Annotation of embedaddon/axTLS/ssl/test/ssltest.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 2007, Cameron Rich
! 3: *
! 4: * All rights reserved.
! 5: *
! 6: * Redistribution and use in source and binary forms, with or without
! 7: * modification, are permitted provided that the following conditions are met:
! 8: *
! 9: * * Redistributions of source code must retain the above copyright notice,
! 10: * this list of conditions and the following disclaimer.
! 11: * * Redistributions in binary form must reproduce the above copyright notice,
! 12: * this list of conditions and the following disclaimer in the documentation
! 13: * and/or other materials provided with the distribution.
! 14: * * Neither the name of the axTLS project nor the names of its contributors
! 15: * may be used to endorse or promote products derived from this software
! 16: * without specific prior written permission.
! 17: *
! 18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
! 19: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
! 20: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
! 21: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
! 22: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
! 23: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
! 24: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
! 25: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
! 26: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
! 27: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
! 28: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 29: */
! 30:
! 31: /*
! 32: * The testing of the crypto and ssl stuff goes here. Keeps the individual code
! 33: * modules from being uncluttered with test code.
! 34: *
! 35: * This is test code - I make no apologies for the quality!
! 36: */
! 37:
! 38: #include <stdio.h>
! 39: #include <stdlib.h>
! 40: #include <signal.h>
! 41: #include <string.h>
! 42: #include <errno.h>
! 43: #include <sys/stat.h>
! 44: #include <fcntl.h>
! 45:
! 46: #ifndef WIN32
! 47: #include <pthread.h>
! 48: #endif
! 49:
! 50: #include "os_port.h"
! 51: #include "ssl.h"
! 52:
! 53: #define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer"
! 54: #define DEFAULT_KEY "../ssl/test/axTLS.key_512"
! 55: //#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
! 56: #define DEFAULT_SVR_OPTION 0
! 57: //#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
! 58: #define DEFAULT_CLNT_OPTION 0
! 59:
! 60: static int g_port = 19001;
! 61:
! 62: /**************************************************************************
! 63: * AES tests
! 64: *
! 65: * Run through a couple of the RFC3602 tests to verify that AES is correct.
! 66: **************************************************************************/
! 67: #define TEST1_SIZE 16
! 68: #define TEST2_SIZE 32
! 69:
! 70: static int AES_test(BI_CTX *bi_ctx)
! 71: {
! 72: AES_CTX aes_key;
! 73: int res = 1;
! 74: uint8_t key[TEST1_SIZE];
! 75: uint8_t iv[TEST1_SIZE];
! 76:
! 77: {
! 78: /*
! 79: Case #1: Encrypting 16 bytes (1 block) using AES-CBC
! 80: Key : 0x06a9214036b8a15b512e03d534120006
! 81: IV : 0x3dafba429d9eb430b422da802c9fac41
! 82: Plaintext : "Single block msg"
! 83: Ciphertext: 0xe353779c1079aeb82708942dbe77181a
! 84:
! 85: */
! 86: char *in_str = "Single block msg";
! 87: uint8_t ct[TEST1_SIZE];
! 88: uint8_t enc_data[TEST1_SIZE];
! 89: uint8_t dec_data[TEST1_SIZE];
! 90:
! 91: bigint *key_bi = bi_str_import(
! 92: bi_ctx, "06A9214036B8A15B512E03D534120006");
! 93: bigint *iv_bi = bi_str_import(
! 94: bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
! 95: bigint *ct_bi = bi_str_import(
! 96: bi_ctx, "E353779C1079AEB82708942DBE77181A");
! 97: bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
! 98: bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
! 99: bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
! 100:
! 101: AES_set_key(&aes_key, key, iv, AES_MODE_128);
! 102: AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str,
! 103: enc_data, sizeof(enc_data));
