[thirdparty/openssl.git] / test / dtlstest.c

/*
 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

#include "helpers/ssltestlib.h"
#include "testutil.h"

static char *cert = NULL;
static char *privkey = NULL;
static unsigned int timer_cb_count;

#define NUM_TESTS   2


#define DUMMY_CERT_STATUS_LEN  12

static unsigned char certstatus[] = {
    SSL3_RT_HANDSHAKE, /* Content type */
    0xfe, 0xfd, /* Record version */
    0, 1, /* Epoch */
    0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
    0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
    SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
    0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
    0, 5, /* Message sequence */
    0, 0, 0, /* Fragment offset */
    0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
    0x80, 0x80, 0x80, 0x80, 0x80,
    0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
};

#define RECORD_SEQUENCE 10

static unsigned int timer_cb(SSL *s, unsigned int timer_us)
{
    ++timer_cb_count;

    if (timer_us == 0)
        return 50000;
    else
        return 2 * timer_us;
}

static int test_dtls_unprocessed(int testidx)
{
    SSL_CTX *sctx = NULL, *cctx = NULL;
    SSL *serverssl1 = NULL, *clientssl1 = NULL;
    BIO *c_to_s_fbio, *c_to_s_mempacket;
    int testresult = 0;

    timer_cb_count = 0;

    if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
                                       DTLS_client_method(),
                                       DTLS1_VERSION, 0,
                                       &sctx, &cctx, cert, privkey)))
        return 0;

#ifndef OPENSSL_NO_DTLS1_2
    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
        goto end;
#else
    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
                                                  "AES128-SHA:@SECLEVEL=0")))
        goto end;
#endif

    c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
    if (!TEST_ptr(c_to_s_fbio))
        goto end;

    /* BIO is freed by create_ssl_connection on error */
    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
                                      NULL, c_to_s_fbio)))
        goto end;

    DTLS_set_timer_cb(clientssl1, timer_cb);

    if (testidx == 1)
        certstatus[RECORD_SEQUENCE] = 0xff;

    /*
     * Inject a dummy record from the next epoch. In test 0, this should never
     * get used because the message sequence number is too big. In test 1 we set
     * the record sequence number to be way off in the future.
     */
    c_to_s_mempacket = SSL_get_wbio(clientssl1);
    c_to_s_mempacket = BIO_next(c_to_s_mempacket);
    mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
                          sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);

    /*
     * Create the connection. We use "create_bare_ssl_connection" here so that
     * we can force the connection to not do "SSL_read" once partly connected.
     * We don't want to accidentally read the dummy records we injected because
     * they will fail to decrypt.
     */
    if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
                                              SSL_ERROR_NONE, 0)))
        goto end;

    if (timer_cb_count == 0) {
        printf("timer_callback was not called.\n");
        goto end;
    }

    testresult = 1;
 end:
    SSL_free(serverssl1);
    SSL_free(clientssl1);
    SSL_CTX_free(sctx);
    SSL_CTX_free(cctx);

    return testresult;
}

#define CLI_TO_SRV_EPOCH_0_RECS 3
#define CLI_TO_SRV_EPOCH_1_RECS 1
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
# define SRV_TO_CLI_EPOCH_0_RECS 10
#else
/*
 * In this case we have no ServerKeyExchange message, because we don't have
 * ECDHE or DHE. When it is present it gets fragmented into 3 records in this
 * test.
 */
# define SRV_TO_CLI_EPOCH_0_RECS 9
#endif
#define SRV_TO_CLI_EPOCH_1_RECS 1
#define TOTAL_FULL_HAND_RECORDS \
            (CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
             SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS)

#define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3
#define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1
#define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2
#define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1
#define TOTAL_RESUME_HAND_RECORDS \
            (CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \
             SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS)

#define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS)

/*
 * We are assuming a ServerKeyExchange message is sent in this test. If we don't
 * have either DH or EC, then it won't be
 */
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
static int test_dtls_drop_records(int idx)
{
    SSL_CTX *sctx = NULL, *cctx = NULL;
    SSL *serverssl = NULL, *clientssl = NULL;
    BIO *c_to_s_fbio, *mempackbio;
    int testresult = 0;
    int epoch = 0;
    SSL_SESSION *sess = NULL;
    int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0;

    if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
                                       DTLS_client_method(),
                                       DTLS1_VERSION, 0,
                                       &sctx, &cctx, cert, privkey)))
        return 0;

