diff options
Diffstat (limited to 'security/nss/gtests/nss_bogo_shim')
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/Makefile | 46 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/config.cc | 69 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/config.h | 94 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/config.json | 77 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/manifest.mn | 22 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc | 669 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp | 63 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/nsskeys.cc | 83 | ||||
| -rw-r--r-- | security/nss/gtests/nss_bogo_shim/nsskeys.h | 20 |
9 files changed, 1143 insertions, 0 deletions
diff --git a/security/nss/gtests/nss_bogo_shim/Makefile b/security/nss/gtests/nss_bogo_shim/Makefile new file mode 100644 index 0000000000..a2ac4b145c --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/Makefile @@ -0,0 +1,46 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +CXXFLAGS += -std=c++0x + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../common/gtest.mk + +CFLAGS += -I$(CORE_DEPTH)/lib/ssl + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### diff --git a/security/nss/gtests/nss_bogo_shim/config.cc b/security/nss/gtests/nss_bogo_shim/config.cc new file mode 100644 index 0000000000..603bb60296 --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/config.cc @@ -0,0 +1,69 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "config.h" + +#include <cstdlib> +#include <queue> +#include <string> + +bool ConfigEntryBase::ParseInternal(std::queue<const char *> &args, + std::vector<int> &out) { + if (args.empty()) return false; + + char *endptr; + out.push_back(strtol(args.front(), &endptr, 10)); + args.pop(); + + return !*endptr; +} + +bool ConfigEntryBase::ParseInternal(std::queue<const char *> &args, + std::string &out) { + if (args.empty()) return false; + out = args.front(); + args.pop(); + return true; +} + +bool ConfigEntryBase::ParseInternal(std::queue<const char *> &args, int &out) { + if (args.empty()) return false; + + char *endptr; + out = strtol(args.front(), &endptr, 10); + args.pop(); + + return !*endptr; +} + +bool ConfigEntryBase::ParseInternal(std::queue<const char *> &args, bool &out) { + out = true; + return true; +} + +std::string Config::XformFlag(const std::string &arg) { + if (arg.empty()) return ""; + + if (arg[0] != '-') return ""; + + return arg.substr(1); +} + +Config::Status Config::ParseArgs(int argc, char **argv) { + std::queue<const char *> args; + for (int i = 1; i < argc; ++i) { + args.push(argv[i]); + } + while (!args.empty()) { + auto e = entries_.find(XformFlag(args.front())); + args.pop(); + if (e == entries_.end()) { + return kUnknownFlag; + } + if (!e->second->Parse(args)) return kMalformedArgument; + } + + return kOK; +} diff --git a/security/nss/gtests/nss_bogo_shim/config.h b/security/nss/gtests/nss_bogo_shim/config.h new file mode 100644 index 0000000000..0e7fb5ed58 --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/config.h @@ -0,0 +1,94 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Generic command line flags system for NSS BoGo shim. This class +// could actually in principle handle other programs. The flags are +// defined in the consumer code. + +#ifndef config_h_ +#define config_h_ + +#include <cassert> + +#include <iostream> +#include <map> +#include <memory> +#include <queue> +#include <string> +#include <typeinfo> + +// Abstract base class for a given config flag. +class ConfigEntryBase { + public: + ConfigEntryBase(const std::string& nm, const std::string& typ) + : name_(nm), type_(typ) {} + + virtual ~ConfigEntryBase() {} + + const std::string& type() const { return type_; } + virtual bool Parse(std::queue<const char*>& args) = 0; + + protected: + bool ParseInternal(std::queue<const char*>& args, std::vector<int>& out); + bool ParseInternal(std::queue<const char*>& args, std::string& out); + bool ParseInternal(std::queue<const char*>& args, int& out); + bool ParseInternal(std::queue<const char*>& args, bool& out); + + const std::string name_; + const std::string