source-git / openssl

Clone
Source Code
GIT

Blame test/tls13secretstest.c

c8 c8s master
  1.   c4476c2d191c8f18018d947521358ac6321a212e
  2.   test
  3.   tls13secretstest.c
Blob History Raw
Packit c4476c 
/*
Packit c4476c 
 * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
Packit c4476c 
 *
Packit c4476c 
 * Licensed under the OpenSSL license (the "License").  You may not use
Packit c4476c 
 * this file except in compliance with the License.  You can obtain a copy
Packit c4476c 
 * in the file LICENSE in the source distribution or at
Packit c4476c 
 * https://www.openssl.org/source/license.html
Packit c4476c 
 */
Packit c4476c
Packit c4476c 
#include <openssl/ssl.h>
Packit c4476c 
#include <openssl/evp.h>
Packit c4476c
Packit c4476c 
#ifdef __VMS
Packit c4476c 
# pragma names save
Packit c4476c 
# pragma names as_is,shortened
Packit c4476c 
#endif
Packit c4476c
Packit c4476c 
#include "../ssl/ssl_local.h"
Packit c4476c
Packit c4476c 
#ifdef __VMS
Packit c4476c 
# pragma names restore
Packit c4476c 
#endif
Packit c4476c
Packit c4476c 
#include "testutil.h"
Packit c4476c
Packit c4476c 
#define IVLEN   12
Packit c4476c 
#define KEYLEN  16
Packit c4476c
Packit c4476c 
/*
Packit c4476c 
 * Based on the test vectors available in:
Packit c4476c 
 * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
Packit c4476c 
 */
Packit c4476c
Packit c4476c 
static unsigned char hs_start_hash[] = {
Packit c4476c 
0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
Packit c4476c 
0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
Packit c4476c 
0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char hs_full_hash[] = {
Packit c4476c 
0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
Packit c4476c 
0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
Packit c4476c 
0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char early_secret[] = {
Packit c4476c 
0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
Packit c4476c 
0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
Packit c4476c 
0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char ecdhe_secret[] = {
Packit c4476c 
0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
Packit c4476c 
0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
Packit c4476c 
0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char handshake_secret[] = {
Packit c4476c 
0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
Packit c4476c 
0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
Packit c4476c 
0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static const char *client_hts_label = "c hs traffic";
Packit c4476c
Packit c4476c 
static unsigned char client_hts[] = {
Packit c4476c 
0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
Packit c4476c 
0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
Packit c4476c 
0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char client_hts_key[] = {
Packit c4476c 
0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
Packit c4476c 
0xad, 0x26, 0x49
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char client_hts_iv[] = {
Packit c4476c 
0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static const char *server_hts_label = "s hs traffic";
Packit c4476c
Packit c4476c 
static unsigned char server_hts[] = {
Packit c4476c 
0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
Packit c4476c 
0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
Packit c4476c 
0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char server_hts_key[] = {
Packit c4476c 
0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
Packit c4476c 
0x11, 0xac, 0x8b
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char server_hts_iv[] = {
Packit c4476c 
0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char master_secret[] = {
Packit c4476c 
0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
Packit c4476c 
0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
Packit c4476c 
0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static const char *client_ats_label = "c ap traffic";
Packit c4476c
Packit c4476c 
static unsigned char client_ats[] = {
Packit c4476c 
0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
Packit c4476c 
0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
Packit c4476c 
0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char client_ats_key[] = {
Packit c4476c 
0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
Packit c4476c 
0xce, 0x5c, 0x87
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char client_ats_iv[] = {
Packit c4476c 
0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static const char *server_ats_label = "s ap traffic";
Packit c4476c
Packit c4476c 
static unsigned char server_ats[] = {
Packit c4476c 
0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
Packit c4476c 
0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
