diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 9e9fa0026..3321d6440 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -352,6 +352,9 @@ openvpn_encrypt(struct buffer *buf, struct buffer work, int64_t cipher_get_aead_limits(const char *ciphername) { + /* TESTING: Make AEAD key limits really really really small to force + * key rollever super quickly */ + return 256; if (!cipher_kt_mode_aead(ciphername)) { return 0; diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index d69f4d558..fc687b57a 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -414,8 +414,13 @@ epoch_check_send_iterate(struct crypto_options *opt) if (aead_usage_limit_reached(opt->aead_usage_limit, &opt->key_ctx_bi.encrypt, opt->packet_id.send.id)) { - /* Send key limit reached */ - epoch_iterate_send_key(opt); + int forward = rand() % 8 + 1; + /* Send key limit reached, go one key forward or in this TEST + * gremlin mode, 1 to 8 to test the other side future key stuff */ + for (int i = 0; i < forward; i++) + { + epoch_iterate_send_key(opt); + } } /* draft 8 of the aead usage limit still had but draft 9 complete * dropped this statement: @@ -437,7 +442,13 @@ epoch_check_send_iterate(struct crypto_options *opt) /* Receive key limit reached. Increase our own send key to signal * that we want to use a new epoch. Peer should then also move its * key but is not required to do this */ - epoch_iterate_send_key(opt); + int forward = rand() % 8 + 1; + /* gremlin mode, 1 to 8 to test the other side future key stuff */ + for (int i = 0; i < forward; i++) + { + epoch_iterate_send_key(opt); + } + } } diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index bece3a1bd..1ece843a0 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -458,24 +458,14 @@ test_mssfix_mtu_calculation(void **state) void crypto_test_aead_limits(void **state) { +#define BROKEN_LIMIT 0x100 /* if ChaCha20-Poly1305 is not supported by the crypto library or in the * current mode (FIPS), this will still return -1 */ - assert_int_equal(cipher_get_aead_limits("CHACHA20-POLY1305"), 0); + assert_int_equal(cipher_get_aead_limits("CHACHA20-POLY1305"), BROKEN_LIMIT); int64_t aeslimit = cipher_get_aead_limits("AES-128-GCM"); - assert_int_equal(aeslimit, (1ull << 36) - 1); - - /* Check if this matches our exception for 1600 size packets assuming - * AEAD_LIMIT_BLOCKSIZE (128 bits/ 16 bytes). Gives us 100 blocks - * + 1 for the packet */ - int64_t L = 101; - /* 2 ^ 29.34, using the result here to avoid linking to libm */ - assert_int_equal(aeslimit / L, 680390858); - - /* and for 9000, 2^26.86 */ - L = 563; - assert_int_equal(aeslimit / L, 122059461); + assert_int_equal(aeslimit, BROKEN_LIMIT); } void diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index 842c9441e..0d4d8be98 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -398,7 +398,7 @@ init_crypto_options(const char *cipher, const char *auth, bool epoch, struct epoch_key e1 = { .epoch = 1, .epoch_key = { 0 }}; memcpy(e1.epoch_key, key2.keys[0].cipher, sizeof(e1.epoch_key)); co.flags |= CO_EPOCH_DATA_KEY_FORMAT; - epoch_init_key_ctx(&co, &kt, &e1, &e1, 5); + epoch_init_key_ctx(&co, &kt, &e1, &e1, 9); /* Do a little of dancing for the epoch_send_key_iterate to test * that this works too */