Add helper functions to unwrap tls-crypt-v2 client keys.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1540208715-14044-3-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17791.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
... | ... |
@@ -853,6 +853,13 @@ buf_read_u32(struct buffer *buf, bool *good) |
853 | 853 |
} |
854 | 854 |
} |
855 | 855 |
|
856 |
+/** Return true if buffer contents are equal */ |
|
857 |
+static inline bool |
|
858 |
+buf_equal(const struct buffer *a, const struct buffer *b) |
|
859 |
+{ |
|
860 |
+ return BLEN(a) == BLEN(b) && 0 == memcmp(BPTR(a), BPTR(b), BLEN(a)); |
|
861 |
+} |
|
862 |
+ |
|
856 | 863 |
/** |
857 | 864 |
* Compare src buffer contents with match. |
858 | 865 |
* *NOT* constant time. Do not use when comparing HMACs. |
... | ... |
@@ -434,6 +434,115 @@ tls_crypt_v2_wrap_client_key(struct buffer *wkc, |
434 | 434 |
return buf_copy(wkc, &work); |
435 | 435 |
} |
436 | 436 |
|
437 |
+static bool |
|
438 |
+tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata, |
|
439 |
+ struct buffer wrapped_client_key, |
|
440 |
+ struct key_ctx *server_key) |
|
441 |
+{ |
|
442 |
+ const char *error_prefix = __func__; |
|
443 |
+ bool ret = false; |
|
444 |
+ struct gc_arena gc = gc_new(); |
|
445 |
+ /* The crypto API requires one extra cipher block of buffer head room when |
|
446 |
+ * decrypting, which nicely matches the tag size of WKc. So |
|
447 |
+ * TLS_CRYPT_V2_MAX_WKC_LEN is always large enough for the plaintext. */ |
|
448 |
+ uint8_t plaintext_buf_data[TLS_CRYPT_V2_MAX_WKC_LEN] = { 0 }; |
|
449 |
+ struct buffer plaintext = { 0 }; |
|
450 |
+ |
|
451 |
+ dmsg(D_TLS_DEBUG_MED, "%s: unwrapping client key (len=%d): %s", __func__, |
|
452 |
+ BLEN(&wrapped_client_key), format_hex(BPTR(&wrapped_client_key), |
|
453 |
+ BLEN(&wrapped_client_key), |
|
454 |
+ 0, &gc)); |
|
455 |
+ |
|
456 |
+ if (TLS_CRYPT_V2_MAX_WKC_LEN < BLEN(&wrapped_client_key)) |
|
457 |
+ { |
|
458 |
+ CRYPT_ERROR("wrapped client key too big"); |
|
459 |
+ } |
|
460 |
+ |
|
461 |
+ /* Decrypt client key and metadata */ |
|
462 |
+ uint16_t net_len = 0; |
|
463 |
+ const uint8_t *tag = BPTR(&wrapped_client_key); |
|
464 |
+ |
|
465 |
+ if (BLEN(&wrapped_client_key) < sizeof(net_len)) |
|
466 |
+ { |
|
467 |
+ CRYPT_ERROR("failed to read length"); |
|
468 |
+ } |
|
469 |
+ memcpy(&net_len, BEND(&wrapped_client_key) - sizeof(net_len), |
|
470 |
+ sizeof(net_len)); |
|
471 |
+ |
|
472 |
+ if (ntohs(net_len) != BLEN(&wrapped_client_key)) |
|
473 |
+ { |
|
474 |
+ dmsg(D_TLS_DEBUG_LOW, "%s: net_len=%u, BLEN=%i", __func__, |
|
475 |
+ ntohs(net_len), BLEN(&wrapped_client_key)); |
|
476 |
+ CRYPT_ERROR("invalid length"); |
|
477 |
+ } |
|
478 |
+ |
|
479 |
+ buf_inc_len(&wrapped_client_key, -(int)sizeof(net_len)); |
|
480 |
+ |
|
481 |
+ if (!buf_advance(&wrapped_client_key, TLS_CRYPT_TAG_SIZE)) |
|
482 |
+ { |
|
483 |
+ CRYPT_ERROR("failed to read tag"); |
|
484 |
+ } |
|
485 |
+ |
|
486 |
