xref: /freebsd/crypto/openssl/test/cipherlist_test.c (revision 725a9f47324d42037db93c27ceb40d4956872f3e)
1 /*
2  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  * https://www.openssl.org/source/license.html
8  * or in the file LICENSE in the source distribution.
9  */
10 
11 #include <stdio.h>
12 #include <string.h>
13 
14 #include <openssl/opensslconf.h>
15 #include <openssl/err.h>
16 #include <openssl/e_os2.h>
17 #include <openssl/ssl.h>
18 #include <openssl/ssl3.h>
19 #include <openssl/tls1.h>
20 
21 #include "internal/nelem.h"
22 #include "testutil.h"
23 
24 typedef struct cipherlist_test_fixture {
25     const char *test_case_name;
26     SSL_CTX *server;
27     SSL_CTX *client;
28 } CIPHERLIST_TEST_FIXTURE;
29 
30 
31 static void tear_down(CIPHERLIST_TEST_FIXTURE *fixture)
32 {
33     if (fixture != NULL) {
34         SSL_CTX_free(fixture->server);
35         SSL_CTX_free(fixture->client);
36         fixture->server = fixture->client = NULL;
37         OPENSSL_free(fixture);
38     }
39 }
40 
41 static CIPHERLIST_TEST_FIXTURE *set_up(const char *const test_case_name)
42 {
43     CIPHERLIST_TEST_FIXTURE *fixture;
44 
45     if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
46         return NULL;
47     fixture->test_case_name = test_case_name;
48     if (!TEST_ptr(fixture->server = SSL_CTX_new(TLS_server_method()))
49             || !TEST_ptr(fixture->client = SSL_CTX_new(TLS_client_method()))) {
50         tear_down(fixture);
51         return NULL;
52     }
53     return fixture;
54 }
55 
56 /*
57  * All ciphers in the DEFAULT cipherlist meet the default security level.
58  * However, default supported ciphers exclude SRP and PSK ciphersuites
59  * for which no callbacks have been set up.
60  *
61  * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled,
62  * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA
63  * are currently broken and should be considered mission impossible in libssl.
64  */
65 static const uint32_t default_ciphers_in_order[] = {
66 #ifndef OPENSSL_NO_TLS1_3
67     TLS1_3_CK_AES_256_GCM_SHA384,
68 # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
69     TLS1_3_CK_CHACHA20_POLY1305_SHA256,
70 # endif
71     TLS1_3_CK_AES_128_GCM_SHA256,
72 #endif
73 #ifndef OPENSSL_NO_TLS1_2
74 # ifndef OPENSSL_NO_EC
75     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
76     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
77 # endif
78 # ifndef OPENSSL_NO_DH
79     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
80 # endif
81 
82 # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
83 #  ifndef OPENSSL_NO_EC
84     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
85     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
86 #  endif
87 #  ifndef OPENSSL_NO_DH
88     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
89 #  endif
90 # endif  /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
91 
92 # ifndef OPENSSL_NO_EC
93     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
94     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
95 # endif
96 # ifndef OPENSSL_NO_DH
97     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
98 # endif
99 # ifndef OPENSSL_NO_EC
100     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
101     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
102 # endif
103 # ifndef OPENSSL_NO_DH
104     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
105 # endif
106 # ifndef OPENSSL_NO_EC
107     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
108     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
109 # endif
110 # ifndef OPENSSL_NO_DH
111     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
112 # endif
113 #endif  /* !OPENSSL_NO_TLS1_2 */
114 
115 #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
116     /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
117 # ifndef OPENSSL_NO_EC
118     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
119     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
120 # endif
121  #ifndef OPENSSL_NO_DH
122     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
