1*e0c4386eSCy Schubert#! /usr/bin/env perl 2*e0c4386eSCy Schubert# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubertuse strict; 10*e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11*e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 12*e0c4386eSCy Schubertuse File::Temp qw(tempfile); 13*e0c4386eSCy Schubertuse TLSProxy::Proxy; 14*e0c4386eSCy Schubertuse checkhandshake qw(checkhandshake @handmessages @extensions); 15*e0c4386eSCy Schubert 16*e0c4386eSCy Schubertmy $test_name = "test_tls13kexmodes"; 17*e0c4386eSCy Schubertsetup($test_name); 18*e0c4386eSCy Schubert 19*e0c4386eSCy Schubertplan skip_all => "TLSProxy isn't usable on $^O" 20*e0c4386eSCy Schubert if $^O =~ /^(VMS)$/; 21*e0c4386eSCy Schubert 22*e0c4386eSCy Schubertplan skip_all => "$test_name needs the dynamic engine feature enabled" 23*e0c4386eSCy Schubert if disabled("engine") || disabled("dynamic-engine"); 24*e0c4386eSCy Schubert 25*e0c4386eSCy Schubertplan skip_all => "$test_name needs the sock feature enabled" 26*e0c4386eSCy Schubert if disabled("sock"); 27*e0c4386eSCy Schubert 28*e0c4386eSCy Schubertplan skip_all => "$test_name needs TLSv1.3 enabled" 29*e0c4386eSCy Schubert if disabled("tls1_3") || (disabled("ec") && disabled("dh")); 30*e0c4386eSCy Schubert 31*e0c4386eSCy Schubertplan skip_all => "$test_name needs EC enabled" 32*e0c4386eSCy Schubert if disabled("ec"); 33*e0c4386eSCy Schubert 34*e0c4386eSCy Schubert$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 35*e0c4386eSCy Schubert 36*e0c4386eSCy Schubert 37*e0c4386eSCy Schubert@handmessages = ( 38*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, 39*e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 40*e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, 41*e0c4386eSCy Schubert checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 42*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, 43*e0c4386eSCy Schubert checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 44*e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, 45*e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 46*e0c4386eSCy Schubert [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, 47*e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 48*e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 49*e0c4386eSCy Schubert checkhandshake::CLIENT_AUTH_HANDSHAKE], 50*e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE, 51*e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 52*e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 53*e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 54*e0c4386eSCy Schubert [TLSProxy::Message::MT_FINISHED, 55*e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 56*e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE, 57*e0c4386eSCy Schubert checkhandshake::CLIENT_AUTH_HANDSHAKE], 58*e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 59*e0c4386eSCy Schubert checkhandshake::CLIENT_AUTH_HANDSHAKE], 60*e0c4386eSCy Schubert [TLSProxy::Message::MT_FINISHED, 61*e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 62*e0c4386eSCy Schubert [0, 0] 63*e0c4386eSCy Schubert); 64*e0c4386eSCy Schubert 65*e0c4386eSCy Schubert@extensions = ( 66*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 67*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 68*e0c4386eSCy Schubert checkhandshake::SERVER_NAME_CLI_EXTENSION], 69*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 70*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 71*e0c4386eSCy Schubert checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 72*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 73*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 74*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 75*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 76*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 77*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 78*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 79*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 80*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 81*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 82*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 83*e0c4386eSCy Schubert checkhandshake::ALPN_CLI_EXTENSION], 84*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 85*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 86*e0c4386eSCy Schubert checkhandshake::SCT_CLI_EXTENSION], 87*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 88*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 89*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 90*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 91*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 92*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 93*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 94*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 95*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 96*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 97*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 98*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 