quicfaultstest.c

最後變更在這個檔案是 108206,由 vboxsync 提交於 4 週前
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 11.4 KB

行
1	/*
2	* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <string.h>
11	#include <openssl/ssl.h>
12	#include "helpers/quictestlib.h"
13	#include "internal/quic_error.h"
14	#include "testutil.h"
15
16	static char *cert = NULL;
17	static char *privkey = NULL;
18
19	/*
20	* Basic test that just creates a connection and sends some data without any
21	* faults injected.
22	*/
23	static int test_basic(void)
24	{
25	int testresult = 0;
26	SSL_CTX *cctx = SSL_CTX_new(OSSL_QUIC_client_method());
27	QUIC_TSERVER *qtserv = NULL;
28	SSL *cssl = NULL;
29	char *msg = "Hello World!";
30	size_t msglen = strlen(msg);
31	unsigned char buf[80];
32	size_t bytesread;
33
34	if (!TEST_ptr(cctx))
35	goto err;
36
37	if (!TEST_true(qtest_create_quic_objects(NULL, cctx, NULL, cert, privkey, 0,
38	&qtserv, &cssl, NULL, NULL)))
39	goto err;
40
41	if (!TEST_true(qtest_create_quic_connection(qtserv, cssl)))
42	goto err;
43
44	if (!TEST_int_eq(SSL_write(cssl, msg, msglen), msglen))
45	goto err;
46
47	ossl_quic_tserver_tick(qtserv);
48	if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf), &bytesread)))
49	goto err;
50
51	/*
52	* We assume the entire message is read from the server in one go. In
53	* theory this could get fragmented but its a small message so we assume
54	* not.
55	*/
56	if (!TEST_mem_eq(msg, msglen, buf, bytesread))
57	goto err;
58
59	testresult = 1;
60	err:
61	SSL_free(cssl);
62	ossl_quic_tserver_free(qtserv);
63	SSL_CTX_free(cctx);
64	return testresult;
65	}
66
67	/*
68	* Test that adding an unknown frame type is handled correctly
69	*/
70	static int add_unknown_frame_cb(QTEST_FAULT fault, QUIC_PKT_HDR hdr,
71	unsigned char buf, size_t len, void cbarg)
72	{
73	static size_t done = 0;
74	/*
75	* There are no "reserved" frame types which are definitately safe for us
76	* to use for testing purposes - but we just use the highest possible
77	* value (8 byte length integer) and with no payload bytes
78	*/
79	unsigned char unknown_frame[] = {
80	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
81	};
82
83	/* We only ever add the unknown frame to one packet */
84	if (done++)
85	return 1;
86
87	return qtest_fault_prepend_frame(fault, unknown_frame,
88	sizeof(unknown_frame));
89	}
90
91	static int test_unknown_frame(void)
92	{
93	int testresult = 0, ret;
94	SSL_CTX *cctx = SSL_CTX_new(OSSL_QUIC_client_method());
95	QUIC_TSERVER *qtserv = NULL;
96	SSL *cssl = NULL;
97	char *msg = "Hello World!";
98	size_t msglen = strlen(msg);
99	unsigned char buf[80];
100	size_t byteswritten;
101	QTEST_FAULT *fault = NULL;
102	uint64_t sid = UINT64_MAX;
103
104	if (!TEST_ptr(cctx))
105	goto err;
106
107	if (!TEST_true(qtest_create_quic_objects(NULL, cctx, NULL, cert, privkey, 0,
108	&qtserv, &cssl, &fault, NULL)))
109	goto err;
110
111	if (!TEST_true(qtest_create_quic_connection(qtserv, cssl)))
112	goto err;
113
114	/*
115	* Write a message from the server to the client and add an unknown frame
116	* type
117	*/
118	if (!TEST_true(qtest_fault_set_packet_plain_listener(fault,
119	add_unknown_frame_cb,
120	NULL)))
121	goto err;
122
123	if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, /is_uni=/0, &sid))
124	\|\| !TEST_uint64_t_eq(sid, 1))
125	goto err;
126
127	if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg, msglen,
128	&byteswritten)))
129	goto err;
130
131	if (!TEST_size_t_eq(msglen, byteswritten))
132	goto err;
133
134	ossl_quic_tserver_tick(qtserv);
135	if (!TEST_true(SSL_handle_events(cssl)))
136	goto err;
137
138	if (!TEST_int_le(ret = SSL_read(cssl, buf, sizeof(buf)), 0))
139	goto err;
140
141	if (!TEST_int_eq(SSL_get_error(cssl, ret), SSL_ERROR_SSL))
142	goto err;
143
144	if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()),
145	SSL_R_QUIC_PROTOCOL_ERROR))
146	goto err;
147
148	if (!TEST_true(qtest_check_server_frame_encoding_err(qtserv)))
149	goto err;
150
151	testresult = 1;
152	err:
153	qtest_fault_free(fault);
154	SSL_free(cssl);
155	ossl_quic_tserver_free(qtserv);
156	SSL_CTX_free(cctx);
157	return testresult;
158	}
159
160	/*
161	* Test that a server that fails to provide transport params cannot be
162	* connected to.
