]>
Commit | Line | Data |
---|---|---|
f9b1b664 | 1 | # -*- mode: perl; -*- |
33388b44 | 2 | # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. |
f9b1b664 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
f9b1b664 MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | ## Test Renegotiation | |
11 | ||
12 | use strict; | |
13 | use warnings; | |
14 | ||
15 | package ssltests; | |
4d118fe0 | 16 | use OpenSSL::Test::Utils; |
f9b1b664 | 17 | |
4ef8a6b2 MC |
18 | our @tests = (); |
19 | ||
20 | foreach my $sctp ("No", "Yes") | |
21 | { | |
ce466c96 | 22 | next if disabled("sctp") && $sctp eq "Yes"; |
4ef8a6b2 MC |
23 | |
24 | my $suffix = ($sctp eq "No") ? "" : "-sctp"; | |
25 | our @tests_basic = ( | |
26 | { | |
27 | name => "renegotiate-client-no-resume".$suffix, | |
28 | server => { | |
29 | "Options" => "NoResumptionOnRenegotiation" | |
30 | }, | |
31 | client => {}, | |
32 | test => { | |
33 | "Method" => "DTLS", | |
34 | "UseSCTP" => $sctp, | |
35 | "HandshakeMode" => "RenegotiateClient", | |
36 | "ResumptionExpected" => "No", | |
37 | "ExpectedResult" => "Success" | |
38 | } | |
cc22cd54 | 39 | }, |
4ef8a6b2 MC |
40 | { |
41 | name => "renegotiate-client-resume".$suffix, | |
42 | server => {}, | |
43 | client => {}, | |
44 | test => { | |
45 | "Method" => "DTLS", | |
46 | "UseSCTP" => $sctp, | |
47 | "HandshakeMode" => "RenegotiateClient", | |
48 | "ResumptionExpected" => "Yes", | |
49 | "ExpectedResult" => "Success" | |
cc22cd54 MC |
50 | } |
51 | }, | |
4ef8a6b2 MC |
52 | # Note: Unlike the TLS tests, we will never do resumption with server |
53 | # initiated reneg. This is because an OpenSSL DTLS client will always do a full | |
54 | # handshake (i.e. it doesn't supply a session id) when it receives a | |
55 | # HelloRequest. This is different to the OpenSSL TLS implementation where an | |
56 | # OpenSSL client will always try an abbreviated handshake (i.e. it will supply | |
57 | # the session id). This goes all the way to commit 48ae85b6f when abbreviated | |
58 | # handshake support was first added. Neither behaviour is wrong, but the | |
59 | # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, | |
60 | # and if so, what to? | |
61 | { | |
62 | name => "renegotiate-server-resume".$suffix, | |
63 | server => {}, | |
64 | client => {}, | |
65 | test => { | |
66 | "Method" => "DTLS", | |
67 | "UseSCTP" => $sctp, | |
68 | "HandshakeMode" => "RenegotiateServer", | |
69 | "ResumptionExpected" => "No", | |
70 | "ExpectedResult" => "Success" | |
71 | } | |
cc22cd54 | 72 | }, |
4ef8a6b2 MC |
73 | { |
74 | name => "renegotiate-client-auth-require".$suffix, | |
75 | server => { | |
76 | "VerifyCAFile" => test_pem("root-cert.pem"), | |
77 | "VerifyMode" => "Require", | |
78 | }, | |
79 | client => { | |
80 | "Certificate" => test_pem("ee-client-chain.pem"), | |
81 | "PrivateKey" => test_pem("ee-key.pem"), | |
82 | }, | |
83 | test => { | |
84 | "Method" => "DTLS", | |
85 | "UseSCTP" => $sctp, | |
86 | "HandshakeMode" => "RenegotiateServer", | |
87 | "ResumptionExpected" => "No", | |
88 | "ExpectedResult" => "Success" | |
cc22cd54 MC |
89 | } |
