[thirdparty/openssl.git] / test / dtlsv1listentest.c

/*
 * Written by Matt Caswell for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <string.h>
#include <sys/socket.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#include <openssl/engine.h>
#include "e_os.h"

/* Just a ClientHello without a cookie */
const unsigned char clienthello_nocookie[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x3A, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x2E, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x2E, /* Fragment length */
    0xFE, 0xFD, /* DTLSv1.2 */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00, /* Session id len */
    0x00, /* Cookie len */
    0x00, 0x04, /* Ciphersuites len */
    0x00, 0x2f, /* AES128-SHA */
    0x00, 0xff, /* Empty reneg info SCSV */
    0x01, /* Compression methods len */
    0x00, /* Null compression */
    0x00, 0x00 /* Extensions len */
};

/* First fragment of a ClientHello without a cookie */
const unsigned char clienthello_nocookie_frag[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x30, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x2E, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x24, /* Fragment length */
    0xFE, 0xFD, /* DTLSv1.2 */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00, /* Session id len */
    0x00 /* Cookie len */
};

/* First fragment of a ClientHello which is too short */
const unsigned char clienthello_nocookie_short[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x2F, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x2E, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x23, /* Fragment length */
    0xFE, 0xFD, /* DTLSv1.2 */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00 /* Session id len */
};

/* Second fragment of a ClientHello */
const unsigned char clienthello_2ndfrag[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x38, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x2E, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x02, /* Fragment offset */
    0x00, 0x00, 0x2C, /* Fragment length */
    /* Version skipped - sent in first fragment */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00, /* Session id len */
    0x00, /* Cookie len */
    0x00, 0x04, /* Ciphersuites len */
    0x00, 0x2f, /* AES128-SHA */
    0x00, 0xff, /* Empty reneg info SCSV */
    0x01, /* Compression methods len */
    0x00, /* Null compression */
    0x00, 0x00 /* Extensions len */
};

/* A ClientHello with a good cookie */
const unsigned char clienthello_cookie[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x4E, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x42, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x42, /* Fragment length */
    0xFE, 0xFD, /* DTLSv1.2 */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00, /* Session id len */
    0x14, /* Cookie len */
    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */
    0x00, 0x04, /* Ciphersuites len */
    0x00, 0x2f, /* AES128-SHA */
    0x00, 0xff, /* Empty reneg info SCSV */
    0x01, /* Compression methods len */
    0x00, /* Null compression */
    0x00, 0x00 /* Extensions len */
};

/* A fragmented ClientHello with a good cookie */
const unsigned char clienthello_cookie_frag[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x44, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x42, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x38, /* Fragment length */
    0xFE, 0xFD, /* DTLSv1.2 */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00, /* Session id len */
    0x14, /* Cookie len */
    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
};


/* A ClientHello with a bad cookie */
const unsigned char clienthello_badcookie[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x4E, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x42, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x42, /* Fragment length */
    0xFE, 0xFD, /* DTLSv1.2 */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00, /* Session id len */
    0x14, /* Cookie len */
    0x01, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */
    0x00, 0x04, /* Ciphersuites len */
    0x00, 0x2f, /* AES128-SHA */
    0x00, 0xff, /* Empty reneg info SCSV */
    0x01, /* Compression methods len */
    0x00, /* Null compression */
    0x00, 0x00 /* Extensions len */
};

/* A fragmented ClientHello with the fragment boundary mid cookie */
const unsigned char clienthello_cookie_short[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x43, /* Record Length */
    0x01, /* ClientHello */
    0x00, 0x00, 0x42, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x37, /* Fragment length */
    0xFE, 0xFD, /* DTLSv1.2 */
    0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
    0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
    0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
    0x00, /* Session id len */
    0x14, /* Cookie len */
    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12 /* Cookie */
};

