From 22c0e3d48b2527f49ef25b3dd999db2545fd5624 Mon Sep 17 00:00:00 2001 From: Nick Banks Date: Thu, 25 Feb 2021 12:24:23 -0800 Subject: [PATCH 1/2] New Session Ticket Encryption Key API (#1213) --- .azure/azure-pipelines.qns.yml | 2 +- .azure/templates/create-package.yml | 2 +- CMakeLists.txt | 10 + src/core/configuration.c | 26 ++- src/inc/msquic.h | 17 +- src/inc/msquic.hpp | 22 ++ src/inc/msquic.ver | 6 +- src/inc/quic_tls.h | 11 + src/platform/CMakeLists.txt | 2 + src/platform/tls_mitls.c | 64 ++++-- src/platform/tls_openssl.c | 18 +- src/platform/tls_schannel.c | 90 +++++++- src/platform/tls_stub.c | 15 ++ src/test/MsQuicTests.h | 8 +- src/test/bin/quic_gtest.cpp | 16 +- src/test/bin/quic_gtest.h | 22 +- src/test/bin/winkernel/control.cpp | 2 +- src/test/lib/ApiTest.cpp | 312 ++++++++++++++++++---------- src/test/lib/DataTest.cpp | 41 ++-- src/test/lib/HandshakeTest.cpp | 33 ++- 20 files changed, 527 insertions(+), 192 deletions(-) diff --git a/.azure/azure-pipelines.qns.yml b/.azure/azure-pipelines.qns.yml index 5e44a3d53e..04c74edc4f 100644 --- a/.azure/azure-pipelines.qns.yml +++ b/.azure/azure-pipelines.qns.yml @@ -58,7 +58,7 @@ jobs: ${{ if eq(variables['Build.Reason'], 'BatchedCI') }}: tags: | latest - v1.1.1.$(Build.BuildId) + v1.1.2.$(Build.BuildId) ${{ if ne(variables['Build.Reason'], 'BatchedCI') }}: tags: custom-$(Build.BuildId) - template: .\templates\run-qns.yml diff --git a/.azure/templates/create-package.yml b/.azure/templates/create-package.yml index 977d8d5878..98d016fa65 100644 --- a/.azure/templates/create-package.yml +++ b/.azure/templates/create-package.yml @@ -43,5 +43,5 @@ jobs: owner: quicdev@microsoft.com majorVer: 1 minorVer: 1 - patchVer: 1 + patchVer: 2 prereleaseVer: $(Build.BuildId) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9a767c6728..13f9660552 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -253,14 +253,22 @@ if(WIN32) list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_RESUMPTION) endif() + if(QUIC_TLS STREQUAL "schannel") + # User mode schannel doesn't support this yet. + message(STATUS "Disabling resumption rejection") + list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_RESUMPTION_REJECTION_TESTS) + endif() + if(QUIC_TLS STREQUAL "openssl" OR QUIC_TLS STREQUAL "schannel") # OpenSSL and SChannel don't support 0-RTT yet. message(STATUS "Disabling 0-RTT support") list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_0RTT_TESTS) + list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_RESUMPTION_REJECTION_TESTS) endif() if(QUIC_TLS STREQUAL "stub") list(APPEND QUIC_COMMON_DEFINES QUIC_TLS_STUB) + list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_RESUMPTION_REJECTION_TESTS) endif() if(QUIC_ENABLE_SANITIZERS) @@ -348,6 +356,7 @@ else() # OpenSSL doesn't support 0-RTT yet. message(STATUS "Disabling 0-RTT support") list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_0RTT_TESTS) + list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_RESUMPTION_REJECTION_TESTS) endif() if(QUIC_ENABLE_SANITIZERS) @@ -360,6 +369,7 @@ else() if(QUIC_TLS STREQUAL "stub") list(APPEND QUIC_COMMON_DEFINES QUIC_TLS_STUB) + list(APPEND QUIC_COMMON_DEFINES QUIC_DISABLE_RESUMPTION_REJECTION_TESTS) endif() set(QUIC_C_FLAGS ${QUIC_COMMON_FLAGS}) diff --git a/src/core/configuration.c b/src/core/configuration.c index 58f64796df..bcbde53253 100644 --- a/src/core/configuration.c +++ b/src/core/configuration.c @@ -442,9 +442,11 @@ QuicConfigurationParamSet( const void* Buffer ) { - if (Param == QUIC_PARAM_CONFIGURATION_SETTINGS) { + switch (Param) { + case QUIC_PARAM_CONFIGURATION_SETTINGS: - if (BufferLength != sizeof(QUIC_SETTINGS)) { + if (Buffer == NULL || + BufferLength != sizeof(QUIC_SETTINGS)) { return QUIC_STATUS_INVALID_PARAMETER; // TODO - Support partial } @@ -465,6 +467,26 @@ QuicConfigurationParamSet( QuicSettingsDumpNew(BufferLength, (QUIC_SETTINGS*)Buffer); return QUIC_STATUS_SUCCESS; + + case QUIC_PARAM_CONFIGURATION_TICKET_KEYS: + + if (Buffer == NULL || + BufferLength < sizeof(QUIC_TICKET_KEY_CONFIG)) { + return QUIC_STATUS_INVALID_PARAMETER; + } + + if (Configuration->SecurityConfig == NULL) { + return QUIC_STATUS_INVALID_STATE; + } + + return + CxPlatTlsSecConfigSetTicketKeys( + Configuration->SecurityConfig, + (QUIC_TICKET_KEY_CONFIG*)Buffer, + (uint8_t)(BufferLength / sizeof(QUIC_TICKET_KEY_CONFIG))); + + default: + break; } return QUIC_STATUS_INVALID_PARAMETER; diff --git a/src/inc/msquic.h b/src/inc/msquic.h index b4df130037..7071152940 100644 --- a/src/inc/msquic.h +++ b/src/inc/msquic.h @@ -243,10 +243,24 @@ typedef struct QUIC_CREDENTIAL_CONFIG { QUIC_CERTIFICATE_FILE* CertificateFile; }; const char* Principal; - void* TicketKey; // Optional, 44 byte array + void* Reserved; // Currently unused QUIC_CREDENTIAL_LOAD_COMPLETE_HANDLER AsyncHandler; // Optional } QUIC_CREDENTIAL_CONFIG; +// +// The maximum number of QUIC_TICKET_KEY_CONFIG that can be used at one time. +// +#define QUIC_MAX_TICKET_KEY_COUNT 16 + +// +// TLS New Session Ticket encryption key configuration. +// +typedef struct QUIC_TICKET_KEY_CONFIG { + uint8_t Id[16]; + uint8_t Material[64]; + uint8_t MaterialLength; +} QUIC_TICKET_KEY_CONFIG; + // // A single contiguous buffer. // @@ -502,6 +516,7 @@ typedef enum QUIC_PARAM_LEVEL { // Parameters for QUIC_PARAM_LEVEL_CONFIGURATION. // #define QUIC_PARAM_CONFIGURATION_SETTINGS 0 // QUIC_SETTINGS +#define QUIC_PARAM_CONFIGURATION_TICKET_KEYS 1 // QUIC_TICKET_KEY_CONFIG[] // // Parameters for QUIC_PARAM_LEVEL_LISTENER. diff --git a/src/inc/msquic.hpp b/src/inc/msquic.hpp index 06e53b3233..957176a672 100644 --- a/src/inc/msquic.hpp +++ b/src/inc/msquic.hpp @@ -398,6 +398,28 @@ class MsQuicConfiguration { LoadCredential(_In_ const QUIC_CREDENTIAL_CONFIG* CredConfig) noexcept { return MsQuic->ConfigurationLoadCredential(Handle, CredConfig); } + QUIC_STATUS + SetTicketKey(_In_ const QUIC_TICKET_KEY_CONFIG* KeyConfig) noexcept { + return + MsQuic->SetParam( + Handle, + QUIC_PARAM_LEVEL_CONFIGURATION, + QUIC_PARAM_CONFIGURATION_TICKET_KEYS, + sizeof(QUIC_TICKET_KEY_CONFIG), + KeyConfig); + } + QUIC_STATUS + SetTicketKeys( + _In_reads_(KeyCount) const QUIC_TICKET_KEY_CONFIG* KeyConfig, + uint8_t KeyCount) noexcept { + return + MsQuic->SetParam( + Handle, + QUIC_PARAM_LEVEL_CONFIGURATION, + QUIC_PARAM_CONFIGURATION_TICKET_KEYS, + KeyCount * sizeof(QUIC_TICKET_KEY_CONFIG), + KeyConfig); + } }; struct MsQuicListener { diff --git a/src/inc/msquic.ver b/src/inc/msquic.ver index 928ef823df..e9a8eb659c 100644 --- a/src/inc/msquic.ver +++ b/src/inc/msquic.ver @@ -20,10 +20,10 @@ #define VER_LEGALCOPYRIGHT_STR "\251 Microsoft Corporation." #define VER_PRODUCTNAME_STR "Microsoft\256 QUIC" -#define VER_FILEVERSION 1,1.1.0 -#define VER_FILEVERSION_STR "1.1.1.0\0" +#define VER_FILEVERSION 1,1.2.0 +#define VER_FILEVERSION_STR "1.1.2.0\0" -#define VER_PRODUCTVERSION_STR "1.1.1." STR(VER_BUILD_ID) STR(VER_SUFFIX) "\0" +#define VER_PRODUCTVERSION_STR "1.1.2." STR(VER_BUILD_ID) STR(VER_SUFFIX) "\0" VS_VERSION_INFO VERSIONINFO FILEVERSION VER_FILEVERSION diff --git a/src/inc/quic_tls.h b/src/inc/quic_tls.h index 519c6b3785..49481b8c7d 100644 --- a/src/inc/quic_tls.h +++ b/src/inc/quic_tls.h @@ -344,6 +344,17 @@ CxPlatTlsSecConfigDelete( CXPLAT_SEC_CONFIG* SecurityConfig ); +// +// Sets a NST ticket key for a security configuration. +// +_IRQL_requires_max_(PASSIVE_LEVEL) +QUIC_STATUS +CxPlatTlsSecConfigSetTicketKeys( + _In_ CXPLAT_SEC_CONFIG* SecurityConfig, + _In_reads_(KeyCount) QUIC_TICKET_KEY_CONFIG* KeyConfig, + _In_ uint8_t KeyCount + ); + // // Initializes a TLS context. // diff --git a/src/platform/CMakeLists.txt b/src/platform/CMakeLists.txt index d87add8a20..3420857fca 100644 --- a/src/platform/CMakeLists.txt +++ b/src/platform/CMakeLists.txt @@ -79,4 +79,6 @@ if(QUIC_TLS STREQUAL "openssl") target_link_libraries(platform PUBLIC OpenSSL) elseif(QUIC_TLS STREQUAL "mitls") target_link_libraries(platform PUBLIC kremlib evercrypt mitls quiccrypto) +elseif(QUIC_TLS STREQUAL "schannel") + target_link_libraries(platform PUBLIC secur32) endif() diff --git a/src/platform/tls_mitls.c b/src/platform/tls_mitls.c index ac5cfced5b..9b453921ef 100644 --- a/src/platform/tls_mitls.c +++ b/src/platform/tls_mitls.c @@ -430,29 +430,7 @@ CxPlatTlsSecConfigCreate( QUIC_STATUS Status = QUIC_STATUS_SUCCESS; - if (CredConfig->Flags & QUIC_CREDENTIAL_FLAG_CLIENT) { - - if (CredConfig->TicketKey != NULL && - !FFI_mitls_set_sealing_key("AES256-GCM", (uint8_t*)CredConfig->TicketKey, 44)) { - QuicTraceEvent( - LibraryError, - "[ lib] ERROR, %s.", - "FFI_mitls_set_sealing_key failed"); - Status = QUIC_STATUS_INVALID_STATE; - goto Error; - } - - } else { - - if (CredConfig->TicketKey != NULL && - !FFI_mitls_set_ticket_key("AES256-GCM", (uint8_t*)CredConfig->TicketKey, 44)) { - QuicTraceEvent( - LibraryError, - "[ lib] ERROR, %s.", - "FFI_mitls_set_ticket_key failed"); - Status = QUIC_STATUS_INVALID_STATE; - goto Error; - } + if (!