OpenVPN
test_tls_crypt.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24#ifdef HAVE_CONFIG_H
25#include "config.h"
26#endif
27
28#include "syshead.h"
29
30#include <stdio.h>
31#include <stdlib.h>
32#include <stdarg.h>
33#include <string.h>
34#include <setjmp.h>
35#include <cmocka.h>
36
37#include "test_common.h"
38#include "tls_crypt.c"
39
40/* Define this function here as dummy since including the ssl_*.c files
41 * leads to having to include even more unrelated code */
42bool
43key_state_export_keying_material(struct tls_session *session,
44 const char *label, size_t label_size,
45 void *ekm, size_t ekm_size)
46{
47 memset(ekm, 0xba, ekm_size);
48 return true;
49}
50
51
52#define TESTBUF_SIZE 128
53
54/* Defines for use in the tests and the mock parse_line() */
55#define PATH1 "/s p a c e"
56#define PATH2 "/foo bar/baz"
57#define PARAM1 "param1"
58#define PARAM2 "param two"
59
60static const char *test_server_key = \
61 "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
62 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
63 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
64 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn8=\n"
65 "-----END OpenVPN tls-crypt-v2 server key-----\n";
66
67static const char *test_client_key = \
68 "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
69 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
70 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
71 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
72 "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
73 "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
74 "8PHy8/T19vf4+fr7/P3+/xd9pcB0qUYZsWvkrLcfGmzPJPM8a7r0mEWdXwbDadSV\n"
75 "LHg5bv2TwlmPR3HgaMr8o9LTh9hxUTkrH3S0PfKRNwcso86ua/dBFTyXsM9tg4aw\n"
76 "3dS6ogH9AkaT+kRRDgNcKWkQCbwmJK2JlfkXHBwbAtmn78AkNuho6QCFqCdqGab3\n"
77 "zh2vheFqGMPdGpukbFrT3rcO3VLxUeG+RdzXiMTCpJSovFBP1lDkYwYJPnz6daEh\n"
78 "j0TzJ3BVru9W3CpotdNt7u09knxAfpCxjtrP3semsDew/gTBtcfQ/OoTFyFHnN5k\n"
79 "RZ+q17SC4nba3Pp8/Fs0+hSbv2tJozoD8SElFq7SIWJsciTYh8q8f5yQxjdt4Wxu\n"
80 "/Z5wtPCAZ0tOzj4ItTI77fBOYRTfEayzHgEr\n"
81 "-----END OpenVPN tls-crypt-v2 client key-----\n";
82
83
84/* Has custom metadata of AABBCCDD (base64) */
85static const char *test_client_key_metadata = \
86 "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
87 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
88 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
89 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
90 "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
91 "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
92 "8PHy8/T19vf4+fr7/P3+/2ntp1WCqhcLjJQY/igkjNt3Yb6i0neqFkfrOp2UCDcz\n"
93 "6RSJtPLZbvOOKUHk2qwxPYUsFCnz/IWV6/ZiLRrabzUpS8oSN1HS6P7qqAdrHKgf\n"
94 "hVTHasdSf2UdMTPC7HBgnP9Ll0FhKN0h7vSzbbt7QM7wH9mr1ecc/Mt0SYW2lpwA\n"
95 "aJObYGTyk6hTgWm0g/MLrworLrezTqUHBZzVsu+LDyqLWK1lzJNd66MuNOsGA4YF\n"
96 "fbCsDh8n3H+Cw1k5YNBZDYYJOtVUgBWXheO6vgoOmqDdI0dAQ3hVo9DE+SkCFjgf\n"
97 "l4FY2yLEh9ZVZZrl1eD1Owh/X178CkHrBJYl9LNQSyQEKlDGWwBLQ/pY3qtjctr3\n"
98 "pV62MPQdBo+1lcsjDCJVQA6XUyltas4BKQ==\n"
99 "-----END OpenVPN tls-crypt-v2 client key-----\n";
100
101int
102__wrap_parse_line(const char *line, char **p, const int n, const char *file,
103 const int line_num, int msglevel, struct gc_arena *gc)
104{
105 p[0] = PATH1 PATH2;
106 p[1] = PARAM1;
107 p[2] = PARAM2;
108 return 3;
109}
110
111bool
112__wrap_buffer_write_file(const char *filename, const struct buffer *buf)
113{
114 const char *pem = BSTR(buf);
115 check_expected(filename);
116 check_expected(pem);
117
118 return mock_type(bool);
119}
120
121struct buffer
122__wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
123{
124 check_expected(filename);
125
126 const char *pem_str = mock_ptr_type(const char *);
127 struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
128 buf_write(&ret, pem_str, strlen(pem_str) + 1);
129
130 return ret;
131}
132
133
135int
136__wrap_rand_bytes(uint8_t *output, int len)
137{
138 for (int i = 0; i < len; i++)
139 {
140 output[i] = (uint8_t)i;
141 }
142 return true;
143}
144
152
153
154static int
155test_tls_crypt_setup(void **state)
156{
157 struct test_tls_crypt_context *ctx = calloc(1, sizeof(*ctx));
158 *state = ctx;
159
160 struct key_parameters key = { .cipher = { 0 }, .hmac = { 0 },
161 .hmac_size = MAX_HMAC_KEY_LENGTH, .cipher_size = MAX_CIPHER_KEY_LENGTH };
162
163 ctx->kt = tls_crypt_kt();
164 if (!ctx->kt.cipher || !ctx->kt.digest)
165 {
166 return 0;
167 }
168 init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
169 init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
170
171 packet_id_init(&ctx->co.packet_id, 0, 0, "test", 0);
172
173 ctx->source = alloc_buf(TESTBUF_SIZE);
174 ctx->ciphertext = alloc_buf(TESTBUF_SIZE);
175 ctx->unwrapped = alloc_buf(TESTBUF_SIZE);
176
177 /* Write test plaintext */
178 const char *plaintext = "1234567890";
179 buf_write(&ctx->source, plaintext, strlen(plaintext));
180
181 /* Write test ciphertext */
182 const char *ciphertext = "012345678";
183 buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
184
185 return 0;
186}
187
188static int
189test_tls_crypt_teardown(void **state)
190{
191 struct test_tls_crypt_context *ctx =
192 (struct test_tls_crypt_context *)*state;
193
194 free_buf(&ctx->source);
195 free_buf(&ctx->ciphertext);
196 free_buf(&ctx->unwrapped);
197
198 free_key_ctx_bi(&ctx->co.key_ctx_bi);
199
200 free(ctx);
201
202 return 0;
203}
204
205static void
206skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx)
207{
208 if (!ctx->kt.cipher || !ctx->kt.digest)
209 {
210 skip();
211 }
212}
213
217static void
218tls_crypt_loopback(void **state)
219{
220 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
221
222 skip_if_tls_crypt_not_supported(ctx);
223
224 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
225 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
226 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
227 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
228 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
229 BLEN(&ctx->source));
230}
231
232
236static void
237test_tls_crypt_secure_reneg_key(void **state)
238{
239 struct test_tls_crypt_context *ctx =
240 (struct test_tls_crypt_context *)*state;
241
242 struct gc_arena gc = gc_new();
243
244 struct tls_session session = { 0 };
245
246 struct tls_options tls_opt = { 0 };
247 tls_opt.replay_window = 32;
248 tls_opt.replay_time = 60;
249 tls_opt.frame.buf.payload_size = 512;
250 session.opt = &tls_opt;
251
252 tls_session_generate_dynamic_tls_crypt_key(&session);
253
254 struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg;
255
256 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
257 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
258
259 uint8_t expected_ciphertext[] = {
260 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xe3, 0x19, 0x27, 0x7f, 0x1c, 0x8d, 0x6e, 0x6a,
261 0x77, 0x96, 0xa8, 0x55, 0x33, 0x7b, 0x9c, 0xfb, 0x56, 0xe1, 0xf1, 0x3a, 0x87, 0x0e, 0x66, 0x47,
262 0xdf, 0xa1, 0x95, 0xc9, 0x2c, 0x17, 0xa0, 0x15, 0xba, 0x49, 0x67, 0xa1, 0x1d, 0x55, 0xea, 0x1a,
263 0x06, 0xa7
264 };
265 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
266 tls_wrap_free(&session.tls_wrap_reneg);
267
268 /* Use previous tls-crypt key as 0x00, with xor we should have the same key
269 * and expect the same result */
270 session.tls_wrap.mode = TLS_WRAP_CRYPT;
271 memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00, sizeof(session.tls_wrap.original_wrap_keydata.keys));
272 session.tls_wrap.original_wrap_keydata.n = 2;
273
274 tls_session_generate_dynamic_tls_crypt_key(&session);
275 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
276 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
277
278 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
279 tls_wrap_free(&session.tls_wrap_reneg);
280
281 /* XOR should not force a different key */
282 memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42, sizeof(session.tls_wrap.original_wrap_keydata.keys));
283 tls_session_generate_dynamic_tls_crypt_key(&session);
284
285 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
286 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
287
288 /* packet id at the start should be equal */
289 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, 8);
290
291 /* Skip packet id */
292 buf_advance(&rctx->work, 8);
293 assert_memory_not_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
294 tls_wrap_free(&session.tls_wrap_reneg);
295
296
297 gc_free(&gc);
298}
299
303static void
304tls_crypt_loopback_zero_len(void **state)
305{
306 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
307
308 skip_if_tls_crypt_not_supported(ctx);
309
310 buf_clear(&ctx->source);
311
312 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
