105901b04Schristos#! /usr/bin/env perl 20a05173cSchristos# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 305901b04Schristos# 4*66bae5e7Schristos# Licensed under the Apache License 2.0 (the "License"). You may not use 505901b04Schristos# this file except in compliance with the License. You can obtain a copy 605901b04Schristos# in the file LICENSE in the source distribution or at 705901b04Schristos# https://www.openssl.org/source/license.html 805901b04Schristos 905901b04Schristosuse strict; 1005901b04Schristosuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; 1105901b04Schristosuse OpenSSL::Test::Utils; 1205901b04Schristosuse TLSProxy::Proxy; 1305901b04Schristos 1405901b04Schristosmy $test_name = "test_renegotiation"; 1505901b04Schristossetup($test_name); 1605901b04Schristos 1705901b04Schristosplan skip_all => "TLSProxy isn't usable on $^O" 1805901b04Schristos if $^O =~ /^(VMS)$/; 1905901b04Schristos 2005901b04Schristosplan skip_all => "$test_name needs the dynamic engine feature enabled" 2105901b04Schristos if disabled("engine") || disabled("dynamic-engine"); 2205901b04Schristos 2305901b04Schristosplan skip_all => "$test_name needs the sock feature enabled" 2405901b04Schristos if disabled("sock"); 2505901b04Schristos 2605901b04Schristosplan skip_all => "$test_name needs TLS <= 1.2 enabled" 2705901b04Schristos if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); 2805901b04Schristos 29*66bae5e7Schristosplan tests => 5; 30*66bae5e7Schristos 3105901b04Schristos$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 3205901b04Schristosmy $proxy = TLSProxy::Proxy->new( 3305901b04Schristos undef, 3405901b04Schristos cmdstr(app(["openssl"]), display => 1), 3505901b04Schristos srctop_file("apps", "server.pem"), 3605901b04Schristos (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 3705901b04Schristos); 3805901b04Schristos 3905901b04Schristos#Test 1: A basic renegotiation test 4005901b04Schristos$proxy->clientflags("-no_tls1_3"); 41*66bae5e7Schristos$proxy->serverflags("-client_renegotiation"); 4205901b04Schristos$proxy->reneg(1); 4305901b04Schristos$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 4405901b04Schristosok(TLSProxy::Message->success(), "Basic renegotiation"); 4505901b04Schristos 4605901b04Schristos#Test 2: Client does not send the Reneg SCSV. Reneg should fail 4705901b04Schristos$proxy->clear(); 4805901b04Schristos$proxy->filter(\&reneg_filter); 4905901b04Schristos$proxy->clientflags("-no_tls1_3"); 50*66bae5e7Schristos$proxy->serverflags("-client_renegotiation"); 5105901b04Schristos$proxy->reneg(1); 5205901b04Schristos$proxy->start(); 5305901b04Schristosok(TLSProxy::Message->fail(), "No client SCSV"); 5405901b04Schristos 5505901b04SchristosSKIP: { 5605901b04Schristos skip "TLSv1.2 or TLSv1.1 disabled", 1 5705901b04Schristos if disabled("tls1_2") || disabled("tls1_1"); 5805901b04Schristos #Test 3: Check that the ClientHello version remains the same in the reneg 5905901b04Schristos # handshake 6005901b04Schristos $proxy->clear(); 6105901b04Schristos $proxy->filter(undef); 62*66bae5e7Schristos $proxy->ciphers("DEFAULT:\@SECLEVEL=0"); 63*66bae5e7Schristos $proxy->clientflags("-no_tls1_3 -cipher AES128-SHA:\@SECLEVEL=0"); 64*66bae5e7Schristos $proxy->serverflags("-no_tls1_3 -no_tls1_2 -client_renegotiation"); 6505901b04Schristos $proxy->reneg(1); 6605901b04Schristos $proxy->start(); 6705901b04Schristos my $chversion; 6805901b04Schristos my $chmatch = 0; 6905901b04Schristos foreach my $message (@{$proxy->message_list}) { 7005901b04Schristos if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 