wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

add import/export of peer info with tls

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-05-24 23:04:59 +07:00
parent 2871fc670f
commit 22b6cc675a
4 changed files with 114 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/internal.c
View File

@@ -1370,15 +1370,14 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
} }
#ifdef WOLFSSL_DTLS
#ifndef WOLFSSL_SESSION_EXPORT_NOPEER #ifndef WOLFSSL_SESSION_EXPORT_NOPEER
static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver) static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
{ {
int idx = 0; int idx = 0;
int ipSz = DTLS_EXPORT_IP; /* start as max size */ int ipSz = MAX_EXPORT_IP; /* start as max size */
int fam = 0; int fam = 0;
word16 port = 0; word16 port = 0;
char ip[DTLS_EXPORT_IP]; char ip[MAX_EXPORT_IP];
if (ver != WOLFSSL_EXPORT_VERSION) { if (ver != WOLFSSL_EXPORT_VERSION) {
WOLFSSL_MSG("Export version not supported"); WOLFSSL_MSG("Export version not supported");
@@ -1399,7 +1398,7 @@ static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
} }
/* check that ipSz/fam is not negative or too large since user can set cb */ /* check that ipSz/fam is not negative or too large since user can set cb */
if (ipSz < 0 || ipSz > DTLS_EXPORT_IP || fam < 0) { if (ipSz < 0 || ipSz > MAX_EXPORT_IP || fam < 0) {
WOLFSSL_MSG("Bad ipSz or fam returned from get peer callback"); WOLFSSL_MSG("Bad ipSz or fam returned from get peer callback");
return SOCKET_ERROR_E; return SOCKET_ERROR_E;
} }
@@ -1420,7 +1419,7 @@ static int ImportPeerInfo(WOLFSSL* ssl, const byte* buf, word32 len, byte ver)
word16 ipSz; word16 ipSz;
word16 fam; word16 fam;
word16 port; word16 port;
char ip[DTLS_EXPORT_IP]; char ip[MAX_EXPORT_IP];
if (ver != WOLFSSL_EXPORT_VERSION && ver != WOLFSSL_EXPORT_VERSION_3) { if (ver != WOLFSSL_EXPORT_VERSION && ver != WOLFSSL_EXPORT_VERSION_3) {
WOLFSSL_MSG("Export version not supported"); WOLFSSL_MSG("Export version not supported");
@@ -1463,6 +1462,7 @@ static int ImportPeerInfo(WOLFSSL* ssl, const byte* buf, word32 len, byte ver)
} }
#ifdef WOLFSSL_DTLS
/* WOLFSSL_LOCAL function that serializes the current WOLFSSL session state only /* WOLFSSL_LOCAL function that serializes the current WOLFSSL session state only
* buf is used to hold the serialized WOLFSSL struct and sz is the size of buf * buf is used to hold the serialized WOLFSSL struct and sz is the size of buf
* passed in. * passed in.
@@ -1669,7 +1669,12 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
if (ret == 0) { if (ret == 0) {
switch (version) { switch (version) {
case WOLFSSL_EXPORT_VERSION: case WOLFSSL_EXPORT_VERSION:
if (!isTLS) {
optSz = DTLS_EXPORT_OPT_SZ; optSz = DTLS_EXPORT_OPT_SZ;
}
else {
optSz = TLS_EXPORT_OPT_SZ;
}
break; break;
case WOLFSSL_EXPORT_VERSION_3: case WOLFSSL_EXPORT_VERSION_3:
@@ -1758,7 +1763,6 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
} }
/* perform sanity checks and extract DTLS peer info */ /* perform sanity checks and extract DTLS peer info */
if (!isTLS) {