99*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 100*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 101*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 102*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 103*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 104*e0c4386eSCy Schubert checkhandshake::PSK_KEX_MODES_EXTENSION], 105*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 106*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 107*e0c4386eSCy Schubert checkhandshake::PSK_CLI_EXTENSION], 108*e0c4386eSCy Schubert 109*e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 110*e0c4386eSCy Schubert TLSProxy::Message::SERVER, 111*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 112*e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 113*e0c4386eSCy Schubert TLSProxy::Message::SERVER, 114*e0c4386eSCy Schubert checkhandshake::KEY_SHARE_HRR_EXTENSION], 115*e0c4386eSCy Schubert 116*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 117*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 118*e0c4386eSCy Schubert checkhandshake::SERVER_NAME_CLI_EXTENSION], 119*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 120*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 121*e0c4386eSCy Schubert checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 122*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 123*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 124*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 125*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 126*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 127*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 128*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 129*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 130*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 131*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 132*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 133*e0c4386eSCy Schubert checkhandshake::ALPN_CLI_EXTENSION], 134*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 135*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 136*e0c4386eSCy Schubert checkhandshake::SCT_CLI_EXTENSION], 137*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 138*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 139*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 140*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 141*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 142*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 143*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 144*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 145*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 146*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 147*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 148*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 149*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 150*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 151*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 152*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 153*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 154*e0c4386eSCy Schubert checkhandshake::PSK_KEX_MODES_EXTENSION], 155*e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 156*e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 157*e0c4386eSCy Schubert checkhandshake::PSK_CLI_EXTENSION], 158*e0c4386eSCy Schubert 159*e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 160*e0c4386eSCy Schubert TLSProxy::Message::SERVER, 161*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 162*e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 163*e0c4386eSCy Schubert TLSProxy::Message::SERVER, 164*e0c4386eSCy Schubert checkhandshake::KEY_SHARE_SRV_EXTENSION], 165*e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, 166*e0c4386eSCy Schubert TLSProxy::Message::SERVER, 167*e0c4386eSCy Schubert checkhandshake::PSK_SRV_EXTENSION], 168*e0c4386eSCy Schubert 169*e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, 170*e0c4386eSCy Schubert TLSProxy::Message::SERVER, 171*e0c4386eSCy Schubert checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 172*e0c4386eSCy Schubert [0,0,0,0] 173*e0c4386eSCy Schubert); 174*e0c4386eSCy Schubert 175*e0c4386eSCy Schubertuse constant { 176*e0c4386eSCy Schubert DELETE_EXTENSION => 0, 177*e0c4386eSCy Schubert EMPTY_EXTENSION => 1, 178*e0c4386eSCy Schubert NON_DHE_KEX_MODE_ONLY => 2, 179*e0c4386eSCy Schubert DHE_KEX_MODE_ONLY => 3, 180*e0c4386eSCy Schubert UNKNOWN_KEX_MODES => 4, 181*e0c4386eSCy Schubert BOTH_KEX_MODES => 5 182*e0c4386eSCy Schubert}; 183*e0c4386eSCy Schubert 184*e0c4386eSCy Schubertmy $proxy = TLSProxy::Proxy->new( 185*e0c4386eSCy Schubert undef, 186*e0c4386eSCy Schubert cmdstr(app(["openssl"]), display => 1), 187*e0c4386eSCy Schubert srctop_file("apps", "server.pem"), 188*e0c4386eSCy Schubert (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 189*e0c4386eSCy Schubert); 190*e0c4386eSCy Schubert 191*e0c4386eSCy Schubert#Test 1: First get a session 192*e0c4386eSCy Schubert(undef, my $session) = tempfile(); 193*e0c4386eSCy Schubert$proxy->clientflags("-sess_out ".