WIP: enable/fix client auth BoGo tests

src/bogo_shim/bogo_shim.cpp

@@ -82,6 +82,7 @@ std::string map_to_bogo_error(const std::string& e)
  { "Application data before handshake done", ":APPLICATION_DATA_INSTEAD_OF_HANDSHAKE:" },
  { "Bad Hello_Request, has non-zero size", ":BAD_HELLO_REQUEST:" },
  { "Bad code for TLS alert level", ":UNKNOWN_ALERT_TYPE:" },
+ { "Bad encoding on signature algorithms extension", ":DECODE_ERROR:" },
  { "Bad extension size", ":DECODE_ERROR:" },
  { "Bad length in hello verify request", ":DECODE_ERROR:" },
  { "Bad lengths in DTLS header", ":BAD_HANDSHAKE_RECORD:" },
@@ -99,6 +100,8 @@ std::string map_to_bogo_error(const std::string& e)
  { "Certificate key type did not match ciphersuite", ":WRONG_CERTIFICATE_TYPE:" },
  { "Certificate usage constraints do not allow this ciphersuite", ":KEY_USAGE_BIT_INCORRECT:" },
  { "Certificate: Message malformed", ":DECODE_ERROR:" },
+ { "Certificate_Request context must be empty in the main handshake", ":DECODE_ERROR:" },
+ { "Certificate_Request message did not provide a signature_algorithms extension", ":DECODE_ERROR:" },
  { "Channel_Impl_12::key_material_export cannot export during renegotiation", "failed to export keying material" },
  { "Client cert verify failed", ":BAD_SIGNATURE:" },
  { "Client certificate does not support signing", ":KEY_USAGE_BIT_INCORRECT:" },
@@ -123,6 +126,7 @@ std::string map_to_bogo_error(const std::string& e)
  { "Empty ALPN protocol not allowed", ":PARSE_TLSEXT:" },
  { "Encoding error: Cannot encode PSS string, output length too small", ":NO_COMMON_SIGNATURE_ALGORITHMS:" },
  { "Expected TLS but got a record with DTLS version", ":WRONG_VERSION_NUMBER:" },
+ { "Failed to agree on a signature algorithm", ":NO_COMMON_SIGNATURE_ALGORITHMS:" },
  { "Finished message didn't verify", ":DIGEST_CHECK_FAILED:" },
  { "Have data remaining in buffer after ClientHello", ":EXCESS_HANDSHAKE_DATA:" },
  { "Have data remaining in buffer after Finished", ":EXCESS_HANDSHAKE_DATA:" },
@@ -824,7 +828,10 @@ class Shim_Policy final : public Botan::TLS::Policy
  {
  const Botan::TLS::Signature_Scheme scheme(pref);
  if(!scheme.is_available())
+ {
+ shim_log("skipping inavailable but preferred signature scheme: " + std::to_string(pref));
  continue;
+ }
  pref_hash.push_back(scheme.hash_function_name());
  }
 

src/bogo_shim/config.json

@@ -12,7 +12,8 @@
  "PartialFinishedWithServerHelloDone": "Unexpected record vs excess handshake data",
  "HelloRetryRequest-DuplicateCurve-TLS13": "expects 'illegal parameter' but we want to stick with 'decode error'",
  "HelloRetryRequest-DuplicateCookie-TLS13": "expects 'illegal parameter' but we want to stick with 'decode error'",
- "EncryptedExtensionsWithKeyShare-TLS13": "expects 'unsupported extension' but RFC requires 'illegal parameter'"
+ "EncryptedExtensionsWithKeyShare-TLS13": "expects 'unsupported extension' but RFC requires 'illegal parameter'",
+ "ClientSkipCertificateVerify-TLS13": "would require ambiguous error mapping"
  },
 
  "DisabledTests": {
@@ -113,23 +114,19 @@
  "*EarlyData*": "No TLS 1.3 Early Data, yet",
  "TLS13-1RTT-Client-*": "No TLS 1.3 Early Data, yet",
 
- "FailCertCallback-Client-TLS13": "No client auth in TLS 1.3, yet",
- "Client-Sign*-TLS13": "No client auth in TLS 1.3, yet",
- "TLS13-Client-ClientAuth-": "No client auth in TLS 1.3, yet",
- "ClientAuth-*-TLS13": "No client auth in TLS 1.3, yet",
- "TLS13-Client-ClientAuth-*": "No client auth in TLS 1.3, yet",
- "NoClientCertificate-TLS13": "No client auth in TLS 1.3, yet",
- "NoCommonAlgorithms-TLS13": "No client auth in TLS 1.3, yet",
- "ClientAuth-*-TLS13-*": "No client auth in TLS 1.3, yet",
- "TrailingMessageData-TLS13-CertificateRequest-TLS": "No client auth in TLS 1.3, yet",
- "RequestContextInHandshake-TLS13": "No client auth in TLS 1.3, yet",
- "UnknownExtensionInCertificateRequest-TLS13": "No client auth in TLS 1.3, yet",
- "MissingSignatureAlgorithmsInCertificateRequest-TLS13": "No client auth in TLS 1.3, yet",
- "ClientSkipCertificateVerify-TLS13": "No client auth in TLS 1.3, yet",
- "SendReceiveIntermediate-Client-TLS13": "No client auth in TLS 1.3, yet",
- "TLS13-Client-CertReq-CA-List": "No client auth in TLS 1.3, yet",
- "SendNoClientCertificateExtensions-TLS13": "No client auth in TLS 1.3, yet",
-
+ "Client-Sign-RSA_PKCS1_SHA1-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-RSA_PKCS1_SHA256-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-RSA_PKCS1_SHA384-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-RSA_PKCS1_SHA512-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-ECDSA_SHA1-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-ECDSA_P224_SHA256-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-Negotiate-ECDSA_P256_SHA256-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-Negotiate-ECDSA_P384_SHA384-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-Negotiate-ECDSA_P521_SHA512-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-Negotiate-RSA_PSS_SHA384-TLS13": "Need investigation before merging GH #2957",
+ "Client-Sign-Negotiate-RSA_PSS_SHA512-TLS13": "Need investigation before merging GH #2957",
+
+ "SendNoClientCertificateExtensions-TLS13": "-signed-cert-timestamps currently not supported in the shim",
  "KeyUpdate-RequestACK-UnfinishedWrite": "-read-with-unfinished-write currently not supported in the shim",
 
  "*Binder*": "No TLS 1.3",

src/lib/tls/tls13/tls_client_impl_13.cpp

@@ -370,7 +370,7 @@ void Client_Impl_13::handle(const Certificate_Request_13& certificate_request_ms
  // post-handshake authentication exchanges described in Section 4.6.2.
  if(!m_handshake_state.handshake_finished() && !certificate_request_msg.context().empty())
  {
- throw TLS_Exception(Alert::ILLEGAL_PARAMETER, "Certificate_Request context must be empty in the main handshake");
+ throw TLS_Exception(Alert::DECODE_ERROR, "Certificate_Request context must be empty in the main handshake");
  }
 
  m_transitions.set_expected_next(CERTIFICATE);