From 501a6902c84faf1b54219d049fb82d28c303a022 Mon Sep 17 00:00:00 2001 From: Achim Kraus Date: Tue, 16 Jan 2024 12:02:29 +0100 Subject: [PATCH] Add support for interoptest using mbedtls 3.5.1. Also add a README with instructions how to use this tests. Signed-off-by: Achim Kraus --- .../README.md | 64 +++++++++++++++++++ .../interoperability/test/ProcessUtil.java | 4 +- .../test/mbedtls/MbedTlsProcessUtil.java | 37 +++++++++-- 3 files changed, 99 insertions(+), 6 deletions(-) create mode 100644 californium-tests/californium-interoperability-tests/README.md diff --git a/californium-tests/californium-interoperability-tests/README.md b/californium-tests/californium-interoperability-tests/README.md new file mode 100644 index 0000000000..5b49f00cf3 --- /dev/null +++ b/californium-tests/californium-interoperability-tests/README.md @@ -0,0 +1,64 @@ +![Californium logo](../../cf_64.png) + +# Californium (Cf) - Interoperability Tests + +_Californium (Cf)_ is commonly used only on one side, e.g. as server or client, and an other implementation is used on the other side. + +These _Californium (Cf) - Interoperability Tests_ are intended to ensure interoperability with [libcoap](https://github.com/obgm/libcoap) with `gnutls`, `openssl`, `mbedtls` and `tinydtls` DTLS 1.2 bindings. + +Additionally, [Mbed-TLS](https://github.com/Mbed-TLS/mbedtls), [openssl](https://github.com/openssl/openssl) and [tinydtls](https://github.com/eclipse/tinydtls) are tested for interoperability on their own. + +# Usage + +This _Interoperability Tests_ requires to have some binaries build and installed ahead. + +For [libcoap](https://github.com/obgm/libcoap) you will find some notes in [LibCoapProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/libcoap/LibCoapProcessUtil.java#L42-L87). The DTLS bindings requires also to install the DTLS libraries in order to build libcoap with that binding. + +For [openssl](https://github.com/openssl/openssl) some notes are in [OpenSslProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/openssl/OpenSslProcessUtil.java#L42-L61) + +For [Mbed-TLS](https://github.com/Mbed-TLS/mbedtls) some notes are in [MbedTlsProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java#L39-L58) + +For [tinydtls](https://github.com/eclipse/tinydtls) some notes are in [TinydtlsProcessUtil](src/test/java/org/eclipse/californium/interoperability/test/tinydtls/TinydtlsProcessUtil.java#L28-L38) + +When the binaries a build and install in the "PATH", the tests are execute using + +``` +mvn test +``` + +This executes a common set of DTLS parameters. If you want more complete tests, use + +``` +mvn test -DINTENSIVE_TESTS=true +``` + +If you want to test the interoperability usingthe [Bouncy Castle JCE](https://github.com/bcgit/bc-java) use + +``` +mvn test -Pbc-tests +``` + +Both options may be used together. + +## Testing for randomly occurring failures + +DTLS 1.2 uses handshake with some random artifacts, e.g. ECDHE uses ephemeral EC keys. Especially encoding errors in that parts are hard to find. Using the []() makes it simpler to execute the test much more times in order to check, if such a random failure occurs. + +Californium comes for that case with the [RepeatingTestRunner](https://github.com/eclipse-californium/californium/blob/main/element-connector/src/test/java/org/eclipse/californium/elements/runner/RepeatingTestRunner.java) and the [ParameterizedRepeatingTestRunner](https://github.com/eclipse-californium/californium/blob/main/element-connector/src/test/java/org/eclipse/californium/elements/runner/ParameterizedRepeatingTestRunner.java). Using them requires to edit the interop-tests, which are intended to be run multiple times. + +``` + * @since 3.3 + */ +@RunWith(RepeatingTestRunner.class) +public class MbedTlsClientAuthenticationInteroperabilityTest { +``` + +Adding `@RunWith(RepeatingTestRunner.class)` marks the test for that. +The default is 100 times and using + +``` +mvn test -Dorg.eclipse.californium.elements.runner.TestRepeater.repeats=1000 +``` + +enables to select an other number, here 1000. + diff --git a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/ProcessUtil.java b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/ProcessUtil.java index 8609c06abc..81d5f4d1ee 100644 --- a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/ProcessUtil.java +++ b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/ProcessUtil.java @@ -15,9 +15,11 @@ ******************************************************************************/ package org.eclipse.californium.interoperability.test; +import static org.hamcrest.CoreMatchers.notNullValue; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assume.assumeNotNull; +import static org.junit.Assume.assumeThat; import static org.junit.Assume.assumeTrue; import java.io.IOException; @@ -296,7 +298,7 @@ public int compareVersion(String version) { if (versionResult == null) { getToolVersion(TIMEOUT_MILLIS); } - assumeNotNull(this.version); + assumeThat("version not available!", version, notNullValue()); return compareVersion(this.version, version); } diff --git a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java index 240dedc22a..b2fd736d33 100644 --- a/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java +++ b/californium-tests/californium-interoperability-tests/src/test/java/org/eclipse/californium/interoperability/test/mbedtls/MbedTlsProcessUtil.java @@ -21,9 +21,10 @@ import static org.eclipse.californium.interoperability.test.CredentialslUtil.SERVER_CERTIFICATE; import static org.eclipse.californium.interoperability.test.CredentialslUtil.SERVER_CA_RSA_CERTIFICATE; import static org.eclipse.californium.interoperability.test.CredentialslUtil.TRUSTSTORE; +import static org.hamcrest.CoreMatchers.notNullValue; import static org.eclipse.californium.interoperability.test.CredentialslUtil.OPENSSL_PSK_IDENTITY; import static org.eclipse.californium.interoperability.test.CredentialslUtil.OPENSSL_PSK_SECRET; -import static org.junit.Assume.assumeNotNull; +import static org.junit.Assume.assumeThat; import static org.junit.Assume.assumeTrue; import java.io.IOException; @@ -77,8 +78,33 @@ public enum AuthenticationMode { public static final String DEFAULT_CURVES = "x25519,secp256r1"; + /** + * Option for {@code curves} (or {@code groups}) used by the mbedtls + * programs up to version 3.4.1. + * + * @since 3.11 + */ + private static final String DEPRECATED_CURVES_OPTION = "curves"; + + /** + * Option for {@code curves} (or {@code groups}) used by the mbedtls + * programs since version 3.5.0. + * + * @since 3.11 + */ + private static final String NEW_CURVES_OPTION = "groups"; + private String verboseLevel = DEFAULT_VERBOSE_LEVEL; + /** + * Option for {@code curves} (or {@code groups}). + * + * Depends on version of mbedtls. + * + * @since 3.11 + */ + private String curvesOption = "curves"; + /** * Create instance. */ @@ -108,10 +134,11 @@ public ProcessResult getToolVersion(long timeMillis) { try { execute("mbedtls_ssl_client2", "build_version=1"); versionResult = waitResult(timeMillis); - assumeNotNull(versionResult); - Matcher matcher = versionResult.match("mbed TLS (\\S+) "); - assumeNotNull(matcher); + assumeThat("reading version failed!", versionResult, notNullValue()); + Matcher matcher = versionResult.match("[mM]bed TLS (\\S+) "); + assumeThat("extracting version failed!", versionResult, notNullValue()); version = matcher.group(1); + curvesOption = (compareVersion("3.5.0") >= 0) ? NEW_CURVES_OPTION : DEPRECATED_CURVES_OPTION; } catch (InterruptedException ex) { return null; } catch (IOException ex) { @@ -190,7 +217,7 @@ public String startupServer(String accept, int port, MbedTlsProcessUtil.Authenti public void add(List args, String curves) throws IOException, InterruptedException { if (curves != null) { - args.add("curves=" + curves); + args.add(curvesOption + "=" + curves); } }