1 /* 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"). 5 * You may not use this file except in compliance with the License. 6 * A copy of the License is located at 7 * 8 * http://aws.amazon.com/apache2.0 9 * 10 * or in the "license" file accompanying this file. This file is distributed 11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 * express or implied. See the License for the specific language governing 13 * permissions and limitations under the License. 14 */ 15 16 #pragma once 17 18 #include <stdint.h> 19 20 #include "stuffer/s2n_stuffer.h" 21 #include "tls/s2n_connection.h" 22 23 extern const struct s2n_security_policy security_policy_test_tls13_retry; 24 25 /* Read and write hex */ 26 extern int s2n_stuffer_read_hex(struct s2n_stuffer *stuffer, struct s2n_stuffer *out, uint32_t n); 27 extern int s2n_stuffer_read_uint8_hex(struct s2n_stuffer *stuffer, uint8_t *u); 28 extern int s2n_stuffer_read_uint16_hex(struct s2n_stuffer *stuffer, uint16_t *u); 29 extern int s2n_stuffer_read_uint32_hex(struct s2n_stuffer *stuffer, uint32_t *u); 30 extern int s2n_stuffer_read_uint64_hex(struct s2n_stuffer *stuffer, uint64_t *u); 31 32 extern int s2n_stuffer_write_hex(struct s2n_stuffer *stuffer, struct s2n_stuffer *in, uint32_t n); 33 extern int s2n_stuffer_write_uint8_hex(struct s2n_stuffer *stuffer, uint8_t u); 34 extern int s2n_stuffer_write_uint16_hex(struct s2n_stuffer *stuffer, uint16_t u); 35 extern int s2n_stuffer_write_uint32_hex(struct s2n_stuffer *stuffer, uint32_t u); 36 extern int s2n_stuffer_write_uint64_hex(struct s2n_stuffer *stuffer, uint64_t u); 37 extern int s2n_stuffer_alloc_ro_from_hex_string(struct s2n_stuffer *stuffer, const char *str); 38 39 void s2n_print_connection(struct s2n_connection *conn, const char *marker); 40 41 int s2n_connection_set_io_stuffers(struct s2n_stuffer *input, struct s2n_stuffer *output, struct s2n_connection *conn); 42 int s2n_connection_set_recv_io_stuffer(struct s2n_stuffer *input, struct s2n_connection *conn); 43 int s2n_connection_set_send_io_stuffer(struct s2n_stuffer *output, struct s2n_connection *conn); 44 45 struct s2n_test_io_pair { 46 int client; 47 int server; 48 }; 49 int s2n_io_pair_init(struct s2n_test_io_pair *io_pair); 50 int s2n_io_pair_init_non_blocking(struct s2n_test_io_pair *io_pair); 51 int s2n_io_pair_close(struct s2n_test_io_pair *io_pair); 52 int s2n_io_pair_close_one_end(struct s2n_test_io_pair *io_pair, int mode_to_close); 53 int s2n_io_pair_shutdown_one_end(struct s2n_test_io_pair *io_pair, int mode_to_close, int how); 54 55 int s2n_connection_set_io_pair(struct s2n_connection *conn, struct s2n_test_io_pair *io_pair); 56 int s2n_connections_set_io_pair(struct s2n_connection *client, struct s2n_connection *server, 57 struct s2n_test_io_pair *io_pair); 58 59 int s2n_fd_set_blocking(int fd); 60 int s2n_fd_set_non_blocking(int fd); 61 62 int s2n_set_connection_hello_retry_flags(struct s2n_connection *conn); 63 int s2n_connection_allow_all_response_extensions(struct s2n_connection *conn); 64 int s2n_connection_set_all_protocol_versions(struct s2n_connection *conn, uint8_t version); 65 S2N_RESULT s2n_set_all_mutually_supported_groups(struct s2n_connection *conn); 66 67 S2N_RESULT s2n_connection_set_secrets(struct s2n_connection *conn); 68 69 S2N_RESULT s2n_config_mock_wall_clock(struct s2n_config *config, uint64_t *test_time_in_ns); 70 71 struct s2n_psk* s2n_test_psk_new(struct s2n_connection *conn); 72 S2N_RESULT s2n_append_test_psk_with_early_data(struct s2n_connection *conn, uint32_t max_early_data, 73 const struct s2n_cipher_suite *cipher_suite); 74 S2N_RESULT s2n_append_test_chosen_psk_with_early_data(struct s2n_connection *conn, uint32_t max_early_data, 75 const struct s2n_cipher_suite *cipher_suite); 76 77 #define S2N_MAX_TEST_PEM_SIZE 4096 78 79 /* These paths assume that the unit tests are run from inside the unit/ directory. 80 * Absolute paths will be needed if test directories go to deeper levels. 81 */ 82 #define S2N_RSA_2048_PKCS8_CERT_CHAIN "../pems/rsa_2048_pkcs8_cert.pem" 83 #define S2N_RSA_2048_PKCS1_CERT_CHAIN "../pems/rsa_2048_pkcs1_cert.pem" 84 85 #define S2N_RSA_2048_PKCS1_LEAF_CERT "../pems/rsa_2048_pkcs1_leaf.pem" 86 #define S2N_ECDSA_P256_PKCS1_CERT_CHAIN "../pems/ecdsa_p256_pkcs1_cert.pem" 87 #define S2N_ECDSA_P384_PKCS1_CERT_CHAIN "../pems/ecdsa_p384_pkcs1_cert.pem" 88 #define S2N_RSA_CERT_CHAIN_CRLF "../pems/rsa_2048_pkcs1_cert_crlf.pem" 89 #define S2N_RSA_KEY_CRLF "../pems/rsa_2048_pkcs1_key_crlf.pem" 90 #define S2N_ECDSA_P256_PKCS1_KEY "../pems/ecdsa_p256_pkcs1_key.pem" 91 #define S2N_ECDSA_P384_PKCS1_KEY "../pems/ecdsa_p384_pkcs1_key.pem" 92 #define S2N_RSA_2048_PKCS1_KEY "../pems/rsa_2048_pkcs1_key.pem" 93 #define S2N_RSA_2048_PKCS8_KEY "../pems/rsa_2048_pkcs8_key.pem" 94 95 #define S2N_RSA_PSS_2048_SHA256_CA_KEY "../pems/rsa_pss_2048_sha256_CA_key.pem" 96 #define S2N_RSA_PSS_2048_SHA256_CA_CERT "../pems/rsa_pss_2048_sha256_CA_cert.pem" 97 #define S2N_RSA_PSS_2048_SHA256_LEAF_KEY "../pems/rsa_pss_2048_sha256_leaf_key.pem" 98 #define S2N_RSA_PSS_2048_SHA256_LEAF_CERT "../pems/rsa_pss_2048_sha256_leaf_cert.pem" 99 100 #define S2N_RSA_2048_SHA256_CLIENT_CERT "../pems/rsa_2048_sha256_client_cert.pem" 101 102 #define S2N_RSA_2048_SHA256_NO_DNS_SANS_CERT "../pems/rsa_2048_sha256_no_dns_sans_cert.pem" 103 #define S2N_RSA_2048_SHA256_WILDCARD_CERT "../pems/rsa_2048_sha256_wildcard_cert.pem" 104 105 #define S2N_RSA_2048_SHA256_URI_SANS_CERT "../pems/rsa_2048_sha256_uri_sans_cert.pem" 106 107 /* "Strangely" formatted PEMs that should still parse successfully */ 108 #define S2N_LEAF_WHITESPACE_CERT_CHAIN "../pems/rsa_2048_leaf_whitespace_cert.pem" 109 #define S2N_INTERMEDIATE_WHITESPACE_CERT_CHAIN "../pems/rsa_2048_intermediate_whitespace_cert.pem" 110 #define S2N_ROOT_WHITESPACE_CERT_CHAIN "../pems/rsa_2048_root_whitespace_cert.pem" 111 #define S2N_TRAILING_WHITESPACE_CERT_CHAIN "../pems/rsa_2048_trailing_whitespace_cert.pem" 112 #define S2N_LEADING_COMMENT_TEXT_CERT_CHAIN "../pems/rsa_2048_leading_comment_text_cert.pem" 113 #define S2N_LONG_BASE64_LINES_CERT_CHAIN "../pems/rsa_2048_varying_base64_len_cert.pem" 114 /* Missing line endings between PEM encapsulation boundaries */ 115 #define S2N_MISSING_LINE_ENDINGS_CERT_CHAIN "../pems/rsa_2048_missing_line_endings_cert.pem" 116 117 /* Illegally formatted PEMs */ 118 #define S2N_INVALID_HEADER_CERT_CHAIN "../pems/rsa_2048_invalid_header_cert.pem" 119 #define S2N_INVALID_TRAILER_CERT_CHAIN "../pems/rsa_2048_invalid_trailer_cert.pem" 120 #define S2N_UNKNOWN_KEYWORD_CERT_CHAIN "../pems/rsa_2048_unknown_keyword_cert.pem" 121 #define S2N_INVALID_HEADER_KEY "../pems/rsa_2048_invalid_header_key.pem" 122 #define S2N_INVALID_TRAILER_KEY "../pems/rsa_2048_invalid_trailer_key.pem" 123 #define S2N_UNKNOWN_KEYWORD_KEY "../pems/rsa_2048_unknown_keyword_key.pem" 124 #define S2N_WEIRD_DASHES_CERT_CHAIN "../pems/rsa_2048_weird_dashes_cert.pem" 125 #define S2N_NO_DASHES_CERT_CHAIN "../pems/rsa_2048_no_dashes_cert.pem" 126 127 /* OCSP Stapled Response Testing files */ 128 #define S2N_OCSP_SERVER_CERT "../pems/ocsp/server_cert.pem" 129 #define S2N_OCSP_SERVER_ECDSA_CERT "../pems/ocsp/server_ecdsa_cert.pem" 130 131 #define S2N_OCSP_SERVER_KEY "../pems/ocsp/server_key.pem" 132 #define S2N_OCSP_CA_CERT "../pems/ocsp/ca_cert.pem" 133 #define S2N_OCSP_CA_KEY "../pems/ocsp/ca_key.pem" 134 #define S2N_OCSP_RESPONSE_DER "../pems/ocsp/ocsp_response.der" 135 #define S2N_OCSP_RESPONSE_NO_NEXT_UPDATE_DER "../pems/ocsp/ocsp_response_no_next_update.der" 136 #define S2N_OCSP_RESPONSE_REVOKED_DER "../pems/ocsp/ocsp_response_revoked.der" 137 #define S2N_OCSP_RESPONSE_WRONG_SIGNER_DER "../pems/ocsp/ocsp_response_wrong_signer.der" 138 #define S2N_OCSP_RESPONSE_CERT "../pems/ocsp/ocsp_cert.pem" 139 140 #define S2N_ALLIGATOR_SAN_CERT "../pems/sni/alligator_cert.pem" 141 #define S2N_ALLIGATOR_SAN_KEY "../pems/sni/alligator_key.pem" 142 143 #define S2N_DHPARAMS_2048 "../pems/dhparams_2048.pem" 144 145 #define S2N_ONE_TRAILING_BYTE_CERT_BIN "../pems/one_trailing_byte_cert.bin" 146 #define S2N_FOUR_TRAILING_BYTE_CERT_BIN "../pems/four_trailing_byte_cert.bin" 147 148 /* This is a certificate with a legacy SHA-1 signature on the root certificate. This is used to prove 149 * that our certificate validation code does not fail a root certificate signed with SHA-1. */ 150 #define S2N_SHA1_ROOT_SIGNATURE_CA_CERT "../pems/rsa_1024_sha1_CA_cert.pem" 151 152 #define S2N_DEFAULT_TEST_CERT_CHAIN S2N_RSA_2048_PKCS1_CERT_CHAIN 153 #define S2N_DEFAULT_TEST_PRIVATE_KEY S2N_RSA_2048_PKCS1_KEY 154 155 #define S2N_DEFAULT_ECDSA_TEST_CERT_CHAIN S2N_ECDSA_P384_PKCS1_CERT_CHAIN 156 #define S2N_DEFAULT_ECDSA_TEST_PRIVATE_KEY S2N_ECDSA_P384_PKCS1_KEY 157 158 #define S2N_DEFAULT_TEST_DHPARAMS S2N_DHPARAMS_2048 159 160 /* Read a cert given a path into pem_out */ 161 int s2n_read_test_pem(const char *pem_path, char *pem_out, long int max_size); 162 int