1*e0c4386eSCy Schubert#! /usr/bin/env perl 2*e0c4386eSCy Schubert# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubertuse strict; 10*e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; 11*e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 12*e0c4386eSCy Schubertuse TLSProxy::Proxy; 13*e0c4386eSCy Schubert 14*e0c4386eSCy Schubertmy $test_name = "test_sslsigalgs"; 15*e0c4386eSCy Schubertsetup($test_name); 16*e0c4386eSCy Schubert 17*e0c4386eSCy Schubertplan skip_all => "TLSProxy isn't usable on $^O" 18*e0c4386eSCy Schubert if $^O =~ /^(VMS)$/; 19*e0c4386eSCy Schubert 20*e0c4386eSCy Schubertplan skip_all => "$test_name needs the dynamic engine feature enabled" 21*e0c4386eSCy Schubert if disabled("engine") || disabled("dynamic-engine"); 22*e0c4386eSCy Schubert 23*e0c4386eSCy Schubertplan skip_all => "$test_name needs the sock feature enabled" 24*e0c4386eSCy Schubert if disabled("sock"); 25*e0c4386eSCy Schubert 26*e0c4386eSCy Schubertplan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled" 27*e0c4386eSCy Schubert if disabled("tls1_2") && disabled("tls1_3"); 28*e0c4386eSCy Schubert 29*e0c4386eSCy Schubert$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 30*e0c4386eSCy Schubertmy $proxy = TLSProxy::Proxy->new( 31*e0c4386eSCy Schubert undef, 32*e0c4386eSCy Schubert cmdstr(app(["openssl"]), display => 1), 33*e0c4386eSCy Schubert srctop_file("apps", "server.pem"), 34*e0c4386eSCy Schubert (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 35*e0c4386eSCy Schubert); 36*e0c4386eSCy Schubert 37*e0c4386eSCy Schubertuse constant { 38*e0c4386eSCy Schubert NO_SIG_ALGS_EXT => 0, 39*e0c4386eSCy Schubert EMPTY_SIG_ALGS_EXT => 1, 40*e0c4386eSCy Schubert NO_KNOWN_SIG_ALGS => 2, 41*e0c4386eSCy Schubert NO_PSS_SIG_ALGS => 3, 42*e0c4386eSCy Schubert PSS_ONLY_SIG_ALGS => 4, 43*e0c4386eSCy Schubert PURE_SIGALGS => 5, 44*e0c4386eSCy Schubert COMPAT_SIGALGS => 6, 45*e0c4386eSCy Schubert SIGALGS_CERT_ALL => 7, 46*e0c4386eSCy Schubert SIGALGS_CERT_PKCS => 8, 47*e0c4386eSCy Schubert SIGALGS_CERT_INVALID => 9, 48*e0c4386eSCy Schubert UNRECOGNIZED_SIGALGS_CERT => 10, 49*e0c4386eSCy Schubert UNRECOGNIZED_SIGALG => 11 50*e0c4386eSCy Schubert}; 51*e0c4386eSCy Schubert 52*e0c4386eSCy Schubert#Note: Throughout this test we override the default ciphersuites where TLSv1.2 53*e0c4386eSCy Schubert# is expected to ensure that a ServerKeyExchange message is sent that uses 54*e0c4386eSCy Schubert# the sigalgs 55*e0c4386eSCy Schubert 56*e0c4386eSCy Schubert#Test 1: Default sig algs should succeed 57*e0c4386eSCy Schubert$proxy->clientflags("-no_tls1_3") if disabled("ec") && disabled("dh"); 58*e0c4386eSCy Schubert$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 59*e0c4386eSCy Schubertplan tests => 26; 60*e0c4386eSCy Schubertok(TLSProxy::Message->success, "Default sigalgs"); 61*e0c4386eSCy Schubertmy $testtype; 62*e0c4386eSCy Schubert 63*e0c4386eSCy SchubertSKIP: { 64*e0c4386eSCy Schubert skip "TLSv1.3 disabled", 6 65*e0c4386eSCy Schubert if disabled("tls1_3") || (disabled("ec") && disabled("dh")); 66*e0c4386eSCy Schubert 67*e0c4386eSCy Schubert $proxy->filter(\&sigalgs_filter); 68*e0c4386eSCy Schubert 69*e0c4386eSCy Schubert #Test 2: Sending no sig algs extension in TLSv1.3 should fail 70*e0c4386eSCy Schubert $proxy->clear(); 71*e0c4386eSCy Schubert $testtype = NO_SIG_ALGS_EXT; 72*e0c4386eSCy