File: s2n_tls13_prf_test.c

package info (click to toggle)
aws-crt-python 0.20.4%2Bdfsg-1~bpo12%2B1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-backports
  • size: 72,656 kB
  • sloc: ansic: 381,805; python: 23,008; makefile: 6,251; sh: 4,536; cpp: 699; ruby: 208; java: 77; perl: 73; javascript: 46; xml: 11
file content (145 lines) | stat: -rw-r--r-- 6,519 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

#include <stdio.h>
#include <string.h>

#include "api/s2n.h"
#include "crypto/s2n_hkdf.h"
#include "s2n_test.h"
#include "stuffer/s2n_stuffer.h"
#include "testlib/s2n_testlib.h"
#include "utils/s2n_safety.h"

/*
 * Test vectors from https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-vectors/?include_text=1
 */
int main(int argc, char **argv)
{
    char client_handshake_message_hex_in[] = "010000c003032724c0ba613abd59"
                                             "4894f19ff6d59cde8364549555119b96ec1158fb9ac"
                                             "ba397000006130113031302010000910000000b0009"
                                             "000006736572766572ff01000100000a00140012001"
                                             "d001700180019010001010102010301040023000000"
                                             "3300260024001d00207e74fe9d31f2bb96f4f553465"
                                             "b92ea8210971e71e258d6cf622c3b086db26104002b"
                                             "0003027f1c000d0020001e040305030603020308040"
                                             "805080604010501060102010402050206020202002d"
                                             "00020101001c00024001";

    char server_handshake_message_hex_in[] = "020000560303b9206e3d30c43c8a"
                                             "cb1c234f9d004c6a2fecb84c6811ca285c1bbce322"
                                             "bed16000130100002e00330024001d0020bba1ffe6"
                                             "d10f92d4a8444aa51913fea27c3d2bfdf24489da40"
                                             "92dfbfbfd67c53002b00027f1c";

    char expected_secret_hex_in[] = "33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a";
    char expected_expanded_hex_in[] = "6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba";

    DEFER_CLEANUP(struct s2n_stuffer client_handshake_message_in = { 0 }, s2n_stuffer_free);
    DEFER_CLEANUP(struct s2n_stuffer server_handshake_message_in = { 0 }, s2n_stuffer_free);
    DEFER_CLEANUP(struct s2n_stuffer expected_secret_in = { 0 }, s2n_stuffer_free);
    DEFER_CLEANUP(struct s2n_stuffer expected_expanded_in = { 0 }, s2n_stuffer_free);

    char client_handshake_message[sizeof(client_handshake_message_hex_in) / 2] = { 0 };
    char server_handshake_message[sizeof(server_handshake_message_hex_in) / 2] = { 0 };
    char expected_secret[sizeof(expected_secret_hex_in) / 2] = { 0 };
    char expected_expanded[sizeof(expected_expanded_hex_in) / 2] = { 0 };

    uint8_t digest_buf[SHA256_DIGEST_LENGTH];
    uint8_t secret_buf[SHA256_DIGEST_LENGTH];
    struct s2n_blob digest = { 0 };
    struct s2n_blob secret = { 0 };

    struct s2n_hash_state transcript_hash, transcript_hash_snapshot;

    BEGIN_TEST();
    EXPECT_SUCCESS(s2n_disable_tls13_in_test());

    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_string(&client_handshake_message_in, client_handshake_message_hex_in));
    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_string(&server_handshake_message_in, server_handshake_message_hex_in));
    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_string(&expected_secret_in, expected_secret_hex_in));
    EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_string(&expected_expanded_in, expected_expanded_hex_in));

    /* Parse the hex */
    for (size_t i = 0; i < sizeof(client_handshake_message); i++) {
        uint8_t c;
        EXPECT_SUCCESS(s2n_stuffer_read_uint8_hex(&client_handshake_message_in, &c));
        client_handshake_message[i] = c;
    }

    for (size_t i = 0; i < sizeof(server_handshake_message); i++) {
        uint8_t c;
        EXPECT_SUCCESS(s2n_stuffer_read_uint8_hex(&server_handshake_message_in, &c));
        server_handshake_message[i] = c;
    }

    for (size_t i = 0; i < sizeof(expected_secret); i++) {
        uint8_t c;
        EXPECT_SUCCESS(s2n_stuffer_read_uint8_hex(&expected_secret_in, &c));
        expected_secret[i] = c;
    }

    for (size_t i = 0; i < sizeof(expected_expanded); i++) {
        uint8_t c;
        EXPECT_SUCCESS(s2n_stuffer_read_uint8_hex(&expected_expanded_in, &c));
        expected_expanded[i] = c;
    }

    EXPECT_SUCCESS(s2n_hash_new(&transcript_hash));
    EXPECT_SUCCESS(s2n_hash_new(&transcript_hash_snapshot));
    EXPECT_SUCCESS(s2n_hash_init(&transcript_hash, S2N_HASH_SHA256));
    EXPECT_SUCCESS(s2n_hash_copy(&transcript_hash_snapshot, &transcript_hash));
    EXPECT_SUCCESS(s2n_hash_digest(&transcript_hash_snapshot, digest_buf, SHA256_DIGEST_LENGTH));

    uint8_t salt_buf[32] = { 0 };
    struct s2n_blob salt = { 0 };

    uint8_t ikm_buf[32] = { 0 };
    struct s2n_blob ikm = { 0 };

    uint8_t output_buf[SHA256_DIGEST_LENGTH] = { 0 };
    struct s2n_blob output = { 0 };

    EXPECT_SUCCESS(s2n_blob_init(&salt, salt_buf, sizeof(salt_buf)));
    EXPECT_SUCCESS(s2n_blob_init(&ikm, ikm_buf, sizeof(ikm_buf)));
    EXPECT_SUCCESS(s2n_blob_init(&digest, digest_buf, sizeof(digest_buf)));
    EXPECT_SUCCESS(s2n_blob_init(&secret, secret_buf, sizeof(secret_buf)));
    EXPECT_SUCCESS(s2n_blob_init(&output, output_buf, sizeof(output_buf)));

    struct s2n_hmac_state throwaway;
    EXPECT_SUCCESS(s2n_hmac_new(&throwaway));

    /* Validate the early secret */
    EXPECT_SUCCESS(s2n_hkdf_extract(&throwaway, S2N_HMAC_SHA256, &salt, &ikm, &secret));
    EXPECT_EQUAL(memcmp(secret_buf, expected_secret, sizeof(secret_buf)), 0);

    /* Validate the derived secret */
    S2N_BLOB_LABEL(label, "derived");

    struct s2n_hmac_state hmac = { 0 };

    EXPECT_SUCCESS(s2n_hmac_new(&hmac));
    EXPECT_SUCCESS(s2n_hkdf_expand_label(&hmac, S2N_HMAC_SHA256, &secret, &label, &digest, &output));

    EXPECT_EQUAL(memcmp(output_buf, expected_expanded, sizeof(output_buf)), 0);

    EXPECT_SUCCESS(s2n_hmac_free(&throwaway));
    EXPECT_SUCCESS(s2n_hmac_free(&hmac));
    EXPECT_SUCCESS(s2n_hash_free(&transcript_hash));
    EXPECT_SUCCESS(s2n_hash_free(&transcript_hash_snapshot));

    END_TEST();
}