summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl
diff options
context:
space:
mode:
authorbeck <>2019-01-24 02:56:41 +0000
committerbeck <>2019-01-24 02:56:41 +0000
commit10e3b663a1750bc234861ed33ad78e8088b5cb47 (patch)
treeeaf3f613ad96dff5f56e2d992bfb0ad1b7457dac /src/regress/lib/libssl
parent354172b127820c0f48cb417d4d46746e2122f87b (diff)
downloadopenbsd-10e3b663a1750bc234861ed33ad78e8088b5cb47.tar.gz
openbsd-10e3b663a1750bc234861ed33ad78e8088b5cb47.tar.bz2
openbsd-10e3b663a1750bc234861ed33ad78e8088b5cb47.zip
Add server side of versions, keyshare, and client and server of cookie
extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
Diffstat (limited to 'src/regress/lib/libssl')
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c441
1 files changed, 435 insertions, 6 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 05b18b5b05..d9b048dbfc 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.26 2019/01/24 00:07:58 beck Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.27 2019/01/24 02:56:41 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -2929,11 +2929,15 @@ test_tlsext_serverhello_build(void)
2929 return (failure); 2929 return (failure);
2930} 2930}
2931 2931
2932static unsigned char tlsext_versions_client[] = { 2932const unsigned char tlsext_versions_client[] = {
2933 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 2933 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
2934 0x02, 0x03, 0x01, 2934 0x02, 0x03, 0x01,
2935}; 2935};
2936 2936
2937const unsigned char tlsext_versions_server[] = {
2938 0x03, 0x04,
2939};
2940
2937static int 2941static int
2938test_tlsext_versions_client(void) 2942test_tlsext_versions_client(void)
2939{ 2943{
@@ -3001,12 +3005,12 @@ test_tlsext_versions_client(void)
3001 3005
3002 if (dlen != sizeof(tlsext_versions_client)) { 3006 if (dlen != sizeof(tlsext_versions_client)) {
3003 FAIL("got versions with length %zu, " 3007 FAIL("got versions with length %zu, "
3004 "want length %zu\n", dlen, (size_t) sizeof(tlsext_versions_client)); 3008 "want length %zu\n", dlen, sizeof(tlsext_versions_client));
3005 failure = 1; 3009 failure = 1;
3006 goto done; 3010 goto done;
3007 } 3011 }
3008 3012
3009 CBS_init(&cbs, tlsext_versions_client, sizeof(tlsext_versions_client)); 3013 CBS_init(&cbs, data, dlen);
3010 if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) { 3014 if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) {
3011 FAIL("failed to parse client versions\n"); 3015 FAIL("failed to parse client versions\n");
3012 failure = 1; 3016 failure = 1;
@@ -3026,7 +3030,82 @@ test_tlsext_versions_client(void)
3026 return (failure); 3030 return (failure);
3027} 3031}
3028 3032
3029static unsigned char tlsext_keyshare_client[] = { 3033
3034static int
3035test_tlsext_versions_server(void)
3036{
3037 unsigned char *data = NULL;
3038 SSL_CTX *ssl_ctx = NULL;
3039 SSL *ssl = NULL;
3040 int failure = 0;
3041 size_t dlen;
3042 int alert;
3043 CBB cbb;
3044 CBS cbs;
3045
3046 CBB_init(&cbb, 0);
3047
3048 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3049 errx(1, "failed to create SSL_CTX");
3050 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3051 errx(1, "failed to create SSL");
3052
3053 ssl->version = TLS1_2_VERSION;
3054
3055 if (tlsext_versions_server_needs(ssl)) {
3056 FAIL("server should not need versions\n");
3057 failure = 1;
3058 goto done;
3059 }
3060
3061 ssl->version = TLS1_3_VERSION;
3062
3063 if (!tlsext_versions_server_needs(ssl)) {
3064 FAIL("server should need versions\n");
3065 failure = 1;
3066 goto done;
3067 }
3068
3069 if (!tlsext_versions_server_build(ssl, &cbb)) {
3070 FAIL("server should have built versions\n");
3071 failure = 1;
3072 goto done;
3073 }
3074
3075 if (!CBB_finish(&cbb, &data, &dlen)) {
3076 FAIL("failed to finish CBB");
3077 failure = 1;
3078 goto done;
3079 }
3080
3081 if (dlen != sizeof(tlsext_versions_server)) {
3082 FAIL("got versions with length %zu, "
3083 "want length %zu\n", dlen, sizeof(tlsext_versions_server));
3084 failure = 1;
