1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 
16 #include "s2n_test.h"
17 
18 #include <string.h>
19 #include <stdio.h>
20 #include <s2n.h>
21 
22 #include "stuffer/s2n_stuffer.h"
23 #include "testlib/s2n_testlib.h"
24 #include "tls/s2n_tls.h"
25 #include "tls/s2n_tls13.h"
26 #include "utils/s2n_safety.h"
27 
28 /* Test vectors from https://tools.ietf.org/html/rfc8448#section-3 */
29 
30 /* whole cert message without 0b0001b9 header */
31 const char tls13_cert_message_hex[] =
32     "000001b50001b03082"
33     "01ac30820115a003020102020102300d06092a8648"
34     "86f70d01010b0500300e310c300a06035504031303"
35     "727361301e170d3136303733303031323335395a17"
36     "0d3236303733303031323335395a300e310c300a06"
37     "03550403130372736130819f300d06092a864886f7"
38     "0d010101050003818d0030818902818100b4bb498f"
39     "8279303d980836399b36c6988c0c68de55e1bdb826"
40     "d3901a2461eafd2de49a91d015abbc9a95137ace6c"
41     "1af19eaa6af98c7ced43120998e187a80ee0ccb052"
42     "4b1b018c3e0b63264d449a6d38e22a5fda43084674"
43     "8030530ef0461c8ca9d9efbfae8ea6d1d03e2bd193"
44     "eff0ab9a8002c47428a6d35a8d88d79f7f1e3f0203"
45     "010001a31a301830090603551d1304023000300b06"
46     "03551d0f0404030205a0300d06092a864886f70d01"
47     "010b05000381810085aad2a0e5b9276b908c65f73a"
48     "7267170618a54c5f8a7b337d2df7a594365417f2ea"
49     "e8f8a58c8f8172f9319cf36b7fd6c55b80f21a0301"
50     "5156726096fd335e5e67f2dbf102702e608ccae6be"
51     "c1fc63a42a99be5c3eb7107c3c54e9b9eb2bd5203b"
52     "1c3b84e0a8b2f759409ba3eac9d91d402dcc0cc8f8"
53     "961229ac9187b42b4de10000";
54 
55 /* cert only */
56 const char tls13_cert_hex[] =
57     "3082" /* without certificate chain header */
58     "01ac30820115a003020102020102300d06092a8648"
59     "86f70d01010b0500300e310c300a06035504031303"
60     "727361301e170d3136303733303031323335395a17"
61     "0d3236303733303031323335395a300e310c300a06"
62     "03550403130372736130819f300d06092a864886f7"
63     "0d010101050003818d0030818902818100b4bb498f"
64     "8279303d980836399b36c6988c0c68de55e1bdb826"
65     "d3901a2461eafd2de49a91d015abbc9a95137ace6c"
66     "1af19eaa6af98c7ced43120998e187a80ee0ccb052"
67     "4b1b018c3e0b63264d449a6d38e22a5fda43084674"
68     "8030530ef0461c8ca9d9efbfae8ea6d1d03e2bd193"
69     "eff0ab9a8002c47428a6d35a8d88d79f7f1e3f0203"
70     "010001a31a301830090603551d1304023000300b06"
71     "03551d0f0404030205a0300d06092a864886f70d01"
72     "010b05000381810085aad2a0e5b9276b908c65f73a"
73     "7267170618a54c5f8a7b337d2df7a594365417f2ea"
74     "e8f8a58c8f8172f9319cf36b7fd6c55b80f21a0301"
75     "5156726096fd335e5e67f2dbf102702e608ccae6be"
76     "c1fc63a42a99be5c3eb7107c3c54e9b9eb2bd5203b"
77     "1c3b84e0a8b2f759409ba3eac9d91d402dcc0cc8f8"
78     "961229ac9187b42b4de1";
79 
80 /* certificate chain header. It contains
81    1. Request Context length (00)
82    2. Cert chain length (0001b5)
83    3. Cert length (0001b0)
84  */
85 const char tls13_cert_chain_header_hex[] =
86      "000001b50001b0";
87 
88 
main(int argc,char ** argv)89 int main(int argc, char **argv)
90 {
91     BEGIN_TEST();
92     EXPECT_SUCCESS(s2n_disable_tls13());
93 
94     /* Test s2n_server_cert_recv() parses tls13 certificate */
95     {
96         S2N_BLOB_FROM_HEX(tls13_cert, tls13_cert_message_hex);
97         struct s2n_connection *conn;
98         EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
99 
100         conn->x509_validator.skip_cert_validation = 1;
101 
102         /* success case in tls13 parsing mode */
103         conn->actual_protocol_version = S2N_TLS13;
104         EXPECT_EQUAL(conn->actual_protocol_version, S2N_TLS13);
105         EXPECT_SUCCESS(s2n_stuffer_write(&conn->handshake.io, &tls13_cert));
106         EXPECT_SUCCESS(s2n_server_cert_recv(conn));
107         EXPECT_EQUAL(s2n_stuffer_data_available(&conn->handshake.io), 0);
108 
109         /* failure case in tls12 parsing mode */
110         conn->actual_protocol_version = S2N_TLS12;
111         EXPECT_EQUAL(conn->actual_protocol_version, S2N_TLS12);
112         EXPECT_SUCCESS(s2n_stuffer_write(&conn->handshake.io, &tls13_cert));
113         EXPECT_FAILURE(s2n_server_cert_recv(conn));
114 
115         EXPECT_SUCCESS(s2n_connection_free(conn));
116     }
117 
118     /* Test s2n_server_cert_send() verify server's certificate */
119     {
120         char *tls13_cert_chain_hex;
121         /* creating a certificate chain by concatenating
122            1. chain header