/* Bad record - too short */
const unsigned char record_short[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /* Record sequence number */
};

const unsigned char verify[] = {
    0x16, /* Handshake */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x00, 0x00, /* Epoch */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
    0x00, 0x23, /* Record Length */
    0x03, /* HelloVerifyRequest */
    0x00, 0x00, 0x17, /* Message length */
    0x00, 0x00, /* Message sequence */
    0x00, 0x00, 0x00, /* Fragment offset */
    0x00, 0x00, 0x17, /* Fragment length */
    0xFE, 0xFF, /* DTLSv1.0 */
    0x14, /* Cookie len */
    0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
};

struct {
    const unsigned char *in;
    unsigned int inlen;
    /*
     * GOOD == positive return value from DTLSv1_listen, no output yet
     * VERIFY == 0 return value, HelloVerifyRequest sent
     * DROP == 0 return value, no output
     */
    enum {GOOD, VERIFY, DROP} outtype;
} testpackets[9] = {
    {
        clienthello_nocookie,
        sizeof(clienthello_nocookie),
        VERIFY
    },
    {
        clienthello_nocookie_frag,
        sizeof(clienthello_nocookie_frag),
        VERIFY
    },
    {
        clienthello_nocookie_short,
        sizeof(clienthello_nocookie_short),
        DROP
    },
    {
        clienthello_2ndfrag,
        sizeof(clienthello_2ndfrag),
        DROP
    },
    {
        clienthello_cookie,
        sizeof(clienthello_cookie),
        GOOD
    },
    {
        clienthello_cookie_frag,
        sizeof(clienthello_cookie_frag),
        GOOD
    },
    {
        clienthello_badcookie,
        sizeof(clienthello_badcookie),
        VERIFY
    },
    {
        clienthello_cookie_short,
        sizeof(clienthello_cookie_short),
        DROP
    },
    {
        record_short,
        sizeof(record_short),
        DROP
    }
};

#define COOKIE_LEN  20

static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
{
    unsigned int i;

    for (i = 0; i < COOKIE_LEN; i++, cookie++) {
        *cookie = i;
    }
    *cookie_len = COOKIE_LEN;

    return 1;
}

static int cookie_verify(SSL *ssl, const unsigned char *cookie,
                         unsigned int cookie_len)
{
    unsigned int i;

    if (cookie_len != COOKIE_LEN)
        return 0;

    for (i = 0; i < COOKIE_LEN; i++, cookie++) {
        if (*cookie != i)
            return 0;
    }

    return 1;
}

int main(void)
{
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    BIO *outbio = NULL;
    BIO *inbio = NULL;
    BIO_ADDR *peer = BIO_ADDR_new();
    char *data;
    long datalen;
    int ret, success = 0;
    size_t i;

    /* Initialise libssl */
    SSL_load_error_strings();
    SSL_library_init();

    ctx = SSL_CTX_new(DTLS_server_method());
    if (ctx == NULL || peer == NULL)
        goto err;

    SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen);
    SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify);

    /* Create an SSL object for the connection */
    ssl = SSL_new(ctx);
    if (ssl == NULL)
        goto err;

    outbio = BIO_new(BIO_s_mem());
    if (outbio == NULL)
        goto err;
    SSL_set_wbio(ssl, outbio);

    success = 1;
    for (i = 0; i < OSSL_NELEM(testpackets) && success; i++) {
        inbio = BIO_new_mem_buf((char *)testpackets[i].in,
                                testpackets[i].inlen);
        if (inbio == NULL) {
            success = 0;
            goto err;
        }
        /* Set Non-blocking IO behaviour */
        BIO_set_mem_eof_return(inbio, -1);

        SSL_set_rbio(ssl, inbio);

        /* Process the incoming packet */
        ret = DTLSv1_listen(ssl, peer);
        if (ret < 0) {
            success = 0;
            goto err;
        }

        datalen = BIO_get_mem_data(outbio, &data);

        if (testpackets[i].outtype == VERIFY) {
            if (ret == 0) {
                if (datalen != sizeof(verify)
                        || (memcmp(data, verify, sizeof(verify)) != 0)) {
                    printf("Test %ld failure: incorrect HelloVerifyRequest\n", i);
                    success = 0;
                } else {
                    printf("Test %ld success\n", i);
                }
            } else {
                printf ("Test %ld failure: should not have succeeded\n", i);
                success = 0;
            }
        } else if (datalen == 0) {
            if ((ret == 0 && testpackets[i].outtype == DROP)
                    || (ret == 1 && testpackets[i].outtype == GOOD)) {
                printf("Test %ld success\n", i);
            } else {
                printf("Test %ld failure: wrong return value\n", i);
                success = 0;
            }
        } else {
            printf("Test %ld failure: Unexpected data output\n", i);
            success = 0;
        }
        (void)BIO_reset(outbio);
        inbio = NULL;
        /* Frees up inbio */
        SSL_set_rbio(ssl, NULL);
    }

