1# -*- mode: perl; -*- 2# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## Test Renegotiation 11 12use strict; 13use warnings; 14 15package ssltests; 16use OpenSSL::Test::Utils; 17 18our $fips_mode; 19our $fips_3_4; 20 21our @tests = (); 22 23foreach my $sctp ("No", "Yes") 24{ 25 next if disabled("sctp") && $sctp eq "Yes"; 26 next if disabled("dtls1_2") && $fips_mode; 27 28 my $suffix = ($sctp eq "No") ? "" : "-sctp"; 29 our @tests_basic = ( 30 { 31 name => "renegotiate-client-no-resume".$suffix, 32 server => { 33 "MaxProtocol" => "DTLSv1.2", 34 "CipherString" => 'DEFAULT:@SECLEVEL=0', 35 "Options" => "NoResumptionOnRenegotiation" 36 }, 37 client => { 38 "CipherString" => 'DEFAULT:@SECLEVEL=0' 39 }, 40 test => { 41 "Method" => "DTLS", 42 "UseSCTP" => $sctp, 43 "HandshakeMode" => "RenegotiateClient", 44 "ResumptionExpected" => "No", 45 "ExpectedResult" => "Success" 46 } 47 }, 48 { 49 name => "renegotiate-client-resume".$suffix, 50 server => { 51 "MaxProtocol" => "DTLSv1.2", 52 "CipherString" => 'DEFAULT:@SECLEVEL=0' 53 }, 54 client => { 55 "CipherString" => 'DEFAULT:@SECLEVEL=0' 56 }, 57 test => { 58 "Method" => "DTLS", 59 "UseSCTP" => $sctp, 60 "HandshakeMode" => "RenegotiateClient", 61 "ResumptionExpected" => "Yes", 62 "ExpectedResult" => "Success" 63 } 64 }, 65 # Note: Unlike the TLS tests, we will never do resumption with server 66 # initiated reneg. This is because an OpenSSL DTLS client will always do a full 67 # handshake (i.e. it doesn't supply a session id) when it receives a 68 # HelloRequest. This is different to the OpenSSL TLS implementation where an 69 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply 70 # the session id). This goes all the way to commit 48ae85b6f when abbreviated 71 # handshake support was first added. Neither behaviour is wrong, but the 72 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, 73 # and if so, what to? 74 { 75 name => "renegotiate-server-resume".$suffix, 76 server => { 77 "MaxProtocol" => "DTLSv1.2", 78 "CipherString" => 'DEFAULT:@SECLEVEL=0' 79 }, 80 client => { 81 "CipherString" => 'DEFAULT:@SECLEVEL=0' 82 }, 83 test => { 84 "Method" => "DTLS", 85 "UseSCTP" => $sctp, 86 "HandshakeMode" => "RenegotiateServer", 87 "ResumptionExpected" => "No", 88 "ExpectedResult" => "Success" 89 } 90 }, 91 { 92 name => "renegotiate-client-auth-require".$suffix, 93 server => { 94 "MaxProtocol" => "DTLSv1.2", 95 "VerifyCAFile" => test_pem("root-cert.pem"), 96 "VerifyMode" => "Require", 97 "CipherString" => 'DEFAULT:@SECLEVEL=0' 98 }, 99 client => { 100 "Certificate" => test_pem("ee-client-chain.pem"), 101 "PrivateKey" => test_pem("ee-key.pem"), 102 "CipherString" => 'DEFAULT:@SECLEVEL=0' 103 }, 104 test => { 105 "Method" => "DTLS", 106 "UseSCTP" => $sctp, 107 "HandshakeMode" => "RenegotiateServer", 108 "ResumptionExpected" => "No", 109 "ExpectedResult" => "Success" 110 } 111 }, 112 { 113 name => "renegotiate-client-auth-once".$suffix, 114 server => { 115 "MaxProtocol" => "DTLSv1.2", 116 "VerifyCAFile" => test_pem("root-cert.pem"), 117 "VerifyMode" => "Once", 118 "CipherString" => 'DEFAULT:@SECLEVEL=0' 119 }, 120 client => { 121 "Certificate" => test_pem("ee-client-chain.pem"), 122 "PrivateKey" => test_pem("ee-key.pem"), 123 "CipherString" => 'DEFAULT:@SECLEVEL=0' 124 }, 125 test => { 126 "Method" => "DTLS", 127 "UseSCTP" => $sctp, 128 "HandshakeMode" => "RenegotiateServer", 129 "ResumptionExpected" => "No", 130 "ExpectedResult" => "Success" 131 } 132 } 133 ); 134 push @tests, @tests_basic; 135 136 next if disabled("dtls1_2") || $fips_3_4; 137 our @tests_dtls1_2 = ( 138 { 139 name => "renegotiate-aead-to-non-aead".$suffix, 140 server => { 141 "Options" => "NoResumptionOnRenegotiation" 142 }, 143 client => { 144 "MaxProtocol" => "DTLSv1.2", 145 "CipherString" => "AES128-GCM-SHA256", 146 extra => { 147 "RenegotiateCiphers" => "AES128-SHA" 148 } 149 }, 150 test => { 151 "Method" => "DTLS", 152 "UseSCTP" => $sctp, 153 "HandshakeMode" => "RenegotiateClient", 154 "ResumptionExpected" => "No", 155 "ExpectedResult" => "Success" 156 } 157 }, 158 { 159 name => "renegotiate-non-aead-to-aead".$suffix, 160 server => { 161 "Options" => "NoResumptionOnRenegotiation" 162 }, 163 client => { 164 "MaxProtocol" => "DTLSv1.2", 165 "CipherString" => "AES128-SHA", 166 extra => { 167 "RenegotiateCiphers" => "AES128-GCM-SHA256" 168 } 169 }, 170 test => { 171 "Method" => "DTLS", 172 "UseSCTP" => $sctp, 173 "HandshakeMode" => "RenegotiateClient", 174 "ResumptionExpected" => "No", 175 "ExpectedResult" => "Success" 176 } 177 }, 178 { 179 name => "renegotiate-non-aead-to-non-aead".$suffix, 180 server => { 181 "Options" => "NoResumptionOnRenegotiation" 182 }, 183 client => { 184 "MaxProtocol" => "DTLSv1.2", 185 "CipherString" => "AES128-SHA", 186 extra => { 187 "RenegotiateCiphers" => "AES256-SHA" 188 } 189 }, 190 test => { 191 "Method" => "DTLS", 192 "UseSCTP" => $sctp, 193 "HandshakeMode" => "RenegotiateClient", 194 "ResumptionExpected" => "No", 195 "ExpectedResult" => "Success" 196 } 197 }, 198 { 199 name => "renegotiate-aead-to-aead".$suffix, 200 server => { 201 "Options" => "NoResumptionOnRenegotiation" 202 }, 203 client => { 204 "MaxProtocol" => "DTLSv1.2", 205 "CipherString" => "AES128-GCM-SHA256", 206 extra => { 207 "RenegotiateCiphers" => "AES256-GCM-SHA384" 208 } 209 }, 210 test => { 211 "Method" => "DTLS", 212 "UseSCTP" => $sctp, 213 "HandshakeMode" => "RenegotiateClient", 214 "ResumptionExpected" => "No", 215 "ExpectedResult" => "Success" 216 } 217 }, 218 ); 219 push @tests, @tests_dtls1_2; 220} 221