1e1051a39Sopenharmony_ci# -*- mode: perl; -*- 2e1051a39Sopenharmony_ci# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci## Test Renegotiation 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ciuse strict; 13e1051a39Sopenharmony_ciuse warnings; 14e1051a39Sopenharmony_ci 15e1051a39Sopenharmony_cipackage ssltests; 16e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 17e1051a39Sopenharmony_ci 18e1051a39Sopenharmony_ciour @tests = ( 19e1051a39Sopenharmony_ci { 20e1051a39Sopenharmony_ci name => "renegotiate-client-no-resume", 21e1051a39Sopenharmony_ci server => { 22e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 23e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 24e1051a39Sopenharmony_ci }, 25e1051a39Sopenharmony_ci client => {}, 26e1051a39Sopenharmony_ci test => { 27e1051a39Sopenharmony_ci "Method" => "TLS", 28e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 29e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 30e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 31e1051a39Sopenharmony_ci } 32e1051a39Sopenharmony_ci }, 33e1051a39Sopenharmony_ci { 34e1051a39Sopenharmony_ci name => "renegotiate-client-resume", 35e1051a39Sopenharmony_ci server => { 36e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 37e1051a39Sopenharmony_ci }, 38e1051a39Sopenharmony_ci client => {}, 39e1051a39Sopenharmony_ci test => { 40e1051a39Sopenharmony_ci "Method" => "TLS", 41e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 42e1051a39Sopenharmony_ci "ResumptionExpected" => "Yes", 43e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 44e1051a39Sopenharmony_ci } 45e1051a39Sopenharmony_ci }, 46e1051a39Sopenharmony_ci { 47e1051a39Sopenharmony_ci name => "renegotiate-server-no-resume", 48e1051a39Sopenharmony_ci server => { 49e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 50e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 51e1051a39Sopenharmony_ci }, 52e1051a39Sopenharmony_ci client => {}, 53e1051a39Sopenharmony_ci test => { 54e1051a39Sopenharmony_ci "Method" => "TLS", 55e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 56e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 57e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 58e1051a39Sopenharmony_ci } 59e1051a39Sopenharmony_ci }, 60e1051a39Sopenharmony_ci { 61e1051a39Sopenharmony_ci name => "renegotiate-server-resume", 62e1051a39Sopenharmony_ci server => { 63e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 64e1051a39Sopenharmony_ci }, 65e1051a39Sopenharmony_ci client => {}, 66e1051a39Sopenharmony_ci test => { 67e1051a39Sopenharmony_ci "Method" => "TLS", 68e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 69e1051a39Sopenharmony_ci "ResumptionExpected" => "Yes", 70e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 71e1051a39Sopenharmony_ci } 72e1051a39Sopenharmony_ci }, 73e1051a39Sopenharmony_ci { 74e1051a39Sopenharmony_ci name => "renegotiate-client-auth-require", 75e1051a39Sopenharmony_ci server => { 76e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 77e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 78e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 79e1051a39Sopenharmony_ci "VerifyMode" => "Require", 80e1051a39Sopenharmony_ci }, 81e1051a39Sopenharmony_ci client => { 82e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 83e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 84e1051a39Sopenharmony_ci }, 85e1051a39Sopenharmony_ci test => { 86e1051a39Sopenharmony_ci "Method" => "TLS", 87e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 88e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 89e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 90e1051a39Sopenharmony_ci } 91e1051a39Sopenharmony_ci }, 92e1051a39Sopenharmony_ci { 93e1051a39Sopenharmony_ci name => "renegotiate-client-auth-once", 94e1051a39Sopenharmony_ci server => { 95e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 96e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 97e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 98e1051a39Sopenharmony_ci "VerifyMode" => "Once", 99e1051a39Sopenharmony_ci }, 100e1051a39Sopenharmony_ci client => { 101e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 102e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 103e1051a39Sopenharmony_ci }, 104e1051a39Sopenharmony_ci test => { 105e1051a39Sopenharmony_ci "Method" => "TLS", 106e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 107e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 108e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 109e1051a39Sopenharmony_ci } 110e1051a39Sopenharmony_ci }, 111e1051a39Sopenharmony_ci { 112e1051a39Sopenharmony_ci# Just test that UnsafeLegacyServerConnect