Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Saving the serialized context to a file #3194

Merged
merged 2 commits into from
Apr 20, 2020
Merged

Saving the serialized context to a file #3194

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
136bebf
Add missing newline character
piotr-now Apr 17, 2020
3de298f
Saving the serialized context to a file
piotr-now Apr 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 69 additions & 4 deletions programs/ssl/ssl_client2.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/base64.h"

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
Expand Down Expand Up @@ -139,6 +140,7 @@ int main( void )
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
#define DFL_SERIALIZE 0
#define DFL_CONTEXT_FILE ""
#define DFL_EXTENDED_MS_ENFORCE -1
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
Expand Down Expand Up @@ -363,9 +365,14 @@ int main( void )

#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
#define USAGE_SERIALIZATION \
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n"
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" \
" context_file=%%s The file path to write a serialized connection\n"\
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
" option: a file path\n"
#else
#define USAGE_SERIALIZATION ""
#endif
Expand Down Expand Up @@ -516,6 +523,9 @@ struct options
* during renegotiation */
const char *cid_val; /* the CID to use for incoming messages */
int serialize; /* serialize/deserialize connection */
const char *context_file; /* the file to write a serialized connection
* in the form of base64 code (serialize
* option must be set) */
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
int reproducible; /* make communication reproducible */
Expand Down Expand Up @@ -1310,6 +1320,7 @@ int main( int argc, char *argv[] )
opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING;
opt.serialize = DFL_SERIALIZE;
opt.context_file = DFL_CONTEXT_FILE;
opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
opt.nss_keylog = DFL_NSS_KEYLOG;
Expand Down Expand Up @@ -1707,6 +1718,10 @@ int main( int argc, char *argv[] )
if( opt.serialize < 0 || opt.serialize > 2)
goto usage;
}
else if( strcmp( p, "context_file") == 0 )
{
opt.context_file = q;
}
else if( strcmp( p, "eap_tls" ) == 0 )
{
opt.eap_tls = atoi( q );
Expand Down Expand Up @@ -3102,10 +3117,60 @@ int main( int argc, char *argv[] )

mbedtls_printf( " ok\n" );

/* Save serialized context to the 'opt.context_file' as a base64 code */
if( 0 < strlen( opt.context_file ) )
{
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;

mbedtls_printf( " . Save serialized context to a file... " );

mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );

if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
{
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
"the base64 code\n" );
goto exit;
}

if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
context_buf, buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
"-0x%x\n", -ret );
mbedtls_free( b64_buf );
goto exit;
}

if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
{
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
opt.context_file );
mbedtls_free( b64_buf );
goto exit;
}

if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
{
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
(long) b64_len );
mbedtls_free( b64_buf );
fclose( b64_file );
goto exit;
}

mbedtls_free( b64_buf );
fclose( b64_file );

mbedtls_printf( "ok\n" );
}

if( opt.serialize == 1 )
{
/* nothing to do here, done by context_save() already */
mbedtls_printf( " . Context has been reset... ok" );
mbedtls_printf( " . Context has been reset... ok\n" );
Patater marked this conversation as resolved.
Show resolved Hide resolved
}

if( opt.serialize == 2 )
Expand Down
73 changes: 69 additions & 4 deletions programs/ssl/ssl_server2.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/base64.h"

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
Expand Down Expand Up @@ -172,6 +173,7 @@ int main( void )
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
#define DFL_SERIALIZE 0
#define DFL_CONTEXT_FILE ""
#define DFL_EXTENDED_MS_ENFORCE -1
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
Expand Down Expand Up @@ -449,9 +451,14 @@ int main( void )

#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
#define USAGE_SERIALIZATION \
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n"
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" \
" context_file=%%s The file path to write a serialized connection\n"\
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
" option: a file path\n"
#else
#define USAGE_SERIALIZATION ""
#endif
Expand Down Expand Up @@ -617,6 +624,9 @@ struct options
* during renegotiation */
const char *cid_val; /* the CID to use for incoming messages */
int serialize; /* serialize/deserialize connection */
const char *context_file; /* the file to write a serialized connection
* in the form of base64 code (serialize
* option must be set) */
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
int reproducible; /* make communication reproducible */
Expand Down Expand Up @@ -1984,6 +1994,7 @@ int main( int argc, char *argv[] )
opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM;
opt.serialize = DFL_SERIALIZE;
opt.context_file = DFL_CONTEXT_FILE;
opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
opt.nss_keylog = DFL_NSS_KEYLOG;
Expand Down Expand Up @@ -2406,6 +2417,10 @@ int main( int argc, char *argv[] )
if( opt.serialize < 0 || opt.serialize > 2)
goto usage;
}
else if( strcmp( p, "context_file") == 0 )
{
opt.context_file = q;
}
else if( strcmp( p, "eap_tls" ) == 0 )
{
opt.eap_tls = atoi( q );
Expand Down Expand Up @@ -4102,6 +4117,56 @@ int main( int argc, char *argv[] )

mbedtls_printf( " ok\n" );

/* Save serialized context to the 'opt.context_file' as a base64 code */
if( 0 < strlen( opt.context_file ) )
{
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;

mbedtls_printf( " . Save serialized context to a file... " );

mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );

if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
{
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
"the base64 code\n" );
goto exit;
}

if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
context_buf, buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
"-0x%x\n", -ret );
mbedtls_free( b64_buf );
goto exit;
}

if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
{
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
opt.context_file );
mbedtls_free( b64_buf );
goto exit;
}

if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
{
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
(long) b64_len );
mbedtls_free( b64_buf );
fclose( b64_file );
goto exit;
}

mbedtls_free( b64_buf );
fclose( b64_file );

mbedtls_printf( "ok\n" );
}

/*
* This simulates a workflow where you have a long-lived server
* instance, potentially with a pool of ssl_context objects, and you
Expand All @@ -4112,7 +4177,7 @@ int main( int argc, char *argv[] )
if( opt.serialize == 1 )
{
/* nothing to do here, done by context_save() already */
mbedtls_printf( " . Context has been reset... ok" );
mbedtls_printf( " . Context has been reset... ok\n" );
}

/*
Expand Down
12 changes: 12 additions & 0 deletions tests/ssl-opt.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -958,6 +958,8 @@ run_tests_memory_after_hanshake()

cleanup() {
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
rm -f context_srv.txt
rm -f context_cli.txt
test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
Expand Down Expand Up @@ -1628,6 +1630,16 @@ run_test "Context serialization, re-init, both serialize, with CID" \
-c "Deserializing connection..." \
-s "Deserializing connection..."

requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
run_test "Saving the serialized context to a file" \
"$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \
"$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \
0 \
-s "Save serialized context to a file... ok" \
-c "Save serialized context to a file... ok"
rm -f context_srv.txt
rm -f context_cli.txt
Patater marked this conversation as resolved.
Show resolved Hide resolved

# Tests for DTLS Connection ID extension

# So far, the CID API isn't implemented, so we can't
Expand Down