diff options
-rw-r--r-- | cmd/selfserv/selfserv.c | 53 | ||||
-rw-r--r-- | cmd/tstclnt/tstclnt.c | 26 | ||||
-rwxr-xr-x | tests/ssl/ssl.sh | 28 | ||||
-rw-r--r-- | tests/ssl/sslauth.txt | 4 |
4 files changed, 94 insertions, 17 deletions
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index 1784c9ee3..6c00d3a15 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -233,7 +233,9 @@ PrintParameterUsage() " ecdsa_secp521r1_sha512,\n" " rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,\n" " rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512,\n" - "-Z enable 0-RTT (for TLS 1.3; also use -u)\n", + "-Z enable 0-RTT (for TLS 1.3; also use -u)\n" + "-E enable post-handshake authentication\n" + " (for TLS 1.3; only has an effect with 3 or more -r options)\n", stderr); } @@ -804,6 +806,7 @@ PRBool failedToNegotiateName = PR_FALSE; PRBool enableExtendedMasterSecret = PR_FALSE; PRBool zeroRTT = PR_FALSE; PRBool enableALPN = PR_FALSE; +PRBool enablePostHandshakeAuth = PR_FALSE; SSLNamedGroup *enabledGroups = NULL; unsigned int enabledGroupsCount = 0; const SSLSignatureScheme *enabledSigSchemes = NULL; @@ -1431,15 +1434,28 @@ handle_connection(PRFileDesc *tcp_sock, PRFileDesc *model_sock) errWarn("second SSL_OptionSet SSL_REQUIRE_CERTIFICATE"); break; } - rv = SSL_ReHandshake(ssl_sock, PR_TRUE); - if (rv != 0) { - errWarn("SSL_ReHandshake"); - break; - } - rv = SSL_ForceHandshake(ssl_sock); - if (rv < 0) { - errWarn("SSL_ForceHandshake"); - break; + if (enablePostHandshakeAuth) { + rv = SSL_SendCertificateRequest(ssl_sock); + if (rv != SECSuccess) { + errWarn("SSL_SendCertificateRequest"); + break; + } + rv = SSL_ForceHandshake(ssl_sock); + if (rv != SECSuccess) { + errWarn("SSL_ForceHandshake"); + break; + } + } else { + rv = SSL_ReHandshake(ssl_sock, PR_TRUE); + if (rv != 0) { + errWarn("SSL_ReHandshake"); + break; + } + rv = SSL_ForceHandshake(ssl_sock); + if (rv < 0) { + errWarn("SSL_ForceHandshake"); + break; + } } } } @@ -1948,6 +1964,16 @@ server_main( } } + if (enablePostHandshakeAuth) { + if (enabledVersions.max < SSL_LIBRARY_VERSION_TLS_1_3) { + errExit("You tried enabling post-handshake auth without enabling TLS 1.3!"); + } + rv = SSL_OptionSet(model_sock, SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE); + if (rv != SECSuccess) { + errExit("error enabling post-handshake auth"); + } + } + if (enableALPN) { PRUint8 alpnVal[] = { 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 }; @@ -2223,7 +2249,7 @@ main(int argc, char **argv) ** in 3.28, please leave some time before resuing those. ** 'z' was removed in 3.39. */ optstate = PL_CreateOptState(argc, argv, - "2:A:C:DGH:I:J:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:y"); + "2:A:C:DEGH:I:J:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:y"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++optionsFound; switch (optstate->option) { @@ -2243,6 +2269,11 @@ main(int argc, char **argv) case 'D': noDelay = PR_TRUE; break; + + case 'E': + enablePostHandshakeAuth = PR_TRUE; + break; + case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break; diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c index 520eeff64..bc0cbfa76 100644 --- a/cmd/tstclnt/tstclnt.c +++ b/cmd/tstclnt/tstclnt.c @@ -221,7 +221,7 @@ PrintUsageHeader() fprintf(stderr, "Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n" " [-D | -d certdir] [-C] [-b | -R root-module] \n" - " [-n nickname] [-Bafosvx] [-c ciphers] [-Y] [-Z]\n" + " [-n nickname] [-Bafosvx] [-c ciphers] [-Y] [-Z] [-E]\n" " [-V [min-version]:[max-version]] [-K] [-T] [-U]\n" " [-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n" " [-I groups] [-J signatureschemes]\n" @@ -311,6 +311,9 @@ PrintParameterUsage() fprintf(stderr, "%-20s Use DTLS\n", "-P {client, server}"); fprintf(stderr, "%-20s Exit after handshake\n", "-Q"); fprintf(stderr, "%-20s Encrypted SNI Keys\n", "-N"); + fprintf(stderr, "%-20s Enable post-handshake authentication\n" + "%-20s for TLS 1.3; need to specify -n\n", + "-E", ""); } static void @@ -989,6 +992,7 @@ PRBool requestToExit = PR_FALSE; char *versionString = NULL; PRBool handshakeComplete = PR_FALSE; char *encryptedSNIKeys = NULL; +PRBool enablePostHandshakeAuth = PR_FALSE; static int writeBytesToServer(PRFileDesc *s, const PRUint8 *buf, int nb) @@ -1410,6 +1414,15 @@ run() goto done; } + if (enablePostHandshakeAuth) { + rv = SSL_OptionSet(s, SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE); + if (rv != SECSuccess) { + SECU_PrintError(progName, "error enabling post-handshake auth"); + error = 1; + goto done; + } + } + if (enabledGroups) { rv = SSL_NamedGroupConfig(s, enabledGroups, enabledGroupsCount); if (rv < 0) { @@ -1707,7 +1720,7 @@ main(int argc, char **argv) * Please leave some time before reusing these. */ optstate = PL_CreateOptState(argc, argv, - "46A:CDFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:"); + "46A:CDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:fgh:m:n:op:qr:st:uvw:"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -1738,6 +1751,10 @@ main(int argc, char **argv) openDB = PR_FALSE; break; + case 'E': + enablePostHandshakeAuth = PR_TRUE; + break; + case 'F': if (serverCertAuth.testFreshStatusFromSideChannel) { /* parameter given twice or more */ @@ -1988,6 +2005,11 @@ main(int argc, char **argv) exit(1); } + if (enablePostHandshakeAuth && !nickname) { + fprintf(stderr, "%s: -E requires the use of -n\n", progName); + exit(1); + } + PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc(SECU_GetModulePassword); diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh index 525855e10..3c3d4206b 100755 --- a/tests/ssl/ssl.sh +++ b/tests/ssl/ssl.sh @@ -220,18 +220,20 @@ start_selfserv() else RSA_OPTIONS="-n ${HOSTADDR}-rsa-pss" fi + SERVER_VMIN=${SERVER_VMIN-ssl3} + SERVER_VMAX=${SERVER_VMAX-tls1.2} echo "selfserv starting at `date`" echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} ${RSA_OPTIONS} ${SERVER_OPTIONS} \\" echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID}\\" - echo " -V ssl3:tls1.2 $verbose -H 1 &" + echo " -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 &" if [ ${fileout} -eq 1 ]; then ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} ${RSA_OPTIONS} ${SERVER_OPTIONS} \ - ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID} -V ssl3:tls1.2 $verbose -H 1 \ + ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID} -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 \ > ${SERVEROUTFILE} 2>&1 & RET=$? else ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} ${RSA_OPTIONS} ${SERVER_OPTIONS} \ - ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID} -V ssl3:tls1.2 $verbose -H 1 & + ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss "$@" -i ${R_SERVERPID} -V ${SERVER_VMIN}:${SERVER_VMAX} $verbose -H 1 & RET=$? fi @@ -388,6 +390,8 @@ ssl_auth() do echo "${testname}" | grep "don't require client auth" > /dev/null CAUTH=$? + echo "${testname}" | grep "TLS 1.3" > /dev/null + TLS13=$? if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" @@ -399,6 +403,13 @@ ssl_auth() cparam=`echo $cparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" ` sparam=`echo $sparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" ` fi + # SSL3 cannot be used with TLS 1.3 + unset SERVER_VMIN + unset SERVER_VMAX + if [ $TLS13 -eq 0 ] ; then + SERVER_VMIN=tls1.0 + SERVER_VMAX=tls1.3 + fi start_selfserv `echo "$sparam" | sed -e 's,_, ,g'` echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\" @@ -669,9 +680,18 @@ ssl_crl_ssl() ignore_blank_lines ${SSLAUTH} | \ while read ectype value sparam cparam testname do + echo "${testname}" | grep "TLS 1.3" > /dev/null + TLS13=$? if [ "$ectype" = "SNI" ]; then continue else + # SSL3 cannot be used with TLS 1.3 + unset SERVER_VMIN + unset SERVER_VMAX + if [ $TLS13 -eq 0 ] ; then + SERVER_VMIN=tls1.0 + SERVER_VMAX=tls1.3 + fi servarg=`echo $sparam | awk '{r=split($0,a,"-r") - 1;print r;}'` pwd=`echo $cparam | grep nss` user=`echo $cparam | grep TestUser` @@ -1039,7 +1059,7 @@ ssl_crl_cache() rm -f ${SSLAUTH_TMP} echo ${SSLAUTH_TMP} - grep -- " $SERV_ARG " ${SSLAUTH} | grep -v "^#" | grep -v none | grep -v bogus > ${SSLAUTH_TMP} + grep -- " $SERV_ARG " ${SSLAUTH} | grep -v "^#" | grep -v none | grep -v bogus | grep -v 'post hs' > ${SSLAUTH_TMP} echo $? while [ $? -eq 0 -a -f ${SSLAUTH_TMP} ] do diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt index 82d1ddea4..a84630f06 100644 --- a/tests/ssl/sslauth.txt +++ b/tests/ssl/sslauth.txt @@ -38,6 +38,10 @@ noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Require client auth on 2nd hs (client does not provide auth) noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password) noECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth) + noECC 0 -r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs (client auth) + noECC 0 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Require client auth on post hs (client auth) + noECC 0 -r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Request don't require client auth on post hs (client does not provide auth) + noECC 1 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Require client auth on post hs (client does not provide auth) # # Use EC cert for client authentication # |