70-test_sslsigalgs.t 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493
  1. #! /usr/bin/env perl
  2. # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
  10. use OpenSSL::Test::Utils;
  11. use TLSProxy::Proxy;
  12. my $test_name = "test_sslsigalgs";
  13. setup($test_name);
  14. plan skip_all => "TLSProxy isn't usable on $^O"
  15. if $^O =~ /^(VMS)$/;
  16. plan skip_all => "$test_name needs the dynamic engine feature enabled"
  17. if disabled("engine") || disabled("dynamic-engine");
  18. plan skip_all => "$test_name needs the sock feature enabled"
  19. if disabled("sock");
  20. plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled"
  21. if disabled("tls1_2") && disabled("tls1_3");
  22. $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
  23. my $proxy = TLSProxy::Proxy->new(
  24. undef,
  25. cmdstr(app(["openssl"]), display => 1),
  26. srctop_file("apps", "server.pem"),
  27. (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
  28. );
  29. use constant {
  30. NO_SIG_ALGS_EXT => 0,
  31. EMPTY_SIG_ALGS_EXT => 1,
  32. NO_KNOWN_SIG_ALGS => 2,
  33. NO_PSS_SIG_ALGS => 3,
  34. PSS_ONLY_SIG_ALGS => 4,
  35. PURE_SIGALGS => 5,
  36. COMPAT_SIGALGS => 6,
  37. SIGALGS_CERT_ALL => 7,
  38. SIGALGS_CERT_PKCS => 8,
  39. SIGALGS_CERT_INVALID => 9,
  40. UNRECOGNIZED_SIGALGS_CERT => 10,
  41. UNRECOGNIZED_SIGALG => 11
  42. };
  43. #Note: Throughout this test we override the default ciphersuites where TLSv1.2
  44. # is expected to ensure that a ServerKeyExchange message is sent that uses
  45. # the sigalgs
  46. #Test 1: Default sig algs should succeed
  47. $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
  48. plan tests => 26;
  49. ok(TLSProxy::Message->success, "Default sigalgs");
  50. my $testtype;
  51. SKIP: {
  52. skip "TLSv1.3 disabled", 6 if disabled("tls1_3");
  53. $proxy->filter(\&sigalgs_filter);
  54. #Test 2: Sending no sig algs extension in TLSv1.3 should fail
  55. $proxy->clear();
  56. $testtype = NO_SIG_ALGS_EXT;
  57. $proxy->start();
  58. ok(TLSProxy::Message->fail, "No TLSv1.3 sigalgs");
  59. #Test 3: Sending an empty sig algs extension in TLSv1.3 should fail
  60. $proxy->clear();
  61. $testtype = EMPTY_SIG_ALGS_EXT;
  62. $proxy->start();
  63. ok(TLSProxy::Message->fail, "Empty TLSv1.3 sigalgs");
  64. #Test 4: Sending a list with no recognised sig algs in TLSv1.3 should fail
  65. $proxy->clear();
  66. $testtype = NO_KNOWN_SIG_ALGS;
  67. $proxy->start();
  68. ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
  69. #Test 5: Sending a sig algs list without pss for an RSA cert in TLSv1.3
  70. # should fail
  71. $proxy->clear();
  72. $testtype = NO_PSS_SIG_ALGS;
  73. $proxy->start();
  74. ok(TLSProxy::Message->fail, "No PSS TLSv1.3 sigalgs");
  75. #Test 6: Sending only TLSv1.3 PSS sig algs in TLSv1.3 should succeed
  76. #TODO(TLS1.3): Do we need to verify the cert to make sure its a PSS only
  77. #cert in this case?
  78. $proxy->clear();
  79. $testtype = PSS_ONLY_SIG_ALGS;
  80. $proxy->start();
  81. ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3");
  82. #Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to
  83. # rsa_pss_pss_sha256. This should fail because the public key OID
  84. # in the certificate is rsaEncryption and not rsassaPss
  85. $proxy->filter(\&modify_cert_verify_sigalg);
  86. $proxy->clear();
  87. $proxy->start();
  88. ok(TLSProxy::Message->fail,
  89. "Mismatch between CertVerify sigalg and public key OID");
  90. }
  91. SKIP: {
  92. skip "EC or TLSv1.3 disabled", 1
  93. if disabled("tls1_3") || disabled("ec");
  94. #Test 8: Sending a valid sig algs list but not including a sig type that
  95. # matches the certificate should fail in TLSv1.3.
