From 869ab3e70708c391ac49fe0fc4f671781c381e3d Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 25 Jul 2023 11:32:25 +0100
Subject: [PATCH] QUIC QRX: Test for 1-RTT processing restriction

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
---
 test/quic_record_test.c | 46 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/test/quic_record_test.c b/test/quic_record_test.c
index ef0aa9bd62..89d9451a32 100644
--- a/test/quic_record_test.c
+++ b/test/quic_record_test.c
@@ -32,6 +32,7 @@ static const QUIC_CONN_ID empty_conn_id = {0, {0}};
 #define RX_TEST_OP_KEY_UPDATE_TIMEOUT     11 /* complete key update process */
 #define RX_TEST_OP_SET_INIT_KEY_PHASE     12 /* initial Key Phase bit value */
 #define RX_TEST_OP_CHECK_PKT_EPOCH        13 /* check read key epoch matches */
+#define RX_TEST_OP_ALLOW_1RTT             14 /* allow 1RTT packet processing */
 
 struct rx_test_op {
     unsigned char op;
@@ -81,6 +82,8 @@ struct rx_test_op {
     { RX_TEST_OP_SET_INIT_KEY_PHASE, 0, NULL, 0, NULL, (kp_bit), 0, 0, NULL },
 #define RX_OP_CHECK_PKT_EPOCH(expected) \
     { RX_TEST_OP_CHECK_PKT_EPOCH, 0, NULL, 0, NULL, 0, 0, (expected), NULL },
+#define RX_OP_ALLOW_1RTT() \
+    { RX_TEST_OP_ALLOW_1RTT, 0, NULL, 0, NULL, 0, 0, 0, NULL },
 
 #define RX_OP_INJECT_N(n)                                          \
     RX_OP_INJECT(rx_script_##n##_in)
@@ -168,6 +171,7 @@ static const QUIC_PKT_HDR rx_script_2_expect_hdr = {
 };
 
 static const struct rx_test_op rx_script_2[] = {
+    RX_OP_ALLOW_1RTT()
     RX_OP_SET_INIT_LARGEST_PN(654360560)
     RX_OP_ADD_RX_DCID(empty_conn_id)
     RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT, QRL_SUITE_CHACHA20POLY1305,
@@ -587,6 +591,7 @@ static const unsigned char rx_script_5c_body[] = {
 };
 
 static const struct rx_test_op rx_script_5[] = {
+    RX_OP_ALLOW_1RTT()
     RX_OP_ADD_RX_DCID(empty_conn_id)
     RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
     RX_OP_INJECT_N(5)
@@ -955,6 +960,7 @@ static const unsigned char rx_script_6c_body[] = {
 };
 
 static const struct rx_test_op rx_script_6[] = {
+    RX_OP_ALLOW_1RTT()
     RX_OP_ADD_RX_DCID(empty_conn_id)
     RX_OP_PROVIDE_SECRET_INITIAL(rx_script_6_c2s_init_dcid)
     RX_OP_INJECT_N(6)
@@ -1317,6 +1323,7 @@ static const unsigned char rx_script_7c_body[] = {
 };
 
 static const struct rx_test_op rx_script_7[] = {
+    RX_OP_ALLOW_1RTT()
     RX_OP_ADD_RX_DCID(empty_conn_id)
     RX_OP_PROVIDE_SECRET_INITIAL(rx_script_7_c2s_init_dcid)
     RX_OP_INJECT_N(7)
@@ -1575,6 +1582,7 @@ static const unsigned char rx_script_8f_body[] = {
 };
 
 static const struct rx_test_op rx_script_8[] = {
+    RX_OP_ALLOW_1RTT()
     RX_OP_ADD_RX_DCID(empty_conn_id)
     /* Inject before we get the keys */
     RX_OP_INJECT_N(8a)
@@ -1666,6 +1674,28 @@ static const struct rx_test_op rx_script_8[] = {
     RX_OP_END
 };
 
+/* 9. 1-RTT Deferral Test */
+static const struct rx_test_op rx_script_9[] = {
+    RX_OP_ADD_RX_DCID(empty_conn_id)
+    RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
+    RX_OP_INJECT_N(5)
+
+    RX_OP_CHECK_PKT_N(5a)
+    RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
+    RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_HANDSHAKE,
+                      QRL_SUITE_AES128GCM, rx_script_5_handshake_secret)
+    RX_OP_CHECK_PKT_N(5b)
+    RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
+    RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT,
+                      QRL_SUITE_AES128GCM, rx_script_5_1rtt_secret)
+    RX_OP_CHECK_NO_PKT() /* still nothing - 1-RTT not enabled */
+    RX_OP_ALLOW_1RTT()
+    RX_OP_CHECK_PKT_N(5c) /* now we get the 1-RTT packet */
+    RX_OP_CHECK_NO_PKT()
+
+    RX_OP_END
+};
+
 static const struct rx_test_op *rx_scripts[] = {
     rx_script_1,
 #ifndef OPENSSL_NO_CHACHA
@@ -1678,7 +1708,8 @@ static const struct rx_test_op *rx_scripts[] = {
 #ifndef OPENSSL_NO_CHACHA
     rx_script_7,
 #endif
-    rx_script_8
+    rx_script_8,
+    rx_script_9
 };
 
 struct rx_state {
@@ -1691,6 +1722,8 @@ struct rx_state {
     /* Used for the RX depacketizer */
     SSL_CTX            *quic_ssl_ctx;
     QUIC_CONNECTION    *quic_conn;
+
+    int                 allow_1rtt;
 };
 
 static void rx_state_teardown(struct rx_state *s)
@@ -1744,7 +1777,9 @@ static int rx_state_ensure(struct rx_state *s)
         && !TEST_ptr(s->qrx = ossl_qrx_new(&s->args)))
         return 0;
 
-    ossl_qrx_allow_1rtt_processing(s->qrx);
+    if (s->allow_1rtt)
+        ossl_qrx_allow_1rtt_processing(s->qrx);
+
     return 1;
 }
 
@@ -1865,6 +1900,13 @@ static int rx_run_script(const struct rx_test_op *script)
             case RX_TEST_OP_SET_INIT_KEY_PHASE:
                 rx_state_teardown(&s);
                 s.args.init_key_phase_bit = (unsigned char)op->enc_level;
+                break;
+            case RX_TEST_OP_ALLOW_1RTT:
+                s.allow_1rtt = 1;
+
+                if (!TEST_true(rx_state_ensure(&s)))
+                    goto err;
+
                 break;
             default:
                 OPENSSL_assert(0);