70-test_sslsigalgs.t 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408
  1. #! /usr/bin/env perl
  2. # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the OpenSSL license (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
  10. use OpenSSL::Test::Utils;
  11. use TLSProxy::Proxy;
  12. my $test_name = "test_sslsigalgs";
  13. setup($test_name);
  14. plan skip_all => "TLSProxy isn't usable on $^O"
  15. if $^O =~ /^(VMS)$/;
  16. plan skip_all => "$test_name needs the dynamic engine feature enabled"
  17. if disabled("engine") || disabled("dynamic-engine");
  18. plan skip_all => "$test_name needs the sock feature enabled"
  19. if disabled("sock");
  20. plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled"
  21. if disabled("tls1_2") && disabled("tls1_3");
  22. $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
  23. my $proxy = TLSProxy::Proxy->new(
  24. undef,
  25. cmdstr(app(["openssl"]), display => 1),
  26. srctop_file("apps", "server.pem"),
  27. (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
  28. );
  29. use constant {
  30. NO_SIG_ALGS_EXT => 0,
  31. EMPTY_SIG_ALGS_EXT => 1,
  32. NO_KNOWN_SIG_ALGS => 2,
  33. NO_PSS_SIG_ALGS => 3,
  34. PSS_ONLY_SIG_ALGS => 4,
  35. PURE_SIGALGS => 5,
  36. COMPAT_SIGALGS => 6,
  37. SIGALGS_CERT_ALL => 7,
  38. SIGALGS_CERT_PKCS => 8,
  39. SIGALGS_CERT_INVALID => 9
  40. };
  41. #Note: Throughout this test we override the default ciphersuites where TLSv1.2
  42. # is expected to ensure that a ServerKeyExchange message is sent that uses
  43. # the sigalgs
  44. #Test 1: Default sig algs should succeed
  45. $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
  46. plan tests => 22;
  47. ok(TLSProxy::Message->success, "Default sigalgs");
  48. my $testtype;
  49. SKIP: {
  50. skip "TLSv1.3 disabled", 6 if disabled("tls1_3");
  51. $proxy->filter(\&sigalgs_filter);
  52. #Test 2: Sending no sig algs extension in TLSv1.3 should fail
  53. $proxy->clear();
  54. $testtype = NO_SIG_ALGS_EXT;
  55. $proxy->start();
  56. ok(TLSProxy::Message->fail, "No TLSv1.3 sigalgs");
  57. #Test 3: Sending an empty sig algs extension in TLSv1.3 should fail
  58. $proxy->clear();
  59. $testtype = EMPTY_SIG_ALGS_EXT;
  60. $proxy->start();
  61. ok(TLSProxy::Message->fail, "Empty TLSv1.3 sigalgs");
  62. #Test 4: Sending a list with no recognised sig algs in TLSv1.3 should fail
  63. $proxy->clear();
  64. $testtype = NO_KNOWN_SIG_ALGS;
  65. $proxy->start();
  66. ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
  67. #Test 5: Sending a sig algs list without pss for an RSA cert in TLSv1.3
  68. # should fail
  69. $proxy->clear();
  70. $testtype = NO_PSS_SIG_ALGS;
  71. $proxy->start();
  72. ok(TLSProxy::Message->fail, "No PSS TLSv1.3 sigalgs");
  73. #Test 6: Sending only TLSv1.3 PSS sig algs in TLSv1.3 should succeed
  74. #TODO(TLS1.3): Do we need to verify the cert to make sure its a PSS only
  75. #cert in this case?
  76. $proxy->clear();
  77. $testtype = PSS_ONLY_SIG_ALGS;
  78. $proxy->start();
  79. ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3");
  80. #Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to
  81. # rsa_pss_pss_sha256. This should fail because the public key OID
  82. # in the certificate is rsaEncryption and not rsassaPss
  83. $proxy->filter(\&modify_cert_verify_sigalg);
  84. $proxy->clear();
  85. $proxy->start();
  86. ok(TLSProxy::Message->fail,
  87. "Mismatch between CertVerify sigalg and public key OID");
  88. }
  89. SKIP: {
  90. skip "EC or TLSv1.3 disabled", 1
  91. if disabled("tls1_3") || disabled("ec");
  92. #Test 8: Sending a valid sig algs list but not including a sig type that
  93. # matches the certificate should fail in TLSv1.3.
