OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c

   1 /*
   2  * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 #include <stdio.h>
  26 #include <stdlib.h>
  27 #include <Security/SecureTransportPriv.h>
  28 #include <AssertMacros.h>
  29
  30 #include "ssl_regressions.h"
  31 #include "ssl-utils.h"
  32
  33
  34 #include "cipherSpecs.h"
  35
  36 static int test_GetSupportedCiphers(SSLContextRef ssl, bool server)
  37 {
  38     size_t max_ciphers = 0;
  39     int fail=1;
  40     SSLCipherSuite *ciphers = NULL;
  41
  42     require_noerr(SSLGetNumberSupportedCiphers(ssl, &max_ciphers), out);
  43
  44     size_t size = max_ciphers * sizeof (SSLCipherSuite);
  45     ciphers = (SSLCipherSuite *) malloc(size);
  46
  47     require_string(ciphers, out, "out of memory");
  48     memset(ciphers, 0xff, size);
  49
  50     size_t num_ciphers = max_ciphers;
  51     require_noerr(SSLGetSupportedCiphers(ssl, ciphers, &num_ciphers), out);
  52
  53     for (size_t i = 0; i < num_ciphers; i++) {
  54         require(ciphers[i]!=(SSLCipherSuite)(-1), out);
  55     }
  56
  57     /* Success! */
  58     fail=0;
  59
  60 out:
  61     if(ciphers) free(ciphers);
  62     return fail;
  63 }
  64
  65 static
  66 int allowed_default_ciphers(SSLCipherSuite cs, bool server, bool dhe_enabled)
  67 {
  68     switch (cs) {
  69
  70         /* BAD to enable by default */
  71
  72
  73         /*
  74          * Tags for SSL 2 cipher kinds which are not specified
  75          * for SSL 3.
  76          */
  77         case SSL_RSA_WITH_RC2_CBC_MD5:
  78         case SSL_RSA_WITH_IDEA_CBC_MD5:
  79         case SSL_RSA_WITH_DES_CBC_MD5:
  80         case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
  81
  82         /* Export and Simple DES ciphers */
  83         case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
  84         case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
  85         case SSL_RSA_WITH_IDEA_CBC_SHA:
  86         case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
  87         case SSL_RSA_WITH_DES_CBC_SHA:
  88         case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
  89         case SSL_DH_DSS_WITH_DES_CBC_SHA:
  90         case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
  91         case SSL_DH_RSA_WITH_DES_CBC_SHA:
  92         case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
  93         case SSL_DHE_DSS_WITH_DES_CBC_SHA:
  94         case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
  95         case SSL_DHE_RSA_WITH_DES_CBC_SHA:
  96         case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
  97         case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
  98         case SSL_DH_anon_WITH_DES_CBC_SHA:
  99         case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
 100         case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
 101
 102         case SSL_NO_SUCH_CIPHERSUITE:
 103
 104         /* Null ciphers. */
 105         case TLS_NULL_WITH_NULL_NULL:
 106         case TLS_RSA_WITH_NULL_MD5:
 107         case TLS_RSA_WITH_NULL_SHA:
 108         case TLS_RSA_WITH_NULL_SHA256:
 109         case TLS_ECDH_ECDSA_WITH_NULL_SHA:
 110         case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
 111         case TLS_ECDHE_RSA_WITH_NULL_SHA:
 112         case TLS_ECDH_RSA_WITH_NULL_SHA:
 113         case TLS_ECDH_anon_WITH_NULL_SHA:
 114
 115         /* Completely anonymous Diffie-Hellman */
 116         case TLS_DH_anon_WITH_RC4_128_MD5:
 117         case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
 118         case TLS_DH_anon_WITH_AES_128_CBC_SHA:
 119         case TLS_DH_anon_WITH_AES_256_CBC_SHA:
 120         case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
 121         case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
 122         case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
 123         case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
 124         case TLS_ECDH_anon_WITH_RC4_128_SHA:
 125         case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
 126         case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
 127         case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
 128
 129
 130         /* Sstatic Diffie-Hellman and DSS */
 131         case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
 132         case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
 133         case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
 134         case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
 135         case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
 136         case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
 137         case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
 138         case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
 139         case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
 140         case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
 141         case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
 142         case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
 143         case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
 144         case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
 145         case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
 146         case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
 147         case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
 148         case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
 149         case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
 150         case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
 151         case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
 152
 153             return 0;
 154
 155
 156         /* OK to enable by default on the client only (not supported on server) */
 157         case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
 158         case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
 159         case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
 160         case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
 161         case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
 162         case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
 163         case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
 164         case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
 165         case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
 166         case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
 167         case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
 168         case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
 169         case TLS_ECDH_RSA_WITH_RC4_128_SHA:
 170         case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
 171         case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
 172         case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
 173             return !server;
 174
 175         /* OK to enable by default for both client and server */
 176
 177         case TLS_RSA_WITH_RC4_128_MD5:
 178         case TLS_RSA_WITH_RC4_128_SHA:
 179         case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
 180         case TLS_RSA_WITH_AES_128_CBC_SHA:
 181         case TLS_RSA_WITH_AES_256_CBC_SHA:
 182         case TLS_RSA_WITH_AES_128_CBC_SHA256:
 183         case TLS_RSA_WITH_AES_256_CBC_SHA256:
 184         case TLS_RSA_WITH_AES_128_GCM_SHA256:
 185         case TLS_RSA_WITH_AES_256_GCM_SHA384:
 186
 187
 188         case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
 189         case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
 190         case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
 191         case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
 192         case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
 193         case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
 194         case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
 195         case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
 196         case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
 197         case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
 198         case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
 199         case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
 200         case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
 201         case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
 202         case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
 203         case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
 204             return 1;
 205
 206         case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
 207         case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
 208         case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
 209         case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
 210         case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
 211         case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
 212         case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
 213             return dhe_enabled;
 214
 215         /* RFC 5746 - Secure Renegotiation - not specified by the user or returned by APIs*/
 216         case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
 217             return 0;
 218
 219         /* unknown cipher ? */
 220         default:
 221             return 0;
 222     }
 223 }
 224
 225 static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length)
 226 {
 227     return errSSLWouldBlock;
 228 }
 229
 230 static OSStatus SocketRead(SSLConnectionRef conn, void *data, size_t *length)
 231 {
 232     return errSSLWouldBlock;
 233 }
 234
 235
 236 static int test_GetEnabledCiphers(SSLContextRef ssl, bool server, bool dhe_enabled)
 237 {
 238     size_t max_ciphers = 0;
 239     size_t num_ciphers;
 240     size_t num_ciphers_2;
 241     size_t size;
 242     int fail=1;
 243     SSLCipherSuite *ciphers = NULL;
 244     SSLCipherSuite *ciphers_2 = NULL;
 245     OSStatus err;
 246
 247     err=SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite);
 248     err=SSLSetConnection(ssl, NULL);
 249
 250     require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out);
 251
 252     err=SSLHandshake(ssl);
 253
 254     require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out);
 255
 256     require(max_ciphers == (dhe_enabled?32:25), out);
 257
 258     size = max_ciphers * sizeof (SSLCipherSuite);
 259     ciphers = (SSLCipherSuite *) malloc(size);
 260     require_string(ciphers, out, "out of memory");
 261     memset(ciphers, 0xff, size);
 262
 263     num_ciphers = max_ciphers;
 264     require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
 265
 266     //printf("Ciphers Enabled before first handshake: %zd\n", num_ciphers);
 267
 268     for (size_t i = 0; i < num_ciphers; i++) {
 269         char csname[256];
 270         snprintf(csname, 256, "(%04x) %s", ciphers[i], ciphersuite_name(ciphers[i]));
 271         /* Uncomment the next line if you want to list the default enabled ciphers */
 272         //printf("%s\n", csname);
 273         require_string(allowed_default_ciphers(ciphers[i], server, dhe_enabled), out, csname);
 274     }
 275
 276     err=SSLHandshake(ssl);
 277
 278     require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out);
 279
 280     size = max_ciphers * sizeof (SSLCipherSuite);
 281     ciphers_2 = (SSLCipherSuite *) malloc(size);
 282     require_string(ciphers_2, out, "out of memory");
 283     memset(ciphers_2, 0xff, size);
 284
 285     num_ciphers_2 = max_ciphers;
 286     require_noerr(SSLGetEnabledCiphers(ssl, ciphers_2, &num_ciphers_2), out);
 287
 288     //printf("Ciphers Enabled after first handshake: %zd\n", num_ciphers_2);
 289
 290     for (size_t i = 0; i < num_ciphers_2; i++) {
 291         char csname[256];
 292         snprintf(csname, 256, "(%04x) %s", ciphers_2[i], ciphersuite_name(ciphers_2[i]));
 293         /* Uncomment the next line if you want to list the default enabled ciphers */
 294         //printf("%s\n", csname);
 295     }
 296
 297     require(num_ciphers_2 == num_ciphers, out);
 298     require((memcmp(ciphers, ciphers_2, num_ciphers*sizeof(uint16_t)) == 0), out);
 299
 300     /* Success! */
 301     fail=0;
 302
 303 out:
 304     if(ciphers) free(ciphers);
 305     if(ciphers_2) free(ciphers_2);
 306     return fail;
 307 }
 308
 309 static int test_SetEnabledCiphers(SSLContextRef ssl, bool server)
 310 {
 311     int fail=1;
 312     size_t num_enabled;
 313
 314     /* This should not fail as long as we have one valid cipher in this table */
 315     SSLCipherSuite ciphers[] = {
 316         SSL_RSA_WITH_RC2_CBC_MD5, /* unsupported */
 317         TLS_RSA_WITH_NULL_SHA, /* supported by not enabled by default */
 318         TLS_RSA_WITH_AES_128_CBC_SHA, /* Supported and enabled by default */
 319     };
 320
 321     require_noerr(SSLSetEnabledCiphers(ssl, ciphers, sizeof(ciphers)/sizeof(SSLCipherSuite)), out);
 322     require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_enabled), out);
 323
 324     require(num_enabled==2, out); /* 2 ciphers in the above table are supported */
 325
 326     /* Success! */
 327     fail=0;
 328
 329 out:
 330     return fail;
 331 }
 332
 333
 334 static void
 335 test(SSLProtocolSide side, bool dhe_enabled)
 336 {
 337     SSLContextRef ssl = NULL;
 338     bool server = (side == kSSLServerSide);
 339
 340     require(ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType), out);
 341     ok(ssl, "SSLCreateContext failed");
 342
 343     ok_status(SSLSetDHEEnabled(ssl, dhe_enabled));
 344
 345     /* The order of this tests does matter, be careful when adding tests */
 346     ok(!test_GetSupportedCiphers(ssl, server), "GetSupportedCiphers test failed");
 347     ok(!test_GetEnabledCiphers(ssl, server, dhe_enabled), "GetEnabledCiphers test failed");
 348
 349     CFRelease(ssl); ssl=NULL;
 350
 351     require(ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType), out);
 352     ok(ssl, "SSLCreateContext failed");
 353
 354     ok(!test_SetEnabledCiphers(ssl, server), "SetEnabledCiphers test failed");
 355
 356 out:
 357     if(ssl) CFRelease(ssl);
 358 }
 359
 360
 361 int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv)
 362 {
 363     plan_tests(24);
 364
 365     test(kSSLClientSide, true);
 366     test(kSSLServerSide, true);
 367     test(kSSLClientSide, false);
 368     test(kSSLServerSide, false);
 369
 370
 371     return 0;
 372 }
 373