OpenVPN
test_tls_crypt.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2016-2026 Sentyron B.V. <openvpn@sentyron.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include <stdio.h>
30#include <stdlib.h>
31#include <stdarg.h>
32#include <string.h>
33#include <setjmp.h>
34#include <cmocka.h>
35
36#include "test_common.h"
37#include "tls_crypt.c"
38
39/* Define this function here as dummy since including the ssl_*.c files
40 * leads to having to include even more unrelated code */
41bool
42key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size,
43 void *ekm, size_t ekm_size)
44{
45 memset(ekm, 0xba, ekm_size);
46 return true;
47}
48
49
50#define TESTBUF_SIZE 128
51
52/* Defines for use in the tests and the mock parse_line() */
53#define PATH1 "/s p a c e"
54#define PATH2 "/foo bar/baz"
55#define PARAM1 "param1"
56#define PARAM2 "param two"
57
58static const char *test_server_key =
59 "-----BEGIN OpenVPN tls-crypt-v2 server key-----\n"
60 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
61 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
62 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn8=\n"
63 "-----END OpenVPN tls-crypt-v2 server key-----\n";
64
65static const char *test_client_key =
66 "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
67 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
68 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
69 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
70 "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
71 "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
72 "8PHy8/T19vf4+fr7/P3+/xd9pcB0qUYZsWvkrLcfGmzPJPM8a7r0mEWdXwbDadSV\n"
73 "LHg5bv2TwlmPR3HgaMr8o9LTh9hxUTkrH3S0PfKRNwcso86ua/dBFTyXsM9tg4aw\n"
74 "3dS6ogH9AkaT+kRRDgNcKWkQCbwmJK2JlfkXHBwbAtmn78AkNuho6QCFqCdqGab3\n"
75 "zh2vheFqGMPdGpukbFrT3rcO3VLxUeG+RdzXiMTCpJSovFBP1lDkYwYJPnz6daEh\n"
76 "j0TzJ3BVru9W3CpotdNt7u09knxAfpCxjtrP3semsDew/gTBtcfQ/OoTFyFHnN5k\n"
77 "RZ+q17SC4nba3Pp8/Fs0+hSbv2tJozoD8SElFq7SIWJsciTYh8q8f5yQxjdt4Wxu\n"
78 "/Z5wtPCAZ0tOzj4ItTI77fBOYRTfEayzHgEr\n"
79 "-----END OpenVPN tls-crypt-v2 client key-----\n";
80
81
82/* Has custom metadata of AABBCCDD (base64) */
83static const char *test_client_key_metadata =
84 "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n"
85 "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
86 "MDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5f\n"
87 "YGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6P\n"
88 "kJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/\n"
89 "wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v\n"
90 "8PHy8/T19vf4+fr7/P3+/2ntp1WCqhcLjJQY/igkjNt3Yb6i0neqFkfrOp2UCDcz\n"
91 "6RSJtPLZbvOOKUHk2qwxPYUsFCnz/IWV6/ZiLRrabzUpS8oSN1HS6P7qqAdrHKgf\n"
92 "hVTHasdSf2UdMTPC7HBgnP9Ll0FhKN0h7vSzbbt7QM7wH9mr1ecc/Mt0SYW2lpwA\n"
93 "aJObYGTyk6hTgWm0g/MLrworLrezTqUHBZzVsu+LDyqLWK1lzJNd66MuNOsGA4YF\n"
94 "fbCsDh8n3H+Cw1k5YNBZDYYJOtVUgBWXheO6vgoOmqDdI0dAQ3hVo9DE+SkCFjgf\n"
95 "l4FY2yLEh9ZVZZrl1eD1Owh/X178CkHrBJYl9LNQSyQEKlDGWwBLQ/pY3qtjctr3\n"
96 "pV62MPQdBo+1lcsjDCJVQA6XUyltas4BKQ==\n"
97 "-----END OpenVPN tls-crypt-v2 client key-----\n";
98
99int
100__wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num,
101 msglvl_t msglevel, struct gc_arena *gc)
102{
103 if (strcmp(line, "/usr/bin/true") == 0)
104 {
105 p[0] = "/usr/bin/true";
106 return 1;
107 }
108 if (strcmp(line, "/usr/bin/false") == 0)
109 {
110 p[0] = "/usr/bin/false";
111 return 1;
112 }
113 if (strcmp(line, "/bin/true") == 0)
114 {
115 p[0] = "/bin/true";
116 return 1;
117 }
118 if (strcmp(line, "/bin/false") == 0)
119 {
120 p[0] = "/bin/false";
121 return 1;
122 }
123
124 p[0] = PATH1 PATH2;
125 p[1] = PARAM1;
126 p[2] = PARAM2;
127 return 3;
128}
129
130bool
131__wrap_buffer_write_file(const char *filename, const struct buffer *buf)
132{
133 const char *pem = BSTR(buf);
134 check_expected_ptr(filename);
135 check_expected_ptr(pem);
136
137 return mock_type(bool);
138}
139
140struct buffer
142{
143 check_expected_ptr(filename);
144
145 const char *pem_str = mock_ptr_type(const char *);
