OpenVPN
test_tls_crypt.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <setjmp.h>
35 #include <cmocka.h>
36 
37 #include "tls_crypt.c"
38 
39 #include "mock_msg.h"
40 
41 /* Define this function here as dummy since including the ssl_*.c files
42  * leads to having to include even more unrelated code */
43 bool
45  const char *label, size_t label_size,
46  void *ekm, size_t ekm_size)
47 {
48  memset(ekm, 0xba, ekm_size);
49  return true;
50 }
51 
52 
53 #define TESTBUF_SIZE 128
54 
55 /* Defines for use in the tests and the mock parse_line() */
56 #define PATH1 "/s p a c e"
57 #define PATH2 "/foo bar/baz"
58 #define PARAM1 "param1"
59 #define PARAM2 "param two"
60 
61 static const char *test_server_key = \
62  "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
63  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
64  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
65  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn8=\n"
66  "-----END OpenVPN tls-crypt-v2 server key-----\n";
67 
68 static const char *test_client_key = \
69  "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
70  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
71  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
72  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
73  "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
74  "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
75  "8PHy8/T19vf4+fr7/P3+/xd9pcB0qUYZsWvkrLcfGmzPJPM8a7r0mEWdXwbDadSV\n"
76  "LHg5bv2TwlmPR3HgaMr8o9LTh9hxUTkrH3S0PfKRNwcso86ua/dBFTyXsM9tg4aw\n"
77  "3dS6ogH9AkaT+kRRDgNcKWkQCbwmJK2JlfkXHBwbAtmn78AkNuho6QCFqCdqGab3\n"
78  "zh2vheFqGMPdGpukbFrT3rcO3VLxUeG+RdzXiMTCpJSovFBP1lDkYwYJPnz6daEh\n"
79  "j0TzJ3BVru9W3CpotdNt7u09knxAfpCxjtrP3semsDew/gTBtcfQ/OoTFyFHnN5k\n"
80  "RZ+q17SC4nba3Pp8/Fs0+hSbv2tJozoD8SElFq7SIWJsciTYh8q8f5yQxjdt4Wxu\n"
81  "/Z5wtPCAZ0tOzj4ItTI77fBOYRTfEayzHgEr\n"
82  "-----END OpenVPN tls-crypt-v2 client key-----\n";
83 
84 
85 /* Has custom metadata of AABBCCDD (base64) */
86 static const char *test_client_key_metadata = \
87  "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
88  "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
89  "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
90  "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
91  "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
92  "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
93  "8PHy8/T19vf4+fr7/P3+/2ntp1WCqhcLjJQY/igkjNt3Yb6i0neqFkfrOp2UCDcz\n"
94  "6RSJtPLZbvOOKUHk2qwxPYUsFCnz/IWV6/ZiLRrabzUpS8oSN1HS6P7qqAdrHKgf\n"
95  "hVTHasdSf2UdMTPC7HBgnP9Ll0FhKN0h7vSzbbt7QM7wH9mr1ecc/Mt0SYW2lpwA\n"
96  "aJObYGTyk6hTgWm0g/MLrworLrezTqUHBZzVsu+LDyqLWK1lzJNd66MuNOsGA4YF\n"
97  "fbCsDh8n3H+Cw1k5YNBZDYYJOtVUgBWXheO6vgoOmqDdI0dAQ3hVo9DE+SkCFjgf\n"
98  "l4FY2yLEh9ZVZZrl1eD1Owh/X178CkHrBJYl9LNQSyQEKlDGWwBLQ/pY3qtjctr3\n"
99  "pV62MPQdBo+1lcsjDCJVQA6XUyltas4BKQ==\n"
100  "-----END OpenVPN tls-crypt-v2 client key-----\n";
101 
102 int
103 __wrap_parse_line(const char *line, char **p, const int n, const char *file,
104  const int line_num, int msglevel, struct gc_arena *gc)
105 {
106  p[0] = PATH1 PATH2;
107  p[1] = PARAM1;
108  p[2] = PARAM2;
109  return 3;
110 }
111 
112 bool
113 __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
114 {
115  const char *pem = BSTR(buf);
116  check_expected(filename);
117  check_expected(pem);
118 
119  return mock_type(bool);
120 }
121 
122 struct buffer
123 __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
124 {
125  check_expected(filename);
126 
127  const char *pem_str = mock_ptr_type(const char *);
128  struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
129  buf_write(&ret, pem_str, strlen(pem_str) + 1);
130 
131  return ret;
132 }
133 
134 
136 int
137 __wrap_rand_bytes(uint8_t *output, int len)
138 {
139  for (int i = 0; i < len; i++)
140  {
141  output[i] = i;
142  }
143  return true;
144 }
145 
148  struct key_type kt;
149  struct buffer source;
152 };
153 
154 
155 static int
156 test_tls_crypt_setup(void **state)
157 {
158  struct test_tls_crypt_context *ctx = calloc(1, sizeof(*ctx));
159  *state = ctx;
160 
161  struct key key = { 0 };
162 
163  ctx->kt = tls_crypt_kt();
164  if (!ctx->kt.cipher || !ctx->kt.digest)
165  {
166  return 0;
167  }
168  init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
169  init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
170 
171  packet_id_init(&ctx->co.packet_id, 0, 0, "test", 0);
172 
173  ctx->source = alloc_buf(TESTBUF_SIZE);
176 