163	*/
164	static int drop_extensions_cb(QTEST_FAULT *fault,
165	QTEST_ENCRYPTED_EXTENSIONS *ee,
166	size_t eelen, void *encextcbarg)
167	{
168	int ext = (int )encextcbarg;
169
170	if (!qtest_fault_delete_extension(fault, *ext, ee->extensions,
171	&ee->extensionslen, NULL))
172	return 0;
173
174	return 1;
175	}
176
177	static int test_drop_extensions(int idx)
178	{
179	int testresult = 0;
180	SSL_CTX *cctx = SSL_CTX_new(OSSL_QUIC_client_method());
181	QUIC_TSERVER *qtserv = NULL;
182	SSL *cssl = NULL;
183	QTEST_FAULT *fault = NULL;
184	int ext, err;
185
186	if (!TEST_ptr(cctx))
187	goto err;
188
189	if (!TEST_true(qtest_create_quic_objects(NULL, cctx, NULL, cert, privkey, 0,
190	&qtserv, &cssl, &fault, NULL)))
191	goto err;
192
193	if (idx == 0) {
194	ext = TLSEXT_TYPE_quic_transport_parameters;
195	err = OSSL_QUIC_ERR_CRYPTO_MISSING_EXT;
196	} else {
197	ext = TLSEXT_TYPE_application_layer_protocol_negotiation;
198	err = OSSL_QUIC_ERR_CRYPTO_NO_APP_PROTO;
199	}
200
201	if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(fault,
202	drop_extensions_cb,
203	&ext)))
204	goto err;
205
206	/*
207	* We expect the connection to fail because the server failed to provide
208	* transport parameters
209	*/
210	if (!TEST_false(qtest_create_quic_connection(qtserv, cssl)))
211	goto err;
212
213	if (!TEST_true(qtest_check_server_transport_err(qtserv, err)))
214	goto err;
215
216	testresult = 1;
217	err:
218	qtest_fault_free(fault);
219	SSL_free(cssl);
220	ossl_quic_tserver_free(qtserv);
221	SSL_CTX_free(cctx);
222	return testresult;
223	}
224
225	/*
226	* Test that corrupted packets/datagrams are dropped and retransmitted
227	*/
228	static int docorrupt = 0;
229
230	static int on_packet_cipher_cb(QTEST_FAULT fault, QUIC_PKT_HDR hdr,
231	unsigned char buf, size_t len, void cbarg)
232	{
233	if (!docorrupt \|\| len == 0)
234	return 1;
235
236	buf[(size_t)test_random() % len] ^= 0xff;
237	docorrupt = 0;
238
239	return 1;
240	}
241
242	static int on_datagram_cb(QTEST_FAULT fault, BIO_MSG m, size_t stride,
243	void *cbarg)
244	{
245	if (!docorrupt \|\| m->data_len == 0)
246	return 1;
247
248	if (!qtest_fault_resize_datagram(fault, m->data_len - 1))
249	return 1;
250
251	docorrupt = 0;
252
253	return 1;
254	}
255
256	/*
257	* Test 1: Corrupt by flipping bits in an encrypted packet
258	* Test 2: Corrupt by truncating an entire datagram
259	*/
260	static int test_corrupted_data(int idx)
261	{
262	QTEST_FAULT *fault = NULL;
263	int testresult = 0;
264	SSL_CTX *cctx = SSL_CTX_new(OSSL_QUIC_client_method());
265	QUIC_TSERVER *qtserv = NULL;
266	SSL *cssl = NULL;
267	char *msg = "Hello World!";
268	size_t msglen = strlen(msg);
269	unsigned char buf[80];
270	size_t bytesread, byteswritten;
271	uint64_t sid = UINT64_MAX;
272
273	if (!TEST_ptr(cctx))
274	goto err;
275
276	if (!TEST_true(qtest_create_quic_objects(NULL, cctx, NULL, cert, privkey,
277	QTEST_FLAG_FAKE_TIME, &qtserv,
278	&cssl, &fault, NULL)))
279	goto err;
280
281	if (idx == 0) {
282	/* Listen for encrypted packets being sent */
283	if (!TEST_true(qtest_fault_set_packet_cipher_listener(fault,
284	on_packet_cipher_cb,
285	NULL)))
286	goto err;
287	} else {
288	/* Listen for datagrams being sent */
289	if (!TEST_true(qtest_fault_set_datagram_listener(fault,
