summaryrefslogtreecommitdiff
path: root/tests/resume.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2015-10-20 08:44:04 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2015-10-20 09:05:45 +0200
commit73fb317ae69cb44acf91f900a3c6b545125d3d5a (patch)
treeda55977aa19ed3dcf3757dc4051c88b1e3b3a3e5 /tests/resume.c
parent80c88c2adc5c9604738d25fd56c77c018272820a (diff)
downloadgnutls-73fb317ae69cb44acf91f900a3c6b545125d3d5a.tar.gz
tests: Check whether a resumed session contains the ext master secret extension
Relates #45
Diffstat (limited to 'tests/resume.c')
-rw-r--r--tests/resume.c42
1 files changed, 41 insertions, 1 deletions
diff --git a/tests/resume.c b/tests/resume.c
index 235785e73e..b7bc799fca 100644
--- a/tests/resume.c
+++ b/tests/resume.c
@@ -88,18 +88,53 @@ struct params_res resume_tests[] = {
#define MAX_BUF 5*1024
#define MSG "Hello TLS"
+#define HANDSHAKE_SESSION_ID_POS (2+32)
+
static void tls_log_func(int level, const char *str)
{
fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level,
str);
}
+static int hsk_hook_cb(gnutls_session_t session, unsigned int htype, unsigned post,
+ unsigned int incoming, const gnutls_datum_t *_msg)
+{
+ unsigned size;
+ gnutls_datum msg = {_msg->data, _msg->size};
+
+ /* skip up to session ID */
+ if (msg.size <= HANDSHAKE_SESSION_ID_POS+6) {
+ fail("Cannot parse server hello\n");
+ return -1;
+ }
+
+ msg.data += HANDSHAKE_SESSION_ID_POS;
+ msg.size -= HANDSHAKE_SESSION_ID_POS;
+ size = msg.data[0];
+
+ if (msg.size <= size) {
+ fail("Cannot parse server hello 2\n");
+ return -1;
+ }
+
+ msg.data += size;
+ msg.size -= size;
+
+ if (memmem(msg.data, msg.size, "\x00\x17\x00\x00", 4) == 0) {
+ fail("Extended master secret extension was not found in resumed session hello\n");
+ exit(1);
+ }
+ return 0;
+}
+
static void client(int sds[], struct params_res *params)
{
int ret, ii;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
+ unsigned int ext_master_secret = 0;
+
/* Need to enable anonymous KX specifically. */
/* variables used in session resuming
@@ -144,6 +179,8 @@ static void client(int sds[], struct params_res *params)
session_data.size);
}
+ if (ext_master_secret)
+ gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_HELLO, GNUTLS_HOOK_PRE, hsk_hook_cb);
gnutls_transport_set_int(session, sd);
/* Perform the TLS handshake
@@ -163,7 +200,10 @@ static void client(int sds[], struct params_res *params)
("client: Handshake was completed\n");
}
- if (t == 0) { /* the first time we connect */
+ ext_master_secret = 0;
+ if (t == 0) {
+ ext_master_secret = gnutls_session_ext_master_secret_status(session);
+
/* get the session data size */
ret =
gnutls_session_get_data2(session,