From 90fcd95f9b0b7614bd7c6034eed0b3d0a51118e0 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Wed, 10 Aug 2022 16:41:42 +0200 Subject: [PATCH] server/client: add --cid option to use ConnectionID extension --- examples/client/client.c | 59 +++++++++++++++++++++++++++++++++++++++- examples/server/server.c | 57 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index 89d9b07d4..4d16b224d 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1894,6 +1894,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) * --waitTicket in the command line and fail */ {"waitTicket", 0, 261}, #endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_DTLS_CID + {"cid", 2, 262}, +#endif /* WOLFSSL_DTLS_CID */ { 0, 0, 0 } }; #endif @@ -2023,6 +2026,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifdef HAVE_SESSION_TICKET int waitTicket = 0; #endif /* HAVE_SESSION_TICKET */ +#ifdef WOLFSSL_DTLS_CID + int useDtlsCID = 0; + char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 }; +#endif /* WOLFSSL_DTLS_CID */ char buffer[WOLFSSL_MAX_ERROR_SZ]; @@ -2178,7 +2185,19 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif /* HAVE_SESSION_TICKET */ break; #endif /* WOLFSSL_DTLS13 */ - +#ifdef WOLFSSL_DTLS_CID + case 262: + useDtlsCID = 1; + if (myoptarg != NULL) { + if (strlen(myoptarg) >= DTLS_CID_BUFFER_SIZE) { + err_sys("provided connection ID is too big"); + } + else { + strcpy(dtlsCID, myoptarg); + } + } + break; +#endif /* WOLFSSL_CID */ case 'G' : #ifdef WOLFSSL_SCTP doDTLS = 1; @@ -3709,6 +3728,18 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) SetupAtomicUser(ctx, ssl); #endif +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID) { + ret = wolfSSL_dtls_cid_use(ssl); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't enable DTLS ConnectionID"); + ret = + wolfSSL_dtls_cid_set(ssl, (unsigned char*)dtlsCID, strlen(dtlsCID)); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't set DTLS ConnectionID"); + } +#endif /* WOLFSSL_DTLS_CID */ + if (matchName && doPeerCheck) wolfSSL_check_domain_name(ssl, domain); #ifndef WOLFSSL_CALLBACKS @@ -3922,6 +3953,32 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) { + unsigned char receivedCID[DTLS_CID_BUFFER_SIZE]; + unsigned int receivedCIDSz; + + printf("CID extension was negotiated\n"); + ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't get negotiated DTLS CID size\n"); + + if (receivedCIDSz > 0) { + ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, + DTLS_CID_BUFFER_SIZE - 1); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't get negotiated DTLS CID\n"); + + printf("Sending CID is "); + printBuffer(receivedCID, receivedCIDSz); + printf("\n"); + } + else { + printf("other peer provided empty CID\n"); + } + } +#endif /* WOLFSSL_DTLS_CID */ + #ifdef HAVE_SECURE_RENEGOTIATION if (scr && forceScr) { if (nonBlocking) { diff --git a/examples/server/server.c b/examples/server/server.c index 8f167bae5..36e29a50d 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1452,6 +1452,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #ifdef CAN_FORCE_CURVE { "force-curve", 2, 262}, #endif +#ifdef WOLFSSL_DTLS_CID + {"cid", 2, 263}, +#endif /* WOLFSSL_DTLS_CID */ { 0, 0, 0 } }; #endif @@ -1566,6 +1569,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) int doDhKeyCheck = 1; #endif +#ifdef WOLFSSL_DTLS_CID + int useDtlsCID = 0; + char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 }; +#endif /* WOLFSSL_DTLS_CID */ #ifdef WOLFSSL_STATIC_MEMORY /* Note: Actual memory used is much less, this is the entire buffer buckets, @@ -2292,6 +2299,19 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } break; #endif /* CAN_FORCE_CURVE */ +#ifdef WOLFSSL_DTLS_CID + case 263: + useDtlsCID = 1; + if (myoptarg != NULL) { + if (strlen(myoptarg) >= DTLS_CID_BUFFER_SIZE) { + err_sys("provided connection ID is too big"); + } + else { + strcpy(dtlsCID, myoptarg); + } + } + break; +#endif /* WOLFSSL_CID */ default: Usage(); XEXIT_T(MY_EX_USAGE); @@ -2842,6 +2862,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif #endif + while (1) { /* allow resume option */ if (resumeCount > 1) { @@ -3262,6 +3283,17 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif } +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID) { + ret = wolfSSL_dtls_cid_use(ssl); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't enable DTLS ConnectionID"); + ret = wolfSSL_dtls_cid_set(ssl, (byte*)dtlsCID, strlen(dtlsCID)); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't set DTLS ConnectionID"); + } +#endif /* WOLFSSL_DTLS_CID */ + #ifndef WOLFSSL_CALLBACKS if (nonBlocking) { #ifdef WOLFSSL_DTLS @@ -3442,6 +3474,31 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) } #endif /* WOLFSSL_SRTP */ +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) { + byte receivedCID[DTLS_CID_BUFFER_SIZE]; + unsigned int receivedCIDSz; + printf("CID extension was negotiated\n"); + ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't get negotiated DTLS CID size\n"); + + if (receivedCIDSz > 0) { + ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, + DTLS_CID_BUFFER_SIZE - 1); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't get negotiated DTLS CID\n"); + + printf("Sending CID is "); + printBuffer(receivedCID, receivedCIDSz); + printf("\n"); + } + else { + printf("other peer provided empty CID\n"); + } + } +#endif + #ifdef HAVE_ALPN if (alpnList != NULL) { char *protocol_name = NULL, *list = NULL;