[thirdparty/openssl.git] / test / tls13secretstest.c

/*
 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/ssl.h>
#include <openssl/evp.h>

#include "../ssl/ssl_locl.h"
#include "testutil.h"

#define IVLEN   12
#define KEYLEN  16

/*
 * Based on the test vectors available in:
 * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
 */

static unsigned char hs_start_hash[] = {
0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
};

static unsigned char hs_full_hash[] = {
0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
};

static unsigned char early_secret[] = {
0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
};

static unsigned char ecdhe_secret[] = {
0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
};

static unsigned char handshake_secret[] = {
0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
};

static const char *client_hts_label = "c hs traffic";

static unsigned char client_hts[] = {
0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
};

static unsigned char client_hts_key[] = {
0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
0xad, 0x26, 0x49
};

static unsigned char client_hts_iv[] = {
0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
};

static const char *server_hts_label = "s hs traffic";

static unsigned char server_hts[] = {
0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
};

static unsigned char server_hts_key[] = {
0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
0x11, 0xac, 0x8b
};

static unsigned char server_hts_iv[] = {
0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
};

static unsigned char master_secret[] = {
0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
};

static const char *client_ats_label = "c ap traffic";

static unsigned char client_ats[] = {
0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
};

static unsigned char client_ats_key[] = {
0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
0xce, 0x5c, 0x87
};

static unsigned char client_ats_iv[] = {
0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
};

static const char *server_ats_label = "s ap traffic";

static unsigned char server_ats[] = {
0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
};

static unsigned char server_ats_key[] = {
0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
0x4b, 0x9b, 0x7d
};

static unsigned char server_ats_iv[] = {
0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
};

/* Mocked out implementations of various functions */
int ssl3_digest_cached_records(SSL *s, int keep)
{
    return 1;
}

static int full_hash = 0;

/* Give a hash of the currently set handshake */
int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
                       size_t *hashlen)
{
    if (sizeof(hs_start_hash) > outlen
            || sizeof(hs_full_hash) != sizeof(hs_start_hash))
        return 0;

    if (full_hash) {
        memcpy(out, hs_full_hash, sizeof(hs_full_hash));
        *hashlen = sizeof(hs_full_hash);
    } else {
        memcpy(out, hs_start_hash, sizeof(hs_start_hash));
        *hashlen = sizeof(hs_start_hash);
    }

    return 1;
}

const EVP_MD *ssl_handshake_md(SSL *s)
{
    return EVP_sha256();
}

void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
{
}

void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
{
}

int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                       const EVP_MD **md, int *mac_pkey_type,
                       size_t *mac_secret_size, SSL_COMP **comp, int use_etm)

{
    return 0;
}

int tls1_alert_code(int code)
{
    return code;
}

int ssl_log_secret(SSL *ssl,
                   const char *label,
                   const uint8_t *secret,
                   size_t secret_len)
{
    return 1;
}

const EVP_MD *ssl_md(int idx)
{
    return EVP_sha256();
}

void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
                           int line)
{
}

int ossl_statem_export_allowed(SSL *s)
{
    return 1;
}

int ossl_statem_export_early_allowed(SSL *s)
{
    return 1;
}

/* End of mocked out code */

static int test_secret(SSL *s, unsigned char *prk,
                       const unsigned char *label, size_t labellen,
                       const unsigned char *ref_secret,
                       const unsigned char *ref_key, const unsigned char *ref_iv)
{
    size_t hashsize;
    unsigned char gensecret[EVP_MAX_MD_SIZE];
    unsigned char hash[EVP_MAX_MD_SIZE];
    unsigned char key[KEYLEN];
    unsigned char iv[IVLEN];
    const EVP_MD *md = ssl_handshake_md(s);

    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
        TEST_error("Failed to get hash");
        return 0;
    }

    if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
                           gensecret, hashsize, 1)) {
        TEST_error("Secret generation failed");
        return 0;
    }

    if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
        return 0;

    if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
        TEST_error("Key generation failed");
        return 0;
    }

    if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
        return 0;

    if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
        TEST_error("IV generation failed");
        return 0;
    }

    if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
        return 0;

    return 1;
}

static int test_handshake_secrets(void)
{
    SSL_CTX *ctx = NULL;
    SSL *s = NULL;
    int ret = 0;
    size_t hashsize;
    unsigned char out_master_secret[EVP_MAX_MD_SIZE];
    size_t master_secret_length;

    ctx = SSL_CTX_new(TLS_method());
    if (!TEST_ptr(ctx))
        goto err;

    s = SSL_new(ctx);
    if (!TEST_ptr(s ))
        goto err;

    s->session = SSL_SESSION_new();
    if (!TEST_ptr(s->session))
        goto err;

    if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
                                         (unsigned char *)&s->early_secret))) {
        TEST_info("Early secret generation failed");
        goto err;
    }

    if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
                     early_secret, sizeof(early_secret))) {
        TEST_info("Early secret does not match");
        goto err;
    }

    if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
                                                   sizeof(ecdhe_secret)))) {
        TEST_info("Handshake secret generation failed");
        goto err;
    }

    if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
                     handshake_secret, sizeof(handshake_secret)))
        goto err;

    hashsize = EVP_MD_size(ssl_handshake_md(s));
    if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, s->handshake_secret,
                               (unsigned char *)client_hts_label,
                               strlen(client_hts_label), client_hts,
                               client_hts_key, client_hts_iv))) {
        TEST_info("Client handshake secret test failed");
        goto err;
    }

    if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, s->handshake_secret,
                               (unsigned char *)server_hts_label,
                               strlen(server_hts_label), server_hts,
                               server_hts_key, server_hts_iv))) {
        TEST_info("Server handshake secret test failed");
        goto err;
    }

    /*
     * Ensure the mocked out ssl_handshake_hash() returns the full handshake
     * hash.
     */
    full_hash = 1;

    if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
                                                s->handshake_secret, hashsize,
                                                &master_secret_length))) {
        TEST_info("Master secret generation failed");
        goto err;
    }

    if (!TEST_mem_eq(out_master_secret, master_secret_length,
                     master_secret, sizeof(master_secret))) {
        TEST_info("Master secret does not match");
        goto err;
    }

    if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, out_master_secret,
                               (unsigned char *)client_ats_label,
                               strlen(client_ats_label), client_ats,
                               client_ats_key, client_ats_iv))) {
        TEST_info("Client application data secret test failed");
        goto err;
    }

    if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
        goto err;
    if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
        goto err;

    if (!TEST_true(test_secret(s, out_master_secret,
                               (unsigned char *)server_ats_label,
                               strlen(server_ats_label), server_ats,
                               server_ats_key, server_ats_iv))) {
        TEST_info("Server application data secret test failed");
        goto err;
    }

    ret = 1;
 err:
    SSL_free(s);
    SSL_CTX_free(ctx);
    return ret;
}

int setup_tests(void)
{
    ADD_TEST(test_handshake_secrets);
    return 1;
}
Commit	Line	Data
134bfe56	1	/*
6738bf14	2	* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
134bfe56	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
134bfe56 MC	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/ssl.h>
	11	#include <openssl/evp.h>
edd689ef	12
134bfe56	13	#include "../ssl/ssl_locl.h"
134bfe56 MC	14	#include "testutil.h"
	15
	16	#define IVLEN 12
	17	#define KEYLEN 16
	18
d6ce9da4	19	/*
c2969ff6	20	* Based on the test vectors available in:
df443918	21	* https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
134bfe56 MC	22	*/
	23
	24	static unsigned char hs_start_hash[] = {
d6ce9da4 MC	25	0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
	26	0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
	27	0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
134bfe56 MC	28	};
	29
	30	static unsigned char hs_full_hash[] = {
d6ce9da4 MC	31	0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
	32	0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
	33	0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
134bfe56 MC	34	};
	35
	36	static unsigned char early_secret[] = {
	37	0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
	38	0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
	39	0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
	40	};
	41
	42	static unsigned char ecdhe_secret[] = {
d6ce9da4 MC	43	0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
	44	0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
	45	0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
134bfe56 MC	46	};
	47
	48	static unsigned char handshake_secret[] = {
d6ce9da4 MC	49	0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
	50	0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
	51	0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
134bfe56 MC	52	};
134bfe56 MC	53
1f6359db	54	static const char *client_hts_label = "c hs traffic";
134bfe56 MC	55
134bfe56 MC	56	static unsigned char client_hts[] = {
d6ce9da4 MC	57	0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
	58	0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
	59	0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
134bfe56 MC	60	};
	61
	62	static unsigned char client_hts_key[] = {
d6ce9da4 MC	63	0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
d6ce9da4 MC	64	0xad, 0x26, 0x49
134bfe56 MC	65	};
	66
	67	static unsigned char client_hts_iv[] = {
d6ce9da4	68	0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
134bfe56 MC	69	};
134bfe56 MC	70
1f6359db	71	static const char *server_hts_label = "s hs traffic";
134bfe56 MC	72
134bfe56 MC	73	static unsigned char server_hts[] = {
d6ce9da4 MC	74	0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
	75	0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
	76	0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
134bfe56 MC	77	};
	78
	79	static unsigned char server_hts_key[] = {
d6ce9da4 MC	80	0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
d6ce9da4 MC	81	0x11, 0xac, 0x8b
134bfe56 MC	82	};
	83
	84	static unsigned char server_hts_iv[] = {
d6ce9da4	85	0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
134bfe56 MC	86	};
	87
	88	static unsigned char master_secret[] = {
d6ce9da4 MC	89	0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
	90	0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
	91	0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
134bfe56 MC	92	};
134bfe56 MC	93
1f6359db	94	static const char *client_ats_label = "c ap traffic";
134bfe56 MC	95
134bfe56 MC	96	static unsigned char client_ats[] = {
d6ce9da4 MC	97	0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
	98	0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
	99	0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
134bfe56 MC	100	};
	101
	102	static unsigned char client_ats_key[] = {
d6ce9da4 MC	103	0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
d6ce9da4 MC	104	0xce, 0x5c, 0x87
134bfe56 MC	105	};
	106
	107	static unsigned char client_ats_iv[] = {
d6ce9da4	108	0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
134bfe56 MC	109	};
134bfe56 MC	110
1f6359db	111	static const char *server_ats_label = "s ap traffic";
134bfe56 MC	112
134bfe56 MC	113	static unsigned char server_ats[] = {
d6ce9da4 MC	114	0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
	115	0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
	116	0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
134bfe56 MC	117	};
	118
	119	static unsigned char server_ats_key[] = {
d6ce9da4 MC	120	0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
d6ce9da4 MC	121	0x4b, 0x9b, 0x7d
134bfe56 MC	122	};
	123
	124	static unsigned char server_ats_iv[] = {
d6ce9da4	125	0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
134bfe56 MC	126	};
	127
	128	/* Mocked out implementations of various functions */
	129	int ssl3_digest_cached_records(SSL *s, int keep)
	130	{
	131	return 1;
	132	}
	133
	134	static int full_hash = 0;
	135
	136	/* Give a hash of the currently set handshake */
	137	int ssl_handshake_hash(SSL s, unsigned char out, size_t outlen,
	138	size_t *hashlen)
	139	{
	140	if (sizeof(hs_start_hash) > outlen
	141	\|\| sizeof(hs_full_hash) != sizeof(hs_start_hash))
	142	return 0;
	143
	144	if (full_hash) {
	145	memcpy(out, hs_full_hash, sizeof(hs_full_hash));
	146	*hashlen = sizeof(hs_full_hash);
	147	} else {
	148	memcpy(out, hs_start_hash, sizeof(hs_start_hash));
	149	*hashlen = sizeof(hs_start_hash);
	150	}
	151
	152	return 1;
	153	}
	154
	155	const EVP_MD ssl_handshake_md(SSL s)
	156	{
	157	return EVP_sha256();
	158	}
	159
0d9824c1 MC	160	void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
	161	{
	162	}
	163
	164	void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
	165	{
	166	}
	167
92760c21 MC	168	int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
	169	const EVP_MD *md, int mac_pkey_type,
	170	size_t mac_secret_size, SSL_COMP *comp, int use_etm)
	171
	172	{
	173	return 0;
	174	}
	175
04904312 MC	176	int tls1_alert_code(int code)
	177	{
	178	return code;
	179	}
	180
f1a5939f CB	181	int ssl_log_secret(SSL *ssl,
	182	const char *label,
	183	const uint8_t *secret,
	184	size_t secret_len)
	185	{
	186	return 1;
	187	}
	188
d49e23ec MC	189	const EVP_MD *ssl_md(int idx)
	190	{
	191	return EVP_sha256();
	192	}
	193
f63a17d6 MC	194	void ossl_statem_fatal(SSL s, int al, int func, int reason, const char file,
	195	int line)
	196	{
	197	}
	198
1f5878b8 TT	199	int ossl_statem_export_allowed(SSL *s)
	200	{
	201	return 1;
	202	}
	203
b38ede80 TT	204	int ossl_statem_export_early_allowed(SSL *s)
	205	{
	206	return 1;
	207	}
	208
134bfe56 MC	209	/* End of mocked out code */
	210
	211	static int test_secret(SSL s, unsigned char prk,
	212	const unsigned char *label, size_t labellen,
	213	const unsigned char *ref_secret,
	214	const unsigned char ref_key, const unsigned char ref_iv)
	215	{
ace081c1	216	size_t hashsize;
134bfe56	217	unsigned char gensecret[EVP_MAX_MD_SIZE];
ace081c1	218	unsigned char hash[EVP_MAX_MD_SIZE];
134bfe56 MC	219	unsigned char key[KEYLEN];
134bfe56 MC	220	unsigned char iv[IVLEN];
ec15acb6	221	const EVP_MD *md = ssl_handshake_md(s);
134bfe56	222
ace081c1	223	if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
2fae041d	224	TEST_error("Failed to get hash");
ace081c1 MC	225	return 0;
	226	}
	227
a19ae67d	228	if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
0fb2815b	229	gensecret, hashsize, 1)) {
2fae041d	230	TEST_error("Secret generation failed");
134bfe56 MC	231	return 0;
	232	}
	233
2fae041d	234	if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
134bfe56	235	return 0;
134bfe56	236
d49e23ec	237	if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
2fae041d	238	TEST_error("Key generation failed");
134bfe56 MC	239	return 0;
	240	}
	241
2fae041d	242	if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
134bfe56	243	return 0;
134bfe56	244
d49e23ec	245	if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
2fae041d	246	TEST_error("IV generation failed");
134bfe56 MC	247	return 0;
	248	}
	249
2fae041d	250	if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
134bfe56	251	return 0;
134bfe56 MC	252
	253	return 1;
	254	}
	255
	256	static int test_handshake_secrets(void)
	257	{
	258	SSL_CTX *ctx = NULL;
	259	SSL *s = NULL;
	260	int ret = 0;
	261	size_t hashsize;
	262	unsigned char out_master_secret[EVP_MAX_MD_SIZE];
	263	size_t master_secret_length;
	264
	265	ctx = SSL_CTX_new(TLS_method());
2fae041d	266	if (!TEST_ptr(ctx))
134bfe56 MC	267	goto err;
	268
	269	s = SSL_new(ctx);
2fae041d	270	if (!TEST_ptr(s ))
134bfe56 MC	271	goto err;
134bfe56 MC	272
ec15acb6	273	s->session = SSL_SESSION_new();
2fae041d	274	if (!TEST_ptr(s->session))
ec15acb6 MC	275	goto err;
ec15acb6 MC	276
2fae041d P	277	if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
	278	(unsigned char *)&s->early_secret))) {
	279	TEST_info("Early secret generation failed");
134bfe56 MC	280	goto err;
	281	}
	282
2fae041d P	283	if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
	284	early_secret, sizeof(early_secret))) {
	285	TEST_info("Early secret does not match");
134bfe56 MC	286	goto err;
	287	}
	288
2fae041d P	289	if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
2fae041d P	290	sizeof(ecdhe_secret)))) {
44e69951	291	TEST_info("Handshake secret generation failed");
134bfe56 MC	292	goto err;
	293	}
	294
2fae041d P	295	if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
2fae041d P	296	handshake_secret, sizeof(handshake_secret)))
134bfe56	297	goto err;
134bfe56 MC	298
134bfe56 MC	299	hashsize = EVP_MD_size(ssl_handshake_md(s));
2fae041d P	300	if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
	301	goto err;
	302	if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
	303	goto err;
	304	if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
134bfe56	305	goto err;
134bfe56	306
2fae041d P	307	if (!TEST_true(test_secret(s, s->handshake_secret,
	308	(unsigned char *)client_hts_label,
	309	strlen(client_hts_label), client_hts,
	310	client_hts_key, client_hts_iv))) {
	311	TEST_info("Client handshake secret test failed");
134bfe56 MC	312	goto err;
	313	}
	314
2fae041d P	315	if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
	316	goto err;
	317	if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
	318	goto err;
	319	if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
134bfe56	320	goto err;
134bfe56	321
2fae041d P	322	if (!TEST_true(test_secret(s, s->handshake_secret,
	323	(unsigned char *)server_hts_label,
	324	strlen(server_hts_label), server_hts,
	325	server_hts_key, server_hts_iv))) {
	326	TEST_info("Server handshake secret test failed");
134bfe56 MC	327	goto err;
	328	}
	329
	330	/*
	331	* Ensure the mocked out ssl_handshake_hash() returns the full handshake
	332	* hash.
	333	*/
	334	full_hash = 1;
	335
2fae041d P	336	if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
	337	s->handshake_secret, hashsize,
	338	&master_secret_length))) {
	339	TEST_info("Master secret generation failed");
134bfe56 MC	340	goto err;
	341	}
	342
2fae041d P	343	if (!TEST_mem_eq(out_master_secret, master_secret_length,
	344	master_secret, sizeof(master_secret))) {
	345	TEST_info("Master secret does not match");
134bfe56 MC	346	goto err;
	347	}
	348
2fae041d P	349	if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
	350	goto err;
	351	if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
	352	goto err;
	353	if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
134bfe56	354	goto err;
134bfe56	355
2fae041d P	356	if (!TEST_true(test_secret(s, out_master_secret,
	357	(unsigned char *)client_ats_label,
	358	strlen(client_ats_label), client_ats,
	359	client_ats_key, client_ats_iv))) {
	360	TEST_info("Client application data secret test failed");
134bfe56 MC	361	goto err;
	362	}
	363
2fae041d P	364	if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
	365	goto err;
	366	if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
	367	goto err;
	368	if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
134bfe56	369	goto err;
134bfe56	370
2fae041d P	371	if (!TEST_true(test_secret(s, out_master_secret,
	372	(unsigned char *)server_ats_label,
	373	strlen(server_ats_label), server_ats,
	374	server_ats_key, server_ats_iv))) {
	375	TEST_info("Server application data secret test failed");
134bfe56 MC	376	goto err;
	377	}
	378
	379	ret = 1;
	380	err:
	381	SSL_free(s);
	382	SSL_CTX_free(ctx);
	383	return ret;
	384	}
	385
3cb7c5cf	386	int setup_tests(void)
134bfe56	387	{
134bfe56	388	ADD_TEST(test_handshake_secrets);
ad887416	389	return 1;
134bfe56	390	}