146 struct buffer ret = alloc_buf_gc(strlen(pem_str) + 1, gc);
148
149 return ret;
150}
151
152
154int
156{
157 for (int i = 0; i < len; i++)
158 {
159 output[i] = (uint8_t)i;
160 }
161 return true;
162}
163
172
173
174static int
176{
177 struct test_tls_crypt_context *ctx = calloc(1, sizeof(*ctx));
178 *state = ctx;
179
180 struct key_parameters key = { .cipher = { 0 },
181 .hmac = { 0 },
182 .hmac_size = MAX_HMAC_KEY_LENGTH,
183 .cipher_size = MAX_CIPHER_KEY_LENGTH };
184
185 ctx->kt = tls_crypt_kt();
186 if (!ctx->kt.cipher || !ctx->kt.digest)
187 {
188 return 0;
189 }
190 init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST");
191 init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
192
193 packet_id_init(&ctx->co.packet_id, 0, 0, "test", 0);
194
198
199 /* Write test plaintext */
200 const char *plaintext = "1234567890";
201 buf_write(&ctx->source, plaintext, strlen(plaintext));
202
203 /* Write test ciphertext */
204 const char *ciphertext = "012345678";
205 buf_write(&ctx->ciphertext, ciphertext, strlen(ciphertext));
206
207 return 0;
208}
209
210static int
212{
213 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
214
215 free_buf(&ctx->source);
216 free_buf(&ctx->ciphertext);
217 free_buf(&ctx->unwrapped);
218
220
221 free(ctx);
222
223 return 0;
224}
225
226static void
228{
229 if (!ctx->kt.cipher || !ctx->kt.digest)
230 {
231 skip();
232 }
233}
234
238static void
240{
241 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
242
244
245 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
246 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
247 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
248 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
249 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped), BLENZ(&ctx->source));
250}
251
252
256static void
258{
259 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
260
261 struct gc_arena gc = gc_new();
262
263 struct tls_session session = { 0 };
264
265 struct tls_options tls_opt = { 0 };
266 tls_opt.replay_window = 32;
267 tls_opt.replay_time = 60;
268 tls_opt.frame.buf.payload_size = 512;
269 session.opt = &tls_opt;
270
272
273 struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg;
274
275 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
276 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
277
278 uint8_t expected_ciphertext[] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xe3, 0x19,
279 0x27, 0x7f, 0x1c, 0x8d, 0x6e, 0x6a, 0x77, 0x96, 0xa8, 0x55,
280 0x33, 0x7b, 0x9c, 0xfb, 0x56, 0xe1, 0xf1, 0x3a, 0x87, 0x0e,
281 0x66, 0x47, 0xdf, 0xa1, 0x95, 0xc9, 0x2c, 0x17, 0xa0, 0x15,
282 0xba, 0x49, 0x67, 0xa1, 0x1d, 0x55, 0xea, 0x1a, 0x06, 0xa7 };
283 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, BLENZ(&rctx->work));
284 tls_wrap_free(&session.tls_wrap_reneg);
285
286 /* Use previous tls-crypt key as 0x00, with xor we should have the same key
287 * and expect the same result */
288 session.tls_wrap.mode = TLS_WRAP_CRYPT;
289 memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00,
290 sizeof(session.tls_wrap.original_wrap_keydata.keys));
291 session.tls_wrap.original_wrap_keydata.n = 2;
292
294 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
295 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
296
297 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, BLENZ(&rctx->work));
298 tls_wrap_free(&session.tls_wrap_reneg);
299
300 /* XOR should not force a different key */
301 memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42,
302 sizeof(session.tls_wrap.original_wrap_keydata.keys));
304
305 tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
306 assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
307
308 /* packet id at the start should be equal */
309 assert_memory_equal(BPTR(&rctx->work), expected_ciphertext, 8);
310
311 /* Skip packet id */
312 buf_advance(&rctx->work, 8);
313 assert_memory_not_equal(BPTR(&rctx->work), expected_ciphertext, BLENZ(&rctx->work));
314 tls_wrap_free(&session.tls_wrap_reneg);
315
316
317 gc_free(&gc);
318}
319
323static void
325{
326 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
327
329
330 buf_clear(&ctx->source);
331
332 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
333 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
334 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
335 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
336 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped), BLENZ(&ctx->source));
337}
338
342static void
344{
345 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
346
348
349 buf_clear(&ctx->source);
350 assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext)
352
353 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
354 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
355 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
356 assert_int_equal(BLEN(&ctx->source), BLEN(&ctx->unwrapped));
357 assert_memory_equal(BPTR(&ctx->source), BPTR(&ctx->unwrapped), BLENZ(&ctx->source));
358}
359
363static void
365{
366 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
367
369
370 buf_clear(&ctx->source);
371 assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext)
372 - tls_crypt_buf_overhead() + 1));
373 assert_false(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
374}
375
380static void
382{
383 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
384
386
387 /* Change decrypt key */
388 struct key_parameters key = { .cipher = { 1 },
389 .hmac = { 1 },
390 .cipher_size = MAX_CIPHER_KEY_LENGTH,
391 .hmac_size = MAX_HMAC_KEY_LENGTH };
393 init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST");
394
395 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
396 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
397 assert_false(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
398}
399
403static void
405{
406 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
407
409
410 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
411 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
412 struct buffer tmp = ctx->ciphertext;
414 buf_clear(&ctx->unwrapped);
416}
417
423static void
425{
426 struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *)*state;
427
429
431
432 assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));
433 assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext));
434 struct buffer tmp = ctx->ciphertext;
436 buf_clear(&ctx->unwrapped);
437 assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co));
438}
439
451
452static int
454{
455 struct test_tls_crypt_v2_context *ctx = calloc(1, sizeof(*ctx));
456 *state = ctx;
457
458 ctx->gc = gc_new();
459
460 /* Slightly longer buffers to be able to test too-long data */
463 ctx->wkc = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN + 16, &ctx->gc);
464
465 /* Generate server key */
466 rand_bytes((void *)ctx->server_key2.keys, sizeof(ctx->server_key2.keys));
467 ctx->server_key2.n = 2;
468 struct key_type kt = tls_crypt_kt();
470 "tls-crypt-v2 server key");
471
472 /* Generate client key */
473 rand_bytes((void *)ctx->client_key2.keys, sizeof(ctx->client_key2.keys));
474 ctx->client_key2.n = 2;
475
476 return 0;
477}
478
479static int
481{
482 /* Ensure that if we modified now by using update_time, it is back to the
483 * 0 state for any other test that relies on it. */
484 now = 0;
485
486 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
487
490
491 gc_free(&ctx->gc);
492
493 free(ctx);
494
495 return 0;
496}
497
501static void
503{
504 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
505
508 &ctx->server_keys.encrypt, &ctx->gc));
509
511 struct key2 unwrapped_client_key2 = { 0 };
512 assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, &unwrap_metadata,
513 wrapped_client_key, &ctx->server_keys.decrypt));
514
515 assert_memory_equal(ctx->client_key2.keys, unwrapped_client_key2.keys,
516 sizeof(ctx->client_key2.keys));
517}
518
523static void
525{
526 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
527
530 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
531 &ctx->server_keys.encrypt, &ctx->gc));
532
534 struct key2 unwrapped_client_key2 = { 0 };
535 assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, &unwrap_metadata, ctx->wkc,
536 &ctx->server_keys.decrypt));
537
538 assert_memory_equal(ctx->client_key2.keys, unwrapped_client_key2.keys,
539 sizeof(ctx->client_key2.keys));
540 assert_true(buf_equal(&ctx->metadata, &unwrap_metadata));
541
542 struct tls_wrap_ctx wrap_ctx = {
545 };
546
547 /* a buffer that only contains the wrapped key should fail */
548 assert_false(tls_crypt_v2_extract_client_key(&ctx->wkc, &wrap_ctx, NULL));
549
550 /* add a opcode in front of the key to make it valid to extract */
551 struct buffer wkcop = alloc_buf_gc(buf_len(&ctx->wkc) + 1, &ctx->gc);
552 buf_write_u8(&wkcop, 0x50);
553 buf_copy(&wkcop, &ctx->wkc);
555
557}
558
563static void
565{
566 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
567
568 assert_true(buf_inc_len(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN + 1));
569 assert_false(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
570 &ctx->server_keys.encrypt, &ctx->gc));
571}
572
577static void
579{
580 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
581
582 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
583 &ctx->server_keys.encrypt, &ctx->gc));
584
585 /* Change server key */
586 struct key_type kt = tls_crypt_kt();
588 memset(&ctx->server_key2.keys, 0, sizeof(ctx->server_key2.keys));
590 "wrong tls-crypt-v2 server key");
591
592
593 struct key2 unwrapped_client_key2 = { 0 };
594 assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, &ctx->unwrapped_metadata,
595 ctx->wkc, &ctx->server_keys.decrypt));
596
597 const struct key2 zero = { 0 };
598 assert_memory_equal(&unwrapped_client_key2, &zero, sizeof(zero));
599 assert_int_equal(0, BLEN(&ctx->unwrapped_metadata));
600}
601
606static void
608{
609 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
610
613 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &ctx->metadata,
614 &ctx->server_keys.encrypt, &ctx->gc));
615
616 struct key2 unwrapped_client_key2 = { 0 };
617 struct buffer unwrapped_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN - 1, &ctx->gc);
619 ctx->wkc, &ctx->server_keys.decrypt));
620
621 const struct key2 zero = { 0 };
622 assert_memory_equal(&unwrapped_client_key2, &zero, sizeof(zero));
623 assert_int_equal(0, BLEN(&ctx->unwrapped_metadata));
624}
625
626static struct buffer
628{
629 struct buffer metadata = alloc_buf_gc(1 + sizeof(int64_t), gc);
630
632
633 int64_t create_time = now - (days_ago * 24 * 60 * 60);
635
636 int64_t timestamp = htonll((uint64_t)create_time);
638 ASSERT(buf_write(&metadata, &timestamp, sizeof(timestamp)));
639
640 return metadata;
641}
642
648static struct buffer
650{
651 struct buffer metadata = create_metadata_days_ago(&ctx->gc, days_ago);
652
653 buf_reset_len(&ctx->wkc);
654 assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, &metadata,
655 &ctx->server_keys.encrypt, &ctx->gc));
656
657 /* add a opcode in front of the key to make it valid to extract */
658 struct buffer pseudo_packet = alloc_buf_gc(buf_len(&ctx->wkc) + 1, &ctx->gc);
659
661 buf_copy(&pseudo_packet, &ctx->wkc);
662
663 return pseudo_packet;
664}
665
670static void
672{
673 struct test_tls_crypt_v2_context *ctx = (struct test_tls_crypt_v2_context *)*state;
674
675 struct tls_wrap_ctx wrap_ctx = {
678 };
679
680 update_time();
681 struct buffer tmp = create_client_key_input(ctx, 12);
682
683 /* Make the wrapped key invalid by flipping a few bits */
684 buf_bptr(&tmp)[buf_len(&tmp) - 20] ^= 0x55;
685
688}
689
690
691static void
693{
694 update_time();
695
696 struct test_tls_crypt_v2_context *ctx = *state;
697
698
699 struct tls_wrap_ctx wrap_ctx = {
702 };
703
704 struct tls_options tls_options = {
706 };
707
708
709 struct buffer tmp = create_client_key_input(ctx, 29);
712
713
714 /* Use /bin/true as verify script */
716 tls_options.tls_crypt_v2_verify_script = "/usr/bin/true";
717 /* Some Linux system only have /bin/true */
719 {
721 }
722
723 tls_options.tmp_dir = "/tmp";
724
725 /* Since we override rand_bytes the tmpfile name is non-random as well.
