Commit 120382b7 authored by Boris Glimcher's avatar Boris Glimcher Committed by Tomasz Zawadzki
Browse files

test/sock: Fixing hexstr2buf for PSK 

Adding more unit tests using standard openssl

The unfortunate small sleep is needed due to issue:
https://www.mail-archive.com/openssl-users@openssl.org/msg02937.html



Change-Id: I6f55453f12371bec6a402ba4c1d20e21aed73cf4
Signed-off-by: default avatarBoris Glimcher <Boris.Glimcher@emc.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12625


Community-CI: Mellanox Build Bot
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarShuhei Matsumoto <smatsumoto@nvidia.com>
parent 3781c0ea

module/sock/posix/posix.c

+42 −7
Original line number Diff line number Diff line
@@ -428,21 +428,38 @@ posix_sock_tls_psk_server_cb(SSL *ssl, 
			     unsigned char *psk,

			     unsigned int max_psk_len)

{

	long key_len;

	unsigned char *default_psk;



	if (PSK_KEY == NULL) {

		SPDK_ERRLOG("PSK is not set\n");

		goto err;

	}

	SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK ID %lu\n", strlen(PSK_ID));

	if (id == NULL) {

		SPDK_ERRLOG("Received empty PSK ID\n");

		goto err;

	}

	SPDK_DEBUGLOG(sock_posix,  "Received PSK ID '%s'\n", id);

	if (strcmp(PSK_ID, id) != 0) {

		SPDK_ERRLOG("Unknown Client's PSK ID\n");

		goto err;

	}



	SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK KEY %u\n", max_psk_len);

	if (strlen(PSK_KEY) > max_psk_len) {

		SPDK_ERRLOG("Insufficient buffer size to copy PSK_KEY\n");

	default_psk = OPENSSL_hexstr2buf(PSK_KEY, &key_len);

	if (default_psk == NULL) {

		SPDK_ERRLOG("Could not unhexlify PSK\n");

		goto err;

	}

	if (key_len > max_psk_len) {

		SPDK_ERRLOG("Insufficient buffer size to copy PSK\n");

		goto err;

	}



	memcpy(psk, PSK_KEY, strlen(PSK_KEY));

	memcpy(psk, default_psk, key_len);



	return strlen(PSK_KEY);

	return key_len;



err:

	return 0;
@@ -455,16 +472,34 @@ posix_sock_tls_psk_client_cb(SSL *ssl, const char *hint, 
			     unsigned char *psk,

			     unsigned int max_psk_len)

{

	long key_len;

	unsigned char *default_psk;



	if (hint) {

		SPDK_DEBUGLOG(sock_posix,  "Received PSK identity hint '%s'\n", hint);

	}



	if (PSK_KEY == NULL) {

		SPDK_ERRLOG("PSK is not set\n");

		goto err;

	}

	default_psk = OPENSSL_hexstr2buf(PSK_KEY, &key_len);

	if (default_psk == NULL) {

		SPDK_ERRLOG("Could not unhexlify PSK\n");

		goto err;

	}

	if ((strlen(PSK_ID) + 1 > max_identity_len)

	    || (strlen(PSK_KEY) > max_psk_len)) {

	    || (key_len > max_psk_len)) {

		SPDK_ERRLOG("PSK ID or Key buffer is not sufficient\n");

		goto err;

	}

	spdk_strcpy_pad(identity, PSK_ID, strlen(PSK_ID), 0);

	memcpy(psk, PSK_KEY, strlen(PSK_KEY));

	SPDK_DEBUGLOG(sock_posix, "Sending PSK identity '%s'\n", identity);



	memcpy(psk, default_psk, key_len);

	SPDK_DEBUGLOG(sock_posix, "Provided out-of-band (OOB) PSK for TLS1.3 client\n");



	return strlen(PSK_KEY);

	return key_len;



err:

	return 0;

test/iscsi_tgt/sock/sock.sh

+47 −0
Original line number Diff line number Diff line
@@ -66,6 +66,8 @@ iscsitestinit 


HELLO_SOCK_APP="${TARGET_NS_CMD[*]} $SPDK_EXAMPLE_DIR/hello_sock"

SOCAT_APP="socat"

OPENSSL_APP="openssl"

PSK_ID="nqn.2014-08.org.nvmexpress:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6"



# ----------------

# Test client path
@@ -110,6 +112,51 @@ killprocess $server_pid || true 


timing_exit sock_client



# ----------------

# Test SSL server path

# ----------------

timing_enter sock_ssl_server

echo "Testing SSL server path"



# start echo server using hello_sock echo server

$HELLO_SOCK_APP -H $TARGET_IP -P $ISCSI_PORT -S -N "ssl" &

server_pid=$!

trap 'killprocess $server_pid; iscsitestfini; exit 1' SIGINT SIGTERM EXIT

waitforlisten $server_pid



# send message using hello_sock client

message="**MESSAGE:This is a test message from the hello_sock client with ssl**"

response=$(echo $message | $HELLO_SOCK_APP -H $TARGET_IP -P $ISCSI_PORT -N "ssl")

if ! echo "$response" | grep -q "$message"; then

	exit 1

fi



# send message using openssl client using TLS 1.3

message="**MESSAGE:This is a test message from the openssl client using TLS 1.3**"

response=$( (

	echo -ne $message

	sleep 2

) | $OPENSSL_APP s_client -debug -state -tlsextdebug -tls1_3 -psk_identity $PSK_ID -psk "1234567890ABCDEF" -connect $TARGET_IP:$ISCSI_PORT)

if ! echo "$response" | grep -q "$message"; then

	exit 1

fi



# send message using openssl client using TLS 1.2

message="**MESSAGE:This is a test message from the openssl client using TLS 1.2**"

response=$( (

	echo -ne $message

	sleep 2

) | $OPENSSL_APP s_client -debug -state -tlsextdebug -tls1_2 -psk_identity $PSK_ID -psk "1234567890ABCDEF" -connect $TARGET_IP:$ISCSI_PORT)

if ! echo "$response" | grep -q "$message"; then

	exit 1

fi



trap '-' SIGINT SIGTERM EXIT

# NOTE: socat returns code 143 on SIGINT

killprocess $server_pid || true



timing_exit sock_ssl_server



# ----------------

# Test server path

# ----------------