1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 
16 #include "tests/s2n_test.h"
17 
18 #include "tls/s2n_kex.h"
19 
main(int argc,char ** argv)20 int main(int argc, char **argv)
21 {
22     BEGIN_TEST();
23     EXPECT_SUCCESS(s2n_disable_tls13());
24 
25     /* Test safety checks */
26     {
27         struct s2n_connection conn = { 0 };
28         struct s2n_blob blob = { 0 };
29         struct s2n_kex_raw_server_data test_raw_server_data = { 0 };
30         struct s2n_cipher_suite test_cipher = s2n_rsa_with_rc4_128_md5;
31         struct s2n_cipher_suite test_cipher_with_null_kex = test_cipher;
32         test_cipher_with_null_kex.key_exchange_alg = NULL;
33 
34         /* Null cipher suite kex - possible with tls1.3 cipher suites */
35         EXPECT_ERROR(s2n_configure_kex(NULL, &conn));
36         EXPECT_ERROR(s2n_configure_kex(&test_cipher_with_null_kex, NULL));
37 
38         /* Null kex -- possible with tls1.3 cipher suites */
39         bool is_ephemeral = false;
40         EXPECT_ERROR(s2n_kex_is_ephemeral(NULL, &is_ephemeral));
41         EXPECT_ERROR(s2n_kex_is_ephemeral(&s2n_rsa, NULL));
42         EXPECT_ERROR(s2n_kex_server_key_recv_parse_data(NULL, &conn, &test_raw_server_data));
43         EXPECT_ERROR(s2n_kex_server_key_recv_read_data(NULL, &conn, &blob, &test_raw_server_data));
44         EXPECT_ERROR(s2n_kex_server_key_send(NULL, &conn, &blob));
45         EXPECT_ERROR(s2n_kex_client_key_recv(NULL, &conn, &blob));
46         EXPECT_ERROR(s2n_kex_client_key_send(NULL, &conn, &blob));
47         EXPECT_ERROR(s2n_kex_tls_prf(NULL, &conn, &blob));
48     }
49 
50     /* Test s2n_kex_includes */
51     {
52         /* True if same kex */
53         EXPECT_TRUE(s2n_kex_includes(NULL, NULL));
54         EXPECT_TRUE(s2n_kex_includes(&s2n_rsa, &s2n_rsa));
55         EXPECT_TRUE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_hybrid_ecdhe_kem));
56 
57         /* False if different kex */
58         EXPECT_FALSE(s2n_kex_includes(&s2n_rsa, &s2n_dhe));
59         EXPECT_FALSE(s2n_kex_includes(&s2n_kem, &s2n_ecdhe));
60 
61         /* True if hybrid that contains */
62         EXPECT_TRUE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_ecdhe));
63         EXPECT_TRUE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_kem));
64 
65         /* False if hybrid "contains" relationship reversed */
66         EXPECT_FALSE(s2n_kex_includes(&s2n_ecdhe, &s2n_hybrid_ecdhe_kem));
67         EXPECT_FALSE(s2n_kex_includes(&s2n_kem, &s2n_hybrid_ecdhe_kem));
68 
69         /* False if hybrid that does not contain */
70         EXPECT_FALSE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_rsa));
71         EXPECT_FALSE(s2n_kex_includes(&s2n_hybrid_ecdhe_kem, &s2n_dhe));
72 
73         /* False if one kex null */
74         EXPECT_FALSE(s2n_kex_includes(&s2n_rsa, NULL));
75         EXPECT_FALSE(s2n_kex_includes(NULL, &s2n_rsa));
76     }
77 
78     END_TEST();
79 }
80