28#include <gmock/gmock.h>
36#if !defined(USE_TLS_AUTH) && !defined(USE_TLS_CRYPT)
39#define USE_TLS_CRYPT_V2
47#define PROTO_CIPHER "BF-CBC"
48#define TLS_VER_MIN TLSVersion::UNDEF
49#define HANDSHAKE_WINDOW 60
50#define BECOME_PRIMARY_CLIENT 5
51#define BECOME_PRIMARY_SERVER 5
52#define TLS_TIMEOUT_CLIENT 1000
53#define TLS_TIMEOUT_SERVER 1000
56#define PROTO_CIPHER "BF-CBC"
57#define TLS_VER_MIN TLSVersion::UNDEF
58#define HANDSHAKE_WINDOW 10
59#define BECOME_PRIMARY_CLIENT 10
60#define BECOME_PRIMARY_SERVER 10
61#define TLS_TIMEOUT_CLIENT 2000
62#define TLS_TIMEOUT_SERVER 1000
65#define PROTO_CIPHER "BF-CBC"
66#define TLS_VER_MIN TLSVersion::UNDEF
67#define HANDSHAKE_WINDOW 60
68#define BECOME_PRIMARY_CLIENT 60
69#define BECOME_PRIMARY_SERVER 10
70#define TLS_TIMEOUT_CLIENT 2000
71#define TLS_TIMEOUT_SERVER 1000
74#error unknown BF value
78#ifndef TLS_TIMEOUT_CLIENT
79#define TLS_TIMEOUT_CLIENT 2000
81#ifndef TLS_TIMEOUT_SERVER
82#define TLS_TIMEOUT_SERVER 2000
88#define SIMULATE_DROPPED
89#define SIMULATE_CORRUPTED
94#define RENEG PROTO_RENEG
108#define ITER PROTO_ITER
115#define SITER PROTO_SITER
131#if !defined(PROTO_VERBOSE) && !defined(QUIET) && ITER <= 10000
135#define STRINGIZE1(x) #x
136#define STRINGIZE(x) STRINGIZE1(x)
141#define PROTO_CIPHER "AES-256-GCM"
142#define TLS_VER_MIN TLSVersion::Type::V1_2
144#define PROTO_CIPHER "AES-128-CBC"
145#define TLS_VER_MIN TLSVersion::Type::UNDEF
151#define PROTO_DIGEST "SHA1"
157#define COMP_METH CompressContext::LZ4v2
159#define COMP_METH CompressContext::COMP_STUBv2
162#define COMP_METH CompressContext::LZO_STUB
176#ifdef USE_MBEDTLS_APPLE_HYBRID
180#if !(defined(USE_OPENSSL) || defined(USE_MBEDTLS) || defined(USE_APPLE_SSL))
181#error Must define one or more of USE_OPENSSL, USE_MBEDTLS, USE_APPLE_SSL.
