OpenVPN
test_tls_crypt.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2016-2018 Fox Crypto B.V. <openvpn@fox-it.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #include <stdio.h>
33 #include <unistd.h>
34 #include <stdlib.h>
35 #include <stdarg.h>
36 #include <string.h>
37 #include <setjmp.h>
38 #include <cmocka.h>
39 
40 #include "tls_crypt.c"
41 
42 #include "mock_msg.h"
43 
44 #define TESTBUF_SIZE 128
45 
46 /* Defines for use in the tests and the mock parse_line() */
47 #define PATH1 "/s p a c e"
48 #define PATH2 "/foo bar/baz"
49 #define PARAM1 "param1"
50 #define PARAM2 "param two"
51 
52 static const char *test_server_key = \
53  "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
54  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
55  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
56  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn8=\n"
57  "-----END OpenVPN tls-crypt-v2 server key-----\n";
58 
59 static const char *test_client_key = \
60  "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
61  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
62  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
63  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
64  "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
65  "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
66  "8PHy8/T19vf4+fr7/P3+/xd9pcB0qUYZsWvkrLcfGmzPJPM8a7r0mEWdXwbDadSV\n"
67  "LHg5bv2TwlmPR3HgaMr8o9LTh9hxUTkrH3S0PfKRNwcso86ua/dBFTyXsM9tg4aw\n"
68  "3dS6ogH9AkaT+kRRDgNcKWkQCbwmJK2JlfkXHBwbAtmn78AkNuho6QCFqCdqGab3\n"
69  "zh2vheFqGMPdGpukbFrT3rcO3VLxUeG+RdzXiMTCpJSovFBP1lDkYwYJPnz6daEh\n"
70  "j0TzJ3BVru9W3CpotdNt7u09knxAfpCxjtrP3semsDew/gTBtcfQ/OoTFyFHnN5k\n"
71  "RZ+q17SC4nba3Pp8/Fs0+hSbv2tJozoD8SElFq7SIWJsciTYh8q8f5yQxjdt4Wxu\n"
72  "/Z5wtPCAZ0tOzj4ItTI77fBOYRTfEayzHgEr\n"
73  "-----END OpenVPN tls-crypt-v2 client key-----\n";
74 
75 int
76 __wrap_parse_line(const char *line, char **p, const int n, const char *file,
77  const int line_num, int msglevel, struct gc_arena *gc)
78 {
79  p[0] = PATH1 PATH2;
80  p[1] = PARAM1;
81  p[2] = PARAM2;
82  return 3;
83 }
84 
85 bool
86 __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
87 {
88  const char *pem = BSTR(buf);
89  check_expected(filename);
90  check_expected(pem);
91 
92  return mock();
93 }
94 
95 struct buffer
96 __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
97 {
98  check_expected(filename);
99 
100  const char *pem_str = (const char *) mock();
101  struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
102  buf_write(&ret, pem_str, strlen(pem_str) + 1);
103 
104  return ret;
105 }
106 
107 
109 int
111 {
112  for (int i = 0; i < len; i++)
113  {
114  output[i] = i;
115  }
116  return true;
117 }
118 
121  struct key_type kt;
122  struct buffer source;
125 };
126 
127 static int
128 test_tls_crypt_setup(void **state) {
129  struct test_tls_crypt_context *ctx = calloc(1, sizeof(*ctx));
130  *state = ctx;
131 
132  struct key key = { 0 };
133 
134  ctx->kt = tls_crypt_kt();
135  if (!ctx->kt.cipher || !ctx->kt.digest)
136  {
137  return 0;
138  }
139  init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
140  init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
141 
142  packet_id_init(&ctx->co.packet_id, 0, 0, "test", 0);
143 
144  ctx->source = alloc_buf(TESTBUF_SIZE);
147 
148  /* Write test plaintext */
149  const char *plaintext = "1234567890";
150  buf_write(&ctx->source, plaintext, strlen(plaintext));
151 
152  /* Write test ciphertext */
153  const char *ciphertext = "012345678";
154  buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
155 
156  return 0;
157 }
158 
159 static int
160 test_tls_crypt_teardown(void **state) {
161  struct test_tls_crypt_context *ctx =
162  (struct test_tls_crypt_context *)*state;
163 
164  free_buf(&ctx->source);
165  free_buf(&ctx->ciphertext);
166  free_buf(&ctx->unwrapped);
167 
169 
170  free(ctx);
171 
172  return 0;
173 }
174 
176 {
177  if (!ctx->kt.cipher || !ctx->kt.digest)
178  {
179  skip();
180  }
181 }
182 
186 static void
187 tls_crypt_loopback(void **state) {
188  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
189 
191 
192  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
193  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
194  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
195  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
197  BLEN(&ctx->source));
198 }
199 
203 static void
205  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
206 
208 
209  buf_clear(&ctx->source);
210 
211  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
212  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
213  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
214  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
216  BLEN(&ctx->source));
217 }
218 
222 static void
224  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
225 
227 
228  buf_clear(&ctx->source);
231 
232  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
233  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
234  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
235  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
237  BLEN(&ctx->source));
238 }
239 
243 static void
245  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
246 
248 
249  buf_clear(&ctx->source);
252  assert_false(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
253 }
254 
259 static void
261  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
262 
264 
265  /* Change decrypt key */
266  struct key key = { { 1 } };
268  init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
269 
270  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
271  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
272  assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
273 }
274 
278 static void
279 tls_crypt_fail_replay(void **state) {
280  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
281 
283 
284  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
285  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
286  struct buffer tmp = ctx->ciphertext;
287  assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
288  buf_clear(&ctx->unwrapped);
289  assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
290 }
291 
297 static void
298 tls_crypt_ignore_replay(void **state) {
299  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
300 
302 
303  ctx->co.flags |= CO_IGNORE_PACKET_ID;
304 
305  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
306  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
307  struct buffer tmp = ctx->ciphertext;
308  assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
309  buf_clear(&ctx->unwrapped);
310  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
311 }
312 
314  struct gc_arena gc;
315  struct key2 server_key2;
316  struct key_ctx_bi server_keys;
317  struct key2 client_key2;
318  struct key_ctx_bi client_key;
319  struct buffer metadata;
320  struct buffer unwrapped_metadata;
321  struct buffer wkc;
322 };
323 
324 static int
325 test_tls_crypt_v2_setup(void **state) {
326  struct test_tls_crypt_v2_context *ctx = calloc(1, sizeof(*ctx));
327  *state = ctx;
328 
329  ctx->gc = gc_new();
330 
331  /* Slightly longer buffers to be able to test too-long data */
334  &ctx->gc);
335  ctx->wkc = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN+16, &ctx->gc);
336 
337  /* Generate server key */
338  rand_bytes((void *)ctx->server_key2.keys, sizeof(ctx->server_key2.keys));
339  ctx->server_key2.n = 2;
340  struct key_type kt = tls_crypt_kt();
343  "tls-crypt-v2 server key");
344 
345  /* Generate client key */
346  rand_bytes((void *)ctx->client_key2.keys, sizeof(ctx->client_key2.keys));
347  ctx->client_key2.n = 2;
348 
349  return 0;
350 }
351 
352 static int
354  struct test_tls_crypt_v2_context *ctx =
355  (struct test_tls_crypt_v2_context *) *state;
356 
359 
360  gc_free(&ctx->gc);
361 
362  free(ctx);
363 
364  return 0;
365 }
366 
370 static void
372  struct test_tls_crypt_v2_context *ctx =
373  (struct test_tls_crypt_v2_context *) *state;
374 
375  struct buffer wrapped_client_key = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN,
376  &ctx->gc);
377  assert_true(tls_crypt_v2_wrap_client_key(&wrapped_client_key,
378  &ctx->client_key2,
379  &ctx->metadata,
380  &ctx->server_keys.encrypt,
381  &ctx->gc));
382 
383  struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
384  &ctx->gc);
385  struct key2 unwrapped_client_key2 = { 0 };
386  assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
387  &unwrap_metadata,
388  wrapped_client_key,
389  &ctx->server_keys.decrypt));
390 
391  assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
392  sizeof(ctx->client_key2.keys)));
393 }
394 
399 static void
401  struct test_tls_crypt_v2_context *ctx =
402  (struct test_tls_crypt_v2_context *) *state;
403 
404  uint8_t* metadata =
408  &ctx->metadata,
409  &ctx->server_keys.encrypt,
410  &ctx->gc));
411 
412  struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
413  &ctx->gc);
414  struct key2 unwrapped_client_key2 = { 0 };
415  assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
416  &unwrap_metadata, ctx->wkc,
417  &ctx->server_keys.decrypt));
418 
419  assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
420  sizeof(ctx->client_key2.keys)));
421  assert_true(buf_equal(&ctx->metadata, &unwrap_metadata));
422 
423  struct tls_wrap_ctx wrap_ctx = {
424  .mode = TLS_WRAP_CRYPT,
425  .tls_crypt_v2_server_key = ctx->server_keys.encrypt,
426  };
427  assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL));
428  tls_wrap_free(&wrap_ctx);