#ifdef OPENSSL_NO_DTLS1_2
    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
                                                  "DEFAULT:@SECLEVEL=0")))
        goto end;
#endif

    if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
        goto end;

    if (idx >= TOTAL_FULL_HAND_RECORDS) {
        /* We're going to do a resumption handshake. Get a session first. */
        if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                          NULL, NULL))
                || !TEST_true(create_ssl_connection(serverssl, clientssl,
                              SSL_ERROR_NONE))
                || !TEST_ptr(sess = SSL_get1_session(clientssl)))
            goto end;

        SSL_shutdown(clientssl);
        SSL_shutdown(serverssl);
        SSL_free(serverssl);
        SSL_free(clientssl);
        serverssl = clientssl = NULL;

        cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS;
        cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS;
        srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS;
        idx -= TOTAL_FULL_HAND_RECORDS;
    } else {
        cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS;
        cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS;
        srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS;
    }

    c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
    if (!TEST_ptr(c_to_s_fbio))
        goto end;

    /* BIO is freed by create_ssl_connection on error */
    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                      NULL, c_to_s_fbio)))
        goto end;

    if (sess != NULL) {
        if (!TEST_true(SSL_set_session(clientssl, sess)))
            goto end;
    }

    DTLS_set_timer_cb(clientssl, timer_cb);
    DTLS_set_timer_cb(serverssl, timer_cb);

    /* Work out which record to drop based on the test number */
    if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) {
        mempackbio = SSL_get_wbio(serverssl);
        idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1;
        if (idx >= srv_to_cli_epoch0) {
            epoch = 1;
            idx -= srv_to_cli_epoch0;
        }
    } else {
        mempackbio = SSL_get_wbio(clientssl);
        if (idx >= cli_to_srv_epoch0) {
            epoch = 1;
            idx -= cli_to_srv_epoch0;
        }
         mempackbio = BIO_next(mempackbio);
    }
    BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL);
    BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL);

    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
        goto end;

    if (sess != NULL && !TEST_true(SSL_session_reused(clientssl)))
        goto end;

    /* If the test did what we planned then it should have dropped a record */
    if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0,
                                   NULL), -1))
        goto end;

    testresult = 1;
 end:
    SSL_SESSION_free(sess);
    SSL_free(serverssl);
    SSL_free(clientssl);
    SSL_CTX_free(sctx);
    SSL_CTX_free(cctx);

    return testresult;
}
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */

static const char dummy_cookie[] = "0123456";

static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
                              unsigned int *cookie_len)
{
    memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
    *cookie_len = sizeof(dummy_cookie);
    return 1;
}

static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
                            unsigned int cookie_len)
{
    return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
}

static int test_cookie(void)
{
    SSL_CTX *sctx = NULL, *cctx = NULL;
    SSL *serverssl = NULL, *clientssl = NULL;
    int testresult = 0;

    if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
                                       DTLS_client_method(),
                                       DTLS1_VERSION, 0,
                                       &sctx, &cctx, cert, privkey)))
        return 0;

    SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
    SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
    SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);

#ifdef OPENSSL_NO_DTLS1_2
    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
                                                  "DEFAULT:@SECLEVEL=0")))
        goto end;
#endif

    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                      NULL, NULL))
            || !TEST_true(create_ssl_connection(serverssl, clientssl,
                                                SSL_ERROR_NONE)))
        goto end;

    testresult = 1;
 end:
    SSL_free(serverssl);
    SSL_free(clientssl);
    SSL_CTX_free(sctx);
    SSL_CTX_free(cctx);

    return testresult;
}

static int test_dtls_duplicate_records(void)
{
    SSL_CTX *sctx = NULL, *cctx = NULL;
    SSL *serverssl = NULL, *clientssl = NULL;
    int testresult = 0;

    if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
                                       DTLS_client_method(),
                                       DTLS1_VERSION, 0,
                                       &sctx, &cctx, cert, privkey)))
        return 0;

