1 /* Copyright (c) 2014, Google Inc.
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
17 #include <openssl/err.h>
18 #include <openssl/ssl.h>
26 /* The rule string to apply. */
28 /* The list of expected ciphers, in order, terminated with -1. */
29 const EXPECTED_CIPHER *expected;
32 /* Selecting individual ciphers should work. */
33 static const char kRule1[] =
34 "ECDHE-ECDSA-CHACHA20-POLY1305:"
35 "ECDHE-RSA-CHACHA20-POLY1305:"
36 "ECDHE-ECDSA-AES128-GCM-SHA256:"
37 "ECDHE-RSA-AES128-GCM-SHA256";
39 static const EXPECTED_CIPHER kExpected1[] = {
40 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },
41 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },
42 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },
43 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },
47 /* + reorders selected ciphers to the end, keeping their relative
49 static const char kRule2[] =
50 "ECDHE-ECDSA-CHACHA20-POLY1305:"
51 "ECDHE-RSA-CHACHA20-POLY1305:"
52 "ECDHE-ECDSA-AES128-GCM-SHA256:"
53 "ECDHE-RSA-AES128-GCM-SHA256:"
56 static const EXPECTED_CIPHER kExpected2[] = {
57 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },
58 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },
59 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },
60 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },
64 /* ! banishes ciphers from future selections. */
65 static const char kRule3[] =
67 "ECDHE-ECDSA-CHACHA20-POLY1305:"
68 "ECDHE-RSA-CHACHA20-POLY1305:"
69 "ECDHE-ECDSA-AES128-GCM-SHA256:"
70 "ECDHE-RSA-AES128-GCM-SHA256";
72 static const EXPECTED_CIPHER kExpected3[] = {
73 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },
74 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },
78 /* Multiple masks can be ANDed in a single rule. */
79 static const char kRule4[] = "kRSA+AESGCM+AES128";
81 static const EXPECTED_CIPHER kExpected4[] = {
82 { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 },
86 /* - removes selected ciphers, but preserves their order for future
87 * selections. Select AES_128_GCM, but order the key exchanges RSA,
88 * DHE_RSA, ECDHE_RSA. */
89 static const char kRule5[] =
90 "ALL:-kEECDH:-kEDH:-kRSA:-ALL:"
93 static const EXPECTED_CIPHER kExpected5[] = {
94 { TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, 0 },
95 { TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, 0 },
96 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },
100 /* Unknown selectors are no-ops. */
101 static const char kRule6[] =
102 "ECDHE-ECDSA-CHACHA20-POLY1305:"
103 "ECDHE-RSA-CHACHA20-POLY1305:"
104 "ECDHE-ECDSA-AES128-GCM-SHA256:"
105 "ECDHE-RSA-AES128-GCM-SHA256:"
106 "BOGUS1:-BOGUS2:+BOGUS3:!BOGUS4";
108 static const EXPECTED_CIPHER kExpected6[] = {
109 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 0 },
110 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },
111 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },
112 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },
116 /* Square brackets specify equi-preference groups. */
117 static const char kRule7[] =
118 "[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]:"
119 "[ECDHE-RSA-CHACHA20-POLY1305]:"
120 "ECDHE-RSA-AES128-GCM-SHA256";
122 static const EXPECTED_CIPHER kExpected7[] = {
123 { TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, 1 },
124 { TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0 },
125 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },
126 { TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0 },
130 /* @STRENGTH performs a stable strength-sort of the selected
131 * ciphers and only the selected ciphers. */
132 static const char kRule8[] =
133 /* To simplify things, banish all but {ECDHE_RSA,RSA} x
134 * {CHACHA20,AES_256_CBC,AES_128_CBC,RC4} x SHA1. */
135 "!kEDH:!AESGCM:!3DES:!SHA256:!MD5:!SHA384:"
136 /* Order some ciphers backwards by strength. */
137 "ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:"
138 /* Select ECDHE ones and sort them by strength. Ties should resolve
139 * based on the order above. */
140 "kEECDH:@STRENGTH:-ALL:"
141 /* Now bring back everything uses RSA. ECDHE_RSA should be first,
142 * sorted by strength. Then RSA, backwards by strength. */
145 static const EXPECTED_CIPHER kExpected8[] = {
146 { TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0 },
147 { TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, 0 },
148 { TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 0 },
149 { TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0 },
150 { SSL3_CK_RSA_RC4_128_SHA, 0 },
151 { TLS1_CK_RSA_WITH_AES_128_SHA, 0 },
152 { TLS1_CK_RSA_WITH_AES_256_SHA, 0 },
156 static CIPHER_TEST kCipherTests[] = {
157 { kRule1, kExpected1 },
158 { kRule2, kExpected2 },
159 { kRule3, kExpected3 },
160 { kRule4, kExpected4 },
161 { kRule5, kExpected5 },
162 { kRule6, kExpected6 },
163 { kRule7, kExpected7 },
164 { kRule8, kExpected8 },
168 static const char *kBadRules[] = {
169 /* Invalid brackets. */
170 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256",
173 /* Operators inside brackets */
175 /* Unknown directive. */
177 /* Empty cipher lists error at SSL_CTX_set_cipher_list. */
180 /* Invalid command. */
182 /* Special operators are not allowed if groups are used. */
183 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
184 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
185 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
186 "[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:@STRENGTH",
190 static void print_cipher_preference_list(
191 struct ssl_cipher_preference_list_st *list) {
194 for (i = 0; i < sk_SSL_CIPHER_num(list->ciphers); i++) {
195 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(list->ciphers, i);
196 if (!in_group && list->in_group_flags[i]) {
197 fprintf(stderr, "\t[\n");
200 fprintf(stderr, "\t");
202 fprintf(stderr, " ");
204 fprintf(stderr, "%s\n", SSL_CIPHER_get_name(cipher));
205 if (in_group && !list->in_group_flags[i]) {
206 fprintf(stderr, "\t]\n");
212 static int test_cipher_rule(CIPHER_TEST *t) {
214 SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
217 if (!SSL_CTX_set_cipher_list(ctx, t->rule)) {
218 fprintf(stderr, "Error testing cipher rule '%s'\n", t->rule);
219 BIO_print_errors_fp(stderr);
223 /* Compare the two lists. */
224 for (i = 0; i < sk_SSL_CIPHER_num(ctx->cipher_list->ciphers); i++) {
225 const SSL_CIPHER *cipher =
226 sk_SSL_CIPHER_value(ctx->cipher_list->ciphers, i);
227 if (t->expected[i].id != SSL_CIPHER_get_id(cipher) ||
228 t->expected[i].in_group_flag != ctx->cipher_list->in_group_flags[i]) {
229 fprintf(stderr, "Error: cipher rule '%s' evaluted to:\n", t->rule);
230 print_cipher_preference_list(ctx->cipher_list);
235 if (t->expected[i].id != -1) {
236 fprintf(stderr, "Error: cipher rule '%s' evaluted to:\n", t->rule);
237 print_cipher_preference_list(ctx->cipher_list);
247 static int test_cipher_rules(void) {
249 for (i = 0; kCipherTests[i].rule != NULL; i++) {
250 if (!test_cipher_rule(&kCipherTests[i])) {
255 for (i = 0; kBadRules[i] != NULL; i++) {
256 SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
257 if (SSL_CTX_set_cipher_list(ctx, kBadRules[i])) {
258 fprintf(stderr, "Cipher rule '%s' unexpectedly succeeded\n", kBadRules[i]);
271 if (!test_cipher_rules()) {