Add more TLS1.3 record tests

Add some tests for the new record construction Reviewed-by: Rich Salz <rsalz@openssl.org>
2024-11-21 01:15:20 +08:00 · 2016-11-21 16:22:00 +00:00 · 2016-11-21 16:22:00 +00:00 · b4c6e37e74
commit b4c6e37e74
parent e60ce9c451
2 changed files with 57 additions and 8 deletions
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@ -44,7 +44,7 @@ if (!disabled("tls1_1")) {
    $num_tests++;
 }
 if (!disabled("tls1_3")) {
-    $num_tests++;
+    $num_tests += 3;
 }
 plan tests => $num_tests;
 ok(TLSProxy::Message->fail(), "Out of context empty records test");
@ -148,13 +148,28 @@ $proxy->filter(\&change_version);
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2");

-#Test 13: Sending a different record version in TLS1.3 should succeed
+#TLS1.3 specific tests
 if (!disabled("tls1_3")) {
+    #Test 13: Sending a different record version in TLS1.3 should succeed
    $proxy->clear();
    $proxy->filter(\&change_version);
    $proxy->start();
    ok(TLSProxy::Message->success(), "Changed record version in TLS1.3");
-}
+
+    #Test 14: Sending an unrecognised record type in TLS1.3 should fail
+    $proxy->clear();
+    $proxy->filter(\&add_unknown_record_type);
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3");
+
+    #Test 15: Sending an outer record type other than app data once encrypted
+    #should fail
+    $proxy->clear();
+    $proxy->filter(\&change_outer_record_type);
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3");
+ }
+

 sub add_empty_recs_filter
 {
@ -388,13 +403,13 @@ sub add_unknown_record_type
    my $proxy = shift;

    # We'll change a record after the initial version neg has taken place
-    if ($proxy->flight != 2) {
+    if ($proxy->flight != 1) {
        return;
    }

    my $lastrec = ${$proxy->record_list}[-1];
    my $record = TLSProxy::Record->new(
-        2,
+        1,
        TLSProxy::Record::RT_UNKNOWN,
        $lastrec->version(),
        1,
@ -405,7 +420,14 @@ sub add_unknown_record_type
        "X"
    );

-    unshift @{$proxy->record_list}, $record;
+    #Find ServerHello record and insert after that
+    my $i;
+    for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+        next;
+    }
+    $i++;
+
+    splice @{$proxy->record_list}, $i, 0, $record;
 }

 sub change_version
@ -419,3 +441,21 @@ sub change_version

    (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1);
 }
+
+sub change_outer_record_type
+{
+    my $proxy = shift;
+
+    # We'll change a record after the initial version neg has taken place
+    if ($proxy->flight != 1) {
+        return;
+    }
+
+    #Find ServerHello record and change record after that
+    my $i;
+    for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+        next;
+    }
+    $i++;
+    ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE);
+}
--- a/util/TLSProxy/Record.pm
+++ b/util/TLSProxy/Record.pm
@ -195,7 +195,8 @@ sub new
        data => $data,
        decrypt_data => $decrypt_data,
        orig_decrypt_data => $decrypt_data,
-        encrypted => 0
+        encrypted => 0,
+        outer_content_type => RT_APPLICATION_DATA
    };

    return bless $self, $class;
@ -289,7 +290,7 @@ sub reconstruct_record
        $data = pack('n', $self->len | 0x8000);
    } else {
        if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
-            $data = pack('Cnn', RT_APPLICATION_DATA, $self->version,
+            $data = pack('Cnn', $self->outer_content_type, $self->version,
                         $self->len + 1);
            $tls13_enc = 1;
        } else {
@ -386,4 +387,12 @@ sub encrypted
    }
    return $self->{encrypted};
 }
+sub outer_content_type
+{
+    my $self = shift;
+    if (@_) {
+      $self->{outer_content_type} = shift;
+    }
+    return $self->{outer_content_type};
+}
 1;