www.gitorious.org Git - gnutls:gnutls.git/blob

1 /*

3 *

4 * Author: Nikos Mavrogiannopoulos

5 *

6 * This file is part of GnuTLS.

7 *

8 * GnuTLS is free software; you can redistribute it and/or modify it

9 * under the terms of the GNU General Public License as published by

10 * the Free Software Foundation; either version 3 of the License, or

11 * (at your option) any later version.

12 *

13 * GnuTLS is distributed in the hope that it will be useful, but

14 * WITHOUT ANY WARRANTY; without even the implied warranty of

15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

16 * General Public License for more details.

17 *

18 * You should have received a copy of the GNU General Public License

19 * along with GnuTLS; if not, write to the Free Software Foundation,

20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA

21 */

23 #ifdef HAVE_CONFIG_H

24 #include <config.h>

25 #endif

27 #include <stdio.h>

28 #include <stdlib.h>

29 #include <stdint.h>

30 #include <string.h>

31 #include <errno.h>

32 #include <gnutls/gnutls.h>

33 #include <gnutls/dtls.h>

34 #include <signal.h>

35 #include <unistd.h>

36 #include <netinet/in.h>

37 #include <sys/types.h>

38 #include <sys/socket.h>

39 #include <sys/wait.h>

40 #include "utils.h"

42 #ifdef _WIN32

44 void doit(void)

45 {

46 exit(77);

47 }

49 #else

51 /* These are global */

52 pid_t child;

54 static void terminate(void)

55 {

56 int status;

58 kill(child, SIGTERM);

59 wait(&status);

60 exit(1);

61 }

63 /* Tests whether we can send and receive from different processes

64 * using DTLS, either as server or client. DTLS is a superset of

65 * TLS, so correct behavior under fork means TLS would operate too.

66 */

68 const char *side = "";

70 static void tls_log_func(int level, const char *str)

71 {

72 fprintf(stderr, "%s|<%d>| %s", side, level, str);

73 }

75 static unsigned char server_cert_pem[] =

76 "-----BEGIN CERTIFICATE-----\n"

77 "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n"

78 "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n"

79 "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n"

80 "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n"

81 "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n"

82 "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n"

83 "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n"

84 "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n"

85 "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n"

86 "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n"

87 "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n"

88 "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n"

89 "-----END CERTIFICATE-----\n";

91 const gnutls_datum_t server_cert = { server_cert_pem,

92 sizeof(server_cert_pem)

93 };

95 static unsigned char server_key_pem[] =

96 "-----BEGIN EC PRIVATE KEY-----\n"

97 "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n"

98 "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n"

99 "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n"

100 "-----END EC PRIVATE KEY-----\n";

101

102 const gnutls_datum_t server_key = { server_key_pem,

103 sizeof(server_key_pem)

104 };

105

106 #define MSG "hello1111"

107 #define MSG2 "xxxxxxxxxxxx"

108

109 static

110 void do_fork_stuff(gnutls_session_t session)

111 {

112 pid_t pid;

113 int ret;

114 char buf[64];

115

116 /* separate sending from receiving */

117 pid = fork();

118 if (pid == -1) {

119 exit(1);

120 } else if (pid != 0) {

121 if (debug)

122 success("client: TLS version is: %s\n",

123 gnutls_protocol_get_name

124 (gnutls_protocol_get_version(session)));

125 sleep(1);

126 /* the server should reflect our messages */

127 ret = gnutls_record_recv(session, buf, sizeof(buf));

128 if (ret != sizeof(MSG)-1 || memcmp(buf, MSG, sizeof(MSG)-1) != 0) {

129 fail("client: recv failed: %s\n", gnutls_strerror(ret));

130 exit(1);

131 }

132

133 if (debug) {

134 fprintf(stderr, "client received: %.*s\n", ret, buf);

135 }

136

137 ret = gnutls_record_recv(session, buf, sizeof(buf));

138 if (ret != sizeof(MSG2)-1 || memcmp(buf, MSG2, sizeof(MSG2)-1) != 0) {

139 fail("client: recv2 failed: %s\n", gnutls_strerror(ret));

140 exit(1);

141 }

142

143 if (debug) {

144 fprintf(stderr, "client received: %.*s\n", ret, buf);

145 }

146

147 ret = gnutls_record_recv(session, buf, sizeof(buf));

148 if (ret != 0) {

149 fail("client: recv3 failed: %s\n", gnutls_strerror(ret));

150 exit(1);

151 }

152 } else if (pid == 0) { /* child */

153 ret = gnutls_record_send(session, MSG, sizeof(MSG)-1);

154 if (ret != sizeof(MSG)-1) {

155 fail("client: send failed: %s\n", gnutls_strerror(ret));

156 exit(1);

157 }

158

159 ret = gnutls_record_send(session, MSG2, sizeof(MSG2)-1);

160 if (ret != sizeof(MSG2)-1) {

161 fail("client: send2 failed: %s\n", gnutls_strerror(ret));

162 exit(1);

163 }

164 sleep(2);

165 gnutls_bye(session, GNUTLS_SHUT_WR);

166 }

167 }

168

169 static void do_reflect_stuff(gnutls_session_t session)

170 {

171 char buf[64];

172 unsigned buf_size;

173 int ret;

174

175 do {

176 ret = gnutls_record_recv(session, buf, sizeof(buf));

177 if (ret < 0) {

178 fail("server: recv failed: %s\n", gnutls_strerror(ret));

179 terminate();

180 }

181

182 if (ret == 0)

183 break;

184

185 buf_size = ret;

186 if (debug) {

187 fprintf(stderr, "server received: %.*s\n", buf_size, buf);

188 }

189

190 ret = gnutls_record_send(session, buf, buf_size);

191 if (ret < 0) {

192 fail("server: send failed: %s\n", gnutls_strerror(ret));

193 terminate();

194 }

195 } while(1);

196

197 /* do not wait for the peer to close the connection.

