mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
fc5888ccb6
openssl/test/dtlstest.c
Matt Caswell 4000827fdb Test that swapping the first app data record with Finished msg works 
If the first app data record arrives before the Finished message we should
be able to buffer it and move on to the Finished message.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18868)
2022-08-01 08:08:00 +01:00

643 lines
20 KiB
C
Raw Blame History

/*
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "helpers/ssltestlib.h"
#include "testutil.h"
static char *cert = NULL;
static char *privkey = NULL;
static unsigned int timer_cb_count;
#define NUM_TESTS 2
#define DUMMY_CERT_STATUS_LEN 12
static unsigned char certstatus[] = {
SSL3_RT_HANDSHAKE, /* Content type */
0xfe, 0xfd, /* Record version */
0, 1, /* Epoch */
0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
0, 5, /* Message sequence */
0, 0, 0, /* Fragment offset */
0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
0x80, 0x80, 0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
};
#define RECORD_SEQUENCE 10
static unsigned int timer_cb(SSL *s, unsigned int timer_us)
{
++timer_cb_count;
if (timer_us == 0)
return 50000;
else
return 2 * timer_us;
}
static int test_dtls_unprocessed(int testidx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
BIO *c_to_s_fbio, *c_to_s_mempacket;
int testresult = 0;
timer_cb_count = 0;
if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
#ifndef OPENSSL_NO_DTLS1_2
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
goto end;
#else
/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx,
"AES128-SHA:@SECLEVEL=0")))
goto end;
#endif
c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
if (!TEST_ptr(c_to_s_fbio))
goto end;
/* BIO is freed by create_ssl_connection on error */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
NULL, c_to_s_fbio)))
goto end;
DTLS_set_timer_cb(clientssl1, timer_cb);
if (testidx == 1)
certstatus[RECORD_SEQUENCE] = 0xff;
/*
* Inject a dummy record from the next epoch. In test 0, this should never
* get used because the message sequence number is too big. In test 1 we set
* the record sequence number to be way off in the future.
*/
c_to_s_mempacket = SSL_get_wbio(clientssl1);
c_to_s_mempacket = BIO_next(c_to_s_mempacket);
mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
/*
* Create the connection. We use "create_bare_ssl_connection" here so that
* we can force the connection to not do "SSL_read" once partly connected.
* We don't want to accidentally read the dummy records we injected because
* they will fail to decrypt.
*/
if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
SSL_ERROR_NONE, 0)))
goto end;
if (timer_cb_count == 0) {
printf("timer_callback was not called.\n");
goto end;
}
testresult = 1;
end:
SSL_free(serverssl1);
SSL_free(clientssl1);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#define CLI_TO_SRV_EPOCH_0_RECS 3
#define CLI_TO_SRV_EPOCH_1_RECS 1
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
# define SRV_TO_CLI_EPOCH_0_RECS 10
#else
/*
* In this case we have no ServerKeyExchange message, because we don't have
* ECDHE or DHE. When it is present it gets fragmented into 3 records in this
* test.
*/
# define SRV_TO_CLI_EPOCH_0_RECS 9
#endif
#define SRV_TO_CLI_EPOCH_1_RECS 1
#define TOTAL_FULL_HAND_RECORDS \
(CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS)
#define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3
#define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1
#define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2
#define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1
#define TOTAL_RESUME_HAND_RECORDS \
(CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \
SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS)
#define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS)
/*
* We are assuming a ServerKeyExchange message is sent in this test. If we don't
* have either DH or EC, then it won't be
*/
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
static int test_dtls_drop_records(int idx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
BIO *c_to_s_fbio, *mempackbio;
int testresult = 0;
int epoch = 0;
SSL_SESSION *sess = NULL;
int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0;
if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
#ifdef OPENSSL_NO_DTLS1_2
/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx,
"DEFAULT:@SECLEVEL=0")))
goto end;
#endif
if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
goto end;
if (idx >= TOTAL_FULL_HAND_RECORDS) {
/* We're going to do a resumption handshake. Get a session first. */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_ptr(sess = SSL_get1_session(clientssl)))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS;
cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS;
srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS;
idx -= TOTAL_FULL_HAND_RECORDS;
} else {
cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS;
cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS;
srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS;
}
c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
if (!TEST_ptr(c_to_s_fbio))
goto end;
/* BIO is freed by create_ssl_connection on error */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, c_to_s_fbio)))
goto end;
if (sess != NULL) {
if (!TEST_true(SSL_set_session(clientssl, sess)))
goto end;
}
DTLS_set_timer_cb(clientssl, timer_cb);
DTLS_set_timer_cb(serverssl, timer_cb);
/* Work out which record to drop based on the test number */
if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) {
mempackbio = SSL_get_wbio(serverssl);
idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1;
if (idx >= srv_to_cli_epoch0) {
epoch = 1;
idx -= srv_to_cli_epoch0;
}
} else {
mempackbio = SSL_get_wbio(clientssl);
if (idx >= cli_to_srv_epoch0) {
epoch = 1;
idx -= cli_to_srv_epoch0;
}
mempackbio = BIO_next(mempackbio);
}
BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL);
BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL);
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
if (sess != NULL && !TEST_true(SSL_session_reused(clientssl)))
goto end;
/* If the test did what we planned then it should have dropped a record */
if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0,
NULL), -1))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
static const char dummy_cookie[] = "0123456";
static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len)
{
memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
*cookie_len = sizeof(dummy_cookie);
return 1;
}
static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len)
{
return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
}
static int test_cookie(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
#ifdef OPENSSL_NO_DTLS1_2
/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx,
"DEFAULT:@SECLEVEL=0")))
goto end;
#endif
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_dtls_duplicate_records(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
#ifdef OPENSSL_NO_DTLS1_2
/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx,
"DEFAULT:@SECLEVEL=0")))
goto end;
#endif
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
DTLS_set_timer_cb(clientssl, timer_cb);
DTLS_set_timer_cb(serverssl, timer_cb);
BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test just sending a Finished message as the first message. Should fail due
* to an unexpected message.
*/
static int test_just_finished(void)
{
int testresult = 0, ret;
SSL_CTX *sctx = NULL;
SSL *serverssl = NULL;
BIO *rbio = NULL, *wbio = NULL, *sbio = NULL;
unsigned char buf[] = {
/* Record header */
SSL3_RT_HANDSHAKE, /* content type */
(DTLS1_2_VERSION >> 8) & 0xff, /* protocol version hi byte */
DTLS1_2_VERSION & 0xff, /* protocol version lo byte */
0, 0, /* epoch */
0, 0, 0, 0, 0, 0, /* record sequence */
0, DTLS1_HM_HEADER_LENGTH + SHA_DIGEST_LENGTH, /* record length */
/* Message header */
SSL3_MT_FINISHED, /* message type */
0, 0, SHA_DIGEST_LENGTH, /* message length */
0, 0, /* message sequence */
0, 0, 0, /* fragment offset */
0, 0, SHA_DIGEST_LENGTH, /* fragment length */
/* Message body */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
NULL, 0, 0,
&sctx, NULL, cert, privkey)))
return 0;
#ifdef OPENSSL_NO_DTLS1_2
/* DTLSv1 is not allowed at the default security level */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")))
goto end;
#endif
serverssl = SSL_new(sctx);
rbio = BIO_new(BIO_s_mem());
wbio = BIO_new(BIO_s_mem());
if (!TEST_ptr(serverssl) || !TEST_ptr(rbio) || !TEST_ptr(wbio))
goto end;
sbio = rbio;
SSL_set0_rbio(serverssl, rbio);
SSL_set0_wbio(serverssl, wbio);
rbio = wbio = NULL;
DTLS_set_timer_cb(serverssl, timer_cb);
if (!TEST_int_eq(BIO_write(sbio, buf, sizeof(buf)), sizeof(buf)))
goto end;
/* We expect the attempt to process the message to fail */
if (!TEST_int_le(ret = SSL_accept(serverssl), 0))
goto end;
/* Check that we got the error we were expecting */
if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_SSL))
goto end;
if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_UNEXPECTED_MESSAGE))
goto end;
testresult = 1;
end:
BIO_free(rbio);
BIO_free(wbio);
SSL_free(serverssl);
SSL_CTX_free(sctx);
return testresult;
}
/*
* Test that swapping a record from the next epoch into the current epoch still
* works. Libssl should buffer the record until it needs it.
