From: Nikos Mavrogiannopoulos Date: Thu, 14 Apr 2016 17:23:13 +0000 (+0200) Subject: tests: enhanced the false start checks X-Git-Tag: gnutls_3_5_0~138 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9cf6fae67a08e2e67bb0f0fa8bf83180aa974f32;p=thirdparty%2Fgnutls.git tests: enhanced the false start checks These now check whether sending and receiving is performed as expected after handshake, DTLS, as well as test explicit handshake called by the application. --- diff --git a/tests/handshake-false-start.c b/tests/handshake-false-start.c index 60bf3f401f..38bc269964 100644 --- a/tests/handshake-false-start.c +++ b/tests/handshake-false-start.c @@ -43,21 +43,20 @@ static void tls_log_func(int level, const char *str) #define TESTDATA "xxxtesttest1234" /* counts the number of calls of send_testdata() within a handshake */ -static int counter = 0; - -static int send_testdata(gnutls_session_t session) -{ - - if (counter == 0) { - counter++; - return gnutls_record_send(session, TESTDATA, sizeof(TESTDATA)-1); - } else { - fail("send_testdata was called more than once!\n"); - return GNUTLS_E_INVALID_REQUEST; - } -} - -static void try(unsigned fs, const char *prio, unsigned dhsize) +enum { + TEST_SEND_RECV, + TEST_RECV_SEND, + TEST_HANDSHAKE_CALL, + TEST_BYE, + TESTNO_MAX +}; + +#define myfail(fmt, ...) \ + fail("%s%s %d: "fmt, dtls?"-dtls":"", name, testno, ##__VA_ARGS__) + +static void try(const char *name, unsigned testno, unsigned fs, + const char *prio, unsigned dhsize, + unsigned dtls) { int ret; /* Server stuff. */ @@ -71,31 +70,38 @@ static void try(unsigned fs, const char *prio, unsigned dhsize) gnutls_certificate_credentials_t clientx509cred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN; - const gnutls_datum_t p3_2048 = { (void *) pkcs3_2048, strlen(pkcs3_2048) }; - const gnutls_datum_t p3_3072 = { (void *) pkcs3_3072, strlen(pkcs3_3072) }; + const gnutls_datum_t p3_2048 = + { (void *)pkcs3_2048, strlen(pkcs3_2048) }; + const gnutls_datum_t p3_3072 = + { (void *)pkcs3_3072, strlen(pkcs3_3072) }; gnutls_dh_params_t dh_params; + unsigned flags = 0; + + if (testno == TEST_HANDSHAKE_CALL && fs == 0) + return; + + if (dtls) + flags |= GNUTLS_DATAGRAM|GNUTLS_NONBLOCK; /* General init. */ gnutls_global_set_log_function(tls_log_func); if (debug) - gnutls_global_set_log_level(6); - + gnutls_global_set_log_level(999); gnutls_dh_params_init(&dh_params); if (dhsize < 3072) { ret = gnutls_dh_params_import_pkcs3(dh_params, &p3_2048, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); } else { ret = gnutls_dh_params_import_pkcs3(dh_params, &p3_3072, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); } /* Init server */ gnutls_anon_allocate_server_credentials(&serveranoncred); gnutls_anon_set_server_dh_params(serveranoncred, dh_params); - gnutls_certificate_allocate_credentials(&serverx509cred); gnutls_certificate_set_x509_key_mem(serverx509cred, &server_cert, &server_key, @@ -105,18 +111,15 @@ static void try(unsigned fs, const char *prio, unsigned dhsize) GNUTLS_X509_FMT_PEM); gnutls_certificate_set_dh_params(serverx509cred, dh_params); - gnutls_init(&server, GNUTLS_SERVER); - gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + gnutls_init(&server, GNUTLS_SERVER|flags); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_credentials_set(server, GNUTLS_CRD_ANON, - serveranoncred); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, serveranoncred); - gnutls_priority_set_direct(server, - prio, - NULL); + gnutls_priority_set_direct(server, prio, NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, server_pull_timeout_func); gnutls_transport_set_ptr(server, server); /* Init client */ @@ -126,21 +129,22 @@ static void try(unsigned fs, const char *prio, unsigned dhsize) if (ret < 0) exit(1); - ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + ret = + gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, + GNUTLS_X509_FMT_PEM); if (ret < 0) exit(1); - ret = gnutls_init(&client, GNUTLS_CLIENT); + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_FALSE_START|flags); if (ret < 0) exit(1); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + clientx509cred); if (ret < 0) exit(1); - ret = gnutls_credentials_set(client, GNUTLS_CRD_ANON, - clientanoncred); + ret = gnutls_credentials_set(client, GNUTLS_CRD_ANON, clientanoncred); if (ret < 0) exit(1); @@ -150,52 +154,119 @@ static void try(unsigned fs, const char *prio, unsigned dhsize) gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, client_pull_timeout_func); gnutls_transport_set_ptr(client, client); - ret = gnutls_handshake_set_false_start_function(server, send_testdata, 0); - if (ret != GNUTLS_E_INVALID_REQUEST) { - fail("gnutls_handshake_set_appdata: unexpected error code (%d) for server!\n", ret); - } - - ret = gnutls_handshake_set_false_start_function(client, send_testdata, 0); - if (ret != 0) { - fail("gnutls_handshake_set_appdata: unexpected error code (%d) for client!