Merge pull request #110 from golang-fips/tlsprf1

Support PRF for TLS1.1

Author: qmuntal

tls1prf.go

@@ -5,20 +5,29 @@ package openssl
 // #include "goopenssl.h"
 import "C"
 import (
+	"crypto"
 	"errors"
 	"hash"
 	"unsafe"
 )
 
 func SupportsTLS1PRF() bool {
 	return vMajor > 1 ||
-		(vMajor >= 1 && vMinor > 1) ||
-		(vMajor >= 1 && vMinor >= 1 && vPatch >= 1)
+		(vMajor >= 1 && vMinor > 1)
 }
 
 func TLS1PRF(secret, label, seed []byte, keyLen int, h func() hash.Hash) ([]byte, error) {
-	ch := h()
-	md := hashToMD(ch)
+	var md C.GO_EVP_MD_PTR
+	if h == nil {
+		// TLS 1.0/1.1 PRF doesn't allow to specify the hash function,
+		// it always uses MD5SHA1. If h is nil, then assume
+		// that the caller wants to use TLS 1.0/1.1 PRF.
+		// OpenSSL detects this case by checking if the hash
+		// function is MD5SHA1.
+		md = cryptoHashToMD(crypto.MD5SHA1)
+	} else {
+		md = hashToMD(h())
+	}
 	if md == nil {
 		return nil, errors.New("unsupported hash function")
 	}

tls1prf_test.go

@@ -4,24 +4,43 @@ package openssl_test
 
 import (
 	"bytes"
-	"hash"
+	"crypto"
 	"testing"
 
 	"github.com/golang-fips/openssl/v2"
 )
 
 type tls1prfTest struct {
-	hash   func() hash.Hash
+	hash   crypto.Hash
 	secret []byte
 	label  []byte
 	seed   []byte
 	out    []byte
 }
 
 var tls1prfTests = []tls1prfTest{
+	// TLS 1.0/1.1 test generated with OpenSSL and cross-validated
+	// with Windows CNG.
+	{
+		crypto.MD5SHA1,
+		[]byte{
+			0x9b, 0xbe, 0x43, 0x6b, 0xa9, 0x40, 0xf0, 0x17,
+			0xb1, 0x76, 0x52, 0x84, 0x9a, 0x71, 0xdb, 0x35,
+		},
+		[]byte{
+			0x74, 0x65, 0x73, 0x74, 0x20, 0x6c, 0x61, 0x62,
+			0x65, 0x6c},
+		[]byte{
+			0xa0, 0xba, 0x9f, 0x93, 0x6c, 0xda, 0x31, 0x18,
+			0x27, 0xa6, 0xf7, 0x96, 0xff, 0xd5, 0x19, 0x8c,
+		},
+		[]byte{
+			0x66, 0x17, 0x40, 0xe6, 0xf9, 0x8b, 0xc9, 0x01,
+		},
+	},
 	// Tests from https://mailarchive.ietf.org/arch/msg/tls/fzVCzk-z3FShgGJ6DOXqM1ydxms/
 	{
-		openssl.NewSHA256,
+		crypto.SHA256,
 		[]byte{
 			0x9b, 0xbe, 0x43, 0x6b, 0xa9, 0x40, 0xf0, 0x17,
 			0xb1, 0x76, 0x52, 0x84, 0x9a, 0x71, 0xdb, 0x35,
@@ -50,7 +69,7 @@ var tls1prfTests = []tls1prfTest{
 		},
 	},
 	{
-		openssl.NewSHA384,
+		crypto.SHA384,
 		[]byte{
 			0xb8, 0x0b, 0x73, 0x3d, 0x6c, 0xee, 0xfc, 0xdc,
 			0x71, 0x56, 0x6e, 0xa4, 0x8e, 0x55, 0x67, 0xdf,
@@ -85,7 +104,7 @@ var tls1prfTests = []tls1prfTest{
 		},
 	},
 	{
-		openssl.NewSHA512,
+		crypto.SHA512,
 		[]byte{
 			0xb0, 0x32, 0x35, 0x23, 0xc1, 0x85, 0x35, 0x99,
 			0x58, 0x4d, 0x88, 0x56, 0x8b, 0xbb, 0x05, 0xeb,
@@ -132,13 +151,19 @@ func TestTLS1PRF(t *testing.T) {
 	if !openssl.SupportsTLS1PRF() {
 		t.Skip("TLS 1.2 PRF is not supported")
 	}
-	for i, tt := range tls1prfTests {
-		out, err := openssl.TLS1PRF(tt.secret, tt.label, tt.seed, len(tt.out), tt.hash)
-		if err != nil {
-			t.Errorf("test %d: error deriving TLS 1.2 PRF: %v.", i, err)
-		}
-		if !bytes.Equal(out, tt.out) {
-			t.Errorf("test %d: incorrect key output: have %v, need %v.", i, out, tt.out)
-		}
+	for _, tt := range tls1prfTests {
+		tt := tt
+		t.Run(tt.hash.String(), func(t *testing.T) {
+			if !openssl.SupportsHash(tt.hash) {
+				t.Skip("skipping: hash not supported")
+			}
+			out, err := openssl.TLS1PRF(tt.secret, tt.label, tt.seed, len(tt.out), cryptoToHash(tt.hash))
+			if err != nil {
+				t.Fatalf("error deriving TLS 1.2 PRF: %v.", err)
+			}
+			if !bytes.Equal(out, tt.out) {
+				t.Errorf("incorrect key output: have %v, need %v.", out, tt.out)
+			}
+		})
 	}
 }