Add some KeyUpdate tests

    TEST_check(peer->status == PEER_RETRY);

    TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER

                || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT);

                || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT

                || test_ctx->handshake_mode

                   == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER

                || test_ctx->handshake_mode

                   == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT);

    /* Reset the count of the amount of app data we need to read/write */

    peer->bytes_to_write = peer->bytes_to_read = test_ctx->app_data_size;

    /* Check if we are the peer that is going to initiate */

    if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER

                peer->status = PEER_RETRY;

            return;

        }

    } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER

               || test_ctx->handshake_mode

                  == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT) {

        if (SSL_is_server(peer->ssl)

                != (test_ctx->handshake_mode

                    == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)) {

            peer->status = PEER_SUCCESS;

            return;

        }

        ret = SSL_key_update(peer->ssl, test_ctx->key_update_type);

        if (!ret) {

            peer->status = PEER_ERROR;

            return;

        }

        do_handshake_step(peer);

        /*

         * This is a one step handshake. We shouldn't get anything other than

         * PEER_SUCCESS

         */

        if (peer->status != PEER_SUCCESS)

            peer->status = PEER_ERROR;

        return;

    }

    /*

            peer->status = PEER_ERROR;

            return;

        }

        /* If we're no in init yet then we're not done with setup yet */

        /* If we're not in init yet then we're not done with setup yet */

        if (!SSL_in_init(peer->ssl))

            return;

    }

    switch (phase) {

    case HANDSHAKE:

        if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER

                || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT)

                || test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT

                || test_ctx->handshake_mode

                   == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT

                || test_ctx->handshake_mode

                   == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)

            return RENEG_APPLICATION_DATA;

        return APPLICATION_DATA;

    case RENEG_APPLICATION_DATA:

        return RENEG_SETUP;

    case RENEG_SETUP:

        if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER

                || test_ctx->handshake_mode

                   == SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT)

            return APPLICATION_DATA;

        return RENEG_HANDSHAKE;

    case RENEG_HANDSHAKE:

        return APPLICATION_DATA;

# We hard-code the number of tests to double-check that the globbing above

# finds all files as expected.

plan tests => 20;  # = scalar @conf_srcs

plan tests => 21;  # = scalar @conf_srcs

# Some test results depend on the configuration of enabled protocols. We only

# verify generated sources in the default configuration.

  "18-dtls-renegotiate.conf" => $no_dtls,

  "19-mac-then-encrypt.conf" => $no_pre_tls1_3,

  "20-cert-select.conf" => disabled("tls1_2") || $no_ec,

  "21-key-update.conf" => disabled("tls1_3"),

);

foreach my $conf (@conf_files) {

# Generated with generate_ssl_tests.pl

num_tests = 4

test-0 = 0-update-key-client-update-not-requested

test-1 = 1-update-key-server-update-not-requested

test-2 = 2-update-key-client-update-requested

test-3 = 3-update-key-server-update-requested

# ===========================================================

[0-update-key-client-update-not-requested]

ssl_conf = 0-update-key-client-update-not-requested-ssl

[0-update-key-client-update-not-requested-ssl]

server = 0-update-key-client-update-not-requested-server

client = 0-update-key-client-update-not-requested-client

[0-update-key-client-update-not-requested-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[0-update-key-client-update-not-requested-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-0]

ExpectedResult = Success

HandshakeMode = KeyUpdateClient

KeyUpdateType = KeyUpdateNotRequested

ResumptionExpected = No

# ===========================================================

[1-update-key-server-update-not-requested]

ssl_conf = 1-update-key-server-update-not-requested-ssl

[1-update-key-server-update-not-requested-ssl]

server = 1-update-key-server-update-not-requested-server

client = 1-update-key-server-update-not-requested-client

[1-update-key-server-update-not-requested-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[1-update-key-server-update-not-requested-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-1]

ExpectedResult = Success

HandshakeMode = KeyUpdateServer

KeyUpdateType = KeyUpdateNotRequested

ResumptionExpected = No

# ===========================================================

[2-update-key-client-update-requested]

ssl_conf = 2-update-key-client-update-requested-ssl

[2-update-key-client-update-requested-ssl]

server = 2-update-key-client-update-requested-server

client = 2-update-key-client-update-requested-client

[2-update-key-client-update-requested-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[2-update-key-client-update-requested-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-2]

ExpectedResult = Success

HandshakeMode = KeyUpdateClient

KeyUpdateType = KeyUpdateRequested

ResumptionExpected = No

# ===========================================================

[3-update-key-server-update-requested]

ssl_conf = 3-update-key-server-update-requested-ssl

[3-update-key-server-update-requested-ssl]

server = 3-update-key-server-update-requested-server

client = 3-update-key-server-update-requested-client

[3-update-key-server-update-requested-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[3-update-key-server-update-requested-client]

CipherString = DEFAULT

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

[test-3]

ExpectedResult = Success

HandshakeMode = KeyUpdateServer

KeyUpdateType = KeyUpdateRequested

ResumptionExpected = No

# -*- mode: perl; -*-

# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.

#

# Licensed under the OpenSSL license (the "License").  You may not use

# this file except in compliance with the License.  You can obtain a copy

# in the file LICENSE in the source distribution or at

# https://www.openssl.org/source/license.html

## Test KeyUpdate

use strict;

use warnings;

package ssltests;

our @tests = (

    {

        name => "update-key-client-update-not-requested",

        server => {},

        client => {},

        test => {

            "HandshakeMode" => "KeyUpdateClient",

            "KeyUpdateType" => "KeyUpdateNotRequested",

            "ResumptionExpected" => "No",

            "ExpectedResult" => "Success"

        }

    },

    {

        name => "update-key-server-update-not-requested",

        server => {},

        client => {},

        test => {

            "HandshakeMode" => "KeyUpdateServer",

            "KeyUpdateType" => "KeyUpdateNotRequested",

            "ResumptionExpected" => "No",

            "ExpectedResult" => "Success"

        }

    },

    {

        name => "update-key-client-update-requested",

        server => {},

        client => {},

        test => {

            "HandshakeMode" => "KeyUpdateClient",

            "KeyUpdateType" => "KeyUpdateRequested",

            "ResumptionExpected" => "No",

            "ExpectedResult" => "Success"

        }

    },

    {

        name => "update-key-server-update-requested",

        server => {},

        client => {},

        test => {

            "HandshakeMode" => "KeyUpdateServer",

            "KeyUpdateType" => "KeyUpdateRequested",

            "ResumptionExpected" => "No",

            "ExpectedResult" => "Success"

        }

    }

);

    {"Resume", SSL_TEST_HANDSHAKE_RESUME},

    {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER},

    {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT},

    {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER},

    {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT},

};

__owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)

IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers)

/* KeyUpdateType */

static const test_enum ssl_key_update_types[] = {

    {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED},

    {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED},

};

__owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value)

{

    int ret_value;

    if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types),

                    &ret_value, value)) {

        return 0;

    }

    test_ctx->key_update_type = ret_value;

    return 1;

}

/* CT Validation */

static const test_enum ssl_ct_validation_modes[] = {

    { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },

    { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },

    { "HandshakeMode", &parse_handshake_mode },

    { "KeyUpdateType", &parse_key_update_type },

    { "ResumptionExpected", &parse_test_resumption_expected },

    { "ApplicationData", &parse_test_app_data_size },

    { "MaxFragmentSize", &parse_test_max_fragment_size },