Add support for interoptest using mbedtls 3.5.1.

Also add a README with instructions how to use this tests. Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
eclipse-californium · Jan 17, 2024 · 501a690 · 501a690
1 parent 6052840
commit 501a690
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 6 deletions.
diff --git a/californium-tests/californium-interoperability-tests/README.md b/californium-tests/californium-interoperability-tests/README.md
@@ -0,0 +1,64 @@
+![Californium logo](../../cf_64.png)
+
+# Californium (Cf) - Interoperability Tests
+
+_Californium (Cf)_  is commonly used only on one side, e.g. as server or client, and an other implementation is used on the other side.
+
+These  _Californium (Cf) - Interoperability Tests_  are intended to ensure interoperability with [libcoap](https://github.com/obgm/libcoap) with `gnutls`, `openssl`, `mbedtls` and `tinydtls` DTLS 1.2 bindings.
+
+Additionally, [Mbed-TLS](https://github.com/Mbed-TLS/mbedtls), [openssl](https://github.com/openssl/openssl) and [tinydtls](https://github.com/eclipse/tinydtls) are tested for interoperability on their own.
+
+# Usage
+
+This _Interoperability Tests_  requires to have some binaries build and installed ahead.
+
+For [libcoap](https://github.com/obgm/libcoap) you will find some notes in [LibCoapProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/libcoap/LibCoapProcessUtil.java#L42-L87). The DTLS bindings requires also to install the DTLS libraries in order to build libcoap with that binding.
+
+For [openssl](https://github.com/openssl/openssl) some notes are in [OpenSslProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/openssl/OpenSslProcessUtil.java#L42-L61)
+
+For [Mbed-TLS](https://github.com/Mbed-TLS/mbedtls) some notes are in [MbedTlsProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java#L39-L58)
+
+For [tinydtls](https://github.com/eclipse/tinydtls) some notes are in [TinydtlsProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/tinydtls/TinydtlsProcessUtil.java#L28-L38)
+
+When the binaries a build and install in the "PATH", the tests are execute using
+
+```
+mvn test
+```
+
+This executes a common set of DTLS parameters. If you want more complete tests, use
+
+```
+mvn test -DINTENSIVE_TESTS=true
+```
+
+If you want to test the interoperability usingthe [Bouncy Castle JCE](https://github.com/bcgit/bc-java) use
+
+```
+mvn test -Pbc-tests
+```
+
+Both options may be used together.
+
+## Testing for randomly occurring failures
+
+DTLS 1.2 uses handshake with some random artifacts, e.g. ECDHE uses ephemeral EC keys. Especially encoding errors in that parts are hard to find. Using the []() makes it simpler to execute the test much more times in order to check, if such a random failure occurs.
+
+Californium comes for that case with the [RepeatingTestRunner](https://github.com/eclipse-californium/californium/blob/main/element-connector/src/test/java/org/eclipse/californium/elements/runner/RepeatingTestRunner.java) and the [ParameterizedRepeatingTestRunner](https://github.com/eclipse-californium/californium/blob/main/element-connector/src/test/java/org/eclipse/californium/elements/runner/ParameterizedRepeatingTestRunner.java). Using them requires to edit the interop-tests, which are intended to be run multiple times. 
+
+```
+ * @since 3.3
+ */
+@RunWith(RepeatingTestRunner.class)
+public class MbedTlsClientAuthenticationInteroperabilityTest {
+```
+
+Adding `@RunWith(RepeatingTestRunner.class)` marks the test for that.
+The default is 100 times and using 
+
+```
+mvn test -Dorg.eclipse.californium.elements.runner.TestRepeater.repeats=1000
+```
+
+enables to select an other number, here 1000.
+
diff --git a/...bility-tests/src/test/java/org/eclipse/californium/interoperability/test/ProcessUtil.java b/...bility-tests/src/test/java/org/eclipse/californium/interoperability/test/ProcessUtil.java
@@ -15,9 +15,11 @@
  ******************************************************************************/
 package org.eclipse.californium.interoperability.test;
 