290	on_datagram_cb,
291	NULL)))
292	goto err;
293	}
294	if (!TEST_true(qtest_create_quic_connection(qtserv, cssl)))
295	goto err;
296
297	/* Corrupt the next server packet*/
298	docorrupt = 1;
299
300	if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, /is_uni=/0, &sid))
301	\|\| !TEST_uint64_t_eq(sid, 1))
302	goto err;
303
304	/*
305	* Send first 5 bytes of message. This will get corrupted and is treated as
306	* "lost"
307	*/
308	if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg, 5,
309	&byteswritten)))
310	goto err;
311
312	if (!TEST_size_t_eq(byteswritten, 5))
313	goto err;
314
315	/*
316	* Introduce a small delay so that the above packet has time to be detected
317	* as lost. Loss detection times are based on RTT which should be very
318	* fast for us since there isn't really a network. The loss delay timer is
319	* always at least 1ms though. We skip forward 100ms
320	*/
321	qtest_add_time(100);
322
323	/* Send rest of message */
324	if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg + 5,
325	msglen - 5, &byteswritten)))
326	goto err;
327
328	if (!TEST_size_t_eq(byteswritten, msglen - 5))
329	goto err;
330
331	/*
332	* Receive the corrupted packet. This should get dropped and is effectively
333	* "lost". We also process the second packet which should be decrypted
334	* successfully. Therefore we ack the frames in it
335	*/
336	if (!TEST_true(SSL_handle_events(cssl)))
337	goto err;
338
339	/*
340	* Process the ack. Detect that the first part of the message must have
341	* been lost due to the time elapsed since it was sent and resend it
342	*/
343	ossl_quic_tserver_tick(qtserv);
344
345	/* Receive and process the newly arrived message data resend */
346	if (!TEST_true(SSL_handle_events(cssl)))
347	goto err;
348
349	/* The whole message should now have arrived */
350	if (!TEST_true(SSL_read_ex(cssl, buf, sizeof(buf), &bytesread)))
351	goto err;
352
353	if (!TEST_mem_eq(msg, msglen, buf, bytesread))
354	goto err;
355
356	/*
357	* If the test was successful then we corrupted exactly one packet and
358	* docorrupt was reset
359	*/
360	if (!TEST_false(docorrupt))
361	goto err;
362
363	testresult = 1;
364	err:
365	qtest_fault_free(fault);
366	SSL_free(cssl);
367	ossl_quic_tserver_free(qtserv);
368	SSL_CTX_free(cctx);
369	return testresult;
370	}
371
372	OPT_TEST_DECLARE_USAGE("certsdir\n")
373
374	int setup_tests(void)
375	{
376	char *certsdir = NULL;
377
378	if (!test_skip_common_options()) {
379	TEST_error("Error parsing test options\n");
380	return 0;
381	}
382
383	if (!TEST_ptr(certsdir = test_get_argument(0)))
384	return 0;
385
386	cert = test_mk_file_path(certsdir, "servercert.pem");
387	if (cert == NULL)
388	goto err;
389
390	privkey = test_mk_file_path(certsdir, "serverkey.pem");
391	if (privkey == NULL)
392	goto err;
393
394	ADD_TEST(test_basic);
395	ADD_TEST(test_unknown_frame);
396	ADD_ALL_TESTS(test_drop_extensions, 2);
397	ADD_ALL_TESTS(test_corrupted_data, 2);
398
399	return 1;
400
401	err:
402	OPENSSL_free(cert);
403	OPENSSL_free(privkey);
404	return 0;
405	}
406
407	void cleanup_tests(void)
408	{
409	OPENSSL_free(cert);
410	OPENSSL_free(privkey);
411	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.3.2/test/quicfaultstest.c

以其他格式下載: