OpenVPN
test_tls_crypt.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <stdarg.h>
32#include <string.h>
33#include <setjmp.h>
34#include <cmocka.h>
35
36#include "test_common.h"
37#include "tls_crypt.c"
38
39/* Define this function here as dummy since including the ssl_*.c files
40 * leads to having to include even more unrelated code */
41bool
42key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size,
43 void *ekm, size_t ekm_size)
44{
45 memset(ekm, 0xba, ekm_size);
46 return true;
47}
48
49
50#define TESTBUF_SIZE 128
51
52/* Defines for use in the tests and the mock parse_line() */
53#define PATH1 "/s p a c e"
54#define PATH2 "/foo bar/baz"
55#define PARAM1 "param1"
56#define PARAM2 "param two"
57
58static const char *test_server_key =
59 "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
60 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
61 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
62 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn8=\n"
63 "-----END OpenVPN tls-crypt-v2 server key-----\n";
64
65static const char *test_client_key =
66 "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
67 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
68 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
69 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
70 "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
71 "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
72 "8PHy8/T19vf4+fr7/P3+/xd9pcB0qUYZsWvkrLcfGmzPJPM8a7r0mEWdXwbDadSV\n"
73 "LHg5bv2TwlmPR3HgaMr8o9LTh9hxUTkrH3S0PfKRNwcso86ua/dBFTyXsM9tg4aw\n"
74 "3dS6ogH9AkaT+kRRDgNcKWkQCbwmJK2JlfkXHBwbAtmn78AkNuho6QCFqCdqGab3\n"
75 "zh2vheFqGMPdGpukbFrT3rcO3VLxUeG+RdzXiMTCpJSovFBP1lDkYwYJPnz6daEh\n"
76 "j0TzJ3BVru9W3CpotdNt7u09knxAfpCxjtrP3semsDew/gTBtcfQ/OoTFyFHnN5k\n"
77 "RZ+q17SC4nba3Pp8/Fs0+hSbv2tJozoD8SElFq7SIWJsciTYh8q8f5yQxjdt4Wxu\n"
78 "/Z5wtPCAZ0tOzj4ItTI77fBOYRTfEayzHgEr\n"
79 "-----END OpenVPN tls-crypt-v2 client key-----\n";
80
81
82/* Has custom metadata of AABBCCDD (base64) */
83static const char *test_client_key_metadata =
84 "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
85 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
86 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
87 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
88 "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
89 "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
90 "8PHy8/T19vf4+fr7/P3+/2ntp1WCqhcLjJQY/igkjNt3Yb6i0neqFkfrOp2UCDcz\n"
91 "6RSJtPLZbvOOKUHk2qwxPYUsFCnz/IWV6/ZiLRrabzUpS8oSN1HS6P7qqAdrHKgf\n"
92 "hVTHasdSf2UdMTPC7HBgnP9Ll0FhKN0h7vSzbbt7QM7wH9mr1ecc/Mt0SYW2lpwA\n"
93 "aJObYGTyk6hTgWm0g/MLrworLrezTqUHBZzVsu+LDyqLWK1lzJNd66MuNOsGA4YF\n"
94 "fbCsDh8n3H+Cw1k5YNBZDYYJOtVUgBWXheO6vgoOmqDdI0dAQ3hVo9DE+SkCFjgf\n"
95 "l4FY2yLEh9ZVZZrl1eD1Owh/X178CkHrBJYl9LNQSyQEKlDGWwBLQ/pY3qtjctr3\n"
96 "pV62MPQdBo+1lcsjDCJVQA6XUyltas4BKQ==\n"
97 "-----END OpenVPN tls-crypt-v2 client key-----\n";
98
99int
100__wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num,
101 int msglevel, struct gc_arena *gc)
102{
103 p[0] = PATH1 PATH2;
104 p[1] = PARAM1;
105 p[2] = PARAM2;
106 return 3;
107}
108
109bool
110__wrap_buffer_write_file(const char *filename, const struct buffer *buf)
111{
112 const char *pem = BSTR(buf);
113 check_expected(filename);
114 check_expected(pem);
115
116 return mock_type(bool);
117}
118
119struct buffer
121{
122 check_expected(filename);
123
124 const char *pem_str = mock_ptr_type(const char *);
125 struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
126 buf_write(&ret, pem_str, strlen(pem_str) + 1);
127
128 return ret;
129}
130
131
133int
135{
136 for (int i = 0; i < len; i++)
137 {
138 output[i] = (uint8_t)i;
139 }
140 return true;
141}
142
151
152
153static int
155{
156 struct test_tls_crypt_context *ctx = calloc(1, sizeof(*ctx));
157 *state = ctx;
158
159 struct key_parameters key = { .cipher = { 0 },
160 .hmac = { 0 },
161 .hmac_size = MAX_HMAC_KEY_LENGTH,
162 .cipher_size = MAX_CIPHER_KEY_LENGTH };
163
164 ctx->kt = tls_crypt_kt();
165 if (!ctx->kt.cipher || !ctx->kt.digest)
166 {
167 return 0;
168 }
169 init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
170 init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
171
172 packet_id_init(&ctx->co.packet_id, 0, 0, "test", 0);
173
177
178 /* Write test plaintext */
179 const char *plaintext = "1234567890";
180 buf_write(&ctx->source, plaintext, strlen(plaintext));
181
182 /* Write test ciphertext */
183 const char *ciphertext = "012345678";
184 buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
185
186 return 0;
187}
188
189static int
191{
