ivampiresp/Spdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test/sock: Fixing hexstr2buf for PSK

Browse Source 
Adding more unit tests using standard openssl

The unfortunate small sleep is needed due to issue:
https://www.mail-archive.com/openssl-users@openssl.org/msg02937.html

Change-Id: I6f55453f12371bec6a402ba4c1d20e21aed73cf4
Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12625
Community-CI: Mellanox Build Bot
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Shuhei Matsumoto <smatsumoto@nvidia.com>
This commit is contained in:
Boris Glimcher 2022-05-03 18:28:20 +03:00 committed by Tomasz Zawadzki
parent 3781c0ea85
commit 120382b7ec
2 changed files with 89 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
module/sock/posix/posix.c
View File

@ -428,21 +428,38 @@ posix_sock_tls_psk_server_cb(SSL *ssl,
unsigned char *psk, unsigned char *psk,
unsigned int max_psk_len) unsigned int max_psk_len)
{ {
long key_len;
unsigned char *default_psk;
if (PSK_KEY == NULL) {
SPDK_ERRLOG("PSK is not set\n");
goto err;
}
SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK ID %lu\n", strlen(PSK_ID)); SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK ID %lu\n", strlen(PSK_ID));
if (id == NULL) {
SPDK_ERRLOG("Received empty PSK ID\n");
goto err;
}
SPDK_DEBUGLOG(sock_posix, "Received PSK ID '%s'\n", id);
if (strcmp(PSK_ID, id) != 0) { if (strcmp(PSK_ID, id) != 0) {
SPDK_ERRLOG("Unknown Client's PSK ID\n"); SPDK_ERRLOG("Unknown Client's PSK ID\n");
goto err; goto err;
} }
SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK KEY %u\n", max_psk_len); SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK KEY %u\n", max_psk_len);
if (strlen(PSK_KEY) > max_psk_len) { default_psk = OPENSSL_hexstr2buf(PSK_KEY, &key_len);
SPDK_ERRLOG("Insufficient buffer size to copy PSK_KEY\n"); if (default_psk == NULL) {
SPDK_ERRLOG("Could not unhexlify PSK\n");
goto err;
}
if (key_len > max_psk_len) {
SPDK_ERRLOG("Insufficient buffer size to copy PSK\n");
goto err; goto err;
} }
memcpy(psk, PSK_KEY, strlen(PSK_KEY)); memcpy(psk, default_psk, key_len);
return strlen(PSK_KEY); return key_len;
err: err:
return 0; return 0;
@ -455,16 +472,34 @@ posix_sock_tls_psk_client_cb(SSL *ssl, const char *hint,
unsigned char *psk, unsigned char *psk,
unsigned int max_psk_len) unsigned int max_psk_len)
{ {
long key_len;
unsigned char *default_psk;
if (hint) {
SPDK_DEBUGLOG(sock_posix, "Received PSK identity hint '%s'\n", hint);
}
if (PSK_KEY == NULL) {
SPDK_ERRLOG("PSK is not set\n");
goto err;
}
default_psk = OPENSSL_hexstr2buf(PSK_KEY, &key_len);
if (default_psk == NULL) {
SPDK_ERRLOG("Could not unhexlify PSK\n");
goto err;
}
if ((strlen(PSK_ID) + 1 > max_identity_len) if ((strlen(PSK_ID) + 1 > max_identity_len)
|| (strlen(PSK_KEY) > max_psk_len)) { || (key_len > max_psk_len)) {
SPDK_ERRLOG("PSK ID or Key buffer is not sufficient\n"); SPDK_ERRLOG("PSK ID or Key buffer is not sufficient\n");
goto err; goto err;
} }
spdk_strcpy_pad(identity, PSK_ID, strlen(PSK_ID), 0); spdk_strcpy_pad(identity, PSK_ID, strlen(PSK_ID), 0);
memcpy(psk, PSK_KEY, strlen(PSK_KEY)); SPDK_DEBUGLOG(sock_posix, "Sending PSK identity '%s'\n", identity);
memcpy(psk, default_psk, key_len);
SPDK_DEBUGLOG(sock_posix, "Provided out-of-band (OOB) PSK for TLS1.3 client\n"); SPDK_DEBUGLOG(sock_posix, "Provided out-of-band (OOB) PSK for TLS1.3 client\n");
return strlen(PSK_KEY); return key_len;
err: err:
return 0; return 0;

47
test/iscsi_tgt/sock/sock.sh
View File

@ -66,6 +66,8 @@ iscsitestinit
HELLO_SOCK_APP="${TARGET_NS_CMD[*]} $SPDK_EXAMPLE_DIR/hello_sock" HELLO_SOCK_APP="${TARGET_NS_CMD[*]} $SPDK_EXAMPLE_DIR/hello_sock"
SOCAT_APP="socat" SOCAT_APP="socat"
OPENSSL_APP="openssl"
PSK_ID="nqn.2014-08.org.nvmexpress:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6"
# ---------------- # ----------------
# Test client path # Test client path
@ -110,6 +112,51 @@ killprocess $server_pid || true
timing_exit sock_client timing_exit sock_client
# ----------------
# Test SSL server path
# ----------------
timing_enter sock_ssl_server
echo "Testing SSL server path"
# start echo server using hello_sock echo server
$HELLO_SOCK_APP -H $TARGET_IP -P $ISCSI_PORT -S -N "ssl" &
server_pid=$!
trap 'killprocess $server_pid; iscsitestfini; exit 1' SIGINT SIGTERM EXIT
waitforlisten $server_pid
# send message using hello_sock client
message="**MESSAGE:This is a test message from the hello_sock client with ssl**"
response=$(echo $message | $HELLO_SOCK_APP -H $TARGET_IP -P $ISCSI_PORT -N "ssl")
if ! echo "$response" | grep -q "$message"; then
exit 1
fi
# send message using openssl client using TLS 1.3
message="**MESSAGE:This is a test message from the openssl client using TLS 1.3**"
response=$( (
echo -ne $message
sleep 2
) | $OPENSSL_APP s_client -debug -state -tlsextdebug -tls1_3 -psk_identity $PSK_ID -psk "1234567890ABCDEF" -connect $TARGET_IP:$ISCSI_PORT)
if ! echo "$response" | grep -q "$message"; then
exit 1
fi
# send message using openssl client using TLS 1.2
message="**MESSAGE:This is a test message from the openssl client using TLS 1.2**"
response=$( (
echo -ne $message
sleep 2
) | $OPENSSL_APP s_client -debug -state -tlsextdebug -tls1_2 -psk_identity $PSK_ID -psk "1234567890ABCDEF" -connect $TARGET_IP:$ISCSI_PORT)
if ! echo "$response" | grep -q "$message"; then
exit 1
fi
trap '-' SIGINT SIGTERM EXIT
# NOTE: socat returns code 143 on SIGINT
killprocess $server_pid || true
timing_exit sock_ssl_server
# ---------------- # ----------------
# Test server path # Test server path
# ---------------- # ----------------