70-test_tls13messages.t@ 99507

最後變更在這個檔案從99507是 94320,由 vboxsync 提交於 3 年前
libs/openssl-3.0.1: Export to OSE and fix copyright headers in Makefiles, bugref:10128
檔案大小: 16.5 KB

行
1	#! /usr/bin/env perl
2	# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3	#
4	# Licensed under the Apache License 2.0 (the "License"). You may not use
5	# this file except in compliance with the License. You can obtain a copy
6	# in the file LICENSE in the source distribution or at
7	# https://www.openssl.org/source/license.html
8
9	use strict;
10	use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
11	use OpenSSL::Test::Utils;
12	use File::Temp qw(tempfile);
13	use TLSProxy::Proxy;
14	use checkhandshake qw(checkhandshake @handmessages @extensions);
15
16	my $test_name = "test_tls13messages";
17	setup($test_name);
18
19	plan skip_all => "TLSProxy isn't usable on $^O"
20	if $^O =~ /^(VMS)$/;
21
22	plan skip_all => "$test_name needs the dynamic engine feature enabled"
23	if disabled("engine") \|\| disabled("dynamic-engine");
24
25	plan skip_all => "$test_name needs the sock feature enabled"
26	if disabled("sock");
27
28	plan skip_all => "$test_name needs TLSv1.3 enabled"
29	if disabled("tls1_3");
30
31	plan skip_all => "$test_name needs EC enabled"
32	if disabled("ec");
33
34	$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
35
36	@handmessages = (
37	[TLSProxy::Message::MT_CLIENT_HELLO,
38	checkhandshake::ALL_HANDSHAKES],
39	[TLSProxy::Message::MT_SERVER_HELLO,
40	checkhandshake::HRR_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE],
41	[TLSProxy::Message::MT_CLIENT_HELLO,
42	checkhandshake::HRR_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE],
43	[TLSProxy::Message::MT_SERVER_HELLO,
44	checkhandshake::ALL_HANDSHAKES],
45	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS,
46	checkhandshake::ALL_HANDSHAKES],
47	[TLSProxy::Message::MT_CERTIFICATE_REQUEST,
48	checkhandshake::CLIENT_AUTH_HANDSHAKE],
49	[TLSProxy::Message::MT_CERTIFICATE,
50	checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE)],
51	[TLSProxy::Message::MT_CERTIFICATE_VERIFY,
52	checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE \| checkhandshake::HRR_RESUME_HANDSHAKE)],
53	[TLSProxy::Message::MT_FINISHED,
54	checkhandshake::ALL_HANDSHAKES],
55	[TLSProxy::Message::MT_CERTIFICATE,
56	checkhandshake::CLIENT_AUTH_HANDSHAKE],
57	[TLSProxy::Message::MT_CERTIFICATE_VERIFY,
58	checkhandshake::CLIENT_AUTH_HANDSHAKE],
59	[TLSProxy::Message::MT_FINISHED,
60	checkhandshake::ALL_HANDSHAKES],
61	[0, 0]
62	);
63
64	@extensions = (
65	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
66	TLSProxy::Message::CLIENT,
67	checkhandshake::SERVER_NAME_CLI_EXTENSION],
68	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
69	TLSProxy::Message::CLIENT,
70	checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
71	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
72	TLSProxy::Message::CLIENT,
73	checkhandshake::DEFAULT_EXTENSIONS],
74	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
75	TLSProxy::Message::CLIENT,
76	checkhandshake::DEFAULT_EXTENSIONS],
77	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
78	TLSProxy::Message::CLIENT,
79	checkhandshake::DEFAULT_EXTENSIONS],
80	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
81	TLSProxy::Message::CLIENT,
82	checkhandshake::ALPN_CLI_EXTENSION],
83	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
84	TLSProxy::Message::CLIENT,
85	checkhandshake::SCT_CLI_EXTENSION],
86	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
87	TLSProxy::Message::CLIENT,
88	checkhandshake::DEFAULT_EXTENSIONS],
89	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
90	TLSProxy::Message::CLIENT,
91	checkhandshake::DEFAULT_EXTENSIONS],
92	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
93	TLSProxy::Message::CLIENT,
94	checkhandshake::DEFAULT_EXTENSIONS],
95	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
96	TLSProxy::Message::CLIENT,
97	checkhandshake::DEFAULT_EXTENSIONS],
98	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
99	TLSProxy::Message::CLIENT,
100	checkhandshake::DEFAULT_EXTENSIONS],
101	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
102	TLSProxy::Message::CLIENT,
103	checkhandshake::DEFAULT_EXTENSIONS],
104	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
105	TLSProxy::Message::CLIENT,
106	checkhandshake::PSK_CLI_EXTENSION],
107	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
108	TLSProxy::Message::CLIENT,
109	checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
110
111	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
112	TLSProxy::Message::SERVER,
113	checkhandshake::DEFAULT_EXTENSIONS],
114	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
115	TLSProxy::Message::SERVER,
116	checkhandshake::KEY_SHARE_HRR_EXTENSION],
117
118	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
119	TLSProxy::Message::CLIENT,
120	checkhandshake::SERVER_NAME_CLI_EXTENSION],
121	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
122	TLSProxy::Message::CLIENT,
123	checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
124	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
125	TLSProxy::Message::CLIENT,
126	checkhandshake::DEFAULT_EXTENSIONS],
