xref: /openssl/test/quic_tserver_test.c (revision d7329913)
1 /*
2  * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 #include <openssl/ssl.h>
10 #include <openssl/quic.h>
11 #include <openssl/bio.h>
12 #include "internal/common.h"
13 #include "internal/sockets.h"
14 #include "internal/quic_tserver.h"
15 #include "internal/quic_thread_assist.h"
16 #include "internal/quic_ssl.h"
17 #include "internal/time.h"
18 #include "testutil.h"
19 
20 static const char msg1[] = "The quick brown fox jumped over the lazy dogs.";
21 static char msg2[1024], msg3[1024];
22 static OSSL_TIME fake_time;
23 static CRYPTO_RWLOCK *fake_time_lock;
24 
25 static const char *certfile, *keyfile;
26 
is_want(SSL * s,int ret)27 static int is_want(SSL *s, int ret)
28 {
29     int ec = SSL_get_error(s, ret);
30 
31     return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE;
32 }
33 
34 static unsigned char scratch_buf[2048];
35 
fake_now(void * arg)36 static OSSL_TIME fake_now(void *arg)
37 {
38     OSSL_TIME t;
39 
40     if (!CRYPTO_THREAD_read_lock(fake_time_lock))
41         return ossl_time_zero();
42 
43     t = fake_time;
44 
45     CRYPTO_THREAD_unlock(fake_time_lock);
46     return t;
47 }
48 
real_now(void * arg)49 static OSSL_TIME real_now(void *arg)
50 {
51     return ossl_time_now();
52 }
53 
do_test(int use_thread_assist,int use_fake_time,int use_inject)54 static int do_test(int use_thread_assist, int use_fake_time, int use_inject)
55 {
56     int testresult = 0, ret;
57     int s_fd = -1, c_fd = -1;
58     BIO *s_net_bio = NULL, *s_net_bio_own = NULL;
59     BIO *c_net_bio = NULL, *c_net_bio_own = NULL;
60     BIO *c_pair_own = NULL, *s_pair_own = NULL;
61     QUIC_TSERVER_ARGS tserver_args = {0};
62     QUIC_TSERVER *tserver = NULL;
63     BIO_ADDR *s_addr_ = NULL;
64     struct in_addr ina = {0};
65     union BIO_sock_info_u s_info = {0};
66     SSL_CTX *c_ctx = NULL;
67     SSL *c_ssl = NULL;
68     int c_connected = 0, c_write_done = 0, c_begin_read = 0, s_read_done = 0;
69     int c_wait_eos = 0, c_done_eos = 0;
70     int c_start_idle_test = 0, c_done_idle_test = 0;
71     size_t l = 0, s_total_read = 0, s_total_written = 0, c_total_read = 0;
72     size_t idle_units_done = 0;
73     int s_begin_write = 0;
74     OSSL_TIME start_time;
75     unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
76     size_t limit_ms = 10000;
77 
78 #if defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
79     if (use_thread_assist) {
80         TEST_skip("thread assisted mode not enabled");
81         return 1;
82     }
83 #endif
84 
85     ina.s_addr = htonl(0x7f000001UL);
86 
87     /* Setup test server. */
88     s_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
89     if (!TEST_int_ge(s_fd, 0))
90         goto err;
91 
92     if (!TEST_true(BIO_socket_nbio(s_fd, 1)))
93         goto err;
94 
95     if (!TEST_ptr(s_addr_ = BIO_ADDR_new()))
96         goto err;
97 
98     if (!TEST_true(BIO_ADDR_rawmake(s_addr_, AF_INET, &ina, sizeof(ina), 0)))
99         goto err;
100 
101     if (!TEST_true(BIO_bind(s_fd, s_addr_, 0)))
102         goto err;
103 
104     s_info.addr = s_addr_;
105     if (!TEST_true(BIO_sock_info(s_fd, BIO_SOCK_INFO_ADDRESS, &s_info)))
106         goto err;
107 
108     if (!TEST_int_gt(BIO_ADDR_rawport(s_addr_), 0))
109         goto err;
110 
111     if (!TEST_ptr(s_net_bio = s_net_bio_own = BIO_new_dgram(s_fd, 0)))
112         goto err;
113 
114     if (!BIO_up_ref(s_net_bio))
115         goto err;
116 
117     fake_time = ossl_ms2time(1000);
118 
119     tserver_args.net_rbio = s_net_bio;
120     tserver_args.net_wbio = s_net_bio;
121     tserver_args.alpn = NULL;
122     tserver_args.ctx = NULL;
123     if (use_fake_time)
124         tserver_args.now_cb = fake_now;
125 
126     if (!TEST_ptr(tserver = ossl_quic_tserver_new(&tserver_args, certfile,
127                                                   keyfile))) {
128         BIO_free(s_net_bio);
129         goto err;
130     }
131 
132     s_net_bio_own = NULL;
133 
134     if (use_inject) {
135         /*
136          * In inject mode we create a dgram pair to feed to the QUIC client on
137          * the read side. We don't feed anything to this, it is just a
138          * placeholder to give the client something which never returns any
139          * datagrams.
