Test dtls_client

Test against both OpenSSL and GnuTLS. Don't use a proxy. It's not particularly useful here, and would complicate figuring out port numbers. Clean up compile-time requirements in dtls_client.c: any certificate-based key exchange is ok, so don't insist on built-in RSA. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-14 12:43:20 +00:00 · 2024-09-04 16:07:56 +02:00 · 2024-09-04 16:07:56 +02:00 · ae710c8b01
commit ae710c8b01
parent 7985d454c4
3 changed files with 48 additions and 17 deletions
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@ -9,18 +9,17 @@

 #include "mbedtls/platform.h"

-#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ||    \
-    !defined(MBEDTLS_NET_C)  || !defined(MBEDTLS_TIMING_C) ||             \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||        \
-    !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) ||      \
-    !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||      \
+    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) ||           \
+    !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ||   \
+    !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
-                   "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
-                   "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
-                   "MBEDTLS_PEM_PARSE_C not defined.\n");
+    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
+                   "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+                   "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
+                   "not defined.\n");
    mbedtls_exit(0);
 }
 #else
@ -337,6 +336,5 @@ exit:

    mbedtls_exit(ret);
 }
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
-          MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
-          MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */
+
+#endif /* configuration allows running this program */
--- a/tests/opt-testcases/sample.sh
+++ b/tests/opt-testcases/sample.sh
@ -46,3 +46,31 @@ run_test    "Sample: ssl_client1, gnutls server, TLS 1.3" \
            -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
            -S "Error" \
            -C "error"
+
+requires_protocol_version dtls12
+run_test    "Sample: dtls_client, openssl server, DTLS 1.2" \
+            -P 4433 \
+            "$O_SRV -dtls1_2" \
+            "$PROGRAMS_DIR/dtls_client" \
+            0 \
+            -s "Echo this" \
+            -s "DONE" \
+            -c "Echo this" \
+            -c "[1-9][0-9]* bytes written" \
+            -c "[1-9][0-9]* bytes read" \
+            -S "ERROR" \
+            -C "error"
+
+requires_protocol_version dtls12
+run_test    "Sample: dtls_client, gnutls server, DTLS 1.2" \
+            -P 4433 \
+            "$G_SRV -u --echo --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+            "$PROGRAMS_DIR/dtls_client" \
+            0 \
+            -s "Server listening" \
+            -s "[1-9][0-9]* bytes command:" \
+            -c "Echo this" \
+            -c "[1-9][0-9]* bytes written" \
+            -c "[1-9][0-9]* bytes read" \
+            -S "Error" \
+            -C "error"
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -492,6 +492,7 @@ detect_required_features() {
    esac

    case " $CMD_LINE " in
+        *"programs/ssl/dtls_client "*|\
        *"programs/ssl/ssl_client1 "*)
            requires_config_enabled MBEDTLS_CTR_DRBG_C
            requires_config_enabled MBEDTLS_ENTROPY_C
@ -1382,9 +1383,13 @@ skip_handshake_stage_check() {
 # Outputs:
 # * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked.
 analyze_test_commands() {
-    # if the test uses DTLS but no custom proxy, add a simple proxy
-    # as it provides timing info that's useful to debug failures
-    if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
+    # If the test uses DTLS, does not force a specific port, and does not
+    # specify a custom proxy, add a simple proxy.
+    # It provides timing info that's useful to debug failures.
+    if [ "$DTLS" -eq 1 ] &&
+       [ "$THIS_SRV_PORT" = "$SRV_PORT" ] &&
+       [ -z "$PXY_CMD" ]
+    then
        PXY_CMD="$P_PXY"
        case " $SRV_CMD " in
            *' server_addr=::1 '*)
@ -1751,7 +1756,7 @@ run_test() {
        esac
    fi

-    # does this test use a proxy?
+    # Does this test specify a proxy?
    if [ "X$1" = "X-p" ]; then
        PXY_CMD="$2"
        shift 2