1# -*- mode: perl; -*- 2# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## Test Renegotiation 11 12use strict; 13use warnings; 14 15package ssltests; 16use OpenSSL::Test::Utils; 17 18our @tests = (); 19 20foreach my $sctp ("No", "Yes") 21{ 22 next if disabled("sctp") && $sctp eq "Yes"; 23 24 my $suffix = ($sctp eq "No") ? "" : "-sctp"; 25 our @tests_basic = ( 26 { 27 name => "renegotiate-client-no-resume".$suffix, 28 server => { 29 "Options" => "NoResumptionOnRenegotiation" 30 }, 31 client => {}, 32 test => { 33 "Method" => "DTLS", 34 "UseSCTP" => $sctp, 35 "HandshakeMode" => "RenegotiateClient", 36 "ResumptionExpected" => "No", 37 "ExpectedResult" => "Success" 38 } 39 }, 40 { 41 name => "renegotiate-client-resume".$suffix, 42 server => {}, 43 client => {}, 44 test => { 45 "Method" => "DTLS", 46 "UseSCTP" => $sctp, 47 "HandshakeMode" => "RenegotiateClient", 48 "ResumptionExpected" => "Yes", 49 "ExpectedResult" => "Success" 50 } 51 }, 52 # Note: Unlike the TLS tests, we will never do resumption with server 53 # initiated reneg. This is because an OpenSSL DTLS client will always do a full 54 # handshake (i.e. it doesn't supply a session id) when it receives a 55 # HelloRequest. This is different to the OpenSSL TLS implementation where an 56 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply 57 # the session id). This goes all the way to commit 48ae85b6f when abbreviated 58 # handshake support was first added. Neither behaviour is wrong, but the 59 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour, 60 # and if so, what to? 61 { 62 name => "renegotiate-server-resume".$suffix, 63 server => {}, 64 client => {}, 65 test => { 66 "Method" => "DTLS", 67 "UseSCTP" => $sctp, 68 "HandshakeMode" => "RenegotiateServer", 69 "ResumptionExpected" => "No", 70 "ExpectedResult" => "Success" 71 } 72 }, 73 { 74 name => "renegotiate-client-auth-require".$suffix, 75 server => { 76 "VerifyCAFile" => test_pem("root-cert.pem"), 77 "VerifyMode" => "Require", 78 }, 79 client => { 80 "Certificate" => test_pem("ee-client-chain.pem"), 81 "PrivateKey" => test_pem("ee-key.pem"), 82 }, 83 test => { 84 "Method" => "DTLS", 85 "UseSCTP" => $sctp, 86 "HandshakeMode" => "RenegotiateServer", 87 "ResumptionExpected" => "No", 88 "ExpectedResult" => "Success" 89 } 90 }, 91 { 92 name => "renegotiate-client-auth-once".$suffix, 93 server => { 94 "VerifyCAFile" => test_pem("root-cert.pem"), 95 "VerifyMode" => "Once", 96 }, 97 client => { 98 "Certificate" => test_pem("ee-client-chain.pem"), 99 "PrivateKey" => test_pem("ee-key.pem"), 100 }, 101 test => { 102 "Method" => "DTLS", 103 "UseSCTP" => $sctp, 104 "HandshakeMode" => "RenegotiateServer", 105 "ResumptionExpected" => "No", 106 "ExpectedResult" => "Success" 107 } 108 } 109 ); 110 push @tests, @tests_basic; 111 112 next if disabled("dtls1_2"); 113 our @tests_dtls1_2 = ( 114 { 115 name => "renegotiate-aead-to-non-aead".$suffix, 116 server => { 117 "Options" => "NoResumptionOnRenegotiation" 118 }, 119 client => { 120 "CipherString" => "AES128-GCM-SHA256", 121 extra => { 122 "RenegotiateCiphers" => "AES128-SHA" 123 } 124 }, 125 test => { 126 "Method" => "DTLS", 127 "UseSCTP" => $sctp, 128 "HandshakeMode" => "RenegotiateClient", 129 "ResumptionExpected" => "No", 130 "ExpectedResult" => "Success" 131 } 132 }, 133 { 134 name => "renegotiate-non-aead-to-aead".$suffix, 135 server => { 136 "Options" => "NoResumptionOnRenegotiation" 137 }, 138 client => { 139 "CipherString" => "AES128-SHA", 140 extra => { 141 "RenegotiateCiphers" => "AES128-GCM-SHA256" 142 } 143 }, 144 test => { 145 "Method" => "DTLS", 146 "UseSCTP" => $sctp, 147 "HandshakeMode" => "RenegotiateClient", 148 "ResumptionExpected" => "No", 149 "ExpectedResult" => "Success" 150 } 151 }, 152 { 153 name => "renegotiate-non-aead-to-non-aead".$suffix, 154 server => { 155 "Options" => "NoResumptionOnRenegotiation" 156 }, 157 client => { 158 "CipherString" => "AES128-SHA", 159 extra => { 160 "RenegotiateCiphers" => "AES256-SHA" 161 } 162 }, 163 test => { 164 "Method" => "DTLS", 165 "UseSCTP" => $sctp, 166 "HandshakeMode" => "RenegotiateClient", 167 "ResumptionExpected" => "No", 168 "ExpectedResult" => "Success" 169 } 170 }, 171 { 172 name => "renegotiate-aead-to-aead".$suffix, 173 server => { 174 "Options" => "NoResumptionOnRenegotiation" 175 }, 176 client => { 177 "CipherString" => "AES128-GCM-SHA256", 178 extra => { 179 "RenegotiateCiphers" => "AES256-GCM-SHA384" 180 } 181 }, 182 test => { 183 "Method" => "DTLS", 184 "UseSCTP" => $sctp, 185 "HandshakeMode" => "RenegotiateClient", 186 "ResumptionExpected" => "No", 187 "ExpectedResult" => "Success" 188 } 189 }, 190 ); 191 push @tests, @tests_dtls1_2; 192} 193