yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-24 08:07:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't hardcode TLS 1.3 labels in test cases

Browse source 
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.

This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2020-09-09 10:11:21 +01:00
parent 90551c7a26
commit 70d7fb0c2d
4 changed files with 63 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
library/ssl_tls13_keys.c
View file

@ -28,7 +28,7 @@
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ #define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
.name = string, .name = string,
struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =

40
library/ssl_tls13_keys.h
View file

@ -21,30 +21,30 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
/* This requires MBEDTLS_SSL_TLS1_3_LABEL( name, string ) to be defined at /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
* the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
* below. */ * below. */
#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ #define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 0, finished , "finished" ) \
MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 1, resumption , "resumption" ) \
MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 2, traffic_upd , "traffic upd" ) \
MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 3, exporter , "exporter" ) \
MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 4, key , "key" ) \
MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 5, iv , "iv" ) \
MBEDTLS_SSL_TLS1_3_LABEL( sn , "sn" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 6, sn , "sn" ) \
MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 7, c_hs_traffic, "c hs traffic" ) \
MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 8, c_ap_traffic, "c ap traffic" ) \
MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 9, c_e_traffic , "c e traffic" ) \
MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 10, s_hs_traffic, "s hs traffic" ) \
MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 11, s_ap_traffic, "s ap traffic" ) \
MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 12, s_e_traffic , "s e traffic" ) \
MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 13, exp_master , "exp master" ) \
MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 14, res_master , "res master" ) \
MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 15, ext_binder , "ext binder" ) \
MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 16, res_binder , "res binder" ) \
MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) MBEDTLS_SSL_TLS1_3_LABEL( 17, derived , "derived" )
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ #define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
const unsigned char name [ sizeof(string) - 1 ]; const unsigned char name [ sizeof(string) - 1 ];
union mbedtls_ssl_tls1_3_labels_union union mbedtls_ssl_tls1_3_labels_union

21
tests/suites/test_suite_ssl.data
View file

@ -10418,49 +10418,49 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic key # Server handshake traffic secret -> Server traffic key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) # HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6b6579":"":16:"844780a7acad9f980fa25c114e43402a" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
SSL TLS 1.3 Key schedule: HKDF Expand Label #2 SSL TLS 1.3 Key schedule: HKDF Expand Label #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic IV # Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6976":"":12:"4c042ddc120a38d1417fc815" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815"
SSL TLS 1.3 Key schedule: HKDF Expand Label #3 SSL TLS 1.3 Key schedule: HKDF Expand Label #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic key # Client handshake traffic secret -> Client traffic key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) # HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6b6579":"":16:"7154f314e6be7dc008df2c832baa1d39" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
SSL TLS 1.3 Key schedule: HKDF Expand Label #4 SSL TLS 1.3 Key schedule: HKDF Expand Label #4
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic IV # Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6976":"":12:"71abc2cae4c699d47c600268" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
# Vector from RFC 8448 # Vector from RFC 8448
# Server handshake traffic secret -> Server traffic IV # Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6976":"":12:"5d313eb2671276ee13000b30" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30"
SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
# Vector from RFC 8448 # Vector from RFC 8448
# Server handshake traffic secret -> Server traffic Key # Server handshake traffic secret -> Server traffic Key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) # HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6b6579":"":16:"3fce516009c21727d0f2e4e86ee403bc" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
# Vector from RFC 8448 # Vector from RFC 8448
# Client handshake traffic secret -> Client traffic IV # Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6976":"":12:"5bd3c71b836e0b76bb73265f" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
# Vector from RFC 8448 # Vector from RFC 8448
# Client handshake traffic secret -> Client traffic Key # Client handshake traffic secret -> Client traffic Key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) # HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01" ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
SSL TLS 1.3 Key schedule: Traffic key generation #1 SSL TLS 1.3 Key schedule: Traffic key generation #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
@ -10477,14 +10477,13 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "")
# Derive-Secret( Early-Secret, "derived", "") # Derive-Secret( Early-Secret, "derived", "")
# Tests the case where context isn't yet hashed (empty string here, # Tests the case where context isn't yet hashed (empty string here,
# but still needs to be hashed) # but still needs to be hashed)
# 64657269766564 = hex("derived") ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"64657269766564":"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash)
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( MasterSecret, "s ap traffic", hash) # Derive-Secret( MasterSecret, "s ap traffic", hash)
# Tests the case where context is already hashed # Tests the case where context is already hashed
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":"732061702074726166666963":"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE

36
tests/suites/test_suite_ssl.function
View file

@ -12,6 +12,11 @@
#include <test/constant_flow.h> #include <test/constant_flow.h>
#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
const int tls1_3_label_ ## name = idx;
MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
typedef struct log_pattern typedef struct log_pattern
{ {
const char *pattern; const char *pattern;
@ -3673,13 +3678,24 @@ exit:
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_hkdf_expand_label( int hash_alg, void ssl_tls1_3_hkdf_expand_label( int hash_alg,
data_t *secret, data_t *secret,
data_t *label, int label_idx,
data_t *ctx, data_t *ctx,
int desired_length, int desired_length,
data_t *expected ) data_t *expected )
{ {
unsigned char dst[ 100 ]; unsigned char dst[ 100 ];
unsigned char const *lbl = NULL;
size_t lbl_len;
#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
if( label_idx == tls1_3_label_ ## name ) \
{ \
lbl = mbedtls_ssl_tls1_3_labels.name; \
lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
}
MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
TEST_ASSERT( lbl != NULL );
/* Check sanity of test parameters. */ /* Check sanity of test parameters. */
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
@ -3688,7 +3704,7 @@ void ssl_tls1_3_hkdf_expand_label( int hash_alg,
TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label( TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
(mbedtls_md_type_t) hash_alg, (mbedtls_md_type_t) hash_alg,
secret->x, secret->len, secret->x, secret->len,
label->x, label->len, lbl, lbl_len,
ctx->x, ctx->len, ctx->x, ctx->len,
dst, desired_length ) == 0 ); dst, desired_length ) == 0 );
@ -3747,7 +3763,7 @@ void ssl_tls1_3_traffic_key_generation( int hash_alg,
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_derive_secret( int hash_alg, void ssl_tls1_3_derive_secret( int hash_alg,
data_t *secret, data_t *secret,
data_t *label, int label_idx,
data_t *ctx, data_t *ctx,
int desired_length, int desired_length,
int already_hashed, int already_hashed,
@ -3755,6 +3771,18 @@ void ssl_tls1_3_derive_secret( int hash_alg,
{ {
unsigned char dst[ 100 ]; unsigned char dst[ 100 ];
unsigned char const *lbl = NULL;
size_t lbl_len;
#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
if( label_idx == tls1_3_label_ ## name ) \
{ \
lbl = mbedtls_ssl_tls1_3_labels.name; \
lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
}
MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL
TEST_ASSERT( lbl != NULL );
/* Check sanity of test parameters. */ /* Check sanity of test parameters. */
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len ); TEST_ASSERT( (size_t) desired_length == expected->len );
@ -3762,7 +3790,7 @@ void ssl_tls1_3_derive_secret( int hash_alg,
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret( TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
(mbedtls_md_type_t) hash_alg, (mbedtls_md_type_t) hash_alg,
secret->x, secret->len, secret->x, secret->len,
label->x, label->len, lbl, lbl_len,
ctx->x, ctx->len, ctx->x, ctx->len,
already_hashed, already_hashed,
dst, desired_length ) == 0 ); dst, desired_length ) == 0 );