2
0

protocol_version.pm 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the OpenSSL license (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test version negotiation
  9. package ssltests;
  10. use strict;
  11. use warnings;
  12. use List::Util qw/max min/;
  13. use OpenSSL::Test;
  14. use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/;
  15. setup("no_test_here");
  16. my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
  17. # undef stands for "no limit".
  18. my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
  19. my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef);
  20. my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
  21. my $min_tls_enabled; my $max_tls_enabled;
  22. # Protocol configuration works in cascades, i.e.,
  23. # $no_tls1_1 disables TLSv1.1 and below.
  24. #
  25. # $min_enabled and $max_enabled will be correct if there is at least one
  26. # protocol enabled.
  27. foreach my $i (0..$#tls_protocols) {
  28. if (!$is_tls_disabled[$i]) {
  29. $min_tls_enabled = $i;
  30. last;
  31. }
  32. }
  33. foreach my $i (0..$#tls_protocols) {
  34. if (!$is_tls_disabled[$i]) {
  35. $max_tls_enabled = $i;
  36. }
  37. }
  38. my @dtls_protocols = ("DTLSv1", "DTLSv1.2");
  39. # undef stands for "no limit".
  40. my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2");
  41. my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef);
  42. my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2");
  43. my $min_dtls_enabled; my $max_dtls_enabled;
  44. # $min_enabled and $max_enabled will be correct if there is at least one
  45. # protocol enabled.
  46. foreach my $i (0..$#dtls_protocols) {
  47. if (!$is_dtls_disabled[$i]) {
  48. $min_dtls_enabled = $i;
  49. last;
  50. }
  51. }
  52. foreach my $i (0..$#dtls_protocols) {
  53. if (!$is_dtls_disabled[$i]) {
  54. $max_dtls_enabled = $i;
  55. }
  56. }
  57. sub no_tests {
  58. my ($dtls) = @_;
  59. return $dtls ? alldisabled("dtls1", "dtls1_2") :
  60. alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
  61. }
  62. sub generate_version_tests {
  63. my ($method) = @_;
  64. my $dtls = $method eq "DTLS";
  65. # Don't write the redundant "Method = TLS" into the configuration.
  66. undef $method if !$dtls;
  67. my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
  68. my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
  69. my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols;
  70. my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
  71. my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
  72. if (no_tests($dtls)) {
  73. return;
  74. }
  75. my @tests = ();
  76. for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); $sctp++) {
  77. foreach my $c_min (0..$#min_protocols) {
  78. my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
  79. foreach my $c_max ($c_max_min..$#max_protocols) {
  80. foreach my $s_min (0..$#min_protocols) {
  81. my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
  82. foreach my $s_max ($s_max_min..$#max_protocols) {
  83. my ($result, $protocol) =
  84. expected_result($c_min, $c_max, $s_min, $s_max,
  85. $min_enabled, $max_enabled,
  86. \@protocols);
  87. push @tests, {
  88. "name" => "version-negotiation",
  89. "client" => {
  90. "MinProtocol" => $min_protocols[$c_min],
  91. "MaxProtocol" => $max_protocols[$c_max],
  92. },
  93. "server" => {
  94. "MinProtocol" => $min_protocols[$s_min],
  95. "MaxProtocol" => $max_protocols[$s_max],
  96. },
  97. "test" => {
  98. "ExpectedResult" => $result,
  99. "ExpectedProtocol" => $protocol,
  100. "Method" => $method,
  101. }
  102. };
  103. $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
  104. }
  105. }
  106. }
  107. }
  108. }
  109. return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls;
  110. #Add some version/ciphersuite sanity check tests
  111. push @tests, {
  112. "name" => "ciphersuite-sanity-check-client",
  113. "client" => {
  114. #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
  115. "CipherString" => "AES128-SHA",
  116. "Ciphersuites" => "",
  117. },
  118. "server" => {
  119. "MaxProtocol" => "TLSv1.2"
  120. },
  121. "test" => {
  122. "ExpectedResult" => "ClientFail",
  123. }
  124. };
  125. push @tests, {
  126. "name" => "ciphersuite-sanity-check-server",
  127. "client" => {
  128. "CipherString" => "AES128-SHA",
  129. "MaxProtocol" => "TLSv1.2"
  130. },
  131. "server" => {
  132. #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
  133. "CipherString" => "AES128-SHA",
  134. "Ciphersuites" => "",
  135. },
  136. "test" => {
  137. "ExpectedResult" => "ServerFail",
  138. }
  139. };
  140. return @tests;
  141. }
  142. sub generate_resumption_tests {
  143. my ($method) = @_;
  144. my $dtls = $method eq "DTLS";
  145. # Don't write the redundant "Method = TLS" into the configuration.
  146. undef $method if !$dtls;
  147. my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
  148. my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
  149. my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
  150. if (no_tests($dtls)) {
  151. return;
  152. }
  153. my @server_tests = ();
  154. my @client_tests = ();
  155. # Obtain the first session against a fixed-version server/client.
  156. foreach my $original_protocol($min_enabled..$max_enabled) {
  157. # Upgrade or downgrade the server/client max version support and test
  158. # that it upgrades, downgrades or resumes the session as well.
  159. foreach my $resume_protocol($min_enabled..$max_enabled) {
  160. my $resumption_expected;
  161. # We should only resume on exact version match.
  162. if ($original_protocol eq $resume_protocol) {
  163. $resumption_expected = "Yes";
  164. } else {
  165. $resumption_expected = "No";
  166. }
  167. for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1);
  168. $sctp++) {
  169. foreach my $ticket ("SessionTicket", "-SessionTicket") {
  170. # Client is flexible, server upgrades/downgrades.
