1e1051a39Sopenharmony_ci# -*- mode: perl; -*- 2e1051a39Sopenharmony_ci# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci## Test Renegotiation 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ciuse strict; 13e1051a39Sopenharmony_ciuse warnings; 14e1051a39Sopenharmony_ci 15e1051a39Sopenharmony_cipackage ssltests; 16e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 17e1051a39Sopenharmony_ci 18e1051a39Sopenharmony_ciour $fips_mode; 19e1051a39Sopenharmony_ci 20e1051a39Sopenharmony_ciour @tests = (); 21e1051a39Sopenharmony_ci 22e1051a39Sopenharmony_ciforeach my $sctp ("No", "Yes") 23e1051a39Sopenharmony_ci{ 24e1051a39Sopenharmony_ci next if disabled("sctp") && $sctp eq "Yes"; 25e1051a39Sopenharmony_ci next if disabled("dtls1_2") && $fips_mode; 26e1051a39Sopenharmony_ci 27e1051a39Sopenharmony_ci my $suffix = ($sctp eq "No") ? "" : "-sctp"; 28e1051a39Sopenharmony_ci our @tests_basic = ( 29e1051a39Sopenharmony_ci { 30e1051a39Sopenharmony_ci name => "renegotiate-client-no-resume".$suffix, 31e1051a39Sopenharmony_ci server => { 32e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0', 33e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation" 34e1051a39Sopenharmony_ci }, 35e1051a39Sopenharmony_ci client => { 36e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 37e1051a39Sopenharmony_ci }, 38e1051a39Sopenharmony_ci test => { 39e1051a39Sopenharmony_ci "Method" => "DTLS", 40e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 41e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 42e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 43e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 44e1051a39Sopenharmony_ci } 45e1051a39Sopenharmony_ci }, 46e1051a39Sopenharmony_ci { 47e1051a39Sopenharmony_ci name => "renegotiate-client-resume".$suffix, 48e1051a39Sopenharmony_ci server => { 49e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 50e1051a39Sopenharmony_ci }, 51e1051a39Sopenharmony_ci client => { 52e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 53e1051a39Sopenharmony_ci }, 54e1051a39Sopenharmony_ci test => { 55e1051a39Sopenharmony_ci "Method" => "DTLS", 56e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 57e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 58e1051a39Sopenharmony_ci "ResumptionExpected" => "Yes", 59e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 60e1051a39Sopenharmony_ci } 61e1051a39Sopenharmony_ci }, 62e1051a39Sopenharmony_ci # Note: Unlike the TLS tests, we will never do resumption with server 63e1051a39Sopenharmony_ci # initiated reneg. This is because an OpenSSL DTLS client will always do a full 64e1051a39Sopenharmony_ci # handshake (i.e. it doesn't supply a session id) when it receives a 65e1051a39Sopenharmony_ci # HelloRequest. This is different to the OpenSSL TLS implementation where an 66e1051a39Sopenharmony_ci # OpenSSL client will always try an abbreviated handshake (i.e. it will supply 67e1051a39Sopenharmony_ci # the session id). This goes all the way to commit 48ae85b6f when abbreviated 68e1051a39Sopenharmony_ci # handshake support was first added. Neither behaviour is wrong, but the 69e1051a39Sopenharmony_ci # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, 70e1051a39Sopenharmony_ci # and if so, what to? 71e1051a39Sopenharmony_ci { 72e1051a39Sopenharmony_ci name => "renegotiate-server-resume".$suffix, 73e1051a39Sopenharmony_ci server => { 74e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 75e1051a39Sopenharmony_ci }, 76e1051a39Sopenharmony_ci client => { 77e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 78e1051a39Sopenharmony_ci }, 79e1051a39Sopenharmony_ci test => { 80e1051a39Sopenharmony_ci "Method" => "DTLS", 81e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 82e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 83e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 84e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 85e1051a39Sopenharmony_ci } 86e1051a39Sopenharmony_ci }, 87e1051a39Sopenharmony_ci { 88e1051a39Sopenharmony_ci name => "renegotiate-client-auth-require".$suffix, 89e1051a39Sopenharmony_ci server => { 90e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 91e1051a39Sopenharmony_ci "VerifyMode" => "Require", 92e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 93e1051a39Sopenharmony_ci }, 94e1051a39Sopenharmony_ci client => { 95e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 96e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 97e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 98e1051a39Sopenharmony_ci }, 99e1051a39Sopenharmony_ci test => { 100e1051a39Sopenharmony_ci "Method" => "DTLS", 101e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 102e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 103e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 104e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 105e1051a39Sopenharmony_ci } 106e1051a39Sopenharmony_ci }, 107e1051a39Sopenharmony_ci { 108e1051a39Sopenharmony_ci name => "renegotiate-client-auth-once".