(CredConfig->Flags & QUIC_CREDENTIAL_FLAG_CLIENT)) { Status = CxPlatCertCreate(CredConfig, &SecurityConfig->Certificate); if (QUIC_FAILED(Status)) { @@ -512,6 +490,46 @@ CxPlatTlsSecConfigDelete( CXPLAT_FREE(SecurityConfig, QUIC_POOL_TLS_SECCONF); } +const uint8_t miTlsTicketKeyLength = 44; + +_IRQL_requires_max_(PASSIVE_LEVEL) +QUIC_STATUS +CxPlatTlsSecConfigSetTicketKeys( + _In_ CXPLAT_SEC_CONFIG* SecurityConfig, + _In_reads_(KeyCount) QUIC_TICKET_KEY_CONFIG* KeyConfig, + _In_ uint8_t KeyCount + ) +{ + if (KeyCount != 1) { // Only supports 1 key + return QUIC_STATUS_NOT_SUPPORTED; + } + + if (KeyConfig->MaterialLength < miTlsTicketKeyLength) { + return QUIC_STATUS_INVALID_PARAMETER; + } + + if (SecurityConfig->Flags & QUIC_CREDENTIAL_FLAG_CLIENT) { + if (!FFI_mitls_set_sealing_key("AES256-GCM", KeyConfig->Material, miTlsTicketKeyLength)) { + QuicTraceEvent( + LibraryError, + "[ lib] ERROR, %s.", + "FFI_mitls_set_sealing_key failed"); + return QUIC_STATUS_INVALID_STATE; + } + + } else { + if (!FFI_mitls_set_ticket_key("AES256-GCM", KeyConfig->Material, miTlsTicketKeyLength)) { + QuicTraceEvent( + LibraryError, + "[ lib] ERROR, %s.", + "FFI_mitls_set_ticket_key failed"); + return QUIC_STATUS_INVALID_STATE; + } + } + + return QUIC_STATUS_SUCCESS; +} + _IRQL_requires_max_(PASSIVE_LEVEL) QUIC_STATUS CxPlatTlsInitialize( diff --git a/src/platform/tls_openssl.c b/src/platform/tls_openssl.c index b23e192292..f581e56184 100644 --- a/src/platform/tls_openssl.c +++ b/src/platform/tls_openssl.c @@ -566,8 +566,8 @@ CxPlatTlsSecConfigCreate( return QUIC_STATUS_NOT_SUPPORTED; // Not supported by this TLS implementation } - if (CredConfig->TicketKey != NULL) { - return QUIC_STATUS_NOT_SUPPORTED; // Not currently supported + if (CredConfig->Reserved != NULL) { + return QUIC_STATUS_INVALID_PARAMETER; // Not currently used and should be NULL. } if (CredConfig->Flags & QUIC_CREDENTIAL_FLAG_CLIENT) { @@ -863,6 +863,20 @@ CxPlatTlsSecConfigDelete( CXPLAT_FREE(SecurityConfig, QUIC_POOL_TLS_SECCONF); } +_IRQL_requires_max_(PASSIVE_LEVEL) +QUIC_STATUS +CxPlatTlsSecConfigSetTicketKeys( + _In_ CXPLAT_SEC_CONFIG* SecurityConfig, + _In_reads_(KeyCount) QUIC_TICKET_KEY_CONFIG* KeyConfig, + _In_ uint8_t KeyCount + ) +{ + UNREFERENCED_PARAMETER(SecurityConfig); + UNREFERENCED_PARAMETER(KeyConfig); + UNREFERENCED_PARAMETER(KeyCount); + return QUIC_STATUS_NOT_SUPPORTED; +} + QUIC_STATUS CxPlatTlsInitialize( _In_ const CXPLAT_TLS_CONFIG* Config, diff --git a/src/platform/tls_schannel.c b/src/platform/tls_schannel.c index 0284c404a4..8c8e02aa74 100644 --- a/src/platform/tls_schannel.c +++ b/src/platform/tls_schannel.c @@ -46,6 +46,24 @@ typedef struct _SecPkgContext_CertificateValidationResult HRESULT hrVerifyChainStatus; // Certificate validation policy error returned by CertVerifyCertificateChainPolicy. } SecPkgContext_CertificateValidationResult, *PSecPkgContext_CertificateValidationResult; +// Session ticket protection version definitions. +#define SESSION_TICKET_INFO_V0 0 +#define SESSION_TICKET_INFO_VERSION SESSION_TICKET_INFO_V0 + +typedef struct _SecPkgCred_SessionTicketKey +{ + DWORD TicketInfoVersion; // Set to SESSION_TICKET_INFO_VERSION for the current session ticket protection method. + BYTE KeyId[16]; // Uniquely identifies each session ticket key issued by a TLS server. + BYTE KeyingMaterial[64]; // Must be generated using a cryptographic RNG. + BYTE KeyingMaterialSize; // Size in bytes of the keying material in the KeyingMaterial array. Must be between 32 and 64. +} SecPkgCred_SessionTicketKey, *PSecPkgCred_SessionTicketKey; + +typedef struct _SecPkgCred_SessionTicketKeys +{ + DWORD cSessionTicketKeys; // Up to 16 keys. + PSecPkgCred_SessionTicketKey pSessionTicketKeys; +} SecPkgCred_SessionTicketKeys, *PSecPkgCred_SessionTicketKeys; + typedef struct _SEND_GENERIC_TLS_EXTENSION { WORD ExtensionType; // Code point of extension. @@ -214,11 +232,13 @@ typedef struct _SecPkgContext_SessionInfo #define SECPKG_ATTR_SESSION_INFO 0x5d // returns SecPkgContext_SessionInfo #define SECPKG_ATTR_CERT_CHECK_RESULT_INPROC 0x72 // returns SecPkgContext_CertificateValidationResult, use only after SSPI handshake loop +#define SECPKG_ATTR_SESSION_TICKET_KEYS 0x73 // sets SecPkgCred_SessionTicketKeys #else #define SCHANNEL_USE_BLACKLISTS #include + #ifndef SCH_CRED_DEFERRED_CRED_VALIDATION #define SCH_CRED_DEFERRED_CRED_VALIDATION 0x04000000 typedef struct _SecPkgContext_CertificateValidationResult @@ -227,7 +247,27 @@ typedef struct _SecPkgContext_CertificateValidationResult HRESULT hrVerifyChainStatus; // Certificate validation policy error returned by CertVerifyCertificateChainPolicy. } SecPkgContext_CertificateValidationResult, *PSecPkgContext_CertificateValidationResult; #define