cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

ssl_client2: Add cmd line options to configure use of CID extension

Browse Source
This commit is contained in:
Hanno Becker 2019-04-09 17:24:19 +01:00
parent 1f583eecd8
commit 90cb359cf0
1 changed files with 99 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
programs/ssl/ssl_client2.c
View File

@ -113,6 +113,8 @@ int main( void )
#define DFL_DHMLEN -1 #define DFL_DHMLEN -1
#define DFL_RECONNECT 0 #define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0 #define DFL_RECO_DELAY 0
#define DFL_CID_ENABLED 0
#define DFL_CID_VALUE ""
#define DFL_RECONNECT_HARD 0 #define DFL_RECONNECT_HARD 0
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
#define DFL_ALPN_STRING NULL #define DFL_ALPN_STRING NULL
@ -166,6 +168,16 @@ int main( void )
#define USAGE_KEY_OPAQUE "" #define USAGE_KEY_OPAQUE ""
#endif #endif
#if defined(MBEDTLS_SSL_CID)
#define USAGE_CID \
" cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
" default: 0 (disabled)\n" \
" cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
" default: \"\"\n"
#else /* MBEDTLS_SSL_CID */
#define USAGE_CID ""
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK_RAW \ #define USAGE_PSK_RAW \
" psk=%%s default: \"\" (in hex, without 0x)\n" \ " psk=%%s default: \"\" (in hex, without 0x)\n" \
@ -337,6 +349,7 @@ int main( void )
" max_resend=%%d default: 0 (no resend on timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \
"\n" \ "\n" \
USAGE_DTLS \ USAGE_DTLS \
USAGE_CID \
"\n" \ "\n" \
" auth_mode=%%s default: (library default: none)\n" \ " auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
@ -457,6 +470,8 @@ struct options
int etm; /* negotiate encrypt then mac? */ int etm; /* negotiate encrypt then mac? */
int context_crt_cb; /* use context-specific CRT verify callback */ int context_crt_cb; /* use context-specific CRT verify callback */
int eap_tls; /* derive EAP-TLS keying material? */ int eap_tls; /* derive EAP-TLS keying material? */
int cid_enabled; /* whether to use the CID extension or not */
const char *cid_val; /* the CID to use for incoming messages */
} opt; } opt;
int query_config( const char *config ); int query_config( const char *config );
@ -710,7 +725,7 @@ int idle( mbedtls_net_context *fd,
/* Unhexify `hex` into `dst`. `dst` must have /* Unhexify `hex` into `dst`. `dst` must have
* size at least `strlen( hex ) / 2`. */ * size at least `strlen( hex ) / 2`. */
int unhexify( unsigned char const *hex, unsigned char *dst ) int unhexify( char const *hex, unsigned char *dst )
{ {
unsigned char c; unsigned char c;
size_t j; size_t j;
@ -758,6 +773,12 @@ int main( int argc, char *argv[] )
unsigned char psk[MBEDTLS_PSK_MAX_LEN]; unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0; size_t psk_len = 0;
#endif #endif
#if defined(MBEDTLS_SSL_CID)
unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
size_t cid_len = 0;
#endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE]; const char *alpn_list[ALPN_LIST_SIZE];
#endif #endif
@ -858,6 +879,8 @@ int main( int argc, char *argv[] )
opt.server_addr = DFL_SERVER_ADDR; opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT; opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL; opt.debug_level = DFL_DEBUG_LEVEL;
opt.cid_enabled = DFL_CID_ENABLED;
opt.cid_val = DFL_CID_VALUE;
opt.nbio = DFL_NBIO; opt.nbio = DFL_NBIO;
opt.event = DFL_EVENT; opt.event = DFL_EVENT;
opt.context_crt_cb = DFL_CONTEXT_CRT_CB; opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
@ -986,6 +1009,18 @@ int main( int argc, char *argv[] )
else if( strcmp( p, "key_opaque" ) == 0 ) else if( strcmp( p, "key_opaque" ) == 0 )
opt.key_opaque = atoi( q ); opt.key_opaque = atoi( q );
#endif #endif
#if defined(MBEDTLS_SSL_CID)
else if( strcmp( p, "cid" ) == 0 )
{
opt.cid_enabled = atoi( q );
if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
goto usage;
}
else if( strcmp( p, "cid_val" ) == 0 )
{
opt.cid_val = q;
}
#endif /* MBEDTLS_SSL_CID */
else if( strcmp( p, "psk" ) == 0 ) else if( strcmp( p, "psk" ) == 0 )
opt.psk = q; opt.psk = q;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1381,6 +1416,7 @@ int main( int argc, char *argv[] )
opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
} }
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.psk_opaque != 0 ) if( opt.psk_opaque != 0 )
{ {
@ -1406,6 +1442,24 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
} }
#if defined(MBEDTLS_SSL_CID)
if( strlen( opt.cid_val ) )
{
cid_len = strlen( opt.cid_val ) / 2;
if( cid_len > sizeof( cid ) )
{
mbedtls_printf( "CID too long\n" );
goto exit;
}
if( unhexify( opt.cid_val, cid ) != 0 )
{
mbedtls_printf( "CID not valid hex\n" );
goto exit;
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
if( opt.curves != NULL ) if( opt.curves != NULL )
{ {
@ -1907,6 +1961,19 @@ int main( int argc, char *argv[] )
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
#if defined(MBEDTLS_SSL_CID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
cid, cid_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
ret );
goto exit;
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU ) if( opt.dtls_mtu != DFL_DTLS_MTU )
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu ); mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
@ -2081,6 +2148,37 @@ int main( int argc, char *argv[] )
mbedtls_printf( "%s\n", peer_crt_info ); mbedtls_printf( "%s\n", peer_crt_info );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t peer_cid_len;
int cid_negotiated;
/* Check if the use of a CID has been negotiated */
ret = mbedtls_ssl_get_peer_cid( &ssl, &cid_negotiated,
peer_cid, &peer_cid_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
-ret );
goto exit;
}
if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
{
if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
{
mbedtls_printf( "Use of Connection ID was rejected by the server.\n" );
}
}
else
{
mbedtls_printf( "Use of Connection ID has been negotiated.\n" );
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( opt.renegotiate ) if( opt.renegotiate )
{ {