7 files changed, 377 insertions, 19 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index f6d89ab6b3..2c044620b9 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -127,6 +127,8 @@ ctests += tls13/no-psk-exts
 
 ctests += tls13/psk-dumbfw
 
+ctests += tls13-early-start
+
 ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniqueid tls-neg-ext-key \
 	 mpi certificate_set_x509_crl dn parse_ca x509-dn x509-dn-decode record-sizes \
 	 hostname-check cve-2008-4989 pkcs12_s2k chainverify record-sizes-range \
diff --git a/tests/resume-lifetime.c b/tests/resume-lifetime.c
index 99c9c5b346..ad71d41059 100644
--- a/tests/resume-lifetime.c
+++ b/tests/resume-lifetime.c
@@ -66,7 +66,7 @@ static int handshake_callback(gnutls_session_t session, unsigned int htype,
 {
 	struct hsk_st *h = gnutls_session_get_ptr(session);
 
-	if (htype == GNUTLS_HANDSHAKE_FINISHED && incoming) {
+	if (htype == GNUTLS_HANDSHAKE_FINISHED && !incoming) {
 		if (h->sleep_at_finished)
 			virt_sec_sleep(h->sleep_at_finished);
 		return 0;
diff --git a/tests/resume.c b/tests/resume.c
index 891a209313..4e169a2b40 100644
--- a/tests/resume.c
+++ b/tests/resume.c
@@ -81,6 +81,7 @@ struct params_res {
 	int try_sni;
 	int expire_ticket;
 	int change_ciphersuite;
+	int early_start;
 };
 
 pid_t child;
@@ -128,6 +129,12 @@ struct params_res resume_tests[] = {
 	 .enable_session_ticket_client = 1,
 	 .change_ciphersuite = 1,
 	 .expect_resume = 1},
+	{.desc = "try to resume from session ticket (early start)",
+	 .enable_db = 0,
+	 .enable_session_ticket_server = 1,
+	 .enable_session_ticket_client = 1,
+	 .early_start = 1,
+	 .expect_resume = 1},
 #endif
 	{.desc = "try to resume from session ticket",
 	 .enable_db = 0,
@@ -330,6 +337,12 @@ static void verify_server_params(gnutls_session_t session, unsigned counter, str
 	}
 #endif
 
+	if (params->early_start) {
+		if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_START)) {
+			fail("early start did not happen!\n");
+		}
+	}
+
 #if defined(USE_X509)
 	unsigned int l;
 
@@ -423,7 +436,6 @@ static void client(int sds[], struct params_res *params)
 		gnutls_global_set_log_function(tls_log_func);
 		gnutls_global_set_log_level(2);
 	}
-	global_init();
 
 #ifdef USE_PSK
 	gnutls_psk_allocate_client_credentials(&pskcred);
@@ -443,9 +455,7 @@ static void client(int sds[], struct params_res *params)
 	for (t = 0; t < SESSIONS; t++) {
 		int sd = sds[t];
 
-		/* Initialize TLS session
-		 */
-		gnutls_init(&session, GNUTLS_CLIENT);
+		assert(gnutls_init(&session, GNUTLS_CLIENT)>=0);
 
 		snprintf(prio_str, sizeof(prio_str), "%s", PRIO_STR);
 
@@ -663,8 +673,6 @@ static void global_stop(void)
 	gnutls_certificate_free_credentials(serverx509cred);
 #endif
 	gnutls_dh_params_deinit(dh_params);
-
-	gnutls_global_deinit();
 }
 
 #ifdef USE_PSK
@@ -691,6 +699,10 @@ static void server(int sds[], struct params_res *params)
 	gnutls_session_t session;
 	char buffer[MAX_BUF + 1];
 	gnutls_group_t pgroup;
+	unsigned iflags = GNUTLS_SERVER;
+
+	if (params->early_start)
+		iflags |= GNUTLS_ENABLE_EARLY_START;
 
 	/* this must be called once in the program, it is mostly for the server.
 	 */
@@ -699,8 +711,6 @@ static void server(int sds[], struct params_res *params)
 		gnutls_global_set_log_level(2);
 	}
 
-	global_init();
-
 #ifdef USE_PSK
 	gnutls_psk_allocate_server_credentials(&pskcred);
 	gnutls_psk_set_server_credentials_function(pskcred, pskfunc);
@@ -731,7 +741,7 @@ static void server(int sds[], struct params_res *params)
 	for (t = 0; t < SESSIONS; t++) {
 		int sd = sds[t];
 
