Skip to content

Commit 7e120df

Browse files
raycollraycoll
authored
Merge pull request aws#289 from colmmacc/master
Linearize TLS handshake states
2 parents 282dba3 + d2aebdb commit 7e120df

16 files changed

+206
-64
lines changed

api/s2n.h

+1
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ extern "C" {
2727
#define S2N_TLS10 31
2828
#define S2N_TLS11 32
2929
#define S2N_TLS12 33
30+
#define S2N_UNKNOWN_PROTOCOL_VERSION 0
3031

3132
extern __thread int s2n_errno;
3233

tests/unit/s2n_aead_aes_test.c

+30-1
Original file line numberDiff line numberDiff line change
@@ -67,14 +67,16 @@ int main(int argc, char **argv)
6767
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
6868
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
6969
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
70-
conn->actual_protocol_version = S2N_TLS12;
7170

7271
int max_fragment = S2N_SMALL_FRAGMENT_LENGTH;
7372
for (int i = 0; i < max_fragment; i++) {
7473
struct s2n_blob in = {.data = random_data,.size = i };
7574
int bytes_written;
7675

7776
EXPECT_SUCCESS(s2n_connection_wipe(conn));
77+
conn->server_protocol_version = S2N_TLS12;
78+
conn->client_protocol_version = S2N_TLS12;
79+
conn->actual_protocol_version = S2N_TLS12;
7880
conn->server = &conn->initial;
7981
conn->client = &conn->initial;
8082
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
@@ -125,6 +127,9 @@ int main(int argc, char **argv)
125127

126128
/* Start over */
127129
EXPECT_SUCCESS(s2n_connection_wipe(conn));
130+
conn->server_protocol_version = S2N_TLS12;
131+
conn->client_protocol_version = S2N_TLS12;
132+
conn->actual_protocol_version = S2N_TLS12;
128133
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
129134
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
130135
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -149,6 +154,9 @@ int main(int argc, char **argv)
149154
/* Tamper with the IV and ensure decryption fails */
150155
for (int j = 0; j < S2N_TLS_GCM_IV_LEN; j++) {
151156
EXPECT_SUCCESS(s2n_connection_wipe(conn));
157+
conn->server_protocol_version = S2N_TLS12;
158+
conn->client_protocol_version = S2N_TLS12;
159+
conn->actual_protocol_version = S2N_TLS12;
152160
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
153161
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
154162
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -171,6 +179,9 @@ int main(int argc, char **argv)
171179
/* Tamper with the TAG and ensure decryption fails */
172180
for (int j = 0; j < S2N_TLS_GCM_TAG_LEN; j++) {
173181
EXPECT_SUCCESS(s2n_connection_wipe(conn));
182+
conn->server_protocol_version = S2N_TLS12;
183+
conn->client_protocol_version = S2N_TLS12;
184+
conn->actual_protocol_version = S2N_TLS12;
174185
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
175186
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
176187
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -193,6 +204,9 @@ int main(int argc, char **argv)
193204
/* Tamper with the ciphertext and ensure decryption fails */
194205
for (int j = 0; j < i - S2N_TLS_GCM_TAG_LEN; j++) {
195206
EXPECT_SUCCESS(s2n_connection_wipe(conn));
207+
conn->server_protocol_version = S2N_TLS12;
208+
conn->client_protocol_version = S2N_TLS12;
209+
conn->actual_protocol_version = S2N_TLS12;
196210
EXPECT_SUCCESS(setup_server_keys(conn, &aes128));
197211
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
198212
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -230,6 +244,9 @@ int main(int argc, char **argv)
230244
int bytes_written;
231245

232246
EXPECT_SUCCESS(s2n_connection_wipe(conn));
247+
conn->server_protocol_version = S2N_TLS12;
248+
conn->client_protocol_version = S2N_TLS12;
249+
conn->actual_protocol_version = S2N_TLS12;
233250
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
234251
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
235252
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -279,6 +296,9 @@ int main(int argc, char **argv)
279296
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
280297

