1/*
2 * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25#include <stdio.h>
26#include <stdlib.h>
27#include <Security/SecureTransport.h>
28#include <AssertMacros.h>
29
30#include "ssl_regressions.h"
31#include "ssl-utils.h"
32
33
34#include "cipherSpecs.h"
35
36static int test_GetSupportedCiphers(SSLContextRef ssl)
37{
38    size_t max_ciphers = 0;
39    int fail=1;
40    SSLCipherSuite *ciphers = NULL;
41
42    require_noerr(SSLGetNumberSupportedCiphers(ssl, &max_ciphers), out);
43
44    size_t size = max_ciphers * sizeof (SSLCipherSuite);
45    ciphers = (SSLCipherSuite *) malloc(size);
46
47    require_string(ciphers, out, "out of memory");
48    memset(ciphers, 0xff, size);
49
50    size_t num_ciphers = max_ciphers;
51    require_noerr(SSLGetSupportedCiphers(ssl, ciphers, &num_ciphers), out);
52
53
54    for (size_t i = 0; i < num_ciphers; i++) {
55        require(ciphers[i]!=(SSLCipherSuite)(-1), out);
56    }
57
58    /* Success! */
59    fail=0;
60
61out:
62    if(ciphers) free(ciphers);
63    return fail;
64}
65
66static
67int allowed_default_ciphers(SSLCipherSuite cs)
68{
69    switch (cs) {
70
71        /* BAD to enable by default */
72
73
74        /*
75         * Tags for SSL 2 cipher kinds which are not specified
76         * for SSL 3.
77         */
78        case SSL_RSA_WITH_RC2_CBC_MD5:
79        case SSL_RSA_WITH_IDEA_CBC_MD5:
80        case SSL_RSA_WITH_DES_CBC_MD5:
81        case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
82
83        /* Export and Simple DES ciphers */
84        case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
85        case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
86        case SSL_RSA_WITH_IDEA_CBC_SHA:
87        case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
88        case SSL_RSA_WITH_DES_CBC_SHA:
89        case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
90        case SSL_DH_DSS_WITH_DES_CBC_SHA:
91        case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
92        case SSL_DH_RSA_WITH_DES_CBC_SHA:
93        case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
94        case SSL_DHE_DSS_WITH_DES_CBC_SHA:
95        case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
96        case SSL_DHE_RSA_WITH_DES_CBC_SHA:
97        case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
98        case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
99        case SSL_DH_anon_WITH_DES_CBC_SHA:
100        case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
101        case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
102
103        case SSL_NO_SUCH_CIPHERSUITE:
104
105        /* Null ciphers. */
106        case TLS_NULL_WITH_NULL_NULL:
107        case TLS_RSA_WITH_NULL_MD5:
108        case TLS_RSA_WITH_NULL_SHA:
109        case TLS_RSA_WITH_NULL_SHA256:
110        case TLS_ECDH_ECDSA_WITH_NULL_SHA:
111        case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
112        case TLS_ECDHE_RSA_WITH_NULL_SHA:
113        case TLS_ECDH_RSA_WITH_NULL_SHA:
114        case TLS_ECDH_anon_WITH_NULL_SHA:
115
116        /* Completely anonymous Diffie-Hellman */
117        case TLS_DH_anon_WITH_RC4_128_MD5:
118        case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
119        case TLS_DH_anon_WITH_AES_128_CBC_SHA:
120        case TLS_DH_anon_WITH_AES_256_CBC_SHA:
121        case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
122        case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
123        case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
124        case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
125        case TLS_ECDH_anon_WITH_RC4_128_SHA:
126        case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
127        case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
128        case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
129
130            return 0;
131
132
133        /* OK to enable by default */
134
135        /* Server provided RSA certificate for key exchange. */
136        case TLS_RSA_WITH_RC4_128_MD5:
137        case TLS_RSA_WITH_RC4_128_SHA:
138        case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
139        case TLS_RSA_WITH_AES_128_CBC_SHA:
140        case TLS_RSA_WITH_AES_256_CBC_SHA:
141        case TLS_RSA_WITH_AES_128_CBC_SHA256:
142        case TLS_RSA_WITH_AES_256_CBC_SHA256:
143            return 1;
144
145        /* Server-authenticated (and optionally client-authenticated) Diffie-Hellman. */
146        case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
147        case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
148        case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
149        case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
150        case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
151        case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
152        case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
153        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
154        case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
155        case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
156        case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
157        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
158        case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
159        case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
160        case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
161        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
162        case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
163        case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
164        case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
165        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
166
167        case TLS_RSA_WITH_AES_128_GCM_SHA256:
168        case TLS_RSA_WITH_AES_256_GCM_SHA384:
169        case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