-		assert(gnutls_init(&session, GNUTLS_SERVER) >= 0);
+		assert(gnutls_init(&session, iflags) >= 0);
 
 		/* avoid calling all the priority functions, since the defaults
 		 * are adequate.
@@ -894,7 +904,6 @@ void doit(void)
 			for (j = 0; j < SESSIONS; j++)
 				close(server_sds[j]);
 			client(client_sds, &resume_tests[i]);
-			gnutls_global_deinit();
 			exit(0);
 		}
 	}
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index 89c8853c68..5c6ba9122e 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -43,18 +43,19 @@
 	 {"name" : "test-tls13-version-negotiation.py",
 	  "arguments": ["-p", "@PORT@"]},
 	 {"name" : "test-tls13-zero-length-data.py",
-	  "comment" : "in these tests tlsfuzzer splits ClientHello into the first 2 bytes and the remainder, which gnutls doesn't support, last 3 related to #481",
+	  "comment" : "in these tests tlsfuzzer splits ClientHello into the first 2 bytes and the remainder, which gnutls doesn't support",
 	  "arguments": ["-p", "@PORT@",
+			"-e", "zero-length app data interleaved in handshake",
 			"-e", "zero-len app data with large padding during handshake",
 			"-e", "zero-len app data with large padding interleaved in handshake",
-			"-e", "zero-len app data with padding interleaved in handshake",
-			"-e", "zero-length app data during handshake",
-			"-e", "zero-length app data interleaved in handshake",
-			"-e", "zero-length app data with padding during handshake"]},
+			"-e", "zero-len app data with padding interleaved in handshake"]},
 	 {"name" : "test-tls13-finished.py",
-	  "arguments": ["-p", "@PORT@", "-n", "5"],
-	  "exp_pass" : false,
-	  "comment" : "we do not switch the keys early enough for this test see #481"}
+	  "comment" : "in these tests tlsfuzzer seems to bail due to NewSessionTicket",
+	  "arguments": ["-p", "@PORT@", "-n", "5",
+	                "-e", "padding - cipher TLS_AES_128_GCM_SHA256, pad_byte 0, pad_left 0, pad_right 16777183",
+	                "-e", "padding - cipher TLS_AES_256_GCM_SHA384, pad_byte 0, pad_left 0, pad_right 16777167"]},
+	 {"name" : "test-tls13-count-tickets.py",
+	  "arguments": ["-p", "@PORT@", "-t", "1"]}
      ]
     }
 ]
diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
-Subproject 65af9ab3615a14c59f579085e13fe5a4557a356
+Subproject cebce5c72e6feac052670fc2d8cece2c9d4b37e
diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng
-Subproject d976188fe7fd7466dc5cf0818a4ef87e3738189
+Subproject 3029e014231ffe34445d29300f0193a4be4b6cc
diff --git a/tests/tls13-early-start.c b/tests/tls13-early-start.c
new file mode 100644
index 0000000000..6e0d7da82e
--- /dev/null
+++ b/tests/tls13-early-start.c
@@ -0,0 +1,346 @@
+/*
+ * Copyright (C) 2015-2018 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+/* This program tests support for early start in TLS1.3 handshake */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+#include "utils.h"
+#include "eagain-common.h"
+#include <assert.h>
+
+#define USE_CERT 1
+#define ASK_CERT 2
+
+const char *side;
+
+static void tls_log_func(int level, const char *str)
+{
+	fprintf(stderr, "%s|<%d>| %s", side, level, str);
+}
+
+#define try_ok(name, client_prio) \
+	try_with_key(name, client_prio, \
+		&server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0)
+
+#define MSG "hello there ppl"
+
+static
+void try_with_key_fail(const char *name, const char *client_prio,
+			const gnutls_datum_t *serv_cert,
+			const gnutls_datum_t *serv_key,
+			const gnutls_datum_t *cli_cert,
+			const gnutls_datum_t *cli_key,
+			unsigned init_flags)
+{
+	int ret;
+	char buffer[256];
+	gnutls_certificate_credentials_t serverx509cred;
+	gnutls_session_t server;
+	int sret = GNUTLS_E_AGAIN;
+	/* Client stuff. */
+	gnutls_certificate_credentials_t clientx509cred;
+	gnutls_session_t client;
+	int cret = GNUTLS_E_AGAIN, version;
+	const char *err;
+
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(6);
+
+	reset_buffers();
+	/* Init server */
+	gnutls_certificate_allocate_credentials(&serverx509cred);
+
+	ret = gnutls_certificate_set_x509_key_mem(serverx509cred,
+						  serv_cert, serv_key,
+						  GNUTLS_X509_FMT_PEM);
+	if (ret < 0)