#ifdef OPENSSL_NO_DTLS1_2
    /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
    if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
            || !TEST_true(SSL_CTX_set_cipher_list(cctx,
                                                  "DEFAULT:@SECLEVEL=0")))
        goto end;
#endif

    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                      NULL, NULL)))
        goto end;

    DTLS_set_timer_cb(clientssl, timer_cb);
    DTLS_set_timer_cb(serverssl, timer_cb);

    BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
    BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);

    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
        goto end;

    testresult = 1;
 end:
    SSL_free(serverssl);
    SSL_free(clientssl);
    SSL_CTX_free(sctx);
    SSL_CTX_free(cctx);

    return testresult;
}

/*
 * Test just sending a Finished message as the first message. Should fail due
 * to an unexpected message.
 */
static int test_just_finished(void)
{
    int testresult = 0, ret;
    SSL_CTX *sctx = NULL;
    SSL *serverssl = NULL;
    BIO *rbio = NULL, *wbio = NULL, *sbio = NULL;
    unsigned char buf[] = {
        /* Record header */
        SSL3_RT_HANDSHAKE, /* content type */
        (DTLS1_2_VERSION >> 8) & 0xff, /* protocol version hi byte */
        DTLS1_2_VERSION & 0xff, /* protocol version lo byte */
        0, 0, /* epoch */
        0, 0, 0, 0, 0, 0, /* record sequence */
        0, DTLS1_HM_HEADER_LENGTH + SHA_DIGEST_LENGTH, /* record length */

        /* Message header */
        SSL3_MT_FINISHED, /* message type */
        0, 0, SHA_DIGEST_LENGTH, /* message length */
        0, 0, /* message sequence */
        0, 0, 0, /* fragment offset */
        0, 0, SHA_DIGEST_LENGTH, /* fragment length */

        /* Message body */
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
    };


    if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
                                       NULL, 0, 0,
                                       &sctx, NULL, cert, privkey)))
        return 0;

    serverssl = SSL_new(sctx);
    rbio = BIO_new(BIO_s_mem());
    wbio = BIO_new(BIO_s_mem());

    if (!TEST_ptr(serverssl) || !TEST_ptr(rbio) || !TEST_ptr(wbio))
        goto end;

    sbio = rbio;
    SSL_set0_rbio(serverssl, rbio);
    SSL_set0_wbio(serverssl, wbio);
    rbio = wbio = NULL;
    DTLS_set_timer_cb(serverssl, timer_cb);

    if (!TEST_int_eq(BIO_write(sbio, buf, sizeof(buf)), sizeof(buf)))
        goto end;

    /* We expect the attempt to process the message to fail */
    if (!TEST_int_le(ret = SSL_accept(serverssl), 0))
        goto end;

    /* Check that we got the error we were expecting */
    if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_SSL))
        goto end;

    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_UNEXPECTED_MESSAGE))
        goto end;

    testresult = 1;
 end:
    BIO_free(rbio);
    BIO_free(wbio);
    SSL_free(serverssl);
    SSL_CTX_free(sctx);

    return testresult;
}

OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")

int setup_tests(void)
{
    if (!test_skip_common_options()) {
        TEST_error("Error parsing test options\n");
        return 0;
    }

    if (!TEST_ptr(cert = test_get_argument(0))
            || !TEST_ptr(privkey = test_get_argument(1)))
        return 0;

    ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
    ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
#endif
    ADD_TEST(test_cookie);
    ADD_TEST(test_dtls_duplicate_records);
    ADD_TEST(test_just_finished);

