check_handshake.c 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394
  1. /** check_handshake.c
  2. *
  3. * Integration-style tests for extracting the TLS master secret for various
  4. * types of TLS handshakes
  5. */
  6. #include <check.h>
  7. #include <stdlib.h>
  8. #include "../flow.h"
  9. #include "../crypto.h"
  10. #include "../cryptothread.h"
  11. #include "../packet.h"
  12. #include "../util.h"
  13. #include "test_util.h"
  14. START_TEST(full_handshake_regular){
  15. flow *f = NULL;
  16. uint8_t *data;
  17. struct packet_info *info;
  18. info = smalloc(sizeof(struct packet_info));
  19. /* Read in ClientHello message */
  20. if(!read_file("data/frame_handshake_regular1.dat", &data)){
  21. ck_abort();
  22. }
  23. extract_packet_headers(data, info);
  24. //Make sure it recognized the tag
  25. ck_assert_int_eq(check_handshake(info), 1);
  26. //make sure it saved the flow
  27. f = check_flow(info);
  28. ck_assert_ptr_ne(f, NULL);
  29. add_packet(f, info);
  30. free(data);
  31. /* Read in ServerHello message */
  32. if(!read_file("data/frame_handshake_regular2.dat", &data)){
  33. ck_abort();
  34. }
  35. extract_packet_headers(data, info);
  36. f = check_flow(info);
  37. ck_assert_ptr_ne(f, NULL);
  38. add_packet(f, info);
  39. //make sure it's not using the extended master extension
  40. ck_assert_int_eq(f->extended_master_secret, 0);
  41. free(data);
  42. /* Read in Certificate messages */
  43. if(!read_file("data/frame_handshake_regular3.dat", &data)){
  44. ck_abort();
  45. }
  46. extract_packet_headers(data, info);
  47. f = check_flow(info);
  48. ck_assert_ptr_ne(f, NULL);
  49. add_packet(f, info);
  50. free(data);
  51. if(!read_file("data/frame_handshake_regular4.dat", &data)){
  52. ck_abort();
  53. }
  54. extract_packet_headers(data, info);
  55. f = check_flow(info);
  56. ck_assert_ptr_ne(f, NULL);
  57. add_packet(f, info);
  58. free(data);
  59. /* ServerKeyEx, ServerHelloDone */
  60. if(!read_file("data/frame_handshake_regular5.dat", &data)){
  61. ck_abort();
  62. }
  63. extract_packet_headers(data, info);
  64. f = check_flow(info);
  65. ck_assert_ptr_ne(f, NULL);
  66. add_packet(f, info);
  67. free(data);
  68. /* ClientKeyEx, CCS, Finished */
  69. if(!read_file("data/frame_handshake_regular6.dat", &data)){
  70. ck_abort();
  71. }
  72. extract_packet_headers(data, info);
  73. f = check_flow(info);
  74. ck_assert_ptr_ne(f, NULL);
  75. add_packet(f, info);
  76. //Verify Finished received
  77. ck_assert_int_eq(f->out_encrypted, 2);
  78. free(data);
  79. /* CCS, Finished (from the server) */
  80. if(!read_file("data/frame_handshake_regular7.dat", &data)){
  81. ck_abort();
  82. }
  83. extract_packet_headers(data, info);
  84. f = check_flow(info);
  85. ck_assert_ptr_ne(f, NULL);
  86. add_packet(f, info);
  87. //Make sure both Finished messages were successfully received and decrypted
  88. f = check_flow(info);
  89. ck_assert_ptr_ne(f, NULL);
  90. ck_assert_int_eq(f->in_encrypted, 2);
  91. ck_assert_int_eq(f->application, 1);
  92. remove_flow(f);
  93. free(data);
  94. }
  95. END_TEST
  96. START_TEST(full_handshake_regular_resumed){
  97. flow *f;
  98. uint8_t *record;
  99. //populate record from file
  100. if(!read_file("data/packet_tagged.dat", &record)){
  101. ck_abort();
  102. }
  103. }
  104. END_TEST
  105. START_TEST(full_handshake_extended){
  106. flow *f = NULL;
  107. uint8_t *data;
  108. struct packet_info *info;
  109. info = smalloc(sizeof(struct packet_info));
  110. /* Read in ClientHello message */
  111. if(!read_file("data/frame_handshake_extended1.dat", &data)){
  112. ck_abort();
  113. }
  114. extract_packet_headers(data, info);
  115. //Make sure it recognized the tag
  116. ck_assert_int_eq(check_handshake(info), 1);
  117. //make sure it saved the flow
  118. f = check_flow(info);
  119. ck_assert_ptr_ne(f, NULL);
  120. add_packet(f, info);
  121. free(data);
  122. /* Read in ServerHello message */
  123. if(!read_file("data/frame_handshake_extended2.dat", &data)){
  124. ck_abort();
  125. }
  126. extract_packet_headers(data, info);
  127. f = check_flow(info);
  128. ck_assert_ptr_ne(f, NULL);
  129. add_packet(f, info);
  130. //make sure it recognized the extended master extension
  131. ck_assert_int_eq(f->extended_master_secret, 1);
  132. free(data);
  133. /* Read in Certificate messages */
  134. if(!read_file("data/frame_handshake_extended3.dat", &data)){
  135. ck_abort();
  136. }
  137. extract_packet_headers(data, info);
  138. f = check_flow(info);
  139. ck_assert_ptr_ne(f, NULL);
  140. add_packet(f, info);
  141. free(data);
  142. if(!read_file("data/frame_handshake_extended4.dat", &data)){
  143. ck_abort();
  144. }
  145. extract_packet_headers(data, info);
  146. f = check_flow(info);
  147. ck_assert_ptr_ne(f, NULL);
  148. add_packet(f, info);
  149. free(data);
  150. if(!read_file("data/frame_handshake_extended5.dat", &data)){
  151. ck_abort();
  152. }
  153. extract_packet_headers(data, info);
  154. f = check_flow(info);
  155. ck_assert_ptr_ne(f, NULL);
  156. add_packet(f, info);
  157. free(data);
  158. /* ServerKeyEx, ServerHelloDone */
  159. if(!read_file("data/frame_handshake_extended6.dat", &data)){
  160. ck_abort();
  161. }
  162. extract_packet_headers(data, info);
  163. f = check_flow(info);
  164. ck_assert_ptr_ne(f, NULL);
  165. add_packet(f, info);
  166. free(data);
  167. /* ClientKeyEx, CCS, Finished */
  168. if(!read_file("data/frame_handshake_extended7.dat", &data)){
  169. ck_abort();
  170. }
  171. extract_packet_headers(data, info);
  172. f = check_flow(info);
  173. ck_assert_ptr_ne(f, NULL);
  174. add_packet(f, info);
  175. //Verify Finished received
  176. ck_assert_int_eq(f->out_encrypted, 2);
  177. free(data);
  178. /* CCS, Finished (from the server) */
  179. if(!read_file("data/frame_handshake_extended8.dat", &data)){
  180. ck_abort();
  181. }
  182. extract_packet_headers(data, info);
  183. f = check_flow(info);
  184. ck_assert_ptr_ne(f, NULL);
  185. add_packet(f, info);
  186. //Make sure both Finished messages were successfully received and decrypted
  187. f = check_flow(info);
  188. ck_assert_ptr_ne(f, NULL);
  189. ck_assert_int_eq(f->in_encrypted, 2);
  190. ck_assert_int_eq(f->application, 1);
  191. remove_flow(f);
  192. free(data);
  193. }
  194. END_TEST
  195. /* Note: only run this test if full_handshake_extended is run first */
  196. START_TEST(full_handshake_extended_resumed){
  197. flow *f = NULL;
  198. uint8_t *data;
  199. struct packet_info *info;
  200. info = smalloc(sizeof(struct packet_info));
  201. /* Read in ClientHello message */
  202. if(!read_file("data/frame_handshake_extended_resumed1.dat", &data)){
  203. ck_abort();
  204. }
  205. extract_packet_headers(data, info);
  206. //Make sure it recognized the tag
  207. ck_assert_int_eq(check_handshake(info), 1);
  208. //make sure it saved the flow
  209. f = check_flow(info);
  210. ck_assert_ptr_ne(f, NULL);
  211. add_packet(f, info);
  212. free(data);
  213. /* ServerHello, CCS, Finished */
  214. if(!read_file("data/frame_handshake_extended_resumed2.dat", &data)){
  215. ck_abort();
  216. }
  217. extract_packet_headers(data, info);
  218. f = check_flow(info);
  219. ck_assert_ptr_ne(f, NULL);
  220. add_packet(f, info);
  221. //Verify Finished received
  222. ck_assert_int_eq(f->in_encrypted, 2);
  223. free(data);
  224. /* CCS, Finished (from the client) */
  225. if(!read_file("data/frame_handshake_extended_resumed3.dat", &data)){
  226. ck_abort();
  227. }
  228. extract_packet_headers(data, info);
  229. f = check_flow(info);
  230. ck_assert_ptr_ne(f, NULL);
  231. add_packet(f, info);
  232. //Make sure both Finished messages were successfully received and decrypted
  233. f = check_flow(info);
  234. ck_assert_ptr_ne(f, NULL);
  235. ck_assert_int_eq(f->out_encrypted, 2);
  236. ck_assert_int_eq(f->application, 1);
  237. remove_flow(f);
  238. free(data);
  239. }
  240. END_TEST
  241. Suite *tag_suite(void) {
  242. Suite *s;
  243. TCase *tc_core;
  244. s = suite_create("Handshake");
  245. tc_core = tcase_create("Core");
  246. tcase_add_test(tc_core, full_handshake_regular);
  247. #if OPENSSL_VERSION_NUMBER >= 0x1010000eL
  248. tcase_add_test(tc_core, full_handshake_extended);
  249. tcase_add_test(tc_core, full_handshake_extended_resumed);
  250. #endif
  251. suite_add_tcase(s, tc_core);
  252. return s;
  253. }
  254. int main(void){
  255. int number_failed;
  256. Suite *s;
  257. SRunner *sr;
  258. //initialize Slitheen structures
  259. if(init_tables()){
  260. exit(1);
  261. }
  262. if(init_session_cache()){
  263. exit(1);
  264. }
  265. init_crypto_locks();
  266. s = tag_suite();
  267. sr = srunner_create(s);
  268. srunner_set_fork_status(sr, CK_NOFORK);
  269. srunner_run_all(sr, CK_NORMAL);
  270. number_failed = srunner_ntests_failed(sr);
  271. srunner_free(sr);
  272. crypto_locks_cleanup();
  273. return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
  274. }