type_; +}; + +// Template specializations for the concrete flag types. +template <typename T> +class ConfigEntry : public ConfigEntryBase { + public: + ConfigEntry(const std::string& name, T init) + : ConfigEntryBase(name, typeid(T).name()), value_(init) {} + T get() const { return value_; } + + bool Parse(std::queue<const char*>& args) { + return ParseInternal(args, value_); + } + + private: + T value_; +}; + +// The overall configuration (I.e., the total set of flags). +class Config { + public: + enum Status { kOK, kUnknownFlag, kMalformedArgument, kMissingValue }; + + Config() : entries_() {} + + template <typename T> + void AddEntry(const std::string& name, T init) { + entries_[name] = + std::unique_ptr<ConfigEntryBase>(new ConfigEntry<T>(name, init)); + } + + Status ParseArgs(int argc, char** argv); + + template <typename T> + T get(const std::string& key) const { + auto e = entry(key); + assert(e->type() == typeid(T).name()); + return static_cast<const ConfigEntry<T>*>(e)->get(); + } + + private: + static std::string XformFlag(const std::string& arg); + + std::map<std::string, std::unique_ptr<ConfigEntryBase>> entries_; + + const ConfigEntryBase* entry(const std::string& key) const { + auto e = entries_.find(key); + if (e == entries_.end()) return nullptr; + return e->second.get(); + } +}; + +#endif // config_h_ diff --git a/security/nss/gtests/nss_bogo_shim/config.json b/security/nss/gtests/nss_bogo_shim/config.json new file mode 100644 index 0000000000..5c7a2e3481 --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/config.json @@ -0,0 +1,77 @@ +{ + "DisabledTests": { + "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"", + "*TLS13Draft*":"NSS supports RFC 8446 only.", + "IgnoreClientVersionOrder":"Uses draft23", + "DuplicateCertCompressionExt*":"BoGo expects that an alert is sent if more than one compression algorithm is sent.", + "ServerBogusVersion":"Check that SH.legacy_version=TLS12 when the server picks TLS 1.3 (Bug 1443761)", + "DummyPQPadding-Server*":"Boring is testing a dummy PQ padding extension", + "VerifyPreferences-Enforced":"NSS sends alerts in response to errors in protected handshake messages in the clear", + "Draft-Downgrade-Server":"Boring implements a draft downgrade sentinel used for measurements.", + "FilterExtraAlgorithms":"NSS doesn't allow sending unsupported signature algorithms", + "SendBogusAlertType":"Unexpected TLS alerts should abort connections (Bug 1438263)", + "VerifyPreferences-Ed25519":"Add Ed25519 support (Bug 1325335)", + "Ed25519DefaultDisable*":"Add Ed25519 support (Bug 1325335)", + "ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)", + "GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)", + "SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)", + "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)", + "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)", + "CheckRecordVersion-TLS*":"Bug 1317634", + "GarbageInitialRecordVersion-TLS*":"NSS doesn't strictly check the ClientHello record version", + "GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it", + "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)", + "*KeyUpdate*":"KeyUpdate Unimplemented", + "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975", + "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts", + "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3", + "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records", + "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978", + "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup", + "*SSL3*":"NSS disables SSLv3", + "*SSLv3*":"NSS disables SSLv3", + "*AES256*":"Inconsistent support for AES256", + "*AES128-SHA256*":"No support for Suite B ciphers", + "DuplicateExtension*":"NSS sends unexpected_extension alert", + "WeakDH":"NSS supports 768-bit DH", + "SillyDH":"NSS supports 4097-bit DH", + "SendWarningAlerts":"This appears to be Boring-specific", + "TLS12-AES128-GCM-client":"Bug 1292895", + "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895", + "Renegotiate-Client-Forbidden-1":"Bug 