\n", ret); - } - HANDSHAKE(client, server); - /* verify whether the server received the expected data */ - ret = gnutls_record_recv(server, buffer, sizeof(buffer)); - if (ret < 0) { - fail("error receiving data: %s\n", gnutls_strerror(ret)); - } - - if (ret != sizeof(TESTDATA)-1) { - fail("error in received data size\n"); + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_FALSE_START) + && !fs) { + myfail("%d: false start occurred but not expected\n", __LINE__); } - if (memcmp(buffer, TESTDATA, ret) != 0) { - fail("error in received data\n"); + if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_FALSE_START) + && fs) { + myfail("%d: false start expected but not happened\n", __LINE__); } - if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_FALSE_START) && !fs) { - fail("false start occurred but not expected\n"); - } - - if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_FALSE_START) && fs) { - fail("false start expected but not happened\n"); + if (testno == TEST_SEND_RECV) { + side = "client"; + ret = + gnutls_record_send(client, TESTDATA, sizeof(TESTDATA) - 1); + if (ret < 0) { + myfail("%d: error sending false start data: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + side = "server"; + /* verify whether the server received the expected data */ + ret = gnutls_record_recv(server, buffer, sizeof(buffer)); + if (ret < 0) { + myfail("%d: error receiving data: %s\n", __LINE__, + gnutls_strerror(ret)); + } + + if (ret != sizeof(TESTDATA) - 1) { + myfail("%d: error in received data size\n", __LINE__); + } + + if (memcmp(buffer, TESTDATA, ret) != 0) { + myfail("%d: error in received data\n", __LINE__); + } + + /* check handshake completion */ + ret = + gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1); + if (ret < 0) { + myfail("%d: error sending false start data: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + side = "client"; + do { + ret = + gnutls_record_recv(client, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) { + myfail("%d: error receiving data: %s\n", __LINE__, + gnutls_strerror(ret)); + } + } else if (testno == TEST_RECV_SEND) { + side = "server"; + ret = + gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1); + if (ret < 0) { + myfail("%d: error sending false start data: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + side = "client"; + /* verify whether the server received the expected data */ + ret = gnutls_record_recv(client, buffer, sizeof(buffer)); + if (ret < 0) { + myfail("%d: error receiving data: %s\n", __LINE__, + gnutls_strerror(ret)); + } + + if (ret != sizeof(TESTDATA) - 1) { + myfail("%d: error in received data size\n", __LINE__); + } + + if (memcmp(buffer, TESTDATA, ret) != 0) { + myfail("%d: error in received data\n", __LINE__); + } + } else if (testno == TEST_HANDSHAKE_CALL) { + /* explicit completion by caller */ + ret = gnutls_handshake(client); + if (ret != GNUTLS_E_HANDSHAKE_DURING_FALSE_START) { + myfail + ("%d: error in explicit handshake after false start: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + goto exit; } + side = "server"; ret = gnutls_bye(server, GNUTLS_SHUT_WR); if (ret < 0) { - fail("error in server bye: %s\n", gnutls_strerror(ret)); + myfail("%d: error in server bye: %s\n", __LINE__, + gnutls_strerror(ret)); } + side = "client"; ret = gnutls_bye(client, GNUTLS_SHUT_RDWR); if (ret < 0) { - fail("error in client bye: %s\n", gnutls_strerror(ret)); + myfail("%d: error in client bye: %s\n", __LINE__, + gnutls_strerror(ret)); } + success("%5s%s \tok\n", dtls?"dtls-":"", name); + exit: gnutls_deinit(client); gnutls_deinit(server); @@ -208,25 +279,26 @@ static void try(unsigned fs, const char *prio, unsigned dhsize) void doit(void) { + unsigned i, j; + global_init(); - try(0, "NORMAL:-KX-ALL:+ANON-DH", 3072); - reset_buffers(); - counter = 0; - try(0, "NORMAL:-KX-ALL:+ANON-ECDH", 2048); - reset_buffers(); - counter = 0; - try(1, "NORMAL:-KX-ALL:+ECDHE-RSA", 2048); - reset_buffers(); - counter = 0; - try(1, "NORMAL:-KX-ALL:+ECDHE-ECDSA", 2048); - reset_buffers(); - counter = 0; - try(0, "NORMAL:-KX-ALL:+DHE-RSA", 2048); - reset_buffers(); - counter = 0; - try(1, "NORMAL:-KX-ALL:+DHE-RSA", 3072); - reset_buffers(); - counter = 0; + + for (j=0;j<2;j++) { + for (i = 0; i < TESTNO_MAX; i++) { + try("anon-dh :", i, 0, "NORMAL:-KX-ALL:+ANON-DH", 3072, j); + reset_buffers(); + try("anon-ecdh:", i, 0, "NORMAL:-KX-ALL:+ANON-ECDH", 2048, j); + reset_buffers(); + try("ecdhe-rsa:", i, 1, "NORMAL:-KX-ALL:+ECDHE-RSA", 2048, j); + reset_buffers(); + try("ecdhe-ecdsa:", i, 1, "NORMAL:-KX-ALL:+ECDHE-ECDSA", 2048, j); + reset_buffers(); + try("dhe-rsa-2048:", i, 0, "NORMAL:-KX-ALL:+DHE-RSA", 2048, j); + reset_buffers(); + try("dhe-rsa-3072:", i, 1, "NORMAL:-KX-ALL:+DHE-RSA", 3072, j); + reset_buffers(); + } + } gnutls_global_deinit(); }