Don't hardcode TLS 1.3 labels in test cases
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.
This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 7befbea..1730501 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -28,7 +28,7 @@
#include <stdint.h>
#include <string.h>
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
.name = string,
struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 64caa8a..ee6572f 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -21,30 +21,30 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-/* This requires MBEDTLS_SSL_TLS1_3_LABEL( name, string ) to be defined at
+/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
* the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
* below. */
#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
- MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( sn , "sn" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \
- MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" )
+ MBEDTLS_SSL_TLS1_3_LABEL( 0, finished , "finished" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 1, resumption , "resumption" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 2, traffic_upd , "traffic upd" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 3, exporter , "exporter" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 4, key , "key" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 5, iv , "iv" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 6, sn , "sn" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 7, c_hs_traffic, "c hs traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 8, c_ap_traffic, "c ap traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 9, c_e_traffic , "c e traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 10, s_hs_traffic, "s hs traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 11, s_ap_traffic, "s ap traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 12, s_e_traffic , "s e traffic" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 13, exp_master , "exp master" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 14, res_master , "res master" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 15, ext_binder , "ext binder" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 16, res_binder , "res binder" ) \
+ MBEDTLS_SSL_TLS1_3_LABEL( 17, derived , "derived" )
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
const unsigned char name [ sizeof(string) - 1 ];
union mbedtls_ssl_tls1_3_labels_union
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 8a2b96a..badb116 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -10418,49 +10418,49 @@
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6b6579":"":16:"844780a7acad9f980fa25c114e43402a"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
SSL TLS 1.3 Key schedule: HKDF Expand Label #2
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6976":"":12:"4c042ddc120a38d1417fc815"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815"
SSL TLS 1.3 Key schedule: HKDF Expand Label #3
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6b6579":"":16:"7154f314e6be7dc008df2c832baa1d39"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
SSL TLS 1.3 Key schedule: HKDF Expand Label #4
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6976":"":12:"71abc2cae4c699d47c600268"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268"
SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic IV
# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6976":"":12:"5d313eb2671276ee13000b30"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30"
SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
# Vector from RFC 8448
# Server handshake traffic secret -> Server traffic Key
# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6b6579":"":16:"3fce516009c21727d0f2e4e86ee403bc"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic IV
# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6976":"":12:"5bd3c71b836e0b76bb73265f"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
# Vector from RFC 8448
# Client handshake traffic secret -> Client traffic Key
# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01"
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
SSL TLS 1.3 Key schedule: Traffic key generation #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
@@ -10477,14 +10477,13 @@
# Derive-Secret( Early-Secret, "derived", "")
# Tests the case where context isn't yet hashed (empty string here,
# but still needs to be hashed)
-# 64657269766564 = hex("derived")
-ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"64657269766564":"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
+ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash)
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Derive-Secret( MasterSecret, "s ap traffic", hash)
# Tests the case where context is already hashed
-ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":"732061702074726166666963":"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
+ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 58abef8..1532429 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -12,6 +12,11 @@
#include <test/constant_flow.h>
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
+ const int tls1_3_label_ ## name = idx;
+MBEDTLS_SSL_TLS1_3_LABEL_LIST
+#undef MBEDTLS_SSL_TLS1_3_LABEL
+
typedef struct log_pattern
{
const char *pattern;
@@ -3673,13 +3678,24 @@
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_hkdf_expand_label( int hash_alg,
data_t *secret,
- data_t *label,
+ int label_idx,
data_t *ctx,
int desired_length,
data_t *expected )
{
unsigned char dst[ 100 ];
+ unsigned char const *lbl = NULL;
+ size_t lbl_len;
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
+ if( label_idx == tls1_3_label_ ## name ) \
+ { \
+ lbl = mbedtls_ssl_tls1_3_labels.name; \
+ lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
+ }
+MBEDTLS_SSL_TLS1_3_LABEL_LIST
+#undef MBEDTLS_SSL_TLS1_3_LABEL
+ TEST_ASSERT( lbl != NULL );
/* Check sanity of test parameters. */
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
@@ -3688,7 +3704,7 @@
TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
(mbedtls_md_type_t) hash_alg,
secret->x, secret->len,
- label->x, label->len,
+ lbl, lbl_len,
ctx->x, ctx->len,
dst, desired_length ) == 0 );
@@ -3747,7 +3763,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_derive_secret( int hash_alg,
data_t *secret,
- data_t *label,
+ int label_idx,
data_t *ctx,
int desired_length,
int already_hashed,
@@ -3755,6 +3771,18 @@
{
unsigned char dst[ 100 ];
+ unsigned char const *lbl = NULL;
+ size_t lbl_len;
+#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \
+ if( label_idx == tls1_3_label_ ## name ) \
+ { \
+ lbl = mbedtls_ssl_tls1_3_labels.name; \
+ lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \
+ }
+MBEDTLS_SSL_TLS1_3_LABEL_LIST
+#undef MBEDTLS_SSL_TLS1_3_LABEL
+ TEST_ASSERT( lbl != NULL );
+
/* Check sanity of test parameters. */
TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
TEST_ASSERT( (size_t) desired_length == expected->len );
@@ -3762,7 +3790,7 @@
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
(mbedtls_md_type_t) hash_alg,
secret->x, secret->len,
- label->x, label->len,
+ lbl, lbl_len,
ctx->x, ctx->len,
already_hashed,
dst, desired_length ) == 0 );