Test creation of tickets when using a TLSv1.3 PSK
Add a test to check that we create the correct number of tickets after a
TLSv1.3 PSK.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7097)
Matt Caswell
5 years ago
22 | 22 | #include "testutil/output.h" |
23 | 23 | #include "internal/nelem.h" |
24 | 24 | #include "../ssl/ssl_locl.h" |
25 | ||
26 | #ifndef OPENSSL_NO_TLS1_3 | |
27 | ||
28 | static SSL_SESSION *clientpsk = NULL; | |
29 | static SSL_SESSION *serverpsk = NULL; | |
30 | static const char *pskid = "Identity"; | |
31 | static const char *srvid; | |
32 | ||
33 | static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, | |
34 | size_t *idlen, SSL_SESSION **sess); | |
35 | static int find_session_cb(SSL *ssl, const unsigned char *identity, | |
36 | size_t identity_len, SSL_SESSION **sess); | |
37 | ||
38 | static int use_session_cb_cnt = 0; | |
39 | static int find_session_cb_cnt = 0; | |
40 | ||
41 | static SSL_SESSION *create_a_psk(SSL *ssl); | |
42 | #endif | |
25 | 43 | |
26 | 44 | static char *cert = NULL; |
27 | 45 | static char *privkey = NULL; |
1429 | 1447 | { |
1430 | 1448 | return test_tickets(1, idx); |
1431 | 1449 | } |
1450 | ||
1451 | static int test_psk_tickets(void) | |
1452 | { | |
1453 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
1454 | SSL *serverssl = NULL, *clientssl = NULL; | |
1455 | int testresult = 0; | |
1456 | int sess_id_ctx = 1; | |
1457 | ||
1458 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), | |
1459 | TLS1_VERSION, TLS_MAX_VERSION, &sctx, | |
1460 | &cctx, NULL, NULL)) | |
1461 | || !TEST_true(SSL_CTX_set_session_id_context(sctx, | |
1462 | (void *)&sess_id_ctx, | |
1463 | sizeof(sess_id_ctx)))) | |
1464 | goto end; | |
1465 | ||
1466 | SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT | |
1467 | | SSL_SESS_CACHE_NO_INTERNAL_STORE); | |
1468 | SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb); | |
1469 | SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); | |
1470 | SSL_CTX_sess_set_new_cb(cctx, new_session_cb); | |
1471 | use_session_cb_cnt = 0; | |
1472 | find_session_cb_cnt = 0; | |
1473 | srvid = pskid; | |
1474 | new_called = 0; | |
1475 | ||
1476 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
1477 | NULL, NULL))) | |
1478 | goto end; | |
1479 | clientpsk = serverpsk = create_a_psk(clientssl); | |
1480 | if (!TEST_ptr(clientpsk)) | |
1481 | goto end; | |
1482 | SSL_SESSION_up_ref(clientpsk); | |
1483 | ||
1484 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, | |
1485 | SSL_ERROR_NONE)) | |
1486 | || !TEST_int_eq(1, find_session_cb_cnt) | |
1487 | || !TEST_int_eq(1, use_session_cb_cnt) | |
1488 | /* We should always get 1 ticket when using external PSK */ | |
1489 | || !TEST_int_eq(1, new_called)) | |
1490 | goto end; | |
1491 | ||
1492 | testresult = 1; | |
1493 | ||
1494 | end: | |
1495 | SSL_free(serverssl); | |
1496 | SSL_free(clientssl); | |
1497 | SSL_CTX_free(sctx); | |
1498 | SSL_CTX_free(cctx); | |
1499 | SSL_SESSION_free(clientpsk); | |
1500 | SSL_SESSION_free(serverpsk); | |
1501 | clientpsk = serverpsk = NULL; | |
1502 | ||
1503 | return testresult; | |
1504 | } | |
1432 | 1505 | #endif |
1433 | 1506 | |
1434 | 1507 | #define USE_NULL 0 |
1805 | 1878 | #endif |
1806 | 1879 | |
1807 | 1880 | #ifndef OPENSSL_NO_TLS1_3 |
1808 | ||
