From b99107adebaf277ca638c48eeb3a6cde822c6bf1 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Mon, 10 Jun 2024 22:48:40 +0000 Subject: [PATCH 1/7] add initial api --- bindings/rust/s2n-tls/src/connection.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/bindings/rust/s2n-tls/src/connection.rs b/bindings/rust/s2n-tls/src/connection.rs index f8c4ccb008a..0ef3a1638f5 100644 --- a/bindings/rust/s2n-tls/src/connection.rs +++ b/bindings/rust/s2n-tls/src/connection.rs @@ -1088,6 +1088,13 @@ impl Connection { Some(app_context) => app_context.downcast_mut::(), } } + + pub fn client_hello_version(&self) -> Result { + let version = unsafe { + s2n_connection_get_client_hello_version(self.connection.as_ptr()).into_result()? + }; + version.try_into() + } } struct Context { From a49728be99c0d9ddb3f3b8085ae9de3d27704e14 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Sat, 15 Jun 2024 00:51:00 +0000 Subject: [PATCH 2/7] add test case --- bindings/rust/s2n-tls/src/connection.rs | 14 +++++++------- bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 14 ++++++++++++-- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/bindings/rust/s2n-tls/src/connection.rs b/bindings/rust/s2n-tls/src/connection.rs index 0ef3a1638f5..637716da09f 100644 --- a/bindings/rust/s2n-tls/src/connection.rs +++ b/bindings/rust/s2n-tls/src/connection.rs @@ -857,6 +857,13 @@ impl Connection { version.try_into() } + pub fn client_hello_version(&self) -> Result { + let version = unsafe { + s2n_connection_get_client_hello_version(self.connection.as_ptr()).into_result()? + }; + version.try_into() + } + pub fn handshake_type(&self) -> Result<&str, Error> { let handshake = unsafe { s2n_connection_get_handshake_type_name(self.connection.as_ptr()).into_result()? @@ -1088,13 +1095,6 @@ impl Connection { Some(app_context) => app_context.downcast_mut::(), } } - - pub fn client_hello_version(&self) -> Result { - let version = unsafe { - s2n_connection_get_client_hello_version(self.connection.as_ptr()).into_result()? - }; - version.try_into() - } } struct Context { diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs index eb18e7d16bd..2f121eca907 100644 --- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs @@ -234,9 +234,9 @@ impl<'a, T: 'a + Context> Callback<'a, T> { mod tests { use crate::{ callbacks::{ClientHelloCallback, ConnectionFuture, ConnectionFutureResult}, - enums::ClientAuthType, + enums::{self, ClientAuthType}, error::ErrorType, - testing::{client_hello::*, s2n_tls::*, *}, + testing::{self, client_hello::*, s2n_tls::*, *}, }; use alloc::sync::Arc; use core::sync::atomic::Ordering; @@ -1030,4 +1030,14 @@ mod tests { .unwrap(); assert_eq!(context.invoked_count, 1); } + + #[test] + fn client_hello_version() -> Result<(), testing::Error> { + let config = testing::build_config(&security::DEFAULT_TLS13)?; + let pair = tls_pair(config); + let pair = poll_tls_pair(pair); + let server = pair.server.0.connection; + assert_eq!