281298
EXPECT_SUCCESS(s2n_connection_wipe(conn));
299+
conn->server_protocol_version = S2N_TLS12;
300+
conn->client_protocol_version = S2N_TLS12;
301+
conn->actual_protocol_version = S2N_TLS12;
282302
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
283303
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
284304
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -305,6 +325,9 @@ int main(int argc, char **argv)
305325
/* Tamper with the IV and ensure decryption fails */
306326
for (int j = 0; j < S2N_TLS_GCM_IV_LEN; j++) {
307327
EXPECT_SUCCESS(s2n_connection_wipe(conn));
328+
conn->server_protocol_version = S2N_TLS12;
329+
conn->client_protocol_version = S2N_TLS12;
330+
conn->actual_protocol_version = S2N_TLS12;
308331
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
309332
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
310333
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -329,6 +352,9 @@ int main(int argc, char **argv)
329352
/* Tamper with the TAG and ensure decryption fails */
330353
for (int j = 0; j < S2N_TLS_GCM_TAG_LEN; j++) {
331354
EXPECT_SUCCESS(s2n_connection_wipe(conn));
355+
conn->server_protocol_version = S2N_TLS12;
356+
conn->client_protocol_version = S2N_TLS12;
357+
conn->actual_protocol_version = S2N_TLS12;
332358
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
333359
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
334360
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
@@ -353,6 +379,9 @@ int main(int argc, char **argv)
353379
/* Tamper with the ciphertext and ensure decryption fails */
354380
for (int j = S2N_TLS_GCM_IV_LEN; j < i - S2N_TLS_GCM_TAG_LEN; j++) {
355381
EXPECT_SUCCESS(s2n_connection_wipe(conn));
382+
conn->server_protocol_version = S2N_TLS12;
383+
conn->client_protocol_version = S2N_TLS12;
384+
conn->actual_protocol_version = S2N_TLS12;
356385
conn->initial.cipher_suite->cipher = &s2n_aes256_gcm;
357386
EXPECT_SUCCESS(setup_server_keys(conn, &aes256));
358387
EXPECT_SUCCESS(s2n_hmac_init(&conn->initial.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));

tests/unit/s2n_client_extensions_test.c

+36-2
Original file line numberDiff line numberDiff line change
@@ -159,10 +159,17 @@ int main(int argc, char **argv)
159159
}
160160

161161
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
162+
client_conn->actual_protocol_version = S2N_TLS12;
163+
client_conn->server_protocol_version = S2N_TLS12;
164+
client_conn->client_protocol_version = S2N_TLS12;
165+
162166
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
163167
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
164168

165169
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
170+
server_conn->actual_protocol_version = S2N_TLS12;
171+
server_conn->server_protocol_version = S2N_TLS12;
172+
server_conn->client_protocol_version = S2N_TLS12;
166173
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
167174
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
168175

@@ -208,13 +215,19 @@ int main(int argc, char **argv)
208215
}
209216

210217
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
218+
client_conn->actual_protocol_version = S2N_TLS12;
219+
client_conn->server_protocol_version = S2N_TLS12;
220+
client_conn->client_protocol_version = S2N_TLS12;
211221
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
212222
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
213223

214224
/* Set the server name */
215225
EXPECT_SUCCESS(s2n_set_server_name(client_conn, sent_server_name));
216226

217227
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
228+
server_conn->actual_protocol_version = S2N_TLS12;
229+
server_conn->server_protocol_version = S2N_TLS12;
230+
server_conn->client_protocol_version = S2N_TLS12;
218231
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
219232
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
220233

@@ -318,6 +331,9 @@ int main(int argc, char **argv)
318331
}
319332

320333
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
334+
server_conn->actual_protocol_version = S2N_TLS12;
335+
server_conn->server_protocol_version = S2N_TLS12;
336+
server_conn->client_protocol_version = S2N_TLS12;
321337
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
322338
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
323339

@@ -334,7 +350,7 @@ int main(int argc, char **argv)
334350
/* Verify that the CLIENT HELLO is accepted */
335351
s2n_negotiate(server_conn, &server_blocked);
336352
EXPECT_TRUE(s2n_conn_get_current_message_type(server_conn) > CLIENT_HELLO);
337-
EXPECT_EQUAL(server_conn->handshake.handshake_type, FULL_NO_PFS);
353+
EXPECT_EQUAL(server_conn->handshake.handshake_type, NEGOTIATED | FULL_HANDSHAKE);
338354

