| # -*- mode: perl; -*- |
| # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. |
| # |
| # Licensed under the Apache License 2.0 (the "License"). You may not use |
| # this file except in compliance with the License. You can obtain a copy |
| # in the file LICENSE in the source distribution or at |
| # https://www.openssl.org/source/license.html |
| |
| |
| ## Test version negotiation |
| |
| package ssltests; |
| |
| use strict; |
| use warnings; |
| |
| use List::Util qw/max min/; |
| |
| use OpenSSL::Test; |
| use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/; |
| setup("no_test_here"); |
| |
| my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); |
| my @tls_protocols_fips = ("TLSv1.2", "TLSv1.3"); |
| # undef stands for "no limit". |
| my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); |
| my @min_tls_protocols_fips = (undef, "TLSv1.2", "TLSv1.3"); |
| my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); |
| my @max_tls_protocols_fips = ("TLSv1.2", "TLSv1.3", undef); |
| |
| my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); |
| my @is_tls_disabled_fips = anydisabled("tls1_2", "tls1_3"); |
| |
| my $min_tls_enabled; my $max_tls_enabled; |
| my $min_tls_enabled_fips; my $max_tls_enabled_fips; |
| |
| # Protocol configuration works in cascades, i.e., |
| # $no_tls1_1 disables TLSv1.1 and below. |
| # |
| # $min_enabled and $max_enabled will be correct if there is at least one |
| # protocol enabled. |
| |
| sub min_prot_enabled { |
| my $protref = shift; |
| my $disabledref = shift; |
| my @protocols = @{$protref}; |
| my @is_disabled = @{$disabledref}; |
| my $min_enabled; |
| |
| foreach my $i (0..$#protocols) { |
| if (!$is_disabled[$i]) { |
| $min_enabled = $i; |
| last; |
| } |
| } |
| return $min_enabled; |
| } |
| |
| sub max_prot_enabled { |
| my $protref = shift; |
| my $disabledref = shift; |
| my @protocols = @{$protref}; |
| my @is_disabled = @{$disabledref}; |
| my $max_enabled; |
| |
| foreach my $i (0..$#protocols) { |
| if (!$is_disabled[$i] |
| && ($protocols[$i] ne "TLSv1.3" |
| || !disabled("ec") |
| || !disabled("dh"))) { |
| $max_enabled = $i; |
| } |
| } |
| return $max_enabled; |
| } |
| |
| $min_tls_enabled = min_prot_enabled(\@tls_protocols, \@is_tls_disabled); |
| $max_tls_enabled = max_prot_enabled(\@tls_protocols, \@is_tls_disabled); |
| $min_tls_enabled_fips = min_prot_enabled(\@tls_protocols_fips, \@is_tls_disabled_fips); |
| $max_tls_enabled_fips = max_prot_enabled(\@tls_protocols_fips, \@is_tls_disabled_fips); |
| |
| |
| my @dtls_protocols = ("DTLSv1", "DTLSv1.2"); |
| my @dtls_protocols_fips = ("DTLSv1.2"); |
| # undef stands for "no limit". |
| my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2"); |
| my @min_dtls_protocols_fips = (undef, "DTLSv1.2"); |
| my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef); |
| my @max_dtls_protocols_fips = ("DTLSv1.2", undef); |
| |
| my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2"); |
| my @is_dtls_disabled_fips = anydisabled("dtls1_2"); |
| |
| my $min_dtls_enabled; my $max_dtls_enabled; |
| my $min_dtls_enabled_fips; my $max_dtls_enabled_fips; |
| |
| # $min_enabled and $max_enabled will be correct if there is at least one |
| # protocol enabled. |
| $min_dtls_enabled = min_prot_enabled(\@dtls_protocols, \@is_dtls_disabled); |
| $max_dtls_enabled = max_prot_enabled(\@dtls_protocols, \@is_dtls_disabled); |
| $min_dtls_enabled_fips = min_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disabled_fips); |
| $max_dtls_enabled_fips = max_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disabled_fips); |
| |
| sub no_tests { |
| my ($dtls, $fips) = @_; |
| if ($dtls && $fips) { |
| return disabled("dtls1_2"); |
| } |
| return $dtls ? alldisabled("dtls1", "dtls1_2") : |
| alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); |
| } |
| |
| sub generate_version_tests { |
| my $method = shift; |
| my $fips = shift; |
| |
| my $dtls = $method eq "DTLS"; |
| # Don't write the redundant "Method = TLS" into the configuration. |
| undef $method if !$dtls; |
| |
| my @protocols; |
| my @min_protocols; |
| my @max_protocols; |
