]>
Commit | Line | Data |
---|---|---|
6f68a52e | 1 | #! /usr/bin/env perl |
33388b44 | 2 | # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. |
6f68a52e | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
6f68a52e MC |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; | |
11 | use OpenSSL::Test::Utils; | |
12 | use TLSProxy::Proxy; | |
13 | ||
14 | my $test_name = "test_sslsigalgs"; | |
15 | setup($test_name); | |
16 | ||
17 | plan skip_all => "TLSProxy isn't usable on $^O" | |
c5856878 | 18 | if $^O =~ /^(VMS)$/; |
6f68a52e MC |
19 | |
20 | plan skip_all => "$test_name needs the dynamic engine feature enabled" | |
21 | if disabled("engine") || disabled("dynamic-engine"); | |
22 | ||
23 | plan skip_all => "$test_name needs the sock feature enabled" | |
24 | if disabled("sock"); | |
25 | ||
26 | plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled" | |
27 | if disabled("tls1_2") && disabled("tls1_3"); | |
28 | ||
29 | $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; | |
30 | my $proxy = TLSProxy::Proxy->new( | |
31 | undef, | |
32 | cmdstr(app(["openssl"]), display => 1), | |
33 | srctop_file("apps", "server.pem"), | |
34 | (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) | |
35 | ); | |
36 | ||
37 | use constant { | |
38 | NO_SIG_ALGS_EXT => 0, | |
39 | EMPTY_SIG_ALGS_EXT => 1, | |
40 | NO_KNOWN_SIG_ALGS => 2, | |
41 | NO_PSS_SIG_ALGS => 3, | |
05594f4a BK |
42 | PSS_ONLY_SIG_ALGS => 4, |
43 | PURE_SIGALGS => 5, | |
3e524bf2 BK |
44 | COMPAT_SIGALGS => 6, |
45 | SIGALGS_CERT_ALL => 7, | |
46 | SIGALGS_CERT_PKCS => 8, | |
3656c08a BK |
47 | SIGALGS_CERT_INVALID => 9, |
48 | UNRECOGNIZED_SIGALGS_CERT => 10, | |
49 | UNRECOGNIZED_SIGALG => 11 | |
6f68a52e MC |
50 | }; |
51 | ||
cd61b55f MC |
52 | #Note: Throughout this test we override the default ciphersuites where TLSv1.2 |
53 | # is expected to ensure that a ServerKeyExchange message is sent that uses | |
54 | # the sigalgs | |
55 | ||
6f68a52e | 56 | #Test 1: Default sig algs should succeed |
a763ca11 | 57 | $proxy->clientflags("-no_tls1_3") if disabled("ec") && disabled("dh"); |
6f68a52e | 58 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
3656c08a | 59 | plan tests => 26; |
6f68a52e MC |
60 | ok(TLSProxy::Message->success, "Default sigalgs"); |
61 | my $testtype; | |
62 | ||
63 | SKIP: { | |
a763ca11 MC |
64 | skip "TLSv1.3 disabled", 6 |
65 | if disabled("tls1_3") || (disabled("ec") && disabled("dh")); | |
6f68a52e MC |
66 | |
67 | $proxy->filter(\&sigalgs_filter); | |
68 | ||
69 | #Test 2: Sending no sig algs extension in TLSv1.3 should fail | |
70 | $proxy->clear(); | |
71 | $testtype = NO_SIG_ALGS_EXT; | |
72 | $proxy->start(); | |
73 | ok(TLSProxy::Message->fail, "No TLSv1.3 sigalgs"); | |
74 | ||
75 | #Test 3: Sending an empty sig algs extension in TLSv1.3 should fail | |
76 | $proxy->clear(); | |
77 | $testtype = EMPTY_SIG_ALGS_EXT; | |
78 | $proxy->start(); | |
79 | ok(TLSProxy::Message->fail, "Empty TLSv1.3 sigalgs"); | |
80 | ||
81 | #Test 4: Sending a list with no recognised sig algs in TLSv1.3 should fail | |
82 | $proxy->clear(); | |
83 | $testtype = NO_KNOWN_SIG_ALGS; | |
84 | $proxy->start(); | |
85 | ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); | |
86 | ||
87 | #Test 5: Sending a sig algs list without pss for an RSA cert in TLSv1.3 | |
88 | # should fail | |
89 | $proxy->clear(); | |
90 | $testtype = NO_PSS_SIG_ALGS; | |
91 | $proxy->start(); | |
92 | ok(TLSProxy::Message->fail, "No PSS TLSv1.3 sigalgs"); | |
93 | ||
94 | #Test 6: Sending only TLSv1.3 PSS sig algs in TLSv1.3 should succeed | |
95 | #TODO(TLS1.3): Do we need to verify the cert to make sure its a PSS only | |
96 | #cert in this case? | |
97 | $proxy->clear(); | |
98 | $testtype = PSS_ONLY_SIG_ALGS; | |
99 | $proxy->start(); | |
100 | ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3"); | |
9e6a3202 MC |
101 | |
102 | #Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to | |
103 | # rsa_pss_pss_sha256. This should fail because the public key OID | |
104 | # in the certificate is rsaEncryption and not rsassaPss | |
105 | $proxy->filter(\&modify_cert_verify_sigalg); | |
106 | $proxy->clear(); | |
107 | $proxy->start(); | |
108 | ok(TLSProxy::Message->fail, | |
109 | "Mismatch between CertVerify sigalg and public key OID"); | |
6f68a52e MC |
110 | } |
111 | ||
112 | SKIP: { | |
0e1e4045 BK |
113 | skip "EC or TLSv1.3 disabled", 1 |
114 | if disabled("tls1_3") || disabled("ec"); | |
9e6a3202 | 115 | #Test 8: Sending a valid sig algs list but not including a sig type that |
0e1e4045 | 116 | # matches the certificate should fail in TLSv1.3. |
6f68a52e MC |
117 | $proxy->clear(); |
118 | $proxy->clientflags("-sigalgs ECDSA+SHA256"); | |
119 | $proxy->filter(undef); | |
120 | $proxy->start(); | |
121 | ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs"); | |
0e1e4045 BK |
122 | } |
123 | ||
124 | SKIP: { | |
125 | skip "EC, TLSv1.3 or TLSv1.2 disabled", 1 | |
126 | if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); | |
6f68a52e | 127 | |
9e6a3202 | 128 | #Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2 |
6f68a52e MC |
129 | # should succeed |
130 | $proxy->clear(); | |
131 | $proxy->serverflags("-no_tls1_3"); | |
f865b081 | 132 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
6f68a52e MC |
133 | $proxy->filter(undef); |
134 | $proxy->start(); | |
135 | ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server"); | |
136 | } | |
137 | ||
138 | SKIP: { | |
b0031e5d | 139 | skip "EC or TLSv1.2 disabled", 10 if disabled("tls1_2") || disabled("ec"); |
6f68a52e MC |
140 | |
141 | $proxy->filter(\&sigalgs_filter); | |
142 | ||
aba03ae5 KR |
143 | #Test 10: Sending no sig algs extension in TLSv1.2 will make it use |
144 | # SHA1, which is only supported at security level 0. | |
6f68a52e MC |
145 | $proxy->clear(); |
146 | $testtype = NO_SIG_ALGS_EXT; | |
aba03ae5 KR |
147 | $proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0"); |
148 | $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=0"); | |
b0031e5d | 149 | $proxy->start(); |
aba03ae5 | 150 | ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 0"); |
b0031e5d KR |
151 | |
152 | #Test 11: Sending no sig algs extension in TLSv1.2 should fail at security | |
aba03ae5 KR |
153 | # level 1 since it will try to use SHA1. Testing client at level 0, |
154 | # server level 1. | |
b0031e5d KR |
155 | $proxy->clear(); |
156 | $testtype = NO_SIG_ALGS_EXT; | |
aba03ae5 KR |
157 | $proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=0"); |
158 | $proxy->ciphers("DEFAULT:\@SECLEVEL=1"); | |
b0031e5d | 159 | $proxy->start(); |
aba03ae5 | 160 | ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 1"); |
b0031e5d KR |
161 | |
162 | #Test 12: Sending no sig algs extension in TLSv1.2 should fail at security | |
aba03ae5 KR |
163 | # level 1 since it will try to use SHA1. Testing client at level 1, |
164 | # server level 0. | |
b0031e5d KR |
165 | $proxy->clear(); |
166 | $testtype = NO_SIG_ALGS_EXT; | |
aba03ae5 KR |
167 | $proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=1"); |
168 | $proxy->ciphers("DEFAULT:\@SECLEVEL=0"); | |
6f68a52e | 169 | $proxy->start(); |
b0031e5d | 170 | ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2"); |
6f68a52e | 171 | |
b0031e5d | 172 | #Test 13: Sending an empty sig algs extension in TLSv1.2 should fail |
6f68a52e MC |
173 | $proxy->clear(); |
174 | $testtype = EMPTY_SIG_ALGS_EXT; | |
175 | $proxy->clientflags("-no_tls1_3"); | |
f865b081 | 176 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
6f68a52e MC |
177 | $proxy->start(); |
178 | ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); | |
179 | ||
b0031e5d | 180 | #Test 14: Sending a list with no recognised sig algs in TLSv1.2 should fail |
6f68a52e MC |
181 | $proxy->clear(); |
182 | $testtype = NO_KNOWN_SIG_ALGS; | |
183 | $proxy->clientflags("-no_tls1_3"); | |
f865b081 | 184 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
6f68a52e MC |
185 | $proxy->start(); |
186 | ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); | |
187 | ||
b0031e5d | 188 | #Test 15: Sending a sig algs list without pss for an RSA cert in TLSv1.2 |
6f68a52e MC |
189 | # should succeed |
190 | $proxy->clear(); | |
191 | $testtype = NO_PSS_SIG_ALGS; | |
192 | $proxy->clientflags("-no_tls1_3"); | |
f865b081 | 193 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
6f68a52e MC |
194 | $proxy->start(); |
195 | ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); | |
196 | ||
b0031e5d | 197 | #Test 16: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed |
6f68a52e MC |
198 | $proxy->clear(); |
199 | $testtype = PSS_ONLY_SIG_ALGS; | |
fe3066ee | 200 | $proxy->serverflags("-no_tls1_3"); |
f865b081 | 201 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
6f68a52e | 202 | $proxy->start(); |
fe3066ee | 203 | ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); |
6f68a52e | 204 | |
b0031e5d | 205 | #Test 17: Responding with a sig alg we did not send in TLSv1.2 should fail |
cf8e9233 | 206 | # We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256 |
cd61b55f MC |
207 | # TODO(TLS1.3): Add a similar test to the TLSv1.3 section above |
208 | # when we have an API capable of configuring the TLSv1.3 sig algs | |
209 | $proxy->clear(); | |
210 | $testtype = PSS_ONLY_SIG_ALGS; | |
211 | $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); | |
f865b081 | 212 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
cd61b55f MC |
213 | $proxy->start(); |
214 | ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); | |
215 | ||
b0031e5d | 216 | #Test 18: Sending a valid sig algs list but not including a sig type that |
6f68a52e MC |
217 | # matches the certificate should fail in TLSv1.2 |
218 | $proxy->clear(); | |
219 | $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); | |
f865b081 | 220 | $proxy->ciphers("ECDHE-RSA-AES128-SHA"); |
6f68a52e MC |
221 | $proxy->filter(undef); |
222 | $proxy->start(); | |
223 | ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); | |
224 | $proxy->filter(\&sigalgs_filter); | |
faadddc9 | 225 | |
aba03ae5 KR |
226 | #Test 19: No sig algs extension, ECDSA cert, will use SHA1, |
227 | # TLSv1.2 should succeed at security level 0 | |
faadddc9 DSH |
228 | $proxy->clear(); |
229 | $testtype = NO_SIG_ALGS_EXT; | |
aba03ae5 | 230 | $proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0"); |
faadddc9 DSH |
231 | $proxy->serverflags("-cert " . srctop_file("test", "certs", |
232 | "server-ecdsa-cert.pem") . | |
233 | " -key " . srctop_file("test", "certs", | |
234 | "server-ecdsa-key.pem")), | |
aba03ae5 | 235 | $proxy->ciphers("ECDHE-ECDSA-AES128-SHA:\@SECLEVEL=0"); |
faadddc9 DSH |
236 | $proxy->start(); |
237 | ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA"); | |
6f68a52e MC |
238 | } |
239 | ||
05594f4a BK |
240 | my ($dsa_status, $sha1_status, $sha224_status); |
241 | SKIP: { | |
a763ca11 MC |
242 | skip "TLSv1.3 disabled", 2 |
243 | if disabled("tls1_3") | |
244 | || disabled("dsa") | |
245 | || (disabled("ec") && disabled("dh")); | |
b0031e5d | 246 | #Test 20: signature_algorithms with 1.3-only ClientHello |
05594f4a BK |
247 | $testtype = PURE_SIGALGS; |
248 | $dsa_status = $sha1_status = $sha224_status = 0; | |
249 | $proxy->clear(); | |
250 | $proxy->clientflags("-tls1_3"); | |
251 | $proxy->filter(\&modify_sigalgs_filter); | |
252 | $proxy->start(); | |
253 | ok($dsa_status && $sha1_status && $sha224_status, | |
aba03ae5 | 254 | "DSA and SHA1 sigalgs not sent for 1.3-only ClientHello"); |
05594f4a | 255 | |
b0031e5d | 256 | #Test 21: signature_algorithms with backwards compatible ClientHello |
c423ecaa MC |
257 | SKIP: { |
258 | skip "TLSv1.2 disabled", 1 if disabled("tls1_2"); | |
259 | $testtype = COMPAT_SIGALGS; | |
260 | $dsa_status = $sha1_status = $sha224_status = 0; | |
261 | $proxy->clear(); | |
aba03ae5 | 262 | $proxy->clientflags("-cipher AES128-SHA\@SECLEVEL=0"); |
c423ecaa MC |
263 | $proxy->filter(\&modify_sigalgs_filter); |
264 | $proxy->start(); | |
265 | ok($dsa_status && $sha1_status && $sha224_status, | |
aba03ae5 | 266 | "backwards compatible sigalg sent for compat ClientHello"); |
c423ecaa | 267 | } |
05594f4a BK |
268 | } |
269 | ||
3e524bf2 | 270 | SKIP: { |
a763ca11 MC |
271 | skip "TLSv1.3 disabled", 5 |
272 | if disabled("tls1_3") || (disabled("ec") && disabled("dh")); | |
b0031e5d | 273 | #Test 22: Insert signature_algorithms_cert that match normal sigalgs |
3e524bf2 BK |
274 | $testtype = SIGALGS_CERT_ALL; |
275 | $proxy->clear(); | |
276 | $proxy->filter(\&modify_sigalgs_cert_filter); | |
277 | $proxy->start(); | |
278 | ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3"); | |
279 | ||
b0031e5d | 280 | #Test 23: Insert signature_algorithms_cert that forces PKCS#1 cert |
3e524bf2 BK |
281 | $testtype = SIGALGS_CERT_PKCS; |
282 | $proxy->clear(); | |
283 | $proxy->filter(\&modify_sigalgs_cert_filter); | |
284 | $proxy->start(); | |
285 | ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert"); | |
286 | ||
b0031e5d | 287 | #Test 24: Insert signature_algorithms_cert that fails |
3e524bf2 BK |
288 | $testtype = SIGALGS_CERT_INVALID; |
289 | $proxy->clear(); | |
290 | $proxy->filter(\&modify_sigalgs_cert_filter); | |
291 | $proxy->start(); | |
292 | ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert"); | |
3e524bf2 | 293 | |
3656c08a BK |
294 | #Test 25: Send an unrecognized signature_algorithms_cert |
295 | # We should be able to skip over the unrecognized value and use a | |
296 | # valid one that appears later in the list. | |
297 | $proxy->clear(); | |
298 | $proxy->filter(\&inject_unrecognized_sigalg); | |
299 | $proxy->clientflags("-tls1_3"); | |
300 | # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is | |
301 | # needed to trigger (e.g.) CVE-2020-1967 | |
302 | $proxy->serverflags("" . | |
303 | " -xcert " . srctop_file("test", "certs", "servercert.pem") . | |
304 | " -xkey " . srctop_file("test", "certs", "serverkey.pem") . | |
305 | " -xchain " . srctop_file("test", "certs", "rootcert.pem")); | |
306 | $testtype = UNRECOGNIZED_SIGALGS_CERT; | |
307 | $proxy->start(); | |
308 | ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello"); | |
309 | ||
310 | #Test 26: Send an unrecognized signature_algorithms | |
311 | # We should be able to skip over the unrecognized value and use a | |
312 | # valid one that appears later in the list. | |
313 | $proxy->clear(); | |
314 | $proxy->filter(\&inject_unrecognized_sigalg); | |
315 | $proxy->clientflags("-tls1_3"); | |
316 | $proxy->serverflags("" . | |
317 | " -xcert " . srctop_file("test", "certs", "servercert.pem") . | |
318 | " -xkey " . srctop_file("test", "certs", "serverkey.pem") . | |
319 | " -xchain " . srctop_file("test", "certs", "rootcert.pem")); | |
320 | $testtype = UNRECOGNIZED_SIGALG; | |
321 | $proxy->start(); | |
322 | ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello"); | |
323 | } | |
324 | ||
6f68a52e MC |
325 | |
326 | ||
327 | sub sigalgs_filter | |
328 | { | |
329 | my $proxy = shift; | |
330 | ||
331 | # We're only interested in the initial ClientHello | |
332 | if ($proxy->flight != 0) { | |
333 | return; | |
334 | } | |
335 | ||
336 | foreach my $message (@{$proxy->message_list}) { | |
337 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { | |
338 | if ($testtype == NO_SIG_ALGS_EXT) { | |
339 | $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); | |
340 | } else { | |
341 | my $sigalg; | |
342 | if ($testtype == EMPTY_SIG_ALGS_EXT) { | |
343 | $sigalg = pack "C2", 0x00, 0x00; | |
344 | } elsif ($testtype == NO_KNOWN_SIG_ALGS) { | |
345 | $sigalg = pack "C4", 0x00, 0x02, 0xff, 0xff; | |
346 | } elsif ($testtype == NO_PSS_SIG_ALGS) { | |
347 | #No PSS sig algs - just send rsa_pkcs1_sha256 | |
348 | $sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01; | |
349 | } else { | |
f55e99f7 | 350 | #PSS sig algs only - just send rsa_pss_rsae_sha256 |
6f68a52e MC |
351 | $sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04; |
352 | } | |
353 | $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg); | |
354 | } | |
355 | ||
356 | $message->repack(); | |
357 | } | |
358 | } | |
359 | } | |
05594f4a BK |
360 | |
361 | sub modify_sigalgs_filter | |
362 | { | |
363 | my $proxy = shift; | |
364 | ||
365 | # We're only interested in the initial ClientHello | |
366 | return if ($proxy->flight != 0); | |
367 | ||
368 | foreach my $message (@{$proxy->message_list}) { | |
369 | my $ext; | |
370 | my @algs; | |
371 | ||
372 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { | |
373 | if ($testtype == PURE_SIGALGS) { | |
374 | my $ok = 1; | |
375 | $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS}; | |
376 | @algs = unpack('S>*', $ext); | |
377 | # unpack will unpack the length as well | |
378 | shift @algs; | |
379 | foreach (@algs) { | |
380 | if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256 | |
381 | || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384 | |
382 | || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512 | |
383 | || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224 | |
384 | || $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1 | |
385 | || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1 | |
386 | || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) { | |
387 | $ok = 0; | |
388 | } | |
389 | } | |
390 | $sha1_status = $dsa_status = $sha224_status = 1 if ($ok); | |
391 | } elsif ($testtype == COMPAT_SIGALGS) { | |
392 | $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS}; | |
393 | @algs = unpack('S>*', $ext); | |
394 | # unpack will unpack the length as well | |
395 | shift @algs; | |
396 | foreach (@algs) { | |
397 | if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256 | |
398 | || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384 | |
399 | || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) { | |
400 | $dsa_status = 1; | |
401 | } | |
402 | if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1 | |
403 | || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1 | |
404 | || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) { | |
405 | $sha1_status = 1; | |
406 | } | |
407 | if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224 | |
408 | || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224 | |
409 | || $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) { | |
410 | $sha224_status = 1; | |
411 | } | |
412 | } | |
413 | } | |
414 | } | |
415 | } | |
416 | } | |
3e524bf2 BK |
417 | |
418 | sub modify_sigalgs_cert_filter | |
419 | { | |
420 | my $proxy = shift; | |
421 | ||
422 | # We're only interested in the initial ClientHello | |
423 | if ($proxy->flight != 0) { | |
424 | return; | |
425 | } | |
426 | ||
427 | foreach my $message (@{$proxy->message_list}) { | |
428 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { | |
429 | my $sigs; | |
430 | # two byte length at front of sigs, then two-byte sigschemes | |
431 | if ($testtype == SIGALGS_CERT_ALL) { | |
432 | $sigs = pack "C26", 0x00, 0x18, | |
433 | # rsa_pkcs_sha{256,512} rsa_pss_rsae_sha{256,512} | |
434 | 0x04, 0x01, 0x06, 0x01, 0x08, 0x04, 0x08, 0x06, | |
435 | # ed25518 ed448 rsa_pss_pss_sha{256,512} | |
436 | 0x08, 0x07, 0x08, 0x08, 0x08, 0x09, 0x08, 0x0b, | |
437 | # ecdsa_secp{256,512} rsa+sha1 ecdsa+sha1 | |
438 | 0x04, 0x03, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03; | |
439 | } elsif ($testtype == SIGALGS_CERT_PKCS) { | |
440 | $sigs = pack "C10", 0x00, 0x08, | |
441 | # rsa_pkcs_sha{256,384,512,1} | |
442 | 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01; | |
443 | } elsif ($testtype == SIGALGS_CERT_INVALID) { | |
444 | $sigs = pack "C4", 0x00, 0x02, | |
445 | # unregistered codepoint | |
446 | 0xb2, 0x6f; | |
447 | } | |
448 | $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs); | |
449 | $message->repack(); | |
450 | } | |
451 | } | |
452 | } | |
9e6a3202 MC |
453 | |
454 | sub modify_cert_verify_sigalg | |
455 | { | |
456 | my $proxy = shift; | |
457 | ||
458 | # We're only interested in the CertificateVerify | |
459 | if ($proxy->flight != 1) { | |
460 | return; | |
461 | } | |
462 | ||
463 | foreach my $message (@{$proxy->message_list}) { | |
464 | if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) { | |
465 | $message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256); | |
466 | $message->repack(); | |
467 | } | |
468 | } | |
469 | } | |
3656c08a BK |
470 | |
471 | sub inject_unrecognized_sigalg | |
472 | { | |
473 | my $proxy = shift; | |
474 | my $type; | |
475 | ||
476 | # We're only interested in the initial ClientHello | |
477 | if ($proxy->flight != 0) { | |
478 | return; | |
479 | } | |
480 | if ($testtype == UNRECOGNIZED_SIGALGS_CERT) { | |
481 | $type = TLSProxy::Message::EXT_SIG_ALGS_CERT; | |
482 | } elsif ($testtype == UNRECOGNIZED_SIGALG) { | |
483 | $type = TLSProxy::Message::EXT_SIG_ALGS; | |
484 | } else { | |
485 | return; | |
486 | } | |
487 | ||
488 | my $ext = pack "C8", | |
489 | 0x00, 0x06, #Extension length | |
490 | 0xfe, 0x18, #private use | |
491 | 0x04, 0x01, #rsa_pkcs1_sha256 | |
492 | 0x08, 0x04; #rsa_pss_rsae_sha256; | |
493 | my $message = ${$proxy->message_list}[0]; | |
494 | $message->set_extension($type, $ext); | |
495 | $message->repack; | |
496 | } |