1 /* $OpenBSD: clienttest.c,v 1.36 2021/11/20 16:32:55 tb Exp $ */ 2 /* 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <openssl/ssl.h> 19 20 #include <openssl/dtls1.h> 21 #include <openssl/ssl3.h> 22 23 #include <err.h> 24 #include <stdio.h> 25 #include <string.h> 26 27 #define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH) 28 #define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2) 29 #define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38) 30 31 #define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH) 32 #define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2) 33 #define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37) 34 35 #define TLS13_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH) 36 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2) 37 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34) 38 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69) 39 #define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 194) 40 #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98) 41 42 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) 43 44 static const uint8_t cipher_list_dtls1[] = { 45 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 46 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 47 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 48 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 49 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 50 }; 51 52 static const uint8_t client_hello_dtls1[] = { 53 0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 54 0x00, 0x00, 0x00, 0x00, 0x74, 0x01, 0x00, 0x00, 55 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 56 0x68, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 57 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 58 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 59 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 60 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xc0, 61 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 62 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 63 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 64 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 65 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 66 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 67 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 68 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 69 0x00, 70 }; 71 72 static const uint8_t cipher_list_dtls12_aes[] = { 73 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 74 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 75 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 76 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 77 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 78 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 79 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 80 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 81 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 82 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 83 0x00, 0x0a, 0x00, 0xff 84 }; 85 86 static const uint8_t cipher_list_dtls12_chacha[] = { 87 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 88 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 89 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 90 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 91 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 92 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 93 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 94 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 95 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 96 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 97 0x00, 0x0a, 0x00, 0xff, 98 }; 99 100 static const uint8_t client_hello_dtls12[] = { 101 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 102 0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00, 103 0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 104 0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0, 109 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 110 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 111 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 112 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 113 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 114 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 115 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 116 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 117 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 118 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 119 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00, 120 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 121 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 122 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 123 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 124 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 125 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 126 0x01, 0x02, 0x03, 127 }; 128 129 static const uint8_t cipher_list_tls10[] = { 130 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 131 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 132 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 133 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 134 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 135 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 136 }; 137 138 static const uint8_t client_hello_tls10[] = { 139 0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00, 140 0x6f, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 144 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14, 145 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 146 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 147 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 148 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 149 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 150 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 151 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 152 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 153 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 154 }; 155 156 static const uint8_t cipher_list_tls11[] = { 157 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 158 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 159 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 160 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 161 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 162 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 163 }; 164 165 static const uint8_t client_hello_tls11[] = { 166 0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00, 167 0x6f, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 171 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14, 172 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 173 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 174 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 175 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 176 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 177 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 178 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 179 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 180 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 181 }; 182 183 static const uint8_t cipher_list_tls12_aes[] = { 184 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 185 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 186 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 187 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 188 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 189 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 190 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 191 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 192 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 193 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 194 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 195 0x00, 0x0a, 0x00, 0xff, 196 }; 197 198 static const uint8_t cipher_list_tls12_chacha[] = { 199 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 200 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 201 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 202 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 203 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 204 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 205 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 206 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 207 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 208 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 209 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 210 0x00, 0x0a, 0x00, 0xff, 211 }; 212 213 static const uint8_t client_hello_tls12[] = { 214 0x16, 0x03, 0x01, 0x00, 0xbd, 0x01, 0x00, 0x00, 215 0xb9, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 216 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 218 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 219 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0xc0, 0x30, 220 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 221 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 222 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, 223 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 224 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 225 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 226 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 227 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 228 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 229 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 230 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 231 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 232 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 233 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 234 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 235 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 236 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 237 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 238 0x02, 0x03, 239 }; 240 241 static const uint8_t cipher_list_tls13_aes[] = { 242 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30, 243 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 244 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 245 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, 246 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 247 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 248 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 249 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 250 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 251 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 252 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 253 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 254 0x00, 0xff 255 }; 256 257 static const uint8_t cipher_list_tls13_chacha[] = { 258 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 259 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 260 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 261 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 262 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 263 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 264 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 265 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 266 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 267 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 268 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 269 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 270 0x00, 0xff, 271 }; 272 273 static const uint8_t client_hello_tls13[] = { 274 0x16, 0x03, 0x01, 0x01, 0x1a, 0x01, 0x00, 0x01, 275 0x16, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 276 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 277 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 278 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 279 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 280 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 281 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 282 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 283 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x13, 0x03, 284 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8, 285 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 286 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 287 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4, 288 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 289 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 290 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 291 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 292 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 293 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 294 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 295 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 296 0x01, 0x00, 0x00, 0x6b, 0x00, 0x2b, 0x00, 0x09, 297 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 298 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 299 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 301 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 303 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 304 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 305 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 306 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 307 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 308 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 309 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 310 }; 311 312 static const uint8_t cipher_list_tls13_only_aes[] = { 313 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 314 }; 315 316 static const uint8_t cipher_list_tls13_only_chacha[] = { 317 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 318 }; 319 320 static const uint8_t client_hello_tls13_only[] = { 321 0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00, 322 0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 323 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 324 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 325 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 326 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 327 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 328 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 329 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 330 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03, 331 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00, 332 0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 333 0x04, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 334 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 335 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 336 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 338 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 339 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 340 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 341 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 342 0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 343 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 344 0x01, 0x04, 0x03, 345 }; 346 347 struct client_hello_test { 348 const char *desc; 349 const int protocol; 350 const size_t random_start; 351 const size_t session_start; 352 const size_t key_share_start; 353 const SSL_METHOD *(*ssl_method)(void); 354 const long ssl_options; 355 }; 356 357 static const struct client_hello_test client_hello_tests[] = { 358 { 359 .desc = "DTLSv1 client method", 360 .protocol = DTLS1_VERSION, 361 .random_start = DTLS_RANDOM_OFFSET, 362 .ssl_method = DTLSv1_client_method, 363 }, 364 { 365 .desc = "DTLSv1.2 client method", 366 .protocol = DTLS1_2_VERSION, 367 .random_start = DTLS_RANDOM_OFFSET, 368 .ssl_method = DTLSv1_2_client_method, 369 }, 370 { 371 .desc = "DTLS client method", 372 .protocol = DTLS1_2_VERSION, 373 .random_start = DTLS_RANDOM_OFFSET, 374 .ssl_method = DTLS_client_method, 375 }, 376 { 377 .desc = "DTLS client method (no DTLSv1.2)", 378 .protocol = DTLS1_VERSION, 379 .random_start = DTLS_RANDOM_OFFSET, 380 .ssl_method = DTLS_client_method, 381 .ssl_options = SSL_OP_NO_DTLSv1_2, 382 }, 383 { 384 .desc = "DTLS client method (no DTLSv1.0)", 385 .protocol = DTLS1_2_VERSION, 386 .random_start = DTLS_RANDOM_OFFSET, 387 .ssl_method = DTLS_client_method, 388 .ssl_options = SSL_OP_NO_DTLSv1, 389 }, 390 { 391 .desc = "TLSv1 client method", 392 .protocol = TLS1_VERSION, 393 .random_start = SSL3_RANDOM_OFFSET, 394 .ssl_method = TLSv1_client_method, 395 }, 396 { 397 .desc = "TLSv1_1 client method", 398 .protocol = TLS1_1_VERSION, 399 .random_start = SSL3_RANDOM_OFFSET, 400 .ssl_method = TLSv1_1_client_method, 401 }, 402 { 403 .desc = "TLSv1_2 client method", 404 .protocol = TLS1_2_VERSION, 405 .random_start = SSL3_RANDOM_OFFSET, 406 .ssl_method = TLSv1_2_client_method, 407 }, 408 { 409 .desc = "SSLv23 default", 410 .protocol = TLS1_3_VERSION, 411 .random_start = TLS13_RANDOM_OFFSET, 412 .session_start = TLS13_SESSION_OFFSET, 413 .key_share_start = TLS13_KEY_SHARE_OFFSET, 414 .ssl_method = SSLv23_client_method, 415 .ssl_options = 0, 416 }, 417 { 418 .desc = "SSLv23 default (no TLSv1.3)", 419 .protocol = TLS1_2_VERSION, 420 .random_start = SSL3_RANDOM_OFFSET, 421 .ssl_method = SSLv23_client_method, 422 .ssl_options = SSL_OP_NO_TLSv1_3, 423 }, 424 { 425 .desc = "SSLv23 (no TLSv1.2)", 426 .protocol = TLS1_1_VERSION, 427 .random_start = SSL3_RANDOM_OFFSET, 428 .ssl_method = SSLv23_client_method, 429 .ssl_options = SSL_OP_NO_TLSv1_2, 430 }, 431 { 432 .desc = "SSLv23 (no TLSv1.1)", 433 .protocol = TLS1_VERSION, 434 .random_start = SSL3_RANDOM_OFFSET, 435 .ssl_method = SSLv23_client_method, 436 .ssl_options = SSL_OP_NO_TLSv1_1, 437 }, 438 { 439 .desc = "TLS default", 440 .protocol = TLS1_3_VERSION, 441 .random_start = TLS13_RANDOM_OFFSET, 442 .session_start = TLS13_SESSION_OFFSET, 443 .key_share_start = TLS13_KEY_SHARE_OFFSET, 444 .ssl_method = TLS_client_method, 445 .ssl_options = 0, 446 }, 447 { 448 .desc = "TLS (no TLSv1.3)", 449 .protocol = TLS1_2_VERSION, 450 .random_start = SSL3_RANDOM_OFFSET, 451 .ssl_method = TLS_client_method, 452 .ssl_options = SSL_OP_NO_TLSv1_3, 453 }, 454 { 455 .desc = "TLS (no TLSv1.2)", 456 .protocol = TLS1_1_VERSION, 457 .random_start = SSL3_RANDOM_OFFSET, 458 .ssl_method = TLS_client_method, 459 .ssl_options = SSL_OP_NO_TLSv1_2, 460 }, 461 { 462 .desc = "TLS (no TLSv1.1)", 463 .protocol = TLS1_VERSION, 464 .random_start = SSL3_RANDOM_OFFSET, 465 .ssl_method = TLS_client_method, 466 .ssl_options = SSL_OP_NO_TLSv1_1, 467 }, 468 #if 0 469 /* XXX - build client hello with explicit versions extension. */ 470 { 471 .desc = "TLS (no TLSv1.0, no TLSv1.1)", 472 .protocol = TLS1_3_VERSION, 473 .random_start = TLS13_RANDOM_OFFSET, 474 .session_start = TLS13_SESSION_OFFSET, 475 .key_share_start = TLS13_KEY_SHARE_OFFSET, 476 .ssl_method = TLS_client_method, 477 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, 478 }, 479 #endif 480 { 481 .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)", 482 .protocol = TLS1_3_VERSION_ONLY, 483 .random_start = TLS13_RANDOM_OFFSET, 484 .session_start = TLS13_SESSION_OFFSET, 485 .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET, 486 .ssl_method = TLS_client_method, 487 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, 488 }, 489 }; 490 491 #define N_CLIENT_HELLO_TESTS \ 492 (sizeof(client_hello_tests) / sizeof(*client_hello_tests)) 493 494 static void 495 hexdump(const uint8_t *buf, size_t len, const uint8_t *compare) 496 { 497 const char *mark = ""; 498 size_t i; 499 500 for (i = 1; i <= len; i++) { 501 if (compare != NULL) 502 mark = (buf[i - 1] != compare[i - 1]) ? "*" : " "; 503 fprintf(stderr, " %s0x%02hhx,%s", mark, buf[i - 1], 504 i % 8 && i != len ? "" : "\n"); 505 } 506 fprintf(stderr, "\n"); 507 } 508 509 static inline int 510 ssl_aes_is_accelerated(void) 511 { 512 #if defined(__i386__) || defined(__x86_64__) 513 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); 514 #else 515 return (0); 516 #endif 517 } 518 519 static int 520 make_client_hello(int protocol, char **out, size_t *outlen) 521 { 522 size_t client_hello_len, cipher_list_len, cipher_list_offset; 523 const uint8_t *client_hello, *cipher_list; 524 char *p; 525 526 *out = NULL; 527 *outlen = 0; 528 529 switch (protocol) { 530 case DTLS1_VERSION: 531 client_hello = client_hello_dtls1; 532 client_hello_len = sizeof(client_hello_dtls1); 533 cipher_list = cipher_list_dtls1; 534 cipher_list_len = sizeof(cipher_list_dtls1); 535 cipher_list_offset = DTLS_CIPHER_OFFSET; 536 break; 537 538 case DTLS1_2_VERSION: 539 client_hello = client_hello_dtls12; 540 client_hello_len = sizeof(client_hello_dtls12); 541 cipher_list = cipher_list_dtls12_chacha; 542 cipher_list_len = sizeof(cipher_list_dtls12_chacha); 543 if (ssl_aes_is_accelerated()) { 544 cipher_list = cipher_list_dtls12_aes; 