1e0c4386eSCy Schubert#! /usr/bin/env perl 2*e7be843bSPierre Pronchery# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3e0c4386eSCy Schubert# 4e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8e0c4386eSCy Schubert 9e0c4386eSCy Schubertuse strict; 10e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 12e0c4386eSCy Schubertuse File::Temp qw(tempfile); 13e0c4386eSCy Schubertuse TLSProxy::Proxy; 14e0c4386eSCy Schubertuse checkhandshake qw(checkhandshake @handmessages @extensions); 15e0c4386eSCy Schubert 16e0c4386eSCy Schubertmy $test_name = "test_tls13kexmodes"; 17e0c4386eSCy Schubertsetup($test_name); 18e0c4386eSCy Schubert 19e0c4386eSCy Schubertplan skip_all => "TLSProxy isn't usable on $^O" 20e0c4386eSCy Schubert if $^O =~ /^(VMS)$/; 21e0c4386eSCy Schubert 22e0c4386eSCy Schubertplan skip_all => "$test_name needs the dynamic engine feature enabled" 23e0c4386eSCy Schubert if disabled("engine") || disabled("dynamic-engine"); 24e0c4386eSCy Schubert 25e0c4386eSCy Schubertplan skip_all => "$test_name needs the sock feature enabled" 26e0c4386eSCy Schubert if disabled("sock"); 27e0c4386eSCy Schubert 28e0c4386eSCy Schubertplan skip_all => "$test_name needs TLSv1.3 enabled" 29e0c4386eSCy Schubert if disabled("tls1_3") || (disabled("ec") && disabled("dh")); 30e0c4386eSCy Schubert 31e0c4386eSCy Schubertplan skip_all => "$test_name needs EC enabled" 32e0c4386eSCy Schubert if disabled("ec"); 33e0c4386eSCy Schubert 34e0c4386eSCy Schubert@handmessages = ( 35e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, 36e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 37e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, 38e0c4386eSCy Schubert checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 39e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, 40e0c4386eSCy Schubert checkhandshake::HRR_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE], 41e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, 42e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 43e0c4386eSCy Schubert [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, 44e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 45e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE_REQUEST, 46e0c4386eSCy Schubert checkhandshake::CLIENT_AUTH_HANDSHAKE], 47e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE, 48e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 49e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 50e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES & ~(checkhandshake::RESUME_HANDSHAKE | checkhandshake::HRR_RESUME_HANDSHAKE)], 51e0c4386eSCy Schubert [TLSProxy::Message::MT_FINISHED, 52e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 53e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE, 54e0c4386eSCy Schubert checkhandshake::CLIENT_AUTH_HANDSHAKE], 55e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE_VERIFY, 56e0c4386eSCy Schubert checkhandshake::CLIENT_AUTH_HANDSHAKE], 57e0c4386eSCy Schubert [TLSProxy::Message::MT_FINISHED, 58e0c4386eSCy Schubert checkhandshake::ALL_HANDSHAKES], 59e0c4386eSCy Schubert [0, 0] 60e0c4386eSCy Schubert); 61e0c4386eSCy Schubert 62e0c4386eSCy Schubert@extensions = ( 63e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 64e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 65e0c4386eSCy Schubert checkhandshake::SERVER_NAME_CLI_EXTENSION], 66e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 67e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 68e0c4386eSCy Schubert checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 69e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 70e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 71e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 72e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 73e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 74e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 75e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 76e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 77e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 78e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 79e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 80e0c4386eSCy Schubert checkhandshake::ALPN_CLI_EXTENSION], 81e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 82e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 83e0c4386eSCy Schubert checkhandshake::SCT_CLI_EXTENSION], 84e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 85e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 86e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 87e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 88e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 89e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 