1 /* $OpenBSD: dtlstest.c,v 1.18 2022/11/26 16:08:56 tb Exp $ */ 2 /* 3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <netinet/in.h> 19 #include <sys/socket.h> 20 21 #include <err.h> 22 #include <limits.h> 23 #include <poll.h> 24 #include <unistd.h> 25 26 #include <openssl/bio.h> 27 #include <openssl/err.h> 28 #include <openssl/ssl.h> 29 30 #include "bio_local.h" 31 #include "ssl_local.h" 32 33 const char *server_ca_file; 34 const char *server_cert_file; 35 const char *server_key_file; 36 37 char dtls_cookie[32]; 38 39 int debug = 0; 40 41 void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, 42 uint16_t epoch); 43 44 static void 45 hexdump(const unsigned char *buf, size_t len) 46 { 47 size_t i; 48 49 for (i = 1; i <= len; i++) 50 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); 51 52 if (len % 8) 53 fprintf(stderr, "\n"); 54 } 55 56 #define BIO_C_DELAY_COUNT 1000 57 #define BIO_C_DELAY_FLUSH 1001 58 #define BIO_C_DELAY_PACKET 1002 59 #define BIO_C_DROP_PACKET 1003 60 #define BIO_C_DROP_RANDOM 1004 61 62 struct bio_packet_monkey_ctx { 63 unsigned int delay_count; 64 unsigned int delay_mask; 65 unsigned int drop_rand; 66 unsigned int drop_mask; 67 uint8_t *delayed_msg; 68 size_t delayed_msg_len; 69 }; 70 71 static int 72 bio_packet_monkey_new(BIO *bio) 73 { 74 struct bio_packet_monkey_ctx *ctx; 75 76 if ((ctx = calloc(1, sizeof(*ctx))) == NULL) 77 return 0; 78 79 bio->flags = 0; 80 bio->init = 1; 81 bio->num = 0; 82 bio->ptr = ctx; 83 84 return 1; 85 } 86 87 static int 88 bio_packet_monkey_free(BIO *bio) 89 { 90 struct bio_packet_monkey_ctx *ctx; 91 92 if (bio == NULL) 93 return 1; 94 95 ctx = bio->ptr; 96 free(ctx->delayed_msg); 97 free(ctx); 98 99 return 1; 100 } 101 102 static int 103 bio_packet_monkey_delay_flush(BIO *bio) 104 { 105 struct bio_packet_monkey_ctx *ctx = bio->ptr; 106 107 if (ctx->delayed_msg == NULL) 108 return 1; 109 110 if (debug) 111 fprintf(stderr, "DEBUG: flushing delayed packet...\n"); 112 if (debug > 1) 113 hexdump(ctx->delayed_msg, ctx->delayed_msg_len); 114 115 BIO_write(bio->next_bio, ctx->delayed_msg, ctx->delayed_msg_len); 116 117 free(ctx->delayed_msg); 118 ctx->delayed_msg = NULL; 119 120 return BIO_ctrl(bio->next_bio, BIO_CTRL_FLUSH, 0, NULL); 121 } 122 123 static long 124 bio_packet_monkey_ctrl(BIO *bio, int cmd, long num, void *ptr) 125 { 126 struct bio_packet_monkey_ctx *ctx; 127 128 ctx = bio->ptr; 129 130 switch (cmd) { 131 case BIO_C_DELAY_COUNT: 132 if (num < 1 || num > 31) 133 return 0; 134 ctx->delay_count = num; 135 return 1; 136 137 case BIO_C_DELAY_FLUSH: 138 return bio_packet_monkey_delay_flush(bio); 139 140 case BIO_C_DELAY_PACKET: 141 if (num < 1 || num > 31) 142 return 0; 143 ctx->delay_mask |= 1 << ((unsigned int)num - 1); 144 return 1; 145 146 case BIO_C_DROP_PACKET: 147 if (num < 1 || num > 31) 148 return 0; 149 ctx->drop_mask |= 1 << ((unsigned int)num - 1); 150 return 1; 151 152 case BIO_C_DROP_RANDOM: 153 if (num < 0 || (size_t)num > UINT_MAX) 154 return 0; 155 ctx->drop_rand = (unsigned int)num; 156 return 1; 157 } 158 159 if (bio->next_bio == NULL) 160 return 0; 161 162 return BIO_ctrl(bio->next_bio, cmd, num, ptr); 163 } 164 165 static int 166 bio_packet_monkey_read(BIO *bio, char *out, int out_len) 167 { 168 struct bio_packet_monkey_ctx *ctx = bio->ptr; 169 int ret; 170 171 if (ctx == NULL || bio->next_bio == NULL) 172 return 0; 173 174 ret = BIO_read(bio->next_bio, out, out_len); 175 176 if (ret > 0) { 177 if (debug) 178 fprintf(stderr, "DEBUG: read packet...\n"); 179 if (debug > 1) 180 hexdump(out, ret); 181 } 182 183 BIO_clear_retry_flags(bio); 184 if (ret <= 0 && BIO_should_retry(bio->next_bio)) 185 BIO_set_retry_read(bio); 186 187 return ret; 188 } 189 190 static int 191 bio_packet_monkey_write(BIO *bio, const char *in, int in_len) 192 { 193 struct bio_packet_monkey_ctx *ctx = bio->ptr; 194 const char *label = "writing"; 195 int delay = 0, drop = 0; 196 int ret; 197 198 if (ctx == NULL || bio->next_bio == NULL) 199 return 0; 200 201 if (ctx->delayed_msg != NULL && ctx->delay_count > 0) 202 ctx->delay_count--; 203 204 if (ctx->delayed_msg != NULL && ctx->delay_count == 0) { 205 if (debug) 206 fprintf(stderr, "DEBUG: writing delayed packet...\n"); 207 if (debug > 1) 208 hexdump(ctx->delayed_msg, ctx->delayed_msg_len); 209 210 ret = BIO_write(bio->next_bio, ctx->delayed_msg, 211 ctx->delayed_msg_len); 212 213 BIO_clear_retry_flags(bio); 214 if (ret <= 0 && BIO_should_retry(bio->next_bio)) { 215 BIO_set_retry_write(bio); 216 return (ret); 217 } 218 219 free(ctx->delayed_msg); 220 ctx->delayed_msg = NULL; 221 } 222 223 if (ctx->delay_mask > 0) { 224 delay = ctx->delay_mask & 1; 225 ctx->delay_mask >>= 1; 226 } 227 if (ctx->drop_rand > 0) { 228 drop = arc4random_uniform(ctx->drop_rand) == 0; 229 } else if (ctx->drop_mask > 0) { 230 drop = ctx->drop_mask & 1; 231 ctx->drop_mask >>= 1; 232 } 233 234 if (delay) 235 label = "delaying"; 236 if (drop) 237 label = "dropping"; 238 if (debug) 239 fprintf(stderr, "DEBUG: %s packet...\n", label); 240 if (debug > 1) 241 hexdump(in, in_len); 242 243 if (drop) 244 return in_len; 245 246 if (delay) { 247 if (ctx->delayed_msg != NULL) 248 return 0; 249 if ((ctx->delayed_msg = calloc(1, in_len)) == NULL) 250 return 0; 251 memcpy(ctx->delayed_msg, in, in_len); 252 ctx->delayed_msg_len = in_len; 253 return in_len; 254 } 255 256 ret = BIO_write(bio->next_bio, in, in_len); 257 258 BIO_clear_retry_flags(bio); 259 if (ret <= 0 && BIO_should_retry(bio->next_bio)) 260 BIO_set_retry_write(bio); 261 262 return ret; 263 } 264 265 static int 266 bio_packet_monkey_puts(BIO *bio, const char *str) 267 { 268 return bio_packet_monkey_write(bio, str, strlen(str)); 269 } 270 271 static const BIO_METHOD bio_packet_monkey = { 272 .type = BIO_TYPE_BUFFER, 273 .name = "packet monkey", 274 .bread = bio_packet_monkey_read, 275 .bwrite = bio_packet_monkey_write, 276 .bputs = bio_packet_monkey_puts, 277 .ctrl = bio_packet_monkey_ctrl, 278 .create = bio_packet_monkey_new, 279 .destroy = bio_packet_monkey_free 280 }; 281 282 static const BIO_METHOD * 283 BIO_f_packet_monkey(void) 284 { 285 return &bio_packet_monkey; 286 } 287 288 static BIO * 289 BIO_new_packet_monkey(void) 290 { 291 return BIO_new(BIO_f_packet_monkey()); 292 } 293 294 static int 295 BIO_packet_monkey_delay(BIO *bio, int num, int count) 296 { 297 if (!BIO_ctrl(bio, BIO_C_DELAY_COUNT, count, NULL)) 298 return 0; 299 300 return BIO_ctrl(bio, BIO_C_DELAY_PACKET, num, NULL); 301 } 302 303 static int 304 BIO_packet_monkey_delay_flush(BIO *bio) 305 { 306 return BIO_ctrl(bio, BIO_C_DELAY_FLUSH, 0, NULL); 307 } 308 309 static int 310 BIO_packet_monkey_drop(BIO *bio, int num) 311 { 312 return BIO_ctrl(bio, BIO_C_DROP_PACKET, num, NULL); 313 } 314 315 #if 0 316 static int 317 BIO_packet_monkey_drop_random(BIO *bio, int num) 318 { 319 return BIO_ctrl(bio, BIO_C_DROP_RANDOM, num, NULL); 320 } 321 #endif 322 323 static int 324 datagram_pair(int *client_sock, int *server_sock, 325 struct sockaddr_in *server_sin) 326 { 327 struct sockaddr_in sin; 328 socklen_t sock_len; 329 int cs = -1, ss = -1; 330 331 memset(&sin, 0, sizeof(sin)); 332 sin.sin_family = AF_INET; 333 sin.sin_port = 0; 334 sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 335 336 if ((ss = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) 337 err(1, "server socket"); 338 if (bind(ss, (struct sockaddr *)&sin, sizeof(sin)) == -1) 339 err(1, "server bind"); 340 sock_len = sizeof(sin); 341 if (getsockname(ss, (struct sockaddr *)&sin, &sock_len) == -1) 342 err(1, "server getsockname"); 343 344 if ((cs = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) 345 err(1, "client socket"); 346 if (connect(cs, (struct sockaddr *)&sin, sizeof(sin)) == -1) 347 err(1, "client connect"); 348 349 *client_sock = cs; 350 *server_sock = ss; 351 memcpy(server_sin, &sin, sizeof(sin)); 352 353 return 1; 354 } 355 356 static int 357 poll_timeout(SSL *client, SSL *server) 358 { 359 int client_timeout = 0, server_timeout = 0; 360 struct timeval timeout; 361 362 if (DTLSv1_get_timeout(client, &timeout)) 363 client_timeout = timeout.tv_sec * 1000 + timeout.tv_usec / 1000; 364 365 if (DTLSv1_get_timeout(server, &timeout)) 366 server_timeout = timeout.tv_sec * 1000 + timeout.tv_usec / 1000; 367 368 if (client_timeout < 10) 369 client_timeout = 10; 370 if (server_timeout < 10) 371 server_timeout = 10; 372 373 /* XXX */ 374 if (client_timeout <= 0) 375 return server_timeout; 376 if (client_timeout > 0 && server_timeout <= 0) 377 return client_timeout; 378 if (client_timeout < server_timeout) 379 return client_timeout; 380 381 return server_timeout; 382 } 383 384 static int 385 dtls_cookie_generate(SSL *ssl, unsigned char *cookie, 386 unsigned int *cookie_len) 387 { 388 arc4random_buf(dtls_cookie, sizeof(dtls_cookie)); 389 memcpy(cookie, dtls_cookie, sizeof(dtls_cookie)); 390 *cookie_len = sizeof(dtls_cookie); 391 392 return 1; 393 } 394 395 static int 396 dtls_cookie_verify(SSL *ssl, const unsigned char *cookie, 397 unsigned int cookie_len) 398 { 399 return cookie_len == sizeof(dtls_cookie) && 400 memcmp(cookie, dtls_cookie, sizeof(dtls_cookie)) == 0; 401 } 402 403 static void 404 dtls_info_callback(const SSL *ssl, int type, int val) 405 { 406 /* 407 * Squeals ahead... remove the bbio from the info callback, so we can 408 * drop specific messages. Ideally this would be an option for the SSL. 409 */ 410 if (ssl->wbio == ssl->bbio) 411 ((SSL *)ssl)->wbio = BIO_pop(ssl->wbio); 412 } 413 414 static SSL * 415 dtls_client(int sock, struct sockaddr_in *server_sin, long mtu) 416 { 417 SSL_CTX *ssl_ctx = NULL; 418 SSL *ssl = NULL; 419 BIO *bio = NULL; 420 421 if ((bio = BIO_new_dgram(sock, BIO_NOCLOSE)) == NULL) 422 errx(1, "client bio"); 423 if (!BIO_socket_nbio(sock, 1)) 424 errx(1, "client nbio"); 425 if (!BIO_ctrl_set_connected(bio, 1, server_sin)) 426 errx(1, "client set connected"); 427 428 if ((ssl_ctx = SSL_CTX_new(DTLS_method())) == NULL) 429 errx(1, "client context"); 430 431 if ((ssl = SSL_new(ssl_ctx)) == NULL) 