]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/tls13secretstest.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix SSL_check_chain()
[thirdparty/openssl.git] / test / tls13secretstest.c
1 /*
2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/ssl.h>
11 #include <openssl/evp.h>
12
13 #include "../ssl/ssl_locl.h"
14 #include "testutil.h"
15
16 #define IVLEN 12
17 #define KEYLEN 16
18
19 /*
20 * Based on the test vectors available in:
21 * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
22 */
23
24 static unsigned char hs_start_hash[] = {
25 0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
26 0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
27 0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
28 };
29
30 static unsigned char hs_full_hash[] = {
31 0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
32 0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
33 0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
34 };
35
36 static unsigned char early_secret[] = {
37 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
38 0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
39 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
40 };
41
42 static unsigned char ecdhe_secret[] = {
43 0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
44 0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
45 0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
46 };
47
48 static unsigned char handshake_secret[] = {
49 0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
50 0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
51 0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
52 };
53
54 static const char *client_hts_label = "c hs traffic";
55
56 static unsigned char client_hts[] = {
57 0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
58 0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
59 0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
60 };
61
62 static unsigned char client_hts_key[] = {
63 0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
64 0xad, 0x26, 0x49
65 };
66
67 static unsigned char client_hts_iv[] = {
68 0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
69 };
70
71 static const char *server_hts_label = "s hs traffic";
72
73 static unsigned char server_hts[] = {
74 0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
75 0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
76 0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
77 };
78
79 static unsigned char server_hts_key[] = {
80 0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
81 0x11, 0xac, 0x8b
82 };
83
84 static unsigned char server_hts_iv[] = {
85 0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
86 };
87
88 static unsigned char master_secret[] = {
89 0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
90 0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
91 0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
92 };
93
94 static const char *client_ats_label = "c ap traffic";
95
96 static unsigned char client_ats[] = {
97 0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
98 0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
99 0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
100 };
101
102 static unsigned char client_ats_key[] = {
103 0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
104 0xce, 0x5c, 0x87
105 };
106
107 static unsigned char client_ats_iv[] = {
108 0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
109 };
110
111 static const char *server_ats_label = "s ap traffic";
112
113 static unsigned char server_ats[] = {
114 0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
115 0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
116 0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
117 };
118
119 static unsigned char server_ats_key[] = {
120 0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
121 0x4b, 0x9b, 0x7d
122 };
123
124 static unsigned char server_ats_iv[] = {
125 0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
126 };
127
128 /* Mocked out implementations of various functions */
129 int ssl3_digest_cached_records(SSL *s, int keep)
130 {
131 return 1;
132 }
133
134 static int full_hash = 0;
135
136 /* Give a hash of the currently set handshake */
137 int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
138 size_t *hashlen)
139 {
140 if (sizeof(hs_start_hash) > outlen
141 || sizeof(hs_full_hash) != sizeof(hs_start_hash))
142 return 0;
143
144 if (full_hash) {
145 memcpy(out, hs_full_hash, sizeof(hs_full_hash));
146 *hashlen = sizeof(hs_full_hash);
147 } else {
148 memcpy(out, hs_start_hash, sizeof(hs_start_hash));
149 *hashlen = sizeof(hs_start_hash);
150 }
151
152 return 1;
153 }
154
155 const EVP_MD *ssl_handshake_md(SSL *s)
156 {
157 return EVP_sha256();
158 }
159
160 void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
161 {
162 }
163
164 void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
165 {
166 }
167
168 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
169 const EVP_MD **md, int *mac_pkey_type,
170 size_t *mac_secret_size, SSL_COMP **comp, int use_etm)
171
172 {
173 return 0;
174 }
175
176 int tls1_alert_code(int code)
177 {
178 return code;
179 }
180
181 int ssl_log_secret(SSL *ssl,
182 const char *label,
183 const uint8_t *secret,
184 size_t secret_len)
185 {
186 return 1;
187 }
188
189 const EVP_MD *ssl_md(int idx)
190 {
191 return EVP_sha256();
192 }
193
194 void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
195 int line)
196 {
197 }
198
199 int ossl_statem_export_allowed(SSL *s)
200 {
201 return 1;
202 }
203
204 int ossl_statem_export_early_allowed(SSL *s)
205 {
206 return 1;
207 }
208
209 /* End of mocked out code */
210
211 static int test_secret(SSL *s, unsigned char *prk,
212 const unsigned char *label, size_t labellen,
213 const unsigned char *ref_secret,
214 const unsigned char *ref_key, const unsigned char *ref_iv)
215 {
216 size_t hashsize;
217 unsigned char gensecret[EVP_MAX_MD_SIZE];
218 unsigned char hash[EVP_MAX_MD_SIZE];
219 unsigned char key[KEYLEN];
220 unsigned char iv[IVLEN];
221 const EVP_MD *md = ssl_handshake_md(s);
222
223 if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
224 TEST_error("Failed to get hash");
225 return 0;
226 }
227
228 if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
229 gensecret, hashsize, 1)) {
230 TEST_error("Secret generation failed");
231 return 0;
232 }
233
234 if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
235 return 0;
236
237 if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
238 TEST_error("Key generation failed");
239 return 0;
240 }
241
242 if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
243 return 0;
244
245 if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
246 TEST_error("IV generation failed");
247 return 0;
248 }
249
250 if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
251 return 0;
252
253 return 1;
254 }
255
256 static int test_handshake_secrets(void)
257 {
258 SSL_CTX *ctx = NULL;
259 SSL *s = NULL;
260 int ret = 0;
261 size_t hashsize;
262 unsigned char out_master_secret[EVP_MAX_MD_SIZE];
263 size_t master_secret_length;
264
265 ctx = SSL_CTX_new(TLS_method());
266 if (!TEST_ptr(ctx))
267 goto err;
268
269 s = SSL_new(ctx);
270 if (!TEST_ptr(s ))
271 goto err;
272
273 s->session = SSL_SESSION_new();
274 if (!TEST_ptr(s->session))
275 goto err;
276
277 if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
278 (unsigned char *)&s->early_secret))) {
279 TEST_info("Early secret generation failed");
280 goto err;
281 }
282
283 if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
284 early_secret, sizeof(early_secret))) {
285 TEST_info("Early secret does not match");
286 goto err;
287 }
288
289 if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
290 sizeof(ecdhe_secret)))) {
291 TEST_info("Handshake secret generation failed");
292 goto err;
293 }
294
295 if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
296 handshake_secret, sizeof(handshake_secret)))
297 goto err;
298
299 hashsize = EVP_MD_size(ssl_handshake_md(s));
300 if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
301 goto err;
302 if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
303 goto err;
304 if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
305 goto err;
306
307 if (!TEST_true(test_secret(s, s->handshake_secret,
308 (unsigned char *)client_hts_label,
309 strlen(client_hts_label), client_hts,
310 client_hts_key, client_hts_iv))) {
311 TEST_info("Client handshake secret test failed");
312 goto err;
313 }
314
315 if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
316 goto err;
317 if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
318 goto err;
319 if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
320 goto err;
321
322 if (!TEST_true(test_secret(s, s->handshake_secret,
323 (unsigned char *)server_hts_label,
324 strlen(server_hts_label), server_hts,
325 server_hts_key, server_hts_iv))) {
326 TEST_info("Server handshake secret test failed");
327 goto err;
328 }
329
330 /*
331 * Ensure the mocked out ssl_handshake_hash() returns the full handshake
332 * hash.
333 */
334 full_hash = 1;
335
336 if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
337 s->handshake_secret, hashsize,
338 &master_secret_length))) {
339 TEST_info("Master secret generation failed");
340 goto err;
341 }
342
343 if (!TEST_mem_eq(out_master_secret, master_secret_length,
344 master_secret, sizeof(master_secret))) {
345 TEST_info("Master secret does not match");
346 goto err;
347 }
348
349 if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
350 goto err;
351 if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
352 goto err;
353 if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
354 goto err;
355
356 if (!TEST_true(test_secret(s, out_master_secret,
357 (unsigned char *)client_ats_label,
358 strlen(client_ats_label), client_ats,
359 client_ats_key, client_ats_iv))) {
360 TEST_info("Client application data secret test failed");
361 goto err;
362 }
363
364 if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
365 goto err;
366 if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
367 goto err;
368 if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
369 goto err;
370
371 if (!TEST_true(test_secret(s, out_master_secret,
372 (unsigned char *)server_ats_label,
373 strlen(server_ats_label), server_ats,
374 server_ats_key, server_ats_iv))) {
375 TEST_info("Server application data secret test failed");
376 goto err;
377 }
378
379 ret = 1;
380 err:
381 SSL_free(s);
382 SSL_CTX_free(ctx);
383 return ret;
384 }
385
386 int setup_tests(void)
387 {
388 ADD_TEST(test_handshake_secrets);
389 return 1;
390 }
A mirror of the official openssl repository