QUIC QRX: Test for 1-RTT processing restriction

author Hugo Landau <hlandau@openssl.org>

Tue, 25 Jul 2023 10:32:25 +0000 (11:32 +0100)

committer Matt Caswell <matt@openssl.org>

Tue, 8 Aug 2023 13:33:42 +0000 (14:33 +0100)
author Hugo Landau <hlandau@openssl.org>
Tue, 25 Jul 2023 10:32:25 +0000 (11:32 +0100)
committer Matt Caswell <matt@openssl.org>
Tue, 8 Aug 2023 13:33:42 +0000 (14:33 +0100)
diff --git a/test/quic_record_test.c b/test/quic_record_test.c

index ef0aa9bd623a7f3c1303455c4bddb6ed7fbc39bb..89d9451a32e2fcbb2c6b48c86f6ddafbc365b1de 100644 (file)
--- a/test/quic_record_test.c
+++ b/test/quic_record_test.c
@@ -32,6 +32,7 @@ static const QUIC_CONN_ID empty_conn_id = {0, {0}};
  #define RX_TEST_OP_KEY_UPDATE_TIMEOUT     11 /* complete key update process */
  #define RX_TEST_OP_SET_INIT_KEY_PHASE     12 /* initial Key Phase bit value */
  #define RX_TEST_OP_CHECK_PKT_EPOCH        13 /* check read key epoch matches */
+#define RX_TEST_OP_ALLOW_1RTT             14 /* allow 1RTT packet processing */
  
  struct rx_test_op {
      unsigned char op;
@@ -81,6 +82,8 @@ struct rx_test_op {
      { RX_TEST_OP_SET_INIT_KEY_PHASE, 0, NULL, 0, NULL, (kp_bit), 0, 0, NULL },
  #define RX_OP_CHECK_PKT_EPOCH(expected) \
      { RX_TEST_OP_CHECK_PKT_EPOCH, 0, NULL, 0, NULL, 0, 0, (expected), NULL },
+#define RX_OP_ALLOW_1RTT() \
+    { RX_TEST_OP_ALLOW_1RTT, 0, NULL, 0, NULL, 0, 0, 0, NULL },
  
  #define RX_OP_INJECT_N(n)                                          \
      RX_OP_INJECT(rx_script_##n##_in)
@@ -168,6 +171,7 @@ static const QUIC_PKT_HDR rx_script_2_expect_hdr = {
  };
  
  static const struct rx_test_op rx_script_2[] = {
+    RX_OP_ALLOW_1RTT()
      RX_OP_SET_INIT_LARGEST_PN(654360560)
      RX_OP_ADD_RX_DCID(empty_conn_id)
      RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT, QRL_SUITE_CHACHA20POLY1305,
@@ -587,6 +591,7 @@ static const unsigned char rx_script_5c_body[] = {
  };
  
  static const struct rx_test_op rx_script_5[] = {
+    RX_OP_ALLOW_1RTT()
      RX_OP_ADD_RX_DCID(empty_conn_id)
      RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
      RX_OP_INJECT_N(5)
@@ -955,6 +960,7 @@ static const unsigned char rx_script_6c_body[] = {
  };
  
  static const struct rx_test_op rx_script_6[] = {
+    RX_OP_ALLOW_1RTT()
      RX_OP_ADD_RX_DCID(empty_conn_id)
      RX_OP_PROVIDE_SECRET_INITIAL(rx_script_6_c2s_init_dcid)
      RX_OP_INJECT_N(6)
@@ -1317,6 +1323,7 @@ static const unsigned char rx_script_7c_body[] = {
  };
  
  static const struct rx_test_op rx_script_7[] = {
+    RX_OP_ALLOW_1RTT()
      RX_OP_ADD_RX_DCID(empty_conn_id)
      RX_OP_PROVIDE_SECRET_INITIAL(rx_script_7_c2s_init_dcid)
      RX_OP_INJECT_N(7)
@@ -1575,6 +1582,7 @@ static const unsigned char rx_script_8f_body[] = {
  };
  
  static const struct rx_test_op rx_script_8[] = {
+    RX_OP_ALLOW_1RTT()
      RX_OP_ADD_RX_DCID(empty_conn_id)
      /* Inject before we get the keys */
      RX_OP_INJECT_N(8a)
@@ -1666,6 +1674,28 @@ static const struct rx_test_op rx_script_8[] = {
      RX_OP_END
  };
  
+/* 9. 1-RTT Deferral Test */
+static const struct rx_test_op rx_script_9[] = {
+    RX_OP_ADD_RX_DCID(empty_conn_id)
+    RX_OP_PROVIDE_SECRET_INITIAL(rx_script_5_c2s_init_dcid)
+    RX_OP_INJECT_N(5)
+
+    RX_OP_CHECK_PKT_N(5a)
+    RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
+    RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_HANDSHAKE,
+                      QRL_SUITE_AES128GCM, rx_script_5_handshake_secret)
+    RX_OP_CHECK_PKT_N(5b)
+    RX_OP_CHECK_NO_PKT() /* not got secret for next packet yet */
+    RX_OP_PROVIDE_SECRET(QUIC_ENC_LEVEL_1RTT,
+                      QRL_SUITE_AES128GCM, rx_script_5_1rtt_secret)
+    RX_OP_CHECK_NO_PKT() /* still nothing - 1-RTT not enabled */
+    RX_OP_ALLOW_1RTT()
+    RX_OP_CHECK_PKT_N(5c) /* now we get the 1-RTT packet */
+    RX_OP_CHECK_NO_PKT()
+
+    RX_OP_END
+};
+
  static const struct rx_test_op *rx_scripts[] = {
      rx_script_1,
  #ifndef OPENSSL_NO_CHACHA
@@ -1678,7 +1708,8 @@ static const struct rx_test_op *rx_scripts[] = {
  #ifndef OPENSSL_NO_CHACHA
      rx_script_7,
  #endif
-    rx_script_8
+    rx_script_8,
+    rx_script_9
  };
  
  struct rx_state {
@@ -1691,6 +1722,8 @@ struct rx_state {
      /* Used for the RX depacketizer */
      SSL_CTX            *quic_ssl_ctx;
      QUIC_CONNECTION    *quic_conn;
+
+    int                 allow_1rtt;
  };
  
  static void rx_state_teardown(struct rx_state *s)
@@ -1744,7 +1777,9 @@ static int rx_state_ensure(struct rx_state *s)
          && !TEST_ptr(s->qrx = ossl_qrx_new(&s->args)))
          return 0;
  
-    ossl_qrx_allow_1rtt_processing(s->qrx);
+    if (s->allow_1rtt)
+        ossl_qrx_allow_1rtt_processing(s->qrx);
+
      return 1;
  }
  
@@ -1865,6 +1900,13 @@ static int rx_run_script(const struct rx_test_op *script)
              case RX_TEST_OP_SET_INIT_KEY_PHASE:
                  rx_state_teardown(&s);
                  s.args.init_key_phase_bit = (unsigned char)op->enc_level;
+                break;
+            case RX_TEST_OP_ALLOW_1RTT:
+                s.allow_1rtt = 1;
+
+                if (!TEST_true(rx_state_ensure(&s)))
+                    goto err;
+
                  break;
              default:
                  OPENSSL_assert(0);
author	Hugo Landau <hlandau@openssl.org>
	Tue, 25 Jul 2023 10:32:25 +0000 (11:32 +0100)
committer	Matt Caswell <matt@openssl.org>
	Tue, 8 Aug 2023 13:33:42 +0000 (14:33 +0100)