Codebase list openssl / 8614a4e
Test creation of tickets when using a TLSv1.3 PSK Add a test to check that we create the correct number of tickets after a TLSv1.3 PSK. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7097) Matt Caswell 5 years ago
1 changed file(s) with 104 addition(s) and 27 deletion(s). Raw diff Collapse all Expand all
+104
-27
test/sslapitest.c less more
2222 #include "testutil/output.h"
2323 #include "internal/nelem.h"
2424 #include "../ssl/ssl_locl.h"
25
26 #ifndef OPENSSL_NO_TLS1_3
27
28 static SSL_SESSION *clientpsk = NULL;
29 static SSL_SESSION *serverpsk = NULL;
30 static const char *pskid = "Identity";
31 static const char *srvid;
32
33 static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
34 size_t *idlen, SSL_SESSION **sess);
35 static int find_session_cb(SSL *ssl, const unsigned char *identity,
36 size_t identity_len, SSL_SESSION **sess);
37
38 static int use_session_cb_cnt = 0;
39 static int find_session_cb_cnt = 0;
40
41 static SSL_SESSION *create_a_psk(SSL *ssl);
42 #endif
2543
2644 static char *cert = NULL;
2745 static char *privkey = NULL;
14291447 {
14301448 return test_tickets(1, idx);
14311449 }
1450
1451 static int test_psk_tickets(void)
1452 {
1453 SSL_CTX *sctx = NULL, *cctx = NULL;
1454 SSL *serverssl = NULL, *clientssl = NULL;
1455 int testresult = 0;
1456 int sess_id_ctx = 1;
1457
1458 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
1459 TLS1_VERSION, TLS_MAX_VERSION, &sctx,
1460 &cctx, NULL, NULL))
1461 || !TEST_true(SSL_CTX_set_session_id_context(sctx,
1462 (void *)&sess_id_ctx,
1463 sizeof(sess_id_ctx))))
1464 goto end;
1465
1466 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT
1467 | SSL_SESS_CACHE_NO_INTERNAL_STORE);
1468 SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
1469 SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
1470 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
1471 use_session_cb_cnt = 0;
1472 find_session_cb_cnt = 0;
1473 srvid = pskid;
1474 new_called = 0;
1475
1476 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
1477 NULL, NULL)))
1478 goto end;
1479 clientpsk = serverpsk = create_a_psk(clientssl);
1480 if (!TEST_ptr(clientpsk))
1481 goto end;
1482 SSL_SESSION_up_ref(clientpsk);
1483
1484 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
1485 SSL_ERROR_NONE))
1486 || !TEST_int_eq(1, find_session_cb_cnt)
1487 || !TEST_int_eq(1, use_session_cb_cnt)
1488 /* We should always get 1 ticket when using external PSK */
1489 || !TEST_int_eq(1, new_called))
1490 goto end;
1491
1492 testresult = 1;
1493
1494 end:
1495 SSL_free(serverssl);
1496 SSL_free(clientssl);
1497 SSL_CTX_free(sctx);
1498 SSL_CTX_free(cctx);
1499 SSL_SESSION_free(clientpsk);
1500 SSL_SESSION_free(serverpsk);
1501 clientpsk = serverpsk = NULL;
1502
1503 return testresult;
1504 }
14321505 #endif
14331506
14341507 #define USE_NULL 0
18051878 #endif
18061879
18071880 #ifndef OPENSSL_NO_TLS1_3
1808
1809 static SSL_SESSION *clientpsk = NULL;
1810 static SSL_SESSION *serverpsk = NULL;
1811 static const char *pskid = "Identity";
1812 static const char *srvid;
1813
1814 static int use_session_cb_cnt = 0;
1815 static int find_session_cb_cnt = 0;
18161881 static int psk_client_cb_cnt = 0;
18171882 static int psk_server_cb_cnt = 0;
18181883
19422007
19432008 #define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
19442009 #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
2010
2011
2012 static SSL_SESSION *create_a_psk(SSL *ssl)
2013 {
2014 const SSL_CIPHER *cipher = NULL;
2015 const unsigned char key[] = {
2016 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
2017 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
2018 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
2019 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
2020 0x2c, 0x2d, 0x2e, 0x2f
2021 };
2022 SSL_SESSION *sess = NULL;
2023
2024 cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
2025 sess = SSL_SESSION_new();
2026 if (!TEST_ptr(sess)
2027 || !TEST_ptr(cipher)
2028 || !TEST_true(SSL_SESSION_set1_master_key(sess, key,
2029 sizeof(key)))
2030 || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
2031 || !TEST_true(
2032 SSL_SESSION_set_protocol_version(sess,
2033 TLS1_3_VERSION))) {
2034 SSL_SESSION_free(sess);
2035 return NULL;
2036 }
2037 return sess;
2038 }
19452039
19462040 /*
19472041 * Helper method to setup objects for early data test. Caller frees objects on
19882082 return 0;
19892083
19902084 if (idx == 2) {
1991 /* Create the PSK */
1992 const SSL_CIPHER *cipher = NULL;
1993 const unsigned char key[] = {
1994 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
1995 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
1996 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1997 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
1998 0x2c, 0x2d, 0x2e, 0x2f
1999 };
2000
2001 cipher = SSL_CIPHER_find(*clientssl, TLS13_AES_256_GCM_SHA384_BYTES);
2002 clientpsk = SSL_SESSION_new();
2085 clientpsk = create_a_psk(*clientssl);
20032086 if (!TEST_ptr(clientpsk)
2004 || !TEST_ptr(cipher)
2005 || !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
2006 sizeof(key)))
2007 || !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
2008 || !TEST_true(
2009 SSL_SESSION_set_protocol_version(clientpsk,
2010 TLS1_3_VERSION))
20112087 /*
20122088 * We just choose an arbitrary value for max_early_data which
20132089 * should be big enough for testing purposes.
54255501 #ifndef OPENSSL_NO_TLS1_3
54265502 ADD_ALL_TESTS(test_stateful_tickets, 3);
54275503 ADD_ALL_TESTS(test_stateless_tickets, 3);
5504 ADD_TEST(test_psk_tickets);
54285505 #endif
54295506 ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
54305507 ADD_TEST(test_ssl_bio_pop_next_bio);