2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/ssl.h>
12 #include "helpers/quictestlib.h"
13 #include "internal/quic_error.h"
16 static char *cert
= NULL
;
17 static char *privkey
= NULL
;
20 * Basic test that just creates a connection and sends some data without any
23 static int test_basic(void)
26 SSL_CTX
*cctx
= SSL_CTX_new(OSSL_QUIC_client_method());
27 QUIC_TSERVER
*qtserv
= NULL
;
29 char *msg
= "Hello World!";
30 size_t msglen
= strlen(msg
);
31 unsigned char buf
[80];
37 if (!TEST_true(qtest_create_quic_objects(NULL
, cctx
, NULL
, cert
, privkey
, 0,
38 &qtserv
, &cssl
, NULL
, NULL
)))
41 if (!TEST_true(qtest_create_quic_connection(qtserv
, cssl
)))
44 if (!TEST_int_eq(SSL_write(cssl
, msg
, msglen
), msglen
))
47 ossl_quic_tserver_tick(qtserv
);
48 if (!TEST_true(ossl_quic_tserver_read(qtserv
, 0, buf
, sizeof(buf
), &bytesread
)))
52 * We assume the entire message is read from the server in one go. In
53 * theory this could get fragmented but its a small message so we assume
56 if (!TEST_mem_eq(msg
, msglen
, buf
, bytesread
))
62 ossl_quic_tserver_free(qtserv
);
68 * Test that adding an unknown frame type is handled correctly
70 static int add_unknown_frame_cb(QTEST_FAULT
*fault
, QUIC_PKT_HDR
*hdr
,
71 unsigned char *buf
, size_t len
, void *cbarg
)
73 static size_t done
= 0;
75 * There are no "reserved" frame types which are definitately safe for us
76 * to use for testing purposes - but we just use the highest possible
77 * value (8 byte length integer) and with no payload bytes
79 unsigned char unknown_frame
[] = {
80 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
83 /* We only ever add the unknown frame to one packet */
87 return qtest_fault_prepend_frame(fault
, unknown_frame
,
88 sizeof(unknown_frame
));
91 static int test_unknown_frame(void)
93 int testresult
= 0, ret
;
94 SSL_CTX
*cctx
= SSL_CTX_new(OSSL_QUIC_client_method());
95 QUIC_TSERVER
*qtserv
= NULL
;
97 char *msg
= "Hello World!";
98 size_t msglen
= strlen(msg
);
99 unsigned char buf
[80];
101 QTEST_FAULT
*fault
= NULL
;
102 uint64_t sid
= UINT64_MAX
;
107 if (!TEST_true(qtest_create_quic_objects(NULL
, cctx
, NULL
, cert
, privkey
, 0,
108 &qtserv
, &cssl
, &fault
, NULL
)))
111 if (!TEST_true(qtest_create_quic_connection(qtserv
, cssl
)))
115 * Write a message from the server to the client and add an unknown frame
118 if (!TEST_true(qtest_fault_set_packet_plain_listener(fault
,
119 add_unknown_frame_cb
,
123 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv
, /*is_uni=*/0, &sid
))
124 || !TEST_uint64_t_eq(sid
, 1))
127 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
, (unsigned char *)msg
, msglen
,
131 if (!TEST_size_t_eq(msglen
, byteswritten
))
134 ossl_quic_tserver_tick(qtserv
);
135 if (!TEST_true(SSL_handle_events(cssl
)))
138 if (!TEST_int_le(ret
= SSL_read(cssl
, buf
, sizeof(buf
)), 0))
141 if (!TEST_int_eq(SSL_get_error(cssl
, ret
), SSL_ERROR_SSL
))
144 if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()),
145 SSL_R_QUIC_PROTOCOL_ERROR
))
148 if (!TEST_true(qtest_check_server_frame_encoding_err(qtserv
)))
153 qtest_fault_free(fault
);
155 ossl_quic_tserver_free(qtserv
);
161 * Test that a server that fails to provide transport params cannot be
164 static int drop_extensions_cb(QTEST_FAULT
*fault
,
165 QTEST_ENCRYPTED_EXTENSIONS
*ee
,
166 size_t eelen
, void *encextcbarg
)
168 int *ext
= (int *)encextcbarg
;
170 if (!qtest_fault_delete_extension(fault
, *ext
, ee
->extensions
,
171 &ee
->extensionslen
, NULL
))
177 static int test_drop_extensions(int idx
)
180 SSL_CTX
*cctx
= SSL_CTX_new(OSSL_QUIC_client_method());
181 QUIC_TSERVER
*qtserv
= NULL
;
183 QTEST_FAULT
*fault
= NULL
;
189 if (!TEST_true(qtest_create_quic_objects(NULL
, cctx
, NULL
, cert
, privkey
, 0,
190 &qtserv
, &cssl
, &fault
, NULL
)))
194 ext
= TLSEXT_TYPE_quic_transport_parameters
;
195 err
= OSSL_QUIC_ERR_CRYPTO_MISSING_EXT
;
197 ext
= TLSEXT_TYPE_application_layer_protocol_negotiation
;
198 err
= OSSL_QUIC_ERR_CRYPTO_NO_APP_PROTO
;
201 if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(fault
