1 #![cfg_attr(feature = "deny-warnings", deny(warnings))]
2 #![warn(clippy::pedantic)]
3
4 use neqo_crypto::{
5 generate_ech_keys, AuthenticationStatus, Client, Error, HandshakeState, SecretAgentPreInfo,
6 Server, ZeroRttCheckResult, ZeroRttChecker, TLS_AES_128_GCM_SHA256,
7 TLS_CHACHA20_POLY1305_SHA256, TLS_GRP_EC_SECP256R1, TLS_VERSION_1_3,
8 };
9
10 use std::boxed::Box;
11
12 mod handshake;
13 use crate::handshake::{
14 connect, connect_fail, forward_records, resumption_setup, PermissiveZeroRttChecker, Resumption,
15 ZERO_RTT_TOKEN_DATA,
16 };
17 use test_fixture::{fixture_init, now};
18
19 #[test]
make_client()20 fn make_client() {
21 fixture_init();
22 let _c = Client::new("server").expect("should create client");
23 }
24
25 #[test]
make_server()26 fn make_server() {
27 fixture_init();
28 let _s = Server::new(&["key"]).expect("should create server");
29 }
30
31 #[test]
basic()32 fn basic() {
33 fixture_init();
34 let mut client = Client::new("server.example").expect("should create client");
35 println!("client {:p}", &client);
36 let mut server = Server::new(&["key"]).expect("should create server");
37 println!("server {:p}", &server);
38
39 let bytes = client.handshake(now(), &[]).expect("send CH");
40 assert!(!bytes.is_empty());
41 assert_eq!(*client.state(), HandshakeState::InProgress);
42
43 let bytes = server
44 .handshake(now(), &bytes[..])
45 .expect("read CH, send SH");
46 assert!(!bytes.is_empty());
47 assert_eq!(*server.state(), HandshakeState::InProgress);
48
49 let bytes = client.handshake(now(), &bytes[..]).expect("send CF");
50 assert!(bytes.is_empty());
51 assert_eq!(*client.state(), HandshakeState::AuthenticationPending);
52
53 client.authenticated(AuthenticationStatus::Ok);
54 assert_eq!(*client.state(), HandshakeState::Authenticated(0));
55
56 // Calling handshake() again indicates that we're happy with the cert.
57 let bytes = client.handshake(now(), &[]).expect("send CF");
58 assert!(!bytes.is_empty());
59 assert!(client.state().is_connected());
60
61 let client_info = client.info().expect("got info");
62 assert_eq!(TLS_VERSION_1_3, client_info.version());
63 assert_eq!(TLS_AES_128_GCM_SHA256, client_info.cipher_suite());
64
65 let bytes = server.handshake(now(), &bytes[..]).expect("finish");
66 assert!(bytes.is_empty());
67 assert!(server.state().is_connected());
68
69 let server_info = server.info().expect("got info");
70 assert_eq!(TLS_VERSION_1_3, server_info.version());
71 assert_eq!(TLS_AES_128_GCM_SHA256, server_info.cipher_suite());
72 }
73
check_client_preinfo(client_preinfo: &SecretAgentPreInfo)74 fn check_client_preinfo(client_preinfo: &SecretAgentPreInfo) {
75 assert_eq!(client_preinfo.version(), None);
76 assert_eq!(client_preinfo.cipher_suite(), None);
77 assert!(!client_preinfo.early_data());
78 assert_eq!(client_preinfo.early_data_cipher(), None);
79 assert_eq!(client_preinfo.max_early_data(), 0);
80 assert_eq!(client_preinfo.alpn(), None);
81 }
82
check_server_preinfo(server_preinfo: &SecretAgentPreInfo)83 fn check_server_preinfo(server_preinfo: &SecretAgentPreInfo) {
84 assert_eq!(server_preinfo.version(), Some(TLS_VERSION_1_3));
85 assert_eq!(server_preinfo.cipher_suite(), Some(TLS_AES_128_GCM_SHA256));
86 assert!(!server_preinfo.early_data());
87 assert_eq!(server_preinfo.early_data_cipher(), None);
88 assert_eq!(server_preinfo.max_early_data(), 0);
89 assert_eq!(server_preinfo.alpn(), None);
90 }
91
92 #[test]
raw()93 fn raw() {
94 fixture_init();
95 let mut client = Client::new("server.example").expect("should create client");
96 println!("client {:?}", client);
97 let mut server = Server::new(&["key"]).expect("should create server");
98 println!("server {:?}", server);
99
100 let client_records = client.handshake_raw(now(), None).expect("send CH");
101 assert!(!client_records.is_empty());
102 assert_eq!(*client.state(), HandshakeState::InProgress);
103
104 check_client_preinfo(&client.preinfo().expect("get preinfo"));
105
106 let server_records =
107 forward_records(now(), &mut server, client_records).expect("read CH, send SH");
108 assert!(!server_records.is_empty());
109 assert_eq!(*server.state(), HandshakeState::InProgress);
110
111 check_server_preinfo(&server.preinfo().expect("get preinfo"));
112
113 let client_records = forward_records(now(), &mut client, server_records).expect("send CF");
114 assert!(client_records.is_empty());
115 assert_eq!(*client.state(), HandshakeState::AuthenticationPending);
116
117 client.authenticated(AuthenticationStatus::Ok);
118 assert_eq!(*client.state(), HandshakeState::Authenticated(0));
119
120 // Calling handshake() again indicates that we're happy with the cert.
121 let client_records = client.handshake_raw(now(), None).expect("send CF");
122 assert!(!client_records.is_empty());
123 assert!(client.state().is_connected());
124
125 let server_records = forward_records(now(), &mut server, client_records).expect("finish");
126 assert!(server_records.is_empty());
127 assert!(server.state().is_connected());
128
129 // The client should have one certificate for the server.
130 let mut certs = client.peer_certificate().unwrap();
131 assert_eq!(1, certs.count());
132
133 // The server shouldn't have a client certificate.
134 assert!(server.peer_certificate().is_none());
135 }
136
137 #[test]
chacha_client()138 fn chacha_client() {
139 fixture_init();
140 let mut client = Client::new("server.example").expect("should create client");
141 let mut server = Server::new(&["key"]).expect("should create server");
142 client
143 .set_ciphers(&[TLS_CHACHA20_POLY1305_SHA256])
144 .expect("ciphers set");
145
146 connect(&mut client, &mut server);
147
148 assert_eq!(
149 client.info().unwrap().cipher_suite(),
150 TLS_CHACHA20_POLY1305_SHA256
151 );
152 assert_eq!(
153 server.info().unwrap().cipher_suite(),
154 TLS_CHACHA20_POLY1305_SHA256
155 );
156 }
157
158 #[test]
p256_server()159 fn p256_server() {
160 fixture_init();
161 let mut client = Client::new("server.example").expect("should create client");
162 let mut server = Server::new(&["key"]).expect("should create server");
163 server
164 .set_groups(&[TLS_GRP_EC_SECP256R1])
165 .expect("groups set");
166
167 connect(&mut client, &mut server);
168
169 assert_eq!(client.info().unwrap().key_exchange(), TLS_GRP_EC_SECP256R1);
170 assert_eq!(server.info().unwrap().key_exchange(), TLS_GRP_EC_SECP256R1);
171 }
172
173 #[test]
alpn()174 fn alpn() {
175 fixture_init();
176 let mut client = Client::new("server.example").expect("should create client");
177 client.set_alpn(&["alpn"]).expect("should set ALPN");
178 let mut server = Server::new(&["key"]).expect("should create server");
179 server.set_alpn(&["alpn"]).expect("should set ALPN");
180
181 connect(&mut client, &mut server);
182
183 let expected = Some(String::from("alpn"));
184 assert_eq!(expected.as_ref(), client.info().unwrap().alpn());
185 assert_eq!(expected.as_ref(), server.info().unwrap().alpn());
186 }
187
188 #[test]
alpn_multi()189 fn alpn_multi() {
190 fixture_init();
191 let mut client = Client::new("server.example").expect("should create client");
192 client
193 .set_alpn(&["dummy", "alpn"])
194 .expect("should set ALPN");
195 let mut server = Server::new(&["key"]).expect("should create server");
196 server
197 .set_alpn(&["alpn", "other"])
198 .expect("should set ALPN");
199
200 connect(&mut client, &mut server);
201
202 let expected = Some(String::from("alpn"));
203 assert_eq!(expected.as_ref(), client.info().unwrap().alpn());
204 assert_eq!(expected.as_ref(), server.info().unwrap().alpn());
205 }
206
207 #[test]
alpn_server_pref()208 fn alpn_server_pref() {
209 fixture_init();
210 let mut client = Client::new("server.example").expect("should create client");
211 client
212 .set_alpn(&["dummy", "alpn"])
213 .expect("should set ALPN");
214 let mut server = Server::new(&["key"]).expect("should create server");
215 server
216 .set_alpn(&["alpn", "dummy"])
217 .expect("should set ALPN");
218
219 connect(&mut client, &mut server);
220
221 let expected = Some(String::from("alpn"));
222 assert_eq!(expected.as_ref(), client.info().unwrap().alpn());
223 assert_eq!(expected.as_ref(), server.info().unwrap().alpn());
224 }
225
226 #[test]
alpn_no_protocol()227 fn alpn_no_protocol() {
228 fixture_init();
229 let mut client = Client::new("server.example").expect("should create client");
230 client.set_alpn(&["a"]).expect("should set ALPN");
231 let mut server = Server::new(&["key"]).expect("should create server");
232 server.set_alpn(&["b"]).expect("should set ALPN");
233
234 connect_fail(&mut client, &mut server);
235
236 // TODO(mt) check the error code
237 }
238
239 #[test]
alpn_client_only()240 fn alpn_client_only() {
241 fixture_init();
242 let mut client = Client::new("server.example").expect("should create client");
243 client.set_alpn(&["alpn"]).expect("should set ALPN");
244 let mut server = Server::new(&["key"]).expect("should create server");
245
246 connect(&mut client, &mut server);
247
248 assert_eq!(None, client.info().unwrap().alpn());
249 assert_eq!(None, server.info().unwrap().alpn());
250 }
251
252 #[test]
alpn_server_only()253 fn alpn_server_only() {
254 fixture_init();
255 let mut client = Client::new("server.example").expect("should create client");
256 let mut server = Server::new(&["key"]).expect("should create server");
257 server.set_alpn(&["alpn"]).expect("should set ALPN");
258
259 connect(&mut client, &mut server);
260
261 assert_eq!(None, client.info().unwrap().alpn());
262 assert_eq!(None, server.info().unwrap().alpn());
263 }
264
265 #[test]
resume()266 fn resume() {
267 let (_, token) = resumption_setup(Resumption::WithoutZeroRtt);
268
269 let mut client = Client::new("server.example").expect("should create second client");
270 let mut server = Server::new(&["key"]).expect("should create second server");
271
272 client
273 .enable_resumption(token)
274 .expect("should accept token");
275 connect(&mut client, &mut server);
276
277 assert!(client.info().unwrap().resumed());
278 assert!(server.info().unwrap().resumed());
279 }
280
281 #[test]
zero_rtt()282 fn zero_rtt() {
283 let (anti_replay, token) = resumption_setup(Resumption::WithZeroRtt);
284
285 // Finally, 0-RTT should succeed.
286 let mut client = Client::new("server.example").expect("should create client");
287 let mut server = Server::new(&["key"]).expect("should create server");
288 client
289 .enable_resumption(token)
290 .expect("should accept token");
291 client.enable_0rtt().expect("should enable 0-RTT");
292 server
293 .enable_0rtt(
294 anti_replay.as_ref().unwrap(),
295 0xffff_ffff,
296 Box::new(PermissiveZeroRttChecker::default()),
297 )
298 .expect("should enable 0-RTT");
299
300 connect(&mut client, &mut server);
301 assert!(client.info().unwrap().early_data_accepted());
302 assert!(server.info().unwrap().early_data_accepted());
303 }
304
305 #[test]
zero_rtt_no_eoed()306 fn zero_rtt_no_eoed() {
307 let (anti_replay, token) = resumption_setup(Resumption::WithZeroRtt);
308
309 // Finally, 0-RTT should succeed.
310 let mut client = Client::new("server.example").expect("should create client");
311 let mut server = Server::new(&["key"]).expect("should create server");
312 client
313 .enable_resumption(token)
314 .expect("should accept token");
315 client.enable_0rtt().expect("should enable 0-RTT");
316 client
317 .disable_end_of_early_data()
318 .expect("should disable EOED");
319 server
320 .enable_0rtt(
321 anti_replay.as_ref().unwrap(),
322 0xffff_ffff,
323 Box::new(PermissiveZeroRttChecker::default()),
324 )
325 .expect("should enable 0-RTT");
326 server
327 .disable_end_of_early_data()
328 .expect("should disable EOED");
329
330 connect(&mut client, &mut server);
331 assert!(client.info().unwrap().early_data_accepted());
332 assert!(server.info().unwrap().early_data_accepted());
333 }
334
335 #[derive(Debug)]
336 struct RejectZeroRtt {}
337 impl ZeroRttChecker for RejectZeroRtt {
check(&self, token: &[u8]) -> ZeroRttCheckResult338 fn check(&self, token: &[u8]) -> ZeroRttCheckResult {
339 assert_eq!(ZERO_RTT_TOKEN_DATA, token);
340 ZeroRttCheckResult::Reject
341 }
342 }
343
344 #[test]
reject_zero_rtt()345 fn reject_zero_rtt() {
346 let (anti_replay, token) = resumption_setup(Resumption::WithZeroRtt);
347
348 // Finally, 0-RTT should succeed.