Schubert $proxy->start(); 73*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No TLSv1.3 sigalgs"); 74*e0c4386eSCy Schubert 75*e0c4386eSCy Schubert #Test 3: Sending an empty sig algs extension in TLSv1.3 should fail 76*e0c4386eSCy Schubert $proxy->clear(); 77*e0c4386eSCy Schubert $testtype = EMPTY_SIG_ALGS_EXT; 78*e0c4386eSCy Schubert $proxy->start(); 79*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "Empty TLSv1.3 sigalgs"); 80*e0c4386eSCy Schubert 81*e0c4386eSCy Schubert #Test 4: Sending a list with no recognised sig algs in TLSv1.3 should fail 82*e0c4386eSCy Schubert $proxy->clear(); 83*e0c4386eSCy Schubert $testtype = NO_KNOWN_SIG_ALGS; 84*e0c4386eSCy Schubert $proxy->start(); 85*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); 86*e0c4386eSCy Schubert 87*e0c4386eSCy Schubert #Test 5: Sending a sig algs list without pss for an RSA cert in TLSv1.3 88*e0c4386eSCy Schubert # should fail 89*e0c4386eSCy Schubert $proxy->clear(); 90*e0c4386eSCy Schubert $testtype = NO_PSS_SIG_ALGS; 91*e0c4386eSCy Schubert $proxy->start(); 92*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No PSS TLSv1.3 sigalgs"); 93*e0c4386eSCy Schubert 94*e0c4386eSCy Schubert #Test 6: Sending only TLSv1.3 PSS sig algs in TLSv1.3 should succeed 95*e0c4386eSCy Schubert #TODO(TLS1.3): Do we need to verify the cert to make sure its a PSS only 96*e0c4386eSCy Schubert #cert in this case? 97*e0c4386eSCy Schubert $proxy->clear(); 98*e0c4386eSCy Schubert $testtype = PSS_ONLY_SIG_ALGS; 99*e0c4386eSCy Schubert $proxy->start(); 100*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3"); 101*e0c4386eSCy Schubert 102*e0c4386eSCy Schubert #Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to 103*e0c4386eSCy Schubert # rsa_pss_pss_sha256. This should fail because the public key OID 104*e0c4386eSCy Schubert # in the certificate is rsaEncryption and not rsassaPss 105*e0c4386eSCy Schubert $proxy->filter(\&modify_cert_verify_sigalg); 106*e0c4386eSCy Schubert $proxy->clear(); 107*e0c4386eSCy Schubert $proxy->start(); 108*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, 109*e0c4386eSCy Schubert "Mismatch between CertVerify sigalg and public key OID"); 110*e0c4386eSCy Schubert} 111*e0c4386eSCy Schubert 112*e0c4386eSCy SchubertSKIP: { 113*e0c4386eSCy Schubert skip "EC or TLSv1.3 disabled", 1 114*e0c4386eSCy Schubert if disabled("tls1_3") || disabled("ec"); 115*e0c4386eSCy Schubert #Test 8: Sending a valid sig algs list but not including a sig type that 116*e0c4386eSCy Schubert # matches the certificate should fail in TLSv1.3. 117*e0c4386eSCy Schubert $proxy->clear(); 118*e0c4386eSCy Schubert $proxy->clientflags("-sigalgs ECDSA+SHA256"); 119*e0c4386eSCy Schubert $proxy->filter(undef); 120*e0c4386eSCy Schubert $proxy->start(); 121*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No matching TLSv1.3 sigalgs"); 122*e0c4386eSCy Schubert} 123*e0c4386eSCy Schubert 124*e0c4386eSCy SchubertSKIP: { 125*e0c4386eSCy Schubert skip "EC, TLSv1.3 or TLSv1.2 disabled", 1 126*e0c4386eSCy Schubert if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); 127*e0c4386eSCy Schubert 128*e0c4386eSCy Schubert #Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2 129*e0c4386eSCy Schubert # should succeed 130*e0c4386eSCy Schubert $proxy->clear(); 131*e0c4386eSCy Schubert $proxy->serverflags("-no_tls1_3"); 132*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 133*e0c4386eSCy Schubert $proxy->filter(undef); 134*e0c4386eSCy Schubert $proxy->start(); 135*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server"); 136*e0c4386eSCy Schubert} 137*e0c4386eSCy Schubert 138*e0c4386eSCy SchubertSKIP: { 139*e0c4386eSCy Schubert skip "EC or TLSv1.2 disabled", 10 if disabled("tls1_2") || disabled("ec"); 140*e0c4386eSCy Schubert 141*e0c4386eSCy Schubert $proxy->filter(\&sigalgs_filter); 142*e0c4386eSCy Schubert 143*e0c4386eSCy Schubert #Test 10: Sending no sig algs extension in TLSv1.2 will make it use 144*e0c4386eSCy Schubert # SHA1, which is only supported at security level 0. 145*e0c4386eSCy Schubert $proxy->clear(); 146*e0c4386eSCy Schubert $testtype = NO_SIG_ALGS_EXT; 147*e0c4386eSCy Schubert $proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0"); 148*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=0"); 149*e0c4386eSCy Schubert $proxy->start(); 150*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 0"); 151*e0c4386eSCy Schubert 152*e0c4386eSCy Schubert #Test 11: Sending no sig algs extension in TLSv1.2 should fail at security 153*e0c4386eSCy Schubert # level 1 since it will try to use SHA1. Testing client at level 0, 154*e0c4386eSCy Schubert # server level 1. 155*e0c4386eSCy Schubert $proxy->clear(); 156*e0c4386eSCy Schubert $testtype = NO_SIG_ALGS_EXT; 157*e0c4386eSCy Schubert $proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=0"); 158*e0c4386eSCy Schubert $proxy->ciphers("DEFAULT:\@SECLEVEL=1"); 159*e0c4386eSCy Schubert $proxy->start(); 160*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 1"); 161*e0c4386eSCy Schubert 162*e0c4386eSCy Schubert #Test 12: Sending no sig algs extension in TLSv1.2 should fail at security 163*e0c4386eSCy Schubert # level 1 since it will try to use SHA1. Testing client at level 1, 164*e0c4386eSCy Schubert # server level 0. 165*e0c4386eSCy Schubert $proxy->clear(); 166*e0c4386eSCy Schubert $testtype = NO_SIG_ALGS_EXT; 167*e0c4386eSCy Schubert $proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=1"); 168*e0c4386eSCy Schubert $proxy->ciphers("DEFAULT:\@SECLEVEL=0"); 169*e0c4386eSCy Schubert $proxy->start(); 170*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2"); 171*e0c4386eSCy Schubert 172*e0c4386eSCy Schubert #Test 13: Sending an empty sig algs extension in TLSv1.2 should fail 173*e0c4386eSCy Schubert $proxy->clear(); 174*e0c4386eSCy Schubert $testtype = EMPTY_SIG_ALGS_EXT; 175*e0c4386eSCy Schubert $proxy->clientflags("-no_tls1_3"); 176*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 177*e0c4386eSCy Schubert $proxy->start(); 178*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); 179*e0c4386eSCy Schubert 180*e0c4386eSCy Schubert #Test 14: Sending a list with no recognised sig algs in TLSv1.2 should fail 181*e0c4386eSCy Schubert $proxy->clear(); 182*e0c4386eSCy Schubert $testtype = NO_KNOWN_SIG_ALGS; 183*e0c4386eSCy Schubert $proxy->clientflags("-no_tls1_3"); 184*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 185*e0c4386eSCy Schubert $proxy->start(); 186*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); 187*e0c4386eSCy Schubert 188*e0c4386eSCy Schubert #Test 15: Sending a sig algs list without pss for an RSA cert in TLSv1.2 189*e0c4386eSCy Schubert # should succeed 190*e0c4386eSCy Schubert $proxy->clear(); 