1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
|
import copy
import os
import pytest
from configuration import available_ports, ALL_TEST_CURVES, ALL_TEST_CERTS, TLS13_CIPHERS
from common import ProviderOptions, Protocols, Curves, data_bytes
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N as S2NBase, OpenSSL as OpenSSLBase
from utils import invalid_test_parameters, get_parameter_name, to_bytes
from test_hello_retry_requests import S2N_HRR_MARKER
TICKET_FILE = 'ticket'
EARLY_DATA_FILE = 'early_data'
MAX_EARLY_DATA = 500 # Arbitrary largish number
DATA_TO_SEND = data_bytes(500) # Arbitrary large number
NUM_RESUMES = 5 # Hardcoded for s2nc --reconnect
NUM_CONNECTIONS = NUM_RESUMES + 1 # resumes + initial
S2N_DEFAULT_CURVE = Curves.X25519
# We have no plans to support this curve any time soon
S2N_UNSUPPORTED_CURVE = 'X448'
S2N_HRR_CURVES = list(
curve for curve in ALL_TEST_CURVES if curve != S2N_DEFAULT_CURVE)
S2N_EARLY_DATA_MARKER = to_bytes("WITH_EARLY_DATA")
S2N_EARLY_DATA_RECV_MARKER = "Early Data received: "
S2N_EARLY_DATA_STATUS_MARKER = "Early Data status: {status}"
S2N_EARLY_DATA_ACCEPTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(
status="ACCEPTED")
S2N_EARLY_DATA_REJECTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(
status="REJECTED")
S2N_EARLY_DATA_NOT_REQUESTED_MARKER = S2N_EARLY_DATA_STATUS_MARKER.format(
status="NOT REQUESTED")
class S2N(S2NBase):
def __init__(self, options: ProviderOptions):
S2NBase.__init__(self, options)
def setup_client(self):
cmd_line = S2NBase.setup_client(self)
early_data_file = self.options.early_data_file
if early_data_file and os.path.exists(early_data_file):
cmd_line.extend(['--early-data', early_data_file])
return cmd_line
def setup_server(self):
cmd_line = S2NBase.setup_server(self)
cmd_line.extend(['--max-early-data', self.options.max_early_data])
return cmd_line
class OpenSSL(OpenSSLBase):
def __init__(self, options: ProviderOptions):
OpenSSLBase.__init__(self, options)
def setup_client(self):
cmd_line = OpenSSLBase.setup_client(self)
early_data_file = self.options.early_data_file
if early_data_file and os.path.exists(early_data_file):
cmd_line.extend(['-early_data', early_data_file])
ticket_file = self.options.ticket_file
if ticket_file:
if os.path.exists(ticket_file):
cmd_line.extend(['-sess_in', ticket_file])
else:
cmd_line.extend(['-sess_out', self.options.ticket_file])
return cmd_line
def setup_server(self):
cmd_line = OpenSSLBase.setup_server(self)
if self.options.max_early_data > 0:
cmd_line.extend(['-early_data'])
return cmd_line
# The `-reconnect` option is broken for TLS1.3 in OpenSSL s_client: https://github.com/openssl/openssl/issues/8517
# The `-sess_in`/`-sess_out` options can be used instead, but don't have an s2nc equivalent.
# As we add more providers, we may need both a `-reconnect`-like and a `-sess_in/out`-like S2N server test,
# but for now we can just use `-sess_in/out` and cover the S2N->S2N case in the S2N client tests.
CLIENT_PROVIDERS = [OpenSSL]
SERVER_PROVIDERS = [OpenSSL, S2N]
def get_early_data_bytes(file_path, early_data_size):
early_data = data_bytes(early_data_size)
with open(file_path, 'wb') as fout:
fout.write(early_data)
return early_data
def get_ticket_from_s2n_server(options, managed_process, provider, certificate):
port = next(available_ports)
"""
Generally clients start checking for stdin EoF to exit as soon as they finish the handshake.
To make sure the client reliably receives the post-handshake NST,
do NOT indicate stdin EoF until after some data has been received from the server.
