Merge pull request #1065 from JacobBarthelmeh/Testing

update DTLS export session version and tests

src/internal.c

@@ -861,14 +861,20 @@ static int dtls_export_new(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     exp[idx++] = options->createTicket;
     exp[idx++] = options->useTicket;
 #ifdef WOLFSSL_TLS13
-    exp[idx++] = options->noTicketTls13;
+    if (ver > DTLS_EXPORT_VERSION_3) {
+        exp[idx++] = options->noTicketTls13;
+    }
+#else
+    if (ver > DTLS_EXPORT_VERSION_3) {
+        exp[idx++] = 0;
+    }
 #endif
 #else
     exp[idx++] = 0;
     exp[idx++] = 0;
-#ifdef WOLFSSL_TLS13
-    exp[idx++] = 0;
-#endif
+    if (ver > DTLS_EXPORT_VERSION_3) {
+        exp[idx++] = 0;
+    }
 #endif
     exp[idx++] = options->processReply;
     exp[idx++] = options->cipherSuite0;
@@ -887,12 +893,26 @@ static int dtls_export_new(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     exp[idx++] = ssl->version.minor;
 
     (void)zero;
-    (void)ver;
 
     /* check if changes were made and notify of need to update export version */
-    if (idx != DTLS_EXPORT_OPT_SZ) {
-        WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of wolfSSL export");
-        return DTLS_EXPORT_VER_E;
+    switch (ver) {
+        case DTLS_EXPORT_VERSION_3:
+            if (idx != DTLS_EXPORT_OPT_SZ_3) {
+                WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of export");
+                return DTLS_EXPORT_VER_E;
+            }
+            break;
+
+        case DTLS_EXPORT_VERSION:
+            if (idx != DTLS_EXPORT_OPT_SZ) {
+                WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of export");
+                return DTLS_EXPORT_VER_E;
+            }
+            break;
+
+       default:
+            WOLFSSL_MSG("New version case needs added to wolfSSL export");
+            return DTLS_EXPORT_VER_E;
     }
 
     WOLFSSL_LEAVE("dtls_export_new", idx);
@@ -908,14 +928,30 @@ static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     int idx = 0;
     Options* options = &ssl->options;
 
-    if (ver != DTLS_EXPORT_VERSION) {
-        WOLFSSL_MSG("Export version not supported");
+    switch (ver) {
+        case DTLS_EXPORT_VERSION:
+            if (len < DTLS_EXPORT_OPT_SZ) {
+                WOLFSSL_MSG("Sanity check on buffer size failed");
+                return BAD_FUNC_ARG;
+            }
+            break;
+
+        case DTLS_EXPORT_VERSION_3:
+            if (len < DTLS_EXPORT_OPT_SZ_3) {
+                WOLFSSL_MSG("Sanity check on buffer size failed");
+                return BAD_FUNC_ARG;
+            }
+            break;
+
+        default:
+            WOLFSSL_MSG("Export version not supported");
+            return BAD_FUNC_ARG;
+    }
+
+    if (exp == NULL || options == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) {
-        return BAD_FUNC_ARG;
-    }
 
     /* these options are kept and sent to indicate verify status and strength
      * of handshake */
@@ -988,14 +1024,20 @@ static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     options->createTicket  = exp[idx++]; /* Server to create new Ticket */
     options->useTicket     = exp[idx++]; /* Use Ticket not session cache */
 #ifdef WOLFSSL_TLS13
-    options->noTicketTls13 = exp[idx++]; /* Server won't create new Ticket */
+    if (ver > DTLS_EXPORT_VERSION_3) {
+        options->noTicketTls13 = exp[idx++];/* Server won't create new Ticket */
+    }
+#else
+    if (ver > DTLS_EXPORT_VERSION_3) {
+        exp[idx++] = 0;
+    }
 #endif
 #else
     idx++;
     idx++;
-#ifdef WOLFSSL_TLS13
-    idx++;
-#endif
+    if (ver > DTLS_EXPORT_VERSION_3) {
+        idx++;
+    }
 #endif
     options->processReply   = exp[idx++];
     options->cipherSuite0   = exp[idx++];
@@ -1067,7 +1109,7 @@ static int ImportPeerInfo(WOLFSSL* ssl, byte* buf, word32 len, byte ver)
     word16 port;
     char   ip[DTLS_EXPORT_IP];
 
-    if (ver != DTLS_EXPORT_VERSION) {
+    if (ver != DTLS_EXPORT_VERSION && ver != DTLS_EXPORT_VERSION_3) {
         WOLFSSL_MSG("Export version not supported");
         return BAD_FUNC_ARG;
     }
@@ -1200,6 +1242,7 @@ int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
     word16 length = 0;
     int version;
     int ret;
+    int optSz;
 
     WOLFSSL_ENTER("wolfSSL_dtls_import_internal");
     /* check at least enough room for protocol and length */
@@ -1233,12 +1276,28 @@ int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
 