+		fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
+
+	assert(gnutls_init(&server, GNUTLS_SERVER|init_flags)>=0);
+	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+			       serverx509cred);
+
+	assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0);
+
+	gnutls_transport_set_push_function(server, server_push);
+	gnutls_transport_set_pull_function(server, server_pull);
+	gnutls_transport_set_ptr(server, server);
+
+	/* Init client */
+	ret = gnutls_certificate_allocate_credentials(&clientx509cred);
+	if (ret < 0)
+		exit(1);
+
+	if (cli_cert) {
+		gnutls_certificate_set_x509_key_mem(clientx509cred,
+						    cli_cert, cli_key,
+						    GNUTLS_X509_FMT_PEM);
+		gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE);
+	}
+
+	ret = gnutls_init(&client, GNUTLS_CLIENT);
+	if (ret < 0)
+		exit(1);
+
+	ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+				clientx509cred);
+	if (ret < 0)
+		exit(1);
+
+	gnutls_transport_set_push_function(client, client_push);
+	gnutls_transport_set_pull_function(client, client_pull);
+	gnutls_transport_set_ptr(client, client);
+
+	ret = gnutls_priority_set_direct(client, client_prio, &err);
+	if (ret < 0) {
+		if (ret == GNUTLS_E_INVALID_REQUEST)
+			fprintf(stderr, "Error in %s\n", err);
+		exit(1);
+	}
+
+	success("negotiating %s\n", name);
+	HANDSHAKE(client, server);
+
+	assert(!(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_EARLY_START));
+	assert(!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_EARLY_START));
+
+	version = gnutls_protocol_get_version(client);
+	assert(version == GNUTLS_TLS1_3);
+
+	memset(buffer, 0, sizeof(buffer));
+	assert(gnutls_record_send(server, MSG, strlen(MSG))>=0);
+
+	ret = gnutls_record_recv(client, buffer, sizeof(buffer));
+	if (ret == 0) {
+		fail("client: Peer has closed the TLS connection\n");
+		exit(1);
+	} else if (ret < 0) {
+		fail("client: Error: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+
+	if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
+		fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+		exit(1);
+	}
+
+	memset(buffer, 0, sizeof(buffer));
+	assert(gnutls_record_send(client, MSG, strlen(MSG))>=0);
+
+	ret = gnutls_record_recv(server, buffer, sizeof(buffer));
+	if (ret == 0) {
+		fail("server: Peer has closed the TLS connection\n");
+	} else if (ret < 0) {
+		fail("server: Error: %s\n", gnutls_strerror(ret));
+	}
+
+	if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
+		fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+		exit(1);
+	}
+
+	gnutls_deinit(client);
+	gnutls_deinit(server);
+
+	gnutls_certificate_free_credentials(serverx509cred);
+	gnutls_certificate_free_credentials(clientx509cred);
+}
+
+static
+void try_with_key_ks(const char *name, const char *client_prio,
+		const gnutls_datum_t *serv_cert,
+		const gnutls_datum_t *serv_key,
+		const gnutls_datum_t *client_cert,
+		const gnutls_datum_t *client_key,
+		unsigned cert_flags,
+		unsigned init_flags)
+{
+	int ret;
+	char buffer[256];
+	/* Server stuff. */
+	gnutls_certificate_credentials_t serverx509cred;
+	gnutls_session_t server;
+	int sret = GNUTLS_E_AGAIN;
+	/* Client stuff. */
+	gnutls_certificate_credentials_t clientx509cred;
+	gnutls_session_t client;
+	int cret = GNUTLS_E_AGAIN, version;
+	const char *err;
+
+	/* General init. */
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(6);
+
+	reset_buffers();
+	/* Init server */
+	gnutls_certificate_allocate_credentials(&serverx509cred);
+
+	ret = gnutls_certificate_set_x509_key_mem(serverx509cred,
+					    serv_cert, serv_key,
+					    GNUTLS_X509_FMT_PEM);
+	if (ret < 0) {
+		fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
+	}
+
+	assert(gnutls_init(&server, GNUTLS_SERVER|init_flags)>=0);
+	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+				serverx509cred);
+
+
+	assert(gnutls_priority_set_direct(server,
+				   "NORMAL:-VERS-ALL:+VERS-TLS1.3",
+				   NULL)>=0);
+	gnutls_transport_set_push_function(server, server_push);
+	gnutls_transport_set_pull_function(server, server_pull);
+	gnutls_transport_set_ptr(server, server);
+
+	/* Init client */
+
+	ret = gnutls_certificate_allocate_credentials(&clientx509cred);