  94. $proxy->clear();
  95. $proxy->clientflags("-sigalgs ECDSA+SHA256");
  96. $proxy->filter(undef);
  97. $proxy->start();
  98. ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs");
  99. }
  100. SKIP: {
  101. skip "EC, TLSv1.3 or TLSv1.2 disabled", 1
  102. if disabled("tls1_2") || disabled("tls1_3") || disabled("ec");
  103. #Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2
  104. # should succeed
  105. $proxy->clear();
  106. $proxy->serverflags("-no_tls1_3");
  107. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  108. $proxy->filter(undef);
  109. $proxy->start();
  110. ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server");
  111. }
  112. SKIP: {
  113. skip "EC or TLSv1.2 disabled", 8 if disabled("tls1_2") || disabled("ec");
  114. $proxy->filter(\&sigalgs_filter);
  115. #Test 10: Sending no sig algs extension in TLSv1.2 should succeed
  116. $proxy->clear();
  117. $testtype = NO_SIG_ALGS_EXT;
  118. $proxy->clientflags("-no_tls1_3");
  119. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  120. $proxy->start();
  121. ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs");
  122. #Test 11: Sending an empty sig algs extension in TLSv1.2 should fail
  123. $proxy->clear();
  124. $testtype = EMPTY_SIG_ALGS_EXT;
  125. $proxy->clientflags("-no_tls1_3");
  126. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  127. $proxy->start();
  128. ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs");
  129. #Test 12: Sending a list with no recognised sig algs in TLSv1.2 should fail
  130. $proxy->clear();
  131. $testtype = NO_KNOWN_SIG_ALGS;
  132. $proxy->clientflags("-no_tls1_3");
  133. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  134. $proxy->start();
  135. ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
  136. #Test 13: Sending a sig algs list without pss for an RSA cert in TLSv1.2
  137. # should succeed
  138. $proxy->clear();
  139. $testtype = NO_PSS_SIG_ALGS;
  140. $proxy->clientflags("-no_tls1_3");
  141. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  142. $proxy->start();
  143. ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs");
  144. #Test 14: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
  145. $proxy->clear();
  146. $testtype = PSS_ONLY_SIG_ALGS;
  147. $proxy->serverflags("-no_tls1_3");
  148. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  149. $proxy->start();
  150. ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2");
  151. #Test 15: Responding with a sig alg we did not send in TLSv1.2 should fail
  152. # We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256
  153. # TODO(TLS1.3): Add a similar test to the TLSv1.3 section above
  154. # when we have an API capable of configuring the TLSv1.3 sig algs
  155. $proxy->clear();
  156. $testtype = PSS_ONLY_SIG_ALGS;
  157. $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256");
  158. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  159. $proxy->start();
  160. ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2");
  161. #Test 16: Sending a valid sig algs list but not including a sig type that
  162. # matches the certificate should fail in TLSv1.2
  163. $proxy->clear();
  164. $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256");
  165. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  166. $proxy->filter(undef);
  167. $proxy->start();
  168. ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
  169. $proxy->filter(\&sigalgs_filter);
  170. #Test 17: No sig algs extension, ECDSA cert, TLSv1.2 should succeed
  171. $proxy->clear();
  172. $testtype = NO_SIG_ALGS_EXT;
  173. $proxy->clientflags("-no_tls1_3");
  174. $proxy->serverflags("-cert " . srctop_file("test", "certs",
  175. "server-ecdsa-cert.pem") .
  176. " -key " . srctop_file("test", "certs",
  177. "server-ecdsa-key.pem")),
  178. $proxy->ciphers("ECDHE-ECDSA-AES128-SHA");
  179. $proxy->start();
  180. ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
  181. }
  182. my ($dsa_status, $sha1_status, $sha224_status);
  183. SKIP: {
  184. skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa");
  185. #Test 18: signature_algorithms with 1.3-only ClientHello
  186. $testtype = PURE_SIGALGS;
  187. $dsa_status = $sha1_status = $sha224_status = 0;
  188. $proxy->clear();
  189. $proxy->clientflags("-tls1_3");
  190. $proxy->filter(\&modify_sigalgs_filter);
  191. $proxy->start();
  192. ok($dsa_status && $sha1_status && $sha224_status,
  193. "DSA/SHA2 sigalg sent for 1.3-only ClientHello");
  194. #Test 19: signature_algorithms with backwards compatible ClientHello
  195. SKIP: {
  196. skip "TLSv1.2 disabled", 1 if disabled("tls1_2");
  197. $testtype = COMPAT_SIGALGS;
  198. $dsa_status = $sha1_status = $sha224_status = 0;
  199. $proxy->clear();
  200. $proxy->filter(\&modify_sigalgs_filter);
  201. $proxy->start();
  202. ok($dsa_status && $sha1_status && $sha224_status,
  203. "DSA sigalg not sent for compat ClientHello");
  204. }
  205. }
  206. SKIP: {
  207. skip "TLSv1.3 disabled", 3 if disabled("tls1_3");
  208. #Test 20: Insert signature_algorithms_cert that match normal sigalgs
  209. $testtype = SIGALGS_CERT_ALL;
  210. $proxy->clear();
  211. $proxy->filter(\&modify_sigalgs_cert_filter);
  212. $proxy->start();
  213. ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3");
