2 # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
9 package checkhandshake;
11 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
12 use OpenSSL::Test::Utils;
16 our @ISA = 'Exporter';
17 our @EXPORT = qw(@handmessages @extensions checkhandshake);
20 DEFAULT_HANDSHAKE => 1,
22 RESUME_HANDSHAKE => 4,
23 CLIENT_AUTH_HANDSHAKE => 8,
24 RENEG_HANDSHAKE => 16,
28 HRR_RESUME_HANDSHAKE => 256,
29 CERT_COMP_SRV_HANDSHAKE => 512,
30 CERT_COMP_CLI_HANDSHAKE => 1024,
31 CERT_COMP_BOTH_HANDSHAKE => 2048,
33 ALL_HANDSHAKES => 4095
37 #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI
38 DEFAULT_EXTENSIONS => 0x00000007,
39 SESSION_TICKET_SRV_EXTENSION => 0x00000002,
40 SERVER_NAME_CLI_EXTENSION => 0x00000004,
41 SERVER_NAME_SRV_EXTENSION => 0x00000008,
42 STATUS_REQUEST_CLI_EXTENSION => 0x00000010,
43 STATUS_REQUEST_SRV_EXTENSION => 0x00000020,
44 ALPN_CLI_EXTENSION => 0x00000040,
45 ALPN_SRV_EXTENSION => 0x00000080,
46 SCT_CLI_EXTENSION => 0x00000100,
47 SCT_SRV_EXTENSION => 0x00000200,
48 RENEGOTIATE_CLI_EXTENSION => 0x00000400,
49 NPN_CLI_EXTENSION => 0x00000800,
50 NPN_SRV_EXTENSION => 0x00001000,
51 SRP_CLI_EXTENSION => 0x00002000,
52 #Client side for ec point formats is a default extension
53 EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,
54 PSK_CLI_EXTENSION => 0x00008000,
55 PSK_SRV_EXTENSION => 0x00010000,
56 KEY_SHARE_SRV_EXTENSION => 0x00020000,
57 PSK_KEX_MODES_EXTENSION => 0x00040000,
58 KEY_SHARE_HRR_EXTENSION => 0x00080000,
59 SUPPORTED_GROUPS_SRV_EXTENSION => 0x00100000,
60 POST_HANDSHAKE_AUTH_CLI_EXTENSION => 0x00200000,
61 CERT_COMP_CLI_EXTENSION => 0x00400000,
62 CERT_COMP_SRV_EXTENSION => 0x00800000
65 our @handmessages = ();
68 sub checkhandshake($$$$)
70 my ($proxy, $handtype, $exttype, $testname) = @_;
72 subtest $testname => sub {
76 my $clienthelloseen = 0;
80 if (TLSProxy::Proxy::is_tls13()) {
81 #How many ServerHellos are we expecting?
82 for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
83 next if (($handmessages[$loop][1] & $handtype) == 0);
84 $numsh++ if ($lastmt != TLSProxy::Message::MT_SERVER_HELLO
85 && $handmessages[$loop][0] == TLSProxy::Message::MT_SERVER_HELLO);
86 $lastmt = $handmessages[$loop][0];
90 #First count the number of tests
95 if (!TLSProxy::Proxy::is_tls13()) {
96 # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
101 #If we're only expecting one ServerHello out of two then we skip the
102 #first ServerHello in the list completely
103 $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
105 for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
106 next if (($handmessages[$loop][1] & $handtype) == 0);
107 if (scalar @{$proxy->message_list} > $nextmess) {
108 $message = ${$proxy->message_list}[$nextmess];
115 next if (!defined $message);
116 if (TLSProxy::Proxy::is_tls13()) {
117 $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
118 $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
120 next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
121 && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
123 TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
124 && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
125 && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
127 next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
128 && !TLSProxy::Proxy::is_tls13();
132 for (my $extloop = 0;
133 $extensions[$extloop][3] != 0;
135 $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
136 && TLSProxy::Proxy::is_tls13();
137 $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
139 next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
140 && $extchnum != $chnum;
141 next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
142 && $extshnum != $shnum;
143 next if ($message->mt() != $extensions[$extloop][0]);
144 next if ($message->server() != $extensions[$extloop][2]);
150 plan tests => $numtests;
154 if (TLSProxy::Proxy::is_tls13()) {
158 # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
163 #If we're only expecting one ServerHello out of two then we skip the
164 #first ServerHello in the list completely
165 $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
166 for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) {
167 next if (($handmessages[$loop][1] & $handtype) == 0);
168 if (scalar @{$proxy->message_list} > $nextmess) {
169 $message = ${$proxy->message_list}[$nextmess];
174 if (!defined $message) {
175 fail("Message type check. Got nothing, expected "
176 .$handmessages[$loop][0]);
179 ok($message->mt == $handmessages[$loop][0],
180 "Message type check. Got ".$message->mt
181 .", expected ".$handmessages[$loop][0]);
183 if (TLSProxy::Proxy::is_tls13()) {
184 $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
185 $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
188 next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
189 && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
191 TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
192 && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
193 && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
195 next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
196 && !TLSProxy::Proxy::is_tls13();
198 if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) {
199 #Add renegotiate extension we will expect if renegotiating
200 $exttype |= RENEGOTIATE_CLI_EXTENSION
201 if ($clienthelloseen && !TLSProxy::Proxy::is_tls13());
202 $clienthelloseen = 1;
204 #Now check that we saw the extensions we expected
205 my $msgexts = $message->extension_data();
208 for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
210 #In TLSv1.3 we can have two ClientHellos if there has been a
211 #HelloRetryRequest, and they may have different extensions. Skip
212 #if these are extensions for a different ClientHello
213 $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
214 && TLSProxy::Proxy::is_tls13();
215 $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
217 next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
218 && $extchnum != $chnum;
219 next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
220 && $extshnum != $shnum;
221 next if ($message->mt() != $extensions[$extloop][0]);
222 next if ($message->server() != $extensions[$extloop][2]);
223 ok (($extensions[$extloop][3] & $exttype) == 0
224 || defined ($msgexts->{$extensions[$extloop][1]}),
225 "Extension presence check (Message: ".$message->mt()
226 ." Extension: ".($extensions[$extloop][3] & $exttype).", "
228 $extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
230 ok($extcount == keys %$msgexts, "Extensions count mismatch ("
231 .$extcount.", ".(keys %$msgexts)