diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/bogo_shim/bogo_shim.cpp | 46 | ||||
| -rw-r--r-- | src/bogo_shim/config.json | 29 | ||||
| -rw-r--r-- | src/lib/tls/msg_cert_req.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/msg_client_hello.cpp | 4 | ||||
| -rw-r--r-- | src/lib/tls/tls_client.cpp | 9 | ||||
| -rw-r--r-- | src/lib/tls/tls_handshake_io.cpp | 5 | ||||
| -rw-r--r-- | src/lib/tls/tls_handshake_io.h | 6 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 5 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.h | 7 | ||||
| -rw-r--r-- | src/lib/tls/tls_server.cpp | 14 | ||||
| -rwxr-xr-x | src/scripts/ci/setup_gh_actions.sh | 2 | ||||
| -rwxr-xr-x | src/scripts/ci/setup_travis.sh | 11 |
12 files changed, 98 insertions, 42 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index 350623854..0d1fa587d 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -93,9 +93,10 @@ std::string map_to_bogo_error(const std::string& e) { "Certificate: Message malformed", ":DECODE_ERROR:" }, { "Channel::key_material_export cannot export during renegotiation", "failed to export keying material" }, { "Client cert verify failed", ":BAD_SIGNATURE:" }, + { "Client certificate does not support signing", ":KEY_USAGE_BIT_INCORRECT:" }, { "Client did not offer NULL compression", ":INVALID_COMPRESSION_LIST:" }, - { "Client offered TLS version with major version under 3", ":UNSUPPORTED_PROTOCOL:" }, { "Client offered DTLS version with major version 0xFF", ":UNSUPPORTED_PROTOCOL:" }, + { "Client offered TLS version with major version under 3", ":UNSUPPORTED_PROTOCOL:" }, { "Client policy prohibits insecure renegotiation", ":RENEGOTIATION_MISMATCH:" }, { "Client policy prohibits renegotiation", ":NO_RENEGOTIATION:" }, { "Client resumed extended ms session without sending extension", ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:" }, @@ -110,6 +111,9 @@ std::string map_to_bogo_error(const std::string& e) { "Encoding error: Cannot encode PSS string, output length too small", ":NO_COMMON_SIGNATURE_ALGORITHMS:" }, { "Expected TLS but got a record with DTLS version", ":WRONG_VERSION_NUMBER:" }, { "Finished message didn't verify", ":DIGEST_CHECK_FAILED:" }, + { "Have data remaining in buffer after ClientHello", ":EXCESS_HANDSHAKE_DATA:" }, + { "Have data remaining in buffer after Finished", ":EXCESS_HANDSHAKE_DATA:" }, + { "Have data remaining in buffer after ServerHelloDone", ":EXCESS_HANDSHAKE_DATA:" }, { "Inconsistent length in certificate request", ":DECODE_ERROR:" }, { "Inconsistent values in fragmented DTLS handshake header", ":FRAGMENT_MISMATCH:" }, { "Invalid CertificateRequest: Length field outside parameters", ":DECODE_ERROR:" }, @@ -123,11 +127,11 @@ std::string map_to_bogo_error(const std::string& e) { "Invalid authentication tag: ChaCha20Poly1305 tag check failed", ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:" }, { "Invalid authentication tag: GCM tag check failed", ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:" }, { "Message authentication failure", ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:" }, - { "No shared TLS version", ":UNSUPPORTED_PROTOCOL:" }, { "No shared DTLS version", ":UNSUPPORTED_PROTOCOL:" }, + { "No shared TLS version", ":UNSUPPORTED_PROTOCOL:" }, { "OS2ECP: Unknown format type 251", ":BAD_ECPOINT:" }, - { "Policy forbids all available TLS version", ":NO_SUPPORTED_VERSIONS_ENABLED:" }, { "Policy forbids all available DTLS version", ":NO_SUPPORTED_VERSIONS_ENABLED:" }, + { "Policy forbids all available TLS version", ":NO_SUPPORTED_VERSIONS_ENABLED:" }, { "Policy refuses to accept signing with any hash supported by peer", ":NO_COMMON_SIGNATURE_ALGORITHMS:" }, { "Policy requires client send a certificate, but it did not", ":PEER_DID_NOT_RETURN_A_CERTIFICATE:" }, { "Received a record that exceeds maximum size", ":ENCRYPTED_LENGTH_TOO_LONG:" }, @@ -804,6 +808,22 @@ class Shim_Policy final : public Botan::TLS::Policy } + std::vector<Botan::TLS::Signature_Scheme> acceptable_signature_schemes() const override + { + if(m_args.option_used("verify-prefs")) + { + std::vector<Botan::TLS::Signature_Scheme> schemes; + for(size_t pref : m_args.get_int_vec_opt("verify-prefs")) + { + schemes.push_back(static_cast<Botan::TLS::Signature_Scheme>(pref)); + } + + return