mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 21:38:23 +00:00
Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in the TLS case. Because currently there are no testing facilities to check that renegotiation routines are triggered after X number of input/output messages, the test consists on setting a renegotiation period that cannot be represented in 6 bytes, but whose least-significant byte is 2. If the library behaves correctly, the renegotiation routines will be executed after two exchanged.
This commit is contained in:
parent
18c5c59b5b
commit
692ad84e5c
2 changed files with 34 additions and 6 deletions
|
@ -63,6 +63,8 @@ int main( void )
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <inttypes.h>
|
||||||
|
|
||||||
#if !defined(_WIN32)
|
#if !defined(_WIN32)
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
|
@ -113,7 +115,7 @@ int main( void )
|
||||||
#define DFL_ALLOW_LEGACY -2
|
#define DFL_ALLOW_LEGACY -2
|
||||||
#define DFL_RENEGOTIATE 0
|
#define DFL_RENEGOTIATE 0
|
||||||
#define DFL_RENEGO_DELAY -2
|
#define DFL_RENEGO_DELAY -2
|
||||||
#define DFL_RENEGO_PERIOD -1
|
#define DFL_RENEGO_PERIOD ( (uint64_t)-1 )
|
||||||
#define DFL_EXCHANGES 1
|
#define DFL_EXCHANGES 1
|
||||||
#define DFL_MIN_VERSION -1
|
#define DFL_MIN_VERSION -1
|
||||||
#define DFL_MAX_VERSION -1
|
#define DFL_MAX_VERSION -1
|
||||||
|
@ -292,7 +294,7 @@ int main( void )
|
||||||
" renegotiation=%%d default: 0 (disabled)\n" \
|
" renegotiation=%%d default: 0 (disabled)\n" \
|
||||||
" renegotiate=%%d default: 0 (disabled)\n" \
|
" renegotiate=%%d default: 0 (disabled)\n" \
|
||||||
" renego_delay=%%d default: -2 (library default)\n" \
|
" renego_delay=%%d default: -2 (library default)\n" \
|
||||||
" renego_period=%%d default: (library default)\n"
|
" renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_RENEGO ""
|
#define USAGE_RENEGO ""
|
||||||
#endif
|
#endif
|
||||||
|
@ -351,6 +353,19 @@ int main( void )
|
||||||
" force_ciphersuite=<name> default: all enabled\n" \
|
" force_ciphersuite=<name> default: all enabled\n" \
|
||||||
" acceptable ciphersuite names:\n"
|
" acceptable ciphersuite names:\n"
|
||||||
|
|
||||||
|
|
||||||
|
#define PUT_UINT64_BE(out_be,in_le,i) \
|
||||||
|
{ \
|
||||||
|
(out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \
|
||||||
|
(out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \
|
||||||
|
(out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \
|
||||||
|
(out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \
|
||||||
|
(out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \
|
||||||
|
(out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \
|
||||||
|
(out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \
|
||||||
|
(out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* global options
|
* global options
|
||||||
*/
|
*/
|
||||||
|
@ -377,7 +392,7 @@ struct options
|
||||||
int allow_legacy; /* allow legacy renegotiation */
|
int allow_legacy; /* allow legacy renegotiation */
|
||||||
int renegotiate; /* attempt renegotiation? */
|
int renegotiate; /* attempt renegotiation? */
|
||||||
int renego_delay; /* delay before enforcing renegotiation */
|
int renego_delay; /* delay before enforcing renegotiation */
|
||||||
int renego_period; /* period for automatic renegotiation */
|
uint64_t renego_period; /* period for automatic renegotiation */
|
||||||
int exchanges; /* number of data exchanges */
|
int exchanges; /* number of data exchanges */
|
||||||
int min_version; /* minimum protocol version accepted */
|
int min_version; /* minimum protocol version accepted */
|
||||||
int max_version; /* maximum protocol version accepted */
|
int max_version; /* maximum protocol version accepted */
|
||||||
|
@ -1041,8 +1056,8 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "renego_period" ) == 0 )
|
else if( strcmp( p, "renego_period" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.renego_period = atoi( q );
|
if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 ||
|
||||||
if( opt.renego_period < 2 || opt.renego_period > 255 )
|
opt.renego_period < 2 )
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "exchanges" ) == 0 )
|
else if( strcmp( p, "exchanges" ) == 0 )
|
||||||
|
@ -1757,7 +1772,7 @@ int main( int argc, char *argv[] )
|
||||||
|
|
||||||
if( opt.renego_period != DFL_RENEGO_PERIOD )
|
if( opt.renego_period != DFL_RENEGO_PERIOD )
|
||||||
{
|
{
|
||||||
renego_period[7] = opt.renego_period;
|
PUT_UINT64_BE( renego_period, opt.renego_period, 0 );
|
||||||
mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
|
mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -1601,6 +1601,19 @@ run_test "Renegotiation: DTLS, server-initiated" \
|
||||||
-s "=> renegotiate" \
|
-s "=> renegotiate" \
|
||||||
-s "write hello request"
|
-s "write hello request"
|
||||||
|
|
||||||
|
run_test "Renegotiation: DTLS, renego_period overflow" \
|
||||||
|
"$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
|
||||||
|
"$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
|
||||||
|
0 \
|
||||||
|
-c "client hello, adding renegotiation extension" \
|
||||||
|
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||||
|
-s "found renegotiation extension" \
|
||||||
|
-s "server hello, secure renegotiation extension" \
|
||||||
|
-s "record counter limit reached: renegotiate" \
|
||||||
|
-c "=> renegotiate" \
|
||||||
|
-s "=> renegotiate" \
|
||||||
|
-s "write hello request" \
|
||||||
|
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
|
run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
|
||||||
"$G_SRV -u --mtu 4096" \
|
"$G_SRV -u --mtu 4096" \
|
||||||
|
|
Loading…
Reference in a new issue