Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reference s2n_crypto_parameters via pointers #3469

Merged
merged 4 commits into from
Aug 26, 2022
Merged

Reference s2n_crypto_parameters via pointers #3469

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
aaa9dca
Switch s2n_crypto_parameters to pointers
lrstewart Aug 25, 2022
f624826
Patch: pretend s2n_crypto_parameters are heap-allocated
lrstewart Aug 26, 2022
990f129
Fix for SAW
lrstewart Aug 26, 2022
fe25d4f
Merge branch 'main' into mem_1
lrstewart Aug 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion tests/fuzz/s2n_client_ccs_recv_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
uint8_t randval = 0;
POSIX_GUARD(s2n_stuffer_read_uint8(&server_conn->handshake.io, &randval));
server_conn->actual_protocol_version = TLS_VERSIONS[(randval & 0x03) % s2n_array_len(TLS_VERSIONS)];
server_conn->secure.cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
server_conn->secure->cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];

/* Run Test
* Do not use GUARD macro here since the connection memory hasn't been freed.
Expand Down
8 changes: 4 additions & 4 deletions tests/fuzz/s2n_client_key_recv_fuzz_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,10 +107,10 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
server_conn->server_protocol_version = TLS_VERSIONS[randval % s2n_array_len(TLS_VERSIONS)];

POSIX_GUARD(s2n_stuffer_read_uint8(&server_conn->handshake.io, &randval));
server_conn->secure.cipher_suite = test_suites[randval % num_suites];
server_conn->secure->cipher_suite = test_suites[randval % num_suites];

/* Skip incompatible TLS 1.3 cipher suites */
if (server_conn->secure.cipher_suite->key_exchange_alg == NULL) {
if (server_conn->secure->cipher_suite->key_exchange_alg == NULL) {
POSIX_GUARD(s2n_connection_free(server_conn));
return S2N_SUCCESS;
}
Expand All @@ -121,12 +121,12 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
POSIX_GUARD(s2n_connection_get_ecc_preferences(server_conn, &ecc_preferences));
POSIX_ENSURE_REF(ecc_preferences);

if (server_conn->secure.cipher_suite->key_exchange_alg->client_key_recv == s2n_ecdhe_client_key_recv || server_conn->secure.cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) {
if (server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_ecdhe_client_key_recv || server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) {
server_conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_preferences->ecc_curves[0];
s2n_ecc_evp_generate_ephemeral_key(&server_conn->kex_params.server_ecc_evp_params);
}

if (server_conn->secure.cipher_suite->key_exchange_alg->client_key_recv == s2n_kem_client_key_recv || server_conn->secure.cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) {
if (server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_kem_client_key_recv || server_conn->secure->cipher_suite->key_exchange_alg->client_key_recv == s2n_hybrid_client_key_recv) {
server_conn->kex_params.kem_params.kem = &s2n_kyber_512_r3;
}

Expand Down
2 changes: 1 addition & 1 deletion tests/fuzz/s2n_hybrid_ecdhe_kyber_r3_fuzz_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ static int setup_connection(struct s2n_connection *server_conn)
server_conn->kex_params.server_ecc_evp_params.negotiated_curve = ecc_preferences->ecc_curves[0];
server_conn->kex_params.server_ecc_evp_params.evp_pkey = NULL;
server_conn->kex_params.kem_params.kem = &s2n_kyber_512_r3;
server_conn->secure.cipher_suite = &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384;
server_conn->secure->cipher_suite = &s2n_ecdhe_kyber_rsa_with_aes_256_gcm_sha384;
server_conn->handshake_params.conn_sig_scheme = s2n_rsa_pkcs1_sha384;

POSIX_GUARD(s2n_dup(&server_kem_params.private_key, &server_conn->kex_params.kem_params.private_key));
Expand Down
2 changes: 1 addition & 1 deletion tests/fuzz/s2n_server_ccs_recv_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
uint8_t randval = 0;
POSIX_GUARD(s2n_stuffer_read_uint8(&client_conn->handshake.io, &randval));
client_conn->actual_protocol_version = TLS_VERSIONS[(randval & 0x03) % s2n_array_len(TLS_VERSIONS)];
client_conn->secure.cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
client_conn->secure->cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];

/* Run Test
* Do not use GUARD macro here since the connection memory hasn't been freed.
Expand Down
4 changes: 2 additions & 2 deletions tests/fuzz/s2n_tls13_client_finished_recv_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
s2n_hash_algorithm num_hash_bytes = 0;
POSIX_GUARD(s2n_stuffer_read_uint8(&server_conn->handshake.io, &randval));
server_conn->actual_protocol_version = TLS_VERSIONS[(randval & 0x03) % s2n_array_len(TLS_VERSIONS)];
server_conn->secure.cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
POSIX_GUARD(s2n_hmac_hash_alg(server_conn->secure.cipher_suite->prf_alg, &num_hash_bytes));
server_conn->secure->cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
POSIX_GUARD(s2n_hmac_hash_alg(server_conn->secure->cipher_suite->prf_alg, &num_hash_bytes));

