[ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17763)
2025-02-23 14:42:15 +08:00 · 2022-02-23 23:05:22 +02:00 · 2022-02-23 23:05:22 +02:00 · d71151ae70
commit d71151ae70
parent b139a95665
4 changed files with 91 additions and 10 deletions
--- a/test/helpers/predefined_dhparams.c
+++ b/test/helpers/predefined_dhparams.c
@ -170,4 +170,25 @@ EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx)
    return dhpkey;
 }

+EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx)
+{
+    BIGNUM *p = NULL, *g = NULL;
+    EVP_PKEY *dhpkey = NULL;
+
+    g = BN_new();
+    if (g == NULL || !BN_set_word(g, 2))
+        goto err;
+
+    p = BN_get_rfc3526_prime_4096(NULL);
+    if (p == NULL)
+        goto err;
+
+    dhpkey = get_dh_from_pg_bn(libctx, "DH", p, g, NULL);
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    return dhpkey;
+}
+
 #endif
--- a/test/helpers/predefined_dhparams.h
+++ b/test/helpers/predefined_dhparams.h
@ -14,4 +14,5 @@ EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
 EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx);
 EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
 EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
+EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
 #endif
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@ -530,7 +530,7 @@ sub testssl {
    subtest 'RSA/(EC)DHE/PSK tests' => sub {
        ######################################################################

-        plan tests => 6;
+        plan tests => 10;

      SKIP: {
            skip "TLSv1.0 is not supported by this OpenSSL build", 6
@ -567,7 +567,7 @@ sub testssl {

            ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
               'test tls1 with PSK via BIO pair');
-	  }
+          }

        SKIP: {
            skip "skipping auto DH PSK tests", 1
@ -578,6 +578,43 @@ sub testssl {
          }
 	}

+      SKIP: {
+            skip "TLSv1.1 is not supported by this OpenSSL build", 4
+                if $no_tls1_1;
+
+        SKIP: {
+            skip "skipping auto DHE PSK test at SECLEVEL 3", 1
+                if ($no_dh || $no_psk);
+
+            ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])),
+               'test auto DHE PSK meets security strength');
+          }
+
+        SKIP: {
+            skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1
+                if ($no_ec || $no_psk);
+
+            ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])),
+               'test auto ECDHE PSK meets security strength');
+          }
+
+        SKIP: {
+            skip "skipping no RSA PSK at SECLEVEL 3 test", 1
+                if ($no_rsa || $no_psk);
+
+            ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])),
+               'test auto RSA PSK does not meet security level 3 requirements (PFS)');
+          }
+
+        SKIP: {
+            skip "skipping no PSK at SECLEVEL 3 test", 1
+                if ($no_psk);
+
+            ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])),
+               'test auto PSK does not meet security level 3 requirements (PFS)');
+          }
+	}
+
    };

    subtest 'Custom Extension tests' => sub {
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@ -629,10 +629,12 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_DH
    fprintf(stderr,
            " -dhe512       - use 512 bit key for DHE (to test failure)\n");
-    fprintf(stderr,
-            " -dhe1024      - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
    fprintf(stderr,
            " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
+    fprintf(stderr,
+            " -dhe2048      - use 2048 bit key (safe prime) for DHE (default, no-op)\n");
+    fprintf(stderr,
+            " -dhe4096      - use 4096 bit key (safe prime) for DHE\n");
 #endif
    fprintf(stderr, " -no_dhe       - disable DHE\n");
 #ifndef OPENSSL_NO_EC
@ -647,6 +649,12 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_TLS1
    fprintf(stderr, " -tls1         - use TLSv1\n");
 #endif
+#ifndef OPENSSL_NO_TLS1_1
+    fprintf(stderr, " -tls1_1       - use TLSv1.1\n");
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    fprintf(stderr, " -tls1_2       - use TLSv1.2\n");
+#endif
 #ifndef OPENSSL_NO_DTLS
    fprintf(stderr, " -dtls         - use DTLS\n");
 #ifndef OPENSSL_NO_DTLS1
@ -873,7 +881,7 @@ int main(int argc, char *argv[])
    int badop = 0;
    enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
    int force = 0;
-    int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
+    int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0;
    int ret = EXIT_FAILURE;
    int client_auth = 0;
    int server_auth = 0, i;
@ -889,7 +897,7 @@ int main(int argc, char *argv[])
    long bytes = 256L;
 #ifndef OPENSSL_NO_DH
    EVP_PKEY *dhpkey;
-    int dhe512 = 0, dhe1024dsa = 0;
+    int dhe512 = 0, dhe1024dsa = 0, dhe4096 = 0;
    int no_dhe = 0;
 #endif
    int no_psk = 0;
@ -984,6 +992,8 @@ int main(int argc, char *argv[])
            dhe512 = 1;
        else if (strcmp(*argv, "-dhe1024dsa") == 0)
            dhe1024dsa = 1;
+        else if (strcmp(*argv, "-dhe4096") == 0)
+            dhe4096 = 1;
 #endif
        else if (strcmp(*argv, "-no_ecdhe") == 0)
            /* obsolete */;
@ -1002,6 +1012,8 @@ int main(int argc, char *argv[])
        }
        else if (strcmp(*argv, "-tls1_2") == 0) {
            tls1_2 = 1;
+        } else if (strcmp(*argv, "-tls1_1") == 0) {
+            tls1_1 = 1;
        } else if (strcmp(*argv, "-tls1") == 0) {
            tls1 = 1;
        } else if (strcmp(*argv, "-ssl3") == 0) {
@ -1224,8 +1236,8 @@ int main(int argc, char *argv[])
        goto end;
    }

-    if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
-        fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
+    if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
+        fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
                "be requested.\n");
        EXIT(1);
    }
@ -1240,6 +1252,11 @@ int main(int argc, char *argv[])
        no_protocol = 1;
    else
 #endif
+#ifdef OPENSSL_NO_TLS1_1
+    if (tls1_1)
+        no_protocol = 1;
+    else
+#endif
 #ifdef OPENSSL_NO_TLS1_2
    if (tls1_2)
        no_protocol = 1;
@ -1269,11 +1286,11 @@ int main(int argc, char *argv[])
        goto end;
    }

-    if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
+    if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
            && !reuse && !force) {
        fprintf(stderr, "This case cannot work.  Use -f to perform "
                "the test anyway (and\n-d to see what happens), "
-                "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
+                "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
                "to avoid protocol mismatch.\n");
        EXIT(1);
    }
@ -1325,6 +1342,9 @@ int main(int argc, char *argv[])
    } else if (tls1) {
        min_version = TLS1_VERSION;
        max_version = TLS1_VERSION;
+    } else if (tls1_1) {
+        min_version = TLS1_1_VERSION;
+        max_version = TLS1_1_VERSION;
    } else if (tls1_2) {
        min_version = TLS1_2_VERSION;
        max_version = TLS1_2_VERSION;
@ -1489,6 +1509,8 @@ int main(int argc, char *argv[])
            dhpkey = get_dh1024dsa(libctx);
        else if (dhe512)
            dhpkey = get_dh512(libctx);
+        else if (dhe4096)
+            dhpkey = get_dh4096(libctx);
        else
            dhpkey = get_dh2048(libctx);