xref: /freebsd/crypto/openssl/test/ssl-tests/18-dtls-renegotiate.cnf.in (revision 1719886f6d08408b834d270c59ffcfd821c8f63a)
1# -*- mode: perl; -*-
2# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## Test Renegotiation
11
12use strict;
13use warnings;
14
15package ssltests;
16use OpenSSL::Test::Utils;
17
18our $fips_mode;
19
20our @tests = ();
21
22foreach my $sctp ("No", "Yes")
23{
24    next if disabled("sctp") && $sctp eq "Yes";
25    next if disabled("dtls1_2") && $fips_mode;
26
27    my $suffix = ($sctp eq "No") ? "" : "-sctp";
28    our @tests_basic = (
29        {
30            name => "renegotiate-client-no-resume".$suffix,
31            server => {
32                "CipherString" => 'DEFAULT:@SECLEVEL=0',
33                "Options" => "NoResumptionOnRenegotiation"
34            },
35            client => {
36                "CipherString" => 'DEFAULT:@SECLEVEL=0'
37            },
38            test => {
39                "Method" => "DTLS",
40                "UseSCTP" => $sctp,
41                "HandshakeMode" => "RenegotiateClient",
42                "ResumptionExpected" => "No",
43                "ExpectedResult" => "Success"
44            }
45        },
46        {
47            name => "renegotiate-client-resume".$suffix,
48            server => {
49                "CipherString" => 'DEFAULT:@SECLEVEL=0'
50            },
51            client => {
52                "CipherString" => 'DEFAULT:@SECLEVEL=0'
53            },
54            test => {
55                "Method" => "DTLS",
56                "UseSCTP" => $sctp,
57                "HandshakeMode" => "RenegotiateClient",
58                "ResumptionExpected" => "Yes",
59                "ExpectedResult" => "Success"
60            }
61        },
62        # Note: Unlike the TLS tests, we will never do resumption with server
63        # initiated reneg. This is because an OpenSSL DTLS client will always do a full
64        # handshake (i.e. it doesn't supply a session id) when it receives a
65        # HelloRequest. This is different to the OpenSSL TLS implementation where an
66        # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
67        # the session id). This goes all the way to commit 48ae85b6f when abbreviated
68        # handshake support was first added. Neither behaviour is wrong, but the
69        # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
70        # and if so, what to?
71        {
72            name => "renegotiate-server-resume".$suffix,
73            server => {
74                "CipherString" => 'DEFAULT:@SECLEVEL=0'
75            },
76            client => {
77                "CipherString" => 'DEFAULT:@SECLEVEL=0'
78            },
79            test => {
80                "Method" => "DTLS",
81                "UseSCTP" => $sctp,
82                "HandshakeMode" => "RenegotiateServer",
83                "ResumptionExpected" => "No",
84                "ExpectedResult" => "Success"
85            }
86        },
87        {
88            name => "renegotiate-client-auth-require".$suffix,
89            server => {
90                "VerifyCAFile" => test_pem("root-cert.pem"),
91                "VerifyMode" => "Require",
92                "CipherString" => 'DEFAULT:@SECLEVEL=0'
93            },
94            client => {
95                "Certificate" => test_pem("ee-client-chain.pem"),
96                "PrivateKey"  => test_pem("ee-key.pem"),
97                "CipherString" => 'DEFAULT:@SECLEVEL=0'
98            },
99            test => {
100                "Method" => "DTLS",
101                "UseSCTP" => $sctp,
102                "HandshakeMode" => "RenegotiateServer",
103                "ResumptionExpected" => "No",
104                "ExpectedResult" => "Success"
105            }
106        },
107        {
108            name => "renegotiate-client-auth-once".$suffix,
109            server => {
110                "VerifyCAFile" => test_pem("root-cert.pem"),
111                "VerifyMode" => "Once",
112                "CipherString" => 'DEFAULT:@SECLEVEL=0'
113            },
114            client => {
115                "Certificate" => test_pem("ee-client-chain.pem"),
116                "PrivateKey"  => test_pem("ee-key.pem"),
117                "CipherString" => 'DEFAULT:@SECLEVEL=0'
118            },
119            test => {
120                "Method" => "DTLS",
121                "UseSCTP" => $sctp,
122                "HandshakeMode" => "RenegotiateServer",
123                "ResumptionExpected" => "No",
124                "ExpectedResult" => "Success"
125            }
126        }
127    );
128    push @tests, @tests_basic;
129
130    next if disabled("dtls1_2");
131    our @tests_dtls1_2 = (
132        {
133            name => "renegotiate-aead-to-non-aead".$suffix,
134            server => {
135                "Options" => "NoResumptionOnRenegotiation"
136            },
137            client => {
138                "CipherString" => "AES128-GCM-SHA256",
139                extra => {
140                    "RenegotiateCiphers" => "AES128-SHA"
141                }
142            },
143            test => {
144                "Method" => "DTLS",
145                "UseSCTP" => $sctp,
146                "HandshakeMode" => "RenegotiateClient",
147                "ResumptionExpected" => "No",
148                "ExpectedResult" => "Success"
149            }
150        },
151        {
152            name => "renegotiate-non-aead-to-aead".$suffix,
153            server => {
154                "Options" => "NoResumptionOnRenegotiation"
155            },
156            client => {
157                "CipherString" => "AES128-SHA",
158                extra => {
159                    "RenegotiateCiphers" => "AES128-GCM-SHA256"
160                }
161            },
162            test => {
163                "Method" => "DTLS",
164                "UseSCTP" => $sctp,
165                "HandshakeMode" => "RenegotiateClient",
166                "ResumptionExpected" => "No",
167                "ExpectedResult" => "Success"
168            }
169        },
170        {
171            name => "renegotiate-non-aead-to-non-aead".$suffix,
172            server => {
173                "Options" => "NoResumptionOnRenegotiation"
174            },
175            client => {
176                "CipherString" => "AES128-SHA",
177                extra => {
178                    "RenegotiateCiphers" => "AES256-SHA"
179                }
180            },
181            test => {
182                "Method" => "DTLS",
183                "UseSCTP" => $sctp,
184                "HandshakeMode" => "RenegotiateClient",
185                "ResumptionExpected" => "No",
186                "ExpectedResult" => "Success"
187            }
188        },
189        {
190            name => "renegotiate-aead-to-aead".$suffix,
191            server => {
192                "Options" => "NoResumptionOnRenegotiation"
193            },
194            client => {
195                "CipherString" => "AES128-GCM-SHA256",
196                extra => {
197                    "RenegotiateCiphers" => "AES256-GCM-SHA384"
198                }
199            },
200            test => {
201                "Method" => "DTLS",
202                "UseSCTP" => $sctp,
203                "HandshakeMode" => "RenegotiateClient",
204                "ResumptionExpected" => "No",
205                "ExpectedResult" => "Success"
206            }
207        },
208    );
209    push @tests, @tests_dtls1_2;
210}
211