diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-05-06 17:43:16 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-05-06 17:43:16 +0700 |
| commit | a0f190f93151a9b83194603ac56120337c1bdfbd (patch) | |
| tree | 3d2ed0c831d6f98c18222ae03c04110838733d33 | |
| parent | EdDSA verifiers now reject overly long signatures (diff) | |
| download | BouncyCastle.NET-ed25519-a0f190f93151a9b83194603ac56120337c1bdfbd.tar.xz | |
TLS: Clone in GetPsk since TlsPskKeyExchange will clear after use
- use not-all-zeroes test psk to ensure coverage
| -rw-r--r-- | crypto/Readme.html | 4 | ||||
| -rw-r--r-- | crypto/crypto.csproj | 5 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/BasicTlsPskIdentity.cs | 2 | ||||
| -rw-r--r-- | crypto/test/UnitTests.csproj | 1 | ||||
| -rw-r--r-- | crypto/test/src/crypto/tls/test/MockPskTlsClient.cs | 2 | ||||
| -rw-r--r-- | crypto/test/src/crypto/tls/test/MockPskTlsServer.cs | 2 | ||||
| -rw-r--r-- | crypto/test/src/crypto/tls/test/PskTlsClientTest.cs | 9 | ||||
| -rw-r--r-- | crypto/test/src/crypto/tls/test/PskTlsServerTest.cs | 85 |
8 files changed, 105 insertions, 5 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html index 01eddda7c..fc00814ad 100644 --- a/crypto/Readme.html +++ b/crypto/Readme.html @@ -306,6 +306,10 @@ We state, where EC MQV has not otherwise been disabled or removed: <ul> <li>EdDSA verifiers now reject overly long signatures.</li> </ul> + <h5>Additional Features and Functionality</h5> + <ul> + <li>TLS: BasicTlsPskIdentity now reusable (returns cloned array from GetPsk).</li> + </ul> <h4><a class="mozTocH4" name="mozTocId85319"></a>Release 1.8.5, Thursday January 31, 2019</h4> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 5b0fcbae4..01e6b24a3 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -12745,6 +12745,11 @@ BuildAction = "Compile" /> <File + RelPath = "test\src\crypto\tls\test\PskTlsServerTest.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "test\src\crypto\tls\test\TlsClientTest.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/crypto/tls/BasicTlsPskIdentity.cs b/crypto/src/crypto/tls/BasicTlsPskIdentity.cs index db5954422..7a3bbe72e 100644 --- a/crypto/src/crypto/tls/BasicTlsPskIdentity.cs +++ b/crypto/src/crypto/tls/BasicTlsPskIdentity.cs @@ -37,7 +37,7 @@ namespace Org.BouncyCastle.Crypto.Tls public virtual byte[] GetPsk() { - return mPsk; + return Arrays.Clone(mPsk); } } } diff --git a/crypto/test/UnitTests.csproj b/crypto/test/UnitTests.csproj index 11b20066e..d8d798e61 100644 --- a/crypto/test/UnitTests.csproj +++ b/crypto/test/UnitTests.csproj @@ -316,6 +316,7 @@ <Compile Include="src\crypto\tls\test\NetworkStream.cs" /> <Compile Include="src\crypto\tls\test\PipedStream.cs" /> <Compile Include="src\crypto\tls\test\PskTlsClientTest.cs" /> + <Compile Include="src\crypto\tls\test\PskTlsServerTest.cs" /> <Compile Include="src\crypto\tls\test\TlsClientTest.cs" /> <Compile Include="src\crypto\tls\test\TlsProtocolTest.cs" /> <Compile Include="src\crypto\tls\test\TlsProtocolNonBlockingTest.cs" /> diff --git a/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs b/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs index dfc0e93a0..80ebb4dbb 100644 --- a/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs +++ b/crypto/test/src/crypto/tls/test/MockPskTlsClient.cs @@ -14,7 +14,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests internal TlsSession mSession; internal MockPskTlsClient(TlsSession session) - : this(session, new BasicTlsPskIdentity("client", new byte[16])) + : this(session, new BasicTlsPskIdentity("client", Strings.ToUtf8ByteArray("TLS_TEST_PSK"))) { } diff --git