Skip to content

Commit

Permalink
Saving the serialized context to a file
Browse files Browse the repository at this point in the history 
Signed-off-by: Piotr Nowicki <[email protected]>
  • Loading branch information
@piotr-now
piotr-now committed Apr 16, 2020
1 parent ed9e477 commit 20b35ed
Show file tree
Hide file tree
Showing 3 changed files with 140 additions and 8 deletions.
69 changes: 65 additions & 4 deletions programs/ssl/ssl_client2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/base64.h"

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
Expand Down Expand Up @@ -139,6 +140,7 @@ int main( void )
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
#define DFL_SERIALIZE 0
#define DFL_SERIAL_TO_FILE ""
#define DFL_EXTENDED_MS_ENFORCE -1
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
Expand Down Expand Up @@ -363,9 +365,14 @@ int main( void )

#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
#define USAGE_SERIALIZATION \
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n"
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" \
" serial_to_file=%%s The file path to write a serialized connection\n"\
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
" option: a file path\n"
#else
#define USAGE_SERIALIZATION ""
#endif
Expand Down Expand Up @@ -516,6 +523,9 @@ struct options
* during renegotiation */
const char *cid_val; /* the CID to use for incoming messages */
int serialize; /* serialize/deserialize connection */
const char *serial_to_file; /* the file to write a serialized connection
* in the form of base64 code ( serialize
* option must be set ) */
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
int reproducible; /* make communication reproducible */
Expand Down Expand Up @@ -1310,6 +1320,7 @@ int main( int argc, char *argv[] )
opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING;
opt.serialize = DFL_SERIALIZE;
opt.serial_to_file = DFL_SERIAL_TO_FILE;
opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
opt.nss_keylog = DFL_NSS_KEYLOG;
Expand Down Expand Up @@ -1707,6 +1718,10 @@ int main( int argc, char *argv[] )
if( opt.serialize < 0 || opt.serialize > 2)
goto usage;
}
else if( strcmp( p, "serial_to_file") == 0 )
{
opt.serial_to_file = q;
}
else if( strcmp( p, "eap_tls" ) == 0 )
{
opt.eap_tls = atoi( q );
Expand Down Expand Up @@ -3102,10 +3117,56 @@ int main( int argc, char *argv[] )

mbedtls_printf( " ok\n" );

/* Save serialized context to the 'opt.serial_to_file' as a base64 code */
if( 0 < strlen( opt.serial_to_file ) )
{
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;

mbedtls_printf( " . Save serialized context to a file... " );

mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );

if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
{
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
"the base64 code\n" );
goto exit;
}

if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
context_buf, buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
"-0x%x\n", -ret );
goto exit;
}

b64_file = fopen( opt.serial_to_file, "w" );
if( NULL == b64_buf )
{
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
opt.serial_to_file );
goto exit;
}

if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
{
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
(long) b64_len );
fclose( b64_file );
goto exit;
}

mbedtls_printf( "ok\n" );
fclose( b64_file );
}

if( opt.serialize == 1 )
{
/* nothing to do here, done by context_save() already */
mbedtls_printf( " . Context has been reset... ok" );
mbedtls_printf( " . Context has been reset... ok\n" );
}

if( opt.serialize == 2 )
Expand Down
69 changes: 65 additions & 4 deletions programs/ssl/ssl_server2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/base64.h"

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
Expand Down Expand Up @@ -172,6 +173,7 @@ int main( void )
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
#define DFL_SERIALIZE 0
#define DFL_SERIAL_TO_FILE ""
#define DFL_EXTENDED_MS_ENFORCE -1
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
Expand Down Expand Up @@ -449,9 +451,14 @@ int main( void )

#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
#define USAGE_SERIALIZATION \
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n"
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" \
" serial_to_file=%%s The file path to write a serialized connection\n"\
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
" option: a file path\n"
#else
#define USAGE_SERIALIZATION ""
#endif
Expand Down Expand Up @@ -617,6 +624,9 @@ struct options
* during renegotiation */
const char *cid_val; /* the CID to use for incoming messages */
int serialize; /* serialize/deserialize connection */
const char *serial_to_file; /* the file to write a serialized connection
* in the form of base64 code ( serialize
* option must be set ) */
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
int reproducible; /* make communication reproducible */
Expand Down Expand Up @@ -1984,6 +1994,7 @@ int main( int argc, char *argv[] )
opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM;
opt.serialize = DFL_SERIALIZE;
opt.serial_to_file = DFL_SERIAL_TO_FILE;
opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
opt.nss_keylog = DFL_NSS_KEYLOG;
Expand Down Expand Up @@ -2406,6 +2417,10 @@ int main( int argc, char *argv[] )
if( opt.serialize < 0 || opt.serialize > 2)
goto usage;
}
else if( strcmp( p, "serial_to_file") == 0 )
{
opt.serial_to_file = q;
}
else if( strcmp( p, "eap_tls" ) == 0 )
{
opt.eap_tls = atoi( q );
Expand Down Expand Up @@ -4102,6 +4117,52 @@ int main( int argc, char *argv[] )

mbedtls_printf( " ok\n" );

/* Save serialized context to the 'opt.serial_to_file' as a base64 code */
if( 0 < strlen( opt.serial_to_file ) )
{
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;

mbedtls_printf( " . Save serialized context to a file... " );

mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );

if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
{
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
"the base64 code\n" );
goto exit;
}

if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
context_buf, buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
"-0x%x\n", -ret );
goto exit;
}

b64_file = fopen( opt.serial_to_file, "w" );
if( NULL == b64_buf )
{
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
opt.serial_to_file );
goto exit;
}

if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
{
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
(long) b64_len );
fclose( b64_file );
goto exit;
}

mbedtls_printf( "ok\n" );
fclose( b64_file );
}

/*
* This simulates a workflow where you have a long-lived server
* instance, potentially with a pool of ssl_context objects, and you
Expand All @@ -4112,7 +4173,7 @@ int main( int argc, char *argv[] )
if( opt.serialize == 1 )
{
/* nothing to do here, done by context_save() already */
mbedtls_printf( " . Context has been reset... ok" );
mbedtls_printf( " . Context has been reset... ok\n" );
}

/*
Expand Down
10 changes: 10 additions & 0 deletions tests/ssl-opt.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1628,6 +1628,16 @@ run_test "Context serialization, re-init, both serialize, with CID" \
-c "Deserializing connection..." \
-s "Deserializing connection..."

requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Saving the serialized context to a file" \
"$P_SRV dtls=1 serialize=1 serial_to_file=context_srv.txt" \
"$P_CLI dtls=1 serialize=1 serial_to_file=context_cli.txt" \
0 \
-s "Save serialized context to a file... ok" \
-c "Save serialized context to a file... ok"
rm -f context_srv.txt
rm -f context_cli.txt

# Tests for DTLS Connection ID extension

# So far, the CID API isn't implemented, so we can't
Expand Down

0 comments on commit 20b35ed

Please sign in to comment.