545 cipher_list_len = sizeof(cipher_list_dtls12_aes); 546 } 547 cipher_list_offset = DTLS_CIPHER_OFFSET; 548 break; 549 550 case TLS1_VERSION: 551 client_hello = client_hello_tls10; 552 client_hello_len = sizeof(client_hello_tls10); 553 cipher_list = cipher_list_tls10; 554 cipher_list_len = sizeof(cipher_list_tls10); 555 cipher_list_offset = SSL3_CIPHER_OFFSET; 556 break; 557 558 case TLS1_1_VERSION: 559 client_hello = client_hello_tls11; 560 client_hello_len = sizeof(client_hello_tls11); 561 cipher_list = cipher_list_tls11; 562 cipher_list_len = sizeof(cipher_list_tls11); 563 cipher_list_offset = SSL3_CIPHER_OFFSET; 564 break; 565 566 case TLS1_2_VERSION: 567 client_hello = client_hello_tls12; 568 client_hello_len = sizeof(client_hello_tls12); 569 cipher_list = cipher_list_tls12_chacha; 570 cipher_list_len = sizeof(cipher_list_tls12_chacha); 571 if (ssl_aes_is_accelerated()) { 572 cipher_list = cipher_list_tls12_aes; 573 cipher_list_len = sizeof(cipher_list_tls12_aes); 574 } 575 cipher_list_offset = SSL3_CIPHER_OFFSET; 576 break; 577 578 case TLS1_3_VERSION: 579 client_hello = client_hello_tls13; 580 client_hello_len = sizeof(client_hello_tls13); 581 cipher_list = cipher_list_tls13_chacha; 582 cipher_list_len = sizeof(cipher_list_tls13_chacha); 583 if (ssl_aes_is_accelerated()) { 584 cipher_list = cipher_list_tls13_aes; 585 cipher_list_len = sizeof(cipher_list_tls13_aes); 586 } 587 cipher_list_offset = TLS13_CIPHER_OFFSET; 588 break; 589 590 case TLS1_3_VERSION_ONLY: 591 client_hello = client_hello_tls13_only; 592 client_hello_len = sizeof(client_hello_tls13_only); 593 cipher_list = cipher_list_tls13_only_chacha; 594 cipher_list_len = sizeof(cipher_list_tls13_only_chacha); 595 if (ssl_aes_is_accelerated()) { 596 cipher_list = cipher_list_tls13_only_aes; 597 cipher_list_len = sizeof(cipher_list_tls13_only_aes); 598 } 599 cipher_list_offset = TLS13_CIPHER_OFFSET; 600 break; 601 602 default: 603 return (-1); 604 } 605 606 if ((p = malloc(client_hello_len)) == NULL) 607 return (-1); 608 609 memcpy(p, client_hello, client_hello_len); 610 memcpy(p + cipher_list_offset, cipher_list, cipher_list_len); 611 612 *out = p; 613 *outlen = client_hello_len; 614 615 return (0); 616 } 617 618 static int 619 client_hello_test(int testno, const struct client_hello_test *cht) 620 { 621 BIO *rbio = NULL, *wbio = NULL; 622 SSL_CTX *ssl_ctx = NULL; 623 SSL *ssl = NULL; 624 char *client_hello = NULL; 625 size_t client_hello_len; 626 size_t session_len; 627 char *wbuf, rbuf[1]; 628 int ret = 1; 629 long len; 630 631 fprintf(stderr, "Test %i - %s\n", testno, cht->desc); 632 633 /* Providing a small buf causes *_get_server_hello() to return. */ 634 if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) { 635 fprintf(stderr, "Failed to setup rbio\n"); 636 goto failure; 637 } 638 if ((wbio = BIO_new(BIO_s_mem())) == NULL) { 639 fprintf(stderr, "Failed to setup wbio\n"); 640 goto failure; 641 } 642 643 if ((ssl_ctx = SSL_CTX_new(cht->ssl_method())) == NULL) { 644 fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 645 goto failure; 646 } 647 648 SSL_CTX_set_options(ssl_ctx, cht->ssl_options); 649 650 if ((ssl = SSL_new(ssl_ctx)) == NULL) { 651 fprintf(stderr, "SSL_new() returned NULL\n"); 652 goto failure; 653 } 654 655 BIO_up_ref(rbio); 656 BIO_up_ref(wbio); 657 SSL_set_bio(ssl, rbio, wbio); 658 659 if (SSL_connect(ssl) != 0) { 660 fprintf(stderr, "SSL_connect() returned non-zero\n"); 661 goto failure; 662 } 663 664 len = BIO_get_mem_data(wbio, &wbuf); 665 666 if (make_client_hello(cht->protocol, &client_hello, 667 &client_hello_len) != 0) 668 errx(1, "failed to make client hello"); 669 670 if ((size_t)len != client_hello_len) { 671 fprintf(stderr, "FAIL: test returned ClientHello length %li, " 672 "want %zu\n", len, client_hello_len); 673 fprintf(stderr, "received:\n"); 674 hexdump(wbuf, len, NULL); 675 fprintf(stderr, "test data:\n"); 676 hexdump(client_hello, client_hello_len, NULL); 677 fprintf(stderr, "\n"); 678 goto failure; 679 } 680 681 /* We expect the client random to differ. */ 682 if (memcmp(&client_hello[cht->random_start], &wbuf[cht->random_start], 683 SSL3_RANDOM_SIZE) == 0) { 684 fprintf(stderr, "FAIL: ClientHello has zeroed random\n"); 685 goto failure; 686 } 687 688 memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE); 689 690 if (cht->session_start > 0) { 691 session_len = wbuf[cht->session_start]; 692 if (session_len > 0) 693 memset(&wbuf[cht->session_start + 1], 0, session_len); 694 } 695 if (cht->key_share_start > 0) 696 memset(&wbuf[cht->key_share_start], 0, 32); 697 698 if (memcmp(client_hello, wbuf, client_hello_len) != 0) { 699 fprintf(stderr, "FAIL: ClientHello differs:\n"); 700 fprintf(stderr, "received:\n"); 701 hexdump(wbuf, len, client_hello); 702 fprintf(stderr, "test data:\n"); 703 hexdump(client_hello, client_hello_len, wbuf); 704 fprintf(stderr, "\n"); 705 goto failure; 706 } 707 708 ret = 0; 709 710 failure: 711 SSL_CTX_free(ssl_ctx); 712 SSL_free(ssl); 713 714 BIO_free(rbio); 715 BIO_free(wbio); 716 717 free(client_hello); 718 719 return (ret); 720 } 721 722 int 723 main(int argc, char **argv) 724 { 725 int failed = 0; 726 size_t i; 727 728 SSL_library_init(); 729 730 for (i = 0; i < N_CLIENT_HELLO_TESTS; i++) 731 failed |= client_hello_test(i, &client_hello_tests[i]); 732 733 return (failed); 734 } 735