2021-04-18 12:41:13 -07:00
|
|
|
// Copyright (c) 2015-2021 MinIO, Inc.
|
2019-07-09 18:32:39 -07:00
|
|
|
//
|
2021-04-18 12:41:13 -07:00
|
|
|
// This file is part of MinIO Object Storage stack
|
2019-07-09 18:32:39 -07:00
|
|
|
//
|
2021-04-18 12:41:13 -07:00
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
2019-07-09 18:32:39 -07:00
|
|
|
//
|
2021-04-18 12:41:13 -07:00
|
|
|
// This program is distributed in the hope that it will be useful
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2019-07-09 18:32:39 -07:00
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
)
|
|
|
|
|
|
|
|
const testName = "TLS-tests"
|
|
|
|
|
|
|
|
const (
|
|
|
|
// PASS indicate that a test passed
|
|
|
|
PASS = "PASS"
|
|
|
|
// FAIL indicate that a test failed
|
|
|
|
FAIL = "FAIL"
|
|
|
|
// NA indicates that a test is not applicable
|
|
|
|
NA = "NA"
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
log.SetOutput(os.Stdout)
|
|
|
|
log.SetFormatter(&mintJSONFormatter{})
|
|
|
|
log.SetLevel(log.InfoLevel)
|
|
|
|
|
|
|
|
endpoint := os.Getenv("SERVER_ENDPOINT")
|
|
|
|
secure := os.Getenv("ENABLE_HTTPS")
|
|
|
|
if secure != "1" {
|
|
|
|
log.WithFields(log.Fields{"name:": testName, "status": NA, "message": "TLS is not enabled"}).Info()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
testTLSVersions(endpoint)
|
|
|
|
testTLSCiphers(endpoint)
|
|
|
|
testTLSEllipticCurves(endpoint)
|
|
|
|
}
|
|
|
|
|
2020-05-18 09:59:45 -07:00
|
|
|
// Tests whether the endpoint accepts TLS1.0 or TLS1.1 connections - fail if so.
|
2019-07-09 18:32:39 -07:00
|
|
|
// Tests whether the endpoint accepts TLS1.2 connections - fail if not.
|
|
|
|
func testTLSVersions(endpoint string) {
|
|
|
|
const function = "TLSVersions"
|
|
|
|
startTime := time.Now()
|
|
|
|
|
2020-05-18 09:59:45 -07:00
|
|
|
// Tests whether the endpoint accepts TLS1.0 or TLS1.1 connections
|
2019-07-09 18:32:39 -07:00
|
|
|
args := map[string]interface{}{
|
2020-05-18 09:59:45 -07:00
|
|
|
"MinVersion": "tls.VersionTLS10",
|
2019-07-09 18:32:39 -07:00
|
|
|
"MaxVersion": "tls.VersionTLS11",
|
|
|
|
}
|
|
|
|
_, err := tls.Dial("tcp", endpoint, &tls.Config{
|
2020-05-18 09:59:45 -07:00
|
|
|
MinVersion: tls.VersionTLS10,
|
2019-07-09 18:32:39 -07:00
|
|
|
MaxVersion: tls.VersionTLS11,
|
|
|
|
})
|
|
|
|
if err == nil {
|
|
|
|
failureLog(function, args, startTime, "", "Endpoint accepts insecure connection", err).Error()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts TLS1.2 connections
|
|
|
|
args = map[string]interface{}{
|
|
|
|
"MinVersion": "tls.VersionTLS12",
|
|
|
|
}
|
|
|
|
_, err = tls.Dial("tcp", endpoint, &tls.Config{
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
failureLog(function, args, startTime, "", "Endpoint rejects secure connection", err).Error()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
successLog(function, args, startTime)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts SSL3.0, TLS1.0 or TLS1.1 connections - fail if so.
|
|
|
|
// Tests whether the endpoint accepts TLS1.2 connections - fail if not.