     /* perform sanity checks and extract Options information used */
-    if (DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ + idx > sz) {
+    switch (version) {
+        case DTLS_EXPORT_VERSION:
+            optSz = DTLS_EXPORT_OPT_SZ;
+            break;
+
+        case DTLS_EXPORT_VERSION_3:
+            WOLFSSL_MSG("Importing older version 3");
+            optSz = DTLS_EXPORT_OPT_SZ_3;
+            break;
+
+        default:
+            WOLFSSL_MSG("Bad export version");
+            return BAD_FUNC_ARG;
+
+    }
+
+    if (DTLS_EXPORT_LEN + optSz + idx > sz) {
         WOLFSSL_MSG("Import Options struct error");
         return BUFFER_E;
     }
     ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
-    if (length != DTLS_EXPORT_OPT_SZ) {
+    if (length != optSz) {
         WOLFSSL_MSG("Import Options struct error");
         return BUFFER_E;
     }

tests/api.c

@@ -1297,6 +1297,64 @@ static void test_wolfSSL_read_write(void)
 }
 
 
+#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
+    defined(WOLFSSL_SESSION_EXPORT)
+/* canned export of a session using older version 3 */
+static unsigned char version_3[] = {
+    0xA5, 0xA3, 0x01, 0x87, 0x00, 0x39, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+    0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0xC0, 0x30, 0x05, 0x09, 0x0A,
+    0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE, 0xFD, 0x01,
+    0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
+    0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
+    0x01, 0x00, 0x07, 0x00, 0x00, 0x00, 0x30, 0x00,
+    0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x02, 0x00,
+    0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x02, 0x00, 0x00, 0x00, 0x3F, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x20, 0x05, 0x12, 0xCF, 0x22,
+    0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31, 0x11, 0x12,
+    0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3, 0xE1, 0x4D,
+    0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91, 0x6C, 0x48,
+    0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00, 0xF2, 0x25,
+    0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF, 0x23, 0x40,
+    0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5, 0xAC, 0x56,
+    0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF, 0xEB, 0xAF,
+    0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA, 0xA1, 0x6D,
+    0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x0C, 0x79, 0x7B,
+    0xFA, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
+    0x00, 0x20, 0x00, 0x04, 0x00, 0x10, 0x00, 0x10,
+    0x08, 0x02, 0x05, 0x08, 0x01, 0x30, 0x28, 0x00,
+    0x00, 0x0F, 0x00, 0x02, 0x00, 0x09, 0x31, 0x32,
+    0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0xED,
+    0x4F
+};
+#endif /* defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
+          defined(WOLFSSL_SESSION_EXPORT) */
+
 static void test_wolfSSL_dtls_export(void)
 {
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
@@ -1344,6 +1402,27 @@ static void test_wolfSSL_dtls_export(void)
 #ifdef WOLFSSL_TIRTOS
     fdOpenSession(Task_self());
 #endif
+
+    {
+        WOLFSSL_CTX* ctx;
+        WOLFSSL*     ssl;
+
+        /* Set ctx to DTLS 1.2 */
+        AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
+        AssertNotNull(ssl = wolfSSL_new(ctx));
+
+        /* test importing version 3 */
+        AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
+
+        /* test importing bad length and bad version */
+        version_3[2] += 1;
+        AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
+        version_3[2] -= 1; version_3[1] = 0XA0;
+        AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
+        wolfSSL_free(ssl);
+        wolfSSL_CTX_free(ctx);
+    }
+
     printf(testingFmt, "wolfSSL_dtls_export()");
     printf(resultFmt, passed);
 #endif

wolfssl/internal.h

@@ -1040,8 +1040,10 @@ enum Misc {
     DTLS_HANDSHAKE_FRAG_SZ   = 3,  /* fragment offset and length are 24 bit */
     DTLS_POOL_SZ             = 255,/* allowed number of list items in TX pool */
     DTLS_EXPORT_PRO          = 165,/* wolfSSL protocol for serialized session */
-    DTLS_EXPORT_VERSION      = 3,  /* wolfSSL version for serialized session */
-    DTLS_EXPORT_OPT_SZ       = 57, /* amount of bytes used from Options */
+    DTLS_EXPORT_VERSION      = 4,  /* wolfSSL version for serialized session */
+    DTLS_EXPORT_OPT_SZ       = 58, /* amount of bytes used from Options */
+    DTLS_EXPORT_VERSION_3    = 3,  /* wolfSSL version before TLS 1.3 addition */
+    DTLS_EXPORT_OPT_SZ_3     = 57, /* amount of bytes used from Options */
     DTLS_EXPORT_KEY_SZ       = 325 + (DTLS_SEQ_SZ * 2),
                                    /* max amount of bytes used from Keys */
     DTLS_EXPORT_MIN_KEY_SZ   = 78 + (DTLS_SEQ_SZ * 2),