  214. #Test 21: Insert signature_algorithms_cert that forces PKCS#1 cert
  215. $testtype = SIGALGS_CERT_PKCS;
  216. $proxy->clear();
  217. $proxy->filter(\&modify_sigalgs_cert_filter);
  218. $proxy->start();
  219. ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert");
  220. #Test 22: Insert signature_algorithms_cert that fails
  221. $testtype = SIGALGS_CERT_INVALID;
  222. $proxy->clear();
  223. $proxy->filter(\&modify_sigalgs_cert_filter);
  224. $proxy->start();
  225. ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert");
  226. }
  227. sub sigalgs_filter
  228. {
  229. my $proxy = shift;
  230. # We're only interested in the initial ClientHello
  231. if ($proxy->flight != 0) {
  232. return;
  233. }
  234. foreach my $message (@{$proxy->message_list}) {
  235. if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
  236. if ($testtype == NO_SIG_ALGS_EXT) {
  237. $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);
  238. } else {
  239. my $sigalg;
  240. if ($testtype == EMPTY_SIG_ALGS_EXT) {
  241. $sigalg = pack "C2", 0x00, 0x00;
  242. } elsif ($testtype == NO_KNOWN_SIG_ALGS) {
  243. $sigalg = pack "C4", 0x00, 0x02, 0xff, 0xff;
  244. } elsif ($testtype == NO_PSS_SIG_ALGS) {
  245. #No PSS sig algs - just send rsa_pkcs1_sha256
  246. $sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01;
  247. } else {
  248. #PSS sig algs only - just send rsa_pss_rsae_sha256
  249. $sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04;
  250. }
  251. $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg);
  252. }
  253. $message->repack();
  254. }
  255. }
  256. }
  257. sub modify_sigalgs_filter
  258. {
  259. my $proxy = shift;
  260. # We're only interested in the initial ClientHello
  261. return if ($proxy->flight != 0);
  262. foreach my $message (@{$proxy->message_list}) {
  263. my $ext;
  264. my @algs;
  265. if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
  266. if ($testtype == PURE_SIGALGS) {
  267. my $ok = 1;
  268. $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
  269. @algs = unpack('S>*', $ext);
  270. # unpack will unpack the length as well
  271. shift @algs;
  272. foreach (@algs) {
  273. if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
  274. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
  275. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512
  276. || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
  277. || $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
  278. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
  279. || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
  280. $ok = 0;
  281. }
  282. }
  283. $sha1_status = $dsa_status = $sha224_status = 1 if ($ok);
  284. } elsif ($testtype == COMPAT_SIGALGS) {
  285. $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
  286. @algs = unpack('S>*', $ext);
  287. # unpack will unpack the length as well
  288. shift @algs;
  289. foreach (@algs) {
  290. if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
  291. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
  292. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) {
  293. $dsa_status = 1;
  294. }
  295. if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
  296. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
  297. || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
  298. $sha1_status = 1;
  299. }
  300. if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224
  301. || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
  302. || $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) {
  303. $sha224_status = 1;
  304. }
  305. }
  306. }
  307. }
  308. }
  309. }
  310. sub modify_sigalgs_cert_filter
  311. {
  312. my $proxy = shift;
  313. # We're only interested in the initial ClientHello
  314. if ($proxy->flight != 0) {
  315. return;
  316. }
  317. foreach my $message (@{$proxy->message_list}) {
  318. if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
  319. my $sigs;
  320. # two byte length at front of sigs, then two-byte sigschemes
  321. if ($testtype == SIGALGS_CERT_ALL) {
  322. $sigs = pack "C26", 0x00, 0x18,
  323. # rsa_pkcs_sha{256,512} rsa_pss_rsae_sha{256,512}
  324. 0x04, 0x01, 0x06, 0x01, 0x08, 0x04, 0x08, 0x06,
  325. # ed25518 ed448 rsa_pss_pss_sha{256,512}
  326. 0x08, 0x07, 0x08, 0x08, 0x08, 0x09, 0x08, 0x0b,
  327. # ecdsa_secp{256,512} rsa+sha1 ecdsa+sha1
  328. 0x04, 0x03, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03;
  329. } elsif ($testtype == SIGALGS_CERT_PKCS) {
  330. $sigs = pack "C10", 0x00, 0x08,
  331. # rsa_pkcs_sha{256,384,512,1}
  332. 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01;
  333. } elsif ($testtype == SIGALGS_CERT_INVALID) {
  334. $sigs = pack "C4", 0x00, 0x02,
  335. # unregistered codepoint
  336. 0xb2, 0x6f;
  337. }
  338. $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs);
  339. $message->repack();
  340. }
  341. }
  342. }
  343. sub modify_cert_verify_sigalg
  344. {
  345. my $proxy = shift;
  346. # We're only interested in the CertificateVerify
  347. if ($proxy->flight != 1) {
  348. return;
  349. }
  350. foreach my $message (@{$proxy->message_list}) {
  351. if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) {
  352. $message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256);
  353. $message->repack();
  354. }
  355. }
  356. }