]>
Commit | Line | Data |
---|---|---|
f01675c6 MC |
1 | /* |
2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/ssl.h> | |
11 | #include <openssl/evp.h> | |
12 | #include "../ssl/ssl_locl.h" | |
13 | #include "../ssl/record/record_locl.h" | |
14 | ||
15 | #include "testutil.h" | |
16 | #include "test_main.h" | |
17 | ||
6606d600 MC |
18 | /* |
19 | * Based on the test vectors provided in: | |
20 | * https://www.ietf.org/id/draft-thomson-tls-tls13-vectors-01.txt | |
21 | */ | |
22 | ||
f60d68dc MC |
23 | typedef struct { |
24 | /* | |
25 | * We split these into 3 chunks in order to work around the 509 character | |
26 | * limit that the standard specifies for string literals | |
27 | */ | |
28 | const char *plaintext[3]; | |
29 | const char *ciphertext[3]; | |
f01675c6 MC |
30 | const char *key; |
31 | const char *iv; | |
32 | const char *seq; | |
f60d68dc MC |
33 | } RECORD_DATA; |
34 | ||
bcd62c25 | 35 | static RECORD_DATA refdata[] = { |
f01675c6 | 36 | { |
18b3a80a MC |
37 | /* |
38 | * Server: EncryptedExtensions, Certificate, CertificateVerify and | |
39 | * Finished | |
40 | */ | |
f60d68dc MC |
41 | { |
42 | "0800001e001c000a00140012001d001700180019010001010102010301040000" | |
43 | "00000b0001b9000001b50001b0308201ac30820115a003020102020102300d06" | |
44 | "092a864886f70d01010b0500300e310c300a06035504031303727361301e170d" | |
45 | "3136303733303031323335395a170d3236303733303031323335395a300e310c" | |
46 | "300a0603550403130372736130819f300d06092a864886f70d01010105000381" | |
47 | "8d0030818902818100b4bb498f8279303d980836399b36c6988c0c68de55e1bd" | |
48 | "b826d3901a2461eafd2de49a91d015abbc9a95137ace6c1af19eaa6af98c7ced", | |
49 | "43120998e187a80ee0ccb0524b1b018c3e0b63264d449a6d38e22a5fda430846" | |
50 | "748030530ef0461c8ca9d9efbfae8ea6d1d03e2bd193eff0ab9a8002c47428a6" | |
51 | "d35a8d88d79f7f1e3f0203010001a31a301830090603551d1304023000300b06" | |
52 | "03551d0f0404030205a0300d06092a864886f70d01010b05000381810085aad2" | |
53 | "a0e5b9276b908c65f73a7267170618a54c5f8a7b337d2df7a594365417f2eae8" | |
54 | "f8a58c8f8172f9319cf36b7fd6c55b80f21a03015156726096fd335e5e67f2db" | |
55 | "f102702e608ccae6bec1fc63a42a99be5c3eb7107c3c54e9b9eb2bd5203b1c3b", | |
56 | "84e0a8b2f759409ba3eac9d91d402dcc0cc8f8961229ac9187b42b4de100000f" | |
57 | "00008408040080134e22eac57321ab47db6b38b2992cec2dd79bd065a034a9af" | |
58 | "6b9e3d03475e4309e6523ccdf055453fb480804a3a7e996229eb28e734f6702b" | |
59 | "ea2b32149899ac043a4b44468197868da77147ce9f73c0543c4e3fc33e306cac" | |
60 | "8506faa80a959c5f1edccbee76eda1ad7a4fa440de35dcb87e82ec94e8725355" | |
61 | "ce7507713a609e140000207304bb73321f01b71dd94622fae98daf634490d220" | |
62 | "e4c8f3ffa2559911a56e5116" | |
63 | }, | |
64 | { | |
65 | "40ae92071a3a548b26af31e116dfc0ba4549210b17e70da16cfbda9ccdad844d" | |
66 | "94264a9ae65b786b3eaf0de20aa89c6babb448b6f32d07f233584296eefe1931" | |
67 | "6bd979659472ee8567cb01d70b0366cddb3c60eb9e1d789a3691dc254c14de73" | |
68 | "f4f20100504544ce184d44547e124b1f18303b4859f8f2e2b04423d23a866b43" | |
69 | "866374d54af41649d25f4a3ec2cecd5d4e6de1b24953440b46fbb74c1dbec6fb" | |
70 | "b1f16bc21d4aa0e1e936a49c07127e19719bc652a2f0b7f8df4a150b2b3c9e9e" | |
71 | "353d6ed101970ddc611abad0632c6793f9379c9d06846c311fcbd6f85edd569b", | |
72 | "8782c4c5f62294c4611ae60f83230a53aa95e3bcbed204f19a7a1db83c0fbfec" | |
73 | "1edd2c17498fa7b5aa2321248a92592d891e4947df6bcef52f4481797d032ad3" | |
74 | "32046a384abece6454b3e356d7249bfa5696793c7f7d3048dc87fa7409a46918" | |
75 | "87caaf0982c402b902d699f62dc4d5e153f13e8589e4a6206c7f74eb26ddefbb" | |
76 | "92309fb753decfea972dec7de02eda9c6d26acd7be53a8aa20f1a93f082ae6eb" | |
77 | "927a6a1b7bd9153551aedfaf94f61dd4cb9355ad7ab09f615d9f92c21712c732" | |
78 | "c0e7e117797f38cbdc184e3a65e15a89f46cb3624f5fdb8dbbd275f2c8492f8d", | |
79 | "95bdbd8d1dc1b9f21107bd433acbbac247239c073a2f24a4a9f8074f325f277d" | |
80 | "579b6bff0269ff19aed3809a9ddd21dd29c1363c9dc44812dd41d2111f9c2e83" | |
81 | "42046c14133b853262676f15e94de18660e04ae5c0c661ea43559af5842e161c" | |
82 | "83dd29f64508b2ec3e635a2134fc0e1a39d3ecb51dcddfcf8382c88ffe2a7378" | |
83 | "42ad1de7fe505b6c4d1673870f6fc2a0f2f7972acaee368a1599d64ba18798f1" | |
84 | "0333f9779bd5b05f9b084d03dab2f3d80c2eb74ec70c9866ea31c18b491cd597" | |
85 | "aae3e941205fcc38a3a10ce8c0269f02ccc9c51278e25f1a0f0731a9" | |
86 | }, | |
f01675c6 MC |
87 | "d2dd45f87ad87801a85ac38187f9023b", |
88 | "f0a14f808692cef87a3daf70", | |
89 | "0000000000000000" | |
90 | }, | |
91 | { | |
18b3a80a | 92 | /* Client: Finished */ |
f60d68dc MC |
93 | { |
94 | "1400002078367856d3c8cc4e0a95eb98906ca7a48bd3cc7029f48bd4ae0dc91a" | |
95 | "b903ca8916","","" | |
96 | }, | |
97 | { | |
98 | "fa15e92daa21cd05d8f9c3152a61748d9aaf049da559718e583f95aacecad657" | |
99 | "b52a6562da09a5819e864d86ac2989360a1eb22795","","" | |
100 | }, | |
f01675c6 MC |
101 | "40e1201d75d419627f04c88530a15c9d", |
102 | "a0f073f3b35e18f96969696b", | |
103 | "0000000000000000" | |
104 | }, | |
105 | { | |
18b3a80a | 106 | /* Server: NewSessionTicket */ |
f60d68dc MC |
107 | { |
108 | "040000a60002a3004abe594b00924e535321cadc96238da09caf9b02fecafdd6" | |
109 | "5e3e418f03e43772cf512ed8066100503b1c08abbbf298a9d138ce821dd12fe1" | |
110 | "710e2137cd12e6a85cd3fd7f73706e7f5dddefb87c1ef83824638464099c9d13" | |
111 | "63e3c64ed2075c16b8ccd8e524a6bbd7a6a6e34ea1579782b15bbe7dfed5c0c0" | |
112 | "d980fb330f9d8ab252ffe7be1277d418b6828ead4dae3b30d448442417ef76af" | |
113 | "0008002e00040002000016","","" | |
114 | }, | |
115 | { | |
116 | "45a6626fa13b66ce2c5b3ef807e299a118296f26a2dd9ec7487a0673e2460d4c" | |
117 | "79f40087dcd014c59c51379c90d26b4e4f9bb2b78f5b6761594f013ff3e4c78d" | |
118 | "836905229eac811c4ef8b2faa89867e9ffc586f7f03c216591aa5e620eac3c62" | |
119 | "dfe60f846036bd7ecc4464b584af184e9644e94ee1d7834dba408a51cbe42480" | |
120 | "04796ed9c558e0f5f96115a6f6ba487e17d16a2e20a3d3a650a9a070fb53d9da" | |
121 | "82864b5621d77650bd0c7947e9889917b53d0515627c72b0ded521","","" | |
122 | }, | |
f01675c6 MC |
123 | "3381f6b3f94500f16226de440193e858", |
124 | "4f1d73cc1d465eb30021c41f", | |
125 | "0000000000000000" | |
126 | }, | |
127 | { | |
18b3a80a | 128 | /* Client: Application Data */ |
f60d68dc MC |
129 | { |
130 | "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | |
131 | "202122232425262728292a2b2c2d2e2f303117","","" | |
132 | }, | |
133 | { | |
134 | "e306178ad97f74bb64f35eaf3c39846b83aef8472cbc9046749b81a949dfb12c" | |
135 | "fbc65cbabd20ade92c1f944605892ceeb12fdee8a927bce77c83036ac5a794a8" | |
136 | "f54a69","","" | |
137 | }, | |
f01675c6 MC |
138 | "eb23a804904b80ba4fe8399e09b1ce42", |
139 | "efa8c50c06b9c9b8c483e174", | |
140 | "0000000000000000" | |
141 | }, | |
142 | { | |
18b3a80a | 143 | /* Server: Application Data */ |
f60d68dc MC |
144 | { |
145 | "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | |
146 | "202122232425262728292a2b2c2d2e2f303117","","" | |
147 | }, | |
148 | { | |
149 | "467d99a807dbf778e6ffd8be52456c70665f890811ef2f3c495d5bbe983feeda" | |
150 | "b0c251dde596bc7e2b135909ec9f9166fb0152e8c16a84e4b1039256467f9538" | |
151 | "be4463","","" | |
152 | }, | |
f01675c6 MC |
153 | "3381f6b3f94500f16226de440193e858", |
154 | "4f1d73cc1d465eb30021c41f", | |
155 | "0000000000000001" | |
156 | }, | |
157 | { | |
18b3a80a | 158 | /* Client: CloseNotify */ |
f60d68dc MC |
159 | { |
160 | "010015","","" | |
161 | }, | |
162 | { | |
163 | "6bdf60847ba6fb650da36e872adc684a4af2e8","","" | |
164 | }, | |
f01675c6 MC |
165 | "eb23a804904b80ba4fe8399e09b1ce42", |
166 | "efa8c50c06b9c9b8c483e174", | |
167 | "0000000000000001" | |
168 | }, | |
169 | { | |
18b3a80a | 170 | /* Server: CloseNotify */ |
f60d68dc MC |
171 | { |
172 | "010015","","" | |
173 | }, | |
174 | { | |
175 | "621b7cc1962cd8a70109fee68a52efedf87d2e","","" | |
176 | }, | |
f01675c6 MC |
177 | "3381f6b3f94500f16226de440193e858", |
178 | "4f1d73cc1d465eb30021c41f", | |
179 | "0000000000000002" | |
180 | } | |
181 | }; | |
182 | ||
f60d68dc MC |
183 | /* |
184 | * Same thing as OPENSSL_hexstr2buf() but enables us to pass the string in | |
185 | * 3 chunks | |
186 | */ | |
187 | static unsigned char *multihexstr2buf(const char *str[3], size_t *len) | |
188 | { | |
189 | size_t outer, inner, curr = 0; | |
190 | unsigned char *outbuf; | |
191 | size_t totlen = 0; | |
192 | ||
193 | /* Check lengths of all input strings are even */ | |
194 | for (outer = 0; outer < 3; outer++) { | |
195 | totlen += strlen(str[outer]); | |
196 | if ((totlen & 1) != 0) | |
197 | return NULL; | |
198 | } | |
199 | ||
200 | totlen /= 2; | |
201 | outbuf = OPENSSL_malloc(totlen); | |
202 | if (outbuf == NULL) | |
203 | return NULL; | |
204 | ||
205 | for (outer = 0; outer < 3; outer++) { | |
206 | for (inner = 0; str[outer][inner] != 0; inner += 2) { | |
207 | int hi, lo; | |
208 | ||
209 | hi = OPENSSL_hexchar2int(str[outer][inner]); | |
210 | lo = OPENSSL_hexchar2int(str[outer][inner + 1]); | |
211 | ||
212 | if (hi < 0 || lo < 0) { | |
213 | OPENSSL_free(outbuf); | |
214 | return NULL; | |
215 | } | |
216 | outbuf[curr++] = (hi << 4) | lo; | |
217 | } | |
218 | } | |
219 | ||
220 | *len = totlen; | |
221 | return outbuf; | |
222 | } | |
223 | ||
224 | static int load_record(SSL3_RECORD *rec, RECORD_DATA *recd, unsigned char **key, | |
f01675c6 MC |
225 | unsigned char *iv, size_t ivlen, unsigned char *seq) |
226 | { | |
6606d600 | 227 | unsigned char *pt = NULL, *sq = NULL, *ivtmp = NULL; |
f60d68dc | 228 | size_t ptlen; |
f01675c6 | 229 | |
f60d68dc MC |
230 | *key = OPENSSL_hexstr2buf(recd->key, NULL); |
231 | ivtmp = OPENSSL_hexstr2buf(recd->iv, NULL); | |
232 | sq = OPENSSL_hexstr2buf(recd->seq, NULL); | |
233 | pt = multihexstr2buf(recd->plaintext, &ptlen); | |
f01675c6 MC |
234 | |
235 | if (*key == NULL || ivtmp == NULL || sq == NULL || pt == NULL) | |
236 | goto err; | |
237 | ||
238 | rec->data = rec->input = OPENSSL_malloc(ptlen + EVP_GCM_TLS_TAG_LEN); | |
239 | ||
240 | if (rec->data == NULL) | |
241 | goto err; | |
242 | ||
243 | rec->length = ptlen; | |
244 | memcpy(rec->data, pt, ptlen); | |
245 | OPENSSL_free(pt); | |
246 | memcpy(seq, sq, SEQ_NUM_SIZE); | |
247 | OPENSSL_free(sq); | |
248 | memcpy(iv, ivtmp, ivlen); | |
249 | OPENSSL_free(ivtmp); | |
250 | ||
251 | return 1; | |
252 | err: | |
253 | OPENSSL_free(*key); | |
d3ab93e9 | 254 | *key = NULL; |
f01675c6 MC |
255 | OPENSSL_free(ivtmp); |
256 | OPENSSL_free(sq); | |
257 | OPENSSL_free(pt); | |
258 | return 0; | |
259 | } | |
260 | ||
f60d68dc | 261 | static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) |
f01675c6 MC |
262 | { |
263 | int ret = 0; | |
264 | unsigned char *refd; | |
f01675c6 MC |
265 | size_t refdatalen; |
266 | ||
267 | if (enc) | |
f60d68dc | 268 | refd = multihexstr2buf(recd->ciphertext, &refdatalen); |
f01675c6 | 269 | else |
f60d68dc | 270 | refd = multihexstr2buf(recd->plaintext, &refdatalen); |
f01675c6 MC |
271 | |
272 | if (refd == NULL) { | |
f60d68dc | 273 | fprintf(stderr, "Failed to get reference data\n"); |
f01675c6 MC |
274 | goto err; |
275 | } | |
f01675c6 MC |
276 | |
277 | if (rec->length != refdatalen) { | |
f60d68dc | 278 | fprintf(stderr, "Unexpected length\n"); |
f01675c6 MC |
279 | goto err; |
280 | } | |
281 | ||
282 | if (memcmp(rec->data, refd, refdatalen) != 0) { | |
f60d68dc | 283 | fprintf(stderr, "Data does not match\n"); |
f01675c6 MC |
284 | goto err; |
285 | } | |
286 | ||
287 | ret = 1; | |
288 | ||
289 | err: | |
290 | OPENSSL_free(refd); | |
291 | return ret; | |
292 | } | |
6606d600 | 293 | |
18b3a80a MC |
294 | #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") |
295 | ||
f01675c6 MC |
296 | static int test_tls13_encryption(void) |
297 | { | |
298 | SSL_CTX *ctx = NULL; | |
299 | SSL *s = NULL; | |
300 | SSL3_RECORD rec; | |
301 | unsigned char *key = NULL, *iv = NULL, *seq = NULL; | |
302 | const EVP_CIPHER *ciph = EVP_aes_128_gcm(); | |
303 | int ret = 0; | |
304 | size_t ivlen, ctr; | |
305 | ||
306 | rec.data = NULL; | |
307 | ||
308 | ctx = SSL_CTX_new(TLS_method()); | |
309 | if (ctx == NULL) { | |
310 | fprintf(stderr, "Failed creating SSL_CTX\n"); | |
311 | goto err; | |
312 | } | |
313 | ||
314 | s = SSL_new(ctx); | |
315 | if (s == NULL) { | |
316 | fprintf(stderr, "Failed creating SSL\n"); | |
317 | goto err; | |
318 | } | |
319 | ||
320 | s->enc_read_ctx = EVP_CIPHER_CTX_new(); | |
321 | s->enc_write_ctx = EVP_CIPHER_CTX_new(); | |
322 | if (s->enc_read_ctx == NULL || s->enc_write_ctx == NULL) { | |
323 | fprintf(stderr, "Failed creating EVP_CIPHER_CTX\n"); | |
324 | goto err; | |
325 | } | |
326 | ||
18b3a80a MC |
327 | s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); |
328 | if (s->s3->tmp.new_cipher == NULL) { | |
329 | fprintf(stderr, "Failed to find cipher\n"); | |
330 | goto err; | |
331 | } | |
332 | ||
f01675c6 | 333 | for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) { |
6606d600 | 334 | /* Load the record */ |
f01675c6 | 335 | ivlen = EVP_CIPHER_iv_length(ciph); |
f60d68dc | 336 | if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen, |
f01675c6 MC |
337 | RECORD_LAYER_get_read_sequence(&s->rlayer))) { |
338 | fprintf(stderr, "Failed loading key into EVP_CIPHER_CTX\n"); | |
339 | goto err; | |
6606d600 | 340 | } |
f01675c6 | 341 | |
6606d600 | 342 | /* Set up the read/write sequences */ |
f01675c6 MC |
343 | memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), |
344 | RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE); | |
345 | memcpy(s->write_iv, s->read_iv, ivlen); | |
346 | ||
6606d600 | 347 | /* Load the key into the EVP_CIPHER_CTXs */ |
f01675c6 MC |
348 | if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0 |
349 | || EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0) | |
350 | <= 0) { | |
351 | fprintf(stderr, "Failed loading key into EVP_CIPHER_CTX\n"); | |
352 | goto err; | |
353 | } | |
354 | ||
355 | /* Encrypt it */ | |
356 | if (tls13_enc(s, &rec, 1, 1) != 1) { | |
f60d68dc | 357 | fprintf(stderr, "Failed to encrypt record %"OSSLzu"\n", ctr); |
f01675c6 MC |
358 | goto err; |
359 | } | |
f60d68dc MC |
360 | if (!test_record(&rec, &refdata[ctr], 1)) { |
361 | fprintf(stderr, "Record %"OSSLzu" encryption test failed\n", ctr); | |
f01675c6 MC |
362 | goto err; |
363 | } | |
364 | ||
365 | /* Decrypt it */ | |
366 | if (tls13_enc(s, &rec, 1, 0) != 1) { | |
f60d68dc | 367 | fprintf(stderr, "Failed to decrypt record %"OSSLzu"\n", ctr); |
f01675c6 MC |
368 | goto err; |
369 | } | |
f60d68dc MC |
370 | if (!test_record(&rec, &refdata[ctr], 0)) { |
371 | fprintf(stderr, "Record %"OSSLzu" decryption test failed\n", ctr); | |
f01675c6 MC |
372 | goto err; |
373 | } | |
374 | ||
375 | OPENSSL_free(rec.data); | |
376 | OPENSSL_free(key); | |
377 | OPENSSL_free(iv); | |
378 | OPENSSL_free(seq); | |
379 | rec.data = NULL; | |
380 | key = NULL; | |
381 | iv = NULL; | |
382 | seq = NULL; | |
383 | } | |
384 | ||
385 | fprintf(stderr, "PASS: %"OSSLzu" records tested\n", ctr); | |
386 | ret = 1; | |
6606d600 | 387 | |
f01675c6 MC |
388 | err: |
389 | OPENSSL_free(rec.data); | |
390 | OPENSSL_free(key); | |
391 | OPENSSL_free(iv); | |
392 | OPENSSL_free(seq); | |
393 | SSL_free(s); | |
394 | SSL_CTX_free(ctx); | |
f01675c6 MC |
395 | return ret; |
396 | } | |
397 | ||
398 | void register_tests(void) | |
399 | { | |
400 | ADD_TEST(test_tls13_encryption); | |
401 | } |