191*e0c4386eSCy Schubert $testtype = NO_PSS_SIG_ALGS; 192*e0c4386eSCy Schubert $proxy->clientflags("-no_tls1_3"); 193*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 194*e0c4386eSCy Schubert $proxy->start(); 195*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); 196*e0c4386eSCy Schubert 197*e0c4386eSCy Schubert #Test 16: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed 198*e0c4386eSCy Schubert $proxy->clear(); 199*e0c4386eSCy Schubert $testtype = PSS_ONLY_SIG_ALGS; 200*e0c4386eSCy Schubert $proxy->serverflags("-no_tls1_3"); 201*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 202*e0c4386eSCy Schubert $proxy->start(); 203*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); 204*e0c4386eSCy Schubert 205*e0c4386eSCy Schubert #Test 17: Responding with a sig alg we did not send in TLSv1.2 should fail 206*e0c4386eSCy Schubert # We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256 207*e0c4386eSCy Schubert # TODO(TLS1.3): Add a similar test to the TLSv1.3 section above 208*e0c4386eSCy Schubert # when we have an API capable of configuring the TLSv1.3 sig algs 209*e0c4386eSCy Schubert $proxy->clear(); 210*e0c4386eSCy Schubert $testtype = PSS_ONLY_SIG_ALGS; 211*e0c4386eSCy Schubert $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); 212*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 213*e0c4386eSCy Schubert $proxy->start(); 214*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); 215*e0c4386eSCy Schubert 216*e0c4386eSCy Schubert #Test 18: Sending a valid sig algs list but not including a sig type that 217*e0c4386eSCy Schubert # matches the certificate should fail in TLSv1.2 218*e0c4386eSCy Schubert $proxy->clear(); 219*e0c4386eSCy Schubert $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); 220*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-RSA-AES128-SHA"); 221*e0c4386eSCy Schubert $proxy->filter(undef); 222*e0c4386eSCy Schubert $proxy->start(); 223*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); 224*e0c4386eSCy Schubert $proxy->filter(\&sigalgs_filter); 225*e0c4386eSCy Schubert 226*e0c4386eSCy Schubert #Test 19: No sig algs extension, ECDSA cert, will use SHA1, 227*e0c4386eSCy Schubert # TLSv1.2 should succeed at security level 0 228*e0c4386eSCy Schubert $proxy->clear(); 229*e0c4386eSCy Schubert $testtype = NO_SIG_ALGS_EXT; 230*e0c4386eSCy Schubert $proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0"); 231*e0c4386eSCy Schubert $proxy->serverflags("-cert " . srctop_file("test", "certs", 232*e0c4386eSCy Schubert "server-ecdsa-cert.pem") . 233*e0c4386eSCy Schubert " -key " . srctop_file("test", "certs", 234*e0c4386eSCy Schubert "server-ecdsa-key.pem")), 235*e0c4386eSCy Schubert $proxy->ciphers("ECDHE-ECDSA-AES128-SHA:\@SECLEVEL=0"); 236*e0c4386eSCy Schubert $proxy->start(); 237*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA"); 238*e0c4386eSCy Schubert} 239*e0c4386eSCy Schubert 240*e0c4386eSCy Schubertmy ($dsa_status, $sha1_status, $sha224_status); 241*e0c4386eSCy SchubertSKIP: { 242*e0c4386eSCy Schubert skip "TLSv1.3 disabled", 2 243*e0c4386eSCy Schubert if disabled("tls1_3") 244*e0c4386eSCy Schubert || disabled("dsa") 245*e0c4386eSCy Schubert || (disabled("ec") && disabled("dh")); 246*e0c4386eSCy Schubert #Test 20: signature_algorithms with 1.3-only ClientHello 247*e0c4386eSCy Schubert $testtype = PURE_SIGALGS; 248*e0c4386eSCy Schubert $dsa_status = $sha1_status = $sha224_status = 0; 249*e0c4386eSCy Schubert $proxy->clear(); 250*e0c4386eSCy Schubert $proxy->clientflags("-tls1_3"); 251*e0c4386eSCy Schubert $proxy->filter(\&modify_sigalgs_filter); 252*e0c4386eSCy Schubert $proxy->start(); 253*e0c4386eSCy Schubert ok($dsa_status && $sha1_status && $sha224_status, 254*e0c4386eSCy Schubert "DSA and SHA1 sigalgs not sent for 1.3-only ClientHello"); 255*e0c4386eSCy Schubert 256*e0c4386eSCy Schubert #Test 21: signature_algorithms with backwards compatible ClientHello 257*e0c4386eSCy Schubert SKIP: { 258*e0c4386eSCy Schubert skip "TLSv1.2 disabled", 1 if disabled("tls1_2"); 259*e0c4386eSCy Schubert $testtype = COMPAT_SIGALGS; 260*e0c4386eSCy Schubert $dsa_status = $sha1_status = $sha224_status = 0; 261*e0c4386eSCy Schubert $proxy->clear(); 262*e0c4386eSCy Schubert $proxy->clientflags("-cipher AES128-SHA\@SECLEVEL=0"); 263*e0c4386eSCy Schubert $proxy->filter(\&modify_sigalgs_filter); 264*e0c4386eSCy Schubert $proxy->start(); 265*e0c4386eSCy Schubert ok($dsa_status && $sha1_status && $sha224_status, 266*e0c4386eSCy Schubert "backwards compatible sigalg sent for compat ClientHello"); 267*e0c4386eSCy Schubert } 268*e0c4386eSCy Schubert} 269*e0c4386eSCy Schubert 270*e0c4386eSCy SchubertSKIP: { 271*e0c4386eSCy Schubert skip "TLSv1.3 disabled", 5 272*e0c4386eSCy Schubert if disabled("tls1_3") || (disabled("ec") && disabled("dh")); 273*e0c4386eSCy Schubert #Test 22: Insert signature_algorithms_cert that match normal sigalgs 274*e0c4386eSCy Schubert $testtype = SIGALGS_CERT_ALL; 275*e0c4386eSCy Schubert $proxy->clear(); 276*e0c4386eSCy Schubert $proxy->filter(\&modify_sigalgs_cert_filter); 277*e0c4386eSCy Schubert $proxy->start(); 278*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3"); 279*e0c4386eSCy Schubert 280*e0c4386eSCy Schubert #Test 23: Insert signature_algorithms_cert that forces PKCS#1 cert 281*e0c4386eSCy Schubert $testtype = SIGALGS_CERT_PKCS; 282*e0c4386eSCy Schubert $proxy->clear(); 283*e0c4386eSCy Schubert $proxy->filter(\&modify_sigalgs_cert_filter); 284*e0c4386eSCy Schubert $proxy->start(); 285*e0c4386eSCy Schubert ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert"); 286*e0c4386eSCy Schubert 287*e0c4386eSCy Schubert #Test 24: Insert signature_algorithms_cert that fails 288*e0c4386eSCy Schubert $testtype = SIGALGS_CERT_INVALID; 289*e0c4386eSCy Schubert $proxy->clear(); 290*e0c4386eSCy Schubert $proxy->filter(\&modify_sigalgs_cert_filter); 291*e0c4386eSCy Schubert $proxy->start(); 292*e0c4386eSCy Schubert ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert"); 293*e0c4386eSCy Schubert 294*e0c4386eSCy Schubert #Test 25: Send an unrecognized signature_algorithms_cert 295*e0c4386eSCy Schubert # We should be able to skip over the unrecognized value and use a 296*e0c4386eSCy Schubert # valid one that appears later in the list. 297*e0c4386eSCy Schubert $proxy->clear(); 298*e0c4386eSCy Schubert $proxy->filter(\&inject_unrecognized_sigalg); 299*e0c4386eSCy Schubert $proxy->clientflags("-tls1_3"); 300*e0c4386eSCy Schubert # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is 301*e0c4386eSCy Schubert # needed to trigger (e.g.) CVE-2020-1967 302*e0c4386eSCy Schubert $proxy->serverflags("" . 303*e0c4386eSCy Schubert " -xcert " . srctop_file("test", "certs", "servercert.pem") . 