1292898", + "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default", + "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default", + "StrayHelloRequest*":"NSS doesn't disable renegotiation by default", + "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error", + "FragmentedClientVersion":"received a malformed Client Hello handshake message", + "WrongMessageType-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)", + "TrailingMessageData-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)", + "UnofferedExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)", + "UnknownExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-CertificateRequest":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-ServerCertificateVerify":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-ServerCertificate":"Boring expects CCS (Bugs 1481209, 1304603)", + "WrongMessageType-TLS13-ServerFinished":"Boring expects CCS (Bugs 1481209, 1304603)", + "TrailingMessageData-*": "Bug 1304575", + "DuplicateKeyShares":"Bug 1304578", + "Resume-Server-TLS13-TLS13":"Bug 1314351", + "SkipEarlyData-Interleaved":"Bug 1336916", + "ECDSAKeyUsage-TLS1*":"Bug 1338194", + "PointFormat-Client-MissingUncompressed":"We ignore ec_point_formats extensions sent by servers.", + "SkipEarlyData-SecondClientHelloEarlyData":"Boring doesn't reject early_data in the 2nd CH but fails later with bad_record_mac.", + "SkipEarlyData-*TooMuchData":"Bug 1339373", + "UnsolicitedServerNameAck-TLS1*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.", + "RequireAnyClientCertificate-TLS1*":"Bug 1339387", + "SendExtensionOnClientCertificate-TLS13":"Bug 1339392", + "ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear", + "P224-Server":"NSS doesn't support P-224", + "ClientAuth-SHA1-Fallback*":"Boring wants us to fall back to SHA-1 if supported_signature_algorithms in CR is empty." + }, + "ErrorMap" : { + ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP", + ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP", + ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_RX_MALFORMED_SERVER_HELLO", + ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP", + ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE" + } +} diff --git a/security/nss/gtests/nss_bogo_shim/manifest.mn b/security/nss/gtests/nss_bogo_shim/manifest.mn new file mode 100644 index 0000000000..f8a6b07aff --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. +DEPTH = ../.. +MODULE = nss + +CPPSRCS = \ + config.cc \ + nsskeys.cc \ + nss_bogo_shim.cc \ + $(NULL) + +INCLUDES += -I$(CORE_DEPTH)/cpputil + +REQUIRES = nspr nss libdbm cpputil + +PROGRAM = nss_bogo_shim +EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) + +USE_STATIC_LIBS = 1 diff --git a/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc new file mode 100644 index 0000000000..b2ce6898da --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc @@ -0,0 +1,669 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "config.h" + +#include <algorithm> +#include <cstdlib> +#include <iostream> +#include <memory> +#include "nspr.h" +#include "nss.h" +#include "prio.h" +#include "prnetdb.h" +#include "secerr.h" +#include "ssl.h" +#include "ssl3prot.h" +#include "sslerr.h" +#include "sslproto.h" +#include "nss_scoped_ptrs.h" + +#include "nsskeys.h" + +static const char* kVersionDisableFlags[] = {"no-ssl3", "no-tls1", "no-tls11", + "no-tls12", "no-tls13"}; + +bool exitCodeUnimplemented = false; + +std::string FormatError(PRErrorCode code) { + return std::string(":") + PORT_ErrorToName(code) + ":" + ":" + + PORT_ErrorToString(code); +} + +class TestAgent { + public: + TestAgent(const Config& cfg) : cfg_(cfg) {} + + ~TestAgent() {} + + static std::unique_ptr<TestAgent> Create(const Config& cfg) { + std::unique_ptr<TestAgent> agent(new TestAgent(cfg)); + + if (!agent->Init()) return nullptr; + + return agent; + } + + bool Init() { + if (!ConnectTcp()) { + return false; + } + + if (!SetupKeys()) { + std::cerr << "Couldn't set up keys/certs\n"; + return false; + } + + if (!SetupOptions()) { + std::cerr << "Couldn't configure socket\n"; + return false; + } + + SECStatus rv = SSL_ResetHandshake(ssl_fd_.get(), cfg_.get<bool>("server")); + if (rv != SECSuccess) return false; + + return true; + } + + bool ConnectTcp() { + // Try IPv6 first, then IPv4 in case of failure. + if (!OpenConnection("::1") && !OpenConnection("127.0.0.1")) { + return false; + } + + ssl_fd_ = ScopedPRFileDesc(SSL_ImportFD(NULL, pr_fd_.get())); + if (!ssl_fd_) { + return false; + } + pr_fd_.release(); + + return true; + } + + bool OpenConnection(const char* ip) { + PRStatus prv; + PRNetAddr addr; + + prv = PR_StringToNetAddr(ip, &addr); + + if (prv != PR_SUCCESS) { + return false; + } + + addr.inet.port = PR_htons(cfg_.get<int>("port")); + + pr_fd_ = ScopedPRFileDesc(PR_OpenTCPSocket(addr.raw.family)); + if (!pr_fd_) return false; + + prv = PR_Connect(pr_fd_.get(), &addr, PR_INTERVAL_NO_TIMEOUT); + if (prv != PR_SUCCESS) { + return false; + } + return true; + } + + bool SetupKeys() { + SECStatus rv; + + if (cfg_.get<std::string>("key-file") != "") { + key_ = ScopedSECKEYPrivateKey( + ReadPrivateKey(cfg_.get<std::string>("key-file"))); + if (!key_) return false; + } + if (cfg_.get<std::string>("cert-file") != "") { + cert_ = ScopedCERTCertificate( + ReadCertificate(cfg_.get<std::string>("cert-file"))); + if (!cert_) return false; + } + + // Needed because certs are not entirely valid. + rv = SSL_AuthCertificateHook(ssl_fd_.get(), AuthCertificateHook, this); + if (rv != SECSuccess) return false; + + if (cfg_.get<bool>("server")) { + // Server + rv = SSL_ConfigServerCert(ssl_fd_.get(), cert_.get(), key_.get(), nullptr, + 0); + if (rv != SECSuccess) { + std::cerr << "Couldn't configure server cert\n"; + return false; + } + + } else if (key_ && cert_) { + // Client. + rv = + SSL_GetClientAuthDataHook(ssl_fd_.get(), GetClientAuthDataHook, this); + if (rv != SECSuccess) return false; + } + + return true; + } + + static bool ConvertFromWireVersion(SSLProtocolVariant variant, + int wire_version, uint16_t* lib_version) { + // These default values are used when {min,max}-version isn't given. + if (wire_version == 0 || wire_version == 0xffff) { + *lib_version = static_cast<uint16_t>(wire_version); + return true; + } + +#ifdef TLS_1_3_DRAFT_VERSION + if (wire_version == (0x7f00 | TLS_1_3_DRAFT_VERSION)) { + // N.B. SSL_LIBRARY_VERSION_DTLS_1_3_WIRE == SSL_LIBRARY_VERSION_TLS_1_3 + wire_version = SSL_LIBRARY_VERSION_TLS_1_3; + } +#endif + + if (variant == ssl_variant_datagram) { + switch (wire_version) { + case SSL_LIBRARY_VERSION_DTLS_1_0_WIRE: + *lib_version = SSL_LIBRARY_VERSION_DTLS_1_0; + break; + case SSL_LIBRARY_VERSION_DTLS_1_2_WIRE: + *lib_version = SSL_LIBRARY_VERSION_DTLS_1_2; + break; + case SSL_LIBRARY_VERSION_DTLS_1_3_WIRE: + *lib_version = SSL_LIBRARY_VERSION_DTLS_1_3; + break; + default: + std::cerr << "Unrecognized DTLS version " << wire_version << ".\n"; + return false; + } + } else { + if (wire_version < SSL_LIBRARY_VERSION_3_0 || + wire_version > SSL_LIBRARY_VERSION_TLS_1_3) { + std::cerr << "Unrecognized TLS version " << wire_version << ".\n"; + return false; + } + *lib_version = static_cast<uint16_t>(wire_version); + } + return true; + } + + bool GetVersionRange(SSLVersionRange* range_out, SSLProtocolVariant variant) { + SSLVersionRange supported; + if (SSL_VersionRangeGetSupported(variant, &supported) != SECSuccess) { + return false; + } + + uint16_t min_allowed; + uint16_t max_allowed; + if (!ConvertFromWireVersion(variant, cfg_.get<int>("min-version"), + &min_allowed)) { + return false; + } + if (!ConvertFromWireVersion(variant, cfg_.get<int>("max-version"), + &max_allowed)) { + return false; + } + + min_allowed = std::max(min_allowed, supported.min); + max_allowed = std::min(max_allowed, supported.max); + + bool found_min = false; + bool found_max = false; + // Ignore -no-ssl3, because SSLv3 is never supported. + for (size_t i = 1; i < PR_ARRAY_SIZE(kVersionDisableFlags); ++i) { + auto version = + static_cast<uint16_t>(SSL_LIBRARY_VERSION_TLS_1_0 + (i - 1)); + if (variant == ssl_variant_datagram) { + // In DTLS mode, the -no-tlsN flags refer to DTLS versions, + // but NSS wants the corresponding TLS versions. + if (version == SSL_LIBRARY_VERSION_TLS_1_1) { + // DTLS 1.1 doesn't exist. + continue; + } + if (version == SSL_LIBRARY_VERSION_TLS_1_0) { + version = SSL_LIBRARY_VERSION_DTLS_1_0; + } + } + + if (version < min_allowed) { + continue; + } + if (version > max_allowed) { + break; + } + + const bool allowed = !cfg_.get<bool>(kVersionDisableFlags[i]); + + if (!found_min && allowed) { + found_min = true; + range_out->min = version; + } + if (found_min && !found_max) { + if (allowed) { + range_out->max = version; + } else { + found_max = true; + } + } + if (found_max && allowed) { + std::cerr << "Discontiguous version range.\n"; + return false; + } + } + + if (!found_min) { + std::cerr << "All versions disabled.\n"; + } + return found_min; + } + + bool SetupOptions() { + SECStatus rv = + SSL_OptionSet(ssl_fd_.get(), SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE); + if (rv != SECSuccess) return false; + + rv = SSL_OptionSet(ssl_fd_.get(), SSL_ENABLE_SESSION_TICKETS, PR_TRUE); + if (rv != SECSuccess) return false; + + SSLVersionRange vrange; + if (!GetVersionRange(&vrange, ssl_variant_stream)) return false; + + rv = SSL_VersionRangeSet(ssl_fd_.get(), &vrange); + if (rv != SECSuccess) return false; + + SSLVersionRange verify_vrange; + rv = SSL_VersionRangeGet(ssl_fd_.get(), &verify_vrange); + if (rv != SECSuccess) return false; + if (vrange.min != verify_vrange.min || vrange.max != verify_vrange.max) + return false; + + rv = SSL_OptionSet(ssl_fd_.get(), SSL_NO_CACHE, false); + if (rv != SECSuccess) return false; + + auto alpn = cfg_.get<std::string>("advertise-alpn"); + if (!alpn.empty()) { + assert(!cfg_.get<bool>("server")); + + rv = SSL_OptionSet(ssl_fd_.get(), SSL_ENABLE_ALPN, PR_TRUE); + if (rv != SECSuccess) return false; + + rv = SSL_SetNextProtoNego( + ssl_fd_.get(), reinterpret_cast<const unsigned char*>(alpn.c_str()), + alpn.size()); + if (rv != SECSuccess) return false; + } + + // Set supported signature schemes. + auto sign_prefs = cfg_.get<std::vector<int>>("signing-prefs"); + auto verify_prefs = cfg_.get<std::vector<int>>("verify-prefs"); + if (sign_prefs.empty()) { + sign_prefs = verify_prefs; + } else if (!verify_prefs.empty()) { + return false; // Both shouldn't be set. + } + if (!sign_prefs.empty()) { + std::vector<SSLSignatureScheme> sig_schemes; + std::transform( + sign_prefs.begin(), sign_prefs.end(), std::back_inserter(sig_schemes), + [](int scheme) { return static_cast<SSLSignatureScheme>(scheme); }); + + rv = SSL_SignatureSchemePrefSet( + ssl_fd_.get(), sig_schemes.data(), + static_cast<unsigned int>(sig_schemes.size())); + if (rv != SECSuccess) return false; + } + + if (cfg_.get<bool>("fallback-scsv")) { + rv = SSL_OptionSet(ssl_fd_.get(), SSL_ENABLE_FALLBACK_SCSV, PR_TRUE); + if (rv != SECSuccess) return false; + } + + if (cfg_.get<bool>("false-start")) { + rv = SSL_OptionSet(ssl_fd_.get(), SSL_ENABLE_FALSE_START, PR_TRUE); + if (rv != SECSuccess) return false; + } + + if (cfg_.get<bool>("enable-ocsp-stapling")) { + rv = SSL_OptionSet(ssl_fd_.get(), SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + if (rv != SECSuccess) return false; + } + + bool requireClientCert = cfg_.get<bool>("require-any-client-certificate"); + if (requireClientCert || cfg_.get<bool>("verify-peer")) { + assert(cfg_.get<bool>("server")); + + rv = SSL_OptionSet(ssl_fd_.get(), SSL_REQUEST_CERTIFICATE, PR_TRUE); + if (rv != SECSuccess) return false; + + rv = SSL_OptionSet( + ssl_fd_.get(), SSL_REQUIRE_CERTIFICATE, + requireClientCert ? SSL_REQUIRE_ALWAYS : SSL_REQUIRE_NO_ERROR); + if (rv != SECSuccess) return false; + } + + if (!cfg_.get<bool>("server")) { + // Needed to make resumption work. + rv = SSL_SetURL(ssl_fd_.get(), "server"); + if (rv != SECSuccess) return false; + } + + rv = SSL_OptionSet(ssl_fd_.get(), SSL_ENABLE_EXTENDED_MASTER_SECRET, + PR_TRUE); + if (rv != SECSuccess) return false; + + if (!ConfigureCiphers()) return false; + + return true; + } + + bool ConfigureCiphers() { + auto cipherList = cfg_.get<std::string>("nss-cipher"); + + if (cipherList.empty()) { + return EnableNonExportCiphers(); + } + + for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) { + SSLCipherSuiteInfo csinfo; + std::string::size_type n; + SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo, + sizeof(csinfo)); + if (rv != SECSuccess) { + return false; + } + + // Check if cipherList contains the name of the Cipher Suite and + // enable/disable accordingly. + n = cipherList.find(csinfo.cipherSuiteName, 0); + if (std::string::npos == n) { + rv = SSL_CipherPrefSet(ssl_fd_.get(), SSL_ImplementedCiphers[i], + PR_FALSE); + } else { + rv = SSL_CipherPrefSet(ssl_fd_.get(), SSL_ImplementedCiphers[i], + PR_TRUE); + } + if (rv != SECSuccess) { + return false; + } + } + return true; + } + + bool EnableNonExportCiphers() { + for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) { + SSLCipherSuiteInfo csinfo; + + SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo, + sizeof(csinfo)); + if (rv != SECSuccess) { + return false; + } + + rv = SSL_CipherPrefSet(ssl_fd_.get(), SSL_ImplementedCiphers[i], PR_TRUE); + if (rv != SECSuccess) { + return false; + } + } + return true; + } + + // Dummy auth certificate hook. + static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, + PRBool checksig, PRBool isServer) { + return SECSuccess; + } + + static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd, + CERTDistNames* caNames, + CERTCertificate** cert, + SECKEYPrivateKey** privKey) { + TestAgent* a = static_cast<TestAgent*>(self); + *cert = CERT_DupCertificate(a->cert_.get()); + *privKey = SECKEY_CopyPrivateKey(a->key_.get()); + return SECSuccess; + } + + SECStatus Handshake() { return SSL_ForceHandshake(ssl_fd_.get()); } + + // Implement a trivial echo client/server. Read bytes from the other side, + // flip all the bits, and send them back. + SECStatus ReadWrite() { + for (;;) { + uint8_t block[512]; + int32_t rv = PR_Read(ssl_fd_.get(), block, sizeof(block)); + if (rv < 0) { + std::cerr << "Failure reading\n"; + return SECFailure; + } + if (rv == 0) return SECSuccess; + + int32_t len = rv; + for (int32_t i = 0; i < len; ++i) { + block[i] ^= 0xff; + } + + rv = PR_Write(ssl_fd_.get(), block, len); + if (rv != len) { + std::cerr << "Write failure\n"; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + } + return SECSuccess; + } + + // Write bytes to the other side then read them back and check + // that they were correctly XORed as in ReadWrite. + SECStatus WriteRead() { + static const uint8_t ch = 'E'; + + // We do 600-byte blocks to provide mis-alignment of the + // reader and writer. + uint8_t block[600]; + memset(block, ch, sizeof(block)); + int32_t rv = PR_Write(ssl_fd_.get(), block, sizeof(block)); + if (rv != sizeof(block)) { + std::cerr << "Write failure\n"; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + size_t left = sizeof(block); + while (left) { + rv = PR_Read(ssl_fd_.get(), block, left); + if (rv < 0) { + std::cerr << "Failure reading\n"; + return SECFailure; + } + if (rv == 0) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + + int32_t len = rv; + for (int32_t i = 0; i < len; ++i) { + if (block[i] != (ch ^ 0xff)) { + PORT_SetError(SEC_ERROR_BAD_DATA); + return SECFailure; + } + } + left -= len; + } + return SECSuccess; + } + + SECStatus DoExchange() { + SECStatus rv = Handshake(); + if (rv != SECSuccess) { + PRErrorCode err = PR_GetError(); + std::cerr << "Handshake failed with error=" << err << FormatError(err) + << std::endl; + return SECFailure; + } + + if (cfg_.get<bool>("write-then-read")) { + rv = WriteRead(); + if (rv != SECSuccess) { + PRErrorCode err = PR_GetError(); + std::cerr << "WriteRead failed with error=" << FormatError(err) + << std::endl; + return SECFailure; + } + } else { + rv = ReadWrite(); + if (rv != SECSuccess) { + PRErrorCode err = PR_GetError(); + std::cerr << "ReadWrite failed with error=" << FormatError(err) + << std::endl; + return SECFailure; + } + } + + auto alpn = cfg_.get<std::string>("expect-alpn"); + if (!alpn.empty()) { + SSLNextProtoState state; + char chosen[256]; + unsigned int chosen_len; + rv = SSL_GetNextProto(ssl_fd_.get(), &state, + reinterpret_cast<unsigned char*>(chosen), + &chosen_len, sizeof(chosen)); + if (rv != SECSuccess) { + PRErrorCode err = PR_GetError(); + std::cerr << "SSL_GetNextProto failed with