Home » Eclipse Projects » Eclipse Titan » Using TLS/DTLS with Titan test ports part3 (DTLS/UDP with the IPL4 test port)
| Using TLS/DTLS with Titan test ports part3 [message #1754847] |
Thu, 23 February 2017 07:47 |
|
Chapter 4. The IPL4 test port (https://github.com/eclipse/titan.TestPorts.IPL4asp) in DTLS/UDP mode (requires https://github.com/eclipse/titan.TestPorts.Common_Components.Socket-API)
The Datagram Transport Layer Security (DTLS) is the soemwhat lesser-known little sister (brother?) of TLS and provides security for datagram protocols.
The DTLS protocol datagram preserves the semantics of the underlying transport -- the application does not suffer from the delays associated with stream protocols,
but has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet.
There are two DTLS versions out in the wild: DTLS 1.0 is based on TLS 1.1, while DTLS 1.2 on TLS 1.2
To play with DTLS, I have installed the latest available version of OpenSSL:
which openssl
/usr/local/openssl/bin/openssl
ntaf@ntaf:~$ openssl version
OpenSSL 1.1.0d 26 Jan 2017
and compiled a Titan from the latest source code available in github:
compiler -v
TTCN-3 and ASN.1 Compiler for the TTCN-3 Test Executor
Product number: CRL 113 200/6 R1A
Build date: Feb 14 2017 06:18:59
Compiled with: GCC 5.4.0
Using OpenSSL 1.1.0d 26 Jan 2017
To compile with OpenSSL, the same mods are needed as before in the TLS/TCP case:
Makefile
:
OPENSSL_DIR = /usr/local/openssl
:
# Flags for the C++ preprocessor (and makedepend as well):
CPPFLAGS = -D$(PLATFORM) -I$(TTCN3_DIR)/include -DIPL4_USE_SSL -I$(OPENSSL_DIR)/include
:
LINUX_LIBS = -lxml2 -lssl
:
The test port parameters used were:
[TESTPORT_PARAMETERS]
*.p.debug := "Yes"
*.p.ssl_reconnect_attempts := "100"
and the TTCN-3 code:
module UDPTest {
modulepar {
charstring tsp_hostname:="127.0.0.1"
integer tsp_portnumber:=1443
boolean tsp_connect:=true //connect if true, startTLS if false
}
import from IPL4asp_Types all;
import from IPL4asp_PortType all;
type component GeneralComp
{
port IPL4asp_PT p;
timer t;
var IPL4asp_Types.Result c_res:= { errorCode := omit, connId := omit, os_error_code:=omit, os_error_text:= omit };
}
type component SystemComp
{
port IPL4asp_PT p;
}
template ASP_Send t_data3(in integer p_id, in float p_float ) :={
connId:=p_id,
proto:=omit,
msg:=char2oct("#-------------------------------\r\n# Secure transmission \r\n#-------------------------------\r\n")
}
testcase TC_UDPTest() runs on GeneralComp system SystemComp {
var float v_float:=65535.0*rnd();
var IPL4asp_Types.Result vl_result;
var integer v_cid
map(self:p, system:p);
vl_result := c_res;
if (tsp_connect) { //DTLS connect
vl_result :=f_IPL4_connect(
p,
tsp_hostname,
tsp_portnumber,
"",//default 0.0.0.0 will be used
0,//random port will be used
-1,
{dtls := { udp := {} } },
// { udp := {} },
{}
)
}
else { //UDP connect + DTLS startTLS
vl_result :=f_IPL4_connect(
p,
tsp_hostname,
tsp_portnumber,
"",//default 0.0.0.0 will be used
0,//random port will be used
-1,
//{dtls := { udp := {} } },
{ udp := {} },
{}
)
}
log("connect result",vl_result)
if (not(ispresent(vl_result.connId)))
{
log("Could not connect");
stop;
}
v_cid:=vl_result.connId
if (not(tsp_connect)) //DTLS startTLS
{
vl_result := c_res;
vl_result:=f_IPL4_StartTLS(
p,
v_cid
)
log("startTLS result ",vl_result)
}
p.send(t_data3(v_cid,v_float));
t.start(5.0)
alt
{
[] p.receive;
[] t.timeout{log("Bye")}
}
if (not(tsp_connect)) //DTLS stopTLS
{
vl_result := c_res;
vl_result:=f_IPL4_StopTLS(
p,
v_cid
)
log("stopTLS result ",vl_result)
}
vl_result := c_res;
vl_result:= f_IPL4_close(p, v_cid)
log("close result ",vl_result)
setverdict(pass);
}
control{
execute(TC_UDPTest());
}
}
Please note that if tsp_connect is set to true, then the code establishes DTLS connection at f_IPL4_connect(... {dtls := { udp := {} } },...) and tears it down
at f_IPL4_close(..). If tsp_connect is set to false, then first a UDP association is created with
f_IPL4_connect(... { udp := {},...), then DTLS is started with f_IPL4_StartTLS() ; the DTLS connection is ended with f_IPL4_StopTLS() and finally the UDP socket is closed with
f_IPL4_close().