(server.client_hello_version()?, enums::Version::TLS12); + Ok(()) + } } From f62e9e42371c1f81d23c7039892caff479dae879 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Thu, 20 Jun 2024 23:34:24 +0000 Subject: [PATCH 3/7] address pr feedback - switch to is_sslv2 - add comments --- bindings/rust/s2n-tls/src/connection.rs | 12 ++++++++++-- bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/bindings/rust/s2n-tls/src/connection.rs b/bindings/rust/s2n-tls/src/connection.rs index 637716da09f..8f27614cc4c 100644 --- a/bindings/rust/s2n-tls/src/connection.rs +++ b/bindings/rust/s2n-tls/src/connection.rs @@ -850,6 +850,7 @@ impl Connection { Ok(()) } + /// Access the protocol version selected for the connection. pub fn actual_protocol_version(&self) -> Result { let version = unsafe { s2n_connection_get_actual_protocol_version(self.connection.as_ptr()).into_result()? @@ -857,11 +858,18 @@ impl Connection { version.try_into() } - pub fn client_hello_version(&self) -> Result { + /// Detects if the client hello is using the SSLv2 format. + /// + /// s2n-tls will not negotiate SSLv2, but will accept SSLv2 ClientHellos + /// advertising a higher protocol version like SSLv3 or TLS1.0. + /// [Connection::actual_protocol_version()] can be used to retrieve the + /// protocol version that is actually used on the connection. + pub fn client_hello_is_sslv2(&self) -> Result { let version = unsafe { s2n_connection_get_client_hello_version(self.connection.as_ptr()).into_result()? }; - version.try_into() + let version: Version = version.try_into()?; + Ok(version == Version::SSLV2) } pub fn handshake_type(&self) -> Result<&str, Error> { diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs index 2f121eca907..3aa8ab194d3 100644 --- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs @@ -1037,7 +1037,7 @@ mod tests { let pair = tls_pair(config); let pair = poll_tls_pair(pair); let server = pair.server.0.connection; - assert_eq!(server.client_hello_version()?, enums::Version::TLS12); + assert_eq!(server.client_hello_is_sslv2()?, false); Ok(()) } } From 877e274481a41f5bc244855e49acd56ed733a187 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 21 Jun 2024 23:25:49 +0000 Subject: [PATCH 4/7] add sslv2 test --- bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 36 +++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs index a626e26e4ec..b545b123373 100644 --- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs @@ -1027,7 +1027,7 @@ mod tests { } #[test] - fn client_hello_version() -> Result<(), testing::Error> { + fn client_hello_sslv2_negative() -> Result<(), testing::Error> { let config = testing::build_config(&security::DEFAULT_TLS13)?; let pair = tls_pair(config); let pair = poll_tls_pair(pair); @@ -1035,4 +1035,38 @@ mod tests { assert_eq!(server.client_hello_is_sslv2()?, false); Ok(()) } + + #[test] + fn client_hello_sslv2_positive() -> Result<(), testing::Error> { + + let config = testing::build_config(&security::DEFAULT_TLS13)?; + let pair = tls_pair(config); + let pair = poll_tls_pair(pair); + let server = pair.server.0.connection; + assert_eq!