192 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
193
194 free_buf(&ctx->source);
195 free_buf(&ctx->ciphertext);
196 free_buf(&ctx->unwrapped);
197
199
200 free(ctx);
201
202 return 0;
203}
204
205static void
207{
208 if (!ctx->kt.cipher || !ctx->kt.digest)
209 {
210 skip();
211 }
212}
213
217static void
219{
220 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
221
223
224 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
225 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
226 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
227 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
228 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped), BLEN(&ctx->source));
229}
230
231
235static void
237{
238 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
239
240 struct gc_arena gc = gc_new();
241
242 struct tls_session session = { 0 };
243
244 struct tls_options tls_opt = { 0 };
245 tls_opt.replay_window = 32;
246 tls_opt.replay_time = 60;
247 tls_opt.frame.buf.payload_size = 512;
248 session.opt = &tls_opt;
249
251
252 struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg;
253
254 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
255 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
256
257 uint8_t expected_ciphertext[] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xe3, 0x19,
258 0x27, 0x7f, 0x1c, 0x8d, 0x6e, 0x6a, 0x77, 0x96, 0xa8, 0x55,
259 0x33, 0x7b, 0x9c, 0xfb, 0x56, 0xe1, 0xf1, 0x3a, 0x87, 0x0e,
260 0x66, 0x47, 0xdf, 0xa1, 0x95, 0xc9, 0x2c, 0x17, 0xa0, 0x15,
261 0xba, 0x49, 0x67, 0xa1, 0x1d, 0x55, 0xea, 0x1a, 0x06, 0xa7 };
262 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
263 tls_wrap_free(&session.tls_wrap_reneg);
264
265 /* Use previous tls-crypt key as 0x00, with xor we should have the same key
266 * and expect the same result */
267 session.tls_wrap.mode = TLS_WRAP_CRYPT;
268 memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00,
269 sizeof(session.tls_wrap.original_wrap_keydata.keys));
270 session.tls_wrap.original_wrap_keydata.n = 2;
271
273 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
274 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
275
276 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
277 tls_wrap_free(&session.tls_wrap_reneg);
278
279 /* XOR should not force a different key */
280 memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42,
281 sizeof(session.tls_wrap.original_wrap_keydata.keys));
283
284 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
285 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
286
287 /* packet id at the start should be equal */
288 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, 8);
289
290 /* Skip packet id */
291 buf_advance(&rctx->work, 8);
292 assert_memory_not_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
293 tls_wrap_free(&session.tls_wrap_reneg);
294
295
296 gc_free(&gc);
297}
298
302static void
304{
305 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
306
308
309 buf_clear(&ctx->source);
310
311 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
312 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
313 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
314 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
315 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped), BLEN(&ctx->source));
316}
317
321static void
323{
324 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
325
327
328 buf_clear(&ctx->source);
329 assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext)
331
332 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
333 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
334 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
335 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
336 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped), BLEN(&ctx->source));
337}
338
342static void
344{
345 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
346
348
349 buf_clear(&ctx->source);
350 assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext)
351 - tls_crypt_buf_overhead() + 1));
352 assert_false(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
353}
354
359static void
361{
362 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
363
365
366 /* Change decrypt key */
367 struct key_parameters key = { .cipher = { 1 },
368 .hmac = { 1 },
369 .cipher_size = MAX_CIPHER_KEY_LENGTH,
370 .hmac_size = MAX_HMAC_KEY_LENGTH };
372 init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
373
374 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
375 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
376 assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
