diff --git a/configure.ac b/configure.ac index c93569ed6..fc37082c6 100644 --- a/configure.ac +++ b/configure.ac @@ -2495,6 +2495,9 @@ fi AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"]) +# check if PSK was enabled for conditionally running psk.test script +AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"]) + # Check for build-type conflicts AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ test "x$ENABLED_LEANPSK" = "xyes"], diff --git a/examples/server/server.c b/examples/server/server.c index d899dacb3..0bea91863 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -257,6 +257,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int useAnyAddr = 0; word16 port = wolfSSLPort; int usePsk = 0; + int usePskPlus = 0; int useAnon = 0; int doDTLS = 0; int needDH = 0; @@ -329,7 +330,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #ifdef WOLFSSL_VXWORKS useAnyAddr = 1; #else - while ((ch = mygetopt(argc, argv, "?dbstnNufrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:")) + while ((ch = mygetopt(argc, argv, "?dbstnNufrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:j")) != -1) { switch (ch) { case '?' : @@ -348,6 +349,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) usePsk = 1; break; + case 'j' : + usePskPlus = 1; + break; + case 't' : #ifdef USE_WOLFSSL_MEMORY trackMemory = 1; @@ -609,7 +614,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - if (!usePsk && !useAnon) { + if ((!usePsk || usePskPlus) && !useAnon) { if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load server cert file, check file and run from" @@ -630,7 +635,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - if (!useNtruKey && !usePsk && !useAnon) { + if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) { if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load server private key file, check file and run " @@ -638,14 +643,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } #endif - if (usePsk) { + if (usePsk || usePskPlus) { #ifndef NO_PSK SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); if (sendPskIdentityHint == 1) SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); - if (cipherList == NULL) { + if (cipherList == NULL && !usePskPlus) { const char *defaultCipherList; #if defined(HAVE_AESGCM) && !defined(NO_DH) defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; @@ -672,13 +677,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - /* if not using PSK, verify peer with certs */ - if (doCliCertCheck && usePsk == 0 && useAnon == 0) { + /* if not using PSK, verify peer with certs + if using PSK Plus then verify peer certs except PSK suites */ + if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) { SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0); + ((usePskPlus)? SSL_VERIFY_FAIL_EXCEPT_PSK : + SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from wolfSSL home dir"); - } + } #endif #if defined(CYASSL_SNIFFER) @@ -795,7 +802,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) wolfSSL_dtls_set_peer(ssl, &cliaddr, len); } #endif - if (usePsk == 0 || useAnon == 1 || cipherList != NULL || needDH == 1) { + if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL + || needDH == 1) { #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN) CyaSSL_SetTmpDH_file(ssl, ourDhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) diff --git a/scripts/include.am b/scripts/include.am index 5b9d38448..5866a554e 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -47,6 +47,9 @@ endif endif +if BUILD_PSK +dist_noinst_SCRIPTS+= scripts/psk.test +endif EXTRA_DIST += scripts/testsuite.pcap # leave openssl.test as extra until non bash works diff --git a/scripts/psk.test b/scripts/psk.test new file mode 100755 index 000000000..01313b91b --- /dev/null +++ b/scripts/psk.test @@ -0,0 +1,152 @@ +#!/bin/sh + +# psk.test +# copyright wolfSSL 2016 + +# getting unique port is modeled after resume.test script +# need a unique port since may run the same time as testsuite +# use server port zero hack to get one +port=0 +no_pid=-1 +server_pid=$no_pid +counter=0 +# let's use absolute path to a local dir (make distcheck may be in sub dir) +# also let's add some randomness by adding pid in case multiple 'make check's +# per source tree +ready_file=`pwd`/wolfssl_psk_ready$$ + +echo "ready file $ready_file" + +create_port() { + while [ ! -s $ready_file -a "$counter" -lt 20 ]; do + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e $ready_file; then + echo -e "found ready