432 errx(1, "client ssl"); 433 434 SSL_set_bio(ssl, bio, bio); 435 bio = NULL; 436 437 if (mtu > 0) { 438 SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU); 439 SSL_set_mtu(ssl, mtu); 440 } 441 442 SSL_CTX_free(ssl_ctx); 443 BIO_free(bio); 444 445 return ssl; 446 } 447 448 static SSL * 449 dtls_server(int sock, long options, long mtu) 450 { 451 SSL_CTX *ssl_ctx = NULL; 452 SSL *ssl = NULL; 453 BIO *bio = NULL; 454 455 if ((bio = BIO_new_dgram(sock, BIO_NOCLOSE)) == NULL) 456 errx(1, "server bio"); 457 if (!BIO_socket_nbio(sock, 1)) 458 errx(1, "server nbio"); 459 460 if ((ssl_ctx = SSL_CTX_new(DTLS_method())) == NULL) 461 errx(1, "server context"); 462 463 SSL_CTX_set_cookie_generate_cb(ssl_ctx, dtls_cookie_generate); 464 SSL_CTX_set_cookie_verify_cb(ssl_ctx, dtls_cookie_verify); 465 SSL_CTX_set_dh_auto(ssl_ctx, 2); 466 SSL_CTX_set_options(ssl_ctx, options); 467 468 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, server_cert_file) != 1) { 469 fprintf(stderr, "FAIL: Failed to load server certificate"); 470 goto failure; 471 } 472 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file, 473 SSL_FILETYPE_PEM) != 1) { 474 fprintf(stderr, "FAIL: Failed to load server private key"); 475 goto failure; 476 } 477 478 if ((ssl = SSL_new(ssl_ctx)) == NULL) 479 errx(1, "server ssl"); 480 481 if (SSL_use_certificate_chain_file(ssl, server_cert_file) != 1) { 482 fprintf(stderr, "FAIL: Failed to load server certificate"); 483 goto failure; 484 } 485 SSL_set_bio(ssl, bio, bio); 486 bio = NULL; 487 488 if (mtu > 0) { 489 SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU); 490 SSL_set_mtu(ssl, mtu); 491 } 492 493 failure: 494 SSL_CTX_free(ssl_ctx); 495 BIO_free(bio); 496 497 return ssl; 498 } 499 500 static int 501 ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret, 502 short *events) 503 { 504 int ssl_err; 505 506 ssl_err = SSL_get_error(ssl, ssl_ret); 507 508 if (ssl_err == SSL_ERROR_WANT_READ) { 509 *events = POLLIN; 510 } else if (ssl_err == SSL_ERROR_WANT_WRITE) { 511 *events = POLLOUT; 512 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) { 513 /* Yup, this is apparently a thing... */ 514 } else { 515 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n", 516 name, desc, ssl_err, errno); 517 ERR_print_errors_fp(stderr); 518 return 0; 519 } 520 521 return 1; 522 } 523 524 static int 525 do_connect(SSL *ssl, const char *name, int *done, short *events) 526 { 527 int ssl_ret; 528 529 if ((ssl_ret = SSL_connect(ssl)) != 1) 530 return ssl_error(ssl, name, "connect", ssl_ret, events); 531 532 fprintf(stderr, "INFO: %s connect done\n", name); 533 *done = 1; 534 535 return 1; 536 } 537 538 static int 539 do_connect_read(SSL *ssl, const char *name, int *done, short *events) 540 { 541 uint8_t buf[2048]; 542 int ssl_ret; 543 int i; 544 545 if ((ssl_ret = SSL_connect(ssl)) != 1) 546 return ssl_error(ssl, name, "connect", ssl_ret, events); 547 548 fprintf(stderr, "INFO: %s connect done\n", name); 549 *done = 1; 550 551 for (i = 0; i < 3; i++) { 552 fprintf(stderr, "INFO: %s reading after connect\n", name); 553 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) != 3) { 554 fprintf(stderr, "ERROR: %s read failed\n", name); 555 return 0; 556 } 557 } 558 559 return 1; 560 } 561 562 static int 563 do_connect_shutdown(SSL *ssl, const char *name, int *done, short *events) 564 { 565 uint8_t buf[2048]; 566 int ssl_ret; 567 568 if ((ssl_ret = SSL_connect(ssl)) != 1) 569 return ssl_error(ssl, name, "connect", ssl_ret, events); 570 571 fprintf(stderr, "INFO: %s connect done\n", name); 572 *done = 1; 573 574 ssl_ret = SSL_read(ssl, buf, sizeof(buf)); 575 if (SSL_get_error(ssl, ssl_ret) != SSL_ERROR_ZERO_RETURN) { 576 fprintf(stderr, "FAIL: %s did not receive close-notify\n", name); 577 return 0; 578 } 579 580 fprintf(stderr, "INFO: %s received close-notify\n", name); 581 582 return 1; 583 } 584 585 static int 586 do_accept(SSL *ssl, const char *name, int *done, short *events) 587 { 588 int ssl_ret; 589 590 if ((ssl_ret = SSL_accept(ssl)) != 1) 591 return ssl_error(ssl, name, "accept", ssl_ret, events); 592 593 fprintf(stderr, "INFO: %s accept done\n", name); 594 *done = 1; 595 596 return 1; 597 } 598 599 static int 600 do_accept_write(SSL *ssl, const char *name, int *done, short *events) 601 { 602 int ssl_ret; 603 BIO *bio; 604 int i; 605 606 if ((ssl_ret = SSL_accept(ssl)) != 1) 607 return ssl_error(ssl, name, "accept", ssl_ret, events); 608 609 fprintf(stderr, "INFO: %s accept done\n", name); 610 611 for (i = 0; i < 3; i++) { 612 fprintf(stderr, "INFO: %s writing after accept\n", name); 613 if ((ssl_ret = SSL_write(ssl, "abc", 3)) != 3) { 614 fprintf(stderr, "ERROR: %s write failed\n", name); 615 return 0; 616 } 617 } 618 619 if ((bio = SSL_get_wbio(ssl)) == NULL) 620 errx(1, "SSL has NULL bio"); 621 622 /* Flush any delayed packets. */ 623 BIO_packet_monkey_delay_flush(bio); 624 625 *done = 1; 626 return 1; 627 } 628 629 static int 630 do_accept_shutdown(SSL *ssl, const char *name, int *done, short *events) 631 { 632 int ssl_ret; 633 BIO *bio; 634 635 if ((ssl_ret = SSL_accept(ssl)) != 1) 636 return ssl_error(ssl, name, "accept", ssl_ret, events); 637 638 fprintf(stderr, "INFO: %s accept done\n", name); 639 640 SSL_shutdown(ssl); 641 642 if ((bio = SSL_get_wbio(ssl)) == NULL) 643 errx(1, "SSL has NULL bio"); 644 645 /* Flush any delayed packets. */ 646 BIO_packet_monkey_delay_flush(bio); 647 648 *done = 1; 649 return 1; 650 } 651 652 static int 653 do_read(SSL *ssl, const char *name, int *done, short *events) 654 { 655 uint8_t buf[512]; 656 int ssl_ret; 657 658 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) > 0) { 659 fprintf(stderr, "INFO: %s read done\n", name); 660 if (debug > 1) 661 hexdump(buf, ssl_ret); 662 *done = 1; 663 return 1; 664 } 665 666 return ssl_error(ssl, name, "read", ssl_ret, events); 667 } 668 669 static int 670 do_write(SSL *ssl, const char *name, int *done, short *events) 671 { 672 const uint8_t buf[] = "Hello, World!\n"; 673 int ssl_ret; 674 675 if ((ssl_ret = SSL_write(ssl, buf, sizeof(buf))) > 0) { 676 fprintf(stderr, "INFO: %s write done\n", name); 677 *done = 1; 678 return 1; 679 } 680 681 return ssl_error(ssl, name, "write", ssl_ret, events); 682 } 683 684 static int 685 do_shutdown(SSL *ssl, const char *name, int *done, short *events) 686 { 687 int ssl_ret; 688 689 ssl_ret = SSL_shutdown(ssl); 690 if (ssl_ret == 1) { 691 fprintf(stderr, "INFO: %s shutdown done\n", name); 692 *done = 1; 693 return 1; 694 } 695 return ssl_error(ssl, name, "shutdown", ssl_ret, events); 696 } 697 698 typedef int (ssl_func)(SSL *ssl, const char *name, int *done, short *events); 699 700 static int 701 do_client_server_loop(SSL *client, ssl_func *client_func, SSL *server, 702 ssl_func *server_func, struct pollfd pfd[2]) 703 { 704 int client_done = 0, server_done = 0; 705 int i = 0; 706 707 pfd[0].revents = POLLIN; 708 pfd[1].revents = POLLIN; 709 710 do { 711 if (!client_done) { 712 if (debug) 713 fprintf(stderr, "DEBUG: client loop\n"); 714 if (DTLSv1_handle_timeout(client) > 0) 715 fprintf(stderr, "INFO: client timeout\n"); 716 if (!client_func(client, "client", &client_done, 717 &pfd[0].events)) 718 return 0; 719 if (client_done) 720 pfd[0].events = 0; 721 } 722 if (!server_done) { 723 if (debug) 724 fprintf(stderr, "DEBUG: server loop\n"); 725 if (DTLSv1_handle_timeout(server) > 0) 726 fprintf(stderr, "INFO: server timeout\n"); 727 if (!server_func(server, "server", &server_done, 728 &pfd[1].events)) 729 return 0; 730 if (server_done) 731 pfd[1].events = 0; 732 } 733 if (poll(pfd, 2, poll_timeout(client, server)) == -1) 734 err(1, "poll"); 735 736 } while (i++ < 100 && (!client_done || !server_done)); 737 738 if (!client_done || !server_done) 739 fprintf(stderr, "FAIL: gave up\n"); 740 741 return client_done && server_done; 742 } 743 744 #define MAX_PACKET_DELAYS 32 745 #define MAX_PACKET_DROPS 32 746 747 struct dtls_delay { 748 uint8_t packet; 749 uint8_t count; 750 }; 751 752 struct dtls_test { 753 const unsigned char *desc; 754 long mtu; 755 long ssl_options; 756 int client_bbio_off; 757 int server_bbio_off; 758 uint16_t initial_epoch; 759 int write_after_accept; 760 int shutdown_after_accept; 761 struct dtls_delay client_delays[MAX_PACKET_DELAYS]; 762 struct dtls_delay server_delays[MAX_PACKET_DELAYS]; 763 uint8_t client_drops[MAX_PACKET_DROPS]; 764 uint8_t server_drops[MAX_PACKET_DROPS]; 765 }; 766 767 static const struct dtls_test dtls_tests[] = { 768 { 769 .desc = "DTLS without cookies", 770 .ssl_options = 0, 771 }, 772 { 773 .desc = "DTLS without cookies (initial epoch 0xfffe)", 774 .ssl_options = 0, 775 .initial_epoch = 0xfffe, 776 }, 777 { 778 .desc = "DTLS without cookies (initial epoch 0xffff)", 779 .ssl_options = 0, 780 .initial_epoch = 0xffff, 781 }, 782 { 783 .desc = "DTLS with cookies", 784 .ssl_options = SSL_OP_COOKIE_EXCHANGE, 785 }, 786 { 787 .desc = "DTLS with low MTU", 788 .mtu = 256, 789 .ssl_options = 0, 790 }, 791 { 792 .desc = "DTLS with low MTU and cookies", 793 .mtu = 256, 794 .ssl_options = SSL_OP_COOKIE_EXCHANGE, 795 }, 796 { 797 .desc = "DTLS with dropped server response", 798 .ssl_options = 0, 799 .server_drops = { 1 }, 800 }, 801 { 802 .desc = "DTLS with two dropped server responses", 803 .ssl_options = 0, 804 .server_drops = { 1, 2 }, 805 }, 806 { 807 .desc = "DTLS with dropped ServerHello", 808 .ssl_options = SSL_OP_NO_TICKET, 809 .server_bbio_off = 1, 810 .server_drops = { 1 }, 811 }, 812 { 813 .desc = "DTLS with dropped server Certificate", 814 .ssl_options = SSL_OP_NO_TICKET, 815 .server_bbio_off = 1, 816 .server_drops = { 2 }, 817 }, 818 { 819 .desc = "DTLS with dropped ServerKeyExchange", 820 .ssl_options = SSL_OP_NO_TICKET, 821 .server_bbio_off = 1, 822 .server_drops = { 3 }, 823 }, 824 { 825 .desc = "DTLS with dropped ServerHelloDone", 826 .ssl_options = SSL_OP_NO_TICKET, 827 .server_bbio_off = 1, 828 .server_drops = { 4 }, 829 }, 830 #if 0 831 /* 832 * These two result in the server accept completing and the 833 * client looping on a timeout. Presumably the server should not 834 * complete until the client Finished is received... this due to 835 * a flaw in the DTLSv1.0 specification, which is addressed in 836 * DTLSv1.2 (see references to "last flight" in RFC 6347 section 837 * 4.2.4). Our DTLS server code still needs to support this. 838 */ 839 { 840 .desc = "DTLS with dropped server CCS", 841 .ssl_options = 0, 842 .server_bbio_off = 1, 843 .server_drops = { 5 }, 844 }, 845 { 846 .desc = "DTLS with dropped server Finished", 847 .ssl_options = 0, 848 .server_bbio_off = 1, 849 .server_drops = { 6 }, 850 }, 851 #endif 852 { 853 .desc = "DTLS with dropped ClientKeyExchange", 854 .ssl_options = 0, 855 .client_bbio_off = 1, 856 .client_drops = { 2 }, 857 }, 858 { 859 .desc = "DTLS with dropped client CCS", 860 .ssl_options = 0, 861 .client_bbio_off = 1, 862 .client_drops = { 3 }, 863 }, 864 { 865 .desc = "DTLS with dropped client Finished", 866 .ssl_options = 0, 867 .client_bbio_off = 1, 868 .client_drops = { 4 }, 869 }, 870 { 871 /* Send CCS after client Finished. */ 872 .desc = "DTLS with delayed client CCS", 873 .ssl_options = 0, 874 .client_bbio_off = 1, 875 .client_delays = { { 3, 2 } }, 876 }, 877 { 878 /* 879 * Send CCS after server Finished - note app data will be 880 * dropped if we send the CCS after app data. 881 */ 882 .desc = "DTLS with delayed server CCS", 883 .ssl_options = SSL_OP_NO_TICKET, 884 .server_bbio_off = 1, 885 .server_delays = { { 5, 2 } }, 886 .write_after_accept = 1, 887 }, 888 { 889 .desc = "DTLS with delayed server CCS (initial epoch 0xfffe)", 890 .ssl_options = SSL_OP_NO_TICKET, 891 .server_bbio_off = 1, 892 .initial_epoch = 0xfffe, 893 .server_delays = { { 5, 2 } }, 894 .write_after_accept = 1, 895 }, 896 { 897 .desc = "DTLS with delayed server CCS (initial epoch 0xffff)", 898 .ssl_options = SSL_OP_NO_TICKET, 899 .server_bbio_off = 1, 900 .initial_epoch = 0xffff, 901 .server_delays = { { 5, 2 } }, 902 .write_after_accept = 1, 903 }, 904 { 905 /* Send Finished after app data - this is currently buffered. */ 906 .desc = "DTLS with delayed server Finished", 907 .ssl_options = SSL_OP_NO_TICKET, 908 .server_bbio_off = 1, 909 .server_delays = { { 6, 3 } }, 910 .write_after_accept = 1, 911 }, 912 { 913 /* Send CCS after server finished and close-notify. */ 914 .desc = "DTLS with delayed server CCS (close-notify)", 915 .ssl_options = SSL_OP_NO_TICKET, 916 .server_bbio_off = 1, 917 .server_delays = { { 5, 3 } }, 918 .shutdown_after_accept = 1, 919 }, 920 }; 921 922 #define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests)) 923 924 static void 925 dtlstest_packet_monkey(SSL *ssl, const struct dtls_delay delays[], 926 const uint8_t drops[]) 927 { 928 BIO *bio_monkey; 929 BIO *bio; 930 int i; 931 932 if ((bio_monkey = BIO_new_packet_monkey()) == NULL) 933 errx(1, "packet monkey"); 934 935 for (i = 0; i < MAX_PACKET_DELAYS; i++) { 936 if (delays[i].packet == 0) 937 break; 938 if (!BIO_packet_monkey_delay(bio_monkey, delays[i].packet, 939 delays[i].count)) 940 errx(1, "delay failure"); 941 } 942 943 for (i = 0; i < MAX_PACKET_DROPS; i++) { 944 if (drops[i] == 0) 945 break; 946 if (!BIO_packet_monkey_drop(bio_monkey, drops[i])) 947 errx(1, "drop failure"); 948 } 949 950 if ((bio = SSL_get_wbio(ssl)) == NULL) 951 errx(1, "SSL has NULL