projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove some redundant code
[openssl.git] / test / tls13secretstest.c
1 /*
2  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <openssl/ssl.h>
11 #include <openssl/evp.h>
12
13 #include "../ssl/ssl_local.h"
14 #include "testutil.h"
15
16 #define IVLEN   12
17 #define KEYLEN  16
18
19 /*
20  * Based on the test vectors available in:
21  * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
22  */
23
24 static unsigned char hs_start_hash[] = {
25 0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
26 0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
27 0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
28 };
29
30 static unsigned char hs_full_hash[] = {
31 0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
32 0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
33 0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
34 };
35
36 static unsigned char early_secret[] = {
37 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
38 0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
39 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
40 };
41
42 static unsigned char ecdhe_secret[] = {
43 0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
44 0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
45 0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
46 };
47
48 static unsigned char handshake_secret[] = {
49 0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
50 0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
51 0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
52 };
53
54 static const char *client_hts_label = "c hs traffic";
55
56 static unsigned char client_hts[] = {
57 0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
58 0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
59 0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
60 };
61
62 static unsigned char client_hts_key[] = {
63 0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
64 0xad, 0x26, 0x49
65 };
66
67 static unsigned char client_hts_iv[] = {
68 0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
69 };
70
71 static const char *server_hts_label = "s hs traffic";
72
73 static unsigned char server_hts[] = {
74 0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
75 0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
76 0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
77 };
78
79 static unsigned char server_hts_key[] = {
80 0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
81 0x11, 0xac, 0x8b
82 };
83
84 static unsigned char server_hts_iv[] = {
85 0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
86 };
87
88 static unsigned char master_secret[] = {
89 0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
90 0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
91 0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
92 };
93
94 static const char *client_ats_label = "c ap traffic";
95
96 static unsigned char client_ats[] = {
97 0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
98 0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
99 0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
100 };
101
102 static unsigned char client_ats_key[] = {
103 0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
104 0xce, 0x5c, 0x87
105 };
106
107 static unsigned char client_ats_iv[] = {
108 0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
109 };
110
111 static const char *server_ats_label = "s ap traffic";
112
113 static unsigned char server_ats[] = {
114 0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
115 0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
116 0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
117 };
118
119 static unsigned char server_ats_key[] = {
120 0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
121 0x4b, 0x9b, 0x7d
122 };
123
124 static unsigned char server_ats_iv[] = {
125 0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
126 };
127
128 /* Mocked out implementations of various functions */
129 int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
130 {
131     return 1;
132 }
133
134 static int full_hash = 0;
135
136 /* Give a hash of the currently set handshake */
137 int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen,
138                        size_t *hashlen)
139 {
140     if (sizeof(hs_start_hash) > outlen
141             || sizeof(hs_full_hash) != sizeof(hs_start_hash))
142         return 0;
143
144     if (full_hash) {
145         memcpy(out, hs_full_hash, sizeof(hs_full_hash));
146         *hashlen = sizeof(hs_full_hash);
147     } else {
148         memcpy(out, hs_start_hash, sizeof(hs_start_hash));
149         *hashlen = sizeof(hs_start_hash);
150     }
151
152     return 1;
153 }
154
155 const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
156 {
157     return EVP_sha256();
158 }
159
160 void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
161 {
162 }
163
164 int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
165                                      const EVP_CIPHER **enc)
166 {
167     return 0;
168 }
169
170 int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s,
171                        const EVP_CIPHER **enc, const EVP_MD **md,
172                        int *mac_pkey_type, size_t *mac_secret_size,
173                        SSL_COMP **comp, int use_etm)
174
175 {
176     return 0;
177 }
178
179 int tls1_alert_code(int code)
180 {
181     return code;
182 }
183
184 int ssl_log_secret(SSL_CONNECTION *sc,
185                    const char *label,
186                    const uint8_t *secret,
187                    size_t secret_len)
188 {
189     return 1;
190 }
191
192 const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
193 {
194     return EVP_sha256();
195 }
196
197 void ossl_statem_send_fatal(SSL_CONNECTION *s, int al)
198 {
199 }
200
201 void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
202                        const char *fmt, ...)
203 {
204 }
205
206 int ossl_statem_export_allowed(SSL_CONNECTION *s)
207 {
208     return 1;
209 }
210
211 int ossl_statem_export_early_allowed(SSL_CONNECTION *s)
212 {
213     return 1;
214 }
215
216 void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
217 {
218 }
219
220 void ssl_evp_md_free(const EVP_MD *md)
221 {
222 }
223
224 int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
225                              int level, unsigned char *key, size_t keylen,
226                              unsigned char *iv,  size_t ivlen,
227                              unsigned char *mackey, size_t mackeylen,
228                              const EVP_CIPHER *ciph, size_t taglen,
229                              int mactype, const EVP_MD *md,
230                              const SSL_COMP *comp)
231 {
232     return 0;
233 }
234
235 /* End of mocked out code */
236
237 static int test_secret(SSL_CONNECTION *s, unsigned char *prk,
238                        const unsigned char *label, size_t labellen,
239                        const unsigned char *ref_secret,
240                        const unsigned char *ref_key, const unsigned char *ref_iv)
241 {
242     size_t hashsize;
243     unsigned char gensecret[EVP_MAX_MD_SIZE];
244     unsigned char hash[EVP_MAX_MD_SIZE];
245     unsigned char key[KEYLEN];
246     unsigned char iv[IVLEN];
247     const EVP_MD *md = ssl_handshake_md(s);
248
249     if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
250         TEST_error("Failed to get hash");
251         return 0;
252     }
253
254     if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
255                            gensecret, hashsize, 1)) {
256         TEST_error("Secret generation failed");
257         return 0;
258     }
259
260     if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
261         return 0;
262
263     if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
264         TEST_error("Key generation failed");
265         return 0;
266     }
267
268     if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
269         return 0;
270
271     if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
272         TEST_error("IV generation failed");
273         return 0;
274     }
275
276     if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
277         return 0;
278
279     return 1;
280 }
281
282 static int test_handshake_secrets(void)
283 {
284     SSL_CTX *ctx = NULL;
285     SSL *ssl = NULL;
286     SSL_CONNECTION *s;
287     int ret = 0;
288     size_t hashsize;
289     unsigned char out_master_secret[EVP_MAX_MD_SIZE];
290     size_t master_secret_length;
291
292     ctx = SSL_CTX_new(TLS_method());
293     if (!TEST_ptr(ctx))
294         goto err;
295
296     ssl = SSL_new(ctx);
297     if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl)))
298         goto err;
299
300     s->session = SSL_SESSION_new();
301     if (!TEST_ptr(s->session))
302         goto err;
303
304     if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
305                                          (unsigned char *)&s->early_secret))) {
306         TEST_info("Early secret generation failed");
307         goto err;
308     }
309
310     if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
311                      early_secret, sizeof(early_secret))) {
312         TEST_info("Early secret does not match");
313         goto err;
314     }
315
316     if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
317                                                    sizeof(ecdhe_secret)))) {
318         TEST_info("Handshake secret generation failed");
319         goto err;
320     }
321
322     if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
323                      handshake_secret, sizeof(handshake_secret)))
324         goto err;
325
326     hashsize = EVP_MD_get_size(ssl_handshake_md(s));
327     if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
328         goto err;
329     if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
330         goto err;
331     if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
332         goto err;
333
334     if (!TEST_true(test_secret(s, s->handshake_secret,
335                                (unsigned char *)client_hts_label,
336                                strlen(client_hts_label), client_hts,
337                                client_hts_key, client_hts_iv))) {
338         TEST_info("Client handshake secret test failed");
339         goto err;
340     }
341
342     if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
343         goto err;
344     if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
345         goto err;
346     if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
347         goto err;
348
349     if (!TEST_true(test_secret(s, s->handshake_secret,
350                                (unsigned char *)server_hts_label,
351                                strlen(server_hts_label), server_hts,
352                                server_hts_key, server_hts_iv))) {
353         TEST_info("Server handshake secret test failed");
354         goto err;
355     }
356
357     /*
358      * Ensure the mocked out ssl_handshake_hash() returns the full handshake
359      * hash.
360      */
361     full_hash = 1;
362
363     if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
364                                                 s->handshake_secret, hashsize,
365                                                 &master_secret_length))) {
366         TEST_info("Master secret generation failed");
367         goto err;
368     }
369
370     if (!TEST_mem_eq(out_master_secret, master_secret_length,
371                      master_secret, sizeof(master_secret))) {
372         TEST_info("Master secret does not match");
373         goto err;
374     }
375
376     if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
377         goto err;
378     if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
379         goto err;
380     if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
381         goto err;
382
383     if (!TEST_true(test_secret(s, out_master_secret,
384                                (unsigned char *)client_ats_label,
385                                strlen(client_ats_label), client_ats,
386                                client_ats_key, client_ats_iv))) {
387         TEST_info("Client application data secret test failed");
388         goto err;
389     }
390
391     if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
392         goto err;
393     if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
394         goto err;
395     if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
396         goto err;
397
398     if (!TEST_true(test_secret(s, out_master_secret,
399                                (unsigned char *)server_ats_label,
400                                strlen(server_ats_label), server_ats,
401                                server_ats_key, server_ats_iv))) {
402         TEST_info("Server application data secret test failed");
403         goto err;
404     }
405
406     ret = 1;
407  err:
408     SSL_free(ssl);
409     SSL_CTX_free(ctx);
410     return ret;
411 }
412
413 int setup_tests(void)
414 {
415     ADD_TEST(test_handshake_secrets);
416     return 1;
417 }
Unnamed repository; edit this file 'description' to name the repository.