diff options
author | Péter Dimitrov <peterdmv@erlang.org> | 2020-04-29 16:12:55 +0200 |
---|---|---|
committer | Péter Dimitrov <peterdmv@erlang.org> | 2020-05-06 15:11:43 +0200 |
commit | a5b23718d7b7dae0a12765aeeff68ffd4410b51f (patch) | |
tree | f5010244380013c46804a2986f2a9d6c841d4fa4 /lib | |
parent | 35c466a17eac66dbd8fb91f97e66a2cb0ce4e454 (diff) | |
download | erlang-a5b23718d7b7dae0a12765aeeff68ffd4410b51f.tar.gz |
ssl: Test TLS 1.3 with 1024-bit RSA keys
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/test/ssl_cert_SUITE.erl | 19 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 72 |
2 files changed, 86 insertions, 5 deletions
diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl index 0ba4c8b194..2fe470e281 100644 --- a/lib/ssl/test/ssl_cert_SUITE.erl +++ b/lib/ssl/test/ssl_cert_SUITE.erl @@ -51,7 +51,8 @@ groups() -> {rsa, [], all_version_tests() ++ rsa_tests() ++ pre_tls_1_3_rsa_tests()}, {ecdsa, [], all_version_tests()}, {dsa, [], all_version_tests()}, - {rsa_1_3, [], all_version_tests() ++ rsa_tests() ++ tls_1_3_tests() ++ tls_1_3_rsa_tests()}, + {rsa_1_3, [], all_version_tests() ++ rsa_tests() ++ + tls_1_3_tests() ++ tls_1_3_rsa_tests() ++ [basic_rsa_1024]}, {rsa_pss_rsae, [], all_version_tests() ++ rsa_tests()}, {rsa_pss_rsae_1_3, [], all_version_tests() ++ rsa_tests() ++ tls_1_3_tests() ++ tls_1_3_rsa_tests()}, {rsa_pss_pss, [], all_version_tests() ++ rsa_tests()}, @@ -150,7 +151,8 @@ end_per_suite(_Config) -> init_per_group(Group, Config0) when Group == rsa; Group == rsa_1_3 -> - Config = ssl_test_lib:make_rsa_cert(Config0), + Config1 = ssl_test_lib:make_rsa_cert(Config0), + Config = ssl_test_lib:make_rsa_1024_cert(Config1), COpts = proplists:get_value(client_rsa_opts, Config), SOpts = proplists:get_value(server_rsa_opts, Config), [{cert_key_alg, rsa} | @@ -899,6 +901,19 @@ hello_retry_client_auth_empty_cert_rejected(Config) -> ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, certificate_required). %%-------------------------------------------------------------------- +basic_rsa_1024() -> + [{doc, "TLS 1.3 (Basic): Test if connection can be established using 1024 bits RSA keys in certificates."}]. + +basic_rsa_1024(Config) -> + ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_1024_opts, Config), + ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_1024_opts, Config), + ServerOpts1 = [{versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0], + ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0], + ServerOpts = [{verify, verify_peer}, + {fail_if_no_peer_cert, true} | ServerOpts1], + ssl_test_lib:basic_test(ClientOpts, ServerOpts, Config). + +%%-------------------------------------------------------------------- %% Internal functions ----------------------------------------------- %%-------------------------------------------------------------------- two_digits_str(N) when N < 10 -> diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index ed573198d4..706f0008db 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -1325,8 +1325,13 @@ chain_spec(_Role, ecdsa, Curve) -> chain_spec(_Role, rsa, _) -> Digest = {digest, appropriate_sha(crypto:supports())}, [[Digest, {key, hardcode_rsa_key(1)}], - [Digest, {key, hardcode_rsa_key(2)}], - [Digest, {key, hardcode_rsa_key(3)}]]; + [Digest, {key, hardcode_rsa_key(2)}], + [Digest, {key, hardcode_rsa_key(3)}]]; +chain_spec(_Role, 'rsa-1024', _) -> + Digest = {digest, appropriate_sha(crypto:supports())}, + [[Digest, {key, hardcode_rsa_1024_key(1)}], + [Digest, {key, hardcode_rsa_1024_key(2)}], + [Digest, {key, hardcode_rsa_1024_key(3)}]]; chain_spec(client, rsa_pss_rsae, _) -> Digest = {digest, sha256}, [[Digest, {rsa_padding, rsa_pss_rsae}, {key, hardcode_rsa_key(1)}], @@ -1462,6 +1467,31 @@ make_rsa_cert(Config) -> false -> Config end. + +make_rsa_1024_cert(Config) -> + CryptoSupport = crypto:supports(), + case proplists:get_bool(rsa, proplists:get_value(public_keys, CryptoSupport)) of + true -> + ClientFileBase = filename:join([proplists:get_value(priv_dir, Config), "rsa-1024"]), + ServerFileBase = filename:join([proplists:get_value(priv_dir, Config), "rsa-1024"]), + ClientChain = proplists:get_value(client_chain, Config, default_cert_chain_conf()), + ServerChain = proplists:get_value(server_chain, Config, default_cert_chain_conf()), + CertChainConf = gen_conf('rsa-1024', 'rsa-1024', ClientChain, ServerChain), + GenCertData = public_key:pkix_test_data(CertChainConf), + [{server_config, ServerConf}, + {client_config, ClientConf}] = + x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), + [{server_rsa_1024_opts, [{ssl_imp, new},{reuseaddr, true} | ServerConf]}, + + {server_rsa_1024_verify_opts, [{ssl_imp, new}, {reuseaddr, true}, + {verify, verify_peer} | ServerConf]}, + {client_rsa_1024_opts, ClientConf}, + {client_rsa_1024_verify_opts, [{verify, verify_peer} |ClientConf]} + | Config]; + false -> + Config + end. + appropriate_sha(CryptoSupport) -> Hashes = proplists:get_value(hashs, CryptoSupport), case lists:member(sha256, Hashes) of @@ -3208,6 +3238,41 @@ hardcode_rsa_key(6) -> coefficient = 81173034184183681160439870161505779100040258708276674532866007896310418779840630960490793104541748007902477778658270784073595697910785917474138815202903114440800310078464142273778315781957021015333260021813037604142367434117205299831740956310682461174553260184078272196958146289378701001596552915990080834227, otherPrimeInfos = asn1_NOVALUE}. +hardcode_rsa_1024_key(1) -> + #'RSAPrivateKey'{version = 'two-prime', + modulus = 152618920709346576506952607098028299458615405194120516804067302859774798720862572082626851690572130284910454988859007980367926204341637028795420927026111160369130942718840998292351565050537705794496742217762844103737634290634532232714374862322877076125650783658974242305324207239909234718160759907957502819181, + publicExponent = 17, + privateExponent = 89775835711380339121736827704722529093303179525953245178863119329279293365213277695662853935630664873476738228740592929628191884906845311056129957074183020957315463095429495020547731127789657232144654051871515007759243605000909583210051114028049068215595185959728886310943042856399988846590947179831354428913, + prime1 = 13018105310773689694711101111767176661493882304979760063552973933059514785910240943852845097923711145970844208861778343060919395218474310542285865516544653, + prime2 = 11723589344682921162046319310366118627005968525349821205037572987102618200031016344115630095736447992996683226273798377973464634035204645607416378683745377, + exponent1 = 7657709006337464526300647712804221565584636649988094155031161137093832227006024084619320645837477144688731887565751966506423173657926065024874038539143913, + exponent2 = 11033966442054514034867124056815170472476205670917478781211833399625993600029191853285298913634303993408643036492986708680907890856663195865803650525878001, + coefficient = 7357357483264399363785138527396251818499941660605442417644885251395376792981387533016821796011101917057636813775613592220898054882923958484000235934554630, + otherPrimeInfos = asn1_NOVALUE}; +hardcode_rsa_1024_key(2) -> + #'RSAPrivateKey'{version = 'two-prime', + modulus = 132417984874904377472239436563253515498607309816574784497785056464473431603604973287322746340055062696030016903830406088140534281534301418467490242269156926775506208514027213826501153438861284871625076651352798208559277520683414148048437439635357639033850360133068980157555507518934285770383924814915583919331, + publicExponent = 17, + privateExponent = 116839398419033274240211267555811925439947626308742456909810343939241263179651447018225952652989761202379426679850358313065177307236148310412491390237491385620149263549211570156731410125598364338974865883306073709062002620705336269289633237348474049621806833904576124689232282666798030505410189805859996211233, + prime1 = 12354286715326546399270830019697416039683060665495490476376955068446562229853736822465010796530936501225722243114286822522048306078247961653481711526701259, + prime2 = 10718383661165041035044708868932433765604392896488115438294667272770655136522450030638962957185192634722652306257889603065114923772949624056219896061512009, + exponent1 = 5087059235722695576170341772816583075163613215204025490272863851713290329939773985720886798571562088740003276576471044567902243679278572445551292981582871, + exponent2 = 6304931565391200608849828746430843391531995821463597316643921925159208903836735312140566445403054491013324886034052707685361719866440955327188174153830593, + coefficient = 6764088858264512915296172980190092445938774052616013205418164952211827027745702759906572599388571087295432259160097016323193144471211837074613329649320009, + otherPrimeInfos = asn1_NOVALUE}; +hardcode_rsa_1024_key(3) -> + #'RSAPrivateKey'{version = 'two-prime', + modulus = 132603582566987335579015215397416921308461253540735107996254563101087328483405996961761145905021132317760270172654141110354018131670337351296871719192630978670273323069438897632586026697023844069174787494970866246368200405578784055149230641370998125414763230872277095376893138420738507940599560410343688278361, + publicExponent = 17, + privateExponent = 124803371827752786427308438021098278878551768038338925172945471153964544454970350081657549087078712769656724868380368103862605300395611624749996912181299722918452562565562892031863847812293655197586374503957768862684015202213024002730410420619423541154205461118764880018581745374583581669240937327152309672753, + prime1 = 12202483472094988277172439292742673588688995751099198683383744575043357099902468606144011463115716181768777309695574163698153032647393450605174909802187971, + prime2 = 10866934003248540047676291395653788246732743513485317053446021859209870346149779563425451397497222238159656279714782986335807210805023580459325334557063091, + exponent1 = 3588965727086761257991893909630198114320292867970352553936395463248046205853667237101179842092857700520228620498698283440633244896292191354463208765349403, + exponent2 = 4474619883690575313749061162916265748654659093788071727889538412615828966061673937881068222498856215712799644588440053197097086802068533130310431876437743, + coefficient = 6440880395775803235356940314241907933534073137546236980469653455119937607298142560546736915150573386382326185901566797818281064505978928392351326571984856, + otherPrimeInfos = asn1_NOVALUE}. + + hardcode_dsa_key(1) -> {'DSAPrivateKey',0, 99438313664986922963487511141216248076486724382260996073922424025828494981416579966171753999204426907349400798052572573634137057487829150578821328280864500098312146772602202702021153757550650696224643730869835650674962433068943942837519621267815961566259265204876799778977478160416743037274938277357237615491, @@ -3517,4 +3582,5 @@ test_ciphers(Kex, Cipher, Version) -> {cipher, fun(C) when C == Cipher -> true; (_) -> false - end}]).
\ No newline at end of file + end}]). + |