/* We do not use a GUARD macro here as there may not be enough bytes to write the necessary
* amount, and the result of a failed read_bytes call is an acceptable test input. */
Expand Down
4 changes: 2 additions & 2 deletions tests/fuzz/s2n_tls13_server_finished_recv_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len)
s2n_hash_algorithm num_hash_bytes = 0;
POSIX_GUARD(s2n_stuffer_read_uint8(&client_conn->handshake.io, &randval));
client_conn->actual_protocol_version = TLS_VERSIONS[(randval & 0x03) % s2n_array_len(TLS_VERSIONS)];
client_conn->secure.cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
POSIX_GUARD(s2n_hmac_hash_alg(client_conn->secure.cipher_suite->prf_alg, &num_hash_bytes));
client_conn->secure->cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
POSIX_GUARD(s2n_hmac_hash_alg(client_conn->secure->cipher_suite->prf_alg, &num_hash_bytes));

/* We do not use a GUARD macro here as there may not be enough bytes to write the necessary
* amount, and the result of a failed read_bytes call is an acceptable test input. */
Expand Down
12 changes: 8 additions & 4 deletions tests/saw/spec/handshake/handshake_io_lowlevel.saw
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,10 @@ print "Loaded bitcode via Crucible";
//conn->mode
let conn_mode pconn = crucible_field pconn "mode";

//conn->secure.cipher_suite->key_exchange_alg->flags
let conn_secure_cipher_suite pconn =
(crucible_field (crucible_field pconn "secure") "cipher_suite");
let secure_crypto_params pconn = crucible_field pconn "secure";

//conn->secure->cipher_suite->key_exchange_alg->flags
let conn_secure_cipher_suite crypto_params = crucible_field crypto_params "cipher_suite";

//let key_exchange_algorithm csuite = crucible_elem csuite 3;
let key_exchange_algorithm csuite = crucible_field csuite "key_exchange_alg";
Expand Down Expand Up @@ -151,8 +152,11 @@ let setup_connection_common chosen_psk_null = do {
cca <- crucible_fresh_var "cca" (llvm_int 32);
crucible_points_to (cca_type pconn) (crucible_term cca);

secure <- crucible_alloc (llvm_struct "struct.s2n_crypto_parameters");
crucible_points_to (secure_crypto_params pconn) secure;

cipher_suite <- crucible_alloc (llvm_struct "struct.s2n_cipher_suite");
crucible_points_to (conn_secure_cipher_suite pconn) cipher_suite;
crucible_points_to (conn_secure_cipher_suite secure) cipher_suite;

kea <- crucible_alloc (llvm_struct "struct.s2n_kex");
crucible_points_to (key_exchange_algorithm cipher_suite) kea;
Expand Down
16 changes: 8 additions & 8 deletions tests/testlib/s2n_connection_test_utils.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,23 +264,23 @@ S2N_RESULT s2n_config_mock_wall_clock(struct s2n_config *config, uint64_t *test_
S2N_RESULT s2n_connection_set_secrets(struct s2n_connection *conn)
{
RESULT_ENSURE_REF(conn);
conn->secure.cipher_suite = &s2n_tls13_aes_256_gcm_sha384;
const struct s2n_cipher *cipher = conn->secure.cipher_suite->record_alg->cipher;
conn->secure->cipher_suite = &s2n_tls13_aes_256_gcm_sha384;
const struct s2n_cipher *cipher = conn->secure->cipher_suite->record_alg->cipher;

uint8_t client_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "client key";
struct s2n_blob client_key = { 0 };
RESULT_GUARD_POSIX(s2n_blob_init(&client_key, client_key_bytes, cipher->key_material_size));
RESULT_GUARD_POSIX(cipher->init(&conn->secure.client_key));
RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure.client_key, &client_key));
RESULT_GUARD_POSIX(cipher->init(&conn->secure->client_key));
RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure->client_key, &client_key));

uint8_t server_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "server key";
struct s2n_blob server_key = { 0 };
RESULT_GUARD_POSIX(s2n_blob_init(&server_key, server_key_bytes, cipher->key_material_size));
RESULT_GUARD_POSIX(cipher->init(&conn->secure.server_key));
RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure.server_key, &server_key));
RESULT_GUARD_POSIX(cipher->init(&conn->secure->server_key));
RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure->server_key, &server_key));

conn->client = &conn->secure;
conn->server = &conn->secure;
conn->client = conn->secure;
conn->server = conn->secure;

return S2N_RESULT_OK;
}
Expand Down
22 changes: 11 additions & 11 deletions tests/unit/s2n_3des_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,17 +46,17 @@ int main(int argc, char **argv)
EXPECT_OK(s2n_get_public_random_data(&r));

/* Peer and we are in sync */
conn->server = &conn->secure;
conn->client = &conn->secure;
conn->server = conn->secure;
conn->client = conn->secure;

/* test the 3des cipher with a SHA1 hash */
conn->secure.cipher_suite->record_alg = &s2n_record_alg_3des_sha;
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &des3));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &des3));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->secure->cipher_suite->record_alg = &s2n_record_alg_3des_sha;
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &des3));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &des3));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS11;

for (int i = 0; i <= S2N_DEFAULT_FRAGMENT_LENGTH + 1; i++) {
Expand Down Expand Up @@ -106,8 +106,8 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}

EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key));
EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));

END_TEST();
Expand Down
Loading