Provide a test for the Encrypt-Then-Mac renegotiation crash
[openssl.git] / test / ssl-tests / 18-dtls-renegotiate.conf.in
1 # -*- mode: perl; -*-
2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the OpenSSL license (the "License").  You may not use
5 # this file except in compliance with the License.  You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 ## Test Renegotiation
11
12 use strict;
13 use warnings;
14
15 package ssltests;
16
17 my $dir_sep = $^O ne "VMS" ? "/" : "";
18
19 our @tests = (
20     {
21         name => "renegotiate-client-no-resume",
22         server => {
23             "Options" => "NoResumptionOnRenegotiation"
24         },
25         client => {},
26         test => {
27             "Method" => "DTLS",
28             "HandshakeMode" => "RenegotiateClient",
29             "ResumptionExpected" => "No",
30             "ExpectedResult" => "Success"
31         }
32     },
33     {
34         name => "renegotiate-client-resume",
35         server => {},
36         client => {},
37         test => {
38             "Method" => "DTLS",
39             "HandshakeMode" => "RenegotiateClient",
40             "ResumptionExpected" => "Yes",
41             "ExpectedResult" => "Success"
42         }
43     },
44 # Note: Unlike the TLS tests, we will never do resumption with server
45 # initiated reneg. This is because an OpenSSL DTLS client will always do a full
46 # handshake (i.e. it doesn't supply a session id) when it receives a
47 # HelloRequest. This is different to the OpenSSL TLS implementation where an
48 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
49 # the session id). This goes all the way to commit 48ae85b6f when abbreviated
50 # handshake support was first added. Neither behaviour is wrong, but the
51 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
52 # and if so, what to?
53     {
54         name => "renegotiate-server-resume",
55         server => {},
56         client => {},
57         test => {
58             "Method" => "DTLS",
59             "HandshakeMode" => "RenegotiateServer",
60             "ResumptionExpected" => "No",
61             "ExpectedResult" => "Success"
62         }
63     },
64     {
65         name => "renegotiate-client-auth-require",
66         server => {
67             "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
68             "VerifyMode" => "Require",
69         },
70         client => {
71             "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
72             "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
73         },
74         test => {
75             "Method" => "DTLS",
76             "HandshakeMode" => "RenegotiateServer",
77             "ResumptionExpected" => "No",
78             "ExpectedResult" => "Success"
79         }
80     },
81     {
82         name => "renegotiate-client-auth-once",
83         server => {
84             "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
85             "VerifyMode" => "Once",
86         },
87         client => {
88             "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
89             "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
90         },
91         test => {
92             "Method" => "DTLS",
93             "HandshakeMode" => "RenegotiateServer",
94             "ResumptionExpected" => "No",
95             "ExpectedResult" => "Success"
96         }
97     },
98     {
99         name => "renegotiate-aead-to-non-aead",
100         server => {
101             "Options" => "NoResumptionOnRenegotiation"
102         },
103         client => {
104             "CipherString" => "AES128-GCM-SHA256",
105             extra => {
106                 "RenegotiateCiphers" => "AES128-SHA"
107             }
108         },
109         test => {
110             "Method" => "DTLS",
111             "HandshakeMode" => "RenegotiateClient",
112             "ResumptionExpected" => "No",
113             "ExpectedResult" => "Success"
114         }
115     },
116     {
117         name => "renegotiate-non-aead-to-aead",
118         server => {
119             "Options" => "NoResumptionOnRenegotiation"
120         },
121         client => {
122             "CipherString" => "AES128-SHA",
123             extra => {
124                 "RenegotiateCiphers" => "AES128-GCM-SHA256"
125             }
126         },
127         test => {
128             "Method" => "DTLS",
129             "HandshakeMode" => "RenegotiateClient",
130             "ResumptionExpected" => "No",
131             "ExpectedResult" => "Success"
132         }
133     },
134     {
135         name => "renegotiate-non-aead-to-non-aead",
136         server => {
137             "Options" => "NoResumptionOnRenegotiation"
138         },
139         client => {
140             "CipherString" => "AES128-SHA",
141             extra => {
142                 "RenegotiateCiphers" => "AES256-SHA"
143             }
144         },
145         test => {
146             "Method" => "DTLS",
147             "HandshakeMode" => "RenegotiateClient",
148             "ResumptionExpected" => "No",
149             "ExpectedResult" => "Success"
150         }
151     },
152     {
153         name => "renegotiate-aead-to-aead",
154         server => {
155             "Options" => "NoResumptionOnRenegotiation"
156         },
157         client => {
158             "CipherString" => "AES128-GCM-SHA256",
159             extra => {
160                 "RenegotiateCiphers" => "AES256-GCM-SHA384"
161             }
162         },
163         test => {
164             "Method" => "DTLS",
165             "HandshakeMode" => "RenegotiateClient",
166             "ResumptionExpected" => "No",
167             "ExpectedResult" => "Success"
168         }
169     },
170 );