cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Test that SHA-1 defaults off

Browse Source 
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
This commit is contained in:
Gilles Peskine 2017-05-09 15:59:24 +02:00 committed by Manuel Pégourié-Gonnard
parent cd3c845157
commit bc70a1836b
6 changed files with 101 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
programs/ssl/ssl_client2.c
View File

@ -87,6 +87,7 @@ int main( void )
#define DFL_MIN_VERSION -1 #define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1 #define DFL_MAX_VERSION -1
#define DFL_ARC4 -1 #define DFL_ARC4 -1
#define DFL_SHA1 -1
#define DFL_AUTH_MODE -1 #define DFL_AUTH_MODE -1
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1 #define DFL_TRUNC_HMAC -1
@ -263,6 +264,7 @@ int main( void )
USAGE_DHMLEN \ USAGE_DHMLEN \
"\n" \ "\n" \
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \ " max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
@ -301,6 +303,7 @@ struct options
int min_version; /* minimum protocol version accepted */ int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */ int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */ int arc4; /* flag for arc4 suites support */
int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */ int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */ unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */ int trunc_hmac; /* negotiate truncated hmac or not */
@ -510,6 +513,7 @@ int main( int argc, char *argv[] )
opt.min_version = DFL_MIN_VERSION; opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION; opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4; opt.arc4 = DFL_ARC4;
opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE; opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE; opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC; opt.trunc_hmac = DFL_TRUNC_HMAC;
@ -724,6 +728,15 @@ int main( int argc, char *argv[] )
default: goto usage; default: goto usage;
} }
} }
else if( strcmp( p, "allow_sha1" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.allow_sha1 = 0; break;
case 1: opt.allow_sha1 = 1; break;
default: goto usage;
}
}
else if( strcmp( p, "force_version" ) == 0 ) else if( strcmp( p, "force_version" ) == 0 )
{ {
if( strcmp( q, "ssl3" ) == 0 ) if( strcmp( q, "ssl3" ) == 0 )
@ -1110,9 +1123,12 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/* The default algorithms profile disables SHA-1, but our tests still /* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. */ rely on it heavily. */
if( opt.allow_sha1 > 0 )
{
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ); crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test ); mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test ); mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
}
if( opt.debug_level > 0 ) if( opt.debug_level > 0 )
mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); mbedtls_ssl_conf_verify( &conf, my_verify, NULL );

16
programs/ssl/ssl_server2.c
View File

@ -123,6 +123,7 @@ int main( void )
#define DFL_MIN_VERSION -1 #define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1 #define DFL_MAX_VERSION -1
#define DFL_ARC4 -1 #define DFL_ARC4 -1
#define DFL_SHA1 -1
#define DFL_AUTH_MODE -1 #define DFL_AUTH_MODE -1
#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED #define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
@ -348,6 +349,7 @@ int main( void )
USAGE_ETM \ USAGE_ETM \
"\n" \ "\n" \
" arc4=%%d default: (library default: 0)\n" \ " arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \ " min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \ " max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \ " force_version=%%s default: \"\" (none)\n" \
@ -403,6 +405,7 @@ struct options
int min_version; /* minimum protocol version accepted */ int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */ int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */ int arc4; /* flag for arc4 suites support */
int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */ int auth_mode; /* verify mode for connection */
int cert_req_ca_list; /* should we send the CA list? */ int cert_req_ca_list; /* should we send the CA list? */
unsigned char mfl_code; /* code for maximum fragment length */ unsigned char mfl_code; /* code for maximum fragment length */
@ -950,6 +953,7 @@ int main( int argc, char *argv[] )
opt.min_version = DFL_MIN_VERSION; opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION; opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4; opt.arc4 = DFL_ARC4;
opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE; opt.auth_mode = DFL_AUTH_MODE;
opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST; opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST;
opt.mfl_code = DFL_MFL_CODE; opt.mfl_code = DFL_MFL_CODE;
@ -1121,6 +1125,15 @@ int main( int argc, char *argv[] )
default: goto usage; default: goto usage;
} }
} }
else if( strcmp( p, "allow_sha1" ) == 0 )
{
switch( atoi( q ) )
{
case 0: opt.allow_sha1 = 0; break;
case 1: opt.allow_sha1 = 1; break;
default: goto usage;
}
}
else if( strcmp( p, "force_version" ) == 0 ) else if( strcmp( p, "force_version" ) == 0 )
{ {
if( strcmp( q, "ssl3" ) == 0 ) if( strcmp( q, "ssl3" ) == 0 )
@ -1649,8 +1662,11 @@ int main( int argc, char *argv[] )
/* The default algorithms profile disables SHA-1, but our tests still /* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. Hence we allow it here. A real-world server rely on it heavily. Hence we allow it here. A real-world server
should use the default profile unless there is a good reason not to. */ should use the default profile unless there is a good reason not to. */
if( opt.allow_sha1 > 0 )
{
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ); crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test ); mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
if( opt.auth_mode != DFL_AUTH_MODE ) if( opt.auth_mode != DFL_AUTH_MODE )