$suffix, 109e1051a39Sopenharmony_ci server => { 110e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 111e1051a39Sopenharmony_ci "VerifyMode" => "Once", 112e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 113e1051a39Sopenharmony_ci }, 114e1051a39Sopenharmony_ci client => { 115e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 116e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 117e1051a39Sopenharmony_ci "CipherString" => 'DEFAULT:@SECLEVEL=0' 118e1051a39Sopenharmony_ci }, 119e1051a39Sopenharmony_ci test => { 120e1051a39Sopenharmony_ci "Method" => "DTLS", 121e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 122e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateServer", 123e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 124e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 125e1051a39Sopenharmony_ci } 126e1051a39Sopenharmony_ci } 127e1051a39Sopenharmony_ci ); 128e1051a39Sopenharmony_ci push @tests, @tests_basic; 129e1051a39Sopenharmony_ci 130e1051a39Sopenharmony_ci next if disabled("dtls1_2"); 131e1051a39Sopenharmony_ci our @tests_dtls1_2 = ( 132e1051a39Sopenharmony_ci { 133e1051a39Sopenharmony_ci name => "renegotiate-aead-to-non-aead".$suffix, 134e1051a39Sopenharmony_ci server => { 135e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation" 136e1051a39Sopenharmony_ci }, 137e1051a39Sopenharmony_ci client => { 138e1051a39Sopenharmony_ci "CipherString" => "AES128-GCM-SHA256", 139e1051a39Sopenharmony_ci extra => { 140e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES128-SHA" 141e1051a39Sopenharmony_ci } 142e1051a39Sopenharmony_ci }, 143e1051a39Sopenharmony_ci test => { 144e1051a39Sopenharmony_ci "Method" => "DTLS", 145e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 146e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 147e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 148e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 149e1051a39Sopenharmony_ci } 150e1051a39Sopenharmony_ci }, 151e1051a39Sopenharmony_ci { 152e1051a39Sopenharmony_ci name => "renegotiate-non-aead-to-aead".$suffix, 153e1051a39Sopenharmony_ci server => { 154e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation" 155e1051a39Sopenharmony_ci }, 156e1051a39Sopenharmony_ci client => { 157e1051a39Sopenharmony_ci "CipherString" => "AES128-SHA", 158e1051a39Sopenharmony_ci extra => { 159e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES128-GCM-SHA256" 160e1051a39Sopenharmony_ci } 161e1051a39Sopenharmony_ci }, 162e1051a39Sopenharmony_ci test => { 163e1051a39Sopenharmony_ci "Method" => "DTLS", 164e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 165e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 166e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 167e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 168e1051a39Sopenharmony_ci } 169e1051a39Sopenharmony_ci }, 170e1051a39Sopenharmony_ci { 171e1051a39Sopenharmony_ci name => "renegotiate-non-aead-to-non-aead".$suffix, 172e1051a39Sopenharmony_ci server => { 173e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation" 174e1051a39Sopenharmony_ci }, 175e1051a39Sopenharmony_ci client => { 176e1051a39Sopenharmony_ci "CipherString" => "AES128-SHA", 177e1051a39Sopenharmony_ci extra => { 178e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES256-SHA" 179e1051a39Sopenharmony_ci } 180e1051a39Sopenharmony_ci }, 181e1051a39Sopenharmony_ci test => { 182e1051a39Sopenharmony_ci "Method" => "DTLS", 183e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 184e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 185e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 186e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 187e1051a39Sopenharmony_ci } 188e1051a39Sopenharmony_ci }, 189e1051a39Sopenharmony_ci { 190e1051a39Sopenharmony_ci name => "renegotiate-aead-to-aead".$suffix, 191e1051a39Sopenharmony_ci server => { 192e1051a39Sopenharmony_ci "Options" => "NoResumptionOnRenegotiation" 193e1051a39Sopenharmony_ci }, 194e1051a39Sopenharmony_ci client => { 195e1051a39Sopenharmony_ci "CipherString" => "AES128-GCM-SHA256", 196e1051a39Sopenharmony_ci extra => { 197e1051a39Sopenharmony_ci "RenegotiateCiphers" => "AES256-GCM-SHA384" 198e1051a39Sopenharmony_ci } 199e1051a39Sopenharmony_ci }, 200e1051a39Sopenharmony_ci test => { 201e1051a39Sopenharmony_ci "Method" => "DTLS", 202e1051a39Sopenharmony_ci "UseSCTP" => $sctp, 203e1051a39Sopenharmony_ci "HandshakeMode" => "RenegotiateClient", 204e1051a39Sopenharmony_ci "ResumptionExpected" => "No", 205e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 206e1051a39Sopenharmony_ci } 207e1051a39Sopenharmony_ci }, 208e1051a39Sopenharmony_ci ); 209e1051a39Sopenharmony_ci push @tests, @tests_dtls1_2; 210e1051a39Sopenharmony_ci} 211