1#! /usr/bin/env perl 2# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9use strict; 10use feature 'state'; 11 12use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; 13use OpenSSL::Test::Utils; 14use TLSProxy::Proxy; 15 16my $test_name = "test_sslcbcpadding"; 17setup($test_name); 18 19plan skip_all => "TLSProxy isn't usable on $^O" 20 if $^O =~ /^(VMS)$/; 21 22plan skip_all => "$test_name needs the dynamic engine feature enabled" 23 if disabled("engine") || disabled("dynamic-engine"); 24 25plan skip_all => "$test_name needs the sock feature enabled" 26 if disabled("sock"); 27 28plan skip_all => "$test_name needs TLSv1.2 enabled" 29 if disabled("tls1_2"); 30 31$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 32my $proxy = TLSProxy::Proxy->new( 33 \&add_maximal_padding_filter, 34 cmdstr(app(["openssl"]), display => 1), 35 srctop_file("apps", "server.pem"), 36 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 37); 38 39# TODO: We could test all 256 values, but then the log file gets too large for 40# CI. See https://github.com/openssl/openssl/issues/1440. 41my @test_offsets = (0, 128, 254, 255); 42 43# Test that maximally-padded records are accepted. 44my $bad_padding_offset = -1; 45$proxy->serverflags("-tls1_2"); 46$proxy->serverconnects(1 + scalar(@test_offsets)); 47$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 48plan tests => 1 + scalar(@test_offsets); 49ok(TLSProxy::Message->success(), "Maximally-padded record test"); 50 51# Test that invalid padding is rejected. 52my $fatal_alert; # set by add_maximal_padding_filter on client's fatal alert 53 54foreach my $offset (@test_offsets) { 55 $bad_padding_offset = $offset; 56 $fatal_alert = 0; 57 $proxy->clearClient(); 58 $proxy->clientstart(); 59 ok($fatal_alert, "Invalid padding byte $bad_padding_offset"); 60} 61 62sub add_maximal_padding_filter 63{ 64 my $proxy = shift; 65 my $messages = $proxy->message_list; 66 state $sent_corrupted_payload; 67 68 if ($proxy->flight == 0) { 69 # Disable Encrypt-then-MAC. 70 foreach my $message (@{$messages}) { 71 if ($message->mt != TLSProxy::Message::MT_CLIENT_HELLO) { 72 next; 73 } 74 75 $message->delete_extension(TLSProxy::Message::EXT_ENCRYPT_THEN_MAC); 76 $message->process_extensions(); 77 $message->repack(); 78 } 79 $sent_corrupted_payload = 0; 80 return; 81 } 82 83 my $last_message = @{$messages}[-1]; 84 if (defined($last_message) 85 && $last_message->server 86 && $last_message->mt == TLSProxy::Message::MT_FINISHED 87 && !@{$last_message->records}[0]->{sent}) { 88 89 # Insert a maximally-padded record. Assume a block size of 16 (AES) and 90 # a MAC length of 20 (SHA-1). 91 my $block_size = 16; 92 my $mac_len = 20; 93 94 # Size the plaintext so that 256 is a valid padding. 95 my $plaintext_len = $block_size - ($mac_len % $block_size); 96 my $plaintext = "A" x $plaintext_len; 97 98 my $data = "B" x $block_size; # Explicit IV. 99 $data .= $plaintext; 100 $data .= TLSProxy::Proxy::fill_known_data($mac_len); # MAC. 101 102 # Add padding. 103 for (my $i = 0; $i < 256; $i++) { 104 if ($i == $bad_padding_offset) { 105 $sent_corrupted_payload = 1; 106 $data .= "\xfe"; 107 } else { 108 $data .= "\xff"; 109 } 110 } 111 112 my $record = TLSProxy::Record->new( 113 $proxy->flight, 114 TLSProxy::Record::RT_APPLICATION_DATA, 115 TLSProxy::Record::VERS_TLS_1_2, 116 length($data), 117 0, 118 length($data), 119 $plaintext_len, 120 $data, 121 $plaintext, 122 ); 123 124 # Send the record immediately after the server Finished. 125 push @{$proxy->record_list}, $record; 126 } elsif ($sent_corrupted_payload) { 127 # Check for bad_record_mac from client 128 my $last_record = @{$proxy->record_list}[-1]; 129 $fatal_alert = 1 if $last_record->is_fatal_alert(0) == 20; 130 } 131} 132