1#! /usr/bin/env perl 2# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9use strict; 10use feature 'state'; 11 12use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; 13use OpenSSL::Test::Utils; 14use TLSProxy::Proxy; 15 16my $test_name = "test_sslcbcpadding"; 17setup($test_name); 18 19plan skip_all => "TLSProxy isn't usable on $^O" 20 if $^O =~ /^(VMS)$/; 21 22plan skip_all => "$test_name needs the dynamic engine feature enabled" 23 if disabled("engine") || disabled("dynamic-engine"); 24 25plan skip_all => "$test_name needs the sock feature enabled" 26 if disabled("sock"); 27 28plan skip_all => "$test_name needs TLSv1.2 enabled" 29 if disabled("tls1_2"); 30 31my $proxy = TLSProxy::Proxy->new( 32 \&add_maximal_padding_filter, 33 cmdstr(app(["openssl"]), display => 1), 34 srctop_file("apps", "server.pem"), 35 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 36); 37 38# TODO: We could test all 256 values, but then the log file gets too large for 39# CI. See https://github.com/openssl/openssl/issues/1440. 40my @test_offsets = (0, 128, 254, 255); 41 42# Test that maximally-padded records are accepted. 43my $bad_padding_offset = -1; 44$proxy->serverflags("-tls1_2"); 45$proxy->clientflags("-no_tls1_3"); 46$proxy->serverconnects(1 + scalar(@test_offsets)); 47$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 48plan tests => 1 + scalar(@test_offsets); 49ok(TLSProxy::Message->success(), "Maximally-padded record test"); 50 51# Test that invalid padding is rejected. 52my $fatal_alert; # set by add_maximal_padding_filter on client's fatal alert 53 54foreach my $offset (@test_offsets) { 55 $bad_padding_offset = $offset; 56 $fatal_alert = 0; 57 $proxy->clearClient(); 58 $proxy->clientflags("-no_tls1_3"); 59 $proxy->clientstart(); 60 ok($fatal_alert, "Invalid padding byte $bad_padding_offset"); 61} 62 63sub add_maximal_padding_filter 64{ 65 my $proxy = shift; 66 my $messages = $proxy->message_list; 67 state $sent_corrupted_payload; 68 69 if ($proxy->flight == 0) { 70 # Disable Encrypt-then-MAC. 71 foreach my $message (@{$messages}) { 72 if ($message->mt != TLSProxy::Message::MT_CLIENT_HELLO) { 73 next; 74 } 75 76 $message->delete_extension(TLSProxy::Message::EXT_ENCRYPT_THEN_MAC); 77 $message->process_extensions(); 78 $message->repack(); 79 } 80 $sent_corrupted_payload = 0; 81 return; 82 } 83 84 my $last_message = @{$messages}[-1]; 85 if (defined($last_message) 86 && $last_message->server 87 && $last_message->mt == TLSProxy::Message::MT_FINISHED 88 && !@{$last_message->records}[0]->{sent}) { 89 90 # Insert a maximally-padded record. Assume a block size of 16 (AES) and 91 # a MAC length of 20 (SHA-1). 92 my $block_size = 16; 93 my $mac_len = 20; 94 95 # Size the plaintext so that 256 is a valid padding. 96 my $plaintext_len = $block_size - ($mac_len % $block_size); 97 my $plaintext = "A" x $plaintext_len; 98 99 my $data = "B" x $block_size; # Explicit IV. 100 $data .= $plaintext; 101 $data .= TLSProxy::Proxy::fill_known_data($mac_len); # MAC. 102 103 # Add padding. 104 for (my $i = 0; $i < 256; $i++) { 105 if ($i == $bad_padding_offset) { 106 $sent_corrupted_payload = 1; 107 $data .= "\xfe"; 108 } else { 109 $data .= "\xff"; 110 } 111 } 112 113 my $record = TLSProxy::Record->new( 114 $proxy->flight, 115 TLSProxy::Record::RT_APPLICATION_DATA, 116 TLSProxy::Record::VERS_TLS_1_2, 117 length($data), 118 0, 119 length($data), 120 $plaintext_len, 121 $data, 122 $plaintext, 123 ); 124 125 # Send the record immediately after the server Finished. 126 push @{$proxy->record_list}, $record; 127 } elsif ($sent_corrupted_payload) { 128 # Check for bad_record_mac from client 129 my $last_record = @{$proxy->record_list}[-1]; 130 $fatal_alert = 1 if $last_record->is_fatal_alert(0) == 20; 131 } 132} 133