#include "syshead.h"#include <stdio.h>#include <stdlib.h>#include <stdarg.h>#include <string.h>#include <setjmp.h>#include <cmocka.h>#include "test_common.h"#include "tls_crypt.c"
Go to the source code of this file.
Data Structures | |
| struct | test_tls_crypt_context |
| struct | test_tls_crypt_v2_context |
Macros | |
| #define | TESTBUF_SIZE 128 |
| #define | PATH1 "/s p a c e" |
| #define | PATH2 "/foo bar/baz" |
| #define | PARAM1 "param1" |
| #define | PARAM2 "param two" |
Functions | |
| bool | key_state_export_keying_material (struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size) |
| Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TLS channel. More... | |
| int | __wrap_parse_line (const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc) |
| bool | __wrap_buffer_write_file (const char *filename, const struct buffer *buf) |
| struct buffer | __wrap_buffer_read_from_file (const char *filename, struct gc_arena *gc) |
| int | __wrap_rand_bytes (uint8_t *output, int len) |
| Predictable random for tests. More... | |
| static int | test_tls_crypt_setup (void **state) |
| static int | test_tls_crypt_teardown (void **state) |
| static void | skip_if_tls_crypt_not_supported (struct test_tls_crypt_context *ctx) |
| static void | tls_crypt_loopback (void **state) |
| Check that short messages are successfully wrapped-and-unwrapped. More... | |
| static void | test_tls_crypt_secure_reneg_key (void **state) |
| Test generating dynamic tls-crypt key. More... | |
| static void | tls_crypt_loopback_zero_len (void **state) |
| Check that zero-byte messages are successfully wrapped-and-unwrapped. More... | |
| static void | tls_crypt_loopback_max_len (void **state) |
| Check that max-length messages are successfully wrapped-and-unwrapped. More... | |
| static void | tls_crypt_fail_msg_too_long (void **state) |
| Check that too-long messages are gracefully rejected. More... | |
| static void | tls_crypt_fail_invalid_key (void **state) |
| Check that packets that were wrapped (or unwrapped) with a different key are not accepted. More... | |
| static void | tls_crypt_fail_replay (void **state) |
| Check that replayed packets are not accepted. More... | |
| static void | tls_crypt_ignore_replay (void **state) |
| Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set. More... | |
| static int | test_tls_crypt_v2_setup (void **state) |
| static int | test_tls_crypt_v2_teardown (void **state) |
| static void | tls_crypt_v2_wrap_unwrap_no_metadata (void **state) |
| Check wrapping and unwrapping a tls-crypt-v2 client key without metadata. More... | |
| static void | tls_crypt_v2_wrap_unwrap_max_metadata (void **state) |
| Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata. More... | |
| static void | tls_crypt_v2_wrap_too_long_metadata (void **state) |
| Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected. More... | |
| static void | tls_crypt_v2_wrap_unwrap_wrong_key (void **state) |
| Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected. More... | |
| static void | tls_crypt_v2_wrap_unwrap_dst_too_small (void **state) |
| Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected. More... | |
| static void | test_tls_crypt_v2_write_server_key_file (void **state) |
| static void | test_tls_crypt_v2_write_client_key_file (void **state) |
| static void | test_tls_crypt_v2_write_client_key_file_metadata (void **state) |
| int | main (void) |
Variables | |
| static const char * | test_server_key |
| static const char * | test_client_key |
| static const char * | test_client_key_metadata |
Macro Definition Documentation
◆ PARAM1
| #define PARAM1 "param1" |
Definition at line 57 of file test_tls_crypt.c.
◆ PARAM2
| #define PARAM2 "param two" |
Definition at line 58 of file test_tls_crypt.c.
◆ PATH1
| #define PATH1 "/s p a c e" |
Definition at line 55 of file test_tls_crypt.c.
◆ PATH2
| #define PATH2 "/foo bar/baz" |
Definition at line 56 of file test_tls_crypt.c.
◆ TESTBUF_SIZE
| #define TESTBUF_SIZE 128 |
Definition at line 52 of file test_tls_crypt.c.
Function Documentation
◆ __wrap_buffer_read_from_file()
Definition at line 122 of file test_tls_crypt.c.
References alloc_buf_gc(), and buf_write().
Referenced by test_tls_crypt_v2_write_client_key_file(), and test_tls_crypt_v2_write_client_key_file_metadata().
◆ __wrap_buffer_write_file()
| bool __wrap_buffer_write_file | ( | const char * | filename, |
| const struct buffer * | buf | ||
| ) |
Definition at line 112 of file test_tls_crypt.c.
References BSTR.
Referenced by test_tls_crypt_v2_write_client_key_file(), test_tls_crypt_v2_write_client_key_file_metadata(), and test_tls_crypt_v2_write_server_key_file().
◆ __wrap_parse_line()
| int __wrap_parse_line | ( | const char * | line, |
| char ** | p, | ||
| const int | n, | ||
| const char * | file, | ||
| const int | line_num, | ||
| int | msglevel, | ||
| struct gc_arena * | gc | ||
| ) |
◆ __wrap_rand_bytes()
| int __wrap_rand_bytes | ( | uint8_t * | output, |
| int | len | ||
| ) |
Predictable random for tests.
Definition at line 136 of file test_tls_crypt.c.
References buffer::len.
◆ key_state_export_keying_material()
| bool key_state_export_keying_material | ( | struct tls_session * | session, |
| const char * | label, | ||
| size_t | label_size, | ||
| void * | ekm, | ||
| size_t | ekm_size | ||
| ) |
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TLS channel.
This exported keying material can then be used for a variety of purposes.
- Parameters
-
session The session associated with the given key_state label The label to use when exporting the key label_size The size of the label to use when exporting the key ekm Buffer to return the exported key material in ekm_size The size of ekm, in bytes
- Returns
- true if exporting succeeded, false otherwise
Definition at line 43 of file test_tls_crypt.c.
Referenced by export_user_keying_material(), generate_key_expansion_tls_export(), p2p_ncp_set_options(), and tls_session_generate_dynamic_tls_crypt_key().
◆ main()
| int main | ( | void | ) |
Definition at line 675 of file test_tls_crypt.c.
References openvpn_unit_test_setup(), test_tls_crypt_secure_reneg_key(), test_tls_crypt_setup(), test_tls_crypt_teardown(), test_tls_crypt_v2_setup(), test_tls_crypt_v2_teardown(), test_tls_crypt_v2_write_client_key_file(), test_tls_crypt_v2_write_client_key_file_metadata(), test_tls_crypt_v2_write_server_key_file(), tls_crypt_fail_invalid_key(), tls_crypt_fail_msg_too_long(), tls_crypt_fail_replay(), tls_crypt_ignore_replay(), tls_crypt_loopback(), tls_crypt_loopback_max_len(), tls_crypt_loopback_zero_len(), tls_crypt_v2_wrap_too_long_metadata(), tls_crypt_v2_wrap_unwrap_dst_too_small(), tls_crypt_v2_wrap_unwrap_max_metadata(), tls_crypt_v2_wrap_unwrap_no_metadata(), and tls_crypt_v2_wrap_unwrap_wrong_key().
◆ skip_if_tls_crypt_not_supported()
|
static |
Definition at line 205 of file test_tls_crypt.c.
References key_type::cipher, key_type::digest, and test_tls_crypt_context::kt.
Referenced by tls_crypt_fail_invalid_key(), tls_crypt_fail_msg_too_long(), tls_crypt_fail_replay(), tls_crypt_ignore_replay(), tls_crypt_loopback(), tls_crypt_loopback_max_len(), and tls_crypt_loopback_zero_len().
◆ test_tls_crypt_secure_reneg_key()
|
static |
Test generating dynamic tls-crypt key.
Definition at line 236 of file test_tls_crypt.c.
References BPTR, frame::buf, buf_advance(), buf_len(), tls_options::frame, gc_free(), gc_new(), tls_wrap_ctx::opt, frame::payload_size, tls_options::replay_time, tls_options::replay_window, test_tls_crypt_context::source, tls_crypt_wrap(), tls_session_generate_dynamic_tls_crypt_key(), tls_wrap_ctx::TLS_WRAP_CRYPT, tls_wrap_free(), and tls_wrap_ctx::work.
Referenced by main().
◆ test_tls_crypt_setup()
|
static |
Definition at line 155 of file test_tls_crypt.c.
References alloc_buf(), buf_write(), key_type::cipher, test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, key_ctx_bi::decrypt, key_type::digest, key_ctx_bi::encrypt, init_key_ctx(), crypto_options::key_ctx_bi, test_tls_crypt_context::kt, crypto_options::packet_id, packet_id_init(), test_tls_crypt_context::source, TESTBUF_SIZE, tls_crypt_kt(), and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ test_tls_crypt_teardown()
|
static |
Definition at line 188 of file test_tls_crypt.c.
References test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, free_buf(), free_key_ctx_bi(), crypto_options::key_ctx_bi, test_tls_crypt_context::source, and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ test_tls_crypt_v2_setup()
|
static |
Definition at line 431 of file test_tls_crypt.c.
