diff options
author | Matt Caswell <matt@openssl.org> | 2016-11-28 22:39:23 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-12-08 17:19:16 +0000 |
commit | 9ce3ed2a586032690bef6a1c4e58df8d1c18f344 (patch) | |
tree | db51cc00df15a7544c573497e64bf95b9a8b720f /util | |
parent | 3434f40b6f0b4eb782931d8f1fe2893c58c1a692 (diff) | |
download | openssl-9ce3ed2a586032690bef6a1c4e58df8d1c18f344.tar.gz |
Add tests for new extension code
Extend test_tls13messages to additionally check the expected extensions
under different options given to s_client/s_server.
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'util')
-rw-r--r-- | util/TLSProxy/EncryptedExtensions.pm | 115 | ||||
-rw-r--r-- | util/TLSProxy/Message.pm | 21 | ||||
-rw-r--r-- | util/TLSProxy/Proxy.pm | 4 |
3 files changed, 138 insertions, 2 deletions
diff --git a/util/TLSProxy/EncryptedExtensions.pm b/util/TLSProxy/EncryptedExtensions.pm new file mode 100644 index 0000000000..d65338eaa5 --- /dev/null +++ b/util/TLSProxy/EncryptedExtensions.pm @@ -0,0 +1,115 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::EncryptedExtensions; + +use vars '@ISA'; +push @ISA, 'TLSProxy::Message'; + +sub new +{ + my $class = shift; + my ($server, + $data, + $records, + $startoffset, + $message_frag_lens) = @_; + + my $self = $class->SUPER::new( + $server, + TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, + $data, + $records, + $startoffset, + $message_frag_lens); + + $self->{extension_data} = ""; + + return $self; +} + +sub parse +{ + my $self = shift; + + my $extensions_len = unpack('n', $self->data); + if (!defined $extensions_len) { + $extensions_len = 0; + } + + my $extension_data; + if ($extensions_len != 0) { + $extension_data = substr($self->data, 2); + + if (length($extension_data) != $extensions_len) { + die "Invalid extension length\n"; + } + } else { + if (length($self->data) != 2) { + die "Invalid extension length\n"; + } + $extension_data = ""; + } + my %extensions = (); + while (length($extension_data) >= 4) { + my ($type, $size) = unpack("nn", $extension_data); + my $extdata = substr($extension_data, 4, $size); + $extension_data = substr($extension_data, 4 + $size); + $extensions{$type} = $extdata; + } + + $self->extension_data(\%extensions); + + print " Extensions Len:".$extensions_len."\n"; +} + +#Reconstruct the on-the-wire message data following changes +sub set_message_contents +{ + my $self = shift; + my $data; + my $extensions = ""; + + foreach my $key (keys %{$self->extension_data}) { + my $extdata = ${$self->extension_data}{$key}; + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + } + } + + $data = pack('n', length($extensions)); + $data .= $extensions; + $self->data($data); +} + +#Read/write accessors +sub extension_data +{ + my $self = shift; + if (@_) { + $self->{extension_data} = shift; + } + return $self->{extension_data}; +} +sub set_extension +{ + my ($self, $ext_type, $ext_data) = @_; + $self->{extension_data}{$ext_type} = $ext_data; +} +sub delete_extension +{ + my ($self, $ext_type) = @_; + delete $self->{extension_data}{$ext_type}; +} +1; diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index 4f07ee3d3f..8e743c56d3 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -60,13 +60,23 @@ my %message_type = ( ); use constant { + EXT_SERVER_NAME => 0, EXT_STATUS_REQUEST => 5, EXT_SUPPORTED_GROUPS => 10, + EXT_EC_POINT_FORMATS => 11, + EXT_SRP => 12, + EXT_SIG_ALGS => 13, + EXT_USE_SRTP => 14, + EXT_ALPN => 16, + EXT_SCT => 18, + EXT_PADDING => 21, EXT_ENCRYPT_THEN_MAC => 22, EXT_EXTENDED_MASTER_SECRET => 23, EXT_SESSION_TICKET => 35, - EXT_SUPPORTED_VERSIONS => 43, EXT_KEY_SHARE => 40, + EXT_SUPPORTED_VERSIONS => 43, + EXT_RENEGOTIATE => 65281, + EXT_NPN => 13172, # This extension is an unofficial extension only ever written by OpenSSL # (i.e. not read), and even then only when enabled. We use it to test # handling of duplicate extensions. @@ -245,6 +255,15 @@ sub create_message [@message_frag_lens] ); $message->parse(); + } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) { + $message = TLSProxy::EncryptedExtensions->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); } elsif ($mt == MT_SERVER_KEY_EXCHANGE) { $message = TLSProxy::ServerKeyExchange->new( $server, diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index ccfc5c9b2f..95599e50eb 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -17,6 +17,7 @@ use TLSProxy::Record; use TLSProxy::Message; use TLSProxy::ClientHello; use TLSProxy::ServerHello; +use TLSProxy::EncryptedExtensions; use TLSProxy::ServerKeyExchange; use TLSProxy::NewSessionTicket; @@ -153,7 +154,8 @@ sub start my $execcmd = $self->execute ." s_server -no_comp -rev -engine ossltest -accept " .($self->server_port) - ." -cert ".$self->cert." -naccept ".$self->serverconnects; + ." -cert ".$self->cert." -cert2 ".$self->cert + ." -naccept ".$self->serverconnects; if ($self->ciphers ne "") { $execcmd .= " -cipher ".$self->ciphers; } |