  96. $proxy->clear();
  97. $proxy->clientflags("-sigalgs ECDSA+SHA256");
  98. $proxy->filter(undef);
  99. $proxy->start();
  100. ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs");
  101. }
  102. SKIP: {
  103. skip "EC, TLSv1.3 or TLSv1.2 disabled", 1
  104. if disabled("tls1_2") || disabled("tls1_3") || disabled("ec");
  105. #Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2
  106. # should succeed
  107. $proxy->clear();
  108. $proxy->serverflags("-no_tls1_3");
  109. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  110. $proxy->filter(undef);
  111. $proxy->start();
  112. ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server");
  113. }
  114. SKIP: {
  115. skip "EC or TLSv1.2 disabled", 10 if disabled("tls1_2") || disabled("ec");
  116. $proxy->filter(\&sigalgs_filter);
  117. #Test 10: Sending no sig algs extension in TLSv1.2 will make it use
  118. # SHA1, which is only supported at security level 0.
  119. $proxy->clear();
  120. $testtype = NO_SIG_ALGS_EXT;
  121. $proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
  122. $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=0");
  123. $proxy->start();
  124. ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 0");
  125. #Test 11: Sending no sig algs extension in TLSv1.2 should fail at security
  126. # level 1 since it will try to use SHA1. Testing client at level 0,
  127. # server level 1.
  128. $proxy->clear();
  129. $testtype = NO_SIG_ALGS_EXT;
  130. $proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=0");
  131. $proxy->ciphers("DEFAULT:\@SECLEVEL=1");
  132. $proxy->start();
  133. ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 1");
  134. #Test 12: Sending no sig algs extension in TLSv1.2 should fail at security
  135. # level 1 since it will try to use SHA1. Testing client at level 1,
  136. # server level 0.
  137. $proxy->clear();
  138. $testtype = NO_SIG_ALGS_EXT;
  139. $proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=1");
  140. $proxy->ciphers("DEFAULT:\@SECLEVEL=0");
  141. $proxy->start();
  142. ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2");
  143. #Test 13: Sending an empty sig algs extension in TLSv1.2 should fail
  144. $proxy->clear();
  145. $testtype = EMPTY_SIG_ALGS_EXT;
  146. $proxy->clientflags("-no_tls1_3");
  147. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  148. $proxy->start();
  149. ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs");
  150. #Test 14: Sending a list with no recognised sig algs in TLSv1.2 should fail
  151. $proxy->clear();
  152. $testtype = NO_KNOWN_SIG_ALGS;
  153. $proxy->clientflags("-no_tls1_3");
  154. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  155. $proxy->start();
  156. ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
  157. #Test 15: Sending a sig algs list without pss for an RSA cert in TLSv1.2
  158. # should succeed
  159. $proxy->clear();
  160. $testtype = NO_PSS_SIG_ALGS;
  161. $proxy->clientflags("-no_tls1_3");
  162. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  163. $proxy->start();
  164. ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs");
  165. #Test 16: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
  166. $proxy->clear();
  167. $testtype = PSS_ONLY_SIG_ALGS;
  168. $proxy->serverflags("-no_tls1_3");
  169. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  170. $proxy->start();
  171. ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2");
  172. #Test 17: Responding with a sig alg we did not send in TLSv1.2 should fail
  173. # We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256
  174. # TODO(TLS1.3): Add a similar test to the TLSv1.3 section above
  175. # when we have an API capable of configuring the TLSv1.3 sig algs
  176. $proxy->clear();
  177. $testtype = PSS_ONLY_SIG_ALGS;
  178. $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256");
  179. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  180. $proxy->start();
  181. ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2");
  182. #Test 18: Sending a valid sig algs list but not including a sig type that
  183. # matches the certificate should fail in TLSv1.2
  184. $proxy->clear();
  185. $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256");
  186. $proxy->ciphers("ECDHE-RSA-AES128-SHA");
  187. $proxy->filter(undef);
  188. $proxy->start();
  189. ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
  190. $proxy->filter(\&sigalgs_filter);
  191. #Test 19: No sig algs extension, ECDSA cert, will use SHA1,
  192. # TLSv1.2 should succeed at security level 0
  193. $proxy->clear();
  194. $testtype = NO_SIG_ALGS_EXT;
  195. $proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
  196. $proxy->serverflags("-cert " . srctop_file("test", "certs",
  197. "server-ecdsa-cert.pem") .