References alloc_buf_gc(), test_tls_crypt_v2_context::client_key2, test_tls_crypt_v2_context::gc, gc_new(), init_key_ctx_bi(), KEY_DIRECTION_BIDIRECTIONAL, key2::keys, test_tls_crypt_v2_context::metadata, key2::n, rand_bytes(), test_tls_crypt_v2_context::server_key2, test_tls_crypt_v2_context::server_keys, tls_crypt_kt(), TLS_CRYPT_V2_MAX_METADATA_LEN, TLS_CRYPT_V2_MAX_WKC_LEN, test_tls_crypt_v2_context::unwrapped_metadata, and test_tls_crypt_v2_context::wkc.
Referenced by main().
◆ test_tls_crypt_v2_teardown()
|
static |
Definition at line 460 of file test_tls_crypt.c.
References test_tls_crypt_v2_context::client_key, free_key_ctx_bi(), test_tls_crypt_v2_context::gc, gc_free(), and test_tls_crypt_v2_context::server_keys.
Referenced by main().
◆ test_tls_crypt_v2_write_client_key_file()
|
static |
Definition at line 637 of file test_tls_crypt.c.
References __wrap_buffer_read_from_file(), __wrap_buffer_write_file(), test_client_key, test_server_key, and tls_crypt_v2_write_client_key_file().
Referenced by main().
◆ test_tls_crypt_v2_write_client_key_file_metadata()
|
static |
Definition at line 655 of file test_tls_crypt.c.
References __wrap_buffer_read_from_file(), __wrap_buffer_write_file(), test_client_key_metadata, test_server_key, and tls_crypt_v2_write_client_key_file().
Referenced by main().
◆ test_tls_crypt_v2_write_server_key_file()
|
static |
Definition at line 624 of file test_tls_crypt.c.
References __wrap_buffer_write_file(), test_server_key, and tls_crypt_v2_write_server_key_file().
Referenced by main().
◆ tls_crypt_fail_invalid_key()
|
static |
Check that packets that were wrapped (or unwrapped) with a different key are not accepted.
Definition at line 363 of file test_tls_crypt.c.
References BLEN, test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, key_ctx_bi::decrypt, free_key_ctx(), init_key_ctx(), crypto_options::key_ctx_bi, test_tls_crypt_context::kt, skip_if_tls_crypt_not_supported(), test_tls_crypt_context::source, tls_crypt_unwrap(), tls_crypt_wrap(), and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ tls_crypt_fail_msg_too_long()
|
static |
Check that too-long messages are gracefully rejected.
Definition at line 346 of file test_tls_crypt.c.
References BLEN, buf_clear(), buf_write_alloc(), test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, skip_if_tls_crypt_not_supported(), test_tls_crypt_context::source, TESTBUF_SIZE, tls_crypt_buf_overhead(), and tls_crypt_wrap().
Referenced by main().
◆ tls_crypt_fail_replay()
|
static |
Check that replayed packets are not accepted.
Definition at line 383 of file test_tls_crypt.c.
References BLEN, buf_clear(), test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, skip_if_tls_crypt_not_supported(), test_tls_crypt_context::source, tls_crypt_unwrap(), tls_crypt_wrap(), and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ tls_crypt_ignore_replay()
|
static |
Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set.
This is used for the first control channel packet that arrives, because we don't know the packet ID yet.
Definition at line 403 of file test_tls_crypt.c.
References BLEN, buf_clear(), test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, CO_IGNORE_PACKET_ID, crypto_options::flags, skip_if_tls_crypt_not_supported(), test_tls_crypt_context::source, tls_crypt_unwrap(), tls_crypt_wrap(), and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ tls_crypt_loopback()
|
static |
Check that short messages are successfully wrapped-and-unwrapped.
Definition at line 217 of file test_tls_crypt.c.
References BLEN, BPTR, test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, skip_if_tls_crypt_not_supported(), test_tls_crypt_context::source, tls_crypt_unwrap(), tls_crypt_wrap(), and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ tls_crypt_loopback_max_len()
|
static |
Check that max-length messages are successfully wrapped-and-unwrapped.
Definition at line 324 of file test_tls_crypt.c.
References BLEN, BPTR, buf_clear(), buf_write_alloc(), test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, skip_if_tls_crypt_not_supported(), test_tls_crypt_context::source, TESTBUF_SIZE, tls_crypt_buf_overhead(), tls_crypt_unwrap(), tls_crypt_wrap(), and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ tls_crypt_loopback_zero_len()
|
static |
Check that zero-byte messages are successfully wrapped-and-unwrapped.
Definition at line 304 of file test_tls_crypt.c.
References BLEN, BPTR, buf_clear(), test_tls_crypt_context::ciphertext, test_tls_crypt_context::co, skip_if_tls_crypt_not_supported(), test_tls_crypt_context::source, tls_crypt_unwrap(), tls_crypt_wrap(), and test_tls_crypt_context::unwrapped.
Referenced by main().
◆ tls_crypt_v2_wrap_too_long_metadata()
|
static |
Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected.
Definition at line 546 of file test_tls_crypt.c.
References buf_inc_len(), test_tls_crypt_v2_context::client_key2, key_ctx_bi::encrypt, test_tls_crypt_v2_context::gc, test_tls_crypt_v2_context::metadata, test_tls_crypt_v2_context::server_keys, TLS_CRYPT_V2_MAX_METADATA_LEN, tls_crypt_v2_wrap_client_key(), and test_tls_crypt_v2_context::wkc.
Referenced by main().
◆ tls_crypt_v2_wrap_unwrap_dst_too_small()
|
static |
Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected.
Definition at line 598 of file test_tls_crypt.c.
References alloc_buf_gc(), BLEN, buf_write_alloc(), test_tls_crypt_v2_context::client_key2, key_ctx_bi::decrypt, key_ctx_bi::encrypt, test_tls_crypt_v2_context::gc, test_tls_crypt_v2_context::metadata, rand_bytes(), test_tls_crypt_v2_context::server_keys, TLS_CRYPT_V2_MAX_METADATA_LEN, tls_crypt_v2_unwrap_client_key(), tls_crypt_v2_wrap_client_key(), test_tls_crypt_v2_context::unwrapped_metadata, and test_tls_crypt_v2_context::wkc.
Referenced by main().
◆ tls_crypt_v2_wrap_unwrap_max_metadata()
|
static |
Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata.
Definition at line 509 of file test_tls_crypt.c.
References alloc_buf_gc(), buf_equal(), buf_write_alloc(), test_tls_crypt_v2_context::client_key2, key_ctx_bi::decrypt, key_ctx_bi::encrypt, test_tls_crypt_v2_context::gc, key2::keys, test_tls_crypt_v2_context::metadata, tls_wrap_ctx::mode, rand_bytes(), test_tls_crypt_v2_context::server_keys, tls_crypt_v2_extract_client_key(), TLS_CRYPT_V2_MAX_METADATA_LEN, tls_crypt_v2_unwrap_client_key(), tls_crypt_v2_wrap_client_key(), tls_wrap_ctx::TLS_WRAP_CRYPT, tls_wrap_free(), and test_tls_crypt_v2_context::wkc.
Referenced by main().
◆ tls_crypt_v2_wrap_unwrap_no_metadata()
|
static |
Check wrapping and unwrapping a tls-crypt-v2 client key without metadata.
Definition at line 479 of file test_tls_crypt.c.
References alloc_buf_gc(), test_tls_crypt_v2_context::client_key2, key_ctx_bi::decrypt, key_ctx_bi::encrypt, test_tls_crypt_v2_context::gc, key2::keys, test_tls_crypt_v2_context::metadata, test_tls_crypt_v2_context::server_keys, TLS_CRYPT_V2_MAX_METADATA_LEN, TLS_CRYPT_V2_MAX_WKC_LEN, tls_crypt_v2_unwrap_client_key(), and tls_crypt_v2_wrap_client_key().
Referenced by main().
◆ tls_crypt_v2_wrap_unwrap_wrong_key()
|
static |
Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected.
Definition at line 563 of file test_tls_crypt.c.
References BLEN, test_tls_crypt_v2_context::client_key2, key_ctx_bi::decrypt, key_ctx_bi::encrypt, free_key_ctx_bi(), test_tls_crypt_v2_context::gc, init_key_ctx_bi(), KEY_DIRECTION_BIDIRECTIONAL, key2::keys, test_tls_crypt_v2_context::metadata, test_tls_crypt_v2_context::server_key2, test_tls_crypt_v2_context::server_keys, tls_crypt_kt(), tls_crypt_v2_unwrap_client_key(), tls_crypt_v2_wrap_client_key(), test_tls_crypt_v2_context::unwrapped_metadata, and test_tls_crypt_v2_context::wkc.
Referenced by main().
Variable Documentation
◆ test_client_key
|
static |
Definition at line 67 of file test_tls_crypt.c.
Referenced by test_tls_crypt_v2_write_client_key_file(), and tls_crypt_v2_write_client_key_file().
◆ test_client_key_metadata
|
static |
Definition at line 85 of file test_tls_crypt.c.
Referenced by test_tls_crypt_v2_write_client_key_file_metadata().
◆ test_server_key
|
static |
Definition at line 60 of file test_tls_crypt.c.
Referenced by test_tls_crypt_v2_write_client_key_file(), test_tls_crypt_v2_write_client_key_file_metadata(), and test_tls_crypt_v2_write_server_key_file().