304*e0c4386eSCy Schubert " -xkey " . srctop_file("test", "certs", "serverkey.pem") . 305*e0c4386eSCy Schubert " -xchain " . srctop_file("test", "certs", "rootcert.pem")); 306*e0c4386eSCy Schubert $testtype = UNRECOGNIZED_SIGALGS_CERT; 307*e0c4386eSCy Schubert $proxy->start(); 308*e0c4386eSCy Schubert ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello"); 309*e0c4386eSCy Schubert 310*e0c4386eSCy Schubert #Test 26: Send an unrecognized signature_algorithms 311*e0c4386eSCy Schubert # We should be able to skip over the unrecognized value and use a 312*e0c4386eSCy Schubert # valid one that appears later in the list. 313*e0c4386eSCy Schubert $proxy->clear(); 314*e0c4386eSCy Schubert $proxy->filter(\&inject_unrecognized_sigalg); 315*e0c4386eSCy Schubert $proxy->clientflags("-tls1_3"); 316*e0c4386eSCy Schubert $proxy->serverflags("" . 317*e0c4386eSCy Schubert " -xcert " . srctop_file("test", "certs", "servercert.pem") . 318*e0c4386eSCy Schubert " -xkey " . srctop_file("test", "certs", "serverkey.pem") . 319*e0c4386eSCy Schubert " -xchain " . srctop_file("test", "certs", "rootcert.pem")); 320*e0c4386eSCy Schubert $testtype = UNRECOGNIZED_SIGALG; 321*e0c4386eSCy Schubert $proxy->start(); 322*e0c4386eSCy Schubert ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello"); 323*e0c4386eSCy Schubert} 324*e0c4386eSCy Schubert 325*e0c4386eSCy Schubert 326*e0c4386eSCy Schubert 327*e0c4386eSCy Schubertsub sigalgs_filter 328*e0c4386eSCy Schubert{ 329*e0c4386eSCy Schubert my $proxy = shift; 330*e0c4386eSCy Schubert 331*e0c4386eSCy Schubert # We're only interested in the initial ClientHello 332*e0c4386eSCy Schubert if ($proxy->flight != 0) { 333*e0c4386eSCy Schubert return; 334*e0c4386eSCy Schubert } 335*e0c4386eSCy Schubert 336*e0c4386eSCy Schubert foreach my $message (@{$proxy->message_list}) { 337*e0c4386eSCy Schubert if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 338*e0c4386eSCy Schubert if ($testtype == NO_SIG_ALGS_EXT) { 339*e0c4386eSCy Schubert $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); 340*e0c4386eSCy Schubert } else { 341*e0c4386eSCy Schubert my $sigalg; 342*e0c4386eSCy Schubert if ($testtype == EMPTY_SIG_ALGS_EXT) { 343*e0c4386eSCy Schubert $sigalg = pack "C2", 0x00, 0x00; 344*e0c4386eSCy Schubert } elsif ($testtype == NO_KNOWN_SIG_ALGS) { 345*e0c4386eSCy Schubert $sigalg = pack "C4", 0x00, 0x02, 0xff, 0xff; 346*e0c4386eSCy Schubert } elsif ($testtype == NO_PSS_SIG_ALGS) { 347*e0c4386eSCy Schubert #No PSS sig algs - just send rsa_pkcs1_sha256 348*e0c4386eSCy Schubert $sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01; 349*e0c4386eSCy Schubert } else { 350*e0c4386eSCy Schubert #PSS sig algs only - just send rsa_pss_rsae_sha256 351*e0c4386eSCy Schubert $sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04; 352*e0c4386eSCy Schubert } 353*e0c4386eSCy Schubert $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg); 354*e0c4386eSCy Schubert } 355*e0c4386eSCy Schubert 356*e0c4386eSCy Schubert $message->repack(); 357*e0c4386eSCy Schubert } 358*e0c4386eSCy Schubert } 359*e0c4386eSCy Schubert} 360*e0c4386eSCy Schubert 361*e0c4386eSCy Schubertsub modify_sigalgs_filter 362*e0c4386eSCy Schubert{ 363*e0c4386eSCy Schubert my $proxy = shift; 364*e0c4386eSCy Schubert 365*e0c4386eSCy Schubert # We're only interested in the initial ClientHello 