feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

server/client: add --cid option to use ConnectionID extension

Browse Source
This commit is contained in:
Marco Oliverio
2022-08-10 16:41:42 +02:00
parent cfbd061625
commit 90fcd95f9b
2 changed files with 115 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
examples/client/client.c
View File

@@ -1894,6 +1894,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
* --waitTicket in the command line and fail */ * --waitTicket in the command line and fail */
{"waitTicket", 0, 261}, {"waitTicket", 0, 261},
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
#ifdef WOLFSSL_DTLS_CID
{"cid", 2, 262},
#endif /* WOLFSSL_DTLS_CID */
{ 0, 0, 0 } { 0, 0, 0 }
}; };
#endif #endif
@@ -2023,6 +2026,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
int waitTicket = 0; int waitTicket = 0;
#endif /* HAVE_SESSION_TICKET */ #endif /* HAVE_SESSION_TICKET */
#ifdef WOLFSSL_DTLS_CID
int useDtlsCID = 0;
char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 };
#endif /* WOLFSSL_DTLS_CID */
char buffer[WOLFSSL_MAX_ERROR_SZ]; char buffer[WOLFSSL_MAX_ERROR_SZ];
@@ -2178,7 +2185,19 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif /* HAVE_SESSION_TICKET */ #endif /* HAVE_SESSION_TICKET */
break; break;
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
#ifdef WOLFSSL_DTLS_CID
case 262:
useDtlsCID = 1;
if (myoptarg != NULL) {
if (strlen(myoptarg) >= DTLS_CID_BUFFER_SIZE) {
err_sys("provided connection ID is too big");
}
else {
strcpy(dtlsCID, myoptarg);
}
}
break;
#endif /* WOLFSSL_CID */
case 'G' : case 'G' :
#ifdef WOLFSSL_SCTP #ifdef WOLFSSL_SCTP
doDTLS = 1; doDTLS = 1;
@@ -3709,6 +3728,18 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
SetupAtomicUser(ctx, ssl); SetupAtomicUser(ctx, ssl);
#endif #endif
#ifdef WOLFSSL_DTLS_CID
if (useDtlsCID) {
ret = wolfSSL_dtls_cid_use(ssl);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't enable DTLS ConnectionID");
ret =
wolfSSL_dtls_cid_set(ssl, (unsigned char*)dtlsCID, strlen(dtlsCID));
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't set DTLS ConnectionID");
}
#endif /* WOLFSSL_DTLS_CID */
if (matchName && doPeerCheck) if (matchName && doPeerCheck)
wolfSSL_check_domain_name(ssl, domain); wolfSSL_check_domain_name(ssl, domain);
#ifndef WOLFSSL_CALLBACKS #ifndef WOLFSSL_CALLBACKS
@@ -3922,6 +3953,32 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} }
#endif #endif
#ifdef WOLFSSL_DTLS_CID
if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) {
unsigned char receivedCID[DTLS_CID_BUFFER_SIZE];
unsigned int receivedCIDSz;
printf("CID extension was negotiated\n");
ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't get negotiated DTLS CID size\n");
if (receivedCIDSz > 0) {
ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
DTLS_CID_BUFFER_SIZE - 1);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't get negotiated DTLS CID\n");
printf("Sending CID is ");
printBuffer(receivedCID, receivedCIDSz);
printf("\n");
}
else {
printf("other peer provided empty CID\n");
}
}
#endif /* WOLFSSL_DTLS_CID */
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
if (scr && forceScr) { if (scr && forceScr) {
if (nonBlocking) { if (nonBlocking) {

57
examples/server/server.c
View File

@@ -1452,6 +1452,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef CAN_FORCE_CURVE #ifdef CAN_FORCE_CURVE
{ "force-curve", 2, 262}, { "force-curve", 2, 262},
#endif #endif
#ifdef WOLFSSL_DTLS_CID
{"cid", 2, 263},
#endif /* WOLFSSL_DTLS_CID */
{ 0, 0, 0 } { 0, 0, 0 }
}; };
#endif #endif
@@ -1566,6 +1569,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
!defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK)
int doDhKeyCheck = 1; int doDhKeyCheck = 1;
#endif #endif
#ifdef WOLFSSL_DTLS_CID
int useDtlsCID = 0;
char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 };
#endif /* WOLFSSL_DTLS_CID */
#ifdef WOLFSSL_STATIC_MEMORY #ifdef WOLFSSL_STATIC_MEMORY
/* Note: Actual memory used is much less, this is the entire buffer buckets, /* Note: Actual memory used is much less, this is the entire buffer buckets,
@@ -2292,6 +2299,19 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
} }
break; break;
#endif /* CAN_FORCE_CURVE */ #endif /* CAN_FORCE_CURVE */
#ifdef WOLFSSL_DTLS_CID
case 263:
useDtlsCID = 1;
if (myoptarg != NULL) {
if (strlen(myoptarg) >= DTLS_CID_BUFFER_SIZE) {
err_sys("provided connection ID is too big");
}
else {
strcpy(dtlsCID, myoptarg);
}
}
break;
#endif /* WOLFSSL_CID */
default: default:
Usage(); Usage();
XEXIT_T(MY_EX_USAGE); XEXIT_T(MY_EX_USAGE);
@@ -2842,6 +2862,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif #endif
#endif #endif
while (1) { while (1) {
/* allow resume option */ /* allow resume option */
if (resumeCount > 1) { if (resumeCount > 1) {
@@ -3262,6 +3283,17 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif #endif
} }
#ifdef WOLFSSL_DTLS_CID
if (useDtlsCID) {
ret = wolfSSL_dtls_cid_use(ssl);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't enable DTLS ConnectionID");
ret = wolfSSL_dtls_cid_set(ssl, (byte*)dtlsCID, strlen(dtlsCID));
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't set DTLS ConnectionID");
}
#endif /* WOLFSSL_DTLS_CID */
#ifndef WOLFSSL_CALLBACKS #ifndef WOLFSSL_CALLBACKS
if (nonBlocking) { if (nonBlocking) {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
@@ -3442,6 +3474,31 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
} }
#endif /* WOLFSSL_SRTP */ #endif /* WOLFSSL_SRTP */
#ifdef WOLFSSL_DTLS_CID
if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) {
byte receivedCID[DTLS_CID_BUFFER_SIZE];
unsigned int receivedCIDSz;
printf("CID extension was negotiated\n");
ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't get negotiated DTLS CID size\n");
if (receivedCIDSz > 0) {
ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID,
DTLS_CID_BUFFER_SIZE - 1);
if (ret != WOLFSSL_SUCCESS)
err_sys("Can't get negotiated DTLS CID\n");
printf("Sending CID is ");
printBuffer(receivedCID, receivedCIDSz);
printf("\n");
}
else {
printf("other peer provided empty CID\n");
}
}
#endif
#ifdef HAVE_ALPN #ifdef HAVE_ALPN
if (alpnList != NULL) { if (alpnList != NULL) {
char *protocol_name = NULL, *list = NULL; char *protocol_name = NULL, *list = NULL;