Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate BoringSSL test suite (BoGo) #30

Open
1 of 14 tasks
duesee opened this issue Jul 24, 2022 · 2 comments
Open
1 of 14 tasks

Integrate BoringSSL test suite (BoGo) #30

duesee opened this issue Jul 24, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@duesee
Copy link
Contributor

duesee commented Jul 24, 2022
edited by franziskuskiefer
Loading

See https://github.com/google/boringssl/blob/master/ssl/test/PORTING.md and https://github.com/rustls/rustls/blob/main/rustls/examples/internal/bogo_shim.rs.

Issues

  • Implement alerts
  • Detect missing key shares (MissingKeyShare-Server-TLS13)
  • Detect duplicate key shares (DuplicateKeyShares-TLS13)
  • Server doesn't correctly returns session ID (EmptySessionID-TLS13, Server-ShortSessionID-TLS13, Server-FullSessionID-TLS13)
  • Server doesn't correctly handle too long session ID (Server-TooLongSessionID-TLS13)
  • Server should accept any record version for compatibility reasons (LooseInitialRecordVersion-TLS13)
  • decrypt_handshake should ignore user_canceled warning alert (SendUserCanceledAlerts-TLS13)
    • decrypt_handshake doesn't handle (post-handshake) alerts (SendBogusAlertType, EmptyCertificateList-TLS13)
    • decrypt_handshake must handle bad records/ciphertexts (TLSFatalBadPackets, TLS13-EmptyRecords, TLS13-OnlyPadding, SkipEarlyData-OmitEarlyDataExtension-TLS13, SkipEarlyData-Interleaved-TLS13)
    • decrypt_handshake must handle invalid certificates (GarbageCertificate-Client-TLS13)
  • handle key update (TooManyKeyUpdates, KeyUpdate-ToClient, KeyUpdate-ToServer, KeyUpdate-InvalidRequestMode, KeyUpdate-RequestACK)
  • finish digest not checked (BadFinished-Client-TLS13, BadFinished-Server-TLS13)
  • correctly handle HRR (UnnecessaryHelloRetryRequest-TLS13, SecondHelloRetryRequest-TLS13, HelloRetryRequest)
  • check key usage bit (ECDSAKeyUsage-Client-TLS13)
@duesee duesee added the enhancement New feature or request label Jul 24, 2022
@duesee duesee self-assigned this Jul 24, 2022
@duesee duesee mentioned this issue Jul 24, 2022
Closed
8 tasks
@franziskuskiefer franziskuskiefer mentioned this issue Sep 18, 2022
Merged
3 tasks
@duesee duesee removed their assignment Apr 27, 2023
@jallmann
Copy link
Contributor

jallmann commented Nov 6, 2023

I'm currently working on this.

@jallmann jallmann mentioned this issue Nov 13, 2023
Merged
11 tasks
@jallmann
Copy link
Contributor

I noticed that a large number of BoGo test cases currently fail because the BoGo runner and the Bertie shim are unable to agree on a cipher suite. The reason is, that Bertie is temporarily unable to do RSA, while the BoGo runner defaults to RSA for the TLS1.3 cipher suites and by default loads a RSA certificate for most test cases.
See:
https://github.com/google/boringssl/blob/ad57528d2c978543106f9b115bd0eb658f3ebdd2/ssl/test/runner/runner.go#L769
https://github.com/google/boringssl/blob/ad57528d2c978543106f9b115bd0eb658f3ebdd2/ssl/test/runner/cipher_suites.go#L56

Bertie needs to support RSA again for this large number of test cases to pass, or at least to reveal their actual failure reasons. I have verified that some test cases advance further and give different failure reasons if I force the BoGo runner to load an ECDSA certificate instead.

@franziskuskiefer franziskuskiefer mentioned this issue Nov 22, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Bertie
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@franziskuskiefer @duesee @jallmann