Generalize invalid signature tests and run at all versions.
TLS 1.3 will go through very different code than everything else. Even SSL 3.0 is somewhat special-cased now. Move the invalid signature tests there and run at all versions. Change-Id: Idd0ee9aac2939c0c8fd9af2ea7b4a22942121c60 Reviewed-on: https://boringssl-review.googlesource.com/8775 Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
parent
32a66d51a6
commit
5208fd4293
@ -426,13 +426,9 @@ const (
|
||||
)
|
||||
|
||||
type ProtocolBugs struct {
|
||||
// InvalidSKXSignature specifies that the signature in a
|
||||
// ServerKeyExchange message should be invalid.
|
||||
InvalidSKXSignature bool
|
||||
|
||||
// InvalidCertVerifySignature specifies that the signature in a
|
||||
// CertificateVerify message should be invalid.
|
||||
InvalidCertVerifySignature bool
|
||||
// InvalidSignature specifies that the signature in a ServerKeyExchange
|
||||
// or CertificateVerify message should be invalid.
|
||||
InvalidSignature bool
|
||||
|
||||
// SendCurve, if non-zero, causes the ServerKeyExchange message to use
|
||||
// the specified curve ID rather than the negotiated one.
|
||||
|
@ -808,13 +808,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
|
||||
}
|
||||
|
||||
if c.vers > VersionSSL30 {
|
||||
msg := hs.finishedHash.buffer
|
||||
if c.config.Bugs.InvalidCertVerifySignature {
|
||||
msg = make([]byte, len(hs.finishedHash.buffer))
|
||||
copy(msg, hs.finishedHash.buffer)
|
||||
msg[0] ^= 0x80
|
||||
}
|
||||
certVerify.signature, err = signMessage(c.vers, privKey, c.config, certVerify.signatureAlgorithm, msg)
|
||||
certVerify.signature, err = signMessage(c.vers, privKey, c.config, certVerify.signatureAlgorithm, hs.finishedHash.buffer)
|
||||
if err == nil && c.config.Bugs.SendSignatureAlgorithm != 0 {
|
||||
certVerify.signatureAlgorithm = c.config.Bugs.SendSignatureAlgorithm
|
||||
}
|
||||
@ -826,7 +820,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
|
||||
err = errors.New("unsupported signature type for client certificate")
|
||||
} else {
|
||||
digest := hs.finishedHash.hashForClientCertificateSSL3(hs.masterSecret)
|
||||
if c.config.Bugs.InvalidCertVerifySignature {
|
||||
if c.config.Bugs.InvalidSignature {
|
||||
digest[0] ^= 0x80
|
||||
}
|
||||
certVerify.signature, err = rsa.SignPKCS1v15(c.config.rand(), rsaKey, crypto.MD5SHA1, digest)
|
||||
|
@ -397,10 +397,6 @@ func (ka *signedKeyAgreement) signParameters(config *Config, cert *Certificate,
|
||||
msg = append(msg, hello.random...)
|
||||
msg = append(msg, params...)
|
||||
|
||||
if config.Bugs.InvalidSKXSignature {
|
||||
msg[0] ^= 0x80
|
||||
}
|
||||
|
||||
var sigAlg signatureAlgorithm
|
||||
var err error
|
||||
if ka.version >= VersionTLS12 {
|
||||
|
@ -1050,63 +1050,6 @@ func bigFromHex(hex string) *big.Int {
|
||||
|
||||
func addBasicTests() {
|
||||
basicTests := []testCase{
|
||||
{
|
||||
name: "BadRSASignature",
|
||||
config: Config{
|
||||
// TODO(davidben): Add a TLS 1.3 version of this.
|
||||
MaxVersion: VersionTLS12,
|
||||
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
||||
Bugs: ProtocolBugs{
|
||||
InvalidSKXSignature: true,
|
||||
},
|
||||
},
|
||||
shouldFail: true,
|
||||
expectedError: ":BAD_SIGNATURE:",
|
||||
},
|
||||
{
|
||||
name: "BadECDSASignature",
|
||||
config: Config{
|
||||
// TODO(davidben): Add a TLS 1.3 version of this.
|
||||
MaxVersion: VersionTLS12,
|
||||
CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
|
||||
Bugs: ProtocolBugs{
|
||||
InvalidSKXSignature: true,
|
||||
},
|
||||
Certificates: []Certificate{ecdsaP256Certificate},
|
||||
},
|
||||
shouldFail: true,
|
||||
expectedError: ":BAD_SIGNATURE:",
|
||||
},
|
||||
{
|
||||
testType: serverTest,
|
||||
name: "BadRSASignature-ClientAuth",
|
||||
config: Config{
|
||||
// TODO(davidben): Add a TLS 1.3 version of this.
|
||||
MaxVersion: VersionTLS12,
|
||||
Bugs: ProtocolBugs{
|
||||
InvalidCertVerifySignature: true,
|
||||
},
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
shouldFail: true,
|
||||
expectedError: ":BAD_SIGNATURE:",
|
||||
flags: []string{"-require-any-client-certificate"},
|
||||
},
|
||||
{
|
||||
testType: serverTest,
|
||||
name: "BadECDSASignature-ClientAuth",
|
||||
config: Config{
|
||||
// TODO(davidben): Add a TLS 1.3 version of this.
|
||||
MaxVersion: VersionTLS12,
|
||||
Bugs: ProtocolBugs{
|
||||
InvalidCertVerifySignature: true,
|
||||
},
|
||||
Certificates: []Certificate{ecdsaP256Certificate},
|
||||
},
|
||||
shouldFail: true,
|
||||
expectedError: ":BAD_SIGNATURE:",
|
||||
flags: []string{"-require-any-client-certificate"},
|
||||
},
|
||||
{
|
||||
name: "NoFallbackSCSV",
|
||||
config: Config{
|
||||
@ -4774,17 +4717,36 @@ var testSignatureAlgorithms = []struct {
|
||||
{"RSA-PSS-SHA256", signatureRSAPSSWithSHA256, testCertRSA},
|
||||
{"RSA-PSS-SHA384", signatureRSAPSSWithSHA384, testCertRSA},
|
||||
{"RSA-PSS-SHA512", signatureRSAPSSWithSHA512, testCertRSA},
|
||||
// Tests for key types prior to TLS 1.2.
|
||||
{"RSA", 0, testCertRSA},
|
||||
{"ECDSA", 0, testCertECDSAP256},
|
||||
}
|
||||
|
||||
const fakeSigAlg1 signatureAlgorithm = 0x2a01
|
||||
const fakeSigAlg2 signatureAlgorithm = 0xff01
|
||||
|
||||
func addSignatureAlgorithmTests() {
|
||||
// Not all ciphers involve a signature. Advertise a list which gives all
|
||||
// versions a signing cipher.
|
||||
signingCiphers := []uint16{
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
}
|
||||
|
||||
// Make sure each signature algorithm works. Include some fake values in
|
||||
// the list and ensure they're ignored.
|
||||
for _, alg := range testSignatureAlgorithms {
|
||||
for _, ver := range tlsVersions {
|
||||
if ver.version < VersionTLS12 {
|
||||
if (ver.version < VersionTLS12) != (alg.id == 0) {
|
||||
continue
|
||||
}
|
||||
|
||||
// TODO(davidben): Support ECDSA in SSL 3.0 in Go for testing
|
||||
// or remove it in C.
|
||||
if ver.version == VersionSSL30 && alg.cert != testCertRSA {
|
||||
continue
|
||||
}
|
||||
|
||||
@ -4858,10 +4820,7 @@ func addSignatureAlgorithmTests() {
|
||||
name: "ServerAuth-Sign" + suffix,
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
CipherSuites: []uint16{
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
},
|
||||
CipherSuites: signingCiphers,
|
||||
VerifySignatureAlgorithms: []signatureAlgorithm{
|
||||
fakeSigAlg1,
|
||||
alg.id,
|
||||
@ -4883,10 +4842,7 @@ func addSignatureAlgorithmTests() {
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{getRunnerCertificate(alg.cert)},
|
||||
CipherSuites: []uint16{
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
},
|
||||
CipherSuites: signingCiphers,
|
||||
SignSignatureAlgorithms: []signatureAlgorithm{
|
||||
alg.id,
|
||||
},
|
||||
@ -4902,6 +4858,47 @@ func addSignatureAlgorithmTests() {
|
||||
shouldFail: shouldFail,
|
||||
expectedError: verifyError,
|
||||
})
|
||||
|
||||
if !shouldFail {
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "ClientAuth-InvalidSignature" + suffix,
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{getRunnerCertificate(alg.cert)},
|
||||
SignSignatureAlgorithms: []signatureAlgorithm{
|
||||
alg.id,
|
||||
},
|
||||
Bugs: ProtocolBugs{
|
||||
InvalidSignature: true,
|
||||
},
|
||||
},
|
||||
flags: []string{
|
||||
"-require-any-client-certificate",
|
||||
"-enable-all-curves",
|
||||
},
|
||||
shouldFail: true,
|
||||
expectedError: ":BAD_SIGNATURE:",
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
name: "ServerAuth-InvalidSignature" + suffix,
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{getRunnerCertificate(alg.cert)},
|
||||
CipherSuites: signingCiphers,
|
||||
SignSignatureAlgorithms: []signatureAlgorithm{
|
||||
alg.id,
|
||||
},
|
||||
Bugs: ProtocolBugs{
|
||||
InvalidSignature: true,
|
||||
},
|
||||
},
|
||||
flags: []string{"-enable-all-curves"},
|
||||
shouldFail: true,
|
||||
expectedError: ":BAD_SIGNATURE:",
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -51,6 +51,13 @@ func selectSignatureAlgorithm(version uint16, key crypto.PrivateKey, config *Con
|
||||
}
|
||||
|
||||
func signMessage(version uint16, key crypto.PrivateKey, config *Config, sigAlg signatureAlgorithm, msg []byte) ([]byte, error) {
|
||||
if config.Bugs.InvalidSignature {
|
||||
newMsg := make([]byte, len(msg))
|
||||
copy(newMsg, msg)
|
||||
newMsg[0] ^= 0x80
|
||||
msg = newMsg
|
||||
}
|
||||
|
||||
signer, err := getSigner(version, key, config, sigAlg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
Loading…
Reference in New Issue
Block a user