    return 1;
}

void cleanup_tests(void)
{
    bio_f_tls_dump_filter_free();
    bio_s_mempacket_test_free();
}
Commit	Line	Data
6fc1748e	1	/*
aff636a4	2	* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
6fc1748e	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
6fc1748e MC	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
edcd29ef	10	#include <string.h>
6fc1748e MC	11	#include <openssl/bio.h>
	12	#include <openssl/crypto.h>
	13	#include <openssl/ssl.h>
	14	#include <openssl/err.h>
	15
20f8bc72	16	#include "helpers/ssltestlib.h"
6fc1748e MC	17	#include "testutil.h"
	18
	19	static char *cert = NULL;
	20	static char *privkey = NULL;
fa4b82cc	21	static unsigned int timer_cb_count;
6fc1748e	22
ac9fc67a MC	23	#define NUM_TESTS 2
ac9fc67a MC	24
6fc1748e MC	25
	26	#define DUMMY_CERT_STATUS_LEN 12
	27
52a03d2a	28	static unsigned char certstatus[] = {
6fc1748e MC	29	SSL3_RT_HANDSHAKE, /* Content type */
	30	0xfe, 0xfd, /* Record version */
	31	0, 1, /* Epoch */
	32	0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
	33	0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
	34	SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
	35	0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
	36	0, 5, /* Message sequence */
	37	0, 0, 0, /* Fragment offset */
	38	0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
	39	0x80, 0x80, 0x80, 0x80, 0x80,
	40	0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
	41	};
	42
ac9fc67a MC	43	#define RECORD_SEQUENCE 10
ac9fc67a MC	44
fa4b82cc AH	45	static unsigned int timer_cb(SSL *s, unsigned int timer_us)
	46	{
	47	++timer_cb_count;
	48
	49	if (timer_us == 0)
61e96557	50	return 50000;
fa4b82cc AH	51	else
	52	return 2 * timer_us;
	53	}
	54
ac9fc67a	55	static int test_dtls_unprocessed(int testidx)
6fc1748e MC	56	{
	57	SSL_CTX sctx = NULL, cctx = NULL;
	58	SSL serverssl1 = NULL, clientssl1 = NULL;
	59	BIO c_to_s_fbio, c_to_s_mempacket;
	60	int testresult = 0;
	61
fa4b82cc AH	62	timer_cb_count = 0;
fa4b82cc AH	63
5e30f2fd	64	if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
7d7f6834	65	DTLS_client_method(),
5c587fb6	66	DTLS1_VERSION, 0,
7d7f6834	67	&sctx, &cctx, cert, privkey)))
6fc1748e	68	return 0;
6fc1748e	69
fdf31270	70	#ifndef OPENSSL_NO_DTLS1_2
745dec3a P	71	if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
745dec3a P	72	goto end;
fdf31270 MC	73	#else
	74	/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
	75	if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
	76	\|\| !TEST_true(SSL_CTX_set_cipher_list(cctx,
	77	"AES128-SHA:@SECLEVEL=0")))
	78	goto end;
	79	#endif
6fc1748e MC	80
6fc1748e MC	81	c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
745dec3a	82	if (!TEST_ptr(c_to_s_fbio))
6fc1748e	83	goto end;
6fc1748e MC	84
6fc1748e MC	85	/* BIO is freed by create_ssl_connection on error */
745dec3a P	86	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
745dec3a P	87	NULL, c_to_s_fbio)))
6fc1748e	88	goto end;
6fc1748e	89
fa4b82cc AH	90	DTLS_set_timer_cb(clientssl1, timer_cb);
fa4b82cc AH	91
ac9fc67a MC	92	if (testidx == 1)
	93	certstatus[RECORD_SEQUENCE] = 0xff;
	94
6fc1748e	95	/*
ac9fc67a MC	96	* Inject a dummy record from the next epoch. In test 0, this should never
ac9fc67a MC	97	* get used because the message sequence number is too big. In test 1 we set
80c455d5	98	* the record sequence number to be way off in the future.
6fc1748e MC	99	*/
	100	c_to_s_mempacket = SSL_get_wbio(clientssl1);
	101	c_to_s_mempacket = BIO_next(c_to_s_mempacket);
	102	mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
	103	sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
	104
80c455d5 MC	105	/*
80c455d5 MC	106	* Create the connection. We use "create_bare_ssl_connection" here so that
c2969ff6	107	* we can force the connection to not do "SSL_read" once partly connected.
80c455d5 MC	108	* We don't want to accidentally read the dummy records we injected because
