEY_SHARE_SRV_EXTENSION
	244	\| checkhandshake::PSK_CLI_EXTENSION
	245	\| checkhandshake::PSK_SRV_EXTENSION,
	246	"Resume with non-dhe kex mode");
	247
	248	#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume
	249	$proxy->clear();
	250	$proxy->clientflags("-sess_in ".$session);
46f4e1be	251	$testtype = UNKNOWN_KEX_MODES;
3ae6b5f8 MC	252	$proxy->start();
	253	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
	254	checkhandshake::DEFAULT_EXTENSIONS
	255	\| checkhandshake::PSK_KEX_MODES_EXTENSION
	256	\| checkhandshake::KEY_SHARE_SRV_EXTENSION
	257	\| checkhandshake::PSK_CLI_EXTENSION,
	258	"Resume with empty kex modes");
	259
	260	#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with
	261	# a key_share
	262	$proxy->clear();
	263	$proxy->clientflags("-sess_in ".$session);
	264	$testtype = BOTH_KEX_MODES;
	265	$proxy->start();
	266	checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
	267	checkhandshake::DEFAULT_EXTENSIONS
	268	\| checkhandshake::PSK_KEX_MODES_EXTENSION
	269	\| checkhandshake::KEY_SHARE_SRV_EXTENSION
	270	\| checkhandshake::PSK_CLI_EXTENSION
	271	\| checkhandshake::PSK_SRV_EXTENSION,
	272	"Resume with non-dhe kex mode");
	273
d542790b MC	274	#Test 8: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable
	275	# initial key_share. Should resume with a key_share following an HRR
	276	$proxy->clear();
	277	$proxy->clientflags("-sess_in ".$session);
	278	$proxy->serverflags("-curves P-256");
	279	$testtype = BOTH_KEX_MODES;
	280	$proxy->start();
	281	checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
	282	checkhandshake::DEFAULT_EXTENSIONS
	283	\| checkhandshake::PSK_KEX_MODES_EXTENSION
	284	\| checkhandshake::KEY_SHARE_SRV_EXTENSION
	285	\| checkhandshake::KEY_SHARE_HRR_EXTENSION
	286	\| checkhandshake::PSK_CLI_EXTENSION
	287	\| checkhandshake::PSK_SRV_EXTENSION,
	288	"Resume with both kex modes and HRR");
	289
46f4e1be	290	#Test 9: Attempt a resume with dhe kex mode only and an unacceptable initial
d542790b MC	291	# key_share. Should resume with a key_share following an HRR
	292	$proxy->clear();
	293	$proxy->clientflags("-sess_in ".$session);
	294	$proxy->serverflags("-curves P-256");
	295	$testtype = DHE_KEX_MODE_ONLY;
	296	$proxy->start();
	297	checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
	298	checkhandshake::DEFAULT_EXTENSIONS
	299	\| checkhandshake::PSK_KEX_MODES_EXTENSION
	300	\| checkhandshake::KEY_SHARE_SRV_EXTENSION
	301	\| checkhandshake::KEY_SHARE_HRR_EXTENSION
	302	\| checkhandshake::PSK_CLI_EXTENSION
	303	\| checkhandshake::PSK_SRV_EXTENSION,
	304	"Resume with dhe kex mode and HRR");
	305
	306	#Test 10: Attempt a resume with both non-dhe and dhe kex mode, unacceptable
	307	# initial key_share and no overlapping groups. Should resume without a
	308	# key_share
	309	$proxy->clear();
e3c0d76b MC	310	$proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session);
e3c0d76b MC	311	$proxy->serverflags("-allow_no_dhe_kex -curves P-256");
d542790b MC	312	$testtype = BOTH_KEX_MODES;
	313	$proxy->start();
	314	checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
	315	checkhandshake::DEFAULT_EXTENSIONS
	316	\| checkhandshake::PSK_KEX_MODES_EXTENSION
	317	\| checkhandshake::PSK_CLI_EXTENSION
	318	\| checkhandshake::PSK_SRV_EXTENSION,
	319	"Resume with both kex modes, no overlapping groups");
	320
	321	#Test 11: Attempt a resume with dhe kex mode only, unacceptable
	322	# initial key_share and no overlapping groups. Should fail
	323	$proxy->clear();
	324	$proxy->clientflags("-curves P-384 -sess_in ".$session);
	325	$proxy->serverflags("-curves P-256");
	326	$testtype = DHE_KEX_MODE_ONLY;
	327	$proxy->start();
	328	ok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups");
	329
3ae6b5f8 MC	330	unlink $session;
	331
	332	sub modify_kex_modes_filter
	333	{
	334	my $proxy = shift;
	335
	336	# We're only interested in the initial ClientHello
	337	return if ($proxy->flight != 0);
	338
	339	foreach my $message (@{$proxy->message_list}) {
	340	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
	341	my $ext;
	342
	343	if ($testtype == EMPTY_EXTENSION) {
	344	$ext = pack "C",
	345	0x00; #List length
	346	} elsif ($testtype == NON_DHE_KEX_MODE_ONLY) {
	347	$ext = pack "C2",
	348	0x01, #List length
	349	0x00; #psk_ke
	350	} elsif ($testtype == DHE_KEX_MODE_ONLY) {
	351	$ext = pack "C2",
	352	0x01, #List length
	353	0x01; #psk_dhe_ke
46f4e1be	354	} elsif ($testtype == UNKNOWN_KEX_MODES) {
3ae6b5f8 MC	355	$ext = pack "C3",
	356	0x02, #List length
	357	0xfe, #unknown
	358	0xff; #unknown
	359	} elsif ($testtype == BOTH_KEX_MODES) {
	360	#We deliberately list psk_ke first...should still use psk_dhe_ke
	361	$ext = pack "C3",
	362	0x02, #List length
	363	0x00, #psk_ke
	364	0x01; #psk_dhe_ke
	365	}
	366
	367	if ($testtype == DELETE_EXTENSION) {
	368	$message->delete_extension(
	369	TLSProxy::Message::EXT_PSK_KEX_MODES);
	370	} else {
	371	$message->set_extension(
	372	TLSProxy::Message::EXT_PSK_KEX_MODES, $ext);
	373	}
	374
	375	$message->repack();
	376	}
	377	}
	378	}