As there are not so many public DTLS-capable servers , I have used an ad-hoc OpenSSL server:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
creates the certificate/key pair
and
(echo "Secure response"; sleep 10) | openssl s_server -key key.pem -cert cert.pem -accept 44330 -dtls1_2 -debug
//or (echo -ne "Secure response" ; cat ) | openssl s_server -key key.pem -cert cert.pem -accept 44330 -dtls1_2 -debug
will start the server (in only DTLS 1.2 mode), which will respond our message with "Secure response"
For UDPTest.tsp_connect:=true this is what happens in the server console:
(echo "Secure response"; sleep 10) | openssl s_server -key key.pem -cert cert.pem -accept 44330 -dtls1_2 -debug
Using default temp DH parameters
ACCEPT
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
0 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
read from 0xc79570 [0xc7ec03] (16717 bytes => 189 (0xBD))
0000 - 16 fe ff 00 00 00 00 00-00 00 00 00 b0 01 00 00 ................
0010 - a4 00 00 00 00 00 00 00-a4 fe fd f1 e8 2d de ea .............-..
0020 - 8a 43 84 90 8f 57 3e 26-26 b2 23 6f 7f 56 28 25 .C...W>&&.#o.V(%
0030 - c9 9f de 2e 3f bb cd 72-fd 5b d1 00 00 00 38 c0 ....?..r.[....8.
0040 - 2c c0 30 00 9f cc a9 cc-a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0050 - 9e c0 24 c0 28 00 6b c0-23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0060 - 14 00 39 c0 09 c0 13 00-33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0070 - 3c 00 35 00 2f 00 ff 01-00 00 42 00 0b 00 04 03 <.5./.....B.....
:
some gibberish here...
:
0030 - 32 4d 63 c5 36 81 8b fc-e2 0f 51 00 5c d5 ea 27 2Mc.6.....Q.\..'
0040 - 91 91 62 c6 58 c5 43 9c-4d 26 1f 22 c1 90 a3 e1 ..b.X.C.M&."....
0050 - 8f ec 03 e8 26 66 3e 7b-f0 fb f0 f6 59 0b fc 9a ....&f>{....Y...
0060 - b3 74 3c 82 a4 83 fd a3-59 1c 64 3c aa 38 32 55 .t<.....Y.d<.82U
0070 - 3b 7d e7 79 7d 62 bb dc-3b 04 68 06 96 f2 b6 2e ;}.y}b..;.h.....
0080 - 6d m
#-------------------------------
# Secure transmission
#-------------------------------
read from 0xc79570 [0xc7ec03] (16717 bytes => 39 (0x27))
0000 - 15 fe fd 00 01 00 00 00-00 00 02 00 1a 9b 8f 13 ................
0010 - 88 7c 06 90 5d ee be d3-af 31 68 21 1e f4 61 86 .|..]....1h!..a.
0020 - 35 b5 c5 50 57 e3 7f 5..PW..
DONE
shutting down SSL
CONNECTION CLOSED
ACCEPT
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
We can see that our "Secure transmission" has been received.
The Titan-side log
ttcn3_start ./UDPTest UDPTest.cfg
01:16:36.937522 - TTCN-3 Main Test Component started on ntaf. Version: CRL 113 200/6 R1A.
