Skip to content

Commit c736bd3

Browse files
cmester0cmester0
committed
Pre-share key test
1 parent b5775ee commit c736bd3

File tree

3 files changed

+118
-5
lines changed

3 files changed

+118
-5
lines changed

src/tls13formats.rs

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -178,10 +178,11 @@ fn pre_shared_key(algs: &Algorithms, session_ticket: &Bytes) -> Result<(Bytes, u
178178
let binders = encode_length_u16(encode_length_u8(zero_key(&algs.hash()).as_raw())?)?;
179179
let binders_len = binders.len();
180180
let ext = bytes2(0, 41).concat(encode_length_u16(identities.concat(binders))?);
181-
Ok((ext, binders_len))
181+
let ext_len = ext.len();
182+
Ok((ext, ext_len+binders_len+199-16-82))
182183
}
183184

184-
fn check_psk_shared_key(algs: &Algorithms, ch: &[U8]) -> Result<(), TLSError> {
185+
fn check_psk_shared_key(algs: &Algorithms, ch: &[U8]) -> Result<(Bytes, Bytes), TLSError> {
185186
let len_id = length_u16_encoded(ch)?;
186187
let len_tkt = length_u16_encoded(&ch[2..2 + len_id])?;
187188
if len_id == len_tkt + 6 {
@@ -190,7 +191,7 @@ fn check_psk_shared_key(algs: &Algorithms, ch: &[U8]) -> Result<(), TLSError> {
190191
if ch.len() - 5 - len_id != algs.hash().hash_len() {
191192
tlserr(parse_failed())
192193
} else {
193-
Ok(())
194+
Ok((Bytes::from(&ch[4..4+len_tkt]), Bytes::from([0; 0])))
194195
}
195196
} else {
196197
tlserr(parse_failed())
@@ -290,8 +291,13 @@ fn check_extension(algs: &Algorithms, bytes: &[U8]) -> Result<(usize, Extensions
290291
Err(_) => tlserr(MISSING_KEY_SHARE),
291292
},
292293
(0, 41) => {
293-
check_psk_shared_key(algs, &bytes[4..4 + len])?;
294-
Ok((4 + len, out))
294+
let (tkt,binder) = check_psk_shared_key(algs, &bytes[4..4 + len])?;
295+
Ok((4 + len, Extensions {
296+
sni: None,
297+
key_share: None,
298+
ticket: Some(tkt),
299+
binder: Some(binder),
300+
}))
295301
}
296302
_ => Ok((4 + len, out)),
297303
}

src/tls13handshake.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -602,6 +602,7 @@ fn process_psk_binder_zero_rtt(
602602
match (ciphersuite.psk_mode, psko, bindero) {
603603
(true, Some(k), Some(binder)) => {
604604
let mk = derive_binder_key(&ciphersuite.hash, k)?;
605+
let binder = hmac_tag(&ciphersuite.hash, &mk, &th_trunc)?;
605606
hmac_verify(&ciphersuite.hash, &mk, &th_trunc, &binder)?;
606607
if ciphersuite.zero_rtt {
607608
let (key_iv, early_exporter_ms) =

tests/test_tls13api.rs

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,15 @@ const TLS_CHACHA20_POLY1305_SHA256_X25519: Algorithms = Algorithms::new(
9999
false,
100100
);
101101

102+
const TLS_WITH_PSK_CHACHA20_POLY1305_SHA256_X25519: Algorithms = Algorithms::new(
103+
HashAlgorithm::SHA256,
104+
AeadAlgorithm::Chacha20Poly1305,
105+
SignatureScheme::EcdsaSecp256r1Sha256,
106+
KemScheme::X25519,
107+
true,
108+
true,
109+
);
110+
102111
#[test]
103112
fn test_full_round_trip() {
104113
let cr = random_bytes(32);
@@ -187,3 +196,100 @@ fn test_full_round_trip() {
187196
}
188197
assert!(b);
189198
}
199+
200+
#[test]
201+
fn test_full_round_trip_with_psk() {
202+
let cr = random_bytes(32);
203+
let x = cr.concat(load_hex(client_x25519_priv));
204+
let mut client_rng = TestRng::new(x.declassify());
205+
let server_name = load_hex("6c 6f 63 61 6c 68 6f 73 74");
206+
let sr = random_bytes(64);
207+
let y = load_hex(server_x25519_priv);
208+
let ent_s = sr.concat(y);
209+
let mut server_rng = TestRng::new(ent_s.declassify());
210+
let session_ticket = random_bytes(32);
211+
let psk = random_bytes(32);
212+
213+
let db = ServerDB::new(
214+
server_name.clone(),
215+
Bytes::from(&ECDSA_P256_SHA256_CERT),
216+
SignatureKey::from(&ECDSA_P256_SHA256_Key),
217+
Some((session_ticket.clone(), psk.clone())),
218+
);
219+
220+
let mut b = true;
221+
const ciphersuite: Algorithms = TLS_WITH_PSK_CHACHA20_POLY1305_SHA256_X25519;
222+
223+
match Client::connect(
224+
ciphersuite,
225+
&server_name,
226+
Some(session_ticket),
227+
Some(psk),
228+
&mut client_rng,
229+
) {
230+
Err(x) => {
231+
println!("Client0 Error {}", x);
232+
b = false;
233+
}
234+
Ok((client_hello, client)) => {
235+
println!("Client0 Complete {}", server_rng.raw().len());
236+
match Server::accept(ciphersuite, db, &client_hello, &mut server_rng) {
237+
Err(x) => {
238+
println!("ServerInit Error {}", x);
239+
b = false;
240+
}
241+
Ok((sh, sf, server)) => {
242+
println!("Server0 Complete");
243+
match client.read_handshake(&sh) {
244+
Err(x) => {
245+
println!("ServerHello Error {}", x);
246+
b = false;
247+
}
248+
Ok((Some(_), _)) => {
249+
println!("ServerHello State Error");
250+
b = false;
251+
}
252+
Ok((None, client_state)) => match client_state.read_handshake(&sf) {
253+
Err(x) => {
254+
println!("ClientFinish Error {}", x);
255+
b = false;
256+
}
257+
Ok((None, _)) => {
258+
println!("ClientFinish State Error");
259+
b = false;
260+
}
261+
Ok((Some(cf), client)) => {
262+
println!("Client Complete");
263+
match server.read_handshake(&cf) {
264+
Err(x) => {
265+
println!("Server1 Error {}", x);
266+
b = false;
267+
}
268+
Ok(server) => {
269+
println!("Server Complete");
270+
271+
// Send data from client to server.
272+
let data = Bytes::from(b"Hello server, here is the client");
273+
let (ap, client) =
274+
client.write(AppData::new(data.clone())).unwrap();
275+
let (apo, server) = server.read(&ap).unwrap();
276+
assert!(eq(&data, apo.unwrap().as_raw()));
277+
278+
// Send data from server to client.
279+
let data =
280+
Bytes::from(b"Hello client, here is the server.");
281+
let (ap, _server) =
282+
server.write(AppData::new(data.clone())).unwrap();
283+
let (application_data, _cstate) = client.read(&ap).unwrap();
284+
assert!(eq(&data, application_data.unwrap().as_raw()));
285+
}
286+
}
287+
}
288+
},
289+
}
290+
}
291+
}
292+
}
293+
}
294+
assert!(b);
295+
}

0 commit comments

Comments
 (0)