Пример #1
0
def test_s2n_new_server_old_ticket(managed_process, tmp_path, cipher, curve,
                                   certificate, protocol, provider,
                                   other_provider):
    ticket_file = str(tmp_path / TICKET_FILE)
    assert not os.path.exists(ticket_file)

    options = ProviderOptions(
        port=next(available_ports),
        cipher=cipher,
        curve=curve,
        protocol=protocol,
        insecure=True,
        use_session_ticket=True,
    )

    client_options = copy.copy(options)
    client_options.mode = Provider.ClientMode
    client_options.extra_flags = ['-sess_out', ticket_file]

    server_options = copy.copy(options)
    server_options.mode = Provider.ServerMode
    server_options.use_mainline_version = True
    server_options.key = certificate.key
    server_options.cert = certificate.cert
    server_options.data_to_send = CLOSE_MARKER_BYTES

    s2n_server = managed_process(S2N,
                                 server_options,
                                 send_marker=S2N.get_send_marker())
    client = managed_process(provider,
                             client_options,
                             close_marker=str(CLOSE_MARKER_BYTES))

    for results in client.get_results():
        results.assert_success()

    for results in s2n_server.get_results():
        results.assert_success()

    assert os.path.exists(ticket_file)
    client_options.extra_flags = ['-sess_in', ticket_file]
    server_options.use_mainline_version = False

    s2n_server = managed_process(S2N,
                                 server_options,
                                 send_marker=S2N.get_send_marker())
    client = managed_process(provider,
                             client_options,
                             close_marker=str(CLOSE_MARKER_BYTES))

    for results in client.get_results():
        results.assert_success()

    for results in s2n_server.get_results():
        results.assert_success()
        assert S2N_RESUMPTION_MARKER in results.stdout
Пример #2
0
 def setup_server(self):
     cmd_line = S2NBase.setup_server(self)
     cmd_line.extend(['--max-early-data', self.options.max_early_data])
     return cmd_line
Пример #3
0
 def setup_client(self):
     cmd_line = S2NBase.setup_client(self)
     early_data_file = self.options.early_data_file
     if early_data_file and os.path.exists(early_data_file):
         cmd_line.extend(['--early-data', early_data_file])
     return cmd_line
Пример #4
0
 def __init__(self, options: ProviderOptions):
     S2NBase.__init__(self, options)
Пример #5
0
def test_tls13_session_resumption_s2n_server(managed_process, tmp_path, cipher,
                                             curve, protocol, provider,
                                             certificate):
    port = str(next(available_ports))

    # Use temp directory to store session tickets
    p = tmp_path / 'ticket.pem'
    path_to_ticket = str(p)

    close_marker_bytes = data_bytes(10)

    client_options = ProviderOptions(mode=Provider.ClientMode,
                                     port=port,
                                     cipher=cipher,
                                     curve=curve,
                                     insecure=True,
                                     reconnect=False,
                                     extra_flags=['-sess_out', path_to_ticket],
                                     protocol=protocol)

    server_options = copy.copy(client_options)
    server_options.mode = Provider.ServerMode
    server_options.key = certificate.key
    server_options.cert = certificate.cert
    server_options.use_session_ticket = True
    server_options.extra_flags = None
    server_options.data_to_send = close_marker_bytes

    server = managed_process(S2N,
                             server_options,
                             timeout=5,
                             send_marker=S2N.get_send_marker())
    client = managed_process(provider,
                             client_options,
                             timeout=5,
                             close_marker=str(close_marker_bytes))

    # The client should have received a session ticket
    for results in client.get_results():
        results.assert_success()
        assert b'Post-Handshake New Session Ticket arrived:' in results.stdout

    for results in server.get_results():
        results.assert_success()
        # The first connection is a full handshake
        assert b'Resumed session' not in results.stdout

    # Client inputs received session ticket to resume a session
    assert os.path.exists(path_to_ticket)
    client_options.extra_flags = ['-sess_in', path_to_ticket]

    port = str(next(available_ports))
    client_options.port = port
    server_options.port = port

    server = managed_process(S2N,
                             server_options,
                             timeout=5,
                             send_marker=S2N.get_send_marker())
    client = managed_process(provider,
                             client_options,
                             timeout=5,
                             close_marker=str(close_marker_bytes))

    s2n_version = get_expected_s2n_version(protocol, provider)

    # Client has not read server certificate message as this is a resumed session
    for results in client.get_results():
        results.assert_success()
        assert to_bytes("SSL_connect:SSLv3/TLS read server certificate"
                        ) not in results.stderr

    # The server should indicate a session has been resumed
    for results in server.get_results():
        results.assert_success()
        assert b'Resumed session' in results.stdout
        assert to_bytes("Actual protocol version: {}".format(
            s2n_version)) in results.stdout