726 * Build the expected name via the same code path as
727 * platform_create_temp_file() */
728 char non_random_tmpfile[128];
730 "%s/" PACKAGE "_tls_crypt_v2_metadata__%08" PRIx64 "%08" PRIx64 ".tmp",
733
735
736 /* We do not write the first byte (type) to the file but rather to a
737 * metadata_type environment variable */
740
743
744 tmp = create_client_key_input(ctx, 29);
747
748 tls_options.tls_crypt_v2_verify_script = "/usr/bin/false";
749 /* Some Linux system only have /bin/false */
751 {
753 }
754
758
759 tmp = create_client_key_input(ctx, 29);
762
763
765
766 /* An outdated time should fail */
767 tmp = create_client_key_input(ctx, 31);
769
772}
773
774static void
776{
777 const char *filename = "testfilename.key";
778
779 expect_string(__wrap_buffer_write_file, filename, filename);
782
784}
785
786static void
788{
789 const char *filename = "testfilename.key";
790
791 /* Test writing the client key */
792 expect_string(__wrap_buffer_write_file, filename, filename);
795
796 /* Key generation re-reads the created file as a sanity check */
797 expect_string(__wrap_buffer_read_from_file, filename, filename);
799
801}
802
803static void
805{
806 const char *filename = "testfilename.key";
807 const char *b64metadata = "AABBCCDD";
808
809 /* Test writing the client key */
810 expect_string(__wrap_buffer_write_file, filename, filename);
814
815 /* Key generation re-reads the created file as a sanity check */
816 expect_string(__wrap_buffer_read_from_file, filename, filename);
818
820}
821
822int
823main(void)
824{
826 const struct CMUnitTest tests[] = {
827 cmocka_unit_test_setup_teardown(tls_crypt_loopback, test_tls_crypt_setup,
829 cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len, test_tls_crypt_setup,
831 cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len, test_tls_crypt_setup,
833 cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long, test_tls_crypt_setup,
835 cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key, test_tls_crypt_setup,
837 cmocka_unit_test_setup_teardown(tls_crypt_fail_replay, test_tls_crypt_setup,
839 cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay, test_tls_crypt_setup,
841 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_no_metadata,
843 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_max_metadata,
845 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_too_long_metadata,
847 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_wrong_key, test_tls_crypt_v2_setup,
849 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_dst_too_small,
851 cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_invalid,
853 cmocka_unit_test_setup_teardown(tls_crypt_v2_unwrap_checks,
855 cmocka_unit_test_setup_teardown(test_tls_crypt_secure_reneg_key, test_tls_crypt_setup,
860 };
861
862 return cmocka_run_group_tests_name("tls-crypt tests", tests, NULL, NULL);
863}
void free_buf(struct buffer *buf)
Definition buffer.c:189
void buf_clear(struct buffer *buf)
Definition buffer.c:168
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:88
struct buffer alloc_buf(size_t size)
Definition buffer.c:63
static uint8_t * buf_bptr(const struct buffer *buf)
Definition buffer.h:241
#define BSTR(buf)
Definition buffer.h:129
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:705
#define BPTR(buf)
Definition buffer.h:123
static bool buf_inc_len(struct buffer *buf, int inc)
Definition buffer.h:589
static bool buf_equal(const struct buffer *a, const struct buffer *b)
Return true if buffer contents are equal.
Definition buffer.h:832
static int buf_len(const struct buffer *buf)
Definition buffer.h:254
static uint8_t * buf_write_alloc(struct buffer *buf, size_t size)
Definition buffer.h:634
static bool buf_advance(struct buffer *buf, ssize_t size)
Definition buffer.h:617
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:661
static bool buf_write_u8(struct buffer *dest, uint8_t data)
Definition buffer.h:685
#define BLEN(buf)
Definition buffer.h:126
static void buf_reset_len(struct buffer *buf)
Definition buffer.h:313
#define BLENZ(buf)
Definition buffer.h:127
static void gc_free(struct gc_arena *a)
Definition buffer.h:1049
static struct gc_arena gc_new(void)
Definition buffer.h:1041
#define PACKAGE
Definition config.h:486
void free_key_ctx_bi(struct key_ctx_bi *ctx)
Definition crypto.c:1100
void init_key_ctx(struct key_ctx *ctx, const struct key_parameters *key, const struct key_type *kt, int enc, const char *prefix)
Definition crypto.c:996
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
Definition crypto.c:1062
int64_t get_random(void)
an analogue to the random() function, but use prng_bytes and also int64_t instead of long to avoid LL...