a/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs b/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs index 7394a2077..79c5d6363 100644 --- a/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs +++ b/crypto/test/src/crypto/tls/test/MockPskTlsServer.cs @@ -95,7 +95,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests string name = Strings.FromUtf8ByteArray(identity); if (name.Equals("client")) { - return new byte[16]; + return Strings.ToUtf8ByteArray("TLS_TEST_PSK"); } } return null; diff --git a/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs b/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs index 7072c7105..a8c5b470a 100644 --- a/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs +++ b/crypto/test/src/crypto/tls/test/PskTlsClientTest.cs @@ -4,6 +4,7 @@ using System.Net.Sockets; using System.Text; using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Crypto.Tls.Tests { @@ -32,8 +33,12 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests * started with "-psk 6161616161" to make the keys match, and possibly the "-psk_hint" * option should be present. */ - string psk_identity = "Client_identity"; - byte[] psk = new byte[]{ 0x61, 0x61, 0x61, 0x61, 0x61 }; + //string psk_identity = "Client_identity"; + //byte[] psk = new byte[]{ 0x61, 0x61, 0x61, 0x61, 0x61 }; + + // These correspond to the configuration of MockPskTlsServer + string psk_identity = "client"; + byte[] psk = Strings.ToUtf8ByteArray("TLS_TEST_PSK"); BasicTlsPskIdentity pskIdentity = new BasicTlsPskIdentity(psk_identity, psk); diff --git a/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs b/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs new file mode 100644 index 000000000..15766f0a4 --- /dev/null +++ b/crypto/test/src/crypto/tls/test/PskTlsServerTest.cs @@ -0,0 +1,85 @@ +using System; +using System.IO; +using System.Net; +using System.Net.Sockets; +using System.Threading; + +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities.IO; + +namespace Org.BouncyCastle.Crypto.Tls.Tests +{ + /** + * A simple test designed to conduct a TLS handshake with an external TLS client. + * <p/> + * Please refer to GnuTLSSetup.html or OpenSSLSetup.html (under 'docs'), and x509-*.pem files in + * this package (under 'src/test/resources') for help configuring an external TLS client. + */ + public class PskTlsServerTest + { + private static readonly SecureRandom secureRandom = new SecureRandom(); + + public static void Main(string[] args) + { + int port = 5556; + + TcpListener ss = new TcpListener(IPAddress.Any, port); + ss.Start(); + Stream stdout = Console.OpenStandardOutput(); + try + { + while (true) + { + TcpClient s = ss.AcceptTcpClient(); + Console.WriteLine("--------------------------------------------------------------------------------"); + Console.WriteLine("Accepted " + s); + ServerThread st = new ServerThread(s, stdout); + Thread t = new Thread(new ThreadStart(st.Run)); + t.Start(); + } + } + finally + { + ss.Stop(); + } + } + + internal class ServerThread + { + private readonly TcpClient s; + private readonly Stream stdout; + + internal ServerThread(TcpClient s, Stream stdout) + { + this.s = s; + this.stdout = stdout; + } + + public void Run() + { + try + { + MockPskTlsServer server = new MockPskTlsServer(); + TlsServerProtocol serverProtocol = new TlsServerProtocol(s.GetStream(), secureRandom); + serverProtocol.Accept(server); + Stream log = new TeeOutputStream(serverProtocol.Stream, stdout); + Streams.PipeAll(serverProtocol.Stream, log); + serverProtocol.Close(); + } + finally + { + try + { + s.Close(); + } + catch (IOException) + { + } + finally + { + } + } + } + } + } +} |