429 }
430 
435 static void
437  struct test_tls_crypt_v2_context *ctx =
438  (struct test_tls_crypt_v2_context *) *state;
439 
442  &ctx->metadata,
443  &ctx->server_keys.encrypt,
444  &ctx->gc));
445 }
446 
451 static void
453  struct test_tls_crypt_v2_context *ctx =
454  (struct test_tls_crypt_v2_context *) *state;
455 
457  &ctx->metadata,
458  &ctx->server_keys.encrypt,
459  &ctx->gc));
460 
461  /* Change server key */
462  struct key_type kt = tls_crypt_kt();
464  memset(&ctx->server_key2.keys, 0, sizeof(ctx->server_key2.keys));
467  "wrong tls-crypt-v2 server key");
468 
469 
470  struct key2 unwrapped_client_key2 = { 0 };
471  assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
472  &ctx->unwrapped_metadata,
473  ctx->wkc,
474  &ctx->server_keys.decrypt));
475 
476  const struct key2 zero = { 0 };
477  assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
478  assert_true(0 == BLEN(&ctx->unwrapped_metadata));
479 }
480 
485 static void
487  struct test_tls_crypt_v2_context *ctx =
488  (struct test_tls_crypt_v2_context *) *state;
489 
490  uint8_t* metadata =
494  &ctx->metadata,
495  &ctx->server_keys.encrypt,
496  &ctx->gc));
497 
498  struct key2 unwrapped_client_key2 = { 0 };
499  struct buffer unwrapped_metadata =
501  assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
502  &unwrapped_metadata, ctx->wkc,
503  &ctx->server_keys.decrypt));
504 
505  const struct key2 zero = { 0 };
506  assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
507  assert_true(0 == BLEN(&ctx->unwrapped_metadata));
508 }
509 
510 static void
512  const char *filename = "testfilename.key";
513 
514  expect_string(__wrap_buffer_write_file, filename, filename);
517 
519 }
520 
521 static void
523  const char *filename = "testfilename.key";
524 
525  /* Test writing the client key */
526  expect_string(__wrap_buffer_write_file, filename, filename);
529 
530  /* Key generation re-reads the created file as a sanity check */
531  expect_string(__wrap_buffer_read_from_file, filename, filename);
533 
536 }
537 
538 int
539 main(void) {
540  const struct CMUnitTest tests[] = {
579  };
580 
581 #if defined(ENABLE_CRYPTO_OPENSSL)
582  OpenSSL_add_all_algorithms();
583 #endif
584 
585  int ret = cmocka_run_group_tests_name("tls-crypt tests", tests, NULL, NULL);
586 
587 #if defined(ENABLE_CRYPTO_OPENSSL)
588  EVP_cleanup();
589 #endif
590 
591  return ret;
592 }
int __wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
#define assert_true(c)
Definition: cmocka.h:1045
Security parameter state for processing data channel packets.
Definition: crypto.h:232
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
Definition: ssl.h:534
#define assert_non_null(c)
Definition: cmocka.h:1102
#define cmocka_unit_test(f)
Initializes a CMUnitTest structure.
Definition: cmocka.h:1653
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition: crypto.h:238
void free_key_ctx(struct key_ctx *ctx)
Definition: crypto.c:894
static void tls_crypt_v2_wrap_unwrap_wrong_key(void **state)
Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected...
static void tls_crypt_fail_msg_too_long(void **state)
Check that too-long messages are gracefully rejected.
void free_buf(struct buffer *buf)
Definition: buffer.c:185
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition: crypto.h:257
#define PARAM2
struct key keys[2]
Two unidirectional sets of key material.
Definition: crypto.h:185
void init_key_ctx(struct key_ctx *ctx, const struct key *key, const struct key_type *kt, int enc, const char *prefix)
Definition: crypto.c:821
#define PARAM1
static int test_tls_crypt_setup(void **state)
static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key)
Definition: tls_crypt.c:402
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
static void tls_crypt_fail_replay(void **state)
Check that replayed packets are not accepted.
static uint8_t * buf_write_alloc(struct buffer *buf, int size)
Definition: buffer.h:656
int n
The number of key objects stored in the key2.keys array.
Definition: crypto.h:183
struct buffer alloc_buf(size_t size)
Definition: buffer.c:64
struct crypto_options co
int main(void)
static void skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx)
#define TLS_CRYPT_V2_MAX_WKC_LEN
Definition: tls_crypt.h:97
static void tls_crypt_loopback_max_len(void **state)
Check that max-length messages are successfully wrapped-and-unwrapped.
static int test_tls_crypt_v2_teardown(void **state)
static void test_tls_crypt_v2_write_server_key_file(void **state)
struct key_ctx_bi server_keys
static void tls_crypt_v2_wrap_unwrap_dst_too_small(void **state)
Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected...
static void tls_crypt_fail_invalid_key(void **state)
Check that packets that were wrapped (or unwrapped) with a different key are not accepted.
