From 4bb34766d41489cfe95002e861f4a655727ebaf9 Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Wed, 23 Feb 2022 23:05:22 +0200 Subject: [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3 (manually cherry picked from commit d71151ae704847f4ac3f4a5f394ea64f1d229815) Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17791) --- test/recipes/80-test_ssl_old.t | 39 ++++++++++++++++++++++- test/ssltest_old.c | 70 +++++++++++++++++++++++++++++++++++++----- 2 files changed, 101 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 9800de0fc8..99e3ce5df3 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -476,7 +476,7 @@ sub testssl { subtest 'RSA/(EC)DHE/PSK tests' => sub { ###################################################################### - plan tests => 6; + plan tests => 10; SKIP: { skip "TLSv1.0 is not supported by this OpenSSL build", 6 @@ -524,6 +524,43 @@ sub testssl { } } + SKIP: { + skip "TLSv1.1 is not supported by this OpenSSL build", 4 + if $no_tls1_1; + + SKIP: { + skip "skipping auto DHE PSK test at SECLEVEL 3", 1 + if ($no_dh || $no_psk); + + ok(run(test(['ssltest_old', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), + 'test auto DHE PSK meets security strength'); + } + + SKIP: { + skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 + if ($no_ec || $no_psk); + + ok(run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), + 'test auto ECDHE PSK meets security strength'); + } + + SKIP: { + skip "skipping no RSA PSK at SECLEVEL 3 test", 1 + if ($no_rsa || $no_psk); + + ok(!run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), + 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); + } + + SKIP: { + skip "skipping no PSK at SECLEVEL 3 test", 1 + if ($no_psk); + + ok(!run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), + 'test auto PSK does not meet security level 3 requirements (PFS)'); + } + } + }; subtest 'Custom Extension tests' => sub { diff --git a/test/ssltest_old.c b/test/ssltest_old.c index cb450cb05d..61a98e2108 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -96,6 +96,7 @@ static DH *get_dh512(void); static DH *get_dh1024(void); static DH *get_dh1024dsa(void); static DH *get_dh2048(void); +static DH *get_dh4096(void); #endif static char *psk_key = NULL; /* by default PSK is not used */ @@ -643,7 +644,9 @@ static void sv_usage(void) fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, - " -dhe2048 - use 2048 bit key (rfc3526 pime) for DHE\n"); + " -dhe2048 - use 2048 bit key (rfc3526 prime) for DHE\n"); + fprintf(stderr, + " -dhe4096 - use 4096 bit key (rfc3526 prime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); #endif #ifndef OPENSSL_NO_EC @@ -658,6 +661,12 @@ static void sv_usage(void) #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); #endif +#ifndef OPENSSL_NO_TLS1_1 + fprintf(stderr, " -tls1_1 - use TLSv1.1\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr, " -tls1_2 - use TLSv1.2\n"); +#endif #ifndef OPENSSL_NO_DTLS fprintf(stderr, " -dtls - use DTLS\n"); #ifndef OPENSSL_NO_DTLS1 @@ -883,7 +892,7 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0; int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; @@ -900,7 +909,7 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_DH DH *dh; int dhe512 = 0, dhe1024dsa = 0; - int dhe2048 = 0; + int dhe2048 = 0, dhe4096 = 0; #endif int no_dhe = 0; int no_psk = 0; @@ -995,6 +1004,13 @@ int main(int argc, char *argv[]) #else fprintf(stderr, "ignoring -dhe512, since I'm compiled without DH\n"); +#endif + } else if (strcmp(*argv, "-dhe4096") == 0) { +#ifndef OPENSSL_NO_DH + dhe4096 = 1; +#else + fprintf(stderr, + "ignoring -dhe4096, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe2048") == 0) { #ifndef OPENSSL_NO_DH @@ -1029,6 +1045,8 @@ int main(int argc, char *argv[]) } else if (strcmp(*argv, "-tls1_2") == 0) { tls1_2 = 1; + } else if (strcmp(*argv, "-tls1_1") == 0) { + tls1_1 = 1; } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { @@ -1239,8 +1257,8 @@ int main(int argc, char *argv[]) goto end; } - if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should " + if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1255,6 +1273,11 @@ int main(int argc, char *argv[]) no_protocol = 1; else #endif +#ifdef OPENSSL_NO_TLS1_1 + if (tls1_1) + no_protocol = 1; + else +#endif #ifdef OPENSSL_NO_TLS1_2 if (tls1_2) no_protocol = 1; @@ -1284,11 +1307,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1340,6 +1363,9 @@ int main(int argc, char *argv[]) } else if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; + } else if (tls1_1) { + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; } else if (tls1_2) { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; @@ -1497,6 +1523,8 @@ int main(int argc, char *argv[]) dh = get_dh512(); else if (dhe2048) dh = get_dh2048(); + else if (dhe4096) + dh = get_dh4096(); else dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); @@ -3062,6 +3090,34 @@ static DH *get_dh2048(void) BN_free(g); return NULL; } + +static DH *get_dh4096(void) +{ + BIGNUM *p = NULL, *g = NULL; + DH *dh = NULL; + + if ((dh = DH_new()) == NULL) + return NULL; + + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) + goto err; + + p = BN_get_rfc3526_prime_4096(NULL); + if (p == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + + return dh; + + err: + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; +} #endif #ifndef OPENSSL_NO_PSK -- cgit v1.2.3