184#if defined(USE_OPENSSL) && (defined(USE_MBEDTLS) || defined(USE_APPLE_SSL))
186#define USE_OPENSSL_SERVER
187#elif !defined(USE_OPENSSL) && defined(USE_MBEDTLS)
188#define USE_MBEDTLS_SERVER
189#elif defined(USE_OPENSSL) && !defined(USE_MBEDTLS)
190#define USE_OPENSSL_SERVER
192#error no server setup
195#if defined(USE_OPENSSL) || defined(USE_OPENSSL_SERVER)
201#if defined(USE_APPLE_SSL) || defined(USE_MBEDTLS_APPLE_HYBRID)
207#if defined(USE_MBEDTLS) || defined(USE_MBEDTLS_SERVER)
211#include <mbedtls/debug.h>
219#ifdef USE_MBEDTLS_SERVER
223#elif defined(USE_OPENSSL_SERVER)
228#error No server SSL implementation defined
233#if defined(USE_MBEDTLS_APPLE_HYBRID)
240#elif defined(USE_APPLE_SSL)
244#elif defined(USE_OPENSSL)
249#error No client SSL implementation defined
252const char message[] =
"Message _->_ 0000000000 It was a bright cold day in April, and the clocks\n"
253 "were striking thirteen. Winston Smith, his chin nuzzled\n"
254 "into his breast in an effort to escape the vile wind,\n"
255 "slipped quickly through the glass doors of Victory\n"
256 "Mansions, though not quickly enough to prevent a\n"
257 "swirl of gritty dust from entering along with him.\n"
259 "It was a bright cold day in April, and the clocks\n"
260 "were striking thirteen. Winston Smith, his chin nuzzled\n"
261 "into his breast in an effort to escape the vile wind,\n"
262 "slipped quickly through the glass doors of Victory\n"
263 "Mansions, though not quickly enough to prevent a\n"
264 "swirl of gritty dust from entering along with him.\n"
265 "It was a bright cold day in April, and the clocks\n"
266 "were striking thirteen. Winston Smith, his chin nuzzled\n"
267 "into his breast in an effort to escape the vile wind,\n"
268 "slipped quickly through the glass doors of Victory\n"
269 "Mansions, though not quickly enough to prevent a\n"
270 "swirl of gritty dust from entering along with him.\n"
271 "It was a bright cold day in April, and the clocks\n"
272 "were striking thirteen. Winston Smith, his chin nuzzled\n"
273 "into his breast in an effort to escape the vile wind,\n"
274 "slipped quickly through the glass doors of Victory\n"
275 "Mansions, though not quickly enough to prevent a\n"
276 "swirl of gritty dust from entering along with him.\n"
277 "It was a bright cold day in April, and the clocks\n"
278 "were striking thirteen. Winston Smith, his chin nuzzled\n"
279 "into his breast in an effort to escape the vile wind,\n"
280 "slipped quickly through the glass doors of Victory\n"
281 "Mansions, though not quickly enough to prevent a\n"
282 "swirl of gritty dust from entering along with him.\n"
307#if defined(VERBOSE) || defined(DROUGHT_LIMIT)
311 std::cout <<
"*** Drought " <<
name <<
" has reached " << r <<
"\n";
314 if (r > DROUGHT_LIMIT)
315 throw drought_limit_exceeded();
375 const size_t msglen = std::strlen(
msg) + 1;
385 const size_t msglen = std::strlen(
msg) + 1;
393 if (
bool(iteration++ & 1) == is_server())
430 bp->write((
unsigned char *)str, std::strlen(str));
516 std::cerr <<
"no CONTROL_WKC_V1 packet was emitted by the client\n";
523 std::cerr <<
"CONTROL_WKC_V1 packet too large: " << size
524 <<
" > " << max_size <<
'\n';
551 if (
work->size() >= 23)
556 const ssize_t trunc = 64;
557 const std::string show((
char *)
work->data(), trunc);
558 std::cout << now().raw() <<
" " << mode().str() <<
" " << show <<
"\n";
577 char *
msg = (
char *)buf->data();
590 for (
int i = 22; i >= 13; i--)
609 size_t iteration = 0;
629 const std::string username(
"foo");
630 const std::string password(
"bar");
657 const std::string &peer_info,
661 std::cout <<
"**** AUTHENTICATE " << username <<
'/' << password <<
" PEER INFO:\n";
662 std::cout << peer_info;
664 if (username !=
"foo" || password !=
"bar")
677 const unsigned int reorder_prob_arg,
678 const unsigned int drop_prob_arg,
679 const unsigned int corrupt_prob_arg)
691 template <
typename T1,
typename T2>
695 a.check_invalidated();
696 b.check_invalidated();
699 if (a.do_housekeeping())
702 std::cout << now->raw() <<
" " <<
title <<
" Housekeeping\n";
710 if (a.proto_context.data_channel_ready())
712 BufferPtr bp = a.data_encrypt_string(
"Waiting for godot A... Waiting for godot B... Waiting for godot C... Waiting for godot D... Waiting for godot E... Waiting for godot F... Waiting for godot G... Waiting for godot H... Waiting for godot I... Waiting for godot J...");
717 while (!a.net_out.empty())
721 std::cout << now->raw() <<
" " <<
title <<
" " << a.dump_packet(*bp) <<
"\n";
723 a.net_out.pop_front();
737 if (!b.control_net_validate(pt, *bp))
738 std::cout << now->raw() <<
" " <<
title <<
" CONTROL PACKET VALIDATION FAILED\n";
740 b.proto_context.control_net_recv(pt, std::move(bp));
746 b.data_decrypt(pt, *bp);
750 const std::string show((
char *)bp->data(), std::min(bp->size(),
size_t(40)));
751 std::cout << now->raw() <<
" " <<
title <<
" DATA CHANNEL DECRYPT: " << show <<
"\n";
755 catch ([[maybe_unused]]
const std::exception &e)
758 std::cout << now->raw() <<
" " <<
title <<
" Exception on data channel decrypt: " << e.what() <<
"\n";
765 std::cout << now->raw() <<
" " <<
title <<
" KEY_STATE_ERROR\n";
770#ifdef SIMULATE_UDP_AMPLIFY_ATTACK
771 if (b.proto_context.is_state_client_wait_reset_ack())
775 std::cout << now->raw() <<
" " <<
title <<
" SIMULATE_UDP_AMPLIFY_ATTACK disable client xmit\n";
780 b.proto_context.flush(
true);
792 std::cout << now->raw() <<
" " <<
title <<
" Simulating packet reordering " << i <<
" -> 0\n";
804 std::cout << now->raw() <<
" " <<
title <<
" Received packet, size=" << bp->size() <<
"\n";
807#ifdef SIMULATE_DROPPED
812 std::cout << now->raw() <<
" " <<
title <<
" Simulating a dropped packet\n";
818#ifdef SIMULATE_CORRUPTED
823 std::cout << now->raw() <<
" " <<
title <<
" Simulating a corrupted packet\n";
826 const unsigned char value =
random.
randrange(std::numeric_limits<unsigned char>::max());
836 unsigned int rand(
const unsigned int prob)
864 void error(
const size_t err_type,
const std::string *text =
nullptr)
override
897 const std::string client_crt =
read_text(TEST_KEYCERT_DIR
"client.crt");
898 const std::string client_key =
read_text(TEST_KEYCERT_DIR
"client.key");
899 const std::string ca_crt =
read_text(TEST_KEYCERT_DIR
"ca.crt");
902 ClientSSLAPI::Config::Ptr cc(
new ClientSSLAPI::Config());
904 cc->set_frame(frame);
907 cc->load_identity(
"etest");
909 cc->load_ca(ca_crt,
true);
910 cc->load_cert(client_crt);
911 cc->load_private_key(client_key);
913 if (tls_version_mismatch)
914 cc->set_tls_version_max(TLSVersion::Type::V1_2);
918 cc->set_debug_level(1);
926 const std::string tls_auth_key =
read_text(TEST_KEYCERT_DIR
"tls-auth.key");
927 const std::string tls_crypt_v2_client_key = tls_crypt_v2_key_fn.empty()
928 ?
read_text(TEST_KEYCERT_DIR
"tls-crypt-v2-client.key")
929 :
read_text(TEST_KEYCERT_DIR + tls_crypt_v2_key_fn);
933 ClientProtoContext::ProtoConfig::Ptr cp(
new ClientProtoContext::ProtoConfig);
934 cp->ssl_factory = cc->new_factory();
935 CryptoAlgs::allow_default_dc_algs<ClientCryptoAPI>(cp->ssl_factory->libctx(),
false,
false);
938 cp->frame = std::move(frame);
945 cp->enable_op32 =
true;
946 cp->remote_peer_id = 100;
954 cp->tls_auth_key.parse(tls_auth_key);
956 cp->key_direction = 0;
960 cp->tls_crypt_key.parse(tls_auth_key);
961 cp->set_tls_crypt_algs();
962 cp->tls_crypt_ = ProtoContext::ProtoConfig::TLSCrypt::V1;
964#ifdef USE_TLS_CRYPT_V2
966 cp->set_tls_crypt_algs();
969 tls_crypt_v2_key.
parse(tls_crypt_v2_client_key);
973 cp->tls_crypt_ = ProtoContext::ProtoConfig::TLSCrypt::V2;
975#ifdef HANDSHAKE_WINDOW
976 cp->handshake_window = Time::Duration::seconds(HANDSHAKE_WINDOW);
978 cp->handshake_window = Time::Duration::seconds(30);
980 cp->handshake_window = Time::Duration::seconds(18);
982#ifdef BECOME_PRIMARY_CLIENT
983 cp->become_primary = Time::Duration::seconds(BECOME_PRIMARY_CLIENT);
985 cp->become_primary = cp->handshake_window;
988#ifdef CLIENT_NO_RENEG
991 cp->renegotiate = Time::Duration::seconds(
RENEG);
993 cp->expire = cp->renegotiate + cp->renegotiate;
994 cp->keepalive_ping = Time::Duration::seconds(5);
995 cp->keepalive_timeout = Time::Duration::seconds(60);
996 cp->keepalive_timeout_early = cp->keepalive_timeout;
999 std::cout <<
"CLIENT OPTIONS: " << cp->options_string() <<
"\n";
1000 std::cout <<
"CLIENT PEER INFO:\n";
1001 std::cout << cp->peer_info_string();
1032 ClientRandomAPI::Ptr prng_cli(
new ClientRandomAPI());
1033 ServerRandomAPI::Ptr prng_serv(
new ServerRandomAPI());
1038 const Time::Duration time_step = Time::Duration::binary_ms(100);
1041 const std::string ca_crt =
read_text(TEST_KEYCERT_DIR
"ca.crt");
1042 const std::string server_crt =
read_text(TEST_KEYCERT_DIR
"server.crt");
1043 const std::string server_key =
read_text(TEST_KEYCERT_DIR
"server.key");
1044 const std::string dh_pem =
read_text(TEST_KEYCERT_DIR
"dh.pem");
1045 const std::string tls_auth_key =
read_text(TEST_KEYCERT_DIR
"tls-auth.key");
1047 ?
read_text(TEST_KEYCERT_DIR
"tls-crypt-v2-server.key")
1056 cp->dc.set_key_derivation(CryptoAlgs::KeyDerivation::TLS_EKM);
1063 ServerSSLAPI::Config::Ptr sc(
new ClientSSLAPI::Config());
1065 sc->set_frame(frame);
1066 sc->set_rng(prng_serv);
1067 sc->load_ca(ca_crt,
true);
1068 sc->load_cert(server_crt);
1069 sc->load_private_key(server_key);
1070 sc->load_dh(dh_pem);
1073 sc->set_debug_level(1);
1078 ServerProtoContext::ProtoConfig::Ptr sp(
new ServerProtoContext::ProtoConfig);
1079 sp->ssl_factory = sc->new_factory();
1084 sp->rng = prng_serv;
1085 sp->prng = prng_serv;
1089 sp->enable_op32 =
true;
1090 sp->remote_peer_id = 101;
1096 sp->dc.set_key_derivation(CryptoAlgs::KeyDerivation::TLS_EKM);
1099 sp->tls_auth_key.parse(tls_auth_key);
1101 sp->key_direction = 1;
1105 sp->tls_crypt_key.parse(tls_auth_key);
1106 sp->set_tls_crypt_algs();
1107 cp->tls_crypt_ = ProtoContext::ProtoConfig::TLSCrypt::V1;
1109#ifdef USE_TLS_CRYPT_V2
1115 tls_crypt_v2_key.
