ssl: Test TLS 1.3 with 1024-bit RSA keys

author: Péter Dimitrov <peterdmv@erlang.org> 2020-04-29 16:12:55 +0200
committer: Péter Dimitrov <peterdmv@erlang.org> 2020-05-06 15:11:43 +0200
commit: a5b23718d7b7dae0a12765aeeff68ffd4410b51f (patch)
tree: f5010244380013c46804a2986f2a9d6c841d4fa4 /lib
parent: 35c466a17eac66dbd8fb91f97e66a2cb0ce4e454 (diff)
download: erlang-a5b23718d7b7dae0a12765aeeff68ffd4410b51f.tar.gz
2 files changed, 86 insertions, 5 deletions
diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl
index 0ba4c8b194..2fe470e281 100644
--- a/lib/ssl/test/ssl_cert_SUITE.erl
+++ b/lib/ssl/test/ssl_cert_SUITE.erl
@@ -51,7 +51,8 @@ groups() ->
      {rsa, [], all_version_tests() ++ rsa_tests() ++ pre_tls_1_3_rsa_tests()},
      {ecdsa, [], all_version_tests()},
      {dsa, [], all_version_tests()},
-     {rsa_1_3, [], all_version_tests() ++ rsa_tests() ++ tls_1_3_tests() ++ tls_1_3_rsa_tests()},
+     {rsa_1_3, [], all_version_tests() ++ rsa_tests() ++
+          tls_1_3_tests() ++ tls_1_3_rsa_tests() ++ [basic_rsa_1024]},
      {rsa_pss_rsae, [], all_version_tests() ++ rsa_tests()},
      {rsa_pss_rsae_1_3, [], all_version_tests() ++ rsa_tests() ++ tls_1_3_tests() ++ tls_1_3_rsa_tests()},
      {rsa_pss_pss, [], all_version_tests() ++ rsa_tests()},
@@ -150,7 +151,8 @@ end_per_suite(_Config) ->
 
 init_per_group(Group, Config0) when Group == rsa;
                                     Group == rsa_1_3 ->
-    Config = ssl_test_lib:make_rsa_cert(Config0),
+    Config1 = ssl_test_lib:make_rsa_cert(Config0),
+    Config = ssl_test_lib:make_rsa_1024_cert(Config1),
     COpts = proplists:get_value(client_rsa_opts, Config),
     SOpts = proplists:get_value(server_rsa_opts, Config),
     [{cert_key_alg, rsa} |
@@ -899,6 +901,19 @@ hello_retry_client_auth_empty_cert_rejected(Config) ->
     ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, certificate_required).
 
 %%--------------------------------------------------------------------
+basic_rsa_1024() ->
+    [{doc, "TLS 1.3 (Basic): Test if connection can be established using 1024 bits RSA keys in certificates."}].
+
+basic_rsa_1024(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_1024_opts, Config),
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_1024_opts, Config),
+    ServerOpts1 = [{versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0],
+    ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+    ServerOpts = [{verify, verify_peer},
+                  {fail_if_no_peer_cert, true} | ServerOpts1],
+    ssl_test_lib:basic_test(ClientOpts, ServerOpts, Config).
+
+%%--------------------------------------------------------------------
 %% Internal functions  -----------------------------------------------
 %%--------------------------------------------------------------------
 two_digits_str(N) when N < 10 ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index ed573198d4..706f0008db 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1325,8 +1325,13 @@ chain_spec(_Role, ecdsa, Curve) ->
 chain_spec(_Role, rsa, _) ->
     Digest = {digest, appropriate_sha(crypto:supports())},
     [[Digest, {key, hardcode_rsa_key(1)}],
-                                      [Digest, {key, hardcode_rsa_key(2)}],
-                                      [Digest, {key, hardcode_rsa_key(3)}]];
+     [Digest, {key, hardcode_rsa_key(2)}],
+     [Digest, {key, hardcode_rsa_key(3)}]];
+chain_spec(_Role, 'rsa-1024', _) ->
+    Digest = {digest, appropriate_sha(crypto:supports())},
+    [[Digest, {key, hardcode_rsa_1024_key(1)}],
+     [Digest, {key, hardcode_rsa_1024_key(2)}],
+     [Digest, {key, hardcode_rsa_1024_key(3)}]];
 chain_spec(client, rsa_pss_rsae, _) ->
     Digest = {digest, sha256},
     [[Digest,  {rsa_padding, rsa_pss_rsae}, {key, hardcode_rsa_key(1)}],
@@ -1462,6 +1467,31 @@ make_rsa_cert(Config) ->
 	false ->
 	    Config
     end.
