uint8_t header,
bool request_resend_wkc)
{
- struct buffer buf = alloc_buf(tas->frame.buf.payload_size);
+ /* Copy buffer here to point at the same data but allow tls_wrap_control
+ * to potentially change buf to point to another buffer without
+ * modifying the buffer in tas */
+ struct buffer buf = tas->workbuf;
ASSERT(buf_init(&buf, tas->frame.buf.headroom));
/* Reliable ACK structure */
buf_write_u16(&buf, EARLY_NEG_FLAG_RESEND_WKC);
}
- /* Add tls-auth/tls-crypt wrapping, this might replace buf */
+ /* Add tls-auth/tls-crypt wrapping, this might replace buf with
+ * ctx->work */
tls_wrap_control(ctx, header, &buf, own_sid);
return buf;
static_key, true, key_direction,
"Control Channel Authentication", "tls-auth",
NULL);
+ tas.workbuf = alloc_buf(1600);
return tas;
}
tls_crypt_init_key(&tas.tls_wrap.opt.key_ctx_bi,
&tas.tls_wrap.original_wrap_keydata, static_key,
true, server);
+ tas.workbuf = alloc_buf(1600);
+ tas.tls_wrap.work = alloc_buf(1600);
return tas;
}
+void
+free_tas(struct tls_auth_standalone *tas)
+{
+ /* Not some of these might be null pointers but calling free on null
+ * pointers is a noop */
+ free_key_ctx_bi(&tas->tls_wrap.opt.key_ctx_bi);
+ free_buf(&tas->workbuf);
+ free_buf(&tas->tls_wrap.work);
+}
+
void
test_tls_decrypt_lite_crypt(void **ut_state)
{
struct tls_pre_decrypt_state state = { 0 };
struct tls_auth_standalone tas = init_tas_crypt(true);
-
struct buffer buf = alloc_buf(1024);
/* tls-auth should be invalid */
}
free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
+ free_tas(&tas);
free_buf(&buf);
}
free_tls_pre_decrypt_state(&state);
/* Wrong key direction gives a wrong hmac key and should not validate */
free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
+ free_tas(&tas);
tas = init_tas_auth(KEY_DIRECTION_INVERSE);
buf_reset_len(&buf);
assert_int_equal(verdict, VERDICT_INVALID);
free_tls_pre_decrypt_state(&state);
- free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
+ free_tas(&tas);
free_buf(&buf);
}
free_tls_pre_decrypt_state(&state);
free_buf(&buf);
+ free_tas(&tas);
}
static void
bool valid = check_session_id_hmac(&state, &from.dest, hmac, 30);
assert_false(valid);
- free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
- free_key_ctx(&tas.tls_wrap.tls_crypt_v2_server_key);
free_tls_pre_decrypt_state(&state);
free_buf(&buf);
+ free_tas(&tas);
hmac_ctx_cleanup(hmac);
hmac_ctx_free(hmac);
}
tas.tls_wrap.mode = TLS_WRAP_NONE;
struct frame frame = { {.headroom = 200, .payload_size = 1400}, 0};
tas.frame = frame;
+ tas.workbuf = alloc_buf(1600);
uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT);
struct buffer buf2 = tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id, header, false);
assert_int_equal(BLEN(&buf), BLEN(&buf2));
assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
- free_buf(&buf2);
free_tls_pre_decrypt_state(&state);
- free_buf(&buf);
+ free_buf(&tas.workbuf);
}
static void
assert_int_equal(BLEN(&buf), BLEN(&buf2));
assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
- free_buf(&buf2);
free_tls_pre_decrypt_state(&state);
packet_id_free(&tas_client.tls_wrap.opt.packet_id);
- free_buf(&buf);
- free_key_ctx_bi(&tas_server.tls_wrap.opt.key_ctx_bi);
- free_key_ctx_bi(&tas_client.tls_wrap.opt.key_ctx_bi);
-
+ free_tas(&tas_client);
+ free_tas(&tas_server);
}
int