 err:
    if (!success)
        ERR_print_errors_fp(stderr);
    /* Also frees up outbio */
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    BIO_free(inbio);
    /* Unitialise libssl */
#ifndef OPENSSL_NO_ENGINE
    ENGINE_cleanup();
#endif
    CONF_modules_unload(1);
    CRYPTO_cleanup_all_ex_data();
    EVP_cleanup();
    ERR_remove_thread_state(NULL);
    ERR_free_strings();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
    CRYPTO_mem_leaks_fp(stderr);
#endif
    return success ? 0 : 1;
}
Commit	Line	Data
ce0865d8 MC	1	/*
	2	* Written by Matt Caswell for the OpenSSL project.
	3	*/
	4	/* ====================================================================
	5	* Copyright (c) 2016 The OpenSSL Project. All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	*
	11	* 1. Redistributions of source code must retain the above copyright
	12	* notice, this list of conditions and the following disclaimer.
	13	*
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in
	16	* the documentation and/or other materials provided with the
	17	* distribution.
	18	*
	19	* 3. All advertising materials mentioning features or use of this
	20	* software must display the following acknowledgment:
	21	* "This product includes software developed by the OpenSSL Project
	22	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	23	*
	24	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	25	* endorse or promote products derived from this software without
	26	* prior written permission. For written permission, please contact
	27	* openssl-core@openssl.org.
	28	*
	29	* 5. Products derived from this software may not be called "OpenSSL"
	30	* nor may "OpenSSL" appear in their names without prior written
	31	* permission of the OpenSSL Project.
	32	*
	33	* 6. Redistributions of any form whatsoever must retain the following
	34	* acknowledgment:
	35	* "This product includes software developed by the OpenSSL Project
	36	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	37	*
	38	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	39	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	40	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	41	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	42	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	43	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	44	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	45	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	46	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	47	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	48	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	49	* OF THE POSSIBILITY OF SUCH DAMAGE.
	50	* ====================================================================
	51	*
	52	* This product includes cryptographic software written by Eric Young
	53	* (eay@cryptsoft.com). This product includes software written by Tim
	54	* Hudson (tjh@cryptsoft.com).
	55	*
	56	*/
	57
	58	#include <string.h>
	59	#include <sys/socket.h>
	60	#include <openssl/ssl.h>
	61	#include <openssl/bio.h>
	62	#include <openssl/err.h>
	63	#include <openssl/conf.h>
	64	#include <openssl/engine.h>
65	#include "e_os.h"
66
67	/* Just a ClientHello without a cookie */
68	const unsigned char clienthello_nocookie[] = {
69	0x16, /* Handshake */
70	0xFE, 0xFF, /* DTLSv1.0 */
71	0x00, 0x00, /* Epoch */
72	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
73	0x00, 0x3A, /* Record Length */
74	0x01, /* ClientHello */
75	0x00, 0x00, 0x2E, /* Message length */
76	0x00, 0x00, /* Message sequence */
77	0x00, 0x00, 0x00, /* Fragment offset */
78	0x00, 0x00, 0x2E, /* Fragment length */
79	0xFE, 0xFD, /* DTLSv1.2 */
80	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
81	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
82	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
83	0x00, /* Session id len */
84	0x00, /* Cookie len */
85	0x00, 0x04, /* Ciphersuites len */
86	0x00, 0x2f, /* AES128-SHA */