377}
378
382static void
384{
385 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
386
388
389 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
390 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
391 struct buffer tmp = ctx->ciphertext;
393 buf_clear(&ctx->unwrapped);
395}
396
402static void
404{
405 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
406
408
410
411 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
412 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
413 struct buffer tmp = ctx->ciphertext;
415 buf_clear(&ctx->unwrapped);
416 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
417}
418
430
431static int
433{
434 struct test_tls_crypt_v2_context *ctx = calloc(1, sizeof(*ctx));
435 *state = ctx;
436
437 ctx->gc = gc_new();
438
439 /* Slightly longer buffers to be able to test too-long data */
442 ctx->wkc = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN + 16, &ctx->gc);
443
444 /* Generate server key */
445 rand_bytes((void *)ctx->server_key2.keys, sizeof(ctx->server_key2.keys));
446 ctx->server_key2.n = 2;
447 struct key_type kt = tls_crypt_kt();
449 "tls-crypt-v2 server key");
450
451 /* Generate client key */
452 rand_bytes((void *)ctx->client_key2.keys, sizeof(ctx->client_key2.keys));
453 ctx->client_key2.n = 2;
454
455 return 0;
456}
457
458static int
460{
461 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
462
465
466 gc_free(&ctx->gc);
467
468 free(ctx);
469
470 return 0;
471}
472
476static void
478{
479 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
480
483 &ctx->server_keys.encrypt, &ctx->gc));
484
486 struct key2 unwrapped_client_key2 = { 0 };
487 assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, &unwrap_metadata,
488 wrapped_client_key, &ctx->server_keys.decrypt));
489
490 assert_true(0
491 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
492 sizeof(ctx->client_key2.keys)));
493}
494
499static void
501{
502 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
503
506 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
507 &ctx->server_keys.encrypt, &ctx->gc));
508
510 struct key2 unwrapped_client_key2 = { 0 };
511 assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, &unwrap_metadata, ctx->wkc,
512 &ctx->server_keys.decrypt));
513
514 assert_true(0
515 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
516 sizeof(ctx->client_key2.keys)));
517 assert_true(buf_equal(&ctx->metadata, &unwrap_metadata));
518
519 struct tls_wrap_ctx wrap_ctx = {
522 };
523 assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL, true));
524 tls_wrap_free(&wrap_ctx);
525}
526
531static void
533{
534 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
535
536 assert_true(buf_inc_len(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN + 1));
537 assert_false(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
538 &ctx->server_keys.encrypt, &ctx->gc));
539}
540
545static void
547{
548 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
549
550 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
551 &ctx->server_keys.encrypt, &ctx->gc));
552
553 /* Change server key */
554 struct key_type kt = tls_crypt_kt();
556 memset(&ctx->server_key2.keys, 0, sizeof(ctx->server_key2.keys));
558 "wrong tls-crypt-v2 server key");
559
560
561 struct key2 unwrapped_client_key2 = { 0 };
562 assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, &ctx->unwrapped_metadata,
563 ctx->wkc, &ctx->server_keys.decrypt));
564
565 const struct key2 zero = { 0 };
566 assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
567 assert_true(0 == BLEN(&ctx->unwrapped_metadata));
568}
569
574static void
576{
577 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
578
581 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
582 &ctx->server_keys.encrypt, &ctx->gc));
583
584 struct key2 unwrapped_client_key2 = { 0 };
585 struct buffer unwrapped_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN - 1, &ctx->gc);
587 ctx->wkc, &ctx->server_keys.decrypt));
588
589 const struct key2 zero = { 0 };
590 assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
591 assert_true(0 == BLEN(&ctx->unwrapped_metadata));
592}
593
594static void
596{
597 const char *filename = "testfilename.key";
598
599 expect_string(__wrap_buffer_write_file, filename, filename);
600 expect_memory(__wrap_buffer_write_file, pem, test_server_key, strlen(test_server_key));
601 will_return(__wrap_buffer_write_file, true);
602
604}
605
606static void
608{
609 const char *filename = "testfilename.key";
610
611 /* Test writing the client key */
612 expect_string(__wrap_buffer_write_file, filename, filename);
