tls13secretstest.c@ 102210

Last change on this file since 102210 was 101211, checked in by vboxsync, 16 months ago
openssl-3.1.3: Applied and adjusted our OpenSSL changes to 3.1.2. bugref:10527
File size: 11.5 KB

Line
1	/*
2	* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/ssl.h>
11	#include <openssl/evp.h>
12
13	#include "../ssl/ssl_local.h"
14	#include "testutil.h"
15
16	#define IVLEN 12
17	#define KEYLEN 16
18
19	/*
20	* Based on the test vectors available in:
21	* https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
22	*/
23
24	static unsigned char hs_start_hash[] = {
25	0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
26	0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
27	0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
28	};
29
30	static unsigned char hs_full_hash[] = {
31	0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
32	0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
33	0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
34	};
35
36	static unsigned char early_secret[] = {
37	0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
38	0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
39	0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
40	};
41
42	static unsigned char ecdhe_secret[] = {
43	0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
44	0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
45	0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
46	};
47
48	static unsigned char handshake_secret[] = {
49	0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
50	0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
51	0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
52	};
53
54	static const char *client_hts_label = "c hs traffic";
55
56	static unsigned char client_hts[] = {
57	0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
58	0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
59	0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
60	};
61
62	static unsigned char client_hts_key[] = {
63	0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
64	0xad, 0x26, 0x49
65	};
66
67	static unsigned char client_hts_iv[] = {
68	0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
69	};
70
71	static const char *server_hts_label = "s hs traffic";
72
73	static unsigned char server_hts[] = {
74	0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
75	0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
76	0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
77	};
78
79	static unsigned char server_hts_key[] = {
80	0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
81	0x11, 0xac, 0x8b
82	};
83
84	static unsigned char server_hts_iv[] = {
85	0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
86	};
87
88	static unsigned char master_secret[] = {
89	0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
90	0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
91	0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
92	};
93
94	static const char *client_ats_label = "c ap traffic";
95
96	static unsigned char client_ats[] = {
97	0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
98	0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
99	0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
100	};
101
102	static unsigned char client_ats_key[] = {
103	0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
104	0xce, 0x5c, 0x87
105	};
106
107	static unsigned char client_ats_iv[] = {
108	0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
109	};
110
111	static const char *server_ats_label = "s ap traffic";
112
113	static unsigned char server_ats[] = {
114	0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
115	0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
116	0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
117	};
118
119	static unsigned char server_ats_key[] = {
120	0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
121	0x4b, 0x9b, 0x7d
122	};
123
124	static unsigned char server_ats_iv[] = {
125	0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
126	};
127
128	/* Mocked out implementations of various functions */
129	int ssl3_digest_cached_records(SSL *s, int keep)
130	{
131	return 1;
132	}
133
134	static int full_hash = 0;
135
136	/* Give a hash of the currently set handshake */
137	int ssl_handshake_hash(SSL s, unsigned char out, size_t outlen,
138	size_t *hashlen)
139	{
140	if (sizeof(hs_start_hash) > outlen
141	\|\| sizeof(hs_full_hash) != sizeof(hs_start_hash))
142	return 0;
143
144	if (full_hash) {
145	memcpy(out, hs_full_hash, sizeof(hs_full_hash));
146	*hashlen = sizeof(hs_full_hash);
147	} else {
148	memcpy(out, hs_start_hash, sizeof(hs_start_hash));
149	*hashlen = sizeof(hs_start_hash);
150	}
151
152	return 1;
153	}
154
155	const EVP_MD ssl_handshake_md(SSL s)
156	{
157	return EVP_sha256();
158	}
159
160	void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
161	{
162	}
163
164	void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
165	{
166	}
167
168	int ssl_cipher_get_evp_cipher(SSL_CTX ctx, const SSL_CIPHER sslc,
169	const EVP_CIPHER **enc)
170	{
171	return 0;
172	}
173
174	int ssl_cipher_get_evp(SSL_CTX ctx, const SSL_SESSION s,
175	const EVP_CIPHER enc, const EVP_MD md,
176	int mac_pkey_type, size_t mac_secret_size,
177	SSL_COMP **comp, int use_etm)
178
179	{
180	return 0;
181	}
182
183	int tls1_alert_code(int code)
184	{
185	return code;
186	}
187
188	int ssl_log_secret(SSL *ssl,
189	const char *label,
190	const uint8_t *secret,
191	size_t secret_len)
192	{
193	return 1;
194	}
195
196	const EVP_MD ssl_md(SSL_CTX ctx, int idx)
197	{
198	return EVP_sha256();
199	}
200
201	void ossl_statem_send_fatal(SSL *s, int al)
202	{
203	}
204
205	void ossl_statem_fatal(SSL s, int al, int reason, const char fmt, ...)
206	{
207	}
208
209	int ossl_statem_export_allowed(SSL *s)
210	{
211	return 1;
212	}
213
214	int ossl_statem_export_early_allowed(SSL *s)
215	{
216	return 1;
217	}
218
219	void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
220	{
221	}
222
223	void ssl_evp_md_free(const EVP_MD *md)
224	{
225	}
226
227	/* End of mocked out code */
228
229	static int test_secret(SSL s, unsigned char prk,
230	const unsigned char *label, size_t labellen,
231	const unsigned char *ref_secret,
232	const unsigned char ref_key, const unsigned char ref_iv)
233	{
234	size_t hashsize;
235	unsigned char gensecret[EVP_MAX_MD_SIZE];
236	unsigned char hash[EVP_MAX_MD_SIZE];
237	unsigned char key[KEYLEN];
238	unsigned char iv[IVLEN];
239	const EVP_MD *md = ssl_handshake_md(s);
240
241	if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
242	TEST_error("Failed to get hash");
243	return 0;
244	}
245
246	if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
247	gensecret, hashsize, 1)) {
248	TEST_error("Secret generation failed");
249	return 0;
250	}
251
252	if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
253	return 0;
254
255	if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
256	TEST_error("Key generation failed");
257	return 0;
258	}
259
260	if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
261	return 0;
262
263	if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
264	TEST_error("IV generation failed");
265	return 0;
266	}
267
268	if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
269	return 0;
270
271	return 1;
272	}
273
274	static int test_handshake_secrets(void)
275	{
276	SSL_CTX *ctx = NULL;
277	SSL *s = NULL;
278	int ret = 0;
279	size_t hashsize;
280	unsigned char out_master_secret[EVP_MAX_MD_SIZE];
281	size_t master_secret_length;
282
283	ctx = SSL_CTX_new(TLS_method());
284	if (!TEST_ptr(ctx))
285	goto err;
286
287	s = SSL_new(ctx);
288	if (!TEST_ptr(s ))
289	goto err;
290
291	s->session = SSL_SESSION_new();
292	if (!TEST_ptr(s->session))
293	goto err;
294
295	if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
296	(unsigned char *)&s->early_secret))) {
297	TEST_info("Early secret generation failed");
298	goto err;
299	}
300
301	if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
302	early_secret, sizeof(early_secret))) {
303	TEST_info("Early secret does not match");
304	goto err;
305	}
306
307	if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
308	sizeof(ecdhe_secret)))) {
309	TEST_info("Handshake secret generation failed");
310	goto err;
311	}
312
313	if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
314	handshake_secret, sizeof(handshake_secret)))
315	goto err;
316
317	hashsize = EVP_MD_get_size(ssl_handshake_md(s));
318	if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
319	goto err;
320	if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
321	goto err;
322	if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
323	goto err;
324
325	if (!TEST_true(test_secret(s, s->handshake_secret,
326	(unsigned char *)client_hts_label,
327	strlen(client_hts_label), client_hts,
328	client_hts_key, client_hts_iv))) {
329	TEST_info("Client handshake secret test failed");
330	goto err;
331	}
332
333	if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
334	goto err;
335	if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
336	goto err;
337	if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
338	goto err;
339
340	if (!TEST_true(test_secret(s, s->handshake_secret,
341	(unsigned char *)server_hts_label,
342	strlen(server_hts_label), server_hts,
343	server_hts_key, server_hts_iv))) {
344	TEST_info("Server handshake secret test failed");
345	goto err;
346	}
347
348	/*
349	* Ensure the mocked out ssl_handshake_hash() returns the full handshake
350	* hash.
351	*/
352	full_hash = 1;
353
354	if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
355	s->handshake_secret, hashsize,
356	&master_secret_length))) {
357	TEST_info("Master secret generation failed");
358	goto err;
359	}
360
361	if (!TEST_mem_eq(out_master_secret, master_secret_length,
362	master_secret, sizeof(master_secret))) {
363	TEST_info("Master secret does not match");
364	goto err;
365	}
366
367	if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
368	goto err;
369	if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
370	goto err;
371	if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
372	goto err;
373
374	if (!TEST_true(test_secret(s, out_master_secret,
375	(unsigned char *)client_ats_label,
376	strlen(client_ats_label), client_ats,
377	client_ats_key, client_ats_iv))) {
378	TEST_info("Client application data secret test failed");
379	goto err;
380	}
381
382	if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
383	goto err;
384	if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
385	goto err;
386	if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
387	goto err;
388
389	if (!TEST_true(test_secret(s, out_master_secret,
390	(unsigned char *)server_ats_label,
391	strlen(server_ats_label), server_ats,
392	server_ats_key, server_ats_iv))) {
393	TEST_info("Server application data secret test failed");
394	goto err;
395	}
396
397	ret = 1;
398	err:
399	SSL_free(s);
400	SSL_CTX_free(ctx);
401	return ret;
402	}
403
404	int setup_tests(void)
405	{
406	ADD_TEST(test_handshake_secrets);
407	return 1;
408	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.3/test/tls13secretstest.c@ 102210

Download in other formats: