diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-10-20 08:44:04 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-10-20 09:05:45 +0200 |
| commit | 73fb317ae69cb44acf91f900a3c6b545125d3d5a (patch) | |
| tree | da55977aa19ed3dcf3757dc4051c88b1e3b3a3e5 /tests/resume.c | |
| parent | 80c88c2adc5c9604738d25fd56c77c018272820a (diff) | |
| download | gnutls-73fb317ae69cb44acf91f900a3c6b545125d3d5a.tar.gz | |
tests: Check whether a resumed session contains the ext master secret extension
Relates #45
Diffstat (limited to 'tests/resume.c')
| -rw-r--r-- | tests/resume.c | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/tests/resume.c b/tests/resume.c index 235785e73e..b7bc799fca 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -88,18 +88,53 @@ struct params_res resume_tests[] = { #define MAX_BUF 5*1024 #define MSG "Hello TLS" +#define HANDSHAKE_SESSION_ID_POS (2+32) + static void tls_log_func(int level, const char *str) { fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, str); } +static int hsk_hook_cb(gnutls_session_t session, unsigned int htype, unsigned post, + unsigned int incoming, const gnutls_datum_t *_msg) +{ + unsigned size; + gnutls_datum msg = {_msg->data, _msg->size}; + + /* skip up to session ID */ + if (msg.size <= HANDSHAKE_SESSION_ID_POS+6) { + fail("Cannot parse server hello\n"); + return -1; + } + + msg.data += HANDSHAKE_SESSION_ID_POS; + msg.size -= HANDSHAKE_SESSION_ID_POS; + size = msg.data[0]; + + if (msg.size <= size) { + fail("Cannot parse server hello 2\n"); + return -1; + } + + msg.data += size; + msg.size -= size; + + if (memmem(msg.data, msg.size, "\x00\x17\x00\x00", 4) == 0) { + fail("Extended master secret extension was not found in resumed session hello\n"); + exit(1); + } + return 0; +} + static void client(int sds[], struct params_res *params) { int ret, ii; gnutls_session_t session; char buffer[MAX_BUF + 1]; gnutls_anon_client_credentials_t anoncred; + unsigned int ext_master_secret = 0; + /* Need to enable anonymous KX specifically. */ /* variables used in session resuming @@ -144,6 +179,8 @@ static void client(int sds[], struct params_res *params) session_data.size); } + if (ext_master_secret) + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_HELLO, GNUTLS_HOOK_PRE, hsk_hook_cb); gnutls_transport_set_int(session, sd); /* Perform the TLS handshake @@ -163,7 +200,10 @@ static void client(int sds[], struct params_res *params) ("client: Handshake was completed\n"); } - if (t == 0) { /* the first time we connect */ + ext_master_secret = 0; + if (t == 0) { + ext_master_secret = gnutls_session_ext_master_secret_status(session); + /* get the session data size */ ret = gnutls_session_get_data2(session, |