	109	* they will fail to decrypt.
	110	*/
	111	if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
	112	SSL_ERROR_NONE, 0)))
6fc1748e	113	goto end;
6fc1748e	114
fa4b82cc AH	115	if (timer_cb_count == 0) {
	116	printf("timer_callback was not called.\n");
	117	goto end;
	118	}
	119
6fc1748e MC	120	testresult = 1;
	121	end:
	122	SSL_free(serverssl1);
	123	SSL_free(clientssl1);
	124	SSL_CTX_free(sctx);
	125	SSL_CTX_free(cctx);
	126
	127	return testresult;
	128	}
	129
61e96557 MC	130	#define CLI_TO_SRV_EPOCH_0_RECS 3
61e96557 MC	131	#define CLI_TO_SRV_EPOCH_1_RECS 1
1aac20f5	132	#if !defined(OPENSSL_NO_EC) \|\| !defined(OPENSSL_NO_DH)
5fd72d96	133	# define SRV_TO_CLI_EPOCH_0_RECS 10
1aac20f5 MC	134	#else
	135	/*
	136	* In this case we have no ServerKeyExchange message, because we don't have
	137	* ECDHE or DHE. When it is present it gets fragmented into 3 records in this
	138	* test.
	139	*/
	140	# define SRV_TO_CLI_EPOCH_0_RECS 9
	141	#endif
61e96557 MC	142	#define SRV_TO_CLI_EPOCH_1_RECS 1
	143	#define TOTAL_FULL_HAND_RECORDS \
	144	(CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
	145	SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS)
	146
	147	#define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3
	148	#define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1
	149	#define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2
	150	#define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1
	151	#define TOTAL_RESUME_HAND_RECORDS \
	152	(CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \
	153	SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS)
	154
	155	#define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS)
	156
cbb85bda MC	157	/*
	158	* We are assuming a ServerKeyExchange message is sent in this test. If we don't
	159	* have either DH or EC, then it won't be
	160	*/
	161	#if !defined(OPENSSL_NO_DH) \|\| !defined(OPENSSL_NO_EC)
61e96557 MC	162	static int test_dtls_drop_records(int idx)
	163	{
	164	SSL_CTX sctx = NULL, cctx = NULL;
	165	SSL serverssl = NULL, clientssl = NULL;
	166	BIO c_to_s_fbio, mempackbio;
	167	int testresult = 0;
	168	int epoch = 0;
	169	SSL_SESSION *sess = NULL;
	170	int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0;
	171
5e30f2fd	172	if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
61e96557	173	DTLS_client_method(),
5c587fb6	174	DTLS1_VERSION, 0,
61e96557 MC	175	&sctx, &cctx, cert, privkey)))
	176	return 0;
	177
fdf31270 MC	178	#ifdef OPENSSL_NO_DTLS1_2
	179	/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
	180	if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
	181	\|\| !TEST_true(SSL_CTX_set_cipher_list(cctx,
	182	"DEFAULT:@SECLEVEL=0")))
	183	goto end;
	184	#endif
	185
33c39a06 MC	186	if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
	187	goto end;
	188
61e96557 MC	189	if (idx >= TOTAL_FULL_HAND_RECORDS) {
	190	/* We're going to do a resumption handshake. Get a session first. */
	191	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
	192	NULL, NULL))
	193	\|\| !TEST_true(create_ssl_connection(serverssl, clientssl,
	194	SSL_ERROR_NONE))
	195	\|\| !TEST_ptr(sess = SSL_get1_session(clientssl)))
	196	goto end;
	197
	198	SSL_shutdown(clientssl);
	199	SSL_shutdown(serverssl);
	200	SSL_free(serverssl);
	201	SSL_free(clientssl);
	202	serverssl = clientssl = NULL;
	203
	204	cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS;
	205	cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS;
	206	srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS;
	207	idx -= TOTAL_FULL_HAND_RECORDS;
	208	} else {
	209	cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS;
	210	cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS;
	211	srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS;
	212	}
	213
	214	c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
	215	if (!TEST_ptr(c_to_s_fbio))
