]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/tls13secretstest.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / test / tls13secretstest.c
1 /*
2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/ssl.h>
11 #include <openssl/evp.h>
12
13 #include "../ssl/ssl_local.h"
14 #include "testutil.h"
15
16 #define IVLEN 12
17 #define KEYLEN 16
18
19 /*
20 * Based on the test vectors available in:
21 * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
22 */
23
24 static unsigned char hs_start_hash[] = {
25 0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
26 0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
27 0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
28 };
29
30 static unsigned char hs_full_hash[] = {
31 0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
32 0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
33 0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
34 };
35
36 static unsigned char early_secret[] = {
37 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
38 0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
39 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
40 };
41
42 static unsigned char ecdhe_secret[] = {
43 0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
44 0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
45 0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
46 };
47
48 static unsigned char handshake_secret[] = {
49 0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
50 0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
51 0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
52 };
53
54 static const char *client_hts_label = "c hs traffic";
55
56 static unsigned char client_hts[] = {
57 0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
58 0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
59 0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
60 };
61
62 static unsigned char client_hts_key[] = {
63 0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
64 0xad, 0x26, 0x49
65 };
66
67 static unsigned char client_hts_iv[] = {
68 0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
69 };
70
71 static const char *server_hts_label = "s hs traffic";
72
73 static unsigned char server_hts[] = {
74 0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
75 0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
76 0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
77 };
78
79 static unsigned char server_hts_key[] = {
80 0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
81 0x11, 0xac, 0x8b
82 };
83
84 static unsigned char server_hts_iv[] = {
85 0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
86 };
87
88 static unsigned char master_secret[] = {
89 0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
90 0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
91 0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
92 };
93
94 static const char *client_ats_label = "c ap traffic";
95
96 static unsigned char client_ats[] = {
97 0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
98 0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
99 0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
100 };
101
102 static unsigned char client_ats_key[] = {
103 0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
104 0xce, 0x5c, 0x87
105 };
106
107 static unsigned char client_ats_iv[] = {
108 0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
109 };
110
111 static const char *server_ats_label = "s ap traffic";
112
113 static unsigned char server_ats[] = {
114 0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
115 0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
116 0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
117 };
118
119 static unsigned char server_ats_key[] = {
120 0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
121 0x4b, 0x9b, 0x7d
122 };
123
124 static unsigned char server_ats_iv[] = {
125 0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
126 };
127
128 /* Mocked out implementations of various functions */
129 int ssl3_digest_cached_records(SSL *s, int keep)
130 {
131 return 1;
132 }
133
134 static int full_hash = 0;
135
136 /* Give a hash of the currently set handshake */
137 int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
138 size_t *hashlen)
139 {
140 if (sizeof(hs_start_hash) > outlen
141 || sizeof(hs_full_hash) != sizeof(hs_start_hash))
142 return 0;
143
144 if (full_hash) {
145 memcpy(out, hs_full_hash, sizeof(hs_full_hash));
146 *hashlen = sizeof(hs_full_hash);
147 } else {
148 memcpy(out, hs_start_hash, sizeof(hs_start_hash));
149 *hashlen = sizeof(hs_start_hash);
150 }
151
152 return 1;
153 }
154
155 const EVP_MD *ssl_handshake_md(SSL *s)
156 {
157 return EVP_sha256();
158 }
159
160 void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
161 {
162 }
163
164 void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
165 {
166 }
167
168 int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
169 const EVP_CIPHER **enc)
170 {
171 return 0;
172 }
173
174 int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s,
175 const EVP_CIPHER **enc, const EVP_MD **md,
176 int *mac_pkey_type, size_t *mac_secret_size,
177 SSL_COMP **comp, int use_etm)
178
179 {
180 return 0;
181 }
182
183 int tls1_alert_code(int code)
184 {
185 return code;
186 }
187
188 int ssl_log_secret(SSL *ssl,
189 const char *label,
190 const uint8_t *secret,
191 size_t secret_len)
192 {
193 return 1;
194 }
195
196 const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
197 {
198 return EVP_sha256();
199 }
200
201 void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
202 int line)
203 {
204 }
205
206 int ossl_statem_export_allowed(SSL *s)
207 {
208 return 1;
209 }
210
211 int ossl_statem_export_early_allowed(SSL *s)
212 {
213 return 1;
214 }
215
216 void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
217 {
218 }
219
220 void ssl_evp_md_free(const EVP_MD *md)
221 {
222 }
223
224 /* End of mocked out code */
225
226 static int test_secret(SSL *s, unsigned char *prk,
227 const unsigned char *label, size_t labellen,
228 const unsigned char *ref_secret,
229 const unsigned char *ref_key, const unsigned char *ref_iv)
230 {
231 size_t hashsize;
232 unsigned char gensecret[EVP_MAX_MD_SIZE];
233 unsigned char hash[EVP_MAX_MD_SIZE];
234 unsigned char key[KEYLEN];
235 unsigned char iv[IVLEN];
236 const EVP_MD *md = ssl_handshake_md(s);
237
238 if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
239 TEST_error("Failed to get hash");
240 return 0;
241 }
242
243 if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
244 gensecret, hashsize, 1)) {
245 TEST_error("Secret generation failed");
246 return 0;
247 }
248
249 if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
250 return 0;
251
252 if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
253 TEST_error("Key generation failed");
254 return 0;
255 }
256
257 if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
258 return 0;
259
260 if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
261 TEST_error("IV generation failed");
262 return 0;
263 }
264
265 if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
266 return 0;
267
268 return 1;
269 }
270
271 static int test_handshake_secrets(void)
272 {
273 SSL_CTX *ctx = NULL;
274 SSL *s = NULL;
275 int ret = 0;
276 size_t hashsize;
277 unsigned char out_master_secret[EVP_MAX_MD_SIZE];
278 size_t master_secret_length;
279
280 ctx = SSL_CTX_new(TLS_method());
281 if (!TEST_ptr(ctx))
282 goto err;
283
284 s = SSL_new(ctx);
285 if (!TEST_ptr(s ))
286 goto err;
287
288 s->session = SSL_SESSION_new();
289 if (!TEST_ptr(s->session))
290 goto err;
291
292 if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
293 (unsigned char *)&s->early_secret))) {
294 TEST_info("Early secret generation failed");
295 goto err;
296 }
297
298 if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
299 early_secret, sizeof(early_secret))) {
300 TEST_info("Early secret does not match");
301 goto err;
302 }
303
304 if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
305 sizeof(ecdhe_secret)))) {
306 TEST_info("Handshake secret generation failed");
307 goto err;
308 }
309
310 if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
311 handshake_secret, sizeof(handshake_secret)))
312 goto err;
313
314 hashsize = EVP_MD_size(ssl_handshake_md(s));
315 if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
316 goto err;
317 if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
318 goto err;
319 if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
320 goto err;
321
322 if (!TEST_true(test_secret(s, s->handshake_secret,
323 (unsigned char *)client_hts_label,
324 strlen(client_hts_label), client_hts,
325 client_hts_key, client_hts_iv))) {
326 TEST_info("Client handshake secret test failed");
327 goto err;
328 }
329
330 if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
331 goto err;
332 if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
333 goto err;
334 if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
335 goto err;
336
337 if (!TEST_true(test_secret(s, s->handshake_secret,
338 (unsigned char *)server_hts_label,
339 strlen(server_hts_label), server_hts,
340 server_hts_key, server_hts_iv))) {
341 TEST_info("Server handshake secret test failed");
342 goto err;
343 }
344
345 /*
346 * Ensure the mocked out ssl_handshake_hash() returns the full handshake
347 * hash.
348 */
349 full_hash = 1;
350
351 if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
352 s->handshake_secret, hashsize,
353 &master_secret_length))) {
354 TEST_info("Master secret generation failed");
355 goto err;
356 }
357
358 if (!TEST_mem_eq(out_master_secret, master_secret_length,
359 master_secret, sizeof(master_secret))) {
360 TEST_info("Master secret does not match");
361 goto err;
362 }
363
364 if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
365 goto err;
366 if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
367 goto err;
368 if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
369 goto err;
370
371 if (!TEST_true(test_secret(s, out_master_secret,
372 (unsigned char *)client_ats_label,
373 strlen(client_ats_label), client_ats,
374 client_ats_key, client_ats_iv))) {
375 TEST_info("Client application data secret test failed");
376 goto err;
377 }
378
379 if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
380 goto err;
381 if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
382 goto err;
383 if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
384 goto err;
385
386 if (!TEST_true(test_secret(s, out_master_secret,
387 (unsigned char *)server_ats_label,
388 strlen(server_ats_label), server_ats,
389 server_ats_key, server_ats_iv))) {
390 TEST_info("Server application data secret test failed");
391 goto err;
392 }
393
394 ret = 1;
395 err:
396 SSL_free(s);
397 SSL_CTX_free(ctx);
398 return ret;
399 }
400
401 int setup_tests(void)
402 {
403 ADD_TEST(test_handshake_secrets);
404 return 1;
405 }
A mirror of the official openssl repository