140          */
141         if (!TEST_true(BIO_new_bio_dgram_pair(&c_pair_own, 5000,
142                                               &s_pair_own, 5000)))
143             goto err;
144     }
145 
146     /* Setup test client. */
147     c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
148     if (!TEST_int_ge(c_fd, 0))
149         goto err;
150 
151     if (!TEST_true(BIO_socket_nbio(c_fd, 1)))
152         goto err;
153 
154     if (!TEST_ptr(c_net_bio = c_net_bio_own = BIO_new_dgram(c_fd, 0)))
155         goto err;
156 
157     if (!BIO_dgram_set_peer(c_net_bio, s_addr_))
158         goto err;
159 
160     if (!TEST_ptr(c_ctx = SSL_CTX_new(use_thread_assist
161                                       ? OSSL_QUIC_client_thread_method()
162                                       : OSSL_QUIC_client_method())))
163         goto err;
164 
165     if (!TEST_ptr(c_ssl = SSL_new(c_ctx)))
166         goto err;
167 
168     if (use_fake_time)
169         if (!TEST_true(ossl_quic_conn_set_override_now_cb(c_ssl, fake_now, NULL)))
170             goto err;
171 
172     /* 0 is a success for SSL_set_alpn_protos() */
173     if (!TEST_false(SSL_set_alpn_protos(c_ssl, alpn, sizeof(alpn))))
174         goto err;
175 
176     /* Takes ownership of our reference to the BIO. */
177     if (use_inject) {
178         SSL_set0_rbio(c_ssl, c_pair_own);
179         c_pair_own = NULL;
180     } else {
181         SSL_set0_rbio(c_ssl, c_net_bio);
182 
183         /* Get another reference to be transferred in the SSL_set0_wbio call. */
184         if (!TEST_true(BIO_up_ref(c_net_bio))) {
185             c_net_bio_own = NULL; /* SSL_free will free the first reference. */
186             goto err;
187         }
188     }
189 
190     SSL_set0_wbio(c_ssl, c_net_bio);
191     c_net_bio_own = NULL;
192 
193     if (!TEST_true(SSL_set_blocking_mode(c_ssl, 0)))
194         goto err;
195 
196     /*
197      * We use real time for the timeout not fake time. Otherwise with fake time
198      * we could hit a hang if we never increment the fake time
199      */
200     start_time = real_now(NULL);
201 
202     for (;;) {
203         if (ossl_time_compare(ossl_time_subtract(real_now(NULL), start_time),
204                               ossl_ms2time(limit_ms)) >= 0) {
205             TEST_error("timeout while attempting QUIC server test");
206             goto err;
207         }
208 
209         if (!c_start_idle_test) {
210             ret = SSL_connect(c_ssl);
211             if (!TEST_true(ret == 1 || is_want(c_ssl, ret)))
212                 goto err;
213 
214             if (ret == 1)
215                 c_connected = 1;
216         }
217 
218         if (c_connected && !c_write_done) {
219             if (!TEST_int_eq(SSL_write(c_ssl, msg1, sizeof(msg1) - 1),
220                              (int)sizeof(msg1) - 1))
221                 goto err;
222 
223             if (!TEST_true(SSL_stream_conclude(c_ssl, 0)))
224                 goto err;
225 
226             c_write_done = 1;
227         }
228 
229         if (c_connected && c_write_done && !s_read_done) {
230             if (!ossl_quic_tserver_read(tserver, 0,
231                                         (unsigned char *)msg2 + s_total_read,
232                                         sizeof(msg2) - s_total_read, &l)) {
233                 if (!TEST_true(ossl_quic_tserver_has_read_ended(tserver, 0)))
234                     goto err;
235 
236                 if (!TEST_mem_eq(msg1, sizeof(msg1) - 1, msg2, s_total_read))
237                     goto err;
238 
239                 s_begin_write = 1;
240                 s_read_done   = 1;
241             } else {
242                 s_total_read += l;
243                 if (!TEST_size_t_le(s_total_read, sizeof(msg1) - 1))
244                     goto err;
245             }
246         }
