diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-06 10:18:33 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-15 11:42:23 +0100 |
commit | 04ba4db72d9c9c846cecfc2b0958eaf7df1fd54d (patch) | |
tree | 3e3ad3786569273d43c5a29fc34429c8344411e6 | |
parent | 2d8a12b7fb089287d110ea64e5888fda4298548a (diff) | |
download | gnutls-04ba4db72d9c9c846cecfc2b0958eaf7df1fd54d.tar.gz |
tests: added key share behavioral testtmp-draft-ietf-tls-tls13-21-nmav-backports4
This verifies whether the gnutls_init() flags GNUTLS_KEY_SHARE_TOP,
GNUTLS_KEY_SHARE_TOP2, GNUTLS_KEY_SHARE_TOP3 behave as advertized.
Resolves #284
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/tls13/ext-parse.h | 25 | ||||
-rw-r--r-- | tests/tls13/key_share.c | 330 | ||||
-rw-r--r-- | tests/tls13/post-handshake-with-cert.c | 6 | ||||
-rw-r--r-- | tests/tls13/post-handshake-without-cert.c | 4 | ||||
-rw-r--r-- | tests/tls13/tls12-no-tls13-exts.c | 4 |
6 files changed, 351 insertions, 20 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 39b3e27e80..a99ec5ab45 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -93,7 +93,7 @@ indirect_tests = ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \ tls13/post-handshake-with-cert tls13/post-handshake-without-cert \ - tls13/cookie tls12-rollback-detection tls11-rollback-detection \ + tls13/cookie tls13/key_share tls12-rollback-detection tls11-rollback-detection \ tls12-check-rollback-val tls11-check-rollback-val ctests += mini-record-2 simple gc set_pkcs12_cred cert certuniqueid tls-neg-ext-key \ diff --git a/tests/tls13/ext-parse.h b/tests/tls13/ext-parse.h index 7e0dd9b4be..5b9f5b868f 100644 --- a/tests/tls13/ext-parse.h +++ b/tests/tls13/ext-parse.h @@ -24,29 +24,29 @@ #define TLS_EXT_SUPPORTED_VERSIONS 43 #define TLS_EXT_POST_HANDSHAKE 49 -#define SKIP16(pos, total) { \ +#define SKIP16(pos, _total) { \ uint16_t _s; \ - if (pos+2 > total) fail("error0: at %d total: %d\n", pos+2, total); \ + if ((size_t)pos+2 > (size_t)_total) fail("error0: at %d total: %d\n", pos+2, _total); \ _s = (msg->data[pos] << 8) | msg->data[pos+1]; \ - if ((size_t)(pos+2+_s) > total) fail("error1: at %d field: %d, total: %d\n", pos+2, (int)_s, total); \ + if ((size_t)(pos+2+_s) > (size_t)_total) fail("error1: at %d field: %d, total: %d\n", pos+2, (int)_s, _total); \ pos += 2+_s; \ } -#define SKIP8(pos, total) { \ +#define SKIP8(pos, _total) { \ uint8_t _s; \ - if (pos+1 > total) fail("error\n"); \ + if ((size_t)pos+1 > (size_t)_total) fail("error\n"); \ _s = msg->data[pos]; \ - if ((size_t)(pos+1+_s) > total) fail("error\n"); \ + if ((size_t)(pos+1+_s) > (size_t)_total) fail("error\n"); \ pos += 1+_s; \ } -typedef void (*ext_parse_func)(gnutls_datum_t *extdata); +typedef void (*ext_parse_func)(void *priv, gnutls_datum_t *extdata); #define HANDSHAKE_SESSION_ID_POS 34 /* Returns 0 if the extension was not found, 1 otherwise. */ -static unsigned find_client_extension(const gnutls_datum_t *msg, unsigned extnr, ext_parse_func cb) +static unsigned find_client_extension(const gnutls_datum_t *msg, unsigned extnr, void *priv, ext_parse_func cb) { unsigned pos; @@ -80,7 +80,8 @@ static unsigned find_client_extension(const gnutls_datum_t *msg, unsigned extnr, type = (msg->data[pos] << 8) | msg->data[pos+1]; pos+=2; - success("Found client extension %d\n", (int)type); + if (debug) + success("Found client extension %d\n", (int)type); if (type != extnr) { SKIP16(pos, msg->size); @@ -95,7 +96,7 @@ static unsigned find_client_extension(const gnutls_datum_t *msg, unsigned extnr, data.data = &msg->data[pos]; data.size = size; if (cb) - cb(&data); + cb(priv, &data); return 1; } } @@ -104,7 +105,7 @@ static unsigned find_client_extension(const gnutls_datum_t *msg, unsigned extnr, #define TLS_RANDOM_SIZE 32 -static unsigned find_server_extension(const gnutls_datum_t *msg, unsigned extnr, ext_parse_func cb) +static unsigned find_server_extension(const gnutls_datum_t *msg, unsigned extnr, void *priv, ext_parse_func cb) { unsigned tls13 = 0; unsigned pos = 0; @@ -166,7 +167,7 @@ static unsigned find_server_extension(const gnutls_datum_t *msg, unsigned extnr, data.data = &msg->data[pos]; data.size = size; if (cb) - cb(&data); + cb(priv, &data); return 1; } } diff --git a/tests/tls13/key_share.c b/tests/tls13/key_share.c new file mode 100644 index 0000000000..a048ccfbdd --- /dev/null +++ b/tests/tls13/key_share.c @@ -0,0 +1,330 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include <string.h> +#include <sys/types.h> +#include <netinet/in.h> +#include <sys/socket.h> +#include <sys/wait.h> +#include <arpa/inet.h> +#include <unistd.h> +#include <gnutls/gnutls.h> +#include <gnutls/dtls.h> +#include <signal.h> + +#include "cert-common.h" +#include "utils.h" +#include "tls13/ext-parse.h" + +/* This program tests the Key Share behavior in Client Hello, + * and whether the flags to gnutls_init for key share are followed. + */ + +const char *testname = ""; + +#define myfail(fmt, ...) \ + fail("%s: "fmt, testname, ##__VA_ARGS__) + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + + +#define MAX_BUF 1024 + +static void client(int fd, unsigned flag, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|flag); + + gnutls_handshake_set_timeout(session, 20 * 1000); + + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) + myfail("cannot set TLS 1.3 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +unsigned int tls_id_to_group[] = { + [23] = GNUTLS_GROUP_SECP256R1, + [24] = GNUTLS_GROUP_SECP384R1, + [29] = GNUTLS_GROUP_X25519, + [0x100] = GNUTLS_GROUP_FFDHE2048, + [0x101] = GNUTLS_GROUP_FFDHE3072 +}; + + +#define TLS_EXT_KEY_SHARE 40 + +typedef struct ctx_st { + gnutls_group_t group; + unsigned ngroups; +} ctx_st; + +static +void check_ks_contents(void *priv, gnutls_datum_t *msg) +{ + ctx_st *ctx; + int len; + gnutls_session_t session = priv; + int pos; + unsigned total = 0, id; + unsigned found = 0; + + ctx = gnutls_session_get_ptr(session); + + len = (msg->data[0] << 8) | msg->data[1]; + if (len+2 != (int)msg->size) + myfail("mismatch in length (%d vs %d)!\n", len, (int)msg->size); + + pos = 2; + + while(pos < msg->size) { + id = (msg->data[pos] << 8) | msg->data[pos+1]; + pos += 2; + len -= 2; + + if (debug) + success("found group: %u\n", id); + if (id < sizeof(tls_id_to_group)/sizeof(tls_id_to_group[0])) { + if (tls_id_to_group[id] == ctx->group) + found = 1; + } + total++; + + SKIP16(pos, msg->size); + } + + if (total != ctx->ngroups) { + myfail("found %d groups, expected %d\n", total, ctx->ngroups); + } + + if (found == 0) { + myfail("did not find group %s\n", gnutls_group_get_name(ctx->group)); + } +} + +static int client_hello_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && post == GNUTLS_HOOK_POST) { + if (find_client_extension(msg, TLS_EXT_KEY_SHARE, session, check_ks_contents) == 0) + fail("Could not find key share extension!\n"); + } + + return 0; +} + +static void server(int fd, gnutls_group_t exp_group, unsigned ngroups) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + ctx_st ctx; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, 20 * 1000); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + client_hello_callback); + ctx.group = exp_group; + ctx.ngroups = ngroups; + gnutls_session_set_ptr(session, &ctx); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) + myfail("handshake error: %s\n", gnutls_strerror(ret)); + + if (gnutls_group_get(session) != exp_group) + myfail("group doesn't match the expected: %s\n", gnutls_group_get_name(gnutls_group_get(session))); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +static void start(const char *name, const char *prio, unsigned flag, gnutls_group_t group, unsigned ngroups) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + testname = name; + success("== test %s ==\n", testname); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], group, ngroups); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], flag, prio); + exit(0); + } +} + +void doit(void) +{ + start("single group: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_SECP256R1, 1); + start("single group: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_SECP256R1, 1); + start("single group: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_X25519, 1); + + /* unfortunately we strictly follow the rfc7919 RFC and we prioritize groups + * based on ciphersuite listing as well. To prioritize the FFDHE groups we need + * to prioritize the non-EC ciphersuites first. */ + start("single group: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_FFDHE2048, 1); + + start("two groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2); + start("two groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2); + start("two groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X25519, 2); + start("two groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_FFDHE2048, 2); + + start("three groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3); + start("three groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3); + start("three groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X25519, 3); + start("three groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_FFDHE2048, 3); + + /* test default behavior */ + start("default groups(2): default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0, GNUTLS_GROUP_SECP256R1, 2); + start("default groups(2): secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", 0, GNUTLS_GROUP_SECP256R1, 2); + start("default groups(2): x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", 0, GNUTLS_GROUP_X25519, 2); + start("default groups(2): ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", 0, GNUTLS_GROUP_FFDHE2048, 2); +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/post-handshake-with-cert.c b/tests/tls13/post-handshake-with-cert.c index 8456e7441d..49a48d946a 100644 --- a/tests/tls13/post-handshake-with-cert.c +++ b/tests/tls13/post-handshake-with-cert.c @@ -124,7 +124,7 @@ static unsigned server_hello_ok = 0; #define TLS_EXT_POST_HANDSHAKE 49 -static void parse_ext(gnutls_datum_t *msg) +static void parse_ext(void *priv, gnutls_datum_t *msg) { if (msg->size != 0) { fail("error in extension length: %d\n", (int)msg->size); @@ -135,7 +135,7 @@ static int hellos_callback(gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming, const gnutls_datum_t *msg) { if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { - if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL)) { + if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { fail("Post handshake extension seen in server hello!\n"); } server_hello_ok = 1; @@ -146,7 +146,7 @@ static int hellos_callback(gnutls_session_t session, unsigned int htype, if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) return 0; - if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, parse_ext)) + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, parse_ext)) client_hello_ok = 1; else fail("Post handshake extension NOT seen in client hello!\n"); diff --git a/tests/tls13/post-handshake-without-cert.c b/tests/tls13/post-handshake-without-cert.c index 5293014d52..9c02d5b272 100644 --- a/tests/tls13/post-handshake-without-cert.c +++ b/tests/tls13/post-handshake-without-cert.c @@ -122,7 +122,7 @@ static int hellos_callback(gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming, const gnutls_datum_t *msg) { if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { - if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL)) { + if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { fail("Post handshake extension seen in server hello!\n"); } server_hello_ok = 1; @@ -133,7 +133,7 @@ static int hellos_callback(gnutls_session_t session, unsigned int htype, if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) return 0; - if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL)) + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) fail("Post handshake extension seen in client hello with no cert!\n"); return 0; diff --git a/tests/tls13/tls12-no-tls13-exts.c b/tests/tls13/tls12-no-tls13-exts.c index c9bbafe7ce..b7411fbdc8 100644 --- a/tests/tls13/tls12-no-tls13-exts.c +++ b/tests/tls13/tls12-no-tls13-exts.c @@ -125,11 +125,11 @@ static int client_hello_callback(gnutls_session_t session, unsigned int htype, if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) return 0; - if (find_client_extension(msg, TLS_EXT_SUPPORTED_VERSIONS, NULL)) { + if (find_client_extension(msg, TLS_EXT_SUPPORTED_VERSIONS, NULL, NULL)) { fail("Found TLS 1.3 supported versions extension in TLS 1.2!\n"); } - if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL)) { + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { fail("Found TLS 1.3 supported versions extension in TLS 1.2!\n"); } |