1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
import copy
import pytest
from configuration import (available_ports, ALL_TEST_CIPHERS, PROTOCOLS)
from common import Certificates, ProviderOptions, Protocols, data_bytes, Signatures
from fixtures import managed_process # lgtm [py/unused-import]
from global_flags import S2N_PROVIDER_VERSION, get_flag
from providers import Provider, S2N, GnuTLS, OpenSSL
from test_signature_algorithms import signature_marker
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes
# If we test every available cert, the test takes too long.
# Choose a good representative subset.
CERTS_TO_TEST = [
Certificates.RSA_1024_SHA256,
Certificates.RSA_4096_SHA512,
Certificates.ECDSA_256,
Certificates.ECDSA_384,
Certificates.RSA_PSS_2048_SHA256,
]
def assert_openssl_handshake_complete(results, is_complete=True):
if is_complete:
assert b'read finished' in results.stderr
assert b'write finished' in results.stderr
else:
assert b'read finished' not in results.stderr or b'write finished' not in results.stderr
def assert_s2n_handshake_complete(results, protocol, provider, is_complete=True):
expected_version = get_expected_s2n_version(protocol, provider)
if is_complete:
assert to_bytes("Actual protocol version: {}".format(
expected_version)) in results.stdout
else:
assert to_bytes("Actual protocol version: {}".format(
expected_version)) not in results.stdout
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", CERTS_TO_TEST, ids=get_parameter_name)
@pytest.mark.parametrize("client_certificate", CERTS_TO_TEST, ids=get_parameter_name)
def test_client_auth_with_s2n_server(managed_process, provider, other_provider, protocol, cipher, certificate,
client_certificate):
port = next(available_ports)
random_bytes = data_bytes(64)
client_options = ProviderOptions(
mode=Provider.ClientMode,
port=port,
cipher=cipher,
data_to_send=random_bytes,
use_client_auth=True,
key=client_certificate.key,
cert=client_certificate.cert,
trust_store=certificate.cert,
insecure=False,
protocol=protocol)
server_options = copy.copy(client_options)
server_options.data_to_send = None
server_options.mode = Provider.ServerMode
server_options.key = certificate.key
server_options.cert = certificate.cert
server_options.trust_store = client_certificate.cert
server = managed_process(S2N, server_options, timeout=5)
client = managed_process(provider, client_options, timeout=5)
# Openssl should send a client certificate and complete the handshake
for results in client.get_results():
results.assert_success()
assert b'write client certificate' in results.stderr
assert b'write certificate verify' in results.stderr
assert_openssl_handshake_complete(results)
# S2N should successfully connect
for results in server.get_results():
results.assert_success()
assert_s2n_handshake_complete(results, protocol, provider)
assert random_bytes in results.stdout
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", CERTS_TO_TEST, ids=get_parameter_name)
@pytest.mark.parametrize("client_certificate", CERTS_TO_TEST, ids=get_parameter_name)
def test_client_auth_with_s2n_server_using_nonmatching_certs(managed_process, provider, other_provider, protocol,
cipher, certificate, client_certificate):
port = next(available_ports)
client_options = ProviderOptions(
mode=Provider.ClientMode,
port=port,
cipher=cipher,
data_to_send=b'',
use_client_auth=True,
key=client_certificate.key,
cert=client_certificate.cert,
trust_store=certificate.cert,
insecure=False,
protocol=protocol)
server_options = copy.copy(client_options)
server_options.data_to_send = None
server_options.mode = Provider.ServerMode
server_options.key = certificate.key
server_options.cert = certificate.cert
# Tell the server to expect the wrong certificate
server_options.trust_store = Certificates.RSA_2048_SHA256_WILDCARD.cert
server = managed_process(S2N, server_options, timeout=5)
client = managed_process(OpenSSL, client_options, timeout=5)
# Openssl should tell us that a certificate was sent, but the handshake did not complete
for results in client.get_results():
assert results.exception is None
assert b'write client certificate' in results.stderr
assert b'write certificate verify' in results.stderr
# TLS1.3 OpenSSL fails after the handshake, but pre-TLS1.3 fails during
if protocol is not Protocols.TLS13:
assert results.exit_code != 0
assert_openssl_handshake_complete(results, False)
# S2N should tell us that mutual authentication failed due to an untrusted cert
for results in server.get_results():
assert results.exception is None
assert results.exit_code != 0
assert b'Certificate is untrusted' in results.stderr
assert b'Error: Mutual Auth was required, but not negotiated' in results.stderr
assert_s2n_handshake_complete(results, protocol, provider, False)
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", CERTS_TO_TEST, ids=get_parameter_name)
def test_client_auth_with_s2n_client_no_cert(managed_process, provider, other_provider, protocol, cipher, certificate):
port = next(available_ports)
random_bytes = data_bytes(64)
client_options = ProviderOptions(
mode=Provider.ClientMode,
port=port,
cipher=cipher,
data_to_send=random_bytes,
use_client_auth=True,
trust_store=certificate.cert,
insecure=False,
protocol=protocol)
server_options = copy.copy(client_options)
server_options.data_to_send = None
server_options.mode = Provider.ServerMode
server_options.key = certificate.key
server_options.cert = certificate.cert
server = managed_process(provider, server_options, timeout=5)
client = managed_process(S2N, client_options, timeout=5)
# Openssl should tell us that a cert was requested but not received
for results in server.get_results():
results.assert_success()
assert b'write certificate request' in results.stderr
assert b'read client certificate' not in results.stderr
assert b"peer did not return a certificate" in results.stderr
assert_openssl_handshake_complete(results, False)
for results in client.get_results():
assert results.exception is None
# TLS1.3 OpenSSL fails after the handshake, but pre-TLS1.3 fails during
if protocol is not Protocols.TLS13:
assert (results.exit_code != 0)
assert b"Failed to negotiate: 'TLS alert received'" in results.stderr
assert_s2n_handshake_complete(results, protocol, provider, False)
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("provider", [OpenSSL], ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("protocol", PROTOCOLS, ids=get_parameter_name)
@pytest.mark.parametrize("cipher", ALL_TEST_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", CERTS_TO_TEST, ids=get_parameter_name)
@pytest.mark.parametrize("client_certificate", CERTS_TO_TEST, ids=get_parameter_name)
def test_client_auth_with_s2n_client_with_cert(managed_process, provider, other_provider, protocol, cipher, certificate,
client_certificate):
port = next(available_ports)
random_bytes = data_bytes(64)
client_options = ProviderOptions(
mode=Provider.ClientMode,
port=port,
cipher=cipher,
data_to_send=random_bytes,
use_client_auth=True,
key=client_certificate.key,
cert=client_certificate.cert,
trust_store=certificate.cert,
insecure=False,
protocol=protocol)
server_options = copy.copy(client_options)
server_options.data_to_send = None
server_options.mode = Provider.ServerMode
server_options.key = certificate.key
server_options.cert = certificate.cert
server_options.trust_store = client_certificate.cert
server = managed_process(provider, server_options, timeout=5)
client = managed_process(S2N, client_options, timeout=5)
# The client should connect and return without error
for results in client.get_results():
results.assert_success()
assert_s2n_handshake_complete(results, protocol, provider)
# Openssl should indicate the certificate was successfully received.
for results in server.get_results():
results.assert_success()
assert random_bytes[1:] in results.stdout
assert b'read client certificate' in results.stderr
assert b'read certificate verify' in results.stderr
assert_openssl_handshake_complete(results)
"""
TLS1.3 requires that RSA-PSS be used for RSA signatures. However, older libcrypto implementations
like openssl-1.0.2 do not support the RSA-PSS algorithm, so s2n-tls doesn't support RSA-PSS when
built with those older libcryptos. If a server that doesn't support RSA-PSS requests client
authentication when using TLS1.3, and the client responds with an RSA certificate, then the
connection will fail because the server is unable to use RSA-PSS. To avoid this scenario, a server
configured to request client authentication but not built to support RSA-PSS should not support
TLS1.3, even if its security policy would normally allow TLS1.3.
"""
@pytest.mark.parametrize("certificate", [Certificates.RSA_2048_PKCS1, Certificates.ECDSA_256], ids=get_parameter_name)
def test_tls_12_client_auth_downgrade(managed_process, certificate):
port = next(available_ports)
random_bytes = data_bytes(64)
client_options = ProviderOptions(
mode=Provider.ClientMode,
port=port,
data_to_send=random_bytes,
use_client_auth=True,
key=certificate.key,
cert=certificate.cert,
trust_store=Certificates.ECDSA_256.cert,
insecure=False,
)
client_options.extra_flags = ["--no-ca-verification"]
server_options = ProviderOptions(
mode=Provider.ServerMode,
port=port,
use_client_auth=True,
protocol=Protocols.TLS13,
key=Certificates.ECDSA_256.key,
cert=Certificates.ECDSA_256.cert,
trust_store=certificate.cert,
insecure=False,
)
server = managed_process(S2N, server_options, timeout=5)
# The client needs to send a TLS 1.3 client hello and support TLS 1.2 in order to continue the
# handshake after the server downgrades. GnuTLS is configured to support this if no protocol
# version is specified.
client = managed_process(GnuTLS, client_options, timeout=5)
# A s2n server built with OpenSSL1.0.2 and enabling client auth will downgrade the protocol to TLS1.2.
# The downgrade occurs because openssl-1.0.2 doesn't support RSA-PSS signature scheme.
#
# TLS 1.3 is disabled when s2n-tls is built with libressl and boringssl, so TLS 1.2 will be negotiated
# with these libcryptos as well. See https://github.com/aws/s2n-tls/issues/3250.
if S2N.supports_signature(Signatures.RSA_PSS_RSAE_SHA256):
expected_protocol_version = Protocols.TLS13.value
else:
expected_protocol_version = Protocols.TLS12.value
expected_signature_type = "ECDSA"
# If negotiating with an RSA cert, expect an RSA-PSS signature algorithm in a TLS 1.3 handshake.
# Otherwise, expect RSA.
if certificate.algorithm == "RSA":
if expected_protocol_version == Protocols.TLS13.value:
expected_signature_type = "RSA-PSS"
else:
expected_signature_type = "RSA"
for results in client.get_results():
results.assert_success()
for results in server.get_results():
results.assert_success()
assert to_bytes(
f"Actual protocol version: {expected_protocol_version}"
) in results.stdout
assert to_bytes(
f"Client signature negotiated: {expected_signature_type}"
) in results.stdout
|
