1 /* $OpenBSD: clienttest.c,v 1.38 2022/07/19 18:56:12 tb Exp $ */ 2 /* 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <openssl/ssl.h> 19 20 #include <openssl/dtls1.h> 21 #include <openssl/ssl3.h> 22 23 #include <err.h> 24 #include <stdio.h> 25 #include <string.h> 26 27 #define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH) 28 #define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2) 29 #define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38) 30 31 #define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH) 32 #define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2) 33 #define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37) 34 35 #define TLS13_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH) 36 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2) 37 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34) 38 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69) 39 #define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 192) 40 #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98) 41 42 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) 43 44 static const uint8_t cipher_list_dtls1[] = { 45 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 46 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 47 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 48 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 49 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 50 }; 51 52 static const uint8_t client_hello_dtls1[] = { 53 0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 54 0x00, 0x00, 0x00, 0x00, 0x74, 0x01, 0x00, 0x00, 55 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 56 0x68, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 57 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 58 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 59 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 60 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xc0, 61 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 62 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 63 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 64 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 65 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 66 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 67 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 68 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 69 0x00, 70 }; 71 72 static const uint8_t cipher_list_dtls12_aes[] = { 73 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 74 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 75 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 76 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 77 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 78 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 79 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 80 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 81 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 82 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 83 0x00, 0x0a, 0x00, 0xff 84 }; 85 86 static const uint8_t cipher_list_dtls12_chacha[] = { 87 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 88 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 89 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 90 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 91 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 92 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 93 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 94 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 95 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 96 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 97 0x00, 0x0a, 0x00, 0xff, 98 }; 99 100 static const uint8_t client_hello_dtls12[] = { 101 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 102 0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00, 103 0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 104 0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0, 109 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 110 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 111 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 112 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 113 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 114 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 115 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 116 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 117 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 118 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 119 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00, 120 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 121 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 122 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 123 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 124 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 125 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 126 0x01, 0x02, 0x03, 127 }; 128 129 static const uint8_t cipher_list_tls10[] = { 130 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 131 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 132 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 133 