1e1051a39Sopenharmony_ci#! /usr/bin/env perl 2e1051a39Sopenharmony_ci# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ciuse strict; 10e1051a39Sopenharmony_ciuse feature 'state'; 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ciuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; 13e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 14e1051a39Sopenharmony_ciuse TLSProxy::Proxy; 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_cimy $test_name = "test_sslcbcpadding"; 17e1051a39Sopenharmony_cisetup($test_name); 18e1051a39Sopenharmony_ci 19e1051a39Sopenharmony_ciplan skip_all => "TLSProxy isn't usable on $^O" 20e1051a39Sopenharmony_ci if $^O =~ /^(VMS)$/; 21e1051a39Sopenharmony_ci 22e1051a39Sopenharmony_ciplan skip_all => "$test_name needs the dynamic engine feature enabled" 23e1051a39Sopenharmony_ci if disabled("engine") || disabled("dynamic-engine"); 24e1051a39Sopenharmony_ci 25e1051a39Sopenharmony_ciplan skip_all => "$test_name needs the sock feature enabled" 26e1051a39Sopenharmony_ci if disabled("sock"); 27e1051a39Sopenharmony_ci 28e1051a39Sopenharmony_ciplan skip_all => "$test_name needs TLSv1.2 enabled" 29e1051a39Sopenharmony_ci if disabled("tls1_2"); 30e1051a39Sopenharmony_ci 31e1051a39Sopenharmony_ci$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 32e1051a39Sopenharmony_cimy $proxy = TLSProxy::Proxy->new( 33e1051a39Sopenharmony_ci \&add_maximal_padding_filter, 34e1051a39Sopenharmony_ci cmdstr(app(["openssl"]), display => 1), 35e1051a39Sopenharmony_ci srctop_file("apps", "server.pem"), 36e1051a39Sopenharmony_ci (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 37e1051a39Sopenharmony_ci); 38e1051a39Sopenharmony_ci 39e1051a39Sopenharmony_ci# TODO: We could test all 256 values, but then the log file gets too large for 40e1051a39Sopenharmony_ci# CI. See https://github.com/openssl/openssl/issues/1440. 41e1051a39Sopenharmony_cimy @test_offsets = (0, 128, 254, 255); 42e1051a39Sopenharmony_ci 43e1051a39Sopenharmony_ci# Test that maximally-padded records are accepted. 44e1051a39Sopenharmony_cimy $bad_padding_offset = -1; 45e1051a39Sopenharmony_ci$proxy->serverflags("-tls1_2"); 46e1051a39Sopenharmony_ci$proxy->clientflags("-no_tls1_3"); 47e1051a39Sopenharmony_ci$proxy->serverconnects(1 + scalar(@test_offsets)); 48e1051a39Sopenharmony_ci$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 49e1051a39Sopenharmony_ciplan tests => 1 + scalar(@test_offsets); 50e1051a39Sopenharmony_ciok(TLSProxy::Message->success(), "Maximally-padded record test"); 51e1051a39Sopenharmony_ci 52e1051a39Sopenharmony_ci# Test that invalid padding is rejected. 53e1051a39Sopenharmony_cimy $fatal_alert; # set by add_maximal_padding_filter on client's fatal alert 54e1051a39Sopenharmony_ci 55e1051a39Sopenharmony_ciforeach my $offset (@test_offsets) { 56e1051a39Sopenharmony_ci $bad_padding_offset = $offset; 57e1051a39Sopenharmony_ci $fatal_alert = 0; 58e1051a39Sopenharmony_ci $proxy->clearClient(); 59e1051a39Sopenharmony_ci $proxy->clientflags("-no_tls1_3"); 60e1051a39Sopenharmony_ci $proxy->clientstart(); 61e1051a39Sopenharmony_ci ok($fatal_alert, "Invalid padding byte $bad_padding_offset"); 62e1051a39Sopenharmony_ci} 63e1051a39Sopenharmony_ci 64e1051a39Sopenharmony_cisub add_maximal_padding_filter 65e1051a39Sopenharmony_ci{ 66e1051a39Sopenharmony_ci my $proxy = shift; 67e1051a39Sopenharmony_ci my $messages = $proxy->message_list; 68e1051a39Sopenharmony_ci state $sent_corrupted_payload; 69e1051a39Sopenharmony_ci 70e1051a39Sopenharmony_ci if ($proxy->flight == 0) { 71e1051a39Sopenharmony_ci # Disable Encrypt-then-MAC. 72e1051a39Sopenharmony_ci foreach my $message (@{$messages}) { 73e1051a39Sopenharmony_ci if ($message->mt != TLSProxy::Message::MT_CLIENT_HELLO) { 74e1051a39Sopenharmony_ci next; 75e1051a39Sopenharmony_ci } 76e1051a39Sopenharmony_ci 77e1051a39Sopenharmony_ci $message->delete_extension(TLSProxy::Message::EXT_ENCRYPT_THEN_MAC); 78e1051a39Sopenharmony_ci $message->process_extensions(); 79e1051a39Sopenharmony_ci $message->repack(); 80e1051a39Sopenharmony_ci } 81e1051a39Sopenharmony_ci $sent_corrupted_payload = 0; 82e1051a39Sopenharmony_ci return; 83e1051a39Sopenharmony_ci } 84e1051a39Sopenharmony_ci 85e1051a39Sopenharmony_ci my $last_message = @{$messages}[-1]; 86e1051a39Sopenharmony_ci if (defined($last_message) 87e1051a39Sopenharmony_ci && $last_message->server 88e1051a39Sopenharmony_ci && $last_message->mt == TLSProxy::Message::MT_FINISHED 89e1051a39Sopenharmony_ci && !@{$last_message->records}[0]->{sent}) { 90e1051a39Sopenharmony_ci 91e1051a39Sopenharmony_ci # Insert a maximally-padded record. Assume a block size of 16 (AES) and 92e1051a39Sopenharmony_ci # a MAC length of 20 (SHA-1). 93e1051a39Sopenharmony_ci my $block_size = 16; 94e1051a39Sopenharmony_ci my $mac_len = 20; 95e1051a39Sopenharmony_ci 96e1051a39Sopenharmony_ci # Size the plaintext so that 256 is a valid padding. 97e1051a39Sopenharmony_ci my $plaintext_len = $block_size - ($mac_len % $block_size); 98e1051a39Sopenharmony_ci my $plaintext = "A" x $plaintext_len; 99e1051a39Sopenharmony_ci 100e1051a39Sopenharmony_ci my $data = "B" x $block_size; # Explicit IV. 101e1051a39Sopenharmony_ci $data .= $plaintext; 102e1051a39Sopenharmony_ci $data .= TLSProxy::Proxy::fill_known_data($mac_len); # MAC. 103e1051a39Sopenharmony_ci 104e1051a39Sopenharmony_ci # Add padding. 105e1051a39Sopenharmony_ci for (my $i = 0; $i < 256; $i++) { 106e1051a39Sopenharmony_ci if ($i == $bad_padding_offset) { 107e1051a39Sopenharmony_ci $sent_corrupted_payload = 1; 108e1051a39Sopenharmony_ci $data .= "\xfe"; 109e1051a39Sopenharmony_ci } else { 110e1051a39Sopenharmony_ci $data .= "\xff"; 111e1051a39Sopenharmony_ci } 112e1051a39Sopenharmony_ci } 113e1051a39Sopenharmony_ci 114e1051a39Sopenharmony_ci my $record = TLSProxy::Record->new( 115e1051a39Sopenharmony_ci $proxy->flight, 116e1051a39Sopenharmony_ci TLSProxy::Record::RT_APPLICATION_DATA, 117e1051a39Sopenharmony_ci TLSProxy::Record::VERS_TLS_1_2, 118e1051a39Sopenharmony_ci length($data), 119e1051a39Sopenharmony_ci 0, 120e1051a39Sopenharmony_ci length($data), 121e1051a39Sopenharmony_ci $plaintext_len, 122e1051a39Sopenharmony_ci $data, 123e1051a39Sopenharmony_ci $plaintext, 124e1051a39Sopenharmony_ci ); 125e1051a39Sopenharmony_ci 126e1051a39Sopenharmony_ci # Send the record immediately after the server Finished. 127e1051a39Sopenharmony_ci push @{$proxy->record_list}, $record; 128e1051a39Sopenharmony_ci } elsif ($sent_corrupted_payload) { 129e1051a39Sopenharmony_ci # Check for bad_record_mac from client 130e1051a39Sopenharmony_ci my $last_record = @{$proxy->record_list}[-1]; 131e1051a39Sopenharmony_ci $fatal_alert = 1 if $last_record->is_fatal_alert(0) == 20; 132e1051a39Sopenharmony_ci } 133e1051a39Sopenharmony_ci} 134