From 78090be784779917300e9442da71d11b30784f27 Mon Sep 17 00:00:00 2001 From: Yuxiang Cao Date: Fri, 9 Jun 2023 14:37:51 -0700 Subject: [PATCH] test: add and fix tests - add server mix version tests - add test_import_pkcs8_encrypted_rsa_key - fix ssl_conf_ca_cb.rs - add bench test for pbkdf2_hmac --- Cargo.lock | 7 ++++++ mbedtls/Cargo.toml | 5 ++++ mbedtls/benches/bench.rs | 42 +++++++++++++++++++++++++++++++++ mbedtls/tests/async_session.rs | 21 +++++++++++++++++ mbedtls/tests/client_server.rs | 21 +++++++++++++++++ mbedtls/tests/ssl_conf_ca_cb.rs | 8 +++++++ 6 files changed, 104 insertions(+) create mode 100644 mbedtls/benches/bench.rs diff --git a/Cargo.lock b/Cargo.lock index a350c614a..db6a8b3e1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -68,6 +68,12 @@ dependencies = [ "safemem", ] +[[package]] +name = "bencher" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" + [[package]] name = "bindgen" version = "0.65.1" @@ -593,6 +599,7 @@ name = "mbedtls" version = "0.11.0" dependencies = [ "async-stream", + "bencher", "bit-vec", "bitflags", "byteorder", diff --git a/mbedtls/Cargo.toml b/mbedtls/Cargo.toml index 75c5f3817..9fe306117 100644 --- a/mbedtls/Cargo.toml +++ b/mbedtls/Cargo.toml @@ -54,6 +54,7 @@ pin-project-lite = "0.2" rstest = "0.17.0" rstest_reuse = "0.5.0" env_logger = "0.10" +bencher = "0.1.5" [build-dependencies] cc = "1.0" @@ -111,3 +112,7 @@ required-features = ["std"] name = "async_session" path = "tests/async_session.rs" required-features = ["async-rt"] + +[[bench]] +name = "bench" +harness = false diff --git a/mbedtls/benches/bench.rs b/mbedtls/benches/bench.rs new file mode 100644 index 000000000..a7dc084e2 --- /dev/null +++ b/mbedtls/benches/bench.rs @@ -0,0 +1,42 @@ +/* Copyright (c) Fortanix, Inc. + * + * Licensed under the GNU General Public License, version 2 or the Apache License, Version + * 2.0 , at your + * option. This file may not be copied, modified, or distributed except + * according to those terms. */ + +#[macro_use] +extern crate bencher; + +use bencher::{black_box, Bencher}; + +const PBKDF2_NUM_ITERATIONS: u32 = 100000; +const PBKDF2_SALT_LEN: usize = 32; +const PBKDF2_KEY_LEN: usize = 32; + +use mbedtls::hash; + +fn bench_pbkdf2_hmac(b: &mut Bencher) { + let password = "password".as_bytes(); + let salt = vec![123u8; PBKDF2_SALT_LEN]; + + let mut key_val: Vec = vec![0; PBKDF2_KEY_LEN]; + + b.iter(|| { + // Inner closure, the actual test + black_box( + hash::pbkdf2_hmac( + hash::Type::Sha512, + password, + &salt, + PBKDF2_NUM_ITERATIONS, + key_val.as_mut_slice(), + ) + .unwrap(), + ); + }); +} + +benchmark_group!(benches, bench_pbkdf2_hmac); +benchmark_main!(benches); diff --git a/mbedtls/tests/async_session.rs b/mbedtls/tests/async_session.rs index 2a3d6c1e6..91e39a836 100644 --- a/mbedtls/tests/async_session.rs +++ b/mbedtls/tests/async_session.rs @@ -255,6 +255,27 @@ mod test { Version::Tls13, Some(Version::Tls13) ))] + #[case::client1_2_server_mix(TestConfig::new( + Version::Tls12, + Version::Tls12, + Version::Tls12, + Version::Tls13, + Some(Version::Tls12) + ))] + #[case::client1_3_server_mix(TestConfig::new( + Version::Tls13, + Version::Tls13, + Version::Tls12, + Version::Tls13, + Some(Version::Tls13) + ))] + #[case::client_mix_server_mix(TestConfig::new( + Version::Tls12, + Version::Tls13, + Version::Tls12, + Version::Tls13, + Some(Version::Tls13) + ))] #[tokio::test] async fn async_session_client_server_tls13_test(#[case] config: TestConfig) { run_async_session_client_server_test(config).await; diff --git a/mbedtls/tests/client_server.rs b/mbedtls/tests/client_server.rs index 76f7c7920..960e6e7be 100644 --- a/mbedtls/tests/client_server.rs +++ b/mbedtls/tests/client_server.rs @@ -378,6 +378,27 @@ mod test { Version::Tls13, Some(Version::Tls13) ))] + #[case::client1_2_server_mix(TestConfig::new( + Version::Tls12, + Version::Tls12, + Version::Tls12, + Version::Tls13, + Some(Version::Tls12) + ))] + #[case::client1_3_server_mix(TestConfig::new( + Version::Tls13, + Version::Tls13, + Version::Tls12, + Version::Tls13, + Some(Version::Tls13) + ))] + #[case::client_mix_server_mix(TestConfig::new( + Version::Tls12, + Version::Tls13, + Version::Tls12, + Version::Tls13, + Some(Version::Tls13) + ))] fn client_server_tls13_test( #[case] config: TestConfig, #[values(false, true)] use_psk: bool, diff --git a/mbedtls/tests/ssl_conf_ca_cb.rs b/mbedtls/tests/ssl_conf_ca_cb.rs index 4122028f3..f6d6cbd02 100644 --- a/mbedtls/tests/ssl_conf_ca_cb.rs +++ b/mbedtls/tests/ssl_conf_ca_cb.rs @@ -35,6 +35,10 @@ where let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default); config.set_rng(rng); config.set_ca_callback(ca_callback); + // The certificates in this test now only support TLS 1.2 + // TODO: update tests to cover TLS 1.3 + config.set_min_version(mbedtls::ssl::Version::Tls12)?; + config.set_max_version(mbedtls::ssl::Version::Tls12)?; let mut ctx = Context::new(Arc::new(config)); ctx.establish(conn, None).map(|_| ()) } @@ -47,6 +51,10 @@ fn server(conn: TcpStream, cert: &[u8], key: &[u8]) -> TlsResult<()> { let mut config = Config::new(Endpoint::Server, Transport::Stream, Preset::Default); config.set_rng(rng); config.push_cert(cert, key)?; + // The certificates in this test now only support TLS 1.2 + // TODO: update tests to cover TLS 1.3 + config.set_min_version(mbedtls::ssl::Version::Tls12)?; + config.set_max_version(mbedtls::ssl::Version::Tls12)?; let mut ctx = Context::new(Arc::new(config)); let _ = ctx.establish(conn, None);