QUIC QRX: Test for 1-RTT processing restriction

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21547)
2024-12-15 06:01:37 +08:00 · 2023-07-25 11:32:25 +01:00 · 2023-07-25 11:32:25 +01:00 · 869ab3e707
commit 869ab3e707
parent 2a6f1f2f6e
1 changed files with 44 additions and 2 deletions
--- a/test/quic_record_test.c
+++ b/test/quic_record_test.c
@ -32,6 +32,7 @@ static const QUIC_CONN_ID empty_conn_id = {0, {0}};
 #define RX_TEST_OP_KEY_UPDATE_TIMEOUT     11 /* complete key update process */
 #define RX_TEST_OP_SET_INIT_KEY_PHASE     12 /* initial Key Phase bit value */
 #define RX_TEST_OP_CHECK_PKT_EPOCH        13 /* check read key epoch matches */
+#define RX_TEST_OP_ALLOW_1RTT             14 /* allow 1RTT packet processing */

 struct rx_test_op {
    unsigned char op;
@ -81,6 +82,8 @@ struct rx_test_op {
    { RX_TEST_OP_SET_INIT_KEY_PHASE, 0, NULL, 0, NULL, (kp_bit), 0, 0, NULL },
 #define RX_OP_CHECK_PKT_EPOCH(expected) \
    { RX_TEST_OP_CHECK_PKT_EPOCH, 0, NULL, 0, NULL, 0, 0, (expected), NULL },
+#define RX_OP_ALLOW_1RTT() \
+    { RX_TEST_OP_ALLOW_1RTT, 0, NULL, 0, NULL, 0, 0, 0, NULL },

 #define RX_OP_INJECT_N(n)                                          \
    RX_OP_INJECT(rx_script_##n##_in)
@ -168,6 +171,7 @@ static const QUIC_PKT_HDR rx_script_2_expect_hdr = {
 };

 static const struct rx_test_op rx_script_2[] = {
+    RX_OP_ALLOW_1RTT()
    RX_OP_SET_INIT_LARGEST_PN(654360560)
    RX_OP_ADD_RX_DCID(empty_conn_id)
    RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT, QRL_SUITE_CHACHA20POLY1305,
@ -587,6 +591,7 @@ static const unsigned char rx_script_5c_body[] = {
 };

 static const struct rx_test_op rx_script_5[] = {
+    RX_OP_ALLOW_1RTT()
    RX_OP_ADD_RX_DCID(empty_conn_id)
    RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
    RX_OP_INJECT_N(5)
@ -955,6 +960,7 @@ static const unsigned char rx_script_6c_body[] = {
 };

 static const struct rx_test_op rx_script_6[] = {
+    RX_OP_ALLOW_1RTT()
    RX_OP_ADD_RX_DCID(empty_conn_id)
    RX_OP_PROVIDE_SECRET_INITIAL(rx_script_6_c2s_init_dcid)
    RX_OP_INJECT_N(6)
@ -1317,6 +1323,7 @@ static const unsigned char rx_script_7c_body[] = {
 };

 static const struct rx_test_op rx_script_7[] = {
+    RX_OP_ALLOW_1RTT()
    RX_OP_ADD_RX_DCID(empty_conn_id)
    RX_OP_PROVIDE_SECRET_INITIAL(rx_script_7_c2s_init_dcid)
    RX_OP_INJECT_N(7)
@ -1575,6 +1582,7 @@ static const unsigned char rx_script_8f_body[] = {
 };

 static const struct rx_test_op rx_script_8[] = {
+    RX_OP_ALLOW_1RTT()
    RX_OP_ADD_RX_DCID(empty_conn_id)
    /* Inject before we get the keys */
    RX_OP_INJECT_N(8a)
@ -1666,6 +1674,28 @@ static const struct rx_test_op rx_script_8[] = {
    RX_OP_END
 };

+/* 9. 1-RTT Deferral Test */
+static const struct rx_test_op rx_script_9[] = {
+    RX_OP_ADD_RX_DCID(empty_conn_id)
+    RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
+    RX_OP_INJECT_N(5)
+
+    RX_OP_CHECK_PKT_N(5a)
+    RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
+    RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_HANDSHAKE,
+                      QRL_SUITE_AES128GCM, rx_script_5_handshake_secret)
+    RX_OP_CHECK_PKT_N(5b)
+    RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
+    RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT,
+                      QRL_SUITE_AES128GCM, rx_script_5_1rtt_secret)
+    RX_OP_CHECK_NO_PKT() /* still nothing - 1-RTT not enabled */
+    RX_OP_ALLOW_1RTT()
+    RX_OP_CHECK_PKT_N(5c) /* now we get the 1-RTT packet */
+    RX_OP_CHECK_NO_PKT()
+
+    RX_OP_END
+};
+
 static const struct rx_test_op *rx_scripts[] = {
    rx_script_1,
 #ifndef OPENSSL_NO_CHACHA
@ -1678,7 +1708,8 @@ static const struct rx_test_op *rx_scripts[] = {
 #ifndef OPENSSL_NO_CHACHA
    rx_script_7,
 #endif
-    rx_script_8
+    rx_script_8,
+    rx_script_9
 };

 struct rx_state {
@ -1691,6 +1722,8 @@ struct rx_state {
    /* Used for the RX depacketizer */
    SSL_CTX            *quic_ssl_ctx;
    QUIC_CONNECTION    *quic_conn;
+
+    int                 allow_1rtt;
 };

 static void rx_state_teardown(struct rx_state *s)
@ -1744,7 +1777,9 @@ static int rx_state_ensure(struct rx_state *s)
        && !TEST_ptr(s->qrx = ossl_qrx_new(&s->args)))
        return 0;

-    ossl_qrx_allow_1rtt_processing(s->qrx);
+    if (s->allow_1rtt)
+        ossl_qrx_allow_1rtt_processing(s->qrx);
+
    return 1;
 }

@ -1865,6 +1900,13 @@ static int rx_run_script(const struct rx_test_op *script)
            case RX_TEST_OP_SET_INIT_KEY_PHASE:
                rx_state_teardown(&s);
                s.args.init_key_phase_bit = (unsigned char)op->enc_level;
+                break;
+            case RX_TEST_OP_ALLOW_1RTT:
+                s.allow_1rtt = 1;
+
+                if (!TEST_true(rx_state_ensure(&s)))
+                    goto err;
+
                break;
            default:
                OPENSSL_assert(0);