ssl_staticrsa_unittest.cc (5319B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 5 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #include <functional> 8 #include <memory> 9 #include "secerr.h" 10 #include "ssl.h" 11 #include "sslerr.h" 12 #include "sslproto.h" 13 14 extern "C" { 15 // This is not something that should make you happy. 16 #include "libssl_internals.h" 17 } 18 19 #include "gtest_utils.h" 20 #include "nss_scoped_ptrs.h" 21 #include "tls_connect.h" 22 #include "tls_filter.h" 23 #include "tls_parser.h" 24 #include "rsa8193.h" 25 26 namespace nss_test { 27 28 const uint8_t kBogusClientKeyExchange[] = { 29 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 30 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 31 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 32 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 33 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 34 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 35 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 36 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 37 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 38 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 39 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 40 }; 41 42 TEST_P(TlsConnectGenericPre13, ConnectStaticRSA) { 43 EnableOnlyStaticRsaCiphers(); 44 Connect(); 45 CheckKeys(ssl_kea_rsa, ssl_grp_none, ssl_auth_rsa_decrypt, ssl_sig_none); 46 } 47 48 // Test that a totally bogus EPMS is handled correctly. 49 // This test is stream so we can catch the bad_record_mac alert. 50 TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusCKE) { 51 EnableOnlyStaticRsaCiphers(); 52 MakeTlsFilter<TlsInspectorReplaceHandshakeMessage>( 53 client_, kTlsHandshakeClientKeyExchange, 54 DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange))); 55 ConnectExpectAlert(server_, kTlsAlertBadRecordMac); 56 } 57 58 // Test that a PMS with a bogus version number is handled correctly. 59 // This test is stream so we can catch the bad_record_mac alert. 60 TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusPMSVersionDetect) { 61 EnableOnlyStaticRsaCiphers(); 62 MakeTlsFilter<TlsClientHelloVersionChanger>(client_, server_); 63 ConnectExpectAlert(server_, kTlsAlertBadRecordMac); 64 } 65 66 // Test that a PMS with a bogus version number is ignored when 67 // rollback detection is disabled. This is a positive control for 68 // ConnectStaticRSABogusPMSVersionDetect. 69 TEST_P(TlsConnectGenericPre13, ConnectStaticRSABogusPMSVersionIgnore) { 70 EnableOnlyStaticRsaCiphers(); 71 MakeTlsFilter<TlsClientHelloVersionChanger>(client_, server_); 72 server_->SetOption(SSL_ROLLBACK_DETECTION, PR_FALSE); 73 Connect(); 74 } 75 76 // This test is stream so we can catch the bad_record_mac alert. 77 TEST_P(TlsConnectStreamPre13, ConnectExtendedMasterSecretStaticRSABogusCKE) { 78 EnableOnlyStaticRsaCiphers(); 79 EnableExtendedMasterSecret(); 80 MakeTlsFilter<TlsInspectorReplaceHandshakeMessage>( 81 client_, kTlsHandshakeClientKeyExchange, 82 DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange))); 83 ConnectExpectAlert(server_, kTlsAlertBadRecordMac); 84 } 85 86 // This test is stream so we can catch the bad_record_mac alert. 87 TEST_P(TlsConnectStreamPre13, 88 ConnectExtendedMasterSecretStaticRSABogusPMSVersionDetect) { 89 EnableOnlyStaticRsaCiphers(); 90 EnableExtendedMasterSecret(); 91 MakeTlsFilter<TlsClientHelloVersionChanger>(client_, server_); 92 ConnectExpectAlert(server_, kTlsAlertBadRecordMac); 93 } 94 95 TEST_P(TlsConnectStreamPre13, 96 ConnectExtendedMasterSecretStaticRSABogusPMSVersionIgnore) { 97 EnableOnlyStaticRsaCiphers(); 98 EnableExtendedMasterSecret(); 99 MakeTlsFilter<TlsClientHelloVersionChanger>(client_, server_); 100 server_->SetOption(SSL_ROLLBACK_DETECTION, PR_FALSE); 101 Connect(); 102 } 103 104 // Replace the server certificate with one that uses 8193-bit RSA. 105 class TooLargeRSACertFilter : public TlsHandshakeFilter { 106 public: 107 TooLargeRSACertFilter(const std::shared_ptr<TlsAgent> &server) 108 : TlsHandshakeFilter(server, {kTlsHandshakeCertificate}) {} 109 110 protected: 111 virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header, 112 const DataBuffer &input, 113 DataBuffer *output) { 114 const uint32_t cert_len = sizeof(rsa8193); 115 const uint32_t outer_len = cert_len + 3; 116 size_t offset = 0; 117 offset = output->Write(offset, outer_len, 3); 118 offset = output->Write(offset, cert_len, 3); 119 offset = output->Write(offset, rsa8193, cert_len); 120 121 return CHANGE; 122 } 123 }; 124 125 TEST_P(TlsConnectGenericPre13, TooLargeRSAKeyInCert) { 126 EnableOnlyStaticRsaCiphers(); 127 MakeTlsFilter<TooLargeRSACertFilter>(server_); 128 ConnectExpectAlert(client_, kTlsAlertIllegalParameter); 129 client_->CheckErrorCode(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); 130 server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); 131 } 132 133 TEST_P(TlsConnectGeneric, ServerAuthBiggestRsa) { 134 Reset(TlsAgent::kRsa8192); 135 Connect(); 136 CheckKeys(); 137 } 138 139 } // namespace nss_test