+ if (!cipher_ctx_reset(server_key->cipher, tag)) |
|
487 |
+ { |
|
488 |
+ CRYPT_ERROR("failed to initialize IV"); |
|
489 |
+ } |
|
490 |
+ buf_set_write(&plaintext, plaintext_buf_data, sizeof(plaintext_buf_data)); |
|
491 |
+ int outlen = 0; |
|
492 |
+ if (!cipher_ctx_update(server_key->cipher, BPTR(&plaintext), &outlen, |
|
493 |
+ BPTR(&wrapped_client_key), |
|
494 |
+ BLEN(&wrapped_client_key))) |
|
495 |
+ { |
|
496 |
+ CRYPT_ERROR("could not decrypt client key"); |
|
497 |
+ } |
|
498 |
+ ASSERT(buf_inc_len(&plaintext, outlen)); |
|
499 |
+ |
|
500 |
+ if (!cipher_ctx_final(server_key->cipher, BEND(&plaintext), &outlen)) |
|
501 |
+ { |
|
502 |
+ CRYPT_ERROR("cipher final failed"); |
|
503 |
+ } |
|
504 |
+ ASSERT(buf_inc_len(&plaintext, outlen)); |
|
505 |
+ |
|
506 |
+ /* Check authentication */ |
|
507 |
+ uint8_t tag_check[TLS_CRYPT_TAG_SIZE] = { 0 }; |
|
508 |
+ hmac_ctx_reset(server_key->hmac); |
|
509 |
+ hmac_ctx_update(server_key->hmac, (void *)&net_len, sizeof(net_len)); |
|
510 |
+ hmac_ctx_update(server_key->hmac, BPTR(&plaintext), |
|
511 |
+ BLEN(&plaintext)); |
|
512 |
+ hmac_ctx_final(server_key->hmac, tag_check); |
|
513 |
+ |
|
514 |
+ if (memcmp_constant_time(tag, tag_check, sizeof(tag_check))) |
|
515 |
+ { |
|
516 |
+ dmsg(D_CRYPTO_DEBUG, "tag : %s", |
|
517 |
+ format_hex(tag, sizeof(tag_check), 0, &gc)); |
|
518 |
+ dmsg(D_CRYPTO_DEBUG, "tag_check: %s", |
|
519 |
+ format_hex(tag_check, sizeof(tag_check), 0, &gc)); |
|
520 |
+ CRYPT_ERROR("client key authentication error"); |
|
521 |
+ } |
|
522 |
+ |
|
523 |
+ if (buf_len(&plaintext) < sizeof(client_key->keys)) |
|
524 |
+ { |
|
525 |
+ CRYPT_ERROR("failed to read client key"); |
|
526 |
+ } |
|
527 |
+ memcpy(&client_key->keys, BPTR(&plaintext), sizeof(client_key->keys)); |
|
528 |
+ ASSERT(buf_advance(&plaintext, sizeof(client_key->keys))); |
|
529 |
+ |
|
530 |
+ if(!buf_copy(metadata, &plaintext)) |
|
531 |
+ { |
|
532 |
+ CRYPT_ERROR("metadata too large for supplied buffer"); |
|
533 |
+ } |
|
534 |
+ |
|
535 |
+ ret = true; |
|
536 |
+error_exit: |
|
537 |
+ if (!ret) |
|
538 |
+ { |
|
539 |
+ secure_memzero(client_key, sizeof(*client_key)); |
|
540 |
+ } |
|
541 |
+ buf_clear(&plaintext); |
|
542 |
+ gc_free(&gc); |
|
543 |
+ return ret; |
|
544 |
+} |
|
545 |
+ |
|
437 | 546 |
void |
438 | 547 |
tls_crypt_v2_write_server_key_file(const char *filename) |
439 | 548 |
{ |
... | ... |
@@ -544,6 +653,18 @@ tls_crypt_v2_write_client_key_file(const char *filename, |
544 | 544 |
tls_crypt_v2_init_client_key(&test_client_key, &test_wrapped_client_key, |
545 | 545 |
filename, NULL); |
546 | 546 |
free_key_ctx_bi(&test_client_key); |
547 |
+ |
|
548 |
+ /* Sanity check: unwrap and load client key (as "server") */ |
|
549 |
+ struct buffer test_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, |
|
550 |
+ &gc); |
|
551 |
+ struct key2 test_client_key2 = { 0 }; |
|
552 |
+ free_key_ctx(&server_key); |
|
553 |
+ tls_crypt_v2_init_server_key(&server_key, false, server_key_file, |
|
554 |
+ server_key_inline); |
|
555 |
+ msg(D_GENKEY, "Testing server-side key loading..."); |
|
556 |
+ ASSERT(tls_crypt_v2_unwrap_client_key(&test_client_key2, &test_metadata, |
|
557 |
+ test_wrapped_client_key, &server_key)); |
|
558 |
+ secure_memzero(&test_client_key2, sizeof(test_client_key2)); |
|
547 | 559 |
free_buf(&test_wrapped_client_key); |
548 | 560 |
|
549 | 561 |
cleanup: |
... | ... |
@@ -45,7 +45,7 @@ |
45 | 45 |
|
46 | 46 |
const char plaintext_short[1]; |
47 | 47 |
|
48 |
-struct test_context { |
|
48 |
+struct test_tls_crypt_context { |
|
49 | 49 |
struct crypto_options co; |
50 | 50 |
struct key_type kt; |
51 | 51 |
struct buffer source; |
... | ... |
@@ -54,8 +54,8 @@ struct test_context { |
54 | 54 |
}; |
55 | 55 |
|
56 | 56 |
static int |
57 |
-setup(void **state) { |
|
58 |
- struct test_context *ctx = calloc(1, sizeof(*ctx)); |
|
57 |
+test_tls_crypt_setup(void **state) { |
|
58 |
+ struct test_tls_crypt_context *ctx = calloc(1, sizeof(*ctx)); |
|
59 | 59 |
*state = ctx; |
60 | 60 |
|
61 | 61 |
struct key key = { 0 }; |
... | ... |
@@ -84,8 +84,9 @@ setup(void **state) { |
84 | 84 |
} |
85 | 85 |
|
86 | 86 |
static int |
87 |
-teardown(void **state) { |
|
88 |
- struct test_context *ctx = (struct test_context *) *state; |
|
87 |
+test_tls_crypt_teardown(void **state) { |
|
88 |
+ struct test_tls_crypt_context *ctx = |
|
89 |
+ (struct test_tls_crypt_context *)*state; |
|
89 | 90 |
|
90 | 91 |
free_buf(&ctx->source); |
91 | 92 |
free_buf(&ctx->ciphertext); |
... | ... |
@@ -98,7 +99,7 @@ teardown(void **state) { |
98 | 98 |
return 0; |
99 | 99 |
} |
100 | 100 |
|
101 |
-static void skip_if_tls_crypt_not_supported(struct test_context *ctx) |
|
101 |
+static void skip_if_tls_crypt_not_supported(struct test_tls_crypt_context *ctx) |
|
102 | 102 |
{ |
103 | 103 |
if (!ctx->kt.cipher || !ctx->kt.digest) |
104 | 104 |
{ |
... | ... |
@@ -111,7 +112,7 @@ static void skip_if_tls_crypt_not_supported(struct test_context *ctx) |
111 | 111 |
*/ |
112 | 112 |
static void |
113 | 113 |
tls_crypt_loopback(void **state) { |
114 |
- struct test_context *ctx = (struct test_context *) *state; |
|
114 |
+ struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state; |
|
115 | 115 |
|
116 | 116 |
skip_if_tls_crypt_not_supported(ctx); |
117 | 117 |
|
... | ... |
@@ -128,7 +129,7 @@ tls_crypt_loopback(void **state) { |
128 | 128 |
*/ |
129 | 129 |
static void |
130 | 130 |
tls_crypt_loopback_zero_len(void **state) { |
131 |
- struct test_context *ctx = (struct test_context *) *state; |
|
131 |
+ struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state; |
|
132 | 132 |
|
133 | 133 |
skip_if_tls_crypt_not_supported(ctx); |
134 | 134 |
|
... | ... |
@@ -147,7 +148,7 @@ tls_crypt_loopback_zero_len(void **state) { |
147 | 147 |
*/ |
148 | 148 |
static void |
149 | 149 |
tls_crypt_loopback_max_len(void **state) { |
150 |
- struct test_context *ctx = (struct test_context *) *state; |
|
150 |
+ struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state; |
|
151 | 151 |
|
152 | 152 |
skip_if_tls_crypt_not_supported(ctx); |
153 | 153 |
|
... | ... |
@@ -168,7 +169,7 @@ tls_crypt_loopback_max_len(void **state) { |
168 | 168 |
*/ |
169 | 169 |
static void |
170 | 170 |
tls_crypt_fail_msg_too_long(void **state) { |
171 |
- struct test_context *ctx = (struct test_context *) *state; |
|
171 |
+ struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state; |
|
172 | 172 |
|
173 | 173 |
skip_if_tls_crypt_not_supported(ctx); |
174 | 174 |
|
... | ... |
@@ -184,7 +185,7 @@ tls_crypt_fail_msg_too_long(void **state) { |
184 | 184 |
*/ |
185 | 185 |
static void |
186 | 186 |
tls_crypt_fail_invalid_key(void **state) { |
187 |
- struct test_context *ctx = (struct test_context *) *state; |
|
187 |
+ struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state; |
|
188 | 188 |
|
189 | 189 |
skip_if_tls_crypt_not_supported(ctx); |
190 | 190 |
|
... | ... |
@@ -203,7 +204,7 @@ tls_crypt_fail_invalid_key(void **state) { |
203 | 203 |
*/ |
204 | 204 |
static void |
205 | 205 |
tls_crypt_fail_replay(void **state) { |
206 |
- struct test_context *ctx = (struct test_context *) *state; |
|
206 |
+ struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state; |
|
207 | 207 |
|
208 | 208 |
skip_if_tls_crypt_not_supported(ctx); |
209 | 209 |
|
... | ... |
@@ -222,7 +223,7 @@ tls_crypt_fail_replay(void **state) { |
222 | 222 |
*/ |
223 | 223 |
static void |
224 | 224 |
tls_crypt_ignore_replay(void **state) { |
225 |
- struct test_context *ctx = (struct test_context *) *state; |
|
225 |
+ struct test_tls_crypt_context *ctx = (struct test_tls_crypt_context *) *state; |
|
226 | 226 |
|
227 | 227 |
skip_if_tls_crypt_not_supported(ctx); |
228 | 228 |
|
... | ... |
@@ -236,22 +237,235 @@ tls_crypt_ignore_replay(void **state) { |
236 | 236 |
assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co)); |
237 | 237 |
} |
238 | 238 |
|
239 |
+struct test_tls_crypt_v2_context { |
|
240 |
+ struct gc_arena gc; |
|
241 |
+ struct key2 server_key2; |
|
242 |
+ struct key_ctx_bi server_keys; |
|
243 |
+ struct key2 client_key2; |
|
244 |
+ struct key_ctx_bi client_key; |
|
245 |
+ struct buffer metadata; |
|
246 |
+ struct buffer unwrapped_metadata; |
|
247 |
+ struct buffer wkc; |
|
248 |
+}; |
|
249 |
+ |
|
250 |
+static int |
|
251 |
+test_tls_crypt_v2_setup(void **state) { |
|
252 |
+ struct test_tls_crypt_v2_context *ctx = calloc(1, sizeof(*ctx)); |
|
253 |
+ *state = ctx; |
|
254 |
+ |
|
255 |
+ ctx->gc = gc_new(); |
|
256 |
+ |
|
257 |
+ /* Sligthly longer buffers to be able to test too-long data */ |
|
258 |
+ ctx->metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN+16, &ctx->gc); |
|
259 |
+ ctx->unwrapped_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN+16, |
|
260 |
+ &ctx->gc); |
|
261 |
+ ctx->wkc = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN+16, &ctx->gc); |
|
262 |
+ |
|
263 |
+ /* Generate server key */ |
|
264 |
+ rand_bytes((void *)ctx->server_key2.keys, sizeof(ctx->server_key2.keys)); |
|
265 |
+ ctx->server_key2.n = 2; |
|
266 |
+ struct key_type kt = tls_crypt_kt(); |
|
267 |
+ init_key_ctx_bi(&ctx->server_keys, &ctx->server_key2, |
|
268 |
+ KEY_DIRECTION_BIDIRECTIONAL, &kt, |
|
269 |
+ "tls-crypt-v2 server key"); |
|
270 |
+ |
|
271 |
+ /* Generate client key */ |
|
272 |
+ rand_bytes((void *)ctx->client_key2.keys, sizeof(ctx->client_key2.keys)); |
|
273 |
+ ctx->client_key2.n = 2; |
|
274 |
+ |
|
275 |
+ return 0; |
|
276 |
+} |
|
277 |
+ |
|
278 |
+static int |
|
279 |
+test_tls_crypt_v2_teardown(void **state) { |
|
280 |
+ struct test_tls_crypt_v2_context *ctx = |
|
281 |
+ (struct test_tls_crypt_v2_context *) *state; |
|
282 |
+ |
|
283 |
+ free_key_ctx_bi(&ctx->server_keys); |
|
284 |
+ free_key_ctx_bi(&ctx->client_key); |
|
285 |
+ |
|
286 |
+ gc_free(&ctx->gc); |
|
287 |
+ |
|
288 |
+ free(ctx); |
|
289 |
+ |
|
290 |
+ return 0; |
|
291 |
+} |
|
292 |
+ |
|
293 |
+/** |
|
294 |
+ * Check wrapping and unwrapping a tls-crypt-v2 client key without metadata. |
|
295 |
+ */ |
|
296 |
+static void |
|
297 |
+tls_crypt_v2_wrap_unwrap_no_metadata(void **state) { |
|
298 |
+ struct test_tls_crypt_v2_context *ctx = |
|
299 |
+ (struct test_tls_crypt_v2_context *) *state; |
|
300 |
+ |
|
301 |
+ struct buffer wrapped_client_key = alloc_buf_gc(TLS_CRYPT_V2_MAX_WKC_LEN, |
|
302 |
+ &ctx->gc); |
|
303 |
+ assert_true(tls_crypt_v2_wrap_client_key(&wrapped_client_key, |
|
304 |
+ &ctx->client_key2, |
|
305 |
+ &ctx->metadata, |
|
306 |
+ &ctx->server_keys.encrypt, |
|
307 |
+ &ctx->gc)); |
|
308 |
+ |
|
309 |
+ struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, |
|
310 |
+ &ctx->gc); |
|
311 |
+ struct key2 unwrapped_client_key2 = { 0 }; |
|
312 |
+ assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, |
|
313 |
+ &unwrap_metadata, |
|
314 |
+ wrapped_client_key, |
|
315 |
+ &ctx->server_keys.decrypt)); |
|
316 |
+ |
|
317 |
+ assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys, |
|
318 |
+ sizeof(ctx->client_key2.keys))); |
|
319 |
+} |
|
320 |
+ |
|
321 |
+/** |
|
322 |
+ * Check wrapping and unwrapping a tls-crypt-v2 client key with maximum length |
|
323 |
+ * metadata. |
|
324 |
+ */ |
|
325 |
+static void |
|
326 |
+tls_crypt_v2_wrap_unwrap_max_metadata(void **state) { |
|
327 |
+ struct test_tls_crypt_v2_context *ctx = |
|
328 |
+ (struct test_tls_crypt_v2_context *) *state; |
|
329 |
+ |
|
330 |
+ uint8_t* metadata = |
|
331 |
+ buf_write_alloc(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN); |
|
332 |
+ assert_true(rand_bytes(metadata, TLS_CRYPT_V2_MAX_METADATA_LEN)); |
|
333 |
+ assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, |
|
334 |
+ &ctx->metadata, |
|
335 |
+ &ctx->server_keys.encrypt, |
|
336 |
+ &ctx->gc)); |
|
337 |
+ |
|
338 |
+ struct buffer unwrap_metadata = alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN, |
|
339 |
+ &ctx->gc); |
|
340 |
+ struct key2 unwrapped_client_key2 = { 0 }; |
|
341 |
+ assert_true(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, |
|
342 |
+ &unwrap_metadata, ctx->wkc, |
|
343 |
+ &ctx->server_keys.decrypt)); |
|
344 |
+ |
|
345 |
+ assert_true(0 == memcmp(ctx->client_key2.keys, unwrapped_client_key2.keys, |
|
346 |
+ sizeof(ctx->client_key2.keys))); |
|
347 |
+ assert_true(buf_equal(&ctx->metadata, &unwrap_metadata)); |
|
348 |
+} |
|
349 |
+ |
|
350 |
+/** |
|
351 |
+ * Check that wrapping a tls-crypt-v2 client key with too long metadata fails |
|
352 |
+ * as expected. |
|
353 |
+ */ |
|
354 |
+static void |
|
355 |
+tls_crypt_v2_wrap_too_long_metadata(void **state) { |
|
356 |
+ struct test_tls_crypt_v2_context *ctx = |
|
357 |
+ (struct test_tls_crypt_v2_context *) *state; |
|
358 |
+ |
|
359 |
+ assert_true(buf_inc_len(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN+1)); |
|
360 |
+ assert_false(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, |
|
361 |
+ &ctx->metadata, |
|
362 |
+ &ctx->server_keys.encrypt, |
|
363 |
+ &ctx->gc)); |
|
364 |
+} |
|
365 |
+ |
|
366 |
+/** |
|
367 |
+ * Check that unwrapping a tls-crypt-v2 client key with the wrong server key |
|
368 |
+ * fails as expected. |
|
369 |
+ */ |
|
370 |
+static void |
|
371 |
+tls_crypt_v2_wrap_unwrap_wrong_key(void **state) { |
|
372 |
+ struct test_tls_crypt_v2_context *ctx = |
|
373 |
+ (struct test_tls_crypt_v2_context *) *state; |
|
374 |
+ |
|
375 |
+ assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, |
|
376 |
+ &ctx->metadata, |
|
377 |
+ &ctx->server_keys.encrypt, |
|
378 |
+ &ctx->gc)); |
|
379 |
+ |
|
380 |
+ /* Change server key */ |
|
381 |
+ struct key_type kt = tls_crypt_kt(); |
|
382 |
+ free_key_ctx_bi(&ctx->server_keys); |
|
383 |
+ memset(&ctx->server_key2.keys, 0, sizeof(ctx->server_key2.keys)); |
|
384 |
+ init_key_ctx_bi(&ctx->server_keys, &ctx->server_key2, |
|
385 |
+ KEY_DIRECTION_BIDIRECTIONAL, &kt, |
|
386 |
+ "wrong tls-crypt-v2 server key"); |
|
387 |
+ |
|
388 |
+ |
|
389 |
+ struct key2 unwrapped_client_key2 = { 0 }; |
|
390 |
+ assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, |
|
391 |
+ &ctx->unwrapped_metadata, |
|
392 |
+ ctx->wkc, |
|
393 |
+ &ctx->server_keys.decrypt)); |
|
394 |
+ |
|
395 |
+ const struct key2 zero = { 0 }; |
|
396 |
+ assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero))); |
|
397 |
+ assert_true(0 == BLEN(&ctx->unwrapped_metadata)); |
|
398 |
+} |
|
399 |
+ |
|
400 |
+/** |
|
401 |
+ * Check that unwrapping a tls-crypt-v2 client key to a too small metadata |
|
402 |
+ * buffer fails as expected. |
|
403 |
+ */ |
|
404 |
+static void |
|
405 |
+tls_crypt_v2_wrap_unwrap_dst_too_small(void **state) { |
|
406 |
+ struct test_tls_crypt_v2_context *ctx = |
|
407 |
+ (struct test_tls_crypt_v2_context *) *state; |
|
408 |
+ |
|
409 |
+ uint8_t* metadata = |
|
410 |
+ buf_write_alloc(&ctx->metadata, TLS_CRYPT_V2_MAX_METADATA_LEN); |
|
411 |
+ assert_true(rand_bytes(metadata, TLS_CRYPT_V2_MAX_METADATA_LEN)); |
|
412 |
+ assert_true(tls_crypt_v2_wrap_client_key(&ctx->wkc, &ctx->client_key2, |
|
413 |
+ &ctx->metadata, |
|
414 |
+ &ctx->server_keys.encrypt, |
|
415 |
+ &ctx->gc)); |
|
416 |
+ |
|
417 |
+ struct key2 unwrapped_client_key2 = { 0 }; |
|
418 |
+ struct buffer unwrapped_metadata = |
|
419 |
+ alloc_buf_gc(TLS_CRYPT_V2_MAX_METADATA_LEN-1, &ctx->gc); |
|
420 |
+ assert_false(tls_crypt_v2_unwrap_client_key(&unwrapped_client_key2, |
|
421 |
+ &unwrapped_metadata, ctx->wkc, |
|
422 |
+ &ctx->server_keys.decrypt)); |
|
423 |
+ |
|
424 |
+ const struct key2 zero = { 0 }; |
|
425 |
+ assert_true(0 == memcmp(&unwrapped_client_key2, &zero, sizeof(zero))); |
|
426 |
+ assert_true(0 == BLEN(&ctx->unwrapped_metadata)); |
|
427 |
+} |
|
428 |
+ |
|
239 | 429 |
int |
240 | 430 |
main(void) { |
241 | 431 |
const struct CMUnitTest tests[] = { |
242 |
- cmocka_unit_test_setup_teardown(tls_crypt_loopback, setup, teardown), |
|
432 |
+ cmocka_unit_test_setup_teardown(tls_crypt_loopback, |
|
433 |
+ test_tls_crypt_setup, |
|
434 |
+ test_tls_crypt_teardown), |
|
243 | 435 |
cmocka_unit_test_setup_teardown(tls_crypt_loopback_zero_len, |
244 |
- setup, teardown), |
|
436 |
+ test_tls_crypt_setup, |
|
437 |
+ test_tls_crypt_teardown), |
|
245 | 438 |
cmocka_unit_test_setup_teardown(tls_crypt_loopback_max_len, |
246 |
- setup, teardown), |
|
439 |
+ test_tls_crypt_setup, |
|
440 |
+ test_tls_crypt_teardown), |
|
247 | 441 |
cmocka_unit_test_setup_teardown(tls_crypt_fail_msg_too_long, |
248 |
- setup, teardown), |
|
442 |
+ test_tls_crypt_setup, |
|
443 |
+ test_tls_crypt_teardown), |
|
249 | 444 |
cmocka_unit_test_setup_teardown(tls_crypt_fail_invalid_key, |
250 |
- setup, teardown), |
|
445 |
+ test_tls_crypt_setup, |
|
446 |
+ test_tls_crypt_teardown), |
|
251 | 447 |
cmocka_unit_test_setup_teardown(tls_crypt_fail_replay, |
252 |
- setup, teardown), |
|
448 |
+ test_tls_crypt_setup, |
|
449 |
+ test_tls_crypt_teardown), |
|
253 | 450 |
cmocka_unit_test_setup_teardown(tls_crypt_ignore_replay, |
254 |
- setup, teardown), |
|
451 |
+ test_tls_crypt_setup, |
|
452 |
+ test_tls_crypt_teardown), |
|
453 |
+ cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_no_metadata, |
|
454 |
+ test_tls_crypt_v2_setup, |
|
455 |
+ test_tls_crypt_v2_teardown), |
|
456 |
+ cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_max_metadata, |
|
457 |
+ test_tls_crypt_v2_setup, |
|
458 |
+ test_tls_crypt_v2_teardown), |
|
459 |
+ cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_too_long_metadata, |
|
460 |
+ test_tls_crypt_v2_setup, |
|
461 |
+ test_tls_crypt_v2_teardown), |
|
462 |
+ cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_wrong_key, |
|
463 |
+ test_tls_crypt_v2_setup, |
|
464 |
+ test_tls_crypt_v2_teardown), |
|
465 |
+ cmocka_unit_test_setup_teardown(tls_crypt_v2_wrap_unwrap_dst_too_small, |
|
466 |
+ test_tls_crypt_v2_setup, |
|
467 |
+ test_tls_crypt_v2_teardown), |
|
255 | 468 |
}; |
256 | 469 |
|
257 | 470 |
#if defined(ENABLE_CRYPTO_OPENSSL) |