170        case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
171        case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
172        case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
173        case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
174        case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
175        case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
176        case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
177
178        case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
179        case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
180        case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
181        case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
182        case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
183        case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
184        case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
185        case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
186        case TLS_ECDH_RSA_WITH_RC4_128_SHA:
187        case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
188        case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
189        case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
190        case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
191        case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
192        case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
193        case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
194
195        case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
196        case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
197        case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
198        case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
199        case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
200        case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
201        case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
202        case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
203
204        case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
205        case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
206        case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
207        case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
208        case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
209        case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
210        case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
211        case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
212
213        /* RFC 5746 - Secure Renegotiation */
214        case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
215            return 1;
216
217        /* unknown cipher ? */
218        default:
219            return 0;
220    }
221}
222
223static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length)
224{
225    return errSSLWouldBlock;
226}
227
228static OSStatus SocketRead(SSLConnectionRef conn, void *data, size_t *length)
229{
230    return errSSLWouldBlock;
231}
232
233
234static int test_GetEnabledCiphers(SSLContextRef ssl)
235{
236    size_t max_ciphers = 0;
237    int fail=1;
238    SSLCipherSuite *ciphers = NULL;
239    OSStatus err;
240
241    err=SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite);
242    err=SSLSetConnection(ssl, NULL);
243    err=SSLHandshake(ssl);
244
245    require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out);
246
247    size_t size = max_ciphers * sizeof (SSLCipherSuite);
248    ciphers = (SSLCipherSuite *) malloc(size);
249
250    require_string(ciphers, out, "out of memory");
251    memset(ciphers, 0xff, size);
252
253    size_t num_ciphers = max_ciphers;
254    require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
255
256    for (size_t i = 0; i < num_ciphers; i++) {
257        char csname[256];
258        snprintf(csname, 256, "(%04x) %s", ciphers[i], ciphersuite_name(ciphers[i]));
259        /* Uncomment the next line if you want to list the default enabled ciphers */
260        //printf("%s\n", csname);
261        require_string(allowed_default_ciphers(ciphers[i]), out, csname);
262    }
263
264    /* Success! */
265    fail=0;
266
267out:
268    if(ciphers) free(ciphers);
269    return fail;
270}
271
272static int test_SetEnabledCiphers(SSLContextRef ssl)
273{
274    int fail=1;
275    size_t num_enabled;
276
277    /* This should not fail as long as we have one valid cipher in this table */
278    SSLCipherSuite ciphers[] = {
279        SSL_RSA_WITH_RC2_CBC_MD5, /* unsupported */
280        TLS_RSA_WITH_NULL_SHA, /* supported by not enabled by default */
281        TLS_RSA_WITH_AES_128_CBC_SHA, /* Supported and enabled by default */
282    };
283
284    require_noerr(SSLSetEnabledCiphers(ssl, ciphers, sizeof(ciphers)/sizeof(SSLCipherSuite)), out);
285    require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_enabled), out);
286
287    require(num_enabled==2, out); /* 2 ciphers in the above table are supported */
288
289    /* Success! */
290    fail=0;
291
292out:
293    return fail;
294}
295
296
297static void
298test(void)
299{
300    SSLContextRef ssl = NULL;
301
302    require(ssl=SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType), out);
303    ok(ssl, "SSLCreateContext failed");
304
305    /* The order of this tests does matter, be careful when adding tests */
306    ok(!test_GetSupportedCiphers(ssl), "GetSupportedCiphers test failed");
307    ok(!test_GetEnabledCiphers(ssl), "GetEnabledCiphers test failed");
308
309    CFRelease(ssl); ssl=NULL;
310
311    require(ssl=SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType), out);
312    ok(ssl, "SSLCreateContext failed");
313
314    ok(!test_SetEnabledCiphers(ssl), "SetEnabledCiphers test failed");
315
316out:
317    if(ssl) CFRelease(ssl);
318}
319
320
321int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv)
322{
323    plan_tests(5);
324
325    test();
326
327    return 0;
328}
329
330