s2n_read_test_pem_and_len(const char *pem_path, uint8_t *pem_out, uint32_t *pem_len, long int max_size); 163 int s2n_test_cert_chain_and_key_new(struct s2n_cert_chain_and_key **chain_and_key, 164 const char *cert_chain_file, const char *private_key_file); 165 166 int s2n_negotiate_test_server_and_client(struct s2n_connection *server_conn, struct s2n_connection *client_conn); 167 S2N_RESULT s2n_negotiate_test_server_and_client_until_message(struct s2n_connection *server_conn, 168 struct s2n_connection *client_conn, message_type_t message_type); 169 int s2n_shutdown_test_server_and_client(struct s2n_connection *server_conn, struct s2n_connection *client_conn); 170 S2N_RESULT s2n_negotiate_test_server_and_client_with_early_data(struct s2n_connection *server_conn, 171 struct s2n_connection *client_conn, struct s2n_blob *early_data_to_send, struct s2n_blob *early_data_received); 172 173 int s2n_test_kem_with_kat(const struct s2n_kem *kem, const char *kat_file); 174 int s2n_test_hybrid_ecdhe_kem_with_kat(const struct s2n_kem *kem, struct s2n_cipher_suite *cipher_suite, 175 const char *cipher_pref_version, const char * kat_file_name, uint32_t server_key_message_length, 176 uint32_t client_key_message_length); 177 S2N_RESULT s2n_pq_noop_asm(); 178 bool s2n_pq_no_asm_available(); 179 180 /* Expects 2 s2n_blobs to be equal (same size and contents) */ 181 #define S2N_BLOB_EXPECT_EQUAL( blob1, blob2 ) do { \ 182 EXPECT_EQUAL(blob1.size, blob2.size); \ 183 EXPECT_BYTEARRAY_EQUAL(blob1.data, blob2.data, blob1.size); \ 184 } while (0) 185 186 /* Expects data of type in stuffer, where type is uint32, uint64 etc.. */ 187 #define S2N_STUFFER_READ_EXPECT_EQUAL( stuffer, expected, type ) do { \ 188 type##_t value; \ 189 EXPECT_SUCCESS(s2n_stuffer_read_##type(stuffer, &value)); \ 190 EXPECT_EQUAL(value, expected); \ 191 } while (0) 192 193 /* Expects written length in stuffer */ 194 #define S2N_STUFFER_LENGTH_WRITTEN_EXPECT_EQUAL( stuffer, bytes ) do { \ 195 EXPECT_SUCCESS(s2n_stuffer_skip_read(stuffer, bytes)); \ 196 EXPECT_EQUAL(s2n_stuffer_data_available(stuffer), 0); \ 197 } while (0) 198 199 int s2n_public_ecc_keys_are_equal(struct s2n_ecc_evp_params *params_1, struct s2n_ecc_evp_params *params_2); 200 201 extern const s2n_parsed_extension EMPTY_PARSED_EXTENSIONS[S2N_PARSED_EXTENSIONS_COUNT]; 202 #define EXPECT_PARSED_EXTENSION_LIST_EMPTY(list) EXPECT_BYTEARRAY_EQUAL(list.parsed_extensions, EMPTY_PARSED_EXTENSIONS, sizeof(EMPTY_PARSED_EXTENSIONS)) 203 #define EXPECT_PARSED_EXTENSION_LIST_NOT_EMPTY(list) EXPECT_BYTEARRAY_NOT_EQUAL(list.parsed_extensions, EMPTY_PARSED_EXTENSIONS, sizeof(EMPTY_PARSED_EXTENSIONS)) 204 205 int s2n_kem_recv_public_key_fuzz_test(const uint8_t *buf, size_t len, struct s2n_kem_params *kem_params); 206 int s2n_kem_recv_ciphertext_fuzz_test(const uint8_t *buf, size_t len, struct s2n_kem_params *kem_params); 207 int s2n_kem_recv_ciphertext_fuzz_test_init(const char *kat_file_path, struct s2n_kem_params *kem_params); 208