90e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 91e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 92e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 93e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 94e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 95e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 96e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 97e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 98e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 99e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 100e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 101e0c4386eSCy Schubert checkhandshake::PSK_KEX_MODES_EXTENSION], 102e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 103e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 104e0c4386eSCy Schubert checkhandshake::PSK_CLI_EXTENSION], 105*e7be843bSPierre Pronchery [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 106*e7be843bSPierre Pronchery TLSProxy::Message::CLIENT, 107*e7be843bSPierre Pronchery checkhandshake::DEFAULT_EXTENSIONS], 108e0c4386eSCy Schubert 109e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 110e0c4386eSCy Schubert TLSProxy::Message::SERVER, 111e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 112e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 113e0c4386eSCy Schubert TLSProxy::Message::SERVER, 114e0c4386eSCy Schubert checkhandshake::KEY_SHARE_HRR_EXTENSION], 115e0c4386eSCy Schubert 116e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, 117e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 118e0c4386eSCy Schubert checkhandshake::SERVER_NAME_CLI_EXTENSION], 119e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, 120e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 121e0c4386eSCy Schubert checkhandshake::STATUS_REQUEST_CLI_EXTENSION], 122e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, 123e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 124e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 125e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, 126e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 127e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 128e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, 129e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 130e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 131e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, 132e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 133e0c4386eSCy Schubert checkhandshake::ALPN_CLI_EXTENSION], 134e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, 135e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 136e0c4386eSCy Schubert checkhandshake::SCT_CLI_EXTENSION], 137e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, 138e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 139e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 140e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, 141e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 142e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 143e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, 144e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 145e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 146e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 147e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 148e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 149e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 150e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 151e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 152e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, 153e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 154e0c4386eSCy Schubert checkhandshake::PSK_KEX_MODES_EXTENSION], 155e0c4386eSCy Schubert [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, 156e0c4386eSCy Schubert TLSProxy::Message::CLIENT, 157e0c4386eSCy Schubert checkhandshake::PSK_CLI_EXTENSION], 158*e7be843bSPierre Pronchery [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, 159*e7be843bSPierre Pronchery TLSProxy::Message::CLIENT, 160*e7be843bSPierre Pronchery checkhandshake::DEFAULT_EXTENSIONS], 161e0c4386eSCy Schubert 162e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, 163e0c4386eSCy Schubert TLSProxy::Message::SERVER, 164e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS], 165e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, 166e0c4386eSCy Schubert TLSProxy::Message::SERVER, 167e0c4386eSCy Schubert checkhandshake::KEY_SHARE_SRV_EXTENSION], 168e0c4386eSCy Schubert [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, 169e0c4386eSCy Schubert TLSProxy::Message::SERVER, 170e0c4386eSCy Schubert checkhandshake::PSK_SRV_EXTENSION], 171e0c4386eSCy Schubert 172e0c4386eSCy Schubert [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, 173e0c4386eSCy Schubert TLSProxy::Message::SERVER, 174e0c4386eSCy Schubert checkhandshake::STATUS_REQUEST_SRV_EXTENSION], 175e0c4386eSCy Schubert [0,0,0,0] 176e0c4386eSCy Schubert); 177e0c4386eSCy Schubert 178e0c4386eSCy Schubertuse constant { 179e0c4386eSCy Schubert DELETE_EXTENSION => 0, 180e0c4386eSCy Schubert EMPTY_EXTENSION => 1, 181e0c4386eSCy Schubert NON_DHE_KEX_MODE_ONLY => 2, 182e0c4386eSCy Schubert DHE_KEX_MODE_ONLY => 3, 183e0c4386eSCy Schubert UNKNOWN_KEX_MODES => 4, 184e0c4386eSCy Schubert BOTH_KEX_MODES => 5 185e0c4386eSCy Schubert}; 186e0c4386eSCy Schubert 187e0c4386eSCy Schubertmy $proxy = TLSProxy::Proxy->new( 188e0c4386eSCy Schubert undef, 189e0c4386eSCy Schubert cmdstr(app(["openssl"]), display => 1), 190e0c4386eSCy Schubert srctop_file("apps", "server.pem"), 191e0c4386eSCy Schubert (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 192e0c4386eSCy Schubert); 193e0c4386eSCy Schubert 194e0c4386eSCy Schubert#Test 1: First get a session 195e0c4386eSCy Schubert(undef, my $session) = tempfile(); 196*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 197*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -sess_out ".$session); 198*e7be843bSPierre Pronchery$proxy->serverflags("-no_rx_cert_comp -servername localhost"); 199e0c4386eSCy Schubert$proxy->sessionfile($session); 200e0c4386eSCy Schubert$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 201*e7be843bSPierre Proncheryplan tests => 13; 202e0c4386eSCy Schubertok(TLSProxy::Message->success(), "Initial connection"); 203e0c4386eSCy Schubert 204e0c4386eSCy Schubert#Test 2: Attempt a resume with no kex modes extension. Should fail (server 205e0c4386eSCy Schubert# MUST abort handshake with pre_shared key and no psk_kex_modes) 206e0c4386eSCy Schubert$proxy->clear(); 207*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 208*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 209e0c4386eSCy Schubertmy $testtype = DELETE_EXTENSION; 210e0c4386eSCy Schubert$proxy->filter(\&modify_kex_modes_filter); 211e0c4386eSCy Schubert$proxy->start(); 212e0c4386eSCy Schubertok(TLSProxy::Message->fail(), "Resume with no kex modes"); 213e0c4386eSCy Schubert 214e0c4386eSCy Schubert#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty 215e0c4386eSCy Schubert# extension is invalid) 216e0c4386eSCy Schubert$proxy->clear(); 217*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 218*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 219e0c4386eSCy Schubert$testtype = EMPTY_EXTENSION; 220e0c4386eSCy Schubert$proxy->start(); 221e0c4386eSCy Schubertok(TLSProxy::Message->fail(), "Resume with empty kex modes"); 222e0c4386eSCy Schubert 223e0c4386eSCy Schubert#Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a 224e0c4386eSCy Schubert# key_share 225e0c4386eSCy Schubert$proxy->clear(); 226*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 227*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); 228*e7be843bSPierre Pronchery$proxy->serverflags("-no_rx_cert_comp -allow_no_dhe_kex"); 229e0c4386eSCy Schubert$testtype = NON_DHE_KEX_MODE_ONLY; 230e0c4386eSCy Schubert$proxy->start(); 231e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 232e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 233e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 234e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 235e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 236e0c4386eSCy Schubert "Resume with non-dhe kex mode"); 237e0c4386eSCy Schubert 238e0c4386eSCy Schubert#Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share 239e0c4386eSCy Schubert$proxy->clear(); 240*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 241*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 242e0c4386eSCy Schubert$testtype = DHE_KEX_MODE_ONLY; 243e0c4386eSCy Schubert$proxy->start(); 244e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 245e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 246e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 247e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 248e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 249e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 250e0c4386eSCy Schubert "Resume with non-dhe kex mode"); 251e0c4386eSCy Schubert 252e0c4386eSCy Schubert#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume 253e0c4386eSCy Schubert# but rather fall back to full handshake 254e0c4386eSCy Schubert$proxy->clear(); 255*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 256*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 257e0c4386eSCy Schubert$testtype = UNKNOWN_KEX_MODES; 258e0c4386eSCy Schubert$proxy->start(); 259e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 260e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 261e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 262e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 263e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION, 264e0c4386eSCy Schubert "Resume with unrecognized kex mode"); 265e0c4386eSCy Schubert 266*e7be843bSPierre Pronchery#Test 7: Attempt a resume with both, non-dhe and dhe kex mode. Should resume with 267*e7be843bSPierre Pronchery# a key_share, even though non-dhe is allowed, but not explicitly preferred. 268e0c4386eSCy Schubert$proxy->clear(); 269*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 270*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); 271*e7be843bSPierre Pronchery$proxy->serverflags("-allow_no_dhe_kex"); 272e0c4386eSCy Schubert$testtype = BOTH_KEX_MODES; 273e0c4386eSCy Schubert$proxy->start(); 274e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 275e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 276e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 277e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 278e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 279e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 280*e7be843bSPierre Pronchery "Resume with both kex modes"); 281e0c4386eSCy Schubert 282*e7be843bSPierre Pronchery#Test 8: Attempt a resume with both, non-dhe and dhe kex mode, but with server-side 283*e7be843bSPierre Pronchery# preference for non-dhe. Should resume without a key_share. 284*e7be843bSPierre Pronchery$proxy->clear(); 285*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 286*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); 287*e7be843bSPierre Pronchery$proxy->serverflags("-allow_no_dhe_kex -prefer_no_dhe_kex"); 288*e7be843bSPierre Pronchery$testtype = BOTH_KEX_MODES; 289*e7be843bSPierre Pronchery$proxy->start(); 290*e7be843bSPierre Proncherycheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 291*e7be843bSPierre Pronchery checkhandshake::DEFAULT_EXTENSIONS 292*e7be843bSPierre Pronchery | checkhandshake::PSK_KEX_MODES_EXTENSION 293*e7be843bSPierre Pronchery | checkhandshake::PSK_CLI_EXTENSION 294*e7be843bSPierre Pronchery | checkhandshake::PSK_SRV_EXTENSION, 295*e7be843bSPierre Pronchery "Resume with both kex modes, preference for non-dhe"); 296*e7be843bSPierre Pronchery 297*e7be843bSPierre Pronchery#Test 9: Attempt a resume with both, non-dhe and dhe kex mode, with server-side 298*e7be843bSPierre Pronchery# preference for non-dhe, but non-dhe not allowed. Should resume with a key_share. 299*e7be843bSPierre Pronchery$proxy->clear(); 300*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 301*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -sess_in ".$session); 302*e7be843bSPierre Pronchery$proxy->serverflags("-prefer_no_dhe_kex"); 303*e7be843bSPierre Pronchery$testtype = BOTH_KEX_MODES; 304*e7be843bSPierre Pronchery$proxy->start(); 305*e7be843bSPierre Proncherycheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 306*e7be843bSPierre Pronchery checkhandshake::DEFAULT_EXTENSIONS 307*e7be843bSPierre Pronchery | checkhandshake::PSK_KEX_MODES_EXTENSION 308*e7be843bSPierre Pronchery | checkhandshake::KEY_SHARE_SRV_EXTENSION 309*e7be843bSPierre Pronchery | checkhandshake::PSK_CLI_EXTENSION 310*e7be843bSPierre Pronchery | checkhandshake::PSK_SRV_EXTENSION, 311*e7be843bSPierre Pronchery "Resume with both kex modes, preference for but disabled non-dhe"); 312*e7be843bSPierre Pronchery 313*e7be843bSPierre Pronchery#Test 10: Attempt a resume with both non-dhe and dhe kex mode, but unacceptable 314e0c4386eSCy Schubert# initial key_share. Should resume with a key_share following an HRR 315e0c4386eSCy Schubert$proxy->clear(); 316*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 317*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 318*e7be843bSPierre Pronchery$proxy->serverflags("-no_rx_cert_comp -curves P-384"); 319e0c4386eSCy Schubert$testtype = BOTH_KEX_MODES; 320e0c4386eSCy Schubert$proxy->start(); 321e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 322e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 323e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 324e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 325e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_HRR_EXTENSION 326e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 327e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 328e0c4386eSCy Schubert "Resume with both kex modes and HRR"); 329e0c4386eSCy Schubert 330*e7be843bSPierre Pronchery#Test 11: Attempt a resume with dhe kex mode only and an unacceptable initial 331e0c4386eSCy Schubert# key_share. Should resume with a key_share following an HRR 332e0c4386eSCy Schubert$proxy->clear(); 333*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 334*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -sess_in ".