OpenVPN
test_ssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2023-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <stdarg.h>
32#include <string.h>
33#include <setjmp.h>
34#include <cmocka.h>
35
36#include "crypto.h"
37#include "crypto_epoch.h"
38#include "options.h"
39#include "ssl_backend.h"
40#include "options_util.h"
41
42#include "mock_msg.h"
43#include "mss.h"
44#include "ssl_verify_backend.h"
45#include "win32.h"
46#include "test_common.h"
47#include "ssl.h"
48#include "buffer.h"
49#include "packet_id.h"
50
51/* Mock function to be allowed to include win32.c which is required for
52 * getting the temp directory */
53#ifdef _WIN32
54struct signal_info siginfo_static; /* GLOBAL */
55
56const char *
57strerror_win32(DWORD errnum, struct gc_arena *gc)
58{
59 ASSERT(false);
60}
61
62void
63throw_signal(const int signum)
64{
65 ASSERT(false);
66}
67#endif
68
69#if defined(ENABLE_CRYPTO_OPENSSL) && (OPENSSL_VERSION_NUMBER > 0x30000000L)
70#define HAVE_OPENSSL_STORE
71#endif
72
73/* stubs for some unused functions instead of pulling in too many dependencies */
74bool
75get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix,
76 const unsigned int flags, const char *auth_challenge)
77{
78 return false;
79}
80void
81purge_user_pass(struct user_pass *up, bool force)
82{
83 return;
84}
85
86/* generated using
87 * openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -keyout - \
88 * -noenc -sha256 -days 3650 -subj '/CN=ovpn-test-secp384r1' -nodes \
89 * -addext 'subjectAltName=DNS:unittest.example.com' \
90 * -addext 'extendedKeyUsage=clientAuth'
91 */
92static const char *const unittest_cert =
93 "-----BEGIN CERTIFICATE-----\n"
94 "MIICBjCCAYygAwIBAgIUFoXgpP4beykV7tpgrjHQTWPGi4cwCgYIKoZIzj0EAwIw\n"
95 "HjEcMBoGA1UEAwwTb3Zwbi10ZXN0LXNlY3AzODRyMTAeFw0yNTA5MDgxMzExNTBa\n"
96 "Fw0zNTA5MDYxMzExNTBaMB4xHDAaBgNVBAMME292cG4tdGVzdC1zZWNwMzg0cjEw\n"
97 "djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQVDmf+TZB3rW6zqWFox606u/PhA93ysX/h\n"
98 "1s2xyq9+QGzIdE/hks6p/Yzyu7RLOUjxvO0J45RHcYmo67DlvSOi496T3zrgvp1H\n"
99 "KfHD5ohMyvzw0+e8lmjJqJjn+PegMkOjgYowgYcwHQYDVR0OBBYEFCH1eYnaV8fh\n"
100 "E3Bv7lyrlYu24eoVMB8GA1UdIwQYMBaAFCH1eYnaV8fhE3Bv7lyrlYu24eoVMA8G\n"
101 "A1UdEwEB/wQFMAMBAf8wHwYDVR0RBBgwFoIUdW5pdHRlc3QuZXhhbXBsZS5jb20w\n"
102 "EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDaAAwZQIxAL7q7jcwTOuq\n"
103 "5sp0Beq81Vnznd3gsDZYNs1OYRWH33xergDVKlBb6kCwus0dhghtVAIwIgT4ytkY\n"
104 "oAPx8LB3oP8ubEu1ue6V9jZln/cCiLyXDDtaiJOZHtDqHGfHqvc6rAok\n"
105 "-----END CERTIFICATE-----\n";
106
107static const char *const unittest_key =
108 "-----BEGIN PRIVATE KEY-----\n"
109 "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAXBC7tpa9UepoMVZlM\n"
110 "OxUubkECGK7aWFebxDc3UPoEQemEPMOCdkWBSU/t7Mm4R66hZANiAAQVDmf+TZB3\n"
111 "rW6zqWFox606u/PhA93ysX/h1s2xyq9+QGzIdE/hks6p/Yzyu7RLOUjxvO0J45RH\n"
112 "cYmo67DlvSOi496T3zrgvp1HKfHD5ohMyvzw0+e8lmjJqJjn+PegMkM=\n"
113 "-----END PRIVATE KEY-----\n";
114
115
116static const char *
118{
119 const char *ret;
120#ifdef _WIN32
121 ret = win_get_tempdir();
122#else
123 ret = "/tmp";
124#endif
125 assert_non_null(ret);
126 return ret;
127}
128
129static struct
130{
131 struct gc_arena gc;
132 const char *certfile;
133 const char *keyfile;
135
136static int
137init(void **state)
138{
139 (void)state;
140 global_state.gc = gc_new();
143
144 int certfd = open(global_state.certfile, O_RDWR);
145 int keyfd = open(global_state.keyfile, O_RDWR);
146 if (certfd < 0 || keyfd < 0)
147 {
148 fail_msg("make tmpfile for certificate or key data failed (error = %d)", errno);
149 }
150 assert_int_equal(write(certfd, unittest_cert, strlen(unittest_cert)), strlen(unittest_cert));
151 assert_int_equal(write(keyfd, unittest_key, strlen(unittest_key)), strlen(unittest_key));
152 close(certfd);
153 close(keyfd);
154 return 0;
155}
156
157static int
158cleanup(void **state)
159{
160 (void)state;
161 unlink(global_state.certfile);
162 unlink(global_state.keyfile);
164 return 0;
165}
166
167static void
169{
170 struct gc_arena gc = gc_new();
171
172 struct tls_root_ctx ctx = { 0 };
175
176 openvpn_x509_cert_t *cert = NULL;
177
178 /* we do not have methods to fetch certificates from ssl contexts, use
179 * internal TLS library methods for the unit test */
180#ifdef ENABLE_CRYPTO_OPENSSL
181 cert = SSL_CTX_get0_certificate(ctx.ctx);
182#elif defined(ENABLE_CRYPTO_MBEDTLS)
183 cert = ctx.crt_chain;
184#endif
185
186 const char *tmpfile = platform_create_temp_file(get_tmp_dir(), "ut_pem", &gc);
187 backend_x509_write_pem(cert, tmpfile);
188
191
192 tls_ctx_free(&ctx);
194 gc_free(&gc);
195}
196
197static void
199{
200 (void)state;
201 struct tls_root_ctx ctx = { 0 };
202
203 /* test loading of inlined cert and key.
204 * loading the key also checks that it matches the loaded certificate
205 */
208 assert_int_equal(tls_ctx_load_priv_file(&ctx, unittest_key, true), 0);
210
211 /* test loading of cert and key from file */
213 tls_ctx_load_cert_file(&ctx, global_state.certfile, false);
214 assert_int_equal(tls_ctx_load_priv_file(&ctx, global_state.keyfile, false), 0);
216}
217
218/* test loading cert and key using file:/path URI */
219static void
221{
222 (void)state;
223
224#if !defined(HAVE_OPENSSL_STORE)
225 skip();
226#else /* HAVE_OPENSSL_STORE */
227
228 struct tls_root_ctx ctx = { 0 };
229 const char *certfile = global_state.certfile;
230 const char *keyfile = global_state.keyfile;
231 struct gc_arena *gc = &global_state.gc;
232
233 struct buffer certuri = alloc_buf_gc(6 + strlen(certfile) + 1, gc); /* 6 bytes for "file:/" */
234 struct buffer keyuri = alloc_buf_gc(6 + strlen(keyfile) + 1, gc); /* 6 bytes for "file:/" */
235
236 /* Windows temp file path starts with drive letter -- add a leading slash for URI */
237 const char *lead = "";
238#ifdef _WIN32
239 lead = "/";
240#endif /* _WIN32 */
241 assert_true(buf_printf(&certuri, "file:%s%s", lead, certfile));
242 assert_true(buf_printf(&keyuri, "file:%s%s", lead, keyfile));
243
244 /* On Windows replace any '\' in path by '/' required for URI */
245#ifdef _WIN32
248#endif /* _WIN32 */
249
250 tls_ctx_client_new(&ctx);
251 tls_ctx_load_cert_file(&ctx, BSTR(&certuri), false);
253 tls_ctx_free(&ctx);
254#endif /* HAVE_OPENSSL_STORE */
255}
256
257
258static void
260{
261 int overhead = 0;
262
263 /* tls-auth and tls-crypt */
264 overhead += 128;
265
266 /* TCP length field and opcode */
267 overhead += 3;
268
269 /* ACK array and remote SESSION ID (part of the ACK array) */
271
272 /* Previous OpenVPN version calculated the maximum size and buffer of a
273 * control frame depending on the overhead of the data channel frame
274 * overhead and limited its maximum size to 1250. Since control frames
275 * also need to fit into data channel buffer we have the same
276 * default of 1500 + 100 as data channel buffers have. Increasing
277 * control channel mtu beyond this limit also increases the data channel
278 * buffers */
279 int tls_mtu = 1500;
280 frame->buf.payload_size = tls_mtu + 100;
281
284
285 frame->tun_mtu = tls_mtu;
286}
287
288static void
290{
291 struct gc_arena gc = gc_new();
292
293 /* initialise frame for the test */
294 struct frame frame;
296
298 struct buffer work = alloc_buf_gc(BUF_SIZE(&frame), &gc);
301 struct buffer buf = clear_buf();
302 void *buf_p;
303
304 /* init work */
306
307 update_time();
308
309 /* Test encryption, decryption for all packet sizes */
310 for (int i = 1; i <= frame.buf.payload_size; ++i)
311 {
312 /* msg(M_INFO, "TESTING ENCRYPT/DECRYPT of packet length=%d", i); */
313
314 /*
315 * Load src with random data.
316 */
317 ASSERT(buf_init(&src, 0));
318 ASSERT(i <= src.capacity);
319 src.len = i;
321
322 /* copy source to input buf */
323 buf = work;
324 buf_p = buf_write_alloc(&buf, BLEN(&src));
325 ASSERT(buf_p);
326 memcpy(buf_p, BPTR(&src), BLEN(&src));
327
328 /* initialize work buffer with buf.headroom bytes of prepend capacity */
330
331 /* encrypt */
333
334 /* decrypt */
335 openvpn_decrypt(&buf, decrypt_workspace, co, &frame, BPTR(&buf));
336
337 /* compare */
338 assert_int_equal(buf.len, src.len);
339 assert_memory_equal(BPTR(&src), BPTR(&buf), i);
340 }
341 gc_free(&gc);
342}
343
344static void
346{
347 struct frame frame;
349
350 struct gc_arena gc = gc_new();
353 struct buffer work = alloc_buf_gc(BUF_SIZE(&frame), &gc);
354 struct buffer buf = clear_buf();
356 void *buf_p;
357
359
360 /*
361 * Load src with random data.
362 */
363 ASSERT(buf_init(&src, 0));
364 ASSERT(len <= src.capacity);
365 src.len = len;
367
368 /* copy source to input buf */
369 buf = work;
370 buf_p = buf_write_alloc(&buf, BLEN(&src));
371 ASSERT(buf_p);
372 memcpy(buf_p, BPTR(&src), BLEN(&src));
373
376
377 /* decrypt */
378 openvpn_decrypt(&buf, decrypt_workspace, co, &frame, BPTR(&buf));
379
380 /* compare */
381 assert_int_equal(buf.len, src.len);
383
384 gc_free(&gc);
385}
386
387
388static void
390{
391 /* Check that we correctly react when we have a nearing AEAD limits */
392
393 /* manually increase the send counter to be past
394 * the GCM usage limit */
395 co->key_ctx_bi.encrypt.plaintext_blocks = 0x1ull << 40;
396
397
398 bool epoch = (co->flags & CO_EPOCH_DATA_KEY_FORMAT);
399
400 int expected_epoch = epoch ? 4 : 0;
401
402 /* Ensure that we are still on the initial key (our init_crypto_options
403 * unit test method iterates the initial key to 4) or that it is 0 when
404 * epoch is not in use
405 */
407
408 encrypt_one_packet(co, 1000);
409
410 /* either epoch key has been updated or warning is enabled */
411 if (epoch && !chachapoly)
412 {
414 }
415
417
418 if (!epoch)
419 {
420 /* Check always against the GCM usage limit here to see if that
421 * check works */
424 return;
425 }
426
427 /* Move to the end of the epoch data key send PID range, ChachaPoly
428 * should now also move to a new epoch data key */
430
431 encrypt_one_packet(co, 1000);
432 encrypt_one_packet(co, 1000);
433
436}
437
438
439static struct crypto_options
440init_crypto_options(const char *cipher, const char *auth, bool epoch, struct key2 *statickey)
441{
442 struct key2 key2 = { .n = 2 };
443
444 if (statickey)
445 {
446 /* Use chosen static key instead of random key when defined */
447 key2 = *statickey;
448 }
449 else
450 {
451 ASSERT(rand_bytes(key2.keys[0].cipher, sizeof(key2.keys[0].cipher)));
452 ASSERT(rand_bytes(key2.keys[0].hmac, sizeof(key2.keys[0].hmac)));
453 ASSERT(rand_bytes(key2.keys[1].cipher, sizeof(key2.keys[1].cipher)));
454 ASSERT(rand_bytes(key2.keys[1].hmac, sizeof(key2.keys)[1].hmac));
455 }
456
457 struct crypto_options co = { 0 };
458
459 struct key_type kt = create_kt(cipher, auth, "ssl-test");
460
461 if (epoch)
462 {
463 struct epoch_key e1 = { .epoch = 1, .epoch_key = { 0 } };
464 memcpy(e1.epoch_key, key2.keys[0].cipher, sizeof(e1.epoch_key));
466 epoch_init_key_ctx(&co, &kt, &e1, &e1, 5);
467
468 /* Do a little of dancing for the epoch_send_key_iterate to test
469 * that this works too */
473 }
474 else
475 {
476 init_key_ctx_bi(&co.key_ctx_bi, &key2, KEY_DIRECTION_BIDIRECTIONAL, &kt, "unit-test-ssl");
477 }
478 packet_id_init(&co.packet_id, 5, 5, "UNITTEST", 0);
479 return co;
480}
481
482static void
489
490/* This adds a few more methods than strictly necessary but this allows
491 * us to see which exact test was run from the backtrace of the test
492 * when it fails */
493static void
495{
496 bool ischacha = !strcmp(cipher, "ChaCha20-Poly1305");
497
498 struct crypto_options co = init_crypto_options(cipher, "none", true, NULL);
500 check_aead_limits(&co, ischacha);
502}
503
504static void
505run_data_channel_with_cipher(const char *cipher, const char *auth)
506{
507 bool ischacha = !strcmp(cipher, "ChaCha20-Poly1305");
508 struct crypto_options co = init_crypto_options(cipher, auth, false, NULL);
510 check_aead_limits(&co, ischacha);
512}
513
514
515static void
517{
518 run_data_channel_with_cipher("AES-128-GCM", "none");
519}
520
521static void
526
527static void
529{
530 run_data_channel_with_cipher("AES-192-GCM", "none");
531}
532
533static void
538
539static void
541{
542 run_data_channel_with_cipher("AES-256-GCM", "none");
543}
544
545static void
550
551static void
553{
554 run_data_channel_with_cipher("AES-128-CBC", "SHA256");
555}
556
557static void
559{
560 run_data_channel_with_cipher("AES-192-CBC", "SHA256");
561}
562
563static void
565{
566 run_data_channel_with_cipher("AES-256-CBC", "SHA256");
567}
568
569static void
571{
572 if (!cipher_valid("ChaCha20-Poly1305"))
573 {
574 skip();
575 return;
576 }
577
578 run_data_channel_with_cipher("ChaCha20-Poly1305", "none");
579}
580
581static void
583{
584 if (!cipher_valid("ChaCha20-Poly1305"))
585 {
586 skip();
587 return;
588 }
589
590 run_data_channel_with_cipher_epoch("ChaCha20-Poly1305");
591}
592
593static void
595{
596 if (!cipher_valid("BF-CBC"))
597 {
598 skip();
599 return;
600 }
601 run_data_channel_with_cipher("BF-CBC", "SHA1");
602}
603
604
605static struct key2
607{
608 struct key2 key2 = { .n = 2 };
609
610 const uint8_t key[] = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', '0', '1', '2',
611 '3', '4', '5', '6', '7', 'A', 'B', 'C', 'D', 'E', 'F',
612 'G', 'H', 'j', 'k', 'u', 'c', 'h', 'e', 'n', 'l' };
613
614 static_assert(sizeof(key) == 32, "Size of key should be 32 bytes");
615
616 /* copy the key a few times to ensure to have the size we need for
617 * Statickey but XOR it to not repeat it */
618 uint8_t keydata[sizeof(key2.keys)];
619
620 for (int i = 0; i < sizeof(key2.keys); i++)
621 {
622 keydata[i] = (uint8_t)(key[i % sizeof(key)] ^ i);
623 }
624
625 ASSERT(memcpy(key2.keys[0].cipher, keydata, sizeof(key2.keys[0].cipher)));
626 ASSERT(memcpy(key2.keys[0].hmac, keydata + 64, sizeof(key2.keys[0].hmac)));
627 ASSERT(memcpy(key2.keys[1].cipher, keydata + 128, sizeof(key2.keys[1].cipher)));
628 ASSERT(memcpy(key2.keys[1].hmac, keydata + 192, sizeof(key2.keys)[1].hmac));
629
630 return key2;
631}
632
633static void
635{
636 struct key2 key2 = create_key();
637
638 struct crypto_options co = init_crypto_options("AES-256-GCM", "none", epoch, &key2);
639
640 struct gc_arena gc = gc_new();
641
642 /* initialise frame for the test */
643 struct frame frame;
645
647 struct buffer work = alloc_buf_gc(BUF_SIZE(&frame), &gc);
650 struct buffer buf = clear_buf();
651 void *buf_p;
652
653 /* init work */
655
656 now = 0;
657
658 /*
659 * Load src with known data.
660 */
661 ASSERT(buf_init(&src, 0));
662 const char *plaintext = "The quick little fox jumps over the bureaucratic hurdles";
663
665
666 /* copy source to input buf */
667 buf = work;
668 buf_p = buf_write_alloc(&buf, BLEN(&src));
669 ASSERT(buf_p);
670 memcpy(buf_p, BPTR(&src), BLEN(&src));
671
672 /* initialize work buffer with buf.headroom bytes of prepend capacity */
674
675 /* add packet opcode and peer id */
680
681 /* encrypt */
683
684 /* separate buffer in authenticated data and encrypted data */
685 uint8_t *ad_start = BPTR(&buf);
686 buf_advance(&buf, 4);
687
688 if (epoch)
689 {
690 uint8_t packetid1[8] = { 0, 0x04, 0, 0, 0, 0, 0, 1 };
692 }
693 else
694 {
695 uint8_t packetid1[4] = { 0, 0, 0, 1 };
697 }
698
699 if (epoch)
700 {
702 const uint8_t exp_tag_epoch[16] = { 0x0f, 0xff, 0xf5, 0x91, 0x3d, 0x39, 0xd7, 0x5b,
703 0x18, 0x57, 0x3b, 0x57, 0x48, 0x58, 0x9a, 0x7d };
704
706 }
707 else
708 {
709 uint8_t *tag_location = BPTR(&buf) + 4;
710 const uint8_t exp_tag_noepoch[16] = { 0x1f, 0xdd, 0x90, 0x8f, 0x0e, 0x9d, 0xc2, 0x5e,
711 0x79, 0xd8, 0x32, 0x02, 0x0d, 0x58, 0xe7, 0x3f };
713 }
714
715 /* Check some bytes at the beginning of the encrypted part */
716 if (epoch)
717 {
718 const uint8_t bytesat14[6] = { 0x36, 0xaa, 0xb4, 0xd4, 0x9c, 0xe6 };
719 assert_memory_equal(BPTR(&buf) + 14, bytesat14, sizeof(bytesat14));
720 }
721 else
722 {
723 const uint8_t bytesat30[6] = { 0xa8, 0x2e, 0x6b, 0x17, 0x06, 0xd9 };
724 assert_memory_equal(BPTR(&buf) + 30, bytesat30, sizeof(bytesat30));
725 }
726
727 /* decrypt */
729
730 /* compare */
733
735 gc_free(&gc);
736}
737
738static void
743
744static void
749
750
751int
752main(void)
753{
755
756 const struct CMUnitTest tests[] = {
757 cmocka_unit_test(crypto_pem_encode_certificate),
758 cmocka_unit_test(test_load_certificate_and_key),
759 cmocka_unit_test(test_load_certificate_and_key_uri),
771 cmocka_unit_test(test_data_channel_roundtrip_bf_cbc),
774 };
775
776#if defined(ENABLE_CRYPTO_OPENSSL)
777 tls_init_lib();
778#endif
779
780 int ret = cmocka_run_group_tests_name("ssl tests", tests, init, cleanup);
781
782#if defined(ENABLE_CRYPTO_OPENSSL)
783 tls_free_lib();
784#endif
785
786 return ret;
787}
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace)
Modifies a string in place by replacing certain classes of characters of it with a specified characte...
Definition buffer.c:1041
struct buffer buffer_read_from_file(const char *filename, struct gc_arena *gc)
buffer_read_from_file - copy the content of a file into a buffer
Definition buffer.c:1348
#define BEND(buf)
Definition buffer.h:124
#define BSTR(buf)
Definition buffer.h:128
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:222
#define CC_ANY
any character
Definition buffer.h:867
#define BPTR(buf)
Definition buffer.h:123
static bool buf_advance(struct buffer *buf, int size)
Definition buffer.h:616
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition buffer.h:633
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
#define CC_BACKSLASH
backslash
Definition buffer.h:884
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:684
#define BLEN(buf)
Definition buffer.h:126
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
#define buf_init(buf, offset)
Definition buffer.h:209
static struct gc_arena gc_new(void)
Definition buffer.h:1007
#define key2
Definition cert_data.h:80
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition crypto.c:1094
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition crypto.c:1056
Data Channel Cryptography Module.
#define CO_EPOCH_DATA_KEY_FORMAT
Bit-flag indicating the epoch the data format.
Definition crypto.h:377
#define KEY_DIRECTION_BIDIRECTIONAL
Definition crypto.h:231
static bool aead_usage_limit_reached(const uint64_t limit, const struct key_ctx *key_ctx, int64_t higest_pid)
Checks if the usage limit for an AEAD cipher is reached.
Definition crypto.h:751
static struct key_type create_kt(const char *cipher, const char *md, const char *optname)
Creates and validates an instance of struct key_type with the provided algs.
Definition crypto.h:672
static bool cipher_valid(const char *ciphername)
Returns if the cipher is valid, based on the given cipher name.
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
#define OPENVPN_AEAD_TAG_LENGTH
void free_epoch_key_ctx(struct crypto_options *co)
Frees the extra data structures used by epoch keys in crypto_options.
void epoch_init_key_ctx(struct crypto_options *co, const struct key_type *key_type, const struct epoch_key *e1_send, const struct epoch_key *e1_recv, uint16_t future_key_count)
Initialises data channel keys and internal structures for epoch data keys using the provided E0 epoch...
void epoch_iterate_send_key(struct crypto_options *co)
Updates the send key and send_epoch_key in cryptio_options->key_ctx_bi to use the next epoch.
void openvpn_encrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt)
Encrypt and HMAC sign a packet so that it can be sent as a data channel VPN tunnel packet to a remote...
Definition crypto.c:322
bool openvpn_decrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start)
HMAC verify and decrypt a data channel packet received from a remote OpenVPN peer.
Definition crypto.c:773
#define RELIABLE_ACK_SIZE
The maximum number of packet IDs \ waiting to be acknowledged which can \ be stored in one reliable_a...
Definition reliable.h:43
#define ACK_SIZE(n)
Definition reliable.h:70
@ write
#define BUF_SIZE(f)
Definition mtu.h:178
#define ASSERT(x)
Definition error.h:217
time_t now
Definition otime.c:33
static void update_time(void)
Definition otime.h:76
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition packet_id.c:91
void packet_id_free(struct packet_id *p)
Definition packet_id.c:121
#define PACKET_ID_EPOCH_MAX
Definition packet_id.h:47
const char * platform_create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
Create a temporary file in directory, returns the filename of the created file.
Definition platform.c:544
static char * auth_challenge
Definition ssl.c:284
Control Channel SSL/Data channel negotiation module.
Control Channel SSL library backend module.
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:98
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:91
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Control Channel Verification Module library-specific backend interface.
result_t backend_x509_write_pem(openvpn_x509_cert_t *cert, const char *filename)
mbedtls_x509_crt openvpn_x509_cert_t
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
Security parameter state for processing data channel packets.
Definition crypto.h:293
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:384
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition crypto.h:294
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition crypto.h:331
uint8_t epoch_key[SHA256_DIGEST_LENGTH]
Definition crypto.h:193
uint16_t epoch
Definition crypto.h:194
Packet geometry parameters.
Definition mtu.h:103
int tun_mtu
the (user) configured tun-mtu.
Definition mtu.h:137
int payload_size
the maximum size that a payload that our buffers can hold from either tun device or network link.
Definition mtu.h:108
int headroom
the headroom in the buffer, this is choosen to allow all potential header to be added before the pack...
Definition mtu.h:114
struct frame::@8 buf
int tailroom
the tailroom in the buffer.
Definition mtu.h:118
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Container for bidirectional cipher and HMAC key material.
Definition crypto.h:240
int n
The number of key objects stored in the key2.keys array.
Definition crypto.h:241
struct key keys[2]
Two unidirectional sets of key material.
Definition crypto.h:243
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition crypto.h:281
uint16_t epoch
OpenVPN data channel epoch, this variable holds the epoch number this key belongs to.
Definition crypto.h:228
uint64_t plaintext_blocks
Counter for the number of plaintext block encrypted using this cipher with the current key in number ...
Definition crypto.h:222
const char * cipher
const name of the cipher
Definition crypto.h:142
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
uint8_t cipher[MAX_CIPHER_KEY_LENGTH]
Key material for cipher operations.
Definition crypto.h:153
uint8_t hmac[MAX_HMAC_KEY_LENGTH]
Key material for HMAC operations.
Definition crypto.h:155
uint64_t id
Definition packet_id.h:153
struct packet_id_send send
Definition packet_id.h:200
Structure that wraps the TLS context.
SSL_CTX * ctx
Definition ssl_openssl.h:41
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:35
static void test_data_channel_roundtrip_aes_192_cbc(void **state)
Definition test_ssl.c:558
static void test_load_certificate_and_key_uri(void **state)
Definition test_ssl.c:220
const char * certfile
Definition test_ssl.c:132
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Retrieves the user credentials from various sources depending on the flags.
Definition test_ssl.c:75
static void test_data_channel_roundtrip_aes_192_gcm_epoch(void **state)
Definition test_ssl.c:534
static void encrypt_one_packet(struct crypto_options *co, int len)
Definition test_ssl.c:345
static void test_data_channel_roundtrip_aes_256_cbc(void **state)
Definition test_ssl.c:564
static void test_load_certificate_and_key(void **state)
Definition test_ssl.c:198
static void test_data_channel_known_vectors_run(bool epoch)
Definition test_ssl.c:634
static struct key2 create_key(void)
Definition test_ssl.c:606
struct gc_arena gc
Definition test_ssl.c:131
void purge_user_pass(struct user_pass *up, bool force)
Definition test_ssl.c:81
static void check_aead_limits(struct crypto_options *co, bool chachapoly)
Definition test_ssl.c:389
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition test_ssl.c:57
static const char *const unittest_cert
Definition test_ssl.c:92
static void run_data_channel_with_cipher_epoch(const char *cipher)
Definition test_ssl.c:494
static int cleanup(void **state)
Definition test_ssl.c:158
static void do_data_channel_round_trip(struct crypto_options *co)
Definition test_ssl.c:289
static void test_data_channel_roundtrip_aes_128_gcm_epoch(void **state)
Definition test_ssl.c:522
static void crypto_pem_encode_certificate(void **state)
Definition test_ssl.c:168
static void test_data_channel_roundtrip_aes_128_gcm(void **state)
Definition test_ssl.c:516
int main(void)
Definition test_ssl.c:752
static void test_data_channel_roundtrip_aes_192_gcm(void **state)
Definition test_ssl.c:528
void throw_signal(const int signum)
Throw a hard signal.
Definition test_ssl.c:63
const char * keyfile
Definition test_ssl.c:133
static void init_frame_parameters(struct frame *frame)
Definition test_ssl.c:259
static void test_data_channel_roundtrip_bf_cbc(void **state)
Definition test_ssl.c:594
static void test_data_channel_roundtrip_chacha20_poly1305(void **state)
Definition test_ssl.c:570
struct signal_info siginfo_static
Definition test_ssl.c:54
static const char * get_tmp_dir(void)
Definition test_ssl.c:117
static void uninit_crypto_options(struct crypto_options *co)
Definition test_ssl.c:483
static void test_data_channel_roundtrip_aes_256_gcm(void **state)
Definition test_ssl.c:540
static void test_data_channel_known_vectors_epoch(void **state)
Definition test_ssl.c:739
static void test_data_channel_roundtrip_chacha20_poly1305_epoch(void **state)
Definition test_ssl.c:582
static const char *const unittest_key
Definition test_ssl.c:107
static struct @32 global_state
static void test_data_channel_roundtrip_aes_256_gcm_epoch(void **state)
Definition test_ssl.c:546
static int init(void **state)
Definition test_ssl.c:137
static void test_data_channel_roundtrip_aes_128_cbc(void **state)
Definition test_ssl.c:552
static struct crypto_options init_crypto_options(const char *cipher, const char *auth, bool epoch, struct key2 *statickey)
Definition test_ssl.c:440
static void run_data_channel_with_cipher(const char *cipher, const char *auth)
Definition test_ssl.c:505
static void test_data_channel_known_vectors_shortpktid(void **state)
Definition test_ssl.c:745
const char * win_get_tempdir(void)
Definition win32-util.c:151