*/
static int test_swap_epoch(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *sssl = NULL, *cssl = NULL;
int testresult = 0;
BIO *bio;
if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
#ifndef OPENSSL_NO_DTLS1_2
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
goto end;
#else
/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx,
"AES128-SHA:@SECLEVEL=0")))
goto end;
#endif
/* BIO is freed by create_ssl_connection on error */
if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl,
NULL, NULL)))
goto end;
/* Send flight 1: ClientHello */
if (!TEST_int_le(SSL_connect(cssl), 0))
goto end;
/* Recv flight 1, send flight 2: ServerHello, Certificate, ServerHelloDone */
if (!TEST_int_le(SSL_accept(sssl), 0))
goto end;
/* Recv flight 2, send flight 3: ClientKeyExchange, CCS, Finished */
if (!TEST_int_le(SSL_connect(cssl), 0))
goto end;
bio = SSL_get_wbio(cssl);
if (!TEST_ptr(bio)
|| !TEST_true(mempacket_swap_epoch(bio)))
goto end;
/*
* Recv flight 3, send flight 4: CCS, Finished.
* This should work in a single call because we have all the messages we
* need. Even though we had out of order packets, the record for the next
* epoch that we read early should be buffered and used later.
*/
if (!TEST_int_gt(SSL_accept(sssl), 0))
goto end;
/* Recv flight 4 */
if (!TEST_int_gt(SSL_connect(cssl), 0))
goto end;
testresult = 1;
end:
SSL_free(cssl);
SSL_free(sssl);
SSL_CTX_free(cctx);
SSL_CTX_free(sctx);
return testresult;
}
/*
* Test that swapping an app data record so that it is received before the
* Finished message still works.
*/
static int test_swap_app_data(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *sssl = NULL, *cssl = NULL;
int testresult = 0;
BIO *bio;
char msg[] = { 0x00, 0x01, 0x02, 0x03 };
char buf[10];
if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, 0,
&sctx, &cctx, cert, privkey)))
return 0;
#ifndef OPENSSL_NO_DTLS1_2
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
goto end;
#else
/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx,
"AES128-SHA:@SECLEVEL=0")))
goto end;
#endif
if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl,
NULL, NULL)))
goto end;
/* Send flight 1: ClientHello */
if (!TEST_int_le(SSL_connect(cssl), 0))
goto end;
/* Recv flight 1, send flight 2: ServerHello, Certificate, ServerHelloDone */
if (!TEST_int_le(SSL_accept(sssl), 0))
goto end;
/* Recv flight 2, send flight 3: ClientKeyExchange, CCS, Finished */
if (!TEST_int_le(SSL_connect(cssl), 0))
goto end;
/* Recv flight 3, send flight 4: datagram 1(NST, CCS) datagram 2(Finished) */
if (!TEST_int_gt(SSL_accept(sssl), 0))
goto end;
/* Send flight 5: app data */
if (!TEST_int_eq(SSL_write(sssl, msg, sizeof(msg)), (int)sizeof(msg)))
goto end;
bio = SSL_get_wbio(sssl);
if (!TEST_ptr(bio)
|| !TEST_true(mempacket_swap_recent(bio)))
goto end;
/*
* Recv flight 4 (datagram 1): NST, CCS, + flight 5: app data
* + flight 4 (datagram 2): Finished
*/
if (!TEST_int_gt(SSL_connect(cssl), 0))
goto end;
/* The app data should be buffered already */
if (!TEST_int_eq(SSL_pending(cssl), (int)sizeof(msg))
|| !TEST_true(SSL_has_pending(cssl)))
goto end;
/*
* Recv flight 5 (app data)
* We already buffered this so it should be available.
*/
if (!TEST_int_eq(SSL_read(cssl, buf, sizeof(buf)), (int)sizeof(msg)))
goto end;
testresult = 1;
end:
SSL_free(cssl);
SSL_free(sssl);
SSL_CTX_free(cctx);
SSL_CTX_free(sctx);
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
return 0;
}
if (!TEST_ptr(cert = test_get_argument(0))
|| !TEST_ptr(privkey = test_get_argument(1)))
return 0;
ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
#endif
ADD_TEST(test_cookie);
ADD_TEST(test_dtls_duplicate_records);
ADD_TEST(test_just_finished);
ADD_TEST(test_swap_epoch);
ADD_TEST(test_swap_app_data);
return 1;
}
void cleanup_tests(void)
{
bio_f_tls_dump_filter_free();
bio_s_mempacket_test_free();
}
Reference in New Issue View Git Blame Copy Permalink