Packit c4476c 
0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char server_ats_key[] = {
Packit c4476c 
0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
Packit c4476c 
0x4b, 0x9b, 0x7d
Packit c4476c 
};
Packit c4476c
Packit c4476c 
static unsigned char server_ats_iv[] = {
Packit c4476c 
0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
Packit c4476c 
};
Packit c4476c
Packit c4476c 
/* Mocked out implementations of various functions */
Packit c4476c 
int ssl3_digest_cached_records(SSL *s, int keep)
Packit c4476c 
{
Packit c4476c 
    return 1;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
static int full_hash = 0;
Packit c4476c
Packit c4476c 
/* Give a hash of the currently set handshake */
Packit c4476c 
int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
Packit c4476c 
                       size_t *hashlen)
Packit c4476c 
{
Packit c4476c 
    if (sizeof(hs_start_hash) > outlen
Packit c4476c 
            || sizeof(hs_full_hash) != sizeof(hs_start_hash))
Packit c4476c 
        return 0;
Packit c4476c
Packit c4476c 
    if (full_hash) {
Packit c4476c 
        memcpy(out, hs_full_hash, sizeof(hs_full_hash));
Packit c4476c 
        *hashlen = sizeof(hs_full_hash);
Packit c4476c 
    } else {
Packit c4476c 
        memcpy(out, hs_start_hash, sizeof(hs_start_hash));
Packit c4476c 
        *hashlen = sizeof(hs_start_hash);
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    return 1;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
const EVP_MD *ssl_handshake_md(SSL *s)
Packit c4476c 
{
Packit c4476c 
    return EVP_sha256();
Packit c4476c 
}
Packit c4476c
Packit c4476c 
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
Packit c4476c 
{
Packit c4476c 
}
Packit c4476c
Packit c4476c 
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
Packit c4476c 
{
Packit c4476c 
}
Packit c4476c
Packit c4476c 
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
Packit c4476c 
                       const EVP_MD **md, int *mac_pkey_type,
Packit c4476c 
                       size_t *mac_secret_size, SSL_COMP **comp, int use_etm)
Packit c4476c
Packit c4476c 
{
Packit c4476c 
    return 0;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
int tls1_alert_code(int code)
Packit c4476c 
{
Packit c4476c 
    return code;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
int ssl_log_secret(SSL *ssl,
Packit c4476c 
                   const char *label,
Packit c4476c 
                   const uint8_t *secret,
Packit c4476c 
                   size_t secret_len)
Packit c4476c 
{
Packit c4476c 
    return 1;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
const EVP_MD *ssl_md(int idx)
Packit c4476c 
{
Packit c4476c 
    return EVP_sha256();
Packit c4476c 
}
Packit c4476c
Packit c4476c 
void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
Packit c4476c 
                           int line)
Packit c4476c 
{
Packit c4476c 
}
Packit c4476c
Packit c4476c 
int ossl_statem_export_allowed(SSL *s)
Packit c4476c 
{
Packit c4476c 
    return 1;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
int ossl_statem_export_early_allowed(SSL *s)
Packit c4476c 
{
Packit c4476c 
    return 1;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
/* End of mocked out code */
Packit c4476c
Packit c4476c 
static int test_secret(SSL *s, unsigned char *prk,
Packit c4476c 
                       const unsigned char *label, size_t labellen,
Packit c4476c 
                       const unsigned char *ref_secret,
Packit c4476c 
                       const unsigned char *ref_key, const unsigned char *ref_iv)
Packit c4476c 
{
Packit c4476c 
    size_t hashsize;
Packit c4476c 
    unsigned char gensecret[EVP_MAX_MD_SIZE];
Packit c4476c 
    unsigned char hash[EVP_MAX_MD_SIZE];
Packit c4476c 
    unsigned char key[KEYLEN];
Packit c4476c 
    unsigned char iv[IVLEN];
Packit c4476c 
    const EVP_MD *md = ssl_handshake_md(s);
Packit c4476c
Packit c4476c 
    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
Packit c4476c 
        TEST_error("Failed to get hash");
Packit c4476c 
        return 0;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
Packit c4476c 
                           gensecret, hashsize, 1)) {
Packit c4476c 
        TEST_error("Secret generation failed");
Packit c4476c 
        return 0;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
Packit c4476c 
        return 0;
Packit c4476c
Packit c4476c 
    if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
Packit c4476c 
        TEST_error("Key generation failed");
Packit c4476c 
        return 0;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
Packit c4476c 
        return 0;
Packit c4476c
Packit c4476c 
    if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
Packit c4476c 
        TEST_error("IV generation failed");
Packit c4476c 
        return 0;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
Packit c4476c 
        return 0;
Packit c4476c
Packit c4476c 
    return 1;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
static int test_handshake_secrets(void)
Packit c4476c 
{
Packit c4476c 
    SSL_CTX *ctx = NULL;
Packit c4476c 
    SSL *s = NULL;
Packit c4476c 
    int ret = 0;
Packit c4476c 
    size_t hashsize;
Packit c4476c 
    unsigned char out_master_secret[EVP_MAX_MD_SIZE];
Packit c4476c 
    size_t master_secret_length;
Packit c4476c
Packit c4476c 
    ctx = SSL_CTX_new(TLS_method());
Packit c4476c 
    if (!TEST_ptr(ctx))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    s = SSL_new(ctx);
Packit c4476c 
    if (!TEST_ptr(s ))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    s->session = SSL_SESSION_new();
Packit c4476c 
    if (!TEST_ptr(s->session))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
Packit c4476c 
                                         (unsigned char *)&s->early_secret))) {
Packit c4476c 
        TEST_info("Early secret generation failed");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
Packit c4476c 
                     early_secret, sizeof(early_secret))) {
Packit c4476c 
        TEST_info("Early secret does not match");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
Packit c4476c 
                                                   sizeof(ecdhe_secret)))) {
Packit c4476c 
        TEST_info("Handshake secret generation failed");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
Packit c4476c 
                     handshake_secret, sizeof(handshake_secret)))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    hashsize = EVP_MD_size(ssl_handshake_md(s));
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    if (!TEST_true(test_secret(s, s->handshake_secret,
Packit c4476c 
                               (unsigned char *)client_hts_label,
Packit c4476c 
                               strlen(client_hts_label), client_hts,
Packit c4476c 
                               client_hts_key, client_hts_iv))) {
Packit c4476c 
        TEST_info("Client handshake secret test failed");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    if (!TEST_true(test_secret(s, s->handshake_secret,
Packit c4476c 
                               (unsigned char *)server_hts_label,
Packit c4476c 
                               strlen(server_hts_label), server_hts,
Packit c4476c 
                               server_hts_key, server_hts_iv))) {
Packit c4476c 
        TEST_info("Server handshake secret test failed");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    /*
Packit c4476c 
     * Ensure the mocked out ssl_handshake_hash() returns the full handshake
Packit c4476c 
     * hash.
Packit c4476c 
     */
Packit c4476c 
    full_hash = 1;
Packit c4476c
Packit c4476c 
    if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
Packit c4476c 
                                                s->handshake_secret, hashsize,
Packit c4476c 
                                                &master_secret_length))) {
Packit c4476c 
        TEST_info("Master secret generation failed");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_mem_eq(out_master_secret, master_secret_length,
Packit c4476c 
                     master_secret, sizeof(master_secret))) {
Packit c4476c 
        TEST_info("Master secret does not match");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    if (!TEST_true(test_secret(s, out_master_secret,
Packit c4476c 
                               (unsigned char *)client_ats_label,
Packit c4476c 
                               strlen(client_ats_label), client_ats,
Packit c4476c 
                               client_ats_key, client_ats_iv))) {
Packit c4476c 
        TEST_info("Client application data secret test failed");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
Packit c4476c 
        goto err;
Packit c4476c 
    if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
Packit c4476c 
        goto err;
Packit c4476c
Packit c4476c 
    if (!TEST_true(test_secret(s, out_master_secret,
Packit c4476c 
                               (unsigned char *)server_ats_label,
Packit c4476c 
                               strlen(server_ats_label), server_ats,
Packit c4476c 
                               server_ats_key, server_ats_iv))) {
Packit c4476c 
        TEST_info("Server application data secret test failed");
Packit c4476c 
        goto err;
Packit c4476c 
    }
Packit c4476c
Packit c4476c 
    ret = 1;
Packit c4476c 
 err:
Packit c4476c 
    SSL_free(s);
Packit c4476c 
    SSL_CTX_free(ctx);
Packit c4476c 
    return ret;
Packit c4476c 
}
Packit c4476c
Packit c4476c 
int setup_tests(void)
Packit c4476c 
{
Packit c4476c 
    ADD_TEST(test_handshake_secrets);
Packit c4476c 
    return 1;
Packit c4476c 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation