summaryrefslogtreecommitdiffstats
path: root/regress
diff options
context:
space:
mode:
authorjsing <jsing@openbsd.org>2021-03-29 16:22:02 +0000
committerjsing <jsing@openbsd.org>2021-03-29 16:22:02 +0000
commit7a4693f26cf484040108304633c0f51b38ac7a1a (patch)
tree0025888cee3be76e7dd600f6864ed908cb03c0bb /regress
parentMove the TLSv1.2 record number increment into the new record layer. (diff)
downloadwireguard-openbsd-7a4693f26cf484040108304633c0f51b38ac7a1a.tar.xz
wireguard-openbsd-7a4693f26cf484040108304633c0f51b38ac7a1a.zip
Add regress coverage for TLSv1.2 record number increment.
Diffstat (limited to 'regress')
-rw-r--r--regress/lib/libssl/record_layer/record_layer_test.c159
1 files changed, 151 insertions, 8 deletions
diff --git a/regress/lib/libssl/record_layer/record_layer_test.c b/regress/lib/libssl/record_layer/record_layer_test.c
index 8071c1dabd0..4e75ba4a259 100644
--- a/regress/lib/libssl/record_layer/record_layer_test.c
+++ b/regress/lib/libssl/record_layer/record_layer_test.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: record_layer_test.c,v 1.3 2020/03/16 15:13:15 tb Exp $ */
+/* $OpenBSD: record_layer_test.c,v 1.4 2021/03/29 16:22:02 jsing Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
*
@@ -18,9 +18,12 @@
#include <err.h>
#include <string.h>
+#include "ssl_locl.h"
#include "tls13_internal.h"
#include "tls13_record.h"
+int tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl,
+ uint8_t *seq_num);
int tls13_record_layer_inc_seq_num(uint8_t *seq_num);
static void
@@ -40,7 +43,83 @@ struct seq_num_test {
int want;
};
-struct seq_num_test seq_num_tests[] = {
+struct seq_num_test seq_num_dtls_tests[] = {
+ {
+ .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe},
+ .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+ .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
+ .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xff},
+ .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00},
+ .want = 1,
+ },
+ {
+ .seq_num = {0xab, 0xcd, 0xef, 0x00, 0xfe, 0xff, 0xff, 0xff},
+ .want_num = {0xab, 0xcd, 0xef, 0x00, 0xff, 0x00, 0x00, 0x00},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want = 0,
+ },
+ {
+ .seq_num = {0x01, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want_num = {0x01, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
+ .want_num = {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want = 1,
+ },
+ {
+ .seq_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ .want_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ .want = 1,
+ },
+ {
+ .seq_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want = 0,
+ },
+ {
+ .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
+ .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want = 1,
+ },
+ {
+ .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ .want = 0,
+ },
+};
+
+#define N_SEQ_NUM_DTLS_TESTS \
+ (sizeof(seq_num_dtls_tests) / sizeof(seq_num_dtls_tests[0]))
+
+struct seq_num_test seq_num_tls_tests[] = {
{
.seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
.want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
@@ -108,10 +187,71 @@ struct seq_num_test seq_num_tests[] = {
},
};
-#define N_SEQ_NUM_TESTS (sizeof(seq_num_tests) / sizeof(seq_num_tests[0]))
+#define N_SEQ_NUM_TLS_TESTS \
+ (sizeof(seq_num_tls_tests) / sizeof(seq_num_tls_tests[0]))
+
+#ifndef TLS12_RECORD_SEQ_NUM_LEN
+#define TLS12_RECORD_SEQ_NUM_LEN 8
+#endif
+
+static int
+do_seq_num_test_tls12(size_t test_no, int dtls, struct seq_num_test *snt)
+{
+ uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN];
+ struct tls12_record_layer *rl;
+ int failed = 1;
+ int ret;
+
+ if ((rl = tls12_record_layer_new()) == NULL)
+ errx(1, "tls12_record_layer_new");
+
+ if (dtls)
+ tls12_record_layer_set_version(rl, DTLS1_2_VERSION);
+
+ memcpy(seq_num, snt->seq_num, sizeof(seq_num));
+
+ if ((ret = tls12_record_layer_inc_seq_num(rl, seq_num)) != snt->want) {
+ fprintf(stderr, "FAIL: Test %zu - got return %i, want %i\n",
+ test_no, ret, snt->want);
+ goto failure;
+ }
+
+ if (memcmp(seq_num, snt->want_num, sizeof(seq_num)) != 0) {
+ fprintf(stderr, "FAIL: Test %zu - got sequence number:\n",
+ test_no);
+ hexdump(seq_num, sizeof(seq_num));
+ fprintf(stderr, "want:\n");
+ hexdump(snt->want_num, sizeof(snt->want_num));
+ goto failure;
+ }
+
+ failed = 0;
+
+ failure:
+ tls12_record_layer_free(rl);
+
+ return failed;
+}
static int
-do_seq_num_test(size_t test_no, struct seq_num_test *snt)
+test_seq_num_tls12(void)
+{
+ int failed = 0;
+ size_t i;
+
+ fprintf(stderr, "Running TLSv1.2 sequence number tests...\n");
+ for (i = 0; i < N_SEQ_NUM_TLS_TESTS; i++)
+ failed |= do_seq_num_test_tls12(i, 0, &seq_num_tls_tests[i]);
+
+ fprintf(stderr, "Running DTLSv1.2 sequence number tests...\n");
+ for (i = 0; i < N_SEQ_NUM_DTLS_TESTS; i++)
+ failed |= do_seq_num_test_tls12(i, 1, &seq_num_dtls_tests[i]);
+
+ return failed;
+}
+
+static int
+do_seq_num_test_tls13(size_t test_no, struct seq_num_test *snt)
{
uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN];
int failed = 1;
@@ -141,13 +281,15 @@ do_seq_num_test(size_t test_no, struct seq_num_test *snt)
}
static int
-test_seq_num(void)
+test_seq_num_tls13(void)
{
int failed = 0;
size_t i;
- for (i = 0; i < N_SEQ_NUM_TESTS; i++)
- failed |= do_seq_num_test(i, &seq_num_tests[i]);
+ fprintf(stderr, "Running TLSv1.3 sequence number tests...\n");
+
+ for (i = 0; i < N_SEQ_NUM_TLS_TESTS; i++)
+ failed |= do_seq_num_test_tls13(i, &seq_num_tls_tests[i]);
return failed;
}
@@ -157,7 +299,8 @@ main(int argc, char **argv)
{
int failed = 0;
- failed |= test_seq_num();
+ failed |= test_seq_num_tls12();
+ failed |= test_seq_num_tls13();
return failed;
}