01:16:36.937611 - TTCN Logger v2.2 options: TimeStampFormat:=Time; LogEntityName:=No; LogEventTypes:=No; SourceInfoFormat:=Single; *.FileMask:=LOG_ALL; *.ConsoleMask:=ERROR | USER; LogFileSize:=0; LogFileNumber:=1; DiskFullAction:=Error
01:16:36.937853 - Connected to MC.
01:16:36.939966 - Executing control part of module UDPTest.
01:16:36.940042 UDPTest.ttcn:131 Execution of control part in module UDPTest started.
01:16:36.940112 UDPTest.ttcn:37 Test case TC_UDPTest started.
01:16:36.940138 UDPTest.ttcn:37 Initializing variables, timers and ports of component type UDPTest.GeneralComp inside testcase TC_UDPTest.
01:16:36.940240 UDPTest.ttcn:37 Port p was started.
01:16:36.940266 UDPTest.ttcn:37 Component type UDPTest.GeneralComp was initialized.
01:16:36.940287 UDPTest.ttcn:39 Random number generator was initialized with seed 0.940284: srand48(-798031667).
01:16:36.940311 UDPTest.ttcn:39 Function rnd() returned 0.158980.
01:16:36.940331 UDPTest.ttcn:43 Mapping port mtc:p to system:p.
01:16:36.940422 UDPTest.ttcn:43 Port p was mapped to system:p.
01:16:36.940494 UDPTest.ttcn:43 Map operation of mtc:p to system:p finished.
01:16:36.940527 UDPTest.ttcn:49 entering f__IPL4__PROVIDER__connect: :0 -> localhost:44330 / DTLS/UDP
01:16:36.940707 UDPTest.ttcn:49 entering f__IPL4__PROVIDER__listen: :0 / DTLS/UDP
01:16:36.940900 UDPTest.ttcn:49 starttls connId: 1: server_side: yes
01:16:36.942768 UDPTest.ttcn:49 starttls connId: 1: server_side: no
01:16:36.958447 UDPTest.ttcn:84 connect result{
errorCode := omit,
connId := 1,
os_error_code := omit,
os_error_text := omit
}
01:16:36.958762 UDPTest.ttcn:106 Sent on p to system @IPL4asp_Types.ASP_Send : {
connId := 1,
proto := omit,
msg := '232D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A2320536563757265207472616E736D697373696F6E200D0A232D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A'O ("#-------------------------------\r
# Secure transmission \r
#-------------------------------\r
")
}
01:16:36.958848 UDPTest.ttcn:107 Start timer t: 5 s
01:16:36.958944 UDPTest.ttcn:108 Message enqueued on p from system @IPL4asp_Types.ASP_RecvFrom : {
connId := 1,
remName := "localhost",
remPort := 44330,
locName := "0.0.0.0",
locPort := 35324,
proto := {
dtls := {
udp := { }
}
},
userData := 0,
msg := '53656375726520726573706F6E73650A'O ("Secure response
")
} id 1
01:16:36.958987 UDPTest.ttcn:110 Receive operation on port p succeeded, message from system(): @IPL4asp_Types.ASP_RecvFrom: {
connId := 1,
remName := "localhost",
remPort := 44330,
locName := "0.0.0.0",
locPort := 35324,
proto := {
dtls := {
udp := { }
}
},
userData := 0,
msg := '53656375726520726573706F6E73650A'O ("Secure response
")
} id 1
01:16:36.959005 UDPTest.ttcn:110 Message with id 1 was extracted from the queue of p.
01:16:36.959019 UDPTest.ttcn:125 p: f__IPL4__close: proto {
unspecified := { }
} connId 1
01:16:36.959100 UDPTest.ttcn:126 close result {
errorCode := omit,
connId := 1,
os_error_code := omit,
os_error_text := omit
}
01:16:36.959370 UDPTest.ttcn:128 setverdict(pass): none -> pass
01:16:36.959407 UDPTest.ttcn:128 Terminating component type UDPTest.GeneralComp.
01:16:36.959427 UDPTest.ttcn:128 Stop timer t: 5 s
01:16:36.959446 UDPTest.ttcn:128 Removing unterminated mapping between port p and system:p.
01:16:36.959469 UDPTest.ttcn:128 Port p was unmapped from system:p.
01:16:36.959545 UDPTest.ttcn:128 Port p was stopped.
01:16:36.959568 UDPTest.ttcn:128 Component type UDPTest.GeneralComp was shut down inside testcase TC_UDPTest.
01:16:36.959585 UDPTest.ttcn:128 Waiting for PTCs to finish.
01:16:36.959665 UDPTest.ttcn:128 Setting final verdict of the test case.
01:16:36.959690 UDPTest.ttcn:128 Local verdict of MTC: pass
01:16:36.959707 UDPTest.ttcn:128 No PTCs were created.
01:16:36.959720 UDPTest.ttcn:128 Test case TC_UDPTest finished. Verdict: pass
01:16:36.959739 UDPTest.ttcn:132 Execution of control part in module UDPTest finished.
01:16:36.960473 - Verdict statistics: 0 none (0.00 %), 1 pass (100.00 %), 0 inconc (0.00 %), 0 fail (0.00 %), 0 error (0.00 %).
01:16:36.960586 - Test execution summary: 1 test case was executed. Overall verdict: pass
01:16:36.960612 - Exit was requested from MC. Terminating MTC.
shows the connection establishment, secure message exchange, connection teardown.
For UDPTest.tsp_connect:=false
(echo "Secure response"; sleep 10) | openssl s_server -key key.pem -cert cert.pem -accept 44330 -dtls1_2 -debug
will generate a log similar to the above.
The Titan log
01:20:48.555484 - TTCN-3 Main Test Component started on ntaf. Version: CRL 113 200/6 R1A.
01:20:48.555592 - TTCN Logger v2.2 options: TimeStampFormat:=Time; LogEntityName:=No; LogEventTypes:=No; SourceInfoFormat:=Single; *.FileMask:=LOG_ALL; *.ConsoleMask:=ERROR | USER; LogFileSize:=0; LogFileNumber:=1; DiskFullAction:=Error
01:20:48.556288 - Connected to MC.
01:20:48.562990 - Executing control part of module UDPTest.
01:20:48.563071 UDPTest.ttcn:131 Execution of control part in module UDPTest started.
01:20:48.563153 UDPTest.ttcn:37 Test case TC_UDPTest started.
01:20:48.563183 UDPTest.ttcn:37 Initializing variables, timers and ports of component type UDPTest.GeneralComp inside testcase TC_UDPTest.
01:20:48.563243 UDPTest.ttcn:37 Port p was started.
01:20:48.563269 UDPTest.ttcn:37 Component type UDPTest.GeneralComp was initialized.
01:20:48.563289 UDPTest.ttcn:39 Random number generator was initialized with seed 0.563286: srand48(1251431540).
01:20:48.563387 UDPTest.ttcn:39 Function rnd() returned 0.339761.
01:20:48.563413 UDPTest.ttcn:43 Mapping port mtc:p to system:p.
01:20:48.563491 UDPTest.ttcn:43 Port p was mapped to system:p.
01:20:48.563559 UDPTest.ttcn:43 Map operation of mtc:p to system:p finished.