339355
/* Verify that the server name was received intact. */
340356
EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn));
@@ -435,7 +451,7 @@ int main(int argc, char **argv)
435451
/* Verify that the CLIENT HELLO is accepted */
436452
s2n_negotiate(server_conn, &server_blocked);
437453
EXPECT_TRUE(s2n_conn_get_current_message_type(server_conn) > CLIENT_HELLO);
438-
EXPECT_EQUAL(server_conn->handshake.handshake_type, FULL_NO_PFS);
454+
EXPECT_EQUAL(server_conn->handshake.handshake_type & NEGOTIATED, NEGOTIATED);
439455

440456
/* Verify that the that we detected secure_renegotiation */
441457
EXPECT_EQUAL(server_conn->secure_renegotiation, 1);
@@ -565,10 +581,16 @@ int main(int argc, char **argv)
565581
}
566582

567583
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
584+
client_conn->actual_protocol_version = S2N_TLS12;
585+
client_conn->server_protocol_version = S2N_TLS12;
586+
client_conn->client_protocol_version = S2N_TLS12;
568587
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
569588
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
570589

571590
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
591+
server_conn->actual_protocol_version = S2N_TLS12;
592+
server_conn->server_protocol_version = S2N_TLS12;
593+
server_conn->client_protocol_version = S2N_TLS12;
572594
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
573595
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
574596

@@ -614,6 +636,9 @@ int main(int argc, char **argv)
614636
}
615637

616638
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
639+
client_conn->actual_protocol_version = S2N_TLS12;
640+
client_conn->server_protocol_version = S2N_TLS12;
641+
client_conn->client_protocol_version = S2N_TLS12;
617642
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
618643
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
619644

@@ -622,6 +647,9 @@ int main(int argc, char **argv)
622647
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
623648

624649
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
650+
server_conn->actual_protocol_version = S2N_TLS12;
651+
server_conn->server_protocol_version = S2N_TLS12;
652+
server_conn->client_protocol_version = S2N_TLS12;
625653
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
626654
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
627655

@@ -668,6 +696,9 @@ int main(int argc, char **argv)
668696
}
669697

670698
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
699+
client_conn->actual_protocol_version = S2N_TLS12;
700+
client_conn->server_protocol_version = S2N_TLS12;
701+
client_conn->client_protocol_version = S2N_TLS12;
671702
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
672703
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
673704

@@ -676,6 +707,9 @@ int main(int argc, char **argv)
676707
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
677708

678709
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
710+
server_conn->actual_protocol_version = S2N_TLS12;
711+
server_conn->server_protocol_version = S2N_TLS12;
712+
server_conn->client_protocol_version = S2N_TLS12;
679713
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
680714
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
681715

tests/unit/s2n_fragmentation_coalescing_test.c

+20-5
Original file line numberDiff line numberDiff line change
@@ -403,6 +403,9 @@ int main(int argc, char **argv)
403403

404404
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
405405
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
406+
conn->server_protocol_version = S2N_TLS12;
407+
conn->client_protocol_version = S2N_TLS12;
408+
conn->actual_protocol_version = S2N_TLS12;
406409

407410
/* Create a pipe */
408411
EXPECT_SUCCESS(pipe(p));
@@ -411,7 +414,7 @@ int main(int argc, char **argv)
411414
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, p[0]));
412415

413416
/* Pretend the client hello has already been set */
414-
conn->handshake.handshake_type = FULL_NO_PFS;
417+
conn->handshake.handshake_type = NEGOTIATED | FULL_HANDSHAKE;
415418
conn->handshake.message_number = SERVER_HELLO;
416419

417420
/* Create a child process */
@@ -448,12 +451,15 @@ int main(int argc, char **argv)
448451