  171. push @server_tests, {
  172. "name" => "resumption",
  173. "client" => { },
  174. "server" => {
  175. "MinProtocol" => $protocols[$original_protocol],
  176. "MaxProtocol" => $protocols[$original_protocol],
  177. "Options" => $ticket,
  178. },
  179. "resume_server" => {
  180. "MaxProtocol" => $protocols[$resume_protocol],
  181. "Options" => $ticket,
  182. },
  183. "test" => {
  184. "ExpectedProtocol" => $protocols[$resume_protocol],
  185. "Method" => $method,
  186. "HandshakeMode" => "Resume",
  187. "ResumptionExpected" => $resumption_expected,
  188. }
  189. };
  190. $server_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
  191. # Server is flexible, client upgrades/downgrades.
  192. push @client_tests, {
  193. "name" => "resumption",
  194. "client" => {
  195. "MinProtocol" => $protocols[$original_protocol],
  196. "MaxProtocol" => $protocols[$original_protocol],
  197. },
  198. "server" => {
  199. "Options" => $ticket,
  200. },
  201. "resume_client" => {
  202. "MaxProtocol" => $protocols[$resume_protocol],
  203. },
  204. "test" => {
  205. "ExpectedProtocol" => $protocols[$resume_protocol],
  206. "Method" => $method,
  207. "HandshakeMode" => "Resume",
  208. "ResumptionExpected" => $resumption_expected,
  209. }
  210. };
  211. $client_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
  212. }
  213. }
  214. }
  215. }
  216. if (!disabled("tls1_3") && !$dtls) {
  217. push @client_tests, {
  218. "name" => "resumption-with-hrr",
  219. "client" => {
  220. },
  221. "server" => {
  222. "Curves" => "P-256"
  223. },
  224. "resume_client" => {
  225. },
  226. "test" => {
  227. "ExpectedProtocol" => "TLSv1.3",
  228. "Method" => "TLS",
  229. "HandshakeMode" => "Resume",
  230. "ResumptionExpected" => "Yes",
  231. }
  232. };
  233. }
  234. push @client_tests, {
  235. "name" => "resumption-when-mfl-ext-is-missing",
  236. "server" => {
  237. },
  238. "client" => {
  239. "extra" => {
  240. "MaxFragmentLenExt" => 512,
  241. },
  242. },
  243. "resume_client" => {
  244. },
  245. "test" => {
  246. "Method" => $method,
  247. "HandshakeMode" => "Resume",
  248. "ResumptionExpected" => "No",
  249. "ExpectedResult" => "ServerFail",
  250. }
  251. };
  252. push @client_tests, {
  253. "name" => "resumption-when-mfl-ext-is-different",
  254. "server" => {
  255. },
  256. "client" => {
  257. "extra" => {
  258. "MaxFragmentLenExt" => 512,
  259. },
  260. },
  261. "resume_client" => {
  262. "extra" => {
  263. "MaxFragmentLenExt" => 1024,
  264. },
  265. },
  266. "test" => {
  267. "Method" => $method,
  268. "HandshakeMode" => "Resume",
  269. "ResumptionExpected" => "No",
  270. "ExpectedResult" => "ServerFail",
  271. }
  272. };
  273. push @client_tests, {
  274. "name" => "resumption-when-mfl-ext-is-correct",
  275. "server" => {
  276. },
  277. "client" => {
  278. "extra" => {
  279. "MaxFragmentLenExt" => 512,
  280. },
  281. },
  282. "resume_client" => {
  283. "extra" => {
  284. "MaxFragmentLenExt" => 512,
  285. },
  286. },
  287. "test" => {
  288. "Method" => $method,
  289. "HandshakeMode" => "Resume",
  290. "ResumptionExpected" => "Yes",
  291. "ExpectedResult" => "Success",
  292. }
  293. };
  294. return (@server_tests, @client_tests);
  295. }
  296. sub expected_result {
  297. my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
  298. $protocols) = @_;
  299. # Adjust for "undef" (no limit).
  300. $c_min = $c_min == 0 ? 0 : $c_min - 1;
  301. $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
  302. $s_min = $s_min == 0 ? 0 : $s_min - 1;
  303. $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max;
  304. # We now have at least one protocol enabled, so $min_enabled and
  305. # $max_enabled are well-defined.
  306. $c_min = max $c_min, $min_enabled;
  307. $s_min = max $s_min, $min_enabled;
  308. $c_max = min $c_max, $max_enabled;
  309. $s_max = min $s_max, $max_enabled;
  310. if ($c_min > $c_max) {
  311. # Client should fail to even send a hello.
  312. return ("ClientFail", undef);
  313. } elsif ($s_min > $s_max) {
  314. # Server has no protocols, should always fail.
  315. return ("ServerFail", undef);
  316. } elsif ($s_min > $c_max) {
  317. # Server doesn't support the client range.
  318. return ("ServerFail", undef);
  319. } elsif ($c_min > $s_max) {
  320. my @prots = @$protocols;
  321. if ($prots[$c_max] eq "TLSv1.3") {
  322. # Client will have sent supported_versions, so server will know
  323. # that there are no overlapping versions.
  324. return ("ServerFail", undef);
  325. } else {
  326. # Server will try with a version that is lower than the lowest
  327. # supported client version.
  328. return ("ClientFail", undef);
  329. }
  330. } else {
  331. # Server and client ranges overlap.
  332. my $max_common = $s_max < $c_max ? $s_max : $c_max;
  333. return ("Success", $protocols->[$max_common]);
  334. }
  335. }
  336. 1;