From 9f25710a7d966d714fa3f2bfca7f599db575feb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Meusel?= <rene.meusel@nexenio.com>
Date: Sun, 17 Apr 2022 16:30:29 +0530
Subject: [PATCH] WIP: enable/fix client auth BoGo tests

---
 src/bogo_shim/bogo_shim.cpp              |  7 +++++
 src/bogo_shim/config.json                | 33 +++++++++++-------------
 src/lib/tls/tls13/tls_client_impl_13.cpp |  2 +-
 3 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
index 95ee2f28849..bc2c17f3b7c 100644
--- a/src/bogo_shim/bogo_shim.cpp
+++ b/src/bogo_shim/bogo_shim.cpp
@@ -82,6 +82,7 @@ std::string map_to_bogo_error(const std::string& e)
          { "Application data before handshake done", ":APPLICATION_DATA_INSTEAD_OF_HANDSHAKE:" },
          { "Bad Hello_Request, has non-zero size", ":BAD_HELLO_REQUEST:" },
          { "Bad code for TLS alert level", ":UNKNOWN_ALERT_TYPE:" },
+         { "Bad encoding on signature algorithms extension", ":DECODE_ERROR:" },
          { "Bad extension size", ":DECODE_ERROR:" },
          { "Bad length in hello verify request", ":DECODE_ERROR:" },
          { "Bad lengths in DTLS header", ":BAD_HANDSHAKE_RECORD:" },
@@ -99,6 +100,8 @@ std::string map_to_bogo_error(const std::string& e)
          { "Certificate key type did not match ciphersuite", ":WRONG_CERTIFICATE_TYPE:" },
          { "Certificate usage constraints do not allow this ciphersuite", ":KEY_USAGE_BIT_INCORRECT:" },
          { "Certificate: Message malformed", ":DECODE_ERROR:" },
+         { "Certificate_Request context must be empty in the main handshake", ":DECODE_ERROR:" },
+         { "Certificate_Request message did not provide a signature_algorithms extension", ":DECODE_ERROR:" },
          { "Channel_Impl_12::key_material_export cannot export during renegotiation", "failed to export keying material" },
          { "Client cert verify failed", ":BAD_SIGNATURE:" },
          { "Client certificate does not support signing", ":KEY_USAGE_BIT_INCORRECT:" },
@@ -123,6 +126,7 @@ std::string map_to_bogo_error(const std::string& e)
          { "Empty ALPN protocol not allowed", ":PARSE_TLSEXT:" },
          { "Encoding error: Cannot encode PSS string, output length too small", ":NO_COMMON_SIGNATURE_ALGORITHMS:" },
          { "Expected TLS but got a record with DTLS version", ":WRONG_VERSION_NUMBER:" },
+         { "Failed to agree on a signature algorithm", ":NO_COMMON_SIGNATURE_ALGORITHMS:" },
          { "Finished message didn't verify", ":DIGEST_CHECK_FAILED:" },
          { "Have data remaining in buffer after ClientHello", ":EXCESS_HANDSHAKE_DATA:" },
          { "Have data remaining in buffer after Finished", ":EXCESS_HANDSHAKE_DATA:" },
@@ -824,7 +828,10 @@ class Shim_Policy final : public Botan::TLS::Policy
                {
                const Botan::TLS::Signature_Scheme scheme(pref);
                if(!scheme.is_available())
+                  {
+                  shim_log("skipping inavailable but preferred signature scheme: " + std::to_string(pref));
                   continue;
+                  }
                pref_hash.push_back(scheme.hash_function_name());
                }
 
diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json
index c00f8a3098a..aec965e9465 100644
--- a/src/bogo_shim/config.json
+++ b/src/bogo_shim/config.json
@@ -12,7 +12,8 @@
         "PartialFinishedWithServerHelloDone": "Unexpected record vs excess handshake data",
         "HelloRetryRequest-DuplicateCurve-TLS13": "expects 'illegal parameter' but we want to stick with 'decode error'",
         "HelloRetryRequest-DuplicateCookie-TLS13": "expects 'illegal parameter' but we want to stick with 'decode error'",
-        "EncryptedExtensionsWithKeyShare-TLS13": "expects 'unsupported extension' but RFC requires 'illegal parameter'"
+        "EncryptedExtensionsWithKeyShare-TLS13": "expects 'unsupported extension' but RFC requires 'illegal parameter'",
+        "ClientSkipCertificateVerify-TLS13": "would require ambiguous error mapping"
     },
 
     "DisabledTests": {
@@ -113,23 +114,19 @@
         "*EarlyData*": "No TLS 1.3 Early Data, yet",
         "TLS13-1RTT-Client-*": "No TLS 1.3 Early Data, yet",
 
-        "FailCertCallback-Client-TLS13": "No client auth in TLS 1.3, yet",
-        "Client-Sign*-TLS13": "No client auth in TLS 1.3, yet",
-        "TLS13-Client-ClientAuth-": "No client auth in TLS 1.3, yet",
-        "ClientAuth-*-TLS13": "No client auth in TLS 1.3, yet",
-        "TLS13-Client-ClientAuth-*": "No client auth in TLS 1.3, yet",
-        "NoClientCertificate-TLS13": "No client auth in TLS 1.3, yet",
-        "NoCommonAlgorithms-TLS13": "No client auth in TLS 1.3, yet",
-        "ClientAuth-*-TLS13-*": "No client auth in TLS 1.3, yet",
-        "TrailingMessageData-TLS13-CertificateRequest-TLS": "No client auth in TLS 1.3, yet",
-        "RequestContextInHandshake-TLS13": "No client auth in TLS 1.3, yet",
-        "UnknownExtensionInCertificateRequest-TLS13": "No client auth in TLS 1.3, yet",
-        "MissingSignatureAlgorithmsInCertificateRequest-TLS13": "No client auth in TLS 1.3, yet",
-        "ClientSkipCertificateVerify-TLS13": "No client auth in TLS 1.3, yet",
-        "SendReceiveIntermediate-Client-TLS13": "No client auth in TLS 1.3, yet",
-        "TLS13-Client-CertReq-CA-List": "No client auth in TLS 1.3, yet",
-        "SendNoClientCertificateExtensions-TLS13": "No client auth in TLS 1.3, yet",
-
+        "Client-Sign-RSA_PKCS1_SHA1-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-RSA_PKCS1_SHA256-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-RSA_PKCS1_SHA384-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-RSA_PKCS1_SHA512-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-ECDSA_SHA1-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-ECDSA_P224_SHA256-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-Negotiate-ECDSA_P256_SHA256-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-Negotiate-ECDSA_P384_SHA384-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-Negotiate-ECDSA_P521_SHA512-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-Negotiate-RSA_PSS_SHA384-TLS13": "Need investigation before merging GH #2957",
+        "Client-Sign-Negotiate-RSA_PSS_SHA512-TLS13": "Need investigation before merging GH #2957",
+
+        "SendNoClientCertificateExtensions-TLS13": "-signed-cert-timestamps currently not supported in the shim",
         "KeyUpdate-RequestACK-UnfinishedWrite": "-read-with-unfinished-write currently not supported in the shim",
 
         "*Binder*": "No TLS 1.3",
diff --git a/src/lib/tls/tls13/tls_client_impl_13.cpp b/src/lib/tls/tls13/tls_client_impl_13.cpp
index ceac17a0068..85f30ff5916 100644
--- a/src/lib/tls/tls13/tls_client_impl_13.cpp
+++ b/src/lib/tls/tls13/tls_client_impl_13.cpp
@@ -370,7 +370,7 @@ void Client_Impl_13::handle(const Certificate_Request_13& certificate_request_ms
    //    post-handshake authentication exchanges described in Section 4.6.2.
    if(!m_handshake_state.handshake_finished() && !certificate_request_msg.context().empty())
       {
-      throw TLS_Exception(Alert::ILLEGAL_PARAMETER, "Certificate_Request context must be empty in the main handshake");
+      throw TLS_Exception(Alert::DECODE_ERROR, "Certificate_Request context must be empty in the main handshake");
       }
 
    m_transitions.set_expected_next(CERTIFICATE);