Mercurial > hg > nginx-tests
diff quic_retry.t @ 1915:15131dd931a0
Tests: QUIC address validation tests.
While here, fixed establishing connection after receiving a Retry packet,
broken after conversion to HTTP3 package.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 20 Jun 2023 20:01:20 +0400 |
parents | |
children | 161dc73812b3 |
line wrap: on
line diff
new file mode 100644 --- /dev/null +++ b/quic_retry.t @@ -0,0 +1,118 @@ +#!/usr/bin/perl + +# (C) Sergey Kandaurov +# (C) Nginx, Inc. + +# Tests for QUIC address validation. + +############################################################################### + +use warnings; +use strict; + +use Test::More; + +BEGIN { use FindBin; chdir($FindBin::Bin); } + +use lib 'lib'; +use Test::Nginx; +use Test::Nginx::HTTP3; + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) + ->has_daemon('openssl')->plan(7) + ->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +daemon off; + +events { +} + +http { + %%TEST_GLOBALS_HTTP%% + + ssl_certificate_key localhost.key; + ssl_certificate localhost.crt; + quic_retry on; + + server { + listen 127.0.0.1:%%PORT_8980_UDP%% quic; + server_name localhost; + + location / { } + } +} + +EOF + +$t->write_file('openssl.conf', <<EOF); +[ req ] +default_bits = 2048 +encrypt_key = no +distinguished_name = req_distinguished_name +[ req_distinguished_name ] +EOF + +my $d = $t->testdir(); + +foreach my $name ('localhost') { + system('openssl req -x509 -new ' + . "-config $d/openssl.conf -subj /CN=$name/ " + . "-out $d/$name.crt -keyout $d/$name.key " + . ">>$d/openssl.out 2>&1") == 0 + or die "Can't create certificate for $name: $!\n"; +} + +$t->run(); + +############################################################################### + +my ($s, $sid, $frames, $frame); + +$s = Test::Nginx::HTTP3->new(8980); +$sid = $s->new_stream(); +$frames = $s->read(all => [{ sid => $sid, fin => 1 }, { type => 'NEW_TOKEN' }]); + +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}->{':status'}, 403, 'retry success'); + +is(unpack("H*", $s->retry_tag()), unpack("H*", $s->retry_verify_tag()), + 'retry integrity tag'); + +($frame) = grep { $_->{type} eq "NEW_TOKEN" } @$frames; +ok(my $new_token = $frame->{token}, 'new token received'); +ok(my $retry_token = $s->retry_token(), 'retry token received'); + +# connection with new token + +$s = Test::Nginx::HTTP3->new(8980, token => $new_token); +$sid = $s->new_stream(); +$frames = $s->read(all => [{ sid => $sid, fin => 1 }]); + +($frame) = grep { $_->{type} eq "HEADERS" } @$frames; +is($frame->{headers}->{':status'}, 403, 'new token success'); + +# connection with retry token, port won't match + +$s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1); +$frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]); + +($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; +is($frame->{error}, 11, 'retry token invalid'); + +# connection with retry token, corrupted + +substr($retry_token, 32) ^= "\xff"; +$s = Test::Nginx::HTTP3->new(8980, token => $retry_token, probe => 1); +$frames = $s->read(all => [{ type => 'CONNECTION_CLOSE' }]); + +($frame) = grep { $_->{type} eq "CONNECTION_CLOSE" } @$frames; +is($frame->{error}, 11, 'retry token decrypt error'); + +###############################################################################