]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/tls13secretstest.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Copyright year updates
[thirdparty/openssl.git] / test / tls13secretstest.c
1 /*
2 * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/ssl.h>
11 #include <openssl/evp.h>
12
13 #include "../ssl/ssl_local.h"
14 #include "testutil.h"
15
16 #define IVLEN 12
17 #define KEYLEN 16
18
19 /*
20 * Based on the test vectors available in:
21 * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
22 */
23
24 static unsigned char hs_start_hash[] = {
25 0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
26 0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
27 0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
28 };
29
30 static unsigned char hs_full_hash[] = {
31 0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
32 0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
33 0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
34 };
35
36 static unsigned char early_secret[] = {
37 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
38 0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
39 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
40 };
41
42 static unsigned char ecdhe_secret[] = {
43 0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
44 0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
45 0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
46 };
47
48 static unsigned char handshake_secret[] = {
49 0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
50 0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
51 0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
52 };
53
54 static const char *client_hts_label = "c hs traffic";
55
56 static unsigned char client_hts[] = {
57 0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
58 0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
59 0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
60 };
61
62 static unsigned char client_hts_key[] = {
63 0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
64 0xad, 0x26, 0x49
65 };
66
67 static unsigned char client_hts_iv[] = {
68 0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
69 };
70
71 static const char *server_hts_label = "s hs traffic";
72
73 static unsigned char server_hts[] = {
74 0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
75 0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
76 0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
77 };
78
79 static unsigned char server_hts_key[] = {
80 0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
81 0x11, 0xac, 0x8b
82 };
83
84 static unsigned char server_hts_iv[] = {
85 0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
86 };
87
88 static unsigned char master_secret[] = {
89 0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
90 0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
91 0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
92 };
93
94 static const char *client_ats_label = "c ap traffic";
95
96 static unsigned char client_ats[] = {
97 0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
98 0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
99 0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
100 };
101
102 static unsigned char client_ats_key[] = {
103 0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
104 0xce, 0x5c, 0x87
105 };
106
107 static unsigned char client_ats_iv[] = {
108 0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
109 };
110
111 static const char *server_ats_label = "s ap traffic";
112
113 static unsigned char server_ats[] = {
114 0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
115 0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
116 0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
117 };
118
119 static unsigned char server_ats_key[] = {
120 0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
121 0x4b, 0x9b, 0x7d
122 };
123
124 static unsigned char server_ats_iv[] = {
125 0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
126 };
127
128 /* Mocked out implementations of various functions */
129 int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
130 {
131 return 1;
132 }
133
134 static int full_hash = 0;
135
136 /* Give a hash of the currently set handshake */
137 int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen,
138 size_t *hashlen)
139 {
140 if (sizeof(hs_start_hash) > outlen
141 || sizeof(hs_full_hash) != sizeof(hs_start_hash))
142 return 0;
143
144 if (full_hash) {
145 memcpy(out, hs_full_hash, sizeof(hs_full_hash));
146 *hashlen = sizeof(hs_full_hash);
147 } else {
148 memcpy(out, hs_start_hash, sizeof(hs_start_hash));
149 *hashlen = sizeof(hs_start_hash);
150 }
151
152 return 1;
153 }
154
155 const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s)
156 {
157 return EVP_sha256();
158 }
159
160 int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
161 const EVP_CIPHER **enc)
162 {
163 return 0;
164 }
165
166 int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s,
167 const EVP_CIPHER **enc, const EVP_MD **md,
168 int *mac_pkey_type, size_t *mac_secret_size,
169 SSL_COMP **comp, int use_etm)
170
171 {
172 return 0;
173 }
174
175 int tls1_alert_code(int code)
176 {
177 return code;
178 }
179
180 int ssl_log_secret(SSL_CONNECTION *sc,
181 const char *label,
182 const uint8_t *secret,
183 size_t secret_len)
184 {
185 return 1;
186 }
187
188 const EVP_MD *ssl_md(SSL_CTX *ctx, int idx)
189 {
190 return EVP_sha256();
191 }
192
193 void ossl_statem_send_fatal(SSL_CONNECTION *s, int al)
194 {
195 }
196
197 void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
198 const char *fmt, ...)
199 {
200 }
201
202 int ossl_statem_export_allowed(SSL_CONNECTION *s)
203 {
204 return 1;
205 }
206
207 int ossl_statem_export_early_allowed(SSL_CONNECTION *s)
208 {
209 return 1;
210 }
211
212 void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
213 {
214 }
215
216 void ssl_evp_md_free(const EVP_MD *md)
217 {
218 }
219
220 int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
221 int level, unsigned char *secret, size_t secretlen,
222 unsigned char *key, size_t keylen,
223 unsigned char *iv, size_t ivlen,
224 unsigned char *mackey, size_t mackeylen,
225 const EVP_CIPHER *ciph, size_t taglen,
226 int mactype, const EVP_MD *md,
227 const SSL_COMP *comp, const EVP_MD *kdfdigest)
228 {
229 return 0;
230 }
231
232 /* End of mocked out code */
233
234 static int test_secret(SSL_CONNECTION *s, unsigned char *prk,
235 const unsigned char *label, size_t labellen,
236 const unsigned char *ref_secret,
237 const unsigned char *ref_key, const unsigned char *ref_iv)
238 {
239 size_t hashsize;
240 unsigned char gensecret[EVP_MAX_MD_SIZE];
241 unsigned char hash[EVP_MAX_MD_SIZE];
242 unsigned char key[KEYLEN];
243 unsigned char iv[IVLEN];
244 const EVP_MD *md = ssl_handshake_md(s);
245
246 if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
247 TEST_error("Failed to get hash");
248 return 0;
249 }
250
251 if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
252 gensecret, hashsize, 1)) {
253 TEST_error("Secret generation failed");
254 return 0;
255 }
256
257 if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
258 return 0;
259
260 if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
261 TEST_error("Key generation failed");
262 return 0;
263 }
264
265 if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
266 return 0;
267
268 if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
269 TEST_error("IV generation failed");
270 return 0;
271 }
272
273 if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
274 return 0;
275
276 return 1;
277 }
278
279 static int test_handshake_secrets(void)
280 {
281 SSL_CTX *ctx = NULL;
282 SSL *ssl = NULL;
283 SSL_CONNECTION *s;
284 int ret = 0;
285 size_t hashsize;
286 unsigned char out_master_secret[EVP_MAX_MD_SIZE];
287 size_t master_secret_length;
288
289 ctx = SSL_CTX_new(TLS_method());
290 if (!TEST_ptr(ctx))
291 goto err;
292
293 ssl = SSL_new(ctx);
294 if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl)))
295 goto err;
296
297 s->session = SSL_SESSION_new();
298 if (!TEST_ptr(s->session))
299 goto err;
300
301 if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
302 (unsigned char *)&s->early_secret))) {
303 TEST_info("Early secret generation failed");
304 goto err;
305 }
306
307 if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
308 early_secret, sizeof(early_secret))) {
309 TEST_info("Early secret does not match");
310 goto err;
311 }
312
313 if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
314 sizeof(ecdhe_secret)))) {
315 TEST_info("Handshake secret generation failed");
316 goto err;
317 }
318
319 if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
320 handshake_secret, sizeof(handshake_secret)))
321 goto err;
322
323 hashsize = EVP_MD_get_size(ssl_handshake_md(s));
324 if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
325 goto err;
326 if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
327 goto err;
328 if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
329 goto err;
330
331 if (!TEST_true(test_secret(s, s->handshake_secret,
332 (unsigned char *)client_hts_label,
333 strlen(client_hts_label), client_hts,
334 client_hts_key, client_hts_iv))) {
335 TEST_info("Client handshake secret test failed");
336 goto err;
337 }
338
339 if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
340 goto err;
341 if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
342 goto err;
343 if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
344 goto err;
345
346 if (!TEST_true(test_secret(s, s->handshake_secret,
347 (unsigned char *)server_hts_label,
348 strlen(server_hts_label), server_hts,
349 server_hts_key, server_hts_iv))) {
350 TEST_info("Server handshake secret test failed");
351 goto err;
352 }
353
354 /*
355 * Ensure the mocked out ssl_handshake_hash() returns the full handshake
356 * hash.
357 */
358 full_hash = 1;
359
360 if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
361 s->handshake_secret, hashsize,
362 &master_secret_length))) {
363 TEST_info("Master secret generation failed");
364 goto err;
365 }
366
367 if (!TEST_mem_eq(out_master_secret, master_secret_length,
368 master_secret, sizeof(master_secret))) {
369 TEST_info("Master secret does not match");
370 goto err;
371 }
372
373 if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
374 goto err;
375 if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
376 goto err;
377 if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
378 goto err;
379
380 if (!TEST_true(test_secret(s, out_master_secret,
381 (unsigned char *)client_ats_label,
382 strlen(client_ats_label), client_ats,
383 client_ats_key, client_ats_iv))) {
384 TEST_info("Client application data secret test failed");
385 goto err;
386 }
387
388 if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
389 goto err;
390 if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
391 goto err;
392 if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
393 goto err;
394
395 if (!TEST_true(test_secret(s, out_master_secret,
396 (unsigned char *)server_ats_label,
397 strlen(server_ats_label), server_ats,
398 server_ats_key, server_ats_iv))) {
399 TEST_info("Server application data secret test failed");
400 goto err;
401 }
402
403 ret = 1;
404 err:
405 SSL_free(ssl);
406 SSL_CTX_free(ctx);
407 return ret;
408 }
409
410 int setup_tests(void)
411 {
412 ADD_TEST(test_handshake_secrets);
413 return 1;
414 }
A mirror of the official openssl repository