tls13secretstest.c@ 108358

最後變更在這個檔案從108358是 108206,由 vboxsync 提交於 5 週前
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 12.2 KB

行
1	/*
2	* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/ssl.h>
11	#include <openssl/evp.h>
12
13	#include "../ssl/ssl_local.h"
14	#include "testutil.h"
15
16	#define IVLEN 12
17	#define KEYLEN 16
18
19	/*
20	* Based on the test vectors available in:
21	* https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
22	*/
23
24	static unsigned char hs_start_hash[] = {
25	0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16,
26	0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7,
27	0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d
28	};
29
30	static unsigned char hs_full_hash[] = {
31	0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56,
32	0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0,
33	0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf
34	};
35
36	static unsigned char early_secret[] = {
37	0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd, 0x98, 0x93,
38	0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60, 0xe1, 0xb2,
39	0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
40	};
41
42	static unsigned char ecdhe_secret[] = {
43	0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24,
44	0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0,
45	0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42
46	};
47
48	static unsigned char handshake_secret[] = {
49	0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3,
50	0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05,
51	0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06
52	};
53
54	static const char *client_hts_label = "c hs traffic";
55
56	static unsigned char client_hts[] = {
57	0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a,
58	0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75,
59	0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03
60	};
61
62	static unsigned char client_hts_key[] = {
63	0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5,
64	0xad, 0x26, 0x49
65	};
66
67	static unsigned char client_hts_iv[] = {
68	0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42
69	};
70
71	static const char *server_hts_label = "s hs traffic";
72
73	static unsigned char server_hts[] = {
74	0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0,
75	0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3,
76	0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79
77	};
78
79	static unsigned char server_hts_key[] = {
80	0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55,
81	0x11, 0xac, 0x8b
82	};
83
84	static unsigned char server_hts_iv[] = {
85	0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4
86	};
87
88	static unsigned char master_secret[] = {
89	0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b,
90	0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37,
91	0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7
92	};
93
94	static const char *client_ats_label = "c ap traffic";
95
96	static unsigned char client_ats[] = {
97	0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89,
98	0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa,
99	0x78, 0x22, 0x26, 0xb2, 0x36, 0x26
100	};
101
102	static unsigned char client_ats_key[] = {
103	0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c,
104	0xce, 0x5c, 0x87
105	};
106
107	static unsigned char client_ats_iv[] = {
108	0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19
109	};
110
111	static const char *server_ats_label = "s ap traffic";
112
113	static unsigned char server_ats[] = {
114	0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39,
115	0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec,
116	0x11, 0x43, 0x5d, 0x30, 0x57, 0x19
117	};
118
119	static unsigned char server_ats_key[] = {
120	0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4,
121	0x4b, 0x9b, 0x7d
122	};
123
124	static unsigned char server_ats_iv[] = {
125	0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a
126	};
127
128	/* Mocked out implementations of various functions */
129	int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep)
130	{
131	return 1;
132	}
133
134	static int full_hash = 0;
135
136	/* Give a hash of the currently set handshake */
137	int ssl_handshake_hash(SSL_CONNECTION s, unsigned char out, size_t outlen,
138	size_t *hashlen)
139	{
140	if (sizeof(hs_start_hash) > outlen
141	\|\| sizeof(hs_full_hash) != sizeof(hs_start_hash))
142	return 0;
143
144	if (full_hash) {
145	memcpy(out, hs_full_hash, sizeof(hs_full_hash));
146	*hashlen = sizeof(hs_full_hash);
147	} else {
148	memcpy(out, hs_start_hash, sizeof(hs_start_hash));
149	*hashlen = sizeof(hs_start_hash);
150	}
151
152	return 1;
153	}
154
155	const EVP_MD ssl_handshake_md(SSL_CONNECTION s)
156	{
157	return EVP_sha256();
158	}
159
160	int ssl_cipher_get_evp_cipher(SSL_CTX ctx, const SSL_CIPHER sslc,
161	const EVP_CIPHER **enc)
162	{
163	return 0;
164	}
165
166	int ssl_cipher_get_evp(SSL_CTX ctx, const SSL_SESSION s,
167	const EVP_CIPHER enc, const EVP_MD md,
168	int mac_pkey_type, size_t mac_secret_size,
169	SSL_COMP **comp, int use_etm)
170
171	{
172	return 0;
173	}
174
175	int tls1_alert_code(int code)
176	{
177	return code;
178	}
179
180	int ssl_log_secret(SSL_CONNECTION *sc,
181	const char *label,
182	const uint8_t *secret,
183	size_t secret_len)
184	{
185	return 1;
186	}
187
188	const EVP_MD ssl_md(SSL_CTX ctx, int idx)
189	{
190	return EVP_sha256();
191	}
192
193	void ossl_statem_send_fatal(SSL_CONNECTION *s, int al)
194	{
195	}
196
197	void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason,
198	const char *fmt, ...)