613 expect_memory(__wrap_buffer_write_file, pem, test_client_key, strlen(test_client_key));
614 will_return(__wrap_buffer_write_file, true);
615
616 /* Key generation re-reads the created file as a sanity check */
617 expect_string(__wrap_buffer_read_from_file, filename, filename);
619
621}
622
623static void
625{
626 const char *filename = "testfilename.key";
627 const char *b64metadata = "AABBCCDD";
628
629 /* Test writing the client key */
630 expect_string(__wrap_buffer_write_file, filename, filename);
633 will_return(__wrap_buffer_write_file, true);
634
635 /* Key generation re-reads the created file as a sanity check */
636 expect_string(__wrap_buffer_read_from_file, filename, filename);
638
639 tls_crypt_v2_write_client_key_file(filename, b64metadata, test_server_key, true);
640}
641
642int
643main(void)
644{
646 const struct CMUnitTest tests[] = {
647 cmocka_unit_test_setup_teardown(tls_crypt_loopback, test_tls_crypt_setup,
649 cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len, test_tls_crypt_setup,
651 cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len, test_tls_crypt_setup,
653 cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long, test_tls_crypt_setup,
655 cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key, test_tls_crypt_setup,
657 cmocka_unit_test_setup_teardown(tls_crypt_fail_replay, test_tls_crypt_setup,
659 cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay, test_tls_crypt_setup,
661 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_no_metadata,
663 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_max_metadata,
665 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_too_long_metadata,
667 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_wrong_key, test_tls_crypt_v2_setup,
669 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_dst_too_small,
671 cmocka_unit_test_setup_teardown(test_tls_crypt_secure_reneg_key, test_tls_crypt_setup,
676 };
677
678#if defined(ENABLE_CRYPTO_OPENSSL)
679 OpenSSL_add_all_algorithms();
680#endif
681
682 int ret = cmocka_run_group_tests_name("tls-crypt tests", tests, NULL, NULL);
683
684#if defined(ENABLE_CRYPTO_OPENSSL)
685 EVP_cleanup();
686#endif
687
688 return ret;
689}
void free_buf(struct buffer *buf)
Definition buffer.c:184
void buf_clear(struct buffer *buf)
Definition buffer.c:163
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
#define BSTR(buf)
Definition buffer.h:128
#define BPTR(buf)
Definition buffer.h:123
static bool buf_inc_len(struct buffer *buf, int inc)
Definition buffer.h:588
static bool buf_equal(const struct buffer *a, const struct buffer *b)
Return true if buffer contents are equal.
Definition buffer.h:821
static bool buf_advance(struct buffer *buf, int size)
Definition buffer.h:616
static int buf_len(const struct buffer *buf)
Definition buffer.h:253
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition buffer.h:633
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
#define BLEN(buf)
Definition buffer.h:126
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
static struct gc_arena gc_new(void)
Definition buffer.h:1007
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition crypto.c:1094
void init_key_ctx(struct key_ctx *ctx, const struct key_parameters *key, const struct key_type *kt, int enc, const char *prefix)
Definition crypto.c:990
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition crypto.c:1056
void free_key_ctx(struct key_ctx *ctx)
Definition crypto.c:1075
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition crypto.h:348
#define KEY_DIRECTION_BIDIRECTIONAL
Definition crypto.h:231
#define MAX_CIPHER_KEY_LENGTH
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
#define MAX_HMAC_KEY_LENGTH
#define TLS_CRYPT_V2_MAX_WKC_LEN
Definition tls_crypt.h:96
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt, bool initial_packet)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
Definition tls_crypt.c:578
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, bool server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
Definition tls_crypt.c:661
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
Definition tls_crypt.c:209
bool tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session)
Generates a TLS-Crypt key to be used with dynamic tls-crypt using the TLS EKM exporter function.
Definition tls_crypt.c:95
void tls_crypt_v2_write_server_key_file(const char *filename)
Generate a tls-crypt-v2 server key, and write to file.
Definition tls_crypt.c:655
int tls_crypt_buf_overhead(void)
Returns the maximum overhead (in bytes) added to the destination buffer by tls_crypt_wrap().