parse(tls_crypt_v2_server_key);
1119 sp->set_tls_crypt_algs();
1121 sp->tls_crypt_ = ProtoContext::ProtoConfig::TLSCrypt::V2;
1123 sp->tls_crypt_v2_serverkey_dir = TEST_KEYCERT_DIR;
1128 sp->tls_auth_key.parse(tls_auth_key);
1130 sp->key_direction = 1;
1133#ifdef HANDSHAKE_WINDOW
1134 sp->handshake_window = Time::Duration::seconds(HANDSHAKE_WINDOW);
1136 sp->handshake_window = Time::Duration::seconds(30);
1138 sp->handshake_window = Time::Duration::seconds(17) + Time::Duration::binary_ms(512);
1140#ifdef BECOME_PRIMARY_SERVER
1141 sp->become_primary = Time::Duration::seconds(BECOME_PRIMARY_SERVER);
1143 sp->become_primary = sp->handshake_window;
1146#ifdef SERVER_NO_RENEG
1155 sp->renegotiate = Time::Duration::seconds(
RENEG) + sp->handshake_window;
1157 sp->expire = sp->renegotiate + sp->renegotiate;
1158 sp->keepalive_ping = Time::Duration::seconds(5);
1159 sp->keepalive_timeout = Time::Duration::seconds(60);
1160 sp->keepalive_timeout_early = Time::Duration::seconds(10);
1163 std::cout <<
"SERVER OPTIONS: " << sp->options_string() <<
"\n";
1164 std::cout <<
"SERVER PEER INFO:\n";
1165 std::cout << sp->peer_info_string();
1171 for (
int i = 0; i <
SITER; ++i)
1174 std::cout <<
"***** SITER " << i <<
"\n";
1179 NoisyWire client_to_server(
"Client -> Server", &time, rng_noncrypto, 8, 16, 32);
1180 NoisyWire server_to_client(
"Server -> Client", &time, rng_noncrypto, 8, 16, 32);
1205 for (
int k = 0; k < 60; ++k)
1207 client_to_server.
xfer(cli_proto, serv_proto);
1208 server_to_client.
xfer(serv_proto, cli_proto);
1221 std::cerr <<
"control packet exceeded mssfix_ctrl: "
1230 for (j = 0; j <
ITER; ++j)
1232 client_to_server.
xfer(cli_proto, serv_proto);
1233 server_to_client.
xfer(serv_proto, cli_proto);
1237 catch (
const std::exception &e)
1239 std::cerr <<
"Exception[" << i <<
'/' << j <<
"]: " << e.what() <<
'\n';
1251 std::cerr <<
"*** app bytes=" << ab
1252 <<
" net_bytes=" << nb
1253 <<
" data_bytes=" << db
1265 std::cerr <<
"-------- CLIENT STATS --------\n";
1267 std::cerr <<
"-------- SERVER STATS --------\n";
1270#ifdef OPENVPN_MAX_DATALIMIT_BYTES
1271 std::cerr <<
"------------------------------\n";
1272 std::cerr <<
"MAX_DATALIMIT_BYTES=" << DataLimit::max_bytes() <<
"\n";
1275 catch (
const std::exception &e)
1277 std::cerr <<
"Exception: " << e.what() <<
'\n';
1286 for (
int i = 0; i < n_retries; ++i)
1288 ret =
test(test_config);
1291 std::cout <<
"Retry " << (i + 1) <<
'/' << n_retries <<
'\n';
1293 std::cout <<
"Failed\n";
1303 mbedtls_debug_set_threshold(1);
1319 mbedtls_debug_set_threshold(4);
1328 if (!openvpn::SSLLib::SSLAPI::support_key_material_export())
1329 GTEST_SKIP_(
"our mbed TLS implementation does not support TLS EKM");
1353 int ret =
test({.tls_version_mismatch =
true});
1358#ifdef USE_TLS_CRYPT_V2
1361 int ret =
test_retry(
N_RETRIES, {.tls_crypt_v2_key_fn =
"tls-crypt-v2-client-with-serverkey.key"});
1367 int ret =
test({.tls_crypt_v2_key_fn =
"tls-crypt-v2-client-with-missing-serverkey.key"});
1373 int ret =
test_retry(
N_RETRIES, {.tls_crypt_v2_key_fn =
"tls-crypt-v2-client-with-serverkey.key", .use_tls_auth_with_tls_crypt_v2 =
true});
1385 int ret =
test_retry(
N_RETRIES, {.tls_crypt_v2_key_fn =
"tls-crypt-v2-client-with-serverkey.key", .force_resend_wkc =
