OpenVPN
test_ssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2023-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <stdarg.h>
32#include <string.h>
33#include <setjmp.h>
34#include <cmocka.h>
35
36#include "crypto.h"
37#include "crypto_epoch.h"
38#include "options.h"
39#include "ssl_backend.h"
40#include "options_util.h"
41
42#include "mock_msg.h"
43#include "mss.h"
44#include "ssl_verify_backend.h"
45#include "win32.h"
46#include "test_common.h"
47#include "ssl.h"
48#include "buffer.h"
49#include "packet_id.h"
50
51/* Mock function to be allowed to include win32.c which is required for
52 * getting the temp directory */
53#ifdef _WIN32
54struct signal_info siginfo_static; /* GLOBAL */
55
56const char *
57strerror_win32(DWORD errnum, struct gc_arena *gc)
58{
59 ASSERT(false);
60}
61
62void
63throw_signal(const int signum)
64{
65 ASSERT(false);
66}
67#endif
68
69#if defined(ENABLE_CRYPTO_OPENSSL) && (OPENSSL_VERSION_NUMBER > 0x30000000L)
70#define HAVE_OPENSSL_STORE
71#endif
72
73/* stubs for some unused functions instead of pulling in too many dependencies */
74bool
75get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix,
76 const unsigned int flags, const char *auth_challenge)
77{
78 return false;
79}
80void
81purge_user_pass(struct user_pass *up, bool force)
82{
83 return;
84}
85
86static const char *const unittest_cert =
87 "-----BEGIN CERTIFICATE-----\n"
88 "MIIDYzCCAkugAwIBAgIRALrXTx4lqa8QgF7uGjISxmcwDQYJKoZIhvcNAQELBQAw\n"
89 "GDEWMBQGA1UEAwwNT1ZQTiBURVNUIENBMTAgFw0yMzAzMTMxNjA5MThaGA8yMTIz\n"
90 "MDIxNzE2MDkxOFowGTEXMBUGA1UEAwwOb3Zwbi10ZXN0LXJzYTEwggEiMA0GCSqG\n"
91 "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7xFoR6fmoyfsJIQDKKgbYgFw0MzVuDAmp\n"
92 "Rx6KTEihgTchkQx9fHddWbKiOUbcEnQi3LNux7P4QVl/4dRR3skisBug6Vd5LXeB\n"
93 "GZqmpu5XZiF4DgLz1lX21G0aOogFWkie2qGEcso40159x9FBDl5A3sLP18ubeex0\n"
94 "pd/BzDFv6SLOTyVWO/GCNc8IX/i0uN4mLvoVU00SeqwTPnS+CRXrSq4JjGDJLsXl\n"
95 "0/PlxkjsgU0yOOA0Z2d8Fzk3wClwP6Hc49BOMWKstUIhLbG2DcIv8l29EuEj2w3j\n"
96 "u/7gkewol96XQ2twpPvpoVAaiVh/m7hQUcQORQCD6eJcDjOZVCArAgMBAAGjgaQw\n"
97 "gaEwCQYDVR0TBAIwADAdBgNVHQ4EFgQUqYnRaBHrZmKLtMZES5AuwqzJkGYwUwYD\n"
98 "VR0jBEwwSoAU3MLDNDOK13DqflQ8ra7FeGBXK06hHKQaMBgxFjAUBgNVBAMMDU9W\n"
99 "UE4gVEVTVCBDQTGCFD55ErHXpK2JXS3WkfBm0NB1r3vKMBMGA1UdJQQMMAoGCCsG\n"
100 "AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZVcXrezA9Aby\n"
101 "sfUNHAsMxrex/EO0PrIPSrmSmc9sCiD8cCIeB6kL8c5iPPigoWW0uLA9zteDRFes\n"
102 "ez+Z8wBY6g8VQ0tFPURDooUg5011GZPDcuw7/PsI4+I2J9q6LHEp+6Oo4faSn/kl\n"
103 "yWYCLjM4FZdGXbOijDacQJiN6HcRv0UdodBrEVRf7YHJJmMCbCI7ZUGW2zef/+rO\n"
104 "e4Lkxh0MLYqCkNKH5ZfoGTC4Oeb0xKykswAanqgR60r+upaLU8PFuI2L9M3vc6KU\n"
105 "F6MgVGSxl6eylJgDYckvJiAbmcp2PD/LRQQOxQA0yqeAMg2cbdvclETuYD6zoFfu\n"
106 "Y8aO7dvDlw==\n"
107 "-----END CERTIFICATE-----\n";
108
109static const char *const unittest_key =
110 "-----BEGIN PRIVATE KEY-----\n"
111 "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7xFoR6fmoyfsJ\n"
112 "IQDKKgbYgFw0MzVuDAmpRx6KTEihgTchkQx9fHddWbKiOUbcEnQi3LNux7P4QVl/\n"
113 "4dRR3skisBug6Vd5LXeBGZqmpu5XZiF4DgLz1lX21G0aOogFWkie2qGEcso40159\n"
114 "x9FBDl5A3sLP18ubeex0pd/BzDFv6SLOTyVWO/GCNc8IX/i0uN4mLvoVU00SeqwT\n"
115 "PnS+CRXrSq4JjGDJLsXl0/PlxkjsgU0yOOA0Z2d8Fzk3wClwP6Hc49BOMWKstUIh\n"
116 "LbG2DcIv8l29EuEj2w3ju/7gkewol96XQ2twpPvpoVAaiVh/m7hQUcQORQCD6eJc\n"
117 "DjOZVCArAgMBAAECggEACqkuWAAJ3cyCBVWrXs8eDmLTWV9i9DmYvtS75ixIn2rf\n"
118 "v3cl12YevN0f6FgKLuqZT3Vqdqq+DCVhuIIQ9QkKMH8BQpSdE9NCCsFyZ23o8Gtr\n"
119 "EQ7ymfecb+RFwYx7NpqWrvZI32VJGArgPZH/zorLTTGYrAZbmBtHEqRsXOuEDw97\n"
120 "slwwcWaa9ztaYC8/N/7fgsnydaCFSaOByRlWuyvSmHvn6ZwLv8ANOshY6fstC0Jb\n"
121 "BW0GpSe9eZPjpl71VT2RtpghqLV5+iAoFDHoT+eZvBospcUGtfcZSU7RrBjKB8+a\n"
122 "U1d6hwKhduVs2peIQzl+FiOSdWriLcsZv79q4sBhsQKBgQDUDVTf5BGJ8apOs/17\n"
123 "YVk+Ad8Ey8sXvsfk49psmlCRa8Z4g0LVXfrP94qzhtl8U5kE9hs3nEF4j/kX1ZWG\n"
124 "k11tdsNTZN5x5bbAgEgPA6Ap6J/uto0HS8G0vSv0lyBymdKA3p/i5Dx+8Nc9cGns\n"
125 "LGI9MvviLX7pQFIkvbaCkdKwYwKBgQDirowjWZnm7BgVhF0G1m3DY9nQTYYU185W\n"
126 "UESaO5/nVzwUrA+FypJamD+AvmlSuY8rJeQAGAS6nQr9G8/617r+GwJnzRtxC6Vl\n"
127 "4OF5BJRsD70oX4CFOOlycMoJ8tzcYVH7NI8KVocjxb+QW82hqSvEwSsvnwwn3eOW\n"
128 "nr5u5vIHmQKBgCuc3lL6Dl1ntdZgEIdau0cUjXDoFUo589TwxBDIID/4gaZxoMJP\n"
129 "hPFXAVDxMDPw4azyjSB/47tPKTUsuYcnMfT8kynIujOEwnSPLcLgxQU5kgM/ynuw\n"
130 "qhNpQOwaVRMc7f2RTCMXPBYDpNE/GJn5eu8JWGLpZovEreBeoHX0VffvAoGAVrWn\n"
131 "+3mxykhzaf+oyg3KDNysG+cbq+tlDVVE+K5oG0kePVYX1fjIBQmJ+QhdJ3y9jCbB\n"
132 "UVveqzeZVXqHEw/kgoD4aZZmsdZfnVnpRa5/y9o1ZDUr50n+2nzUe/u/ijlb77iK\n"
133 "Is04gnGJNoI3ZWhdyrSNfXjcYH+bKClu9OM4n7kCgYAorc3PAX7M0bsQrrqYxUS8\n"
134 "56UU0YdhAgYitjM7Fm/0iIm0vDpSevxL9js4HnnsSMVR77spCBAGOCCZrTcI3Ejg\n"
135 "xKDYzh1xlfMRjJBuBu5Pd55ZAv9NXFGpsX5SO8fDZQJMwpcbQH36+UdqRRFDpjJ0\n"
136 "ZbX6nKcJ7jciJVKJds59Jg==\n"
137 "-----END PRIVATE KEY-----\n";
138
139static const char *
141{
142 const char *ret;
143#ifdef _WIN32
144 ret = win_get_tempdir();
145#else
146 ret = "/tmp";
147#endif
148 assert_non_null(ret);
149 return ret;
150}
151
152static struct
153{
154 struct gc_arena gc;
155 const char *certfile;
156 const char *keyfile;
158
159static int
160init(void **state)
161{
162 (void)state;
163 global_state.gc = gc_new();
166
167 int certfd = open(global_state.certfile, O_RDWR);
168 int keyfd = open(global_state.keyfile, O_RDWR);
169 if (certfd < 0 || keyfd < 0)
170 {
171 fail_msg("make tmpfile for certificate or key data failed (error = %d)", errno);
172 }
173 assert_int_equal(write(certfd, unittest_cert, strlen(unittest_cert)), strlen(unittest_cert));
174 assert_int_equal(write(keyfd, unittest_key, strlen(unittest_key)), strlen(unittest_key));
175 close(certfd);
176 close(keyfd);
177 return 0;
178}
179
180static int
181cleanup(void **state)
182{
183 (void)state;
184 unlink(global_state.certfile);
185 unlink(global_state.keyfile);
187 return 0;
188}
189
190static void
192{
193 struct gc_arena gc = gc_new();
194
195 struct tls_root_ctx ctx = { 0 };
198
199 openvpn_x509_cert_t *cert = NULL;
200
201 /* we do not have methods to fetch certificates from ssl contexts, use
202 * internal TLS library methods for the unit test */
203#ifdef ENABLE_CRYPTO_OPENSSL
204 cert = SSL_CTX_get0_certificate(ctx.ctx);
205#elif defined(ENABLE_CRYPTO_MBEDTLS)
206 cert = ctx.crt_chain;
207#endif
208
209 const char *tmpfile = platform_create_temp_file(get_tmp_dir(), "ut_pem", &gc);
210 backend_x509_write_pem(cert, tmpfile);
211
214
215 tls_ctx_free(&ctx);
217 gc_free(&gc);
218}
219
220static void
222{
223 (void)state;
224 struct tls_root_ctx ctx = { 0 };
225
226 /* test loading of inlined cert and key.
227 * loading the key also checks that it matches the loaded certificate
228 */
231 assert_int_equal(tls_ctx_load_priv_file(&ctx, unittest_key, true), 0);
233
234 /* test loading of cert and key from file */
236 tls_ctx_load_cert_file(&ctx, global_state.certfile, false);
237 assert_int_equal(tls_ctx_load_priv_file(&ctx, global_state.keyfile, false), 0);
239}
240
241/* test loading cert and key using file:/path URI */
242static void
244{
245 (void)state;
246
247#if !defined(HAVE_OPENSSL_STORE)
248 skip();
249#else /* HAVE_OPENSSL_STORE */
250
251 struct tls_root_ctx ctx = { 0 };
252 const char *certfile = global_state.certfile;
253 const char *keyfile = global_state.keyfile;
254 struct gc_arena *gc = &global_state.gc;
255
256 struct buffer certuri = alloc_buf_gc(6 + strlen(certfile) + 1, gc); /* 6 bytes for "file:/" */
257 struct buffer keyuri = alloc_buf_gc(6 + strlen(keyfile) + 1, gc); /* 6 bytes for "file:/" */
258
259 /* Windows temp file path starts with drive letter -- add a leading slash for URI */
260 const char *lead = "";
261#ifdef _WIN32
262 lead = "/";
263#endif /* _WIN32 */
264 assert_true(buf_printf(&certuri, "file:%s%s", lead, certfile));
265 assert_true(buf_printf(&keyuri, "file:%s%s", lead, keyfile));
266
267 /* On Windows replace any '\' in path by '/' required for URI */
268#ifdef _WIN32
271#endif /* _WIN32 */
272
273 tls_ctx_client_new(&ctx);
274 tls_ctx_load_cert_file(&ctx, BSTR(&certuri), false);
276 tls_ctx_free(&ctx);
277#endif /* HAVE_OPENSSL_STORE */
278}
279
280
281static void
283{
284 int overhead = 0;
285
286 /* tls-auth and tls-crypt */
287 overhead += 128;
288
289 /* TCP length field and opcode */
290 overhead += 3;
291
292 /* ACK array and remote SESSION ID (part of the ACK array) */
294
295 /* Previous OpenVPN version calculated the maximum size and buffer of a
296 * control frame depending on the overhead of the data channel frame
297 * overhead and limited its maximum size to 1250. Since control frames
298 * also need to fit into data channel buffer we have the same
299 * default of 1500 + 100 as data channel buffers have. Increasing
300 * control channel mtu beyond this limit also increases the data channel
301 * buffers */
302 int tls_mtu = 1500;
303 frame->buf.payload_size = tls_mtu + 100;
304
307
308 frame->tun_mtu = tls_mtu;
309}
310
311static void
313{
314 struct gc_arena gc = gc_new();
315
316 /* initialise frame for the test */
317 struct frame frame;
319
321 struct buffer work = alloc_buf_gc(BUF_SIZE(&frame), &gc);
324 struct buffer buf = clear_buf();
325 void *buf_p;
326
327 /* init work */
329
330 update_time();
331
332 /* Test encryption, decryption for all packet sizes */
333 for (int i = 1; i <= frame.buf.payload_size; ++i)
334 {
335 /* msg(M_INFO, "TESTING ENCRYPT/DECRYPT of packet length=%d", i); */
336
337 /*
338 * Load src with random data.
339 */
340 ASSERT(buf_init(&src, 0));
341 ASSERT(i <= src.capacity);
342 src.len = i;
344
345 /* copy source to input buf */
346 buf = work;
347 buf_p = buf_write_alloc(&buf, BLEN(&src));
348 ASSERT(buf_p);
349 memcpy(buf_p, BPTR(&src), BLEN(&src));
350
351 /* initialize work buffer with buf.headroom bytes of prepend capacity */
353
354 /* encrypt */
356
357 /* decrypt */
358 openvpn_decrypt(&buf, decrypt_workspace, co, &frame, BPTR(&buf));
359
360 /* compare */
361 assert_int_equal(buf.len, src.len);
362 assert_memory_equal(BPTR(&src), BPTR(&buf), i);
363 }
364 gc_free(&gc);
365}
366
367static void
369{
370 struct frame frame;
372
373 struct gc_arena gc = gc_new();
376 struct buffer work = alloc_buf_gc(BUF_SIZE(&frame), &gc);
377 struct buffer buf = clear_buf();
379 void *buf_p;
380
382
383 /*
384 * Load src with random data.
385 */
386 ASSERT(buf_init(&src, 0));
387 ASSERT(len <= src.capacity);
388 src.len = len;
390
391 /* copy source to input buf */
392 buf = work;
393 buf_p = buf_write_alloc(&buf, BLEN(&src));
394 ASSERT(buf_p);
395 memcpy(buf_p, BPTR(&src), BLEN(&src));
396
399
400 /* decrypt */
401 openvpn_decrypt(&buf, decrypt_workspace, co, &frame, BPTR(&buf));
402
403 /* compare */
404 assert_int_equal(buf.len, src.len);
406
407 gc_free(&gc);
408}
409
410
411static void
413{
414 /* Check that we correctly react when we have a nearing AEAD limits */
415
416 /* manually increase the send counter to be past
417 * the GCM usage limit */
418 co->key_ctx_bi.encrypt.plaintext_blocks = 0x1ull << 40;
419
420
421 bool epoch = (co->flags & CO_EPOCH_DATA_KEY_FORMAT);
422
423 int expected_epoch = epoch ? 4 : 0;
424
425 /* Ensure that we are still on the initial key (our init_crypto_options
426 * unit test method iterates the initial key to 4) or that it is 0 when
427 * epoch is not in use
428 */
430
431 encrypt_one_packet(co, 1000);
432
433 /* either epoch key has been updated or warning is enabled */
434 if (epoch && !chachapoly)
435 {
437 }
438
440
441 if (!epoch)
442 {
443 /* Check always against the GCM usage limit here to see if that
444 * check works */
447 return;
448 }
449
450 /* Move to the end of the epoch data key send PID range, ChachaPoly
451 * should now also move to a new epoch data key */
453
454 encrypt_one_packet(co, 1000);
455 encrypt_one_packet(co, 1000);
456
459}
460
461
462static struct crypto_options
463init_crypto_options(const char *cipher, const char *auth, bool epoch, struct key2 *statickey)
464{
465 struct key2 key2 = { .n = 2 };
466
467 if (statickey)
468 {
469 /* Use chosen static key instead of random key when defined */
470 key2 = *statickey;
471 }
472 else
473 {
474 ASSERT(rand_bytes(key2.keys[0].cipher, sizeof(key2.keys[0].cipher)));
475 ASSERT(rand_bytes(key2.keys[0].hmac, sizeof(key2.keys[0].hmac)));
476 ASSERT(rand_bytes(key2.keys[1].cipher, sizeof(key2.keys[1].cipher)));
477 ASSERT(rand_bytes(key2.keys[1].hmac, sizeof(key2.keys)[1].hmac));
478 }
479
480 struct crypto_options co = { 0 };
481
482 struct key_type kt = create_kt(cipher, auth, "ssl-test");
483
484 if (epoch)
485 {
486 struct epoch_key e1 = { .epoch = 1, .epoch_key = { 0 } };
487 memcpy(e1.epoch_key, key2.keys[0].cipher, sizeof(e1.epoch_key));
489 epoch_init_key_ctx(&co, &kt, &e1, &e1, 5);
490
491 /* Do a little of dancing for the epoch_send_key_iterate to test
492 * that this works too */
496 }
497 else
498 {
499 init_key_ctx_bi(&co.key_ctx_bi, &key2, KEY_DIRECTION_BIDIRECTIONAL, &kt, "unit-test-ssl");
500 }
501 packet_id_init(&co.packet_id, 5, 5, "UNITTEST", 0);
502 return co;
503}
504
505static void
512
513/* This adds a few more methods than strictly necessary but this allows
514 * us to see which exact test was run from the backtrace of the test
515 * when it fails */
516static void
518{
519 bool ischacha = !strcmp(cipher, "ChaCha20-Poly1305");
520
521 struct crypto_options co = init_crypto_options(cipher, "none", true, NULL);
523 check_aead_limits(&co, ischacha);
525}
526
527static void
528run_data_channel_with_cipher(const char *cipher, const char *auth)
529{
530 bool ischacha = !strcmp(cipher, "ChaCha20-Poly1305");
531 struct crypto_options co = init_crypto_options(cipher, auth, false, NULL);
533 check_aead_limits(&co, ischacha);
535}
536
537
538static void
540{
541 run_data_channel_with_cipher("AES-128-GCM", "none");
542}
543
544static void
549
550static void
552{
553 run_data_channel_with_cipher("AES-192-GCM", "none");
554}
555
556static void
561
562static void
564{
565 run_data_channel_with_cipher("AES-256-GCM", "none");
566}
567
568static void
573
574static void
576{
577 run_data_channel_with_cipher("AES-128-CBC", "SHA256");
578}
579
580static void
582{
583 run_data_channel_with_cipher("AES-192-CBC", "SHA256");
584}
585
586static void
588{
589 run_data_channel_with_cipher("AES-256-CBC", "SHA256");
590}
591
592static void
594{
595 if (!cipher_valid("ChaCha20-Poly1305"))
596 {
597 skip();
598 return;
599 }
600
601 run_data_channel_with_cipher("ChaCha20-Poly1305", "none");
602}
603
604static void
606{
607 if (!cipher_valid("ChaCha20-Poly1305"))
608 {
609 skip();
610 return;
611 }
612
613 run_data_channel_with_cipher_epoch("ChaCha20-Poly1305");
614}
615
616static void
618{
619 if (!cipher_valid("BF-CBC"))
620 {
621 skip();
622 return;
623 }
624 run_data_channel_with_cipher("BF-CBC", "SHA1");
625}
626
627
628static struct key2
630{
631 struct key2 key2 = { .n = 2 };
632
633 const uint8_t key[] = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', '0', '1', '2',
634 '3', '4', '5', '6', '7', 'A', 'B', 'C', 'D', 'E', 'F',
635 'G', 'H', 'j', 'k', 'u', 'c', 'h', 'e', 'n', 'l' };
636
637 static_assert(sizeof(key) == 32, "Size of key should be 32 bytes");
638
639 /* copy the key a few times to ensure to have the size we need for
640 * Statickey but XOR it to not repeat it */
641 uint8_t keydata[sizeof(key2.keys)];
642
643 for (int i = 0; i < sizeof(key2.keys); i++)
644 {
645 keydata[i] = (uint8_t)(key[i % sizeof(key)] ^ i);
646 }
647
648 ASSERT(memcpy(key2.keys[0].cipher, keydata, sizeof(key2.keys[0].cipher)));
649 ASSERT(memcpy(key2.keys[0].hmac, keydata + 64, sizeof(key2.keys[0].hmac)));
650 ASSERT(memcpy(key2.keys[1].cipher, keydata + 128, sizeof(key2.keys[1].cipher)));
651 ASSERT(memcpy(key2.keys[1].hmac, keydata + 192, sizeof(key2.keys)[1].hmac));
652
653 return key2;
654}
655
656static void
658{
659 struct key2 key2 = create_key();
660
661 struct crypto_options co = init_crypto_options("AES-256-GCM", "none", epoch, &key2);
662
663 struct gc_arena gc = gc_new();
664
665 /* initialise frame for the test */
666 struct frame frame;
668
670 struct buffer work = alloc_buf_gc(BUF_SIZE(&frame), &gc);
673 struct buffer buf = clear_buf();
674 void *buf_p;
675
676 /* init work */
678
679 now = 0;
680
681 /*
682 * Load src with known data.
683 */
684 ASSERT(buf_init(&src, 0));
685 const char *plaintext = "The quick little fox jumps over the bureaucratic hurdles";
686
688
689 /* copy source to input buf */
690 buf = work;
691 buf_p = buf_write_alloc(&buf, BLEN(&src));
692 ASSERT(buf_p);
693 memcpy(buf_p, BPTR(&src), BLEN(&src));
694
695 /* initialize work buffer with buf.headroom bytes of prepend capacity */
697
698 /* add packet opcode and peer id */
703
704 /* encrypt */
706
707 /* separate buffer in authenticated data and encrypted data */
708 uint8_t *ad_start = BPTR(&buf);
709 buf_advance(&buf, 4);
710
711 if (epoch)
712 {
713 uint8_t packetid1[8] = { 0, 0x04, 0, 0, 0, 0, 0, 1 };
715 }
716 else
717 {
718 uint8_t packetid1[4] = { 0, 0, 0, 1 };
720 }
721
722 if (epoch)
723 {
725 const uint8_t exp_tag_epoch[16] = { 0x0f, 0xff, 0xf5, 0x91, 0x3d, 0x39, 0xd7, 0x5b,
726 0x18, 0x57, 0x3b, 0x57, 0x48, 0x58, 0x9a, 0x7d };
727
729 }
730 else
731 {
732 uint8_t *tag_location = BPTR(&buf) + 4;
733 const uint8_t exp_tag_noepoch[16] = { 0x1f, 0xdd, 0x90, 0x8f, 0x0e, 0x9d, 0xc2, 0x5e,
734 0x79, 0xd8, 0x32, 0x02, 0x0d, 0x58, 0xe7, 0x3f };
736 }
737
738 /* Check some bytes at the beginning of the encrypted part */
739 if (epoch)
740 {
741 const uint8_t bytesat14[6] = { 0x36, 0xaa, 0xb4, 0xd4, 0x9c, 0xe6 };
742 assert_memory_equal(BPTR(&buf) + 14, bytesat14, sizeof(bytesat14));
743 }
744 else
745 {
746 const uint8_t bytesat30[6] = { 0xa8, 0x2e, 0x6b, 0x17, 0x06, 0xd9 };
747 assert_memory_equal(BPTR(&buf) + 30, bytesat30, sizeof(bytesat30));
748 }
749
750 /* decrypt */
752
753 /* compare */
756
758 gc_free(&gc);
759}
760
761static void
766
767static void
772
773
774int
775main(void)
776{
778
779 const struct CMUnitTest tests[] = {
780 cmocka_unit_test(crypto_pem_encode_certificate),
781 cmocka_unit_test(test_load_certificate_and_key),
782 cmocka_unit_test(test_load_certificate_and_key_uri),
794 cmocka_unit_test(test_data_channel_roundtrip_bf_cbc),
797 };
798
799#if defined(ENABLE_CRYPTO_OPENSSL)
800 tls_init_lib();
801#endif
802
803 int ret = cmocka_run_group_tests_name("ssl tests", tests, init, cleanup);
804
805#if defined(ENABLE_CRYPTO_OPENSSL)
806 tls_free_lib();
807#endif
808
809 return ret;
810}
bool buf_printf(struct buffer *buf, const char *format,...)
Definition buffer.c:241
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace)
Modifies a string in place by replacing certain classes of characters of it with a specified characte...
Definition buffer.c:1041
struct buffer buffer_read_from_file(const char *filename, struct gc_arena *gc)
buffer_read_from_file - copy the content of a file into a buffer
Definition buffer.c:1348
#define BEND(buf)
Definition buffer.h:124
#define BSTR(buf)
Definition buffer.h:128
static struct buffer clear_buf(void)
Return an empty struct buffer.
Definition buffer.h:222
#define CC_ANY
any character
Definition buffer.h:867
#define BPTR(buf)
Definition buffer.h:123
static bool buf_advance(struct buffer *buf, int size)
Definition buffer.h:616
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition buffer.h:633
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
#define CC_BACKSLASH
backslash
Definition buffer.h:884
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:684
#define BLEN(buf)
Definition buffer.h:126
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
#define buf_init(buf, offset)
Definition buffer.h:209
static struct gc_arena gc_new(void)
Definition buffer.h:1007
#define key2
Definition cert_data.h:80
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition crypto.c:1094
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition crypto.c:1056
Data Channel Cryptography Module.
#define CO_EPOCH_DATA_KEY_FORMAT
Bit-flag indicating the epoch the data format.
Definition crypto.h:377
#define KEY_DIRECTION_BIDIRECTIONAL
Definition crypto.h:231
static bool aead_usage_limit_reached(const uint64_t limit, const struct key_ctx *key_ctx, int64_t higest_pid)
Checks if the usage limit for an AEAD cipher is reached.
Definition crypto.h:751
static struct key_type create_kt(const char *cipher, const char *md, const char *optname)
Creates and validates an instance of struct key_type with the provided algs.
Definition crypto.h:672
static bool cipher_valid(const char *ciphername)
Returns if the cipher is valid, based on the given cipher name.
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
#define OPENVPN_AEAD_TAG_LENGTH
void free_epoch_key_ctx(struct crypto_options *co)
Frees the extra data structures used by epoch keys in crypto_options.
void epoch_init_key_ctx(struct crypto_options *co, const struct key_type *key_type, const struct epoch_key *e1_send, const struct epoch_key *e1_recv, uint16_t future_key_count)
Initialises data channel keys and internal structures for epoch data keys using the provided E0 epoch...
void epoch_iterate_send_key(struct crypto_options *co)
Updates the send key and send_epoch_key in cryptio_options->key_ctx_bi to use the next epoch.
void openvpn_encrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt)
Encrypt and HMAC sign a packet so that it can be sent as a data channel VPN tunnel packet to a remote...
Definition crypto.c:322
bool openvpn_decrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start)
HMAC verify and decrypt a data channel packet received from a remote OpenVPN peer.
Definition crypto.c:773
#define RELIABLE_ACK_SIZE
The maximum number of packet IDs \ waiting to be acknowledged which can \ be stored in one reliable_a...
Definition reliable.h:43
#define ACK_SIZE(n)
Definition reliable.h:70
@ write
#define BUF_SIZE(f)
Definition mtu.h:178
#define ASSERT(x)
Definition error.h:217
time_t now
Definition otime.c:33
static void update_time(void)
Definition otime.h:76
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition packet_id.c:91
void packet_id_free(struct packet_id *p)
Definition packet_id.c:121
#define PACKET_ID_EPOCH_MAX
Definition packet_id.h:47
const char * platform_create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
Create a temporary file in directory, returns the filename of the created file.
Definition platform.c:544
static char * auth_challenge
Definition ssl.c:284
Control Channel SSL/Data channel negotiation module.
Control Channel SSL library backend module.
void tls_ctx_free(struct tls_root_ctx *ctx)
Frees the library-specific TLSv1 context.
int tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file, bool priv_key_file_inline)
Load private key file into the given TLS context.
void tls_free_lib(void)
Free any global SSL library-specific data structures.
Definition ssl_openssl.c:98
void tls_init_lib(void)
Perform any static initialisation necessary by the library.
Definition ssl_openssl.c:91
void tls_ctx_client_new(struct tls_root_ctx *ctx)
Initialises a library-specific TLS context for a client.
void tls_ctx_load_cert_file(struct tls_root_ctx *ctx, const char *cert_file, bool cert_file_inline)
Load certificate file into the given TLS context.
Control Channel Verification Module library-specific backend interface.
result_t backend_x509_write_pem(openvpn_x509_cert_t *cert, const char *filename)
mbedtls_x509_crt openvpn_x509_cert_t
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
Security parameter state for processing data channel packets.
Definition crypto.h:293
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:384
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition crypto.h:294
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition crypto.h:331
uint8_t epoch_key[SHA256_DIGEST_LENGTH]
Definition crypto.h:193
uint16_t epoch
Definition crypto.h:194
Packet geometry parameters.
Definition mtu.h:103
int tun_mtu
the (user) configured tun-mtu.
Definition mtu.h:137
int payload_size
the maximum size that a payload that our buffers can hold from either tun device or network link.
Definition mtu.h:108
int headroom
the headroom in the buffer, this is choosen to allow all potential header to be added before the pack...
Definition mtu.h:114
struct frame::@8 buf
int tailroom
the tailroom in the buffer.
Definition mtu.h:118
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Container for bidirectional cipher and HMAC key material.
Definition crypto.h:240
int n
The number of key objects stored in the key2.keys array.
Definition crypto.h:241
struct key keys[2]
Two unidirectional sets of key material.
Definition crypto.h:243
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition crypto.h:281
uint16_t epoch
OpenVPN data channel epoch, this variable holds the epoch number this key belongs to.
Definition crypto.h:228
uint64_t plaintext_blocks
Counter for the number of plaintext block encrypted using this cipher with the current key in number ...
Definition crypto.h:222
const char * cipher
const name of the cipher
Definition crypto.h:142
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
uint8_t cipher[MAX_CIPHER_KEY_LENGTH]
Key material for cipher operations.
Definition crypto.h:153
uint8_t hmac[MAX_HMAC_KEY_LENGTH]
Key material for HMAC operations.
Definition crypto.h:155
uint64_t id
Definition packet_id.h:153
struct packet_id_send send
Definition packet_id.h:200
Structure that wraps the TLS context.
SSL_CTX * ctx
Definition ssl_openssl.h:41
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:35
static void test_data_channel_roundtrip_aes_192_cbc(void **state)
Definition test_ssl.c:581
static void test_load_certificate_and_key_uri(void **state)
Definition test_ssl.c:243
const char * certfile
Definition test_ssl.c:155
bool get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix, const unsigned int flags, const char *auth_challenge)
Retrieves the user credentials from various sources depending on the flags.
Definition test_ssl.c:75
static void test_data_channel_roundtrip_aes_192_gcm_epoch(void **state)
Definition test_ssl.c:557
static void encrypt_one_packet(struct crypto_options *co, int len)
Definition test_ssl.c:368
static void test_data_channel_roundtrip_aes_256_cbc(void **state)
Definition test_ssl.c:587
static void test_load_certificate_and_key(void **state)
Definition test_ssl.c:221
static void test_data_channel_known_vectors_run(bool epoch)
Definition test_ssl.c:657
static struct key2 create_key(void)
Definition test_ssl.c:629
struct gc_arena gc
Definition test_ssl.c:154
void purge_user_pass(struct user_pass *up, bool force)
Definition test_ssl.c:81
static void check_aead_limits(struct crypto_options *co, bool chachapoly)
Definition test_ssl.c:412
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition test_ssl.c:57
static const char *const unittest_cert
Definition test_ssl.c:86
static void run_data_channel_with_cipher_epoch(const char *cipher)
Definition test_ssl.c:517
static int cleanup(void **state)
Definition test_ssl.c:181
static void do_data_channel_round_trip(struct crypto_options *co)
Definition test_ssl.c:312
static void test_data_channel_roundtrip_aes_128_gcm_epoch(void **state)
Definition test_ssl.c:545
static void crypto_pem_encode_certificate(void **state)
Definition test_ssl.c:191
static void test_data_channel_roundtrip_aes_128_gcm(void **state)
Definition test_ssl.c:539
int main(void)
Definition test_ssl.c:775
static void test_data_channel_roundtrip_aes_192_gcm(void **state)
Definition test_ssl.c:551
void throw_signal(const int signum)
Throw a hard signal.
Definition test_ssl.c:63
const char * keyfile
Definition test_ssl.c:156
static void init_frame_parameters(struct frame *frame)
Definition test_ssl.c:282
static void test_data_channel_roundtrip_bf_cbc(void **state)
Definition test_ssl.c:617
static void test_data_channel_roundtrip_chacha20_poly1305(void **state)
Definition test_ssl.c:593
struct signal_info siginfo_static
Definition test_ssl.c:54
static const char * get_tmp_dir(void)
Definition test_ssl.c:140
static void uninit_crypto_options(struct crypto_options *co)
Definition test_ssl.c:506
static void test_data_channel_roundtrip_aes_256_gcm(void **state)
Definition test_ssl.c:563
static void test_data_channel_known_vectors_epoch(void **state)
Definition test_ssl.c:762
static void test_data_channel_roundtrip_chacha20_poly1305_epoch(void **state)
Definition test_ssl.c:605
static const char *const unittest_key
Definition test_ssl.c:109
static struct @32 global_state
static void test_data_channel_roundtrip_aes_256_gcm_epoch(void **state)
Definition test_ssl.c:569
static int init(void **state)
Definition test_ssl.c:160
static void test_data_channel_roundtrip_aes_128_cbc(void **state)
Definition test_ssl.c:575
static struct crypto_options init_crypto_options(const char *cipher, const char *auth, bool epoch, struct key2 *statickey)
Definition test_ssl.c:463
static void run_data_channel_with_cipher(const char *cipher, const char *auth)
Definition test_ssl.c:528
static void test_data_channel_known_vectors_shortpktid(void **state)
Definition test_ssl.c:768
const char * win_get_tempdir(void)
Definition win32-util.c:151