Merge pull request #68 from jallmann/jonas/extend-bogo-coverage

Extend bogo coverage
cryspen · Nov 14, 2023 · 0366520 · 0366520
2 parents 1d5821f + 80aa471
commit 0366520
Show file tree

Hide file tree

Showing 7 changed files with 167 additions and 186 deletions.
diff --git a/bogo_shim/assets/config.json b/bogo_shim/assets/config.json
diff --git a/bogo_shim/src/main.rs b/bogo_shim/src/main.rs
@@ -94,6 +94,15 @@ const UNHANDLED_ARGUMENTS: &[&str] = &[
     "-verify-peer",
     "-verify-prefs",
     "-write-settings",
+    "-select-alpn",
+    "-expect-advertised-alpn",
+    "-select-empty-alpn",
+    "-reject-alpn",
+    "-server-preference",
+    "-ignore-rsa-key-usage",
+    "-wpa-202304",
+    "-max-cert-list",
+    "-enable-signed-cert-timestamps",
 ];
 
 /// The BoGo shim receives command-line parameters from the BoGo test runner.

diff --git a/simple_https_client/src/lib.rs b/simple_https_client/src/lib.rs
@@ -129,7 +129,7 @@ pub fn ciphersuites() -> Vec<Algorithms> {
         // SHA256_Chacha20Poly1305_RsaPssRsaSha256_X25519,
         SHA256_Chacha20Poly1305_EcdsaSecp256r1Sha256_X25519,
         SHA256_Chacha20Poly1305_EcdsaSecp256r1Sha256_P256,
-        SHA256_Chacha20Poly1305_RsaPssRsaSha256_P256,
+        // SHA256_Chacha20Poly1305_RsaPssRsaSha256_P256,
         // SHA256_Aes128Gcm_EcdsaSecp256r1Sha256_P256,
         // SHA256_Aes128Gcm_EcdsaSecp256r1Sha256_X25519,
         // SHA256_Aes128Gcm_RsaPssRsaSha256_P256,
@@ -190,10 +190,13 @@ where
         Ok((_, cstate)) => cstate,
         Err(e) => {
             match e {
-                6 => eprintln!("Server does not support proposed algorithms."),
-                137 => eprintln!("Wrong TLS protocol version TLS({:?})", e),
-                138 => eprintln!("Server sent application data instead of a handshake message."),
-                139 => eprintln!("Hello message was missing a key share."),
+                UNSUPPORTED_ALGORITHM => eprintln!("Server does not support proposed algorithms."),
+                PROTOCOL_VERSION_ALERT => eprintln!("Wrong TLS protocol version TLS({:?})", e),
+                APPLICATION_DATA_INSTEAD_OF_HANDSHAKE => {
+                    eprintln!("Server sent application data instead of a handshake message.")
+                }
+                MISSING_KEY_SHARE => eprintln!("Hello message was missing a key share."),
+                DECODE_ERROR => eprintln!("Decode error."), // parsing of the server hello failed
                 _ => eprintln!("Bertie client error {}", e),
             }
             return Err(e.into());
@@ -212,8 +215,7 @@ where
             Ok((new_cf_rec, new_cstate)) => (new_cf_rec, new_cstate),
             Err(e) => {
                 match e {
-                    7 => eprintln!("Invalid server signature"), // signature verification failed
-                    140 => eprintln!("Invalid server signature"), // parsing of the certificate failed
+                    INVALID_SIGNATURE => eprintln!("Invalid server signature"), // parsing of the certificate failed
                     _ => eprintln!("Bertie client error {}", e),
                 }
                 return Err(e.into());

diff --git a/simple_https_server/src/lib.rs b/simple_https_server/src/lib.rs
@@ -124,13 +124,13 @@ where
         Err(x) => {
             println!("ServerInit Error {}", x);
             match x {
-                136 => {
+                INVALID_COMPRESSION_LIST => {
                     stream.write_record(Bytes::from(&[21, 03, 03, 00, 02, 2, 47]))?;
                 }
-                137 => {
+                PROTOCOL_VERSION_ALERT => {
                     stream.write_record(Bytes::from(&[21, 03, 03, 00, 02, 2, 70]))?;
                 }
-                139 => {
+                MISSING_KEY_SHARE => {
                     // alerts here are optional
                     eprintln!("Hello message was missing a key share.");
                 }

diff --git a/src/tls13crypto.rs b/src/tls13crypto.rs
@@ -3,7 +3,9 @@ use libcrux::{
     *,
 };
 
-use crate::{eq, tlserr, Bytes, Declassify, TLSError, CRYPTO_ERROR, UNSUPPORTED_ALGORITHM};
+use crate::{
+    eq, tlserr, Bytes, Declassify, TLSError, CRYPTO_ERROR, INVALID_SIGNATURE, UNSUPPORTED_ALGORITHM,
+};
 
 pub type Random = Bytes; //was [U8;32]
 pub type Entropy = Bytes;
@@ -271,7 +273,7 @@ pub fn verify(
             );
             match res {
                 Ok(res) => Ok(res),
-                Err(_) => tlserr(CRYPTO_ERROR),
+                Err(_) => tlserr(INVALID_SIGNATURE),
             }
         }
         (SignatureScheme::EcdsaSecp256r1Sha256, PublicVerificationKey::EcDsa(pk)) => {
@@ -285,7 +287,7 @@ pub fn verify(
             );
             match res {
                 Ok(res) => Ok(res),
-                Err(_) => tlserr(CRYPTO_ERROR),
+                Err(_) => tlserr(INVALID_SIGNATURE),
             }
         }
         _ => tlserr(UNSUPPORTED_ALGORITHM),

diff --git a/src/tls13formats.rs b/src/tls13formats.rs
@@ -777,6 +777,10 @@ fn unsupported_cipher_alert() -> Result<(), TLSError> {
     tlserr(UNSUPPORTED_ALGORITHM)
 }
 
+fn invalid_compression_method_alert() -> Result<(), TLSError> {
+    tlserr(DECODE_ERROR)
+}
+
 pub fn parse_server_hello(
     algs: &Algorithms,
     sh: &HandshakeData,
@@ -800,7 +804,10 @@ pub fn parse_server_hello(
         Err(_) => unsupported_cipher_alert()?,
     };
     next = next + 2;
-    check_eq(&comp, &sh.slice_range(next..next + 1))?;
+    match check_eq(&comp, &sh.slice_range(next..next + 1)) {
+        Ok(_) => (),
+        Err(_) => invalid_compression_method_alert()?,
+    };
     next = next + 1;
     check_lbytes2_full(&sh.slice_range(next..sh.len()))?;
     next = next + 2;

diff --git a/src/tls13utils.rs b/src/tls13utils.rs
@@ -28,6 +28,7 @@ pub const APPLICATION_DATA_INSTEAD_OF_HANDSHAKE: TLSError = 138u8;
 pub const MISSING_KEY_SHARE: TLSError = 139u8;
 pub const INVALID_SIGNATURE: TLSError = 140u8;
 pub const GOT_HANDSHAKE_FAILURE_ALERT: TLSError = 141u8;
+pub const DECODE_ERROR: TLSError = 142u8;
 
 pub fn error_string(c: u8) -> String {
     format!("{}", c)