349 let mut client = Client::new("server.example").expect("should create client");
350 let mut server = Server::new(&["key"]).expect("should create server");
351 client
352 .enable_resumption(token)
353 .expect("should accept token");
354 client.enable_0rtt().expect("should enable 0-RTT");
355 server
356 .enable_0rtt(
357 anti_replay.as_ref().unwrap(),
358 0xffff_ffff,
359 Box::new(RejectZeroRtt {}),
360 )
361 .expect("should enable 0-RTT");
362
363 connect(&mut client, &mut server);
364 assert!(!client.info().unwrap().early_data_accepted());
365 assert!(!server.info().unwrap().early_data_accepted());
366 }
367
368 #[test]
close()369 fn close() {
370 fixture_init();
371 let mut client = Client::new("server.example").expect("should create client");
372 let mut server = Server::new(&["key"]).expect("should create server");
373 connect(&mut client, &mut server);
374 client.close();
375 server.close();
376 }
377
378 #[test]
close_client_twice()379 fn close_client_twice() {
380 fixture_init();
381 let mut client = Client::new("server.example").expect("should create client");
382 let mut server = Server::new(&["key"]).expect("should create server");
383 connect(&mut client, &mut server);
384 client.close();
385 client.close(); // Should be a noop.
386 }
387
388 #[test]
ech()389 fn ech() {
390 fixture_init();
391 let mut server = Server::new(&["key"]).expect("should create server");
392 let (sk, pk) = generate_ech_keys().expect("ECH keys");
393 server
394 .enable_ech(88, "public.example", &sk, &pk)
395 .expect("should enable server ECH");
396
397 let mut client = Client::new("server.example").expect("should create client");
398 client
399 .enable_ech(server.ech_config())
400 .expect("should enable client ECH");
401
402 connect(&mut client, &mut server);
403 assert!(client.info().unwrap().ech_accepted());
404 assert!(server.info().unwrap().ech_accepted());
405 assert!(client.preinfo().unwrap().ech_accepted().unwrap());
406 assert!(server.preinfo().unwrap().ech_accepted().unwrap());
407 }
408
409 #[test]
ech_retry()410 fn ech_retry() {
411 const PUBLIC_NAME: &str = "public.example";
412 const PRIVATE_NAME: &str = "private.example";
413 const CONFIG_ID: u8 = 7;
414
415 fixture_init();
416 let mut server = Server::new(&["key"]).unwrap();
417 let (sk, pk) = generate_ech_keys().unwrap();
418 server.enable_ech(CONFIG_ID, PUBLIC_NAME, &sk, &pk).unwrap();
419
420 let mut client = Client::new(PRIVATE_NAME).unwrap();
421 let mut cfg = Vec::from(server.ech_config());
422 // Ensure that the version and config_id is correct.
423 assert_eq!(cfg[2], 0xfe);
424 assert_eq!(cfg[3], 0x0d);
425 assert_eq!(cfg[6], CONFIG_ID);
426 // Change the config_id so that the server doesn't recognize this.
427 cfg[6] ^= 0x94;
428 client.enable_ech(&cfg).unwrap();
429
430 // Long version of connect() so that we can check the state.
431 let records = client.handshake_raw(now(), None).unwrap(); // ClientHello
432 let records = forward_records(now(), &mut server, records).unwrap(); // ServerHello...
433 let records = forward_records(now(), &mut client, records).unwrap(); // (empty)
434 assert!(records.is_empty());
435
436 // The client should now be expecting authentication.
437 assert_eq!(
438 *client.state(),
439 HandshakeState::EchFallbackAuthenticationPending(String::from(PUBLIC_NAME))
440 );
441 client.authenticated(AuthenticationStatus::Ok);
442 let updated_config = if let Err(Error::EchRetry(c)) = client.handshake_raw(now(), None) {
443 c
444 } else {
445 panic!(
446 "Handshake should fail with EchRetry, state is instead {:?}",
447 client.state()
448 );
449 };
450 assert_eq!(
451 client
452 .preinfo()
453 .unwrap()
454 .ech_public_name()
455 .unwrap()
456 .unwrap(),
457 PUBLIC_NAME
458 );
459 // We don't forward alerts, so we can't tell the server about them.
460 // An ech_required alert should be set though.
461 assert_eq!(client.alert(), Some(&121));
462
463 let mut server = Server::new(&["key"]).unwrap();
464 server.enable_ech(CONFIG_ID, PUBLIC_NAME, &sk, &pk).unwrap();
465 let mut client = Client::new(PRIVATE_NAME).unwrap();
466 client.enable_ech(&updated_config).unwrap();
467
468 connect(&mut client, &mut server);
469
470 assert!(client.info().unwrap().ech_accepted());
471 assert!(server.info().unwrap().ech_accepted());
472 assert!(client.preinfo().unwrap().ech_accepted().unwrap());
473 assert!(server.preinfo().unwrap().ech_accepted().unwrap());
474 }
475