+
+make_rsa_1024_cert(Config) ->
+    CryptoSupport = crypto:supports(),
+    case proplists:get_bool(rsa, proplists:get_value(public_keys, CryptoSupport)) of
+        true ->
+            ClientFileBase = filename:join([proplists:get_value(priv_dir, Config), "rsa-1024"]),
+            ServerFileBase = filename:join([proplists:get_value(priv_dir, Config), "rsa-1024"]),
+            ClientChain = proplists:get_value(client_chain, Config, default_cert_chain_conf()),
+            ServerChain = proplists:get_value(server_chain, Config, default_cert_chain_conf()),
+            CertChainConf = gen_conf('rsa-1024', 'rsa-1024', ClientChain, ServerChain),
+            GenCertData = public_key:pkix_test_data(CertChainConf),
+            [{server_config, ServerConf}, 
+             {client_config, ClientConf}] = 
+                x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase),               
+	    [{server_rsa_1024_opts, [{ssl_imp, new},{reuseaddr, true} | ServerConf]},
+             
+	     {server_rsa_1024_verify_opts, [{ssl_imp, new}, {reuseaddr, true},
+					 {verify, verify_peer} | ServerConf]},
+	     {client_rsa_1024_opts, ClientConf},
+             {client_rsa_1024_verify_opts,  [{verify, verify_peer} |ClientConf]}
+	     | Config];
+	false ->
+	    Config
+    end.
+
 appropriate_sha(CryptoSupport) ->
     Hashes = proplists:get_value(hashs, CryptoSupport),
     case lists:member(sha256, Hashes) of
@@ -3208,6 +3238,41 @@ hardcode_rsa_key(6) ->
        coefficient = 81173034184183681160439870161505779100040258708276674532866007896310418779840630960490793104541748007902477778658270784073595697910785917474138815202903114440800310078464142273778315781957021015333260021813037604142367434117205299831740956310682461174553260184078272196958146289378701001596552915990080834227,
        otherPrimeInfos = asn1_NOVALUE}.
 
+hardcode_rsa_1024_key(1) ->
+    #'RSAPrivateKey'{version = 'two-prime',
+                     modulus = 152618920709346576506952607098028299458615405194120516804067302859774798720862572082626851690572130284910454988859007980367926204341637028795420927026111160369130942718840998292351565050537705794496742217762844103737634290634532232714374862322877076125650783658974242305324207239909234718160759907957502819181,
+                     publicExponent = 17,
+                     privateExponent = 89775835711380339121736827704722529093303179525953245178863119329279293365213277695662853935630664873476738228740592929628191884906845311056129957074183020957315463095429495020547731127789657232144654051871515007759243605000909583210051114028049068215595185959728886310943042856399988846590947179831354428913,
+                     prime1 = 13018105310773689694711101111767176661493882304979760063552973933059514785910240943852845097923711145970844208861778343060919395218474310542285865516544653,
+                     prime2 = 11723589344682921162046319310366118627005968525349821205037572987102618200031016344115630095736447992996683226273798377973464634035204645607416378683745377,
+                     exponent1 = 7657709006337464526300647712804221565584636649988094155031161137093832227006024084619320645837477144688731887565751966506423173657926065024874038539143913,
+                     exponent2 = 11033966442054514034867124056815170472476205670917478781211833399625993600029191853285298913634303993408643036492986708680907890856663195865803650525878001,
+                     coefficient = 7357357483264399363785138527396251818499941660605442417644885251395376792981387533016821796011101917057636813775613592220898054882923958484000235934554630,
+                     otherPrimeInfos = asn1_NOVALUE};
+hardcode_rsa_1024_key(2) ->
+    #'RSAPrivateKey'{version = 'two-prime',
+                     modulus = 132417984874904377472239436563253515498607309816574784497785056464473431603604973287322746340055062696030016903830406088140534281534301418467490242269156926775506208514027213826501153438861284871625076651352798208559277520683414148048437439635357639033850360133068980157555507518934285770383924814915583919331,
+                     publicExponent = 17,
+                     privateExponent = 116839398419033274240211267555811925439947626308742456909810343939241263179651447018225952652989761202379426679850358313065177307236148310412491390237491385620149263549211570156731410125598364338974865883306073709062002620705336269289633237348474049621806833904576124689232282666798030505410189805859996211233,
+                     prime1 = 12354286715326546399270830019697416039683060665495490476376955068446562229853736822465010796530936501225722243114286822522048306078247961653481711526701259,
+                     prime2 = 10718383661165041035044708868932433765604392896488115438294667272770655136522450030638962957185192634722652306257889603065114923772949624056219896061512009,
+                     exponent1 = 5087059235722695576170341772816583075163613215204025490272863851713290329939773985720886798571562088740003276576471044567902243679278572445551292981582871,
+                     exponent2 = 6304931565391200608849828746430843391531995821463597316643921925159208903836735312140566445403054491013324886034052707685361719866440955327188174153830593,
+                     coefficient = 6764088858264512915296172980190092445938774052616013205418164952211827027745702759906572599388571087295432259160097016323193144471211837074613329649320009,
+                     otherPrimeInfos = asn1_NOVALUE};
+hardcode_rsa_1024_key(3) ->
+    #'RSAPrivateKey'{version = 'two-prime',
+                     modulus = 132603582566987335579015215397416921308461253540735107996254563101087328483405996961761145905021132317760270172654141110354018131670337351296871719192630978670273323069438897632586026697023844069174787494970866246368200405578784055149230641370998125414763230872277095376893138420738507940599560410343688278361,
+                     publicExponent = 17,
+                     privateExponent = 124803371827752786427308438021098278878551768038338925172945471153964544454970350081657549087078712769656724868380368103862605300395611624749996912181299722918452562565562892031863847812293655197586374503957768862684015202213024002730410420619423541154205461118764880018581745374583581669240937327152309672753,
+                     prime1 = 12202483472094988277172439292742673588688995751099198683383744575043357099902468606144011463115716181768777309695574163698153032647393450605174909802187971,
+                     prime2 = 10866934003248540047676291395653788246732743513485317053446021859209870346149779563425451397497222238159656279714782986335807210805023580459325334557063091,
+                     exponent1 = 3588965727086761257991893909630198114320292867970352553936395463248046205853667237101179842092857700520228620498698283440633244896292191354463208765349403,
+                     exponent2 = 4474619883690575313749061162916265748654659093788071727889538412615828966061673937881068222498856215712799644588440053197097086802068533130310431876437743,
+                     coefficient = 6440880395775803235356940314241907933534073137546236980469653455119937607298142560546736915150573386382326185901566797818281064505978928392351326571984856,
+                     otherPrimeInfos = asn1_NOVALUE}.
+
+
 hardcode_dsa_key(1) -> 
     {'DSAPrivateKey',0,
      99438313664986922963487511141216248076486724382260996073922424025828494981416579966171753999204426907349400798052572573634137057487829150578821328280864500098312146772602202702021153757550650696224643730869835650674962433068943942837519621267815961566259265204876799778977478160416743037274938277357237615491,
@@ -3517,4 +3582,5 @@ test_ciphers(Kex, Cipher, Version) ->
          {cipher,
           fun(C) when C == Cipher -> true;
              (_) -> false
-          end}]).
-\ No newline at end of file
+          end}]).
+
author	Péter Dimitrov <peterdmv@erlang.org>	2020-04-29 16:12:55 +0200
committer	Péter Dimitrov <peterdmv@erlang.org>	2020-05-06 15:11:43 +0200
commit	a5b23718d7b7dae0a12765aeeff68ffd4410b51f (patch)
tree	f5010244380013c46804a2986f2a9d6c841d4fa4 /lib
parent	35c466a17eac66dbd8fb91f97e66a2cb0ce4e454 (diff)
download	erlang-a5b23718d7b7dae0a12765aeeff68ffd4410b51f.tar.gz