87	0x00, 0xff, /* Empty reneg info SCSV */
88	0x01, /* Compression methods len */
89	0x00, /* Null compression */
90	0x00, 0x00 /* Extensions len */
91	};
92
93	/* First fragment of a ClientHello without a cookie */
94	const unsigned char clienthello_nocookie_frag[] = {
95	0x16, /* Handshake */
96	0xFE, 0xFF, /* DTLSv1.0 */
97	0x00, 0x00, /* Epoch */
98	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
99	0x00, 0x30, /* Record Length */
100	0x01, /* ClientHello */
101	0x00, 0x00, 0x2E, /* Message length */
102	0x00, 0x00, /* Message sequence */
103	0x00, 0x00, 0x00, /* Fragment offset */
104	0x00, 0x00, 0x24, /* Fragment length */
105	0xFE, 0xFD, /* DTLSv1.2 */
106	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
107	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
108	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
109	0x00, /* Session id len */
110	0x00 /* Cookie len */
111	};
112
113	/* First fragment of a ClientHello which is too short */
114	const unsigned char clienthello_nocookie_short[] = {
115	0x16, /* Handshake */
116	0xFE, 0xFF, /* DTLSv1.0 */
117	0x00, 0x00, /* Epoch */
118	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
119	0x00, 0x2F, /* Record Length */
120	0x01, /* ClientHello */
121	0x00, 0x00, 0x2E, /* Message length */
122	0x00, 0x00, /* Message sequence */
123	0x00, 0x00, 0x00, /* Fragment offset */
124	0x00, 0x00, 0x23, /* Fragment length */
125	0xFE, 0xFD, /* DTLSv1.2 */
126	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
127	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
128	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
129	0x00 /* Session id len */
130	};
131
132	/* Second fragment of a ClientHello */
133	const unsigned char clienthello_2ndfrag[] = {
134	0x16, /* Handshake */
135	0xFE, 0xFF, /* DTLSv1.0 */
136	0x00, 0x00, /* Epoch */
137	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
138	0x00, 0x38, /* Record Length */
139	0x01, /* ClientHello */
140	0x00, 0x00, 0x2E, /* Message length */
141	0x00, 0x00, /* Message sequence */
142	0x00, 0x00, 0x02, /* Fragment offset */
143	0x00, 0x00, 0x2C, /* Fragment length */
144	/* Version skipped - sent in first fragment */
145	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
146	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
147	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
148	0x00, /* Session id len */
149	0x00, /* Cookie len */
150	0x00, 0x04, /* Ciphersuites len */
151	0x00, 0x2f, /* AES128-SHA */
152	0x00, 0xff, /* Empty reneg info SCSV */
153	0x01, /* Compression methods len */
154	0x00, /* Null compression */
155	0x00, 0x00 /* Extensions len */
156	};
157
158	/* A ClientHello with a good cookie */
159	const unsigned char clienthello_cookie[] = {
160	0x16, /* Handshake */
161	0xFE, 0xFF, /* DTLSv1.0 */
162	0x00, 0x00, /* Epoch */
163	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
164	0x00, 0x4E, /* Record Length */
165	0x01, /* ClientHello */
166	0x00, 0x00, 0x42, /* Message length */
167	0x00, 0x00, /* Message sequence */
168	0x00, 0x00, 0x00, /* Fragment offset */
169	0x00, 0x00, 0x42, /* Fragment length */
170	0xFE, 0xFD, /* DTLSv1.2 */
171	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
172	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
173	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
174	0x00, /* Session id len */
175	0x14, /* Cookie len */
176	0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
177	0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */
178	0x00, 0x04, /* Ciphersuites len */
179	0x00, 0x2f, /* AES128-SHA */
180	0x00, 0xff, /* Empty reneg info SCSV */
181	0x01, /* Compression methods len */
182	0x00, /* Null compression */
183	0x00, 0x00 /* Extensions len */
184	};
185
186	/* A fragmented ClientHello with a good cookie */
187	const unsigned char clienthello_cookie_frag[] = {
188	0x16, /* Handshake */
189	0xFE, 0xFF, /* DTLSv1.0 */
190	0x00, 0x00, /* Epoch */
191	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
