test/recipes/70-test_tls13kexmodes.t

   1 #! /usr/bin/env perl
   2 # Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9 use strict;
  10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
  11 use OpenSSL::Test::Utils;
  12 use File::Temp qw(tempfile);
  13 use TLSProxy::Proxy;
  14 use checkhandshake qw(checkhandshake @handmessages @extensions);
  15
  16 my $test_name = "test_tls13kexmodes";
  17 setup($test_name);
  18
  19 plan skip_all => "TLSProxy isn't usable on $^O"
  20     if $^O =~ /^(VMS|MSWin32)$/;
  21
  22 plan skip_all => "$test_name needs the dynamic engine feature enabled"
  23     if disabled("engine") || disabled("dynamic-engine");
  24
  25 plan skip_all => "$test_name needs the sock feature enabled"
  26     if disabled("sock");
  27
  28 plan skip_all => "$test_name needs TLSv1.3 enabled"
  29     if disabled("tls1_3");
  30
  31 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
  32 $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
  33
  34
  35 @handmessages = (
  36     [TLSProxy::Message::MT_CLIENT_HELLO,
  37         checkhandshake::ALL_HANDSHAKES],
  38     [TLSProxy::Message::MT_HELLO_RETRY_REQUEST,
  39         checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE],
  40     [TLSProxy::Message::MT_CLIENT_HELLO,
  41         checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE],
  42     [TLSProxy::Message::MT_SERVER_HELLO,
  43         checkhandshake::ALL_HANDSHAKES],
  44     [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
  45         checkhandshake::ALL_HANDSHAKES],
  46     [TLSProxy::Message::MT_CERTIFICATE_REQUEST,
  47         checkhandshake::CLIENT_AUTH_HANDSHAKE],
  48     [TLSProxy::Message::MT_CERTIFICATE,
  49         checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)],
  50     [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
  51         checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)],
  52     [TLSProxy::Message::MT_FINISHED,
  53         checkhandshake::ALL_HANDSHAKES],
  54     [TLSProxy::Message::MT_CERTIFICATE,
  55         checkhandshake::CLIENT_AUTH_HANDSHAKE],
  56     [TLSProxy::Message::MT_CERTIFICATE_VERIFY,
  57         checkhandshake::CLIENT_AUTH_HANDSHAKE],
  58     [TLSProxy::Message::MT_FINISHED,
  59         checkhandshake::ALL_HANDSHAKES],
  60     [0, 0]
  61 );
  62
  63 @extensions = (
  64     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
  65         checkhandshake::SERVER_NAME_CLI_EXTENSION],
  66     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
  67         checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
  68     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
  69         checkhandshake::DEFAULT_EXTENSIONS],
  70     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
  71         checkhandshake::DEFAULT_EXTENSIONS],
  72     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
  73         checkhandshake::DEFAULT_EXTENSIONS],
  74     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
  75         checkhandshake::ALPN_CLI_EXTENSION],
  76     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
  77         checkhandshake::SCT_CLI_EXTENSION],
  78     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
  79         checkhandshake::DEFAULT_EXTENSIONS],
  80     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
  81         checkhandshake::DEFAULT_EXTENSIONS],
  82     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
  83         checkhandshake::DEFAULT_EXTENSIONS],
  84     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
  85         checkhandshake::DEFAULT_EXTENSIONS],
  86     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
  87         checkhandshake::DEFAULT_EXTENSIONS],
  88     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
  89         checkhandshake::PSK_KEX_MODES_EXTENSION],
  90     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
  91         checkhandshake::PSK_CLI_EXTENSION],
  92
  93     [TLSProxy::Message::MT_HELLO_RETRY_REQUEST, TLSProxy::Message::EXT_KEY_SHARE,
  94         checkhandshake::KEY_SHARE_HRR_EXTENSION],
  95
  96     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
  97         checkhandshake::SERVER_NAME_CLI_EXTENSION],
  98     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
  99         checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
 100     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
 101         checkhandshake::DEFAULT_EXTENSIONS],
 102     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
 103         checkhandshake::DEFAULT_EXTENSIONS],
 104     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
 105         checkhandshake::ALPN_CLI_EXTENSION],
 106     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
 107         checkhandshake::SCT_CLI_EXTENSION],