Control channel encryption and authentication.
Definition: ssl_common.h:225
int tls_crypt_buf_overhead(void)
Returns the maximum overhead (in bytes) added to the destination buffer by tls_crypt_wrap().
Definition: tls_crypt.c:75
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:689
#define BPTR(buf)
Definition: buffer.h:124
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition: packet_id.c:78
Control channel wrapping (–tls-auth/–tls-crypt) context.
Definition: ssl_common.h:220
#define cmocka_run_group_tests_name(group_name, group_tests, group_setup, group_teardown)
Definition: cmocka.h:1818
static void tls_crypt_loopback_zero_len(void **state)
Check that zero-byte messages are successfully wrapped-and-unwrapped.
static struct key_type tls_crypt_kt(void)
Definition: tls_crypt.c:51
static void tls_crypt_ignore_replay(void **state)
Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set.
#define assert_memory_equal(a, b, size)
Definition: cmocka.h:1254
#define PATH2
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
#define KEY_DIRECTION_BIDIRECTIONAL
Definition: crypto.h:173
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
Definition: tls_crypt.c:106
static const char * test_server_key
struct buffer ciphertext
#define INLINE_FILE_TAG
Definition: common.h:95
int __wrap_rand_bytes(uint8_t *output, int len)
Predictable random for tests.
static void tls_crypt_v2_wrap_unwrap_max_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata.
bool __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
static int test_tls_crypt_v2_setup(void **state)
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition: crypto.h:221
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition: crypto.c:874
void buf_clear(struct buffer *buf)
Definition: buffer.c:164
struct buffer unwrapped_metadata
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition: crypto.c:912
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition: crypto.h:248
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
Definition: crypto.h:223
Container for bidirectional cipher and HMAC key material.
Definition: crypto.h:181
#define will_return(function, value)
Definition: cmocka.h:294
#define BLEN(buf)
Definition: buffer.h:127
#define skip()
Definition: cmocka.h:1540
#define cmocka_unit_test_setup_teardown(f, setup, teardown)
Initialize an array of CMUnitTest structures with a setup function for a test and a teardown function...
Definition: cmocka.h:1665
unsigned __int8 uint8_t
Definition: config-msvc.h:123
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, const char *server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
Definition: tls_crypt.c:638
static bool buf_inc_len(struct buffer *buf, int inc)
Definition: buffer.h:611
const md_kt_t * digest
Message digest static parameters.
Definition: crypto.h:144
static int test_tls_crypt_teardown(void **state)
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition: crypto.h:234
#define check_expected(parameter)
Definition: cmocka.h:986
#define mock()
Definition: cmocka.h:210
#define TLS_CRYPT_V2_MAX_METADATA_LEN
Definition: tls_crypt.h:101
static const char * test_client_key
static void tls_crypt_v2_wrap_unwrap_no_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key without metadata.
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
static void tls_crypt_loopback(void **state)
Check that short messages are successfully wrapped-and-unwrapped.
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
Definition: tls_crypt.c:570
static void test_tls_crypt_v2_write_client_key_file(void **state)
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
Definition: tls_crypt.c:183
#define free
Definition: cmocka.c:1850
static void tls_crypt_v2_wrap_too_long_metadata(void **state)
Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected.
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
void tls_crypt_v2_write_server_key_file(const char *filename)
Generate a tls-crypt-v2 server key, and write to file.
Definition: tls_crypt.c:632
static bool tls_crypt_v2_wrap_client_key(struct buffer *wkc, const struct key2 *src_key, const struct buffer *src_metadata, struct key_ctx *server_key, struct gc_arena *gc)
Definition: tls_crypt.c:345
#define PATH1
struct key_ctx_bi client_key
struct buffer __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
#define BSTR(buf)
Definition: buffer.h:129
#define assert_false(c)
Definition: cmocka.h:1063
const cipher_kt_t * cipher
Cipher static parameters.
Definition: crypto.h:143
#define TESTBUF_SIZE
static bool buf_equal(const struct buffer *a, const struct buffer *b)
Return true if buffer contents are equal.
Definition: buffer.h:859
#define expect_string(function, parameter, string)
Definition: cmocka.h:753
#define assert_int_equal(a, b)
Definition: cmocka.h:1174
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
Definition: crypto.h:219
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
enum tls_wrap_ctx::@9 mode
Control channel wrapping mode.