SECPKG_ATTR_CERT_CHECK_RESULT_INPROC 0x72 // returns SecPkgContext_CertificateValidationResult, use only after SSPI handshake loop -#endif +#endif // SCH_CRED_DEFERRED_CRED_VALIDATION + +#ifndef SECPKG_ATTR_SESSION_TICKET_KEYS +#define SECPKG_ATTR_SESSION_TICKET_KEYS 0x73 // sets SecPkgCred_SessionTicketKeys +// Session ticket protection version definitions. +#define SESSION_TICKET_INFO_V0 0 +#define SESSION_TICKET_INFO_VERSION SESSION_TICKET_INFO_V0 +typedef struct _SecPkgCred_SessionTicketKey +{ + DWORD TicketInfoVersion; // Set to SESSION_TICKET_INFO_VERSION for the current session ticket protection method. + BYTE KeyId[16]; // Uniquely identifies each session ticket key issued by a TLS server. + BYTE KeyingMaterial[64]; // Must be generated using a cryptographic RNG. + BYTE KeyingMaterialSize; // Size in bytes of the keying material in the KeyingMaterial array. Must be between 32 and 64. +} SecPkgCred_SessionTicketKey, *PSecPkgCred_SessionTicketKey; +typedef struct _SecPkgCred_SessionTicketKeys +{ + DWORD cSessionTicketKeys; // Up to 16 keys. + PSecPkgCred_SessionTicketKey pSessionTicketKeys; +} SecPkgCred_SessionTicketKeys, *PSecPkgCred_SessionTicketKeys; +#endif // SECPKG_ATTR_SESSION_TICKET_KEYS + #endif // @@ -1057,8 +1097,8 @@ CxPlatTlsSecConfigCreate( QUIC_STATUS Status = QUIC_STATUS_SUCCESS; BOOLEAN IsClient = !!(CredConfig->Flags & QUIC_CREDENTIAL_FLAG_CLIENT); - if (CredConfig->TicketKey != NULL) { - return QUIC_STATUS_NOT_SUPPORTED; // Not currently supported + if (CredConfig->Reserved != NULL) { + return QUIC_STATUS_INVALID_PARAMETER; // Not currently used and should be NULL. } #ifndef _KERNEL_MODE @@ -1461,6 +1501,50 @@ CxPlatTlsSecConfigDelete( CXPLAT_FREE(ServerConfig, QUIC_POOL_TLS_SECCONF); } +_IRQL_requires_max_(PASSIVE_LEVEL) +QUIC_STATUS +CxPlatTlsSecConfigSetTicketKeys( + _In_ CXPLAT_SEC_CONFIG* SecurityConfig, + _In_reads_(KeyCount) QUIC_TICKET_KEY_CONFIG* KeyConfig, + _In_ uint8_t KeyCount + ) +{ + if (KeyCount > QUIC_MAX_TICKET_KEY_COUNT) { + return QUIC_STATUS_INVALID_PARAMETER; + } + + SecPkgCred_SessionTicketKey Key[QUIC_MAX_TICKET_KEY_COUNT]; + for (uint8_t i = 0; i < KeyCount; ++i) { + if (KeyConfig[i].MaterialLength > sizeof(Key[i].KeyingMaterial)) { + return QUIC_STATUS_INVALID_PARAMETER; + } + Key[i].TicketInfoVersion = SESSION_TICKET_INFO_V0; + Key[i].KeyingMaterialSize = KeyConfig[i].MaterialLength; + CxPlatCopyMemory(Key[i].KeyingMaterial, KeyConfig[i].Material, KeyConfig[i].MaterialLength); + CxPlatCopyMemory(Key[i].KeyId, KeyConfig[i].Id, sizeof(KeyConfig[i].Id)); + } + + SecPkgCred_SessionTicketKeys Keys; + Keys.cSessionTicketKeys = KeyCount; + Keys.pSessionTicketKeys = Key; + SECURITY_STATUS SecStatus = + SetCredentialsAttributesW( + &SecurityConfig->CredentialHandle, + SECPKG_ATTR_SESSION_TICKET_KEYS, + &Keys, + sizeof(Keys)); + if (SecStatus != SEC_E_OK) { + QuicTraceEvent( + LibraryErrorStatus, + "[ lib] ERROR, %u, %s.", + SecStatus, + "SetCredentialsAttributesW(SESSION_TICKET_KEYS)"); + return SecStatusToQuicStatus(SecStatus); + } + + return QUIC_STATUS_SUCCESS; +} + _IRQL_requires_max_(PASSIVE_LEVEL) QUIC_STATUS CxPlatTlsInitialize( diff --git a/src/platform/tls_stub.c b/src/platform/tls_stub.c index 5bfc50fa25..cac24cb631 100644 --- a/src/platform/tls_stub.c +++ b/src/platform/tls_stub.c @@ -193,6 +193,7 @@ typedef struct CXPLAT_SEC_CONFIG { QUIC_CREDENTIAL_FLAGS Flags; CXPLAT_TLS_CALLBACKS Callbacks; QUIC_CERTIFICATE* Certificate; + QUIC_TICKET_KEY_CONFIG TicketKeyConfig; uint16_t FormatLength; uint8_t FormatBuffer[SIZEOF_CERT_CHAIN_LIST_LENGTH]; @@ -370,6 +371,20 @@ CxPlatTlsSecConfigDelete( CXPLAT_FREE(SecurityConfig, QUIC_POOL_TLS_SECCONF); } +_IRQL_requires_max_(PASSIVE_LEVEL) +QUIC_STATUS +CxPlatTlsSecConfigSetTicketKeys( + _In_ CXPLAT_SEC_CONFIG* SecurityConfig, + _In_reads_(KeyCount) QUIC_TICKET_KEY_CONFIG* KeyConfig, + _In_ uint8_t KeyCount + ) +{ + CXPLAT_DBG_ASSERT(KeyCount > 0); + UNREFERENCED_PARAMETER(KeyCount); + SecurityConfig->TicketKeyConfig = *KeyConfig; // Not actually used yet though + return QUIC_STATUS_SUCCESS; +} + _IRQL_requires_max_(PASSIVE_LEVEL) QUIC_STATUS CxPlatTlsInitialize( diff --git a/src/test/MsQuicTests.h b/src/test/MsQuicTests.h index 285cb9d459..47d384dd60 100644 --- a/src/test/MsQuicTests.h +++ b/src/test/MsQuicTests.h @@ -61,6 +61,12 @@ void QuicTestBindConnectionExplicit(_In_ int Family); // Handshake Tests // +typedef enum QUIC_TEST_RESUMPTION_MODE { + QUIC_TEST_RESUMPTION_DISABLED, + QUIC_TEST_RESUMPTION_ENABLED, + QUIC_TEST_RESUMPTION_REJECTED, +} QUIC_TEST_RESUMPTION_MODE; + void QuicTestConnect( _In_ int Family, @@ -69,7 +75,7 @@ QuicTestConnect( _In_ bool MultipleALPNs, _In_ bool AsyncConfiguration, _In_ bool MultiPacketClientInitial, - _In_ bool SessionResumption, + _In_ QUIC_TEST_RESUMPTION_MODE SessionResumption, _In_ uint8_t RandomLossPercentage // 0 to 100 ); diff --git a/src/test/bin/quic_gtest.cpp b/src/test/bin/quic_gtest.cpp index c9f88f2a21..84e8938611 100644 --- a/src/test/bin/quic_gtest.cpp +++ b/src/test/bin/quic_gtest.cpp @@ -321,7 +321,7 @@ TEST_P(WithHandshakeArgs1, Connect) { (uint8_t)GetParam().MultipleALPNs, 0, // AsyncConfiguration (uint8_t)GetParam().MultiPacketClientInitial, - (uint8_t)GetParam().SessionResumption, + GetParam().SessionResumption, 0 // RandomLossPercentage }; ASSERT_TRUE(DriverClient.Run(IOCTL_QUIC_RUN_CONNECT, Params)); @@ -333,7 +333,7 @@ TEST_P(WithHandshakeArgs1, Connect) { GetParam().MultipleALPNs, false, // AsyncConfiguration GetParam().MultiPacketClientInitial, - GetParam().SessionResumption, + (QUIC_TEST_RESUMPTION_MODE)GetParam().SessionResumption, 0); // RandomLossPercentage } } @@ -348,7 +348,7 @@ TEST_P(WithHandshakeArgs2, OldVersion) { 0, // MultipleALPNs 0, // AsyncConfiguration 0, // MultiPacketClientInitial - 0, // SessionResumption + QUIC_TEST_RESUMPTION_DISABLED, // SessionResumption 0 // RandomLossPercentage }; ASSERT_TRUE(DriverClient.Run(IOCTL_QUIC_RUN_CONNECT, Params)); @@ -360,7 +360,7 @@ TEST_P(WithHandshakeArgs2, OldVersion) { false, // MultipleALPNs false, // AsyncConfiguration false, // MultiPacketClientInitial - false, // SessionResumption + QUIC_TEST_RESUMPTION_DISABLED, // SessionResumption 0); // RandomLossPercentage } } @@ -375,7 +375,7 @@ TEST_P(WithHandshakeArgs3, AsyncSecurityConfig) { (uint8_t)GetParam().MultipleALPNs, 1, // AsyncConfiguration 0, // MultiPacketClientInitial - 0, // SessionResumption + QUIC_TEST_RESUMPTION_DISABLED, // SessionResumption 0 // RandomLossPercentage }; ASSERT_TRUE(DriverClient.Run(IOCTL_QUIC_RUN_CONNECT, Params)); @@ -387,7 +387,7 @@ TEST_P(WithHandshakeArgs3, AsyncSecurityConfig) { GetParam().MultipleALPNs, true, // AsyncConfiguration false, // MultiPacketClientInitial - false, // SessionResumption + QUIC_TEST_RESUMPTION_DISABLED, // SessionResumption 0); // RandomLossPercentage } } @@ -512,7 +512,7 @@ TEST_P(WithHandshakeArgs4, RandomLoss) { 0, // MultipleALPNs 0, // AsyncConfiguration (uint8_t)GetParam().MultiPacketClientInitial, - (uint8_t)GetParam().SessionResumption, + GetParam().SessionResumption, GetParam().RandomLossPercentage }; ASSERT_TRUE(DriverClient.Run(IOCTL_QUIC_RUN_CONNECT, Params)); @@ -524,7 +524,7 @@ TEST_P(WithHandshakeArgs4, RandomLoss) { false, // MultipleALPNs, false, // AsyncConfiguration GetParam().MultiPacketClientInitial, - GetParam().SessionResumption, + (QUIC_TEST_RESUMPTION_MODE)GetParam().SessionResumption, GetParam().RandomLossPercentage); } } diff --git a/src/test/bin/quic_gtest.h b/src/test/bin/quic_gtest.h index 2c63edc65a..e47631406d 100644 --- a/src/test/bin/quic_gtest.h +++ b/src/test/bin/quic_gtest.h @@ -46,7 +46,7 @@ struct HandshakeArgs1 { bool ServerStatelessRetry; bool MultipleALPNs; bool MultiPacketClientInitial; - bool SessionResumption; + uint8_t SessionResumption; static ::std::vector Generate() { ::std::vector list; for (int Family : { 4, 6}) @@ -54,9 +54,11 @@ struct HandshakeArgs1 { for (bool MultipleALPNs : { false, true }) for (bool MultiPacketClientInitial : { false, true }) #ifdef QUIC_DISABLE_RESUMPTION - for (bool SessionResumption : { false }) + for (uint8_t SessionResumption : { 0 }) +#elif QUIC_DISABLE_RESUMPTION_REJECTION_TESTS + for (uint8_t SessionResumption : { 0, 1 }) #else - for (bool SessionResumption : { false, true }) + for (uint8_t SessionResumption : { 0, 1, 2 }) #endif list.push_back({ Family, ServerStatelessRetry, MultipleALPNs, MultiPacketClientInitial, SessionResumption }); return list; @@ -64,12 +66,13 @@ struct HandshakeArgs1 { }; std::ostream& operator << (std::ostream& o, const HandshakeArgs1& args) { + const char* ResumptionStr[] = {"NoResume", "Resume", "ResumeRejected"}; return o << (args.Family == 4 ? "v4" : "v6") << "/" << (args.ServerStatelessRetry ? "Retry" : "NoRetry") << "/" << (args.MultipleALPNs ? "MultipleALPNs" : "SingleALPN") << "/" << (args.MultiPacketClientInitial ? "MultipleInitials" : "SingleInitial") << "/" << - (args.SessionResumption ? "Resume" : "NoResume"); + (ResumptionStr[args.SessionResumption]); } class WithHandshakeArgs1 : public testing::Test, @@ -127,7 +130,7 @@ struct