OpenVPN
test_crypto.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <stdarg.h>
32#include <string.h>
33#include <setjmp.h>
34#include <cmocka.h>
35
36#include "crypto.h"
37#include "crypto_epoch.h"
38#include "options.h"
39#include "ssl_backend.h"
40
41#include "mss.h"
42#include "test_common.h"
43
44
45#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
46#include <openssl/core_names.h>
47#include <openssl/kdf.h>
48#endif
49
50static const char testtext[] = "Dummy text to test PEM encoding";
51
52static void
54{
55 struct gc_arena gc = gc_new();
56 struct buffer src_buf;
57 buf_set_read(&src_buf, (void *)testtext, sizeof(testtext));
58
59 uint8_t dec[sizeof(testtext)];
60 struct buffer dec_buf;
61 buf_set_write(&dec_buf, dec, sizeof(dec));
62
63 struct buffer pem_buf;
64
65 assert_true(crypto_pem_encode("TESTKEYNAME", &pem_buf, &src_buf, &gc));
67
68 /* Wrong key name */
70
71 assert_true(crypto_pem_decode("TESTKEYNAME", &dec_buf, &pem_buf));
74
75 gc_free(&gc);
76}
77
78static void
79test_translate_cipher(const char *ciphername, const char *openvpn_name)
80{
81 bool cipher = cipher_valid(ciphername);
82
83 /* Empty cipher is fine */
84 if (!cipher)
85 {
86 return;
87 }
88
89 const char *kt_name = cipher_kt_name(ciphername);
90
91 assert_string_equal(kt_name, openvpn_name);
92}
93
94static void
95test_cipher_names(const char *ciphername, const char *openvpn_name)
96{
97 struct gc_arena gc = gc_new();
98 /* Go through some variants, if the cipher library accepts these, they
99 * should be normalised to the openvpn name */
100 char *upper = string_alloc(ciphername, &gc);
101 char *lower = string_alloc(ciphername, &gc);
102 char *random_case = string_alloc(ciphername, &gc);
103
104 for (int i = 0; i < strlen(ciphername); i++)
105 {
106 upper[i] = (char)toupper((unsigned char)ciphername[i]);
107 lower[i] = (char)tolower((unsigned char)ciphername[i]);
108 if (rand() & 0x1)
109 {
110 random_case[i] = upper[i];
111 }
112 else
113 {
114 random_case[i] = lower[i];
115 }
116 }
117
118 if (!openvpn_name)
119 {
120 openvpn_name = upper;
121 }
122
123 test_translate_cipher(upper, openvpn_name);
124 test_translate_cipher(lower, openvpn_name);
125 test_translate_cipher(random_case, openvpn_name);
126 test_translate_cipher(ciphername, openvpn_name);
127
128
129 gc_free(&gc);
130}
131
132static void
134{
135 /* Test that a number of ciphers to see that they turn out correctly */
136 test_cipher_names("BF-CBC", NULL);
137 test_cipher_names("BLOWFISH-CBC", "BF-CBC");
138 test_cipher_names("Chacha20-Poly1305", NULL);
139 test_cipher_names("AES-128-GCM", NULL);
140 test_cipher_names("AES-128-CBC", NULL);
141 test_cipher_names("CAMELLIA-128-CFB128", "CAMELLIA-128-CFB");
142 test_cipher_names("id-aes256-GCM", "AES-256-GCM");
143}
144
145
146static const char *ipsumlorem = "Lorem ipsum dolor sit amet, consectetur "
147 "adipisici elit, sed eiusmod tempor incidunt "
148 "ut labore et dolore magna aliqua.";
149
150static void
152{
153 const char *seedstr = "Quis aute iure reprehenderit in voluptate "
154 "velit esse cillum dolore";
155 const unsigned char *seed = (const unsigned char *)seedstr;
156 const size_t seed_len = strlen(seedstr);
157
158
159 const unsigned char *secret = (const unsigned char *)ipsumlorem;
160 size_t secret_len = strlen((const char *)secret);
161
162
163 uint8_t out[32];
164 bool ret = ssl_tls1_PRF(seed, seed_len, secret, secret_len, out, sizeof(out));
165
166#if defined(LIBRESSL_VERSION_NUMBER) || defined(ENABLE_CRYPTO_WOLFSSL)
167 /* No TLS1 PRF support in these libraries */
168 assert_false(ret);
169#else
170 assert_true(ret);
171 uint8_t good_prf[32] = { 0xd9, 0x8c, 0x85, 0x18, 0xc8, 0x5e, 0x94, 0x69, 0x27, 0x91, 0x6a,
172 0xcf, 0xc2, 0xd5, 0x92, 0xfb, 0xb1, 0x56, 0x7e, 0x4b, 0x4b, 0x14,
173 0x59, 0xe6, 0xa9, 0x04, 0xac, 0x2d, 0xda, 0xb7, 0x2d, 0x67 };
174 assert_memory_equal(good_prf, out, sizeof(out));
175#endif
176}
177
178static uint8_t testkey[20] = { 0x0b, 0x00 };
179static uint8_t goodhash[20] = { 0x58, 0xea, 0x5a, 0xf0, 0x42, 0x94, 0xe9, 0x17, 0xed, 0x84,
180 0xb9, 0xf0, 0x83, 0x30, 0x23, 0xae, 0x8b, 0xa7, 0x7e, 0xb8 };
181
182static void
183crypto_test_hmac(void **state)
184{
185 hmac_ctx_t *hmac = hmac_ctx_new();
186
187 assert_int_equal(md_kt_size("SHA1"), 20);
188
189 uint8_t key[20];
190 memcpy(key, testkey, sizeof(key));
191
192 hmac_ctx_init(hmac, key, "SHA1");
193 hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int)strlen(ipsumlorem));
194 hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int)strlen(ipsumlorem));
195
196 uint8_t hash[20];
197 hmac_ctx_final(hmac, hash);
198
