70-test_sslsigalgs.t@ 105770

Last change on this file since 105770 was 104078, checked in by vboxsync, 8 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 18.3 KB

Line
1	#! /usr/bin/env perl
2	# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3	#
4	# Licensed under the Apache License 2.0 (the "License"). You may not use
5	# this file except in compliance with the License. You can obtain a copy
6	# in the file LICENSE in the source distribution or at
7	# https://www.openssl.org/source/license.html
8
9	use strict;
10	use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
11	use OpenSSL::Test::Utils;
12	use TLSProxy::Proxy;
13
14	my $test_name = "test_sslsigalgs";
15	setup($test_name);
16
17	plan skip_all => "TLSProxy isn't usable on $^O"
18	if $^O =~ /^(VMS)$/;
19
20	plan skip_all => "$test_name needs the dynamic engine feature enabled"
21	if disabled("engine") \|\| disabled("dynamic-engine");
22
23	plan skip_all => "$test_name needs the sock feature enabled"
24	if disabled("sock");
25
26	plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled"
27	if disabled("tls1_2") && disabled("tls1_3");
28
29	$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
30	my $proxy = TLSProxy::Proxy->new(
31	undef,
32	cmdstr(app(["openssl"]), display => 1),
33	srctop_file("apps", "server.pem"),
34	(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})
35	);
36
37	use constant {
38	NO_SIG_ALGS_EXT => 0,
39	EMPTY_SIG_ALGS_EXT => 1,
40	NO_KNOWN_SIG_ALGS => 2,
41	NO_PSS_SIG_ALGS => 3,
42	PSS_ONLY_SIG_ALGS => 4,
43	PURE_SIGALGS => 5,
44	COMPAT_SIGALGS => 6,
45	SIGALGS_CERT_ALL => 7,
46	SIGALGS_CERT_PKCS => 8,
47	SIGALGS_CERT_INVALID => 9,
48	UNRECOGNIZED_SIGALGS_CERT => 10,
49	UNRECOGNIZED_SIGALG => 11
50	};
51
52	#Note: Throughout this test we override the default ciphersuites where TLSv1.2
53	# is expected to ensure that a ServerKeyExchange message is sent that uses
54	# the sigalgs
55
56	#Test 1: Default sig algs should succeed
57	$proxy->clientflags("-no_tls1_3") if disabled("ec") && disabled("dh");
58	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
59	plan tests => 26;
60	ok(TLSProxy::Message->success, "Default sigalgs");
61	my $testtype;
62
63	SKIP: {
64	skip "TLSv1.3 disabled", 6
65	if disabled("tls1_3") \|\| (disabled("ec") && disabled("dh"));
66
67	$proxy->filter(\&sigalgs_filter);
68
69	#Test 2: Sending no sig algs extension in TLSv1.3 should fail
70	$proxy->clear();
71	$testtype = NO_SIG_ALGS_EXT;
72	$proxy->start();
73	ok(TLSProxy::Message->fail, "No TLSv1.3 sigalgs");
74
75	#Test 3: Sending an empty sig algs extension in TLSv1.3 should fail
76	$proxy->clear();
77	$testtype = EMPTY_SIG_ALGS_EXT;
78	$proxy->start();
79	ok(TLSProxy::Message->fail, "Empty TLSv1.3 sigalgs");
80
81	#Test 4: Sending a list with no recognised sig algs in TLSv1.3 should fail
82	$proxy->clear();
83	$testtype = NO_KNOWN_SIG_ALGS;
84	$proxy->start();
85	ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
86
87	#Test 5: Sending a sig algs list without pss for an RSA cert in TLSv1.3
88	# should fail
89	$proxy->clear();
90	$testtype = NO_PSS_SIG_ALGS;
91	$proxy->start();
92	ok(TLSProxy::Message->fail, "No PSS TLSv1.3 sigalgs");
93
94	#Test 6: Sending only TLSv1.3 PSS sig algs in TLSv1.3 should succeed
95	#TODO(TLS1.3): Do we need to verify the cert to make sure its a PSS only
96	#cert in this case?
97	$proxy->clear();
98	$testtype = PSS_ONLY_SIG_ALGS;
99	$proxy->start();
100	ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3");
101
102	#Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to
103	# rsa_pss_pss_sha256. This should fail because the public key OID
104	# in the certificate is rsaEncryption and not rsassaPss
105	$proxy->filter(\&modify_cert_verify_sigalg);
106	$proxy->clear();
107	$proxy->start();
108	ok(TLSProxy::Message->fail,
109	"Mismatch between CertVerify sigalg and public key OID");
110	}
111
112	SKIP: {
113	skip "EC or TLSv1.3 disabled", 1
114	if disabled("tls1_3") \|\| disabled("ec");
115	#Test 8: Sending a valid sig algs list but not including a sig type that
116	# matches the certificate should fail in TLSv1.3.
117	$proxy->clear();
118	$proxy->clientflags("-sigalgs ECDSA+SHA256");
119	$proxy->filter(undef);
120	$proxy->start();
121	ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs");
122	}
123
124	SKIP: {
125	skip "EC, TLSv1.3 or TLSv1.2 disabled", 1
126	if disabled("tls1_2") \|\| disabled("tls1_3") \|\| disabled("ec");
127
128	#Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2
129	# should succeed
130	$proxy->clear();
131	$proxy->serverflags("-no_tls1_3");
132	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
133	$proxy->filter(undef);
134	$proxy->start();
135	ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server");
136	}
137
138	SKIP: {
139	skip "EC or TLSv1.2 disabled", 10 if disabled("tls1_2") \|\| disabled("ec");
140
141	$proxy->filter(\&sigalgs_filter);
142
143	#Test 10: Sending no sig algs extension in TLSv1.2 will make it use
144	# SHA1, which is only supported at security level 0.
145	$proxy->clear();
146	$testtype = NO_SIG_ALGS_EXT;
147	$proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
148	$proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=0");
149	$proxy->start();
150	ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 0");
151
152	#Test 11: Sending no sig algs extension in TLSv1.2 should fail at security
153	# level 1 since it will try to use SHA1. Testing client at level 0,
154	# server level 1.
155	$proxy->clear();
156	$testtype = NO_SIG_ALGS_EXT;
157	$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=0");
158	$proxy->ciphers("DEFAULT:\@SECLEVEL=1");
159	$proxy->start();
160	ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 1");
161
162	#Test 12: Sending no sig algs extension in TLSv1.2 should fail at security
163	# level 1 since it will try to use SHA1. Testing client at level 1,
164	# server level 0.
165	$proxy->clear();
166	$testtype = NO_SIG_ALGS_EXT;
167	$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=1");
168	$proxy->ciphers("DEFAULT:\@SECLEVEL=0");
169	$proxy->start();
170	ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2");
171
172	#Test 13: Sending an empty sig algs extension in TLSv1.2 should fail
173	$proxy->clear();
174	$testtype = EMPTY_SIG_ALGS_EXT;
175	$proxy->clientflags("-no_tls1_3");
176	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
177	$proxy->start();
178	ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs");
179
180	#Test 14: Sending a list with no recognised sig algs in TLSv1.2 should fail
181	$proxy->clear();
182	$testtype = NO_KNOWN_SIG_ALGS;
183	$proxy->clientflags("-no_tls1_3");
184	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
185	$proxy->start();
186	ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
187
188	#Test 15: Sending a sig algs list without pss for an RSA cert in TLSv1.2
189	# should succeed
190	$proxy->clear();
191	$testtype = NO_PSS_SIG_ALGS;
192	$proxy->clientflags("-no_tls1_3");
193	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
194	$proxy->start();
195	ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs");
196
197	#Test 16: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
198	$proxy->clear();
199	$testtype = PSS_ONLY_SIG_ALGS;
200	$proxy->serverflags("-no_tls1_3");
201	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
202	$proxy->start();
203	ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2");
204
205	#Test 17: Responding with a sig alg we did not send in TLSv1.2 should fail
206	# We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256
207	# TODO(TLS1.3): Add a similar test to the TLSv1.3 section above
208	# when we have an API capable of configuring the TLSv1.3 sig algs
209	$proxy->clear();
210	$testtype = PSS_ONLY_SIG_ALGS;
211	$proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256");
212	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
213	$proxy->start();
214	ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2");
215
216	#Test 18: Sending a valid sig algs list but not including a sig type that
217	# matches the certificate should fail in TLSv1.2
218	$proxy->clear();
219	$proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256");
220	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
221	$proxy->filter(undef);
222	$proxy->start();
223	ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
224	$proxy->filter(\&sigalgs_filter);
225
226	#Test 19: No sig algs extension, ECDSA cert, will use SHA1,
227	# TLSv1.2 should succeed at security level 0
228	$proxy->clear();
229	$testtype = NO_SIG_ALGS_EXT;
230	$proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
231	$proxy->serverflags("-cert " . srctop_file("test", "certs",
232	"server-ecdsa-cert.pem") .