177  /* Write test plaintext */
178  const char *plaintext = "1234567890";
179  buf_write(&ctx->source, plaintext, strlen(plaintext));
180 
181  /* Write test ciphertext */
182  const char *ciphertext = "012345678";
183  buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
184 
185  return 0;
186 }
187 
188 static int
190 {
191  struct test_tls_crypt_context *ctx =
192  (struct test_tls_crypt_context *)*state;
193 
194  free_buf(&ctx->source);
195  free_buf(&ctx->ciphertext);
196  free_buf(&ctx->unwrapped);
197 
199 
200  free(ctx);
201 
202  return 0;
203 }
204 
205 static void
207 {
208  if (!ctx->kt.cipher || !ctx->kt.digest)
209  {
210  skip();
211  }
212 }
213 
217 static void
218 tls_crypt_loopback(void **state)
219 {
220  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
221 
223 
224  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
225  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
226  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
227  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
228  assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
229  BLEN(&ctx->source));
230 }
231 
232 
236 static void
238 {
239  struct test_tls_crypt_context *ctx =
240  (struct test_tls_crypt_context *)*state;
241 
242  struct gc_arena gc = gc_new();
243 
244  struct tls_multi multi = { 0 };
245  struct tls_session session = { 0 };
246 
247  struct tls_options tls_opt = { 0 };
248  tls_opt.replay_window = 32;
249  tls_opt.replay_time = 60;
250  tls_opt.frame.buf.payload_size = 512;
251  session.opt = &tls_opt;
252 
254 
255  struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg;
256 
257  tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
258  assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
259 
260  uint8_t expected_ciphertext[] = {
261  0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xe3, 0x19, 0x27, 0x7f, 0x1c, 0x8d, 0x6e, 0x6a,
262  0x77, 0x96, 0xa8, 0x55, 0x33, 0x7b, 0x9c, 0xfb, 0x56, 0xe1, 0xf1, 0x3a, 0x87, 0x0e, 0x66, 0x47,
263  0xdf, 0xa1, 0x95, 0xc9, 0x2c, 0x17, 0xa0, 0x15, 0xba, 0x49, 0x67, 0xa1, 0x1d, 0x55, 0xea, 0x1a,
264  0x06, 0xa7
265  };
266  assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
267  tls_wrap_free(&session.tls_wrap_reneg);
268 
269  /* Use previous tls-crypt key as 0x00, with xor we should have the same key
270  * and expect the same result */
271  session.tls_wrap.mode = TLS_WRAP_CRYPT;
272  memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00, sizeof(session.tls_wrap.original_wrap_keydata.keys));
273  session.tls_wrap.original_wrap_keydata.n = 2;
274 
276  tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
277  assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
278 
279  assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
280  tls_wrap_free(&session.tls_wrap_reneg);
281 
282  /* XOR should not force a different key */
283  memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42, sizeof(session.tls_wrap.original_wrap_keydata.keys));
285 
286  tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
287  assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
288 
289  /* packet id at the start should be equal */
290  assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, 8);
291 
292  /* Skip packet id */
293  buf_advance(&rctx->work, 8);
294  assert_memory_not_equal(BPTR(&rctx->work), expected_ciphertext, buf_len(&rctx->work));
295  tls_wrap_free(&session.tls_wrap_reneg);
296 
297 
298  gc_free(&gc);
299 }
300 
304 static void
306 {
307  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
308 
310 
311  buf_clear(&ctx->source);
312 
313  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
314  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
315  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
316  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
317  assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
318  BLEN(&ctx->source));
319 }
320 
324 static void
326 {
327  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
328 
330 
331  buf_clear(&ctx->source);
332  assert_non_null(buf_write_alloc(&ctx->source,
334 
335  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
336  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
337  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
338  assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
339  assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped),
340  BLEN(&ctx->source));
341 }
342 
346 static void
348 {
349  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
350 
352 
353  buf_clear(&ctx->source);
354  assert_non_null(buf_write_alloc(&ctx->source,
356  assert_false(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
357 }
358 
363 static void
365 {
366  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
367 
369 
370  /* Change decrypt key */
371  struct key key = { { 1 } };
373  init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
374 
375  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
376  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
377  assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
378 }
379 
383 static void
385 {
386  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
387 
389 
390  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
391  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
392  struct buffer tmp = ctx->ciphertext;
393  assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
394  buf_clear(&ctx->unwrapped);
395  assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
396 }
397 
403 static void
405 {
406  struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state;
407 
409 
410  ctx->co.flags |= CO_IGNORE_PACKET_ID;
411 
412  assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
413  assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
414  struct buffer tmp = ctx->ciphertext;
415  assert_true(tls_crypt_unwrap(&tmp, &ctx->unwrapped, &ctx->co));
416  buf_clear(&ctx->unwrapped);
417  assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
418 }
419 
421  struct gc_arena gc;
426  struct buffer metadata;
428  struct buffer wkc;
429 };
430 
431 static int
433 {
434  struct test_tls_crypt_v2_context *ctx = calloc(1, sizeof(*ctx));
435  *state = ctx;
436 
437  ctx->gc = gc_new();
438 
439  /* Slightly longer buffers to be able to test too-long data */
442  &ctx->gc);
443  ctx->wkc = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN+16, &ctx->gc);
444 
445  /* Generate server key */
446  rand_bytes((void *)ctx->server_key2.keys, sizeof(ctx->server_key2.keys));
447  ctx->server_key2.n = 2;
448  struct key_type kt = tls_crypt_kt();
451  "tls-crypt-v2 server key");
452 
453  /* Generate client key */
454  rand_bytes((void *)ctx->client_key2.keys, sizeof(ctx->client_key2.keys));
455  ctx->client_key2.n = 2;
456 
457  return 0;
458 }
459 
460 static int
462 {
463  struct test_tls_crypt_v2_context *ctx =
464  (struct test_tls_crypt_v2_context *) *state;
465 
468 
469  gc_free(&ctx->gc);
470 
471  free(ctx);
472 
473  return 0;
474 }
475 
479 static void
481 {
482  struct test_tls_crypt_v2_context *ctx =
483  (struct test_tls_crypt_v2_context *) *state;
484 
485  struct buffer wrapped_client_key = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN,
486  &ctx->gc);
487  assert_true(tls_crypt_v2_wrap_client_key(&wrapped_client_key,
488  &ctx->client_key2,
489  &ctx->metadata,
490  &ctx->server_keys.encrypt,
491  &ctx->gc));
492 
493  struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
494  &ctx->gc);
495  struct key2 unwrapped_client_key2 = { 0 };
496  assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
497  &unwrap_metadata,
498  wrapped_client_key,
499  &ctx->server_keys.decrypt));
500 
501  assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
502  sizeof(ctx->client_key2.keys)));
503 }
504 
509 static void
511 {
512  struct test_tls_crypt_v2_context *ctx =
513  (struct test_tls_crypt_v2_context *) *state;
514 
515  uint8_t *metadata =
518  assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
519  &ctx->metadata,
520  &ctx->server_keys.encrypt,
521  &ctx->gc));
522 
523  struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN,
524  &ctx->gc);
525  struct key2 unwrapped_client_key2 = { 0 };
526  assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
527  &unwrap_metadata, ctx->wkc,
528  &ctx->server_keys.decrypt));
529 
530  assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys,
531  sizeof(ctx->client_key2.keys)));
532  assert_true(buf_equal(&ctx->metadata, &unwrap_metadata));
533 
534  struct tls_wrap_ctx wrap_ctx = {
535  .mode = TLS_WRAP_CRYPT,
536  .tls_crypt_v2_server_key = ctx->server_keys.encrypt,
537  };
538  assert_true(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL));
539  tls_wrap_free(&wrap_ctx);
540 }
541 
546 static void
548 {
549  struct test_tls_crypt_v2_context *ctx =
550  (struct test_tls_crypt_v2_context *) *state;
551 
552  assert_true(buf_inc_len(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN+1));
