1# -*- mode: perl; -*-
2# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## Test Renegotiation
11
12use strict;
13use warnings;
14
15package ssltests;
16use OpenSSL::Test::Utils;
17
18our @tests = (
19    {
20        name => "renegotiate-client-no-resume",
21        server => {
22            "Options" => "NoResumptionOnRenegotiation",
23            "MaxProtocol" => "TLSv1.2"
24        },
25        client => {},
26        test => {
27            "Method" => "TLS",
28            "HandshakeMode" => "RenegotiateClient",
29            "ResumptionExpected" => "No",
30            "ExpectedResult" => "Success"
31        }
32    },
33    {
34        name => "renegotiate-client-resume",
35        server => {
36            "MaxProtocol" => "TLSv1.2"
37        },
38        client => {},
39        test => {
40            "Method" => "TLS",
41            "HandshakeMode" => "RenegotiateClient",
42            "ResumptionExpected" => "Yes",
43            "ExpectedResult" => "Success"
44        }
45    },
46    {
47        name => "renegotiate-server-no-resume",
48        server => {
49            "Options" => "NoResumptionOnRenegotiation",
50            "MaxProtocol" => "TLSv1.2"
51        },
52        client => {},
53        test => {
54            "Method" => "TLS",
55            "HandshakeMode" => "RenegotiateServer",
56            "ResumptionExpected" => "No",
57            "ExpectedResult" => "Success"
58        }
59    },
60    {
61        name => "renegotiate-server-resume",
62        server => {
63            "MaxProtocol" => "TLSv1.2"
64        },
65        client => {},
66        test => {
67            "Method" => "TLS",
68            "HandshakeMode" => "RenegotiateServer",
69            "ResumptionExpected" => "Yes",
70            "ExpectedResult" => "Success"
71        }
72    },
73    {
74        name => "renegotiate-client-auth-require",
75        server => {
76            "Options" => "NoResumptionOnRenegotiation",
77            "MaxProtocol" => "TLSv1.2",
78            "VerifyCAFile" => test_pem("root-cert.pem"),
79            "VerifyMode" => "Require",
80        },
81        client => {
82            "Certificate" => test_pem("ee-client-chain.pem"),
83            "PrivateKey"  => test_pem("ee-key.pem"),
84        },
85        test => {
86            "Method" => "TLS",
87            "HandshakeMode" => "RenegotiateServer",
88            "ResumptionExpected" => "No",
89            "ExpectedResult" => "Success"
90        }
91    },
92    {
93        name => "renegotiate-client-auth-once",
94        server => {
95            "Options" => "NoResumptionOnRenegotiation",
96            "MaxProtocol" => "TLSv1.2",
97            "VerifyCAFile" => test_pem("root-cert.pem"),
98            "VerifyMode" => "Once",
99        },
100        client => {
101            "Certificate" => test_pem("ee-client-chain.pem"),
102            "PrivateKey"  => test_pem("ee-key.pem"),
103        },
104        test => {
105            "Method" => "TLS",
106            "HandshakeMode" => "RenegotiateServer",
107            "ResumptionExpected" => "No",
108            "ExpectedResult" => "Success"
109        }
110    }
111);
112our @tests_tls1_2 = (
113    {
114        name => "renegotiate-aead-to-non-aead",
115        server => {
116            "Options" => "NoResumptionOnRenegotiation",
117        },
118        client => {
119            "CipherString" => "AES128-GCM-SHA256",
120            "MaxProtocol" => "TLSv1.2",
121            extra => {
122                "RenegotiateCiphers" => "AES128-SHA"
123            }
124        },
125        test => {
126            "Method" => "TLS",
127            "HandshakeMode" => "RenegotiateClient",
128            "ResumptionExpected" => "No",
129            "ExpectedResult" => "Success"
130        }
131    },
132    {
133        name => "renegotiate-non-aead-to-aead",
134        server => {
135            "Options" => "NoResumptionOnRenegotiation",
136        },
137        client => {
138            "CipherString" => "AES128-SHA",
139            "MaxProtocol" => "TLSv1.2",
140            extra => {
141                "RenegotiateCiphers" => "AES128-GCM-SHA256"
142            }
143        },
144        test => {
145            "Method" => "TLS",
146            "HandshakeMode" => "RenegotiateClient",
147            "ResumptionExpected" => "No",
148            "ExpectedResult" => "Success"
149        }
150    },
151    {
152        name => "renegotiate-non-aead-to-non-aead",
153        server => {
