From a23bb15abe873dc1ba6c7e5b49dfb8286eab1490 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 20 Jan 2017 12:11:49 +0000 Subject: [PATCH] Add testing of TLSv1.3 resumption in test_tls13messages Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2259) --- test/recipes/70-test_tls13messages.t | 22 +++++++++++++++------- test/testlib/checkhandshake.pm | 6 ++++++ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index fb69e7cd0d..609a4f4def 100755 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -83,9 +83,13 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + checkhandshake::PSK_SRV_EXTENSION], [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, checkhandshake::SERVER_NAME_SRV_EXTENSION], @@ -107,20 +111,24 @@ my $proxy = TLSProxy::Proxy->new( #Test 1: Check we get all the right messages for a default handshake (undef, my $session) = tempfile(); -#$proxy->serverconnects(2); +$proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session); +$proxy->sessionfile($session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 12; +plan tests => 13; checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "Default handshake test"); -#TODO(TLS1.3): Test temporarily disabled until we implement TLS1.3 resumption #Test 2: Resumption handshake -#$proxy->clearClient(); -#$proxy->clientflags("-sess_in ".$session); -#$proxy->clientstart(); -#checkmessages(RESUME_HANDSHAKE, "Resumption handshake test"); +$proxy->clearClient(); +$proxy->clientflags("-sess_in ".$session); +$proxy->clientstart(); +checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::PSK_CLI_EXTENSION + | checkhandshake::PSK_SRV_EXTENSION, + "Resumption handshake test"); unlink $session; #Test 3: A status_request handshake (client request only) diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm index 0c3df6fde2..e974403af3 100644 --- a/test/testlib/checkhandshake.pm +++ b/test/testlib/checkhandshake.pm @@ -46,6 +46,8 @@ use constant { SRP_CLI_EXTENSION => 0x00002000, #Client side for ec point formats is a default extension EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000, + PSK_CLI_EXTENSION => 0x00008000, + PSK_SRV_EXTENSION => 0x00010000 }; our @handmessages = (); @@ -81,6 +83,10 @@ sub checkhandshake($$$$) #one extension gets checked twice (once in each Certificate message) $numtests += 2 if ($proxy->is_tls13() && ($handtype & CLIENT_AUTH_HANDSHAKE) != 0); + #And in a resumption handshake we don't get Certificate at all and the + #Certificate extension doesn't get checked at all + $numtests -= 2 if ($proxy->is_tls13() + && ($handtype & RESUME_HANDSHAKE) != 0); plan tests => $numtests; -- GitLab