(server.client_hello_is_sslv2()?, false); + Ok(()) + } + + // copy-pasted from s2n-tls/tests/testlib/s2n_sslv2_client_hello.h + // by concatenating these fields together, a valid SSLv2 formatted client hello + // can be assembled + const SSLV2_CLIENT_HELLO_HEADER: &[u8] = &[0x80, 0xb3, 0x01, 0x03, 0x03]; + const SSLV2_CLIENT_HELLO_PREFIX: &[u8] = &[0x00, 0x8a, 0x00, 0x00, 0x00, 0x20]; + const SSLV2_CLIENT_HELLO_CIPHER_SUITES: &[u8] = &[ + 0x00, 0xc0, 0x24, 0x00, 0xc0, 0x28, 0x00, 0x00, 0x3d, 0x00, 0xc0, 0x26, 0x00, 0xc0, 0x2a, + 0x00, 0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0xc0, 0x0a, 0x07, 0x00, 0xc0, 0x00, 0xc0, 0x14, + 0x00, 0x00, 0x35, 0x00, 0xc0, 0x05, 0x00, 0xc0, 0x0f, 0x00, 0x00, 0x39, 0x00, 0x00, 0x38, + 0x00, 0xc0, 0x23, 0x00, 0xc0, 0x27, 0x00, 0x00, 0x3c, 0x00, 0xc0, 0x25, 0x00, 0xc0, 0x29, + 0x00, 0x00, 0x67, 0x00, 0x00, 0x40, 0x00, 0xc0, 0x09, 0x06, 0x00, 0x40, 0x00, 0xc0, 0x13, + 0x00, 0x00, 0x2f, 0x00, 0xc0, 0x04, 0x01, 0x00, 0x80, 0x00, 0xc0, 0x0e, 0x00, 0x00, 0x33, + 0x00, 0x00, 0x32, 0x00, 0xc0, 0x2c, 0x00, 0xc0, 0x2b, 0x00, 0xc0, 0x30, 0x00, 0x00, 0x9d, + 0x00, 0xc0, 0x2e, 0x00, 0xc0, 0x32, 0x00, 0x00, 0x9f, 0x00, 0x00, 0xa3, 0x00, 0xc0, 0x2f, + 0x00, 0x00, 0x9c, 0x00, 0xc0, 0x2d, 0x00, 0xc0, 0x31, 0x00, 0x00, 0x9e, 0x00, 0x00, 0xa2, + 0x00, 0x00, 0xff, + ]; + const SSLV2_CLIENT_HELLO_CHALLENGE: &[u8] = &[ + 0x5b, 0xe9, 0xcc, 0xad, 0xd6, 0xa5, 0x20, 0xac, 0xa3, 0xf4, 0x8e, 0x88, 0x06, 0xb5, 0x95, + 0x53, 0x2d, 0x53, 0xfe, 0xd7, 0xa1, 0x00, 0x57, 0xc0, 0x53, 0x9d, 0x84, 0x71, 0x80, 0x7f, + 0x30, 0x7e, + ]; } From f74aab5ef915bf17f84b8ed40b9f8eaa6f392e8c Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 21 Jun 2024 23:46:59 +0000 Subject: [PATCH 5/7] address pr feedback - add positive case for sslv2 testing --- bindings/rust/s2n-tls/src/testing.rs | 4 +- bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 172 ++++++++++--------- 2 files changed, 96 insertions(+), 80 deletions(-) diff --git a/bindings/rust/s2n-tls/src/testing.rs b/bindings/rust/s2n-tls/src/testing.rs index 3fe64c0d687..9fa5dbb9720 100644 --- a/bindings/rust/s2n-tls/src/testing.rs +++ b/bindings/rust/s2n-tls/src/testing.rs @@ -377,9 +377,9 @@ pub struct TestPair { // Box: A Vec (or VecDeque) may be moved or reallocated, so we need another layer of // indirection to have a stable (pinned) reference /// a data buffer that the server writes to and the client reads from - server_tx_stream: Pin>, + pub server_tx_stream: Pin>, /// a data buffer that the client writes to and the server reads from - client_tx_stream: Pin>, + pub client_tx_stream: Pin>, } impl TestPair { diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs index b545b123373..9d8571df330 100644 --- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs @@ -343,19 +343,43 @@ mod tests { config.build()? }; - let mut pair = TestPair::from_config(&config); - pair.server.set_waker(Some(&waker))?; - let s2n_err = pair.handshake().unwrap_err(); - // the underlying error should be the custom error the application provided - let app_err = s2n_err.application_error().unwrap(); - let io_err = app_err.downcast_ref::().unwrap(); - let _custom_err = io_err - .get_ref() - .unwrap() - .downcast_ref::() - .unwrap(); + let server = { + // create and configure a server connection + let mut server = crate::connection::Connection::new_server(); + server.set_config(config.clone())?; + server.set_waker(Some(&waker))?; + Harness::new(server) + }; + + let client = { + // create a client connection + let mut client = crate::connection::Connection::new_client(); + client.set_config(config)?; + Harness::new(client) + }; + let mut pair = Pair::new(server, client); + loop { + match pair.poll() { + Poll::Ready(result) => { + let err = result.expect_err("handshake should fail"); + + // the underlying error should be the custom error the application provided + let s2n_err = err.downcast_ref::().unwrap(); + let app_err = s2n_err.application_error().unwrap(); + let io_err = app_err.downcast_ref::().unwrap(); + let _custom_err = io_err + .get_ref() + .unwrap() + .downcast_ref::() + .unwrap(); + break; + } + Poll::Pending => continue, + } + } assert_eq!(wake_count, 0); + Ok(()) } @@ -949,7 +973,7 @@ mod tests { /// Test that a context can be used from within a callback. #[test] - fn test_app_context_callback() -> Result<(), crate::error::Error> { + fn test_app_context_callback() { struct TestApplicationContext { invoked_count: u32, } @@ -982,91 +1006,83 @@ mod tests { builder.trust_pem(keypair.cert).unwrap(); builder.build().unwrap() }; - let mut pair = TestPair::from_config(&config); - pair.server.set_waker(Some(&noop_waker()))?; + + let mut pair = tls_pair(config); + pair.server + .0 + .connection_mut() + .set_waker(Some(&noop_waker())) + .unwrap(); let context = TestApplicationContext { invoked_count: 0 }; - pair.server.set_application_context(context); + pair.server + .0 + .connection_mut() + .set_application_context(context); - pair.handshake()?; + assert!(poll_tls_pair_result(&mut pair).is_ok()); let context = pair .server + .0 + .connection() .application_context::() .unwrap(); assert_eq!(context.invoked_count, 1); - - Ok(()) - } - - #[test] - fn no_application_protocol() -> Result<(), Error> { - let config = config_builder(&security::DEFAULT)?.build()?; - let mut pair = tls_pair(config); - assert!(poll_tls_pair_result(&mut pair).is_ok()); - assert!(pair.server.0.connection.application_protocol().is_none()); - Ok(()) - } - - #[test] - fn application_protocol() -> Result<(), Error> { - let config = config_builder(&security::DEFAULT)?.build()?; - let mut pair = tls_pair(config); - pair.server - .0 - .connection - .set_application_protocol_preference(["http/1.1", "h2"])?; - pair.client - .0 - .connection - .append_application_protocol_preference(b"h2")?; - assert!(poll_tls_pair_result(&mut pair).is_ok()); - let protocol = pair.server.0.connection.application_protocol().unwrap(); - assert_eq!(protocol, b"h2"); - Ok(()) } #[test] fn client_hello_sslv2_negative() -> Result<(), testing::Error> { let config = testing::build_config(&security::DEFAULT_TLS13)?; - let pair = tls_pair(config); - let pair = poll_tls_pair(pair); - let server = pair.server.0.connection; - assert_eq!(server.client_hello_is_sslv2()?, false); + let mut pair = TestPair::from_config(&config); + pair.handshake()?; + assert_eq!(pair.server.client_hello_is_sslv2()?, false); Ok(()) } #[test] fn client_hello_sslv2_positive() -> Result<(), testing::Error> { - - let config = testing::build_config(&security::DEFAULT_TLS13)?; - let pair = tls_pair(config); - let pair = poll_tls_pair(pair); - let server = pair.server.0.connection; - assert_eq!