1809 | static SSL_SESSION *clientpsk = NULL; | |
1810 | static SSL_SESSION *serverpsk = NULL; | |
1811 | static const char *pskid = "Identity"; | |
1812 | static const char *srvid; | |
1813 | ||
1814 | static int use_session_cb_cnt = 0; | |
1815 | static int find_session_cb_cnt = 0; | |
1816 | 1881 | static int psk_client_cb_cnt = 0; |
1817 | 1882 | static int psk_server_cb_cnt = 0; |
1818 | 1883 | |
1942 | 2007 | |
1943 | 2008 | #define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") |
1944 | 2009 | #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") |
2010 | ||
2011 | ||
2012 | static SSL_SESSION *create_a_psk(SSL *ssl) | |
2013 | { | |
2014 | const SSL_CIPHER *cipher = NULL; | |
2015 | const unsigned char key[] = { | |
2016 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, | |
2017 | 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, | |
2018 | 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, | |
2019 | 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, | |
2020 | 0x2c, 0x2d, 0x2e, 0x2f | |
2021 | }; | |
2022 | SSL_SESSION *sess = NULL; | |
2023 | ||
2024 | cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES); | |
2025 | sess = SSL_SESSION_new(); | |
2026 | if (!TEST_ptr(sess) | |
2027 | || !TEST_ptr(cipher) | |
2028 | || !TEST_true(SSL_SESSION_set1_master_key(sess, key, | |
2029 | sizeof(key))) | |
2030 | || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) | |
2031 | || !TEST_true( | |
2032 | SSL_SESSION_set_protocol_version(sess, | |
2033 | TLS1_3_VERSION))) { | |
2034 | SSL_SESSION_free(sess); | |
2035 | return NULL; | |
2036 | } | |
2037 | return sess; | |
2038 | } | |
1945 | 2039 | |
1946 | 2040 | /* |
1947 | 2041 | * Helper method to setup objects for early data test. Caller frees objects on |
1988 | 2082 | return 0; |
1989 | 2083 | |
1990 | 2084 | if (idx == 2) { |
1991 | /* Create the PSK */ | |
1992 | const SSL_CIPHER *cipher = NULL; | |
1993 | const unsigned char key[] = { | |
1994 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, | |
1995 | 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, | |
1996 | 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, | |
1997 | 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, | |
1998 | 0x2c, 0x2d, 0x2e, 0x2f | |
1999 | }; | |
2000 | ||
2001 | cipher = SSL_CIPHER_find(*clientssl, TLS13_AES_256_GCM_SHA384_BYTES); | |
2002 | clientpsk = SSL_SESSION_new(); | |
2085 | clientpsk = create_a_psk(*clientssl); | |
2003 | 2086 | if (!TEST_ptr(clientpsk) |
2004 | || !TEST_ptr(cipher) | |
2005 | || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key, | |
2006 | sizeof(key))) | |
2007 | || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher)) | |
2008 | || !TEST_true( | |
2009 | SSL_SESSION_set_protocol_version(clientpsk, | |
2010 | TLS1_3_VERSION)) | |
2011 | 2087 | /* |
2012 | 2088 | * We just choose an arbitrary value for max_early_data which |
2013 | 2089 | * should be big enough for testing purposes. |
5425 | 5501 | #ifndef OPENSSL_NO_TLS1_3 |
5426 | 5502 | ADD_ALL_TESTS(test_stateful_tickets, 3); |
5427 | 5503 | ADD_ALL_TESTS(test_stateless_tickets, 3); |
5504 | ADD_TEST(test_psk_tickets); | |
5428 | 5505 | #endif |
5429 | 5506 | ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS); |
5430 | 5507 | ADD_TEST(test_ssl_bio_pop_next_bio); |