449452
/* Wipe the connection */
450453
EXPECT_SUCCESS(s2n_connection_wipe(conn));
454+
conn->server_protocol_version = S2N_TLS12;
455+
conn->client_protocol_version = S2N_TLS12;
456+
conn->actual_protocol_version = S2N_TLS12;
451457

452458
/* Set up the connection to read from the fd */
453459
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, p[0]));
454460

455461
/* Pretend the client hello has already been set */
456-
conn->handshake.handshake_type = FULL_NO_PFS;
462+
conn->handshake.handshake_type = NEGOTIATED | FULL_HANDSHAKE;
457463
conn->handshake.message_number = SERVER_HELLO;
458464

459465
/* Create a child process */
@@ -490,12 +496,15 @@ int main(int argc, char **argv)
490496

491497
/* Wipe the connection */
492498
EXPECT_SUCCESS(s2n_connection_wipe(conn));
499+
conn->server_protocol_version = S2N_TLS12;
500+
conn->client_protocol_version = S2N_TLS12;
501+
conn->actual_protocol_version = S2N_TLS12;
493502

494503
/* Set up the connection to read from the fd */
495504
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, p[0]));
496505

497506
/* Pretend the client hello has already been set */
498-
conn->handshake.handshake_type = FULL_NO_PFS;
507+
conn->handshake.handshake_type = NEGOTIATED | FULL_HANDSHAKE;
499508
conn->handshake.message_number = SERVER_HELLO;
500509

501510
/* Create a child process */
@@ -532,12 +541,15 @@ int main(int argc, char **argv)
532541

533542
/* Wipe the connection */
534543
EXPECT_SUCCESS(s2n_connection_wipe(conn));
544+
conn->server_protocol_version = S2N_TLS12;
545+
conn->client_protocol_version = S2N_TLS12;
546+
conn->actual_protocol_version = S2N_TLS12;
535547

536548
/* Set up the connection to read from the fd */
537549
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, p[0]));
538550

539551
/* Pretend the client hello has already been set */
540-
conn->handshake.handshake_type = FULL_NO_PFS;
552+
conn->handshake.handshake_type = NEGOTIATED | FULL_HANDSHAKE;
541553
conn->handshake.message_number = SERVER_HELLO;
542554

543555
/* Create a child process */
@@ -574,12 +586,15 @@ int main(int argc, char **argv)
574586

575587
/* Wipe the connection */
576588
EXPECT_SUCCESS(s2n_connection_wipe(conn));
589+
conn->server_protocol_version = S2N_TLS12;
590+
conn->client_protocol_version = S2N_TLS12;
591+
conn->actual_protocol_version = S2N_TLS12;
577592

578593
/* Set up the connection to read from the fd */
579594
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, p[0]));
580595

581596
/* Pretend the client hello has already been set */
582-
conn->handshake.handshake_type = FULL_NO_PFS;
597+
conn->handshake.handshake_type = NEGOTIATED | FULL_HANDSHAKE;
583598
conn->handshake.message_number = SERVER_HELLO;
584599

585600
/* Create a child process */

tests/unit/s2n_handshake_test.c

+12
Original file line numberDiff line numberDiff line change
@@ -165,18 +165,30 @@ int main(int argc, char **argv)
165165
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
166166
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
167167
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
168+
client_conn->server_protocol_version = S2N_TLS12;
169+
client_conn->client_protocol_version = S2N_TLS12;
170+
client_conn->actual_protocol_version = S2N_TLS12;
168171

169172
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
170173
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
171174
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
172175
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
176+
server_conn->server_protocol_version = S2N_TLS12;
177+
server_conn->client_protocol_version = S2N_TLS12;
178+
server_conn->actual_protocol_version = S2N_TLS12;
173179

180+
int tries = 0;
174181
do {
175182
int ret;
176183
ret = s2n_negotiate(client_conn, &client_blocked);
177184
EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN));
178185
ret = s2n_negotiate(server_conn, &server_blocked);
179186
EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN));
187+
tries += 1;
188+
189+
if (tries == 100) {
190+
FAIL();
191+
}
180192
} while (client_blocked || server_blocked);
181193

182194
uint8_t server_shutdown=0;

0 commit comments

Comments
 (0)