option 113e1051a39Sopenharmony_ci# exists, it won't have any real effect here 114e1051a39Sopenharmony_ci name => "renegotiate-client-legacy-connect", 115e1051a39Sopenharmony_ci server => { 116e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 117e1051a39Sopenharmony_ci }, 118e1051a39Sopenharmony_ci client => { 119e1051a39Sopenharmony_ci "Options" => "UnsafeLegacyServerConnect", 120e1051a39Sopenharmony_ci }, 121e1051a39Sopenharmony_ci test => { 122e1051a39Sopenharmony_ci "Method" => "TLS", 123e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 124e1051a39Sopenharmony_ci "ResumptionExpected" => "Yes", 125e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 126e1051a39Sopenharmony_ci } 127e1051a39Sopenharmony_ci }, 128e1051a39Sopenharmony_ci); 129e1051a39Sopenharmony_ciour @tests_tls1_2 = ( 130e1051a39Sopenharmony_ci { 131e1051a39Sopenharmony_ci name => "renegotiate-aead-to-non-aead", 132e1051a39Sopenharmony_ci server => { 133e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 134e1051a39Sopenharmony_ci }, 135e1051a39Sopenharmony_ci client => { 136e1051a39Sopenharmony_ci "CipherString" => "AES128-GCM-SHA256", 137e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 138e1051a39Sopenharmony_ci extra => { 139e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES128-SHA" 140e1051a39Sopenharmony_ci } 141e1051a39Sopenharmony_ci }, 142e1051a39Sopenharmony_ci test => { 143e1051a39Sopenharmony_ci "Method" => "TLS", 144e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 145e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 146e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 147e1051a39Sopenharmony_ci } 148e1051a39Sopenharmony_ci }, 149e1051a39Sopenharmony_ci { 150e1051a39Sopenharmony_ci name => "renegotiate-non-aead-to-aead", 151e1051a39Sopenharmony_ci server => { 152e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 153e1051a39Sopenharmony_ci }, 154e1051a39Sopenharmony_ci client => { 155e1051a39Sopenharmony_ci "CipherString" => "AES128-SHA", 156e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 157e1051a39Sopenharmony_ci extra => { 158e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES128-GCM-SHA256" 159e1051a39Sopenharmony_ci } 160e1051a39Sopenharmony_ci }, 161e1051a39Sopenharmony_ci test => { 162e1051a39Sopenharmony_ci "Method" => "TLS", 163e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 164e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 165e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 166e1051a39Sopenharmony_ci } 167e1051a39Sopenharmony_ci }, 168e1051a39Sopenharmony_ci { 169e1051a39Sopenharmony_ci name => "renegotiate-non-aead-to-non-aead", 170e1051a39Sopenharmony_ci server => { 171e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 172e1051a39Sopenharmony_ci }, 173e1051a39Sopenharmony_ci client => { 174e1051a39Sopenharmony_ci "CipherString" => "AES128-SHA", 175e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 176e1051a39Sopenharmony_ci extra => { 177e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES256-SHA" 178e1051a39Sopenharmony_ci } 179e1051a39Sopenharmony_ci }, 180e1051a39Sopenharmony_ci test => { 181e1051a39Sopenharmony_ci "Method" => "TLS", 182e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 183e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 184e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 185e1051a39Sopenharmony_ci } 186e1051a39Sopenharmony_ci }, 187e1051a39Sopenharmony_ci { 188e1051a39Sopenharmony_ci name => "renegotiate-aead-to-aead", 189e1051a39Sopenharmony_ci server => { 190e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation", 191e1051a39Sopenharmony_ci }, 192e1051a39Sopenharmony_ci client => { 193e1051a39Sopenharmony_ci "CipherString" => "AES128-GCM-SHA256", 194e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 195e1051a39Sopenharmony_ci extra => { 196e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES256-GCM-SHA384" 197e1051a39Sopenharmony_ci } 198e1051a39Sopenharmony_ci }, 199e1051a39Sopenharmony_ci test => { 200e1051a39Sopenharmony_ci "Method" => "TLS", 201e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 202e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 203e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 204e1051a39Sopenharmony_ci } 205e1051a39Sopenharmony_ci }, 206e1051a39Sopenharmony_ci { 207e1051a39Sopenharmony_ci name => "no-renegotiation-server-by-client", 208e1051a39Sopenharmony_ci server => { 209e1051a39Sopenharmony_ci "Options" => "NoRenegotiation", 210e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 211e1051a39Sopenharmony_ci }, 212e1051a39Sopenharmony_ci client => { }, 213e1051a39Sopenharmony_ci test => { 214e1051a39Sopenharmony_ci "Method" => "TLS", 215e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 216e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 217e1051a39Sopenharmony_ci "ExpectedResult" => "ClientFail" 218e1051a39Sopenharmony_ci } 219e1051a39Sopenharmony_ci }, 220e1051a39Sopenharmony_ci { 221e1051a39Sopenharmony_ci name => "no-renegotiation-server-by-server", 222e1051a39Sopenharmony_ci server => { 223e1051a39Sopenharmony_ci "Options" => "NoRenegotiation", 224e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 225e1051a39Sopenharmony_ci }, 226e1051a39Sopenharmony_ci client => { }, 227e1051a39Sopenharmony_ci test => { 228e1051a39Sopenharmony_ci "Method" => "TLS", 229e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 230e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 231e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail" 232e1051a39Sopenharmony_ci } 233e1051a39Sopenharmony_ci }, 234e1051a39Sopenharmony_ci { 235e1051a39Sopenharmony_ci name => "no-renegotiation-client-by-server", 236e1051a39Sopenharmony_ci server => { 237e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 238e1051a39Sopenharmony_ci }, 239e1051a39Sopenharmony_ci client => { 240e1051a39Sopenharmony_ci "Options" => "NoRenegotiation", 241e1051a39Sopenharmony_ci }, 242e1051a39Sopenharmony_ci test => { 243e1051a39Sopenharmony_ci "Method" => "TLS", 244e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 245e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 246e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail" 247e1051a39Sopenharmony_ci } 248e1051a39Sopenharmony_ci }, 249e1051a39Sopenharmony_ci { 250e1051a39Sopenharmony_ci name => "no-renegotiation-client-by-client", 251e1051a39Sopenharmony_ci server => { 252e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 253e1051a39Sopenharmony_ci }, 254e1051a39Sopenharmony_ci client => { 255e1051a39Sopenharmony_ci "Options" => "NoRenegotiation", 256e1051a39Sopenharmony_ci }, 257e1051a39Sopenharmony_ci test => { 258e1051a39Sopenharmony_ci "Method" => "TLS", 259e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 260e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 261e1051a39Sopenharmony_ci "ExpectedResult" => "ClientFail" 262e1051a39Sopenharmony_ci } 263e1051a39Sopenharmony_ci }, 264e1051a39Sopenharmony_ci { 265e1051a39Sopenharmony_ci name => "no-extms-on-renegotiation", 266e1051a39Sopenharmony_ci server => { 267e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 268e1051a39Sopenharmony_ci }, 269e1051a39Sopenharmony_ci client => { 270e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 271e1051a39Sopenharmony_ci extra => { 272e1051a39Sopenharmony_ci "RenegotiateNoExtms" => "Yes" 273e1051a39Sopenharmony_ci } 274e1051a39Sopenharmony_ci }, 275e1051a39Sopenharmony_ci test => { 276e1051a39Sopenharmony_ci "Method" => "TLS", 277e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 278e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 279e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail" 280e1051a39Sopenharmony_ci } 281e1051a39Sopenharmony_ci }, 282e1051a39Sopenharmony_ci { 283e1051a39Sopenharmony_ci name => "allow-client-renegotiation", 284e1051a39Sopenharmony_ci server => { 285e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 286e1051a39Sopenharmony_ci }, 287e1051a39Sopenharmony_ci client => { 288e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2" 289e1051a39Sopenharmony_ci }, 290e1051a39Sopenharmony_ci test => { 291e1051a39Sopenharmony_ci "Method" => "TLS", 292e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 293e1051a39Sopenharmony_ci "ResumptionExpected" => "Yes", 294e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 295e1051a39Sopenharmony_ci } 296e1051a39Sopenharmony_ci }, 297e1051a39Sopenharmony_ci { 298e1051a39Sopenharmony_ci name => "no-client-renegotiation", 299e1051a39Sopenharmony_ci server => { 300e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 301e1051a39Sopenharmony_ci "Options" => "-ClientRenegotiation" 302e1051a39Sopenharmony_ci }, 303e1051a39Sopenharmony_ci client => { 304e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.2", 305e1051a39Sopenharmony_ci }, 306e1051a39Sopenharmony_ci test => { 307e1051a39Sopenharmony_ci "Method" => "TLS", 308e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 309e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 310e1051a39Sopenharmony_ci "ExpectedResult" => "ClientFail", 311e1051a39Sopenharmony_ci "ExpectedServerAlert" => "NoRenegotiation" 312e1051a39Sopenharmony_ci } 313e1051a39Sopenharmony_ci } 314e1051a39Sopenharmony_ci); 315e1051a39Sopenharmony_ci 316e1051a39Sopenharmony_cipush @tests, @tests_tls1_2 unless disabled("tls1_2"); 317