127	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
128	TLSProxy::Message::CLIENT,
129	checkhandshake::DEFAULT_EXTENSIONS],
130	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
131	TLSProxy::Message::CLIENT,
132	checkhandshake::DEFAULT_EXTENSIONS],
133	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
134	TLSProxy::Message::CLIENT,
135	checkhandshake::ALPN_CLI_EXTENSION],
136	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
137	TLSProxy::Message::CLIENT,
138	checkhandshake::SCT_CLI_EXTENSION],
139	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
140	TLSProxy::Message::CLIENT,
141	checkhandshake::DEFAULT_EXTENSIONS],
142	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
143	TLSProxy::Message::CLIENT,
144	checkhandshake::DEFAULT_EXTENSIONS],
145	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
146	TLSProxy::Message::CLIENT,
147	checkhandshake::DEFAULT_EXTENSIONS],
148	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
149	TLSProxy::Message::CLIENT,
150	checkhandshake::DEFAULT_EXTENSIONS],
151	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
152	TLSProxy::Message::CLIENT,
153	checkhandshake::DEFAULT_EXTENSIONS],
154	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
155	TLSProxy::Message::CLIENT,
156	checkhandshake::DEFAULT_EXTENSIONS],
157	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
158	TLSProxy::Message::CLIENT,
159	checkhandshake::PSK_CLI_EXTENSION],
160	[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
161	TLSProxy::Message::CLIENT,
162	checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
163
164	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
165	TLSProxy::Message::SERVER,
166	checkhandshake::DEFAULT_EXTENSIONS],
167	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
168	TLSProxy::Message::SERVER,
169	checkhandshake::DEFAULT_EXTENSIONS],
170	[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
171	TLSProxy::Message::SERVER,
172	checkhandshake::PSK_SRV_EXTENSION],
173
174	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
175	TLSProxy::Message::SERVER,
176	checkhandshake::SERVER_NAME_SRV_EXTENSION],
177	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
178	TLSProxy::Message::SERVER,
179	checkhandshake::ALPN_SRV_EXTENSION],
180	[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
181	TLSProxy::Message::SERVER,
182	checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION],
183
184	[TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS,
185	TLSProxy::Message::SERVER,
186	checkhandshake::DEFAULT_EXTENSIONS],
187
188	[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
189	TLSProxy::Message::SERVER,
190	checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
191	[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT,
192	TLSProxy::Message::SERVER,
193	checkhandshake::SCT_SRV_EXTENSION],
194
195	[0,0,0,0]
196	);
197
198	my $proxy = TLSProxy::Proxy->new(
199	undef,
200	cmdstr(app(["openssl"]), display => 1),
201	srctop_file("apps", "server.pem"),
202	(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})
203	);
204
205	#Test 1: Check we get all the right messages for a default handshake
206	(undef, my $session) = tempfile();
207	$proxy->serverconnects(2);
208	$proxy->clientflags("-sess_out ".$session);
209	$proxy->sessionfile($session);
210	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
211	plan tests => 17;
212	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
213	checkhandshake::DEFAULT_EXTENSIONS,
214	"Default handshake test");
215
216	#Test 2: Resumption handshake
217	$proxy->clearClient();
218	$proxy->clientflags("-sess_in ".$session);
219	$proxy->clientstart();
220	checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
221	(checkhandshake::DEFAULT_EXTENSIONS
222	\| checkhandshake::PSK_CLI_EXTENSION
223	\| checkhandshake::PSK_SRV_EXTENSION),
224	"Resumption handshake test");
225
226	SKIP: {
227	skip "No OCSP support in this OpenSSL build", 4
228	if disabled("ct") \|\| disabled("ec") \|\| disabled("ocsp");
229	#Test 3: A status_request handshake (client request only)
230	$proxy->clear();
231	$proxy->clientflags("-status");
232	$proxy->start();
233	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
234	checkhandshake::DEFAULT_EXTENSIONS
235	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION,
236	"status_request handshake test (client)");
237
238	#Test 4: A status_request handshake (server support only)
239	$proxy->clear();
240	$proxy->serverflags("-status_file "
241	.srctop_file("test", "recipes", "ocsp-response.der"));
242	$proxy->start();
243	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
244	checkhandshake::DEFAULT_EXTENSIONS,
245	"status_request handshake test (server)");
246
247	#Test 5: A status_request handshake (client and server)
248	$proxy->clear();
249	$proxy->clientflags("-status");
250	$proxy->serverflags("-status_file "
251	.srctop_file("test", "recipes", "ocsp-response.der"));
252	$proxy->start();
253	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
254	checkhandshake::DEFAULT_EXTENSIONS
255	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
256	\| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
257	"status_request handshake test");
258
259	#Test 6: A status_request handshake (client and server) with client auth
260	$proxy->clear();
261	$proxy->clientflags("-status -enable_pha -cert "
262	.srctop_file("apps", "server.pem"));
263	$proxy->serverflags("-Verify 5 -status_file "
264	.srctop_file("test", "recipes", "ocsp-response.der"));
265	$proxy->start();
266	checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
267	checkhandshake::DEFAULT_EXTENSIONS
268	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
269	\| checkhandshake::STATUS_REQUEST_SRV_EXTENSION
270	\| checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
271	"status_request handshake with client auth test");
272	}
273
274	#Test 7: A client auth handshake
275	$proxy->clear();
276	$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem"));
277	$proxy->serverflags("-Verify 5");
278	$proxy->start();
279	checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
280	checkhandshake::DEFAULT_EXTENSIONS \|
281	checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
282	"Client auth handshake test");
283
284	#Test 8: Server name handshake (no client request)
285	$proxy->clear();
286	$proxy->clientflags("-noservername");
287	$proxy->start();
288	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
289	checkhandshake::DEFAULT_EXTENSIONS
290	& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
291	"Server name handshake test (client)");
292
293	#Test 9: Server name handshake (server support only)
294	$proxy->clear();
295	$proxy->clientflags("-noservername");
296	$proxy->serverflags("-servername testhost");
297	$proxy->start();
298	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
299	checkhandshake::DEFAULT_EXTENSIONS
300	& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
301	"Server name handshake test (server)");
302
303	#Test 10: Server name handshake (client and server)
304	$proxy->clear();
305	$proxy->clientflags("-servername testhost");
306	$proxy->serverflags("-servername testhost");
307	$proxy->start();
308	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
309	checkhandshake::DEFAULT_EXTENSIONS
310	\| checkhandshake::SERVER_NAME_SRV_EXTENSION,
311	"Server name handshake test");
312
313	#Test 11: ALPN handshake (client request only)
314	$proxy->clear();
315	$proxy->clientflags("-alpn test");
316	$proxy->start();
317	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
318	checkhandshake::DEFAULT_EXTENSIONS
319	\| checkhandshake::ALPN_CLI_EXTENSION,
320	"ALPN handshake test (client)");
321
322	#Test 12: ALPN handshake (server support only)
323	$proxy->clear();
324	$proxy->serverflags("-alpn test");
325	$proxy->start();
326	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
327	checkhandshake::DEFAULT_EXTENSIONS,
328	"ALPN handshake test (server)");
329
330	#Test 13: ALPN handshake (client and server)
331	$proxy->clear();
332	$proxy->clientflags("-alpn test");
333	$proxy->serverflags("-alpn test");
334	$proxy->start();
335	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
336	checkhandshake::DEFAULT_EXTENSIONS
337	\| checkhandshake::ALPN_CLI_EXTENSION
338	\| checkhandshake::ALPN_SRV_EXTENSION,
339	"ALPN handshake test");
340
341	SKIP: {
342	skip "No CT, EC or OCSP support in this OpenSSL build", 1
343	if disabled("ct") \|\| disabled("ec") \|\| disabled("ocsp");
344
345	#Test 14: SCT handshake (client request only)
346	$proxy->clear();
347	#Note: -ct also sends status_request
348	$proxy->clientflags("-ct");
349	$proxy->serverflags("-status_file "
350	.srctop_file("test", "recipes", "ocsp-response.der")
351	." -serverinfo ".srctop_file("test", "serverinfo2.pem"));
352	$proxy->start();
353	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
354	checkhandshake::DEFAULT_EXTENSIONS
355	\| checkhandshake::SCT_CLI_EXTENSION
356	\| checkhandshake::SCT_SRV_EXTENSION
357	\| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
358	\| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
359	"SCT handshake test");
360	}
361
362	#Test 15: HRR Handshake
363	$proxy->clear();
364	$proxy->serverflags("-curves P-256");
365	$proxy->start();
366	checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE,
367	checkhandshake::DEFAULT_EXTENSIONS
368	\| checkhandshake::KEY_SHARE_HRR_EXTENSION,
369	"HRR handshake test");
370
371	#Test 16: Resumption handshake with HRR
372	$proxy->clear();
373	$proxy->clientflags("-sess_in ".$session);
374	$proxy->serverflags("-curves P-256");
375	$proxy->start();
376	checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
377	(checkhandshake::DEFAULT_EXTENSIONS
378	\| checkhandshake::KEY_SHARE_HRR_EXTENSION
379	\| checkhandshake::PSK_CLI_EXTENSION
380	\| checkhandshake::PSK_SRV_EXTENSION),
381	"Resumption handshake with HRR test");
382
383	#Test 17: Acceptable but non preferred key_share
384	$proxy->clear();
385	$proxy->clientflags("-curves P-256");
386	$proxy->start();
387	checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
388	checkhandshake::DEFAULT_EXTENSIONS
389	\| checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION,
390	"Acceptable but non preferred key_share");
391
392	unlink $session;

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.0.7/test/recipes/70-test_tls13messages.t@ 99507

以其他格式下載: