70-test_sslsigalgs.t@ 108358

最後變更在這個檔案從108358是 108206,由 vboxsync 提交於 6 週前
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
屬性 svn:eol-style 設為 `LF` 屬性 svn:executable 設為 ``* 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 18.3 KB

行
1	#! /usr/bin/env perl
2	# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3	#
4	# Licensed under the Apache License 2.0 (the "License"). You may not use
5	# this file except in compliance with the License. You can obtain a copy
6	# in the file LICENSE in the source distribution or at
7	# https://www.openssl.org/source/license.html
8
9	use strict;
10	use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
11	use OpenSSL::Test::Utils;
12	use TLSProxy::Proxy;
13
14	my $test_name = "test_sslsigalgs";
15	setup($test_name);
16
17	plan skip_all => "TLSProxy isn't usable on $^O"
18	if $^O =~ /^(VMS)$/;
19
20	plan skip_all => "$test_name needs the dynamic engine feature enabled"
21	if disabled("engine") \|\| disabled("dynamic-engine");
22
23	plan skip_all => "$test_name needs the sock feature enabled"
24	if disabled("sock");
25
26	plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled"
27	if disabled("tls1_2") && disabled("tls1_3");
28
29	my $proxy = TLSProxy::Proxy->new(
30	undef,
31	cmdstr(app(["openssl"]), display => 1),
32	srctop_file("apps", "server.pem"),
33	(!$ENV{HARNESS_ACTIVE} \|\| $ENV{HARNESS_VERBOSE})
34	);
35
36	use constant {
37	NO_SIG_ALGS_EXT => 0,
38	EMPTY_SIG_ALGS_EXT => 1,
39	NO_KNOWN_SIG_ALGS => 2,
40	NO_PSS_SIG_ALGS => 3,
41	PSS_ONLY_SIG_ALGS => 4,
42	PURE_SIGALGS => 5,
43	COMPAT_SIGALGS => 6,
44	SIGALGS_CERT_ALL => 7,
45	SIGALGS_CERT_PKCS => 8,
46	SIGALGS_CERT_INVALID => 9,
47	UNRECOGNIZED_SIGALGS_CERT => 10,
48	UNRECOGNIZED_SIGALG => 11
49	};
50
51	#Note: Throughout this test we override the default ciphersuites where TLSv1.2
52	# is expected to ensure that a ServerKeyExchange message is sent that uses
53	# the sigalgs
54
55	#Test 1: Default sig algs should succeed
56	$proxy->clientflags("-no_tls1_3") if disabled("ec") && disabled("dh");
57	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
58	plan tests => 26;
59	ok(TLSProxy::Message->success, "Default sigalgs");
60	my $testtype;
61
62	SKIP: {
63	skip "TLSv1.3 disabled", 6
64	if disabled("tls1_3") \|\| (disabled("ec") && disabled("dh"));
65
66	$proxy->filter(\&sigalgs_filter);
67
68	#Test 2: Sending no sig algs extension in TLSv1.3 should fail
69	$proxy->clear();
70	$testtype = NO_SIG_ALGS_EXT;
71	$proxy->start();
72	ok(TLSProxy::Message->fail, "No TLSv1.3 sigalgs");
73
74	#Test 3: Sending an empty sig algs extension in TLSv1.3 should fail
75	$proxy->clear();
76	$testtype = EMPTY_SIG_ALGS_EXT;
77	$proxy->start();
78	ok(TLSProxy::Message->fail, "Empty TLSv1.3 sigalgs");
79
80	#Test 4: Sending a list with no recognised sig algs in TLSv1.3 should fail
81	$proxy->clear();
82	$testtype = NO_KNOWN_SIG_ALGS;
83	$proxy->start();
84	ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
85
86	#Test 5: Sending a sig algs list without pss for an RSA cert in TLSv1.3
87	# should fail
88	$proxy->clear();
89	$testtype = NO_PSS_SIG_ALGS;
90	$proxy->start();
91	ok(TLSProxy::Message->fail, "No PSS TLSv1.3 sigalgs");
92
93	#Test 6: Sending only TLSv1.3 PSS sig algs in TLSv1.3 should succeed
94	#TODO(TLS1.3): Do we need to verify the cert to make sure its a PSS only
95	#cert in this case?
96	$proxy->clear();
97	$testtype = PSS_ONLY_SIG_ALGS;
98	$proxy->start();
99	ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3");
100
101	#Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to
102	# rsa_pss_pss_sha256. This should fail because the public key OID
103	# in the certificate is rsaEncryption and not rsassaPss
104	$proxy->filter(\&modify_cert_verify_sigalg);
105	$proxy->clear();
106	$proxy->start();
107	ok(TLSProxy::Message->fail,
108	"Mismatch between CertVerify sigalg and public key OID");
109	}
110
111	SKIP: {
112	skip "EC or TLSv1.3 disabled", 1
113	if disabled("tls1_3") \|\| disabled("ec");
114	#Test 8: Sending a valid sig algs list but not including a sig type that
115	# matches the certificate should fail in TLSv1.3.
116	$proxy->clear();
117	$proxy->clientflags("-sigalgs ECDSA+SHA256");
118	$proxy->filter(undef);
119	$proxy->start();
120	ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs");
121	}
122
123	SKIP: {
124	skip "EC, TLSv1.3 or TLSv1.2 disabled", 1
125	if disabled("tls1_2") \|\| disabled("tls1_3") \|\| disabled("ec");
126
127	#Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2
128	# should succeed
129	$proxy->clear();
130	$proxy->serverflags("-no_tls1_3");
131	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
132	$proxy->filter(undef);
133	$proxy->start();
134	ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server");
135	}
136
137	SKIP: {
138	skip "EC or TLSv1.2 disabled", 10 if disabled("tls1_2") \|\| disabled("ec");
139
140	$proxy->filter(\&sigalgs_filter);
141
142	#Test 10: Sending no sig algs extension in TLSv1.2 will make it use
143	# SHA1, which is only supported at security level 0.
144	$proxy->clear();
145	$testtype = NO_SIG_ALGS_EXT;
146	$proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
147	$proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=0");
148	$proxy->start();
149	ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 0");
150
151	#Test 11: Sending no sig algs extension in TLSv1.2 should fail at security
152	# level 1 since it will try to use SHA1. Testing client at level 0,
153	# server level 1.
154	$proxy->clear();
155	$testtype = NO_SIG_ALGS_EXT;
156	$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=0");
157	$proxy->ciphers("DEFAULT:\@SECLEVEL=1");
158	$proxy->start();
159	ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 1");
160
161	#Test 12: Sending no sig algs extension in TLSv1.2 should fail at security
162	# level 1 since it will try to use SHA1. Testing client at level 1,
163	# server level 0.
164	$proxy->clear();
165	$testtype = NO_SIG_ALGS_EXT;
166	$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=1");
167	$proxy->ciphers("DEFAULT:\@SECLEVEL=0");
168	$proxy->start();
169	ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2");
170
171	#Test 13: Sending an empty sig algs extension in TLSv1.2 should fail
172	$proxy->clear();
173	$testtype = EMPTY_SIG_ALGS_EXT;
174	$proxy->clientflags("-no_tls1_3");
175	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
176	$proxy->start();
177	ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs");
178
179	#Test 14: Sending a list with no recognised sig algs in TLSv1.2 should fail
180	$proxy->clear();
181	$testtype = NO_KNOWN_SIG_ALGS;
182	$proxy->clientflags("-no_tls1_3");
183	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
184	$proxy->start();
185	ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
186
187	#Test 15: Sending a sig algs list without pss for an RSA cert in TLSv1.2
188	# should succeed
189	$proxy->clear();
190	$testtype = NO_PSS_SIG_ALGS;
191	$proxy->clientflags("-no_tls1_3");
192	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
193	$proxy->start();
194	ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs");
195
196	#Test 16: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
197	$proxy->clear();
198	$testtype = PSS_ONLY_SIG_ALGS;
199	$proxy->serverflags("-no_tls1_3");
200	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
201	$proxy->start();
202	ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2");
203
204	#Test 17: Responding with a sig alg we did not send in TLSv1.2 should fail
205	# We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256
206	# TODO(TLS1.3): Add a similar test to the TLSv1.3 section above
207	# when we have an API capable of configuring the TLSv1.3 sig algs
208	$proxy->clear();
209	$testtype = PSS_ONLY_SIG_ALGS;
210	$proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256");
211	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
212	$proxy->start();
213	ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2");
214
215	#Test 18: Sending a valid sig algs list but not including a sig type that
216	# matches the certificate should fail in TLSv1.2
217	$proxy->clear();
218	$proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256");
219	$proxy->ciphers("ECDHE-RSA-AES128-SHA");
220	$proxy->filter(undef);
221	$proxy->start();
222	ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
223	$proxy->filter(\&sigalgs_filter);
224
225	#Test 19: No sig algs extension, ECDSA cert, will use SHA1,
226	# TLSv1.2 should succeed at security level 0
227	$proxy->clear();
228	$testtype = NO_SIG_ALGS_EXT;
229	$proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
230	$proxy->serverflags("-cert " . srctop_file("test", "certs",
231	"server-ecdsa-cert.pem") .
232	" -key " . srctop_file("test", "certs",
233	"server-ecdsa-key.pem")),
234	$proxy->ciphers("ECDHE-ECDSA-AES128-SHA:\@SECLEVEL=0");
235	$proxy->start();
236	ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
237	}
238
239	my ($dsa_status, $sha1_status, $sha224_status);
240	SKIP: {
241	skip "TLSv1.3 disabled", 2
242	if disabled("tls1_3")
243	\|\| disabled("dsa")
244	\|\| (disabled("ec") && disabled("dh"));
245	#Test 20: signature_algorithms with 1.3-only ClientHello
246	$testtype = PURE_SIGALGS;
247	$dsa_status = $sha1_status = $sha224_status = 0;
248	$proxy->clear();
249	$proxy->clientflags("-tls1_3");
250	$proxy->filter(\&modify_sigalgs_filter);
251	$proxy->start();
252	ok($dsa_status && $sha1_status && $sha224_status,
253	"DSA and SHA1 sigalgs not sent for 1.3-only ClientHello");
254
255	#Test 21: signature_algorithms with backwards compatible ClientHello
256	SKIP: {
257	skip "TLSv1.2 disabled", 1 if disabled("tls1_2");
258	$testtype = COMPAT_SIGALGS;
259	$dsa_status = $sha1_status = $sha224_status = 0;
260	$proxy->clear();
261	$proxy->clientflags("-cipher AES128-SHA\@SECLEVEL=0");
262	$proxy->filter(\&modify_sigalgs_filter);
263	$proxy->start();
264	ok($dsa_status && $sha1_status && $sha224_status,
265	"backwards compatible sigalg sent for compat ClientHello");
266	}
267	}
268
269	SKIP: {
270	skip "TLSv1.3 disabled", 5
271	if disabled("tls1_3") \|\| (disabled("ec") && disabled("dh"));
272	#Test 22: Insert signature_algorithms_cert that match normal sigalgs
273	$testtype = SIGALGS_CERT_ALL;
274	$proxy->clear();
275	$proxy->filter(\&modify_sigalgs_cert_filter);
276	$proxy->start();
277	ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3");
278
279	#Test 23: Insert signature_algorithms_cert that forces PKCS#1 cert
280	$testtype = SIGALGS_CERT_PKCS;
281	$proxy->clear();
282	$proxy->filter(\&modify_sigalgs_cert_filter);
283	$proxy->start();
284	ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert");
285
286	#Test 24: Insert signature_algorithms_cert that fails
287	$testtype = SIGALGS_CERT_INVALID;
288	$proxy->clear();
289	$proxy->filter(\&modify_sigalgs_cert_filter);
290	$proxy->start();
291	ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert");
292
293	#Test 25: Send an unrecognized signature_algorithms_cert
294	# We should be able to skip over the unrecognized value and use a
295	# valid one that appears later in the list.
296	$proxy->clear();
297	$proxy->filter(\&inject_unrecognized_sigalg);
298	$proxy->clientflags("-tls1_3");
299	# Use -xcert to get SSL_check_chain() to run in the cert_cb. This is
300	# needed to trigger (e.g.) CVE-2020-1967
301	$proxy->serverflags("" .
302	" -xcert " . srctop_file("test", "certs", "servercert.pem") .
303	" -xkey " . srctop_file("test", "certs", "serverkey.pem") .
304	" -xchain " . srctop_file("test", "certs", "rootcert.pem"));
305	$testtype = UNRECOGNIZED_SIGALGS_CERT;
306	$proxy->start();
307	ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello");
308
309	#Test 26: Send an unrecognized signature_algorithms
310	# We should be able to skip over the unrecognized value and use a
311	# valid one that appears later in the list.
312	$proxy->clear();
313	$proxy->filter(\&inject_unrecognized_sigalg);
314	$proxy->clientflags("-tls1_3");
315	$proxy->serverflags("" .
316	" -xcert " . srctop_file("test", "certs", "servercert.pem") .
317	" -xkey " . srctop_file("test", "certs", "serverkey.pem") .