198 */

199 gnutls_bye(session, GNUTLS_SHUT_WR);

200 }

201

202 static void client(int fd, unsigned do_fork)

203 {

204 int ret;

205 gnutls_certificate_credentials_t x509_cred;

206 gnutls_session_t session;

207 /* Need to enable anonymous KX specifically. */

208

209 global_init();

210

211 if (debug) {

212 side = "client";

213 gnutls_global_set_log_function(tls_log_func);

214 gnutls_global_set_log_level(4711);

215 }

216

217 gnutls_certificate_allocate_credentials(&x509_cred);

218

219 /* Initialize TLS session

220 */

221 gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);

222 gnutls_dtls_set_mtu(session, 1500);

223 gnutls_dtls_set_timeouts(session, 6 * 1000, 60 * 1000);

224 //gnutls_transport_set_push_function(session, push);

225

226 /* Use default priorities */

227 gnutls_priority_set_direct(session,

228 "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",

229 NULL);

230

231 /* put the anonymous credentials to the current session

232 */

233 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);

234

235 gnutls_transport_set_int(session, fd);

236

237 /* Perform the TLS handshake

238 */

239 do {

240 ret = gnutls_handshake(session);

241 }

242 while (ret < 0 && gnutls_error_is_fatal(ret) == 0);

243

244 if (ret < 0) {

245 fail("client: Handshake failed\n");

246 gnutls_perror(ret);

247 exit(1);

248 } else {

249 if (debug)

250 success("client: Handshake was completed\n");

251 }

252

253 if (do_fork)

254 do_fork_stuff(session);

255 else

256 do_reflect_stuff(session);

257

258 close(fd);

259

260 gnutls_deinit(session);

261

262 gnutls_certificate_free_credentials(x509_cred);

263

264 gnutls_global_deinit();

265 exit(0);

266 }

267

268

269 static void server(int fd, unsigned do_fork)

270 {

271 int ret;

272 gnutls_certificate_credentials_t x509_cred;

273 gnutls_session_t session;

274

275 /* this must be called once in the program

276 */

277 global_init();

278

279 #if 0

280 if (debug) {

281 side = "server";

282 gnutls_global_set_log_function(tls_log_func);

283 gnutls_global_set_log_level(4711);

284 }

285 #endif

286

287 gnutls_certificate_allocate_credentials(&x509_cred);

288 gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,

289 &server_key,

290 GNUTLS_X509_FMT_PEM);

291

292 gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);

293 gnutls_dtls_set_timeouts(session, 5 * 1000, 60 * 1000);

294 gnutls_dtls_set_mtu(session, 400);

295

296 /* avoid calling all the priority functions, since the defaults

297 * are adequate.

298 */

299 gnutls_priority_set_direct(session,

300 "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",

301 NULL);

302

303 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);

304

305 gnutls_transport_set_int(session, fd);

306

307 do {

308 ret = gnutls_handshake(session);

309 } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);

310 if (ret < 0) {

311 close(fd);

312 gnutls_deinit(session);

313 fail("server: Handshake has failed (%s)\n\n",

314 gnutls_strerror(ret));

315 terminate();

316 }

317 if (debug)

318 success("server: Handshake was completed\n");

319

320 if (debug)

321 success("server: TLS version is: %s\n",

322 gnutls_protocol_get_name

323 (gnutls_protocol_get_version(session)));

324

325 if (do_fork)

326 do_fork_stuff(session);

327 else

328 do_reflect_stuff(session);

329

330

331 close(fd);

332 gnutls_deinit(session);

333

334 gnutls_certificate_free_credentials(x509_cred);

335

336 gnutls_global_deinit();

337

338 if (debug)

339 success("server: finished\n");

340 }

341

342 static

343 void run(unsigned do_fork)

344 {

345 int fd[2];

346 int ret;

347

348 ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);

349 if (ret < 0) {

350 perror("socketpair");

351 exit(1);

352 }

353

354 child = fork();

355 if (child < 0) {

356 perror("fork");

357 fail("fork");

358 exit(1);

359 }

360

361 if (child) {

362 int status;

363 /* parent */

364

365 close(fd[1]);

366 client(fd[0], do_fork);

367 wait(&status);

368 if (WEXITSTATUS(status) != 0)

369 fail("Child died with status %d\n",

370 WEXITSTATUS(status));

371 } else {

372 close(fd[0]);

373 server(fd[1], 1-do_fork);

374 exit(0);

375 }

376 }

377

378 void doit(void)

379 {

380 signal(SIGPIPE, SIG_IGN);

381 run(0);

382 run(1);

383 }

384 #endif /* _WIN32 */