abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update TLS 1.3 PSK-only mode

Browse Source
This commit is contained in:
Zhi Guan
2026-03-28 11:09:26 +08:00
parent e996e72537
commit 3d29d5066d
5 changed files with 1490 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
tools/tls13_client.c
View File

@@ -12,6 +12,7 @@
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/hex.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
@@ -34,6 +35,11 @@ static const char *help =
" -cert file Client's certificate chain in PEM format\n"
" -key file Client's encrypted private key in PEM format\n"
" -pass str Password to decrypt private key\n"
" -sess_in Load server's session ticket file\n"
" -sess_out Save server's session ticket file\n"
" -psk_identity str Identity of pre_shared_key\n"
" -psk hex Pre-shared key in HEX format\n"
" -early_data file Send early data\n"
"\n"
"Examples\n"
"\n"
@@ -57,6 +63,7 @@ static const char *help =
"\n"
" sudo gmssl tls13_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234\n"
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacert.pem\n"
" -sess_in session.bin -sess_out session.bin\n"
"\n";
int tls13_client_main(int argc, char *argv[])
@@ -78,6 +85,17 @@ int tls13_client_main(int argc, char *argv[])
size_t len = sizeof(buf);
char send_buf[1024] = {0};
char *sess_in = NULL;
char *sess_out = NULL;
char *psk_identity = NULL;
char *psk = NULL;
uint8_t psk_buf[32];
size_t psk_len;
char *early_data_file = NULL;
FILE *early_data_fp = NULL;
int max_early_data_size = 0;
argc--;
argv++;
if (argc < 1) {
@@ -107,6 +125,24 @@ int tls13_client_main(int argc, char *argv[])
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-sess_in")) {
if (--argc < 1) goto bad;
sess_in = *(++argv);
} else if (!strcmp(*argv, "-sess_out")) {
if (--argc < 1) goto bad;
sess_out = *(++argv);
} else if (!strcmp(*argv, "-psk_identity")) {
if (--argc < 1) goto bad;
psk_identity = *(++argv);
} else if (!strcmp(*argv, "-psk")) {
if (--argc < 1) goto bad;
psk = *(++argv);
} else if (!strcmp(*argv, "-early_data")) {
if (--argc < 1) goto bad;
early_data_file = *(++argv);
} else if (!strcmp(*argv, "-max_early_data_size")) {
if (--argc < 1) goto bad;
max_early_data_size = atoi(*(++argv));
} else {
fprintf(stderr, "%s: invalid option '%s'\n", prog, *argv);
return 1;
@@ -132,6 +168,8 @@ bad:
goto end;
}
memset(&ctx, 0, sizeof(ctx));
memset(&conn, 0, sizeof(conn));
@@ -165,8 +203,75 @@ bad:
goto end;
}
}
if (tls_init(&conn, &ctx) != 1
|| tls_set_socket(&conn, sock) != 1
if (tls_init(&conn, &ctx) != 1) {
fprintf(stderr, "%s: error\n", prog);
goto end;
}
if (sess_in) {
if (tls13_add_pre_shared_key_from_file(&conn, sess_in) != 1) {
error_print();
return -1;
}
tls13_enable_pre_shared_key(&conn, 1);
tls13_set_psk_key_exchange_modes(&conn, 1, 1);
}
if (sess_out) {
if (tls13_set_session_outfile(&conn, sess_out) != 1) {
error_print();
goto end;
}
}
if (psk) {
if (!psk_identity) {
error_print();
return -1;
}
if (strlen(psk) != sizeof(psk_buf) * 2) {
error_print();
return -1;
}
if (hex_to_bytes(psk, strlen(psk), psk_buf, &psk_len) != 1) {
error_print();
return -1;
}
if (tls13_add_pre_shared_key(&conn, DIGEST_sm3(), (uint8_t *)psk_identity, strlen(psk_identity), psk_buf, psk_len, 0) != 1) {
error_print();
return -1;
}
tls13_enable_pre_shared_key(&conn, 1);
tls13_set_psk_key_exchange_modes(&conn, 1, 1);
}
if (early_data_file) {
uint8_t early_data[8192];
size_t early_data_len;
if (!(early_data_fp = fopen(early_data_file, "rb"))) {
error_print();
return -1;
}
early_data_len = fread(early_data, 1, sizeof(early_data), early_data_fp);
if (early_data_len) {
if (tls13_set_early_data(&conn, early_data, early_data_len) != 1) {
fclose(early_data_fp);
error_print();
return -1;
}
}
fclose(early_data_fp);
}
if (tls_set_socket(&conn, sock) != 1
|| tls_do_handshake(&conn) != 1) {
fprintf(stderr, "%s: error\n", prog);
goto end;