2
0

checkhandshake.pm 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232
  1. #! /usr/bin/env perl
  2. # Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the OpenSSL license (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. package checkhandshake;
  9. use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
  10. use OpenSSL::Test::Utils;
  11. use TLSProxy::Proxy;
  12. use Exporter;
  13. our @ISA = 'Exporter';
  14. our @EXPORT = qw(@handmessages @extensions checkhandshake);
  15. use constant {
  16. DEFAULT_HANDSHAKE => 1,
  17. OCSP_HANDSHAKE => 2,
  18. RESUME_HANDSHAKE => 4,
  19. CLIENT_AUTH_HANDSHAKE => 8,
  20. RENEG_HANDSHAKE => 16,
  21. NPN_HANDSHAKE => 32,
  22. EC_HANDSHAKE => 64,
  23. HRR_HANDSHAKE => 128,
  24. HRR_RESUME_HANDSHAKE => 256,
  25. ALL_HANDSHAKES => 511
  26. };
  27. use constant {
  28. #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI
  29. DEFAULT_EXTENSIONS => 0x00000007,
  30. SESSION_TICKET_SRV_EXTENSION => 0x00000002,
  31. SERVER_NAME_CLI_EXTENSION => 0x00000004,
  32. SERVER_NAME_SRV_EXTENSION => 0x00000008,
  33. STATUS_REQUEST_CLI_EXTENSION => 0x00000010,
  34. STATUS_REQUEST_SRV_EXTENSION => 0x00000020,
  35. ALPN_CLI_EXTENSION => 0x00000040,
  36. ALPN_SRV_EXTENSION => 0x00000080,
  37. SCT_CLI_EXTENSION => 0x00000100,
  38. SCT_SRV_EXTENSION => 0x00000200,
  39. RENEGOTIATE_CLI_EXTENSION => 0x00000400,
  40. NPN_CLI_EXTENSION => 0x00000800,
  41. NPN_SRV_EXTENSION => 0x00001000,
  42. SRP_CLI_EXTENSION => 0x00002000,
  43. #Client side for ec point formats is a default extension
  44. EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,
  45. PSK_CLI_EXTENSION => 0x00008000,
  46. PSK_SRV_EXTENSION => 0x00010000,
  47. KEY_SHARE_SRV_EXTENSION => 0x00020000,
  48. PSK_KEX_MODES_EXTENSION => 0x00040000,
  49. KEY_SHARE_HRR_EXTENSION => 0x00080000,
  50. SUPPORTED_GROUPS_SRV_EXTENSION => 0x00100000,
  51. POST_HANDSHAKE_AUTH_CLI_EXTENSION => 0x00200000
  52. };
  53. our @handmessages = ();
  54. our @extensions = ();
  55. sub checkhandshake($$$$)
  56. {
  57. my ($proxy, $handtype, $exttype, $testname) = @_;
  58. subtest $testname => sub {
  59. my $loop = 0;
  60. my $numtests;
  61. my $extcount;
  62. my $clienthelloseen = 0;
  63. my $lastmt = 0;
  64. my $numsh = 0;
  65. if (TLSProxy::Proxy::is_tls13()) {
  66. #How many ServerHellos are we expecting?
  67. for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
  68. next if (($handmessages[$loop][1] & $handtype) == 0);
  69. $numsh++ if ($lastmt != TLSProxy::Message::MT_SERVER_HELLO
  70. && $handmessages[$loop][0] == TLSProxy::Message::MT_SERVER_HELLO);
  71. $lastmt = $handmessages[$loop][0];
  72. }
  73. }
  74. #First count the number of tests
  75. my $nextmess = 0;
  76. my $message = undef;
  77. my $chnum = 0;
  78. my $shnum = 0;
  79. if (!TLSProxy::Proxy::is_tls13()) {
  80. # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
  81. # and SH
  82. $chnum = 1;
  83. $shnum = 1;
  84. }
  85. #If we're only expecting one ServerHello out of two then we skip the
  86. #first ServerHello in the list completely
  87. $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
  88. $loop = 0;
  89. for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
  90. next if (($handmessages[$loop][1] & $handtype) == 0);
  91. if (scalar @{$proxy->message_list} > $nextmess) {
  92. $message = ${$proxy->message_list}[$nextmess];
  93. $nextmess++;
  94. } else {
  95. $message = undef;
  96. }
  97. $numtests++;
  98. next if (!defined $message);
  99. if (TLSProxy::Proxy::is_tls13()) {
  100. $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
  101. $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
  102. }
  103. next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
  104. && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
  105. && $message->mt() !=
  106. TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
  107. && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
  108. && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
  109. next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
  110. && !TLSProxy::Proxy::is_tls13();
  111. my $extchnum = 1;
  112. my $extshnum = 1;
  113. for (my $extloop = 0;
  114. $extensions[$extloop][3] != 0;
  115. $extloop++) {
  116. $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
  117. && TLSProxy::Proxy::is_tls13();
  118. $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
  119. && $extchnum == 2;
  120. next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
  121. && $extchnum != $chnum;
  122. next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
  123. && $extshnum != $shnum;
  124. next if ($message->mt() != $extensions[$extloop][0]);
  125. next if ($message->server() != $extensions[$extloop][2]);
  126. $numtests++;
  127. }
  128. $numtests++;
  129. }
  130. plan tests => $numtests;
  131. $nextmess = 0;
  132. $message = undef;
  133. if (TLSProxy::Proxy::is_tls13()) {
  134. $chnum = 0;
  135. $shnum = 0;
  136. } else {
  137. # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
  138. # and SH
  139. $chnum = 1;
  140. $shnum = 1;
  141. }
  142. #If we're only expecting one ServerHello out of two then we skip the
  143. #first ServerHello in the list completely
  144. $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
  145. for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) {
  146. next if (($handmessages[$loop][1] & $handtype) == 0);
  147. if (scalar @{$proxy->message_list} > $nextmess) {
  148. $message = ${$proxy->message_list}[$nextmess];
  149. $nextmess++;
  150. } else {
  151. $message = undef;
  152. }
  153. if (!defined $message) {
  154. fail("Message type check. Got nothing, expected "
  155. .$handmessages[$loop][0]);
  156. next;
  157. } else {
  158. ok($message->mt == $handmessages[$loop][0],
  159. "Message type check. Got ".$message->mt
  160. .", expected ".$handmessages[$loop][0]);
  161. }
  162. if (TLSProxy::Proxy::is_tls13()) {
  163. $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
  164. $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
  165. }
  166. next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
  167. && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
  168. && $message->mt() !=
  169. TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
  170. && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
  171. && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
  172. next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
  173. && !TLSProxy::Proxy::is_tls13();
  174. if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) {
  175. #Add renegotiate extension we will expect if renegotiating
  176. $exttype |= RENEGOTIATE_CLI_EXTENSION
  177. if ($clienthelloseen && !TLSProxy::Proxy::is_tls13());
  178. $clienthelloseen = 1;
  179. }
  180. #Now check that we saw the extensions we expected
  181. my $msgexts = $message->extension_data();
  182. my $extchnum = 1;
  183. my $extshnum = 1;
  184. for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
  185. $extloop++) {
  186. #In TLSv1.3 we can have two ClientHellos if there has been a
  187. #HelloRetryRequest, and they may have different extensions. Skip
  188. #if these are extensions for a different ClientHello
  189. $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
  190. && TLSProxy::Proxy::is_tls13();
  191. $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
  192. && $extchnum == 2;
  193. next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
  194. && $extchnum != $chnum;
  195. next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
  196. && $extshnum != $shnum;
  197. next if ($message->mt() != $extensions[$extloop][0]);
  198. next if ($message->server() != $extensions[$extloop][2]);
  199. ok (($extensions[$extloop][3] & $exttype) == 0
  200. || defined ($msgexts->{$extensions[$extloop][1]}),
  201. "Extension presence check (Message: ".$message->mt()
  202. ." Extension: ".($extensions[$extloop][3] & $exttype).", "
  203. .$extloop.")");
  204. $extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
  205. }
  206. ok($extcount == keys %$msgexts, "Extensions count mismatch ("
  207. .$extcount.", ".(keys %$msgexts)
  208. .")");
  209. }
  210. }
  211. }
  212. 1;