(server.client_hello_is_sslv2()?, false); + // copy-pasted from s2n-tls/tests/testlib/s2n_sslv2_client_hello.h + // by concatenating these fields together, a valid SSLv2 formatted client hello + // can be assembled + const SSLV2_CLIENT_HELLO_HEADER: &[u8] = &[0x80, 0xb3, 0x01, 0x03, 0x03]; + const SSLV2_CLIENT_HELLO_PREFIX: &[u8] = &[0x00, 0x8a, 0x00, 0x00, 0x00, 0x20]; + const SSLV2_CLIENT_HELLO_CIPHER_SUITES: &[u8] = &[ + 0x00, 0xc0, 0x24, 0x00, 0xc0, 0x28, 0x00, 0x00, 0x3d, 0x00, 0xc0, 0x26, 0x00, 0xc0, + 0x2a, 0x00, 0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0xc0, 0x0a, 0x07, 0x00, 0xc0, 0x00, + 0xc0, 0x14, 0x00, 0x00, 0x35, 0x00, 0xc0, 0x05, 0x00, 0xc0, 0x0f, 0x00, 0x00, 0x39, + 0x00, 0x00, 0x38, 0x00, 0xc0, 0x23, 0x00, 0xc0, 0x27, 0x00, 0x00, 0x3c, 0x00, 0xc0, + 0x25, 0x00, 0xc0, 0x29, 0x00, 0x00, 0x67, 0x00, 0x00, 0x40, 0x00, 0xc0, 0x09, 0x06, + 0x00, 0x40, 0x00, 0xc0, 0x13, 0x00, 0x00, 0x2f, 0x00, 0xc0, 0x04, 0x01, 0x00, 0x80, + 0x00, 0xc0, 0x0e, 0x00, 0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0xc0, 0x2c, 0x00, 0xc0, + 0x2b, 0x00, 0xc0, 0x30, 0x00, 0x00, 0x9d, 0x00, 0xc0, 0x2e, 0x00, 0xc0, 0x32, 0x00, + 0x00, 0x9f, 0x00, 0x00, 0xa3, 0x00, 0xc0, 0x2f, 0x00, 0x00, 0x9c, 0x00, 0xc0, 0x2d, + 0x00, 0xc0, 0x31, 0x00, 0x00, 0x9e, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xff, + ]; + const SSLV2_CLIENT_HELLO_CHALLENGE: &[u8] = &[ + 0x5b, 0xe9, 0xcc, 0xad, 0xd6, 0xa5, 0x20, 0xac, 0xa3, 0xf4, 0x8e, 0x88, 0x06, 0xb5, + 0x95, 0x53, 0x2d, 0x53, 0xfe, 0xd7, 0xa1, 0x00, 0x57, 0xc0, 0x53, 0x9d, 0x84, 0x71, + 0x80, 0x7f, 0x30, 0x7e, + ]; + + let config = testing::build_config(&security::Policy::from_version("test_all")?)?; + // we use the pair to setup IO, but we don't want the client to write anything. + // So we drop the client and just directly write the SSLv2 header to the + // client_tx_stream + let mut pair = TestPair::from_config(&config); + drop(pair.client); + + let mut client_tx_stream = pair.client_tx_stream.borrow_mut(); + client_tx_stream.write_all(SSLV2_CLIENT_HELLO_HEADER)?; + client_tx_stream.write_all(SSLV2_CLIENT_HELLO_PREFIX)?; + client_tx_stream.write_all(SSLV2_CLIENT_HELLO_CIPHER_SUITES)?; + client_tx_stream.write_all(SSLV2_CLIENT_HELLO_CHALLENGE)?; + // end the exclusive borrow + drop(client_tx_stream); + + // the first server.poll_negotiate causes the server to read in the client hello + assert!(pair.server.poll_negotiate()?.is_pending()); + assert_eq!(pair.server.client_hello_is_sslv2()?, true); Ok(()) } - - // copy-pasted from s2n-tls/tests/testlib/s2n_sslv2_client_hello.h - // by concatenating these fields together, a valid SSLv2 formatted client hello - // can be assembled - const SSLV2_CLIENT_HELLO_HEADER: &[u8] = &[0x80, 0xb3, 0x01, 0x03, 0x03]; - const SSLV2_CLIENT_HELLO_PREFIX: &[u8] = &[0x00, 0x8a, 0x00, 0x00, 0x00, 0x20]; - const SSLV2_CLIENT_HELLO_CIPHER_SUITES: &[u8] = &[ - 0x00, 0xc0, 0x24, 0x00, 0xc0, 0x28, 0x00, 0x00, 0x3d, 0x00, 0xc0, 0x26, 0x00, 0xc0, 0x2a, - 0x00, 0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0xc0, 0x0a, 0x07, 0x00, 0xc0, 0x00, 0xc0, 0x14, - 0x00, 0x00, 0x35, 0x00, 0xc0, 0x05, 0x00, 0xc0, 0x0f, 0x00, 0x00, 0x39, 0x00, 0x00, 0x38, - 0x00, 0xc0, 0x23, 0x00, 0xc0, 0x27, 0x00, 0x00, 0x3c, 0x00, 0xc0, 0x25, 0x00, 0xc0, 0x29, - 0x00, 0x00, 0x67, 0x00, 0x00, 0x40, 0x00, 0xc0, 0x09, 0x06, 0x00, 0x40, 0x00, 0xc0, 0x13, - 0x00, 0x00, 0x2f, 0x00, 0xc0, 0x04, 0x01, 0x00, 0x80, 0x00, 0xc0, 0x0e, 0x00, 0x00, 0x33, - 0x00, 0x00, 0x32, 0x00, 0xc0, 0x2c, 0x00, 0xc0, 0x2b, 0x00, 0xc0, 0x30, 0x00, 0x00, 0x9d, - 0x00, 0xc0, 0x2e, 0x00, 0xc0, 0x32, 0x00, 0x00, 0x9f, 0x00, 0x00, 0xa3, 0x00, 0xc0, 0x2f, - 0x00, 0x00, 0x9c, 0x00, 0xc0, 0x2d, 0x00, 0xc0, 0x31, 0x00, 0x00, 0x9e, 0x00, 0x00, 0xa2, - 0x00, 0x00, 0xff, - ]; - const SSLV2_CLIENT_HELLO_CHALLENGE: &[u8] = &[ - 0x5b, 0xe9, 0xcc, 0xad, 0xd6, 0xa5, 0x20, 0xac, 0xa3, 0xf4, 0x8e, 0x88, 0x06, 0xb5, 0x95, - 0x53, 0x2d, 0x53, 0xfe, 0xd7, 0xa1, 0x00, 0x57, 0xc0, 0x53, 0x9d, 0x84, 0x71, 0x80, 0x7f, - 0x30, 0x7e, - ]; } From 0552865d6ca41ec9bbdf2a655451e3186435cd18 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Fri, 21 Jun 2024 23:57:22 +0000 Subject: [PATCH 6/7] fix my git mashup :( --- bindings/rust/s2n-tls/src/testing.rs | 4 +- bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 95 ++++++++++---------- 2 files changed, 47 insertions(+), 52 deletions(-) diff --git a/bindings/rust/s2n-tls/src/testing.rs b/bindings/rust/s2n-tls/src/testing.rs index 9fa5dbb9720..3fe64c0d687 100644 --- a/bindings/rust/s2n-tls/src/testing.rs +++ b/bindings/rust/s2n-tls/src/testing.rs @@ -377,9 +377,9 @@ pub struct TestPair { // Box: A Vec (or VecDeque) may be moved or reallocated, so we need another layer of // indirection to have a stable (pinned) reference /// a data buffer that the server writes to and the client reads from - pub server_tx_stream: Pin>, + server_tx_stream: Pin>, /// a data buffer that the client writes to and the server reads from - pub client_tx_stream: Pin>, + client_tx_stream: Pin>, } impl TestPair { diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs index 9d8571df330..0fd7f74b732 100644 --- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs @@ -343,43 +343,19 @@ mod tests { config.build()? }; - let server = { - // create and configure a server connection - let mut server = crate::connection::Connection::new_server(); - server.set_config(config.clone())?; - server.set_waker(Some(&waker))?; - Harness::new(server) - }; - - let client = { - // create a client connection - let mut client = crate::connection::Connection::new_client(); - client.set_config(config)?; - Harness::new(client) - }; - - let mut pair = Pair::new(server, client); - loop { - match pair.poll() { - Poll::Ready(result) => { - let err = result.expect_err("handshake should fail"); + let mut pair = TestPair::from_config(&config); + pair.server.set_waker(Some(&waker))?; + let s2n_err = pair.handshake().unwrap_err(); + // the underlying error should be the custom error the application provided + let app_err = s2n_err.application_error().unwrap(); + let io_err = app_err.downcast_ref::().unwrap(); + let _custom_err = io_err + .get_ref() + .unwrap() + .downcast_ref::() + .unwrap(); - // the underlying error should be the custom error the application provided - let s2n_err = err.downcast_ref::().unwrap(); - let app_err = s2n_err.application_error().unwrap(); - let io_err = app_err.downcast_ref::().unwrap(); - let _custom_err = io_err - .get_ref() - .unwrap() - .downcast_ref::() - .unwrap(); - break; - } - Poll::Pending => continue, - } - } assert_eq!