Skip to content

Compliance fixes + verification paths #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gasbytes merged 7 commits into from
Mar 27, 2026
Merged

Compliance fixes + verification paths #90

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
cdc4a77
DHCP: escalate failed enqueues
danielinux Mar 27, 2026
064ccd8
Add test case: ip_recv() ESP unwrapping
danielinux Mar 27, 2026
605ed50
DNS: properly handle initial send failures
danielinux Mar 27, 2026
5666e7e
Resolve wrong value returned by getsockopt(IP_RECV_TTL)
danielinux Mar 27, 2026
fa94e4b
Add tests proving ARP negotiation is triggered by UDP / ICMP traffic
danielinux Mar 27, 2026
96a8d8d
Added tests for non-Ethernet receive framing path
danielinux Mar 27, 2026
4474d70
Addressed copilot's review comments
danielinux Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion src/test/unit/unit.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ Suite *wolf_suite(void)
tcase_add_test(tc_utils, test_sock_setsockopt_recvttl);
tcase_add_test(tc_utils, test_sock_setsockopt_invalid_socket);
tcase_add_test(tc_utils, test_sock_setsockopt_recvttl_invalid_params);
tcase_add_test(tc_utils, test_sock_getsockopt_recvttl_value);
tcase_add_test(tc_utils, test_sock_getsockopt_recvttl_enabled_state);
tcase_add_test(tc_utils, test_sock_getsockopt_invalid_socket);
tcase_add_test(tc_utils, test_sock_can_read_write_paths);
tcase_add_test(tc_utils, test_sock_getsockopt_recvttl_invalid_params);
Expand Down Expand Up @@ -309,11 +309,15 @@ Suite *wolf_suite(void)
tcase_add_test(tc_utils, test_tcp_persist_cb_stops_when_window_reopens);
tcase_add_test(tc_utils, test_poll_tcp_arp_request_on_miss);
tcase_add_test(tc_utils, test_poll_udp_send_on_arp_hit);
tcase_add_test(tc_utils, test_poll_udp_send_on_arp_miss_requests_arp_and_retains_queue);
tcase_add_test(tc_utils, test_poll_icmp_send_on_arp_hit);
tcase_add_test(tc_utils, test_poll_icmp_send_on_arp_miss_requests_arp_and_retains_queue);
tcase_add_test(tc_utils, test_dhcp_timer_cb_paths);
tcase_add_test(tc_utils, test_dhcp_client_init_and_bound);
tcase_add_test(tc_utils, test_dhcp_send_request_renewing_sets_ciaddr_and_rebind_deadline);
tcase_add_test(tc_utils, test_dhcp_send_request_rebinding_broadcasts_to_lease_expiry);
tcase_add_test(tc_utils, test_dhcp_send_request_send_failure_retries_next_tick);
tcase_add_test(tc_utils, test_dhcp_send_discover_send_failure_retries_next_tick);
tcase_add_test(tc_utils, test_dhcp_poll_offer_and_ack);
tcase_add_test(tc_utils, test_dhcp_poll_renewing_ack_binds_client);
tcase_add_test(tc_utils, test_dhcp_poll_rebinding_ack_binds_client);
Expand Down Expand Up @@ -370,6 +374,8 @@ Suite *wolf_suite(void)
tcase_add_test(tc_utils, test_ll_send_frame_drops_oversize);
tcase_add_test(tc_utils, test_ll_helpers_invalid_inputs);
tcase_add_test(tc_utils, test_non_ethernet_recv_oversize_dropped);
tcase_add_test(tc_utils, test_non_ethernet_recv_wrapper_delivers_udp_and_skips_eth_filter);
tcase_add_test(tc_utils, test_non_ethernet_recv_ex_wrapper_delivers_udp_on_second_if);
#endif
tcase_add_test(tc_utils, test_dns_format_ptr_name);
tcase_add_test(tc_utils, test_dns_skip_and_copy_name);
Expand All @@ -378,6 +384,7 @@ Suite *wolf_suite(void)
tcase_add_test(tc_utils, test_dns_schedule_timer_initial_jitter_and_cancel);
tcase_add_test(tc_utils, test_dns_schedule_timer_caps_large_retry_shift);
tcase_add_test(tc_utils, test_dns_send_query_schedules_timeout);
tcase_add_test(tc_utils, test_dns_send_query_send_failure_clears_outstanding_state);
tcase_add_test(tc_utils, test_dns_resend_query_uses_stored_query_buffer);
tcase_add_test(tc_utils, test_dns_resend_query_fails_without_valid_socket);
tcase_add_test(tc_utils, test_dns_resend_query_fails_without_cached_query_buffer);
Expand Down
154 changes: 154 additions & 0 deletions src/test/unit/unit_esp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,12 +129,62 @@ static uint32_t build_ip_packet(uint8_t *buf, size_t buf_size,
return frame_len;
}

