2 # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
9 package checkhandshake;
11 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
12 use OpenSSL::Test::Utils;
16 our @ISA = 'Exporter';
17 our @EXPORT = qw(@handmessages @extensions checkhandshake);
20 DEFAULT_HANDSHAKE => 1,
22 RESUME_HANDSHAKE => 4,
23 CLIENT_AUTH_HANDSHAKE => 8,
24 RENEG_HANDSHAKE => 16,
32 #DEFAULT ALSO INCLUDES SESSION_TICKET_SRV_EXTENSION
33 DEFAULT_EXTENSIONS => 0x00000003,
34 SESSION_TICKET_SRV_EXTENSION => 0x00000002,
35 SERVER_NAME_CLI_EXTENSION => 0x00000004,
36 SERVER_NAME_SRV_EXTENSION => 0x00000008,
37 STATUS_REQUEST_CLI_EXTENSION => 0x00000010,
38 STATUS_REQUEST_SRV_EXTENSION => 0x00000020,
39 ALPN_CLI_EXTENSION => 0x00000040,
40 ALPN_SRV_EXTENSION => 0x00000080,
41 SCT_CLI_EXTENSION => 0x00000100,
42 SCT_SRV_EXTENSION => 0x00000200,
43 RENEGOTIATE_CLI_EXTENSION => 0x00000400,
44 NPN_CLI_EXTENSION => 0x00000800,
45 NPN_SRV_EXTENSION => 0x00001000,
46 SRP_CLI_EXTENSION => 0x00002000,
47 #Client side for ec point formats is a default extension
48 EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,
49 PSK_CLI_EXTENSION => 0x00008000,
50 PSK_SRV_EXTENSION => 0x00010000,
51 KEY_SHARE_SRV_EXTENSION => 0x00020000,
52 PSK_KEX_MODES_EXTENSION => 0x00040000
55 our @handmessages = ();
58 sub checkhandshake($$$$)
60 my ($proxy, $handtype, $exttype, $testname) = @_;
62 subtest $testname => sub {
66 my $clienthelloseen = 0;
68 #First count the number of tests
69 for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
70 $numtests++ if (($handmessages[$loop][1] & $handtype) != 0);
73 #Add number of extensions we check plus 2 for the number of messages
74 #that contain extensions
75 $numtests += $#extensions + 2;
76 #In a renegotiation we will have double the number of extension tests
77 if (($handtype & RENEG_HANDSHAKE) != 0) {
78 $numtests += $#extensions + 2;
80 #In TLS1.3 there are 4 messages with extensions (i.e. 2 extra) and no
81 #renegotiations: 1 ClientHello, 1 ServerHello, 1 EncryptedExtensions,
83 $numtests += 2 if ($proxy->is_tls13());
84 #Except in Client auth where we have an extra Certificate message, and
85 #one extension gets checked twice (once in each Certificate message)
86 $numtests += 2 if ($proxy->is_tls13()
87 && ($handtype & CLIENT_AUTH_HANDSHAKE) != 0);
88 #And in a resumption handshake we don't get Certificate at all and the
89 #Certificate extension doesn't get checked at all
90 $numtests -= 2 if ($proxy->is_tls13()
91 && ($handtype & RESUME_HANDSHAKE) != 0);
93 plan tests => $numtests;
97 for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) {
98 next if (($handmessages[$loop][1] & $handtype) == 0);
99 if (scalar @{$proxy->message_list} > $nextmess) {
100 $message = ${$proxy->message_list}[$nextmess];
105 if (!defined $message) {
106 fail("Message type check. Got nothing, expected "
107 .$handmessages[$loop][0]);
110 ok($message->mt == $handmessages[$loop][0],
111 "Message type check. Got ".$message->mt
112 .", expected ".$handmessages[$loop][0]);
115 next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
116 && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
118 TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
119 && $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
121 next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
122 && !TLSProxy::Proxy::is_tls13();
124 if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) {
125 #Add renegotiate extension we will expect if renegotiating
126 $exttype |= RENEGOTIATE_CLI_EXTENSION if ($clienthelloseen);
127 $clienthelloseen = 1;
129 #Now check that we saw the extensions we expected
130 my $msgexts = $message->extension_data();
132 for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0;
134 next if ($message->mt() != $extensions[$extloop][0]);
135 ok (($extensions[$extloop][2] & $exttype) == 0
136 || defined ($msgexts->{$extensions[$extloop][1]}),
137 "Extension presence check (Message: ".$message->mt()
138 ." Extension: ".($extensions[$extloop][2] & $exttype).", "
140 $extcount++ if (($extensions[$extloop][2] & $exttype) != 0);
142 ok($extcount == keys %$msgexts, "Extensions count mismatch ("
143 .$extcount.", ".(keys %$msgexts)