diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-17 09:52:01 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-18 11:21:25 +0200 |
commit | dfc40f1250228278ec4c0d1d5bc29d396605b535 (patch) | |
tree | cad0e564b47e9ef72d02ad3b15295a1855a76395 | |
parent | 21c56085c53e0aedd6379764167c2651f3045c04 (diff) | |
download | gnutls-dfc40f1250228278ec4c0d1d5bc29d396605b535.tar.gz |
tests: added reproducers for receiving app data when rehandshake is expected
Relates: #426
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/Makefile.am | 5 | ||||
-rw-r--r-- | tests/eagain.c | 29 | ||||
-rw-r--r-- | tests/tls12-rehandshake-cert.c | 138 |
3 files changed, 132 insertions, 40 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 60cebadaec..88f56455c8 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -132,7 +132,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei tls12-cipher-neg tls11-cipher-neg tls10-cipher-neg ssl30-cipher-neg \ crq_apis init_roundtrip pkcs12_s2k_pem dn2 tls12-rehandshake-cert-3 \ nul-in-x509-names x509_altname pkcs12_encode mini-x509 \ - tls12-rehandshake-cert rng-fork mini-eagain-dtls resume-dtls \ + rng-fork mini-eagain-dtls resume-dtls \ tls13-rehandshake-cert gnutls_ext_raw_parse \ x509cert x509cert-tl infoaccess mini-dtls-hello-verify sign-verify-ed25519-rfc8080 \ trustdb-tofu dtls-rehandshake-anon mini-alpn mini-dtls-large \ @@ -201,7 +201,7 @@ endif if HAVE_CMOCKA CMOCKA_LDADD = $(COMMON_LDADD) $(CMOCKA_LIBS) ctests += dtls-sliding-window ip-utils name-constraints-ip conv-utf8 str-unicode str-idna \ - tls10-prf tls12-prf gnutls_record_overhead eagain + tls10-prf tls12-prf gnutls_record_overhead eagain tls12-rehandshake-cert gnutls_record_overhead_LDADD = $(CMOCKA_LDADD) dtls_sliding_window_LDADD = $(CMOCKA_LDADD) @@ -213,6 +213,7 @@ str_idna_LDADD = $(CMOCKA_LDADD) tls10_prf_LDADD = $(CMOCKA_LDADD) tls12_prf_LDADD = $(CMOCKA_LDADD) eagain_LDADD = $(CMOCKA_LDADD) +tls12_rehandshake_cert_LDADD = $(CMOCKA_LDADD) gnutls_record_overhead_CPPFLAGS = $(AM_CPPFLAGS) \ -I$(top_srcdir)/gl \ diff --git a/tests/eagain.c b/tests/eagain.c index 968f99b839..4eff818e5a 100644 --- a/tests/eagain.c +++ b/tests/eagain.c @@ -35,6 +35,9 @@ #include "cert-common.h" #include "cmocka-common.h" +/* This tests operation under non-blocking mode in TLS1.2/TLS1.3 + * as well as operation under TLS1.2 re-handshake. + */ static void tls_log_func(int level, const char *str) { fprintf(stderr, "<%d>| %s", level, str); @@ -83,7 +86,7 @@ static void async_handshake(void **glob_state, const char *prio, unsigned rehsk) gnutls_transport_set_ptr(server, server); /* Init client */ - + ret = gnutls_certificate_allocate_credentials(&clientx509cred); assert_return_code(ret, 0); @@ -103,7 +106,7 @@ static void async_handshake(void **glob_state, const char *prio, unsigned rehsk) HANDSHAKE(client, server); - if (rehsk == 1) { + if (rehsk == 1 || rehsk == 3) { ssize_t n; char b[1]; @@ -117,6 +120,22 @@ static void async_handshake(void **glob_state, const char *prio, unsigned rehsk) assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + if (rehsk == 3) { + /* client sends app data and the server ignores them */ + do { + cret = gnutls_record_send(client, "x", 1); + } while (cret == GNUTLS_E_AGAIN); + + do { + sret = gnutls_handshake(server); + } while (sret == GNUTLS_E_AGAIN); + assert_int_equal(sret, GNUTLS_E_GOT_APPLICATION_DATA); + + do { + n = gnutls_record_recv(server, buffer, sizeof(buffer)); + } while(n == GNUTLS_E_AGAIN); + } + HANDSHAKE(client, server); } else if (rehsk == 2) { HANDSHAKE(client, server); @@ -152,6 +171,11 @@ static void tls12_async_rehandshake_server(void **glob_state) async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 2); } +static void tls12_async_rehandshake_server_appdata(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 3); +} + static void tls13_async_handshake(void **glob_state) { async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); @@ -163,6 +187,7 @@ int main(void) cmocka_unit_test(tls12_async_handshake), cmocka_unit_test(tls12_async_rehandshake_client), cmocka_unit_test(tls12_async_rehandshake_server), + cmocka_unit_test(tls12_async_rehandshake_server_appdata), cmocka_unit_test(tls13_async_handshake), }; return cmocka_run_group_tests(tests, NULL, NULL); diff --git