1 #! /usr/bin/env perl 2 # Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. 3 # 4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 # this file except in compliance with the License. You can obtain a copy 6 # in the file LICENSE in the source distribution or at 7 # https://www.openssl.org/source/license.html 8 9 use strict; 10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; 11 use OpenSSL::Test::Utils; 12 use TLSProxy::Proxy; 13 14 my $test_name = "test_tls13hrr"; 15 setup($test_name); 16 17 plan skip_all => "TLSProxy isn't usable on $^O" 18 if $^O =~ /^(VMS)$/; 19 20 plan skip_all => "$test_name needs the dynamic engine feature enabled" 21 if disabled("engine") || disabled("dynamic-engine"); 22 23 plan skip_all => "$test_name needs the sock feature enabled" 24 if disabled("sock"); 25 26 plan skip_all => "$test_name needs TLS1.3 enabled" 27 if disabled("tls1_3") || (disabled("ec") && disabled("dh")); 28 29 $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 30 31 my $proxy = TLSProxy::Proxy->new( 32 undef, 33 cmdstr(app(["openssl"]), display => 1), 34 srctop_file("apps", "server.pem"), 35 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 36 ); 37 38 use constant { 39 CHANGE_HRR_CIPHERSUITE => 0, 40 CHANGE_CH1_CIPHERSUITE => 1, 41 DUPLICATE_HRR => 2, 42 INVALID_GROUP => 3 43 }; 44 45 #Test 1: A client should fail if the server changes the ciphersuite between the 46 # HRR and the SH 47 $proxy->filter(\&hrr_filter); 48 if (disabled("ec")) { 49 $proxy->serverflags("-curves ffdhe3072"); 50 } else { 51 $proxy->serverflags("-curves P-256"); 52 } 53 my $testtype = CHANGE_HRR_CIPHERSUITE; 54 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 55 plan tests => 4; 56 ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); 57 58 #Test 2: It is an error if the client changes the offered ciphersuites so that 59 # we end up selecting a different ciphersuite between HRR and the SH 60 $proxy->clear(); 61 if (disabled("ec")) { 62 $proxy->serverflags("-curves ffdhe3072"); 63 } else { 64 $proxy->serverflags("-curves P-256"); 65 } 66 $proxy->ciphersuitess("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"); 67 $testtype = CHANGE_CH1_CIPHERSUITE; 68 $proxy->start(); 69 ok(TLSProxy::Message->fail(), "Client ciphersuite changes"); 70 71 #Test 3: A client should fail with unexpected_message alert if the server 72 # sends more than 1 HRR 73 my $fatal_alert = 0; 74 $proxy->clear(); 75 if (disabled("ec")) { 76 $proxy->serverflags("-curves ffdhe3072"); 77 } else { 78 $proxy->serverflags("-curves P-256"); 79 } 80 $testtype = DUPLICATE_HRR; 81 $proxy->start(); 82 ok($fatal_alert, "Server duplicated HRR"); 83 84 #Test 4: If the client sends a group that is in the supported_groups list but 85 # otherwise not valid (e.g. not suitable for TLSv1.3) we should reject it 86 # and not consider it when sending the HRR. We send brainpoolP512r1 in 87 # the ClientHello, which is acceptable to the server but is not valid in 88 # TLSv1.3. We expect the server to select X25519 in the HRR and the 89 # handshake to complete successfully 90 SKIP: { 91 skip "EC/TLSv1.2 is disabled in this build", 1 92 if disabled("ec") || disabled("tls1_2"); 93 94 $proxy->clear(); 95 $proxy->clientflags("-groups P-256:brainpoolP512r1:X25519"); 96 $proxy->serverflags("-groups brainpoolP512r1:X25519"); 97 $testtype = INVALID_GROUP; 98 $proxy->start(); 99 ok(TLSProxy::Message->success(), "Invalid group with HRR"); 100 } 101 102 sub hrr_filter 103 { 104 my $proxy = shift; 105 106 if ($testtype == CHANGE_HRR_CIPHERSUITE) { 107 # We're only interested in the HRR 108 if ($proxy->flight != 1) { 109 return; 110 } 111 112 my $hrr = ${$proxy->message_list}[1]; 113 114 # We will normally only ever select CIPHER_TLS13_AES_128_GCM_SHA256 115 # because that's what Proxy tells s_server to do. Setting as below means 116 # the ciphersuite will change will we get the ServerHello 117 $hrr->ciphersuite(TLSProxy::Message::CIPHER_TLS13_AES_256_GCM_SHA384); 118 $hrr->repack(); 119 return; 120 } 121 122 if ($testtype == DUPLICATE_HRR) { 123 # We're only interested in the HRR 124 # and the unexpected_message alert from client 125 if ($proxy->flight == 4) { 126 $fatal_alert = 1 127 if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10; 128 return; 129 } 130 if ($proxy->flight != 3) { 131 return; 132 } 133 134 # Find ServerHello record (HRR actually) and insert after that 135 my $i; 136 for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { 137 next; 138 } 139 my $hrr_record = ${$proxy->record_list}[$i]; 140 my $dup_hrr = TLSProxy::Record->new(3, 141 $hrr_record->content_type(), 142 $hrr_record->version(), 143 $hrr_record->len(), 144 $hrr_record->sslv2(), 145 $hrr_record->len_real(), 146 $hrr_record->decrypt_len(), 147 $hrr_record->data(), 148 $hrr_record->decrypt_data()); 149 150 $i++; 151 splice @{$proxy->record_list}, $i, 0, $dup_hrr; 152 return; 153 } 154 155 if ($proxy->flight != 0) { 156 return; 157 } 158 159 my $ch1 = ${$proxy->message_list}[0]; 160 161 if ($testtype == CHANGE_CH1_CIPHERSUITE) { 162 # The server will always pick TLS_AES_256_GCM_SHA384 163 my @ciphersuites = (TLSProxy::Message::CIPHER_TLS13_AES_128_GCM_SHA256); 164 $ch1->ciphersuite_len(2 * scalar @ciphersuites); 165 $ch1->ciphersuites(\@ciphersuites); 166 } elsif ($testtype == INVALID_GROUP) { 167 # INVALID_GROUP 168 my $ext = pack "C7", 169 0x00, 0x05, #List Length 170 0x00, 0x1c, #brainpoolP512r1 (not compatible with TLSv1.3) 171 0x00, 0x01, 0xff; #key_exchange data 172 $ch1->set_extension( 173 TLSProxy::Message::EXT_KEY_SHARE, $ext); 174 } 175 $ch1->repack(); 176 } 177
Indexes created Sat Feb 28 05:31:39 UTC 2026