file, starting client..." + + # get created port 0 ephemeral port + port=`cat $ready_file` + else + echo -e "NO ready file ending test..." + do_cleanup + fi +} + +remove_ready_file() { + if test -e $ready_file; then + echo -e "removing existing ready file" + rm $ready_file + fi +} + +do_cleanup() { + echo "in cleanup" + + if [ $server_pid != $no_pid ] + then + echo "killing server" + kill -9 $server_pid + fi + remove_ready_file +} + +do_trap() { + echo "got trap" + do_cleanup + exit -1 +} + +trap do_trap INT TERM + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# Usual psk server / psk client. This use case is tested in +# tests/unit.test and is used here for just checking if PSK is enabled +port=0 +./examples/server/server -s -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -s -p $port +RESULT=$? +remove_ready_file +# if fail here then is a settings issue so return 0 +if [ $RESULT -ne 0 ]; then + echo -e "\n\nPSK not enabled" + do_cleanup + exit 0 +fi +echo "" + +# client test against the server +############################### + +# usual psk server / psk client +port=0 +./examples/server/server -j -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -s -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -ne 0 ]; then + echo -e "\n\nClient connection failed" + do_cleanup + exit 1 +fi +echo "" + +# Usual server / client. This use case is tested in +# tests/unit.test and is used here for just checking if cipher suite +# is available (one case for example is with disable-asn) +port=0 +./examples/server/server -R $ready_file -p $port -l DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-DES-CBC3-SHA & +server_pid=$! +create_port +./examples/client/client -p $port +RESULT=$? +remove_ready_file +# if fail here then is a settings issue so return 0 +if [ $RESULT -ne 0 ]; then + echo -e "\n\nIssue with choosen non PSK suites" + do_cleanup + exit 0 +fi +echo "" + +# psk server with non psk client +port=0 +./examples/server/server -j -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -ne 0 ]; then + echo -e "\n\nClient connection failed" + do_cleanup + exit 1 +fi +echo "" + +# check fail if no auth, psk server with non psk client +echo "Checking fail when not sending peer cert" +port=0 +./examples/server/server -j -R $ready_file -p $port & +server_pid=$! +create_port +./examples/client/client -x -p $port +RESULT=$? +remove_ready_file +if [ $RESULT -eq 0 ]; then + echo -e "\n\nClient connected when supposed to fail" + do_cleanup + exit 1 +fi + +echo -e "\nALL Tests Passed" + +exit 0 + diff --git a/src/internal.c b/src/internal.c index f1cbab102..0dca6aaec 100644 --- a/src/internal.c +++ b/src/internal.c @@ -524,6 +524,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method) #ifdef HAVE_ECC if (method->side == WOLFSSL_CLIENT_END) { ctx->haveECDSAsig = 1; /* always on cliet side */ + ctx->haveECC = 1; /* server turns on with ECC key cert */ ctx->haveStaticECC = 1; /* server can turn on by loading key */ } #endif @@ -801,7 +802,8 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveNTRU, - word16 haveECDSAsig, word16 haveStaticECC, int side) + word16 haveECDSAsig, word16 haveECC, + word16 haveStaticECC, int side) { word16 idx = 0; int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; @@ -816,6 +818,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, (void)havePSK; (void)haveNTRU; (void)haveStaticECC; + (void)haveECC; if (suites == NULL) { WOLFSSL_MSG("InitSuites pointer error"); @@ -889,14 +892,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; } @@ -945,14 +948,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - if (tls1_2 && haveECDSAsig && haveStaticECC) { + if (tls1_2 && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveECDSAsig && haveStaticECC) { + if (tls1_2 && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256; } @@ -1001,7 +1004,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256; } @@ -1029,7 +1032,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256; } @@ -1043,7 +1046,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - if (tls1_2 && haveECDSAsig && haveStaticECC) { + if (tls1_2 && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256; } @@ -1057,7 +1060,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384; } @@ -1071,63 +1074,63 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - if (tls1_2 && haveECDSAsig && haveStaticECC) { + if (tls1_2 && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - if (tls && haveECDSAsig) { + if (tls && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - if (tls && haveECDSAsig && haveStaticECC) { + if (tls && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - if (tls && haveECDSAsig) { + if (tls && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - if (tls && haveECDSAsig && haveStaticECC) { + if (tls && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - if (!dtls && tls && haveECDSAsig) { + if (!dtls && tls && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - if (!dtls && tls && haveECDSAsig && haveStaticECC) { + if (!dtls && tls && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveECDSAsig) { + if (tls && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveECDSAsig && haveStaticECC) { + if (tls && haveECC && haveStaticECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA; } @@ -1190,14 +1193,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8; } @@ -1274,7 +1277,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - if (tls1_2 && haveECDSAsig) { + if (tls1_2 && haveECC) { suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256; @@ -1296,7 +1299,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - if (tls && haveECDSAsig) { + if (tls && haveECC) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA; } @@ -1817,6 +1820,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->options.haveNTRU = ctx->haveNTRU; ssl->options.haveECDSAsig = ctx->haveECDSAsig; + ssl->options.haveECC = ctx->haveECC; ssl->options.haveStaticECC = ctx->haveStaticECC; #ifndef NO_PSK @@ -1835,10 +1839,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->options.sessionCacheOff = ctx->sessionCacheOff; ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff; - ssl->options.verifyPeer = ctx->verifyPeer; - ssl->options.verifyNone = ctx->verifyNone; - ssl->options.failNoCert = ctx->failNoCert; - ssl->options.sendVerify = ctx->sendVerify; + ssl->options.verifyPeer = ctx->verifyPeer; + ssl->options.verifyNone = ctx->verifyNone; + ssl->options.failNoCert = ctx->failNoCert; + ssl->options.failNoCertxPSK = ctx->failNoCertxPSK; + ssl->options.sendVerify = ctx->sendVerify; ssl->heap = ctx->heap; /* defaults to self */ ssl->options.partialWrite = ctx->partialWrite; @@ -1879,12 +1884,13 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) if (ssl->options.side == WOLFSSL_SERVER_END) InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveStaticECC, - ssl->options.side); + ssl->options.haveECDSAsig, ssl->options.haveECC, + ssl->options.haveStaticECC, ssl->options.side); else InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE, ssl->options.haveNTRU, ssl->options.haveECDSAsig, - ssl->options.haveStaticECC, ssl->options.side); + ssl->options.haveECC, ssl->options.haveStaticECC, + ssl->options.side); #ifndef NO_CERTS /* make sure server has cert and key unless using PSK or Anon @@ -3785,7 +3791,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) enum { REQUIRES_RSA, REQUIRES_DHE, - REQUIRES_ECC_DSA, + REQUIRES_ECC, REQUIRES_ECC_STATIC, REQUIRES_PSK, REQUIRES_NTRU, @@ -3810,7 +3816,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) break; case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -3827,7 +3833,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) break; case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -3907,7 +3913,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #ifndef NO_DES3 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -3918,7 +3924,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #endif #ifndef NO_RC4 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -3942,7 +3948,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #endif case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -3952,7 +3958,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) break; case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -3962,12 +3968,12 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) break; case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -4033,19 +4039,19 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; if (requirement == REQUIRES_ECC_STATIC) return 1; @@ -4068,7 +4074,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) break; case TLS_ECDHE_ECDSA_WITH_NULL_SHA : - if (requirement == REQUIRES_ECC_DSA) + if (requirement == REQUIRES_ECC) return 1; break; @@ -15723,10 +15729,10 @@ int DoSessionTicket(WOLFSSL* ssl, } } - if (CipherRequires(first, second, REQUIRES_ECC_DSA)) { - WOLFSSL_MSG("Requires ECCDSA"); - if (ssl->options.haveECDSAsig == 0) { - WOLFSSL_MSG("Don't have ECCDSA"); + if (CipherRequires(first, second, REQUIRES_ECC)) { + WOLFSSL_MSG("Requires ECC"); + if (ssl->options.haveECC == 0) { + WOLFSSL_MSG("Don't have ECC"); return 0; } } @@ -15912,8 +15918,8 @@ int DoSessionTicket(WOLFSSL* ssl, InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveStaticECC, - ssl->options.side); + ssl->options.haveECDSAsig, ssl->options.haveECC, + ssl->options.haveStaticECC, ssl->options.side); } /* suite size */ @@ -16120,8 +16126,8 @@ int DoSessionTicket(WOLFSSL* ssl, #endif InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveStaticECC, - ssl->options.side); + ssl->options.haveECDSAsig, ssl->options.haveECC, + ssl->options.haveStaticECC, ssl->options.side); } /* random */ @@ -16936,6 +16942,14 @@ int DoSessionTicket(WOLFSSL* ssl, return NO_PEER_CERT; } } + + if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) { + if (!ssl->options.havePeerCert && + !ssl->options.usingPSK_cipher){ + WOLFSSL_MSG("client didn't present peer cert"); + return NO_PEER_CERT; + } + } #endif #ifdef WOLFSSL_CALLBACKS diff --git a/src/ssl.c b/src/ssl.c index c9ec2c951..4973ac80a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -515,7 +515,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, #endif InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveECDSAsig, - ssl->options.haveStaticECC, ssl->options.side); + ssl->options.haveECC, ssl->options.haveStaticECC, + ssl->options.side); WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0); return SSL_SUCCESS; @@ -2059,7 +2060,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveECDSAsig, - ssl->options.haveStaticECC, ssl->options.side); + ssl->options.haveECC, ssl->options.haveStaticECC, + ssl->options.side); return SSL_SUCCESS; } @@ -3182,10 +3184,26 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, } #ifdef HAVE_ECC - if (ctx) + if (ctx) { ctx->pkCurveOID = cert->pkCurveOID; - if (ssl) + #ifndef WC_STRICT_SIG + if (cert->keyOID == ECDSAk) { + ctx->haveECC = 1; + } + #else + ctx->haveECC = ctx->haveECDSAsig; + #endif + } + if (ssl) { ssl->pkCurveOID = cert->pkCurveOID; + #ifndef WC_STRICT_SIG + if (cert->keyOID == ECDSAk) { + ssl->options.haveECC = 1; + } + #else + ssl->options.haveECC = ssl->options.haveECDSAsig; + #endif + } #endif FreeDecodedCert(cert); @@ -4608,6 +4626,11 @@ void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc) if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) ctx->failNoCert = 1; + if (mode & SSL_VERIFY_FAIL_EXCEPT_PSK) { + ctx->failNoCert = 0; /* fail on all is set to fail on PSK */ + ctx->failNoCertxPSK = 1; + } + ctx->verifyCallback = vc; } @@ -4628,6 +4651,11 @@ void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc) if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) ssl->options.failNoCert = 1; + if (mode & SSL_VERIFY_FAIL_EXCEPT_PSK) { + ssl->options.failNoCert = 0; /* fail on all is set to fail on PSK */ + ssl->options.failNoCertxPSK = 1; + } + ssl->verifyCallback = vc; } @@ -7170,8 +7198,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif InitSuites(ssl->suites, ssl->version, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveStaticECC, - ssl->options.side); + ssl->options.haveECDSAsig, ssl->options.haveECC, + ssl->options.haveStaticECC, ssl->options.side); } @@ -7197,8 +7225,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif InitSuites(ssl->suites, ssl->version, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveStaticECC, - ssl->options.side); + ssl->options.haveECDSAsig, ssl->options.haveECC, + ssl->options.haveStaticECC, ssl->options.side); } @@ -7603,8 +7631,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveStaticECC, - ssl->options.side); + ssl->options.haveECDSAsig, ssl->options.haveECC, + ssl->options.haveStaticECC, ssl->options.side); } #endif @@ -17074,6 +17102,9 @@ int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx) if (ctx->failNoCert) mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + if (ctx->failNoCertxPSK) + mode |= SSL_VERIFY_FAIL_EXCEPT_PSK; + WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode); return mode; } diff --git a/tests/include.am b/tests/include.am index 2a3f9baf0..e0a82a405 100644 --- a/tests/include.am +++ b/tests/include.am @@ -22,5 +22,6 @@ EXTRA_DIST += tests/unit.h EXTRA_DIST += tests/test.conf \ tests/test-qsh.conf \ tests/test-psk-no-id.conf \ - tests/test-dtls.conf + tests/test-dtls.conf \ + tests/test-sig.conf DISTCLEANFILES+= tests/.libs/unit.test diff --git a/tests/suites.c