mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
QUIC QRX: Test for 1-RTT processing restriction
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21547)
This commit is contained in:
parent
2a6f1f2f6e
commit
869ab3e707
@ -32,6 +32,7 @@ static const QUIC_CONN_ID empty_conn_id = {0, {0}};
|
||||
#define RX_TEST_OP_KEY_UPDATE_TIMEOUT 11 /* complete key update process */
|
||||
#define RX_TEST_OP_SET_INIT_KEY_PHASE 12 /* initial Key Phase bit value */
|
||||
#define RX_TEST_OP_CHECK_PKT_EPOCH 13 /* check read key epoch matches */
|
||||
#define RX_TEST_OP_ALLOW_1RTT 14 /* allow 1RTT packet processing */
|
||||
|
||||
struct rx_test_op {
|
||||
unsigned char op;
|
||||
@ -81,6 +82,8 @@ struct rx_test_op {
|
||||
{ RX_TEST_OP_SET_INIT_KEY_PHASE, 0, NULL, 0, NULL, (kp_bit), 0, 0, NULL },
|
||||
#define RX_OP_CHECK_PKT_EPOCH(expected) \
|
||||
{ RX_TEST_OP_CHECK_PKT_EPOCH, 0, NULL, 0, NULL, 0, 0, (expected), NULL },
|
||||
#define RX_OP_ALLOW_1RTT() \
|
||||
{ RX_TEST_OP_ALLOW_1RTT, 0, NULL, 0, NULL, 0, 0, 0, NULL },
|
||||
|
||||
#define RX_OP_INJECT_N(n) \
|
||||
RX_OP_INJECT(rx_script_##n##_in)
|
||||
@ -168,6 +171,7 @@ static const QUIC_PKT_HDR rx_script_2_expect_hdr = {
|
||||
};
|
||||
|
||||
static const struct rx_test_op rx_script_2[] = {
|
||||
RX_OP_ALLOW_1RTT()
|
||||
RX_OP_SET_INIT_LARGEST_PN(654360560)
|
||||
RX_OP_ADD_RX_DCID(empty_conn_id)
|
||||
RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT, QRL_SUITE_CHACHA20POLY1305,
|
||||
@ -587,6 +591,7 @@ static const unsigned char rx_script_5c_body[] = {
|
||||
};
|
||||
|
||||
static const struct rx_test_op rx_script_5[] = {
|
||||
RX_OP_ALLOW_1RTT()
|
||||
RX_OP_ADD_RX_DCID(empty_conn_id)
|
||||
RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
|
||||
RX_OP_INJECT_N(5)
|
||||
@ -955,6 +960,7 @@ static const unsigned char rx_script_6c_body[] = {
|
||||
};
|
||||
|
||||
static const struct rx_test_op rx_script_6[] = {
|
||||
RX_OP_ALLOW_1RTT()
|
||||
RX_OP_ADD_RX_DCID(empty_conn_id)
|
||||
RX_OP_PROVIDE_SECRET_INITIAL(rx_script_6_c2s_init_dcid)
|
||||
RX_OP_INJECT_N(6)
|
||||
@ -1317,6 +1323,7 @@ static const unsigned char rx_script_7c_body[] = {
|
||||
};
|
||||
|
||||
static const struct rx_test_op rx_script_7[] = {
|
||||
RX_OP_ALLOW_1RTT()
|
||||
RX_OP_ADD_RX_DCID(empty_conn_id)
|
||||
RX_OP_PROVIDE_SECRET_INITIAL(rx_script_7_c2s_init_dcid)
|
||||
RX_OP_INJECT_N(7)
|
||||
@ -1575,6 +1582,7 @@ static const unsigned char rx_script_8f_body[] = {
|
||||
};
|
||||
|
||||
static const struct rx_test_op rx_script_8[] = {
|
||||
RX_OP_ALLOW_1RTT()
|
||||
RX_OP_ADD_RX_DCID(empty_conn_id)
|
||||
/* Inject before we get the keys */
|
||||
RX_OP_INJECT_N(8a)
|
||||
@ -1666,6 +1674,28 @@ static const struct rx_test_op rx_script_8[] = {
|
||||
RX_OP_END
|
||||
};
|
||||
|
||||
/* 9. 1-RTT Deferral Test */
|
||||
static const struct rx_test_op rx_script_9[] = {
|
||||
RX_OP_ADD_RX_DCID(empty_conn_id)
|
||||
RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
|
||||
RX_OP_INJECT_N(5)
|
||||
|
||||
RX_OP_CHECK_PKT_N(5a)
|
||||
RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
|
||||
RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_HANDSHAKE,
|
||||
QRL_SUITE_AES128GCM, rx_script_5_handshake_secret)
|
||||
RX_OP_CHECK_PKT_N(5b)
|
||||
RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
|
||||
RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT,
|
||||
QRL_SUITE_AES128GCM, rx_script_5_1rtt_secret)
|
||||
RX_OP_CHECK_NO_PKT() /* still nothing - 1-RTT not enabled */
|
||||
RX_OP_ALLOW_1RTT()
|
||||
RX_OP_CHECK_PKT_N(5c) /* now we get the 1-RTT packet */
|
||||
RX_OP_CHECK_NO_PKT()
|
||||
|
||||
RX_OP_END
|
||||
};
|
||||
|
||||
static const struct rx_test_op *rx_scripts[] = {
|
||||
rx_script_1,
|
||||
#ifndef OPENSSL_NO_CHACHA
|
||||
@ -1678,7 +1708,8 @@ static const struct rx_test_op *rx_scripts[] = {
|
||||
#ifndef OPENSSL_NO_CHACHA
|
||||
rx_script_7,
|
||||
#endif
|
||||
rx_script_8
|
||||
rx_script_8,
|
||||
rx_script_9
|
||||
};
|
||||
|
||||
struct rx_state {
|
||||
@ -1691,6 +1722,8 @@ struct rx_state {
|
||||
/* Used for the RX depacketizer */
|
||||
SSL_CTX *quic_ssl_ctx;
|
||||
QUIC_CONNECTION *quic_conn;
|
||||
|
||||
int allow_1rtt;
|
||||
};
|
||||
|
||||
static void rx_state_teardown(struct rx_state *s)
|
||||
@ -1744,7 +1777,9 @@ static int rx_state_ensure(struct rx_state *s)
|
||||
&& !TEST_ptr(s->qrx = ossl_qrx_new(&s->args)))
|
||||
return 0;
|
||||
|
||||
ossl_qrx_allow_1rtt_processing(s->qrx);
|
||||
if (s->allow_1rtt)
|
||||
ossl_qrx_allow_1rtt_processing(s->qrx);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1865,6 +1900,13 @@ static int rx_run_script(const struct rx_test_op *script)
|
||||
case RX_TEST_OP_SET_INIT_KEY_PHASE:
|
||||
rx_state_teardown(&s);
|
||||
s.args.init_key_phase_bit = (unsigned char)op->enc_level;
|
||||
break;
|
||||
case RX_TEST_OP_ALLOW_1RTT:
|
||||
s.allow_1rtt = 1;
|
||||
|
||||
if (!TEST_true(rx_state_ensure(&s)))
|
||||
goto err;
|
||||
|
||||
break;
|
||||
default:
|
||||
OPENSSL_assert(0);
|
||||
|
Loading…
Reference in New Issue
Block a user