|
|
|
|
func testTLSCiphers(endpoint string) {
|
|
|
|
const function = "TLSCiphers"
|
|
|
|
startTime := time.Now()
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts insecure ciphers
|
|
|
|
args := map[string]interface{}{
|
|
|
|
"MinVersion": "tls.VersionTLS12",
|
|
|
|
"CipherSuites": unsupportedCipherSuites,
|
|
|
|
}
|
|
|
|
_, err := tls.Dial("tcp", endpoint, &tls.Config{
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
CipherSuites: unsupportedCipherSuites,
|
|
|
|
})
|
|
|
|
if err == nil {
|
|
|
|
failureLog(function, args, startTime, "", "Endpoint accepts insecure cipher suites", err).Error()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts at least one secure cipher
|
|
|
|
args = map[string]interface{}{
|
|
|
|
"MinVersion": "tls.VersionTLS12",
|
|
|
|
"CipherSuites": supportedCipherSuites,
|
|
|
|
}
|
|
|
|
_, err = tls.Dial("tcp", endpoint, &tls.Config{
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
CipherSuites: supportedCipherSuites,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
failureLog(function, args, startTime, "", "Endpoint rejects all secure cipher suites", err).Error()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts at least one default cipher
|
|
|
|
args = map[string]interface{}{
|
|
|
|
"MinVersion": "tls.VersionTLS12",
|
|
|
|
"CipherSuites": nil,
|
|
|
|
}
|
|
|
|
_, err = tls.Dial("tcp", endpoint, &tls.Config{
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
CipherSuites: nil, // default value
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
failureLog(function, args, startTime, "", "Endpoint rejects default cipher suites", err).Error()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
successLog(function, args, startTime)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts the P-384 or P-521 elliptic curve - fail if so.
|
|
|
|
// Tests whether the endpoint accepts Curve25519 or P-256 - fail if not.
|
|
|
|
func testTLSEllipticCurves(endpoint string) {
|
|
|
|
const function = "TLSEllipticCurves"
|
|
|
|
startTime := time.Now()
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts curves using non-constant time implementations.
|
|
|
|
args := map[string]interface{}{
|
|
|
|
"CurvePreferences": unsupportedCurves,
|
|
|
|
}
|
|
|
|
_, err := tls.Dial("tcp", endpoint, &tls.Config{
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
CurvePreferences: unsupportedCurves,
|
|
|
|
CipherSuites: supportedCipherSuites,
|
|
|
|
})
|
|
|
|
if err == nil {
|
|
|
|
failureLog(function, args, startTime, "", "Endpoint accepts insecure elliptic curves", err).Error()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Tests whether the endpoint accepts curves using constant time implementations.
|
|
|
|
args = map[string]interface{}{
|
|
|
|
"CurvePreferences": unsupportedCurves,
|
|
|
|
}
|
|
|
|
_, err = tls.Dial("tcp", endpoint, &tls.Config{
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
CurvePreferences: supportedCurves,
|
|
|
|
CipherSuites: supportedCipherSuites,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
failureLog(function, args, startTime, "", "Endpoint does not accept secure elliptic curves", err).Error()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
successLog(function, args, startTime)
|
|
|
|
}
|
|
|
|
|
|
|
|
func successLog(function string, args map[string]interface{}, startTime time.Time) *log.Entry {
|
|
|
|
duration := time.Since(startTime).Nanoseconds() / 1000000
|
|
|
|
return log.WithFields(log.Fields{
|
|
|
|
"name": testName,
|
|
|
|
"function": function,
|
|
|
|
"args": args,
|
|
|
|
"duration": duration,
|
|
|
|
"status": PASS,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func failureLog(function string, args map[string]interface{}, startTime time.Time, alert string, message string, err error) *log.Entry {
|
|
|
|
duration := time.Since(startTime).Nanoseconds() / 1000000
|
|
|
|
fields := log.Fields{
|
|
|
|
"name": testName,
|
|
|