$session); 194*e0c4386eSCy Schubert$proxy->serverflags("-servername localhost"); 195*e0c4386eSCy Schubert$proxy->sessionfile($session); 196*e0c4386eSCy Schubert$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 197*e0c4386eSCy Schubertplan tests => 11; 198*e0c4386eSCy Schubertok(TLSProxy::Message->success(), "Initial connection"); 199*e0c4386eSCy Schubert 200*e0c4386eSCy Schubert#Test 2: Attempt a resume with no kex modes extension. Should fail (server 201*e0c4386eSCy Schubert# MUST abort handshake with pre_shared key and no psk_kex_modes) 202*e0c4386eSCy Schubert$proxy->clear(); 203*e0c4386eSCy Schubert$proxy->clientflags("-sess_in ".$session); 204*e0c4386eSCy Schubertmy $testtype = DELETE_EXTENSION; 205*e0c4386eSCy Schubert$proxy->filter(\&modify_kex_modes_filter); 206*e0c4386eSCy Schubert$proxy->start(); 207*e0c4386eSCy Schubertok(TLSProxy::Message->fail(), "Resume with no kex modes"); 208*e0c4386eSCy Schubert 209*e0c4386eSCy Schubert#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty 210*e0c4386eSCy Schubert# extension is invalid) 211*e0c4386eSCy Schubert$proxy->clear(); 212*e0c4386eSCy Schubert$proxy->clientflags("-sess_in ".$session); 213*e0c4386eSCy Schubert$testtype = EMPTY_EXTENSION; 214*e0c4386eSCy Schubert$proxy->start(); 215*e0c4386eSCy Schubertok(TLSProxy::Message->fail(), "Resume with empty kex modes"); 216*e0c4386eSCy Schubert 217*e0c4386eSCy Schubert#Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a 218*e0c4386eSCy Schubert# key_share 219*e0c4386eSCy Schubert$proxy->clear(); 220*e0c4386eSCy Schubert$proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session); 221*e0c4386eSCy Schubert$proxy->serverflags("-allow_no_dhe_kex"); 222*e0c4386eSCy Schubert$testtype = NON_DHE_KEX_MODE_ONLY; 223*e0c4386eSCy Schubert$proxy->start(); 224*e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 225*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 226*e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 227*e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 228*e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 229*e0c4386eSCy Schubert "Resume with non-dhe kex mode"); 230*e0c4386eSCy Schubert 231*e0c4386eSCy Schubert#Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share 232*e0c4386eSCy Schubert$proxy->clear(); 233*e0c4386eSCy Schubert$proxy->clientflags("-sess_in ".$session); 234*e0c4386eSCy Schubert$testtype = DHE_KEX_MODE_ONLY; 235*e0c4386eSCy Schubert$proxy->start(); 236*e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 237*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 238*e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 239*e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 240*e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 241*e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 242*e0c4386eSCy Schubert "Resume with non-dhe kex mode"); 243*e0c4386eSCy Schubert 244*e0c4386eSCy Schubert#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume 245*e0c4386eSCy Schubert# but rather fall back to full handshake 246*e0c4386eSCy Schubert$proxy->clear(); 247*e0c4386eSCy Schubert$proxy->clientflags("-sess_in ".$session); 248*e0c4386eSCy Schubert$testtype = UNKNOWN_KEX_MODES; 249*e0c4386eSCy Schubert$proxy->start(); 250*e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 251*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 252*e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 253*e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 254*e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION, 255*e0c4386eSCy Schubert "Resume with unrecognized kex mode"); 256*e0c4386eSCy Schubert 257*e0c4386eSCy Schubert#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with 258*e0c4386eSCy Schubert# a key_share 259*e0c4386eSCy Schubert$proxy->clear(); 260*e0c4386eSCy Schubert$proxy->clientflags("-sess_in ".$session); 261*e0c4386eSCy Schubert$testtype = BOTH_KEX_MODES; 262*e0c4386eSCy Schubert$proxy->start(); 263*e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 264*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 265*e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 266*e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 267*e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 268*e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 269*e0c4386eSCy Schubert "Resume with non-dhe kex mode"); 270*e0c4386eSCy Schubert 271*e0c4386eSCy Schubert#Test 8: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable 272*e0c4386eSCy Schubert# initial key_share. Should resume with a key_share following an HRR 273*e0c4386eSCy Schubert$proxy->clear(); 274*e0c4386eSCy Schubert$proxy->clientflags("-sess_in ".$session); 275*e0c4386eSCy Schubert$proxy->serverflags("-curves P-256"); 276*e0c4386eSCy Schubert$testtype = BOTH_KEX_MODES; 277*e0c4386eSCy Schubert$proxy->start(); 278*e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 279*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 280*e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 281*e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 282*e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_HRR_EXTENSION 283*e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 284*e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 285*e0c4386eSCy Schubert "Resume with both kex modes and HRR"); 286*e0c4386eSCy Schubert 287*e0c4386eSCy Schubert#Test 9: Attempt a resume with dhe kex mode only and an unacceptable initial 288*e0c4386eSCy Schubert# key_share. Should resume with a key_share following an HRR 289*e0c4386eSCy Schubert$proxy->clear(); 290*e0c4386eSCy Schubert$proxy->clientflags("-sess_in ".$session); 291*e0c4386eSCy Schubert$proxy->serverflags("-curves P-256"); 292*e0c4386eSCy Schubert$testtype = DHE_KEX_MODE_ONLY; 293*e0c4386eSCy Schubert$proxy->start(); 294*e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 295*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 296*e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 297*e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 298*e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_HRR_EXTENSION 299*e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 300*e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 301*e0c4386eSCy Schubert "Resume with dhe kex mode and HRR"); 302*e0c4386eSCy Schubert 303*e0c4386eSCy Schubert#Test 10: Attempt a resume with both non-dhe and dhe kex mode, unacceptable 304*e0c4386eSCy Schubert# initial key_share and no overlapping groups. Should resume without a 305*e0c4386eSCy Schubert# key_share 306*e0c4386eSCy Schubert$proxy->clear(); 307*e0c4386eSCy Schubert$proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session); 308*e0c4386eSCy Schubert$proxy->serverflags("-allow_no_dhe_kex -curves P-256"); 309*e0c4386eSCy Schubert$testtype = BOTH_KEX_MODES; 310*e0c4386eSCy Schubert$proxy->start(); 311*e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 312*e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 313*e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 314*e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 315*e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 316*e0c4386eSCy Schubert "Resume with both kex modes, no overlapping groups"); 317*e0c4386eSCy Schubert 318*e0c4386eSCy Schubert#Test 11: Attempt a resume with dhe kex mode only, unacceptable 319*e0c4386eSCy Schubert# initial key_share and no overlapping groups. Should fail 320*e0c4386eSCy Schubert$proxy->clear(); 321*e0c4386eSCy Schubert$proxy->clientflags("-curves P-384 -sess_in ".$session); 322*e0c4386eSCy Schubert$proxy->serverflags("-curves P-256"); 323*e0c4386eSCy Schubert$testtype = DHE_KEX_MODE_ONLY; 324*e0c4386eSCy Schubert$proxy->start(); 325*e0c4386eSCy Schubertok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups"); 326*e0c4386eSCy Schubert 327*e0c4386eSCy Schubertunlink $session; 328*e0c4386eSCy Schubert 329*e0c4386eSCy Schubertsub modify_kex_modes_filter 330*e0c4386eSCy Schubert{ 331*e0c4386eSCy Schubert my $proxy = shift; 332*e0c4386eSCy Schubert 333*e0c4386eSCy Schubert # We're only interested in the initial ClientHello 334*e0c4386eSCy Schubert return if ($proxy->flight != 0); 335*e0c4386eSCy Schubert 336*e0c4386eSCy Schubert foreach my $message (@{$proxy->message_list}) { 337*e0c4386eSCy Schubert if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 338*e0c4386eSCy Schubert my $ext; 339*e0c4386eSCy Schubert 340*e0c4386eSCy Schubert if ($testtype == EMPTY_EXTENSION) { 341*e0c4386eSCy Schubert $ext = pack "C", 342*e0c4386eSCy Schubert 0x00; #List length 343*e0c4386eSCy Schubert } elsif ($testtype == NON_DHE_KEX_MODE_ONLY) { 344*e0c4386eSCy Schubert $ext = pack "C2", 345*e0c4386eSCy Schubert 0x01, #List length 346*e0c4386eSCy Schubert 0x00; #psk_ke 347*e0c4386eSCy Schubert } elsif ($testtype == DHE_KEX_MODE_ONLY) { 348*e0c4386eSCy Schubert $ext = pack "C2", 349*e0c4386eSCy Schubert 0x01, #List length 350*e0c4386eSCy Schubert 0x01; #psk_dhe_ke 351*e0c4386eSCy Schubert } elsif ($testtype == UNKNOWN_KEX_MODES) { 352*e0c4386eSCy Schubert $ext = pack "C3", 353*e0c4386eSCy Schubert 0x02, #List length 354*e0c4386eSCy Schubert 0xfe, #unknown 355*e0c4386eSCy Schubert 0xff; #unknown 356*e0c4386eSCy Schubert } elsif ($testtype == BOTH_KEX_MODES) { 357*e0c4386eSCy Schubert #We deliberately list psk_ke first...should still use psk_dhe_ke 358*e0c4386eSCy Schubert $ext = pack "C3", 359*e0c4386eSCy Schubert 0x02, #List length 360*e0c4386eSCy Schubert 0x00, #psk_ke 361*e0c4386eSCy Schubert 0x01; #psk_dhe_ke 362*e0c4386eSCy Schubert } 363*e0c4386eSCy Schubert 364*e0c4386eSCy Schubert if ($testtype == DELETE_EXTENSION) { 365*e0c4386eSCy Schubert $message->delete_extension( 366*e0c4386eSCy Schubert TLSProxy::Message::EXT_PSK_KEX_MODES); 367*e0c4386eSCy Schubert } else { 368*e0c4386eSCy Schubert $message->set_extension( 369*e0c4386eSCy Schubert TLSProxy::Message::EXT_PSK_KEX_MODES, $ext); 370*e0c4386eSCy Schubert } 371*e0c4386eSCy Schubert 372*e0c4386eSCy Schubert $message->repack(); 373*e0c4386eSCy Schubert } 374*e0c4386eSCy Schubert } 375*e0c4386eSCy Schubert} 376