199 assert_memory_equal(hash, goodhash, sizeof(hash));
200 memset(hash, 0x00, sizeof(hash));
201
202 /* try again */
203 hmac_ctx_reset(hmac);
204 hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int)strlen(ipsumlorem));
205 hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int)strlen(ipsumlorem));
206 hmac_ctx_final(hmac, hash);
207
208 assert_memory_equal(hash, goodhash, sizeof(hash));
209
210 /* Fill our key with random data to ensure it is not used by hmac anymore */
211 memset(key, 0x55, sizeof(key));
212
213 hmac_ctx_reset(hmac);
214 hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int)strlen(ipsumlorem));
215 hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int)strlen(ipsumlorem));
216 hmac_ctx_final(hmac, hash);
217
218 assert_memory_equal(hash, goodhash, sizeof(hash));
219 hmac_ctx_cleanup(hmac);
220 hmac_ctx_free(hmac);
221}
222
223/* This test is in test_crypto as it calls into the functions that calculate
224 * the crypto overhead */
225static void
227{
228 struct gc_arena gc = gc_new();
229
230 struct frame f = { 0 };
231 struct options o = { 0 };
232 size_t linkmtu;
233
234 /* common defaults */
235 o.ce.tun_mtu = 1400;
236 o.ce.proto = PROTO_UDP;
237
238 /* No crypto at all */
239 o.ciphername = "none";
240 o.authname = "none";
241 linkmtu = calc_options_string_link_mtu(&o, &f);
242 assert_int_equal(linkmtu, 1400);
243
244 /* Static key OCC examples */
245 o.shared_secret_file = "not null";
246
247 /* secret, auth none, cipher none */
248 o.ciphername = "none";
249 o.authname = "none";
250 linkmtu = calc_options_string_link_mtu(&o, &f);
251 assert_int_equal(linkmtu, 1408);
252
253 /* secret, cipher AES-128-CBC, auth none */
254 o.ciphername = "AES-128-CBC";
255 o.authname = "none";
256 linkmtu = calc_options_string_link_mtu(&o, &f);
257 assert_int_equal(linkmtu, 1440);
258
259 /* secret, cipher none, auth SHA256 */
260 o.ciphername = "none";
261 o.authname = "SHA256";
262 linkmtu = calc_options_string_link_mtu(&o, &f);
263 assert_int_equal(linkmtu, 1440);
264
265 /* secret, cipher BF-CBC, auth SHA1 */
266 o.ciphername = "BF-CBC";
267 o.authname = "SHA1";
268 linkmtu = calc_options_string_link_mtu(&o, &f);
269 assert_int_equal(linkmtu, 1444);
270
271 /* secret, cipher BF-CBC, auth SHA1, tcp-client */
273 linkmtu = calc_options_string_link_mtu(&o, &f);
274 assert_int_equal(linkmtu, 1446);
275
276 o.ce.proto = PROTO_UDP;
277
278#if defined(USE_COMP)
280
281 /* secret, comp-lzo yes, cipher BF-CBC, auth SHA1 */
282 linkmtu = calc_options_string_link_mtu(&o, &f);
283 assert_int_equal(linkmtu, 1445);
284
285#if defined(ENABLE_FRAGMENT)
286 /* secret, comp-lzo yes, cipher BF-CBC, auth SHA1, fragment 1200 */
287 o.ce.fragment = 1200;
288 linkmtu = calc_options_string_link_mtu(&o, &f);
289 assert_int_equal(linkmtu, 1449);
290 o.ce.fragment = 0;
291#endif
292
294#endif
295
296 /* TLS mode */
297 o.shared_secret_file = NULL;
298 o.tls_client = true;
299 o.pull = true;
300
301 /* tls client, cipher AES-128-CBC, auth SHA1, tls-auth */
302 o.authname = "SHA1";
303 o.ciphername = "AES-128-CBC";
304 o.tls_auth_file = "dummy";
305
306 linkmtu = calc_options_string_link_mtu(&o, &f);
307 assert_int_equal(linkmtu, 1457);
308
309 /* tls client, cipher AES-128-CBC, auth SHA1 */
310 o.tls_auth_file = NULL;
311
312 linkmtu = calc_options_string_link_mtu(&o, &f);
313 assert_int_equal(linkmtu, 1457);
314
315 /* tls client, cipher none, auth none */
316 o.authname = "none";
317 o.ciphername = "none";
318
319 linkmtu = calc_options_string_link_mtu(&o, &f);
320 assert_int_equal(linkmtu, 1405);
321
322 /* tls client, auth SHA1, cipher AES-256-GCM */
323 o.authname = "SHA1";
324 o.ciphername = "AES-256-GCM";
325 linkmtu = calc_options_string_link_mtu(&o, &f);
326 assert_int_equal(linkmtu, 1449);
327
328
329#if defined(USE_COMP) && defined(ENABLE_FRAGMENT)
331
332 /* tls client, auth SHA1, cipher AES-256-GCM, fragment, comp-lzo yes */
333 o.ce.fragment = 1200;
334 linkmtu = calc_options_string_link_mtu(&o, &f);
335 assert_int_equal(linkmtu, 1454);
336
337 /* tls client, auth SHA1, cipher AES-256-GCM, fragment, comp-lzo yes, socks */
338 o.ce.socks_proxy_server = "socks.example.com";
339 linkmtu = calc_options_string_link_mtu(&o, &f);
340 assert_int_equal(linkmtu, 1464);
341#endif
342
343 gc_free(&gc);
344}
345
346static void
348{
349 struct gc_arena gc = gc_new();
350
351 struct frame f = { 0 };
352 struct options o = { 0 };
353
354 /* common defaults */
355 o.ce.tun_mtu = 1400;
356 o.ce.mssfix = 1000;
357 o.ce.proto = PROTO_UDP;
358
359 /* No crypto at all */
360 o.ciphername = "none";
361 o.authname = "none";
362 struct key_type kt;