 108     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
 109         checkhandshake::DEFAULT_EXTENSIONS],
 110     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
 111         checkhandshake::DEFAULT_EXTENSIONS],
 112     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
 113         checkhandshake::PSK_KEX_MODES_EXTENSION],
 114     [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
 115         checkhandshake::PSK_CLI_EXTENSION],
 116
 117     [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
 118         checkhandshake::KEY_SHARE_SRV_EXTENSION],
 119     [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
 120         checkhandshake::PSK_SRV_EXTENSION],
 121
 122     [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
 123         checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
 124     [0,0,0]
 125 );
 126
 127 use constant {
 128     DELETE_EXTENSION => 0,
 129     EMPTY_EXTENSION => 1,
 130     NON_DHE_KEX_MODE_ONLY => 2,
 131     DHE_KEX_MODE_ONLY => 3,
 132     UNKNONW_KEX_MODES => 4,
 133     BOTH_KEX_MODES => 5
 134 };
 135
 136 my $proxy = TLSProxy::Proxy->new(
 137     undef,
 138     cmdstr(app(["openssl"]), display => 1),
 139     srctop_file("apps", "server.pem"),
 140     (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
 141 );
 142
 143 #Test 1: First get a session
 144 (undef, my $session) = tempfile();
 145 $proxy->clientflags("-sess_out ".$session);
 146 $proxy->sessionfile($session);
 147 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
 148 plan tests => 11;
 149 ok(TLSProxy::Message->success(), "Initial connection");
 150
 151 #Test 2: Attempt a resume with no kex modes extension. Should not resume
 152 $proxy->clear();
 153 $proxy->clientflags("-sess_in ".$session);
 154 my $testtype = DELETE_EXTENSION;
 155 $proxy->filter(\&modify_kex_modes_filter);
 156 $proxy->start();
 157 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
 158                checkhandshake::DEFAULT_EXTENSIONS
 159                | checkhandshake::KEY_SHARE_SRV_EXTENSION
 160                | checkhandshake::PSK_CLI_EXTENSION,
 161                "Resume with no kex modes");
 162
 163 #Test 3: Attempt a resume with empty kex modes extension. Should fail (empty
 164 #        extension is invalid)
 165 $proxy->clear();
 166 $proxy->clientflags("-sess_in ".$session);
 167 $testtype = EMPTY_EXTENSION;
 168 $proxy->start();
 169 ok(TLSProxy::Message->fail(), "Resume with empty kex modes");
 170
 171 #Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a
 172 #        key_share
 173 $proxy->clear();
 174 $proxy->clientflags("-allow_no_dhe_kex -sess_in ".$session);
 175 $proxy->serverflags("-allow_no_dhe_kex");
 176 $testtype = NON_DHE_KEX_MODE_ONLY;
 177 $proxy->start();
 178 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
 179                checkhandshake::DEFAULT_EXTENSIONS
 180                | checkhandshake::PSK_KEX_MODES_EXTENSION
 181                | checkhandshake::PSK_CLI_EXTENSION
 182                | checkhandshake::PSK_SRV_EXTENSION,
 183                "Resume with non-dhe kex mode");
 184
 185 #Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share
 186 $proxy->clear();
 187 $proxy->clientflags("-sess_in ".$session);
 188 $testtype = DHE_KEX_MODE_ONLY;
 189 $proxy->start();
 190 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
 191                checkhandshake::DEFAULT_EXTENSIONS
 192                | checkhandshake::PSK_KEX_MODES_EXTENSION
 193                | checkhandshake::KEY_SHARE_SRV_EXTENSION
 194                | checkhandshake::PSK_CLI_EXTENSION
 195                | checkhandshake::PSK_SRV_EXTENSION,
 196                "Resume with non-dhe kex mode");
 197
 198 #Test 6: Attempt a resume with only unrecognised kex modes. Should not resume
 199 $proxy->clear();
 200 $proxy->clientflags("-sess_in ".$session);
 201 $testtype = UNKNONW_KEX_MODES;
 202 $proxy->start();
 203 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
 204                checkhandshake::DEFAULT_EXTENSIONS
 205                | checkhandshake::PSK_KEX_MODES_EXTENSION
 206                | checkhandshake::KEY_SHARE_SRV_EXTENSION
 207                | checkhandshake::PSK_CLI_EXTENSION,
 208                "Resume with empty kex modes");
 209
 210 #Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with
 211 #        a key_share
 212 $proxy->clear();
 213 $proxy->clientflags("-sess_in ".$session);
 214 $testtype = BOTH_KEX_MODES;
 215 $proxy->start();
 216 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
 217                checkhandshake::DEFAULT_EXTENSIONS
 218                | checkhandshake::PSK_KEX_MODES_EXTENSION
 219                | checkhandshake::KEY_SHARE_SRV_EXTENSION
 220                | checkhandshake::PSK_CLI_EXTENSION
 221                | checkhandshake::PSK_SRV_EXTENSION,
 222                "Resume with non-dhe kex mode");
 223
 224 #Test 8: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable
 225 #        initial key_share. Should resume with a key_share following an HRR
 226 $proxy->clear();
 227 $proxy->clientflags("-sess_in ".$session);
 228 $proxy->serverflags("-curves P-256");
 229 $testtype = BOTH_KEX_MODES;
 230 $proxy->start();
 231 checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
 232                checkhandshake::DEFAULT_EXTENSIONS
 233                | checkhandshake::PSK_KEX_MODES_EXTENSION
 234                | checkhandshake::KEY_SHARE_SRV_EXTENSION
 235                | checkhandshake::KEY_SHARE_HRR_EXTENSION
 236                | checkhandshake::PSK_CLI_EXTENSION
 237                | checkhandshake::PSK_SRV_EXTENSION,
 238                "Resume with both kex modes and HRR");
 239
 240 #Test 9: Attempt a resume with dhe kex mode only and an unnacceptable initial
 241 #        key_share. Should resume with a key_share following an HRR
 242 $proxy->clear();
 243 $proxy->clientflags("-sess_in ".$session);
 244 $proxy->serverflags("-curves P-256");
 245 $testtype = DHE_KEX_MODE_ONLY;
 246 $proxy->start();
 247 checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
 248                checkhandshake::DEFAULT_EXTENSIONS
 249                | checkhandshake::PSK_KEX_MODES_EXTENSION
 250                | checkhandshake::KEY_SHARE_SRV_EXTENSION
 251                | checkhandshake::KEY_SHARE_HRR_EXTENSION
 252                | checkhandshake::PSK_CLI_EXTENSION
 253                | checkhandshake::PSK_SRV_EXTENSION,
 254                "Resume with dhe kex mode and HRR");
 255
 256 #Test 10: Attempt a resume with both non-dhe and dhe kex mode, unacceptable
 257 #         initial key_share and no overlapping groups. Should resume without a
 258 #         key_share
 259 $proxy->clear();
 260 $proxy->clientflags("-allow_no_dhe_kex -curves P-384 -sess_in ".$session);
 261 $proxy->serverflags("-allow_no_dhe_kex -curves P-256");
 262 $testtype = BOTH_KEX_MODES;
 263 $proxy->start();
 264 checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
 265                checkhandshake::DEFAULT_EXTENSIONS
 266                | checkhandshake::PSK_KEX_MODES_EXTENSION
 267                | checkhandshake::PSK_CLI_EXTENSION
 268                | checkhandshake::PSK_SRV_EXTENSION,
 269                "Resume with both kex modes, no overlapping groups");
 270
 271 #Test 11: Attempt a resume with dhe kex mode only, unacceptable
 272 #         initial key_share and no overlapping groups. Should fail
 273 $proxy->clear();
 274 $proxy->clientflags("-curves P-384 -sess_in ".$session);
 275 $proxy->serverflags("-curves P-256");
 276 $testtype = DHE_KEX_MODE_ONLY;
 277 $proxy->start();
 278 ok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups");
 279
 280 unlink $session;
 281
 282 sub modify_kex_modes_filter
 283 {
 284     my $proxy = shift;
 285
 286     # We're only interested in the initial ClientHello
 287     return if ($proxy->flight != 0);
 288
 289     foreach my $message (@{$proxy->message_list}) {
 290         if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
 291             my $ext;
 292
 293             if ($testtype == EMPTY_EXTENSION) {
 294                 $ext = pack "C",
 295                     0x00;       #List length
 296             } elsif ($testtype == NON_DHE_KEX_MODE_ONLY) {
 297                 $ext = pack "C2",
 298                     0x01,       #List length
 299                     0x00;       #psk_ke
 300             } elsif ($testtype == DHE_KEX_MODE_ONLY) {
 301                 $ext = pack "C2",
 302                     0x01,       #List length
 303                     0x01;       #psk_dhe_ke
 304             } elsif ($testtype == UNKNONW_KEX_MODES) {
 305                 $ext = pack "C3",
 306                     0x02,       #List length
 307                     0xfe,       #unknown
 308                     0xff;       #unknown
 309             } elsif ($testtype == BOTH_KEX_MODES) {
 310                 #We deliberately list psk_ke first...should still use psk_dhe_ke
 311                 $ext = pack "C3",
 312                     0x02,       #List length
 313                     0x00,       #psk_ke
 314                     0x01;       #psk_dhe_ke
 315             }
 316
 317             if ($testtype == DELETE_EXTENSION) {
 318                 $message->delete_extension(
 319                     TLSProxy::Message::EXT_PSK_KEX_MODES);
 320             } else {
 321                 $message->set_extension(
 322                     TLSProxy::Message::EXT_PSK_KEX_MODES, $ext);
 323             }
 324
 325             $message->repack();
 326         }
 327     }
 328 }