,
207 * We expect the connection to fail because the server failed to provide
208 * transport parameters
210 if (!TEST_false(qtest_create_quic_connection(qtserv
, cssl
)))
213 if (!TEST_true(qtest_check_server_transport_err(qtserv
, err
)))
218 qtest_fault_free(fault
);
220 ossl_quic_tserver_free(qtserv
);
226 * Test that corrupted packets/datagrams are dropped and retransmitted
228 static int docorrupt
= 0;
230 static int on_packet_cipher_cb(QTEST_FAULT
*fault
, QUIC_PKT_HDR
*hdr
,
231 unsigned char *buf
, size_t len
, void *cbarg
)
233 if (!docorrupt
|| len
== 0)
236 buf
[(size_t)test_random() % len
] ^= 0xff;
242 static int on_datagram_cb(QTEST_FAULT
*fault
, BIO_MSG
*m
, size_t stride
,
245 if (!docorrupt
|| m
->data_len
== 0)
248 if (!qtest_fault_resize_datagram(fault
, m
->data_len
- 1))
257 * Test 1: Corrupt by flipping bits in an encrypted packet
258 * Test 2: Corrupt by truncating an entire datagram
260 static int test_corrupted_data(int idx
)
262 QTEST_FAULT
*fault
= NULL
;
264 SSL_CTX
*cctx
= SSL_CTX_new(OSSL_QUIC_client_method());
265 QUIC_TSERVER
*qtserv
= NULL
;
267 char *msg
= "Hello World!";
268 size_t msglen
= strlen(msg
);
269 unsigned char buf
[80];
270 size_t bytesread
, byteswritten
;
271 uint64_t sid
= UINT64_MAX
;
276 if (!TEST_true(qtest_create_quic_objects(NULL
, cctx
, NULL
, cert
, privkey
,
277 QTEST_FLAG_FAKE_TIME
, &qtserv
,
278 &cssl
, &fault
, NULL
)))
282 /* Listen for encrypted packets being sent */
283 if (!TEST_true(qtest_fault_set_packet_cipher_listener(fault
,
288 /* Listen for datagrams being sent */
289 if (!TEST_true(qtest_fault_set_datagram_listener(fault
,
294 if (!TEST_true(qtest_create_quic_connection(qtserv
, cssl
)))
297 /* Corrupt the next server packet*/
300 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv
, /*is_uni=*/0, &sid
))
301 || !TEST_uint64_t_eq(sid
, 1))
305 * Send first 5 bytes of message. This will get corrupted and is treated as
308 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
, (unsigned char *)msg
, 5,
312 if (!TEST_size_t_eq(byteswritten
, 5))
316 * Introduce a small delay so that the above packet has time to be detected
317 * as lost. Loss detection times are based on RTT which should be very
318 * fast for us since there isn't really a network. The loss delay timer is
319 * always at least 1ms though. We skip forward 100ms
323 /* Send rest of message */
324 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
, (unsigned char *)msg
+ 5,
325 msglen
- 5, &byteswritten
)))
328 if (!TEST_size_t_eq(byteswritten
, msglen
- 5))
332 * Receive the corrupted packet. This should get dropped and is effectively
333 * "lost". We also process the second packet which should be decrypted
334 * successfully. Therefore we ack the frames in it
336 if (!TEST_true(SSL_handle_events(cssl
)))
340 * Process the ack. Detect that the first part of the message must have
341 * been lost due to the time elapsed since it was sent and resend it
343 ossl_quic_tserver_tick(qtserv
);
345 /* Receive and process the newly arrived message data resend */
346 if (!TEST_true(SSL_handle_events(cssl
)))
349 /* The whole message should now have arrived */
350 if (!TEST_true(SSL_read_ex(cssl
, buf
, sizeof(buf
), &bytesread
)))
353 if (!TEST_mem_eq(msg
, msglen
, buf
, bytesread
))
357 * If the test was successful then we corrupted exactly one packet and
358 * docorrupt was reset
360 if (!TEST_false(docorrupt
))
365 qtest_fault_free(fault
);
367 ossl_quic_tserver_free(qtserv
);
372 OPT_TEST_DECLARE_USAGE("certsdir\n")
374 int setup_tests(void)
376 char *certsdir
= NULL
;
378 if (!test_skip_common_options()) {
379 TEST_error("Error parsing test options\n");
383 if (!TEST_ptr(certsdir
= test_get_argument(0)))
386 cert
= test_mk_file_path(certsdir
, "servercert.pem");
390 privkey
= test_mk_file_path(certsdir
, "serverkey.pem");
394 ADD_TEST(test_basic
);
395 ADD_TEST(test_unknown_frame
);
396 ADD_ALL_TESTS(test_drop_extensions
, 2);
397 ADD_ALL_TESTS(test_corrupted_data
, 2);
403 OPENSSL_free(privkey
);
407 void cleanup_tests(void)
410 OPENSSL_free(privkey
);