Skip to content

Commit

Permalink
improve TLS testing
Browse files Browse the repository at this point in the history
  • Loading branch information
scaprile committed Jan 17, 2025
1 parent f71b3b9 commit 317591b
Showing 13 changed files with 23,928 additions and 57 deletions.
2 changes: 1 addition & 1 deletion mongoose.c
Original file line number Diff line number Diff line change
@@ -10435,7 +10435,7 @@ static int mg_tls_recv_record(struct mg_connection *c) {
r = msgsz - 16 - 1;
tls->content_type = msg[msgsz - 16 - 1];
tls->recv_offset = (size_t) msg - (size_t) rio->buf;
tls->recv_len = msgsz - 16 - 1;
tls->recv_len = (size_t) msgsz - 16 - 1;
c->is_client ? tls->enc.sseq++ : tls->enc.cseq++;
return r;
}
76 changes: 31 additions & 45 deletions mongoose.h
Original file line number Diff line number Diff line change
@@ -2690,25 +2690,6 @@ bool mg_ota_end(void); // Stop writing



#if MG_OTA != MG_OTA_NONE && MG_OTA != MG_OTA_CUSTOM

struct mg_flash {
void *start; // Address at which flash starts
size_t size; // Flash size
size_t secsz; // Sector size
size_t align; // Write alignment
bool (*write_fn)(void *, const void *, size_t); // Write function
bool (*swap_fn)(void); // Swap partitions
};

bool mg_ota_flash_begin(size_t new_firmware_size, struct mg_flash *flash);
bool mg_ota_flash_write(const void *buf, size_t len, struct mg_flash *flash);
bool mg_ota_flash_end(struct mg_flash *flash);

#endif






@@ -3195,22 +3176,14 @@ struct mg_tcpip_driver_tms570_data {



#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC) && MG_ENABLE_DRIVER_XMC
#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_W5500) && MG_ENABLE_DRIVER_W5500

struct mg_tcpip_driver_xmc_data {
// 13.2.8.1 Station Management Functions
// MDC clock divider (). MDC clock is derived from ETH MAC clock
// It must not exceed 2.5MHz
// ETH Clock range DIVIDER mdc_cr VALUE
// --------------------------------------------
// -1 <-- tell driver to guess the value
// 60-100 MHz ETH Clock/42 0
// 100-150 MHz ETH Clock/62 1
// 20-35 MHz ETH Clock/16 2
// 35-60 MHz ETH Clock/26 3
// 150-250 MHz ETH Clock/102 4
// 250-300 MHz ETH Clock/124 5
// 110, 111 Reserved
#endif


#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC7) && MG_ENABLE_DRIVER_XMC7

struct mg_tcpip_driver_xmc7_data {
int mdc_cr; // Valid values: -1, 0, 1, 2, 3, 4, 5
uint8_t phy_addr;
};
@@ -3220,31 +3193,45 @@ struct mg_tcpip_driver_xmc_data {
#endif

#ifndef MG_DRIVER_MDC_CR
#define MG_DRIVER_MDC_CR 4
#define MG_DRIVER_MDC_CR 3
#endif

#define MG_TCPIP_DRIVER_INIT(mgr) \
do { \
static struct mg_tcpip_driver_xmc_data driver_data_; \
static struct mg_tcpip_driver_xmc7_data driver_data_; \
static struct mg_tcpip_if mif_; \
driver_data_.mdc_cr = MG_DRIVER_MDC_CR; \
driver_data_.phy_addr = MG_TCPIP_PHY_ADDR; \
mif_.ip = MG_TCPIP_IP; \
mif_.mask = MG_TCPIP_MASK; \
mif_.gw = MG_TCPIP_GW; \
mif_.driver = &mg_tcpip_driver_xmc; \
mif_.driver = &mg_tcpip_driver_xmc7; \
mif_.driver_data = &driver_data_; \
MG_SET_MAC_ADDRESS(mif_.mac); \
mg_tcpip_init(mgr, &mif_); \
MG_INFO(("Driver: xmc, MAC: %M", mg_print_mac, mif_.mac)); \
MG_INFO(("Driver: xmc7, MAC: %M", mg_print_mac, mif_.mac)); \
} while (0)

#endif


#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC7) && MG_ENABLE_DRIVER_XMC7

struct mg_tcpip_driver_xmc7_data {
#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC) && MG_ENABLE_DRIVER_XMC

struct mg_tcpip_driver_xmc_data {
// 13.2.8.1 Station Management Functions
// MDC clock divider (). MDC clock is derived from ETH MAC clock
// It must not exceed 2.5MHz
// ETH Clock range DIVIDER mdc_cr VALUE
// --------------------------------------------
// -1 <-- tell driver to guess the value
// 60-100 MHz ETH Clock/42 0
// 100-150 MHz ETH Clock/62 1
// 20-35 MHz ETH Clock/16 2
// 35-60 MHz ETH Clock/26 3
// 150-250 MHz ETH Clock/102 4
// 250-300 MHz ETH Clock/124 5
// 110, 111 Reserved
int mdc_cr; // Valid values: -1, 0, 1, 2, 3, 4, 5
uint8_t phy_addr;
};
@@ -3254,28 +3241,27 @@ struct mg_tcpip_driver_xmc7_data {
#endif

#ifndef MG_DRIVER_MDC_CR
#define MG_DRIVER_MDC_CR 3
#define MG_DRIVER_MDC_CR 4
#endif

#define MG_TCPIP_DRIVER_INIT(mgr) \
do { \
static struct mg_tcpip_driver_xmc7_data driver_data_; \
static struct mg_tcpip_driver_xmc_data driver_data_; \
static struct mg_tcpip_if mif_; \
driver_data_.mdc_cr = MG_DRIVER_MDC_CR; \
driver_data_.phy_addr = MG_TCPIP_PHY_ADDR; \
mif_.ip = MG_TCPIP_IP; \
mif_.mask = MG_TCPIP_MASK; \
mif_.gw = MG_TCPIP_GW; \
mif_.driver = &mg_tcpip_driver_xmc7; \
mif_.driver = &mg_tcpip_driver_xmc; \
mif_.driver_data = &driver_data_; \
MG_SET_MAC_ADDRESS(mif_.mac); \
mg_tcpip_init(mgr, &mif_); \
MG_INFO(("Driver: xmc7, MAC: %M", mg_print_mac, mif_.mac)); \
MG_INFO(("Driver: xmc, MAC: %M", mg_print_mac, mif_.mac)); \
} while (0)

#endif


#ifdef __cplusplus
}
#endif
2 changes: 1 addition & 1 deletion src/tls_builtin.c
Original file line number Diff line number Diff line change
@@ -486,7 +486,7 @@ static int mg_tls_recv_record(struct mg_connection *c) {
r = msgsz - 16 - 1;
tls->content_type = msg[msgsz - 16 - 1];
tls->recv_offset = (size_t) msg - (size_t) rio->buf;
tls->recv_len = msgsz - 16 - 1;
tls->recv_len = (size_t) msgsz - 16 - 1;
c->is_client ? tls->enc.sseq++ : tls->enc.cseq++;
return r;
}
10 changes: 8 additions & 2 deletions test/Makefile
Original file line number Diff line number Diff line change
@@ -90,7 +90,7 @@ mip_test: mip_test.c mongoose.c mongoose.h packed_fs.c Makefile
$(CC) mip_test.c packed_fs.c $(CFLAGS) $(LDFLAGS) -o $@
ASAN_OPTIONS=$(ASAN_OPTIONS) $(RUN) ./$@

mip_tap_test: mip_tap_test.c mongoose.c mongoose.h packed_fs.c Makefile
mip_tap_test: mip_tap_test.c mongoose.c mongoose.h packed_fs.c Makefile tls_multirec/server
$(CC) mip_tap_test.c packed_fs.c $(CFLAGS) $(LDFLAGS) -o $@
ASAN_OPTIONS=$(ASAN_OPTIONS) $(RUN) ./$@

@@ -123,10 +123,16 @@ fuzz2: mongoose.c mongoose.h Makefile fuzz.c
$(CC) fuzz.c -DMAIN $(OPTS) $(WARN) $(ASAN) $(INCS) -o fuzzer
$(RUN) ./fuzzer $(FUZZDATA)

test: Makefile mongoose.h $(SRCS)
test: Makefile mongoose.h $(SRCS) tls_multirec/server
$(CC) $(SRCS) $(CFLAGS) $(LDFLAGS) -o unit_test
ASAN_OPTIONS=$(ASAN_OPTIONS) $(RUN) ./unit_test

tls_multirec/server: FORCE
$(MAKE) -C tls_multirec CC=gcc

FORCE:
true

coverage: CFLAGS += -coverage
coverage: test
gcov -l -n *.gcno | sed '/^$$/d' | sed 'N;s/\n/ /'
72 changes: 66 additions & 6 deletions test/mip_tap_test.c
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@

#define MIPTAPTEST_USING_DHCP 1

#define FETCH_BUF_SIZE (8 * 1024)
#define FETCH_BUF_SIZE (16 * 1024)


#include <sys/socket.h>
@@ -64,6 +64,8 @@ static const char *s_ca_cert =
#endif


static char *host_ip;

static int s_num_tests = 0;

#define ABORT() \
@@ -79,6 +81,22 @@ static int s_num_tests = 0;
} \
} while (0)

static struct mg_http_message gethm(const char *buf) {
struct mg_http_message hm;
memset(&hm, 0, sizeof(hm));
mg_http_parse(buf, strlen(buf), &hm);
return hm;
}

static int cmpbody(const char *buf, const char *str) {
struct mg_str s = mg_str(str);
struct mg_http_message hm = gethm(buf);
size_t len = strlen(buf);
if (hm.body.len > len) hm.body.len = len - (size_t) (hm.body.buf - buf);
return mg_strcmp(hm.body, s);
}


// MIP TUNTAP driver
static size_t tap_rx(void *buf, size_t len, struct mg_tcpip_if *ifp) {
ssize_t received = read(*(int *) ifp->driver_data, buf, len);
@@ -144,6 +162,11 @@ static void fcb(struct mg_connection *c, int ev, void *ev_data) {
memset(&opts, 0, sizeof(opts)); // read CA from packed_fs
opts.name = mg_url_host(fd->url);
opts.ca = mg_unpacked("/data/ca.pem");
if (host_ip != NULL && strstr(fd->url, host_ip) != NULL) {
MG_DEBUG(("Local connection, using self-signed certificates"));
opts.name = mg_str_s("localhost");
opts.ca = mg_unpacked("/certs/ca.crt");
}
mg_tls_init(c, &opts);
}
} else if (ev == MG_EV_HTTP_MSG) {
@@ -277,7 +300,7 @@ static void *poll_thread(void *p) {
return NULL;
}

static void test_http_server(struct mg_mgr *mgr, uint32_t ip) {
static void test_http_server(struct mg_mgr *mgr) {
struct mg_connection *c;
char *cmd;
pthread_t thread_id = (pthread_t) 0;
@@ -288,10 +311,10 @@ static void test_http_server(struct mg_mgr *mgr, uint32_t ip) {
opts.cert = mg_unpacked("/certs/server.crt");
opts.key = mg_unpacked("/certs/server.key");
c = mg_http_listen(mgr, "https://0.0.0.0:12347", eh1, &opts);
cmd = mg_mprintf("./mip_curl.sh --insecure https://%M:12347", mg_print_ip4, &ip);
cmd = mg_mprintf("./mip_curl.sh --insecure https://%M:12347", mg_print_ip4, &mgr->ifp->ip);
#else
c = mg_http_listen(mgr, "http://0.0.0.0:12347", eh1, NULL);
cmd = mg_mprintf("./mip_curl.sh http://%M:12347", mg_print_ip4, &ip);
cmd = mg_mprintf("./mip_curl.sh http://%M:12347", mg_print_ip4, &mgr->ifp->ip);
#endif
ASSERT(c != NULL);
pthread_create(&thread_id, NULL, poll_thread, mgr); // simpler this way, no concurrency anyway
@@ -303,10 +326,36 @@ static void test_http_server(struct mg_mgr *mgr, uint32_t ip) {
free(cmd);
}

