#! /usr/bin/env perl # Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html package checkhandshake; use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; use Exporter; our @ISA = 'Exporter'; our @EXPORT = qw(@handmessages @extensions checkhandshake); use constant { DEFAULT_HANDSHAKE => 1, OCSP_HANDSHAKE => 2, RESUME_HANDSHAKE => 4, CLIENT_AUTH_HANDSHAKE => 8, RENEG_HANDSHAKE => 16, NPN_HANDSHAKE => 32, EC_HANDSHAKE => 64, HRR_HANDSHAKE => 128, HRR_RESUME_HANDSHAKE => 256, ALL_HANDSHAKES => 511 }; use constant { #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI DEFAULT_EXTENSIONS => 0x00000007, SESSION_TICKET_SRV_EXTENSION => 0x00000002, SERVER_NAME_CLI_EXTENSION => 0x00000004, SERVER_NAME_SRV_EXTENSION => 0x00000008, STATUS_REQUEST_CLI_EXTENSION => 0x00000010, STATUS_REQUEST_SRV_EXTENSION => 0x00000020, ALPN_CLI_EXTENSION => 0x00000040, ALPN_SRV_EXTENSION => 0x00000080, SCT_CLI_EXTENSION => 0x00000100, SCT_SRV_EXTENSION => 0x00000200, RENEGOTIATE_CLI_EXTENSION => 0x00000400, NPN_CLI_EXTENSION => 0x00000800, NPN_SRV_EXTENSION => 0x00001000, SRP_CLI_EXTENSION => 0x00002000, #Client side for ec point formats is a default extension EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000, PSK_CLI_EXTENSION => 0x00008000, PSK_SRV_EXTENSION => 0x00010000, KEY_SHARE_SRV_EXTENSION => 0x00020000, PSK_KEX_MODES_EXTENSION => 0x00040000, KEY_SHARE_HRR_EXTENSION => 0x00080000, SUPPORTED_GROUPS_SRV_EXTENSION => 0x00100000, POST_HANDSHAKE_AUTH_CLI_EXTENSION => 0x00200000 }; our @handmessages = (); our @extensions = (); sub checkhandshake($$$$) { my ($proxy, $handtype, $exttype, $testname) = @_; subtest $testname => sub { my $loop = 0; my $numtests; my $extcount; my $clienthelloseen = 0; my $lastmt = 0; my $numsh = 0; if (TLSProxy::Proxy::is_tls13()) { #How many ServerHellos are we expecting? for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) { next if (($handmessages[$loop][1] & $handtype) == 0); $numsh++ if ($lastmt != TLSProxy::Message::MT_SERVER_HELLO && $handmessages[$loop][0] == TLSProxy::Message::MT_SERVER_HELLO); $lastmt = $handmessages[$loop][0]; } } #First count the number of tests my $nextmess = 0; my $message = undef; my $chnum = 0; my $shnum = 0; if (!TLSProxy::Proxy::is_tls13()) { # In non-TLSv1.3 we always treat reneg CH and SH like the first CH # and SH $chnum = 1; $shnum = 1; } #If we're only expecting one ServerHello out of two then we skip the #first ServerHello in the list completely $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13()); $loop = 0; for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) { next if (($handmessages[$loop][1] & $handtype) == 0); if (scalar @{$proxy->message_list} > $nextmess) { $message = ${$proxy->message_list}[$nextmess]; $nextmess++; } else { $message = undef; } $numtests++; next if (!defined $message); if (TLSProxy::Proxy::is_tls13()) { $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO; $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO; } next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS && $message->mt() != TLSProxy::Message::MT_CERTIFICATE && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); my $extchnum = 1; my $extshnum = 1; for (my $extloop = 0; $extensions[$extloop][3] != 0; $extloop++) { $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO && TLSProxy::Proxy::is_tls13(); $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO && $extchnum == 2; next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO && $extchnum != $chnum; next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); next if ($message->server() != $extensions[$extloop][2]); $numtests++; } $numtests++; } plan tests => $numtests; $nextmess = 0; $message = undef; if (TLSProxy::Proxy::is_tls13()) { $chnum = 0; $shnum = 0; } else { # In non-TLSv1.3 we always treat reneg CH and SH like the first CH # and SH $chnum = 1; $shnum = 1; } #If we're only expecting one ServerHello out of two then we skip the #first ServerHello in the list completely $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13()); for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) { next if (($handmessages[$loop][1] & $handtype) == 0); if (scalar @{$proxy->message_list} > $nextmess) { $message = ${$proxy->message_list}[$nextmess]; $nextmess++; } else { $message = undef; } if (!defined $message) { fail("Message type check. Got nothing, expected " .$handmessages[$loop][0]); next; } else { ok($message->mt == $handmessages[$loop][0], "Message type check. Got ".$message->mt .", expected ".$handmessages[$loop][0]); } if (TLSProxy::Proxy::is_tls13()) { $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO; $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO; } next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS && $message->mt() != TLSProxy::Message::MT_CERTIFICATE && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) { #Add renegotiate extension we will expect if renegotiating $exttype |= RENEGOTIATE_CLI_EXTENSION if ($clienthelloseen && !TLSProxy::Proxy::is_tls13()); $clienthelloseen = 1; } #Now check that we saw the extensions we expected my $msgexts = $message->extension_data(); my $extchnum = 1; my $extshnum = 1; for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0; $extloop++) { #In TLSv1.3 we can have two ClientHellos if there has been a #HelloRetryRequest, and they may have different extensions. Skip #if these are extensions for a different ClientHello $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO && TLSProxy::Proxy::is_tls13(); $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO && $extchnum == 2; next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO && $extchnum != $chnum; next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); next if ($message->server() != $extensions[$extloop][2]); ok (($extensions[$extloop][3] & $exttype) == 0 || defined ($msgexts->{$extensions[$extloop][1]}), "Extension presence check (Message: ".$message->mt() ." Extension: ".($extensions[$extloop][3] & $exttype).", " .$extloop.")"); $extcount++ if (($extensions[$extloop][3] & $exttype) != 0); } ok($extcount == keys %$msgexts, "Extensions count mismatch (" .$extcount.", ".(keys %$msgexts) .")"); } } } 1;