Add more TLS1.3 record tests

[openssl.git] / test / recipes / 70-test_sslrecords.t

diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index e6f7a36c05d9bdce16203976ce5501b2511b7be8..f69905882590f7729d9a9d573452d86da8016c29 100644 (file)
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -44,7 +44,7 @@ if (!disabled("tls1_1")) {
     $num_tests++;
 }
 if (!disabled("tls1_3")) {
-    $num_tests++;
+    $num_tests += 3;
 }
 plan tests => $num_tests;
 ok(TLSProxy::Message->fail(), "Out of context empty records test");
@@ -148,13 +148,28 @@ $proxy->filter(\&change_version);
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2");
 
-#Test 13: Sending a different record version in TLS1.3 should succeed
+#TLS1.3 specific tests
 if (!disabled("tls1_3")) {
+    #Test 13: Sending a different record version in TLS1.3 should succeed
     $proxy->clear();
     $proxy->filter(\&change_version);
     $proxy->start();
     ok(TLSProxy::Message->success(), "Changed record version in TLS1.3");
-}
+
+    #Test 14: Sending an unrecognised record type in TLS1.3 should fail
+    $proxy->clear();
+    $proxy->filter(\&add_unknown_record_type);
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3");
+
+    #Test 15: Sending an outer record type other than app data once encrypted
+    #should fail
+    $proxy->clear();
+    $proxy->filter(\&change_outer_record_type);
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3");
+ }
+
 
 sub add_empty_recs_filter
 {
@@ -388,13 +403,13 @@ sub add_unknown_record_type
     my $proxy = shift;
 
     # We'll change a record after the initial version neg has taken place
-    if ($proxy->flight != 2) {
+    if ($proxy->flight != 1) {
         return;
     }
 
     my $lastrec = ${$proxy->record_list}[-1];
     my $record = TLSProxy::Record->new(
-        2,
+        1,
         TLSProxy::Record::RT_UNKNOWN,
         $lastrec->version(),
         1,
@@ -405,7 +420,14 @@ sub add_unknown_record_type
         "X"
     );
 
-    unshift @{$proxy->record_list}, $record;
+    #Find ServerHello record and insert after that
+    my $i;
+    for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+        next;
+    }
+    $i++;
+
+    splice @{$proxy->record_list}, $i, 0, $record;
 }
 
 sub change_version
@@ -419,3 +441,21 @@ sub change_version
 
     (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1);
 }
+
+sub change_outer_record_type
+{
+    my $proxy = shift;
+
+    # We'll change a record after the initial version neg has taken place
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    #Find ServerHello record and change record after that
+    my $i;
+    for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+        next;
+    }
+    $i++;
+    ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE);
+}