Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CID interop with mbedtls #8245

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/hostap-vm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ concurrency:
# END OF COMMON SECTION

env:
LINUX_REF: v6.6
LINUX_REF: v6.12

jobs:
build_wolfssl:
Expand Down Expand Up @@ -91,6 +91,7 @@ jobs:
with:
repository: torvalds/linux
path: linux
ref: ${{ env.LINUX_REF }}

- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
Expand Down Expand Up @@ -141,7 +142,6 @@ jobs:
build_id: hostap-vm-build2
}
name: hwsim test
# For openssl 1.1
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
Expand Down
77 changes: 77 additions & 0 deletions .github/workflows/mbedtls.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
set -e
dgarske marked this conversation as resolved.
Show resolved Hide resolved
set -x

# Basic TLS test
./mbedtls/build/programs/ssl/ssl_server2 2>&1 > /tmp/server.log &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1

# Basic DTLS test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 2>&1 > /tmp/server.log &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log &
SERVER_PID=$!
sleep 0.1
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
./mbedtls/build/programs/ssl/ssl_client2 dtls=1
kill $SERVER_PID
sleep 0.1

# DTLS 1.2 CID test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 2>&1 > /tmp/server.log &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem 2>&1 > /tmp/server.log &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
89 changes: 89 additions & 0 deletions .github/workflows/mbedtls.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
name: mbedtls interop Tests

# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION

env:
MBED_REF: v3.6.2

jobs:
build_mbedtls:
name: Build mbedtls
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have mbed in cache
uses: actions/cache@v4
id: cache
with:
path: mbedtls
key: ${{ env.MBED_REF }}
lookup-only: true

- name: Checkout mbedtls
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: Mbed-TLS/mbedtls
ref: ${{ env.MBED_REF }}
path: mbedtls

- name: Compile mbedtls
if: steps.cache.outputs.cache-hit != 'true'
working-directory: mbedtls
run: |
git submodule update --init
mkdir build
cd build
cmake ..
make -j
# convert key to pem format
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem

mbedtls_test:
name: Test interop with mbedtls
runs-on: ubuntu-latest
needs: build_mbedtls
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6

- name: Checking if we have mbed in cache
uses: actions/cache/restore@v4
id: cache
with:
path: mbedtls
key: ${{ env.MBED_REF }}
fail-on-cache-miss: true

- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtlscid
install: false
check: false

- name: Test interop
run: bash wolfssl/.github/workflows/mbedtls.sh

- name: print server logs
if: ${{ failure() }}
run: |
sudo chown $USER:$USER /tmp/dump.pcap
cat /tmp/server.log

4 changes: 0 additions & 4 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -4996,10 +4996,6 @@ AC_ARG_ENABLE([dtlscid],
)
if test "x$ENABLED_DTLS_CID" = "xyes"
then
if test "x$ENABLED_DTLS13" != "xyes"
then
AC_MSG_ERROR([You need to enable DTLSv1.3 to use DTLS ConnectionID])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CID"
fi

Expand Down
4 changes: 0 additions & 4 deletions wolfssl/wolfcrypt/settings.h
Original file line number Diff line number Diff line change
Expand Up @@ -4070,10 +4070,6 @@ extern void uITRON4_free(void *p) ;
#error "DTLS v1.3 requires both WOLFSSL_TLS13 and WOLFSSL_DTLS"
#endif

#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_DTLS13)
#error "ConnectionID is supported for DTLSv1.3 only"
#endif

#if defined(WOLFSSL_QUIC) && defined(WOLFSSL_CALLBACKS)
#error WOLFSSL_QUIC is incompatible with WOLFSSL_CALLBACKS.
#endif
Expand Down
Loading