error=" << FormatError(err) + << std::endl; + return SECFailure; + } + + assert(chosen_len <= sizeof(chosen)); + if (std::string(chosen, chosen_len) != alpn) { + std::cerr << "Unexpected ALPN selection" << std::endl; + return SECFailure; + } + } + + auto sig_alg = cfg_.get<int>("expect-peer-signature-algorithm"); + if (sig_alg) { + SSLChannelInfo info; + rv = SSL_GetChannelInfo(ssl_fd_.get(), &info, sizeof(info)); + if (rv != SECSuccess) { + PRErrorCode err = PR_GetError(); + std::cerr << "SSL_GetChannelInfo failed with error=" << FormatError(err) + << std::endl; + return SECFailure; + } + + auto expected = static_cast<SSLSignatureScheme>(sig_alg); + if (info.signatureScheme != expected) { + std::cerr << "Unexpected signature scheme" << std::endl; + return SECFailure; + } + } + + return SECSuccess; + } + + private: + const Config& cfg_; + ScopedPRFileDesc pr_fd_; + ScopedPRFileDesc ssl_fd_; + ScopedCERTCertificate cert_; + ScopedSECKEYPrivateKey key_; +}; + +std::unique_ptr<const Config> ReadConfig(int argc, char** argv) { + std::unique_ptr<Config> cfg(new Config()); + + cfg->AddEntry<int>("port", 0); + cfg->AddEntry<bool>("server", false); + cfg->AddEntry<int>("resume-count", 0); + cfg->AddEntry<std::string>("key-file", ""); + cfg->AddEntry<std::string>("cert-file", ""); + cfg->AddEntry<int>("min-version", 0); + cfg->AddEntry<int>("max-version", 0xffff); + for (auto flag : kVersionDisableFlags) { + cfg->AddEntry<bool>(flag, false); + } + cfg->AddEntry<bool>("fallback-scsv", false); + cfg->AddEntry<bool>("false-start", false); + cfg->AddEntry<bool>("enable-ocsp-stapling", false); + cfg->AddEntry<bool>("write-then-read", false); + cfg->AddEntry<bool>("require-any-client-certificate", false); + cfg->AddEntry<bool>("verify-peer", false); + cfg->AddEntry<bool>("is-handshaker-supported", false); + cfg->AddEntry<std::string>("handshaker-path", ""); // Ignore this + cfg->AddEntry<std::string>("advertise-alpn", ""); + cfg->AddEntry<std::string>("expect-alpn", ""); + cfg->AddEntry<std::vector<int>>("signing-prefs", std::vector<int>()); + cfg->AddEntry<std::vector<int>>("verify-prefs", std::vector<int>()); + cfg->AddEntry<int>("expect-peer-signature-algorithm", 0); + cfg->AddEntry<std::string>("nss-cipher", ""); + + auto rv = cfg->ParseArgs(argc, argv); + switch (rv) { + case Config::kOK: + break; + case Config::kUnknownFlag: + exitCodeUnimplemented = true; + default: + return nullptr; + } + + // Needed to change to std::unique_ptr<const Config> + return std::move(cfg); +} + +bool RunCycle(std::unique_ptr<const Config>& cfg) { + std::unique_ptr<TestAgent> agent(TestAgent::Create(*cfg)); + return agent && agent->DoExchange() == SECSuccess; +} + +int GetExitCode(bool success) { + if (exitCodeUnimplemented) { + return 89; + } + + if (success) { + return 0; + } + + return 1; +} + +int main(int argc, char** argv) { + std::unique_ptr<const Config> cfg = ReadConfig(argc, argv); + if (!cfg) { + return GetExitCode(false); + } + + if (cfg->get<bool>("is-handshaker-supported")) { + std::cout << "No\n"; + return 0; + } + + if (cfg->get<bool>("server")) { + if (SSL_ConfigServerSessionIDCache(1024, 0, 0, ".") != SECSuccess) { + std::cerr << "Couldn't configure session cache\n"; + return 1; + } + } + + if (NSS_NoDB_Init(nullptr) != SECSuccess) { + return 1; + } + + // Run a single test cycle. + bool success = RunCycle(cfg); + + int resume_count = cfg->get<int>("resume-count"); + while (success && resume_count-- > 0) { + std::cout << "Resuming" << std::endl; + success = RunCycle(cfg); + } + + SSL_ClearSessionCache(); + + if (cfg->get<bool>("server")) { + SSL_ShutdownServerSessionIDCache(); + } + + if (NSS_Shutdown() != SECSuccess) { + success = false; + } + + return GetExitCode(success); +} diff --git a/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp new file mode 100644 index 0000000000..d08a6bde3a --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp @@ -0,0 +1,63 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'nss_bogo_shim', + 'type': 'executable', + 'sources': [ + 'config.cc', + 'nss_bogo_shim.cc', + 