553  assert_false(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
554  &ctx->metadata,
555  &ctx->server_keys.encrypt,
556  &ctx->gc));
557 }
558 
563 static void
565 {
566  struct test_tls_crypt_v2_context *ctx =
567  (struct test_tls_crypt_v2_context *) *state;
568 
569  assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
570  &ctx->metadata,
571  &ctx->server_keys.encrypt,
572  &ctx->gc));
573 
574  /* Change server key */
575  struct key_type kt = tls_crypt_kt();
577  memset(&ctx->server_key2.keys, 0, sizeof(ctx->server_key2.keys));
580  "wrong tls-crypt-v2 server key");
581 
582 
583  struct key2 unwrapped_client_key2 = { 0 };
584  assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
585  &ctx->unwrapped_metadata,
586  ctx->wkc,
587  &ctx->server_keys.decrypt));
588 
589  const struct key2 zero = { 0 };
590  assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
591  assert_true(0 == BLEN(&ctx->unwrapped_metadata));
592 }
593 
598 static void
600 {
601  struct test_tls_crypt_v2_context *ctx =
602  (struct test_tls_crypt_v2_context *) *state;
603 
604  uint8_t *metadata =
607  assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2,
608  &ctx->metadata,
609  &ctx->server_keys.encrypt,
610  &ctx->gc));
611 
612  struct key2 unwrapped_client_key2 = { 0 };
613  struct buffer unwrapped_metadata =
615  assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2,
616  &unwrapped_metadata, ctx->wkc,
617  &ctx->server_keys.decrypt));
618 
619  const struct key2 zero = { 0 };
620  assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero)));
621  assert_true(0 == BLEN(&ctx->unwrapped_metadata));
622 }
623 
624 static void
626 {
627  const char *filename = "testfilename.key";
628 
629  expect_string(__wrap_buffer_write_file, filename, filename);
630  expect_memory(__wrap_buffer_write_file, pem, test_server_key,
631  strlen(test_server_key));
632  will_return(__wrap_buffer_write_file, true);
633 
635 }
636 
637 static void
639 {
640  const char *filename = "testfilename.key";
641 
642  /* Test writing the client key */
643  expect_string(__wrap_buffer_write_file, filename, filename);
644  expect_memory(__wrap_buffer_write_file, pem, test_client_key,
645  strlen(test_client_key));
646  will_return(__wrap_buffer_write_file, true);
647 
648  /* Key generation re-reads the created file as a sanity check */
649  expect_string(__wrap_buffer_read_from_file, filename, filename);
651 
653 }
654 
655 static void
657 {
658  const char *filename = "testfilename.key";
659  const char *b64metadata = "AABBCCDD";
660 
661  /* Test writing the client key */
662  expect_string(__wrap_buffer_write_file, filename, filename);
664  strlen(test_client_key_metadata));
665  will_return(__wrap_buffer_write_file, true);
666 
667  /* Key generation re-reads the created file as a sanity check */
668  expect_string(__wrap_buffer_read_from_file, filename, filename);
670 
672  true);
673 }
674 
675 int
676 main(void)
677 {
678  const struct CMUnitTest tests[] = {
679  cmocka_unit_test_setup_teardown(tls_crypt_loopback,
682  cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len,
685  cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len,
688  cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long,
691  cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key,
694  cmocka_unit_test_setup_teardown(tls_crypt_fail_replay,
697  cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay,
700  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_no_metadata,
703  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_max_metadata,
706  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_too_long_metadata,
709  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_wrong_key,
712  cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_dst_too_small,
715  cmocka_unit_test_setup_teardown(test_tls_crypt_secure_reneg_key,
718  cmocka_unit_test(test_tls_crypt_v2_write_server_key_file),
719  cmocka_unit_test(test_tls_crypt_v2_write_client_key_file),
721  };
722 
723 #if defined(ENABLE_CRYPTO_OPENSSL)
724  OpenSSL_add_all_algorithms();
725 #endif
726 
727  int ret = cmocka_run_group_tests_name("tls-crypt tests", tests, NULL, NULL);
728 
729 #if defined(ENABLE_CRYPTO_OPENSSL)
730  EVP_cleanup();
731 #endif
732 
733  return ret;
734 }
test_tls_crypt_v2_context::wkc
struct buffer wkc
Definition: test_tls_crypt.c:428
test_tls_crypt_v2_context
Definition: test_tls_crypt.c:420
key2::n
int n
The number of key objects stored in the key2.keys array.
Definition: crypto.h:181
tls_crypt_v2_wrap_unwrap_wrong_key
static void tls_crypt_v2_wrap_unwrap_wrong_key(void **state)
Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected.
Definition: test_tls_crypt.c:564
TLS_CRYPT_V2_MAX_METADATA_LEN
#define TLS_CRYPT_V2_MAX_METADATA_LEN
Definition: tls_crypt.h:101
tls_crypt_v2_wrap_too_long_metadata
static void tls_crypt_v2_wrap_too_long_metadata(void **state)
Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected.
Definition: test_tls_crypt.c:547
KEY_DIRECTION_BIDIRECTIONAL
#define KEY_DIRECTION_BIDIRECTIONAL
Definition: crypto.h:171
test_tls_crypt_context::unwrapped
struct buffer unwrapped
Definition: test_tls_crypt.c:151
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1011
tls_crypt_ignore_replay
static void tls_crypt_ignore_replay(void **state)
Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set.
Definition: test_tls_crypt.c:404
tls_options::frame
struct frame frame
Definition: ssl_common.h:371
tls_crypt_fail_invalid_key
static void tls_crypt_fail_invalid_key(void **state)
Check that packets that were wrapped (or unwrapped) with a different key are not accepted.
Definition: test_tls_crypt.c:364
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
packet_id_init
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition: packet_id.c:79
skip_if_tls_crypt_not_supported
static void skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx)
Definition: test_tls_crypt.c:206
PARAM1
#define PARAM1
Definition: test_tls_crypt.c:58
TLS_CRYPT_V2_MAX_WKC_LEN
#define TLS_CRYPT_V2_MAX_WKC_LEN
Definition: tls_crypt.h:97
tls_crypt_unwrap
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
Definition: tls_crypt.c:222
__wrap_parse_line
int __wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num, int msglevel, struct gc_arena *gc)
Definition: test_tls_crypt.c:103
BSTR
#define BSTR(buf)
Definition: buffer.h:129
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
tls_crypt_v2_write_client_key_file
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, bool server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
Definition: tls_crypt.c:681
tls_options::replay_time
int replay_time
Definition: ssl_common.h:359
buf_clear
void buf_clear(struct buffer *buf)
Definition: buffer.c:162
key_ctx_bi::encrypt
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition: crypto.h:219
tls_wrap_ctx::TLS_WRAP_CRYPT
@ TLS_WRAP_CRYPT
Control channel encryption and authentication.
Definition: ssl_common.h:268
test_tls_crypt_v2_teardown
static int test_tls_crypt_v2_teardown(void **state)
Definition: test_tls_crypt.c:461
tls_crypt_buf_overhead
int tls_crypt_buf_overhead(void)
Returns the maximum overhead (in bytes) added to the destination buffer by tls_crypt_wrap().
Definition: tls_crypt.c:55
tls_multi
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:587
tls_wrap_free
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
Definition: ssl.h:474
init_key_ctx_bi
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition: crypto.c:868
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
tls_crypt_fail_replay
static void tls_crypt_fail_replay(void **state)
Check that replayed packets are not accepted.
Definition: test_tls_crypt.c:384
buf_equal
static bool buf_equal(const struct buffer *a, const struct buffer *b)
Return true if buffer contents are equal.