static void test_tls(struct mg_mgr *mgr) {
#if MG_TLS
char *url;
char buf[FETCH_BUF_SIZE]; // make sure it can hold Makefile
struct mg_str data = mg_unpacked("/Makefile");
if (host_ip == NULL) {
MG_INFO(("No HOST_IP provided, skipping tests"));
return;
}
MG_DEBUG(("HOST_IP: %s", host_ip));
// - POST a large file, make sure we drain TLS buffers and read all: done at server test, using curl as POSTing client
// - Fire patched server, test multiple TLS records per TCP segment handling
url = mg_mprintf("https://%s:8443", host_ip); // for historic reasons
ASSERT(system("tls_multirec/server -d tls_multirec &") == 0);
sleep(1);
ASSERT(fetch(mgr, buf, url, "GET /thefile HTTP/1.0\n\n") == 200);
ASSERT(cmpbody(buf, data.buf) == 0); // "thefile" links to Makefile
system("killall tls_multirec/server");
free(url);
#else
(void) mgr;
(void) ip;
#endif
}

int main(void) {
const char *debug_level = getenv("V");
// Setup interface
const char *iface = "tap0"; // Network iface
const char *mac = "00:00:01:02:03:78"; // MAC address
const char *mac = "02:00:01:02:03:78"; // MAC address
#ifndef __OpenBSD__
const char *tuntap_device = "/dev/net/tun";
#else
@@ -334,6 +383,11 @@ int main(void) {
MG_INFO(("Opened TAP interface: %s", iface));
usleep(200000); // 200 ms

if (debug_level == NULL) debug_level = "3";
mg_log_set(atoi(debug_level));

host_ip = getenv("HOST_IP");

// Events
struct mg_mgr mgr; // Event manager
mg_log_set(MG_LL_DEBUG);
@@ -383,12 +437,18 @@ int main(void) {
if (!mif.ip) MG_ERROR(("No ip assigned (DHCP lease may have failed).\n"));
ASSERT(mif.ip); // We have an IP (lease or static)
#endif
while (mif.state != MG_TCPIP_STATE_READY) {
mg_mgr_poll(&mgr, 100);
usleep(10000); // 10 ms
}

// RUN TESTS
usleep(500000); // 500 ms
test_http_client(&mgr);
usleep(500000); // 500 ms
test_http_server(&mgr, mif.ip);
test_http_server(&mgr);
usleep(500000); // 500 ms
test_tls(&mgr);
usleep(500000); // 500 ms
test_mqtt_connsubpub(&mgr);
usleep(500000); // 500 ms
1 change: 1 addition & 0 deletions test/setup_ga_network.sh
Original file line number Diff line number Diff line change
@@ -49,6 +49,7 @@ echo
# Setup DHCP server
echo "Network configuration script: DHCP server"
echo "Serving from $BRIDGE_IP"
export HOST_IP = $BRIDGE_IP
echo "dhcpd.conf:"
cat test/dhcpd.conf
echo
9 changes: 9 additions & 0 deletions test/tls_multirec/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
CFLAGS = -W -Wall -Wextra -g -I. # Build options
CFLAGS_MONGOOSE += -DMG_ENABLE_LINES=1 -DMG_ENABLE_IPV6=1
CFLAGS_EXTRA ?= -DMG_TLS=MG_TLS_BUILTIN

server: main.c patched_mongoose.c mongoose.h Makefile
$(CC) main.c patched_mongoose.c $(CFLAGS) $(CFLAGS_MONGOOSE) $(CFLAGS_EXTRA) -o $@

clean:
rm -f server
Loading

0 comments on commit 317591b

Please sign in to comment.