154            "Options" => "NoResumptionOnRenegotiation",
155        },
156        client => {
157            "CipherString" => "AES128-SHA",
158            "MaxProtocol" => "TLSv1.2",
159            extra => {
160                "RenegotiateCiphers" => "AES256-SHA"
161            }
162        },
163        test => {
164            "Method" => "TLS",
165            "HandshakeMode" => "RenegotiateClient",
166            "ResumptionExpected" => "No",
167            "ExpectedResult" => "Success"
168        }
169    },
170    {
171        name => "renegotiate-aead-to-aead",
172        server => {
173            "Options" => "NoResumptionOnRenegotiation",
174        },
175        client => {
176            "CipherString" => "AES128-GCM-SHA256",
177            "MaxProtocol" => "TLSv1.2",
178            extra => {
179                "RenegotiateCiphers" => "AES256-GCM-SHA384"
180            }
181        },
182        test => {
183            "Method" => "TLS",
184            "HandshakeMode" => "RenegotiateClient",
185            "ResumptionExpected" => "No",
186            "ExpectedResult" => "Success"
187        }
188    },
189    {
190        name => "no-renegotiation-server-by-client",
191        server => {
192            "Options" => "NoRenegotiation",
193            "MaxProtocol" => "TLSv1.2"
194        },
195        client => { },
196        test => {
197            "Method" => "TLS",
198            "HandshakeMode" => "RenegotiateClient",
199            "ResumptionExpected" => "No",
200            "ExpectedResult" => "ClientFail"
201        }
202    },
203    {
204        name => "no-renegotiation-server-by-server",
205        server => {
206            "Options" => "NoRenegotiation",
207            "MaxProtocol" => "TLSv1.2"
208        },
209        client => { },
210        test => {
211            "Method" => "TLS",
212            "HandshakeMode" => "RenegotiateServer",
213            "ResumptionExpected" => "No",
214            "ExpectedResult" => "ServerFail"
215        }
216    },
217    {
218        name => "no-renegotiation-client-by-server",
219        server => {
220            "MaxProtocol" => "TLSv1.2"
221        },
222        client => {
223            "Options" => "NoRenegotiation",
224        },
225        test => {
226            "Method" => "TLS",
227            "HandshakeMode" => "RenegotiateServer",
228            "ResumptionExpected" => "No",
229            "ExpectedResult" => "ServerFail"
230        }
231    },
232    {
233        name => "no-renegotiation-client-by-client",
234        server => {
235            "MaxProtocol" => "TLSv1.2"
236        },
237        client => {
238            "Options" => "NoRenegotiation",
239        },
240        test => {
241            "Method" => "TLS",
242            "HandshakeMode" => "RenegotiateClient",
243            "ResumptionExpected" => "No",
244            "ExpectedResult" => "ClientFail"
245        }
246    },
247    {
248        name => "no-extms-on-renegotiation",
249        server => {
250            "MaxProtocol" => "TLSv1.2"
251        },
252        client => {
253            "MaxProtocol" => "TLSv1.2",
254            extra => {
255                "RenegotiateNoExtms" => "Yes"
256            }
257        },
258        test => {
259            "Method" => "TLS",
260            "HandshakeMode" => "RenegotiateClient",
261            "ResumptionExpected" => "No",
262            "ExpectedResult" => "ServerFail"
263        }
264    },
265    {
266        name => "allow-client-renegotiation",
267        server => {
268            "MaxProtocol" => "TLSv1.2",
269        },
270        client => {
271            "MaxProtocol" => "TLSv1.2"
272        },
273        test => {
274            "Method" => "TLS",
275            "HandshakeMode" => "RenegotiateClient",
276            "ResumptionExpected" => "Yes",
277            "ExpectedResult" => "Success"
278        }
279    },
280    {
281        name => "no-client-renegotiation",
282        server => {
283            "MaxProtocol" => "TLSv1.2",
284            "Options" => "-ClientRenegotiation"
285        },
286        client => {
287            "MaxProtocol" => "TLSv1.2",
288        },
289        test => {
290            "Method" => "TLS",
291            "HandshakeMode" => "RenegotiateClient",
292            "ResumptionExpected" => "No",
293            "ExpectedResult" => "ClientFail",
294            "ExpectedServerAlert" => "NoRenegotiation"
295        }
296    }
297);
298
299push @tests, @tests_tls1_2 unless disabled("tls1_2");
300