mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 12:55:41 +00:00
Add simple test for repeated IVs when using AEAD
In a USENIX WOOT '16 paper the authors exploit implementation mistakes that cause Initialisation Vectors (IV) to repeat. This did not happen in mbed TLS, and this test makes sure that this won't happen in the future either. A new test option is introduced to ssl-opt.sh that checks the server and client logs for a pattern and fails in case there are any duplicates in the lines following the matching ones. (This is necessary because of the structure of the logging) Added a test case as well to utilise the new option. This test forces the TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ciphersuite to make the client and the server use an AEAD cipher. Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS", USENIX WOOT '16
This commit is contained in:
parent
73b94e3512
commit
6d3e3389e5
|
@ -286,8 +286,10 @@ detect_dtls() {
|
|||
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
|
||||
# Options: -s pattern pattern that must be present in server output
|
||||
# -c pattern pattern that must be present in client output
|
||||
# -u pattern lines after pattern must be unique in client output
|
||||
# -S pattern pattern that must be absent in server output
|
||||
# -C pattern pattern that must be absent in client output
|
||||
# -U pattern lines after pattern must be unique in server output
|
||||
run_test() {
|
||||
NAME="$1"
|
||||
shift 1
|
||||
|
@ -419,29 +421,50 @@ run_test() {
|
|||
do
|
||||
case $1 in
|
||||
"-s")
|
||||
if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
|
||||
fail "-s $2"
|
||||
if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
|
||||
fail "pattern '$2' MUST be present in the Server output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
"-c")
|
||||
if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
|
||||
fail "-c $2"
|
||||
if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
|
||||
fail "pattern '$2' MUST be present in the Client output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
"-S")
|
||||
if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
|
||||
fail "-S $2"
|
||||
if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
|
||||
fail "pattern '$2' MUST NOT be present in the Server output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
"-C")
|
||||
if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
|
||||
fail "-C $2"
|
||||
if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
|
||||
fail "pattern '$2' MUST NOT be present in the Client output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
# The filtering in the following two options (-u and -U) do the following
|
||||
# - ignore valgrind output
|
||||
# - filter out everything but lines right after the pattern occurances
|
||||
# - keep one of each non-unique line
|
||||
# - count how many lines remain
|
||||
# A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
|
||||
# if there were no duplicates.
|
||||
"-U")
|
||||
if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
|
||||
fail "lines following pattern '$2' must be unique in Server output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
||||
"-u")
|
||||
if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
|
||||
fail "lines following pattern '$2' must be unique in Client output"
|
||||
return
|
||||
fi
|
||||
;;
|
||||
|
@ -572,6 +595,14 @@ run_test "Default, DTLS" \
|
|||
-s "Protocol is DTLSv1.2" \
|
||||
-s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
|
||||
|
||||
# Test for uniqueness of IVs in AEAD ciphersuites
|
||||
run_test "Unique IV in GCM" \
|
||||
"$P_SRV exchanges=20 debug_level=4" \
|
||||
"$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
|
||||
0 \
|
||||
-u "IV used" \
|
||||
-U "IV used"
|
||||
|
||||
# Tests for rc4 option
|
||||
|
||||
requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||
|
|
Loading…
Reference in a new issue