| my $min_enabled; |
| my $max_enabled; |
| if ($fips) { |
| @protocols = $dtls ? @dtls_protocols_fips : @tls_protocols_fips; |
| @min_protocols = $dtls ? @min_dtls_protocols_fips : @min_tls_protocols_fips; |
| @max_protocols = $dtls ? @max_dtls_protocols_fips : @max_tls_protocols_fips; |
| $min_enabled = $dtls ? $min_dtls_enabled_fips : $min_tls_enabled_fips; |
| $max_enabled = $dtls ? $max_dtls_enabled_fips : $max_tls_enabled_fips; |
| } else { |
| @protocols = $dtls ? @dtls_protocols : @tls_protocols; |
| @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols; |
| @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols; |
| $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; |
| $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; |
| } |
| |
| if (no_tests($dtls, $fips)) { |
| return; |
| } |
| |
| my @tests = (); |
| |
| for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); $sctp++) { |
| foreach my $c_min (0..$#min_protocols) { |
| my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; |
| foreach my $c_max ($c_max_min..$#max_protocols) { |
| foreach my $s_min (0..$#min_protocols) { |
| my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; |
| foreach my $s_max ($s_max_min..$#max_protocols) { |
| my ($result, $protocol) = |
| expected_result($c_min, $c_max, $s_min, $s_max, |
| $min_enabled, $max_enabled, |
| \@protocols); |
| push @tests, { |
| "name" => "version-negotiation", |
| "client" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| "MinProtocol" => $min_protocols[$c_min], |
| "MaxProtocol" => $max_protocols[$c_max], |
| }, |
| "server" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| "MinProtocol" => $min_protocols[$s_min], |
| "MaxProtocol" => $max_protocols[$s_max], |
| }, |
| "test" => { |
| "ExpectedResult" => $result, |
| "ExpectedProtocol" => $protocol, |
| "Method" => $method, |
| } |
| }; |
| $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; |
| } |
| } |
| } |
| } |
| } |
| return @tests |
| if disabled("tls1_3") |
| || disabled("tls1_2") |
| || (disabled("ec") && disabled("dh")) |
| || $dtls; |
| |
| #Add some version/ciphersuite sanity check tests |
| push @tests, { |
| "name" => "ciphersuite-sanity-check-client", |
| "client" => { |
| #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail |
| "CipherString" => "AES128-SHA", |
| "Ciphersuites" => "", |
| }, |
| "server" => { |
| "MaxProtocol" => "TLSv1.2" |
| }, |
| "test" => { |
| "ExpectedResult" => "ClientFail", |
| } |
| }; |
| push @tests, { |
| "name" => "ciphersuite-sanity-check-server", |
| "client" => { |
| "CipherString" => "AES128-SHA", |
| "MaxProtocol" => "TLSv1.2" |
| }, |
| "server" => { |
| #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail |
| "CipherString" => "AES128-SHA", |
| "Ciphersuites" => "", |
| }, |
| "test" => { |
| "ExpectedResult" => "ServerFail", |
| } |
| }; |
| |
| return @tests; |
| } |
| |
| sub generate_resumption_tests { |
| my $method = shift; |
| my $fips = shift; |
| |
| my $dtls = $method eq "DTLS"; |
| # Don't write the redundant "Method = TLS" into the configuration. |
| undef $method if !$dtls; |
| |
| my @protocols; |
| my $min_enabled; |
| my $max_enabled; |
| |
| if ($fips) { |
| @protocols = $dtls ? @dtls_protocols_fips : @tls_protocols_fips; |
| $min_enabled = $dtls ? $min_dtls_enabled_fips : $min_tls_enabled_fips; |
| $max_enabled = $dtls ? $max_dtls_enabled_fips : $max_tls_enabled_fips; |
| } else { |
| @protocols = $dtls ? @dtls_protocols : @tls_protocols; |
| $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; |
| $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; |
| } |
| |
| if (no_tests($dtls)) { |
| return; |
| } |
| |
| my @server_tests = (); |
| my @client_tests = (); |
| |
| # Obtain the first session against a fixed-version server/client. |
| foreach my $original_protocol($min_enabled..$max_enabled) { |
| # Upgrade or downgrade the server/client max version support and test |
| # that it upgrades, downgrades or resumes the session as well. |
| foreach my $resume_protocol($min_enabled..$max_enabled) { |
| my $resumption_expected; |
| # We should only resume on exact version match. |
| if ($original_protocol eq $resume_protocol) { |
| $resumption_expected = "Yes"; |
| } else { |
| $resumption_expected = "No"; |
| } |
| |
| for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); |
| $sctp++) { |
| foreach my $ticket ("SessionTicket", "-SessionTicket") { |
| # Client is flexible, server upgrades/downgrades. |
| push @server_tests, { |
| "name" => "resumption", |
| "client" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| }, |
| "server" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| "MinProtocol" => $protocols[$original_protocol], |
| "MaxProtocol" => $protocols[$original_protocol], |
| "Options" => $ticket, |
| }, |
| "resume_server" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| "MaxProtocol" => $protocols[$resume_protocol], |
| "Options" => $ticket, |
| }, |
| "test" => { |
| "ExpectedProtocol" => $protocols[$resume_protocol], |
| "Method" => $method, |
| "HandshakeMode" => "Resume", |
| "ResumptionExpected" => $resumption_expected, |
| } |
| }; |
| $server_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; |
| # Server is flexible, client upgrades/downgrades. |
| push @client_tests, { |
| "name" => "resumption", |
| "client" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| "MinProtocol" => $protocols[$original_protocol], |
| "MaxProtocol" => $protocols[$original_protocol], |
| }, |
| "server" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| "Options" => $ticket, |
| }, |
| "resume_client" => { |
| "CipherString" => "DEFAULT:\@SECLEVEL=0", |
| "MaxProtocol" => $protocols[$resume_protocol], |
| }, |
| "test" => { |
| "ExpectedProtocol" => $protocols[$resume_protocol], |
| "Method" => $method, |
| "HandshakeMode" => "Resume", |
| "ResumptionExpected" => $resumption_expected, |
| } |
| }; |
| $client_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; |
| } |
| } |
| } |
| } |
| |
| if (!disabled("tls1_3") && (!disabled("ec") || !disabled("dh")) && !$dtls) { |
| push @client_tests, { |
| "name" => "resumption-with-hrr", |
| "client" => { |
| }, |
| "server" => { |
| "Curves" => disabled("ec") ? "ffdhe3072" : "P-256" |
| }, |
| "resume_client" => { |
| }, |
| "test" => { |
| "ExpectedProtocol" => "TLSv1.3", |
| "Method" => "TLS", |
| "HandshakeMode" => "Resume", |
| "ResumptionExpected" => "Yes", |
| } |
| }; |
| } |
| |
| return (@server_tests, @client_tests); |
| } |
| |
| sub expected_result { |
| my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled, |
| $protocols) = @_; |
| my @prots = @$protocols; |
| |
| my $orig_c_max = $c_max; |
| # Adjust for "undef" (no limit). |
| $c_min = $c_min == 0 ? 0 : $c_min - 1; |
| $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max; |
| $s_min = $s_min == 0 ? 0 : $s_min - 1; |
| $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max; |
| |
| # We now have at least one protocol enabled, so $min_enabled and |
| # $max_enabled are well-defined. |
| $c_min = max $c_min, $min_enabled; |
| $s_min = max $s_min, $min_enabled; |
| $c_max = min $c_max, $max_enabled; |
| $s_max = min $s_max, $max_enabled; |
| |
| if ($c_min > $c_max |
| || ($orig_c_max != scalar @$protocols |
| && $prots[$orig_c_max] eq "TLSv1.3" |
| && $c_max != $orig_c_max |
| && !disabled("tls1_3"))) { |
| # Client should fail to even send a hello. |
| return ("ClientFail", undef); |
| } elsif ($s_min > $s_max) { |
| # Server has no protocols, should always fail. |
| return ("ServerFail", undef); |
| } elsif ($s_min > $c_max) { |
| # Server doesn't support the client range. |
| return ("ServerFail", undef); |
| } elsif ($c_min > $s_max) { |
| if ($prots[$c_max] eq "TLSv1.3") { |
| # Client will have sent supported_versions, so server will know |
| # that there are no overlapping versions. |
| return ("ServerFail", undef); |
| } else { |
| # Server will try with a version that is lower than the lowest |
| # supported client version. |
| return ("ClientFail", undef); |
| } |
| } else { |
| # Server and client ranges overlap. |
| my $max_common = $s_max < $c_max ? $s_max : $c_max; |
| return ("Success", $protocols->[$max_common]); |
| } |
| } |
| |
| 1; |