static uint32_t build_udp_ip_packet(uint8_t *buf, size_t buf_size,
uint32_t src_ip, uint32_t dst_ip,
uint16_t src_port, uint16_t dst_port,
const uint8_t *payload, uint16_t payload_len)
{
struct wolfIP_ip_packet *ip;
struct wolfIP_udp_datagram *udp;
uint32_t frame_len;
uint16_t udp_len = (uint16_t)(UDP_HEADER_LEN + payload_len);

frame_len = build_ip_packet(buf, buf_size, WI_IPPROTO_UDP, NULL, udp_len);
ip = (struct wolfIP_ip_packet *)buf;
udp = (struct wolfIP_udp_datagram *)ip;

ip->src = ee32(src_ip);
ip->dst = ee32(dst_ip);
udp->src_port = ee16(src_port);
udp->dst_port = ee16(dst_port);
udp->len = ee16(udp_len);
udp->csum = 0;
if (payload_len > 0U) {
memcpy(udp->data, payload, payload_len);
}
ip->csum = 0;
iphdr_set_checksum(ip);

return frame_len;
}

static void esp_setup(void)
{
int ret = wolfIP_esp_init();
ck_assert_int_eq(ret, 0);
}

static void esp_add_cbc_test_sas(void)
{
int ret;

ret = wolfIP_esp_sa_new_cbc_hmac(0, (uint8_t *)spi_rt,
atoip4(T_SRC), atoip4(T_DST),
(uint8_t *)k_aes128, sizeof(k_aes128),
ESP_AUTH_SHA256_RFC4868,
(uint8_t *)k_auth16, sizeof(k_auth16),
ESP_ICVLEN_HMAC_128);
ck_assert_int_eq(ret, 0);

ret = wolfIP_esp_sa_new_cbc_hmac(1, (uint8_t *)spi_rt,
atoip4(T_SRC), atoip4(T_DST),
(uint8_t *)k_aes128, sizeof(k_aes128),
ESP_AUTH_SHA256_RFC4868,
(uint8_t *)k_auth16, sizeof(k_auth16),
ESP_ICVLEN_HMAC_128);
ck_assert_int_eq(ret, 0);
}

/* Creating an HMAC-only SA with valid params must succeed. */
START_TEST(test_sa_hmac_good)
{
Expand Down Expand Up @@ -1278,6 +1328,105 @@ START_TEST(test_wrap_rejects_ip_len_below_header)
}
END_TEST

START_TEST(test_ip_recv_esp_transport_delivers_udp_payload)
{
static uint8_t buf[LINK_MTU + 256];
struct wolfIP s;
struct wolfIP_ip_packet *ip = (struct wolfIP_ip_packet *)buf;
struct wolfIP_sockaddr_in sin;
uint8_t payload[] = { 'e', 's', 'p', '!' };
uint8_t rxbuf[sizeof(payload)] = {0};
uint32_t frame_len;
uint16_t ip_len;
int udp_sd;
int ret;

wolfIP_init(&s);
esp_setup();
esp_add_cbc_test_sas();
wolfIP_ipconfig_set(&s, atoip4(T_DST), 0xFFFFFF00U, 0);

udp_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_DGRAM, WI_IPPROTO_UDP);
ck_assert_int_gt(udp_sd, 0);

memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = ee16(1234);
sin.sin_addr.s_addr = ee32(atoip4(T_DST));
ck_assert_int_eq(wolfIP_sock_bind(&s, udp_sd, (struct wolfIP_sockaddr *)&sin, sizeof(sin)), 0);

frame_len = build_udp_ip_packet(buf, sizeof(buf), atoip4(T_SRC), atoip4(T_DST),
4321, 1234, payload, sizeof(payload));
ip_len = (uint16_t)(frame_len - ETH_HEADER_LEN);

ret = esp_transport_wrap(ip, &ip_len);
ck_assert_int_eq(ret, 0);

frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
ip->proto = 0x32U;
ip->len = ee16(ip_len);
ip->csum = 0U;
iphdr_set_checksum(ip);

ip_recv(&s, 0, ip, frame_len);

ret = wolfIP_sock_recvfrom(&s, udp_sd, rxbuf, sizeof(rxbuf), 0, NULL, NULL);
ck_assert_int_eq(ret, (int)sizeof(payload));
ck_assert_mem_eq(rxbuf, payload, sizeof(payload));
}
END_TEST

START_TEST(test_ip_recv_esp_transport_unwrap_failure_drops_packet)
{
static uint8_t buf[LINK_MTU + 256];
struct wolfIP s;
struct wolfIP_ip_packet *ip = (struct wolfIP_ip_packet *)buf;
struct wolfIP_sockaddr_in sin;
uint8_t payload[] = { 'b', 'a', 'd', '!' };
uint8_t rxbuf[sizeof(payload)] = {0};
uint32_t frame_len;
uint16_t ip_len;
uint32_t esp_len;
int udp_sd;
int ret;

wolfIP_init(&s);
esp_setup();
esp_add_cbc_test_sas();
wolfIP_ipconfig_set(&s, atoip4(T_DST), 0xFFFFFF00U, 0);

udp_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_DGRAM, WI_IPPROTO_UDP);
ck_assert_int_gt(udp_sd, 0);

memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = ee16(1234);
sin.sin_addr.s_addr = ee32(atoip4(T_DST));
ck_assert_int_eq(wolfIP_sock_bind(&s, udp_sd, (struct wolfIP_sockaddr *)&sin, sizeof(sin)), 0);

frame_len = build_udp_ip_packet(buf, sizeof(buf), atoip4(T_SRC), atoip4(T_DST),
4321, 1234, payload, sizeof(payload));
ip_len = (uint16_t)(frame_len - ETH_HEADER_LEN);

ret = esp_transport_wrap(ip, &ip_len);
ck_assert_int_eq(ret, 0);

frame_len = (uint32_t)ip_len + ETH_HEADER_LEN;
ip->proto = 0x32U;
ip->len = ee16(ip_len);
ip->csum = 0U;
iphdr_set_checksum(ip);

esp_len = frame_len - ETH_HEADER_LEN - IP_HEADER_LEN;
ip->data[esp_len - 1U] ^= 0xFFU;

ip_recv(&s, 0, ip, frame_len);

ret = wolfIP_sock_recvfrom(&s, udp_sd, rxbuf, sizeof(rxbuf), 0, NULL, NULL);
ck_assert_int_eq(ret, -WOLFIP_EAGAIN);
}
END_TEST

static Suite *esp_suite(void)
{
Suite *s;
Expand Down Expand Up @@ -1352,6 +1501,11 @@ static Suite *esp_suite(void)
tcase_add_test(tc, test_ciphertext_tamper_cbc_sha256);
suite_add_tcase(s, tc);

tc = tcase_create("ip_recv");
tcase_add_test(tc, test_ip_recv_esp_transport_delivers_udp_payload);
tcase_add_test(tc, test_ip_recv_esp_transport_unwrap_failure_drops_packet);
suite_add_tcase(s, tc);

/* No-SA outbound path */
tc = tcase_create("no_sa");
tcase_add_test(tc, test_wrap_no_matching_sa);
Expand Down
4 changes: 2 additions & 2 deletions src/test/unit/unit_tests_api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3358,7 +3358,7 @@ START_TEST(test_sock_setsockopt_invalid_socket)
}
END_TEST

START_TEST(test_sock_getsockopt_recvttl_value)
START_TEST(test_sock_getsockopt_recvttl_enabled_state)
{
struct wolfIP s;
int udp_sd;
Expand All @@ -3374,7 +3374,7 @@ START_TEST(test_sock_getsockopt_recvttl_value)
s.udpsockets[SOCKET_UNMARK(udp_sd)].last_pkt_ttl = 77;

ck_assert_int_eq(wolfIP_sock_getsockopt(&s, udp_sd, WOLFIP_SOL_IP, WOLFIP_IP_RECVTTL, &value, &len), 0);
ck_assert_int_eq(value, 77);
ck_assert_int_eq(value, 1);
}
END_TEST

Expand Down
Loading
Loading