Skip to content

Commit

Permalink
Update the tls13encryptiontest for new read record layer
Browse files Browse the repository at this point in the history 
The tls13encryption is an internal test that reaches inside libssl
to test encryption/decryption of records. It needs to be amended for the
new code structure so that it is testing the equivalent things as before.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #18132)
  • Loading branch information
@mattcaswell
mattcaswell committed Aug 18, 2022
1 parent d0b17ea commit a16f9d3
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 54 deletions.
95 changes: 54 additions & 41 deletions ssl/record/methods/tls_common.c
View file
Expand Up @@ -1045,35 +1045,46 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}

/* Loop through all the settings since they must all be understood */
for (p = settings; p->key != NULL; p++) {
if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
if (settings != NULL) {
for (p = settings; p->key != NULL; p++) {
if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_UNKNOWN_MANDATORY_PARAMETER);
goto err;
}
} else {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_MANDATORY_PARAMETER);
goto err;
}
}

Expand Down Expand Up @@ -1115,20 +1126,22 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
rl->next = next;

rl->cbarg = cbarg;
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
break;
case OSSL_FUNC_RLAYER_MSG_CALLBACK:
rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
break;
case OSSL_FUNC_RLAYER_SECURITY:
rl->security = OSSL_FUNC_rlayer_security(fns);
break;
default:
/* Just ignore anything we don't understand */
break;
if (fns != NULL) {
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
break;
case OSSL_FUNC_RLAYER_MSG_CALLBACK:
rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
break;
case OSSL_FUNC_RLAYER_SECURITY:
rl->security = OSSL_FUNC_rlayer_security(fns);
break;
default:
/* Just ignore anything we don't understand */
break;
}
}
}

Expand Down
34 changes: 21 additions & 13 deletions test/tls13encryptiontest.c
View file
Expand Up @@ -11,6 +11,8 @@
#include <openssl/evp.h>
#include "../ssl/ssl_local.h"
#include "../ssl/record/record_local.h"
#include "../ssl/record/recordmethod.h"
#include "../ssl/record/methods/recmethod_local.h"
#include "internal/nelem.h"
#include "testutil.h"

Expand Down Expand Up @@ -306,11 +308,14 @@ static int test_tls13_encryption(void)
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
unsigned char *key = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0;
size_t ivlen, ctr;
SSL_CONNECTION *s;
unsigned char seqbuf[SEQ_NUM_SIZE];
unsigned char iv[EVP_MAX_IV_LENGTH];
OSSL_RECORD_LAYER *rl;

/*
* Encrypted TLSv1.3 records always have an outer content type of
Expand Down Expand Up @@ -349,16 +354,14 @@ static int test_tls13_encryption(void)
for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
/* Load the record */
ivlen = EVP_CIPHER_get_iv_length(ciph);
if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
RECORD_LAYER_get_read_sequence(&s->rlayer))) {
if (!load_record(&rec, &refdata[ctr], &key, iv, ivlen, seqbuf)) {
TEST_error("Failed loading key into EVP_CIPHER_CTX");
goto err;
}

/* Set up the read/write sequences */
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
memcpy(s->write_iv, s->read_iv, ivlen);
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), seqbuf, sizeof(seqbuf));
memcpy(s->write_iv, iv, ivlen);

/* Load the key into the EVP_CIPHER_CTXs */
if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
Expand All @@ -378,8 +381,18 @@ static int test_tls13_encryption(void)
goto err;
}

if (!TEST_true(ossl_tls_record_method.new_record_layer(
NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
OSSL_RECORD_DIRECTION_READ,
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, &rl))) {
goto err;
}
memcpy(rl->sequence, seqbuf, sizeof(seqbuf));
/* Decrypt it */
if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0, NULL, 0), 1)) {
if (!TEST_int_eq(rl->funcs->cipher(rl, &rec, 1, 0, NULL, 0), 1)) {
TEST_info("Failed to decrypt record %zu", ctr);
goto err;
}
Expand All @@ -388,14 +401,11 @@ static int test_tls13_encryption(void)
goto err;
}

ossl_tls_record_method.free(rl);
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
rec.data = NULL;
key = NULL;
iv = NULL;
seq = NULL;
}

TEST_note("PASS: %zu records tested", ctr);
Expand All @@ -404,8 +414,6 @@ static int test_tls13_encryption(void)
err:
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
SSL_free(ssl);
SSL_CTX_free(ctx);
return ret;
Expand Down

0 comments on commit a16f9d3

Please sign in to comment.