Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame test/recipes/70-test_tls13cookie.t

Blob History Raw

Packit Service	084de1	`#! /usr/bin/env perl`
Packit Service	084de1	`# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.`
Packit Service	084de1	`#`
Packit Service	084de1	`# Licensed under the OpenSSL license (the "License"). You may not use`
Packit Service	084de1	`# this file except in compliance with the License. You can obtain a copy`
Packit Service	084de1	`# in the file LICENSE in the source distribution or at`
Packit Service	084de1	`# https://www.openssl.org/source/license.html`
Packit Service	084de1
Packit Service	084de1	`use strict;`
Packit Service	084de1	`use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;`
Packit Service	084de1	`use OpenSSL::Test::Utils;`
Packit Service	084de1	`use TLSProxy::Proxy;`
Packit Service	084de1
Packit Service	084de1	`my $test_name = "test_tls13cookie";`
Packit Service	084de1	`setup($test_name);`
Packit Service	084de1
Packit Service	084de1	`plan skip_all => "TLSProxy isn't usable on $^O"`
Packit Service	084de1	`if $^O =~ /^(VMS)$/;`
Packit Service	084de1
Packit Service	084de1	`plan skip_all => "$test_name needs the dynamic engine feature enabled"`
Packit Service	084de1	`if disabled("engine") \|\| disabled("dynamic-engine");`
Packit Service	084de1
Packit Service	084de1	`plan skip_all => "$test_name needs the sock feature enabled"`
Packit Service	084de1	`if disabled("sock");`
Packit Service	084de1
Packit Service	084de1	`plan skip_all => "$test_name needs TLS1.3 enabled"`
Packit Service	084de1	`if disabled("tls1_3");`
Packit Service	084de1
Packit Service	084de1	`$ENV{OPENSSL_ia32cap} = '~0x200000200000000';`
Packit Service	084de1
Packit Service	084de1	`use constant {`
Packit Service	084de1	`COOKIE_ONLY => 0,`
Packit Service	084de1	`COOKIE_AND_KEY_SHARE => 1`
Packit Service	084de1	`};`
Packit Service	084de1
Packit Service	084de1	`my $proxy = TLSProxy::Proxy->new(`
Packit Service	084de1	`undef,`
Packit Service	084de1	`cmdstr(app(["openssl"]), display => 1),`
Packit Service	084de1	`srctop_file("apps", "server.pem"),`
Packit Service	084de1	`(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})`
Packit Service	084de1	`);`
Packit Service	084de1
Packit Service	084de1	`my $cookieseen = 0;`
Packit Service	084de1	`my $testtype;`
Packit Service	084de1
Packit Service	084de1	`#Test 1: Inserting a cookie into an HRR should see it echoed in the ClientHello`
Packit Service	084de1	`$testtype = COOKIE_ONLY;`
Packit Service	084de1	`$proxy->filter(\&cookie_filter);`
Packit Service	084de1	`$proxy->serverflags("-curves X25519");`
Packit Service	084de1	`$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";`
Packit Service	084de1	`plan tests => 2;`
Packit Service	084de1	`ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");`
Packit Service	084de1
Packit Service	084de1	`#Test 2: Same as test 1 but should also work where a new key_share is also`
Packit Service	084de1	`# required`
Packit Service	084de1	`$testtype = COOKIE_AND_KEY_SHARE;`
Packit Service	084de1	`$proxy->clear();`
Packit Service	084de1	`$proxy->clientflags("-curves P-256:X25519");`
Packit Service	084de1	`$proxy->serverflags("-curves X25519");`
Packit Service	084de1	`$proxy->start();`
Packit Service	084de1	`ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");`
Packit Service	084de1
Packit Service	084de1	`sub cookie_filter`
Packit Service	084de1	`{`
Packit Service	084de1	`my $proxy = shift;`
Packit Service	084de1
Packit Service	084de1	`# We're only interested in the HRR and both ClientHellos`
Packit Service	084de1	`return if ($proxy->flight > 2);`
Packit Service	084de1
Packit Service	084de1	`my $ext = pack "C8",`
Packit Service	084de1	`0x00, 0x06, #Cookie Length`
Packit Service	084de1	`0x00, 0x01, #Dummy cookie data (6 bytes)`
Packit Service	084de1	`0x02, 0x03,`
Packit Service	084de1	`0x04, 0x05;`
Packit Service	084de1
Packit Service	084de1	`foreach my $message (@{$proxy->message_list}) {`
Packit Service	084de1	`if ($message->mt == TLSProxy::Message::MT_SERVER_HELLO`
Packit Service	084de1	`&& ${$message->records}[0]->flight == 1) {`
Packit Service	084de1	`$message->delete_extension(TLSProxy::Message::EXT_KEY_SHARE)`
Packit Service	084de1	`if ($testtype == COOKIE_ONLY);`
Packit Service	084de1	`$message->set_extension(TLSProxy::Message::EXT_COOKIE, $ext);`
Packit Service	084de1	`$message->repack();`
Packit Service	084de1	`} elsif ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {`
Packit Service	084de1	`if (${$message->records}[0]->flight == 0) {`
Packit Service	084de1	`if ($testtype == COOKIE_ONLY) {`
Packit Service	084de1	`my $ext = pack "C7",`
Packit Service	084de1	`0x00, 0x05, #List Length`
Packit Service	084de1	`0x00, 0x17, #P-256`
Packit Service	084de1	`0x00, 0x01, #key_exchange data length`
Packit Service	084de1	`0xff; #Dummy key_share data`
Packit Service	084de1	`# Trick the server into thinking we got an unacceptable`
Packit Service	084de1	`# key_share`
Packit Service	084de1	`$message->set_extension(`
Packit Service	084de1	`TLSProxy::Message::EXT_KEY_SHARE, $ext);`
Packit Service	084de1	`$message->repack();`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`#cmp can behave differently dependent on locale`
Packit Service	084de1	`no locale;`
Packit Service	084de1	`my $cookie =`
Packit Service	084de1	`$message->extension_data->{TLSProxy::Message::EXT_COOKIE};`
Packit Service	084de1
Packit Service	084de1	`return if !defined($cookie);`
Packit Service	084de1
Packit Service	084de1	`return if ($cookie cmp $ext) != 0;`
Packit Service	084de1
Packit Service	084de1	`$cookieseen = 1;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`

source-git / openssl

Source Code

Blame test/recipes/70-test_tls13cookie.t