b/tests/suites.c index ebd2dae98..4a16770e6 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -498,8 +498,18 @@ int SuiteTest(void) exit(EXIT_FAILURE); } #endif +#ifndef WC_STRICT_SIG + /* add extra signature test suites */ + strcpy(argv0[1], "tests/test-sig.conf"); + printf("starting sig extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } +#endif #ifdef HAVE_QSH - /* add dtls extra suites */ + /* add QSH extra suites */ strcpy(argv0[1], "tests/test-qsh.conf"); printf("starting qsh extra cipher suite tests\n"); test_harness(&args); diff --git a/tests/test-sig.conf b/tests/test-sig.conf new file mode 100644 index 000000000..db643c5c2 --- /dev/null +++ b/tests/test-sig.conf @@ -0,0 +1,198 @@ +# server TLSv1 ECDHE-ECDSA-DES3 +-v 1 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-DES3 +-v 1 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-cert.pem + +# server TLSv1 ECDHE-ECDSA-AES128 +-v 1 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-AES128 +-v 1 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/server-ecc.pem + +# server TLSv1 ECDHE-ECDSA-AES128 +-v 1 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-AES128 +-v 1 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-cert.pem + +# server TLSv1 ECDHE-ECDSA-AES256 +-v 1 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-AES256 +-v 1 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-DES3 +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-DES3 +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-AES128 +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-AES128 +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/server-ecc.pem + +# server TLSv1.1 ECDHE-ECDSA-AES128 +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-AES128 +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-AES256 +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-AES256 +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-DES3 +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-DES3 +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128 +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128 +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/server-ecc.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256 +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256 +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDH-ECDSA-AES128-SHA256 +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDH-ECDSA-AES256 +-v 3 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES256 +-v 3 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-A ./certs/ca-cert.pem + diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5ecfd6858..bb835db98 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1302,7 +1302,7 @@ typedef struct Suites { WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, word16, word16, word16, word16, - word16, word16, int); + word16, word16, word16, int); WOLFSSL_LOCAL int SetCipherList(Suites*, const char* list); @@ -1818,10 +1818,12 @@ struct WOLFSSL_CTX { byte verifyPeer; byte verifyNone; byte failNoCert; + byte failNoCertxPSK; /* fail if no cert with the exception of PSK*/ byte sessionCacheOff; byte sessionCacheFlushOff; byte sendVerify; /* for client side */ byte haveRSA; /* RSA available */ + byte haveECC; /* ECC available */ byte haveDH; /* server DH parms set by user */ byte haveNTRU; /* server private NTRU key loaded */ byte haveECDSAsig; /* server cert signed w/ ECDSA */ @@ -2216,6 +2218,7 @@ typedef struct Options { word16 verifyPeer:1; word16 verifyNone:1; word16 failNoCert:1; + word16 failNoCertxPSK:1; /* fail for no cert except with PSK */ word16 downgrade:1; /* allow downgrade of versions */ word16 resuming:1; word16 haveSessionId:1; /* server may not send */ @@ -2228,6 +2231,7 @@ typedef struct Options { word16 sentNotify:1; /* we've sent a close notify */ word16 usingCompression:1; /* are we using compression */ word16 haveRSA:1; /* RSA available */ + word16 haveECC:1; /* ECC available */ word16 haveDH:1; /* server DH parms set by user */ word16 haveNTRU:1; /* server NTRU private key loaded */ word16 haveQSH:1; /* have QSH ability */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f92e3cd5a..6e965561e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -698,6 +698,7 @@ enum { /* ssl Constants */ SSL_VERIFY_PEER = 1, SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, SSL_VERIFY_CLIENT_ONCE = 4, + SSL_VERIFY_FAIL_EXCEPT_PSK = 8, SSL_SESS_CACHE_OFF = 30, SSL_SESS_CACHE_CLIENT = 31,