5 processes them accordingly. It will need to behave appropriately in the event of
11 can be used to simulate misbehaving peers and confirm that OpenSSL QUIC
16 will have to be capable of creating fully normal QUIC protocol elements, but
17 also offer the flexibility for a test to modify those normal protocol elements
19 in libssl does not offer the capability to send faults since it is designed to
22 The QUIC Fault Injector will be external to libssl (it will be in the test
24 libssl and will make use of 3 integration points to inject faults. 2 of these
25 integration points will use new callbacks added to libssl. The final integration
26 point does not require any changes to libssl to work.
33 Fault Injector based tests may need to inject faults directly into the TLS
35 need to be done in handshake messages that would normally be encrypted.
41 An example test might be to confirm that an OpenSSL QUIC client behaves
47 To support this integration point two new callbacks will be introduced to libssl
48 that enables modification of handshake data prior to it being encrypted and
71 called after each handshake message has been constructed and is ready to send, but
73 a pointer to the constructed handshake message in `msgin` along with its
76 in a newly allocated buffer. A pointer to the new buffer will be passed back
78 can choose to not mutate by simply creating a new buffer with a copy of the data
91 algorithm prior to it being sent. Fault Injector based tests may need to inject
92 faults into these packets prior to them being encrypted.
94 An example test might insert an unrecognised frame type into a QUIC packet to
99 which will provide the ability to mutate packets before they are encrypted and
119 been applied to it. The header for the packet will be pointed to by `hdrin` and
120 the payload will be in an iovec array pointed to by `iovecin` and containing
121 `numin` iovecs. The `mutatecb` callback is expected to allocate a new header
122 structure and return it in `*hdrout` and a new set of iovecs to be stored in
125 can choose to not mutate by simply creating new iovecs/headers with a copy of the
130 `finishmutatecb` callback is called. This is expected to free any resources and
136 packet in a single datagram. Fault Injector based tests may need to inject
139 An example test might modify an encrypted packet to confirm that the AEAD
142 In order to provide this functionality the QUIC Fault Injector will insert
150 datagrams sent from the client on to the server, and vice versa. Where a test
151 requires a modification to be made, that will occur prior to the datagram being
160 The Fault Injector will utilise the callbacks described above in order to supply
161 a more test friendly API to test authors.
164 test will be able to "listen" for a specific event occurring and be informed about
173 be provided with the parsed contents of that message in an easy to use
174 structure. Additional helper functions will be provided to make changes to the
175 message (such as to resize it).
177 Initially listeners will only be able to listen for events on the server side.
179 faults need to be injected into protocol elements sent from the server. Post
180 MVP this will be extended in order to be able to test the server. It may be that
181 we need to do this during MVP in order to be able to observe protocol elements
182 sent from the client without modifying them (i.e. in order to confirm that the
187 listeners and helper functions are added to support specific test scenarios. The
189 to provide the basis for future work.
192 provided. A number of `TODO(QUIC TESTING)` comments are inserted to explain how
196 /* Type to represent the Fault Injector */
201  * make changes to the contents of structure objects as required and the fault
202  * injector will reconstruct the message to be sent on
226  * Run the TLS handshake to create a QUIC connection between the client and
244  * Confirm the server has received a protocol error. Equivalent to calling
250  * Enable tests to listen for pre-encryption QUIC packets being sent
264  * Helper function to be called from a packet_plain_listener callback if it
265  * wants to resize the packet (either to add new data to it, or to truncate it).
266  * The buf provided to packet_plain_listener is over allocated, so this just
294  * Helper function to be called from a handshake_listener callback if it wants
295  * to resize the handshake message (either to add new data to it, or to truncate
306  * we might expect to see an "ACK" frame listener which will be passed
328  * Helper function to be called from message specific listener callbacks. newlen
330  * header.  The buffers provided to the message specific listeners are over
338  * Helper function to delete an extension from an extension block. |exttype| is
339  * the type of the extension to be deleted. |ext| points to the extension block.
354  * Enable tests to listen for post-encryption QUIC packets being sent
370  * Enable tests to listen for datagrams being sent
394 This section provides some example tests to illustrate how the Fault Injector
395 might be used to create tests.
399 An example test showing a server sending a frame of an unknown type to the
412      * to use for testing purposes - but we just use the highest possible
419     /* We only ever add the unknown frame to one packet */
450      * Write a message from the server to the client and add an unknown frame
499  * Test that a server that fails to provide transport params cannot be
500  * connected to.
535      * We expect the connection to fail because the server failed to provide

Last Index update Fri Nov 22 14:03:13 UTC 2024

Dedicated to & Maintained by Room-11