"""
close_marker_bytes = data_bytes(10)
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
client_options.port = port
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
server_options.port = port
server_options.key = certificate.key
server_options.cert = certificate.cert
server_options.data_to_send = close_marker_bytes
assert not os.path.exists(options.ticket_file)
s2n_server = managed_process(
S2N,
server_options,
send_marker=S2N.get_send_marker(),
timeout=10
)
client = managed_process(
provider,
client_options,
close_marker=str(close_marker_bytes),
timeout=10
)
for results in s2n_server.get_results():
results.assert_success()
for results in client.get_results():
results.assert_success()
assert os.path.exists(options.ticket_file)
def test_nothing():
"""
Sometimes the early data test parameters in combination with the s2n libcrypto
results in no test cases existing. In this case, pass a nothing test to avoid
marking the entire codebuild run as failed.
"""
assert True
"""
Basic S2N server happy case.
We make one full connection to get a session ticket with early data enabled,
then another resumption connection with early data.
"""
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
@pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
def test_s2n_server_with_early_data(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
other_provider, early_data_size):
ticket_file = str(tmp_path / TICKET_FILE)
early_data_file = str(tmp_path / EARLY_DATA_FILE)
early_data = get_early_data_bytes(early_data_file, early_data_size)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
curve=curve,
protocol=protocol,
insecure=True,
use_session_ticket=True,
data_to_send=DATA_TO_SEND,
)
options.ticket_file = ticket_file
options.early_data_file = early_data_file
options.max_early_data = MAX_EARLY_DATA
get_ticket_from_s2n_server(options, managed_process, provider, certificate)
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
s2n_server = managed_process(S2N, server_options, timeout=10)
client = managed_process(provider, client_options, timeout=10)
for results in client.get_results():
results.assert_success()
for results in s2n_server.get_results():
results.assert_success()
assert S2N_EARLY_DATA_MARKER in results.stdout
assert (to_bytes(S2N_EARLY_DATA_RECV_MARKER) +
early_data) in results.stdout
assert to_bytes(S2N_EARLY_DATA_ACCEPTED_MARKER) in results.stdout
assert DATA_TO_SEND in results.stdout
"""
Basic S2N client happy case.
The S2N client tests session resumption by repeatedly reconnecting.
That means we don't need to manually perform the initial full connection, and there is no external ticket file.
"""
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
@pytest.mark.parametrize("provider", SERVER_PROVIDERS, ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
def test_s2n_client_with_early_data(managed_process, tmp_path, cipher, certificate, protocol, provider, other_provider,
early_data_size):
early_data_file = str(tmp_path / EARLY_DATA_FILE)
early_data = get_early_data_bytes(early_data_file, early_data_size)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
protocol=protocol,
insecure=True,
use_session_ticket=True,
reconnect=True,
)
options.ticket_file = None
options.early_data_file = early_data_file
options.max_early_data = MAX_EARLY_DATA
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
server_options.key = certificate.key # Required for the initial connection
server_options.cert = certificate.cert # Required for the initial connection
server_options.reconnects_before_exit = NUM_CONNECTIONS
server = managed_process(provider, server_options, timeout=10)
s2n_client = managed_process(S2N, client_options, timeout=10)
for results in s2n_client.get_results():
results.assert_success()
assert S2N_EARLY_DATA_MARKER in results.stdout
assert results.stdout.count(
to_bytes(S2N_EARLY_DATA_ACCEPTED_MARKER)) == NUM_RESUMES
for results in server.get_results():
results.assert_success()
assert results.stdout.count(early_data) == NUM_RESUMES
"""
Verify that the S2N client doesn't request early data when a server doesn't support early data.
We repeatedly reconnect with max_early_data set to 0. This is basically a test from
test_session_resumption but with validation that no early data is sent.
"""
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
@pytest.mark.parametrize("provider", SERVER_PROVIDERS, ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
def test_s2n_client_without_early_data(managed_process, tmp_path, cipher, certificate, protocol, provider,
other_provider):
early_data_file = str(tmp_path / EARLY_DATA_FILE)
early_data = get_early_data_bytes(early_data_file, MAX_EARLY_DATA)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
protocol=protocol,
insecure=True,
use_session_ticket=True,
reconnect=True,
)
options.ticket_file = None
options.early_data_file = early_data_file
options.max_early_data = 0
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
server_options.key = certificate.key # Required for the initial connection
server_options.cert = certificate.cert # Required for the initial connection
server_options.reconnects_before_exit = NUM_CONNECTIONS
server = managed_process(provider, server_options, timeout=10)
s2n_client = managed_process(S2N, client_options, timeout=10)
for results in server.get_results():
results.assert_success()
assert early_data not in results.stdout
for results in s2n_client.get_results():
results.assert_success()
assert S2N_EARLY_DATA_MARKER not in results.stdout
assert results.stdout.count(
to_bytes(S2N_EARLY_DATA_NOT_REQUESTED_MARKER)) == NUM_CONNECTIONS
"""
Test the S2N server rejecting early data.
We do this by disabling early data on the server after the ticket is issued.
When the client attempts to use the ticket to send early data, the server rejects the attempt.
We can't perform an S2N client version of this test because the S2N client performs its hardcoded
reconnects automatically, without any mechanism to modify the connection in between.
"""
@pytest.mark.flaky(reruns=5)
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
@pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
def test_s2n_server_with_early_data_rejected(managed_process, tmp_path, cipher, curve, certificate, protocol, provider,
other_provider, early_data_size):
ticket_file = str(tmp_path / TICKET_FILE)
early_data_file = str(tmp_path / EARLY_DATA_FILE)
get_early_data_bytes(early_data_file, early_data_size)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
curve=curve,
protocol=protocol,
insecure=True,
use_session_ticket=True,
data_to_send=DATA_TO_SEND,
)
options.ticket_file = ticket_file
options.early_data_file = early_data_file
options.max_early_data = MAX_EARLY_DATA
get_ticket_from_s2n_server(options, managed_process, provider, certificate)
options.max_early_data = 0
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
s2n_server = managed_process(S2N, server_options, timeout=10)
client = managed_process(provider, client_options, timeout=10)
for results in client.get_results():
results.assert_success()
for results in s2n_server.get_results():
results.assert_success()
assert S2N_EARLY_DATA_MARKER not in results.stdout
assert S2N_HRR_MARKER not in results.stdout
assert to_bytes(S2N_EARLY_DATA_RECV_MARKER) not in results.stdout
assert to_bytes(S2N_EARLY_DATA_REJECTED_MARKER) in results.stdout
assert DATA_TO_SEND in results.stdout
"""
Test the S2N client attempting to send early data, but the server triggering a hello retry.
We trigger the HRR by configuring the server to only accept curves that the S2N client
does not send key shares for.
"""
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("curve", S2N_HRR_CURVES, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
@pytest.mark.parametrize("provider", SERVER_PROVIDERS, ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
def test_s2n_client_with_early_data_rejected_via_hrr(managed_process, tmp_path, cipher, curve, certificate, protocol,
provider, other_provider, early_data_size):
if provider == S2N:
pytest.skip(
"S2N does not respect ProviderOptions.curve, so does not trigger a retry")
early_data_file = str(tmp_path / EARLY_DATA_FILE)
early_data = get_early_data_bytes(early_data_file, early_data_size)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
curve=curve,
protocol=protocol,
insecure=True,
use_session_ticket=True,
reconnect=True,
)
options.ticket_file = None
options.early_data_file = early_data_file
options.max_early_data = MAX_EARLY_DATA
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
server_options.key = certificate.key # Required for the initial connection
server_options.cert = certificate.cert # Required for the initial connection
server_options.reconnects_before_exit = NUM_CONNECTIONS
server = managed_process(provider, server_options, timeout=10)
s2n_client = managed_process(S2N, client_options, timeout=10)
for results in s2n_client.get_results():
results.assert_success()
assert S2N_EARLY_DATA_MARKER not in results.stdout
assert S2N_HRR_MARKER in results.stdout
assert results.stdout.count(
to_bytes(S2N_EARLY_DATA_REJECTED_MARKER)) == NUM_RESUMES
for results in server.get_results():
results.assert_success()
assert early_data not in results.stdout
"""
Test the S2N server rejecting early data because of a hello retry request.
In order to trigger a successful retry, we need to force the peer to offer us a key share that
S2N doesn't support while still supporting at least one curve S2N does support.