90 | }, | |
4ef8a6b2 MC |
91 | { |
92 | name => "renegotiate-client-auth-once".$suffix, | |
93 | server => { | |
94 | "VerifyCAFile" => test_pem("root-cert.pem"), | |
95 | "VerifyMode" => "Once", | |
96 | }, | |
97 | client => { | |
98 | "Certificate" => test_pem("ee-client-chain.pem"), | |
99 | "PrivateKey" => test_pem("ee-key.pem"), | |
100 | }, | |
101 | test => { | |
102 | "Method" => "DTLS", | |
103 | "UseSCTP" => $sctp, | |
104 | "HandshakeMode" => "RenegotiateServer", | |
105 | "ResumptionExpected" => "No", | |
106 | "ExpectedResult" => "Success" | |
107 | } | |
cc22cd54 | 108 | } |
4ef8a6b2 MC |
109 | ); |
110 | push @tests, @tests_basic; | |
111 | ||
112 | next if disabled("dtls1_2"); | |
113 | our @tests_dtls1_2 = ( | |
114 | { | |
115 | name => "renegotiate-aead-to-non-aead".$suffix, | |
116 | server => { | |
117 | "Options" => "NoResumptionOnRenegotiation" | |
118 | }, | |
119 | client => { | |
120 | "CipherString" => "AES128-GCM-SHA256", | |
121 | extra => { | |
122 | "RenegotiateCiphers" => "AES128-SHA" | |
123 | } | |
124 | }, | |
125 | test => { | |
126 | "Method" => "DTLS", | |
127 | "UseSCTP" => $sctp, | |
128 | "HandshakeMode" => "RenegotiateClient", | |
129 | "ResumptionExpected" => "No", | |
130 | "ExpectedResult" => "Success" | |
131 | } | |
cc22cd54 | 132 | }, |
4ef8a6b2 MC |
133 | { |
134 | name => "renegotiate-non-aead-to-aead".$suffix, | |
135 | server => { | |
136 | "Options" => "NoResumptionOnRenegotiation" | |
137 | }, | |
138 | client => { | |
139 | "CipherString" => "AES128-SHA", | |
140 | extra => { | |
141 | "RenegotiateCiphers" => "AES128-GCM-SHA256" | |
142 | } | |
143 | }, | |
144 | test => { | |
145 | "Method" => "DTLS", | |
146 | "UseSCTP" => $sctp, | |
147 | "HandshakeMode" => "RenegotiateClient", | |
148 | "ResumptionExpected" => "No", | |
149 | "ExpectedResult" => "Success" | |
cc22cd54 MC |
150 | } |
151 | }, | |
4ef8a6b2 MC |
152 | { |
153 | name => "renegotiate-non-aead-to-non-aead".$suffix, | |
154 | server => { | |
155 | "Options" => "NoResumptionOnRenegotiation" | |
156 | }, | |
157 | client => { | |
158 | "CipherString" => "AES128-SHA", | |
159 | extra => { | |
160 | "RenegotiateCiphers" => "AES256-SHA" | |
161 | } | |
162 | }, | |
163 | test => { | |
164 | "Method" => "DTLS", | |
165 | "UseSCTP" => $sctp, | |
166 | "HandshakeMode" => "RenegotiateClient", | |
167 | "ResumptionExpected" => "No", | |
168 | "ExpectedResult" => "Success" | |
169 | } | |
cc22cd54 | 170 | }, |
4ef8a6b2 MC |
171 | { |
172 | name => "renegotiate-aead-to-aead".$suffix, | |
173 | server => { | |
174 | "Options" => "NoResumptionOnRenegotiation" | |
175 | }, | |
176 | client => { | |
177 | "CipherString" => "AES128-GCM-SHA256", | |
178 | extra => { | |
179 | "RenegotiateCiphers" => "AES256-GCM-SHA384" | |
180 | } | |
181 | }, | |
182 | test => { | |
183 | "Method" => "DTLS", | |
184 | "UseSCTP" => $sctp, | |
185 | "HandshakeMode" => "RenegotiateClient", | |
186 | "ResumptionExpected" => "No", | |
187 | "ExpectedResult" => "Success" | |
cc22cd54 MC |
188 | } |
189 | }, | |
4ef8a6b2 MC |
190 | ); |
191 | push @tests, @tests_dtls1_2; | |
192 | } |