OpenVPN
test_pkt.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <stdarg.h>
32#include <string.h>
33#include <setjmp.h>
34#include <cmocka.h>
35#include "test_common.h"
36
37#include "crypto.h"
38#include "options.h"
39#include "ssl_backend.h"
40#include "ssl_pkt.h"
41#include "tls_crypt.h"
42
43#include "mss.h"
44#include "reliable.h"
45
46int
47parse_line(const char *line, char **p, const int n, const char *file, const int line_num,
48 int msglevel, struct gc_arena *gc)
49{
50 /* Dummy function to get the linker happy, should never be called */
51 assert_true(false);
52 return 0;
53}
54
55/* Define this function here as dummy since including the ssl_*.c files
56 * leads to having to include even more unrelated code */
57bool
58key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size,
59 void *ekm, size_t ekm_size)
60{
61 ASSERT(0);
62}
63
64const char *
66{
67 return "dummy print_link_socket_actual from unit test";
68}
69
70const char static_key[] = "<tls-auth>\n"
71 "-----BEGIN OpenVPN Static key V1-----\n"
72 "37268ea8f95d7f71f9fb8fc03770c460\n"
73 "daf714a483d815c013ce0a537efc18f2\n"
74 "8f4f172669d9e6a413bac6741d8ea054\n"
75 "00f49b7fd6326470f23798c606bf53d4\n"
76 "de63ebc64ec59d57ce5d04d5b62e68b5\n"
77 "3ca6e5354351097fa370446c4d269f18\n"
78 "7bb6ae54af2dc70ff7317fe2f8754b82\n"
79 "82aad4202f9fa42c8640245d883e2c54\n"
80 "a0c1c489a036cf3a8964d8d289c1583b\n"
81 "9447c262b1da5fd167a5d27bd5ac5143\n"
82 "17bc2343a31a2efc38dd920d910375f5\n"
83 "1c2e27f3afd36c49269da079f7ce466e\n"
84 "bb0f9ad13e9bbb4665974e6bc24b513c\n"
85 "5700393bf4a3e7f967e2f384069ac8a8\n"
86 "e78b18b15604993fd16515cce9c0f3e4\n"
87 "2b4126b999005ade802797b0eeb8b9e6\n"
88 "-----END OpenVPN Static key V1-----\n"
89 "</tls-auth>\n";
90
91const uint8_t client_reset_v2_none[] = { 0x38, 0x68, 0x91, 0x92, 0x3f, 0xa3, 0x10,
92 0x34, 0x37, 0x00, 0x00, 0x00, 0x00, 0x00 };
93
94const uint8_t client_reset_v2_tls_auth[] = { 0x38, 0xde, 0x69, 0x4c, 0x5c, 0x7b, 0xfb, 0xa2, 0x74,
95 0x93, 0x53, 0x7c, 0x1d, 0xed, 0x4e, 0x78, 0x15, 0x29,
96 0xae, 0x7c, 0xfe, 0x4b, 0x8c, 0x6d, 0x6b, 0x2b, 0x51,
97 0xf0, 0x5a, 0x00, 0x00, 0x00, 0x01, 0x61, 0xd3, 0xbf,
98 0x6c, 0x00, 0x00, 0x00, 0x00, 0x00 };
99
100const uint8_t client_reset_v2_tls_crypt[] = {
101 0x38, 0xf4, 0x19, 0xcb, 0x12, 0xd1, 0xf9, 0xe4, 0x8f, 0x00, 0x00, 0x00, 0x01, 0x61,
102 0xd3, 0xf8, 0xe1, 0x33, 0x02, 0x06, 0xf5, 0x68, 0x02, 0xbe, 0x44, 0xfb, 0xed, 0x90,
103 0x50, 0x64, 0xe3, 0xdb, 0x43, 0x41, 0x6b, 0xec, 0x5e, 0x52, 0x67, 0x19, 0x46, 0x2b,
104 0x7e, 0xb9, 0x0c, 0x96, 0xde, 0xfc, 0x9b, 0x05, 0xc4, 0x48, 0x79, 0xf7
105};
106
107/* Valid tls-auth client CONTROL_V1 packet with random server id */
109 0x20, 0x14, 0x01, 0x4e, 0xbc, 0x80, 0xc6, 0x14, 0x2b, 0x7b, 0xc8, 0x76, 0xfb, 0xc5, 0x2e, 0x27,
110 0xb1, 0xc5, 0x07, 0x35, 0x5b, 0xb6, 0x00, 0x6b, 0xae, 0x71, 0xba, 0x4e, 0x38, 0x00, 0x00, 0x00,
111 0x03, 0x61, 0xd3, 0xff, 0x53, 0x00, 0x00, 0x00, 0x00, 0x01, 0x16, 0x03, 0x01, 0x01, 0x0c, 0x01,
112 0x00, 0x01, 0x08, 0x03, 0x03, 0x8c, 0xaa, 0xac, 0x3a, 0x1a, 0x07, 0xbd, 0xe7, 0xb7, 0x50, 0x06,
113 0x9b, 0x94, 0x0c, 0x34, 0x4b, 0x5a, 0x35, 0xca, 0xc4, 0x79, 0xbd, 0xc9, 0x09, 0xb0, 0x7b, 0xd9,
114 0xee, 0xbb, 0x7d, 0xe7, 0x25, 0x20, 0x39, 0x38, 0xe2, 0x18, 0x33, 0x36, 0x14, 0x9f, 0x34, 0xf0,
115 0x44, 0x59, 0x96, 0x8d, 0x0e, 0xd2, 0x47, 0x76, 0x64, 0x88, 0x59, 0xe9, 0x38, 0x03, 0x97, 0x96,
116 0x98, 0x45, 0xfb, 0xf5, 0xff, 0x23, 0x00, 0x32, 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x2c,
117 0xc0, 0x30, 0x00, 0x9f, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
118 0xc0, 0x24, 0xc0, 0x28, 0x00, 0x6b, 0xc0, 0x23, 0xc0, 0x27, 0x00, 0x67, 0xc0, 0x0a, 0xc0, 0x14,
119 0x00, 0x39, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33, 0x00, 0xff, 0x01, 0x00, 0x00, 0x8d, 0x00, 0x0b,
120 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x1d, 0x00, 0x17,
121 0x00, 0x1e, 0x00, 0x19, 0x00, 0x18, 0x00, 0x16, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x0d,
122 0x00, 0x30, 0x00, 0x2e, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x08, 0x07, 0x08, 0x08, 0x08, 0x09,
123 0x08, 0x0a, 0x08, 0x0b, 0x08, 0x04, 0x08, 0x05, 0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
124 0x03, 0x03, 0x02, 0x03, 0x03, 0x01, 0x02, 0x01, 0x03, 0x02, 0x02, 0x02, 0x04, 0x02, 0x05, 0x02,
125 0x06, 0x02, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00, 0x2d, 0x00, 0x02, 0x01,
126 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x0e, 0xc9, 0x7a, 0xff, 0x58,
127 0xdb, 0x56, 0xf6, 0x40, 0xd1, 0xed, 0xdb, 0x91, 0x81, 0xd6, 0xef, 0x83, 0x86, 0x8a, 0xb2, 0x3d,
128 0x88, 0x92, 0x3f, 0xd8, 0x51, 0x9c, 0xd6, 0x26, 0x56, 0x33, 0x6b
129};
130
131/* This is a truncated packet as we do not care for the TLS payload in the
132 * unit test */
133const uint8_t client_control_with_ack[] = { 0x20, 0x78, 0x19, 0xbf, 0x2e, 0xbc, 0xd1, 0x9a,
134 0x45, 0x01, 0x00, 0x00, 0x00, 0x00, 0xea, 0xfe,
135 0xbf, 0xa4, 0x41, 0x8a, 0xe3, 0x1b, 0x00, 0x00,
136 0x00, 0x01, 0x16, 0x03, 0x01 };
137
138const uint8_t client_ack_none_random_id[] = { 0x28, 0xae, 0xb9, 0xaf, 0xe1, 0xf0, 0x1d, 0x79,
139 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0xdd, 0x85,
140 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e };
141
142/* no tls-auth, P_ACK_V1, acks 0,1, and 2 */
144 0x28,
145 0xae, 0xb9, 0xaf, 0xe1, 0xf0, 0x1d, 0x79, 0xc8,
146 0x03,
147 0x00, 0x00, 0x00, 0x00,
148 0x00, 0x00, 0x00, 0x01,
149 0x00, 0x00, 0x00, 0x02,
150 0xdd, 0x85, 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e
151};
152
153/* no tls-auth, P_CONTROL_V1, acks 0, msg-id 2 */
155 0x20,
156 0xae, 0xb9, 0xaf, 0xe1, 0xf0, 0x1d, 0x79, 0xc8,
157 0x01,
158 0x00, 0x00, 0x00, 0x00,
159 0x02
160};
161
162
164init_tas_auth(int key_direction)
165{
166 struct tls_auth_standalone tas = { 0 };
167 struct frame frame = { { .headroom = 200, .payload_size = 1400 }, 0 };
168 tas.frame = frame;
169
170 tas.tls_wrap.mode = TLS_WRAP_AUTH;
171 /* we ignore packet ids on for the first packet check */
173
174 struct key_type tls_crypt_kt;
175 init_key_type(&tls_crypt_kt, "none", "SHA1", true, false);
176
178 key_direction, "Control Channel Authentication", "tls-auth", NULL);
179 tas.workbuf = alloc_buf(1600);
180
181 return tas;
182}
183
185init_tas_crypt(bool server)
186{
187 struct tls_auth_standalone tas = { 0 };
188 tas.tls_wrap.mode = TLS_WRAP_CRYPT;
190
192 static_key, true, server);
193 tas.workbuf = alloc_buf(1600);
194 tas.tls_wrap.work = alloc_buf(1600);
195
196 return tas;
197}
198
199void
201{
202 /* Not some of these might be null pointers but calling free on null
203 * pointers is a noop */
205 free_buf(&tas->workbuf);
206 free_buf(&tas->tls_wrap.work);
207}
208
209void
211{
212 struct link_socket_actual from = { 0 };
213 struct tls_pre_decrypt_state state = { 0 };
214
215 struct tls_auth_standalone tas = init_tas_crypt(true);
216 struct buffer buf = alloc_buf(1024);
217
218 /* tls-auth should be invalid */
220 enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
223
224 /* as well as the too short normal reset */
225 buf_reset_len(&buf);
227 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
230
231 /* the tls-crypt should validate */
232 buf_reset_len(&buf);
234 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
237
238 /* flip a byte in various places */
239 for (int i = 0; i < sizeof(client_reset_v2_tls_crypt); i++)
240 {
241 buf_reset_len(&buf);
243 (BPTR(&buf))[i] = 0x23;
244 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
247 }
248
249 free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
250 free_tas(&tas);
251 free_buf(&buf);
252}
253
254
255void
257{
258 struct link_socket_actual from = { 0 };
259 struct tls_auth_standalone tas = { 0 };
260 struct tls_pre_decrypt_state state = { 0 };
261 enum first_packet_verdict verdict;
262
263 struct buffer buf = alloc_buf(1024);
265
266 /* Packet to short to contain the hmac */
268
269 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
272
273 /* Valid tls-auth packet, should validate */
274 buf_reset_len(&buf);
276 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
279
280 /* The pre decrypt function should not modify the buffer, so calling it
281 * again should have the same result */
282 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
284
285 /* and buf memory should be equal */
288
289 buf_reset_len(&buf);
291 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
294
295 /* flip a byte in the hmac */
296 (BPTR(&buf))[20] = 0x23;
297 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
300
301 /* Wrong key direction gives a wrong hmac key and should not validate */
302 free_key_ctx_bi(&tas.tls_wrap.opt.key_ctx_bi);
303 free_tas(&tas);
305
306 buf_reset_len(&buf);
308 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
310
312 free_tas(&tas);
313 free_buf(&buf);
314}
315
316void
318{
319 struct link_socket_actual from = { 0 };
320 struct tls_auth_standalone tas = { 0 };
321 struct tls_pre_decrypt_state state = { 0 };
322
323 struct buffer buf = alloc_buf(1024);
325
326 tas.tls_wrap.mode = TLS_WRAP_NONE;
327
328 /* the method will not do additional test, so the tls-auth and tls-crypt
329 * reset will be accepted */
330 enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
333
334 buf_reset_len(&buf);
336 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
339
340 buf_reset_len(&buf);
342 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
345
346 /* This is not a reset packet and should trigger the other response */
347 buf_reset_len(&buf);
349 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
351
353 free_buf(&buf);
354 free_tas(&tas);
355}
356
357static void
359{
360 struct buffer buf = alloc_buf(1024);
362
363 /* skip over op code and peer session id */
364 buf_advance(&buf, 9);
365
366 struct reliable_ack ack;
367 struct session_id sid;
368 bool ret;
369
370 ret = reliable_ack_parse(&buf, &ack, &sid);
371 assert_true(ret);
372
373 assert_int_equal(ack.len, 1);
374 assert_int_equal(ack.packet_id[0], 0);
375
376 struct session_id expected_id = { .id = { 0xea, 0xfe, 0xbf, 0xa4, 0x41, 0x8a, 0xe3, 0x1b } };
377 assert_memory_equal(&sid, &expected_id, SID_SIZE);
378
379 buf_reset_len(&buf);
381
382 /* skip over op code and peer session id */
383 buf_advance(&buf, 9);
384 ret = reliable_ack_parse(&buf, &ack, &sid);
385 assert_true(ret);
386
387 assert_int_equal(ack.len, 1);
388 assert_int_equal(ack.packet_id[0], 0);
389
390 struct session_id expected_id2 = { .id = { 0xdd, 0x85, 0xdb, 0x53, 0x56, 0x23, 0xb0, 0x2e } };
391 assert_memory_equal(&sid, &expected_id2, SID_SIZE);
392
393 buf_reset_len(&buf);
395
396 /* skip over op code and peer session id */
397 buf_advance(&buf, 9);
398 ret = reliable_ack_parse(&buf, &ack, &sid);
399
400 free_buf(&buf);
401}
402
403static void
405{
407
408 struct link_socket_actual from = { 0 };
409 struct tls_auth_standalone tas = { 0 };
410 struct tls_pre_decrypt_state state = { 0 };
411
412 struct buffer buf = alloc_buf(1024);
414
416
417 buf_reset_len(&buf);
419 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
421
422 /* This is a valid packet but containing a random id instead of an HMAC id*/
423 bool valid = check_session_hmac_and_pkt_id(&state, &from.dest, hmac, 30, false);
425
427 free_buf(&buf);
428 free_tas(&tas);
429 hmac_ctx_cleanup(hmac);
430 hmac_ctx_free(hmac);
431}
432
433static void
435{
437
438 struct link_socket_actual from = { 0 };
439 from.dest.addr.sa.sa_family = AF_INET;
440
441 struct tls_auth_standalone tas = { 0 };
442 struct tls_pre_decrypt_state state = { 0 };
443
444 struct buffer buf = alloc_buf(1024);
446
447 tas.tls_wrap.mode = TLS_WRAP_NONE;
448
449 buf_reset_len(&buf);
451 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
453
454 bool valid = check_session_hmac_and_pkt_id(&state, &from.dest, hmac, 30, true);
456
458 free_buf(&buf);
459 hmac_ctx_cleanup(hmac);
460 hmac_ctx_free(hmac);
461}
462
463static void
465{
467
468 struct link_socket_actual from = { 0 };
469 from.dest.addr.sa.sa_family = AF_INET;
470
471 struct tls_auth_standalone tas = { 0 };
472 struct tls_pre_decrypt_state state = { 0 };
473
474 struct buffer buf = alloc_buf(1024);
476
477 tas.tls_wrap.mode = TLS_WRAP_NONE;
478
479 buf_reset_len(&buf);
481
482
483 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
485
486 /* should fail because it acks 2 */
487 bool valid = check_session_hmac_and_pkt_id(&state, &from.dest, hmac, 30, true);
490
491 /* Try test with the control with a too high message id now */
492 buf_reset_len(&buf);
494
495 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
497
498 /* should fail because it has message id 2 */
499 valid = check_session_hmac_and_pkt_id(&state, &from.dest, hmac, 30, true);
501
503 free_buf(&buf);
504 hmac_ctx_cleanup(hmac);
505 hmac_ctx_free(hmac);
506}
507
508static hmac_ctx_t *
510{
511 ASSERT(md_valid("SHA256"));
513
514 uint8_t key[SHA256_DIGEST_LENGTH] = { 1, 2, 3, 0 };
515
516 hmac_ctx_init(hmac_ctx, key, "SHA256");
517 return hmac_ctx;
518}
519
520static void
522{
524 static const int handwindow = 100;
525
526 struct openvpn_sockaddr addr = { 0 };
527
528 addr.addr.in4.sin_family = AF_INET;
529 addr.addr.in4.sin_addr.s_addr = ntohl(0xff000ff);
530 addr.addr.in4.sin_port = ntohs(1195);
531
532 struct session_id client_id = { { 0, 1, 2, 3, 4, 5, 6, 7 } };
533
534 now = 1005;
535 struct session_id server_id = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 0);
536
537
538 struct session_id expected_server_id = { { 0x84, 0x73, 0x52, 0x2b, 0x5b, 0xa9, 0x2a, 0x70 } };
539 /* We have to deal with different structs here annoyingly */
540 /* Linux has an unsigned short int as family_t and this is field is always
541 * stored in host endianness even though the rest of the struct isn't...,
542 * so Linux little endian differs from all BSD and Linux big endian */
543 if (sizeof(addr.addr.in4.sin_family) == sizeof(unsigned short int) && ntohs(AF_INET) != AF_INET)
544 {
545 struct session_id linuxle = { { 0x8b, 0xeb, 0x3d, 0x20, 0x14, 0x53, 0xbe, 0x0a } };
546 expected_server_id = linuxle;
547 }
548 assert_memory_equal(expected_server_id.id, server_id.id, SID_SIZE);
549
550 struct session_id server_id_m1 =
551 calculate_session_id_hmac(client_id, &addr, hmac, handwindow, -1);
552 struct session_id server_id_p1 =
553 calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 1);
554 struct session_id server_id_p2 =
555 calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 2);
556
557 assert_memory_not_equal(expected_server_id.id, server_id_m1.id, SID_SIZE);
558 assert_memory_not_equal(expected_server_id.id, server_id_p1.id, SID_SIZE);
559
560 /* changing the time puts us into the next hmac time window (handwindow/2=50)
561 * and shifts the ids by one */
562 now = 1062;
563
564 struct session_id server_id2_m2 =
565 calculate_session_id_hmac(client_id, &addr, hmac, handwindow, -2);
566 struct session_id server_id2_m1 =
567 calculate_session_id_hmac(client_id, &addr, hmac, handwindow, -1);
568 struct session_id server_id2 = calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 0);
569 struct session_id server_id2_p1 =
570 calculate_session_id_hmac(client_id, &addr, hmac, handwindow, 1);
571
572 assert_memory_equal(server_id2_m2.id, server_id_m1.id, SID_SIZE);
573 assert_memory_equal(server_id2_m1.id, expected_server_id.id, SID_SIZE);
574 assert_memory_equal(server_id2.id, server_id_p1.id, SID_SIZE);
575 assert_memory_equal(server_id2_p1.id, server_id_p2.id, SID_SIZE);
576
577 hmac_ctx_cleanup(hmac);
578 hmac_ctx_free(hmac);
579}
580
581static void
583{
584 struct link_socket_actual from = { 0 };
585 struct tls_auth_standalone tas = { 0 };
586 struct tls_pre_decrypt_state state = { 0 };
587
588 struct session_id client_id = { { 0, 1, 2, 3, 4, 5, 6, 7 } };
589 struct session_id server_id = { { 8, 9, 0, 9, 8, 7, 6, 2 } };
590
591 enum first_packet_verdict verdict;
592
593 tas.tls_wrap.mode = TLS_WRAP_NONE;
594 struct frame frame = { { .headroom = 200, .payload_size = 1400 }, 0 };
595 tas.frame = frame;
596 tas.workbuf = alloc_buf(1600);
597
598 uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT);
599
600 struct buffer buf =
601 tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id, header, false);
602
603
604 verdict = tls_pre_decrypt_lite(&tas, &state, &from, &buf);
606
607 /* Assure repeated generation of reset is deterministic/stateless*/
609 struct buffer buf2 =
610 tls_reset_standalone(&tas.tls_wrap, &tas, &client_id, &server_id, header, false);
611 assert_int_equal(BLEN(&buf), BLEN(&buf2));
612 assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
613
615 free_buf(&tas.workbuf);
616}
617
618static void
620{
621 struct link_socket_actual from = { 0 };
622 struct tls_pre_decrypt_state state = { 0 };
623
626
627 packet_id_init(&tas_client.tls_wrap.opt.packet_id, 5, 5, "UNITTEST", 0);
628
629 struct session_id client_id = { { 0xab, 1, 2, 3, 4, 5, 6, 0xcd } };
630 struct session_id server_id = { { 8, 9, 0xa, 0xc, 8, 7, 6, 2 } };
631
632 uint8_t header = 0 | (P_CONTROL_HARD_RESET_CLIENT_V2 << P_OPCODE_SHIFT);
633
634 now = 0x22446688;
636 struct buffer buf = tls_reset_standalone(&tas_client.tls_wrap, &tas_client, &client_id,
637 &server_id, header, false);
638
639 enum first_packet_verdict verdict = tls_pre_decrypt_lite(&tas_server, &state, &from, &buf);
641
643
644 /* Assure repeated generation of reset is deterministic/stateless*/
645 reset_packet_id_send(&tas_client.tls_wrap.opt.packet_id.send);
647 &server_id, header, false);
648 assert_int_equal(BLEN(&buf), BLEN(&buf2));
649 assert_memory_equal(BPTR(&buf), BPTR(&buf2), BLEN(&buf));
650
652
653 packet_id_free(&tas_client.tls_wrap.opt.packet_id);
654
657}
658
659static void
661{
662 struct gc_arena gc = gc_new();
663 struct buffer input_buf = alloc_buf_gc(1024, &gc);
664
665 /* This message will have a \0x00 at the end since it is a C string */
666 const char input[] = "valid control message\r\n\0\0Invalid\r\none\0valid one again";
667
668 buf_write(&input_buf, input, sizeof(input));
674
675 assert_string_equal(BSTR(&cmd1), "valid control message");
676 /* empty message with just a \0x00 */
677 assert_int_equal(cmd2.len, 1);
679 assert_int_equal(cmd3.len, 0);
680 assert_string_equal(BSTR(&cmd4), "valid one again");
681 assert_int_equal(cmd5.len, 0);
682
683 const uint8_t nonull[6] = { 'n', 'o', ' ', 'N', 'U', 'L' };
684 struct buffer nonull_buf = alloc_buf_gc(1024, &gc);
685
686 buf_write(&nonull_buf, nonull, sizeof(nonull));
689
690 gc_free(&gc);
691}
692
693int
694main(void)
695{
697
698 const struct CMUnitTest tests[] = {
699 cmocka_unit_test(test_tls_decrypt_lite_none),
700 cmocka_unit_test(test_tls_decrypt_lite_auth),
701 cmocka_unit_test(test_tls_decrypt_lite_crypt),
702 cmocka_unit_test(test_parse_ack),
703 cmocka_unit_test(test_calc_session_id_hmac_static),
704 cmocka_unit_test(test_verify_hmac_none),
705 cmocka_unit_test(test_verify_hmac_tls_auth),
707 cmocka_unit_test(test_generate_reset_packet_plain),
708 cmocka_unit_test(test_generate_reset_packet_tls_auth),
709 cmocka_unit_test(test_extract_control_message)
710 };
711
712#if defined(ENABLE_CRYPTO_OPENSSL)
713 OpenSSL_add_all_algorithms();
714#endif
715
716 int ret = cmocka_run_group_tests_name("pkt tests", tests, NULL, NULL);
717
718#if defined(ENABLE_CRYPTO_OPENSSL)
719 EVP_cleanup();
720#endif
721
722 return ret;
723}
void free_buf(struct buffer *buf)
Definition buffer.c:184
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
#define BSTR(buf)
Definition buffer.h:128
#define BPTR(buf)
Definition buffer.h:123
static bool buf_advance(struct buffer *buf, int size)
Definition buffer.h:616
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
#define BLEN(buf)
Definition buffer.h:126
static void buf_reset_len(struct buffer *buf)
Definition buffer.h:312
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
static struct gc_arena gc_new(void)
Definition buffer.h:1007
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition crypto.c:1094
void init_key_type(struct key_type *kt, const char *ciphername, const char *authname, bool tls_mode, bool warn)
Initialize a key_type structure with.
Definition crypto.c:869
void crypto_read_openvpn_key(const struct key_type *key_type, struct key_ctx_bi *ctx, const char *key_file, bool key_inline, const int key_direction, const char *key_name, const char *opt_name, struct key2 *keydata)
Definition crypto.c:1284
Data Channel Cryptography Module.
#define KEY_DIRECTION_NORMAL
Definition crypto.h:232
#define CO_PACKET_ID_LONG_FORM
Bit-flag indicating whether to use OpenVPN's long packet ID format.
Definition crypto.h:345
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition crypto.h:348
#define KEY_DIRECTION_INVERSE
Definition crypto.h:233
hmac_ctx_t * hmac_ctx_new(void)
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
bool md_valid(const char *digest)
Return if a message digest parameters is valid given the name of the digest.
void hmac_ctx_free(hmac_ctx_t *ctx)
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
#define SHA256_DIGEST_LENGTH
enum first_packet_verdict tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, struct tls_pre_decrypt_state *state, const struct link_socket_actual *from, const struct buffer *buf)
Inspect an incoming packet for which no VPN tunnel is active, and determine whether a new VPN tunnel ...
Definition ssl_pkt.c:293
bool reliable_ack_parse(struct buffer *buf, struct reliable_ack *ack, struct session_id *session_id_remote)
Parse an acknowledgment record from a received packet.
Definition reliable.c:166
void tls_crypt_init_key(struct key_ctx_bi *key, struct key2 *keydata, const char *key_file, bool key_inline, bool tls_server)
Initialize a key_ctx_bi structure for use with --tls-crypt.
Definition tls_crypt.c:60
#define ASSERT(x)
Definition error.h:217
time_t now
Definition otime.c:33
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition packet_id.c:91
void packet_id_free(struct packet_id *p)
Definition packet_id.c:121
static void reset_packet_id_send(struct packet_id_send *p)
Reset the current send packet id to its initial state.
Definition packet_id.h:303
Reliability Layer module header file.
#define SID_SIZE
Definition session_id.h:44
Control Channel SSL library backend module.
struct session_id calculate_session_id_hmac(struct session_id client_sid, const struct openvpn_sockaddr *from, hmac_ctx_t *hmac, int handwindow, int offset)
Calculates the HMAC based server session id based on a client session id and socket addr.
Definition ssl_pkt.c:459
void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state)
Definition ssl_pkt.c:271
hmac_ctx_t * session_id_hmac_init(void)
Definition ssl_pkt.c:445
struct buffer extract_command_buffer(struct buffer *buf, struct gc_arena *gc)
Extracts a control channel message from buf and adjusts the size of buf after the message has been ex...
Definition ssl_pkt.c:563
bool check_session_hmac_and_pkt_id(struct tls_pre_decrypt_state *state, const struct openvpn_sockaddr *from, hmac_ctx_t *hmac, int handwindow, bool pkt_is_ack)
Checks if a control packet has a correct HMAC server session id.
Definition ssl_pkt.c:499
struct buffer tls_reset_standalone(struct tls_wrap_ctx *ctx, struct tls_auth_standalone *tas, struct session_id *own_sid, struct session_id *remote_sid, uint8_t header, bool request_resend_wkc)
This function creates a reset packet using the information from the tls pre decrypt state.
Definition ssl_pkt.c:403
SSL control channel wrap/unwrap and decode functions.
#define P_OPCODE_SHIFT
Definition ssl_pkt.h:39
first_packet_verdict
Definition ssl_pkt.h:85
@ VERDICT_VALID_ACK_V1
This packet is a valid ACK control packet from the peer, i.e.
Definition ssl_pkt.h:94
@ VERDICT_VALID_RESET_V2
This packet is a valid reset packet from the peer (all but tls-crypt-v2)
Definition ssl_pkt.h:87
@ VERDICT_INVALID
the packet failed on of the various checks
Definition ssl_pkt.h:98
@ VERDICT_VALID_CONTROL_V1
This packet is a valid control packet from the peer.
Definition ssl_pkt.h:91
#define P_CONTROL_HARD_RESET_CLIENT_V2
Definition ssl_pkt.h:51
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:384
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition crypto.h:294
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition crypto.h:331
Packet geometry parameters.
Definition mtu.h:103
int headroom
the headroom in the buffer, this is choosen to allow all potential header to be added before the pack...
Definition mtu.h:114
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
union openvpn_sockaddr::@27 addr
struct sockaddr sa
Definition socket_util.h:42
struct sockaddr_in in4
Definition socket_util.h:43
struct packet_id_send send
Definition packet_id.h:200
The acknowledgment structure in which packet IDs are stored for later acknowledgment.
Definition reliable.h:64
packet_id_type packet_id[RELIABLE_ACK_SIZE]
Definition reliable.h:66
uint8_t id[8]
Definition session_id.h:39
struct frame frame
Definition ssl_pkt.h:81
struct buffer workbuf
Definition ssl_pkt.h:80
struct tls_wrap_ctx tls_wrap
Definition ssl_pkt.h:79
struct that stores the temporary data for the tls lite decrypt functions
Definition ssl_pkt.h:106
struct session_id peer_session_id
Definition ssl_pkt.h:109
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490
struct crypto_options opt
Crypto state.
Definition ssl_common.h:283
enum tls_wrap_ctx::@28 mode
Control channel wrapping mode.
struct buffer work
Work buffer (only for –tls-crypt)
Definition ssl_common.h:284
struct key2 original_wrap_keydata
original key data to be xored in to the key for dynamic tls-crypt.
Definition ssl_common.h:299
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:35
const uint8_t client_ack_none_random_id[]
Definition test_pkt.c:138
void test_tls_decrypt_lite_crypt(void **ut_state)
Definition test_pkt.c:210
static void test_parse_ack(void **ut_state)
Definition test_pkt.c:358
const uint8_t client_reset_v2_tls_auth[]
Definition test_pkt.c:94
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition test_pkt.c:58
static void test_extract_control_message(void **ut_state)
Definition test_pkt.c:660
static void test_verify_hmac_none(void **ut_state)
Definition test_pkt.c:434
const uint8_t client_reset_v2_tls_crypt[]
Definition test_pkt.c:100
static void test_calc_session_id_hmac_static(void **ut_state)
Definition test_pkt.c:521
const char static_key[]
Definition test_pkt.c:70
void free_tas(struct tls_auth_standalone *tas)
Definition test_pkt.c:200
static void test_generate_reset_packet_tls_auth(void **ut_state)
Definition test_pkt.c:619
static void test_generate_reset_packet_plain(void **ut_state)
Definition test_pkt.c:582
struct tls_auth_standalone init_tas_crypt(bool server)
Definition test_pkt.c:185
const uint8_t client_ack_tls_auth_randomid[]
Definition test_pkt.c:108
static void test_verify_hmac_tls_auth(void **ut_state)
Definition test_pkt.c:404
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition test_pkt.c:65
static hmac_ctx_t * init_static_hmac(void)
Definition test_pkt.c:509
void test_tls_decrypt_lite_none(void **ut_state)
Definition test_pkt.c:317
int main(void)
Definition test_pkt.c:694
const uint8_t client_control_with_ack[]
Definition test_pkt.c:133
static void test_verify_hmac_none_out_of_range_ack(void **ut_state)
Definition test_pkt.c:464
const uint8_t client_control_none_random_id[]
Definition test_pkt.c:154
const uint8_t client_ack_123_none_random_id[]
Definition test_pkt.c:143
void test_tls_decrypt_lite_auth(void **ut_state)
Definition test_pkt.c:256
struct tls_auth_standalone init_tas_auth(int key_direction)
Definition test_pkt.c:164
const uint8_t client_reset_v2_none[]
Definition test_pkt.c:91
int parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition test_pkt.c:47
struct gc_arena gc
Definition test_ssl.c:154
static struct key_type tls_crypt_kt(void)
Definition tls_crypt.c:48