318	" -xchain " . srctop_file("test", "certs", "rootcert.pem"));
319	$testtype = UNRECOGNIZED_SIGALG;
320	$proxy->start();
321	ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello");
322	}
323
324
325
326	sub sigalgs_filter
327	{
328	my $proxy = shift;
329
330	# We're only interested in the initial ClientHello
331	if ($proxy->flight != 0) {
332	return;
333	}
334
335	foreach my $message (@{$proxy->message_list}) {
336	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
337	if ($testtype == NO_SIG_ALGS_EXT) {
338	$message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS);
339	} else {
340	my $sigalg;
341	if ($testtype == EMPTY_SIG_ALGS_EXT) {
342	$sigalg = pack "C2", 0x00, 0x00;
343	} elsif ($testtype == NO_KNOWN_SIG_ALGS) {
344	$sigalg = pack "C4", 0x00, 0x02, 0xff, 0xff;
345	} elsif ($testtype == NO_PSS_SIG_ALGS) {
346	#No PSS sig algs - just send rsa_pkcs1_sha256
347	$sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01;
348	} else {
349	#PSS sig algs only - just send rsa_pss_rsae_sha256
350	$sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04;
351	}
352	$message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg);
353	}
354
355	$message->repack();
356	}
357	}
358	}
359
360	sub modify_sigalgs_filter
361	{
362	my $proxy = shift;
363
364	# We're only interested in the initial ClientHello
365	return if ($proxy->flight != 0);
366
367	foreach my $message (@{$proxy->message_list}) {
368	my $ext;
369	my @algs;
370
371	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
372	if ($testtype == PURE_SIGALGS) {
373	my $ok = 1;
374	$ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
375	@algs = unpack('S>*', $ext);
376	# unpack will unpack the length as well
377	shift @algs;
378	foreach (@algs) {
379	if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
380	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
381	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512
382	\|\| $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
383	\|\| $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
384	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
385	\|\| $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
386	$ok = 0;
387	}
388	}
389	$sha1_status = $dsa_status = $sha224_status = 1 if ($ok);
390	} elsif ($testtype == COMPAT_SIGALGS) {
391	$ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
392	@algs = unpack('S>*', $ext);
393	# unpack will unpack the length as well
394	shift @algs;
395	foreach (@algs) {
396	if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
397	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
398	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) {
399	$dsa_status = 1;
400	}
401	if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
402	\|\| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
403	\|\| $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
404	$sha1_status = 1;
405	}
406	if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224
407	\|\| $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
408	\|\| $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) {
409	$sha224_status = 1;
410	}
411	}
412	}
413	}
414	}
415	}
416
417	sub modify_sigalgs_cert_filter
418	{
419	my $proxy = shift;
420
421	# We're only interested in the initial ClientHello
422	if ($proxy->flight != 0) {
423	return;
424	}
425
426	foreach my $message (@{$proxy->message_list}) {
427	if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
428	my $sigs;
429	# two byte length at front of sigs, then two-byte sigschemes
430	if ($testtype == SIGALGS_CERT_ALL) {
431	$sigs = pack "C26", 0x00, 0x18,
432	# rsa_pkcs_sha{256,512} rsa_pss_rsae_sha{256,512}
433	0x04, 0x01, 0x06, 0x01, 0x08, 0x04, 0x08, 0x06,
434	# ed25518 ed448 rsa_pss_pss_sha{256,512}
435	0x08, 0x07, 0x08, 0x08, 0x08, 0x09, 0x08, 0x0b,
436	# ecdsa_secp{256,512} rsa+sha1 ecdsa+sha1
437	0x04, 0x03, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03;
438	} elsif ($testtype == SIGALGS_CERT_PKCS) {
439	$sigs = pack "C10", 0x00, 0x08,
440	# rsa_pkcs_sha{256,384,512,1}
441	0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01;
442	} elsif ($testtype == SIGALGS_CERT_INVALID) {
443	$sigs = pack "C4", 0x00, 0x02,
444	# unregistered codepoint
445	0xb2, 0x6f;
446	}
447	$message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs);
448	$message->repack();
449	}
450	}
451	}
452
453	sub modify_cert_verify_sigalg
454	{
455	my $proxy = shift;
456
457	# We're only interested in the CertificateVerify
458	if ($proxy->flight != 1) {
459	return;
460	}
461
462	foreach my $message (@{$proxy->message_list}) {
463	if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) {
464	$message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256);
465	$message->repack();
466	}
467	}
468	}
469
470	sub inject_unrecognized_sigalg
471	{
472	my $proxy = shift;
473	my $type;
474
475	# We're only interested in the initial ClientHello
476	if ($proxy->flight != 0) {
477	return;
478	}
479	if ($testtype == UNRECOGNIZED_SIGALGS_CERT) {
480	$type = TLSProxy::Message::EXT_SIG_ALGS_CERT;
481	} elsif ($testtype == UNRECOGNIZED_SIGALG) {
482	$type = TLSProxy::Message::EXT_SIG_ALGS;
483	} else {
484	return;
485	}
486
487	my $ext = pack "C8",
488	0x00, 0x06, #Extension length
489	0xfe, 0x18, #private use
490	0x04, 0x01, #rsa_pkcs1_sha256
491	0x08, 0x04; #rsa_pss_rsae_sha256;
492	my $message = ${$proxy->message_list}[0];
493	$message->set_extension($type, $ext);
494	$message->repack;
495	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.3.2/test/recipes/70-test_sslsigalgs.t@ 108358

以其他格式下載: