From 3ae6b5f800a88a8dac109aeb3ea758469ab1cbb8 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 25 Jan 2017 10:44:46 +0000 Subject: [PATCH] Add a test for the PSK kex modes extension Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2259) --- test/recipes/70-test_tls13kexmodes.t | 243 +++++++++++++++++++++++++++ test/testlib/checkhandshake.pm | 4 +- 2 files changed, 246 insertions(+), 1 deletion(-) create mode 100755 test/recipes/70-test_tls13kexmodes.t diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t new file mode 100755 index 0000000000..93835194b0 --- /dev/null +++ b/test/recipes/70-test_tls13kexmodes.t @@ -0,0 +1,243 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; +use OpenSSL::Test::Utils; +use File::Temp qw(tempfile); +use TLSProxy::Proxy; +use checkhandshake qw(checkhandshake @handmessages @extensions); + +my $test_name = "test_tls13kexmodes"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" + if $^O =~ /^(VMS|MSWin32)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" + if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.3 enabled" + if disabled("tls1_3"); + +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; +$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); + + +@handmessages = ( + [TLSProxy::Message::MT_CLIENT_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_SERVER_HELLO, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE_REQUEST, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::ALL_HANDSHAKES & ~checkhandshake::RESUME_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, + checkhandshake::ALL_HANDSHAKES & ~checkhandshake::RESUME_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [TLSProxy::Message::MT_CERTIFICATE, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_CERTIFICATE_VERIFY, + checkhandshake::CLIENT_AUTH_HANDSHAKE], + [TLSProxy::Message::MT_FINISHED, + checkhandshake::ALL_HANDSHAKES], + [0, 0] +); + +@extensions = ( + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + checkhandshake::SERVER_NAME_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + checkhandshake::ALPN_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + checkhandshake::SCT_CLI_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + checkhandshake::PSK_KEX_MODES_EXTENSION], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_CLI_EXTENSION], + + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + checkhandshake::KEY_SHARE_SRV_EXTENSION], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_SRV_EXTENSION], + + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, + checkhandshake::STATUS_REQUEST_SRV_EXTENSION], + [0,0,0] +); + +use constant { + DELETE_EXTENSION => 0, + EMPTY_EXTENSION => 1, + NON_DHE_KEX_MODE_ONLY => 2, + DHE_KEX_MODE_ONLY => 3, + UNKNONW_KEX_MODES => 4, + BOTH_KEX_MODES => 5 +}; + +my $proxy = TLSProxy::Proxy->new( + undef, + cmdstr(app(["openssl"]), display => 1), + srctop_file("apps", "server.pem"), + (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +#Test 1: First get a session +(undef, my $session) = tempfile(); +$proxy->clientflags("-sess_out ".$session); +$proxy->sessionfile($session); +$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +plan tests => 7; +ok(TLSProxy::Message->success(), "Initial connection"); + +#Test 2: Attempt a resume with no kex modes extension. Should not resume +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +my $testtype = DELETE_EXTENSION; +$proxy->filter(\&modify_kex_modes_filter); +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION, + "Resume with no kex modes"); + +#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty +# extension is invalid) +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = EMPTY_EXTENSION; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Resume with empty kex modes"); + +#Test 4: Attempt a resume with non-dhe kex mode only. Should resume without a +# key_share +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = NON_DHE_KEX_MODE_ONLY; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with non-dhe kex mode"); + +#Test 5: Attempt a resume with dhe kex mode only. Should resume with a key_share +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = DHE_KEX_MODE_ONLY; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with non-dhe kex mode"); + +#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = UNKNONW_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION, + "Resume with empty kex modes"); + +#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with +# a key_share +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$testtype = BOTH_KEX_MODES; +$proxy->start(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_KEX_MODES_EXTENSION + | checkhandshake::KEY_SHARE_SRV_EXTENSION + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resume with non-dhe kex mode"); + +unlink $session; + +sub modify_kex_modes_filter +{ + my $proxy = shift; + + # We're only interested in the initial ClientHello + return if ($proxy->flight != 0); + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + my $ext; + + if ($testtype == EMPTY_EXTENSION) { + $ext = pack "C", + 0x00; #List length + } elsif ($testtype == NON_DHE_KEX_MODE_ONLY) { + $ext = pack "C2", + 0x01, #List length + 0x00; #psk_ke + } elsif ($testtype == DHE_KEX_MODE_ONLY) { + $ext = pack "C2", + 0x01, #List length + 0x01; #psk_dhe_ke + } elsif ($testtype == UNKNONW_KEX_MODES) { + $ext = pack "C3", + 0x02, #List length + 0xfe, #unknown + 0xff; #unknown + } elsif ($testtype == BOTH_KEX_MODES) { + #We deliberately list psk_ke first...should still use psk_dhe_ke + $ext = pack "C3", + 0x02, #List length + 0x00, #psk_ke + 0x01; #psk_dhe_ke + } + + if ($testtype == DELETE_EXTENSION) { + $message->delete_extension( + TLSProxy::Message::EXT_PSK_KEX_MODES); + } else { + $message->set_extension( + TLSProxy::Message::EXT_PSK_KEX_MODES, $ext); + } + + $message->repack(); + } + } +} diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm index e974403af3..44f7b1a51a 100644 --- a/test/testlib/checkhandshake.pm +++ b/test/testlib/checkhandshake.pm @@ -47,7 +47,9 @@ use constant { #Client side for ec point formats is a default extension EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000, PSK_CLI_EXTENSION => 0x00008000, - PSK_SRV_EXTENSION => 0x00010000 + PSK_SRV_EXTENSION => 0x00010000, + KEY_SHARE_SRV_EXTENSION => 0x00020000, + PSK_KEX_MODES_EXTENSION => 0x00040000 }; our @handmessages = (); -- 2.25.1