From b4c6e37e7428eec3d46b6737b60df8e423d0a8df Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 21 Nov 2016 16:22:00 +0000 Subject: [PATCH] Add more TLS1.3 record tests Add some tests for the new record construction Reviewed-by: Rich Salz --- test/recipes/70-test_sslrecords.t | 52 +++++++++++++++++++++++++++---- util/TLSProxy/Record.pm | 13 ++++++-- 2 files changed, 57 insertions(+), 8 deletions(-) diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index e6f7a36c05..f699058825 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -44,7 +44,7 @@ if (!disabled("tls1_1")) { $num_tests++; } if (!disabled("tls1_3")) { - $num_tests++; + $num_tests += 3; } plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); @@ -148,13 +148,28 @@ $proxy->filter(\&change_version); $proxy->start(); ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2"); -#Test 13: Sending a different record version in TLS1.3 should succeed +#TLS1.3 specific tests if (!disabled("tls1_3")) { + #Test 13: Sending a different record version in TLS1.3 should succeed $proxy->clear(); $proxy->filter(\&change_version); $proxy->start(); ok(TLSProxy::Message->success(), "Changed record version in TLS1.3"); -} + + #Test 14: Sending an unrecognised record type in TLS1.3 should fail + $proxy->clear(); + $proxy->filter(\&add_unknown_record_type); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3"); + + #Test 15: Sending an outer record type other than app data once encrypted + #should fail + $proxy->clear(); + $proxy->filter(\&change_outer_record_type); + $proxy->start(); + ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3"); + } + sub add_empty_recs_filter { @@ -388,13 +403,13 @@ sub add_unknown_record_type my $proxy = shift; # We'll change a record after the initial version neg has taken place - if ($proxy->flight != 2) { + if ($proxy->flight != 1) { return; } my $lastrec = ${$proxy->record_list}[-1]; my $record = TLSProxy::Record->new( - 2, + 1, TLSProxy::Record::RT_UNKNOWN, $lastrec->version(), 1, @@ -405,7 +420,14 @@ sub add_unknown_record_type "X" ); - unshift @{$proxy->record_list}, $record; + #Find ServerHello record and insert after that + my $i; + for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { + next; + } + $i++; + + splice @{$proxy->record_list}, $i, 0, $record; } sub change_version @@ -419,3 +441,21 @@ sub change_version (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1); } + +sub change_outer_record_type +{ + my $proxy = shift; + + # We'll change a record after the initial version neg has taken place + if ($proxy->flight != 1) { + return; + } + + #Find ServerHello record and change record after that + my $i; + for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { + next; + } + $i++; + ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE); +} diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm index fe78185ccc..202c1ec9a6 100644 --- a/util/TLSProxy/Record.pm +++ b/util/TLSProxy/Record.pm @@ -195,7 +195,8 @@ sub new data => $data, decrypt_data => $decrypt_data, orig_decrypt_data => $decrypt_data, - encrypted => 0 + encrypted => 0, + outer_content_type => RT_APPLICATION_DATA }; return bless $self, $class; @@ -289,7 +290,7 @@ sub reconstruct_record $data = pack('n', $self->len | 0x8000); } else { if (TLSProxy::Proxy->is_tls13() && $self->encrypted) { - $data = pack('Cnn', RT_APPLICATION_DATA, $self->version, + $data = pack('Cnn', $self->outer_content_type, $self->version, $self->len + 1); $tls13_enc = 1; } else { @@ -386,4 +387,12 @@ sub encrypted } return $self->{encrypted}; } +sub outer_content_type +{ + my $self = shift; + if (@_) { + $self->{outer_content_type} = shift; + } + return $self->{outer_content_type}; +} 1; -- 2.25.1