schemes; + } + + return Botan::TLS::Policy::acceptable_signature_schemes(); + } + std::vector<Botan::TLS::Signature_Scheme> allowed_signature_schemes() const override { if(m_args.option_used("signing-prefs")) @@ -824,17 +844,6 @@ class Shim_Policy final : public Botan::TLS::Policy return schemes; } - if(m_args.option_used("verify-prefs")) - { - std::vector<Botan::TLS::Signature_Scheme> schemes; - for(size_t pref : m_args.get_int_vec_opt("verify-prefs")) - { - schemes.push_back(static_cast<Botan::TLS::Signature_Scheme>(pref)); - } - - return schemes; - } - return Botan::TLS::Policy::allowed_signature_schemes(); } @@ -1332,10 +1341,13 @@ class Shim_Callbacks final : public Botan::TLS::Callbacks "Simulated OCSP callback failure"); } - if(m_args.flag_set("verify-peer") && m_args.flag_set("verify-fail")) + if(m_args.flag_set("verify-fail")) { - throw Botan::TLS::TLS_Exception(Botan::TLS::Alert::BAD_CERTIFICATE, - "Test requires rejecting cert"); + auto alert = Botan::TLS::Alert::HANDSHAKE_FAILURE; + if(m_args.flag_set("use-custom-verify-callback")) + alert = Botan::TLS::Alert::CERTIFICATE_UNKNOWN; + + throw Botan::TLS::TLS_Exception(alert, "Test requires rejecting cert"); } } diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json index 2ac81e969..b16025976 100644 --- a/src/bogo_shim/config.json +++ b/src/bogo_shim/config.json @@ -6,7 +6,9 @@ "Garbage": "Decoding error", "Resume-Client-CipherMismatch": "Unexpected error", "InvalidECDHPoint-Server": "Unexpected error", - "NoSharedCipher": "Unexpected error" + "NoSharedCipher": "Unexpected error", + + "PartialFinishedWithServerHelloDone": "Unexpected record vs excess handshake data" }, "DisabledTests": { @@ -23,6 +25,8 @@ "ExportTrafficSecrets-*": "No TLS 1.3", "IgnoreClientVersionOrder": "No TLS 1.3", "Resume-Server-OmitPSKsOnSecondClientHello": "No TLS 1.3", + "PartialServerHelloWithHelloRetryRequest": "No TLS 1.3", + "PartialClientFinishedWithSecondClientHello": "No TLS 1.3", "DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension", @@ -34,19 +38,26 @@ "*SSL3*": "No SSLv3", "*SSLv3*": "No SSLv3", + "*QUIC*": "No QUIC", + "ALPS*": "No ALPS", + + "EarlyData-Reject0RTT*": "No support for 0RTT", + "PartialEndOfEarlyDataWithClientHello": "No support for 0RTT", + "*NPN*": "No support for NPN", "ALPNServer-Preferred-*": "No support for NPN", - "*-NextProtocol": "No support for NPN", + "*-NextProtocol*": "No support for NPN", "*SignedCertificateTimestamp*": "No support for SCT", "*SCT*": "No support for SCT", "Renegotiation-ChangeAuthProperties": "No support for SCT", "UnsolicitedCertificateExtensions-TLS*": "No support for SCT", + "CertificateVerificationSoftFail*": "Fail, but don't fail... wtf?", + "*NULL-SHA*": "No support for NULL ciphers", "*WITH_NULL*": "No support for NULL ciphers", "*GREASE*": "No support for GREASE", - "QUICTransportParams*": "No support for QUIC", "*ChannelID*": "No support for ChannelID", "*TokenBinding*": "No support for Token Binding", "ClientHelloPadding": "No support for client hello padding extension", @@ -94,14 +105,14 @@ "AppDataAfterChangeCipherSpec-DTLS*": "BoringSSL DTLS drops out of order AppData, we reject", - "Resume-Client-NoResume-TLS1-TLS11": "BoGo expects resumption attempt sends latest version", - "Resume-Client-NoResume-TLS1-TLS12": "BoGo expects resumption attempt sends latest version", - "Resume-Client-NoResume-TLS11-TLS12": "BoGo expects resumption attempt sends latest version", + "Resume-Client-NoResume-TLS1-TLS11-TLS": "BoGo expects resumption attempt sends latest version", + "Resume-Client-NoResume-TLS1-TLS12-TLS": "BoGo expects resumption attempt sends latest version", + "Resume-Client-NoResume-TLS11-TLS12-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-NoResume-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version", - "Resume-Client-Mismatch-TLS1-TLS11": "BoGo expects resumption attempt sends latest version", - "Resume-Client-Mismatch-TLS1-TLS12": "BoGo expects resumption attempt sends latest version", - "Resume-Client-Mismatch-TLS11-TLS12": "BoGo expects resumption attempt sends latest version", + "Resume-Client-Mismatch-TLS1-TLS11-TLS": "BoGo expects resumption attempt sends latest version", + "Resume-Client-Mismatch-TLS1-TLS12-TLS": "BoGo expects resumption attempt sends latest version", + "Resume-Client-Mismatch-TLS11-TLS12-TLS": "BoGo expects resumption attempt sends latest version", "Resume-Client-Mismatch-TLS1-TLS12-DTLS": "BoGo expects resumption attempt sends latest version", "CurveTest-*-Compressed*": "Point compression is supported, which BoGo doesn't expect", diff --git a/src/lib/tls/msg_cert_req.cpp b/src/lib/tls/msg_cert_req.cpp index 9e8a4d803..a80fbf2b9 100644 --- a/src/lib/tls/msg_cert_req.cpp +++ b/src/lib/tls/msg_cert_req.cpp @@ -61,7 +61,7 @@ Certificate_Req::Certificate_Req(Handshake_IO& io, { if(version.supports_negotiable_signature_algorithms()) { - m_schemes = policy.allowed_signature_schemes(); + m_schemes = policy.acceptable_signature_schemes(); } hash.update(io.send(*this)); diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 3eee06e69..7e52b4a6e 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -120,7 +120,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); if(m_version.supports_negotiable_signature_algorithms()) - m_extensions.add(new Signature_Algorithms(policy.allowed_signature_schemes())); + m_extensions.add(new Signature_Algorithms(policy.acceptable_signature_schemes())); if(m_version.is_datagram_protocol()) m_extensions.add(new SRTP_Protection_Profiles(policy.srtp_profiles())); @@ -193,7 +193,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, m_extensions.add(new Encrypt_then_MAC); if(m_version.supports_negotiable_signature_algorithms()) - m_extensions.add(new Signature_Algorithms(policy.allowed_signature_schemes())); + m_extensions.add(new Signature_Algorithms(policy.acceptable_signature_schemes())); if(reneg_info.empty() && !next_protocols.empty()) m_extensions.add(new Application_Layer_Protocol_Notification(next_protocols)); diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 913feb709..7ce9952e6 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -564,6 +564,11 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { state.server_hello_done(new Server_Hello_Done(contents)); + if(state.handshake_io().have_more_data()) + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Have data remaining in buffer after ServerHelloDone"); + + if(state.server_certs() != nullptr && state.server_hello()->supports_certificate_status_message()) { @@ -669,6 +674,10 @@ void Client::process_handshake_msg(const Handshake_State* active_state, } else if(type == FINISHED) { + if(state.handshake_io().have_more_data()) + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Have data remaining in buffer after Finished"); + state.server_finished(new Finished(contents)); if(!state.server_finished()->verify(state, SERVER)) diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp index d52e620ad..58aa785b1 100644 --- a/src/lib/tls/tls_handshake_io.cpp +++ b/src/lib/tls/tls_handshake_io.cpp @@ -169,6 +169,11 @@ void Datagram_Handshake_IO::retransmit_flight(size_t flight_idx) } } +bool Datagram_Handshake_IO::have_more_data() const + { + return false; + } + bool Datagram_Handshake_IO::timeout_check() { if(m_last_write == 0 || (m_flights.size() > 1 && !m_flights.rbegin()->empty())) diff --git a/src/lib/tls/tls_handshake_io.h b/src/lib/tls/tls_handshake_io.h index 1c128726d..d7c1721be 100644 --- a/src/lib/tls/tls_handshake_io.h +++ b/src/lib/tls/tls_handshake_io.h @@ -37,6 +37,8 @@ class Handshake_IO virtual bool timeout_check() = 0; + virtual bool have_more_data() const = 0; + virtual std::vector<uint8_t> format( const std::vector<uint8_t>& handshake_msg, Handshake_Type handshake_type) const = 0; @@ -75,6 +77,8 @@ class Stream_Handshake_IO final : public Handshake_IO bool timeout_check() override { return false; } + bool have_more_data() const override { return m_queue.empty() == false; } + std::vector<uint8_t> send(const Handshake_Message& msg) override; std::vector<uint8_t> send_under_epoch(const Handshake_Message& msg, uint16_t epoch) override; @@ -118,6 +122,8 @@ class Datagram_Handshake_IO final : public Handshake_IO bool timeout_check() override; + bool have_more_data() const override; + std::vector<uint8_t> send(const Handshake_Message& msg) override; std::vector<uint8_t> send_under_epoch(const Handshake_Message& msg, uint16_t epoch) override; diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index c0f5171a7..2425e342d 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -39,6 +39,11 @@ std::vector<Signature_Scheme> Policy::allowed_signature_schemes() const return schemes; } +std::vector<Signature_Scheme> Policy::acceptable_signature_schemes() const + { + return this->allowed_signature_schemes(); + } + std::vector<std::string> Policy::allowed_ciphers() const { return { diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 5ce2840a8..b53c08bb6 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -55,13 +55,18 @@ class BOTAN_PUBLIC_API(2,0) Policy /** * Returns a list of signature algorithms we are willing to - * use, in order of preference. Allowed values RSA and DSA. + * use, in order of preference. */ virtual std::vector<std::string> allowed_signature_methods() const; virtual std::vector<Signature_Scheme> allowed_signature_schemes() const; /** + * Return a list of schemes we are willing to accept + */ + virtual std::vector<Signature_Scheme> acceptable_signature_schemes() const; + + /** * The minimum signature strength we will accept * Returning 80 allows RSA 1024 and SHA-1. Values larger than 80 disable SHA-1 support. * Returning 110 allows RSA 2048. diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index c62053857..9a9b3e819 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -435,6 +435,10 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, return; } + if(pending_state.handshake_io().have_more_data()) + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Have data remaining in buffer after ClientHello"); + pending_state.client_hello(new Client_Hello(contents)); const Protocol_Version client_offer = pending_state.client_hello()->version(); const bool datagram = client_offer.is_datagram_protocol(); @@ -599,6 +603,12 @@ void Server::process_certificate_verify_msg(Server_Handshake_State& pending_stat const std::vector<X509_Certificate>& client_certs = pending_state.client_certs()->cert_chain(); + if(client_certs.empty()) + throw TLS_Exception(Alert::DECODE_ERROR, "No client certificate sent"); + + if(!client_certs[0].allowed_usage(DIGITAL_SIGNATURE)) + throw TLS_Exception(Alert::BAD_CERTIFICATE, "Client certificate does not support signing"); + const bool sig_valid = pending_state.client_verify()->verify(client_certs[0], pending_state, policy()); @@ -638,6 +648,10 @@ void Server::process_finished_msg(Server_Handshake_State& pending_state, { pending_state.set_expected_next(HANDSHAKE_NONE); + if(pending_state.handshake_io().have_more_data()) + throw TLS_Exception(Alert::UNEXPECTED_MESSAGE, + "Have data remaining in buffer after Finished"); + pending_state.client_finished(new Finished(contents)); if(!pending_state.client_finished()->verify(pending_state, CLIENT)) diff --git a/src/scripts/ci/setup_gh_actions.sh b/src/scripts/ci/setup_gh_actions.sh index 5a9173834..0f33f2fdd 100755 --- a/src/scripts/ci/setup_gh_actions.sh +++ b/src/scripts/ci/setup_gh_actions.sh @@ -51,7 +51,7 @@ if type -p "apt-get"; then pip install --user codecov echo "$HOME/.local/bin" >> "$GITHUB_PATH" - git clone --depth 1 --branch runner-changes https://github.com/randombit/boringssl.git + git clone --depth 1 --branch jack/runner-20201201 https://github.com/randombit/boringssl.git sudo chgrp -R "$(id -g)" /var/lib/softhsm/ /etc/softhsm sudo chmod g+w /var/lib/softhsm/tokens diff --git a/src/scripts/ci/setup_travis.sh b/src/scripts/ci/setup_travis.sh index bd43cfc9e..76d59c0d7 100755 --- a/src/scripts/ci/setup_travis.sh +++ b/src/scripts/ci/setup_travis.sh @@ -44,17 +44,6 @@ if [ "$TRAVIS_OS_NAME" = "linux" ]; then sudo apt-get -qq update sudo apt-get install pylint - elif [ "$TARGET" = "coverage" ]; then - sudo apt-get -qq update - sudo apt-get install g++-8 softhsm2 libtspi-dev lcov python-coverage libboost-all-dev gdb - pip install --user codecov - git clone --depth 1 --branch runner-changes-golang1.10 https://github.com/randombit/boringssl.git - - sudo chgrp -R "$(id -g)" /var/lib/softhsm/ /etc/softhsm - sudo chmod g+w /var/lib/softhsm/tokens - - softhsm2-util --init-token --free --label test --pin 123456 --so-pin 12345678 - elif [ "$TARGET" = "docs" ]; then sudo apt-get -qq update sudo apt-get install doxygen python-docutils python3-sphinx |