366*e0c4386eSCy Schubert return if ($proxy->flight != 0); 367*e0c4386eSCy Schubert 368*e0c4386eSCy Schubert foreach my $message (@{$proxy->message_list}) { 369*e0c4386eSCy Schubert my $ext; 370*e0c4386eSCy Schubert my @algs; 371*e0c4386eSCy Schubert 372*e0c4386eSCy Schubert if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 373*e0c4386eSCy Schubert if ($testtype == PURE_SIGALGS) { 374*e0c4386eSCy Schubert my $ok = 1; 375*e0c4386eSCy Schubert $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS}; 376*e0c4386eSCy Schubert @algs = unpack('S>*', $ext); 377*e0c4386eSCy Schubert # unpack will unpack the length as well 378*e0c4386eSCy Schubert shift @algs; 379*e0c4386eSCy Schubert foreach (@algs) { 380*e0c4386eSCy Schubert if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256 381*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384 382*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512 383*e0c4386eSCy Schubert || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224 384*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1 385*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1 386*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) { 387*e0c4386eSCy Schubert $ok = 0; 388*e0c4386eSCy Schubert } 389*e0c4386eSCy Schubert } 390*e0c4386eSCy Schubert $sha1_status = $dsa_status = $sha224_status = 1 if ($ok); 391*e0c4386eSCy Schubert } elsif ($testtype == COMPAT_SIGALGS) { 392*e0c4386eSCy Schubert $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS}; 393*e0c4386eSCy Schubert @algs = unpack('S>*', $ext); 394*e0c4386eSCy Schubert # unpack will unpack the length as well 395*e0c4386eSCy Schubert shift @algs; 396*e0c4386eSCy Schubert foreach (@algs) { 397*e0c4386eSCy Schubert if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256 398*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384 399*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) { 400*e0c4386eSCy Schubert $dsa_status = 1; 401*e0c4386eSCy Schubert } 402*e0c4386eSCy Schubert if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1 403*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1 404*e0c4386eSCy Schubert || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) { 405*e0c4386eSCy Schubert $sha1_status = 1; 406*e0c4386eSCy Schubert } 407*e0c4386eSCy Schubert if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224 408*e0c4386eSCy Schubert || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224 409*e0c4386eSCy Schubert || $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) { 410*e0c4386eSCy Schubert $sha224_status = 1; 411*e0c4386eSCy Schubert } 412*e0c4386eSCy Schubert } 413*e0c4386eSCy Schubert } 414*e0c4386eSCy Schubert } 415*e0c4386eSCy Schubert } 416*e0c4386eSCy Schubert} 417*e0c4386eSCy Schubert 418*e0c4386eSCy Schubertsub modify_sigalgs_cert_filter 419*e0c4386eSCy Schubert{ 420*e0c4386eSCy Schubert my $proxy = shift; 421*e0c4386eSCy Schubert 422*e0c4386eSCy Schubert # We're only interested in the initial ClientHello 423*e0c4386eSCy Schubert if ($proxy->flight != 0) { 424*e0c4386eSCy Schubert return; 425*e0c4386eSCy Schubert } 426*e0c4386eSCy Schubert 427*e0c4386eSCy Schubert foreach my $message (@{$proxy->message_list}) { 428*e0c4386eSCy Schubert if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { 429*e0c4386eSCy Schubert my $sigs; 430*e0c4386eSCy Schubert # two