diff --git a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsClientInteroperabilityTest.java b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsClientInteroperabilityTest.java index b8659eebbb..2fd267ea90 100644 --- a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsClientInteroperabilityTest.java +++ b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsClientInteroperabilityTest.java @@ -18,19 +18,27 @@ import static org.eclipse.californium.interoperability.test.ConnectorUtil.HANDSHAKE_TIMEOUT_MILLIS; import static org.eclipse.californium.interoperability.test.ProcessUtil.TIMEOUT_MILLIS; import static org.eclipse.californium.interoperability.test.mbedtls.MbedTlsProcessUtil.AuthenticationMode.CHAIN; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; +import org.eclipse.californium.elements.DtlsEndpointContext; +import org.eclipse.californium.elements.EndpointContext; import org.eclipse.californium.elements.config.Configuration; import org.eclipse.californium.elements.rule.TestNameLoggerRule; +import org.eclipse.californium.elements.util.Bytes; import org.eclipse.californium.interoperability.test.ConnectorUtil; import org.eclipse.californium.interoperability.test.ScandiumUtil; import org.eclipse.californium.interoperability.test.ShutdownUtil; import org.eclipse.californium.scandium.config.DtlsConfig; import org.eclipse.californium.scandium.config.DtlsConnectorConfig; +import org.eclipse.californium.scandium.dtls.ConnectionId; import org.eclipse.californium.scandium.dtls.cipher.CipherSuite; import org.eclipse.californium.scandium.dtls.cipher.CipherSuite.CertificateKeyAlgorithm; import org.junit.After; @@ -120,11 +128,11 @@ public void testMbedTlsClient() throws Exception { /** * Establish a "connection" and send a message to the server and back to the - * client. + * client. Enables to use multiple handshake messages per record. */ @Test public void testMbedTlsClientMultiFragments() throws Exception { - processUtil.setTag("mbedtls-client, multifragments per record, " + cipherSuite.name()); + processUtil.setTag("mbedtls-client, multiple handshake messages per record, " + cipherSuite.name()); DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder(new Configuration()) .set(DtlsConfig.DTLS_USE_MULTI_HANDSHAKE_MESSAGE_RECORDS, true); if (cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA) { @@ -145,4 +153,39 @@ public void testMbedTlsClientMultiFragments() throws Exception { processUtil.stop(TIMEOUT_MILLIS); } + + /** + * Establish a "connection" and send a message to the server and back to the + * client. Use DTLS 1.2 CID. + */ + @Test + public void testMbedTlsClientCid() throws Exception { + Bytes cid = new ConnectionId(new byte[] { 0, 1, 2, 3 }); + processUtil.setTag("mbedtls-client, cid, " + cipherSuite.name()); + processUtil.addExtraArgs("cid=1", "cid_val=" + cid.getAsString()); + if (cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA) { + scandiumUtil.loadCredentials(ConnectorUtil.SERVER_RSA_NAME); + } + scandiumUtil.start(BIND, null, cipherSuite); + + String cipher = processUtil.startupClient(DESTINATION, ScandiumUtil.PORT, CHAIN, cipherSuite); + assertTrue(processUtil.waitConsole("Ciphersuite is " + cipher, HANDSHAKE_TIMEOUT_MILLIS)); + + String message = "Hello Scandium!"; + + // Mbed TLS client sends a HTTP GET request, even in DTLS mode + scandiumUtil.assertContainsReceivedData("GET / HTTP/1.0", TIMEOUT_MILLIS); + scandiumUtil.response("ACK-" + message, TIMEOUT_MILLIS); + + assertTrue("mbedTls is missing ACK!", processUtil.waitConsole("ACK-" + message, TIMEOUT_MILLIS)); + + EndpointContext context = scandiumUtil.getContext(TIMEOUT_MILLIS); + Bytes bytes = context.get(DtlsEndpointContext.KEY_READ_CONNECTION_ID); + assertNotNull("Missing read CID", bytes); + assertFalse("Empyt read CID", bytes.isEmpty()); + bytes = context.get(DtlsEndpointContext.KEY_WRITE_CONNECTION_ID); + assertThat("Write CID", bytes, is(cid)); + + processUtil.stop(TIMEOUT_MILLIS); + } } diff --git a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java index b2fd736d33..da31ed8b69 100644 --- a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java +++ b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java @@ -163,8 +163,6 @@ public String startupClient(String destination, int port, MbedTlsProcessUtil.Aut String mbedTlsCiphers = MbedTlsUtil.getMbedTlsCipherSuites(cipherSuite); args.addAll(Arrays.asList("mbedtls_ssl_client2", "dtls=1", "debug_level=" + verboseLevel, "server_addr=" + destination, "server_port=" + port, "force_ciphersuite=" + mbedTlsCiphers)); - args.add("cid=1"); - args.add("cid_val=1234"); if (cipherSuite.isPskBased()) { args.add("psk_identity=" + OPENSSL_PSK_IDENTITY); args.add("psk=" + StringUtil.byteArray2Hex(OPENSSL_PSK_SECRET)); diff --git a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsServerInteroperabilityTest.java b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsServerInteroperabilityTest.java index 41e262d690..c9a9b52376 100644 --- a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsServerInteroperabilityTest.java +++ b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsServerInteroperabilityTest.java @@ -20,19 +20,27 @@ import static org.eclipse.californium.interoperability.test.CredentialslUtil.SERVER_RSA_CERTIFICATE; import static org.eclipse.californium.interoperability.test.ProcessUtil.TIMEOUT_MILLIS; import static org.eclipse.californium.interoperability.test.mbedtls.MbedTlsProcessUtil.AuthenticationMode.CHAIN; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; +import org.eclipse.californium.elements.DtlsEndpointContext; +import org.eclipse.californium.elements.EndpointContext; import org.eclipse.californium.elements.config.Configuration; import org.eclipse.californium.elements.rule.TestNameLoggerRule; +import org.eclipse.californium.elements.util.Bytes; import org.eclipse.californium.interoperability.test.ScandiumUtil; import org.eclipse.californium.interoperability.test.ShutdownUtil; import org.eclipse.californium.scandium.config.DtlsConfig; import org.eclipse.californium.scandium.config.DtlsConfig.DtlsRole; import org.eclipse.californium.scandium.config.DtlsConnectorConfig; +import org.eclipse.californium.scandium.dtls.ConnectionId; import org.eclipse.californium.scandium.dtls.cipher.CipherSuite; import org.eclipse.californium.scandium.dtls.cipher.CipherSuite.CertificateKeyAlgorithm; import org.junit.After; @@ -122,9 +130,13 @@ public void testMbedTlsServer() throws Exception { processUtil.stop(200); } + /** + * Establish a "connection" and send a message to the server and back to the + * client. Enables to use multiple handshake messages per record. + */ @Test public void testMbedTlsServerMultiFragments() throws Exception { - processUtil.setTag("mbedtls-server, multifragments per record, " + cipherSuite.name()); + processUtil.setTag("mbedtls-server, multiple handshake messages per record, " + cipherSuite.name()); String certificate = cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA ? SERVER_RSA_CERTIFICATE : SERVER_CERTIFICATE; @@ -146,4 +158,40 @@ public void testMbedTlsServerMultiFragments() throws Exception { processUtil.stop(200); } + + /** + * Establish a "connection" and send a message to the server and back to the + * client. Use DTLS 1.2 CID. + */ + @Test + public void testMbedTlsServerCID() throws Exception { + Bytes cid = new ConnectionId(new byte[] { 0, 1, 2, 3 }); + processUtil.setTag("mbedtls-server, " + cipherSuite.name()); + processUtil.addExtraArgs("cid=1", "cid_val=" + cid.getAsString()); + String certificate = cipherSuite.getCertificateKeyAlgorithm() == CertificateKeyAlgorithm.RSA ? + SERVER_RSA_CERTIFICATE : SERVER_CERTIFICATE; + String cipher = processUtil.startupServer(ACCEPT, ScandiumUtil.PORT, CHAIN, certificate, null, cipherSuite); + + DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder(new Configuration()) + .set(DtlsConfig.DTLS_ROLE, DtlsRole.CLIENT_ONLY); + scandiumUtil.start(BIND, builder, null, cipherSuite); + + String message = "Hello MbedTLS!"; + scandiumUtil.send(message, DESTINATION, HANDSHAKE_TIMEOUT_MILLIS); + + assertTrue(processUtil.waitConsole("Ciphersuite is " + cipher, TIMEOUT_MILLIS)); + assertTrue(processUtil.waitConsole(message, TIMEOUT_MILLIS)); + + // Mbed TLS server responds with HTTP 200, even in DTLS mode + scandiumUtil.assertContainsReceivedData("HTTP/1.0 200 OK", TIMEOUT_MILLIS); + + EndpointContext context = scandiumUtil.getContext(TIMEOUT_MILLIS); + Bytes bytes = context.get(DtlsEndpointContext.KEY_READ_CONNECTION_ID); + assertNotNull("Missing read CID", bytes); + assertFalse("Empyt read CID", bytes.isEmpty()); + bytes = context.get(DtlsEndpointContext.KEY_WRITE_CONNECTION_ID); + assertThat("Write CID", bytes, is(cid)); + + processUtil.stop(200); + } }