Definition tls_crypt.c:54
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
Definition tls_crypt.c:136
#define TLS_CRYPT_V2_MAX_METADATA_LEN
Definition tls_crypt.h:100
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition packet_id.c:91
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
Definition ssl.h:472
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
Security parameter state for processing data channel packets.
Definition crypto.h:293
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:384
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition crypto.h:294
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition crypto.h:331
int payload_size
the maximum size that a payload that our buffers can hold from either tun device or network link.
Definition mtu.h:108
struct frame::@8 buf
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Container for bidirectional cipher and HMAC key material.
Definition crypto.h:240
int n
The number of key objects stored in the key2.keys array.
Definition crypto.h:241
struct key keys[2]
Two unidirectional sets of key material.
Definition crypto.h:243
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
Definition crypto.h:280
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
Definition crypto.h:283
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition crypto.h:281
internal structure similar to struct key that holds key information but is not represented on wire an...
Definition crypto.h:163
const char * cipher
const name of the cipher
Definition crypto.h:142
const char * digest
Message digest static parameters.
Definition crypto.h:143
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
uint8_t cipher[MAX_CIPHER_KEY_LENGTH]
Key material for cipher operations.
Definition crypto.h:153
struct crypto_options co
struct key_ctx_bi client_key
struct key_ctx_bi server_keys
struct frame frame
Definition ssl_common.h:390
int replay_window
Definition ssl_common.h:372
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490
Control channel wrapping (–tls-auth/–tls-crypt) context.
Definition ssl_common.h:276
struct crypto_options opt
Crypto state.
Definition ssl_common.h:283
enum tls_wrap_ctx::@28 mode
Control channel wrapping mode.
@ TLS_WRAP_CRYPT
Control channel encryption and authentication.
Definition ssl_common.h:281
struct buffer work
Work buffer (only for –tls-crypt)
Definition ssl_common.h:284
struct key_ctx tls_crypt_v2_server_key
Decrypts client keys.
Definition ssl_common.h:285
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:35
struct gc_arena gc
Definition test_ssl.c:154
static void tls_crypt_loopback(void **state)
Check that short messages are successfully wrapped-and-unwrapped.
static void tls_crypt_fail_invalid_key(void **state)
Check that packets that were wrapped (or unwrapped) with a different key are not accepted.
static void tls_crypt_loopback_zero_len(void **state)
Check that zero-byte messages are successfully wrapped-and-unwrapped.
static void test_tls_crypt_v2_write_server_key_file(void **state)
static const char * test_server_key
#define PATH1
static void tls_crypt_v2_wrap_unwrap_max_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata.
static int test_tls_crypt_v2_teardown(void **state)
static int test_tls_crypt_teardown(void **state)
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
static void test_tls_crypt_v2_write_client_key_file_metadata(void **state)
static int test_tls_crypt_setup(void **state)
static void tls_crypt_v2_wrap_unwrap_no_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key without metadata.
static void skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx)
static int test_tls_crypt_v2_setup(void **state)
static void tls_crypt_v2_wrap_unwrap_dst_too_small(void **state)
Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected.
static void test_tls_crypt_v2_write_client_key_file(void **state)
static void tls_crypt_ignore_replay(void **state)
Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set.
static void tls_crypt_v2_wrap_unwrap_wrong_key(void **state)
Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected.
struct buffer __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
static void tls_crypt_fail_replay(void **state)
Check that replayed packets are not accepted.
static const char * test_client_key
#define PARAM1
int main(void)
static const char * test_client_key_metadata
#define PATH2
#define PARAM2
int __wrap_rand_bytes(uint8_t *output, int len)
Predictable random for tests.
#define TESTBUF_SIZE
static void tls_crypt_loopback_max_len(void **state)
Check that max-length messages are successfully wrapped-and-unwrapped.
int __wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
static void test_tls_crypt_secure_reneg_key(void **state)
Test generating dynamic tls-crypt key.
bool __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
static void tls_crypt_v2_wrap_too_long_metadata(void **state)
Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected.
static void tls_crypt_fail_msg_too_long(void **state)
Check that too-long messages are gracefully rejected.
static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key)
Definition tls_crypt.c:417
static bool tls_crypt_v2_wrap_client_key(struct buffer *wkc, const struct key2 *src_key, const struct buffer *src_metadata, struct key_ctx *server_key, struct gc_arena *gc)
Definition tls_crypt.c:364
static struct key_type tls_crypt_kt(void)
Definition tls_crypt.c:48