Add tests for cache timeout

2024-11-24 15:08:20 +00:00 · 2014-02-20 22:50:56 +01:00 · 2014-02-20 22:50:56 +01:00 · c55a5b7d6f
commit c55a5b7d6f
parent dfbf9c711d
3 changed files with 100 additions and 16 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -37,6 +37,10 @@
 #include "polarssl/x509.h"
 #include "polarssl/error.h"

+#if defined(POLARSSL_TIMING_C)
+#include "polarssl/timing.h"
+#endif
+
 #define DFL_SERVER_NAME         "localhost"
 #define DFL_SERVER_PORT         4433
 #define DFL_REQUEST_PAGE        "/"
@ -57,6 +61,7 @@
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          0
 #define DFL_RECONNECT           0
+#define DFL_RECO_DELAY          0
 #define DFL_TICKETS             SSL_SESSION_TICKETS_ENABLED

 #define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-"   \
@ -97,6 +102,7 @@ struct options
    unsigned char mfl_code;     /* code for maximum fragment length         */
    int trunc_hmac;             /* negotiate truncated hmac or not          */
    int reconnect;              /* attempt to resume session                */
+    int reco_delay;             /* delay in seconds before resuming session */
    int tickets;                /* enable / disable session tickets         */
 } opt;

@ -198,6 +204,13 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
 #define USAGE_MAX_FRAG_LEN ""
 #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */

+#if defined(POLARSSL_TIMING_C)
+#define USAGE_TIME \
+    "    reco_delay=%%d      default: 0 seconds\n"
+#else
+#define USAGE_TIME ""
+#endif /* POLARSSL_TIMING_C */
+
 #define USAGE \
    "\n usage: ssl_client2 param=<>...\n"                   \
    "\n acceptable parameters:\n"                           \
@ -216,6 +229,7 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
    "    allow_legacy=%%d     default: 0 (disabled)\n"      \
    "    renegotiate=%%d      default: 0 (disabled)\n"      \
    "    reconnect=%%d        default: 0 (disabled)\n"      \
+    USAGE_TIME                                              \
    USAGE_TICKETS                                           \
    USAGE_MAX_FRAG_LEN                                      \
    USAGE_TRUNC_HMAC                                        \
@ -320,6 +334,7 @@ int main( int argc, char *argv[] )
    opt.mfl_code            = DFL_MFL_CODE;
    opt.trunc_hmac          = DFL_TRUNC_HMAC;
    opt.reconnect           = DFL_RECONNECT;
+    opt.reco_delay          = DFL_RECO_DELAY;
    opt.tickets             = DFL_TICKETS;

    for( i = 1; i < argc; i++ )
@ -393,6 +408,12 @@ int main( int argc, char *argv[] )
            if( opt.reconnect < 0 || opt.reconnect > 2 )
                goto usage;
        }
+        else if( strcmp( p, "reco_delay" ) == 0 )
+        {
+            opt.reco_delay = atoi( q );
+            if( opt.reco_delay < 0 )
+                goto usage;
+        }
        else if( strcmp( p, "tickets" ) == 0 )
        {
            opt.tickets = atoi( q );
@ -892,8 +913,10 @@ send_request:
    {
        --opt.reconnect;

-        // printf( "  ! Press a key to reconnect\n" );
-        // (void) getchar();
+#if defined(POLARSSL_TIMING_C)
+        if( opt.reco_delay > 0 )
+            m_sleep( 1000 * opt.reco_delay );
+#endif

        printf( "  . Reconnecting with saved session..." );
        fflush( stdout );
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -70,6 +70,7 @@
 #define DFL_MFL_CODE            SSL_MAX_FRAG_LEN_NONE
 #define DFL_TICKETS             SSL_SESSION_TICKETS_ENABLED
 #define DFL_CACHE_MAX           -1
+#define DFL_CACHE_TIMEOUT       -1

 #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
    "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n"  \
@ -112,6 +113,7 @@ struct options
    unsigned char mfl_code;     /* code for maximum fragment length         */
    int tickets;                /* enable / disable session tickets         */
    int cache_max;              /* max number of session cache entries      */
+    int cache_timeout;          /* expiration delay of session cache entries */
 } opt;

 static void my_debug( void *ctx, int level, const char *str )
@ -166,7 +168,8 @@ static void my_debug( void *ctx, int level, const char *str )

 #if defined(POLARSSL_SSL_CACHE_C)
 #define USAGE_CACHE                                             \
-    "   cache_max=%%d         default: cache default (50)\n"
+    "    cache_max=%%d        default: cache default (50)\n"    \
+    "    cache_timeout=%%d    default: cache default (1d)\n"
 #else
 #define USAGE_CACHE ""
 #endif /* POLARSSL_SSL_CACHE_C */
@ -196,6 +199,7 @@ static void my_debug( void *ctx, int level, const char *str )
    "    allow_legacy=%%d     default: 0 (disabled)\n"      \
    "    renegotiate=%%d      default: 0 (disabled)\n"      \
    USAGE_TICKETS                                           \
+    USAGE_CACHE                                             \
    USAGE_MAX_FRAG_LEN                                      \
    "\n"                                                    \
    "    min_version=%%s      default: \"ssl3\"\n"          \
@ -317,6 +321,7 @@ int main( int argc, char *argv[] )
    opt.mfl_code            = DFL_MFL_CODE;
    opt.tickets             = DFL_TICKETS;
    opt.cache_max           = DFL_CACHE_MAX;
+    opt.cache_timeout       = DFL_CACHE_TIMEOUT;

    for( i = 1; i < argc; i++ )
    {
@ -472,6 +477,12 @@ int main( int argc, char *argv[] )
            if( opt.cache_max < 0 )
                goto usage;
        }
+        else if( strcmp( p, "cache_timeout" ) == 0 )
+        {
+            opt.cache_timeout = atoi( q );
+            if( opt.cache_timeout < 0 )
+                goto usage;
+        }
        else
            goto usage;
    }
@ -745,6 +756,9 @@ int main( int argc, char *argv[] )
    if( opt.cache_max != -1 )
        ssl_cache_set_max_entries( &cache, opt.cache_max );

