diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2020-03-13 16:04:32 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2020-03-13 16:04:32 +0000 |
| commit | 84c9b476b6b3dd60ebd1519d45911017802c4276 (patch) | |
| tree | 6d8326ad053aa78e8f9b7705bda90ea423882286 | |
| parent | bb2360cafd7221e871c3c3e8060af16fe894bd59 (diff) | |
Add regress for TLSv1.3 sequence number handling.
| -rw-r--r-- | regress/lib/libssl/Makefile | 3 | ||||
| -rw-r--r-- | regress/lib/libssl/record_layer/Makefile | 10 | ||||
| -rw-r--r-- | regress/lib/libssl/record_layer/record_layer_test.c | 123 |
3 files changed, 135 insertions, 1 deletions
diff --git a/regress/lib/libssl/Makefile b/regress/lib/libssl/Makefile index 8dc92d433a0..678016e0508 100644 --- a/regress/lib/libssl/Makefile +++ b/regress/lib/libssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.36 2020/01/25 05:24:49 jsing Exp $ +# $OpenBSD: Makefile,v 1.37 2020/03/13 16:04:31 jsing Exp $ SUBDIR += asn1 SUBDIR += buffer @@ -8,6 +8,7 @@ SUBDIR += ciphers SUBDIR += handshake SUBDIR += pqueue SUBDIR += record +SUBDIR += record_layer SUBDIR += server SUBDIR += ssl SUBDIR += tlsext diff --git a/regress/lib/libssl/record_layer/Makefile b/regress/lib/libssl/record_layer/Makefile new file mode 100644 index 00000000000..66c48dd7694 --- /dev/null +++ b/regress/lib/libssl/record_layer/Makefile @@ -0,0 +1,10 @@ +# $OpenBSD: Makefile,v 1.1 2020/03/13 16:04:31 jsing Exp $ + +PROG= record_layer_test +LDADD= ${SSL_INT} -lcrypto +DPADD= ${LIBSSL} ${LIBCRYPTO} +WARNINGS= Yes +CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror +CFLAGS+= -I${.CURDIR}/../../../../lib/libssl + +.include <bsd.regress.mk> diff --git a/regress/lib/libssl/record_layer/record_layer_test.c b/regress/lib/libssl/record_layer/record_layer_test.c new file mode 100644 index 00000000000..d59147112c4 --- /dev/null +++ b/regress/lib/libssl/record_layer/record_layer_test.c @@ -0,0 +1,123 @@ +/* $OpenBSD: record_layer_test.c,v 1.1 2020/03/13 16:04:31 jsing Exp $ */ +/* + * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <err.h> +#include <string.h> + +#include "tls13_internal.h" +#include "tls13_record.h" + +int tls13_record_layer_inc_seq_num(uint8_t *seq_num); + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n"); + if (len % 8 != 0) + fprintf(stderr, "\n"); +} + +struct seq_num_test { + uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN]; + uint8_t want_num[TLS13_RECORD_SEQ_NUM_LEN]; + int want; +}; + +struct seq_num_test seq_num_tests[] = { + { + .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + .want = 1, + }, + { + .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}, + .want = 1, + }, + { + .seq_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + .want_num = {0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .want = 1, + }, + { + .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe}, + .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + .want = 1, + }, + { + .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + .want = 0, + }, +}; + +#define N_SEQ_NUM_TESTS (sizeof(seq_num_tests) / sizeof(seq_num_tests[0])) + +static int +do_seq_num_test(size_t test_no, struct seq_num_test *snt) +{ + uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN]; + int failed = 1; + int ret; + + memcpy(seq_num, snt->seq_num, sizeof(seq_num)); + + if ((ret = tls13_record_layer_inc_seq_num(seq_num)) != snt->want) { + fprintf(stderr, "FAIL: Test %zu - got return %i, want %i\n", + test_no, ret, snt->want); + goto failure; + } + + if (memcmp(seq_num, snt->want_num, sizeof(seq_num)) != 0) { + fprintf(stderr, "FAIL: Test %zu - got sequence number:\n", + test_no); + hexdump(seq_num, sizeof(seq_num)); + fprintf(stderr, "want:\n"); + hexdump(snt->want_num, sizeof(snt->want_num)); + goto failure; + } + + failed = 0; + + failure: + return failed; +} + +static int +test_seq_num(void) +{ + int failed = 0; + size_t i; + + for (i = 0; i < N_SEQ_NUM_TESTS; i++) + failed |= do_seq_num_test(i, &seq_num_tests[i]); + + return failed; +} + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= test_seq_num(); + + return failed; +} |