test: dtls13: add ack test

This commit is contained in:
Marco Oliverio
2026-03-25 08:36:33 +01:00
parent 1c83e24a7a
commit ccfc95809b
3 changed files with 123 additions and 1 deletions
+118
View File
@@ -939,6 +939,124 @@ int test_dtls13_ack_order(void)
return EXPECT_RESULT();
}
int test_dtls13_ack_overflow(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
struct test_memio_ctx test_ctx;
unsigned char readBuf[50];
word32 length = 0;
int i;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
/* Edge case 1: one below limit - all inserts must succeed */
for (i = 0; i < DTLS13_ACK_MAX_RECORDS - 1; i++) {
ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 0),
w64From32(0, (word32)i)), 0);
}
ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, DTLS13_ACK_MAX_RECORDS - 1);
/* Edge case 2: insert the last allowed record - must succeed */
ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 0),
w64From32(0, (word32)(DTLS13_ACK_MAX_RECORDS - 1))), 0);
ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, DTLS13_ACK_MAX_RECORDS);
/* Writing a full-but-valid list must succeed */
ExpectIntEQ(Dtls13WriteAckMessage(ssl_c, ssl_c->dtls13Rtx.seenRecords,
ssl_c->dtls13Rtx.seenRecordsCount, &length), 0);
/* Edge case 3: one over limit - must be silently dropped */
ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 0),
w64From32(0, (word32)DTLS13_ACK_MAX_RECORDS)), 0);
ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, DTLS13_ACK_MAX_RECORDS);
/* Bypass the insert guard to force the list one element over the limit,
* then verify Dtls13WriteAckMessage errors out instead of overflowing */
ssl_c->dtls13Rtx.seenRecordsCount = 0;
ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 1),
w64From32(0, (word32)DTLS13_ACK_MAX_RECORDS)), 0);
ssl_c->dtls13Rtx.seenRecordsCount = (word16)(DTLS13_ACK_MAX_RECORDS + 1);
ExpectIntEQ(Dtls13WriteAckMessage(ssl_c, ssl_c->dtls13Rtx.seenRecords,
ssl_c->dtls13Rtx.seenRecordsCount, &length), BUFFER_E);
wolfSSL_free(ssl_c);
wolfSSL_CTX_free(ctx_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_s);
#endif
return EXPECT_RESULT();
}
int test_dtls13_ack_dup_write_counter(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
&& defined(HAVE_WRITE_DUP)
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
WOLFSSL *ssl_c2 = NULL;
struct test_memio_ctx test_ctx;
unsigned char readBuf[50];
int i;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0);
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* Drain any post-handshake messages */
ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
/* Split ssl_c: ssl_c becomes READ_DUP_SIDE, ssl_c2 becomes WRITE_DUP_SIDE */
ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c));
/* Cycle 1: add records, trigger handoff, verify counter is reset to 0 */
for (i = 0; i < 5; i++)
ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3),
w64From32(0, (word32)i)), 0);
ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 5);
ssl_c->dtls13Rtx.sendAcks = 1;
ExpectIntEQ(Dtls13DoScheduledWork(ssl_c), 0);
/* seenRecords ownership was transferred to dupWrite->sendAckList;
* seenRecordsCount must be reset to 0 — not left at 5. */
ExpectNull(ssl_c->dtls13Rtx.seenRecords);
ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 0);
/* Cycle 2 (different epoch to avoid the dup-filter): verify the counter
* did not accumulate across the previous transfer. Without the fix,
* seenRecordsCount would now be 10 after this second batch. */
for (i = 0; i < 5; i++)
ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 4),
w64From32(0, (word32)i)), 0);
ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 5);
ssl_c->dtls13Rtx.sendAcks = 1;
ExpectIntEQ(Dtls13DoScheduledWork(ssl_c), 0);
ExpectNull(ssl_c->dtls13Rtx.seenRecords);
ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 0);
wolfSSL_free(ssl_c);
wolfSSL_free(ssl_c2);
wolfSSL_CTX_free(ctx_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_s);
#endif
return EXPECT_RESULT();
}
int test_dtls_version_checking(void)
{
EXPECT_DECLS;
+4
View File
@@ -30,6 +30,8 @@ int test_wolfSSL_dtls_cid_parse(void);
int test_wolfSSL_dtls_set_pending_peer(void);
int test_dtls13_epochs(void);
int test_dtls13_ack_order(void);
int test_dtls13_ack_overflow(void);
int test_dtls13_ack_dup_write_counter(void);
int test_dtls_version_checking(void);
int test_dtls_short_ciphertext(void);
int test_dtls12_record_length_mismatch(void);
@@ -60,6 +62,8 @@ int test_dtls13_min_rtx_interval(void);
TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_set_pending_peer), \
TEST_DECL_GROUP("dtls", test_dtls13_epochs), \
TEST_DECL_GROUP("dtls", test_dtls13_ack_order), \
TEST_DECL_GROUP("dtls", test_dtls13_ack_overflow), \
TEST_DECL_GROUP("dtls", test_dtls13_ack_dup_write_counter), \
TEST_DECL_GROUP("dtls", test_dtls_version_checking), \
TEST_DECL_GROUP("dtls", test_dtls_short_ciphertext), \
TEST_DECL_GROUP("dtls", test_dtls12_record_length_mismatch), \
+1 -1
View File
@@ -7244,7 +7244,7 @@ WOLFSSL_LOCAL int Dtls13GetSeq(WOLFSSL* ssl, int order, word32* seq,
byte increment);
WOLFSSL_LOCAL void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch,
w64wrapper seq);
WOLFSSL_LOCAL int Dtls13DoScheduledWork(WOLFSSL* ssl);
WOLFSSL_TEST_VIS int Dtls13DoScheduledWork(WOLFSSL* ssl);
WOLFSSL_LOCAL int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision);
WOLFSSL_LOCAL int Dtls13SetRecordNumberKeys(WOLFSSL* ssl,
enum encrypt_side side);