$session); 335*e7be843bSPierre Pronchery$proxy->serverflags("-no_rx_cert_comp -curves P-384"); 336e0c4386eSCy Schubert$testtype = DHE_KEX_MODE_ONLY; 337e0c4386eSCy Schubert$proxy->start(); 338e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, 339e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 340e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 341e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_SRV_EXTENSION 342e0c4386eSCy Schubert | checkhandshake::KEY_SHARE_HRR_EXTENSION 343e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 344e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 345e0c4386eSCy Schubert "Resume with dhe kex mode and HRR"); 346e0c4386eSCy Schubert 347*e7be843bSPierre Pronchery#Test 12: Attempt a resume with both non-dhe and dhe kex mode, unacceptable 348e0c4386eSCy Schubert# initial key_share and no overlapping groups. Should resume without a 349e0c4386eSCy Schubert# key_share 350e0c4386eSCy Schubert$proxy->clear(); 351*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 352*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -allow_no_dhe_kex -curves P-384 -sess_in ".$session); 353*e7be843bSPierre Pronchery$proxy->serverflags("-no_rx_cert_comp -allow_no_dhe_kex -curves P-256"); 354e0c4386eSCy Schubert$testtype = BOTH_KEX_MODES; 355e0c4386eSCy Schubert$proxy->start(); 356e0c4386eSCy Schubertcheckhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, 357e0c4386eSCy Schubert checkhandshake::DEFAULT_EXTENSIONS 358e0c4386eSCy Schubert | checkhandshake::PSK_KEX_MODES_EXTENSION 359e0c4386eSCy Schubert | checkhandshake::PSK_CLI_EXTENSION 360e0c4386eSCy Schubert | checkhandshake::PSK_SRV_EXTENSION, 361e0c4386eSCy Schubert "Resume with both kex modes, no overlapping groups"); 362e0c4386eSCy Schubert 363*e7be843bSPierre Pronchery#Test 13: Attempt a resume with dhe kex mode only, unacceptable 364e0c4386eSCy Schubert# initial key_share and no overlapping groups. Should fail 365e0c4386eSCy Schubert$proxy->clear(); 366*e7be843bSPierre Pronchery$proxy->cipherc("DEFAULT:\@SECLEVEL=2"); 367*e7be843bSPierre Pronchery$proxy->clientflags("-no_rx_cert_comp -curves P-384 -sess_in ".$session); 368*e7be843bSPierre Pronchery$proxy->serverflags("-no_rx_cert_comp -curves P-256"); 369e0c4386eSCy Schubert$testtype = DHE_KEX_MODE_ONLY; 370e0c4386eSCy Schubert$proxy->start(); 371e0c4386eSCy Schubertok(TLSProxy::Message->fail(), "Resume with dhe kex mode, no overlapping groups"); 372e0c4386eSCy Schubert 373e0c4386eSCy Schubertunlink $session; 374e0c4386eSCy Schubert 375e0c4386eSCy Schubertsub modify_kex_modes_filter 376e0c4386eSCy Schubert{ 377e0c4386eSCy Schubert my $proxy = shift; 378e0c4386eSCy Schubert 379e0c4386eSCy Schubert # We're only interested in the initial ClientHello 380e0c4386eSCy Schubert return if ($proxy->flight != 0); 381e0c4386eSCy Schubert 382e0c4386eSCy Schubert foreach my $message (@{$proxy->message_list}) { 383e0c4386eSCy Schubert if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 384e0c4386eSCy Schubert my $ext; 385e0c4386eSCy Schubert 386e0c4386eSCy Schubert if ($testtype == EMPTY_EXTENSION) { 387e0c4386eSCy Schubert $ext = pack "C", 388e0c4386eSCy Schubert 0x00; #List length 389e0c4386eSCy Schubert } elsif ($testtype == NON_DHE_KEX_MODE_ONLY) { 390e0c4386eSCy Schubert $ext = pack "C2", 391e0c4386eSCy Schubert 0x01, #List length 392e0c4386eSCy Schubert 0x00; #psk_ke 393e0c4386eSCy Schubert } elsif ($testtype == DHE_KEX_MODE_ONLY) { 394e0c4386eSCy Schubert $ext = pack "C2", 395e0c4386eSCy Schubert 0x01, #List length 396e0c4386eSCy Schubert 0x01; #psk_dhe_ke 397e0c4386eSCy Schubert } elsif ($testtype == UNKNOWN_KEX_MODES) { 398e0c4386eSCy Schubert $ext = pack "C3", 399e0c4386eSCy Schubert 0x02, #List length 400e0c4386eSCy Schubert 0xfe, #unknown 401e0c4386eSCy Schubert 0xff; #unknown 402e0c4386eSCy Schubert } elsif ($testtype == BOTH_KEX_MODES) { 403*e7be843bSPierre Pronchery #We deliberately list psk_ke first...should still use psk_dhe_ke, except if the server is configured otherwise. 404e0c4386eSCy Schubert $ext = pack "C3", 405e0c4386eSCy Schubert 0x02, #List length 406e0c4386eSCy Schubert 0x00, #psk_ke 407e0c4386eSCy Schubert 0x01; #psk_dhe_ke 408e0c4386eSCy Schubert } 409e0c4386eSCy Schubert 410e0c4386eSCy Schubert if ($testtype == DELETE_EXTENSION) { 411e0c4386eSCy Schubert $message->delete_extension( 412e0c4386eSCy Schubert TLSProxy::Message::EXT_PSK_KEX_MODES); 413e0c4386eSCy Schubert } else { 414e0c4386eSCy Schubert $message->set_extension( 415e0c4386eSCy Schubert TLSProxy::Message::EXT_PSK_KEX_MODES, $ext); 416e0c4386eSCy Schubert } 417e0c4386eSCy Schubert 418e0c4386eSCy Schubert $message->repack(); 419e0c4386eSCy Schubert } 420e0c4386eSCy Schubert } 421e0c4386eSCy Schubert} 422