From 5e3766e2f15b3a8ea696b194c32a141cbe668d4e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 8 May 2017 16:05:49 +0100 Subject: [PATCH] Add test for no change following an HRR Verify that we fail if we receive an HRR but no change will result in ClientHello2. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3414) --- test/recipes/70-test_key_share.t | 34 +++++++++++++++++++++++++++----- util/TLSProxy/Message.pm | 1 + 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/test/recipes/70-test_key_share.t b/test/recipes/70-test_key_share.t index e5212d4884..62ab66cb2e 100644 --- a/test/recipes/70-test_key_share.t +++ b/test/recipes/70-test_key_share.t @@ -24,7 +24,8 @@ use constant { KEX_LEN_MISMATCH => 8, ZERO_LEN_KEX_DATA => 9, TRAILING_DATA => 10, - SELECT_X25519 => 11 + SELECT_X25519 => 11, + NO_KEY_SHARES_IN_HRR => 12 }; use constant { @@ -75,7 +76,7 @@ $direction = CLIENT_TO_SERVER; $proxy->filter(\&modify_key_shares_filter); $proxy->serverflags("-curves P-256"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 21; +plan tests => 22; ok(TLSProxy::Message->success(), "Success after HRR"); #Test 2: The server sending an HRR requesting a group the client already sent @@ -219,12 +220,21 @@ $proxy->serverflags("-no_tls1_3"); $proxy->start(); ok(TLSProxy::Message->success(), "Ignore key_share for TLS<=1.2 server"); +#Test 22: The server sending an HRR but not requesting a new key_share should +# fail +$proxy->clear(); +$testtype = NO_KEY_SHARES_IN_HRR; +$proxy->serverflags("-curves X25519"); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Server sends HRR with no key_shares"); + sub modify_key_shares_filter { my $proxy = shift; # We're only interested in the initial ClientHello - if (($direction == CLIENT_TO_SERVER && $proxy->flight != 0) + if (($direction == CLIENT_TO_SERVER && $proxy->flight != 0 + && ($proxy->flight != 1 || $testtype != NO_KEY_SHARES_IN_HRR)) || ($direction == SERVER_TO_CLIENT && $proxy->flight != 1)) { return; } @@ -296,9 +306,18 @@ sub modify_key_shares_filter "155155B95269ED5C87EAA99C2EF5A593". "EDF83495E80380089F831B94D14B1421", #key_exchange data 0x00; #Trailing garbage + } elsif ($testtype == NO_KEY_SHARES_IN_HRR) { + #We trick the server into thinking we sent a P-256 key_share - + #but the client actually sent X25519 + $ext = pack "C7", + 0x00, 0x05, #List Length + 0x00, 0x17, #P-256 + 0x00, 0x01, #key_exchange data length + 0xff; #Dummy key_share data } - if ($testtype != EMPTY_EXTENSION) { + if ($testtype != EMPTY_EXTENSION + && $testtype != NO_KEY_SHARES_IN_HRR) { $message->set_extension( TLSProxy::Message::EXT_SUPPORTED_GROUPS, $suppgroups); } @@ -351,7 +370,12 @@ sub modify_key_shares_filter $message->set_extension(TLSProxy::Message::EXT_KEY_SHARE, $ext); $message->repack(); - } + } elsif ($message->mt == TLSProxy::Message::MT_HELLO_RETRY_REQUEST + && $testtype == NO_KEY_SHARES_IN_HRR) { + $message->delete_extension(TLSProxy::Message::EXT_KEY_SHARE); + $message->set_extension(TLSProxy::Message::EXT_UNKNOWN, ""); + $message->repack(); + } } } diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index 3c19845164..4cb594cfef 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -86,6 +86,7 @@ use constant { # (i.e. not read), and even then only when enabled. We use it to test # handling of duplicate extensions. EXT_DUPLICATE_EXTENSION => 0xfde8, + EXT_UNKNOWN => 0xfffe, #Unknown extension that should appear last EXT_FORCE_LAST => 0xffff }; -- 2.25.1