313 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
314 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
315 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
316 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
317 BLEN(&ctx->source));
318}
319
323static void
324tls_crypt_loopback_max_len(void **state)
325{
326 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
327
328 skip_if_tls_crypt_not_supported(ctx);
329
330 buf_clear(&ctx->source);
331 assert_non_null(buf_write_alloc(&ctx->source,
332 TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead()));
333
334 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
335 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
336 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
337 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
338 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
339 BLEN(&ctx->source));
340}
341
345static void
346tls_crypt_fail_msg_too_long(void **state)
347{
348 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
349
350 skip_if_tls_crypt_not_supported(ctx);
351
352 buf_clear(&ctx->source);
353 assert_non_null(buf_write_alloc(&ctx->source,
354 TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead() + 1));
355 assert_false(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
356}
357
362static void
363tls_crypt_fail_invalid_key(void **state)
364{
365 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
366
367 skip_if_tls_crypt_not_supported(ctx);
368
369 /* Change decrypt key */
370 struct key_parameters key = { .cipher = { 1 }, .hmac = { 1 },
371 .cipher_size = MAX_CIPHER_KEY_LENGTH, .hmac_size = MAX_HMAC_KEY_LENGTH };
372 free_key_ctx(&ctx->co.key_ctx_bi.decrypt);
373 init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
374
375 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
376 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
377 assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
378}
379
383static void
384tls_crypt_fail_replay(void **state)
385{
386 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
387
388 skip_if_tls_crypt_not_supported(ctx);
389
390 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
391 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
392 struct buffer tmp = ctx->ciphertext;
393 assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
394 buf_clear(&ctx->unwrapped);
395 assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
396}
397
403static void
404tls_crypt_ignore_replay(void **state)
405{
406 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
407
408 skip_if_tls_crypt_not_supported(ctx);
409
410 ctx->co.flags |= CO_IGNORE_PACKET_ID;
411
412 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
413 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
414 struct buffer tmp = ctx->ciphertext;
415 assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
416 buf_clear(&ctx->unwrapped);
417 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
418}
419
430
431static int
432test_tls_crypt_v2_setup(void **state)
433{
434 struct test_tls_crypt_v2_context *ctx = calloc(1, sizeof(*ctx));
435 *state = ctx;
436
437 ctx->gc = gc_new();
438
439 /* Slightly longer buffers to be able to test too-long data */
440 ctx->metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN+16, &ctx->gc);
441 ctx->unwrapped_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN+16,
442 &ctx->gc);
443 ctx->wkc = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN+16, &ctx->gc);
444
445 /* Generate server key */
446 rand_bytes((void *)ctx->server_key2.keys, sizeof(ctx->server_key2.keys));
447 ctx->server_key2.n = 2;
448 struct key_type kt = tls_crypt_kt();
449 init_key_ctx_bi(&ctx->server_keys, &ctx->server_key2,
450 KEY_DIRECTION_BIDIRECTIONAL, &kt,
451 "tls-crypt-v2 server key");
452
453 /* Generate client key */
454 rand_bytes((void *)ctx->client_key2.keys, sizeof(ctx->client_key2.keys));
455 ctx->client_key2.n = 2;
456
457 return 0;
458}
459
460static int
461test_tls_crypt_v2_teardown(void **state)
462{
463 struct test_tls_crypt_v2_context *ctx =
464 (struct test_tls_crypt_v2_context *) *state;
465
466 free_key_ctx_bi(&ctx->server_keys);
467 free_key_ctx_bi(&ctx->client_key);
468
469 gc_free(&ctx->gc);
470
471 free(ctx);
472
473 return 0;
474}
475
479static void
480tls_crypt_v2_wrap_unwrap_no_metadata(void **state)
481{
482 struct test_tls_crypt_v2_context *ctx =
483 (struct test_tls_crypt_v2_context *) *state;
484
485 struct buffer wrapped_client_key = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN,
486 &ctx->gc);
487 assert_true(tls_crypt_v2_wrap_client_key(&wrapped_client_key,
488 &ctx->client_key2,
489 &ctx->metadata,
490 &ctx->server_keys.encrypt,
491 &ctx->gc));
492
493 struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
494 &ctx->gc);
495 struct key2 unwrapped_client_key2 = { 0 };
496 assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
497 &unwrap_metadata,
498 wrapped_client_key,
499 &ctx->server_keys.decrypt));
500
501 assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
502 sizeof(ctx->client_key2.keys)));
503}
504
509static void
510tls_crypt_v2_wrap_unwrap_max_metadata(void **state)
511{
512 struct test_tls_crypt_v2_context *ctx =
513 (struct test_tls_crypt_v2_context *) *state;
514
515 uint8_t *metadata =
516 buf_write_alloc(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN);
517 assert_true(rand_bytes(metadata, TLS_CRYPT_V2_MAX_METADATA_LEN));
518 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
519 &ctx->metadata,
520 &ctx->server_keys.encrypt,
521 &ctx->gc));
522
523 struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
524 &ctx->gc);
525 struct key2 unwrapped_client_key2 = { 0 };
526 assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
527 &unwrap_metadata, ctx->wkc,
528 &ctx->server_keys.decrypt));
529
530 assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
531 sizeof(ctx->client_key2.keys)));
532 assert_true(buf_equal(&ctx->metadata, &unwrap_metadata));
533
534 struct tls_wrap_ctx wrap_ctx = {
535 .mode = TLS_WRAP_CRYPT,
536 .tls_crypt_v2_server_key = ctx->server_keys.encrypt,
537 };
538 assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL));
539 tls_wrap_free(&wrap_ctx);
540}
541
546static void
547tls_crypt_v2_wrap_too_long_metadata(void **state)
548{
549 struct test_tls_crypt_v2_context *ctx =
550 (struct test_tls_crypt_v2_context *) *state;
551
552 assert_true(buf_inc_len(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN+1));
553 assert_false(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
554 &ctx->metadata,
555 &ctx->server_keys.encrypt,
556 &ctx->gc));
557}
558
563static void
564tls_crypt_v2_wrap_unwrap_wrong_key(void **state)
565{
566 struct test_tls_crypt_v2_context *ctx =
567 (struct test_tls_crypt_v2_context *) *state;
568
569 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
570 &ctx->metadata,
571 &ctx->server_keys.encrypt,
572 &ctx->gc));
573
574 /* Change server key */
575 struct key_type kt = tls_crypt_kt();
576 free_key_ctx_bi(&ctx->server_keys);
577 memset(&ctx->server_key2.keys, 0, sizeof(ctx->server_key2.keys));
578 init_key_ctx_bi(&ctx->server_keys, &ctx->server_key2,
579 KEY_DIRECTION_BIDIRECTIONAL, &kt,
580 "wrong tls-crypt-v2 server key");
581
582
583 struct key2 unwrapped_client_key2 = { 0 };
584 assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
585 &ctx->unwrapped_metadata,
586 ctx->wkc,
587 &ctx->server_keys.decrypt));
588
589 const struct key2 zero = { 0 };
590 assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
591 assert_true(0 == BLEN(&ctx->unwrapped_metadata));
592}
593
598static void
599tls_crypt_v2_wrap_unwrap_dst_too_small(void **state)
600{
601 struct test_tls_crypt_v2_context *ctx =
602 (struct test_tls_crypt_v2_context *) *state;
603
604 uint8_t *metadata =
605 buf_write_alloc(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN);
606 assert_true(rand_bytes(metadata, TLS_CRYPT_V2_MAX_METADATA_LEN));
607 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
608 &ctx->metadata,
609 &ctx->server_keys.encrypt,
610 &ctx->gc));
611
612 struct key2 unwrapped_client_key2 = { 0 };
613 struct buffer unwrapped_metadata =
614 alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN-1, &ctx->gc);
615 assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
616 &unwrapped_metadata, ctx->wkc,
617 &ctx->server_keys.decrypt));
618
619 const struct key2 zero = { 0 };
620 assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
621 assert_true(0 == BLEN(&ctx->unwrapped_metadata));
622}
623
624static void
625test_tls_crypt_v2_write_server_key_file(void **state)
626{
627 const char *filename = "testfilename.key";
628
629 expect_string(__wrap_buffer_write_file, filename, filename);
630 expect_memory(__wrap_buffer_write_file, pem, test_server_key,
631 strlen(test_server_key));
632 will_return(__wrap_buffer_write_file, true);
633
634 tls_crypt_v2_write_server_key_file(filename);
635}
636
637static void
638test_tls_crypt_v2_write_client_key_file(void **state)
639{
640 const char *filename = "testfilename.key";
641
642 /* Test writing the client key */
643 expect_string(__wrap_buffer_write_file, filename, filename);
644 expect_memory(__wrap_buffer_write_file, pem, test_client_key,
645 strlen(test_client_key));
646 will_return(__wrap_buffer_write_file, true);
647
648 /* Key generation re-reads the created file as a sanity check */
649 expect_string(__wrap_buffer_read_from_file, filename, filename);
650 will_return(__wrap_buffer_read_from_file, test_client_key);
651
652 tls_crypt_v2_write_client_key_file(filename, NULL, test_server_key, true);
653}
654
655static void
656test_tls_crypt_v2_write_client_key_file_metadata(void **state)
657{
658 const char *filename = "testfilename.key";
659 const char *b64metadata = "AABBCCDD";
660
661 /* Test writing the client key */
662 expect_string(__wrap_buffer_write_file, filename, filename);
663 expect_memory(__wrap_buffer_write_file, pem, test_client_key_metadata,
664 strlen(test_client_key_metadata));
665 will_return(__wrap_buffer_write_file, true);
666
667 /* Key generation re-reads the created file as a sanity check */
668 expect_string(__wrap_buffer_read_from_file, filename, filename);
669 will_return(__wrap_buffer_read_from_file, test_client_key_metadata);
670
671 tls_crypt_v2_write_client_key_file(filename, b64metadata, test_server_key,
672 true);
673}
674
675int
676main(void)
677{
678 openvpn_unit_test_setup();
679 const struct CMUnitTest tests[] = {
680 cmocka_unit_test_setup_teardown(tls_crypt_loopback,
681 test_tls_crypt_setup,
682 test_tls_crypt_teardown),
683 cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len,
684 test_tls_crypt_setup,
685 test_tls_crypt_teardown),
686 cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len,
687 test_tls_crypt_setup,
688 test_tls_crypt_teardown),
689 cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long,
690 test_tls_crypt_setup,
691 test_tls_crypt_teardown),
692 cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key,
693 test_tls_crypt_setup,
694 test_tls_crypt_teardown),
695 cmocka_unit_test_setup_teardown(tls_crypt_fail_replay,
696 test_tls_crypt_setup,
697 test_tls_crypt_teardown),
698 cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay,
699 test_tls_crypt_setup,
700 test_tls_crypt_teardown),
701 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_no_metadata,
702 test_tls_crypt_v2_setup,
703 test_tls_crypt_v2_teardown),
704 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_max_metadata,
705 test_tls_crypt_v2_setup,
706 test_tls_crypt_v2_teardown),
707 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_too_long_metadata,
708 test_tls_crypt_v2_setup,
709 test_tls_crypt_v2_teardown),
710 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_wrong_key,
711 test_tls_crypt_v2_setup,
712 test_tls_crypt_v2_teardown),
713 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_dst_too_small,
714 test_tls_crypt_v2_setup,
715 test_tls_crypt_v2_teardown),
716 cmocka_unit_test_setup_teardown(test_tls_crypt_secure_reneg_key,
717 test_tls_crypt_setup,
718 test_tls_crypt_teardown),
719 cmocka_unit_test(test_tls_crypt_v2_write_server_key_file),
720 cmocka_unit_test(test_tls_crypt_v2_write_client_key_file),
721 cmocka_unit_test(test_tls_crypt_v2_write_client_key_file_metadata),
722 };
723
724#if defined(ENABLE_CRYPTO_OPENSSL)
725 OpenSSL_add_all_algorithms();
726#endif
727
728 int ret = cmocka_run_group_tests_name("tls-crypt tests", tests, NULL, NULL);
729
730#if defined(ENABLE_CRYPTO_OPENSSL)
731 EVP_cleanup();
732#endif
733
734 return ret;
735}
free_buf
void free_buf(struct buffer *buf)
Definition buffer.c:183
buf_clear
void buf_clear(struct buffer *buf)
Definition buffer.c:162
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:88
alloc_buf
struct buffer alloc_buf(size_t size)
Definition buffer.c:62
BSTR
#define BSTR(buf)
Definition buffer.h:129
BPTR
#define BPTR(buf)
Definition buffer.h:124
buf_inc_len
static bool buf_inc_len(struct buffer *buf, int inc)
Definition buffer.h:590
buf_equal
static bool buf_equal(const struct buffer *a, const struct buffer *b)
Return true if buffer contents are equal.
Definition buffer.h:837
buf_advance
static bool buf_advance(struct buffer *buf, int size)
Definition buffer.h:618
buf_len
static int buf_len(const struct buffer *buf)
Definition buffer.h:253
buf_write_alloc
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition buffer.h:635
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:668
BLEN
#define BLEN(buf)
Definition buffer.h:127
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1033
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1025
free_key_ctx_bi
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition crypto.c:1125
init_key_ctx
void init_key_ctx(struct key_ctx *ctx, const struct key_parameters *key, const struct key_type *kt, int enc, const char *prefix)
Definition crypto.c:1015
init_key_ctx_bi
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition crypto.c:1087
free_key_ctx
void free_key_ctx(struct key_ctx *ctx)
Definition crypto.c:1106
CO_IGNORE_PACKET_ID
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition crypto.h:347
KEY_DIRECTION_BIDIRECTIONAL
#define KEY_DIRECTION_BIDIRECTIONAL
Definition crypto.h:230
MAX_CIPHER_KEY_LENGTH
#define MAX_CIPHER_KEY_LENGTH
Definition crypto_backend.h:178
rand_bytes
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
Definition crypto_openssl.c:593
MAX_HMAC_KEY_LENGTH
#define MAX_HMAC_KEY_LENGTH
Definition crypto_backend.h:496
TLS_CRYPT_V2_MAX_WKC_LEN
#define TLS_CRYPT_V2_MAX_WKC_LEN
Definition tls_crypt.h:97
tls_crypt_v2_extract_client_key
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
Definition tls_crypt.c:616
tls_crypt_v2_write_client_key_file
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, bool server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
Definition tls_crypt.c:684
tls_crypt_unwrap
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
Definition tls_crypt.c:221
tls_session_generate_dynamic_tls_crypt_key
bool tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session)
Generates a TLS-Crypt key to be used with dynamic tls-crypt using the TLS EKM exporter function.
Definition tls_crypt.c:98
tls_crypt_v2_write_server_key_file
void tls_crypt_v2_write_server_key_file(const char *filename)
Generate a tls-crypt-v2 server key, and write to file.
Definition tls_crypt.c:678
tls_crypt_buf_overhead
int tls_crypt_buf_overhead(void)
Returns the maximum overhead (in bytes) added to the destination buffer by tls_crypt_wrap().
Definition tls_crypt.c:55
tls_crypt_wrap
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
Definition tls_crypt.c:144
TLS_CRYPT_V2_MAX_METADATA_LEN
#define TLS_CRYPT_V2_MAX_METADATA_LEN
Definition tls_crypt.h:101
packet_id_init
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition packet_id.c:96
tls_wrap_free
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
Definition ssl.h:485
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:66
crypto_options
Security parameter state for processing data channel packets.
Definition crypto.h:292
crypto_options::flags
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:383
crypto_options::key_ctx_bi
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition crypto.h:293
crypto_options::packet_id
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition crypto.h:330
frame::payload_size
int payload_size
the maximum size that a payload that our buffers can hold from either tun device or network link.
Definition mtu.h:102
frame::buf
struct frame::@8 buf
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:117
key2
Container for bidirectional cipher and HMAC key material.
Definition crypto.h:239
key2::n
int n
The number of key objects stored in the key2.keys array.
Definition crypto.h:240
key2::keys
struct key keys[2]
Two unidirectional sets of key material.