+    if( opt.cache_timeout != -1 )
+        ssl_cache_set_timeout( &cache, opt.cache_timeout );
+
    ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
                                 ssl_cache_set, &cache );
 #endif
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -27,7 +27,7 @@ run_test() {
    sleep 1
    $CLI_CMD $2 > cli_out
    CLI_EXIT=$?
-    echo SERVERQUIT | openssl s_client >/dev/null 2>&1
+    echo SERVERQUIT | openssl s_client -no_ticket >/dev/null 2>&1
    wait $SRV_PID
    shift 2

@ -106,6 +106,11 @@ run_test    "Session resume using tickets #1" \
            "debug_level=4 tickets=1" \
            "debug_level=4 reconnect=1 tickets=1" \
            0 \
+            -c "client hello, adding session ticket extension" \
+            -s "found session ticket extension" \
+            -s "server hello, adding session ticket extension" \
+            -c "found session_ticket extension" \
+            -c "parse new session ticket" \
            -S "session successfully restored from cache" \
            -s "session successfully restored from ticket" \
            -s "a session has been resumed" \
@ -115,43 +120,85 @@ run_test    "Session resume using tickets #2" \
            "debug_level=4 tickets=1 cache_max=0" \
            "debug_level=4 reconnect=1 tickets=1" \
            0 \
+            -c "client hello, adding session ticket extension" \
+            -s "found session ticket extension" \
+            -s "server hello, adding session ticket extension" \
+            -c "found session_ticket extension" \
+            -c "parse new session ticket" \
            -S "session successfully restored from cache" \
            -s "session successfully restored from ticket" \
            -s "a session has been resumed" \
            -c "a session has been resumed"

-# Test for Session Resume based on session-ID and cache
+# Tests for Session Resume based on session-ID and cache

-run_test    "Session resume using cache #1" \
+run_test    "Session resume using cache #1 (tickets enabled on client)" \
            "debug_level=4 tickets=0" \
-            "debug_level=4 reconnect=1 tickets=1" \
+            "debug_level=4 tickets=1 reconnect=1" \
            0 \
+            -c "client hello, adding session ticket extension" \
+            -s "found session ticket extension" \
+            -S "server hello, adding session ticket extension" \
+            -C "found session_ticket extension" \
+            -C "parse new session ticket" \
            -s "session successfully restored from cache" \
            -S "session successfully restored from ticket" \
            -s "a session has been resumed" \
            -c "a session has been resumed"

-run_test    "Session resume using cache #2" \
+run_test    "Session resume using cache #2 (tickets enabled on server)" \
            "debug_level=4 tickets=1" \
-            "debug_level=4 reconnect=1 tickets=0" \
+            "debug_level=4 tickets=0 reconnect=1" \
            0 \
+            -C "client hello, adding session ticket extension" \
+            -S "found session ticket extension" \
+            -S "server hello, adding session ticket extension" \
+            -C "found session_ticket extension" \
+            -C "parse new session ticket" \
            -s "session successfully restored from cache" \
            -S "session successfully restored from ticket" \
            -s "a session has been resumed" \
            -c "a session has been resumed"

-run_test    "Session resume using cache #3" \
+run_test    "Session resume using cache #3 (cache_max=0)" \
            "debug_level=4 tickets=0 cache_max=0" \
-            "debug_level=4 reconnect=1 tickets=0" \
+            "debug_level=4 tickets=0 reconnect=1" \
            0 \
            -S "session successfully restored from cache" \
            -S "session successfully restored from ticket" \
-            -s "no session has been resumed" \
-            -c "no session has been resumed"
+            -S "a session has been resumed" \
+            -C "a session has been resumed"

-run_test    "Session resume using cache #4" \
-            "debug_level=4 tickets=1 cache_max=1" \
-            "debug_level=4 reconnect=1 tickets=0" \
+run_test    "Session resume using cache #4 (cache_max=1)" \
+            "debug_level=4 tickets=0 cache_max=1" \
+            "debug_level=4 tickets=0 reconnect=1" \
+            0 \
+            -s "session successfully restored from cache" \
+            -S "session successfully restored from ticket" \
+            -s "a session has been resumed" \
+            -c "a session has been resumed"
+
+run_test    "Session resume using cache #5 (timemout > delay)" \
+            "debug_level=4 tickets=0 cache_timeout=1" \
+            "debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
+            0 \
+            -s "session successfully restored from cache" \
+            -S "session successfully restored from ticket" \
+            -s "a session has been resumed" \
+            -c "a session has been resumed"
+
+run_test    "Session resume using cache #6 (timeout < delay)" \
+            "debug_level=4 tickets=0 cache_timeout=1" \
+            "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
+            0 \
+            -S "session successfully restored from cache" \
+            -S "session successfully restored from ticket" \
+            -S "a session has been resumed" \
+            -C "a session has been resumed"
+
+run_test    "Session resume using cache #7 (no timeout)" \
+            "debug_level=4 tickets=0 cache_timeout=0" \
+            "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
            0 \
            -s "session successfully restored from cache" \
            -S "session successfully restored from ticket" \