feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for TLS v1.3 PSK tests work with additional cipher suites (not just TLS13-AES128-GCM-SHA256) and the echo server/client.

Browse Source
This commit is contained in:
David Garske
2020-05-15 15:08:17 -07:00
parent 8823a581d0
commit 3b63e55a68
5 changed files with 35 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
examples/client/client.c
View File

@@ -2305,16 +2305,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (usePsk) { if (usePsk) {
#ifndef NO_PSK #ifndef NO_PSK
const char *defaultCipherList = cipherList;
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb); wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb);
#endif #endif
if (cipherList == NULL) { if (defaultCipherList == NULL) {
const char *defaultCipherList;
#if defined(HAVE_AESGCM) && !defined(NO_DH) #if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:" defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"TLS13-AES128-GCM-SHA256"; "DHE-PSK-AES128-GCM-SHA256:";
#else #else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif #endif
@@ -2323,12 +2324,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#else #else
defaultCipherList = "PSK-AES128-CBC-SHA256"; defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif #endif
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList)
!=WOLFSSL_SUCCESS) { !=WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL; wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("client can't set cipher list 2"); err_sys("client can't set cipher list 2");
} }
} }
wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
#endif #endif
if (useClientCert) { if (useClientCert) {
useClientCert = 0; useClientCert = 0;

6
examples/echoclient/echoclient.c
View File

@@ -164,12 +164,18 @@ void echoclient_test(void* args)
#ifdef HAVE_NULL_CIPHER #ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256"; defaultCipherList = "PSK-NULL-SHA256";
#elif defined(HAVE_AESGCM) && !defined(NO_DH) #elif defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"DHE-PSK-AES128-GCM-SHA256:";
#else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif
#else #else
defaultCipherList = "PSK-AES128-CBC-SHA256"; defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif #endif
if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=WOLFSSL_SUCCESS) if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=WOLFSSL_SUCCESS)
err_sys("client can't set cipher list 2"); err_sys("client can't set cipher list 2");
wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
} }
#endif #endif

6
examples/echoserver/echoserver.c
View File

@@ -243,12 +243,18 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#ifdef HAVE_NULL_CIPHER #ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256"; defaultCipherList = "PSK-NULL-SHA256";
#elif defined(HAVE_AESGCM) && !defined(NO_DH) #elif defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13
defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"DHE-PSK-AES128-GCM-SHA256";
#else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif
#else #else
defaultCipherList = "PSK-AES128-CBC-SHA256"; defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif #endif
if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS) if (CyaSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS)
err_sys("server can't set cipher list 2"); err_sys("server can't set cipher list 2");
wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
#endif #endif
} }

13
examples/server/server.c
View File

@@ -1731,20 +1731,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (usePsk || usePskPlus) { if (usePsk || usePskPlus) {
#ifndef NO_PSK #ifndef NO_PSK
const char *defaultCipherList = cipherList;
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_server_tls13_cb); wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_server_tls13_cb);
#endif #endif
if (sendPskIdentityHint == 1) if (sendPskIdentityHint == 1)
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
if (cipherList == NULL && !usePskPlus) { if (defaultCipherList == NULL && !usePskPlus) {
const char *defaultCipherList;
#if defined(HAVE_AESGCM) && !defined(NO_DH) #if defined(HAVE_AESGCM) && !defined(NO_DH)
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256:" defaultCipherList = "TLS13-AES128-GCM-SHA256:"
"TLS13-AES128-GCM-SHA256"; "DHE-PSK-AES128-GCM-SHA256";
#else #else
defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
#endif #endif
@@ -1758,7 +1758,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
!= WOLFSSL_SUCCESS) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "server can't set cipher list 2"); err_sys_ex(runWithErrors, "server can't set cipher list 2");
} }
#endif wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList);
#endif /* !NO_PSK */
} }
#ifndef NO_CERTS #ifndef NO_CERTS
if (mutualAuth) if (mutualAuth)

16
wolfssl/test.h
View File

@@ -1302,7 +1302,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len); XSTRNCPY(identity, kIdentityStr, id_max_len);
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
@@ -1336,7 +1336,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
return 0; return 0;
if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
@@ -1370,13 +1370,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
{ {
int i; int i;
int b = 0x01; int b = 0x01;
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
(void)ssl; (void)ssl;
(void)hint; (void)hint;
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
strncpy(identity, kIdentityStr, id_max_len); XSTRNCPY(identity, kIdentityStr, id_max_len);
for (i = 0; i < 32; i++, b += 0x22) { for (i = 0; i < 32; i++, b += 0x22) {
if (b >= 0x100) if (b >= 0x100)
@@ -1384,7 +1385,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
key[i] = b; key[i] = b;
} }
*ciphersuite = "TLS13-AES128-GCM-SHA256"; *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */ return 32; /* length of key in octets or 0 for error */
} }
@@ -1396,12 +1397,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
{ {
int i; int i;
int b = 0x01; int b = 0x01;
const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl);
(void)ssl; (void)ssl;
(void)key_max_len; (void)key_max_len;
/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0)
return 0; return 0;
for (i = 0; i < 32; i++, b += 0x22) { for (i = 0; i < 32; i++, b += 0x22) {
@@ -1410,12 +1412,12 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
key[i] = b; key[i] = b;
} }
*ciphersuite = "TLS13-AES128-GCM-SHA256"; *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256";
return 32; /* length of key in octets or 0 for error */ return 32; /* length of key in octets or 0 for error */
} }
#endif /* NO_PSK */ #endif /* !NO_PSK */
#if defined(WOLFSSL_USER_CURRTIME) #if defined(WOLFSSL_USER_CURRTIME)