bio"); 952 953 BIO_up_ref(bio); 954 bio = BIO_push(bio_monkey, bio); 955 956 SSL_set_bio(ssl, bio, bio); 957 } 958 959 static int 960 dtlstest(const struct dtls_test *dt) 961 { 962 SSL *client = NULL, *server = NULL; 963 ssl_func *connect_func, *accept_func; 964 struct sockaddr_in server_sin; 965 struct pollfd pfd[2]; 966 int client_sock = -1; 967 int server_sock = -1; 968 int failed = 1; 969 970 fprintf(stderr, "\n== Testing %s... ==\n", dt->desc); 971 972 if (!datagram_pair(&client_sock, &server_sock, &server_sin)) 973 goto failure; 974 975 if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL) 976 goto failure; 977 978 if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL) 979 goto failure; 980 981 tls12_record_layer_set_initial_epoch(client->rl, dt->initial_epoch); 982 tls12_record_layer_set_initial_epoch(server->rl, dt->initial_epoch); 983 984 if (dt->client_bbio_off) 985 SSL_set_info_callback(client, dtls_info_callback); 986 if (dt->server_bbio_off) 987 SSL_set_info_callback(server, dtls_info_callback); 988 989 dtlstest_packet_monkey(client, dt->client_delays, dt->client_drops); 990 dtlstest_packet_monkey(server, dt->server_delays, dt->server_drops); 991 992 pfd[0].fd = client_sock; 993 pfd[0].events = POLLOUT; 994 pfd[1].fd = server_sock; 995 pfd[1].events = POLLIN; 996 997 accept_func = do_accept; 998 connect_func = do_connect; 999 1000 if (dt->write_after_accept) { 1001 accept_func = do_accept_write; 1002 connect_func = do_connect_read; 1003 } else if (dt->shutdown_after_accept) { 1004 accept_func = do_accept_shutdown; 1005 connect_func = do_connect_shutdown; 1006 } 1007 1008 if (!do_client_server_loop(client, connect_func, server, accept_func, pfd)) { 1009 fprintf(stderr, "FAIL: client and server handshake failed\n"); 1010 goto failure; 1011 } 1012 1013 if (dt->write_after_accept || dt->shutdown_after_accept) 1014 goto done; 1015 1016 pfd[0].events = POLLIN; 1017 pfd[1].events = POLLOUT; 1018 1019 if (!do_client_server_loop(client, do_read, server, do_write, pfd)) { 1020 fprintf(stderr, "FAIL: client read and server write I/O failed\n"); 1021 goto failure; 1022 } 1023 1024 pfd[0].events = POLLOUT; 1025 pfd[1].events = POLLIN; 1026 1027 if (!do_client_server_loop(client, do_write, server, do_read, pfd)) { 1028 fprintf(stderr, "FAIL: client write and server read I/O failed\n"); 1029 goto failure; 1030 } 1031 1032 pfd[0].events = POLLOUT; 1033 pfd[1].events = POLLOUT; 1034 1035 if (!do_client_server_loop(client, do_shutdown, server, do_shutdown, pfd)) { 1036 fprintf(stderr, "FAIL: client and server shutdown failed\n"); 1037 goto failure; 1038 } 1039 1040 done: 1041 fprintf(stderr, "INFO: Done!\n"); 1042 1043 failed = 0; 1044 1045 failure: 1046 if (client_sock != -1) 1047 close(client_sock); 1048 if (server_sock != -1) 1049 close(server_sock); 1050 1051 SSL_free(client); 1052 SSL_free(server); 1053 1054 return failed; 1055 } 1056 1057 int 1058 main(int argc, char **argv) 1059 { 1060 int failed = 0; 1061 size_t i; 1062 1063 if (argc != 4) { 1064 fprintf(stderr, "usage: %s keyfile certfile cafile\n", 1065 argv[0]); 1066 exit(1); 1067 } 1068 1069 server_key_file = argv[1]; 1070 server_cert_file = argv[2]; 1071 server_ca_file = argv[3]; 1072 1073 for (i = 0; i < N_DTLS_TESTS; i++) 1074 failed |= dtlstest(&dtls_tests[i]); 1075 1076 return failed; 1077 } 1078