	216	goto end;
	217
	218	/* BIO is freed by create_ssl_connection on error */
	219	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
	220	NULL, c_to_s_fbio)))
	221	goto end;
	222
	223	if (sess != NULL) {
	224	if (!TEST_true(SSL_set_session(clientssl, sess)))
	225	goto end;
	226	}
	227
	228	DTLS_set_timer_cb(clientssl, timer_cb);
	229	DTLS_set_timer_cb(serverssl, timer_cb);
	230
	231	/* Work out which record to drop based on the test number */
	232	if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) {
	233	mempackbio = SSL_get_wbio(serverssl);
	234	idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1;
	235	if (idx >= srv_to_cli_epoch0) {
	236	epoch = 1;
	237	idx -= srv_to_cli_epoch0;
	238	}
	239	} else {
	240	mempackbio = SSL_get_wbio(clientssl);
	241	if (idx >= cli_to_srv_epoch0) {
	242	epoch = 1;
	243	idx -= cli_to_srv_epoch0;
	244	}
	245	mempackbio = BIO_next(mempackbio);
	246	}
	247	BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL);
	248	BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL);
	249
	250	if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
	251	goto end;
	252
253	if (sess != NULL && !TEST_true(SSL_session_reused(clientssl)))
254	goto end;
255
256	/* If the test did what we planned then it should have dropped a record */
257	if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0,
258	NULL), -1))
259	goto end;
260
261	testresult = 1;
262	end:
263	SSL_SESSION_free(sess);
264	SSL_free(serverssl);
265	SSL_free(clientssl);
266	SSL_CTX_free(sctx);
267	SSL_CTX_free(cctx);
268
269	return testresult;
270	}
cbb85bda	271	#endif /* !defined(OPENSSL_NO_DH) \|\| !defined(OPENSSL_NO_EC) */
61e96557	272
edcd29ef MC	273	static const char dummy_cookie[] = "0123456";
	274
	275	static int generate_cookie_cb(SSL ssl, unsigned char cookie,
	276	unsigned int *cookie_len)
	277	{
	278	memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
	279	*cookie_len = sizeof(dummy_cookie);
	280	return 1;
	281	}
	282
	283	static int verify_cookie_cb(SSL ssl, const unsigned char cookie,
	284	unsigned int cookie_len)
	285	{
	286	return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
	287	}
	288
	289	static int test_cookie(void)
	290	{
	291	SSL_CTX sctx = NULL, cctx = NULL;
	292	SSL serverssl = NULL, clientssl = NULL;
	293	int testresult = 0;
	294
5e30f2fd	295	if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
edcd29ef	296	DTLS_client_method(),
5c587fb6	297	DTLS1_VERSION, 0,
edcd29ef MC	298	&sctx, &cctx, cert, privkey)))
	299	return 0;
	300
	301	SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
	302	SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
	303	SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
	304
fdf31270 MC	305	#ifdef OPENSSL_NO_DTLS1_2
	306	/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
	307	if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
	308	\|\| !TEST_true(SSL_CTX_set_cipher_list(cctx,
	309	"DEFAULT:@SECLEVEL=0")))
	310	goto end;
	311	#endif
	312
edcd29ef MC	313	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
	314	NULL, NULL))
	315	\|\| !TEST_true(create_ssl_connection(serverssl, clientssl,
	316	SSL_ERROR_NONE)))
	317	goto end;
	318
	319	testresult = 1;
	320	end:
	321	SSL_free(serverssl);
	322	SSL_free(clientssl);
	323	SSL_CTX_free(sctx);
	324	SSL_CTX_free(cctx);
	325
	326	return testresult;
	327	}
	328
f1358634 MC	329	static int test_dtls_duplicate_records(void)
	330	{
	331	SSL_CTX sctx = NULL, cctx = NULL;
	332	SSL serverssl = NULL, clientssl = NULL;
	333	int testresult = 0;
	334
5e30f2fd	335	if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
f1358634	336	DTLS_client_method(),
5c587fb6	337	DTLS1_VERSION, 0,
f1358634 MC	338	&sctx, &cctx, cert, privkey)))
	339	return 0;
	340
fdf31270 MC	341	#ifdef OPENSSL_NO_DTLS1_2
	342	/* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
	343	if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
	344	\|\| !TEST_true(SSL_CTX_set_cipher_list(cctx,
	345	"DEFAULT:@SECLEVEL=0")))
	346	goto end;
	347	#endif
	348
f1358634 MC	349	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
	350	NULL, NULL)))
	351	goto end;
	352
	353	DTLS_set_timer_cb(clientssl, timer_cb);
	354	DTLS_set_timer_cb(serverssl, timer_cb);
	355
	356	BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
	357	BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
	358
	359	if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
	360	goto end;
	361
	362	testresult = 1;
	363	end:
	364	SSL_free(serverssl);
	365	SSL_free(clientssl);
	366	SSL_CTX_free(sctx);
	367	SSL_CTX_free(cctx);
	368
	369	return testresult;
	370	}
edcd29ef	371
e9b30d9f MC	372	/*
	373	* Test just sending a Finished message as the first message. Should fail due
	374	* to an unexpected message.
	375	*/
	376	static int test_just_finished(void)
	377	{
	378	int testresult = 0, ret;
	379	SSL_CTX *sctx = NULL;
	380	SSL *serverssl = NULL;
	381	BIO rbio = NULL, wbio = NULL, *sbio = NULL;
	382	unsigned char buf[] = {
	383	/* Record header */
	384	SSL3_RT_HANDSHAKE, /* content type */
	385	(DTLS1_2_VERSION >> 8) & 0xff, /* protocol version hi byte */
	386	DTLS1_2_VERSION & 0xff, /* protocol version lo byte */
	387	0, 0, /* epoch */
	388	0, 0, 0, 0, 0, 0, /* record sequence */
	389	0, DTLS1_HM_HEADER_LENGTH + SHA_DIGEST_LENGTH, /* record length */
	390
	391	/* Message header */
	392	SSL3_MT_FINISHED, /* message type */
	393	0, 0, SHA_DIGEST_LENGTH, /* message length */
	394	0, 0, /* message sequence */
	395	0, 0, 0, /* fragment offset */
	396	0, 0, SHA_DIGEST_LENGTH, /* fragment length */
	397
	398	/* Message body */
	399	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
	400	};
	401
	402
	403	if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
	404	NULL, 0, 0,
	405	&sctx, NULL, cert, privkey)))
	406	return 0;
	407
	408	serverssl = SSL_new(sctx);
	409	rbio = BIO_new(BIO_s_mem());
	410	wbio = BIO_new(BIO_s_mem());
	411
	412	if (!TEST_ptr(serverssl) \|\| !TEST_ptr(rbio) \|\| !TEST_ptr(wbio))
	413	goto end;
	414
	415	sbio = rbio;
	416	SSL_set0_rbio(serverssl, rbio);
	417	SSL_set0_wbio(serverssl, wbio);
	418	rbio = wbio = NULL;
	419	DTLS_set_timer_cb(serverssl, timer_cb);
	420
	421	if (!TEST_int_eq(BIO_write(sbio, buf, sizeof(buf)), sizeof(buf)))
	422	goto end;
	423
	424	/* We expect the attempt to process the message to fail */
	425	if (!TEST_int_le(ret = SSL_accept(serverssl), 0))
	426	goto end;
	427
	428	/* Check that we got the error we were expecting */
	429	if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_SSL))
	430	goto end;
	431
	432	if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_UNEXPECTED_MESSAGE))
	433	goto end;
	434
	435	testresult = 1;
436	end:
437	BIO_free(rbio);
438	BIO_free(wbio);
439	SSL_free(serverssl);
440	SSL_CTX_free(sctx);
441
442	return testresult;
443	}
444
a43ce58f SL	445	OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
a43ce58f SL	446
ad887416	447	int setup_tests(void)
6fc1748e	448	{
8d242823 MC	449	if (!test_skip_common_options()) {
	450	TEST_error("Error parsing test options\n");
	451	return 0;
	452	}
	453
ad887416 P	454	if (!TEST_ptr(cert = test_get_argument(0))
	455	\|\| !TEST_ptr(privkey = test_get_argument(1)))
	456	return 0;
6fc1748e	457
ac9fc67a	458	ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
cbb85bda	459	#if !defined(OPENSSL_NO_DH) \|\| !defined(OPENSSL_NO_EC)
61e96557	460	ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
cbb85bda	461	#endif
edcd29ef	462	ADD_TEST(test_cookie);
f1358634	463	ADD_TEST(test_dtls_duplicate_records);
e9b30d9f	464	ADD_TEST(test_just_finished);
61e96557	465
ad887416 P	466	return 1;
ad887416 P	467	}
6fc1748e	468
ad887416 P	469	void cleanup_tests(void)
ad887416 P	470	{
6fc1748e MC	471	bio_f_tls_dump_filter_free();
6fc1748e MC	472	bio_s_mempacket_test_free();
6fc1748e	473	}