test/ssl-tests/18-dtls-renegotiate.conf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test Renegotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16 use OpenSSL::Test::Utils;
  17
  18 our @tests = ();
  19
  20 foreach my $sctp ("No", "Yes")
  21 {
  22     next if disabled("sctp") && $sctp eq "Yes";
  23
  24     my $suffix = ($sctp eq "No") ? "" : "-sctp";
  25     our @tests_basic = (
  26         {
  27             name => "renegotiate-client-no-resume".$suffix,
  28             server => {
  29                 "Options" => "NoResumptionOnRenegotiation"
  30             },
  31             client => {},
  32             test => {
  33                 "Method" => "DTLS",
  34                 "UseSCTP" => $sctp,
  35                 "HandshakeMode" => "RenegotiateClient",
  36                 "ResumptionExpected" => "No",
  37                 "ExpectedResult" => "Success"
  38             }
  39         },
  40         {
  41             name => "renegotiate-client-resume".$suffix,
  42             server => {},
  43             client => {},
  44             test => {
  45                 "Method" => "DTLS",
  46                 "UseSCTP" => $sctp,
  47                 "HandshakeMode" => "RenegotiateClient",
  48                 "ResumptionExpected" => "Yes",
  49                 "ExpectedResult" => "Success"
  50             }
  51         },
  52         # Note: Unlike the TLS tests, we will never do resumption with server
  53         # initiated reneg. This is because an OpenSSL DTLS client will always do a full
  54         # handshake (i.e. it doesn't supply a session id) when it receives a
  55         # HelloRequest. This is different to the OpenSSL TLS implementation where an
  56         # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
  57         # the session id). This goes all the way to commit 48ae85b6f when abbreviated
  58         # handshake support was first added. Neither behaviour is wrong, but the
  59         # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
  60         # and if so, what to?
  61         {
  62             name => "renegotiate-server-resume".$suffix,
  63             server => {},
  64             client => {},
  65             test => {
  66                 "Method" => "DTLS",
  67                 "UseSCTP" => $sctp,
  68                 "HandshakeMode" => "RenegotiateServer",
  69                 "ResumptionExpected" => "No",
  70                 "ExpectedResult" => "Success"
  71             }
  72         },
  73         {
  74             name => "renegotiate-client-auth-require".$suffix,
  75             server => {
  76                 "VerifyCAFile" => test_pem("root-cert.pem"),
  77                 "VerifyMode" => "Require",
  78             },
  79             client => {
  80                 "Certificate" => test_pem("ee-client-chain.pem"),
  81                 "PrivateKey"  => test_pem("ee-key.pem"),
  82             },
  83             test => {
  84                 "Method" => "DTLS",
  85                 "UseSCTP" => $sctp,
  86                 "HandshakeMode" => "RenegotiateServer",
  87                 "ResumptionExpected" => "No",
  88                 "ExpectedResult" => "Success"
  89             }
  90         },
  91         {
  92             name => "renegotiate-client-auth-once".$suffix,
  93             server => {
  94                 "VerifyCAFile" => test_pem("root-cert.pem"),
  95                 "VerifyMode" => "Once",
  96             },
  97             client => {
  98                 "Certificate" => test_pem("ee-client-chain.pem"),
  99                 "PrivateKey"  => test_pem("ee-key.pem"),
 100             },
 101             test => {
 102                 "Method" => "DTLS",
 103                 "UseSCTP" => $sctp,
 104                 "HandshakeMode" => "RenegotiateServer",
 105                 "ResumptionExpected" => "No",
 106                 "ExpectedResult" => "Success"
 107             }
 108         }
 109     );
 110     push @tests, @tests_basic;
 111
 112     next if disabled("dtls1_2");
 113     our @tests_dtls1_2 = (
 114         {
 115             name => "renegotiate-aead-to-non-aead".$suffix,
 116             server => {
 117                 "Options" => "NoResumptionOnRenegotiation"
 118             },
 119             client => {
 120                 "CipherString" => "AES128-GCM-SHA256",
 121                 extra => {
 122                     "RenegotiateCiphers" => "AES128-SHA"
 123                 }
 124             },
 125             test => {
 126                 "Method" => "DTLS",
 127                 "UseSCTP" => $sctp,
 128                 "HandshakeMode" => "RenegotiateClient",
 129                 "ResumptionExpected" => "No",
 130                 "ExpectedResult" => "Success"
 131             }
 132         },
 133         {
 134             name => "renegotiate-non-aead-to-aead".$suffix,
 135             server => {
 136                 "Options" => "NoResumptionOnRenegotiation"
 137             },
 138             client => {
 139                 "CipherString" => "AES128-SHA",
 140                 extra => {
 141                     "RenegotiateCiphers" => "AES128-GCM-SHA256"
 142                 }
 143             },
 144             test => {
 145                 "Method" => "DTLS",
 146                 "UseSCTP" => $sctp,
 147                 "HandshakeMode" => "RenegotiateClient",
 148                 "ResumptionExpected" => "No",
 149                 "ExpectedResult" => "Success"
 150             }
 151         },
 152         {
 153             name => "renegotiate-non-aead-to-non-aead".$suffix,
 154             server => {
 155                 "Options" => "NoResumptionOnRenegotiation"
 156             },
 157             client => {
 158                 "CipherString" => "AES128-SHA",
 159                 extra => {
 160                     "RenegotiateCiphers" => "AES256-SHA"
 161                 }
 162             },
 163             test => {
 164                 "Method" => "DTLS",
 165                 "UseSCTP" => $sctp,
 166                 "HandshakeMode" => "RenegotiateClient",
 167                 "ResumptionExpected" => "No",
 168                 "ExpectedResult" => "Success"
 169             }
 170         },
 171         {
 172             name => "renegotiate-aead-to-aead".$suffix,
 173             server => {
 174                 "Options" => "NoResumptionOnRenegotiation"
 175             },
 176             client => {
 177                 "CipherString" => "AES128-GCM-SHA256",
 178                 extra => {
 179                     "RenegotiateCiphers" => "AES256-GCM-SHA384"
 180                 }
 181             },
 182             test => {
 183                 "Method" => "DTLS",
 184                 "UseSCTP" => $sctp,
 185                 "HandshakeMode" => "RenegotiateClient",
 186                 "ResumptionExpected" => "No",
 187                 "ExpectedResult" => "Success"
 188             }
 189         },
 190     );
 191     push @tests, @tests_dtls1_2;
 192 }