Merge pull request #3194 from piotr-now/serialized_to_file
Saving the serialized context to a file
This commit is contained in:
commit
3a7ca1d0cb
3 changed files with 150 additions and 8 deletions
|
@ -67,6 +67,7 @@ int main( void )
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/debug.h"
|
#include "mbedtls/debug.h"
|
||||||
#include "mbedtls/timing.h"
|
#include "mbedtls/timing.h"
|
||||||
|
#include "mbedtls/base64.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
@ -139,6 +140,7 @@ int main( void )
|
||||||
#define DFL_EXTENDED_MS -1
|
#define DFL_EXTENDED_MS -1
|
||||||
#define DFL_ETM -1
|
#define DFL_ETM -1
|
||||||
#define DFL_SERIALIZE 0
|
#define DFL_SERIALIZE 0
|
||||||
|
#define DFL_CONTEXT_FILE ""
|
||||||
#define DFL_EXTENDED_MS_ENFORCE -1
|
#define DFL_EXTENDED_MS_ENFORCE -1
|
||||||
#define DFL_CA_CALLBACK 0
|
#define DFL_CA_CALLBACK 0
|
||||||
#define DFL_EAP_TLS 0
|
#define DFL_EAP_TLS 0
|
||||||
|
@ -363,9 +365,14 @@ int main( void )
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
#define USAGE_SERIALIZATION \
|
#define USAGE_SERIALIZATION \
|
||||||
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
||||||
" options: 1 (serialize)\n" \
|
" options: 1 (serialize)\n" \
|
||||||
" 2 (serialize with re-initialization)\n"
|
" 2 (serialize with re-initialization)\n" \
|
||||||
|
" context_file=%%s The file path to write a serialized connection\n"\
|
||||||
|
" in the form of base64 code (serialize option\n" \
|
||||||
|
" must be set)\n" \
|
||||||
|
" default: \"\" (do nothing)\n" \
|
||||||
|
" option: a file path\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_SERIALIZATION ""
|
#define USAGE_SERIALIZATION ""
|
||||||
#endif
|
#endif
|
||||||
|
@ -516,6 +523,9 @@ struct options
|
||||||
* during renegotiation */
|
* during renegotiation */
|
||||||
const char *cid_val; /* the CID to use for incoming messages */
|
const char *cid_val; /* the CID to use for incoming messages */
|
||||||
int serialize; /* serialize/deserialize connection */
|
int serialize; /* serialize/deserialize connection */
|
||||||
|
const char *context_file; /* the file to write a serialized connection
|
||||||
|
* in the form of base64 code (serialize
|
||||||
|
* option must be set) */
|
||||||
const char *cid_val_renego; /* the CID to use for incoming messages
|
const char *cid_val_renego; /* the CID to use for incoming messages
|
||||||
* after renegotiation */
|
* after renegotiation */
|
||||||
int reproducible; /* make communication reproducible */
|
int reproducible; /* make communication reproducible */
|
||||||
|
@ -1310,6 +1320,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.etm = DFL_ETM;
|
opt.etm = DFL_ETM;
|
||||||
opt.dgram_packing = DFL_DGRAM_PACKING;
|
opt.dgram_packing = DFL_DGRAM_PACKING;
|
||||||
opt.serialize = DFL_SERIALIZE;
|
opt.serialize = DFL_SERIALIZE;
|
||||||
|
opt.context_file = DFL_CONTEXT_FILE;
|
||||||
opt.eap_tls = DFL_EAP_TLS;
|
opt.eap_tls = DFL_EAP_TLS;
|
||||||
opt.reproducible = DFL_REPRODUCIBLE;
|
opt.reproducible = DFL_REPRODUCIBLE;
|
||||||
opt.nss_keylog = DFL_NSS_KEYLOG;
|
opt.nss_keylog = DFL_NSS_KEYLOG;
|
||||||
|
@ -1707,6 +1718,10 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.serialize < 0 || opt.serialize > 2)
|
if( opt.serialize < 0 || opt.serialize > 2)
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "context_file") == 0 )
|
||||||
|
{
|
||||||
|
opt.context_file = q;
|
||||||
|
}
|
||||||
else if( strcmp( p, "eap_tls" ) == 0 )
|
else if( strcmp( p, "eap_tls" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.eap_tls = atoi( q );
|
opt.eap_tls = atoi( q );
|
||||||
|
@ -3102,10 +3117,60 @@ send_request:
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
|
/* Save serialized context to the 'opt.context_file' as a base64 code */
|
||||||
|
if( 0 < strlen( opt.context_file ) )
|
||||||
|
{
|
||||||
|
FILE *b64_file;
|
||||||
|
uint8_t *b64_buf;
|
||||||
|
size_t b64_len;
|
||||||
|
|
||||||
|
mbedtls_printf( " . Save serialized context to a file... " );
|
||||||
|
|
||||||
|
mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
|
||||||
|
|
||||||
|
if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
|
||||||
|
"the base64 code\n" );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
|
||||||
|
context_buf, buf_len ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
|
||||||
|
"-0x%x\n", -ret );
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
|
||||||
|
opt.context_file );
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
|
||||||
|
(long) b64_len );
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
fclose( b64_file );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
fclose( b64_file );
|
||||||
|
|
||||||
|
mbedtls_printf( "ok\n" );
|
||||||
|
}
|
||||||
|
|
||||||
if( opt.serialize == 1 )
|
if( opt.serialize == 1 )
|
||||||
{
|
{
|
||||||
/* nothing to do here, done by context_save() already */
|
/* nothing to do here, done by context_save() already */
|
||||||
mbedtls_printf( " . Context has been reset... ok" );
|
mbedtls_printf( " . Context has been reset... ok\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( opt.serialize == 2 )
|
if( opt.serialize == 2 )
|
||||||
|
|
|
@ -63,6 +63,7 @@ int main( void )
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/debug.h"
|
#include "mbedtls/debug.h"
|
||||||
#include "mbedtls/timing.h"
|
#include "mbedtls/timing.h"
|
||||||
|
#include "mbedtls/base64.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
@ -172,6 +173,7 @@ int main( void )
|
||||||
#define DFL_EXTENDED_MS -1
|
#define DFL_EXTENDED_MS -1
|
||||||
#define DFL_ETM -1
|
#define DFL_ETM -1
|
||||||
#define DFL_SERIALIZE 0
|
#define DFL_SERIALIZE 0
|
||||||
|
#define DFL_CONTEXT_FILE ""
|
||||||
#define DFL_EXTENDED_MS_ENFORCE -1
|
#define DFL_EXTENDED_MS_ENFORCE -1
|
||||||
#define DFL_CA_CALLBACK 0
|
#define DFL_CA_CALLBACK 0
|
||||||
#define DFL_EAP_TLS 0
|
#define DFL_EAP_TLS 0
|
||||||
|
@ -449,9 +451,14 @@ int main( void )
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
#define USAGE_SERIALIZATION \
|
#define USAGE_SERIALIZATION \
|
||||||
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \
|
||||||
" options: 1 (serialize)\n" \
|
" options: 1 (serialize)\n" \
|
||||||
" 2 (serialize with re-initialization)\n"
|
" 2 (serialize with re-initialization)\n" \
|
||||||
|
" context_file=%%s The file path to write a serialized connection\n"\
|
||||||
|
" in the form of base64 code (serialize option\n" \
|
||||||
|
" must be set)\n" \
|
||||||
|
" default: \"\" (do nothing)\n" \
|
||||||
|
" option: a file path\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_SERIALIZATION ""
|
#define USAGE_SERIALIZATION ""
|
||||||
#endif
|
#endif
|
||||||
|
@ -617,6 +624,9 @@ struct options
|
||||||
* during renegotiation */
|
* during renegotiation */
|
||||||
const char *cid_val; /* the CID to use for incoming messages */
|
const char *cid_val; /* the CID to use for incoming messages */
|
||||||
int serialize; /* serialize/deserialize connection */
|
int serialize; /* serialize/deserialize connection */
|
||||||
|
const char *context_file; /* the file to write a serialized connection
|
||||||
|
* in the form of base64 code (serialize
|
||||||
|
* option must be set) */
|
||||||
const char *cid_val_renego; /* the CID to use for incoming messages
|
const char *cid_val_renego; /* the CID to use for incoming messages
|
||||||
* after renegotiation */
|
* after renegotiation */
|
||||||
int reproducible; /* make communication reproducible */
|
int reproducible; /* make communication reproducible */
|
||||||
|
@ -1984,6 +1994,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.extended_ms = DFL_EXTENDED_MS;
|
opt.extended_ms = DFL_EXTENDED_MS;
|
||||||
opt.etm = DFL_ETM;
|
opt.etm = DFL_ETM;
|
||||||
opt.serialize = DFL_SERIALIZE;
|
opt.serialize = DFL_SERIALIZE;
|
||||||
|
opt.context_file = DFL_CONTEXT_FILE;
|
||||||
opt.eap_tls = DFL_EAP_TLS;
|
opt.eap_tls = DFL_EAP_TLS;
|
||||||
opt.reproducible = DFL_REPRODUCIBLE;
|
opt.reproducible = DFL_REPRODUCIBLE;
|
||||||
opt.nss_keylog = DFL_NSS_KEYLOG;
|
opt.nss_keylog = DFL_NSS_KEYLOG;
|
||||||
|
@ -2406,6 +2417,10 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.serialize < 0 || opt.serialize > 2)
|
if( opt.serialize < 0 || opt.serialize > 2)
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "context_file") == 0 )
|
||||||
|
{
|
||||||
|
opt.context_file = q;
|
||||||
|
}
|
||||||
else if( strcmp( p, "eap_tls" ) == 0 )
|
else if( strcmp( p, "eap_tls" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.eap_tls = atoi( q );
|
opt.eap_tls = atoi( q );
|
||||||
|
@ -4102,6 +4117,56 @@ data_exchange:
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
|
/* Save serialized context to the 'opt.context_file' as a base64 code */
|
||||||
|
if( 0 < strlen( opt.context_file ) )
|
||||||
|
{
|
||||||
|
FILE *b64_file;
|
||||||
|
uint8_t *b64_buf;
|
||||||
|
size_t b64_len;
|
||||||
|
|
||||||
|
mbedtls_printf( " . Save serialized context to a file... " );
|
||||||
|
|
||||||
|
mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
|
||||||
|
|
||||||
|
if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
|
||||||
|
"the base64 code\n" );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
|
||||||
|
context_buf, buf_len ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
|
||||||
|
"-0x%x\n", -ret );
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
|
||||||
|
opt.context_file );
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
|
||||||
|
(long) b64_len );
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
fclose( b64_file );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_free( b64_buf );
|
||||||
|
fclose( b64_file );
|
||||||
|
|
||||||
|
mbedtls_printf( "ok\n" );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This simulates a workflow where you have a long-lived server
|
* This simulates a workflow where you have a long-lived server
|
||||||
* instance, potentially with a pool of ssl_context objects, and you
|
* instance, potentially with a pool of ssl_context objects, and you
|
||||||
|
@ -4112,7 +4177,7 @@ data_exchange:
|
||||||
if( opt.serialize == 1 )
|
if( opt.serialize == 1 )
|
||||||
{
|
{
|
||||||
/* nothing to do here, done by context_save() already */
|
/* nothing to do here, done by context_save() already */
|
||||||
mbedtls_printf( " . Context has been reset... ok" );
|
mbedtls_printf( " . Context has been reset... ok\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -958,6 +958,8 @@ run_tests_memory_after_hanshake()
|
||||||
|
|
||||||
cleanup() {
|
cleanup() {
|
||||||
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
|
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
|
||||||
|
rm -f context_srv.txt
|
||||||
|
rm -f context_cli.txt
|
||||||
test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
|
test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
|
||||||
test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
|
test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
|
||||||
test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
|
test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
|
||||||
|
@ -1628,6 +1630,16 @@ run_test "Context serialization, re-init, both serialize, with CID" \
|
||||||
-c "Deserializing connection..." \
|
-c "Deserializing connection..." \
|
||||||
-s "Deserializing connection..."
|
-s "Deserializing connection..."
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||||
|
run_test "Saving the serialized context to a file" \
|
||||||
|
"$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \
|
||||||
|
"$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \
|
||||||
|
0 \
|
||||||
|
-s "Save serialized context to a file... ok" \
|
||||||
|
-c "Save serialized context to a file... ok"
|
||||||
|
rm -f context_srv.txt
|
||||||
|
rm -f context_cli.txt
|
||||||
|
|
||||||
# Tests for DTLS Connection ID extension
|
# Tests for DTLS Connection ID extension
|
||||||
|
|
||||||
# So far, the CID API isn't implemented, so we can't
|
# So far, the CID API isn't implemented, so we can't
|
||||||
|
|
Loading…
Reference in a new issue