+	if (ret < 0)
+		exit(1);
+
+	if (cert_flags == USE_CERT) {
+		gnutls_certificate_set_x509_key_mem(clientx509cred,
+						    client_cert, client_key,
+						    GNUTLS_X509_FMT_PEM);
+		gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE);
+	} else if (cert_flags == ASK_CERT) {
+		gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST);
+	}
+
+	ret = gnutls_init(&client, GNUTLS_CLIENT);
+	if (ret < 0)
+		exit(1);
+
+
+	ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+				clientx509cred);
+	if (ret < 0)
+		exit(1);
+
+	gnutls_transport_set_push_function(client, client_push);
+	gnutls_transport_set_pull_function(client, client_pull);
+	gnutls_transport_set_ptr(client, client);
+
+	ret = gnutls_priority_set_direct(client, client_prio, &err);
+	if (ret < 0) {
+		if (ret == GNUTLS_E_INVALID_REQUEST)
+			fprintf(stderr, "Error in %s\n", err);
+		exit(1);
+	}
+	success("negotiating %s\n", name);
+	HANDSHAKE(client, server);
+
+	assert(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_EARLY_START);
+	assert(!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_EARLY_START));
+
+	version = gnutls_protocol_get_version(client);
+	assert(version == GNUTLS_TLS1_3);
+
+	memset(buffer, 0, sizeof(buffer));
+	assert(gnutls_record_send(server, MSG, strlen(MSG))>=0);
+
+	ret = gnutls_record_recv(client, buffer, sizeof(buffer));
+	if (ret == 0) {
+		fail("client: Peer has closed the TLS connection\n");
+		exit(1);
+	} else if (ret < 0) {
+		fail("client: Error: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+
+	if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
+		fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+		exit(1);
+	}
+
+	memset(buffer, 0, sizeof(buffer));
+	assert(gnutls_record_send(client, MSG, strlen(MSG))>=0);
+
+	ret = gnutls_record_recv(server, buffer, sizeof(buffer));
+	if (ret == 0) {
+		fail("server: Peer has closed the TLS connection\n");
+	} else if (ret < 0) {
+		fail("server: Error: %s\n", gnutls_strerror(ret));
+	}
+
+	if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) {
+		fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret);
+		exit(1);
+	}
+
+	gnutls_bye(client, GNUTLS_SHUT_RDWR);
+	gnutls_bye(server, GNUTLS_SHUT_RDWR);
+
+	gnutls_deinit(client);
+	gnutls_deinit(server);
+
+	gnutls_certificate_free_credentials(serverx509cred);
+	gnutls_certificate_free_credentials(clientx509cred);
+}
+
+static
+void try_with_key(const char *name, const char *client_prio,
+		const gnutls_datum_t *serv_cert,
+		const gnutls_datum_t *serv_key,
+		const gnutls_datum_t *cli_cert,
+		const gnutls_datum_t *cli_key,
+		unsigned cert_flags)
+{
+	return try_with_key_ks(name, client_prio,
+			       serv_cert, serv_key, cli_cert, cli_key, cert_flags, GNUTLS_ENABLE_EARLY_START);
+}
+
+#include "cert-common.h"
+
+void doit(void)
+{
+	/* TLS 1.3 no client cert: early start expected */
+	try_ok("TLS 1.3 with ffdhe2048 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048");
+	try_ok("TLS 1.3 with secp256r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1");
+	try_ok("TLS 1.3 with x25519 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519");
+
+	try_with_key_ks("TLS 1.3 with secp256r1 ecdsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1",
+		&server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_ENABLE_EARLY_START);
+
+	/* client authentication: no early start possible */
+	try_with_key_fail("TLS 1.3 with rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+		&server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, GNUTLS_ENABLE_EARLY_START);
+	try_with_key_fail("TLS 1.3 with rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+		&server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, GNUTLS_ENABLE_EARLY_START);
+	try_with_key_fail("TLS 1.3 with ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+		&server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, GNUTLS_ENABLE_EARLY_START);
+
+	/* TLS 1.3 no client cert: no early start flag specified */
+	try_with_key_fail("TLS 1.3 with rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA",
+		&server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0);
+}