a/tests/tls12-rehandshake-cert.c b/tests/tls12-rehandshake-cert.c index 998d997363..226ee6e1f3 100644 --- a/tests/tls12-rehandshake-cert.c +++ b/tests/tls12-rehandshake-cert.c @@ -1,7 +1,8 @@ /* * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. * - * Author: Simon Josefsson + * Author: Simon Josefsson, Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * @@ -15,9 +16,8 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> */ #ifdef HAVE_CONFIG_H @@ -29,22 +29,20 @@ #include <string.h> #include <errno.h> #include <gnutls/gnutls.h> -#include "utils.h" -#include "eagain-common.h" + #include "cert-common.h" +#include "cmocka-common.h" /* This program tests server initiated rehandshake */ -const char *side = ""; - static void tls_log_func(int level, const char *str) { - fprintf(stderr, "%s|<%d>| %s", side, level, str); + fprintf(stderr, "<%d>| %s", level, str); } #define MAX_REHANDSHAKES 16 -void doit(void) +static void test_rehandshake(void **glob_state, unsigned appdata) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -54,53 +52,102 @@ void doit(void) gnutls_certificate_credentials_t clientx509cred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + char buffer[64]; + int ret; unsigned i; /* General init. */ - global_init(); + reset_buffers(); + ret = gnutls_global_init(); + assert_return_code(ret, 0); + gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(6); /* Init server */ - gnutls_certificate_allocate_credentials(&serverx509cred); - gnutls_certificate_set_x509_key_mem(serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); - gnutls_init(&server, GNUTLS_SERVER); - gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); - gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + ret = gnutls_certificate_allocate_credentials(&serverx509cred); + assert_return_code(ret, 0); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + assert_return_code(ret, 0); + + ret = gnutls_init(&server, GNUTLS_SERVER); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert_return_code(ret, 0); + + ret = gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + assert_return_code(ret, 0); + gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); /* Init client */ - gnutls_certificate_allocate_credentials(&clientx509cred); - gnutls_init(&client, GNUTLS_CLIENT); - gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); - gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + assert_return_code(ret, 0); + gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); HANDSHAKE(client, server); - for (i=0;i<MAX_REHANDSHAKES;i++) { - sret = gnutls_rehandshake(server); - if (debug) - success("gnutls_rehandshake %d (server)...\n", i); + if (appdata) { + /* send application data prior to handshake */ + ssize_t n; + char b[1]; - { - ssize_t n; - char b[1]; + do { + sret = gnutls_rehandshake(server); + } while (sret == GNUTLS_E_AGAIN); + + do { n = gnutls_record_recv(client, b, 1); - if (n != GNUTLS_E_REHANDSHAKE) - fail("client did not receive the expected rehandshake error code\n"); - } + } while(n == GNUTLS_E_AGAIN); + + assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + + /* client sends app data and the server ignores them */ + do { + cret = gnutls_record_send(client, "x", 1); + } while (cret == GNUTLS_E_AGAIN); + + do { + sret = gnutls_handshake(server); + } while (sret == GNUTLS_E_AGAIN); + assert_int_equal(sret, GNUTLS_E_GOT_APPLICATION_DATA); + + do { + n = gnutls_record_recv(server, buffer, sizeof(buffer)); + } while(n == GNUTLS_E_AGAIN); HANDSHAKE(client, server); + } else { + ssize_t n; + char b[1]; + + for (i=0;i<MAX_REHANDSHAKES;i++) { + sret = gnutls_rehandshake(server); + + n = gnutls_record_recv(client, b, 1); + assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + + HANDSHAKE(client, server); + } } gnutls_bye(client, GNUTLS_SHUT_RDWR); @@ -114,3 +161,22 @@ void doit(void) gnutls_global_deinit(); } + +static void tls12_rehandshake_server(void **glob_state) +{ + test_rehandshake(glob_state, 0); +} + +static void tls12_rehandshake_server_appdata(void **glob_state) +{ + test_rehandshake(glob_state, 1); +} + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(tls12_rehandshake_server), + cmocka_unit_test(tls12_rehandshake_server_appdata), + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} |