diff options
Diffstat (limited to 'lib/ssl/test/property_test/ssl_eqc_handshake.erl')
-rw-r--r-- | lib/ssl/test/property_test/ssl_eqc_handshake.erl | 87 |
1 files changed, 45 insertions, 42 deletions
diff --git a/lib/ssl/test/property_test/ssl_eqc_handshake.erl b/lib/ssl/test/property_test/ssl_eqc_handshake.erl index 6d9d84e6ae..8f5aaedd1c 100644 --- a/lib/ssl/test/property_test/ssl_eqc_handshake.erl +++ b/lib/ssl/test/property_test/ssl_eqc_handshake.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2018-2022. All Rights Reserved. +%% Copyright Ericsson AB 2018-2023. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -57,11 +57,8 @@ -include_lib("ssl/src/ssl_handshake.hrl"). -include_lib("ssl/src/ssl_alert.hrl"). -include_lib("ssl/src/ssl_internal.hrl"). +-include_lib("ssl/src/ssl_record.hrl"). --define('TLS_v1.3', {3,4}). --define('TLS_v1.2', {3,3}). --define('TLS_v1.1', {3,2}). --define('TLS_v1', {3,1}). %%-------------------------------------------------------------------- %% Properties -------------------------------------------------------- @@ -87,7 +84,7 @@ prop_tls_hs_encode_decode() -> %% Message Generators ----------------------------------------------- %%-------------------------------------------------------------------- -tls_msg(?'TLS_v1.3'= Version) -> +tls_msg(?TLS_1_3= Version) -> oneof([client_hello(Version), server_hello(Version), %%new_session_ticket() @@ -116,9 +113,9 @@ tls_msg(Version) -> %% %% Shared messages %% -client_hello(?'TLS_v1.3' = Version) -> +client_hello(?TLS_1_3 = Version) -> #client_hello{session_id = session_id(), - client_version = ?'TLS_v1.2', + client_version = ?TLS_1_2, cipher_suites = cipher_suites(Version), compression_methods = compressions(Version), random = client_random(Version), @@ -133,8 +130,8 @@ client_hello(Version) -> extensions = client_hello_extensions(Version) }. -server_hello(?'TLS_v1.3' = Version) -> - #server_hello{server_version = ?'TLS_v1.2', +server_hello(?TLS_1_3 = Version) -> + #server_hello{server_version = ?TLS_1_2, session_id = session_id(), random = server_random(Version), cipher_suite = cipher_suite(Version), @@ -184,7 +181,7 @@ finished() -> %% encrypted_extensions() -> - ?LET(Exts, extensions(?'TLS_v1.3', encrypted_extensions), + ?LET(Exts, extensions(?TLS_1_3, encrypted_extensions), #encrypted_extensions{extensions = Exts}). @@ -197,7 +194,7 @@ key_update() -> %%-------------------------------------------------------------------- tls_version() -> - oneof([?'TLS_v1.3', ?'TLS_v1.2', ?'TLS_v1.1', ?'TLS_v1']). + oneof([?TLS_1_3, ?TLS_1_2, ?TLS_1_1, ?TLS_1_0]). cipher_suite(Version) -> oneof(cipher_suites(Version)). @@ -290,14 +287,14 @@ pre_shared_keyextension() -> %% | | | %% | signature_algorithms_cert (RFC 8446) | CH, CR | %% +--------------------------------------------------+-------------+ -extensions(?'TLS_v1.3' = Version, MsgType = client_hello) -> +extensions(?TLS_1_3 = Version, MsgType = client_hello) -> ?LET({ ServerName, %% MaxFragmentLength, %% StatusRequest, SupportedGroups, SignatureAlgorithms, - %% UseSrtp, + UseSrtp, %% Heartbeat, ALPN, %% SignedCertTimestamp, @@ -320,7 +317,7 @@ extensions(?'TLS_v1.3' = Version, MsgType = client_hello) -> %% oneof([status_request(), undefined]), oneof([supported_groups(Version), undefined]), oneof([signature_algs(Version), undefined]), - %% oneof([use_srtp(), undefined]), + oneof([use_srtp(), undefined]), %% oneof([heartbeat(), undefined]), oneof([alpn(), undefined]), %% oneof([signed_cert_timestamp(), undefined]), @@ -348,7 +345,7 @@ extensions(?'TLS_v1.3' = Version, MsgType = client_hello) -> %% status_request => StatusRequest, elliptic_curves => SupportedGroups, signature_algs => SignatureAlgorithms, - %% use_srtp => UseSrtp, + use_srtp => UseSrtp, %% heartbeat => Heartbeat, alpn => ALPN, %% signed_cert_timestamp => SignedCertTimestamp, @@ -398,7 +395,7 @@ extensions(Version, client_hello) -> srp => SRP %% renegotiation_info => RenegotiationInfo })); -extensions(?'TLS_v1.3' = Version, MsgType = server_hello) -> +extensions(?TLS_1_3 = Version, MsgType = server_hello) -> ?LET({ KeyShare, PreSharedKey, @@ -443,7 +440,7 @@ extensions(Version, server_hello) -> next_protocol_negotiation => NextP %% renegotiation_info => RenegotiationInfo })); -extensions(?'TLS_v1.3' = Version, encrypted_extensions) -> +extensions(?TLS_1_3 = Version, encrypted_extensions) -> ?LET({ ServerName, %% MaxFragmentLength, @@ -551,25 +548,25 @@ signature() -> 76,105,212,176,25,6,148,49,194,106,253,241,212,200, 37,154,227,53,49,216,72,82,163>>. -client_hello_versions(?'TLS_v1.3') -> +client_hello_versions(?TLS_1_3) -> ?LET(SupportedVersions, - oneof([[{3,4}], + oneof([[?TLS_1_3], %% This list breaks the property but can be used for negative tests - %% [{3,3},{3,4}], - [{3,4},{3,3}], - [{3,4},{3,3},{3,2},{3,1},{3,0}] + %% [?TLS_1_2,?TLS_1_3], + [?TLS_1_3,?TLS_1_2], + [?TLS_1_3,?TLS_1_2,?TLS_1_1,?TLS_1_0,?SSL_3_0] ]), #client_hello_versions{versions = SupportedVersions}); client_hello_versions(_) -> ?LET(SupportedVersions, - oneof([[{3,3}], - [{3,3},{3,2}], - [{3,3},{3,2},{3,1},{3,0}] + oneof([[?TLS_1_2], + [?TLS_1_2,?TLS_1_1], + [?TLS_1_2,?TLS_1_1,?TLS_1_0,?SSL_3_0] ]), #client_hello_versions{versions = SupportedVersions}). server_hello_selected_version() -> - #server_hello_selected_version{selected_version = {3,4}}. + #server_hello_selected_version{selected_version = ?TLS_1_3}. request_update() -> oneof([update_not_requested, update_requested]). @@ -626,11 +623,11 @@ cert_conf()-> peer => [{key, ssl_test_lib:hardcode_rsa_key(6)}]}}). cert_auths() -> - certificate_authorities(?'TLS_v1.3'). + certificate_authorities(?TLS_1_3). certificate_request_1_3() -> #certificate_request_1_3{certificate_request_context = <<>>, - extensions = #{certificate_authorities => certificate_authorities(?'TLS_v1.3')} + extensions = #{certificate_authorities => certificate_authorities(?TLS_1_3)} }. certificate_request(Version) -> #certificate_request{certificate_types = certificate_types(Version), @@ -640,17 +637,17 @@ certificate_request(Version) -> certificate_types(_) -> iolist_to_binary([<<?BYTE(?ECDSA_SIGN)>>, <<?BYTE(?RSA_SIGN)>>, <<?BYTE(?DSS_SIGN)>>]). -signature_algs({3,4}) -> +signature_algs(?TLS_1_3) -> ?LET(Algs, signature_algorithms(), Algs); -signature_algs({3,3} = Version) -> +signature_algs(?TLS_1_2 = Version) -> #hash_sign_algos{hash_sign_algos = hash_alg_list(Version)}; -signature_algs(Version) when Version < {3,3} -> +signature_algs(Version) when ?TLS_LT(Version, ?TLS_1_2) -> undefined. -hashsign_algorithms({_, N} = Version) when N >= 3 -> +hashsign_algorithms(Version) when ?TLS_GTE(Version, ?TLS_1_2) -> #hash_sign_algos{hash_sign_algos = hash_alg_list(Version)}; hashsign_algorithms(_) -> undefined. @@ -666,9 +663,9 @@ hash_alg(Version) -> {hash_algorithm(Version, Alg), Alg} ). -hash_algorithm(?'TLS_v1.3', _) -> +hash_algorithm(?TLS_1_3, _) -> oneof([sha, sha224, sha256, sha384, sha512]); -hash_algorithm(?'TLS_v1.2', rsa) -> +hash_algorithm(?TLS_1_2, rsa) -> oneof([sha, sha224, sha256, sha384, sha512]); hash_algorithm(_, rsa) -> oneof([md5, sha, sha224, sha256, sha384, sha512]); @@ -677,13 +674,19 @@ hash_algorithm(_, ecdsa) -> hash_algorithm(_, dsa) -> sha. -sign_algorithm(?'TLS_v1.3') -> +sign_algorithm(?TLS_1_3) -> oneof([rsa, ecdsa]); sign_algorithm(_) -> oneof([rsa, dsa, ecdsa]). -certificate_authorities(?'TLS_v1.3') -> - Auths = certificate_authorities(?'TLS_v1.2'), +use_srtp() -> + FullProfiles = [<<0,1>>, <<0,2>>, <<0,5>>], + NullProfiles = [<<0,5>>], + ?LET(PP, oneof([FullProfiles, NullProfiles]), #use_srtp{protection_profiles = PP, mki = <<>>}). + +certificate_authorities(?TLS_1_3) -> + Auths = certificate_authorities(?TLS_1_2), + #certificate_authorities{authorities = Auths}; certificate_authorities(_) -> #{server_config := ServerConf} = cert_conf(), @@ -712,13 +715,13 @@ ec_point_formats() -> ec_point_format_list() -> [?ECPOINT_UNCOMPRESSED]. -elliptic_curves({_, Minor}) when Minor < 4 -> - Curves = tls_v1:ecc_curves(Minor), +elliptic_curves(Version) when ?TLS_LT(Version, ?TLS_1_3) -> + Curves = tls_v1:ecc_curves(Version), #elliptic_curves{elliptic_curve_list = Curves}. %% RFC 8446 (TLS 1.3) renamed the "elliptic_curve" extension. -supported_groups({_, Minor}) when Minor >= 4 -> - SupportedGroups = tls_v1:groups(Minor), +supported_groups(Version) when ?TLS_GTE(Version, ?TLS_1_3) -> + SupportedGroups = tls_v1:groups(), #supported_groups{supported_groups = SupportedGroups}. |