"""
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
@pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("early_data_size", [int(MAX_EARLY_DATA/2), int(MAX_EARLY_DATA-1), MAX_EARLY_DATA, 1])
def test_s2n_server_with_early_data_rejected_via_hrr(managed_process, tmp_path, cipher, curve, certificate, protocol,
provider, other_provider, early_data_size):
ticket_file = str(tmp_path / TICKET_FILE)
early_data_file = str(tmp_path / EARLY_DATA_FILE)
early_data = get_early_data_bytes(early_data_file, early_data_size)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
curve=(S2N_UNSUPPORTED_CURVE + ":" + str(curve)),
protocol=protocol,
insecure=True,
use_session_ticket=True,
data_to_send=DATA_TO_SEND,
)
options.ticket_file = ticket_file
options.early_data_file = early_data_file
options.max_early_data = MAX_EARLY_DATA
get_ticket_from_s2n_server(options, managed_process, provider, certificate)
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
s2n_server = managed_process(S2N, server_options, timeout=10)
client = managed_process(provider, client_options, timeout=10)
for results in client.get_results():
results.assert_success()
assert early_data not in results.stdout
for results in s2n_server.get_results():
results.assert_success()
assert S2N_EARLY_DATA_MARKER not in results.stdout
assert S2N_HRR_MARKER in results.stdout
assert to_bytes(S2N_EARLY_DATA_RECV_MARKER) not in results.stdout
assert to_bytes(S2N_EARLY_DATA_REJECTED_MARKER) in results.stdout
assert DATA_TO_SEND in results.stdout
"""
Test the S2N server fails if it receives too much early data.
"""
@pytest.mark.uncollect_if(func=invalid_test_parameters)
@pytest.mark.parametrize("cipher", TLS13_CIPHERS, ids=get_parameter_name)
@pytest.mark.parametrize("curve", ALL_TEST_CURVES, ids=get_parameter_name)
@pytest.mark.parametrize("certificate", ALL_TEST_CERTS, ids=get_parameter_name)
@pytest.mark.parametrize("protocol", [Protocols.TLS13], ids=get_parameter_name)
@pytest.mark.parametrize("provider", CLIENT_PROVIDERS, ids=get_parameter_name)
@pytest.mark.parametrize("other_provider", [S2N], ids=get_parameter_name)
@pytest.mark.parametrize("excess_early_data", [1, 10, MAX_EARLY_DATA])
def test_s2n_server_with_early_data_max_exceeded(managed_process, tmp_path, cipher, curve, certificate, protocol,
provider, other_provider, excess_early_data):
ticket_file = str(tmp_path / TICKET_FILE)
early_data_file = str(tmp_path / EARLY_DATA_FILE)
early_data = get_early_data_bytes(
early_data_file, MAX_EARLY_DATA + excess_early_data)
options = ProviderOptions(
port=next(available_ports),
cipher=cipher,
curve=curve,
protocol=protocol,
insecure=True,
use_session_ticket=True,
data_to_send=DATA_TO_SEND,
)
options.ticket_file = ticket_file
options.early_data_file = early_data_file
options.max_early_data = MAX_EARLY_DATA + excess_early_data
get_ticket_from_s2n_server(options, managed_process, provider, certificate)
options.max_early_data = MAX_EARLY_DATA
client_options = copy.copy(options)
client_options.mode = Provider.ClientMode
server_options = copy.copy(options)
server_options.mode = Provider.ServerMode
s2n_server = managed_process(S2N, server_options, timeout=10)
client = managed_process(provider, client_options, timeout=10)
for results in client.get_results():
"""
We can't make any assertions about the client exit_code.
To avoid blinding delays, s2nd doesn't call s2n_shutdown for a failed negotiation.
That means that instead of sending close_notify, we just close the socket.
Whether the peer interprets this as a failure or EoF depends on its state.
"""
assert results.exception is None
assert DATA_TO_SEND not in results.stdout
for results in s2n_server.get_results():
assert results.exception is None
assert results.exit_code != 0
# Full early data should not be reported
assert early_data not in results.stdout
# Partial early data should be reported
assert (to_bytes(S2N_EARLY_DATA_RECV_MARKER) +
early_data[:MAX_EARLY_DATA]) in results.stdout
assert to_bytes("Bad message encountered") in results.stderr
|
