OpenVPN
test_tls_crypt.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <setjmp.h>
35 #include <cmocka.h>
36 
37 #include "test_common.h"
38 #include "tls_crypt.c"
39 
40 /* Define this function here as dummy since including the ssl_*.c files
41  * leads to having to include even more unrelated code */
42 bool
44  const char *label, size_t label_size,
45  void *ekm, size_t ekm_size)
46 {
47  memset(ekm, 0xba, ekm_size);
48  return true;
49 }
50 
51 
52 #define TESTBUF_SIZE 128
53 
54 /* Defines for use in the tests and the mock parse_line() */
55 #define PATH1 "/s p a c e"
56 #define PATH2 "/foo bar/baz"
57 #define PARAM1 "param1"
58 #define PARAM2 "param two"
59 
60 static const char *test_server_key = \
61  "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
62  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
63  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
64  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn8=\n"
65  "-----END OpenVPN tls-crypt-v2 server key-----\n";
66 
67 static const char *test_client_key = \
68  "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
69  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
70  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
71  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
72  "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
73  "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
74  "8PHy8/T19vf4+fr7/P3+/xd9pcB0qUYZsWvkrLcfGmzPJPM8a7r0mEWdXwbDadSV\n"
75  "LHg5bv2TwlmPR3HgaMr8o9LTh9hxUTkrH3S0PfKRNwcso86ua/dBFTyXsM9tg4aw\n"
76  "3dS6ogH9AkaT+kRRDgNcKWkQCbwmJK2JlfkXHBwbAtmn78AkNuho6QCFqCdqGab3\n"
77  "zh2vheFqGMPdGpukbFrT3rcO3VLxUeG+RdzXiMTCpJSovFBP1lDkYwYJPnz6daEh\n"
78  "j0TzJ3BVru9W3CpotdNt7u09knxAfpCxjtrP3semsDew/gTBtcfQ/OoTFyFHnN5k\n"
79  "RZ+q17SC4nba3Pp8/Fs0+hSbv2tJozoD8SElFq7SIWJsciTYh8q8f5yQxjdt4Wxu\n"
80  "/Z5wtPCAZ0tOzj4ItTI77fBOYRTfEayzHgEr\n"
81  "-----END OpenVPN tls-crypt-v2 client key-----\n";
82 
83 
84 /* Has custom metadata of AABBCCDD (base64) */
85 static const char *test_client_key_metadata = \
86  "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
87  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
88  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
89  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
90  "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
91  "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
92  "8PHy8/T19vf4+fr7/P3+/2ntp1WCqhcLjJQY/igkjNt3Yb6i0neqFkfrOp2UCDcz\n"
93  "6RSJtPLZbvOOKUHk2qwxPYUsFCnz/IWV6/ZiLRrabzUpS8oSN1HS6P7qqAdrHKgf\n"
94  "hVTHasdSf2UdMTPC7HBgnP9Ll0FhKN0h7vSzbbt7QM7wH9mr1ecc/Mt0SYW2lpwA\n"
95  "aJObYGTyk6hTgWm0g/MLrworLrezTqUHBZzVsu+LDyqLWK1lzJNd66MuNOsGA4YF\n"
96  "fbCsDh8n3H+Cw1k5YNBZDYYJOtVUgBWXheO6vgoOmqDdI0dAQ3hVo9DE+SkCFjgf\n"
97  "l4FY2yLEh9ZVZZrl1eD1Owh/X178CkHrBJYl9LNQSyQEKlDGWwBLQ/pY3qtjctr3\n"
98  "pV62MPQdBo+1lcsjDCJVQA6XUyltas4BKQ==\n"
99  "-----END OpenVPN tls-crypt-v2 client key-----\n";
100 
101 int
102 __wrap_parse_line(const char *line, char **p, const int n, const char *file,
103  const int line_num, int msglevel, struct gc_arena *gc)
104 {
105  p[0] = PATH1 PATH2;
106  p[1] = PARAM1;
107  p[2] = PARAM2;
108  return 3;
109 }
110 
111 bool
112 __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
113 {
114  const char *pem = BSTR(buf);
115  check_expected(filename);
116  check_expected(pem);
117 
118  return mock_type(bool);
119 }
120 
121 struct buffer
122 __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
123 {
124  check_expected(filename);
125 
126  const char *pem_str = mock_ptr_type(const char *);
127  struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
128  buf_write(&ret, pem_str, strlen(pem_str) + 1);
129 
130  return ret;
131 }
132 
133 
135 int
136 __wrap_rand_bytes(uint8_t *output, int len)
137 {
138  for (int i = 0; i < len; i++)
139  {
140  output[i] = i;
141  }
142  return true;
143 }
144 
147  struct key_type kt;
148  struct buffer source;
151 };
152 
153 
154 static int
155 test_tls_crypt_setup(void **state)
156 {
157  struct test_tls_crypt_context *ctx = calloc(1, sizeof(*ctx));
158  *state = ctx;
159 
160  struct key key = { 0 };
161 
162  ctx->kt = tls_crypt_kt();
163  if (!ctx->kt.cipher || !ctx->kt.digest)
164  {
165  return 0;
166  }
167  init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
168  init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
169 
170  packet_id_init(&ctx->co.packet_id, 0, 0, "test", 0);
171 
172  ctx->source = alloc_buf(TESTBUF_SIZE);
175 
176  /* Write test plaintext */
177  const char *plaintext = "1234567890";
178  buf_write(&ctx->source, plaintext, strlen(plaintext));
179 
180  /* Write test ciphertext */
181  const char *ciphertext = "012345678";
182  buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
183 
184  return 0;
185 }
186 
187 static int
189 {
190  struct test_tls_crypt_context *ctx =
191  (struct test_tls_crypt_context *)*state;
192 
193  free_buf(&ctx->source);
194  free_buf(&ctx->ciphertext);
195  free_buf(&ctx->unwrapped);
196 
198 
199  free(ctx);
200 
201  return 0;
202 }
203 
204 static void
206 {
207  if (!ctx->kt.cipher || !ctx->kt.digest)
208  {
209  skip();
210  }
211 }
212 
216 static void
217 tls_crypt_loopback(void **state)
218 {
219  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
220 
222 
223  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
224  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
225  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
226  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
227  assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
228  BLEN(&ctx->source));
229 }
230 
231 
235 static void
237 {
238  struct test_tls_crypt_context *ctx =
239  (struct test_tls_crypt_context *)*state;
240 
241  struct gc_arena gc = gc_new();
242 
243  struct tls_multi multi = { 0 };
244  struct tls_session session = { 0 };
245 
246  struct tls_options tls_opt = { 0 };
247  tls_opt.replay_window = 32;
248  tls_opt.replay_time = 60;
249  tls_opt.frame.buf.payload_size = 512;
250  session.opt = &tls_opt;
251 
253 
254  struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg;
255 
256  tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
257  assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
258 
259  uint8_t expected_ciphertext[] = {
260  0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xe3, 0x19, 0x27, 0x7f, 0x1c, 0x8d, 0x6e, 0x6a,
261  0x77, 0x96, 0xa8, 0x55, 0x33, 0x7b, 0x9c, 0xfb, 0x56, 0xe1, 0xf1, 0x3a, 0x87, 0x0e, 0x66, 0x47,
262  0xdf, 0xa1, 0x95, 0xc9, 0x2c, 0x17, 0xa0, 0x15, 0xba, 0x49, 0x67, 0xa1, 0x1d, 0x55, 0xea, 0x1a,
263  0x06, 0xa7
264  };
265  assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
266  tls_wrap_free(&session.tls_wrap_reneg);
267 
268  /* Use previous tls-crypt key as 0x00, with xor we should have the same key
269  * and expect the same result */
270  session.tls_wrap.mode = TLS_WRAP_CRYPT;
271  memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00, sizeof(session.tls_wrap.original_wrap_keydata.keys));
272  session.tls_wrap.original_wrap_keydata.n = 2;
273 
275  tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
276  assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
277 
278  assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
279  tls_wrap_free(&session.tls_wrap_reneg);
280 
281  /* XOR should not force a different key */
282  memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42, sizeof(session.tls_wrap.original_wrap_keydata.keys));
284 
285  tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
286  assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
287 
288  /* packet id at the start should be equal */
289  assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, 8);
290 
291  /* Skip packet id */
292  buf_advance(&rctx->work, 8);
293  assert_memory_not_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
294  tls_wrap_free(&session.tls_wrap_reneg);
295 
296 
297  gc_free(&gc);
298 }
299 
303 static void
305 {
306  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
307 
309 
310  buf_clear(&ctx->source);
311 
312  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
313  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
314  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
315  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
316  assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
317  BLEN(&ctx->source));
318 }
319 
323 static void
325 {
326  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
327 
329 
330  buf_clear(&ctx->source);
331  assert_non_null(buf_write_alloc(&ctx->source,
333 
334  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
335  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
336  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
337  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
338  assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
339  BLEN(&ctx->source));
340 }
341 
345 static void
347 {
348  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
349 
351 
352  buf_clear(&ctx->source);
353  assert_non_null(buf_write_alloc(&ctx->source,
355  assert_false(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
356 }
357 
362 static void
364 {
365  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
366 
368 
369  /* Change decrypt key */
370  struct key key = { { 1 } };
372  init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
373 
374  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
375  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
376  assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
377 }
378 
382 static void
384 {
385  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
386 
388 
389  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
390  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
391  struct buffer tmp = ctx->ciphertext;
392  assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
393  buf_clear(&ctx->unwrapped);
394  assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
395 }
396 
402 static void
404 {
405  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
406 
408 
409  ctx->co.flags |= CO_IGNORE_PACKET_ID;
410 
411  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
412  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
413  struct buffer tmp = ctx->ciphertext;
414  assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
415  buf_clear(&ctx->unwrapped);
416  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
417 }
418 
420  struct gc_arena gc;
425  struct buffer metadata;
427  struct buffer wkc;
428 };
429 
430 static int
432 {
433  struct test_tls_crypt_v2_context *ctx = calloc(1, sizeof(*ctx));
434  *state = ctx;
435 
436  ctx->gc = gc_new();
437 
438  /* Slightly longer buffers to be able to test too-long data */
441  &ctx->gc);
442  ctx->wkc = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN+16, &ctx->gc);
443 
444  /* Generate server key */
445  rand_bytes((void *)ctx->server_key2.keys, sizeof(ctx->server_key2.keys));
446  ctx->server_key2.n = 2;
447  struct key_type kt = tls_crypt_kt();
450  "tls-crypt-v2 server key");
451 
452  /* Generate client key */
453  rand_bytes((void *)ctx->client_key2.keys, sizeof(ctx->client_key2.keys));
454  ctx->client_key2.n = 2;
455 
456  return 0;
457 }
458 
459 static int
461 {
462  struct test_tls_crypt_v2_context *ctx =
463  (struct test_tls_crypt_v2_context *) *state;
464 
467 
468  gc_free(&ctx->gc);
469 
470  free(ctx);
471 
472  return 0;
473 }
474 
478 static void
480 {
481  struct test_tls_crypt_v2_context *ctx =
482  (struct test_tls_crypt_v2_context *) *state;
483 
484  struct buffer wrapped_client_key = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN,
485  &ctx->gc);
486  assert_true(tls_crypt_v2_wrap_client_key(&wrapped_client_key,
487  &ctx->client_key2,
488  &ctx->metadata,
489  &ctx->server_keys.encrypt,
490  &ctx->gc));
491 
492  struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
493  &ctx->gc);
494  struct key2 unwrapped_client_key2 = { 0 };
495  assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
496  &unwrap_metadata,
497  wrapped_client_key,
498  &ctx->server_keys.decrypt));
499 
500  assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
501  sizeof(ctx->client_key2.keys)));
502 }
503 
508 static void
510 {
511  struct test_tls_crypt_v2_context *ctx =
512  (struct test_tls_crypt_v2_context *) *state;
513 
514  uint8_t *metadata =
517  assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
518  &ctx->metadata,
519  &ctx->server_keys.encrypt,
520  &ctx->gc));
521 
522  struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
523  &ctx->gc);
524  struct key2 unwrapped_client_key2 = { 0 };
525  assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
526  &unwrap_metadata, ctx->wkc,
527  &ctx->server_keys.decrypt));
528 
529  assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
530  sizeof(ctx->client_key2.keys)));
531  assert_true(buf_equal(&ctx->metadata, &unwrap_metadata));
532 
533  struct tls_wrap_ctx wrap_ctx = {
534  .mode = TLS_WRAP_CRYPT,
535  .tls_crypt_v2_server_key = ctx->server_keys.encrypt,
536  };
537  assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL));
538  tls_wrap_free(&wrap_ctx);
539 }
540 
545 static void
547 {
548  struct test_tls_crypt_v2_context *ctx =
549  (struct test_tls_crypt_v2_context *) *state;
550 
551  assert_true(buf_inc_len(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN+1));
552  assert_false(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
553  &ctx->metadata,
554  &ctx->server_keys.encrypt,
555  &ctx->gc));
556 }
557 
562 static void
564 {
565  struct test_tls_crypt_v2_context *ctx =
566  (struct test_tls_crypt_v2_context *) *state;
567 
568  assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
569  &ctx->metadata,
570  &ctx->server_keys.encrypt,
571  &ctx->gc));
572 
573  /* Change server key */
574  struct key_type kt = tls_crypt_kt();
576  memset(&ctx->server_key2.keys, 0, sizeof(ctx->server_key2.keys));
579  "wrong tls-crypt-v2 server key");
580 
581 
582  struct key2 unwrapped_client_key2 = { 0 };
583  assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
584  &ctx->unwrapped_metadata,
585  ctx->wkc,
586  &ctx->server_keys.decrypt));
587 
588  const struct key2 zero = { 0 };
589  assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
590  assert_true(0 == BLEN(&ctx->unwrapped_metadata));
591 }
592 
597 static void
599 {
600  struct test_tls_crypt_v2_context *ctx =
601  (struct test_tls_crypt_v2_context *) *state;
602 
603  uint8_t *metadata =
606  assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
607  &ctx->metadata,
608  &ctx->server_keys.encrypt,
609  &ctx->gc));
610 
611  struct key2 unwrapped_client_key2 = { 0 };
612  struct buffer unwrapped_metadata =
614  assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
615  &unwrapped_metadata, ctx->wkc,
616  &ctx->server_keys.decrypt));
617 
618  const struct key2 zero = { 0 };
619  assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
620  assert_true(0 == BLEN(&ctx->unwrapped_metadata));
621 }
622 
623 static void
625 {
626  const char *filename = "testfilename.key";
627 
628  expect_string(__wrap_buffer_write_file, filename, filename);
629  expect_memory(__wrap_buffer_write_file, pem, test_server_key,
630  strlen(test_server_key));
631  will_return(__wrap_buffer_write_file, true);
632 
634 }
635 
636 static void
638 {
639  const char *filename = "testfilename.key";
640 
641  /* Test writing the client key */
642  expect_string(__wrap_buffer_write_file, filename, filename);
643  expect_memory(__wrap_buffer_write_file, pem, test_client_key,
644  strlen(test_client_key));
645  will_return(__wrap_buffer_write_file, true);
646 
647  /* Key generation re-reads the created file as a sanity check */
648  expect_string(__wrap_buffer_read_from_file, filename, filename);
650 
652 }
653 
654 static void
656 {
657  const char *filename = "testfilename.key";
658  const char *b64metadata = "AABBCCDD";
659 
660  /* Test writing the client key */
661  expect_string(__wrap_buffer_write_file, filename, filename);
663  strlen(test_client_key_metadata));
664  will_return(__wrap_buffer_write_file, true);
665 
666  /* Key generation re-reads the created file as a sanity check */
667  expect_string(__wrap_buffer_read_from_file, filename, filename);
669 
671  true);
672 }
673 
674 int
675 main(void)
676 {
678  const struct CMUnitTest tests[] = {
679  cmocka_unit_test_setup_teardown(tls_crypt_loopback,
682  cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len,
685  cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len,
688  cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long,
691  cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key,
694  cmocka_unit_test_setup_teardown(tls_crypt_fail_replay,
697  cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay,
700  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_no_metadata,
703  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_max_metadata,
706  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_too_long_metadata,
709  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_wrong_key,
712  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_dst_too_small,
715  cmocka_unit_test_setup_teardown(test_tls_crypt_secure_reneg_key,
718  cmocka_unit_test(test_tls_crypt_v2_write_server_key_file),
719  cmocka_unit_test(test_tls_crypt_v2_write_client_key_file),
721  };
722 
723 #if defined(ENABLE_CRYPTO_OPENSSL)
724  OpenSSL_add_all_algorithms();
725 #endif
726 
727  int ret = cmocka_run_group_tests_name("tls-crypt tests", tests, NULL, NULL);
728 
729 #if defined(ENABLE_CRYPTO_OPENSSL)
730  EVP_cleanup();
731 #endif
732 
733  return ret;
734 }
test_tls_crypt_v2_context::wkc
struct buffer wkc
Definition: test_tls_crypt.c:427
test_tls_crypt_v2_context
Definition: test_tls_crypt.c:419
key2::n
int n
The number of key objects stored in the key2.keys array.
Definition: crypto.h:181
tls_crypt_v2_wrap_unwrap_wrong_key
static void tls_crypt_v2_wrap_unwrap_wrong_key(void **state)
Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected.
Definition: test_tls_crypt.c:563
TLS_CRYPT_V2_MAX_METADATA_LEN
#define TLS_CRYPT_V2_MAX_METADATA_LEN
Definition: tls_crypt.h:101
tls_crypt_v2_wrap_too_long_metadata
static void tls_crypt_v2_wrap_too_long_metadata(void **state)
Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected.
Definition: test_tls_crypt.c:546
KEY_DIRECTION_BIDIRECTIONAL
#define KEY_DIRECTION_BIDIRECTIONAL
Definition: crypto.h:171
test_tls_crypt_context::unwrapped
struct buffer unwrapped
Definition: test_tls_crypt.c:150
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1030
tls_crypt_ignore_replay
static void tls_crypt_ignore_replay(void **state)
Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set.
Definition: test_tls_crypt.c:403
tls_options::frame
struct frame frame
Definition: ssl_common.h:373
tls_crypt_fail_invalid_key
static void tls_crypt_fail_invalid_key(void **state)
Check that packets that were wrapped (or unwrapped) with a different key are not accepted.
Definition: test_tls_crypt.c:363
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
packet_id_init
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition: packet_id.c:79
skip_if_tls_crypt_not_supported
static void skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx)
Definition: test_tls_crypt.c:205
PARAM1
#define PARAM1
Definition: test_tls_crypt.c:57
TLS_CRYPT_V2_MAX_WKC_LEN
#define TLS_CRYPT_V2_MAX_WKC_LEN
Definition: tls_crypt.h:97
tls_crypt_unwrap
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
Definition: tls_crypt.c:222
test_common.h
__wrap_parse_line
int __wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: test_tls_crypt.c:102
BSTR
#define BSTR(buf)
Definition: buffer.h:129
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
tls_crypt_v2_write_client_key_file
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, bool server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
Definition: tls_crypt.c:681
tls_options::replay_time
int replay_time
Definition: ssl_common.h:361
buf_clear
void buf_clear(struct buffer *buf)
Definition: buffer.c:162
key_ctx_bi::encrypt
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition: crypto.h:219
tls_wrap_ctx::TLS_WRAP_CRYPT
@ TLS_WRAP_CRYPT
Control channel encryption and authentication.
Definition: ssl_common.h:271
test_tls_crypt_v2_teardown
static int test_tls_crypt_v2_teardown(void **state)
Definition: test_tls_crypt.c:460
tls_crypt_buf_overhead
int tls_crypt_buf_overhead(void)
Returns the maximum overhead (in bytes) added to the destination buffer by tls_crypt_wrap().
Definition: tls_crypt.c:55
tls_multi
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:590
tls_wrap_free
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
Definition: ssl.h:475
init_key_ctx_bi
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition: crypto.c:869
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
tls_crypt_fail_replay
static void tls_crypt_fail_replay(void **state)
Check that replayed packets are not accepted.
Definition: test_tls_crypt.c:383
buf_equal
static bool buf_equal(const struct buffer *a, const struct buffer *b)
Return true if buffer contents are equal.
Definition: buffer.h:842
test_tls_crypt_setup
static int test_tls_crypt_setup(void **state)
Definition: test_tls_crypt.c:155
free_key_ctx_bi
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition: crypto.c:906
test_client_key_metadata
static const char * test_client_key_metadata
Definition: test_tls_crypt.c:85
key_ctx_bi
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
Definition: crypto.h:217
tls_wrap_ctx::opt
struct crypto_options opt
Crypto state.
Definition: ssl_common.h:273
buf_advance
static bool buf_advance(struct buffer *buf, int size)
Definition: buffer.h:623
buf_inc_len
static bool buf_inc_len(struct buffer *buf, int inc)
Definition: buffer.h:595
tls_crypt_kt
static struct key_type tls_crypt_kt(void)
Definition: tls_crypt.c:49
tls_options
Definition: ssl_common.h:296
test_tls_crypt_v2_context::gc
struct gc_arena gc
Definition: test_tls_crypt.c:420
BLEN
#define BLEN(buf)
Definition: buffer.h:127
tls_crypt_v2_wrap_client_key
static bool tls_crypt_v2_wrap_client_key(struct buffer *wkc, const struct key2 *src_key, const struct buffer *src_metadata, struct key_ctx *server_key, struct gc_arena *gc)
Definition: tls_crypt.c:385
tls_crypt_fail_msg_too_long
static void tls_crypt_fail_msg_too_long(void **state)
Check that too-long messages are gracefully rejected.
Definition: test_tls_crypt.c:346
key_type::digest
const char * digest
Message digest static parameters.
Definition: crypto.h:142
frame::payload_size
int payload_size
the maximum size that a payload that our buffers can hold from either tun device or network link.
Definition: mtu.h:102
tls_wrap_ctx
Control channel wrapping (–tls-auth/–tls-crypt) context.
Definition: ssl_common.h:266
test_tls_crypt_context
Definition: test_tls_crypt.c:145
tls_wrap_ctx::work
struct buffer work
Work buffer (only for –tls-crypt)
Definition: ssl_common.h:274
test_server_key
static const char * test_server_key
Definition: test_tls_crypt.c:60
init_key_ctx
void init_key_ctx(struct key_ctx *ctx, const struct key *key, const struct key_type *kt, int enc, const char *prefix)
Definition: crypto.c:824
test_tls_crypt_v2_context::client_key2
struct key2 client_key2
Definition: test_tls_crypt.c:423
test_tls_crypt_v2_write_client_key_file
static void test_tls_crypt_v2_write_client_key_file(void **state)
Definition: test_tls_crypt.c:637
tls_crypt_loopback
static void tls_crypt_loopback(void **state)
Check that short messages are successfully wrapped-and-unwrapped.
Definition: test_tls_crypt.c:217
tls_crypt_wrap
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
Definition: tls_crypt.c:145
test_tls_crypt_v2_write_server_key_file
static void test_tls_crypt_v2_write_server_key_file(void **state)
Definition: test_tls_crypt.c:624
__wrap_buffer_write_file
bool __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
Definition: test_tls_crypt.c:112
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: test_tls_crypt.c:43
test_tls_crypt_v2_context::client_key
struct key_ctx_bi client_key
Definition: test_tls_crypt.c:424
test_client_key
static const char * test_client_key
Definition: test_tls_crypt.c:67
test_tls_crypt_context::kt
struct key_type kt
Definition: test_tls_crypt.c:147
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
rand_bytes
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
Definition: crypto_openssl.c:592
main
int main(void)
Definition: test_tls_crypt.c:675
key_type
Definition: crypto.h:139
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:673
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:471
frame::buf
struct frame::@6 buf
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
tls_crypt_loopback_zero_len
static void tls_crypt_loopback_zero_len(void **state)
Check that zero-byte messages are successfully wrapped-and-unwrapped.
Definition: test_tls_crypt.c:304
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
key_type::cipher
const char * cipher
const name of the cipher
Definition: crypto.h:141
tls_crypt_v2_unwrap_client_key
static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key)
Definition: tls_crypt.c:442
openvpn_unit_test_setup
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition: test_common.h:36
test_tls_crypt_context::source
struct buffer source
Definition: test_tls_crypt.c:148
test_tls_crypt_context::ciphertext
struct buffer ciphertext
Definition: test_tls_crypt.c:149
test_tls_crypt_secure_reneg_key
static void test_tls_crypt_secure_reneg_key(void **state)
Test generating dynamic tls-crypt key.
Definition: test_tls_crypt.c:236
free_buf
void free_buf(struct buffer *buf)
Definition: buffer.c:183
free_key_ctx
void free_key_ctx(struct key_ctx *ctx)
Definition: crypto.c:889
__wrap_rand_bytes
int __wrap_rand_bytes(uint8_t *output, int len)
Predictable random for tests.
Definition: test_tls_crypt.c:136
test_tls_crypt_v2_context::server_key2
struct key2 server_key2
Definition: test_tls_crypt.c:421
buf_len
static int buf_len(const struct buffer *buf)
Definition: buffer.h:253
TESTBUF_SIZE
#define TESTBUF_SIZE
Definition: test_tls_crypt.c:52
test_tls_crypt_teardown
static int test_tls_crypt_teardown(void **state)
Definition: test_tls_crypt.c:188
tls_crypt_v2_wrap_unwrap_max_metadata
static void tls_crypt_v2_wrap_unwrap_max_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata.
Definition: test_tls_crypt.c:509
PATH1
#define PATH1
Definition: test_tls_crypt.c:55
PATH2
#define PATH2
Definition: test_tls_crypt.c:56
tls_crypt_v2_wrap_unwrap_no_metadata
static void tls_crypt_v2_wrap_unwrap_no_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key without metadata.
Definition: test_tls_crypt.c:479
tls_crypt_v2_extract_client_key
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
Definition: tls_crypt.c:613
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1038
tls_options::replay_window
int replay_window
Definition: ssl_common.h:360
crypto_options::key_ctx_bi
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition: crypto.h:232
buf_write_alloc
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition: buffer.h:640
config.h
test_tls_crypt_v2_context::metadata
struct buffer metadata
Definition: test_tls_crypt.c:425
test_tls_crypt_v2_setup
static int test_tls_crypt_v2_setup(void **state)
Definition: test_tls_crypt.c:431
PARAM2
#define PARAM2
Definition: test_tls_crypt.c:58
key2
Container for bidirectional cipher and HMAC key material.
Definition: crypto.h:179
CO_IGNORE_PACKET_ID
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition: crypto.h:253
session
Definition: keyingmaterialexporter.c:56
crypto_options::packet_id
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition: crypto.h:236
tls_crypt_loopback_max_len
static void tls_crypt_loopback_max_len(void **state)
Check that max-length messages are successfully wrapped-and-unwrapped.
Definition: test_tls_crypt.c:324
tls_crypt.c
crypto_options::flags
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition: crypto.h:283
key2::keys
struct key keys[2]
Two unidirectional sets of key material.
Definition: crypto.h:183
alloc_buf
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
tls_wrap_ctx::mode
enum tls_wrap_ctx::@17 mode
Control channel wrapping mode.
test_tls_crypt_v2_context::server_keys
struct key_ctx_bi server_keys
Definition: test_tls_crypt.c:422
test_tls_crypt_context::co
struct crypto_options co
Definition: test_tls_crypt.c:146
test_tls_crypt_v2_context::unwrapped_metadata
struct buffer unwrapped_metadata
Definition: test_tls_crypt.c:426
key_ctx_bi::decrypt
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
Definition: crypto.h:221
tls_session_generate_dynamic_tls_crypt_key
bool tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi, struct tls_session *session)
Generates a TLS-Crypt key to be used with dynamic tls-crypt using the TLS EKM exporter function.
Definition: tls_crypt.c:98
__wrap_buffer_read_from_file
struct buffer __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
Definition: test_tls_crypt.c:122
test_tls_crypt_v2_write_client_key_file_metadata
static void test_tls_crypt_v2_write_client_key_file_metadata(void **state)
Definition: test_tls_crypt.c:655
tls_crypt_v2_wrap_unwrap_dst_too_small
static void tls_crypt_v2_wrap_unwrap_dst_too_small(void **state)
Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected.
Definition: test_tls_crypt.c:598
crypto_options
Security parameter state for processing data channel packets.
Definition: crypto.h:230
tls_crypt_v2_write_server_key_file
void tls_crypt_v2_write_server_key_file(const char *filename)
Generate a tls-crypt-v2 server key, and write to file.
Definition: tls_crypt.c:675