+import static org.hamcrest.CoreMatchers.notNullValue;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assume.assumeNotNull;
+import static org.junit.Assume.assumeThat;
 import static org.junit.Assume.assumeTrue;
 
 import java.io.IOException;
@@ -296,7 +298,7 @@ public int compareVersion(String version) {
 		if (versionResult == null) {
 			getToolVersion(TIMEOUT_MILLIS);
 		}
-		assumeNotNull(this.version);
+		assumeThat("version not available!", version, notNullValue());
 		return compareVersion(this.version, version);
 	}
 

diff --git a/...c/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java b/...c/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java
@@ -21,9 +21,10 @@
 import static org.eclipse.californium.interoperability.test.CredentialslUtil.SERVER_CERTIFICATE;
 import static org.eclipse.californium.interoperability.test.CredentialslUtil.SERVER_CA_RSA_CERTIFICATE;
 import static org.eclipse.californium.interoperability.test.CredentialslUtil.TRUSTSTORE;
+import static org.hamcrest.CoreMatchers.notNullValue;
 import static org.eclipse.californium.interoperability.test.CredentialslUtil.OPENSSL_PSK_IDENTITY;
 import static org.eclipse.californium.interoperability.test.CredentialslUtil.OPENSSL_PSK_SECRET;
-import static org.junit.Assume.assumeNotNull;
+import static org.junit.Assume.assumeThat;
 import static org.junit.Assume.assumeTrue;
 
 import java.io.IOException;
@@ -77,8 +78,33 @@ public enum AuthenticationMode {
 
 	public static final String DEFAULT_CURVES = "x25519,secp256r1";
 
+	/**
+	 * Option for {@code curves} (or {@code groups}) used by the mbedtls
+	 * programs up to version 3.4.1.
+	 * 
+	 * @since 3.11
+	 */
+	private static final String DEPRECATED_CURVES_OPTION = "curves";
+
+	/**
+	 * Option for {@code curves} (or {@code groups}) used by the mbedtls
+	 * programs since version 3.5.0.
+	 * 
+	 * @since 3.11
+	 */
+	private static final String NEW_CURVES_OPTION = "groups";
+
 	private String verboseLevel = DEFAULT_VERBOSE_LEVEL;
 
+	/**
+	 * Option for {@code curves} (or {@code groups}).
+	 * 
+	 * Depends on version of mbedtls.
+	 * 
+	 * @since 3.11
+	 */
+	private String curvesOption = "curves";
+
 	/**
 	 * Create instance.
 	 */
@@ -108,10 +134,11 @@ public ProcessResult getToolVersion(long timeMillis) {
 			try {
 				execute("mbedtls_ssl_client2", "build_version=1");
 				versionResult = waitResult(timeMillis);
-				assumeNotNull(versionResult);
-				Matcher matcher = versionResult.match("mbed TLS (\\S+) ");
-				assumeNotNull(matcher);
+				assumeThat("reading version failed!", versionResult, notNullValue());
+				Matcher matcher = versionResult.match("[mM]bed TLS (\\S+) ");
+				assumeThat("extracting version failed!", versionResult, notNullValue());
 				version = matcher.group(1);
+				curvesOption = (compareVersion("3.5.0") >= 0) ? NEW_CURVES_OPTION : DEPRECATED_CURVES_OPTION;
 			} catch (InterruptedException ex) {
 				return null;
 			} catch (IOException ex) {
@@ -190,7 +217,7 @@ public String startupServer(String accept, int port, MbedTlsProcessUtil.Authenti
 
 	public void add(List<String> args, String curves) throws IOException, InterruptedException {
 		if (curves != null) {
-			args.add("curves=" + curves);
+			args.add(curvesOption + "=" + curves);
 		}
 	}