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 134 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 135 0x00, 0x0a, 0x00, 0xff, 136 }; 137 138 static const uint8_t client_hello_tls10[] = { 139 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00, 140 0x6d, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 144 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14, 145 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 146 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 147 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 148 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 149 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 150 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b, 151 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 152 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 153 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 154 }; 155 156 static const uint8_t cipher_list_tls11[] = { 157 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 158 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 159 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 160 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 161 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 162 0x00, 0x0a, 0x00, 0xff, 163 }; 164 165 static const uint8_t client_hello_tls11[] = { 166 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00, 167 0x6d, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 171 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14, 172 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 173 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 174 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 175 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 176 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 177 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b, 178 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 179 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 180 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 181 }; 182 183 static const uint8_t cipher_list_tls12_aes[] = { 184 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 185 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 186 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 187 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 188 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 189 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 190 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 191 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 192 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 193 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 194 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 195 0x00, 0xff, 196 }; 197 198 static const uint8_t cipher_list_tls12_chacha[] = { 199 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 200 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 201 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 202 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 203 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 204 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 205 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 206 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 207 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 208 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 209 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 210 0x00, 0xff, 211 }; 212 213 static const uint8_t client_hello_tls12[] = { 214 0x16, 0x03, 0x01, 0x00, 0xbb, 0x01, 0x00, 0x00, 215 0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 216 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 218 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 219 0x00, 0x00, 0x00, 0x00, 0x00, 0x5a, 0xc0, 0x30, 220 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 221 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 222 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, 223 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 224 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 225 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 226 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 227 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 228 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 229 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 230 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 231 0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 232 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 233 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 234 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 235 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 236 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 237 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 238 }; 239 240 static const uint8_t cipher_list_tls13_aes[] = { 241 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30, 242 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 243 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 244 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, 245 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 246 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 247 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 248 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 249 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 250 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 251 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 252 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 253 }; 254 255 static const uint8_t cipher_list_tls13_chacha[] = { 256 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 257 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 258 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 259 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 260 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 261 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 262 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 263 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 264 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 265 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 266 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 267 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 268 }; 269 270 static const uint8_t client_hello_tls13[] = { 271 0x16, 0x03, 0x01, 0x01, 0x18, 0x01, 0x00, 0x01, 272 0x14, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 273 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 274 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 275 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 276 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 277 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 278 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 279 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 280 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x13, 0x03, 281 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8, 282 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 283 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 284 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4, 285 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 286 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 287 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 288 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 289 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 290 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 291 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 292 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 293 0x00, 0x6b, 0x00, 0x2b, 0x00, 0x09, 0x08, 0x03, 294 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00, 295 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 296 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 298 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 299 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 300 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 301 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 302 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 303 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 304 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 305 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 306 0x03, 0x02, 0x01, 0x02, 0x03, 307 }; 308 309 static const uint8_t cipher_list_tls13_only_aes[] = { 310 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 311 }; 312 313 static const uint8_t cipher_list_tls13_only_chacha[] = { 314 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 315 }; 316 317 static const uint8_t client_hello_tls13_only[] = { 318 0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00, 319 0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 320 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 321 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 322 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 323 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 324 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 325 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 326 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 327 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03, 328 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00, 329 0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 330 0x04, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 331 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 332 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 333 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 334 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 335 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 336 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 337 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 338 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 339 0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 340 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 341 0x01, 0x04, 0x03, 342 }; 343 344 struct client_hello_test { 345 const char *desc; 346 const int protocol; 347 const size_t random_start; 348 const size_t session_start; 349 const size_t key_share_start; 350 const SSL_METHOD *(*ssl_method)(void); 351 const long ssl_options; 352 }; 353 354 static const struct client_hello_test client_hello_tests[] = { 355 { 356 .desc = "DTLSv1 client method", 357 .protocol = DTLS1_VERSION, 358 .random_start = DTLS_RANDOM_OFFSET, 359 .ssl_method = DTLSv1_client_method, 360 }, 361 { 362 .desc = "DTLSv1.2 client method", 363 .protocol = DTLS1_2_VERSION, 364 .random_start = DTLS_RANDOM_OFFSET, 365 .ssl_method = DTLSv1_2_client_method, 366 }, 367 { 368 .desc = "DTLS client method", 369 .protocol = DTLS1_2_VERSION, 370 .random_start = DTLS_RANDOM_OFFSET, 371 .ssl_method = DTLS_client_method, 372 }, 373 { 374 .desc = "DTLS client method (no DTLSv1.2)", 375 .protocol = DTLS1_VERSION, 376 .random_start = DTLS_RANDOM_OFFSET, 377 .ssl_method = DTLS_client_method, 378 .ssl_options = SSL_OP_NO_DTLSv1_2, 379 }, 380 { 381 .desc = "DTLS client method (no DTLSv1.0)", 382 .protocol = DTLS1_2_VERSION, 383 .random_start = DTLS_RANDOM_OFFSET, 384 .ssl_method = DTLS_client_method, 385 .ssl_options = SSL_OP_NO_DTLSv1, 386 }, 387 { 388 .desc = "TLSv1 client method", 389 .protocol = TLS1_VERSION, 390 .random_start = SSL3_RANDOM_OFFSET, 391 .ssl_method = TLSv1_client_method, 392 }, 393 { 394 .desc = "TLSv1_1 client method", 395 .protocol = TLS1_1_VERSION, 396 .random_start = SSL3_RANDOM_OFFSET, 397 .ssl_method = TLSv1_1_client_method, 398 }, 399 { 400 .desc = "TLSv1_2 client method", 401 .protocol = TLS1_2_VERSION, 402 .random_start = SSL3_RANDOM_OFFSET, 403 .ssl_method = TLSv1_2_client_method, 404 }, 405 { 406 .desc = "SSLv23 default", 407 .protocol = TLS1_3_VERSION, 408 .random_start = TLS13_RANDOM_OFFSET, 409 .session_start = TLS13_SESSION_OFFSET, 410 .key_share_start = TLS13_KEY_SHARE_OFFSET, 411 .ssl_method = SSLv23_client_method, 412 .ssl_options = 0, 413 }, 414 { 415 .desc = "SSLv23 default (no TLSv1.3)", 416 .protocol = TLS1_2_VERSION, 417 .random_start = SSL3_RANDOM_OFFSET, 418 .ssl_method = SSLv23_client_method, 419 .ssl_options = SSL_OP_NO_TLSv1_3, 420 }, 421 { 422 .desc = "SSLv23 (no TLSv1.2)", 423 .protocol = TLS1_1_VERSION, 424 .random_start = SSL3_RANDOM_OFFSET, 425 .ssl_method = SSLv23_client_method, 426 .ssl_options = SSL_OP_NO_TLSv1_2, 427 }, 428 { 429 .desc = "SSLv23 (no TLSv1.1)", 430 .protocol = TLS1_VERSION, 431 .random_start = SSL3_RANDOM_OFFSET, 432 .ssl_method = SSLv23_client_method, 433 .ssl_options = SSL_OP_NO_TLSv1_1, 434 }, 435 { 436 .desc = "TLS default", 437 .protocol = TLS1_3_VERSION, 438 .random_start = TLS13_RANDOM_OFFSET, 439 .session_start = TLS13_SESSION_OFFSET, 440 .key_share_start = TLS13_KEY_SHARE_OFFSET, 441 .ssl_method = TLS_client_method, 442 .ssl_options = 0, 443 }, 444 { 445 .desc = "TLS (no TLSv1.3)", 446 .protocol = TLS1_2_VERSION, 447 .random_start = SSL3_RANDOM_OFFSET, 448 .ssl_method = TLS_client_method, 449 .ssl_options = SSL_OP_NO_TLSv1_3, 450 }, 451 { 452 .desc = "TLS (no TLSv1.2)", 453 .protocol = TLS1_1_VERSION, 454 .random_start = SSL3_RANDOM_OFFSET, 455 .ssl_method = TLS_client_method, 456 .ssl_options = SSL_OP_NO_TLSv1_2, 457 }, 458 { 459 .desc = "TLS (no TLSv1.1)", 460 .protocol = TLS1_VERSION, 461 .random_start = SSL3_RANDOM_OFFSET, 462 .ssl_method = TLS_client_method, 463 .ssl_options = SSL_OP_NO_TLSv1_1, 464 }, 465 #if 0 466 /* XXX - build client hello with explicit versions extension. */ 467 { 468 .desc = "TLS (no TLSv1.0, no TLSv1.1)", 469 .protocol = TLS1_3_VERSION, 470 .random_start = TLS13_RANDOM_OFFSET, 471 .session_start = TLS13_SESSION_OFFSET, 472 .key_share_start = TLS13_KEY_SHARE_OFFSET, 473 .ssl_method = TLS_client_method, 474 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, 475 }, 476 #endif 477 { 478 .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)", 479 .protocol = TLS1_3_VERSION_ONLY, 480 .random_start = TLS13_RANDOM_OFFSET, 481 .session_start = TLS13_SESSION_OFFSET, 482 .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET, 483 .ssl_method = TLS_client_method, 484 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, 485 }, 486 }; 487 488 #define N_CLIENT_HELLO_TESTS \ 489 (sizeof(client_hello_tests) / sizeof(*client_hello_tests)) 490 491 static void 492 hexdump(const uint8_t *buf, size_t len, const uint8_t *compare) 493 { 494 const char *mark = ""; 495 size_t i; 496 497 for (i = 1; i <= len; i++) { 498 if (compare != NULL) 499 mark = (buf[i - 1] != compare[i - 1]) ? "*" : " "; 500 fprintf(stderr, " %s0x%02hhx,%s", mark, buf[i - 1], 501 i % 8 && i != len ? "" : "\n"); 502 } 503 fprintf(stderr, "\n"); 504 } 505 506 static inline int 507 ssl_aes_is_accelerated(void) 508 { 509 #if defined(__i386__) || defined(__x86_64__) 510 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); 511 #else 512 return (0); 513 #endif 514 } 515 516 static int 517 make_client_hello(int protocol, char **out, size_t *outlen) 518 { 519 size_t client_hello_len, cipher_list_len, cipher_list_offset; 520 const uint8_t *client_hello, *cipher_list; 521 char *p; 522 523 *out = NULL; 524 *outlen = 0; 525 526 switch (protocol) { 527 case DTLS1_VERSION: 528 client_hello = client_hello_dtls1; 529 client_hello_len = sizeof(client_hello_dtls1); 530 cipher_list = cipher_list_dtls1; 531 cipher_list_len = sizeof(cipher_list_dtls1); 532 cipher_list_offset = DTLS_CIPHER_OFFSET; 533 break; 534 535 case DTLS1_2_VERSION: 536 client_hello = client_hello_dtls12; 537 client_hello_len = sizeof(client_hello_dtls12); 538 cipher_list = cipher_list_dtls12_chacha; 539 cipher_list_len = sizeof(cipher_list_dtls12_chacha); 540 if (ssl_aes_is_accelerated()) { 541 cipher_list = cipher_list_dtls12_aes; 542 cipher_list_len = sizeof(cipher_list_dtls12_aes); 543 } 544 cipher_list_offset = DTLS_CIPHER_OFFSET; 545 break; 546 547 case TLS1_VERSION: 548 client_hello = client_hello_tls10; 549 client_hello_len = sizeof(client_hello_tls10); 550 cipher_list = cipher_list_tls10; 551 cipher_list_len = sizeof(cipher_list_tls10); 552 cipher_list_offset = SSL3_CIPHER_OFFSET; 553 break; 554 555 case TLS1_1_VERSION: 556 client_hello = client_hello_tls11; 557 client_hello_len = sizeof(client_hello_tls11); 558 cipher_list = cipher_list_tls11; 559 cipher_list_len = sizeof(cipher_list_tls11); 560 cipher_list_offset = SSL3_CIPHER_OFFSET; 561 break; 562 563 case TLS1_2_VERSION: 564 client_hello = client_hello_tls12; 565 client_hello_len = sizeof(client_hello_tls12); 566 cipher_list = cipher_list_tls12_chacha; 567 cipher_list_len = sizeof(cipher_list_tls12_chacha); 568 if (ssl_aes_is_accelerated()) { 569 cipher_list = cipher_list_tls12_aes; 570 cipher_list_len = sizeof(cipher_list_tls12_aes); 571 } 572 cipher_list_offset = SSL3_CIPHER_OFFSET; 573 break; 574 575 case TLS1_3_VERSION: 576 client_hello = client_hello_tls13; 577 client_hello_len = sizeof(client_hello_tls13); 578 cipher_list = cipher_list_tls13_chacha; 579 cipher_list_len = sizeof(cipher_list_tls13_chacha); 580 if (ssl_aes_is_accelerated()) { 581 cipher_list = cipher_list_tls13_aes; 582 cipher_list_len = sizeof(cipher_list_tls13_aes); 583 } 584 cipher_list_offset = TLS13_CIPHER_OFFSET; 585 break; 586 587 case TLS1_3_VERSION_ONLY: 588 client_hello = client_hello_tls13_only; 589 client_hello_len = sizeof(client_hello_tls13_only); 590 cipher_list = cipher_list_tls13_only_chacha; 591 cipher_list_len = sizeof(cipher_list_tls13_only_chacha); 592 if (ssl_aes_is_accelerated()) { 593 cipher_list = cipher_list_tls13_only_aes; 594 cipher_list_len = sizeof(cipher_list_tls13_only_aes); 595 } 596 cipher_list_offset = TLS13_CIPHER_OFFSET; 597 break; 598 599 default: 600 return (-1); 601 } 602 603 if ((p = malloc(client_hello_len)) == NULL) 604 return (-1); 605 606 memcpy(p, client_hello, client_hello_len); 607 memcpy(p + cipher_list_offset, cipher_list, cipher_list_len); 608 609 *out = p; 610 *outlen = client_hello_len; 611 612 return (0); 613 } 614 615 static int 616 client_hello_test(int testno, const struct client_hello_test *cht) 617 { 618 BIO *rbio = NULL, *wbio = NULL; 619 SSL_CTX *ssl_ctx = NULL; 620 SSL *ssl = NULL; 621 char *client_hello = NULL; 622 size_t client_hello_len; 623 size_t session_len; 624 char *wbuf, rbuf[1]; 625 int ret = 1; 626 long len; 627 628 fprintf(stderr, "Test %d - %s\n", testno, cht->desc); 629 630 /* Providing a small buf causes *_get_server_hello() to return. */ 631 if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) { 632 fprintf(stderr, "Failed to setup rbio\n"); 633 goto failure; 634 } 635 if ((wbio = BIO_new(BIO_s_mem())) == NULL) { 636 fprintf(stderr, "Failed to setup wbio\n"); 637 goto failure; 638 } 639 640 if ((ssl_ctx = SSL_CTX_new(cht->ssl_method())) == NULL) { 641 fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 642 goto failure; 643 } 644 645 SSL_CTX_set_options(ssl_ctx, cht->ssl_options); 646 647 if ((ssl = SSL_new(ssl_ctx)) == NULL) { 648 fprintf(stderr, "SSL_new() returned NULL\n"); 649 goto failure; 650 } 651 652 BIO_up_ref(rbio); 653 BIO_up_ref(wbio); 654 SSL_set_bio(ssl, rbio, wbio); 655 656 if (SSL_connect(ssl) != 0) { 657 fprintf(stderr, "SSL_connect() returned non-zero\n"); 658 goto failure; 659 } 660 661 len = BIO_get_mem_data(wbio, &wbuf); 662 663 if (make_client_hello(cht->protocol, &client_hello, 664 &client_hello_len) != 0) 665 errx(1, "failed to make client hello"); 666 667 if ((size_t)len != client_hello_len) { 668 fprintf(stderr, "FAIL: test returned ClientHello length %ld, " 669 "want %zu\n", len, client_hello_len); 670 fprintf(stderr, "received:\n"); 671 hexdump(wbuf, len, NULL); 672 fprintf(stderr, "test data:\n"); 673 hexdump(client_hello, client_hello_len, NULL); 674 fprintf(stderr, "\n"); 675 goto failure; 676 } 677 678 /* We expect the client random to differ. */ 679 if (memcmp(&client_hello[cht->random_start], &wbuf[cht->random_start], 680 SSL3_RANDOM_SIZE) == 0) { 681 fprintf(stderr, "FAIL: ClientHello has zeroed random\n"); 682 goto failure; 683 } 684 685 memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE); 686 687 if (cht->session_start > 0) { 688 session_len = wbuf[cht->session_start]; 689 if (session_len > 0) 690 memset(&wbuf[cht->session_start + 1], 0, session_len); 691 } 692 if (cht->key_share_start > 0) 693 memset(&wbuf[cht->key_share_start], 0, 32); 694 695 if (memcmp(client_hello, wbuf, client_hello_len) != 0) { 696 fprintf(stderr, "FAIL: ClientHello differs:\n"); 697 fprintf(stderr, "received:\n"); 698 hexdump(wbuf, len, client_hello); 699 fprintf(stderr, "test data:\n"); 700 hexdump(client_hello, client_hello_len, wbuf); 701 fprintf(stderr, "\n"); 702 goto failure; 703 } 704 705 ret = 0; 706 707 failure: 708 SSL_CTX_free(ssl_ctx); 709 SSL_free(ssl); 710 711 BIO_free(rbio); 712 BIO_free(wbio); 713 714 free(client_hello); 715 716 return (ret); 717 } 718 719 int 720 main(int argc, char **argv) 721 { 722 int failed = 0; 723 size_t i; 724 725 SSL_library_init(); 726 727 for (i = 0; i < N_CLIENT_HELLO_TESTS; i++) 728 failed |= client_hello_test(i, &client_hello_tests[i]); 729 730 return (failed); 731 } 732