]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/quicapitest.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
QUIC: Rename SSL_tick, SSL_get_tick_timeout
[thirdparty/openssl.git] / test / quicapitest.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15
16 #include "helpers/ssltestlib.h"
17 #include "helpers/quictestlib.h"
18 #include "testutil.h"
19 #include "testutil/output.h"
20
21 static OSSL_LIB_CTX *libctx = NULL;
22 static OSSL_PROVIDER *defctxnull = NULL;
23 static char *certsdir = NULL;
24 static char *cert = NULL;
25 static char *privkey = NULL;
26 static char *datadir = NULL;
27
28 static int is_fips = 0;
29
30 /*
31 * Test that we read what we've written.
32 * Test 0: Non-blocking
33 * Test 1: Blocking
34 */
35 static int test_quic_write_read(int idx)
36 {
37 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
38 SSL *clientquic = NULL;
39 QUIC_TSERVER *qtserv = NULL;
40 int j, ret = 0;
41 unsigned char buf[20];
42 static char *msg = "A test message";
43 size_t msglen = strlen(msg);
44 size_t numbytes = 0;
45 int ssock = 0, csock = 0;
46 uint64_t sid = UINT64_MAX;
47
48 if (idx == 1 && !qtest_supports_blocking())
49 return TEST_skip("Blocking tests not supported in this build");
50
51 if (!TEST_ptr(cctx)
52 || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
53 idx, &qtserv, &clientquic,
54 NULL))
55 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))
56 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
57 goto end;
58
59 if (idx == 1) {
60 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv), &ssock)))
61 goto end;
62 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
63 goto end;
64 }
65
66 sid = 0; /* client-initiated bidirectional stream */
67
68 for (j = 0; j < 2; j++) {
69 /* Check that sending and receiving app data is ok */
70 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
71 || !TEST_size_t_eq(numbytes, msglen))
72 goto end;
73 if (idx == 1) {
74 do {
75 if (!TEST_true(wait_until_sock_readable(ssock)))
76 goto end;
77
78 ossl_quic_tserver_tick(qtserv);
79
80 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
81 &numbytes)))
82 goto end;
83 } while (numbytes == 0);
84
85 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
86 goto end;
87 }
88
89 ossl_quic_tserver_tick(qtserv);
90 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
91 msglen, &numbytes)))
92 goto end;
93 ossl_quic_tserver_tick(qtserv);
94 SSL_handle_events(clientquic);
95 /*
96 * In blocking mode the SSL_read_ex call will block until the socket is
97 * readable and has our data. In non-blocking mode we're doing everything
98 * in memory, so it should be immediately available
99 */
100 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
101 || !TEST_size_t_eq(numbytes, 1)
102 || !TEST_true(SSL_has_pending(clientquic))
103 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
104 || !TEST_true(SSL_read_ex(clientquic, buf + 1, sizeof(buf) - 1, &numbytes))
105 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
106 goto end;
107 }
108
109 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
110 goto end;
111
112 ret = 1;
113
114 end:
115 ossl_quic_tserver_free(qtserv);
116 SSL_free(clientquic);
117 SSL_CTX_free(cctx);
118
119 return ret;
120 }
121
122 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
123 static int test_ciphersuites(void)
124 {
125 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
126 SSL *ssl;
127 int testresult = 0;
128 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
129 const SSL_CIPHER *cipher;
130 /* We expect this exact list of ciphersuites by default */
131 int cipherids[] = {
132 TLS1_3_CK_AES_256_GCM_SHA384,
133 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
134 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
135 #endif
136 TLS1_3_CK_AES_128_GCM_SHA256
137 };
138 size_t i, j;
139
140 if (!TEST_ptr(ctx))
141 return 0;
142
143 ssl = SSL_new(ctx);
144 if (!TEST_ptr(ssl))
145 goto err;
146
147 ciphers = SSL_get_ciphers(ssl);
148
149 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
150 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
151 continue;
152 cipher = sk_SSL_CIPHER_value(ciphers, j++);
153 if (!TEST_ptr(cipher))
154 goto err;
155 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
156 goto err;
157 }
158
159 /* We should have checked all the ciphers in the stack */
160 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
161 goto err;
162
163 testresult = 1;
164 err:
165 SSL_free(ssl);
166 SSL_CTX_free(ctx);
167
168 return testresult;
169 }
170
171 /*
172 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
173 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
174 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
175 * connections.
