From patchwork Mon Nov 11 01:59:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3931 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:41ba:b0:5d9:9f4c:3bc7 with SMTP id a26csp2278091mad; Sun, 10 Nov 2024 18:00:15 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVUrTe5YQ2G3I8gGKZvVHVyJ5MuKqf9tiINshml2Jc/cIfz3lHHku+gMDkW04XV2ITGgX9yhZHnp64=@openvpn.net X-Google-Smtp-Source: AGHT+IFHMWCdZv77hpzsTAzkrBtSPhbdGDWAtx1fvB5sB86OWCoJ7hzV+vG9Ppdo7Jup6R9hwG03 X-Received: by 2002:a05:6870:2198:b0:277:f826:edcc with SMTP id 586e51a60fabf-29560012599mr8994416fac.5.1731290415602; Sun, 10 Nov 2024 18:00:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1731290415; cv=none; d=google.com; s=arc-20240605; b=Tg9nhSXzjqQmntzYM8kw3CsMPmRIhT+PDK12QH25bImlrlTDowt0bcv3wZx9nWpW86 HGy95lLUMKRGj5Z+Vf6nohfkNVWMDpX+7QlML+XFUHhNhPnwNS+XXj1hCouztgu+Ps+s Fled1Ut1DHQQqemCGDFtv6H92S6uk7rTyE/ONZsehaGxWwWZw9H42KWJgoUloEc6TH25 QanJrhWUKqLuAfTeKj6loWWjD274uJoUUhOu/3W5/cLZt6XFsdjMHZJ6fAnFZ3V1deED 8i+T9GxGxpf5XCBnL18ufaNG7gkQVeptRnlrFrb9CGnZKm/QkeCVXwH1hK6TXYTs6j8x ZfQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=kKXmV2zsQz5wvAaWj0E76Qem7uYFexJE8uQVkTuqJHU=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=FomWxwCQ2k+LGzuY8qs8l4KET/wHzM+MBgunahq6mgDQSnq6x2a+QCsY1JTNjr8SIg 8iTXJmFB6TxTcWh3Ne9ZS3c32ovPVvusduB8kXGnUh7vJTshwqfCQklar1e7oFZCwYOv p4ufFYwtNb/UlqvUJgPHVJS0FnEV1/ijWAuid3raPGLwBX1w9IHd/ClYDGT0EYAJkf7z iiTDFjH/BGCedEf7Ic8ZXejOQwLQb2kUn8BYv0brK+UU6SPSfwIVikhlyNdDrR2lm0/R gh+aPTqSMrqcjSjkt7K3dosZXIz+0X2DvANkT4o6LJ+eJA5xxtb4OeYbBM3GI07IGali beIg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=aYqITRIh; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=lJ1JSc1N; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=FbCnzmtk; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-29546c558fdsi5580011fac.42.2024.11.10.18.00.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 10 Nov 2024 18:00:15 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=aYqITRIh; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=lJ1JSc1N; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=FbCnzmtk; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tAJin-0007I7-PA; Mon, 11 Nov 2024 02:00:06 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tAJik-0007Hl-6v for openvpn-devel@lists.sourceforge.net; Mon, 11 Nov 2024 02:00:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=SExtk3IFXUrjbb8xYN04algyoXwg+RLzsK2rLvSgkQ8=; b=aYqITRIhKHJBvXbUicwLAeRuLo 0My87gJu4hB2HZwsSHYwrQGhxvrG/aGrfHN5lnAjR9xTMlHb4x5Lb844uiNZmdsQuKb3IC+zNKjxd OnFBk3no8JWp2ZCSQokc+VdKm/8ze5qZCfOZTZ4fkExmB7IXsc2w+1oe5b7eicMkAm60=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=SExtk3IFXUrjbb8xYN04algyoXwg+RLzsK2rLvSgkQ8=; b=l J1JSc1N9p8zQltVtJZrfMXWjo4IhXvSzt5D1VJ9KPQWvXLkXL/aWWajmPwRQBsqAFMl9669V0C2Is esTpJSdAjbwfc6vBRGIKwQmQVavPbR4A545kQyHK25vz64yn8DtboePGDpkUTO9xW+v0g4YyobPn7 b81GgoKz1/qJ+Wp8=; Received: from mail-wr1-f44.google.com ([209.85.221.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tAJii-0001Yw-6S for openvpn-devel@lists.sourceforge.net; Mon, 11 Nov 2024 02:00:02 +0000 Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-37d49a7207cso2752555f8f.0 for ; Sun, 10 Nov 2024 18:00:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1731290388; x=1731895188; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=SExtk3IFXUrjbb8xYN04algyoXwg+RLzsK2rLvSgkQ8=; b=FbCnzmtkfYDMrlpKfs2wfnYnOqwcoBWlDCRJlfnI58ag/MganDLdMuSkVTM2w/eaDU NSGJtdf39ryG1+F9e+nhEPPItgIrHHPCuVR1rx2PIizxpOASSzihWgRIZ4v+ILFfIIkP NqytESVqKoXxRv3IsIEWg0hYjz1KoFW6LeRqQda0rfEuy7ME9Z5izrSA13rF5dAJi+2X ZnuBjH3PIWs7JgOqadiWC+KgUayJMnaPCObQuvGRFYTPMmx6vemMbEDxNGjpxfbgS9Pa GkX/Y26Xv2+uAVxieh1jk0U1+mWjg2EbToweMOTBWecbPtt+MEf3fppxF4Mn+gwjhQgj mBBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731290388; x=1731895188; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SExtk3IFXUrjbb8xYN04algyoXwg+RLzsK2rLvSgkQ8=; b=IDpR3CudMDnWhAaEJNtIXrMDfT4aUxIPRemQNrwccKPPlvDad4l2SfDD/JTA9DkyOF xiFdRqEC7DUQWutlTvCjXIKa7SxPn3+BI6wmv0r/RVXLeCXhRnJ2kerQMTfcceTmVhOa MrYPWXoRclXgzYWrr32gQ5Gyrq8I5eSrWQMeWIhNo+h6ZCduaWOvEpszaeg7QwfPFabW 18SA/q/oM9APw3r0iVRuO9yDJHfjB0SmQp1cSNI1ePCBZnPLfZ7pNh4ktiaC2/acALUz 48mTISPMeydkJrf3/S7qEwylK7QcB1oZRnG3PS+eVj3Wgsegn5/HhfalR+oYAHaAvdH4 Pjuw== X-Gm-Message-State: AOJu0YxiFect9nGXzkZobA6iKTsEF8Cf2zoyYVZ9ux1H12fP08A9Dx2t U27c37kRiR2m0flM+nRPywwsyj7OLt8L7cq4yEb3wmpYtxHGrcAuDjULOSVRZYopdOJSObuooj3 u X-Received: by 2002:a05:6000:1fa9:b0:381:cfea:2818 with SMTP id ffacd0b85a97d-381f186d156mr9151537f8f.30.1731290388276; Sun, 10 Nov 2024 17:59:48 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-432aa709ec7sm199449195e9.35.2024.11.10.17.59.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 10 Nov 2024 17:59:47 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 11 Nov 2024 01:59:46 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I3a1c6561f4d9a69e2a441d49dff620b4258a1bcc X-Gerrit-Change-Number: 798 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: bae489ce377d749fdbaa1c6fbb41cda1125fbf66 References: Message-ID: <737fc6870bbfb1248baa1bacfc448ee774a4f5ea-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.44 listed in list.dnswl.org] -0.7 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.44 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tAJii-0001Yw-6S Subject: [Openvpn-devel] [L] Change in openvpn[master]: Implement HKDF expand function based on RFC 8446 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1815389578524920363?= X-GMAIL-MSGID: =?utf-8?q?1815389578524920363?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/798?usp=email to review the following change. Change subject: Implement HKDF expand function based on RFC 8446 ...................................................................... Implement HKDF expand function based on RFC 8446 Use crypto_epoch.c/h for the new functions since they are linked to the epoch key usage in OpenVPN. Change-Id: I3a1c6561f4d9a69e2a441d49dff620b4258a1bcc Signed-off-by: Arne Schwabe --- M CMakeLists.txt M src/openvpn/Makefile.am A src/openvpn/crypto_epoch.c A src/openvpn/crypto_epoch.h M src/openvpn/crypto_mbedtls.h M tests/unit_tests/openvpn/Makefile.am M tests/unit_tests/openvpn/test_crypto.c 7 files changed, 304 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/98/798/1 diff --git a/CMakeLists.txt b/CMakeLists.txt index 5db207d..cbc93cd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -389,6 +389,8 @@ src/openvpn/crypto.c src/openvpn/crypto.h src/openvpn/crypto_backend.h + src/openvpn/crypto_epoch.c + src/openvpn/crypto_epoch.h src/openvpn/crypto_openssl.c src/openvpn/crypto_openssl.h src/openvpn/crypto_mbedtls.c @@ -717,6 +719,7 @@ target_sources(test_crypto PRIVATE src/openvpn/crypto_mbedtls.c src/openvpn/crypto_openssl.c + src/openvpn/crypto_epoch.c src/openvpn/crypto.c src/openvpn/otime.c src/openvpn/packet_id.c diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index ecb2bcf..d6d6592 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -53,6 +53,7 @@ crypto.c crypto.h crypto_backend.h \ crypto_openssl.c crypto_openssl.h \ crypto_mbedtls.c crypto_mbedtls.h \ + crypto_epoch.c crypto_epoch.h \ dco.c dco.h dco_internal.h \ dco_freebsd.c dco_freebsd.h \ dco_linux.c dco_linux.h \ diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c new file mode 100644 index 0000000..7a5b460 --- /dev/null +++ b/src/openvpn/crypto_epoch.c @@ -0,0 +1,106 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2024 OpenVPN Inc + * Copyright (C) 2024 Arne Schwabe + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include "crypto_backend.h" +#include "buffer.h" +#include "integer.h" + +void +ovpn_hdkf_expand(const uint8_t *secret, + const uint8_t *info, int info_len, + uint8_t *out, int out_len) +{ + hmac_ctx_t *hmac_ctx = hmac_ctx_new(); + hmac_ctx_init(hmac_ctx, secret, "SHA256"); + + const int digest_size = SHA256_DIGEST_LENGTH; + + /* T(0) = empty string */ + uint8_t t_prev[SHA256_DIGEST_LENGTH]; + int t_prev_len = 0; + + for (uint8_t block = 1; (block - 1) * digest_size < out_len; block++) + { + hmac_ctx_reset(hmac_ctx); + + /* calculate T(block) */ + hmac_ctx_update(hmac_ctx, t_prev, t_prev_len); + hmac_ctx_update(hmac_ctx, info, info_len); + hmac_ctx_update(hmac_ctx, &block, 1); + hmac_ctx_final(hmac_ctx, t_prev); + t_prev_len = digest_size; + + /* Copy a full hmac output or remaining bytes */ + int out_offset = (block - 1) * digest_size; + int copylen = min_int(digest_size, out_len - out_offset); + + memcpy(out + out_offset, t_prev, copylen); + } + hmac_ctx_cleanup(hmac_ctx); + hmac_ctx_free(hmac_ctx); +} + +bool +ovpn_expand_label(const uint8_t *secret, size_t secret_len, + const uint8_t *label, size_t label_len, + const uint8_t *context, size_t context_len, + uint8_t *out, uint16_t out_len) +{ + if (secret_len != 32) + { + /* Our current implementation is not a general purpose one + * and assume that the secret size matches the size of the + * hash (SHA256) key */ + return false; + } + + struct gc_arena gc = gc_new(); + /* 2 byte for the outlen encoded as uint16, 5 bytes for "ovpn " */ + int hkdf_label_len = 2 + 5 + label_len + context_len; + struct buffer hkdf_label = alloc_buf_gc(hkdf_label_len, &gc); + + + buf_write_u16(&hkdf_label, out_len); + buf_write(&hkdf_label, "ovpn ", 5); + buf_write(&hkdf_label, label, label_len); + if (context_len > 0) + { + buf_write(&hkdf_label, context, context_len); + } + + ASSERT(buf_len(&hkdf_label) == hkdf_label_len); + + ovpn_hdkf_expand(secret, buf_bptr(&hkdf_label), + buf_len(&hkdf_label), out, out_len); + + gc_free(&gc); + return true; +} \ No newline at end of file diff --git a/src/openvpn/crypto_epoch.h b/src/openvpn/crypto_epoch.h new file mode 100644 index 0000000..dad2473 --- /dev/null +++ b/src/openvpn/crypto_epoch.h @@ -0,0 +1,69 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2024 OpenVPN Inc + * Copyright (C) 2024 Arne Schwabe + * + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef CRYPTO_EPOCH_H +#define CRYPTO_EPOCH_H + +/** + * Implementation of the RFC5869 HKDF-Expand function with the following + * restrictions + * - salt is always assumed to be zero length (ie not supported) + * - IKM (secret) is assumed to be always 32 bytes + * - HASH is always SHA256 + * + * @param secret the input keying material (HMAC key) + * @param info context and application specific information + * @param out output keying material + * @param out_len length of output keying material + */ +void +ovpn_hdkf_expand(const uint8_t *secret, + const uint8_t *info, int info_len, + uint8_t *out, int out_len); + +/** + * Variant of the RFC 8446 TLS 1.3 HKDF-Expand-Label function with the + * following differences/restrictions: + * - secret must 32 bytes in length + * - label prefix is "ovpn " instead of "tls13 " + * - HASH is always SHA256 + * + * @param secret Input secret + * @param secret_len length of the input secret + * @param label Label for the exported key material + * @param label_len length of the label + * @param context optional context + * @param context_len length of the context + * @param out output keying material + * @param out_len length of output keying material + * @return + */ +bool +ovpn_expand_label(const uint8_t *secret, size_t secret_len, + const uint8_t *label, size_t label_len, + const uint8_t *context, size_t context_len, + uint8_t *out, uint16_t out_len); + +#endif diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h index a966a7a..fe51359 100644 --- a/src/openvpn/crypto_mbedtls.h +++ b/src/openvpn/crypto_mbedtls.h @@ -29,6 +29,7 @@ #ifndef CRYPTO_MBEDTLS_H_ #define CRYPTO_MBEDTLS_H_ +#include #include #include #include diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am index a4e6235..307f9ed 100644 --- a/tests/unit_tests/openvpn/Makefile.am +++ b/tests/unit_tests/openvpn/Makefile.am @@ -66,6 +66,7 @@ $(top_srcdir)/src/openvpn/crypto.c \ $(top_srcdir)/src/openvpn/crypto_mbedtls.c \ $(top_srcdir)/src/openvpn/crypto_openssl.c \ + $(top_srcdir)/src/openvpn/crypto_epoch.c \ $(top_srcdir)/src/openvpn/otime.c \ $(top_srcdir)/src/openvpn/packet_id.c \ $(top_srcdir)/src/openvpn/platform.c \ diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 135cd15..c8d2a10 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -35,6 +35,7 @@ #include #include "crypto.h" +#include "crypto_epoch.h" #include "options.h" #include "ssl_backend.h" @@ -469,6 +470,122 @@ assert_int_equal(aeslimit / L, 122059461); } +void +crypto_test_hkdf_expand_testa1(void **state) +{ + /* RFC 5889 A.1 Test Case 1 */ + uint8_t prk[32] = + {0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, + 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, + 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, + 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}; + + uint8_t info[10] = {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, + 0xf6, 0xf7, 0xf8, 0xf9}; + + uint8_t okm[42] = + {0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, + 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, + 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, + 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, + 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65}; + + uint8_t out[42]; + ovpn_hdkf_expand(prk, info, sizeof(info), out, sizeof(out)); + + assert_memory_equal(out, okm, sizeof(out)); +} + +void +crypto_test_hkdf_expand_testa2(void **state) +{ + /* RFC 5889 A.2 Test Case 2 */ + uint8_t prk[32] = + {0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, + 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c, + 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01, + 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44}; + + uint8_t info[80] = + {0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff}; + + const int L = 82; + uint8_t okm[82] = + {0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, + 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, + 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, + 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, + 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, + 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, + 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, + 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, + 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, + 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, + 0x1d, 0x87}; + + uint8_t out[82] = {0xaa}; + ovpn_hdkf_expand(prk, info, sizeof(info), out, L); + + assert_memory_equal(out, okm, L); +} + +void +crypto_test_hkdf_expand_testa3(void **state) +{ + /* RFC 5889 A.3 Test Case 3 */ + uint8_t prk[32] = + {0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16, + 0x7f, 0x33, 0xa9, 0x1d, 0x6f, 0x64, 0x8b, 0xdf, + 0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77, + 0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04}; + + uint8_t info[0] = {}; + + int L = 42; + uint8_t okm[42] = + {0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, + 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, + 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, + 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, + 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, + 0x96, 0xc8}; + + uint8_t out[42]; + ovpn_hdkf_expand(prk, info, sizeof(info), out, L); + + assert_memory_equal(out, okm, L); +} + +void +crypto_test_ovpn_label_expand(void **state) +{ + uint8_t secret[32] = + {0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, + 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, + 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, + 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}; + + const uint8_t *label = (const uint8_t *)("unit test"); + uint8_t out[16]; + ovpn_expand_label(secret, sizeof(secret), label, 9, NULL, 0, out, sizeof(out)); + + uint8_t out_expected[16] = + {0x6, 0x8C, 0x11, 0xA6, 0x48, 0xFE, 0xBC, 0xA0, + 0x9D, 0x1A, 0xF0, 0xD6, 0xD5, 0xF7, 0xBE, 0xC6}; + + assert_memory_equal(out, out_expected, 16); +} + int main(void) { @@ -480,8 +597,12 @@ cmocka_unit_test(crypto_test_hmac), cmocka_unit_test(test_occ_mtu_calculation), cmocka_unit_test(test_mssfix_mtu_calculation), - cmocka_unit_test(crypto_test_aead_limits) - }; + cmocka_unit_test(crypto_test_aead_limits), + cmocka_unit_test(crypto_test_hkdf_expand_testa1), + cmocka_unit_test(crypto_test_hkdf_expand_testa2), + cmocka_unit_test(crypto_test_hkdf_expand_testa3), + cmocka_unit_test(crypto_test_ovpn_label_expand), + }; #if defined(ENABLE_CRYPTO_OPENSSL) OpenSSL_add_all_algorithms();