199	{
200	}
201
202	int ossl_statem_export_allowed(SSL_CONNECTION *s)
203	{
204	return 1;
205	}
206
207	int ossl_statem_export_early_allowed(SSL_CONNECTION *s)
208	{
209	return 1;
210	}
211
212	void ssl_evp_cipher_free(const EVP_CIPHER *cipher)
213	{
214	}
215
216	void ssl_evp_md_free(const EVP_MD *md)
217	{
218	}
219
220	int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, int direction,
221	int level, unsigned char *secret, size_t secretlen,
222	unsigned char *key, size_t keylen,
223	unsigned char *iv, size_t ivlen,
224	unsigned char *mackey, size_t mackeylen,
225	const EVP_CIPHER *ciph, size_t taglen,
226	int mactype, const EVP_MD *md,
227	const SSL_COMP comp, const EVP_MD kdfdigest)
228	{
229	return 0;
230	}
231
232	/* End of mocked out code */
233
234	static int test_secret(SSL_CONNECTION s, unsigned char prk,
235	const unsigned char *label, size_t labellen,
236	const unsigned char *ref_secret,
237	const unsigned char ref_key, const unsigned char ref_iv)
238	{
239	size_t hashsize;
240	unsigned char gensecret[EVP_MAX_MD_SIZE];
241	unsigned char hash[EVP_MAX_MD_SIZE];
242	unsigned char key[KEYLEN];
243	unsigned char iv[IVLEN];
244	const EVP_MD *md = ssl_handshake_md(s);
245
246	if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashsize)) {
247	TEST_error("Failed to get hash");
248	return 0;
249	}
250
251	if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
252	gensecret, hashsize, 1)) {
253	TEST_error("Secret generation failed");
254	return 0;
255	}
256
257	if (!TEST_mem_eq(gensecret, hashsize, ref_secret, hashsize))
258	return 0;
259
260	if (!tls13_derive_key(s, md, gensecret, key, KEYLEN)) {
261	TEST_error("Key generation failed");
262	return 0;
263	}
264
265	if (!TEST_mem_eq(key, KEYLEN, ref_key, KEYLEN))
266	return 0;
267
268	if (!tls13_derive_iv(s, md, gensecret, iv, IVLEN)) {
269	TEST_error("IV generation failed");
270	return 0;
271	}
272
273	if (!TEST_mem_eq(iv, IVLEN, ref_iv, IVLEN))
274	return 0;
275
276	return 1;
277	}
278
279	static int test_handshake_secrets(void)
280	{
281	SSL_CTX *ctx = NULL;
282	SSL *ssl = NULL;
283	SSL_CONNECTION *s;
284	int ret = 0;
285	size_t hashsize;
286	unsigned char out_master_secret[EVP_MAX_MD_SIZE];
287	size_t master_secret_length;
288
289	ctx = SSL_CTX_new(TLS_method());
290	if (!TEST_ptr(ctx))
291	goto err;
292
293	ssl = SSL_new(ctx);
294	if (!TEST_ptr(ssl) \|\| !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl)))
295	goto err;
296
297	s->session = SSL_SESSION_new();
298	if (!TEST_ptr(s->session))
299	goto err;
300
301	if (!TEST_true(tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL, 0,
302	(unsigned char *)&s->early_secret))) {
303	TEST_info("Early secret generation failed");
304	goto err;
305	}
306
307	if (!TEST_mem_eq(s->early_secret, sizeof(early_secret),
308	early_secret, sizeof(early_secret))) {
309	TEST_info("Early secret does not match");
310	goto err;
311	}
312
313	if (!TEST_true(tls13_generate_handshake_secret(s, ecdhe_secret,
314	sizeof(ecdhe_secret)))) {
315	TEST_info("Handshake secret generation failed");
316	goto err;
317	}
318
319	if (!TEST_mem_eq(s->handshake_secret, sizeof(handshake_secret),
320	handshake_secret, sizeof(handshake_secret)))
321	goto err;
322
323	hashsize = EVP_MD_get_size(ssl_handshake_md(s));
324	if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
325	goto err;
326	if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
327	goto err;
328	if (!TEST_size_t_eq(sizeof(client_hts_iv), IVLEN))
329	goto err;
330
331	if (!TEST_true(test_secret(s, s->handshake_secret,
332	(unsigned char *)client_hts_label,
333	strlen(client_hts_label), client_hts,
334	client_hts_key, client_hts_iv))) {
335	TEST_info("Client handshake secret test failed");
336	goto err;
337	}
338
339	if (!TEST_size_t_eq(sizeof(server_hts), hashsize))
340	goto err;
341	if (!TEST_size_t_eq(sizeof(server_hts_key), KEYLEN))
342	goto err;
343	if (!TEST_size_t_eq(sizeof(server_hts_iv), IVLEN))
344	goto err;
345
346	if (!TEST_true(test_secret(s, s->handshake_secret,
347	(unsigned char *)server_hts_label,
348	strlen(server_hts_label), server_hts,
349	server_hts_key, server_hts_iv))) {
350	TEST_info("Server handshake secret test failed");
351	goto err;
352	}
353
354	/*
355	* Ensure the mocked out ssl_handshake_hash() returns the full handshake
356	* hash.
357	*/
358	full_hash = 1;
359
360	if (!TEST_true(tls13_generate_master_secret(s, out_master_secret,
361	s->handshake_secret, hashsize,
362	&master_secret_length))) {
363	TEST_info("Master secret generation failed");
364	goto err;
365	}
366
367	if (!TEST_mem_eq(out_master_secret, master_secret_length,
368	master_secret, sizeof(master_secret))) {
369	TEST_info("Master secret does not match");
370	goto err;
371	}
372
373	if (!TEST_size_t_eq(sizeof(client_ats), hashsize))
374	goto err;
375	if (!TEST_size_t_eq(sizeof(client_ats_key), KEYLEN))
376	goto err;
377	if (!TEST_size_t_eq(sizeof(client_ats_iv), IVLEN))
378	goto err;
379
380	if (!TEST_true(test_secret(s, out_master_secret,
381	(unsigned char *)client_ats_label,
382	strlen(client_ats_label), client_ats,
383	client_ats_key, client_ats_iv))) {
384	TEST_info("Client application data secret test failed");
385	goto err;
386	}
387
388	if (!TEST_size_t_eq(sizeof(server_ats), hashsize))
389	goto err;
390	if (!TEST_size_t_eq(sizeof(server_ats_key), KEYLEN))
391	goto err;
392	if (!TEST_size_t_eq(sizeof(server_ats_iv), IVLEN))
393	goto err;
394
395	if (!TEST_true(test_secret(s, out_master_secret,
396	(unsigned char *)server_ats_label,
397	strlen(server_ats_label), server_ats,
398	server_ats_key, server_ats_iv))) {
399	TEST_info("Server application data secret test failed");
400	goto err;
401	}
402
403	ret = 1;
404	err:
405	SSL_free(ssl);
406	SSL_CTX_free(ctx);
407	return ret;
408	}
409
410	int setup_tests(void)
411	{
412	ADD_TEST(test_handshake_secrets);
413	return 1;
414	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.3.2/test/tls13secretstest.c@ 108358

以其他格式下載: