wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 19:54:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

add tls 1.3 test case

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-09-30 10:08:47 -06:00
parent dd7b62d067
commit cb4b57c5c7
5 changed files with 171 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/dox_comments/header_files/ssl.h
View File

@@ -702,11 +702,14 @@ WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
unsigned int* sz); unsigned int* sz);
/*! /*!
\brief Used to export a serialized TLS session. In most cases \brief Used to export a serialized TLS session. This function is for
wolfSSL_set_session should be used instead, this function is for importing a importing a serialized state of the connection.
serialized state of the connection. In most cases wolfSSL_get_session should be used instead of
wolfSSL_tls_export.
Additional debug info can be displayed with the macro Additional debug info can be displayed with the macro
WOLFSSL_SESSION_EXPORT_DEBUG defined. WOLFSSL_SESSION_EXPORT_DEBUG defined.
WARNING: buf contains sensitive information about the state and is best to
be encrypted before storing if stored.
\return the number of bytes written into buffer 'buf' \return the number of bytes written into buffer 'buf'

24
src/internal.c
View File

@@ -601,7 +601,7 @@ static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
specs= &ssl->specs; specs = &ssl->specs;
if (WOLFSSL_EXPORT_SPC_SZ > len) { if (WOLFSSL_EXPORT_SPC_SZ > len) {
return BUFFER_E; return BUFFER_E;
} }
@@ -1186,10 +1186,10 @@ static int ExportOptions(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
exp[idx++] = options->asyncState; exp[idx++] = options->asyncState;
if (type == WOLFSSL_EXPORT_TLS) { if (type == WOLFSSL_EXPORT_TLS) {
exp[idx++] = ssl->options.disallowEncThenMac; exp[idx++] = options->disallowEncThenMac;
exp[idx++] = ssl->options.encThenMac; exp[idx++] = options->encThenMac;
exp[idx++] = ssl->options.startedETMRead; exp[idx++] = options->startedETMRead;
exp[idx++] = ssl->options.startedETMWrite; exp[idx++] = options->startedETMWrite;
} }
/* version of connection */ /* version of connection */
@@ -1362,10 +1362,10 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
options->asyncState = exp[idx++]; options->asyncState = exp[idx++];
if (type == WOLFSSL_EXPORT_TLS) { if (type == WOLFSSL_EXPORT_TLS) {
ssl->options.disallowEncThenMac = exp[idx++]; options->disallowEncThenMac = exp[idx++];
ssl->options.encThenMac = exp[idx++]; options->encThenMac = exp[idx++];
ssl->options.startedETMRead = exp[idx++]; options->startedETMRead = exp[idx++];
ssl->options.startedETMWrite = exp[idx++]; options->startedETMWrite = exp[idx++];
} }
/* version of connection */ /* version of connection */
@@ -1374,6 +1374,12 @@ static int ImportOptions(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
return VERSION_ERROR; return VERSION_ERROR;
} }
/* set TLS 1.3 flag in options if this was a TLS 1.3 connection */
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) {
options->tls1_3 = 1;
}
return idx; return idx;
} }

12
src/ssl.c
View File

@@ -239,10 +239,7 @@ byte tsip_rootCAverified( );
#endif #endif
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
/** /* Used to import a serialized TLS session.
* Used to import a serialized TLS session. In most cases wolfSSL_get_session
* should be used instead, this function is for exporting the state of the
* connection and when imported a resumption is not needed.
* WARNING: buf contains sensitive information about the state and is best to be * WARNING: buf contains sensitive information about the state and is best to be
* encrypted before storing if stored. * encrypted before storing if stored.
* *
@@ -260,10 +257,9 @@ int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz)
} }
/** /* Used to export a serialized TLS session.
* Used to export a serialized TLS session. In most cases wolfSSL_set_session * WARNING: buf contains sensitive information about the state and is best to be
* should be used instead, this function is for importing a serialized state of * encrypted before storing if stored.
* the connection.
* *
* @param ssl WOLFSSL structure to export the session from * @param ssl WOLFSSL structure to export the session from
* @param buf output of serialized session * @param buf output of serialized session