7105901b04Schristos if (!defined $chversion) { 7205901b04Schristos $chversion = $message->client_version; 7305901b04Schristos } else { 7405901b04Schristos if ($chversion == $message->client_version) { 7505901b04Schristos $chmatch = 1; 7605901b04Schristos } 7705901b04Schristos } 7805901b04Schristos } 7905901b04Schristos } 8005901b04Schristos ok(TLSProxy::Message->success() && $chmatch, 8105901b04Schristos "Check ClientHello version is the same"); 8205901b04Schristos} 8305901b04Schristos 840a05173cSchristosSKIP: { 850a05173cSchristos skip "TLSv1.2 disabled", 1 860a05173cSchristos if disabled("tls1_2"); 870a05173cSchristos 880a05173cSchristos #Test 4: Test for CVE-2021-3449. client_sig_algs instead of sig_algs in 890a05173cSchristos # resumption ClientHello 900a05173cSchristos $proxy->clear(); 910a05173cSchristos $proxy->filter(\&sigalgs_filter); 920a05173cSchristos $proxy->clientflags("-tls1_2"); 93*66bae5e7Schristos $proxy->serverflags("-client_renegotiation"); 940a05173cSchristos $proxy->reneg(1); 950a05173cSchristos $proxy->start(); 960a05173cSchristos ok(TLSProxy::Message->fail(), "client_sig_algs instead of sig_algs"); 970a05173cSchristos} 980a05173cSchristos 99*66bae5e7SchristosSKIP: { 100*66bae5e7Schristos skip "TLSv1.2 and TLSv1.1 disabled", 1 101*66bae5e7Schristos if disabled("tls1_2") && disabled("tls1_1"); 102*66bae5e7Schristos #Test 5: Client fails to do renegotiation 103*66bae5e7Schristos $proxy->clear(); 104*66bae5e7Schristos $proxy->filter(undef); 105*66bae5e7Schristos $proxy->serverflags("-no_tls1_3"); 106*66bae5e7Schristos $proxy->clientflags("-no_tls1_3"); 107*66bae5e7Schristos $proxy->reneg(1); 108*66bae5e7Schristos $proxy->start(); 109*66bae5e7Schristos ok(TLSProxy::Message->fail(), 110*66bae5e7Schristos "Check client renegotiation failed"); 111*66bae5e7Schristos} 112*66bae5e7Schristos 11305901b04Schristossub reneg_filter 11405901b04Schristos{ 11505901b04Schristos my $proxy = shift; 11605901b04Schristos 11705901b04Schristos # We're only interested in the initial ClientHello message 11805901b04Schristos if ($proxy->flight != 0) { 11905901b04Schristos return; 12005901b04Schristos } 12105901b04Schristos 12205901b04Schristos foreach my $message (@{$proxy->message_list}) { 12305901b04Schristos if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 12405901b04Schristos #Remove any SCSV ciphersuites - just leave AES128-SHA (0x002f) 12505901b04Schristos my @ciphersuite = (0x002f); 12605901b04Schristos $message->ciphersuites(\@ciphersuite); 12705901b04Schristos $message->ciphersuite_len(2); 12805901b04Schristos $message->repack(); 12905901b04Schristos } 13005901b04Schristos } 13105901b04Schristos} 1320a05173cSchristos 1330a05173cSchristossub sigalgs_filter 1340a05173cSchristos{ 1350a05173cSchristos my $proxy = shift; 1360a05173cSchristos my $cnt = 0; 1370a05173cSchristos 1380a05173cSchristos # We're only interested in the second ClientHello message 1390a05173cSchristos foreach my $message (@{$proxy->message_list}) { 1400a05173cSchristos if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 1410a05173cSchristos next if ($cnt++ == 0); 1420a05173cSchristos 1430a05173cSchristos my $sigs = pack "C10", 0x00, 0x08, 1440a05173cSchristos # rsa_pkcs_sha{256,384,512,1} 1450a05173cSchristos 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01; 1460a05173cSchristos $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs); 1470a05173cSchristos $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); 1480a05173cSchristos $message->repack(); 1490a05173cSchristos } 1500a05173cSchristos } 1510a05173cSchristos} 152