wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

update DTLS export session version and tests

Browse Source
This commit is contained in:
Jacob Barthelmeh
2017-07-28 14:27:24 -06:00
parent 0978dd4285
commit e1ccc5acad
3 changed files with 130 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
src/internal.c
View File

@@ -908,14 +908,30 @@ static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
int idx = 0;
Options* options = &ssl->options;
if (ver != DTLS_EXPORT_VERSION) {
WOLFSSL_MSG("Export version not supported");
switch (ver) {
case DTLS_EXPORT_VERSION:
if (len < DTLS_EXPORT_OPT_SZ) {
WOLFSSL_MSG("Sanity check on buffer size failed");
return BAD_FUNC_ARG;
}
break;
case DTLS_EXPORT_VERSION_3:
if (len < DTLS_EXPORT_OPT_SZ_3) {
WOLFSSL_MSG("Sanity check on buffer size failed");
return BAD_FUNC_ARG;
}
break;
default:
WOLFSSL_MSG("Export version not supported");
return BAD_FUNC_ARG;
}
if (exp == NULL || options == NULL) {
return BAD_FUNC_ARG;
}
if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) {
return BAD_FUNC_ARG;
}
/* these options are kept and sent to indicate verify status and strength
* of handshake */
@@ -988,13 +1004,17 @@ static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
options->createTicket = exp[idx++]; /* Server to create new Ticket */
options->useTicket = exp[idx++]; /* Use Ticket not session cache */
#ifdef WOLFSSL_TLS13
options->noTicketTls13 = exp[idx++]; /* Server won't create new Ticket */
if (ver > DTLS_EXPORT_VERSION_3) {
options->noTicketTls13 = exp[idx++];/* Server won't create new Ticket */
}
#endif
#else
idx++;
idx++;
#ifdef WOLFSSL_TLS13
idx++;
if (ver > DTLS_EXPORT_VERSION_3) {
idx++;
}
#endif
#endif
options->processReply = exp[idx++];
@@ -1067,7 +1087,7 @@ static int ImportPeerInfo(WOLFSSL* ssl, byte* buf, word32 len, byte ver)
word16 port;
char ip[DTLS_EXPORT_IP];
if (ver != DTLS_EXPORT_VERSION) {
if (ver != DTLS_EXPORT_VERSION && ver != DTLS_EXPORT_VERSION_3) {
WOLFSSL_MSG("Export version not supported");
return BAD_FUNC_ARG;
}
@@ -1200,6 +1220,7 @@ int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
word16 length = 0;
int version;
int ret;
int optSz;
WOLFSSL_ENTER("wolfSSL_dtls_import_internal");
/* check at least enough room for protocol and length */
@@ -1233,12 +1254,28 @@ int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
/* perform sanity checks and extract Options information used */
if (DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ + idx > sz) {
switch (version) {
case DTLS_EXPORT_VERSION:
optSz = DTLS_EXPORT_OPT_SZ;
break;
case DTLS_EXPORT_VERSION_3:
WOLFSSL_MSG("Importing older version 3");
optSz = DTLS_EXPORT_OPT_SZ_3;
break;
default:
WOLFSSL_MSG("Bad export version");
return BAD_FUNC_ARG;
}
if (DTLS_EXPORT_LEN + optSz + idx > sz) {
WOLFSSL_MSG("Import Options struct error");
return BUFFER_E;
}
ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
if (length != DTLS_EXPORT_OPT_SZ) {
if (length != optSz) {
WOLFSSL_MSG("Import Options struct error");
return BUFFER_E;
}

79
tests/api.c
View File

@@ -1297,6 +1297,64 @@ static void test_wolfSSL_read_write(void)
}
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
defined(WOLFSSL_SESSION_EXPORT)
/* canned export of a session using older version 3 */
static unsigned char version_3[] = {
0xA5, 0xA3, 0x01, 0x87, 0x00, 0x39, 0x00, 0x01,
0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0xC0, 0x30, 0x05, 0x09, 0x0A,
0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE, 0xFD, 0x01,
0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00,
0x01, 0x00, 0x07, 0x00, 0x00, 0x00, 0x30, 0x00,
0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x02, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x3F, 0x00, 0x00, 0x00,
0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x20, 0x05, 0x12, 0xCF, 0x22,
0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31, 0x11, 0x12,
0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3, 0xE1, 0x4D,
0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91, 0x6C, 0x48,
0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00, 0xF2, 0x25,
0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF, 0x23, 0x40,
0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5, 0xAC, 0x56,
0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF, 0xEB, 0xAF,
0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA, 0xA1, 0x6D,
0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x0C, 0x79, 0x7B,
0xFA, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
0x00, 0x20, 0x00, 0x04, 0x00, 0x10, 0x00, 0x10,
0x08, 0x02, 0x05, 0x08, 0x01, 0x30, 0x28, 0x00,
0x00, 0x0F, 0x00, 0x02, 0x00, 0x09, 0x31, 0x32,
0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0xED,
0x4F
};
#endif /* defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
defined(WOLFSSL_SESSION_EXPORT) */
static void test_wolfSSL_dtls_export(void)
{
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
@@ -1344,6 +1402,27 @@ static void test_wolfSSL_dtls_export(void)
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
/* Set ctx to DTLS 1.2 */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* test importing version 3 */
AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
/* test importing bad length and bad version */
version_3[2] += 1;
AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
version_3[2] -= 1; version_3[1] = 0XA0;
AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
}
printf(testingFmt, "wolfSSL_dtls_export()");
printf(resultFmt, passed);
#endif

6
wolfssl/internal.h
View File

@@ -1040,8 +1040,10 @@ enum Misc {
DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
DTLS_EXPORT_VERSION = 3, /* wolfSSL version for serialized session */
DTLS_EXPORT_OPT_SZ = 57, /* amount of bytes used from Options */
DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
DTLS_EXPORT_OPT_SZ = 58, /* amount of bytes used from Options */
DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
DTLS_EXPORT_OPT_SZ_3 = 57, /* amount of bytes used from Options */
DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
/* max amount of bytes used from Keys */
DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),