154
tests/api.c
View File

@@ -5651,6 +5651,86 @@ static void test_wolfSSL_dtls_export(void)
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
#ifdef WOLFSSL_TLS13
static const byte canned_client_tls13_session[] = {
0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00,
0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00,
0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00,
0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0,
0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A,
0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06,
0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x03
};
static const byte canned_server_tls13_session[] = {
0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00,
0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F,
0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D,
0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3,
0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1,
0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x04
};
#endif /* WOLFSSL_TLS13 */
static const byte canned_client_session[] = { static const byte canned_client_session[] = {
0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
@@ -5801,15 +5881,12 @@ static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args)
if (ssl == NULL) { if (ssl == NULL) {
goto done; goto done;
} }
wolfSSL_set_fd(ssl, clientfd);
/* call ssl setup callback */ /* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) { if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl); cbf->ssl_ready(ssl);
} }
AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session,
sizeof(canned_server_session)), sizeof(canned_server_session));
wolfSSL_set_fd(ssl, clientfd);
idx = wolfSSL_read(ssl, input, sizeof(input)-1); idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) { if (idx > 0) {
input[idx] = '\0'; input[idx] = '\0';
@@ -5864,11 +5941,32 @@ done:
return 0; return 0;
#endif #endif
} }
static void load_tls12_canned_server(WOLFSSL* ssl)
{
int clientfd = wolfSSL_get_fd(ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session,
sizeof(canned_server_session)), sizeof(canned_server_session));
wolfSSL_set_fd(ssl, clientfd);
}
#ifdef WOLFSSL_TLS13
static void load_tls13_canned_server(WOLFSSL* ssl)
{
int clientfd = wolfSSL_get_fd(ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session,
sizeof(canned_server_tls13_session)),
sizeof(canned_server_tls13_session));
wolfSSL_set_fd(ssl, clientfd);
}
#endif #endif
static void test_wolfSSL_tls_export(void)
/* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wolfSSL_tls_export_run(int v)
{ {
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
SOCKET_T sockfd = 0; SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx = 0; WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0; WOLFSSL* ssl = 0;
@@ -5876,13 +5974,14 @@ static void test_wolfSSL_tls_export(void)
char reply[1024]; char reply[1024];
word32 replySz; word32 replySz;
int msgSz = (int)XSTRLEN(msg); int msgSz = (int)XSTRLEN(msg);
const byte* clientSession = NULL;
int clientSessionSz = 0;
tcp_ready ready; tcp_ready ready;
func_args server_args; func_args server_args;
THREAD_TYPE serverThread; THREAD_TYPE serverThread;
callback_functions server_cbf; callback_functions server_cbf;
printf(testingFmt, "wolfSSL_tls_export()");
#ifdef WOLFSSL_TIRTOS #ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self()); fdOpenSession(Task_self());
#endif #endif
@@ -5896,7 +5995,29 @@ static void test_wolfSSL_tls_export(void)
XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&server_cbf, 0, sizeof(callback_functions));
switch (v) {
case WOLFSSL_TLSV1_2:
server_cbf.method = wolfTLSv1_2_server_method; server_cbf.method = wolfTLSv1_2_server_method;
server_cbf.ssl_ready = load_tls12_canned_server;
/* setup the client side */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
clientSession = canned_client_session;
clientSessionSz = sizeof(canned_client_session);
break;
#ifdef WOLFSSL_TLS13
case WOLFSSL_TLSV1_3:
server_cbf.method = wolfTLSv1_3_server_method;
server_cbf.ssl_ready = load_tls13_canned_server;
/* setup the client side */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
clientSession = canned_client_tls13_session;
clientSessionSz = sizeof(canned_client_tls13_session);
break;
#endif
}
server_args.callbacks = &server_cbf; server_args.callbacks = &server_cbf;
server_args.signal = &ready; server_args.signal = &ready;
@@ -5908,15 +6029,13 @@ static void test_wolfSSL_tls_export(void)
fdOpenSession(Task_self()); fdOpenSession(Task_self());
#endif #endif
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
AssertNotNull(ssl = wolfSSL_new(ctx)); AssertNotNull(ssl = wolfSSL_new(ctx));
tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, canned_client_session, AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz),
sizeof(canned_client_session)), sizeof(canned_client_session)); clientSessionSz);
replySz = sizeof(reply); replySz = sizeof(reply);
AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0);
AssertIntEQ(XMEMCMP(reply, canned_client_session, replySz), 0); AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0);
wolfSSL_set_fd(ssl, sockfd); wolfSSL_set_fd(ssl, sockfd);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
@@ -5945,6 +6064,17 @@ static void test_wolfSSL_tls_export(void)
fdOpenSession(Task_self()); fdOpenSession(Task_self());
#endif #endif
}
#endif
static void test_wolfSSL_tls_export(void)
{
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
printf(testingFmt, "wolfSSL_tls_export()");
test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2);
#ifdef WOLFSSL_TLS13
test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3);
#endif
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
} }

4
wolfssl/internal.h
View File

@@ -1666,9 +1666,9 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
#endif #endif
#ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_SESSION_EXPORT
WOLFSSL_LOCAL int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, WOLFSSL_LOCAL int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf,
word32* sz, int isTLS); word32* sz, int type);
WOLFSSL_LOCAL int wolfSSL_session_import_internal(WOLFSSL* ssl, const byte* buf, WOLFSSL_LOCAL int wolfSSL_session_import_internal(WOLFSSL* ssl, const byte* buf,
word32 sz, int isTLS); word32 sz, int type);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl,
byte* buf, word32 sz); byte* buf, word32 sz);