true});
1397 int ret =
test_retry(
N_RETRIES, {.tls_crypt_v2_key_fn =
"tls-crypt-v2-client-with-serverkey.key", .force_resend_wkc =
true, .control_payload = 278});
1407 int ret =
test_retry(
N_RETRIES, {.tls_crypt_v2_key_fn =
"tls-crypt-v2-client-with-serverkey.key", .force_resend_wkc =
true, .mssfix_ctrl = 420});
1414 unsigned int num_threads = std::thread::hardware_concurrency();
1415#if defined(PROTO_N_THREADS) && PROTO_N_THREADS >= 1
1416 num_threads = PROTO_N_THREADS;
1419 std::vector<std::thread> running_threads{};
1420 std::vector<int> results(num_threads, -777);
1422 for (
unsigned int i = 0; i < num_threads; ++i)
1424 running_threads.emplace_back([i, &results]()
1427 const bool use_ekm = openvpn::SSLLib::SSLAPI::support_key_material_export() && (i % 2 == 0);
1430 for (
unsigned int i = 0; i < num_threads; ++i)
1432 running_threads[i].join();
1437 const std::vector<int> expected_results(num_threads, 0);
1439 EXPECT_THAT(expected_results, ::testing::ContainerEq(results));
1444 CryptoAlgs::allow_default_dc_algs<SSLLib::CryptoAPI>(
nullptr,
true,
false);
1448 auto infostring = protoConf.peer_info_string(
false);
1450 auto ivciphers = infostring.substr(infostring.find(
"IV_CIPHERS="));
1451 ivciphers = ivciphers.substr(0, ivciphers.find(
"\n"));
1454 std::string expectedstr{
"IV_CIPHERS=AES-128-GCM:AES-192-GCM:AES-256-GCM"};
1456 expectedstr +=
":CHACHA20-POLY1305";
1458 EXPECT_EQ(ivciphers, expectedstr);
1463 CryptoAlgs::allow_default_dc_algs<SSLLib::CryptoAPI>(
nullptr,
false,
false);
1467 auto infostring = protoConf.peer_info_string(
true);
1469 auto ivciphers = infostring.substr(infostring.find(
"IV_CIPHERS="));
1470 ivciphers = ivciphers.substr(0, ivciphers.find(
"\n"));
1473 std::string expectedstr{
"IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM"};
1475 expectedstr +=
":CHACHA20-POLY1305";
1477 EXPECT_EQ(ivciphers, expectedstr);
1484 SSLLib::SSLAPI::Config::Ptr
config =
new SSLLib::SSLAPI::Config;
1492 config->set_local_cert_enabled(
false);
1493 config->enable_legacy_algorithms(
true);
1495 auto factory_client =
config->new_factory();
1496 EXPECT_TRUE(factory_client);
1498 auto client = factory_client->ssl();
1499 auto libctx = factory_client->libctx();
1502 CryptoAlgs::allow_default_dc_algs<SSLLib::CryptoAPI>(libctx,
false,
true);
1506 auto infostring = protoConf.peer_info_string(
false);
1508 auto ivciphers = infostring.substr(infostring.find(
"IV_CIPHERS="));
1509 ivciphers = ivciphers.substr(0, ivciphers.find(
"\n"));
1513 std::string expectedstr{
"IV_CIPHERS=none:AES-128-CBC:AES-192-CBC:AES-256-CBC:DES-CBC:DES-EDE3-CBC"};
1516 expectedstr +=
":BF-CBC";
1518 expectedstr +=
":AES-128-GCM:AES-192-GCM:AES-256-GCM";
1521 expectedstr +=
":CHACHA20-POLY1305";
1523 EXPECT_EQ(ivciphers, expectedstr);
1526TEST(Proto, ControlmessageInvalidchar)
1528 std::string valid_auth_fail{
"AUTH_FAILED: go away"};
1529 std::string valid_auth_fail_newline_end{
"AUTH_FAILED: go away\n"};
1530 std::string invalid_auth_fail{
"AUTH_FAILED: go\n away\n"};
1531 std::string lot_of_whitespace{
"AUTH_FAILED: a lot of white space\n\n\r\n\r\n\r\n"};
1532 std::string only_whitespace{
"\n\n\r\n\r\n\r\n"};
1533 std::string empty{
""};
1542 auto msg = ProtoContext::read_control_string<std::string>(valid_auth_fail_buf);
