To avoid SWEET32 attack, move 3DES to weak
[openssl.git] / test / cipherlist_test.c
1 /*
2  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL licenses, (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  * https://www.openssl.org/source/license.html
8  * or in the file LICENSE in the source distribution.
9  */
10
11 #include <stdio.h>
12
13 #include <openssl/opensslconf.h>
14 #include <openssl/err.h>
15 #include <openssl/e_os2.h>
16 #include <openssl/ssl.h>
17 #include <openssl/ssl3.h>
18 #include <openssl/tls1.h>
19
20 #include "e_os.h"
21 #include "testutil.h"
22
23 typedef struct cipherlist_test_fixture {
24     const char *test_case_name;
25     SSL_CTX *server;
26     SSL_CTX *client;
27 } CIPHERLIST_TEST_FIXTURE;
28
29
30 static CIPHERLIST_TEST_FIXTURE set_up(const char *const test_case_name)
31 {
32     CIPHERLIST_TEST_FIXTURE fixture;
33     fixture.test_case_name = test_case_name;
34     fixture.server = SSL_CTX_new(TLS_server_method());
35     fixture.client = SSL_CTX_new(TLS_client_method());
36     OPENSSL_assert(fixture.client != NULL && fixture.server != NULL);
37     return fixture;
38 }
39
40 /*
41  * All ciphers in the DEFAULT cipherlist meet the default security level.
42  * However, default supported ciphers exclude SRP and PSK ciphersuites
43  * for which no callbacks have been set up.
44  *
45  * Supported ciphers also exclude TLSv1.2 ciphers if TLSv1.2 is disabled,
46  * and individual disabled algorithms. However, NO_RSA, NO_AES and NO_SHA
47  * are currently broken and should be considered mission impossible in libssl.
48  */
49 static const uint32_t default_ciphers_in_order[] = {
50 #ifndef OPENSSL_NO_TLS1_2
51 # ifndef OPENSSL_NO_EC
52     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
53     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
54 # endif
55 # ifndef OPENSSL_NO_DH
56     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
57 # endif
58
59 # if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305
60 #  ifndef OPENSSL_NO_EC
61     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
62     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
63 #  endif
64 #  ifndef OPENSSL_NO_DH
65     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
66 #  endif
67 # endif  /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
68
69 # ifndef OPENSSL_NO_EC
70     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
71     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
72 # endif
73 # ifndef OPENSSL_NO_DH
74     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
75 # endif
76 # ifndef OPENSSL_NO_EC
77     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
78     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
79 # endif
80 # ifndef OPENSSL_NO_DH
81     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
82 # endif
83 # ifndef OPENSSL_NO_EC
84     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
85     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
86 # endif
87 # ifndef OPENSSL_NO_DH
88     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
89 # endif
90 #endif  /* !OPENSSL_NO_TLS1_2 */
91
92 #ifndef OPENSSL_NO_EC
93     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
94     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
95 #endif
96 #ifndef OPENSSL_NO_DH
97     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
98 #endif
99 #ifndef OPENSSL_NO_EC
100     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
101     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
102 #endif
103 #ifndef OPENSSL_NO_DH
104     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
105 #endif
106
107 #ifndef OPENSSL_NO_TLS1_2
108     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
109     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
110     TLS1_CK_RSA_WITH_AES_256_SHA256,
111     TLS1_CK_RSA_WITH_AES_128_SHA256,
112 #endif
113
114     TLS1_CK_RSA_WITH_AES_256_SHA,
115     TLS1_CK_RSA_WITH_AES_128_SHA,
116 };
117
118 static int test_default_cipherlist(SSL_CTX *ctx)
119 {
120     STACK_OF(SSL_CIPHER) *ciphers;
121     SSL *ssl;
122     int i, ret = 0, num_expected_ciphers, num_ciphers;
123     uint32_t expected_cipher_id, cipher_id;
124
125     ssl = SSL_new(ctx);
126     OPENSSL_assert(ssl != NULL);
127
128     ciphers = SSL_get1_supported_ciphers(ssl);
129     OPENSSL_assert(ciphers != NULL);
130     num_expected_ciphers = OSSL_NELEM(default_ciphers_in_order);
131     num_ciphers = sk_SSL_CIPHER_num(ciphers);
132     if (num_ciphers != num_expected_ciphers) {
133         fprintf(stderr, "Expected %d supported ciphers, got %d.\n",
134                 num_expected_ciphers, num_ciphers);
135         goto err;
136     }
137
138     for (i = 0; i < num_ciphers; i++) {
139         expected_cipher_id = default_ciphers_in_order[i];
140         cipher_id = SSL_CIPHER_get_id(sk_SSL_CIPHER_value(ciphers, i));
141         if (cipher_id != expected_cipher_id) {
142             fprintf(stderr, "Wrong cipher at position %d: expected %x, "
143                     "got %x\n", i, expected_cipher_id, cipher_id);
144             goto err;
145         }
146     }
147
148     ret = 1;
149
150  err:
151     sk_SSL_CIPHER_free(ciphers);
152     SSL_free(ssl);
153     return ret;
154 }
155
156 static int execute_test(CIPHERLIST_TEST_FIXTURE fixture)
157 {
158     return test_default_cipherlist(fixture.server)
159         && test_default_cipherlist(fixture.client);
160 }
161
162 static void tear_down(CIPHERLIST_TEST_FIXTURE fixture)
163 {
164     SSL_CTX_free(fixture.server);
165     SSL_CTX_free(fixture.client);
166     ERR_print_errors_fp(stderr);
167 }
168
169 #define SETUP_CIPHERLIST_TEST_FIXTURE() \
170     SETUP_TEST_FIXTURE(CIPHERLIST_TEST_FIXTURE, set_up)
171
172 #define EXECUTE_CIPHERLIST_TEST() \
173     EXECUTE_TEST(execute_test, tear_down)
174
175 static int test_default_cipherlist_implicit()
176 {
177     SETUP_CIPHERLIST_TEST_FIXTURE();
178     EXECUTE_CIPHERLIST_TEST();
179 }
180
181 static int test_default_cipherlist_explicit()
182 {
183     SETUP_CIPHERLIST_TEST_FIXTURE();
184     OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.server, "DEFAULT"));
185     OPENSSL_assert(SSL_CTX_set_cipher_list(fixture.client, "DEFAULT"));
186     EXECUTE_CIPHERLIST_TEST();
187 }
188
189 int main(int argc, char **argv)
190 {
191     int result = 0;
192
193     ADD_TEST(test_default_cipherlist_implicit);
194     ADD_TEST(test_default_cipherlist_explicit);
195
196     result = run_tests(argv[0]);
197
198     return result;
199 }