From d71151ae704847f4ac3f4a5f394ea64f1d229815 Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Wed, 23 Feb 2022 23:05:22 +0200 Subject: [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17763) --- test/helpers/predefined_dhparams.c | 21 +++++++++++++++++++ test/helpers/predefined_dhparams.h | 1 + test/recipes/80-test_ssl_old.t | 41 ++++++++++++++++++++++++++++++++++++-- test/ssl_old_test.c | 38 +++++++++++++++++++++++++++-------- 4 files changed, 91 insertions(+), 10 deletions(-) (limited to 'test') diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c index ebb9c8891d..0e9a936faf 100644 --- a/test/helpers/predefined_dhparams.c +++ b/test/helpers/predefined_dhparams.c @@ -170,4 +170,25 @@ EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx) return dhpkey; } +EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx) +{ + BIGNUM *p = NULL, *g = NULL; + EVP_PKEY *dhpkey = NULL; + + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) + goto err; + + p = BN_get_rfc3526_prime_4096(NULL); + if (p == NULL) + goto err; + + dhpkey = get_dh_from_pg_bn(libctx, "DH", p, g, NULL); + + err: + BN_free(p); + BN_free(g); + return dhpkey; +} + #endif diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h index 29d33ce1eb..6673b78df9 100644 --- a/test/helpers/predefined_dhparams.h +++ b/test/helpers/predefined_dhparams.h @@ -14,4 +14,5 @@ EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx); EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx); EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct); EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx); +EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx); #endif diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index c1fb30f6b2..77ead494c4 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -530,7 +530,7 @@ sub testssl { subtest 'RSA/(EC)DHE/PSK tests' => sub { ###################################################################### - plan tests => 6; + plan tests => 10; SKIP: { skip "TLSv1.0 is not supported by this OpenSSL build", 6 @@ -567,7 +567,7 @@ sub testssl { ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), 'test tls1 with PSK via BIO pair'); - } + } SKIP: { skip "skipping auto DH PSK tests", 1 @@ -578,6 +578,43 @@ sub testssl { } } + SKIP: { + skip "TLSv1.1 is not supported by this OpenSSL build", 4 + if $no_tls1_1; + + SKIP: { + skip "skipping auto DHE PSK test at SECLEVEL 3", 1 + if ($no_dh || $no_psk); + + ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), + 'test auto DHE PSK meets security strength'); + } + + SKIP: { + skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 + if ($no_ec || $no_psk); + + ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), + 'test auto ECDHE PSK meets security strength'); + } + + SKIP: { + skip "skipping no RSA PSK at SECLEVEL 3 test", 1 + if ($no_rsa || $no_psk); + + ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), + 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); + } + + SKIP: { + skip "skipping no PSK at SECLEVEL 3 test", 1 + if ($no_psk); + + ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), + 'test auto PSK does not meet security level 3 requirements (PFS)'); + } + } + }; subtest 'Custom Extension tests' => sub { diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 7c6fa5d9c7..0e75111996 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -629,10 +629,12 @@ static void sv_usage(void) #ifndef OPENSSL_NO_DH fprintf(stderr, " -dhe512 - use 512 bit key for DHE (to test failure)\n"); - fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, + " -dhe2048 - use 2048 bit key (safe prime) for DHE (default, no-op)\n"); + fprintf(stderr, + " -dhe4096 - use 4096 bit key (safe prime) for DHE\n"); #endif fprintf(stderr, " -no_dhe - disable DHE\n"); #ifndef OPENSSL_NO_EC @@ -647,6 +649,12 @@ static void sv_usage(void) #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); #endif +#ifndef OPENSSL_NO_TLS1_1 + fprintf(stderr, " -tls1_1 - use TLSv1.1\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr, " -tls1_2 - use TLSv1.2\n"); +#endif #ifndef OPENSSL_NO_DTLS fprintf(stderr, " -dtls - use DTLS\n"); #ifndef OPENSSL_NO_DTLS1 @@ -873,7 +881,7 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0; int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; @@ -889,7 +897,7 @@ int main(int argc, char *argv[]) long bytes = 256L; #ifndef OPENSSL_NO_DH EVP_PKEY *dhpkey; - int dhe512 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0, dhe4096 = 0; int no_dhe = 0; #endif int no_psk = 0; @@ -984,6 +992,8 @@ int main(int argc, char *argv[]) dhe512 = 1; else if (strcmp(*argv, "-dhe1024dsa") == 0) dhe1024dsa = 1; + else if (strcmp(*argv, "-dhe4096") == 0) + dhe4096 = 1; #endif else if (strcmp(*argv, "-no_ecdhe") == 0) /* obsolete */; @@ -1002,6 +1012,8 @@ int main(int argc, char *argv[]) } else if (strcmp(*argv, "-tls1_2") == 0) { tls1_2 = 1; + } else if (strcmp(*argv, "-tls1_1") == 0) { + tls1_1 = 1; } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { @@ -1224,8 +1236,8 @@ int main(int argc, char *argv[]) goto end; } - if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should " + if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1240,6 +1252,11 @@ int main(int argc, char *argv[]) no_protocol = 1; else #endif +#ifdef OPENSSL_NO_TLS1_1 + if (tls1_1) + no_protocol = 1; + else +#endif #ifdef OPENSSL_NO_TLS1_2 if (tls1_2) no_protocol = 1; @@ -1269,11 +1286,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1325,6 +1342,9 @@ int main(int argc, char *argv[]) } else if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; + } else if (tls1_1) { + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; } else if (tls1_2) { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; @@ -1489,6 +1509,8 @@ int main(int argc, char *argv[]) dhpkey = get_dh1024dsa(libctx); else if (dhe512) dhpkey = get_dh512(libctx); + else if (dhe4096) + dhpkey = get_dh4096(libctx); else dhpkey = get_dh2048(libctx); -- cgit v1.2.3