1
tests/data_files/.gitignore vendored
View File

@ -1,2 +1,3 @@
cli-rsa.csr cli-rsa.csr
server2-rsa.csr
test-ca.csr test-ca.csr

8
tests/data_files/Makefile
View File

@ -31,6 +31,14 @@ cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
all_final += cli-rsa-sha256.crt all_final += cli-rsa-sha256.crt
server2-rsa.csr: server2.key
$(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
all_intermediate += server2-rsa.csr
server2-sha256.crt: server2-rsa.csr
$(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
all_final += server2-sha256.crt
all_final: $(all_final) all_final: $(all_final)
all: $(all_intermediate) $(all_final) all: $(all_intermediate) $(all_final)

21
tests/data_files/server2-sha256.crt Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTcwNTA5MTM1MTA1WhcNMjcwNTEwMTM1MTA1WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBkjCBjzAd
BgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwYwYDVR0jBFwwWoAUtFrkpbPe
0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
clNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBADAJBgNVHRMEAjAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAQf85QSjAeP+l6hirPorUL+k/3BznAh/6RXdveBO3K
uwtqK5qI59+3N+ZLXP7fr2Z5eO8qpchRgNNwT0LKglAEXGWn30PYI1GKSiqAaK0X
CUNIrxV3qKqOLbtqP1dMdiwsmiHYrN8E9UdysObedE2yDNLpTMHPJBZ+k6FowTyZ
IpUuabkxMBFxmLv+nOBDOiaCzintEcdJdY4F6p5j8jwMvVNVAXNfxAEwa0MoVRTt
/GORvq4ZEfsatVA+HRi602m+dZETTWKSODrj8AuQcG8/i1AOhk3C1WNOFKj/ZSfB
2P6EQmhLeRp4bO+3rG73T3R2yn0PZYQ7ZrjFPPKqgu+n
-----END CERTIFICATE-----

34
tests/ssl-opt.sh
View File

@ -699,6 +699,40 @@ run_test "RC4: both enabled" \
-S "SSL - None of the common ciphersuites is usable" \ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - The server has no ciphersuites in common" -S "SSL - The server has no ciphersuites in common"
# Tests for SHA-1 support
run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 allow_sha1=0" \
1 \
-c "The certificate is signed with an unacceptable hash"
run_test "SHA-1 explicitly allowed in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI allow_sha1=1" \
0
run_test "SHA-256 allowed by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
"$P_CLI allow_sha1=0" \
0
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1 \
-s "The certificate is signed with an unacceptable hash"
run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV auth_mode=required allow_sha1=1" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
0
run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
0
# Tests for Truncated HMAC extension # Tests for Truncated HMAC extension
run_test "Truncated HMAC: client default, server default" \ run_test "Truncated HMAC: client default, server default" \