'nsskeys.cc' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/lib/util/util.gyp:nssutil3', + '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3', + '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + '<(DEPTH)/lib/softoken/softoken.gyp:softokn', + '<(DEPTH)/lib/smime/smime.gyp:smime', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl', + '<(DEPTH)/lib/nss/nss.gyp:nss_static', + '<(DEPTH)/cmd/lib/lib.gyp:sectool', + '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12', + '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7', + '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', + '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap', + '<(DEPTH)/lib/softoken/softoken.gyp:softokn', + '<(DEPTH)/lib/certdb/certdb.gyp:certdb', + '<(DEPTH)/lib/pki/pki.gyp:nsspki', + '<(DEPTH)/lib/dev/dev.gyp:nssdev', + '<(DEPTH)/lib/base/base.gyp:nssb', + '<(DEPTH)/lib/freebl/freebl.gyp:freebl', + '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib', + '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', + '<(DEPTH)/cpputil/cpputil.gyp:cpputil', + ], + 'conditions': [ + [ 'disable_dbm==0', { + 'dependencies': [ + '<(DEPTH)/lib/dbm/src/src.gyp:dbm', + ], + }], + ], + } + ], + 'target_defaults': { + 'defines': [ + 'NSS_USE_STATIC_LIBS' + ], + 'include_dirs': [ + '../../lib/ssl' + ], + }, + 'variables': { + 'module': 'nss', + 'use_static_libs': 1 + } +} diff --git a/security/nss/gtests/nss_bogo_shim/nsskeys.cc b/security/nss/gtests/nss_bogo_shim/nsskeys.cc new file mode 100644 index 0000000000..471dac3626 --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/nsskeys.cc @@ -0,0 +1,83 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsskeys.h" + +#include <cstring> + +#include <fstream> +#include <iostream> +#include <string> + +#include "cert.h" +#include "keyhi.h" +#include "nspr.h" +#include "nss.h" +#include "nssb64.h" +#include "pk11pub.h" + +const std::string kPEMBegin = "-----BEGIN "; +const std::string kPEMEnd = "-----END "; + +// Read a PEM file, base64 decode it, and return the result. +static bool ReadPEMFile(const std::string& filename, SECItem* item) { + std::ifstream in(filename); + if (in.bad()) return false; + + char buf[1024]; + in.getline(buf, sizeof(buf)); + if (in.bad()) return false; + + if (strncmp(buf, kPEMBegin.c_str(), kPEMBegin.size())) return false; + + std::string value = ""; + for (;;) { + in.getline(buf, sizeof(buf)); + if (in.bad()) return false; + + if (!strncmp(buf, kPEMEnd.c_str(), kPEMEnd.size())) break; + + value += buf; + } + + // Now we have a base64-encoded block. + if (!NSSBase64_DecodeBuffer(nullptr, item, value.c_str(), value.size())) + return false; + + return true; +} + +SECKEYPrivateKey* ReadPrivateKey(const std::string& file) { + SECItem item = {siBuffer, nullptr, 0}; + + if (!ReadPEMFile(file, &item)) return nullptr; + SECKEYPrivateKey* privkey = NULL; + PK11SlotInfo* slot = PK11_GetInternalSlot(); + SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( + slot, &item, nullptr, nullptr, PR_FALSE, PR_FALSE, + KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE, + &privkey, nullptr); + PK11_FreeSlot(slot); + SECITEM_FreeItem(&item, PR_FALSE); + if (rv != SECSuccess) { + std::cerr << "Couldn't import key " << PORT_ErrorToString(PORT_GetError()) + << "\n"; + return nullptr; + } + + return privkey; +} + +CERTCertificate* ReadCertificate(const std::string& file) { + SECItem item = {siBuffer, nullptr, 0}; + + if (!ReadPEMFile(file, &item)) return nullptr; + + CERTCertificate* cert = CERT_NewTempCertificate( + CERT_GetDefaultCertDB(), &item, NULL, PR_FALSE, PR_TRUE); + SECITEM_FreeItem(&item, PR_FALSE); + return cert; +} diff --git a/security/nss/gtests/nss_bogo_shim/nsskeys.h b/security/nss/gtests/nss_bogo_shim/nsskeys.h new file mode 100644 index 0000000000..45e56c3537 --- /dev/null +++ b/security/nss/gtests/nss_bogo_shim/nsskeys.h @@ -0,0 +1,20 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Utilities to pull in OpenSSL-formatted keys. + +#ifndef nsskeys_h_ +#define nsskeys_h_ + +#include "cert.h" +#include "keyhi.h" + +#include <string> + +SECKEYPrivateKey* ReadPrivateKey(const std::string& file); +CERTCertificate* ReadCertificate(const std::string& file); + +#endif |