(wake_count, 0); - Ok(()) } @@ -973,7 +949,7 @@ mod tests { /// Test that a context can be used from within a callback. #[test] - fn test_app_context_callback() { + fn test_app_context_callback() -> Result<(), crate::error::Error> { struct TestApplicationContext { invoked_count: u32, } @@ -1006,29 +982,48 @@ mod tests { builder.trust_pem(keypair.cert).unwrap(); builder.build().unwrap() }; - - let mut pair = tls_pair(config); - pair.server - .0 - .connection_mut() - .set_waker(Some(&noop_waker())) - .unwrap(); + let mut pair = TestPair::from_config(&config); + pair.server.set_waker(Some(&noop_waker()))?; let context = TestApplicationContext { invoked_count: 0 }; - pair.server - .0 - .connection_mut() - .set_application_context(context); + pair.server.set_application_context(context); - assert!(poll_tls_pair_result(&mut pair).is_ok()); + pair.handshake()?; let context = pair .server - .0 - .connection() .application_context::() .unwrap(); assert_eq!(context.invoked_count, 1); + + Ok(()) + } + + #[test] + fn no_application_protocol() -> Result<(), Error> { + let config = config_builder(&security::DEFAULT)?.build()?; + let mut pair = tls_pair(config); + assert!(poll_tls_pair_result(&mut pair).is_ok()); + assert!(pair.server.0.connection.application_protocol().is_none()); + Ok(()) + } + + #[test] + fn application_protocol() -> Result<(), Error> { + let config = config_builder(&security::DEFAULT)?.build()?; + let mut pair = tls_pair(config); + pair.server + .0 + .connection + .set_application_protocol_preference(["http/1.1", "h2"])?; + pair.client + .0 + .connection + .append_application_protocol_preference(b"h2")?; + assert!(poll_tls_pair_result(&mut pair).is_ok()); + let protocol = pair.server.0.connection.application_protocol().unwrap(); + assert_eq!(protocol, b"h2"); + Ok(()) } #[test] From aff59e8068fe77edd998ef87e0b18862d8d193af Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Thu, 27 Jun 2024 23:19:28 +0000 Subject: [PATCH 7/7] address ci failures - fix clippy lints --- bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs index a75507542b4..e66d8046efc 100644 --- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs @@ -234,7 +234,7 @@ impl<'a, T: 'a + Context> Callback<'a, T> { mod tests { use crate::{ callbacks::{ClientHelloCallback, ConnectionFuture, ConnectionFutureResult}, - enums::{self, ClientAuthType}, + enums::ClientAuthType, error::ErrorType, testing::{self, client_hello::*, s2n_tls::*, *}, }; @@ -900,7 +900,7 @@ mod tests { let config = testing::build_config(&security::DEFAULT_TLS13)?; let mut pair = TestPair::from_config(&config); pair.handshake()?; - assert_eq!(pair.server.client_hello_is_sslv2()?, false); + assert!(!pair.server.client_hello_is_sslv2()?); Ok(()) } @@ -946,7 +946,7 @@ mod tests { // the first server.poll_negotiate causes the server to read in the client hello assert!(pair.server.poll_negotiate()?.is_pending()); - assert_eq!(pair.server.client_hello_is_sslv2()?, true); + assert!(pair.server.client_hello_is_sslv2()?); Ok(()) } }