363 init_key_type(&kt, o.ciphername, o.authname, false, false);
364
365 /* No encryption, just packet id (8) + TCP payload(20) + IP payload(20) */
366 frame_calculate_dynamic(&f, &kt, &o, NULL);
367 assert_int_equal(f.mss_fix, 952);
368
369 /* Static key OCC examples */
370 o.shared_secret_file = "not null";
371
372 /* secret, auth none, cipher none */
373 o.ciphername = "none";
374 o.authname = "none";
375 init_key_type(&kt, o.ciphername, o.authname, false, false);
376 frame_calculate_dynamic(&f, &kt, &o, NULL);
377 assert_int_equal(f.mss_fix, 952);
378
379 /* secret, cipher AES-128-CBC, auth none */
380 o.ciphername = "AES-128-CBC";
381 o.authname = "none";
382 init_key_type(&kt, o.ciphername, o.authname, false, false);
383
384 for (int i = 990; i <= 1010; i++)
385 {
386 /* 992 - 1008 should end up with the same mssfix value all they
387 * all result in the same CBC block size/padding and <= 991 and >=1008
388 * should be one block less and more respectively */
389 o.ce.mssfix = i;
390 frame_calculate_dynamic(&f, &kt, &o, NULL);
391 if (i <= 991)
392 {
393 assert_int_equal(f.mss_fix, 911);
394 }
395 else if (i >= 1008)
396 {
397 assert_int_equal(f.mss_fix, 943);
398 }
399 else
400 {
401 assert_int_equal(f.mss_fix, 927);
402 }
403 }
404#ifdef USE_COMP
406
407 /* Same but with compression added. Compression adds one byte extra to the
408 * payload so the payload should be reduced by compared to the no
409 * compression calculation before */
410 for (int i = 990; i <= 1010; i++)
411 {
412 /* 992 - 1008 should end up with the same mssfix value all they
413 * all result in the same CBC block size/padding and <= 991 and >=1008
414 * should be one block less and more respectively */
415 o.ce.mssfix = i;
416 frame_calculate_dynamic(&f, &kt, &o, NULL);
417 if (i <= 991)
418 {
419 assert_int_equal(f.mss_fix, 910);
420 }
421 else if (i >= 1008)
422 {
423 assert_int_equal(f.mss_fix, 942);
424 }
425 else
426 {
427 assert_int_equal(f.mss_fix, 926);
428 }
429 }
431#endif /* ifdef USE_COMP */
432
433 /* tls client, auth SHA1, cipher AES-256-GCM */
434 o.authname = "SHA1";
435 o.ciphername = "AES-256-GCM";
436 o.tls_client = true;
437 o.peer_id = 77;
438 o.use_peer_id = true;
439 init_key_type(&kt, o.ciphername, o.authname, true, false);
440
441 for (int i = 900; i <= 1200; i++)
442 {
443 /* For stream ciphers, the value should not be influenced by block
444 * sizes or similar but always have the same difference */
445 o.ce.mssfix = i;
446 frame_calculate_dynamic(&f, &kt, &o, NULL);
447
448 /* 4 byte opcode/peerid, 4 byte pkt ID, 16 byte tag, 40 TCP+IP */
449 assert_int_equal(f.mss_fix, i - 4 - 4 - 16 - 40);
450 }
451
452 gc_free(&gc);
453}
454
455void
457{
458 /* if ChaCha20-Poly1305 is not supported by the crypto library or in the
459 * current mode (FIPS), this will still return -1 */
460 assert_int_equal(cipher_get_aead_limits("CHACHA20-POLY1305"), 0);
461
462 int64_t aeslimit = cipher_get_aead_limits("AES-128-GCM");
463
464 assert_int_equal(aeslimit, (1ull << 36) - 1);
465
466 /* Check if this matches our exception for 1600 size packets assuming
467 * AEAD_LIMIT_BLOCKSIZE (128 bits/ 16 bytes). Gives us 100 blocks
468 * + 1 for the packet */
469 int64_t L = 101;
470 /* 2 ^ 29.34, using the result here to avoid linking to libm */
471 assert_int_equal(aeslimit / L, 680390858);
472
473 /* and for 9000, 2^26.86 */
474 L = 563;
475 assert_int_equal(aeslimit / L, 122059461);
476}
477
478void
480{
481 /* RFC 5889 A.1 Test Case 1 */
482 uint8_t prk[32] = { 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, 0x3f,
483 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f,
484 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 };
485
486 uint8_t info[10] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 };
487
488 uint8_t okm[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f,
489 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a,
490 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34,
491 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65 };
492
493 uint8_t out[42];
494 ovpn_hkdf_expand(prk, info, sizeof(info), out, sizeof(out));
495
496 assert_memory_equal(out, okm, sizeof(out));
497}
498
499void
501{
502 /* RFC 5889 A.2 Test Case 2 */
503 uint8_t prk[32] = { 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, 0x06, 0x10, 0x4c,
504 0x9c, 0xeb, 0x35, 0xb4, 0x5c, 0xef, 0x76, 0x00, 0x14, 0x90, 0x46,
505 0x71, 0x01, 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44 };
506
507 uint8_t info[80] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb,
508 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
509 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3,
510 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
511 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb,
512 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
513 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff };
514
515 const int L = 82;
516 uint8_t okm[82] = { 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, 0xf7, 0x8c,
517 0x59, 0x6a, 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
518 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, 0x5a, 0x99,
519 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
520 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 0x36, 0x77, 0x93, 0xa9,
521 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
522 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87 };
523
524 uint8_t out[82] = { 0xaa };
525 ovpn_hkdf_expand(prk, info, sizeof(info), out, L);
526
527 assert_memory_equal(out, okm, L);
528}
529
530void
532{
533 /* RFC 5889 A.3 Test Case 3 */
534 uint8_t prk[32] = { 0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16, 0x7f, 0x33, 0xa9,
535 0x1d, 0x6f, 0x64, 0x8b, 0xdf, 0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb,
536 0x63, 0x77, 0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04 };
537
538 uint8_t info[] = {};
539
540 int L = 42;
541 uint8_t okm[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80,
542 0x2a, 0x06, 0x3c, 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1,
543 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, 0x9d,
544 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8 };
545
546 uint8_t out[42];
547 ovpn_hkdf_expand(prk, info, 0, out, L);
548
549 assert_memory_equal(out, okm, L);
550}
551
552void
554{
555 /* tests the HDKF with a label/okm that OpenVPN itself uses in OpenSSL 3
556 * HDKF unit test*/
557
558 uint8_t prk[32] = { 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, 0x3f,
559 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f,
560 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 };
561
562 uint8_t info[18] = { 0x00, 0x1b, 0x0e, 0x6f, 0x76, 0x70, 0x6e, 0x20, 0x75,
563 0x6e, 0x69, 0x74, 0x20, 0x74, 0x65, 0x73, 0x74, 0x00 };
564
565 int L = 27;
566 uint8_t okm[27] = { 0x87, 0x5a, 0x8e, 0xec, 0x18, 0x55, 0x63, 0x80, 0xb8,
567 0xd9, 0x33, 0xed, 0x32, 0x3c, 0x2d, 0xf8, 0xe8, 0xec,
568 0xcf, 0x49, 0x72, 0xe6, 0x83, 0xf0, 0x6a, 0x83, 0xac };
569
570 uint8_t out[27];
571 ovpn_hkdf_expand(prk, info, sizeof(info), out, L);
572
573 assert_memory_equal(out, okm, L);
574}
575
576void
578{
579 uint8_t secret[32] = { 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, 0x3f,
580 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f,
581 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 };
582
583 const uint8_t *label = (const uint8_t *)("unit test");
584 uint8_t out[16];
585 ovpn_expand_label(secret, sizeof(secret), label, 9, NULL, 0, out, sizeof(out));
586
587 uint8_t out_expected[16] = { 0x18, 0x5e, 0xaa, 0x1c, 0x7f, 0x22, 0x8a, 0xb8,
588 0xeb, 0x29, 0x77, 0x32, 0x14, 0xd9, 0x20, 0x46 };
589
590 assert_memory_equal(out, out_expected, 16);
591}
592
593#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
594/* We have OpenSSL 3.0+, we test if their implementation matches our
595 * implementation. We currently do not use this code from the crypto library
596 * in the main code yet as we don't want to repeat the mess that the current
597 * openvpn_PRF ifdef maze */
598
599bool
600ossl_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len,
601 const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
602{
603 OSSL_LIB_CTX *libctx = NULL;
604 const char *properties = NULL;
605
606 const uint8_t *label_prefix = (const uint8_t *)("ovpn ");
607 const size_t label_prefix_len = 5;
608
609 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_TLS1_3_KDF, properties);
610 assert_non_null(kdf);
611
612 const char *mdname = "SHA-256";
613
614 size_t hashlen = SHA256_DIGEST_LENGTH;
615
616 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
617 assert_non_null(kctx);
618
619 OSSL_PARAM params[7];
620 OSSL_PARAM *p = params;
621
622 int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
623
624 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
625 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0);
626 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (unsigned char *)secret, hashlen);
627 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, (unsigned char *)label_prefix,
628 label_prefix_len);
629 *p++ =
630 OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, (unsigned char *)label, label_len);
631
632 *p++ = OSSL_PARAM_construct_end();
633
634 int ret = EVP_KDF_derive(kctx, out, out_len, params);
635 EVP_KDF_CTX_free(kctx);
636 EVP_KDF_free(kdf);
637
638 assert_int_equal(ret, 1);
639 return true;
640}
641
642void
644{
645 uint8_t secret[32] = { 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, 0x3f,
646 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f,
647 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 };
648
649 const uint8_t *label = (const uint8_t *)("unit test");
650 const size_t labellen = 9;
651 uint8_t out[27];
652
653 ossl_expand_label(secret, sizeof(secret), label, labellen, NULL, 0, out, sizeof(out));
654
655 /* Do the same derivation with our own function */
656 uint8_t out_ovpn[27];
657
658 ovpn_expand_label(secret, sizeof(secret), label, 9, NULL, 0, out_ovpn, sizeof(out_ovpn));
659 assert_memory_equal(out_ovpn, out, sizeof(out_ovpn));
660}
661
662#else /* if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L */
663void
665{
666 skip();
667}
668#endif /* if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L */
669
671{
672 struct key_type kt;
673 struct gc_arena gc;
675};
676
677static int
679{
680 int *num_future_keys = (int *)*state;
681 struct epoch_test_state *data = calloc(1, sizeof(struct epoch_test_state));
682
683 data->gc = gc_new();
684
685 init_key_type(&data->kt, "AES-128-GCM", "none", true, false);
686
687 /* have an epoch key that uses 0x23 for the key for all bytes */
688 struct epoch_key epoch1send = { .epoch = 1, .epoch_key = { 0x23 } };
689 struct epoch_key epoch1recv = { .epoch = 1, .epoch_key = { 0x27 } };
690
691 epoch_init_key_ctx(&data->co, &data->kt, &epoch1send, &epoch1recv, *num_future_keys);
692
693 *state = data;
694 return 0;
695}
696
697static int
699{
700 struct epoch_test_state *data = *state;
701 free_epoch_key_ctx(&data->co);
703 gc_free(&data->gc);
704 free(*state);
705 return 0;
706}
707
708void
710{
711 struct epoch_test_state *data = *state;
712 struct crypto_options *co = &data->co;
713
714 /* check the keys look like expect */
715 assert_int_equal(co->epoch_data_keys_future[0].epoch, 2);
716 assert_int_equal(co->epoch_data_keys_future[15].epoch, 17);
717 assert_int_equal(co->epoch_key_send.epoch, 1);
718 assert_int_equal(co->epoch_key_recv.epoch, 17);
719
720 /* Now replace the recv key with the 6th future key (epoch = 8) */
722 assert_int_equal(co->epoch_data_keys_future[6].epoch, 8);
725
727 assert_int_equal(co->epoch_data_keys_future[0].epoch, 9);
728 assert_int_equal(co->epoch_data_keys_future[15].epoch, 24);
729}
730
731
732void
734{
735 struct epoch_test_state *data = *state;
736 struct crypto_options *co = &data->co;
737
738 /* should replace send + key recv */
740
741 assert_int_equal(co->key_ctx_bi.decrypt.epoch, 9);
742 assert_int_equal(co->key_ctx_bi.encrypt.epoch, 9);
743 assert_int_equal(co->epoch_key_send.epoch, 9);
744 assert_int_equal(co->epoch_retiring_data_receive_key.epoch, 1);
745
746 /* Iterate the data send key four times to get it to 13 */
747 for (int i = 0; i < 4; i++)
748 {
750 }
751 assert_int_equal(co->key_ctx_bi.encrypt.epoch, 13);
752
754 assert_int_equal(co->key_ctx_bi.decrypt.epoch, 10);
755 assert_int_equal(co->key_ctx_bi.encrypt.epoch, 13);
756 assert_int_equal(co->epoch_key_send.epoch, 13);
757 assert_int_equal(co->epoch_retiring_data_receive_key.epoch, 9);
758
760 assert_int_equal(co->key_ctx_bi.decrypt.epoch, 12);
761 assert_int_equal(co->key_ctx_bi.encrypt.epoch, 13);
762 assert_int_equal(co->epoch_key_send.epoch, 13);
763 assert_int_equal(co->epoch_retiring_data_receive_key.epoch, 10);
764
766 assert_int_equal(co->key_ctx_bi.encrypt.epoch, 14);
767}
768
769void
771{
772 struct epoch_test_state *data = *state;
773 struct crypto_options *co = &data->co;
774
775 /* lookup some wacky things that should fail */
776 assert_null(epoch_lookup_decrypt_key(co, 2000));
777 assert_null(epoch_lookup_decrypt_key(co, -1));
778 assert_null(epoch_lookup_decrypt_key(co, 0xefff));
779
780 /* Lookup the edges of the current window */
781 assert_null(epoch_lookup_decrypt_key(co, 0));
782 assert_int_equal(co->epoch_retiring_data_receive_key.epoch, 0);
783 assert_int_equal(epoch_lookup_decrypt_key(co, 1)->epoch, 1);
784 assert_int_equal(epoch_lookup_decrypt_key(co, 2)->epoch, 2);
785 assert_int_equal(epoch_lookup_decrypt_key(co, 13)->epoch, 13);
786 assert_int_equal(epoch_lookup_decrypt_key(co, 14)->epoch, 14);
787 assert_null(epoch_lookup_decrypt_key(co, 15));
788
789 /* Should move 1 to retiring key but leave 2-6 undefined, 7 as
790 * active and 8-20 as future keys*/
792
793 assert_null(epoch_lookup_decrypt_key(co, 0));
794 assert_int_equal(epoch_lookup_decrypt_key(co, 1)->epoch, 1);
795 assert_ptr_equal(epoch_lookup_decrypt_key(co, 1), &co->epoch_retiring_data_receive_key);
796
797 assert_null(epoch_lookup_decrypt_key(co, 2));
798 assert_null(epoch_lookup_decrypt_key(co, 3));
799 assert_null(epoch_lookup_decrypt_key(co, 4));
800 assert_null(epoch_lookup_decrypt_key(co, 5));
801 assert_null(epoch_lookup_decrypt_key(co, 6));
802 assert_int_equal(epoch_lookup_decrypt_key(co, 7)->epoch, 7);
803 assert_int_equal(epoch_lookup_decrypt_key(co, 8)->epoch, 8);
804 assert_int_equal(epoch_lookup_decrypt_key(co, 20)->epoch, 20);
805 assert_null(epoch_lookup_decrypt_key(co, 21));
806 assert_null(epoch_lookup_decrypt_key(co, 22));
807
808
809 /* Should move 7 to retiring key and have 8 as active key and
810 * 9-21 as future keys */
812 assert_null(epoch_lookup_decrypt_key(co, 0));
813 assert_null(epoch_lookup_decrypt_key(co, 1));
814 assert_null(epoch_lookup_decrypt_key(co, 2));
815 assert_null(epoch_lookup_decrypt_key(co, 3));
816 assert_null(epoch_lookup_decrypt_key(co, 4));
817 assert_null(epoch_lookup_decrypt_key(co, 5));
818 assert_null(epoch_lookup_decrypt_key(co, 6));
819 assert_int_equal(epoch_lookup_decrypt_key(co, 7)->epoch, 7);
820 assert_ptr_equal(epoch_lookup_decrypt_key(co, 7), &co->epoch_retiring_data_receive_key);
821 assert_int_equal(epoch_lookup_decrypt_key(co, 8)->epoch, 8);
822 assert_int_equal(epoch_lookup_decrypt_key(co, 20)->epoch, 20);
823 assert_int_equal(epoch_lookup_decrypt_key(co, 21)->epoch, 21);
824 assert_null(epoch_lookup_decrypt_key(co, 22));
825 assert_null(epoch_lookup_decrypt_key(co, 23));
826}
827
828void
830{
831 struct epoch_test_state *data = *state;
832 struct crypto_options *co = &data->co;
833
834 /* Modify the receive epoch and keys to have a very high epoch to test
835 * the end of array. Iterating through all 65k keys takes a 2-3s, so we
836 * avoid this for the unit test */
837 co->key_ctx_bi.decrypt.epoch = 65500;
838 co->key_ctx_bi.encrypt.epoch = 65500;
839
840 co->epoch_key_send.epoch = 65500;
842
843 for (uint16_t i = 0; i < co->epoch_data_keys_future_count; i++)
844 {
845 co->epoch_data_keys_future[i].epoch = 65501 + i;
846 }
847
848 /* Move the last few keys until we are close to the limit */
849 while (co->key_ctx_bi.decrypt.epoch < (UINT16_MAX - 40))
850 {
852 }
853
854 /* Looking up this key should still work as it will not break the limit
855 * when generating keys */
856 assert_int_equal(epoch_lookup_decrypt_key(co, UINT16_MAX - 34)->epoch, UINT16_MAX - 34);
857 assert_int_equal(epoch_lookup_decrypt_key(co, UINT16_MAX - 33)->epoch, UINT16_MAX - 33);
858
859 /* This key is no longer eligible for decrypting as the 32 future keys
860 * would be larger than uint16_t maximum */
861 assert_int_equal(co->epoch_data_keys_future_count, 32);
862 assert_null(epoch_lookup_decrypt_key(co, UINT16_MAX - co->epoch_data_keys_future_count));
863 assert_null(epoch_lookup_decrypt_key(co, UINT16_MAX));
864
865 /* Check that moving to the last possible epoch works */
866 epoch_replace_update_recv_key(co, UINT16_MAX - 33);
867 assert_int_equal(epoch_lookup_decrypt_key(co, UINT16_MAX - 33)->epoch, UINT16_MAX - 33);
868 assert_null(epoch_lookup_decrypt_key(co, UINT16_MAX - 32));
869 assert_null(epoch_lookup_decrypt_key(co, UINT16_MAX));
870}
871
872void
874{
875 struct epoch_key e17 = { .epoch = 17, .epoch_key = { 19, 12 } };
876 struct key_type kt = { 0 };
877 struct key_parameters key_parameters = { 0 };
878 init_key_type(&kt, "AES-192-GCM", "none", true, false);
879
880
882
883 assert_int_equal(key_parameters.cipher_size, 24);
884 assert_int_equal(key_parameters.hmac_size, 12);
885
886 uint8_t exp_cipherkey[24] = { 0xed, 0x85, 0x33, 0xdb, 0x1c, 0x28, 0xac, 0xe4,
887 0x18, 0xe9, 0x00, 0x6a, 0xb2, 0x9c, 0x17, 0x41,
888 0x7d, 0x60, 0xeb, 0xe6, 0xcd, 0x90, 0xbf, 0x0a };
889
890 uint8_t exp_impl_iv[12] = { 0x86, 0x89, 0x0a, 0xab, 0xf0, 0x32,
891 0xcb, 0x59, 0xf4, 0xcf, 0xa3, 0x4e };
892
893 assert_memory_equal(key_parameters.cipher, exp_cipherkey, sizeof(exp_cipherkey));
894 assert_memory_equal(key_parameters.hmac, exp_impl_iv, sizeof(exp_impl_iv));
895}
896
897int
898main(void)
899{
900 int prestate_num13 = 13;
901 int prestate_num16 = 16;
902 int prestate_num32 = 32;
903
905 const struct CMUnitTest tests[] = {
906 cmocka_unit_test(crypto_pem_encode_decode_loopback),
907 cmocka_unit_test(crypto_translate_cipher_names),
908 cmocka_unit_test(crypto_test_tls_prf),
909 cmocka_unit_test(crypto_test_hmac),
910 cmocka_unit_test(test_occ_mtu_calculation),
911 cmocka_unit_test(test_mssfix_mtu_calculation),
912 cmocka_unit_test(crypto_test_aead_limits),
913 cmocka_unit_test(crypto_test_hkdf_expand_testa1),
914 cmocka_unit_test(crypto_test_hkdf_expand_testa2),
915 cmocka_unit_test(crypto_test_hkdf_expand_testa3),
916 cmocka_unit_test(crypto_test_hkdf_expand_test_ovpn),
917 cmocka_unit_test(crypto_test_ovpn_label_expand),
918 cmocka_unit_test(crypto_test_ovpn_expand_openssl3),
919 cmocka_unit_test_prestate_setup_teardown(crypto_test_epoch_key_generation,
921 crypto_test_epoch_teardown, &prestate_num16),
922 cmocka_unit_test_prestate_setup_teardown(crypto_test_epoch_key_rotation,
924 crypto_test_epoch_teardown, &prestate_num13),
925 cmocka_unit_test_prestate_setup_teardown(crypto_test_epoch_key_receive_lookup,
927 crypto_test_epoch_teardown, &prestate_num13),
928 cmocka_unit_test_prestate_setup_teardown(crypto_test_epoch_key_overflow,
930 crypto_test_epoch_teardown, &prestate_num32),
931 cmocka_unit_test(epoch_test_derive_data_key)
932 };
933
934#if defined(ENABLE_CRYPTO_OPENSSL)
935 OpenSSL_add_all_algorithms();
936#endif
937
938 int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL);
939
940#if defined(ENABLE_CRYPTO_OPENSSL)
941 EVP_cleanup();
942#endif
943
944 return ret;
945}
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:649
#define BPTR(buf)
Definition buffer.h:123
static void buf_set_write(struct buffer *buf, uint8_t *data, int size)
Definition buffer.h:331
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition buffer.h:348
#define BLEN(buf)
Definition buffer.h:126
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
static struct gc_arena gc_new(void)
Definition buffer.h:1007
#define COMP_ALG_LZO
LZO algorithm.
Definition comp.h:57
#define COMP_ALG_UNDEF
Definition comp.h:54
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition crypto.c:1094
void init_key_type(struct key_type *kt, const char *ciphername, const char *authname, bool tls_mode, bool warn)
Initialize a key_type structure with.
Definition crypto.c:869
uint64_t cipher_get_aead_limits(const char *ciphername)
Check if the cipher is an AEAD cipher and needs to be limited to a certain number of number of blocks...
Definition crypto.c:338
void free_key_ctx(struct key_ctx *ctx)
Definition crypto.c:1075
Data Channel Cryptography Module.
bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len)
Calculates the TLS 1.0-1.1 PRF function.
void hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
hmac_ctx_t * hmac_ctx_new(void)
void hmac_ctx_reset(hmac_ctx_t *ctx)
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
void hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
static bool cipher_valid(const char *ciphername)
Returns if the cipher is valid, based on the given cipher name.
void hmac_ctx_free(hmac_ctx_t *ctx)
const char * cipher_kt_name(const char *ciphername)
Retrieve a normalised string describing the cipher (e.g.
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
unsigned char md_kt_size(const char *mdname)
Returns the size of the message digest, in bytes.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, uint16_t out_len)
Variant of the RFC 8446 TLS 1.3 HKDF-Expand-Label function with the following differences/restriction...
void epoch_generate_future_receive_keys(struct crypto_options *co)
Generates and fills the epoch_data_keys_future with next valid future keys in crypto_options using th...
void epoch_replace_update_recv_key(struct crypto_options *co, uint16_t new_epoch)
This is called when the peer uses a new send key that is not the default key.
void free_epoch_key_ctx(struct crypto_options *co)
Frees the extra data structures used by epoch keys in crypto_options.
struct key_ctx * epoch_lookup_decrypt_key(struct crypto_options *opt, uint16_t epoch)
Using an epoch, this function will try to retrieve a decryption key context that matches that epoch f...
void epoch_init_key_ctx(struct crypto_options *co, const struct key_type *key_type, const struct epoch_key *e1_send, const struct epoch_key *e1_recv, uint16_t future_key_count)
Initialises data channel keys and internal structures for epoch data keys using the provided E0 epoch...
void epoch_data_key_derive(struct key_parameters *key, const struct epoch_key *epoch_key, const struct key_type *kt)
Generate a data channel key pair from the epoch key.
void ovpn_hkdf_expand(const uint8_t *secret, const uint8_t *info, int info_len, uint8_t *out, int out_len)
Implementation of the RFC5869 HKDF-Expand function with the following restrictions.
void epoch_iterate_send_key(struct crypto_options *co)
Updates the send key and send_epoch_key in cryptio_options->key_ctx_bi to use the next epoch.
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
#define SHA256_DIGEST_LENGTH
void frame_calculate_dynamic(struct frame *frame, struct key_type *kt, const struct options *options, struct link_socket_info *lsi)
Set the –mssfix option.
Definition mss.c:322
size_t calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
Calculate the link-mtu to advertise to our peer.
Definition mtu.c:147
void OSSL_LIB_CTX
#define CLEAR(x)
Definition basic.h:32
@ PROTO_UDP
@ PROTO_TCP_CLIENT
Control Channel SSL library backend module.
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
int mssfix
Definition options.h:141
const char * socks_proxy_server
Definition options.h:120
int fragment
Definition options.h:138
int proto
Definition options.h:106
int tun_mtu
Definition options.h:124
Contains all state information for one tunnel.
Definition openvpn.h:474
Security parameter state for processing data channel packets.
Definition crypto.h:293
struct epoch_key epoch_key_send
last epoch_key used for generation of the current send data keys.
Definition crypto.h:302
struct key_ctx epoch_retiring_data_receive_key
The old key before the sender switched to a new epoch data key.
Definition crypto.h:328
struct key_ctx * epoch_data_keys_future
Keeps the future epoch data keys for decryption.
Definition crypto.h:322
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition crypto.h:294
uint16_t epoch_data_keys_future_count
number of keys stored in epoch_data_keys_future
Definition crypto.h:325
struct epoch_key epoch_key_recv
epoch_key used for the highest receive epoch keys
Definition crypto.h:305
uint16_t epoch
Definition crypto.h:194
struct crypto_options co
struct key_type kt
struct gc_arena gc
Packet geometry parameters.
Definition mtu.h:103
uint16_t mss_fix
The actual MSS value that should be written to the payload packets.
Definition mtu.h:124
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Definition list.h:56
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
Definition crypto.h:283
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition crypto.h:281
uint16_t epoch
OpenVPN data channel epoch, this variable holds the epoch number this key belongs to.
Definition crypto.h:228
internal structure similar to struct key that holds key information but is not represented on wire an...
Definition crypto.h:163
int hmac_size
Number of bytes set in the HMac key material.
Definition crypto.h:174
int cipher_size
Number of bytes set in the cipher key material.
Definition crypto.h:168
uint8_t hmac[MAX_HMAC_KEY_LENGTH]
Key material for HMAC operations.
Definition crypto.h:171
uint8_t cipher[MAX_CIPHER_KEY_LENGTH]
Key material for cipher operations.
Definition crypto.h:165
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
struct compress_options comp
Definition options.h:413
const char * tls_auth_file
Definition options.h:666
bool use_peer_id
Definition options.h:704
const char * authname
Definition options.h:582
uint32_t peer_id
Definition options.h:705
struct connection_entry ce
Definition options.h:290
const char * ciphername
Definition options.h:576
bool pull
Definition options.h:559
bool tls_client
Definition options.h:596
const char * shared_secret_file
Definition options.h:572
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:35
void crypto_test_ovpn_label_expand(void **state)
void crypto_test_hkdf_expand_testa2(void **state)
static void test_mssfix_mtu_calculation(void **state)
void crypto_test_hkdf_expand_testa1(void **state)
static uint8_t testkey[20]
static void test_cipher_names(const char *ciphername, const char *openvpn_name)
Definition test_crypto.c:95
void crypto_test_hkdf_expand_testa3(void **state)
void crypto_test_ovpn_expand_openssl3(void **state)
static void test_translate_cipher(const char *ciphername, const char *openvpn_name)
Definition test_crypto.c:79
static void crypto_translate_cipher_names(void **state)
void crypto_test_epoch_key_receive_lookup(void **state)
void crypto_test_epoch_key_rotation(void **state)
static uint8_t goodhash[20]
static const char testtext[]
Definition test_crypto.c:50
static int crypto_test_epoch_teardown(void **state)
static void crypto_test_hmac(void **state)
void crypto_test_aead_limits(void **state)
int main(void)
static void crypto_pem_encode_decode_loopback(void **state)
Definition test_crypto.c:53
void crypto_test_epoch_key_generation(void **state)
static const char * ipsumlorem
static int crypto_test_epoch_setup(void **state)
void epoch_test_derive_data_key(void **state)
void crypto_test_epoch_key_overflow(void **state)
static void crypto_test_tls_prf(void **state)
static void test_occ_mtu_calculation(void **state)
void crypto_test_hkdf_expand_test_ovpn(void **state)
struct gc_arena gc
Definition test_ssl.c:154