HandshakeArgs4 { int Family; bool ServerStatelessRetry; bool MultiPacketClientInitial; - bool SessionResumption; + uint8_t SessionResumption; uint8_t RandomLossPercentage; static ::std::vector Generate() { ::std::vector list; @@ -135,9 +138,11 @@ struct HandshakeArgs4 { for (bool ServerStatelessRetry : { false, true }) for (bool MultiPacketClientInitial : { false, true }) #ifdef QUIC_DISABLE_RESUMPTION - for (bool SessionResumption : { false }) + for (uint8_t SessionResumption : { 0 }) +#elif QUIC_DISABLE_RESUMPTION_REJECTION_TESTS + for (uint8_t SessionResumption : { 0, 1 }) #else - for (bool SessionResumption : { false, true }) + for (uint8_t SessionResumption : { 0, 1, 2 }) #endif for (uint8_t RandomLossPercentage : { 1, 5, 10 }) list.push_back({ Family, ServerStatelessRetry, MultiPacketClientInitial, SessionResumption, RandomLossPercentage }); @@ -146,11 +151,12 @@ struct HandshakeArgs4 { }; std::ostream& operator << (std::ostream& o, const HandshakeArgs4& args) { + const char* ResumptionStr[] = {"NoResume", "Resume", "ResumeRejected"}; return o << (args.Family == 4 ? "v4" : "v6") << "/" << (args.ServerStatelessRetry ? "Retry" : "NoRetry") << "/" << (args.MultiPacketClientInitial ? "MultipleInitials" : "SingleInitial") << "/" << - (args.SessionResumption ? "Resume" : "NoResume") << "/" << + (ResumptionStr[args.SessionResumption]) << "/" << (uint32_t)args.RandomLossPercentage << "% loss"; } diff --git a/src/test/bin/winkernel/control.cpp b/src/test/bin/winkernel/control.cpp index 9ff8ff5b29..01b4175f55 100644 --- a/src/test/bin/winkernel/control.cpp +++ b/src/test/bin/winkernel/control.cpp @@ -627,7 +627,7 @@ QuicTestCtlEvtIoDeviceControl( Params->Params1.MultipleALPNs != 0, Params->Params1.AsyncConfiguration != 0, Params->Params1.MultiPacketClientInitial != 0, - Params->Params1.SessionResumption != 0, + (QUIC_TEST_RESUMPTION_MODE)Params->Params1.SessionResumption, Params->Params1.RandomLossPercentage )); break; diff --git a/src/test/lib/ApiTest.cpp b/src/test/lib/ApiTest.cpp index fd56ce3065..ee9781e037 100644 --- a/src/test/lib/ApiTest.cpp +++ b/src/test/lib/ApiTest.cpp @@ -39,8 +39,6 @@ void QuicTestValidateConfiguration() MsQuicRegistration Registration; TEST_TRUE(Registration.IsValid()); - HQUIC LocalConfiguration = nullptr; - QUIC_SETTINGS EmptySettings{0}; QUIC_SETTINGS GoodSettings{0}; @@ -74,67 +72,67 @@ void QuicTestValidateConfiguration() // // Null registration. // - TEST_QUIC_STATUS( - QUIC_STATUS_INVALID_PARAMETER, - MsQuic->ConfigurationOpen( - nullptr, - &GoodAlpn, - 1, - nullptr, - 0, - nullptr, - &LocalConfiguration)); + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_STATUS( + QUIC_STATUS_INVALID_PARAMETER, + MsQuic->ConfigurationOpen( + nullptr, + &GoodAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + } // // Null settings. // - TEST_QUIC_SUCCEEDED( - MsQuic->ConfigurationOpen( - Registration, - &GoodAlpn, - 1, - nullptr, - 0, - nullptr, - &LocalConfiguration)); - - MsQuic->ConfigurationClose( - LocalConfiguration); - LocalConfiguration = nullptr; + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + &GoodAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + } // // Empty settings. // - TEST_QUIC_SUCCEEDED( - MsQuic->ConfigurationOpen( - Registration, - &GoodAlpn, - 1, - &EmptySettings, - sizeof(EmptySettings), - nullptr, - &LocalConfiguration)); - - MsQuic->ConfigurationClose( - LocalConfiguration); - LocalConfiguration = nullptr; + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + &GoodAlpn, + 1, + &EmptySettings, + sizeof(EmptySettings), + nullptr, + &LocalConfiguration.Handle)); + } // // Good settings. // - TEST_QUIC_SUCCEEDED( - MsQuic->ConfigurationOpen( - Registration, - &GoodAlpn, - 1, - &GoodSettings, - sizeof(GoodSettings), - nullptr, - &LocalConfiguration)); - - MsQuic->ConfigurationClose( - LocalConfiguration); - LocalConfiguration = nullptr; + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + &GoodAlpn, + 1, + &GoodSettings, + sizeof(GoodSettings), + nullptr, + &LocalConfiguration.Handle)); + } // // Invalid settings - TODO @@ -143,86 +141,178 @@ void QuicTestValidateConfiguration() // // Null ALPN. // - TEST_QUIC_STATUS( - QUIC_STATUS_INVALID_PARAMETER, - MsQuic->ConfigurationOpen( - Registration, - nullptr, - 0, - nullptr, - 0, - nullptr, - &LocalConfiguration)); + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_STATUS( + QUIC_STATUS_INVALID_PARAMETER, + MsQuic->ConfigurationOpen( + Registration, + nullptr, + 0, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + } // // Empty