192	0x00, 0x44, /* Record Length */
193	0x01, /* ClientHello */
194	0x00, 0x00, 0x42, /* Message length */
195	0x00, 0x00, /* Message sequence */
196	0x00, 0x00, 0x00, /* Fragment offset */
197	0x00, 0x00, 0x38, /* Fragment length */
198	0xFE, 0xFD, /* DTLSv1.2 */
199	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
200	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
201	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
202	0x00, /* Session id len */
203	0x14, /* Cookie len */
204	0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
205	0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
206	};
207
208
209	/* A ClientHello with a bad cookie */
210	const unsigned char clienthello_badcookie[] = {
211	0x16, /* Handshake */
212	0xFE, 0xFF, /* DTLSv1.0 */
213	0x00, 0x00, /* Epoch */
214	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
215	0x00, 0x4E, /* Record Length */
216	0x01, /* ClientHello */
217	0x00, 0x00, 0x42, /* Message length */
218	0x00, 0x00, /* Message sequence */
219	0x00, 0x00, 0x00, /* Fragment offset */
220	0x00, 0x00, 0x42, /* Fragment length */
221	0xFE, 0xFD, /* DTLSv1.2 */
222	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
223	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
224	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
225	0x00, /* Session id len */
226	0x14, /* Cookie len */
227	0x01, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
228	0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, /* Cookie */
229	0x00, 0x04, /* Ciphersuites len */
230	0x00, 0x2f, /* AES128-SHA */
231	0x00, 0xff, /* Empty reneg info SCSV */
232	0x01, /* Compression methods len */
233	0x00, /* Null compression */
234	0x00, 0x00 /* Extensions len */
235	};
236
237	/* A fragmented ClientHello with the fragment boundary mid cookie */
238	const unsigned char clienthello_cookie_short[] = {
239	0x16, /* Handshake */
240	0xFE, 0xFF, /* DTLSv1.0 */
241	0x00, 0x00, /* Epoch */
242	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
243	0x00, 0x43, /* Record Length */
244	0x01, /* ClientHello */
245	0x00, 0x00, 0x42, /* Message length */
246	0x00, 0x00, /* Message sequence */
247	0x00, 0x00, 0x00, /* Fragment offset */
248	0x00, 0x00, 0x37, /* Fragment length */
249	0xFE, 0xFD, /* DTLSv1.2 */
250	0xCA, 0x18, 0x9F, 0x76, 0xEC, 0x57, 0xCE, 0xE5, 0xB3, 0xAB, 0x79, 0x90,
251	0xAD, 0xAC, 0x6E, 0xD1, 0x58, 0x35, 0x03, 0x97, 0x16, 0x10, 0x82, 0x56,
252	0xD8, 0x55, 0xFF, 0xE1, 0x8A, 0xA3, 0x2E, 0xF6, /* Random */
253	0x00, /* Session id len */
254	0x14, /* Cookie len */
255	0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
256	0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12 /* Cookie */
257	};
258
259	/* Bad record - too short */
260	const unsigned char record_short[] = {
261	0x16, /* Handshake */
262	0xFE, 0xFF, /* DTLSv1.0 */
263	0x00, 0x00, /* Epoch */
264	0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /* Record sequence number */
265	};
266
267	const unsigned char verify[] = {
268	0x16, /* Handshake */
269	0xFE, 0xFF, /* DTLSv1.0 */
270	0x00, 0x00, /* Epoch */
271	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Record sequence number */
272	0x00, 0x23, /* Record Length */
273	0x03, /* HelloVerifyRequest */
274	0x00, 0x00, 0x17, /* Message length */
275	0x00, 0x00, /* Message sequence */
276	0x00, 0x00, 0x00, /* Fragment offset */
277	0x00, 0x00, 0x17, /* Fragment length */
278	0xFE, 0xFF, /* DTLSv1.0 */
279	0x14, /* Cookie len */
280	0x00, 0x01, 0x02, 0x03, 0x04, 005, 0x06, 007, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
281	0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
282	};
283
284	struct {
285	const unsigned char *in;
286	unsigned int inlen;
287	/*
288	* GOOD == positive return value from DTLSv1_listen, no output yet
289	* VERIFY == 0 return value, HelloVerifyRequest sent
290	* DROP == 0 return value, no output
291	*/
292	enum {GOOD, VERIFY, DROP} outtype;
293	} testpackets[9] = {
294	{
295	clienthello_nocookie,
296	sizeof(clienthello_nocookie),
297	VERIFY
298	},
299	{
300	clienthello_nocookie_frag,
301	sizeof(clienthello_nocookie_frag),
302	VERIFY
303	},
304	{
305	clienthello_nocookie_short,
306	sizeof(clienthello_nocookie_short),
307	DROP
308	},
309	{
310	clienthello_2ndfrag,
311	sizeof(clienthello_2ndfrag),
312	DROP
313	},
314	{
315	clienthello_cookie,
316	sizeof(clienthello_cookie),
317	GOOD
318	},
319	{
320	clienthello_cookie_frag,
321	sizeof(clienthello_cookie_frag),
322	GOOD
323	},
324	{
325	clienthello_badcookie,
326	sizeof(clienthello_badcookie),
327	VERIFY
328	},
329	{
330	clienthello_cookie_short,
331	sizeof(clienthello_cookie_short),
332	DROP
333	},
334	{
335	record_short,
336	sizeof(record_short),
337	DROP
338	}
339	};
340
341	#define COOKIE_LEN 20
342
343	static int cookie_gen(SSL ssl, unsigned char cookie, unsigned int *cookie_len)
344	{
345	unsigned int i;
346
347	for (i = 0; i < COOKIE_LEN; i++, cookie++) {
348	*cookie = i;
349	}
350	*cookie_len = COOKIE_LEN;
351
352	return 1;
353	}
354
355	static int cookie_verify(SSL ssl, const unsigned char cookie,
356	unsigned int cookie_len)
357	{
358	unsigned int i;
359
360	if (cookie_len != COOKIE_LEN)
361	return 0;
362
363	for (i = 0; i < COOKIE_LEN; i++, cookie++) {
364	if (*cookie != i)
365	return 0;
366	}
367
368	return 1;
369	}
370
371	int main(void)
372	{
373	SSL_CTX *ctx = NULL;
374	SSL *ssl = NULL;
375	BIO *outbio = NULL;
376	BIO *inbio = NULL;
377	BIO_ADDR *peer = BIO_ADDR_new();
378	char *data;
379	long datalen;
380	int ret, success = 0;
381	size_t i;
382
383	/* Initialise libssl */
384	SSL_load_error_strings();
385	SSL_library_init();
386
387	ctx = SSL_CTX_new(DTLS_server_method());
388	if (ctx == NULL \|\| peer == NULL)
389	goto err;
390
391	SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen);
392	SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify);
393
394	/* Create an SSL object for the connection */
395	ssl = SSL_new(ctx);
396	if (ssl == NULL)
397	goto err;
398
399	outbio = BIO_new(BIO_s_mem());
400	if (outbio == NULL)
401	goto err;
402	SSL_set_wbio(ssl, outbio);
403
404	success = 1;
405	for (i = 0; i < OSSL_NELEM(testpackets) && success; i++) {
406	inbio = BIO_new_mem_buf((char *)testpackets[i].in,
407	testpackets[i].inlen);
408	if (inbio == NULL) {
409	success = 0;
410	goto err;
411	}
412	/* Set Non-blocking IO behaviour */
413	BIO_set_mem_eof_return(inbio, -1);
414
415	SSL_set_rbio(ssl, inbio);
416
417	/* Process the incoming packet */
418	ret = DTLSv1_listen(ssl, peer);
419	if (ret < 0) {
420	success = 0;
421	goto err;
422	}
423
424	datalen = BIO_get_mem_data(outbio, &data);
425
426	if (testpackets[i].outtype == VERIFY) {
427	if (ret == 0) {
428	if (datalen != sizeof(verify)
429	\|\| (memcmp(data, verify, sizeof(verify)) != 0)) {
430	printf("Test %ld failure: incorrect HelloVerifyRequest\n", i);
431	success = 0;
432	} else {
433	printf("Test %ld success\n", i);
434	}
435	} else {
436	printf ("Test %ld failure: should not have succeeded\n", i);
437	success = 0;
438	}
439	} else if (datalen == 0) {
440	if ((ret == 0 && testpackets[i].outtype == DROP)
441	\|\| (ret == 1 && testpackets[i].outtype == GOOD)) {
442	printf("Test %ld success\n", i);
443	} else {
444	printf("Test %ld failure: wrong return value\n", i);
445	success = 0;
446	}
447	} else {
448	printf("Test %ld failure: Unexpected data output\n", i);
449	success = 0;
450	}
451	(void)BIO_reset(outbio);
452	inbio = NULL;
453	/* Frees up inbio */
454	SSL_set_rbio(ssl, NULL);
455	}
456
457	err:
458	if (!success)
459	ERR_print_errors_fp(stderr);
460	/* Also frees up outbio */
461	SSL_free(ssl);
462	SSL_CTX_free(ctx);
463	BIO_free(inbio);
464	/* Unitialise libssl */
465	#ifndef OPENSSL_NO_ENGINE
466	ENGINE_cleanup();
467	#endif
468	CONF_modules_unload(1);
469	CRYPTO_cleanup_all_ex_data();
470	EVP_cleanup();
471	ERR_remove_thread_state(NULL);
472	ERR_free_strings();
473	#ifndef OPENSSL_NO_CRYPTO_MDEBUG
474	CRYPTO_mem_leaks_fp(stderr);
475	#endif
476	return success ? 0 : 1;
477	}
478