3085 goto done;
3086 }
3087
3088 CBS_init(&cbs, data, dlen);
3089 if (!tlsext_versions_client_parse(ssl, &cbs, &alert)) {
3090 FAIL("failed to parse client versions\n");
3091 failure = 1;
3092 goto done;
3093 }
3094 if (CBS_len(&cbs) != 0) {
3095 FAIL("extension data remaining");
3096 failure = 1;
3097 goto done;
3098 }
3099 done:
3100 CBB_cleanup(&cbb);
3101 SSL_CTX_free(ssl_ctx);
3102 SSL_free(ssl);
3103 free(data);
3104
3105 return (failure);
3106}
3107
3108const unsigned char tlsext_keyshare_client[] = {
3030 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83, 3109 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
3031 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70, 3110 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
3032 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8, 3111 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
@@ -3034,6 +3113,14 @@ static unsigned char tlsext_keyshare_client[] = {
3034 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b, 3113 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
3035}; 3114};
3036 3115
3116const unsigned char tlsext_keyshare_server[] = {
3117 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9,
3118 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c,
3119 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11,
3120 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51,
3121 0x76, 0x1e, 0xe8, 0x22
3122};
3123
3037static int 3124static int
3038test_tlsext_keyshare_client(void) 3125test_tlsext_keyshare_client(void)
3039{ 3126{
@@ -3095,17 +3182,22 @@ test_tlsext_keyshare_client(void)
3095 goto done; 3182 goto done;
3096 } 3183 }
3097 3184
3098 CBS_init(&cbs, tlsext_keyshare_client, sizeof(tlsext_keyshare_client)); 3185 (ssl)->version = TLS1_3_VERSION;
3186 CBS_init(&cbs, data, dlen);
3187
3099 if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) { 3188 if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) {
3100 FAIL("failed to parse client keyshare\n"); 3189 FAIL("failed to parse client keyshare\n");
3101 failure = 1; 3190 failure = 1;
3102 goto done; 3191 goto done;
3103 } 3192 }
3193
3104 if (CBS_len(&cbs) != 0) { 3194 if (CBS_len(&cbs) != 0) {
3105 FAIL("extension data remaining"); 3195 FAIL("extension data remaining");
3106 failure = 1; 3196 failure = 1;
3107 goto done; 3197 goto done;
3108 } 3198 }
3199
3200
3109 done: 3201 done:
3110 CBB_cleanup(&cbb); 3202 CBB_cleanup(&cbb);
3111 SSL_CTX_free(ssl_ctx); 3203 SSL_CTX_free(ssl_ctx);
@@ -3115,6 +3207,338 @@ test_tlsext_keyshare_client(void)
3115 return (failure); 3207 return (failure);
3116} 3208}
3117 3209
3210static int
3211test_tlsext_keyshare_server(void)
3212{
3213 unsigned char *data = NULL;
3214 SSL_CTX *ssl_ctx = NULL;
3215 SSL *ssl = NULL;
3216 int failure = 0;
3217 size_t dlen, idx;
3218 int alert;
3219 CBB cbb;
3220 CBS cbs;
3221 uint8_t bogokey[] = {
3222 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
3223 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
3224 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
3225 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22
3226 };
3227
3228 CBB_init(&cbb, 0);
3229
3230 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3231 errx(1, "failed to create SSL_CTX");
3232 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3233 errx(1, "failed to create SSL");
3234
3235 (ssl)->version = 0;
3236 if (tlsext_keyshare_server_needs(ssl)) {
3237 FAIL("server should not need keyshare\n");
3238 failure = 1;
3239 goto done;
3240 }
3241
3242 (ssl)->version = TLS1_2_VERSION;
3243 if (tlsext_keyshare_server_needs(ssl)) {
3244 FAIL("server should not need keyshare\n");
3245 failure = 1;
3246 goto done;
3247 }
3248
3249 ssl->version = TLS1_3_VERSION;
3250 if (tlsext_keyshare_server_needs(ssl)) {
3251 FAIL("client should not need keyshare\n");
3252 failure = 1;
3253 goto done;
3254 }
3255
3256 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL)
3257 FAIL("Can't find keyshare extension");
3258 S3I(ssl)->hs.extensions_seen |= (1 << idx);
3259
3260 if (!tlsext_keyshare_server_needs(ssl)) {
3261 FAIL("server should need keyshare");
3262 failure = 1;
3263 goto done;
3264 }
3265
3266 if (tlsext_keyshare_server_build(ssl, &cbb)) {
3267 FAIL("server should not have built a keyshare response");
3268 failure = 1;
3269 goto done;
3270 }
3271
3272 S3I(ssl)->hs_tls13.x25519_peer_public = bogokey;
3273 if (!tlsext_keyshare_server_build(ssl, &cbb)) {
3274 FAIL("server should be able to build a keyshare response");
3275 failure = 1;
3276 goto done;
3277 }
3278 S3I(ssl)->hs_tls13.x25519_peer_public = NULL;
3279
3280 if (!CBB_finish(&cbb, &data, &dlen)) {
3281 FAIL("failed to finish CBB");
3282 failure = 1;
3283 goto done;
3284 }
3285
3286 if (dlen != sizeof(tlsext_keyshare_server)) {
3287 FAIL("got server keyshare with length %zu, "
3288 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
3289 failure = 1;
3290 goto done;
3291 }
3292
3293 CBS_init(&cbs, data, dlen);
3294
3295 if (!tlsext_keyshare_client_parse(ssl, &cbs, &alert)) {
3296 FAIL("failed to parse server keyshare\n");
3297 failure = 1;
3298 goto done;
3299 }
3300
3301 if (CBS_len(&cbs) != 0) {
3302 FAIL("extension data remaining");
3303 failure = 1;
3304 goto done;
3305 }
3306
3307done:
3308 CBB_cleanup(&cbb);
3309 SSL_CTX_free(ssl_ctx);
3310 SSL_free(ssl);
3311 free(data);
3312
3313 return (failure);
3314}
3315
3316/* One day I hope to be the only Muppet in this codebase */
3317const uint8_t cookie[] = "\n"
3318 " .---. .---. \n"
3319 " : : o : me want cookie! \n"
3320 " _..-: o : :-.._ / \n"
3321 " .-'' ' `---' `---' ' ``-. \n"
3322 " .' ' ' ' . ' . ' ' `. \n"
3323 " : '.---.,,.,...,.,.,.,..---. ' ; \n"
3324 " `. ' `. .' ' .' \n"
3325 " `. '`. .' ' .' \n"
3326 " `. `-._ _.-' ' .' .----. \n"
3327 " `. ' ''--...--'' . ' .' .' o `. \n"
3328 " .'`-._' ' . ' _.-'`. : o : \n"
3329 " jgs .' ```--.....--''' ' `:_ o : \n"
3330 " .' ' ' ' ' ; `.;';';';' \n"
3331 " ; ' ' ' . ; .' ; ; ; \n"
3332 " ; ' ' ' ' .' .-' \n"
3333 " ' ' ' ' ' ' _.-' \n";
3334
3335static int
3336test_tlsext_cookie_client(void)
3337{
3338 unsigned char *data = NULL;
3339 SSL_CTX *ssl_ctx = NULL;
3340 SSL *ssl = NULL;
3341 int failure = 0;
3342 size_t dlen;
3343 int alert;
3344 CBB cbb;
3345 CBS cbs;
3346
3347 CBB_init(&cbb, 0);
3348
3349 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3350 errx(1, "failed to create SSL_CTX");
3351 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3352 errx(1, "failed to create SSL");
3353
3354 S3I(ssl)->hs_tls13.max_version = 0;
3355 if (tlsext_cookie_client_needs(ssl)) {
3356 FAIL("client should not need cookie\n");
3357 failure = 1;
3358 goto done;
3359 }
3360
3361 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3362 if (tlsext_cookie_client_needs(ssl)) {
3363 FAIL("client should not need cookie\n");
3364 failure = 1;
3365 goto done;
3366 }
3367
3368
3369 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3370 if (tlsext_cookie_client_needs(ssl)) {
3371 FAIL("client should not need cookie\n");
3372 failure = 1;
3373 goto done;
3374 }
3375
3376 /* Normally would be set by receiving a server cookie in an HRR */
3377 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3378 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3379
3380 if (!tlsext_cookie_client_needs(ssl)) {
3381 FAIL("client should need cookie");
3382 failure = 1;
3383 goto done;
3384 }
3385
3386 if (!tlsext_cookie_client_build(ssl, &cbb)) {
3387 FAIL("client should have built a cookie response");
3388 failure = 1;
3389 goto done;
3390 }
3391
3392 if (!CBB_finish(&cbb, &data, &dlen)) {
3393 FAIL("failed to finish CBB");
3394 failure = 1;
3395 goto done;
3396 }
3397
3398 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3399 FAIL("got cookie with length %zu, "
3400 "want length %zu\n", dlen, strlen(cookie) +
3401 sizeof(uint16_t));
3402 failure = 1;
3403 goto done;
3404 }
3405
3406 CBS_init(&cbs, data, dlen);
3407
3408 /* Checks cookie against what's in the hs_tls13 */
3409 if (!tlsext_cookie_server_parse(ssl, &cbs, &alert)) {
3410 FAIL("failed to parse client cookie\n");
3411 failure = 1;
3412 goto done;
3413 }
3414
3415 if (CBS_len(&cbs) != 0) {
3416 FAIL("extension data remaining");
3417 failure = 1;
3418 goto done;
3419 }
3420
3421 done:
3422 CBB_cleanup(&cbb);
3423 SSL_CTX_free(ssl_ctx);
3424 SSL_free(ssl);
3425 free(data);
3426
3427 return (failure);
3428}
3429
3430static int
3431test_tlsext_cookie_server(void)
3432{
3433 unsigned char *data = NULL;
3434 SSL_CTX *ssl_ctx = NULL;
3435 SSL *ssl = NULL;
3436 int failure = 0;
3437 size_t dlen;
3438 int alert;
3439 CBB cbb;
3440 CBS cbs;
3441
3442 CBB_init(&cbb, 0);
3443
3444 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3445 errx(1, "failed to create SSL_CTX");
3446 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3447 errx(1, "failed to create SSL");
3448
3449 S3I(ssl)->hs_tls13.max_version = 0;
3450 if (tlsext_cookie_server_needs(ssl)) {
3451 FAIL("server should not need cookie\n");
3452 failure = 1;
3453 goto done;
3454 }
3455
3456 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3457 if (tlsext_cookie_server_needs(ssl)) {
3458 FAIL("server should not need cookie\n");
3459 failure = 1;
3460 goto done;
3461 }
3462
3463
3464 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3465 if (tlsext_cookie_server_needs(ssl)) {
3466 FAIL("server should not need cookie\n");
3467 failure = 1;
3468 goto done;
3469 }
3470
3471 /* Normally would be set by server before sending HRR */
3472 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3473 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3474
3475 if (!tlsext_cookie_server_needs(ssl)) {
3476 FAIL("server should need cookie");
3477 failure = 1;
3478 goto done;
3479 }
3480
3481 if (!tlsext_cookie_server_build(ssl, &cbb)) {
3482 FAIL("server have built a cookie response");
3483 failure = 1;
3484 goto done;
3485 }
3486
3487 if (!CBB_finish(&cbb, &data, &dlen)) {
3488 FAIL("failed to finish CBB");
3489 failure = 1;
3490 goto done;
3491 }
3492
3493 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3494 FAIL("got cookie with length %zu, "
3495 "want length %zu\n", dlen, strlen(cookie) +
3496 sizeof(uint16_t));
3497 failure = 1;
3498 goto done;
3499 }
3500
3501 CBS_init(&cbs, data, dlen);
3502
3503 if (tlsext_cookie_client_parse(ssl, &cbs, &alert)) {
3504 FAIL("client should not have parsed server cookie\n");
3505 failure = 1;
3506 goto done;
3507 }
3508
3509 freezero(S3I(ssl)->hs_tls13.cookie, S3I(ssl)->hs_tls13.cookie_len);
3510 S3I(ssl)->hs_tls13.cookie = NULL;
3511 S3I(ssl)->hs_tls13.cookie_len = 0;
3512
3513 if (!tlsext_cookie_client_parse(ssl, &cbs, &alert)) {
3514 FAIL("failed to parse server cookie\n");
3515 failure = 1;
3516 goto done;
3517 }
3518
3519 if (memcmp(cookie, S3I(ssl)->hs_tls13.cookie,
3520 S3I(ssl)->hs_tls13.cookie_len) != 0) {
3521 FAIL("parsed server cookie does not match sent cookie\n");
3522 failure = 1;
3523 goto done;
3524 }
3525
3526 if (CBS_len(&cbs) != 0) {
3527 FAIL("extension data remaining");
3528 failure = 1;
3529 goto done;
3530 }
3531
3532done:
3533 CBB_cleanup(&cbb);
3534 SSL_CTX_free(ssl_ctx);
3535 SSL_free(ssl);
3536 free(data);
3537
3538 return (failure);
3539}
3540
3541
3118int 3542int
3119main(int argc, char **argv) 3543main(int argc, char **argv)
3120{ 3544{
@@ -3148,8 +3572,13 @@ main(int argc, char **argv)
3148 failed |= test_tlsext_sessionticket_server(); 3572 failed |= test_tlsext_sessionticket_server();
3149 3573
3150 failed |= test_tlsext_versions_client(); 3574 failed |= test_tlsext_versions_client();
3575 failed |= test_tlsext_versions_server();
3151 3576
3152 failed |= test_tlsext_keyshare_client(); 3577 failed |= test_tlsext_keyshare_client();
3578 failed |= test_tlsext_keyshare_server();
3579
3580 failed |= test_tlsext_cookie_client();
3581 failed |= test_tlsext_cookie_server();
3153 3582
3154#ifndef OPENSSL_NO_SRTP 3583#ifndef OPENSSL_NO_SRTP
3155 failed |= test_tlsext_srtp_client(); 3584 failed |= test_tlsext_srtp_client();
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 09:36:55 +0000