newhope: test corrupt key exchange messages.
By corrupting the X25519 and Newhope parts separately, the test shows that both are in use. Possibly excessive? Change-Id: Ieb10f46f8ba876faacdafe70c5561c50a5863153 Reviewed-on: https://boringssl-review.googlesource.com/8250 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Matt Braithwaite
Adam Langley
parent
d0c677cd8e
commit
54217e4d85
@ -842,6 +842,14 @@ type ProtocolBugs struct {
|
|||||||
// SendSCTListOnResume, if not nil, causes the server to send the
|
// SendSCTListOnResume, if not nil, causes the server to send the
|
||||||
// supplied SCT list in resumption handshakes.
|
// supplied SCT list in resumption handshakes.
|
||||||
SendSCTListOnResume []byte
|
SendSCTListOnResume []byte
|
||||||
|
|
||||||
|
// CECPQ1BadX25519Part corrupts the X25519 part of a CECPQ1 key exchange, as
|
||||||
|
// a trivial proof that it is actually used.
|
||||||
|
CECPQ1BadX25519Part bool
|
||||||
|
|
||||||
|
// CECPQ1BadNewhopePart corrupts the Newhope part of a CECPQ1 key exchange,
|
||||||
|
// as a trivial proof that it is actually used.
|
||||||
|
CECPQ1BadNewhopePart bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Config) serverInit() {
|
func (c *Config) serverInit() {
|
||||||
|
|||||||
@ -732,6 +732,16 @@ func (ka *cecpq1KeyAgreement) generateServerKeyExchange(config *Config, cert *Ce
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.Bugs.CECPQ1BadX25519Part {
|
||||||
|
publicKey[0] ^= 1
|
||||||
|
}
|
||||||
|
if config.Bugs.CECPQ1BadNewhopePart {
|
||||||
|
publicKey[32] ^= 1
|
||||||
|
publicKey[33] ^= 1
|
||||||
|
publicKey[34] ^= 1
|
||||||
|
publicKey[35] ^= 1
|
||||||
|
}
|
||||||
|
|
||||||
var params []byte
|
var params []byte
|
||||||
params = append(params, byte(len(publicKey)>>8))
|
params = append(params, byte(len(publicKey)>>8))
|
||||||
params = append(params, byte(len(publicKey)&0xff))
|
params = append(params, byte(len(publicKey)&0xff))
|
||||||
@ -779,6 +789,16 @@ func (ka *cecpq1KeyAgreement) generateClientKeyExchange(config *Config, clientHe
|
|||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.Bugs.CECPQ1BadX25519Part {
|
||||||
|
publicKey[0] ^= 1
|
||||||
|
}
|
||||||
|
if config.Bugs.CECPQ1BadNewhopePart {
|
||||||
|
publicKey[32] ^= 1
|
||||||
|
publicKey[33] ^= 1
|
||||||
|
publicKey[34] ^= 1
|
||||||
|
publicKey[35] ^= 1
|
||||||
|
}
|
||||||
|
|
||||||
ckx := new(clientKeyExchangeMsg)
|
ckx := new(clientKeyExchangeMsg)
|
||||||
ckx.ciphertext = append(ckx.ciphertext, byte(len(publicKey)>>8))
|
ckx.ciphertext = append(ckx.ciphertext, byte(len(publicKey)>>8))
|
||||||
ckx.ciphertext = append(ckx.ciphertext, byte(len(publicKey)&0xff))
|
ckx.ciphertext = append(ckx.ciphertext, byte(len(publicKey)&0xff))
|
||||||
|
|||||||
@ -5101,6 +5101,65 @@ func addCurveTests() {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func addCECPQ1Tests() {
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
testType: clientTest,
|
||||||
|
name: "CECPQ1-Client-BadX25519Part",
|
||||||
|
config: Config{
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
|
CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
CECPQ1BadX25519Part: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
flags: []string{"-cipher", "kCECPQ1"},
|
||||||
|
shouldFail: true,
|
||||||
|
expectedLocalError: "local error: bad record MAC",
|
||||||
|
})
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
testType: clientTest,
|
||||||
|
name: "CECPQ1-Client-BadNewhopePart",
|
||||||
|
config: Config{
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
|
CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
CECPQ1BadNewhopePart: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
flags: []string{"-cipher", "kCECPQ1"},
|
||||||
|
shouldFail: true,
|
||||||
|
expectedLocalError: "local error: bad record MAC",
|
||||||
|
})
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
testType: serverTest,
|
||||||
|
name: "CECPQ1-Server-BadX25519Part",
|
||||||
|
config: Config{
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
|
CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
CECPQ1BadX25519Part: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
flags: []string{"-cipher", "kCECPQ1"},
|
||||||
|
shouldFail: true,
|
||||||
|
expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
|
||||||
|
})
|
||||||
|
testCases = append(testCases, testCase{
|
||||||
|
testType: serverTest,
|
||||||
|
name: "CECPQ1-Server-BadNewhopePart",
|
||||||
|
config: Config{
|
||||||
|
MinVersion: VersionTLS12,
|
||||||
|
CipherSuites: []uint16{TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384},
|
||||||
|
Bugs: ProtocolBugs{
|
||||||
|
CECPQ1BadNewhopePart: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
flags: []string{"-cipher", "kCECPQ1"},
|
||||||
|
shouldFail: true,
|
||||||
|
expectedError: ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func addKeyExchangeInfoTests() {
|
func addKeyExchangeInfoTests() {
|
||||||
testCases = append(testCases, testCase{
|
testCases = append(testCases, testCase{
|
||||||
name: "KeyExchangeInfo-RSA-Client",
|
name: "KeyExchangeInfo-RSA-Client",
|
||||||
@ -5254,6 +5313,7 @@ func main() {
|
|||||||
addCustomExtensionTests()
|
addCustomExtensionTests()
|
||||||
addRSAClientKeyExchangeTests()
|
addRSAClientKeyExchangeTests()
|
||||||
addCurveTests()
|
addCurveTests()
|
||||||
|
addCECPQ1Tests()
|
||||||
addKeyExchangeInfoTests()
|
addKeyExchangeInfoTests()
|
||||||
for _, async := range []bool{false, true} {
|
for _, async := range []bool{false, true} {
|
||||||
for _, splitHandshake := range []bool{false, true} {
|
for _, splitHandshake := range []bool{false, true} {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user