TLS: Clone in GetPsk since TlsPskKeyExchange will clear after use

- use not-all-zeroes test psk to ensure coverage

8 files changed, 105 insertions, 5 deletions

diff --git a/crypto/Readme.html b/crypto/Readme.html

index 01eddda7c..fc00814ad 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -306,6 +306,10 @@ We state, where EC MQV has not otherwise been disabled or removed:
         <ul>
             <li>EdDSA verifiers now reject overly long signatures.</li>
         </ul>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+            <li>TLS: BasicTlsPskIdentity now reusable (returns cloned array from GetPsk).</li>
+        </ul>
 
         <h4><a class="mozTocH4" name="mozTocId85319"></a>Release 1.8.5, Thursday January 31, 2019</h4>
 
diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj

index 5b0fcbae4..01e6b24a3 100644
--- a/crypto/crypto.csproj
+++ b/crypto/crypto.csproj
@@ -12745,6 +12745,11 @@
                     BuildAction = "Compile"
                 />
                 <File
+                    RelPath = "test\src\crypto\tls\test\PskTlsServerTest.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
                     RelPath = "test\src\crypto\tls\test\TlsClientTest.cs"
                     SubType = "Code"
                     BuildAction = "Compile"
diff --git a/crypto/src/crypto/tls/BasicTlsPskIdentity.cs b/crypto/src/crypto/tls/BasicTlsPskIdentity.cs

index db5954422..7a3bbe72e 100644
--- a/crypto/src/crypto/tls/BasicTlsPskIdentity.cs
+++ b/crypto/src/crypto/tls/BasicTlsPskIdentity.cs
@@ -37,7 +37,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         public virtual byte[] GetPsk()
         {
-            return mPsk;
+            return Arrays.Clone(mPsk);
         }
     }
 }
diff --git a/crypto/test/UnitTests.csproj b/crypto/test/UnitTests.csproj

index 11b20066e..d8d798e61 100644
--- a/crypto/test/UnitTests.csproj
+++ b/crypto/test/UnitTests.csproj
@@ -316,6 +316,7 @@
     <Compile Include="src\crypto\tls\test\NetworkStream.cs" />
     <Compile Include="src\crypto\tls\test\PipedStream.cs" />
     <Compile Include="src\crypto\tls\test\PskTlsClientTest.cs" />
+    <Compile Include="src\crypto\tls\test\PskTlsServerTest.cs" />
     <Compile Include="src\crypto\tls\test\TlsClientTest.cs" />
     <Compile Include="src\crypto\tls\test\TlsProtocolTest.cs" />
     <Compile Include="src\crypto\tls\test\TlsProtocolNonBlockingTest.cs" />
diff --git a/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs b/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs

index dfc0e93a0..80ebb4dbb 100644
--- a/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs
+++ b/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs
@@ -14,7 +14,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
         internal TlsSession mSession;
 
         internal MockPskTlsClient(TlsSession session)
-            :   this(session, new BasicTlsPskIdentity("client", new byte[16]))
+            : this(session, new BasicTlsPskIdentity("client", Strings.ToUtf8ByteArray("TLS_TEST_PSK")))
         {
         }
 
diff --git a/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs b/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs

index 7394a2077..79c5d6363 100644
--- a/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs
+++ b/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs
@@ -95,7 +95,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
                     string name = Strings.FromUtf8ByteArray(identity);
                     if (name.Equals("client"))
                     {
-                        return new byte[16];
+                        return Strings.ToUtf8ByteArray("TLS_TEST_PSK");
                     }
                 }
                 return null;
diff --git a/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs b/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs

index 7072c7105..a8c5b470a 100644
--- a/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs
+++ b/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs
@@ -4,6 +4,7 @@ using System.Net.Sockets;
 using System.Text;
 
 using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.Crypto.Tls.Tests
 {
@@ -32,8 +33,12 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
              * started with "-psk 6161616161" to make the keys match, and possibly the "-psk_hint"
              * option should be present.
              */
-            string psk_identity = "Client_identity";
-            byte[] psk = new byte[]{ 0x61, 0x61, 0x61, 0x61, 0x61 };
+            //string psk_identity = "Client_identity";
+            //byte[] psk = new byte[]{ 0x61, 0x61, 0x61, 0x61, 0x61 };
+
+            // These correspond to the configuration of MockPskTlsServer
+            string psk_identity = "client";
+            byte[] psk = Strings.ToUtf8ByteArray("TLS_TEST_PSK");
 
             BasicTlsPskIdentity pskIdentity = new BasicTlsPskIdentity(psk_identity, psk);
 
diff --git a/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs b/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs
new file mode 100644

index 000000000..15766f0a4
--- /dev/null
+++ b/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs
@@ -0,0 +1,85 @@
+using System;
+using System.IO;
+using System.Net;
+using System.Net.Sockets;
+using System.Threading;
+
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities.IO;
+
+namespace Org.BouncyCastle.Crypto.Tls.Tests
+{
+    /**
+     * A simple test designed to conduct a TLS handshake with an external TLS client.
+     * <p/>
+     * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in
+     * this package (under 'src/test/resources') for help configuring an external TLS client.
+     */
+    public class PskTlsServerTest
+    {
+        private static readonly SecureRandom secureRandom = new SecureRandom();
+
+        public static void Main(string[] args)
+        {
+            int port = 5556;
+
+            TcpListener ss = new TcpListener(IPAddress.Any, port);
+            ss.Start();
+            Stream stdout = Console.OpenStandardOutput();
+            try
+            {
+                while (true)
+                {
+                    TcpClient s = ss.AcceptTcpClient();
+                    Console.WriteLine("--------------------------------------------------------------------------------");
+                    Console.WriteLine("Accepted " + s);
+                    ServerThread st = new ServerThread(s, stdout);
+                    Thread t = new Thread(new ThreadStart(st.Run));
+                    t.Start();
+                }
+            }
+            finally
+            {
+                ss.Stop();
+            }
+        }
+
+        internal class ServerThread
+        {
+            private readonly TcpClient s;
+            private readonly Stream stdout;
+
+            internal ServerThread(TcpClient s, Stream stdout)
+            {
+                this.s = s;
+                this.stdout = stdout;
+            }
+
+            public void Run()
+            {
+                try
+                {
+                    MockPskTlsServer server = new MockPskTlsServer();
+                    TlsServerProtocol serverProtocol = new TlsServerProtocol(s.GetStream(), secureRandom);
+                    serverProtocol.Accept(server);
+                    Stream log = new TeeOutputStream(serverProtocol.Stream, stdout);
+                    Streams.PipeAll(serverProtocol.Stream, log);
+                    serverProtocol.Close();
+                }
+                finally
+                {
+                    try
+                    {
+                        s.Close();
+                    }
+                    catch (IOException)
+                    {
+                    }
+                    finally
+                    {
+                    }
+                }
+            }
+        }
+    }
+}