Add CID to mbedtls server interoperability test.

Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
eclipse-californium · Jan 21, 2024 · 252c78a · 252c78a
1 parent b90f15c
commit 252c78a
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 5 deletions.
diff --git a/.../eclipse/californium/interoperability/test/mbedtls/MbedTlsClientInteroperabilityTest.java b/.../eclipse/californium/interoperability/test/mbedtls/MbedTlsClientInteroperabilityTest.java
@@ -18,19 +18,27 @@
 import static org.eclipse.californium.interoperability.test.ConnectorUtil.HANDSHAKE_TIMEOUT_MILLIS;
 import static org.eclipse.californium.interoperability.test.ProcessUtil.TIMEOUT_MILLIS;
 import static org.eclipse.californium.interoperability.test.mbedtls.MbedTlsProcessUtil.AuthenticationMode.CHAIN;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.CoreMatchers.is;
 import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 
+import org.eclipse.californium.elements.DtlsEndpointContext;
+import org.eclipse.californium.elements.EndpointContext;
 import org.eclipse.californium.elements.config.Configuration;
 import org.eclipse.californium.elements.rule.TestNameLoggerRule;
+import org.eclipse.californium.elements.util.Bytes;
 import org.eclipse.californium.interoperability.test.ConnectorUtil;
 import org.eclipse.californium.interoperability.test.ScandiumUtil;
 import org.eclipse.californium.interoperability.test.ShutdownUtil;
 import org.eclipse.californium.scandium.config.DtlsConfig;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
+import org.eclipse.californium.scandium.dtls.ConnectionId;
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite.CertificateKeyAlgorithm;
 import org.junit.After;
@@ -120,11 +128,11 @@ public void testMbedTlsClient() throws Exception {
 
 	/**
 	 * Establish a "connection" and send a message to the server and back to the
-	 * client.
+	 * client. Enables to use multiple handshake messages per record.
 	 */
 	@Test
 	public void testMbedTlsClientMultiFragments() throws Exception {
-		processUtil.setTag("mbedtls-client, multifragments per record, " + cipherSuite.name());
+		processUtil.setTag("mbedtls-client, multiple handshake messages per record, " + cipherSuite.name());
 		DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder(new Configuration())
 				.set(DtlsConfig.DTLS_USE_MULTI_HANDSHAKE_MESSAGE_RECORDS, true);
 		if (cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA) {
@@ -145,4 +153,39 @@ public void testMbedTlsClientMultiFragments() throws Exception {
 
 		processUtil.stop(TIMEOUT_MILLIS);
 	}
+
+	/**
+	 * Establish a "connection" and send a message to the server and back to the
+	 * client. Use DTLS 1.2 CID.
+	 */
+	@Test
+	public void testMbedTlsClientCid() throws Exception {
+		Bytes cid = new ConnectionId(new byte[] { 0, 1, 2, 3 });
+		processUtil.setTag("mbedtls-client, cid, " + cipherSuite.name());
+		processUtil.addExtraArgs("cid=1", "cid_val=" + cid.getAsString());
+		if (cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA) {
+			scandiumUtil.loadCredentials(ConnectorUtil.SERVER_RSA_NAME);
+		}
+		scandiumUtil.start(BIND, null, cipherSuite);
+
+		String cipher = processUtil.startupClient(DESTINATION, ScandiumUtil.PORT, CHAIN, cipherSuite);
+		assertTrue(processUtil.waitConsole("Ciphersuite is " + cipher, HANDSHAKE_TIMEOUT_MILLIS));
+
+		String message = "Hello Scandium!";
+
+		// Mbed TLS client sends a HTTP GET request, even in DTLS mode
+		scandiumUtil.assertContainsReceivedData("GET / HTTP/1.0", TIMEOUT_MILLIS);
+		scandiumUtil.response("ACK-" + message, TIMEOUT_MILLIS);
+
+		assertTrue("mbedTls is missing ACK!", processUtil.waitConsole("ACK-" + message, TIMEOUT_MILLIS));
+
+		EndpointContext context = scandiumUtil.getContext(TIMEOUT_MILLIS);
+		Bytes bytes = context.get(DtlsEndpointContext.KEY_READ_CONNECTION_ID);
+		assertNotNull("Missing read CID", bytes);
+		assertFalse("Empyt read CID", bytes.isEmpty());
+		bytes = context.get(DtlsEndpointContext.KEY_WRITE_CONNECTION_ID);
+		assertThat("Write CID", bytes, is(cid));
+
+		processUtil.stop(TIMEOUT_MILLIS);
+	}
 }
diff --git a/...c/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java b/...c/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java
@@ -163,8 +163,6 @@ public String startupClient(String destination, int port, MbedTlsProcessUtil.Aut
 		String mbedTlsCiphers = MbedTlsUtil.getMbedTlsCipherSuites(cipherSuite);
 		args.addAll(Arrays.asList("mbedtls_ssl_client2", "dtls=1", "debug_level=" + verboseLevel,
 				"server_addr=" + destination, "server_port=" + port, "force_ciphersuite=" + mbedTlsCiphers));
-		args.add("cid=1");
-		args.add("cid_val=1234");
 		if (cipherSuite.isPskBased()) {
 			args.add("psk_identity=" + OPENSSL_PSK_IDENTITY);
 			args.add("psk=" + StringUtil.byteArray2Hex(OPENSSL_PSK_SECRET));

diff --git a/.../eclipse/californium/interoperability/test/mbedtls/MbedTlsServerInteroperabilityTest.java b/.../eclipse/californium/interoperability/test/mbedtls/MbedTlsServerInteroperabilityTest.java
@@ -20,19 +20,27 @@
 import static org.eclipse.californium.interoperability.test.CredentialslUtil.SERVER_RSA_CERTIFICATE;
 import static org.eclipse.californium.interoperability.test.ProcessUtil.TIMEOUT_MILLIS;
 import static org.eclipse.californium.interoperability.test.mbedtls.MbedTlsProcessUtil.AuthenticationMode.CHAIN;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 
+import org.eclipse.californium.elements.DtlsEndpointContext;
+import org.eclipse.californium.elements.EndpointContext;
 import org.eclipse.californium.elements.config.Configuration;
 import org.eclipse.californium.elements.rule.TestNameLoggerRule;
+import org.eclipse.californium.elements.util.Bytes;
 import org.eclipse.californium.interoperability.test.ScandiumUtil;
 import org.eclipse.californium.interoperability.test.ShutdownUtil;
 import org.eclipse.californium.scandium.config.DtlsConfig;
 import org.eclipse.californium.scandium.config.DtlsConfig.DtlsRole;
 import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
+import org.eclipse.californium.scandium.dtls.ConnectionId;
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
 import org.eclipse.californium.scandium.dtls.cipher.CipherSuite.CertificateKeyAlgorithm;
 import org.junit.After;
@@ -122,9 +130,13 @@ public void testMbedTlsServer() throws Exception {
 		processUtil.stop(200);
 	}
 
+	/**
+	 * Establish a "connection" and send a message to the server and back to the
+	 * client. Enables to use multiple handshake messages per record.
+	 */
 	@Test
 	public void testMbedTlsServerMultiFragments() throws Exception {
-		processUtil.setTag("mbedtls-server, multifragments per record, " + cipherSuite.name());
+		processUtil.setTag("mbedtls-server,  multiple handshake messages per record, " + cipherSuite.name());
 
 		String certificate = cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA ?
 				SERVER_RSA_CERTIFICATE : SERVER_CERTIFICATE;
@@ -146,4 +158,40 @@ public void testMbedTlsServerMultiFragments() throws Exception {
 
 		processUtil.stop(200);
 	}
+
+	/**
+	 * Establish a "connection" and send a message to the server and back to the
+	 * client. Use DTLS 1.2 CID.
+	 */
+	@Test
+	public void testMbedTlsServerCID() throws Exception {
+		Bytes cid = new ConnectionId(new byte[] { 0, 1, 2, 3 });
+		processUtil.setTag("mbedtls-server, " + cipherSuite.name());
+		processUtil.addExtraArgs("cid=1", "cid_val=" + cid.getAsString());
+		String certificate = cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA ?
+				SERVER_RSA_CERTIFICATE : SERVER_CERTIFICATE;
+		String cipher = processUtil.startupServer(ACCEPT, ScandiumUtil.PORT, CHAIN, certificate, null, cipherSuite);
+
+		DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder(new Configuration())
+				.set(DtlsConfig.DTLS_ROLE, DtlsRole.CLIENT_ONLY);
+		scandiumUtil.start(BIND, builder, null, cipherSuite);
+
+		String message = "Hello MbedTLS!";
+		scandiumUtil.send(message, DESTINATION, HANDSHAKE_TIMEOUT_MILLIS);
+
+		assertTrue(processUtil.waitConsole("Ciphersuite is " + cipher, TIMEOUT_MILLIS));
+		assertTrue(processUtil.waitConsole(message, TIMEOUT_MILLIS));
+
+		// Mbed TLS server responds with HTTP 200, even in DTLS mode
+		scandiumUtil.assertContainsReceivedData("HTTP/1.0 200 OK", TIMEOUT_MILLIS);
+
+		EndpointContext context = scandiumUtil.getContext(TIMEOUT_MILLIS);
+		Bytes bytes = context.get(DtlsEndpointContext.KEY_READ_CONNECTION_ID);
+		assertNotNull("Missing read CID", bytes);
+		assertFalse("Empyt read CID", bytes.isEmpty());
+		bytes = context.get(DtlsEndpointContext.KEY_WRITE_CONNECTION_ID);
+		assertThat("Write CID", bytes, is(cid));
+
+		processUtil.stop(200);
+	}
 }