1543 EXPECT_EQ(
msg, valid_auth_fail);
1546 auto msg2 = ProtoContext::read_control_string<std::string>(valid_auth_fail_newline_end_buf);
1547 EXPECT_EQ(msg2, valid_auth_fail);
1550 auto msg3 = ProtoContext::read_control_string<std::string>(invalid_auth_fail_buf);
1551 EXPECT_EQ(msg3,
"AUTH_FAILED: go\n away");
1554 auto msg4 = ProtoContext::read_control_string<std::string>(lot_of_whitespace_buf);
1555 EXPECT_EQ(msg4,
"AUTH_FAILED: a lot of white space");
1558 auto msg5 = ProtoContext::read_control_string<std::string>(only_whitespace_buf);
1559 EXPECT_EQ(msg5,
"");
1562 auto msg6 = ProtoContext::read_control_string<std::string>(empty_buf);
1563 EXPECT_EQ(msg6,
"");
1582 std::vector<openvpn::ClientEvent::Base::Ptr>
events;
1587 asio::io_context io_context;
1588 ClientRandomAPI::Ptr rng_cli(
new ClientRandomAPI());
1604 std::move(cli_stats),
1606 clisessconf.cli_events = std::move(eqv_ptr);
1609 clisession->validate_and_post_cc_msg(
"valid message");
1612 EXPECT_TRUE(eqv->
events.empty());
1614 clisession->validate_and_post_cc_msg(
"invalid\nmessage");
1615 EXPECT_EQ(eqv->
events.size(), 1);
1616 auto ev = eqv->
events.back();
1620 EXPECT_EQ(uf->name,
"Invalid chars in control message");
1621 EXPECT_EQ(uf->reason,
"Control channel message with invalid characters not allowed to be send with post_cc_msg");
Time::Duration operator()() const
DroughtMeasure(const std::string &name_arg, TimePtr now_arg)
OPENVPN_SIMPLE_EXCEPTION(drought_limit_exceeded)
void add_event(openvpn::ClientEvent::Base::Ptr event) override
std::vector< openvpn::ClientEvent::Base::Ptr > events
void client_proto_terminate()
count_t errors[Error::N_ERRORS]
void error(const size_t err_type, const std::string *text=nullptr) override
count_t get_error_count(const Error::Type type) const
void show_error_counts() const
std::deque< BufferPtr > wire
unsigned int rand(const unsigned int prob)
unsigned int reorder_prob
NoisyWire(const std::string &title_arg, TimePtr now_arg, RandomAPI &rand_arg, const unsigned int reorder_prob_arg, const unsigned int drop_prob_arg, const unsigned int corrupt_prob_arg)
unsigned int corrupt_prob
TestProtoClient(const ProtoContext::ProtoConfig::Ptr &config, const SessionStats::Ptr &stats)
void client_auth(Buffer &buf) override
void server_auth(const std::string &username, const SafeString &password, const std::string &peer_info, const AuthCert::Ptr &auth_cert) override
TestProtoServer(const ProtoContext::ProtoConfig::Ptr &config, const SessionStats::Ptr &stats)
OPENVPN_SIMPLE_EXCEPTION(auth_failed)
TestProto(const ProtoContext::ProtoConfig::Ptr &config, const SessionStats::Ptr &stats)
void control_recv(BufferPtr &&app_bp) override
DroughtMeasure data_drought
void modmsg(BufferPtr &buf)
bool verify_wkc_packets_fit(size_t max_size) const
void data_decrypt(const ProtoContext::PacketType &type, BufferAllocated &in_out)
void control_send(BufferPtr &&app_bp)
void data_encrypt(BufferAllocated &in_out)
std::vector< size_t > wkc_pkt_sizes_
void initial_app_send(const char *msg)
const char * progress() const
void control_send(BufferAllocated &&app_buf)
ProtoContext proto_context
void active(bool primary) override
Called when KeyContext transitions to ACTIVE state.
