Add tests for session copy without serialisation

This commit is contained in:
Manuel Pégourié-Gonnard 2019-05-20 12:46:26 +02:00 committed by Jarno Lamsa
parent b5e4e0a395
commit a7c3765760
2 changed files with 86 additions and 13 deletions

View file

@ -113,6 +113,7 @@ int main( void )
#define DFL_DHMLEN -1 #define DFL_DHMLEN -1
#define DFL_RECONNECT 0 #define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0 #define DFL_RECO_DELAY 0
#define DFL_RECO_MODE 1
#define DFL_CID_ENABLED 0 #define DFL_CID_ENABLED 0
#define DFL_CID_VALUE "" #define DFL_CID_VALUE ""
#define DFL_CID_ENABLED_RENEGO -1 #define DFL_CID_ENABLED_RENEGO -1
@ -376,8 +377,11 @@ int main( void )
" allow_legacy=%%d default: (library default: no)\n" \ " allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \ USAGE_RENEGO \
" exchanges=%%d default: 1\n" \ " exchanges=%%d default: 1\n" \
" reconnect=%%d default: 0 (disabled)\n" \ " reconnect=%%d number of reconnections using session resumption\n" \
" default: 0 (disabled)\n" \
" reco_delay=%%d default: 0 seconds\n" \ " reco_delay=%%d default: 0 seconds\n" \
" reco_mode=%%d 0: copy session, 1: serialise session\n" \
" default: 1\n" \
" reconnect_hard=%%d default: 0 (disabled)\n" \ " reconnect_hard=%%d default: 0 (disabled)\n" \
USAGE_TICKETS \ USAGE_TICKETS \
USAGE_EAP_TLS \ USAGE_EAP_TLS \
@ -458,6 +462,7 @@ struct options
int dhmlen; /* minimum DHM params len in bits */ int dhmlen; /* minimum DHM params len in bits */
int reconnect; /* attempt to resume session */ int reconnect; /* attempt to resume session */
int reco_delay; /* delay in seconds before resuming session */ int reco_delay; /* delay in seconds before resuming session */
int reco_mode; /* how to keep the session around */
int reconnect_hard; /* unexpectedly reconnect from the same port */ int reconnect_hard; /* unexpectedly reconnect from the same port */
int tickets; /* enable / disable session tickets */ int tickets; /* enable / disable session tickets */
const char *curves; /* list of supported elliptic curves */ const char *curves; /* list of supported elliptic curves */
@ -1166,6 +1171,7 @@ int main( int argc, char *argv[] )
opt.dhmlen = DFL_DHMLEN; opt.dhmlen = DFL_DHMLEN;
opt.reconnect = DFL_RECONNECT; opt.reconnect = DFL_RECONNECT;
opt.reco_delay = DFL_RECO_DELAY; opt.reco_delay = DFL_RECO_DELAY;
opt.reco_mode = DFL_RECO_MODE;
opt.reconnect_hard = DFL_RECONNECT_HARD; opt.reconnect_hard = DFL_RECONNECT_HARD;
opt.tickets = DFL_TICKETS; opt.tickets = DFL_TICKETS;
opt.alpn_string = DFL_ALPN_STRING; opt.alpn_string = DFL_ALPN_STRING;
@ -1352,6 +1358,12 @@ int main( int argc, char *argv[] )
if( opt.reco_delay < 0 ) if( opt.reco_delay < 0 )
goto usage; goto usage;
} }
else if( strcmp( p, "reco_mode" ) == 0 )
{
opt.reco_mode = atoi( q );
if( opt.reco_mode < 0 )
goto usage;
}
else if( strcmp( p, "reconnect_hard" ) == 0 ) else if( strcmp( p, "reconnect_hard" ) == 0 )
{ {
opt.reconnect_hard = atoi( q ); opt.reconnect_hard = atoi( q );
@ -2442,13 +2454,25 @@ int main( int argc, char *argv[] )
mbedtls_printf(" . Saving session for reuse..." ); mbedtls_printf(" . Saving session for reuse..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), if( opt.reco_mode == 1 )
session_data, sizeof( session_data ),
&session_data_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
-ret ); session_data, sizeof( session_data ),
goto exit; &session_data_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
-ret );
goto exit;
}
}
else
{
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
-ret );
goto exit;
}
} }
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
@ -2890,13 +2914,16 @@ reconnect:
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_session_load( &saved_session, if( opt.reco_mode == 1 )
session_data,
session_data_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n", if( ( ret = mbedtls_ssl_session_load( &saved_session,
-ret ); session_data,
goto exit; session_data_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
-ret );
goto exit;
}
} }
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )

View file

@ -2239,6 +2239,20 @@ run_test "Session resume using tickets: timeout" \
-S "a session has been resumed" \ -S "a session has been resumed" \
-C "a session has been resumed" -C "a session has been resumed"
run_test "Session resume using tickets: session copy" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_mode=0" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
-s "server hello, adding session ticket extension" \
-c "found session_ticket extension" \
-c "parse new session ticket" \
-S "session successfully restored from cache" \
-s "session successfully restored from ticket" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using tickets: openssl server" \ run_test "Session resume using tickets: openssl server" \
"$O_SRV" \ "$O_SRV" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \
@ -2304,6 +2318,20 @@ run_test "Session resume using tickets, DTLS: timeout" \
-S "a session has been resumed" \ -S "a session has been resumed" \
-C "a session has been resumed" -C "a session has been resumed"
run_test "Session resume using tickets, DTLS: session copy" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_mode=0" \
0 \
-c "client hello, adding session ticket extension" \
-s "found session ticket extension" \
-s "server hello, adding session ticket extension" \
-c "found session_ticket extension" \
-c "parse new session ticket" \
-S "session successfully restored from cache" \
-s "session successfully restored from ticket" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using tickets, DTLS: openssl server" \ run_test "Session resume using tickets, DTLS: openssl server" \
"$O_SRV -dtls1" \ "$O_SRV -dtls1" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
@ -2400,6 +2428,15 @@ run_test "Session resume using cache: no timeout" \
-s "a session has been resumed" \ -s "a session has been resumed" \
-c "a session has been resumed" -c "a session has been resumed"
run_test "Session resume using cache: session copy" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
0 \
-s "session successfully restored from cache" \
-S "session successfully restored from ticket" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using cache: openssl client" \ run_test "Session resume using cache: openssl client" \
"$P_SRV debug_level=3 tickets=0" \ "$P_SRV debug_level=3 tickets=0" \
"( $O_CLI -sess_out $SESSION; \ "( $O_CLI -sess_out $SESSION; \
@ -2495,6 +2532,15 @@ run_test "Session resume using cache, DTLS: no timeout" \
-s "a session has been resumed" \ -s "a session has been resumed" \
-c "a session has been resumed" -c "a session has been resumed"
run_test "Session resume using cache, DTLS: session copy" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
0 \
-s "session successfully restored from cache" \
-S "session successfully restored from ticket" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using cache, DTLS: openssl client" \ run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \
"( $O_CLI -dtls1 -sess_out $SESSION; \ "( $O_CLI -dtls1 -sess_out $SESSION; \