Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inability to Assign Custom Ciphersuite to Botan::TLS::Handshake_State During Testing #4298

Open
shreyaaapatil opened this issue Aug 9, 2024 · 2 comments
Open

Inability to Assign Custom Ciphersuite to Botan::TLS::Handshake_State During Testing #4298

shreyaaapatil opened this issue Aug 9, 2024 · 2 comments

Comments

@shreyaaapatil
Copy link

Botan version used: 2.19.3

We are testing Botan::TLS::Session_Keys. In our test cases, we have stubbed the various functions that are called inside the Session_Keys constructor. We are using the following approach.

Callbacks_Stub _callbacks;
Handshake_IO_Stub* __io = new Handshake_IO_Stub();
Botan::TLS::Handshake_State _state(__io, _callbacks)
  

/* Testing constructor. */
    ::Botan::TLS::Session_Keys _return(&_state, _pre_master_secret, _resuming, &_policy, &_creds, &_rng);

While creating object _state the default constructor of Ciphersuite called as m_ciphersuite is a private member of Handshake_State class.
In our test case, we create an object as follows:

Ciphersuite ciphersuiteNullCipherValid(kIdCipherSuiteNullCipher, "TLS_PSK_WITH_NULL_SHA256", tls::Auth_Method::IMPLICIT, tls::Kex_Algo::PSK, "NullCipher", 0, "SHA-256", 32, tls::KDF_Algo::SHA_256, tls::Nonce_Format::NULL_CIPHER);

We want m_ciphersuite to refer to ciphersuiteNullCipherValid, but we couldn't find any function that allows us to achieve this.
Is there any way to accomplish this? If so, please highlight it.

The reason we want to do this is that when we create the _state object, it assigns default values by default.
@randombit
Copy link
Owner

I think it's necessary to back up a few steps here and ask what you're actually trying to do. IIUC, it's to use a PSK suite with no encryption. This is not supported.

@shreyaaapatil
Copy link
Author

shreyaaapatil commented Aug 21, 2024
edited
Loading

As mentioned above, we are testing the Botan::TLS::Session_Keys Constructor.
For that we are passing _state object reference to the Session_Keys constructor as one of the arguments.

/* Testing constructor. */
    ::Botan::TLS::Session_Keys _return(&_state, _pre_master_secret, _resuming, &_policy, &_creds, &_rng);

We are running our tests with UBSAN flag, and encountering runtime error: reference binding to null pointer of type 'value_type' in tls_session_key.cpp below line

copy_mem(&m_c_aead[mac_keylen], key_data + 2*mac_keylen, cipher_keylen);

The mac_keylen value is initialized in the Session_Keys constructor as mentioned below, and it is taking by default value 0 from the Ciphersuite class.

 const size_t mac_keylen = state->ciphersuite().mac_keylen();

size_t mac_keylen() const { 
         return m_mac_keylen; }

So, we need to initialize mac_keylen with non-zero values to avoid UBSAN error. If it is zero, for accessing invalid memory or failing to copy the intended data, which is likely why UBSAN is flagging an issue. The approach we followed to address this is-

 _state.m_ciphersuite.m_mac_keylen = 16;

But I hope, this is not the correct way to directly modifying class members outside their intended scope. Any thoughts on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@randombit @shreyaaapatil