18-dtls-renegotiate.cnf.in 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test Renegotiation
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. use OpenSSL::Test::Utils;
  13. our $fips_mode;
  14. our @tests = ();
  15. foreach my $sctp ("No", "Yes")
  16. {
  17. next if disabled("sctp") && $sctp eq "Yes";
  18. next if disabled("dtls1_2") && $fips_mode;
  19. my $suffix = ($sctp eq "No") ? "" : "-sctp";
  20. our @tests_basic = (
  21. {
  22. name => "renegotiate-client-no-resume".$suffix,
  23. server => {
  24. "CipherString" => 'DEFAULT:@SECLEVEL=0',
  25. "Options" => "NoResumptionOnRenegotiation"
  26. },
  27. client => {
  28. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  29. },
  30. test => {
  31. "Method" => "DTLS",
  32. "UseSCTP" => $sctp,
  33. "HandshakeMode" => "RenegotiateClient",
  34. "ResumptionExpected" => "No",
  35. "ExpectedResult" => "Success"
  36. }
  37. },
  38. {
  39. name => "renegotiate-client-resume".$suffix,
  40. server => {
  41. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  42. },
  43. client => {
  44. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  45. },
  46. test => {
  47. "Method" => "DTLS",
  48. "UseSCTP" => $sctp,
  49. "HandshakeMode" => "RenegotiateClient",
  50. "ResumptionExpected" => "Yes",
  51. "ExpectedResult" => "Success"
  52. }
  53. },
  54. # Note: Unlike the TLS tests, we will never do resumption with server
  55. # initiated reneg. This is because an OpenSSL DTLS client will always do a full
  56. # handshake (i.e. it doesn't supply a session id) when it receives a
  57. # HelloRequest. This is different to the OpenSSL TLS implementation where an
  58. # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
  59. # the session id). This goes all the way to commit 48ae85b6f when abbreviated
  60. # handshake support was first added. Neither behaviour is wrong, but the
  61. # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
  62. # and if so, what to?
  63. {
  64. name => "renegotiate-server-resume".$suffix,
  65. server => {
  66. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  67. },
  68. client => {
  69. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  70. },
  71. test => {
  72. "Method" => "DTLS",
  73. "UseSCTP" => $sctp,
  74. "HandshakeMode" => "RenegotiateServer",
  75. "ResumptionExpected" => "No",
  76. "ExpectedResult" => "Success"
  77. }
  78. },
  79. {
  80. name => "renegotiate-client-auth-require".$suffix,
  81. server => {
  82. "VerifyCAFile" => test_pem("root-cert.pem"),
  83. "VerifyMode" => "Require",
  84. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  85. },
  86. client => {
  87. "Certificate" => test_pem("ee-client-chain.pem"),
  88. "PrivateKey" => test_pem("ee-key.pem"),
  89. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  90. },
  91. test => {
  92. "Method" => "DTLS",
  93. "UseSCTP" => $sctp,
  94. "HandshakeMode" => "RenegotiateServer",
  95. "ResumptionExpected" => "No",
  96. "ExpectedResult" => "Success"
  97. }
  98. },
  99. {
  100. name => "renegotiate-client-auth-once".$suffix,
  101. server => {
  102. "VerifyCAFile" => test_pem("root-cert.pem"),
  103. "VerifyMode" => "Once",
  104. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  105. },
  106. client => {
  107. "Certificate" => test_pem("ee-client-chain.pem"),
  108. "PrivateKey" => test_pem("ee-key.pem"),
  109. "CipherString" => 'DEFAULT:@SECLEVEL=0'
  110. },
  111. test => {
  112. "Method" => "DTLS",
  113. "UseSCTP" => $sctp,
  114. "HandshakeMode" => "RenegotiateServer",
  115. "ResumptionExpected" => "No",
  116. "ExpectedResult" => "Success"
  117. }
  118. }
  119. );
  120. push @tests, @tests_basic;
  121. next if disabled("dtls1_2");
  122. our @tests_dtls1_2 = (
  123. {
  124. name => "renegotiate-aead-to-non-aead".$suffix,
  125. server => {
  126. "Options" => "NoResumptionOnRenegotiation"
  127. },
  128. client => {
  129. "CipherString" => "AES128-GCM-SHA256",
  130. extra => {
  131. "RenegotiateCiphers" => "AES128-SHA"
  132. }
  133. },
  134. test => {
  135. "Method" => "DTLS",
  136. "UseSCTP" => $sctp,
  137. "HandshakeMode" => "RenegotiateClient",
  138. "ResumptionExpected" => "No",
  139. "ExpectedResult" => "Success"
  140. }
  141. },
  142. {
  143. name => "renegotiate-non-aead-to-aead".$suffix,
  144. server => {
  145. "Options" => "NoResumptionOnRenegotiation"
  146. },
  147. client => {
  148. "CipherString" => "AES128-SHA",
  149. extra => {
  150. "RenegotiateCiphers" => "AES128-GCM-SHA256"
  151. }
  152. },
  153. test => {
  154. "Method" => "DTLS",
  155. "UseSCTP" => $sctp,
  156. "HandshakeMode" => "RenegotiateClient",
  157. "ResumptionExpected" => "No",
  158. "ExpectedResult" => "Success"
  159. }
  160. },
  161. {
  162. name => "renegotiate-non-aead-to-non-aead".$suffix,
  163. server => {
  164. "Options" => "NoResumptionOnRenegotiation"
  165. },
  166. client => {
  167. "CipherString" => "AES128-SHA",
  168. extra => {
  169. "RenegotiateCiphers" => "AES256-SHA"
  170. }
  171. },
  172. test => {
  173. "Method" => "DTLS",
  174. "UseSCTP" => $sctp,
  175. "HandshakeMode" => "RenegotiateClient",
  176. "ResumptionExpected" => "No",
  177. "ExpectedResult" => "Success"
  178. }
  179. },
  180. {
  181. name => "renegotiate-aead-to-aead".$suffix,
  182. server => {
  183. "Options" => "NoResumptionOnRenegotiation"
  184. },
  185. client => {
  186. "CipherString" => "AES128-GCM-SHA256",
  187. extra => {
  188. "RenegotiateCiphers" => "AES256-GCM-SHA384"
  189. }
  190. },
  191. test => {
  192. "Method" => "DTLS",
  193. "UseSCTP" => $sctp,
  194. "HandshakeMode" => "RenegotiateClient",
  195. "ResumptionExpected" => "No",
  196. "ExpectedResult" => "Success"
  197. }
  198. },
  199. );
  200. push @tests, @tests_dtls1_2;
  201. }