if (ret == 0 && (WOLFSSL_EXPORT_LEN + idx > sz)) { if (ret == 0 && (WOLFSSL_EXPORT_LEN + idx > sz)) {
WOLFSSL_MSG("Import DTLS peer info error"); WOLFSSL_MSG("Import DTLS peer info error");
ret = BUFFER_E; ret = BUFFER_E;
@@ -1772,7 +1776,6 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
} }
} }
#ifdef WOLFSSL_DTLS
if (ret == 0) { if (ret == 0) {
rc = ImportPeerInfo(ssl, buf + idx, length, version); rc = ImportPeerInfo(ssl, buf + idx, length, version);
if (rc < 0) { if (rc < 0) {
@@ -1783,8 +1786,6 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
idx += rc; idx += rc;
} }
} }
#endif
}
/* make sure is a valid suite used */ /* make sure is a valid suite used */
if (ret == 0 && wolfSSL_get_cipher(ssl) == NULL) { if (ret == 0 && wolfSSL_get_cipher(ssl) == NULL) {
@@ -1870,12 +1871,13 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz,
buf[idx++] = ((byte)((isTLS)? TLS_EXPORT_PRO : DTLS_EXPORT_PRO) & 0xF0) buf[idx++] = ((byte)((isTLS)? TLS_EXPORT_PRO : DTLS_EXPORT_PRO) & 0xF0)
| ((byte)WOLFSSL_EXPORT_VERSION & 0X0F); | ((byte)WOLFSSL_EXPORT_VERSION & 0X0F);
idx += WOLFSSL_EXPORT_LEN; /* leave spot for length */ idx += WOLFSSL_EXPORT_LEN; /* leave spot for length of total buffer */
c16toa((word16)DTLS_EXPORT_OPT_SZ, buf + idx);
idx += WOLFSSL_EXPORT_LEN; idx += WOLFSSL_EXPORT_LEN;
ret = ExportOptions(ssl, buf + idx, *sz - idx, WOLFSSL_EXPORT_VERSION, ret = ExportOptions(ssl, buf + idx, *sz - idx, WOLFSSL_EXPORT_VERSION,
isTLS); isTLS);
if (ret >= 0) { if (ret >= 0) {
c16toa((word16)ret, buf + idx - WOLFSSL_EXPORT_LEN);
idx += ret; idx += ret;
ret = 0; ret = 0;
} }
@@ -1904,9 +1906,8 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz,
} }
} }
/* export of dtls peer information */ /* export of peer information */
#ifdef WOLFSSL_DTLS if (ret == 0) {
if (ret == 0 && !isTLS) {
idx += WOLFSSL_EXPORT_LEN; idx += WOLFSSL_EXPORT_LEN;
#ifdef WOLFSSL_SESSION_EXPORT_NOPEER #ifdef WOLFSSL_SESSION_EXPORT_NOPEER
ret = 0; /* not saving peer port/ip information */ ret = 0; /* not saving peer port/ip information */
@@ -1919,7 +1920,6 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz,
ret = 0; ret = 0;
} }
} }
#endif
if (ret != 0) { if (ret != 0) {
/*in a fail case clear the buffer which could contain partial key info*/ /*in a fail case clear the buffer which could contain partial key info*/
@@ -2071,15 +2071,15 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#else #else
ctx->CBIORecv = EmbedReceive; ctx->CBIORecv = EmbedReceive;
ctx->CBIOSend = EmbedSend; ctx->CBIOSend = EmbedSend;
#ifdef WOLFSSL_SESSION_EXPORT
ctx->CBGetPeer = EmbedGetPeer;
ctx->CBSetPeer = EmbedSetPeer;
#endif
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (method->version.major == DTLS_MAJOR) { if (method->version.major == DTLS_MAJOR) {
ctx->CBIORecv = EmbedReceiveFrom; ctx->CBIORecv = EmbedReceiveFrom;
ctx->CBIOSend = EmbedSendTo; ctx->CBIOSend = EmbedSendTo;
} }
#ifdef WOLFSSL_SESSION_EXPORT
ctx->CBGetPeer = EmbedGetPeer;
ctx->CBSetPeer = EmbedSetPeer;
#endif
#endif #endif
#endif /* MICRIUM */ #endif /* MICRIUM */
#endif /* WOLFSSL_USER_IO */ #endif /* WOLFSSL_USER_IO */

77
src/wolfio.c
View File

@@ -477,25 +477,18 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
return sz; return sz;
} }
#endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
/* get the peer information in human readable form (ip, port, family) #ifdef WOLFSSL_DTLS
* default function assumes BSD sockets static int EmbedGetPeerDTLS(WOLFSSL* ssl, char* ip, int* ipSz,
* can be overridden with wolfSSL_CTX_SetIOGetPeer
*/
int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam) unsigned short* port, int* fam)
{ {
SOCKADDR_S peer; SOCKADDR_S peer;
word32 peerSz; word32 peerSz;
int ret; int ret;
if (ssl == NULL || ip == NULL || ipSz == NULL ||
port == NULL || fam == NULL) {
return BAD_FUNC_ARG;
}
/* get peer information stored in ssl struct */ /* get peer information stored in ssl struct */
peerSz = sizeof(SOCKADDR_S); peerSz = sizeof(SOCKADDR_S);
if ((ret = wolfSSL_dtls_get_peer(ssl, (void*)&peer, &peerSz)) if ((ret = wolfSSL_dtls_get_peer(ssl, (void*)&peer, &peerSz))
@@ -536,11 +529,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
/* set the peer information in human readable form (ip, port, family) static int EmbedSetPeerDTLS(WOLFSSL* ssl, char* ip, int ipSz,
* default function assumes BSD sockets
* can be overridden with wolfSSL_CTX_SetIOSetPeer
*/
int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam) unsigned short port, int fam)
{ {
int ret; int ret;
@@ -594,8 +583,62 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif
/* get the peer information in human readable form (ip, port, family)
* default function assumes BSD sockets
* can be overridden with wolfSSL_CTX_SetIOGetPeer
*/
int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam)
{
if (ssl == NULL || ip == NULL || ipSz == NULL ||
port == NULL || fam == NULL) {
return BAD_FUNC_ARG;
}
if (ssl->options.dtls) {
#ifdef WOLFSSL_DTLS
return EmbedGetPeerDTLS(ssl, ip, ipSz, port, fam);
#else
return NOT_COMPILED_IN;
#endif
}
else {
*port = wolfSSL_get_fd(ssl);
ip[0] = '\0';
*ipSz = 0;
*fam = 0;
return WOLFSSL_SUCCESS;
}
}
/* set the peer information in human readable form (ip, port, family)
* default function assumes BSD sockets
* can be overridden with wolfSSL_CTX_SetIOSetPeer
*/
int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam)
{
/* sanity checks on arguments */
if (ssl == NULL || ip == NULL || ipSz < 0 || ipSz > MAX_EXPORT_IP) {
return BAD_FUNC_ARG;
}
if (ssl->options.dtls) {
#ifdef WOLFSSL_DTLS
return EmbedSetPeerDTLS(ssl, ip, ipSz, port, fam);
#else
return NOT_COMPILED_IN;
#endif
}
else {
wolfSSL_set_fd(ssl, port);
(void)fam;
return WOLFSSL_SUCCESS;
}
}
#endif /* WOLFSSL_SESSION_EXPORT */ #endif /* WOLFSSL_SESSION_EXPORT */
#endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_LINUXKM #ifdef WOLFSSL_LINUXKM
static int linuxkm_send(struct socket *socket, void *buf, int size, static int linuxkm_send(struct socket *socket, void *buf, int size,
@@ -1772,6 +1815,7 @@ void* wolfSSL_GetCookieCtx(WOLFSSL* ssl)
return NULL; return NULL;
} }
#endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
@@ -1789,7 +1833,6 @@ void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX* ctx, CallbackSetPeer cb)
} }
#endif /* WOLFSSL_SESSION_EXPORT */ #endif /* WOLFSSL_SESSION_EXPORT */
#endif /* WOLFSSL_DTLS */
#ifdef HAVE_NETX #ifdef HAVE_NETX

7
wolfssl/internal.h
View File

@@ -1325,6 +1325,7 @@ enum Misc {
DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */ DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */
TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */ TLS_EXPORT_PRO = 167,/* wolfSSL protocol for serialized TLS */
DTLS_EXPORT_OPT_SZ = 61, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ = 61, /* amount of bytes used from Options */
TLS_EXPORT_OPT_SZ = 65, /* amount of bytes used from Options */
DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */ DTLS_EXPORT_OPT_SZ_3 = 60, /* amount of bytes used from Options */
DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2), DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
/* max amount of bytes used from Keys */ /* max amount of bytes used from Keys */
@@ -1339,7 +1340,7 @@ enum Misc {
/* older export versions supported */ /* older export versions supported */
WOLFSSL_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */ WOLFSSL_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ MAX_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
DTLS_MTU_ADDITIONAL_READ_BUFFER = WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER, DTLS_MTU_ADDITIONAL_READ_BUFFER = WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER,
/* Additional bytes to read so that /* Additional bytes to read so that
* we can work with a peer that has * we can work with a peer that has
@@ -2852,12 +2853,14 @@ struct WOLFSSL_CTX {
CallbackIOSend CBIOSend; CallbackIOSend CBIOSend;
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
CallbackGenCookie CBIOCookie; /* gen cookie callback */ CallbackGenCookie CBIOCookie; /* gen cookie callback */
#endif /* WOLFSSL_DTLS */
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
#ifdef WOLFSSL_DTLS
wc_dtls_export dtls_export; /* export function for DTLS session */ wc_dtls_export dtls_export; /* export function for DTLS session */
#endif
CallbackGetPeer CBGetPeer; CallbackGetPeer CBGetPeer;
CallbackSetPeer CBSetPeer; CallbackSetPeer CBSetPeer;
#endif #endif
#endif /* WOLFSSL_DTLS */
VerifyCallback verifyCallback; /* cert verification callback */ VerifyCallback verifyCallback; /* cert verification callback */
#ifdef OPENSSL_ALL #ifdef OPENSSL_ALL
CertVerifyCallback verifyCertCb; CertVerifyCallback verifyCertCb;

12
wolfssl/wolfio.h
View File

@@ -429,12 +429,6 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL* ssl, WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL* ssl,
char* buf, int sz, void*); char* buf, int sz, void*);
#endif /* WOLFSSL_MULTICAST */ #endif /* WOLFSSL_MULTICAST */
#ifdef WOLFSSL_SESSION_EXPORT
WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam);
WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam);
#endif /* WOLFSSL_SESSION_EXPORT */
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
#endif /* USE_WOLFSSL_IO */ #endif /* USE_WOLFSSL_IO */
@@ -593,6 +587,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
#endif
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz, typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam); unsigned short* port, int* fam);
@@ -601,8 +596,11 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer); WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer);
WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer); WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer);
WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam);
WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam);
#endif /* WOLFSSL_SESSION_EXPORT */ #endif /* WOLFSSL_SESSION_EXPORT */
#endif