Validate additionally outgoing DATA messages (#97)

* Add protocol version check for outgoing DATA messages * Report error on STREAM_START message with a mismatched version in SOURCE mode * Fix typo in AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_PROTOCOL_VERSION_MISSMATCH error name * Add a new function to secure tunnel vtable (aws_secure_tunnel_operation_prepare_message_for_send_fn) to perform actions on outbound message in event loop thread before sending the message * Define new errors for reporting issues on sending messages * Fix data race on sending DATA, STREAM_START, CONNECTION_START messages * Add tests for sending DATA messages with mismatched protocol or on inactive connections * Add tests for sending STREAM_START and CONNECTION messages (in SOURCE mode) * Fix data race in tests by moving mocked WebSocket operations to event loop thread
awslabs · Aug 24, 2023 · 6acf306 · 6acf306
1 parent fb6cd3e
commit 6acf306
Show file tree

Hide file tree

Showing 9 changed files with 1,182 additions and 247 deletions.
diff --git a/include/aws/iotdevice/iotdevice.h b/include/aws/iotdevice/iotdevice.h
@@ -38,9 +38,15 @@ enum aws_iotdevice_error {
     AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_OPERATION_FAILED_DUE_TO_OFFLINE_QUEUE_POLICY,
     AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_UNEXPECTED_HANGUP,
     AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_USER_REQUESTED_STOP,
+    /* NOTE Leave the old name for compatibility. */
     AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_PROTOCOL_VERSION_MISSMATCH,
+    AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_PROTOCOL_VERSION_MISMATCH =
+        AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_PROTOCOL_VERSION_MISSMATCH,
     AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_TERMINATED,
     AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_DECODE_FAILURE,
+    AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_DATA_NO_ACTIVE_CONNECTION,
+    AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_DATA_PROTOCOL_VERSION_MISMATCH,
+    AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_INACTIVE_SERVICE_ID,
 
     AWS_ERROR_END_IOTDEVICE_RANGE = AWS_ERROR_ENUM_END_RANGE(AWS_C_IOTDEVICE_PACKAGE_ID),
 };

diff --git a/include/aws/iotdevice/private/secure_tunneling_impl.h b/include/aws/iotdevice/private/secure_tunneling_impl.h
@@ -163,7 +163,7 @@ struct aws_secure_tunnel_connections {
     /* Table containing streams using multiplexing (service ids) */
     struct aws_hash_table service_ids;
 
-    /* Message used for initializing a stream upon a reconnect due to a protocol version missmatch */
+    /* Message used for initializing a stream upon a reconnect due to a protocol version mismatch */
     struct aws_secure_tunnel_message_storage *restore_stream_message_view;
     struct aws_secure_tunnel_message_storage restore_stream_message;
 };

diff --git a/include/aws/iotdevice/private/secure_tunneling_operations.h b/include/aws/iotdevice/private/secure_tunneling_operations.h
@@ -62,6 +62,11 @@ struct aws_secure_tunnel_operation_vtable {
     int (*aws_secure_tunnel_operation_set_connection_start_id)(
         struct aws_secure_tunnel_operation *operation,
         struct aws_secure_tunnel *secure_tunnel);
+
+    /* Perform actions on outbound message before sending it */
+    void (*aws_secure_tunnel_operation_prepare_message_for_send_fn)(
+        struct aws_secure_tunnel_operation *operation,
+        struct aws_secure_tunnel *secure_tunnel);
 };
 
 /**

diff --git a/include/aws/iotdevice/secure_tunneling.h b/include/aws/iotdevice/secure_tunneling.h
@@ -318,11 +318,25 @@ const char *aws_secure_tunnel_message_type_to_c_string(enum aws_secure_tunnel_me
 //***********************************************************************************************************************
 /* THIS API SHOULD ONLY BE USED FROM SOURCE MODE */
 //***********************************************************************************************************************
+/**
+ * Queue a STREAM_START message in a secure tunnel
+ * @note This function should only be used from source mode.
+ * @param secure_tunnel secure tunnel to queue a message for
+ * @param message_options configuration options for the message operation
+ * @return success/failure in the synchronous logic that kicks off the message operation
+ */
 AWS_IOTDEVICE_API
 int aws_secure_tunnel_stream_start(
     struct aws_secure_tunnel *secure_tunnel,
     const struct aws_secure_tunnel_message_view *message_options);
 
+/**
+ * Queue a CONNECTION_START message in a secure tunnel
+ * @note This function should only be used from source mode.
+ * @param secure_tunnel secure tunnel to queue a message for
+ * @param message_options configuration options for the message operation
+ * @return success/failure in the synchronous logic that kicks off the message operation
+ */
 AWS_IOTDEVICE_API
 int aws_secure_tunnel_connection_start(
     struct aws_secure_tunnel *secure_tunnel,
@@ -331,6 +345,13 @@ int aws_secure_tunnel_connection_start(
 //***********************************************************************************************************************
 /* THIS API SHOULD NOT BE USED BY THE CUSTOMER AND IS DEPRECATED */
 //***********************************************************************************************************************
+/**
+ * Queue a STREAM_RESET message in a secure tunnel
+ * @deprecated This function should not be used.
+ * @param secure_tunnel secure tunnel to queue a message for
+ * @param message_options configuration options for the message operation
+ * @return success/failure in the synchronous logic that kicks off the message operation
+ */
 AWS_IOTDEVICE_API
 int aws_secure_tunnel_stream_reset(
     struct aws_secure_tunnel *secure_tunnel,

diff --git a/source/iotdevice.c b/source/iotdevice.c
@@ -77,22 +77,31 @@ static struct aws_error_info s_errors[] = {
         "Error while processing secure tunnel operational state."),
     AWS_DEFINE_ERROR_INFO_IOTDEVICE(
         AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_OPERATION_FAILED_DUE_TO_OFFLINE_QUEUE_POLICY,
-        "Error while processing secure tunnel operational state."),
+        "Secure Tunnel operation failed due to offline queue policy."),
     AWS_DEFINE_ERROR_INFO_IOTDEVICE(
         AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_UNEXPECTED_HANGUP,
         "The connection was closed unexpectedly."),
     AWS_DEFINE_ERROR_INFO_IOTDEVICE(
         AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_USER_REQUESTED_STOP,
         "Secure Tunnel connection interrupted by user request."),
     AWS_DEFINE_ERROR_INFO_IOTDEVICE(
-        AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_PROTOCOL_VERSION_MISSMATCH,
-        "Secure Tunnel connection interrupted due to a protocol version missmatch."),
+        AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_PROTOCOL_VERSION_MISMATCH,
+        "Secure Tunnel connection interrupted due to a protocol version mismatch."),
     AWS_DEFINE_ERROR_INFO_IOTDEVICE(
         AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_TERMINATED,
         "Secure Tunnel terminated by user request."),
-        AWS_DEFINE_ERROR_INFO_IOTDEVICE(
-            AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_DECODE_FAILURE,
-            "Error occured while decoding an incoming message." ),
+    AWS_DEFINE_ERROR_INFO_IOTDEVICE(
+        AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_DECODE_FAILURE,
+        "Error occured while decoding an incoming message." ),
+    AWS_DEFINE_ERROR_INFO_IOTDEVICE(
+        AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_DATA_NO_ACTIVE_CONNECTION,
+        "DATA message processing failed due to no active connection found." ),
+    AWS_DEFINE_ERROR_INFO_IOTDEVICE(
+        AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_DATA_PROTOCOL_VERSION_MISMATCH,
+        "DATA message processing failed due to a protocol version mismatch." ),
+    AWS_DEFINE_ERROR_INFO_IOTDEVICE(
+        AWS_ERROR_IOTDEVICE_SECURE_TUNNELING_INACTIVE_SERVICE_ID,
+        "Secure Tunnel operation failed due to using inactive service id." ),
 };
 /* clang-format on */
 #undef AWS_DEFINE_ERROR_INFO_IOTDEVICE