123            2. certificate
124         */
125         EXPECT_NOT_NULL(tls13_cert_chain_hex = malloc(S2N_MAX_TEST_PEM_SIZE));
126         strcpy(tls13_cert_chain_hex, tls13_cert_chain_header_hex);
127         strcat(tls13_cert_chain_hex, tls13_cert_hex);
128         /* convert certificate chain hex to bytes*/
129         struct s2n_blob tls13_cert = {0};
130         EXPECT_SUCCESS(s2n_alloc(&tls13_cert, strlen(tls13_cert_chain_hex) / 2 ));
131         POSIX_GUARD(s2n_hex_string_to_bytes((uint8_t*)tls13_cert_chain_hex, &tls13_cert));
132 
133         S2N_BLOB_FROM_HEX(tls13_cert_chain, tls13_cert_hex);
134 
135         struct s2n_connection *conn;
136         uint8_t certificate_request_context_len;
137 
138         struct s2n_cert cert = {.raw = tls13_cert_chain,.next = NULL};
139         /* .chain_size is size of cert + 3 for the 3 bytes to express the length */
140         struct s2n_cert_chain cert_chain = {.head = &cert, .chain_size = tls13_cert_chain.size + 3};
141         struct s2n_cert_chain_and_key cert_chain_and_key = {.cert_chain = &cert_chain};
142 
143         /* tls13 mode */
144         EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
145         conn->actual_protocol_version = S2N_TLS13;
146         conn->handshake_params.our_chain_and_key = &cert_chain_and_key;
147         EXPECT_EQUAL(conn->actual_protocol_version, S2N_TLS13);
148         EXPECT_SUCCESS(s2n_server_cert_send(conn));
149 
150         EXPECT_EQUAL(s2n_stuffer_data_available(&conn->handshake.io), tls13_cert.size + 2);
151         EXPECT_SUCCESS(s2n_stuffer_read_uint8(&conn->handshake.io, &certificate_request_context_len));
152 
153         /* server's certificate request context should always be of zero length */
154         EXPECT_EQUAL(certificate_request_context_len, 0);
155         EXPECT_SUCCESS(s2n_connection_free(conn));
156 
157         /* tls12 mode */
158         EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
159         conn->actual_protocol_version = S2N_TLS12;
160         conn->handshake_params.our_chain_and_key = &cert_chain_and_key;
161         EXPECT_EQUAL(conn->actual_protocol_version, S2N_TLS12);
162         EXPECT_SUCCESS(s2n_server_cert_send(conn));
163         /* In tls1.2 there is no certificate request context.
164            TLS1.2 Cert length = TLS1.3 Cert length -1 (server's request context)*/
165         EXPECT_EQUAL(s2n_stuffer_data_available(&conn->handshake.io), tls13_cert.size - 1);
166         EXPECT_SUCCESS(s2n_connection_free(conn));
167 
168         free(tls13_cert_chain_hex);
169         /* free memory allocated in s2n_alloc*/
170         free(tls13_cert.data);
171     }
172 
173     /* Test server sends cert and client receives cert for tls 1.3 */
174     {
175         EXPECT_SUCCESS(s2n_enable_tls13());
176 
177         struct s2n_connection *server_conn;
178         struct s2n_connection *client_conn;
179         EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
180         EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
181         server_conn->actual_protocol_version = S2N_TLS13;
182         client_conn->actual_protocol_version = S2N_TLS13;
183         client_conn->x509_validator.skip_cert_validation = 1;
184 
185         S2N_BLOB_FROM_HEX(tls13_cert_chain, tls13_cert_hex);
186         S2N_BLOB_FROM_HEX(tls13_cert_message, tls13_cert_message_hex);
187 
188         struct s2n_cert cert = {.raw = tls13_cert_chain,.next = NULL};
189         struct s2n_cert_chain cert_chain = {.head = &cert, .chain_size = tls13_cert_chain.size + 3};
190         struct s2n_cert_chain_and_key cert_chain_and_key = {.cert_chain = &cert_chain};
191         server_conn->handshake_params.our_chain_and_key = &cert_chain_and_key;
192 
193         EXPECT_SUCCESS(s2n_server_cert_send(server_conn));
194         EXPECT_EQUAL(s2n_stuffer_data_available(&server_conn->handshake.io), tls13_cert_message.size);
195         EXPECT_SUCCESS(s2n_stuffer_copy(&server_conn->handshake.io, &client_conn->handshake.io, s2n_stuffer_data_available(&server_conn->handshake.io)));
196         EXPECT_EQUAL(s2n_stuffer_data_available(&client_conn->handshake.io), tls13_cert_message.size);
197         EXPECT_SUCCESS(s2n_server_cert_recv(client_conn));
198 
199         EXPECT_SUCCESS(s2n_connection_free(server_conn));
200         EXPECT_SUCCESS(s2n_connection_free(client_conn));
201 
202         EXPECT_SUCCESS(s2n_disable_tls13());
203     }
204 
205     END_TEST();
206 }
207