247 
248         if (s_begin_write && s_total_written < sizeof(msg1) - 1) {
249             if (!TEST_true(ossl_quic_tserver_write(tserver, 0,
250                                                    (unsigned char *)msg2 + s_total_written,
251                                                    sizeof(msg1) - 1 - s_total_written, &l)))
252                 goto err;
253 
254             s_total_written += l;
255 
256             if (s_total_written == sizeof(msg1) - 1) {
257                 ossl_quic_tserver_conclude(tserver, 0);
258                 c_begin_read = 1;
259             }
260         }
261 
262         if (c_begin_read && c_total_read < sizeof(msg1) - 1) {
263             ret = SSL_read_ex(c_ssl, msg3 + c_total_read,
264                               sizeof(msg1) - 1 - c_total_read, &l);
265             if (!TEST_true(ret == 1 || is_want(c_ssl, ret)))
266                 goto err;
267 
268             c_total_read += l;
269 
270             if (c_total_read == sizeof(msg1) - 1) {
271                 if (!TEST_mem_eq(msg1, sizeof(msg1) - 1,
272                                  msg3, c_total_read))
273                     goto err;
274 
275                 c_wait_eos = 1;
276             }
277         }
278 
279         if (c_wait_eos && !c_done_eos) {
280             unsigned char c;
281 
282             ret = SSL_read_ex(c_ssl, &c, sizeof(c), &l);
283             if (!TEST_false(ret))
284                 goto err;
285 
286             /*
287              * Allow the implementation to take as long as it wants to finally
288              * notice EOS. Account for varied timings in OS networking stacks.
289              */
290             if (SSL_get_error(c_ssl, ret) != SSL_ERROR_WANT_READ) {
291                 if (!TEST_int_eq(SSL_get_error(c_ssl, ret),
292                                  SSL_ERROR_ZERO_RETURN))
293                     goto err;
294 
295                 c_done_eos = 1;
296                 if (use_thread_assist && use_fake_time) {
297                     if (!TEST_true(ossl_quic_tserver_is_connected(tserver)))
298                         goto err;
299                     c_start_idle_test = 1;
300                     limit_ms = 120000; /* extend time limit */
301                 } else {
302                     /* DONE */
303                     break;
304                 }
305             }
306         }
307 
308         if (c_start_idle_test && !c_done_idle_test) {
309             /* This is more than our default idle timeout of 30s. */
310             if (idle_units_done < 600) {
311                 struct timeval tv;
312                 int isinf;
313 
314                 if (!TEST_true(CRYPTO_THREAD_write_lock(fake_time_lock)))
315                     goto err;
316                 fake_time = ossl_time_add(fake_time, ossl_ms2time(100));
317                 CRYPTO_THREAD_unlock(fake_time_lock);
318 
319                 ++idle_units_done;
320                 ossl_quic_conn_force_assist_thread_wake(c_ssl);
321 
322                 /*
323                  * If the event timeout has expired then give the assistance
324                  * thread a chance to catch up
325                  */
326                 if (!TEST_true(SSL_get_event_timeout(c_ssl, &tv, &isinf)))
327                     goto err;
328                 if (!isinf && ossl_time_compare(ossl_time_zero(),
329                                                 ossl_time_from_timeval(tv)) >= 0)
330                     OSSL_sleep(100); /* Ensure CPU scheduling for test purposes */
331             } else {
332                 c_done_idle_test = 1;
333             }
334         }
335 
336         if (c_done_idle_test) {
337             /*
338              * If we have finished the fake idling duration, the connection
339              * should still be healthy in TA mode.
340              */
341             if (!TEST_true(ossl_quic_tserver_is_connected(tserver)))
342                 goto err;
343 
344             /* DONE */
345             break;
346         }
347 
348         /*
349          * This is inefficient because we spin until things work without
350          * blocking but this is just a test.
351          */
352         if (!c_start_idle_test || c_done_idle_test) {
353             /* Inhibit manual ticking during idle test to test TA mode. */
354             SSL_handle_events(c_ssl);
355         }
356 
357         ossl_quic_tserver_tick(tserver);
358 
359         if (use_inject) {
360             BIO_MSG rmsg = {0};
361             size_t msgs_processed = 0;
362 
363             for (;;) {
364                 /*
365                  * Manually spoonfeed received datagrams from the real BIO_dgram
366                  * into QUIC via the injection interface, thereby testing the
367                  * injection interface.
368                  */
369                 rmsg.data       = scratch_buf;
370                 rmsg.data_len   = sizeof(scratch_buf);
371 
372                 if (!BIO_recvmmsg(c_net_bio, &rmsg, sizeof(rmsg), 1, 0, &msgs_processed)
373                     || msgs_processed == 0 || rmsg.data_len == 0)
374                     break;
375 
376                 if (!TEST_true(SSL_inject_net_dgram(c_ssl, rmsg.data, rmsg.data_len,
377                                                     NULL, NULL)))
378                     goto err;
379             }
380         }
381     }
382 
383     testresult = 1;
384 err:
385     SSL_free(c_ssl);
386     SSL_CTX_free(c_ctx);
387     ossl_quic_tserver_free(tserver);
388     BIO_ADDR_free(s_addr_);
389     BIO_free(s_net_bio_own);
390     BIO_free(c_net_bio_own);
391     BIO_free(c_pair_own);
392     BIO_free(s_pair_own);
393     if (s_fd >= 0)
394         BIO_closesocket(s_fd);
395     if (c_fd >= 0)
396         BIO_closesocket(c_fd);
397     return testresult;
398 }
399 
test_tserver(int idx)400 static int test_tserver(int idx)
401 {
402     int thread_assisted, use_fake_time, use_inject;
403 
404     thread_assisted = idx % 2;
405     idx /= 2;
406 
407     use_inject = idx % 2;
408     idx /= 2;
409 
410     use_fake_time = idx % 2;
411 
412     if (use_fake_time && !thread_assisted)
413         return 1;
414 
415     return do_test(thread_assisted, use_fake_time, use_inject);
416 }
417 
418 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
419 
setup_tests(void)420 int setup_tests(void)
421 {
422     if (!test_skip_common_options()) {
423         TEST_error("Error parsing test options\n");
424         return 0;
425     }
426 
427     if (!TEST_ptr(certfile = test_get_argument(0))
428             || !TEST_ptr(keyfile = test_get_argument(1)))
429         return 0;
430 
431     if ((fake_time_lock = CRYPTO_THREAD_lock_new()) == NULL)
432         return 0;
433 
434     ADD_ALL_TESTS(test_tserver, 2 * 2 * 2);
435     return 1;
436 }
437