01:20:48.563592 UDPTest.ttcn:66 entering f__IPL4__PROVIDER__connect: :0 -> localhost:44330 / UDP
01:20:48.563757 UDPTest.ttcn:66 entering f__IPL4__PROVIDER__listen: :0 / UDP
01:20:48.563874 UDPTest.ttcn:84 connect result{
errorCode := omit,
connId := 1,
os_error_code := omit,
os_error_text := omit
}
01:20:48.564132 UDPTest.ttcn:97 p: f__IPL4__StartTLS: 1 server_side: false
01:20:48.564155 UDPTest.ttcn:97 p: f_IPL4_StartTLS: connId: 1, client side
01:20:48.564170 UDPTest.ttcn:97 starttls connId: 1: server_side: no
01:20:48.595554 UDPTest.ttcn:102 startTLS result {
errorCode := omit,
connId := omit,
os_error_code := omit,
os_error_text := omit
}
01:20:48.595846 UDPTest.ttcn:106 Sent on p to system @IPL4asp_Types.ASP_Send : {
connId := 1,
proto := omit,
msg := '232D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A2320536563757265207472616E736D697373696F6E200D0A232D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A'O ("#-------------------------------\r
# Secure transmission \r
#-------------------------------\r
")
}
01:20:48.595942 UDPTest.ttcn:107 Start timer t: 5 s
01:20:48.596051 UDPTest.ttcn:108 Message enqueued on p from system @IPL4asp_Types.ASP_RecvFrom : {
connId := 1,
remName := "",
remPort := -1,
locName := "0.0.0.0",
locPort := 60750,
proto := {
dtls := {
udp := { }
}
},
userData := 0,
msg := '53656375726520726573706F6E73650A'O ("Secure response
")
} id 1
01:20:48.596094 UDPTest.ttcn:110 Receive operation on port p succeeded, message from system(): @IPL4asp_Types.ASP_RecvFrom: {
connId := 1,
remName := "",
remPort := -1,
locName := "0.0.0.0",
locPort := 60750,
proto := {
dtls := {
udp := { }
}
},
userData := 0,
msg := '53656375726520726573706F6E73650A'O ("Secure response
")
} id 1
01:20:48.596114 UDPTest.ttcn:110 Message with id 1 was extracted from the queue of p.
01:20:48.596129 UDPTest.ttcn:117 p: f__IPL4__StopTLS: 1
01:20:48.596143 UDPTest.ttcn:117 p: f_IPL4_StopTLS: connId: 1
01:20:48.596156 UDPTest.ttcn:117 stoptls connId: 1
01:20:48.596215 UDPTest.ttcn:121 stopTLS result {
errorCode := omit,
connId := omit,
os_error_code := omit,
os_error_text := omit
}
01:20:48.596394 UDPTest.ttcn:125 p: f__IPL4__close: proto {
unspecified := { }
} connId 1
01:20:48.596450 UDPTest.ttcn:126 close result {
errorCode := omit,
connId := 1,
os_error_code := omit,
os_error_text := omit
}
01:20:48.596565 UDPTest.ttcn:128 setverdict(pass): none -> pass
01:20:48.596587 UDPTest.ttcn:128 Terminating component type UDPTest.GeneralComp.
01:20:48.596603 UDPTest.ttcn:128 Stop timer t: 5 s
01:20:48.596618 UDPTest.ttcn:128 Removing unterminated mapping between port p and system:p.
01:20:48.596635 UDPTest.ttcn:128 Port p was unmapped from system:p.
01:20:48.596679 UDPTest.ttcn:128 Port p was stopped.
01:20:48.596697 UDPTest.ttcn:128 Component type UDPTest.GeneralComp was shut down inside testcase TC_UDPTest.
01:20:48.596723 UDPTest.ttcn:128 Waiting for PTCs to finish.
01:20:48.596778 UDPTest.ttcn:128 Setting final verdict of the test case.
01:20:48.596798 UDPTest.ttcn:128 Local verdict of MTC: pass
01:20:48.596812 UDPTest.ttcn:128 No PTCs were created.
01:20:48.596824 UDPTest.ttcn:128 Test case TC_UDPTest finished. Verdict: pass
01:20:48.596839 UDPTest.ttcn:132 Execution of control part in module UDPTest finished.
01:20:48.597167 - Verdict statistics: 0 none (0.00 %), 1 pass (100.00 %), 0 inconc (0.00 %), 0 fail (0.00 %), 0 error (0.00 %).
01:20:48.597201 - Test execution summary: 1 test case was executed. Overall verdict: pass
01:20:48.597212 - Exit was requested from MC. Terminating MTC.
shows step-by-step establishment of UDP and DTLS layers, encrypted message exchange and tear down of the same layers in order.
The full debug logs and code archive are attached.
Best regards
Elemer
|
|
|
Goto Forum:
Current Time: Thu Apr 25 23:42:06 GMT 2024
Powered by FUDForum. Page generated in 0.02509 seconds |
] 
Search
Help
Register
Login
Home
