Add more TLS1.3 record tests

Add some tests for the new record construction
Reviewed-by: NRich Salz <rsalz@openssl.org>

test/recipes/70-test_sslrecords.t

@@ -44,7 +44,7 @@ if (!disabled("tls1_1")) {
     $num_tests++;
 }
 if (!disabled("tls1_3")) {
-    $num_tests++;
+    $num_tests += 3;
 }
 plan tests => $num_tests;
 ok(TLSProxy::Message->fail(), "Out of context empty records test");
@@ -148,13 +148,28 @@ $proxy->filter(\&change_version);
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2");
 
-#Test 13: Sending a different record version in TLS1.3 should succeed
+#TLS1.3 specific tests
 if (!disabled("tls1_3")) {
+    #Test 13: Sending a different record version in TLS1.3 should succeed
     $proxy->clear();
     $proxy->filter(\&change_version);
     $proxy->start();
     ok(TLSProxy::Message->success(), "Changed record version in TLS1.3");
-}
+
+    #Test 14: Sending an unrecognised record type in TLS1.3 should fail
+    $proxy->clear();
+    $proxy->filter(\&add_unknown_record_type);
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3");
+
+    #Test 15: Sending an outer record type other than app data once encrypted
+    #should fail
+    $proxy->clear();
+    $proxy->filter(\&change_outer_record_type);
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3");
+ }
+
 
 sub add_empty_recs_filter
 {
@@ -388,13 +403,13 @@ sub add_unknown_record_type
     my $proxy = shift;
 
     # We'll change a record after the initial version neg has taken place
-    if ($proxy->flight != 2) {
+    if ($proxy->flight != 1) {
         return;
     }
 
     my $lastrec = ${$proxy->record_list}[-1];
     my $record = TLSProxy::Record->new(
-        2,
+        1,
         TLSProxy::Record::RT_UNKNOWN,
         $lastrec->version(),
         1,
@@ -405,7 +420,14 @@ sub add_unknown_record_type
         "X"
     );
 
-    unshift @{$proxy->record_list}, $record;
+    #Find ServerHello record and insert after that
+    my $i;
+    for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+        next;
+    }
+    $i++;
+
+    splice @{$proxy->record_list}, $i, 0, $record;
 }
 
 sub change_version
@@ -419,3 +441,21 @@ sub change_version
 
     (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1);
 }
+
+sub change_outer_record_type
+{
+    my $proxy = shift;
+
+    # We'll change a record after the initial version neg has taken place
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    #Find ServerHello record and change record after that
+    my $i;
+    for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+        next;
+    }
+    $i++;
+    ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE);
+}

util/TLSProxy/Record.pm

@@ -195,7 +195,8 @@ sub new
         data => $data,
         decrypt_data => $decrypt_data,
         orig_decrypt_data => $decrypt_data,
-        encrypted => 0
+        encrypted => 0,
+        outer_content_type => RT_APPLICATION_DATA
     };
 
     return bless $self, $class;
@@ -289,7 +290,7 @@ sub reconstruct_record
         $data = pack('n', $self->len | 0x8000);
     } else {
         if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
-            $data = pack('Cnn', RT_APPLICATION_DATA, $self->version,
+            $data = pack('Cnn', $self->outer_content_type, $self->version,
                          $self->len + 1);
             $tls13_enc = 1;
         } else {
@@ -386,4 +387,12 @@ sub encrypted
     }
     return $self->{encrypted};
 }
+sub outer_content_type
+{
+    my $self = shift;
+    if (@_) {
+      $self->{outer_content_type} = shift;
+    }
+    return $self->{outer_content_type};
+}
 1;