123 # endif
124 # ifndef OPENSSL_NO_EC
125     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
126     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
127 # endif
128 # ifndef OPENSSL_NO_DH
129     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
130 # endif
131 #endif /* !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3) */
132 
133 #ifndef OPENSSL_NO_TLS1_2
134     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
135     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
136 #endif
137 #ifndef OPENSSL_NO_TLS1_2
138     TLS1_CK_RSA_WITH_AES_256_SHA256,
139     TLS1_CK_RSA_WITH_AES_128_SHA256,
140 #endif
141 #if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
142     /* These won't be usable if TLSv1.3 is available but TLSv1.2 isn't */
143     TLS1_CK_RSA_WITH_AES_256_SHA,
144     TLS1_CK_RSA_WITH_AES_128_SHA,
145 #endif
146 };
147 
148 static int test_default_cipherlist(SSL_CTX *ctx)
149 {
150     STACK_OF(SSL_CIPHER) *ciphers = NULL;
151     SSL *ssl = NULL;
152     int i, ret = 0, num_expected_ciphers, num_ciphers;
153     uint32_t expected_cipher_id, cipher_id;
154 
155     if (ctx == NULL)
156         return 0;
157 
158     if (!TEST_ptr(ssl = SSL_new(ctx))
159             || !TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)))
160         goto err;
161 
162     num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
163     num_ciphers = sk_SSL_CIPHER_num(ciphers);
164     if (!TEST_int_eq(num_ciphers, num_expected_ciphers))
165         goto err;
166 
167     for (i = 0; i < num_ciphers; i++) {
168         expected_cipher_id = default_ciphers_in_order[i];
169         cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
170         if (!TEST_int_eq(cipher_id, expected_cipher_id)) {
171             TEST_info("Wrong cipher at position %d", i);
172             goto err;
173         }
174     }
175 
176     ret = 1;
177 
178  err:
179     sk_SSL_CIPHER_free(ciphers);
180     SSL_free(ssl);
181     return ret;
182 }
183 
184 static int execute_test(CIPHERLIST_TEST_FIXTURE *fixture)
185 {
186     return fixture != NULL
187         && test_default_cipherlist(fixture->server)
188         && test_default_cipherlist(fixture->client);
189 }
190 
191 #define SETUP_CIPHERLIST_TEST_FIXTURE() \
192     SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up)
193 
194 #define EXECUTE_CIPHERLIST_TEST() \
195     EXECUTE_TEST(execute_test, tear_down)
196 
197 static int test_default_cipherlist_implicit(void)
198 {
199     SETUP_CIPHERLIST_TEST_FIXTURE();
200     EXECUTE_CIPHERLIST_TEST();
201     return result;
202 }
203 
204 static int test_default_cipherlist_explicit(void)
205 {
206     SETUP_CIPHERLIST_TEST_FIXTURE();
207     if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, "DEFAULT"))
208             || !TEST_true(SSL_CTX_set_cipher_list(fixture->client, "DEFAULT"))) {
209         tear_down(fixture);
210         fixture = NULL;
211     }
212     EXECUTE_CIPHERLIST_TEST();
213     return result;
214 }
215 
216 /* SSL_CTX_set_cipher_list() should fail if it clears all TLSv1.2 ciphers. */
217 static int test_default_cipherlist_clear(void)
218 {
219     SSL *s = NULL;
220     SETUP_CIPHERLIST_TEST_FIXTURE();
221 
222     if (!TEST_int_eq(SSL_CTX_set_cipher_list(fixture->server, "no-such"), 0))
223         goto end;
224 
225     if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_CIPHER_MATCH))
226         goto end;
227 
228     s = SSL_new(fixture->client);
229 
230     if (!TEST_ptr(s))
231       goto end;
232 
233     if (!TEST_int_eq(SSL_set_cipher_list(s, "no-such"), 0))
234         goto end;
235 
236     if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
237                 SSL_R_NO_CIPHER_MATCH))
238         goto end;
239 
240     result = 1;
241 end:
242     SSL_free(s);
243     tear_down(fixture);
244     return result;
245 }
246 
247 int setup_tests(void)
248 {
249     ADD_TEST(test_default_cipherlist_implicit);
250     ADD_TEST(test_default_cipherlist_explicit);
251     ADD_TEST(test_default_cipherlist_clear);
252     return 1;
253 }
254