Definition crypto.h:242
key_ctx_bi
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
Definition crypto.h:279
key_ctx_bi::decrypt
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
Definition crypto.h:282
key_ctx_bi::encrypt
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition crypto.h:280
key_parameters
internal structure similar to struct key that holds key information but is not represented on wire an...
Definition crypto.h:162
key_type
Definition crypto.h:141
key_type::cipher
const char * cipher
const name of the cipher
Definition crypto.h:142
key_type::digest
const char * digest
Message digest static parameters.
Definition crypto.h:143
key
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
key::cipher
uint8_t cipher[MAX_CIPHER_KEY_LENGTH]
Key material for cipher operations.
Definition crypto.h:153
test_tls_crypt_context
Definition test_tls_crypt.c:145
test_tls_crypt_context::ciphertext
struct buffer ciphertext
Definition test_tls_crypt.c:149
test_tls_crypt_context::kt
struct key_type kt
Definition test_tls_crypt.c:147
test_tls_crypt_context::source
struct buffer source
Definition test_tls_crypt.c:148
test_tls_crypt_context::co
struct crypto_options co
Definition test_tls_crypt.c:146
test_tls_crypt_context::unwrapped
struct buffer unwrapped
Definition test_tls_crypt.c:150
test_tls_crypt_v2_context
Definition test_tls_crypt.c:420
test_tls_crypt_v2_context::server_key2
struct key2 server_key2
Definition test_tls_crypt.c:422
test_tls_crypt_v2_context::client_key
struct key_ctx_bi client_key
Definition test_tls_crypt.c:425
test_tls_crypt_v2_context::gc
struct gc_arena gc
Definition test_tls_crypt.c:421
test_tls_crypt_v2_context::wkc
struct buffer wkc
Definition test_tls_crypt.c:428
test_tls_crypt_v2_context::unwrapped_metadata
struct buffer unwrapped_metadata
Definition test_tls_crypt.c:427
test_tls_crypt_v2_context::server_keys
struct key_ctx_bi server_keys
Definition test_tls_crypt.c:423
test_tls_crypt_v2_context::metadata
struct buffer metadata
Definition test_tls_crypt.c:426
test_tls_crypt_v2_context::client_key2
struct key2 client_key2
Definition test_tls_crypt.c:424
tls_options
Definition ssl_common.h:298
tls_options::replay_time
int replay_time
Definition ssl_common.h:364
tls_options::frame
struct frame frame
Definition ssl_common.h:381
tls_options::replay_window
int replay_window
Definition ssl_common.h:363
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:480
tls_wrap_ctx
Control channel wrapping (–tls-auth/–tls-crypt) context.
Definition ssl_common.h:268
tls_wrap_ctx::TLS_WRAP_CRYPT
@ TLS_WRAP_CRYPT
Control channel encryption and authentication.
Definition ssl_common.h:272
tls_wrap_ctx::opt
struct crypto_options opt
Crypto state.
Definition ssl_common.h:274
tls_wrap_ctx::work
struct buffer work
Work buffer (only for –tls-crypt)
Definition ssl_common.h:275
tls_wrap_ctx::tls_crypt_v2_server_key
struct key_ctx tls_crypt_v2_server_key
Decrypts client keys.
Definition ssl_common.h:276
tls_wrap_ctx::mode
enum tls_wrap_ctx::@23 mode
Control channel wrapping mode.
test_common.h
openvpn_unit_test_setup
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:36
gc
struct gc_arena gc
Definition test_ssl.c:155
tls_crypt_loopback
static void tls_crypt_loopback(void **state)
Check that short messages are successfully wrapped-and-unwrapped.
Definition test_tls_crypt.c:218
tls_crypt_fail_invalid_key
static void tls_crypt_fail_invalid_key(void **state)
Check that packets that were wrapped (or unwrapped) with a different key are not accepted.
Definition test_tls_crypt.c:363
tls_crypt_loopback_zero_len
static void tls_crypt_loopback_zero_len(void **state)
Check that zero-byte messages are successfully wrapped-and-unwrapped.
Definition test_tls_crypt.c:304
test_tls_crypt_v2_write_server_key_file
static void test_tls_crypt_v2_write_server_key_file(void **state)
Definition test_tls_crypt.c:625
test_server_key
static const char * test_server_key
Definition test_tls_crypt.c:60
PATH1
#define PATH1
Definition test_tls_crypt.c:55
tls_crypt_v2_wrap_unwrap_max_metadata
static void tls_crypt_v2_wrap_unwrap_max_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata.
Definition test_tls_crypt.c:510
test_tls_crypt_v2_teardown
static int test_tls_crypt_v2_teardown(void **state)
Definition test_tls_crypt.c:461
test_tls_crypt_teardown
static int test_tls_crypt_teardown(void **state)
Definition test_tls_crypt.c:189
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition test_tls_crypt.c:43
test_tls_crypt_v2_write_client_key_file_metadata
static void test_tls_crypt_v2_write_client_key_file_metadata(void **state)
Definition test_tls_crypt.c:656
test_tls_crypt_setup
static int test_tls_crypt_setup(void **state)
Definition test_tls_crypt.c:155
tls_crypt_v2_wrap_unwrap_no_metadata
static void tls_crypt_v2_wrap_unwrap_no_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key without metadata.
Definition test_tls_crypt.c:480
skip_if_tls_crypt_not_supported
static void skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx)
Definition test_tls_crypt.c:206
test_tls_crypt_v2_setup
static int test_tls_crypt_v2_setup(void **state)
Definition test_tls_crypt.c:432
tls_crypt_v2_wrap_unwrap_dst_too_small
static void tls_crypt_v2_wrap_unwrap_dst_too_small(void **state)
Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected.
Definition test_tls_crypt.c:599
test_tls_crypt_v2_write_client_key_file
static void test_tls_crypt_v2_write_client_key_file(void **state)
Definition test_tls_crypt.c:638
tls_crypt_ignore_replay
static void tls_crypt_ignore_replay(void **state)
Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set.
Definition test_tls_crypt.c:404
tls_crypt_v2_wrap_unwrap_wrong_key
static void tls_crypt_v2_wrap_unwrap_wrong_key(void **state)
Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected.
Definition test_tls_crypt.c:564
__wrap_buffer_read_from_file
struct buffer __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
Definition test_tls_crypt.c:122
tls_crypt_fail_replay
static void tls_crypt_fail_replay(void **state)
Check that replayed packets are not accepted.
Definition test_tls_crypt.c:384
test_client_key
static const char * test_client_key
Definition test_tls_crypt.c:67
PARAM1
#define PARAM1
Definition test_tls_crypt.c:57
main
int main(void)
Definition test_tls_crypt.c:676
test_client_key_metadata
static const char * test_client_key_metadata
Definition test_tls_crypt.c:85
PATH2
#define PATH2
Definition test_tls_crypt.c:56
PARAM2
#define PARAM2
Definition test_tls_crypt.c:58
__wrap_rand_bytes
int __wrap_rand_bytes(uint8_t *output, int len)
Predictable random for tests.
Definition test_tls_crypt.c:136
TESTBUF_SIZE
#define TESTBUF_SIZE
Definition test_tls_crypt.c:52
tls_crypt_loopback_max_len
static void tls_crypt_loopback_max_len(void **state)
Check that max-length messages are successfully wrapped-and-unwrapped.
Definition test_tls_crypt.c:324
__wrap_parse_line
int __wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition test_tls_crypt.c:102
test_tls_crypt_secure_reneg_key
static void test_tls_crypt_secure_reneg_key(void **state)
Test generating dynamic tls-crypt key.
Definition test_tls_crypt.c:237
__wrap_buffer_write_file
bool __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
Definition test_tls_crypt.c:112
tls_crypt_v2_wrap_too_long_metadata
static void tls_crypt_v2_wrap_too_long_metadata(void **state)
Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected.
Definition test_tls_crypt.c:547
tls_crypt_fail_msg_too_long
static void tls_crypt_fail_msg_too_long(void **state)
Check that too-long messages are gracefully rejected.
Definition test_tls_crypt.c:346
tls_crypt.c
tls_crypt_v2_unwrap_client_key
static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key)
Definition tls_crypt.c:445
tls_crypt_v2_wrap_client_key
static bool tls_crypt_v2_wrap_client_key(struct buffer *wkc, const struct key2 *src_key, const struct buffer *src_metadata, struct key_ctx *server_key, struct gc_arena *gc)
Definition tls_crypt.c:388
tls_crypt_kt
static struct key_type tls_crypt_kt(void)
Definition tls_crypt.c:49
Generated by doxygen 1.9.8