From 807551ac0dfe90c7953381df445205833ee7a1af Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 15 Mar 2017 18:44:05 +0000 Subject: [PATCH] Add some more PSK tests Test that if the server selects a ciphersuite with a different hash from the PSK in the original ClientHello, the second ClientHello does not contain the PSK. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2895) --- test/recipes/70-test_tls13psk.t | 74 +++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 8 deletions(-) diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index 2607d51f56..48d1dde998 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -37,6 +37,11 @@ my $proxy = TLSProxy::Proxy->new( (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); +use constant { + PSK_LAST_FIRST_CH => 0, + ILLEGAL_EXT_SECOND_CH => 1 +}; + #Most PSK tests are done in test_ssl_new. This just checks sending a PSK #extension when it isn't in the last place in a ClientHello @@ -45,29 +50,82 @@ my $proxy = TLSProxy::Proxy->new( $proxy->clientflags("-sess_out ".$session); $proxy->sessionfile($session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; +plan tests => 4; ok(TLSProxy::Message->success(), "Initial connection"); #Test 2: Attempt a resume with PSK not in last place. Should fail $proxy->clear(); $proxy->clientflags("-sess_in ".$session); $proxy->filter(\&modify_psk_filter); +my $testtype = PSK_LAST_FIRST_CH; $proxy->start(); ok(TLSProxy::Message->fail(), "PSK not last"); +#Test 3: Attempt a resume after an HRR where PSK hash matches selected +# ciperhsuite. Should see PSK on second ClientHello +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->serverflags("-curves P-256"); +$proxy->filter(undef); +$proxy->start(); +#Check if the PSK is present in the second ClientHello +my $ch2 = ${$proxy->message_list}[2]; +my $ch2seen = defined $ch2 && $ch2->mt() == TLSProxy::Message::MT_CLIENT_HELLO; +my $pskseen = $ch2seen + && defined ${$ch2->{extension_data}}{TLSProxy::Message::EXT_PSK}; +ok($pskseen, "PSK hash matches"); + +#Test 4: Attempt a resume after an HRR where PSK hash does not match selected +# ciphersuite. Should not see PSK on second ClientHello +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->filter(\&modify_psk_filter); +$proxy->serverflags("-curves P-256"); +$proxy->cipherc("TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384"); +$proxy->ciphers("TLS13-AES-256-GCM-SHA384"); +#We force an early failure because TLS Proxy doesn't actually support +#TLS13-AES-256-GCM-SHA384. That doesn't matter for this test though. +$testtype = ILLEGAL_EXT_SECOND_CH; +$proxy->start(); +#Check if the PSK is present in the second ClientHello +$ch2 = ${$proxy->message_list}[2]; +$ch2seen = defined $ch2 && $ch2->mt() == TLSProxy::Message::MT_CLIENT_HELLO; +$pskseen = $ch2seen + && defined ${$ch2->extension_data}{TLSProxy::Message::EXT_PSK}; +ok($ch2seen && !$pskseen, "PSK hash does not match"); + + unlink $session; sub modify_psk_filter { my $proxy = shift; + my $flight; + my $message; + + if ($testtype == PSK_LAST_FIRST_CH) { + $flight = 0; + } else { + $flight = 2; + } + + # Only look at the first or second ClientHello + return if $proxy->flight != $flight; + + if ($testtype == PSK_LAST_FIRST_CH) { + $message = ${$proxy->message_list}[0]; + } else { + $message = ${$proxy->message_list}[2]; + } - # We're only interested in the initial ClientHello - return if ($proxy->flight != 0); + return if (!defined $message + || $message->mt != TLSProxy::Message::MT_CLIENT_HELLO); - foreach my $message (@{$proxy->message_list}) { - if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { - $message->set_extension(TLSProxy::Message::EXT_FORCE_LAST, ""); - $message->repack(); - } + if ($testtype == PSK_LAST_FIRST_CH) { + $message->set_extension(TLSProxy::Message::EXT_FORCE_LAST, ""); + } else { + #Deliberately break the connection + $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_GROUPS, ""); } + $message->repack(); } -- 2.25.1