176 */
177 static int test_version(void)
178 {
179 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
180 SSL *clientquic = NULL;
181 QUIC_TSERVER *qtserv = NULL;
182 int testresult = 0;
183
184 if (!TEST_ptr(cctx)
185 || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
186 0, &qtserv, &clientquic,
187 NULL))
188 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
189 goto err;
190
191 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
192 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
193 goto err;
194
195 if (!TEST_true(SSL_is_quic(clientquic))
196 || !TEST_false(SSL_is_tls(clientquic))
197 || !TEST_false(SSL_is_dtls(clientquic)))
198 goto err;
199
200
201 testresult = 1;
202 err:
203 ossl_quic_tserver_free(qtserv);
204 SSL_free(clientquic);
205 SSL_CTX_free(cctx);
206
207 return testresult;
208 }
209
210 #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
211 static void strip_line_ends(char *str)
212 {
213 size_t i;
214
215 for (i = strlen(str);
216 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
217 i--);
218
219 str[i] = '\0';
220 }
221
222 static int compare_with_file(BIO *membio)
223 {
224 BIO *file = NULL;
225 char buf1[512], buf2[512];
226 char *reffile;
227 int ret = 0;
228 size_t i;
229
230 reffile = test_mk_file_path(datadir, "ssltraceref.txt");
231 if (!TEST_ptr(reffile))
232 goto err;
233
234 file = BIO_new_file(reffile, "rb");
235 if (!TEST_ptr(file))
236 goto err;
237
238 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
239 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
240 TEST_error("Failed reading mem data");
241 goto err;
242 }
243 strip_line_ends(buf1);
244 strip_line_ends(buf2);
245 if (strlen(buf1) != strlen(buf2)) {
246 TEST_error("Actual and ref line data length mismatch");
247 TEST_info("%s", buf1);
248 TEST_info("%s", buf2);
249 goto err;
250 }
251 for (i = 0; i < strlen(buf1); i++) {
252 /* '?' is a wild card character in the reference text */
253 if (buf1[i] == '?')
254 buf2[i] = '?';
255 }
256 if (!TEST_str_eq(buf1, buf2))
257 goto err;
258 }
259 if (!TEST_true(BIO_eof(file))
260 || !TEST_true(BIO_eof(membio)))
261 goto err;
262
263 ret = 1;
264 err:
265 OPENSSL_free(reffile);
266 BIO_free(file);
267 return ret;
268 }
269
270 /*
271 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
272 * connection. This also provides testing of the msg_callback at the same time.
273 */
274 static int test_ssl_trace(void)
275 {
276 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
277 SSL *clientquic = NULL;
278 QUIC_TSERVER *qtserv = NULL;
279 int testresult = 0;
280 BIO *bio = BIO_new(BIO_s_mem());
281
282 /*
283 * Ensure we only configure ciphersuites that are available with both the
284 * default and fips providers to get the same output in both cases
285 */
286 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
287 goto err;
288
289 if (!TEST_ptr(cctx)
290 || !TEST_ptr(bio)
291 || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
292 0, &qtserv, &clientquic,
293 NULL)))
294 goto err;
295
296 SSL_set_msg_callback(clientquic, SSL_trace);
297 SSL_set_msg_callback_arg(clientquic, bio);
298
299 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
300 goto err;
301
302 if (!TEST_true(compare_with_file(bio)))
303 goto err;
304
305 testresult = 1;
306 err:
307 ossl_quic_tserver_free(qtserv);
308 SSL_free(clientquic);
309 SSL_CTX_free(cctx);
310 BIO_free(bio);
311
312 return testresult;
313 }
314 #endif
315
316 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
317
318 int setup_tests(void)
319 {
320 char *modulename;
321 char *configfile;
322
323 libctx = OSSL_LIB_CTX_new();
324 if (!TEST_ptr(libctx))
325 return 0;
326
327 defctxnull = OSSL_PROVIDER_load(NULL, "null");
328
329 /*
330 * Verify that the default and fips providers in the default libctx are not
331 * available
332 */
333 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
334 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
335 goto err;
336
337 if (!test_skip_common_options()) {
338 TEST_error("Error parsing test options\n");
339 goto err;
340 }
341
342 if (!TEST_ptr(modulename = test_get_argument(0))
343 || !TEST_ptr(configfile = test_get_argument(1))
344 || !TEST_ptr(certsdir = test_get_argument(2))
345 || !TEST_ptr(datadir = test_get_argument(3)))
346 goto err;
347
348 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
349 goto err;
350
351 /* Check we have the expected provider available */
352 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
353 goto err;
354
355 /* Check the default provider is not available */
356 if (strcmp(modulename, "default") != 0
357 && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
358 goto err;
359
360 if (strcmp(modulename, "fips") == 0)
361 is_fips = 1;
362
363 cert = test_mk_file_path(certsdir, "servercert.pem");
364 if (cert == NULL)
365 goto err;
366
367 privkey = test_mk_file_path(certsdir, "serverkey.pem");
368 if (privkey == NULL)
369 goto err;
370
371 ADD_ALL_TESTS(test_quic_write_read, 2);
372 ADD_TEST(test_ciphersuites);
373 ADD_TEST(test_version);
374 #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
375 ADD_TEST(test_ssl_trace);
376 #endif
377
378 return 1;
379 err:
380 cleanup_tests();
381 return 0;
382 }
383
384 void cleanup_tests(void)
385 {
386 OPENSSL_free(cert);
387 OPENSSL_free(privkey);
388 OSSL_PROVIDER_unload(defctxnull);
389 OSSL_LIB_CTX_free(libctx);
390 }
A mirror of the official openssl repository