233	" -key " . srctop_file("test", "certs",
234	"server-ecdsa-key.pem")),
235	$proxy->ciphers("ECDHE-ECDSA-AES128-SHA:\@SECLEVEL=0");
236	$proxy->start();
237	ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
238	}
239
240	my ($dsa_status, $sha1_status, $sha224_status);
241	SKIP: {
242	skip "TLSv1.3 disabled", 2
243	if disabled("tls1_3")
244	\|\| disabled("dsa")
245	\|\| (disabled("ec") && disabled("dh"));
246	#Test 20: signature_algorithms with 1.3-only ClientHello
247	$testtype = PURE_SIGALGS;
248	$dsa_status = $sha1_status = $sha224_status = 0;
249	$proxy->clear();
250	$proxy->clientflags("-tls1_3");
251	$proxy->filter(\&modify_sigalgs_filter);
252	$proxy->start();
253	ok($dsa_status && $sha1_status && $sha224_status,
254	"DSA and SHA1 sigalgs not sent for 1.3-only ClientHello");
255
256	#Test 21: signature_algorithms with backwards compatible ClientHello
257	SKIP: {
258	skip "TLSv1.2 disabled", 1 if disabled("tls1_2");
259	$testtype = COMPAT_SIGALGS;
260	$dsa_status = $sha1_status = $sha224_status = 0;
261	$proxy->clear();
262	$proxy->clientflags("-cipher AES128-SHA\@SECLEVEL=0");
263	$proxy->filter(\&modify_sigalgs_filter);
264	$proxy->start();
265	ok($dsa_status && $sha1_status && $sha224_status,
266	"backwards compatible sigalg sent for compat ClientHello");
267	}
268	}
269
270	SKIP: {
271	skip "TLSv1.3 disabled", 5
272	if disabled("tls1_3") \|\| (disabled("ec") && disabled("dh"));
273	#Test 22: Insert signature_algorithms_cert that match normal sigalgs
274	$testtype = SIGALGS_CERT_ALL;
275	$proxy->clear();
276	$proxy->filter(\&modify_sigalgs_cert_filter);
277	$proxy->start();
278	ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3");
279
280	#Test 23: Insert signature_algorithms_cert that forces PKCS#1 cert
281	$testtype = SIGALGS_CERT_PKCS;
282	$proxy->clear();
283	$proxy->filter(\&modify_sigalgs_cert_filter);
284	$proxy->start();
285	ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert");
286
287	#Test 24: Insert signature_algorithms_cert that fails
288	$testtype = SIGALGS_CERT_INVALID;
289	$proxy->clear();
290	$proxy->filter(\&modify_sigalgs_cert_filter);
291	$proxy->start();
292	ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert");
293
294	#Test 25: Send an unrecognized signature_algorithms_cert
295	# We should be able to skip over the unrecognized value and use a
296	# valid one that appears later in the list.
297	$proxy->clear();
298	$proxy->filter(\&inject_unrecognized_sigalg);
299	$proxy->clientflags("-tls1_3");
300	# Use -xcert to get SSL_check_chain() to run in the cert_cb. This is
301	# needed to trigger (e.g.) CVE-2020-1967
302	$proxy->serverflags("" .
303	" -xcert " . srctop_file("test", "certs", "servercert.pem") .
304	" -xkey " . srctop_file("test", "certs", "serverkey.pem") .
305	" -xchain " . srctop_file("test", "certs", "rootcert.pem"));
306	$testtype = UNRECOGNIZED_SIGALGS_CERT;
307	$proxy->start();
308	ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello");
309
310	#Test 26: Send an unrecognized signature_algorithms
311	# We should be able to skip over the unrecognized value and use a
312	# valid one that appears later in the list.
313	$proxy->clear();
314	$proxy->filter(\&inject_unrecognized_sigalg);
315	$proxy->clientflags("-tls1_3");
316	$proxy->serverflags("" .
317	" -xcert " . srctop_file("test", "certs", "servercert.pem") .
318	" -xkey " . srctop_file("test", "certs", "serverkey.pem") .
319	" -xchain " . srctop_file("test", "certs", "rootcert.pem"));
320	$testtype = UNRECOGNIZED_SIGALG;
321	$proxy->start();
322	ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello");
323	}
324
325
326
327	sub sigalgs_filter
328	{
329	my $proxy = shift;
330
331	# We're only interested in the initial ClientHello
332	if ($proxy->flight != 0) {
333	return;
334	}
335
336	foreach my $message (@{$proxy->message_list}) {
337	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
338	if ($testtype == NO_SIG_ALGS_EXT) {
339	$message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);
340	} else {
341	my $sigalg;
342	if ($testtype == EMPTY_SIG_ALGS_EXT) {
343	$sigalg = pack "C2", 0x00, 0x00;
344	} elsif ($testtype == NO_KNOWN_SIG_ALGS) {
345	$sigalg = pack "C4", 0x00, 0x02, 0xff, 0xff;
346	} elsif ($testtype == NO_PSS_SIG_ALGS) {
347	#No PSS sig algs - just send rsa_pkcs1_sha256
348	$sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01;
349	} else {
350	#PSS sig algs only - just send rsa_pss_rsae_sha256
351	$sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04;
352	}
353	$message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg);
354	}
355
356	$message->repack();
357	}
358	}
359	}
360
361	sub modify_sigalgs_filter
362	{
363	my $proxy = shift;
364
365	# We're only interested in the initial ClientHello
366	return if ($proxy->flight != 0);
367
368	foreach my $message (@{$proxy->message_list}) {
369	my $ext;
370	my @algs;
371
372	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
373	if ($testtype == PURE_SIGALGS) {
374	my $ok = 1;
375	$ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
376	@algs = unpack('S>*', $ext);
377	# unpack will unpack the length as well
378	shift @algs;
379	foreach (@algs) {
380	if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
381	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
382	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512
383	\|\| $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
384	\|\| $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
385	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
386	\|\| $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
387	$ok = 0;
388	}
389	}
390	$sha1_status = $dsa_status = $sha224_status = 1 if ($ok);
391	} elsif ($testtype == COMPAT_SIGALGS) {
392	$ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
393	@algs = unpack('S>*', $ext);
394	# unpack will unpack the length as well
395	shift @algs;
396	foreach (@algs) {
397	if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
398	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
399	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) {
400	$dsa_status = 1;
401	}
402	if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
403	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
404	\|\| $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
405	$sha1_status = 1;
406	}
407	if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224
408	\|\| $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
409	\|\| $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) {
410	$sha224_status = 1;
411	}
412	}
413	}
414	}
415	}
416	}
417
418	sub modify_sigalgs_cert_filter
419	{
420	my $proxy = shift;
421
422	# We're only interested in the initial ClientHello
423	if ($proxy->flight != 0) {
424	return;
425	}
426
427	foreach my $message (@{$proxy->message_list}) {
428	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
429	my $sigs;
430	# two byte length at front of sigs, then two-byte sigschemes
431	if ($testtype == SIGALGS_CERT_ALL) {
432	$sigs = pack "C26", 0x00, 0x18,
433	# rsa_pkcs_sha{256,512} rsa_pss_rsae_sha{256,512}
434	0x04, 0x01, 0x06, 0x01, 0x08, 0x04, 0x08, 0x06,
435	# ed25518 ed448 rsa_pss_pss_sha{256,512}
436	0x08, 0x07, 0x08, 0x08, 0x08, 0x09, 0x08, 0x0b,
437	# ecdsa_secp{256,512} rsa+sha1 ecdsa+sha1
438	0x04, 0x03, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03;
439	} elsif ($testtype == SIGALGS_CERT_PKCS) {
440	$sigs = pack "C10", 0x00, 0x08,
441	# rsa_pkcs_sha{256,384,512,1}
442	0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01;
443	} elsif ($testtype == SIGALGS_CERT_INVALID) {
444	$sigs = pack "C4", 0x00, 0x02,
445	# unregistered codepoint
446	0xb2, 0x6f;
447	}
448	$message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs);
449	$message->repack();
450	}
451	}
452	}
453
454	sub modify_cert_verify_sigalg
455	{
456	my $proxy = shift;
457
458	# We're only interested in the CertificateVerify
459	if ($proxy->flight != 1) {
460	return;
461	}
462
463	foreach my $message (@{$proxy->message_list}) {
464	if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) {
465	$message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256);
466	$message->repack();
467	}
468	}
469	}
470
471	sub inject_unrecognized_sigalg
472	{
473	my $proxy = shift;
474	my $type;
475
476	# We're only interested in the initial ClientHello
477	if ($proxy->flight != 0) {
478	return;
479	}
480	if ($testtype == UNRECOGNIZED_SIGALGS_CERT) {
481	$type = TLSProxy::Message::EXT_SIG_ALGS_CERT;
482	} elsif ($testtype == UNRECOGNIZED_SIGALG) {
483	$type = TLSProxy::Message::EXT_SIG_ALGS;
484	} else {
485	return;
486	}
487
488	my $ext = pack "C8",
489	0x00, 0x06, #Extension length
490	0xfe, 0x18, #private use
491	0x04, 0x01, #rsa_pkcs1_sha256
492	0x08, 0x04; #rsa_pss_rsae_sha256;
493	my $message = ${$proxy->message_list}[0];
494	$message->set_extension($type, $ext);
495	$message->repack;
496	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.5/test/recipes/70-test_sslsigalgs.t@ 105770

Download in other formats: