[thirdparty/openssl.git] / test / tls13secretstest.c

/*
 * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/ssl.h>
#include <openssl/evp.h>

#ifdef __VMS
# pragma names save
# pragma names as_is,shortened
#endif

#include "../ssl/ssl_locl.h"

#ifdef __VMS
# pragma names restore
#endif

#include "testutil.h"

#define IVLEN   12
#define KEYLEN  16

/*
 * Based on the test vectors available in:
 * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
 */

static unsigned char hs_start_hash[] = {
0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
};

static unsigned char hs_full_hash[] = {
0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
};

static unsigned char early_secret[] = {
0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
};

static unsigned char ecdhe_secret[] = {
0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
};

static unsigned char handshake_secret[] = {
0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
};

static const char *client_hts_label = "c hs traffic";

static unsigned char client_hts[] = {
0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
};

static unsigned char client_hts_key[] = {
0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
0xad, 0x26, 0x49
};

static unsigned char client_hts_iv[] = {
0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
};

static const char *server_hts_label = "s hs traffic";

static unsigned char server_hts[] = {
0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
};

static unsigned char server_hts_key[] = {
0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
0x11, 0xac, 0x8b
};

static unsigned char server_hts_iv[] = {
0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
};

static unsigned char master_secret[] = {
0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
};

static const char *client_ats_label = "c ap traffic";

static unsigned char client_ats[] = {
0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
};

static unsigned char client_ats_key[] = {
0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
0xce, 0x5c, 0x87
};

static unsigned char client_ats_iv[] = {
0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
};

static const char *server_ats_label = "s ap traffic";

static unsigned char server_ats[] = {
0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
};

static unsigned char server_ats_key[] = {
0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
0x4b, 0x9b, 0x7d
};

static unsigned char server_ats_iv[] = {
0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
};

/* Mocked out implementations of various functions */
int ssl3_digest_cached_records(SSL *s, int keep)
{
    return 1;
}

static int full_hash = 0;

/* Give a hash of the currently set handshake */
int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
                       size_t *hashlen)
{
    if (sizeof(hs_start_hash) > outlen
            || sizeof(hs_full_hash) != sizeof(hs_start_hash))
        return 0;

    if (full_hash) {
        memcpy(out, hs_full_hash, sizeof(hs_full_hash));
        *hashlen = sizeof(hs_full_hash);
    } else {
        memcpy(out, hs_start_hash, sizeof(hs_start_hash));
        *hashlen = sizeof(hs_start_hash);
    }

    return 1;
}

const EVP_MD *ssl_handshake_md(SSL *s)
{
    return EVP_sha256();
}

void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
{
}

void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
{
}

int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                       const EVP_MD **md, int *mac_pkey_type,
                       size_t *mac_secret_size, SSL_COMP **comp, int use_etm)

{
    return 0;
}

int tls1_alert_code(int code)
{
    return code;
}

int ssl_log_secret(SSL *ssl,
                   const char *label,
                   const uint8_t *secret,
                   size_t secret_len)
{
    return 1;
}

const EVP_MD *ssl_md(int idx)
{
    return EVP_sha256();
}

void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
                           int line)
{
}

int ossl_statem_export_allowed(SSL *s)
{
    return 1;
}

int ossl_statem_export_early_allowed(SSL *s)
{
    return 1;
}

/* End of mocked out code */

static int test_secret(SSL *s, unsigned char *prk,
                       const unsigned char *label, size_t labellen,
                       const unsigned char *ref_secret,
                       const unsigned char *ref_key, const unsigned char *ref_iv)
{
    size_t hashsize;
    unsigned char gensecret[EVP_MAX_MD_SIZE];
    unsigned char hash[EVP_MAX_MD_SIZE];
    unsigned char key[KEYLEN];
    unsigned char iv[IVLEN];
    const EVP_MD *md = ssl_handshake_md(s);

    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
        TEST_error("Failed to get hash");
        return 0;
    }

    if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
                           gensecret, hashsize, 1)) {
        TEST_error("Secret generation failed");
        return 0;
    }

    if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
        return 0;

    if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
        TEST_error("Key generation failed");
        return 0;
    }

    if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
        return 0;

    if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
        TEST_error("IV generation failed");
        return 0;
    }

    if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
        return 0;

    return 1;
}

static int test_handshake_secrets(void)
{
    SSL_CTX *ctx = NULL;
    SSL *s = NULL;
    int ret = 0;
    size_t hashsize;
    unsigned char out_master_secret[EVP_MAX_MD_SIZE];
    size_t master_secret_length;

    ctx = SSL_CTX_new(TLS_method());
    if (!TEST_ptr(ctx))
        goto err;

    s = SSL_new(ctx);
    if (!TEST_ptr(s ))
        goto err;

    s->session = SSL_SESSION_new();
    if (!TEST_ptr(s->session))
        goto err;

    if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
                                         (unsigned char *)&s->early_secret))) {
        TEST_info("Early secret generation failed");
        goto err;
    }

    if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
                     early_secret, sizeof(early_secret))) {
        TEST_info("Early secret does not match");
        goto err;
    }

    if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
                                                   sizeof(ecdhe_secret)))) {
        TEST_info("Handshake secret generation failed");
        goto err;
    }

    if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
                     handshake_secret, sizeof(handshake_secret)))
        goto err;

    hashsize = EVP_MD_size(ssl_handshake_md(s));
    if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, s->handshake_secret,
                               (unsigned char *)client_hts_label,
                               strlen(client_hts_label), client_hts,
                               client_hts_key, client_hts_iv))) {
        TEST_info("Client handshake secret test failed");
        goto err;
    }

    if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, s->handshake_secret,
                               (unsigned char *)server_hts_label,
                               strlen(server_hts_label), server_hts,
                               server_hts_key, server_hts_iv))) {
        TEST_info("Server handshake secret test failed");
        goto err;
    }

    /*
     * Ensure the mocked out ssl_handshake_hash() returns the full handshake
     * hash.
     */
    full_hash = 1;

    if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
                                                s->handshake_secret, hashsize,
                                                &master_secret_length))) {
        TEST_info("Master secret generation failed");
        goto err;
    }

    if (!TEST_mem_eq(out_master_secret, master_secret_length,
                     master_secret, sizeof(master_secret))) {
        TEST_info("Master secret does not match");
        goto err;
    }

    if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, out_master_secret,
                               (unsigned char *)client_ats_label,
                               strlen(client_ats_label), client_ats,
                               client_ats_key, client_ats_iv))) {
        TEST_info("Client application data secret test failed");
        goto err;
    }

    if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, out_master_secret,
                               (unsigned char *)server_ats_label,
                               strlen(server_ats_label), server_ats,
                               server_ats_key, server_ats_iv))) {
        TEST_info("Server application data secret test failed");
        goto err;
    }

    ret = 1;
 err:
    SSL_free(s);
    SSL_CTX_free(ctx);
    return ret;
}

int setup_tests(void)
{
    ADD_TEST(test_handshake_secrets);
    return 1;
}
Commit	Line	Data
134bfe56	1	/*
72a7a702	2	* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
134bfe56 MC	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/ssl.h>
	11	#include <openssl/evp.h>
edd689ef RL	12
	13	#ifdef __VMS
	14	# pragma names save
	15	# pragma names as_is,shortened
	16	#endif
	17
134bfe56 MC	18	#include "../ssl/ssl_locl.h"
134bfe56 MC	19
edd689ef RL	20	#ifdef __VMS
	21	# pragma names restore
	22	#endif
	23
134bfe56 MC	24	#include "testutil.h"
	25
	26	#define IVLEN 12
	27	#define KEYLEN 16
	28
d6ce9da4	29	/*
a5c83db4	30	* Based on the test vectors available in:
3b09585b	31	* https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
134bfe56 MC	32	*/
	33
	34	static unsigned char hs_start_hash[] = {
d6ce9da4 MC	35	0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
	36	0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
	37	0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
134bfe56 MC	38	};
	39
	40	static unsigned char hs_full_hash[] = {
d6ce9da4 MC	41	0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
	42	0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
	43	0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
134bfe56 MC	44	};
	45
	46	static unsigned char early_secret[] = {
	47	0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
	48	0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
	49	0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
	50	};
	51
	52	static unsigned char ecdhe_secret[] = {
d6ce9da4 MC	53	0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
	54	0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
	55	0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
134bfe56 MC	56	};
	57
	58	static unsigned char handshake_secret[] = {
d6ce9da4 MC	59	0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
	60	0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
	61	0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
134bfe56 MC	62	};
134bfe56 MC	63
1f6359db	64	static const char *client_hts_label = "c hs traffic";
134bfe56 MC	65
134bfe56 MC	66	static unsigned char client_hts[] = {
d6ce9da4 MC	67	0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
	68	0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
	69	0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
134bfe56 MC	70	};
	71
	72	static unsigned char client_hts_key[] = {
d6ce9da4 MC	73	0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
d6ce9da4 MC	74	0xad, 0x26, 0x49
134bfe56 MC	75	};
	76
	77	static unsigned char client_hts_iv[] = {
d6ce9da4	78	0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
134bfe56 MC	79	};
134bfe56 MC	80
1f6359db	81	static const char *server_hts_label = "s hs traffic";
134bfe56 MC	82
134bfe56 MC	83	static unsigned char server_hts[] = {
d6ce9da4 MC	84	0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
	85	0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
	86	0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
134bfe56 MC	87	};
	88
	89	static unsigned char server_hts_key[] = {
d6ce9da4 MC	90	0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
d6ce9da4 MC	91	0x11, 0xac, 0x8b
134bfe56 MC	92	};
	93
	94	static unsigned char server_hts_iv[] = {
d6ce9da4	95	0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
134bfe56 MC	96	};
	97
	98	static unsigned char master_secret[] = {
d6ce9da4 MC	99	0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
	100	0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
	101	0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
134bfe56 MC	102	};
134bfe56 MC	103
1f6359db	104	static const char *client_ats_label = "c ap traffic";
134bfe56 MC	105
134bfe56 MC	106	static unsigned char client_ats[] = {
d6ce9da4 MC	107	0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
	108	0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
	109	0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
134bfe56 MC	110	};
	111
	112	static unsigned char client_ats_key[] = {
d6ce9da4 MC	113	0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
d6ce9da4 MC	114	0xce, 0x5c, 0x87
134bfe56 MC	115	};
	116
	117	static unsigned char client_ats_iv[] = {
d6ce9da4	118	0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
134bfe56 MC	119	};
134bfe56 MC	120
1f6359db	121	static const char *server_ats_label = "s ap traffic";
134bfe56 MC	122
134bfe56 MC	123	static unsigned char server_ats[] = {
d6ce9da4 MC	124	0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
	125	0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
	126	0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
134bfe56 MC	127	};
	128
	129	static unsigned char server_ats_key[] = {
d6ce9da4 MC	130	0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
d6ce9da4 MC	131	0x4b, 0x9b, 0x7d
134bfe56 MC	132	};
	133
	134	static unsigned char server_ats_iv[] = {
d6ce9da4	135	0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
134bfe56 MC	136	};
	137
	138	/* Mocked out implementations of various functions */
	139	int ssl3_digest_cached_records(SSL *s, int keep)
	140	{
	141	return 1;
	142	}
	143
	144	static int full_hash = 0;
	145
	146	/* Give a hash of the currently set handshake */
	147	int ssl_handshake_hash(SSL s, unsigned char out, size_t outlen,
	148	size_t *hashlen)
	149	{
	150	if (sizeof(hs_start_hash) > outlen
	151	\|\| sizeof(hs_full_hash) != sizeof(hs_start_hash))
	152	return 0;
	153
	154	if (full_hash) {
	155	memcpy(out, hs_full_hash, sizeof(hs_full_hash));
	156	*hashlen = sizeof(hs_full_hash);
	157	} else {
	158	memcpy(out, hs_start_hash, sizeof(hs_start_hash));
	159	*hashlen = sizeof(hs_start_hash);
	160	}
	161
	162	return 1;
	163	}
	164
	165	const EVP_MD ssl_handshake_md(SSL s)
	166	{
	167	return EVP_sha256();
	168	}
	169
0d9824c1 MC	170	void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
	171	{
	172	}
	173
	174	void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
	175	{
	176	}
	177
92760c21 MC	178	int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
	179	const EVP_MD *md, int mac_pkey_type,
	180	size_t mac_secret_size, SSL_COMP *comp, int use_etm)
	181
	182	{
	183	return 0;
	184	}
	185
04904312 MC	186	int tls1_alert_code(int code)
	187	{
	188	return code;
	189	}
	190
f1a5939f CB	191	int ssl_log_secret(SSL *ssl,
	192	const char *label,
	193	const uint8_t *secret,
	194	size_t secret_len)
	195	{
	196	return 1;
	197	}
	198
d49e23ec MC	199	const EVP_MD *ssl_md(int idx)
	200	{
	201	return EVP_sha256();
	202	}
	203
f63a17d6 MC	204	void ossl_statem_fatal(SSL s, int al, int func, int reason, const char file,
	205	int line)
	206	{
	207	}
	208
1f5878b8 TT	209	int ossl_statem_export_allowed(SSL *s)
	210	{
	211	return 1;
	212	}
	213
b38ede80 TT	214	int ossl_statem_export_early_allowed(SSL *s)
	215	{
	216	return 1;
	217	}
	218
134bfe56 MC	219	/* End of mocked out code */
	220
	221	static int test_secret(SSL s, unsigned char prk,
	222	const unsigned char *label, size_t labellen,
	223	const unsigned char *ref_secret,
	224	const unsigned char ref_key, const unsigned char ref_iv)
	225	{
ace081c1	226	size_t hashsize;
134bfe56	227	unsigned char gensecret[EVP_MAX_MD_SIZE];
ace081c1	228	unsigned char hash[EVP_MAX_MD_SIZE];
134bfe56 MC	229	unsigned char key[KEYLEN];
134bfe56 MC	230	unsigned char iv[IVLEN];
ec15acb6	231	const EVP_MD *md = ssl_handshake_md(s);
134bfe56	232
ace081c1	233	if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
2fae041d	234	TEST_error("Failed to get hash");
ace081c1 MC	235	return 0;
	236	}
	237
a19ae67d	238	if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
db860ea3	239	gensecret, hashsize, 1)) {
2fae041d	240	TEST_error("Secret generation failed");
134bfe56 MC	241	return 0;
	242	}
	243
2fae041d	244	if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
134bfe56	245	return 0;
134bfe56	246
d49e23ec	247	if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
2fae041d	248	TEST_error("Key generation failed");
134bfe56 MC	249	return 0;
	250	}
	251
2fae041d	252	if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
134bfe56	253	return 0;
134bfe56	254
d49e23ec	255	if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
2fae041d	256	TEST_error("IV generation failed");
134bfe56 MC	257	return 0;
	258	}
	259
2fae041d	260	if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
134bfe56	261	return 0;
134bfe56 MC	262
	263	return 1;
	264	}
	265
	266	static int test_handshake_secrets(void)
	267	{
	268	SSL_CTX *ctx = NULL;
	269	SSL *s = NULL;
	270	int ret = 0;
	271	size_t hashsize;
	272	unsigned char out_master_secret[EVP_MAX_MD_SIZE];
	273	size_t master_secret_length;
	274
	275	ctx = SSL_CTX_new(TLS_method());
2fae041d	276	if (!TEST_ptr(ctx))
134bfe56 MC	277	goto err;
	278
	279	s = SSL_new(ctx);
2fae041d	280	if (!TEST_ptr(s ))
134bfe56 MC	281	goto err;
134bfe56 MC	282
ec15acb6	283	s->session = SSL_SESSION_new();
2fae041d	284	if (!TEST_ptr(s->session))
ec15acb6 MC	285	goto err;
ec15acb6 MC	286
2fae041d P	287	if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
	288	(unsigned char *)&s->early_secret))) {
	289	TEST_info("Early secret generation failed");
134bfe56 MC	290	goto err;
	291	}
	292
2fae041d P	293	if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
	294	early_secret, sizeof(early_secret))) {
	295	TEST_info("Early secret does not match");
134bfe56 MC	296	goto err;
	297	}
	298
2fae041d P	299	if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
2fae041d P	300	sizeof(ecdhe_secret)))) {
44e69951	301	TEST_info("Handshake secret generation failed");
134bfe56 MC	302	goto err;
	303	}
	304
2fae041d P	305	if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
2fae041d P	306	handshake_secret, sizeof(handshake_secret)))
134bfe56	307	goto err;
134bfe56 MC	308
134bfe56 MC	309	hashsize = EVP_MD_size(ssl_handshake_md(s));
2fae041d P	310	if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
	311	goto err;
	312	if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
	313	goto err;
	314	if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
134bfe56	315	goto err;
134bfe56	316
2fae041d P	317	if (!TEST_true(test_secret(s, s->handshake_secret,
	318	(unsigned char *)client_hts_label,
	319	strlen(client_hts_label), client_hts,
	320	client_hts_key, client_hts_iv))) {
	321	TEST_info("Client handshake secret test failed");
134bfe56 MC	322	goto err;
	323	}
	324
2fae041d P	325	if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
	326	goto err;
	327	if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
	328	goto err;
	329	if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
134bfe56	330	goto err;
134bfe56	331
2fae041d P	332	if (!TEST_true(test_secret(s, s->handshake_secret,
	333	(unsigned char *)server_hts_label,
	334	strlen(server_hts_label), server_hts,
	335	server_hts_key, server_hts_iv))) {
	336	TEST_info("Server handshake secret test failed");
134bfe56 MC	337	goto err;
	338	}
	339
	340	/*
	341	* Ensure the mocked out ssl_handshake_hash() returns the full handshake
	342	* hash.
	343	*/
	344	full_hash = 1;
	345
2fae041d P	346	if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
	347	s->handshake_secret, hashsize,
	348	&master_secret_length))) {
	349	TEST_info("Master secret generation failed");
134bfe56 MC	350	goto err;
	351	}
	352
2fae041d P	353	if (!TEST_mem_eq(out_master_secret, master_secret_length,
	354	master_secret, sizeof(master_secret))) {
	355	TEST_info("Master secret does not match");
134bfe56 MC	356	goto err;
	357	}
	358
2fae041d P	359	if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
	360	goto err;
	361	if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
	362	goto err;
	363	if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
134bfe56	364	goto err;
134bfe56	365
2fae041d P	366	if (!TEST_true(test_secret(s, out_master_secret,
	367	(unsigned char *)client_ats_label,
	368	strlen(client_ats_label), client_ats,
	369	client_ats_key, client_ats_iv))) {
	370	TEST_info("Client application data secret test failed");
134bfe56 MC	371	goto err;
	372	}
	373
2fae041d P	374	if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
	375	goto err;
	376	if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
	377	goto err;
	378	if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
134bfe56	379	goto err;
134bfe56	380
2fae041d P	381	if (!TEST_true(test_secret(s, out_master_secret,
	382	(unsigned char *)server_ats_label,
	383	strlen(server_ats_label), server_ats,
	384	server_ats_key, server_ats_iv))) {
	385	TEST_info("Server application data secret test failed");
134bfe56 MC	386	goto err;
	387	}
	388
	389	ret = 1;
	390	err:
	391	SSL_free(s);
	392	SSL_CTX_free(ctx);
	393	return ret;
	394	}
	395
3cb7c5cf	396	int setup_tests(void)
134bfe56	397	{
134bfe56	398	ADD_TEST(test_handshake_secrets);
ad887416	399	return 1;
134bfe56	400	}