size_t n_control_recv() const
DroughtMeasure control_drought
size_t max_ctrl_pkt_size() const
BufferPtr data_encrypt_string(const char *str)
size_t n_control_send() const
OPENVPN_EXCEPTION(session_invalidated)
void app_send_templ_init(const char *msg)
void control_net_send(const Buffer &net_buf) override
size_t max_ctrl_pkt_size_
bool supports_epoch_data() override
size_t data_bytes() const
void copy_progress(Buffer &buf)
std::deque< BufferPtr > net_out
const T * c_data() const
Returns a const pointer to the start of the buffer.
size_t size() const
Returns the size of the buffer in T objects.
T * data()
Get a mutable pointer to the start of the array.
bool empty() const
Returns true if the buffer is empty.
size_t prepare(const unsigned int context, Buffer &buf) const
const Time::Duration & slowest_handshake()
void flush(const bool control_channel)
void control_send(BufferPtr &&app_bp)
void data_encrypt(BufferAllocated &in_out)
static void write_auth_string(const S &str, Buffer &buf)
bool data_decrypt(const PacketType &type, BufferAllocated &in_out)
Error::Type invalidation_reason() const
unsigned int negotiations() const
Time next_housekeeping() const
void reset(const ProtoSessionID cookie_psid=ProtoSessionID())
Resets ProtoContext *this to it's initial state.
void start(const ProtoSessionID cookie_psid=ProtoSessionID())
Initialize the state machine and start protocol negotiation.
const ProtoConfig & conf() const
void swap(RCPtr &rhs) noexcept
swaps the contents of two RCPtr<T>
T * get() const noexcept
Returns the raw pointer to the object T, or nullptr.
Abstract base class for random number generators.
T randrange(const T end)
Return a uniformly distributed random number in the range [0, end)
static Ptr Create(ArgsT &&...args)
Creates a new instance of RcEnable with the given arguments.
@ LF_ALLOW_CLIENT_CERT_NOT_REQUIRED
A string-like type that clears the buffer contents on delete.
void parse(const std::string &key_text)
void extract_wkc(BufferAllocated &wkc_out) const
void extract_key(OpenVPNStaticKey &tls_key)
void extract_key(OpenVPNStaticKey &tls_key)
void parse(const std::string &key_text)
static TimeType infinite()
static constexpr int default_log_level
static void set_log_level(int level)
set the log level for all loggigng
void work(openvpn_io::io_context &io_context, ThreadCommon &tc, MyRunContext &runctx, const unsigned int unit)
constexpr BufferFlags GROW(1U<< 2)
if enabled, buffer will grow (otherwise buffer_full exception will be thrown)
constexpr BufferFlags NO_FLAGS(0U)
no flags set
Type lookup(const std::string &name)
const char * name(const size_t type)
bool is_valid_utf8(const STRING &str, const size_t max_len_flags=0)
std::string read_text(const std::string &filename, const std::uint64_t max_size=0)
RCPtr< BufferAllocatedRc > BufferPtr
ProtoContext::ProtoConfig::Ptr proto_context_config
const std::string & tls_crypt_v2_key_fn
bool tls_version_mismatch
bool use_tls_auth_with_tls_crypt_v2
static const char config[]
#define TLS_TIMEOUT_CLIENT
#define TLS_TIMEOUT_SERVER
int test_retry(const int n_retries, const struct proto_test &test_config)
static auto create_client_proto_context(ClientSSLAPI::Config::Ptr cc, Frame::Ptr frame, ClientRandomAPI::Ptr rng, MySessionStats::Ptr cli_stats, Time &time, const std::string &tls_crypt_v2_key_fn="")
TEST_F(ProtoUnitTest, BaseSingleThreadTlsEkm)
TEST(Proto, IvCiphersAead)
static auto create_client_ssl_config(Frame::Ptr frame, ClientRandomAPI::Ptr rng, bool tls_version_mismatch=false)