Definition crypto.c:1737
void free_key_ctx(struct key_ctx *ctx)
Definition crypto.c:1081
#define CO_IGNORE_PACKET_ID
Bit-flag indicating whether to ignore the packet ID of a received packet.
Definition crypto.h:350
#define KEY_DIRECTION_BIDIRECTIONAL
Definition crypto.h:231
#define MAX_CIPHER_KEY_LENGTH
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
#define MAX_HMAC_KEY_LENGTH
#define TLS_CRYPT_V2_MAX_WKC_LEN
Definition tls_crypt.h:96
bool tls_crypt_v2_extract_client_key(struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key int...
Definition tls_crypt.c:610
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, bool server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
Definition tls_crypt.c:704
bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Unwrap a control channel packet (decrypts, authenticates and performs replay checks).
Definition tls_crypt.c:211
bool tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session)
Generates a TLS-Crypt key to be used with dynamic tls-crypt using the TLS EKM exporter function.
Definition tls_crypt.c:97
void tls_crypt_v2_write_server_key_file(const char *filename)
Generate a tls-crypt-v2 server key, and write to file.
Definition tls_crypt.c:698
int tls_crypt_buf_overhead(void)
Returns the maximum overhead (in bytes) added to the destination buffer by tls_crypt_wrap().
Definition tls_crypt.c:56
bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
Wrap a control channel packet (both authenticates and encrypts the data).
Definition tls_crypt.c:138
#define TLS_CRYPT_V2_MAX_METADATA_LEN
Definition tls_crypt.h:100
#define htonll(x)
Definition integer.h:29
unsigned int msglvl_t
Definition error.h:77
#define ASSERT(x)
Definition error.h:219
time_t now
Definition otime.c:33
static void update_time(void)
Definition otime.h:84
void packet_id_init(struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
Definition packet_id.c:96
void script_security_set(int level)
Definition run_command.c:48
static void tls_wrap_free(struct tls_wrap_ctx *tls_wrap)
Free the elements of a tls_wrap_ctx structure.
Definition ssl.h:472
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
Security parameter state for processing data channel packets.
Definition crypto.h:293
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:386
struct key_ctx_bi key_ctx_bi
OpenSSL cipher and HMAC contexts for both sending and receiving directions.
Definition crypto.h:294
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition crypto.h:333
int payload_size
the maximum size that a payload that our buffers can hold from either tun device or network link.
Definition mtu.h:118
struct frame::@8 buf
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Container for bidirectional cipher and HMAC key material.
Definition crypto.h:240
int n
The number of key objects stored in the key2.keys array.
Definition crypto.h:241
struct key keys[2]
Two unidirectional sets of key material.
Definition crypto.h:243
Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directio...
Definition crypto.h:280
struct key_ctx decrypt
cipher and/or HMAC contexts for receiving direction.
Definition crypto.h:283
struct key_ctx encrypt
Cipher and/or HMAC contexts for sending direction.
Definition crypto.h:281
internal structure similar to struct key that holds key information but is not represented on wire an...
Definition crypto.h:163
const char * cipher
const name of the cipher
Definition crypto.h:142
const char * digest
Message digest static parameters.
Definition crypto.h:143
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
uint8_t cipher[MAX_CIPHER_KEY_LENGTH]
Key material for cipher operations.
Definition crypto.h:153
struct crypto_options co
struct key_ctx_bi client_key
struct key_ctx_bi server_keys
const char * tmp_dir
Definition ssl_common.h:394
struct frame frame
Definition ssl_common.h:388
int tls_crypt_v2_max_age
Definition ssl_common.h:383
const char * tls_crypt_v2_verify_script
Definition ssl_common.h:382
int replay_window
Definition ssl_common.h:369
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:489
Control channel wrapping (–tls-auth/–tls-crypt) context.
Definition ssl_common.h:276
struct crypto_options opt
Crypto state.
Definition ssl_common.h:283
enum tls_wrap_ctx::@28 mode
Control channel wrapping mode.
@ TLS_WRAP_CRYPT
Control channel encryption and authentication.
Definition ssl_common.h:281
struct buffer work
Work buffer (only for –tls-crypt)
Definition ssl_common.h:284
struct key_ctx tls_crypt_v2_server_key
Decrypts client keys.
Definition ssl_common.h:285
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:61
struct gc_arena gc
Definition test_ssl.c:133
int __wrap_parse_line(const char *line, char **p, const int n, const char *file, const int line_num, msglvl_t msglevel, struct gc_arena *gc)
static void tls_crypt_loopback(void **state)
Check that short messages are successfully wrapped-and-unwrapped.
static void tls_crypt_fail_invalid_key(void **state)
Check that packets that were wrapped (or unwrapped) with a different key are not accepted.
static void tls_crypt_loopback_zero_len(void **state)
Check that zero-byte messages are successfully wrapped-and-unwrapped.
static void test_tls_crypt_v2_write_server_key_file(void **state)
static const char * test_server_key
#define PATH1
static void tls_crypt_v2_wrap_unwrap_max_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length metadata.
static struct buffer create_metadata_days_ago(struct gc_arena *gc, int days_ago)
static int test_tls_crypt_v2_teardown(void **state)
static int test_tls_crypt_teardown(void **state)
bool key_state_export_keying_material(struct tls_session *session, const char *label, size_t label_size, void *ekm, size_t ekm_size)
Keying Material Exporters [RFC 5705] allows additional keying material to be derived from existing TL...
static void test_tls_crypt_v2_write_client_key_file_metadata(void **state)
static int test_tls_crypt_setup(void **state)
static void tls_crypt_v2_wrap_unwrap_no_metadata(void **state)
Check wrapping and unwrapping a tls-crypt-v2 client key without metadata.
static void skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx)
static int test_tls_crypt_v2_setup(void **state)
static void tls_crypt_v2_wrap_unwrap_dst_too_small(void **state)
Check that unwrapping a tls-crypt-v2 client key to a too small metadata buffer fails as expected.
static void test_tls_crypt_v2_write_client_key_file(void **state)
static void tls_crypt_ignore_replay(void **state)
Check that packet replays are accepted when CO_IGNORE_PACKET_ID is set.
static void tls_crypt_v2_wrap_unwrap_wrong_key(void **state)
Check that unwrapping a tls-crypt-v2 client key with the wrong server key fails as expected.
struct buffer __wrap_buffer_read_from_file(const char *filename, struct gc_arena *gc)
static void tls_crypt_fail_replay(void **state)
Check that replayed packets are not accepted.
static const char * test_client_key
#define PARAM1
int main(void)
static const char * test_client_key_metadata
#define PATH2
static void tls_crypt_v2_unwrap_checks(void **state)
static struct buffer create_client_key_input(struct test_tls_crypt_v2_context *ctx, int days_ago)
Creates a minimal buffer that allows tls_crypt_v2_extract_client_key to extract the client key.
#define PARAM2
int __wrap_rand_bytes(uint8_t *output, int len)
Predictable random for tests.
#define TESTBUF_SIZE
static void tls_crypt_loopback_max_len(void **state)
Check that max-length messages are successfully wrapped-and-unwrapped.
static void test_tls_crypt_secure_reneg_key(void **state)
Test generating dynamic tls-crypt key.
bool __wrap_buffer_write_file(const char *filename, const struct buffer *buf)
static void tls_crypt_v2_wrap_unwrap_invalid(void **state)
Check that unwrapping an invalid key fails as expected and does not leave extra memory around (via AS...
static void tls_crypt_v2_wrap_too_long_metadata(void **state)
Check that wrapping a tls-crypt-v2 client key with too long metadata fails as expected.
static void tls_crypt_fail_msg_too_long(void **state)
Check that too-long messages are gracefully rejected.
static const uint8_t TLS_CRYPT_METADATA_TYPE_TIMESTAMP
Metadata contains a 64-bit unix timestamp in network byte order.
Definition tls_crypt.c:47
static bool tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, struct buffer wrapped_client_key, struct key_ctx *server_key)
Definition tls_crypt.c:419
static bool tls_crypt_v2_wrap_client_key(struct buffer *wkc, const struct key2 *src_key, const struct buffer *src_metadata, struct key_ctx *server_key, struct gc_arena *gc)
Definition tls_crypt.c:365
static struct key_type tls_crypt_kt(void)
Definition tls_crypt.c:50