Skip to content

Commit 8d24c48

Browse files
mdulaneymdulaney
committed
Add support for converting sessions to / from ASN1 representation
1 parent 6502a0e commit 8d24c48

File tree

3 files changed

+135
-3
lines changed

3 files changed

+135
-3
lines changed

CHANGELOG.rst

+1
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ Deprecations:
2222
Changes:
2323
^^^^^^^^
2424

25+
* Added ``OpenSSL.SSL.Session.i2d`` to convert session objects to ASN1. Updated ``OpenSSL.SSL.Session`` constructor to support conversion from ASN1. `#1373 <https://github.com/pyca/pyopenssl/pull/1373>`_.
2526
* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.
2627

2728

src/OpenSSL/SSL.py

+34-1
Original file line numberDiff line numberDiff line change
@@ -823,7 +823,40 @@ class Session:
823823
.. versionadded:: 0.14
824824
"""
825825

826-
_session: Any
826+
_session: Any = None
827+
828+
def __init__(self, data: Optional[bytes] = None) -> None:
829+
if data is None:
830+
return
831+
832+
p = _ffi.new("unsigned char[]", data)
833+
pp = _ffi.new("unsigned char **")
834+
pp[0] = p
835+
length = _ffi.cast("long", len(data))
836+
837+
session = _lib.d2i_SSL_SESSION(_ffi.NULL, pp, length)
838+
if session == _ffi.NULL:
839+
_raise_current_error()
840+
841+
self._session = _ffi.gc(session, _lib.SSL_SESSION_free)
842+
843+
def i2d(self) -> bytes:
844+
if self._session is None:
845+
raise ValueError("Not a valid session")
846+
847+
length = _lib.i2d_SSL_SESSION(self._session, _ffi.NULL)
848+
if length == 0:
849+
raise ValueError("Not a valid session")
850+
851+
pp = _ffi.new("unsigned char **")
852+
p = _ffi.new("unsigned char[]", length)
853+
pp[0] = p
854+
855+
length = _lib.i2d_SSL_SESSION(self._session, pp)
856+
if length == 0:
857+
raise ValueError("Not a valid session")
858+
859+
return _ffi.buffer(p, length)[:]
827860

828861

829862
class Context:

tests/test_ssl.py

+100-2
Original file line numberDiff line numberDiff line change
@@ -299,17 +299,21 @@ def _create_certificate_chain():
299299
return [(cakey, cacert), (ikey, icert), (skey, scert)]
300300

301301

302-
def loopback_client_factory(socket, version=SSLv23_METHOD):
302+
def loopback_client_factory(socket, version=SSLv23_METHOD, session_data=None):
303303
client = Connection(Context(version), socket)
304+
if session_data is not None:
305+
client.set_session(Session(session_data))
304306
client.set_connect_state()
305307
return client
306308

307309

308-
def loopback_server_factory(socket, version=SSLv23_METHOD):
310+
def loopback_server_factory(socket, version=SSLv23_METHOD, session_data=None):
309311
ctx = Context(version)
310312
ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
311313
ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
312314
server = Connection(ctx, socket)
315+
if session_data is not None:
316+
server.set_session(Session(session_data))
313317
server.set_accept_state()
314318
return server
315319

@@ -2154,6 +2158,100 @@ def test_construction(self):
21542158
new_session = Session()
21552159
assert isinstance(new_session, Session)
21562160

2161+
def test_d2i_fail(self):
2162+
with pytest.raises(Error) as e:
2163+
Session(b"abc" * 1000)
2164+
2165+
assert e.value.args[0][0] in [
2166+
# TODO
2167+
# 1.1.x
2168+
# (
2169+
# "SSL routines",
2170+
# "SSL_CTX_set_session_id_context",
2171+
# "ssl session id context too long",
2172+
# ),
2173+
# 3.0.x
2174+
(
2175+
"asn1 encoding routines",
2176+
"",
2177+
"wrong tag",
2178+
),
2179+
]
2180+
2181+
assert e.value.args[0][1] in [
2182+
# TODO
2183+
# 1.1.x
2184+
# (
2185+
# "SSL routines",
2186+
# "SSL_CTX_set_session_id_context",
2187+
# "ssl session id context too long",
2188+
# ),
2189+
# 3.0.x
2190+
(
2191+
"asn1 encoding routines",
2192+
"",
2193+
"nested asn1 error",
2194+
),
2195+
]
2196+
2197+
def test_session_success(self):
2198+
session_id = (
2199+
b"\x51\x6d\x1d\x18\xc3\xb5\x86\x81\xc6\x79\x89\x2c\x89\x3e\x56\x33"
2200+
b"\xa7\x9c\xcd\x9b\x87\xbb\xb3\xdc\xf6\x76\x70\xf9\xc0\xdd\xf4\xef"
2201+
)
2202+
2203+
master_key = (
2204+
b"\x0f\xb2\x51\xe3\x15\x60\x2d\xef\x6e\x6d\xd2\x94\x2d\xe5\x37\x96"
2205+
b"\x72\xfa\xce\xb0\x39\xcc\x8d\xdf\xab\x32\xcc\x75\x0c\x66\xf9\xfd"
2206+
b"\xef\xbc\xc6\x2a\x8f\x9c\x35\x16\xfd\x4d\x38\xd9\xf9\xeb\x1d\xe4"
2207+
)
2208+
2209+
session_data = (
2210+
# sequence length=0x71
2211+
b"\x30\x71"
2212+
# integer (version)
2213+
b"\x02\x01\x01"
2214+
# integer (SSL version)
2215+
b"\x02\x02\x03\x03"
2216+
# octet-string (cipher suite)
2217+
b"\x04\x02\xc0\x30"
2218+
# octet-string length=0x20 (session id)
2219+
b"\x04\x20"
2220+
+ session_id
2221+
+
2222+
# octet-string length=0x30 (master secret)
2223+
b"\x04\x30"
2224+
+ master_key
2225+
+
2226+
# application (1), integer (time)
2227+
b"\xa1\x06\x02\x04"
2228+
+ b"\x66\xec\x4c\x2d"
2229+
+
2230+
# application (2), integer (timeout)
2231+
b"\xa2\x04\x02\x02"
2232+
+ b"\x02\x58"
2233+
+
2234+
# application (4), octet-string (session id context)
2235+
b"\xa4\x02\x04"
2236+
+ b"\x00"
2237+
)
2238+
serverSocket, clientSocket = socket_pair()
2239+
2240+
client = loopback_client_factory(
2241+
clientSocket, session_data=session_data
2242+
)
2243+
server = loopback_server_factory(
2244+
serverSocket, session_data=session_data
2245+
)
2246+
2247+
assert client.master_key() == master_key
2248+
assert server.master_key() == master_key
2249+
2250+
handshake(client, server)
2251+
2252+
client.send(b"hello world")
2253+
assert b"hello world" == server.recv(len(b"hello world"))
2254+
21572255

21582256
@pytest.fixture(params=["context", "connection"])
21592257
def ctx_or_conn(request) -> Union[Context, Connection]:

0 commit comments

Comments
 (0)