  198. " -key " . srctop_file("test", "certs",
  199. "server-ecdsa-key.pem")),
  200. $proxy->ciphers("ECDHE-ECDSA-AES128-SHA:\@SECLEVEL=0");
  201. $proxy->start();
  202. ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
  203. }
  204. my ($dsa_status, $sha1_status, $sha224_status);
  205. SKIP: {
  206. skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa");
  207. #Test 20: signature_algorithms with 1.3-only ClientHello
  208. $testtype = PURE_SIGALGS;
  209. $dsa_status = $sha1_status = $sha224_status = 0;
  210. $proxy->clear();
  211. $proxy->clientflags("-tls1_3");
  212. $proxy->filter(\&modify_sigalgs_filter);
  213. $proxy->start();
  214. ok($dsa_status && $sha1_status && $sha224_status,
  215. "DSA and SHA1 sigalgs not sent for 1.3-only ClientHello");
  216. #Test 21: signature_algorithms with backwards compatible ClientHello
  217. SKIP: {
  218. skip "TLSv1.2 disabled", 1 if disabled("tls1_2");
  219. $testtype = COMPAT_SIGALGS;
  220. $dsa_status = $sha1_status = $sha224_status = 0;
  221. $proxy->clear();
  222. $proxy->clientflags("-cipher AES128-SHA\@SECLEVEL=0");
  223. $proxy->filter(\&modify_sigalgs_filter);
  224. $proxy->start();
  225. ok($dsa_status && $sha1_status && $sha224_status,
  226. "backwards compatible sigalg sent for compat ClientHello");
  227. }
  228. }
  229. SKIP: {
  230. skip "TLSv1.3 disabled", 3 if disabled("tls1_3");
  231. #Test 22: Insert signature_algorithms_cert that match normal sigalgs
  232. $testtype = SIGALGS_CERT_ALL;
  233. $proxy->clear();
  234. $proxy->filter(\&modify_sigalgs_cert_filter);
  235. $proxy->start();
  236. ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3");
  237. #Test 23: Insert signature_algorithms_cert that forces PKCS#1 cert
  238. $testtype = SIGALGS_CERT_PKCS;
  239. $proxy->clear();
  240. $proxy->filter(\&modify_sigalgs_cert_filter);
  241. $proxy->start();
  242. ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert");
  243. #Test 24: Insert signature_algorithms_cert that fails
  244. $testtype = SIGALGS_CERT_INVALID;
  245. $proxy->clear();
  246. $proxy->filter(\&modify_sigalgs_cert_filter);
  247. $proxy->start();
  248. ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert");
  249. }
  250. SKIP: {
  251. skip "TLS 1.3 disabled", 2 if disabled("tls1_3");
  252. #Test 25: Send an unrecognized signature_algorithms_cert
  253. # We should be able to skip over the unrecognized value and use a
  254. # valid one that appears later in the list.
  255. $proxy->clear();
  256. $proxy->filter(\&inject_unrecognized_sigalg);
  257. $proxy->clientflags("-tls1_3");
  258. # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is
  259. # needed to trigger (e.g.) CVE-2020-1967
  260. $proxy->serverflags("" .
  261. " -xcert " . srctop_file("test", "certs", "servercert.pem") .
  262. " -xkey " . srctop_file("test", "certs", "serverkey.pem") .
  263. " -xchain " . srctop_file("test", "certs", "rootcert.pem"));
  264. $testtype = UNRECOGNIZED_SIGALGS_CERT;
  265. $proxy->start();
  266. ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello");
  267. #Test 26: Send an unrecognized signature_algorithms
  268. # We should be able to skip over the unrecognized value and use a
  269. # valid one that appears later in the list.
  270. $proxy->clear();
  271. $proxy->filter(\&inject_unrecognized_sigalg);
  272. $proxy->clientflags("-tls1_3");
  273. $proxy->serverflags("" .
  274. " -xcert " . srctop_file("test", "certs", "servercert.pem") .
  275. " -xkey " . srctop_file("test", "certs", "serverkey.pem") .
  276. " -xchain " . srctop_file("test", "certs", "rootcert.pem"));
  277. $testtype = UNRECOGNIZED_SIGALG;
  278. $proxy->start();
  279. ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello");
  280. }
  281. sub sigalgs_filter
  282. {
  283. my $proxy = shift;
  284. # We're only interested in the initial ClientHello
  285. if ($proxy->flight != 0) {
  286. return;
  287. }
  288. foreach my $message (@{$proxy->message_list}) {
  289. if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
  290. if ($testtype == NO_SIG_ALGS_EXT) {
  291. $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);
  292. } else {
  293. my $sigalg;
  294. if ($testtype == EMPTY_SIG_ALGS_EXT) {
  295. $sigalg = pack "C2", 0x00, 0x00;
  296. } elsif ($testtype == NO_KNOWN_SIG_ALGS) {
  297. $sigalg = pack "C4", 0x00, 0x02, 0xff, 0xff;
  298. } elsif ($testtype == NO_PSS_SIG_ALGS) {
  299. #No PSS sig algs - just send rsa_pkcs1_sha256
  300. $sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01;
  301. } else {
  302. #PSS sig algs only - just send rsa_pss_rsae_sha256
  303. $sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04;
  304. }
  305. $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg);
  306. }
  307. $message->repack();
  308. }
  309. }
  310. }
  311. sub modify_sigalgs_filter
  312. {
  313. my $proxy = shift;
  314. # We're only interested in the initial ClientHello
  315. return if ($proxy->flight != 0);
  316. foreach my $message (@{$proxy->message_list}) {
  317. my $ext;
  318. my @algs;
  319. if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
  320. if ($testtype == PURE_SIGALGS) {
  321. my $ok = 1;
  322. $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
  323. @algs = unpack('S>*', $ext);
  324. # unpack will unpack the length as well
  325. shift @algs;
  326. foreach (@algs) {
  327. if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
  328. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
  329. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512
  330. || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
  331. || $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
  332. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
  333. || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
  334. $ok = 0;
  335. }
  336. }
  337. $sha1_status = $dsa_status = $sha224_status = 1 if ($ok);
  338. } elsif ($testtype == COMPAT_SIGALGS) {
  339. $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
  340. @algs = unpack('S>*', $ext);
  341. # unpack will unpack the length as well
  342. shift @algs;
  343. foreach (@algs) {
  344. if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
  345. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
  346. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) {
  347. $dsa_status = 1;
  348. }
  349. if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
  350. || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
  351. || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
  352. $sha1_status = 1;
  353. }
  354. if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224
  355. || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
  356. || $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) {
  357. $sha224_status = 1;
  358. }
  359. }
  360. }
  361. }
  362. }
  363. }
  364. sub modify_sigalgs_cert_filter
  365. {
  366. my $proxy = shift;
  367. # We're only interested in the initial ClientHello
  368. if ($proxy->flight != 0) {
  369. return;
  370. }
  371. foreach my $message (@{$proxy->message_list}) {
  372. if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
  373. my $sigs;
  374. # two byte length at front of sigs, then two-byte sigschemes
  375. if ($testtype == SIGALGS_CERT_ALL) {
  376. $sigs = pack "C26", 0x00, 0x18,
  377. # rsa_pkcs_sha{256,512} rsa_pss_rsae_sha{256,512}
  378. 0x04, 0x01, 0x06, 0x01, 0x08, 0x04, 0x08, 0x06,
  379. # ed25518 ed448 rsa_pss_pss_sha{256,512}
  380. 0x08, 0x07, 0x08, 0x08, 0x08, 0x09, 0x08, 0x0b,
  381. # ecdsa_secp{256,512} rsa+sha1 ecdsa+sha1
  382. 0x04, 0x03, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03;
  383. } elsif ($testtype == SIGALGS_CERT_PKCS) {
  384. $sigs = pack "C10", 0x00, 0x08,
  385. # rsa_pkcs_sha{256,384,512,1}
  386. 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01;
  387. } elsif ($testtype == SIGALGS_CERT_INVALID) {
  388. $sigs = pack "C4", 0x00, 0x02,
  389. # unregistered codepoint
  390. 0xb2, 0x6f;
  391. }
  392. $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs);
  393. $message->repack();
  394. }
  395. }
  396. }
  397. sub modify_cert_verify_sigalg
  398. {
  399. my $proxy = shift;
  400. # We're only interested in the CertificateVerify
  401. if ($proxy->flight != 1) {
  402. return;
  403. }
  404. foreach my $message (@{$proxy->message_list}) {
  405. if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) {
  406. $message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256);
  407. $message->repack();
  408. }
  409. }
  410. }
  411. sub inject_unrecognized_sigalg
  412. {
  413. my $proxy = shift;
  414. my $type;
  415. # We're only interested in the initial ClientHello
  416. if ($proxy->flight != 0) {
  417. return;
  418. }
  419. if ($testtype == UNRECOGNIZED_SIGALGS_CERT) {
  420. $type = TLSProxy::Message::EXT_SIG_ALGS_CERT;
  421. } elsif ($testtype == UNRECOGNIZED_SIGALG) {
  422. $type = TLSProxy::Message::EXT_SIG_ALGS;
  423. } else {
  424. return;
  425. }
  426. my $ext = pack "C8",
  427. 0x00, 0x06, #Extension length
  428. 0xfe, 0x18, #private use
  429. 0x04, 0x01, #rsa_pkcs1_sha256
  430. 0x08, 0x04; #rsa_pss_rsae_sha256;
  431. my $message = ${$proxy->message_list}[0];
  432. $message->set_extension($type, $ext);
  433. $message->repack;
  434. }