|
"function": function,
|
|
|
|
"args": args,
|
|
|
|
"duration": duration,
|
|
|
|
"status": FAIL,
|
|
|
|
"alert": alert,
|
|
|
|
"message": message,
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
fields["error"] = err
|
|
|
|
}
|
|
|
|
return log.WithFields(fields)
|
|
|
|
}
|
|
|
|
|
|
|
|
type mintJSONFormatter struct {
|
|
|
|
}
|
|
|
|
|
|
|
|
func (f *mintJSONFormatter) Format(entry *log.Entry) ([]byte, error) {
|
|
|
|
data := make(log.Fields, len(entry.Data))
|
|
|
|
for k, v := range entry.Data {
|
|
|
|
switch v := v.(type) {
|
|
|
|
case error:
|
|
|
|
// Otherwise errors are ignored by `encoding/json`
|
|
|
|
// https://github.com/sirupsen/logrus/issues/137
|
|
|
|
data[k] = v.Error()
|
|
|
|
default:
|
|
|
|
data[k] = v
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
serialized, err := json.Marshal(data)
|
|
|
|
if err != nil {
|
2019-12-02 09:28:01 -08:00
|
|
|
return nil, fmt.Errorf("Failed to marshal fields to JSON, %w", err)
|
2019-07-09 18:32:39 -07:00
|
|
|
}
|
|
|
|
return append(serialized, '\n'), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Secure Go implementations of modern TLS ciphers
|
|
|
|
// The following ciphers are excluded because:
|
|
|
|
// - RC4 ciphers: RC4 is broken
|
|
|
|
// - 3DES ciphers: Because of the 64 bit blocksize of DES (Sweet32)
|
|
|
|
// - CBC-SHA256 ciphers: No countermeasures against Lucky13 timing attack
|
|
|
|
// - CBC-SHA ciphers: Legacy ciphers (SHA-1) and non-constant time
|
|
|
|
// implementation of CBC.
|
|
|
|
// (CBC-SHA ciphers can be enabled again if required)
|
|
|
|
// - RSA key exchange ciphers: Disabled because of dangerous PKCS1-v1.5 RSA
|
|
|
|
// padding scheme. See Bleichenbacher attacks.
|
|
|
|
var supportedCipherSuites = []uint16{
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
|
}
|
|
|
|
|
|
|
|
// Supported elliptic curves: Implementations are constant-time.
|
|
|
|
var supportedCurves = []tls.CurveID{tls.X25519, tls.CurveP256}
|
|
|
|
|
|
|
|
var unsupportedCipherSuites = []uint16{
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, // Go stack contains (some) countermeasures against timing attacks (Lucky13)
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, // No countermeasures against timing attacks
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, // Go stack contains (some) countermeasures against timing attacks (Lucky13)
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, // Broken cipher
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, // Sweet32
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // Go stack contains (some) countermeasures against timing attacks (Lucky13)
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, // No countermeasures against timing attacks
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, // Go stack contains (some) countermeasures against timing attacks (Lucky13)
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, // Broken cipher
|
|
|
|
|
|
|
|
// all RSA-PKCS1-v1.5 ciphers are disabled - danger of Bleichenbacher attack variants
|
|
|
|
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, // Sweet32
|
|
|
|
tls.TLS_RSA_WITH_AES_128_CBC_SHA, // Go stack contains (some) countermeasures against timing attacks (Lucky13)
|
|
|
|
tls.TLS_RSA_WITH_AES_128_CBC_SHA256, // No countermeasures against timing attacks
|
|
|
|
tls.TLS_RSA_WITH_AES_256_CBC_SHA, // Go stack contains (some) countermeasures against timing attacks (Lucky13)
|
|
|
|
tls.TLS_RSA_WITH_RC4_128_SHA, // Broken cipher
|
|
|
|
|
|
|
|
tls.TLS_RSA_WITH_AES_128_GCM_SHA256, // Disabled because of RSA-PKCS1-v1.5 - AES-GCM is considered secure.
|
|
|
|
tls.TLS_RSA_WITH_AES_256_GCM_SHA384, // Disabled because of RSA-PKCS1-v1.5 - AES-GCM is considered secure.
|
|
|
|
}
|
|
|
|
|
|
|
|
// Unsupported elliptic curves: Implementations are not constant-time.
|
|
|
|
var unsupportedCurves = []tls.CurveID{tls.CurveP384, tls.CurveP521}
|