byte length at front of sigs, then two-byte sigschemes 431*e0c4386eSCy Schubert if ($testtype == SIGALGS_CERT_ALL) { 432*e0c4386eSCy Schubert $sigs = pack "C26", 0x00, 0x18, 433*e0c4386eSCy Schubert # rsa_pkcs_sha{256,512} rsa_pss_rsae_sha{256,512} 434*e0c4386eSCy Schubert 0x04, 0x01, 0x06, 0x01, 0x08, 0x04, 0x08, 0x06, 435*e0c4386eSCy Schubert # ed25518 ed448 rsa_pss_pss_sha{256,512} 436*e0c4386eSCy Schubert 0x08, 0x07, 0x08, 0x08, 0x08, 0x09, 0x08, 0x0b, 437*e0c4386eSCy Schubert # ecdsa_secp{256,512} rsa+sha1 ecdsa+sha1 438*e0c4386eSCy Schubert 0x04, 0x03, 0x06, 0x03, 0x02, 0x01, 0x02, 0x03; 439*e0c4386eSCy Schubert } elsif ($testtype == SIGALGS_CERT_PKCS) { 440*e0c4386eSCy Schubert $sigs = pack "C10", 0x00, 0x08, 441*e0c4386eSCy Schubert # rsa_pkcs_sha{256,384,512,1} 442*e0c4386eSCy Schubert 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01; 443*e0c4386eSCy Schubert } elsif ($testtype == SIGALGS_CERT_INVALID) { 444*e0c4386eSCy Schubert $sigs = pack "C4", 0x00, 0x02, 445*e0c4386eSCy Schubert # unregistered codepoint 446*e0c4386eSCy Schubert 0xb2, 0x6f; 447*e0c4386eSCy Schubert } 448*e0c4386eSCy Schubert $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs); 449*e0c4386eSCy Schubert $message->repack(); 450*e0c4386eSCy Schubert } 451*e0c4386eSCy Schubert } 452*e0c4386eSCy Schubert} 453*e0c4386eSCy Schubert 454*e0c4386eSCy Schubertsub modify_cert_verify_sigalg 455*e0c4386eSCy Schubert{ 456*e0c4386eSCy Schubert my $proxy = shift; 457*e0c4386eSCy Schubert 458*e0c4386eSCy Schubert # We're only interested in the CertificateVerify 459*e0c4386eSCy Schubert if ($proxy->flight != 1) { 460*e0c4386eSCy Schubert return; 461*e0c4386eSCy Schubert } 462*e0c4386eSCy Schubert 463*e0c4386eSCy Schubert foreach my $message (@{$proxy->message_list}) { 464*e0c4386eSCy Schubert if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) { 465*e0c4386eSCy Schubert $message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256); 466*e0c4386eSCy Schubert $message->repack(); 467*e0c4386eSCy Schubert } 468*e0c4386eSCy Schubert } 469*e0c4386eSCy Schubert} 470*e0c4386eSCy Schubert 471*e0c4386eSCy Schubertsub inject_unrecognized_sigalg 472*e0c4386eSCy Schubert{ 473*e0c4386eSCy Schubert my $proxy = shift; 474*e0c4386eSCy Schubert my $type; 475*e0c4386eSCy Schubert 476*e0c4386eSCy Schubert # We're only interested in the initial ClientHello 477*e0c4386eSCy Schubert if ($proxy->flight != 0) { 478*e0c4386eSCy Schubert return; 479*e0c4386eSCy Schubert } 480*e0c4386eSCy Schubert if ($testtype == UNRECOGNIZED_SIGALGS_CERT) { 481*e0c4386eSCy Schubert $type = TLSProxy::Message::EXT_SIG_ALGS_CERT; 482*e0c4386eSCy Schubert } elsif ($testtype == UNRECOGNIZED_SIGALG) { 483*e0c4386eSCy Schubert $type = TLSProxy::Message::EXT_SIG_ALGS; 484*e0c4386eSCy Schubert } else { 485*e0c4386eSCy Schubert return; 486*e0c4386eSCy Schubert } 487*e0c4386eSCy Schubert 488*e0c4386eSCy Schubert my $ext = pack "C8", 489*e0c4386eSCy Schubert 0x00, 0x06, #Extension length 490*e0c4386eSCy Schubert 0xfe, 0x18, #private use 491*e0c4386eSCy Schubert 0x04, 0x01, #rsa_pkcs1_sha256 492*e0c4386eSCy Schubert 0x08, 0x04; #rsa_pss_rsae_sha256; 493*e0c4386eSCy Schubert my $message = ${$proxy->message_list}[0]; 494*e0c4386eSCy Schubert $message->set_extension($type, $ext); 495*e0c4386eSCy Schubert $message->repack; 496*e0c4386eSCy Schubert} 497