Definition: buffer.h:855
test_tls_crypt_setup
static int test_tls_crypt_setup(void **state)
Definition: test_tls_crypt.c:156
free_key_ctx_bi
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition: crypto.c:905
test_client_key_metadata
static const char * test_client_key_metadata
Definition: test_tls_crypt.c:86
key_ctx_bi
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
Definition: crypto.h:217
tls_wrap_ctx::opt
struct crypto_options opt
Crypto state.
Definition: ssl_common.h:270
buf_advance
static bool buf_advance(struct buffer *buf, int size)
Definition: buffer.h:636
buf_inc_len
static bool buf_inc_len(struct buffer *buf, int inc)
Definition: buffer.h:608
tls_crypt_kt
static struct key_type tls_crypt_kt(void)
Definition: tls_crypt.c:49
tls_options
Definition: ssl_common.h:293
test_tls_crypt_v2_context::gc
struct gc_arena gc
Definition: test_tls_crypt.c:421
BLEN
#define BLEN(buf)
Definition: buffer.h:127
tls_crypt_v2_wrap_client_key
static bool tls_crypt_v2_wrap_client_key(struct buffer *wkc, const struct key2 *src_key, const struct buffer *src_metadata, struct key_ctx *server_key, struct gc_arena *gc)
Definition: tls_crypt.c:385
tls_crypt_fail_msg_too_long
static void tls_crypt_fail_msg_too_long(void **state)
Check that too-long messages are gracefully rejected.
Definition: test_tls_crypt.c:347
key_type::digest
const char * digest
Message digest static parameters.
Definition: crypto.h:142
frame::payload_size
int payload_size
the maximum size that a payload that our buffers can hold from either tun device or network link.
Definition: mtu.h:102
tls_wrap_ctx
Control channel wrapping (–tls-auth/–tls-crypt) context.
Definition: ssl_common.h:263
test_tls_crypt_context
Definition: test_tls_crypt.c:146
tls_wrap_ctx::work
struct buffer work
Work buffer (only for –tls-crypt)
Definition: ssl_common.h:271
test_server_key
static const char * test_server_key
Definition: test_tls_crypt.c:61
init_key_ctx
void init_key_ctx(struct key_ctx *ctx, const struct key *key, const struct key_type *kt, int enc, const char *prefix)
Definition: crypto.c:823
test_tls_crypt_v2_context::client_key2
struct key2 client_key2
Definition: test_tls_crypt.c:424
test_tls_crypt_v2_write_client_key_file
static void test_tls_crypt_v2_write_client_key_file(void **state)
Definition: test_tls_crypt.c:638
tls_crypt_loopback
static void tls_crypt_loopback(void **state)
Check that short messages are successfully wrapped-and-unwrapped.
Definition: test_tls_crypt.c:218
tls_crypt_wrap
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
Definition: tls_crypt.c:145
test_tls_crypt_v2_write_server_key_file
static void test_tls_crypt_v2_write_server_key_file(void **state)
Definition: test_tls_crypt.c:625
__wrap_buffer_write_file
bool __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
Definition: test_tls_crypt.c:113
key_state_export_keying_material
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
Definition: test_tls_crypt.c:44
test_tls_crypt_v2_context::client_key
struct key_ctx_bi client_key
Definition: test_tls_crypt.c:425
test_client_key
static const char * test_client_key
Definition: test_tls_crypt.c:68
test_tls_crypt_context::kt
struct key_type kt
Definition: test_tls_crypt.c:148
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
rand_bytes
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
Definition: crypto_openssl.c:571
main
int main(void)
Definition: test_tls_crypt.c:676
key_type
Definition: crypto.h:139
mock_msg.h
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:686
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:468
frame::buf
struct frame::@6 buf
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
tls_crypt_loopback_zero_len
static void tls_crypt_loopback_zero_len(void **state)
Check that zero-byte messages are successfully wrapped-and-unwrapped.
Definition: test_tls_crypt.c:305
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
key_type::cipher
const char * cipher
const name of the cipher
Definition: crypto.h:141
tls_crypt_v2_unwrap_client_key
static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key)
Definition: tls_crypt.c:442
test_tls_crypt_context::source
struct buffer source
Definition: test_tls_crypt.c:149
test_tls_crypt_context::ciphertext
struct buffer ciphertext
Definition: test_tls_crypt.c:150
test_tls_crypt_secure_reneg_key
static void test_tls_crypt_secure_reneg_key(void **state)
Test generating dynamic tls-crypt key.
Definition: test_tls_crypt.c:237
free_buf
void free_buf(struct buffer *buf)
Definition: buffer.c:183
free_key_ctx
void free_key_ctx(struct key_ctx *ctx)
Definition: crypto.c:888
__wrap_rand_bytes
int __wrap_rand_bytes(uint8_t *output, int len)
Predictable random for tests.
Definition: test_tls_crypt.c:137
test_tls_crypt_v2_context::server_key2
struct key2 server_key2
Definition: test_tls_crypt.c:422
buf_len
static int buf_len(const struct buffer *buf)
Definition: buffer.h:253
TESTBUF_SIZE
#define TESTBUF_SIZE
Definition: test_tls_crypt.c:53
test_tls_crypt_teardown
static int test_tls_crypt_teardown(void **state)
Definition: test_tls_crypt.c:189
tls_crypt_v2_wrap_unwrap_max_metadata
static void tls_crypt_v2_wrap_unwrap_max_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata.
Definition: test_tls_crypt.c:510
PATH1
#define PATH1
Definition: test_tls_crypt.c:56
PATH2
#define PATH2
Definition: test_tls_crypt.c:57
tls_crypt_v2_wrap_unwrap_no_metadata
static void tls_crypt_v2_wrap_unwrap_no_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key without metadata.
Definition: test_tls_crypt.c:480
tls_crypt_v2_extract_client_key
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
Definition: tls_crypt.c:613
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1019
tls_options::replay_window
int replay_window
Definition: ssl_common.h:358
crypto_options::key_ctx_bi
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition: crypto.h:232
buf_write_alloc
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition: buffer.h:653
config.h
test_tls_crypt_v2_context::metadata
struct buffer metadata
Definition: test_tls_crypt.c:426
test_tls_crypt_v2_setup
static int test_tls_crypt_v2_setup(void **state)
Definition: test_tls_crypt.c:432
PARAM2
#define PARAM2
Definition: test_tls_crypt.c:59
key2
Container for bidirectional cipher and HMAC key material.
Definition: crypto.h:179
CO_IGNORE_PACKET_ID
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition: crypto.h:253
session
Definition: keyingmaterialexporter.c:56
crypto_options::packet_id
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition: crypto.h:236
tls_crypt_loopback_max_len
static void tls_crypt_loopback_max_len(void **state)
Check that max-length messages are successfully wrapped-and-unwrapped.
Definition: test_tls_crypt.c:325
tls_crypt.c
crypto_options::flags
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition: crypto.h:283
key2::keys
struct key keys[2]
Two unidirectional sets of key material.
Definition: crypto.h:183
alloc_buf
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
tls_wrap_ctx::mode
enum tls_wrap_ctx::@17 mode
Control channel wrapping mode.
test_tls_crypt_v2_context::server_keys
struct key_ctx_bi server_keys
Definition: test_tls_crypt.c:423
test_tls_crypt_context::co
struct crypto_options co
Definition: test_tls_crypt.c:147
test_tls_crypt_v2_context::unwrapped_metadata
struct buffer unwrapped_metadata
Definition: test_tls_crypt.c:427
key_ctx_bi::decrypt
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
Definition: crypto.h:221
tls_session_generate_dynamic_tls_crypt_key
bool tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi, struct tls_session *session)
Generates a TLS-Crypt key to be used with dynamic tls-crypt using the TLS EKM exporter function.
Definition: tls_crypt.c:98
__wrap_buffer_read_from_file
struct buffer __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
Definition: test_tls_crypt.c:123
test_tls_crypt_v2_write_client_key_file_metadata
static void test_tls_crypt_v2_write_client_key_file_metadata(void **state)
Definition: test_tls_crypt.c:656
tls_crypt_v2_wrap_unwrap_dst_too_small
static void tls_crypt_v2_wrap_unwrap_dst_too_small(void **state)
Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected.
Definition: test_tls_crypt.c:599
crypto_options
Security parameter state for processing data channel packets.
Definition: crypto.h:230
tls_crypt_v2_write_server_key_file
void tls_crypt_v2_write_server_key_file(const char *filename)
Generate a tls-crypt-v2 server key, and write to file.
Definition: tls_crypt.c:675