ALPN. // - TEST_QUIC_STATUS( - QUIC_STATUS_INVALID_PARAMETER, - MsQuic->ConfigurationOpen( - Registration, - &EmptyAlpn, - 1, - nullptr, - 0, - nullptr, - &LocalConfiguration)); + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_STATUS( + QUIC_STATUS_INVALID_PARAMETER, + MsQuic->ConfigurationOpen( + Registration, + &EmptyAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + } // // 255-byte ALPN. // - TEST_QUIC_SUCCEEDED( - MsQuic->ConfigurationOpen( - Registration, - &LongAlpn, - 1, - nullptr, - 0, - nullptr, - &LocalConfiguration)); - - MsQuic->ConfigurationClose( - LocalConfiguration); - LocalConfiguration = nullptr; + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + &LongAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + } // // 256-byte ALPN. // - TEST_QUIC_STATUS( - QUIC_STATUS_INVALID_PARAMETER, - MsQuic->ConfigurationOpen( - Registration, - &TooLongAlpn, - 1, - nullptr, - 0, - nullptr, - &LocalConfiguration)); + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_STATUS( + QUIC_STATUS_INVALID_PARAMETER, + MsQuic->ConfigurationOpen( + Registration, + &TooLongAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + } // // Multiple ALPNs // - const QUIC_BUFFER TwoAlpns[] = { - { sizeof("alpn1") - 1, (uint8_t*)"alpn1" }, - { sizeof("alpn2") - 1, (uint8_t*)"alpn2" } - }; - TEST_QUIC_SUCCEEDED( - MsQuic->ConfigurationOpen( - Registration, - TwoAlpns, - 2, - nullptr, - 0, - nullptr, - &LocalConfiguration)); + { + ConfigurationScope LocalConfiguration; + const QUIC_BUFFER TwoAlpns[] = { + { sizeof("alpn1") - 1, (uint8_t*)"alpn1" }, + { sizeof("alpn2") - 1, (uint8_t*)"alpn2" } + }; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + TwoAlpns, + 2, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + } - MsQuic->ConfigurationClose( - LocalConfiguration); - LocalConfiguration = nullptr; + // + // ConfigurationLoad + // + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + &GoodAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationLoadCredential( + LocalConfiguration, + &SelfSignedCredConfig)); + } +#ifndef QUIC_DISABLE_RESUMPTION_REJECTION_TESTS // - // TODO - ConfigurationLoad? + // Set Ticket Key (single) // + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + &GoodAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationLoadCredential( + LocalConfiguration, + &SelfSignedCredConfig)); + + QUIC_TICKET_KEY_CONFIG KeyConfig; + CxPlatZeroMemory(&KeyConfig, sizeof(KeyConfig)); + KeyConfig.MaterialLength = 64; + TEST_QUIC_SUCCEEDED( + MsQuic->SetParam( + LocalConfiguration, + QUIC_PARAM_LEVEL_CONFIGURATION, + QUIC_PARAM_CONFIGURATION_TICKET_KEYS, + sizeof(KeyConfig), + &KeyConfig)); + } + + // + // Set Ticket Key (multiple) + // + { + ConfigurationScope LocalConfiguration; + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationOpen( + Registration, + &GoodAlpn, + 1, + nullptr, + 0, + nullptr, + &LocalConfiguration.Handle)); + + TEST_QUIC_SUCCEEDED( + MsQuic->ConfigurationLoadCredential( + LocalConfiguration, + &SelfSignedCredConfig)); + + QUIC_TICKET_KEY_CONFIG KeyConfigs[2]; + CxPlatZeroMemory(KeyConfigs, sizeof(KeyConfigs)); + KeyConfigs[0].MaterialLength = 64; + KeyConfigs[1].MaterialLength = 64; + KeyConfigs[1].Id[0] = 1; + TEST_QUIC_SUCCEEDED( + MsQuic->SetParam( + LocalConfiguration, + QUIC_PARAM_LEVEL_CONFIGURATION, + QUIC_PARAM_CONFIGURATION_TICKET_KEYS, + sizeof(KeyConfigs), + KeyConfigs)); + } +#endif // QUIC_DISABLE_RESUMPTION_REJECTION_TESTS } static diff --git a/src/test/lib/DataTest.cpp b/src/test/lib/DataTest.cpp index 4423ae7356..4f7bbf36ac 100644 --- a/src/test/lib/DataTest.cpp +++ b/src/test/lib/DataTest.cpp @@ -363,23 +363,23 @@ QuicTestConnectAndPing( } Settings.SetSendBufferingEnabled(UseSendBuffer); - MsQuicCredentialConfig GoodServerConfig(SelfSignedCredConfig); -#ifndef QUIC_DISABLE_0RTT_TESTS - uint8_t GoodTicketKey[44] = {0}; - GoodServerConfig.TicketKey = GoodTicketKey; - - MsQuicCredentialConfig BadServerConfig(SelfSignedCredConfig); - uint8_t BadTicketKey[44] = {1}; - BadServerConfig.TicketKey = BadTicketKey; -#endif + MsQuicCredentialConfig ServerConfig(SelfSignedCredConfig); - MsQuicConfiguration GoodServerConfiguration(Registration, Alpn, Settings, GoodServerConfig); - TEST_TRUE(GoodServerConfiguration.IsValid()); + MsQuicConfiguration ServerConfiguration(Registration, Alpn, Settings, ServerConfig); + TEST_TRUE(ServerConfiguration.IsValid()); -#ifndef QUIC_DISABLE_0RTT_TESTS - MsQuicConfiguration BadServerConfiguration(Registration, Alpn, Settings, BadServerConfig); - TEST_TRUE(BadServerConfiguration.IsValid()); -#endif + QUIC_TICKET_KEY_CONFIG GoodKey; + CxPlatZeroMemory(&GoodKey, sizeof(GoodKey)); + GoodKey.MaterialLength = 64; + + QUIC_TICKET_KEY_CONFIG BadKey; + CxPlatZeroMemory(&BadKey, sizeof(BadKey)); + BadKey.MaterialLength = 64; + BadKey.Material[0] = 0xFF; + + if (ServerRejectZeroRtt) { + TEST_QUIC_SUCCEEDED(ServerConfiguration.SetTicketKey(&GoodKey)); + } MsQuicCredentialConfig ClientCredConfig; MsQuicConfiguration ClientConfiguration(Registration, Alpn, ClientCredConfig); @@ -388,7 +388,7 @@ QuicTestConnectAndPing( if (ClientZeroRtt) { QuicTestPrimeResumption( Registration, - GoodServerConfiguration, + ServerConfiguration, ClientConfiguration, &ClientStats.ResumptionTicket); if (!ClientStats.ResumptionTicket) { @@ -399,14 +399,13 @@ QuicTestConnectAndPing( StatelessRetryHelper RetryHelper(ServerStatelessRetry); { + if (ServerRejectZeroRtt) { + TEST_QUIC_SUCCEEDED(ServerConfiguration.SetTicketKey(&BadKey)); + } TestListener Listener( Registration, ListenerAcceptPingConnection, -#ifndef QUIC_DISABLE_0RTT_TESTS - ServerRejectZeroRtt ? BadServerConfiguration : GoodServerConfiguration -#else - GoodServerConfiguration -#endif + ServerConfiguration ); TEST_TRUE(Listener.IsValid()); TEST_QUIC_SUCCEEDED(Listener.Start(Alpn)); diff --git a/src/test/lib/HandshakeTest.cpp b/src/test/lib/HandshakeTest.cpp index f5b9d6aa4e..dda83e06b4 100644 --- a/src/test/lib/HandshakeTest.cpp +++ b/src/test/lib/HandshakeTest.cpp @@ -117,7 +117,7 @@ QuicTestConnect( _In_ bool MultipleALPNs, _In_ bool AsyncConfiguration, _In_ bool MultiPacketClientInitial, - _In_ bool SessionResumption, + _In_ QUIC_TEST_RESUMPTION_MODE SessionResumption, _In_ uint8_t RandomLossPercentage ) { @@ -136,7 +136,7 @@ QuicTestConnect( } else { Settings.SetIdleTimeoutMs(10000); } - if (SessionResumption) { + if (SessionResumption != QUIC_TEST_RESUMPTION_DISABLED) { Settings.SetServerResumptionLevel(QUIC_SERVER_RESUME_ONLY); } @@ -147,8 +147,21 @@ QuicTestConnect( MsQuicConfiguration ClientConfiguration(Registration, Alpn1, Settings, ClientCredConfig); TEST_TRUE(ClientConfiguration.IsValid()); + QUIC_TICKET_KEY_CONFIG GoodKey; + CxPlatZeroMemory(&GoodKey, sizeof(GoodKey)); + GoodKey.MaterialLength = 64; + + QUIC_TICKET_KEY_CONFIG BadKey; + CxPlatZeroMemory(&BadKey, sizeof(BadKey)); + BadKey.MaterialLength = 64; + BadKey.Material[0] = 0xFF; + + if (SessionResumption == QUIC_TEST_RESUMPTION_REJECTED) { + TEST_QUIC_SUCCEEDED(ServerConfiguration.SetTicketKey(&GoodKey)); + } + QUIC_BUFFER* ResumptionTicket = nullptr; - if (SessionResumption) { + if (SessionResumption != QUIC_TEST_RESUMPTION_DISABLED) { QuicTestPrimeResumption( Registration, ServerConfiguration, @@ -166,6 +179,9 @@ QuicTestConnect( QUIC_ADDRESS_FAMILY QuicAddrFamily = (Family == 4) ? QUIC_ADDRESS_FAMILY_INET : QUIC_ADDRESS_FAMILY_INET6; { + if (SessionResumption == QUIC_TEST_RESUMPTION_REJECTED) { + TEST_QUIC_SUCCEEDED(ServerConfiguration.SetTicketKey(&BadKey)); + } TestListener Listener( Registration, ListenerAcceptConnection, @@ -197,10 +213,12 @@ QuicTestConnect( Client.SetTestTransportParameter(&TpHelper)); } - if (SessionResumption) { + if (SessionResumption != QUIC_TEST_RESUMPTION_DISABLED) { Client.SetResumptionTicket(ResumptionTicket); CXPLAT_FREE(ResumptionTicket, QUIC_POOL_TEST); - Client.SetExpectedResumed(true); + if (SessionResumption == QUIC_TEST_RESUMPTION_ENABLED) { + Client.SetExpectedResumed(true); + } } TEST_QUIC_SUCCEEDED( @@ -242,9 +260,12 @@ QuicTestConnect( TEST_TRUE(Client.GetStatistics().StatelessRetry); } - if (SessionResumption) { + if (SessionResumption == QUIC_TEST_RESUMPTION_ENABLED) { TEST_TRUE(Client.GetResumed()); TEST_TRUE(Server->GetResumed()); + } else if (SessionResumption == QUIC_TEST_RESUMPTION_REJECTED) { + TEST_FALSE(Client.GetResumed()); + TEST_FALSE(Server->GetResumed()); } TEST_EQUAL( From ff95acd925124d886f89b73d0165b724331d4944 Mon Sep 17 00:00:00 2001 From: Nick Banks Date: Thu, 25 Feb 2021 12:52:15 -0800 Subject: [PATCH 2/2] Fix miTLS Multiple Ticket Key Test --- src/platform/tls_mitls.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/platform/tls_mitls.c b/src/platform/tls_mitls.c index 9b453921ef..54faa72467 100644 --- a/src/platform/tls_mitls.c +++ b/src/platform/tls_mitls.c @@ -500,9 +500,8 @@ CxPlatTlsSecConfigSetTicketKeys( _In_ uint8_t KeyCount ) { - if (KeyCount != 1) { // Only supports 1 key - return QUIC_STATUS_NOT_SUPPORTED; - } + CXPLAT_DBG_ASSERT(KeyCount >= 1); + UNREFERENCED_PARAMETER(KeyCount); if (KeyConfig->MaterialLength < miTlsTicketKeyLength) { return QUIC_STATUS_INVALID_PARAMETER;