! 104: if (memcmp(enc_data, ct, sizeof(ct)))
! 105: {
! 106: printf("Error: AES ENCRYPT #1 failed\n");
! 107: goto end;
! 108: }
! 109:
! 110: AES_set_key(&aes_key, key, iv, AES_MODE_128);
! 111: AES_convert_key(&aes_key);
! 112: AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
! 113:
! 114: if (memcmp(dec_data, in_str, sizeof(dec_data)))
! 115: {
! 116: printf("Error: AES DECRYPT #1 failed\n");
! 117: goto end;
! 118: }
! 119: }
! 120:
! 121: {
! 122: /*
! 123: Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC
! 124: Key : 0xc286696d887c9aa0611bbb3e2025a45a
! 125: IV : 0x562e17996d093d28ddb3ba695a2e6f58
! 126: Plaintext : 0x000102030405060708090a0b0c0d0e0f
! 127: 101112131415161718191a1b1c1d1e1f
! 128: Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
! 129: 7586602d253cfff91b8266bea6d61ab1
! 130: */
! 131: uint8_t in_data[TEST2_SIZE];
! 132: uint8_t ct[TEST2_SIZE];
! 133: uint8_t enc_data[TEST2_SIZE];
! 134: uint8_t dec_data[TEST2_SIZE];
! 135:
! 136: bigint *in_bi = bi_str_import(bi_ctx,
! 137: "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
! 138: bigint *key_bi = bi_str_import(
! 139: bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
! 140: bigint *iv_bi = bi_str_import(
! 141: bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
! 142: bigint *ct_bi = bi_str_import(bi_ctx,
! 143: "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
! 144: bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
! 145: bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
! 146: bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
! 147: bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
! 148:
! 149: AES_set_key(&aes_key, key, iv, AES_MODE_128);
! 150: AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data,
! 151: enc_data, sizeof(enc_data));
! 152:
! 153: if (memcmp(enc_data, ct, sizeof(ct)))
! 154: {
! 155: printf("Error: ENCRYPT #2 failed\n");
! 156: goto end;
! 157: }
! 158:
! 159: AES_set_key(&aes_key, key, iv, AES_MODE_128);
! 160: AES_convert_key(&aes_key);
! 161: AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
! 162: if (memcmp(dec_data, in_data, sizeof(dec_data)))
! 163: {
! 164: printf("Error: DECRYPT #2 failed\n");
! 165: goto end;
! 166: }
! 167: }
! 168:
! 169: res = 0;
! 170: printf("All AES tests passed\n");
! 171:
! 172: end:
! 173: return res;
! 174: }
! 175:
! 176: /**************************************************************************
! 177: * RC4 tests
! 178: *
! 179: * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
! 180: **************************************************************************/
! 181: static const uint8_t keys[7][30]=
! 182: {
! 183: {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
! 184: {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
! 185: {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
! 186: {4,0xef,0x01,0x23,0x45},
! 187: {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
! 188: {4,0xef,0x01,0x23,0x45},
! 189: };
! 190:
! 191: static const uint8_t data_len[7]={8,8,8,20,28,10};
! 192: static uint8_t data[7][30]=
! 193: {
! 194: {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
! 195: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
! 196: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
! 197: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
! 198: 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
! 199: 0x00,0x00,0x00,0x00,0xff},
! 200: {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
! 201: 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
! 202: 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
! 203: 0x12,0x34,0x56,0x78,0xff},
! 204: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
! 205: {0},
! 206: };
! 207:
! 208: static const uint8_t output[7][30]=
! 209: {
! 210: {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
! 211: {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
! 212: {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
! 213: {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
! 214: 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
! 215: 0x36,0xb6,0x78,0x58,0x00},
! 216: {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
! 217: 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
! 218: 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
! 219: 0x40,0x01,0x1e,0xcf,0x00},
! 220: {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
! 221: {0},
! 222: };
! 223:
! 224: static int RC4_test(BI_CTX *bi_ctx)
! 225: {
! 226: int i, res = 1;
! 227: RC4_CTX s;
! 228:
! 229: for (i = 0; i < 6; i++)
! 230: {
! 231: RC4_setup(&s, &keys[i][1], keys[i][0]);
! 232: RC4_crypt(&s, data[i], data[i], data_len[i]);
! 233:
! 234: if (memcmp(data[i], output[i], data_len[i]))
! 235: {
! 236: printf("Error: RC4 CRYPT #%d failed\n", i);
! 237: goto end;
! 238: }
! 239: }
! 240:
! 241: res = 0;
! 242: printf("All RC4 tests passed\n");
! 243:
! 244: end:
! 245: return res;
! 246: }
! 247:
! 248: /**************************************************************************
! 249: * SHA1 tests
! 250: *
! 251: * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
! 252: **************************************************************************/
! 253: static int SHA1_test(BI_CTX *bi_ctx)
! 254: {
! 255: SHA1_CTX ctx;
! 256: uint8_t ct[SHA1_SIZE];
! 257: uint8_t digest[SHA1_SIZE];
! 258: int res = 1;
! 259:
! 260: {
! 261: const char *in_str = "abc";
! 262: bigint *ct_bi = bi_str_import(bi_ctx,
! 263: "A9993E364706816ABA3E25717850C26C9CD0D89D");
! 264: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
! 265:
! 266: SHA1_Init(&ctx);
! 267: SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
! 268: SHA1_Final(digest, &ctx);
! 269:
! 270: if (memcmp(digest, ct, sizeof(ct)))
! 271: {
! 272: printf("Error: SHA1 #1 failed\n");
! 273: goto end;
! 274: }
! 275: }
! 276:
! 277: {
! 278: const char *in_str =
! 279: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
! 280: bigint *ct_bi = bi_str_import(bi_ctx,
! 281: "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
! 282: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
! 283:
! 284: SHA1_Init(&ctx);
! 285: SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
! 286: SHA1_Final(digest, &ctx);
! 287:
! 288: if (memcmp(digest, ct, sizeof(ct)))
! 289: {
! 290: printf("Error: SHA1 #2 failed\n");
! 291: goto end;
! 292: }
! 293: }
! 294:
! 295: res = 0;
! 296: printf("All SHA1 tests passed\n");
! 297:
! 298: end:
! 299: return res;
! 300: }
! 301:
! 302: /**************************************************************************
! 303: * MD5 tests
! 304: *
! 305: * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
! 306: **************************************************************************/
! 307: static int MD5_test(BI_CTX *bi_ctx)
! 308: {
! 309: MD5_CTX ctx;
! 310: uint8_t ct[MD5_SIZE];
! 311: uint8_t digest[MD5_SIZE];
! 312: int res = 1;
! 313:
! 314: {
! 315: const char *in_str = "abc";
! 316: bigint *ct_bi = bi_str_import(bi_ctx,
! 317: "900150983CD24FB0D6963F7D28E17F72");
! 318: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
! 319:
! 320: MD5_Init(&ctx);
! 321: MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
! 322: MD5_Final(digest, &ctx);
! 323:
! 324: if (memcmp(digest, ct, sizeof(ct)))
! 325: {
! 326: printf("Error: MD5 #1 failed\n");
! 327: goto end;
! 328: }
! 329: }
! 330:
! 331: {
! 332: const char *in_str =
! 333: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
! 334: bigint *ct_bi = bi_str_import(
! 335: bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
! 336: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
! 337:
! 338: MD5_Init(&ctx);
! 339: MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
! 340: MD5_Final(digest, &ctx);
! 341:
! 342: if (memcmp(digest, ct, sizeof(ct)))
! 343: {
! 344: printf("Error: MD5 #2 failed\n");
! 345: goto end;
! 346: }
! 347: }
! 348: res = 0;
! 349: printf("All MD5 tests passed\n");
! 350:
! 351: end:
! 352: return res;
! 353: }
! 354:
! 355: /**************************************************************************
! 356: * HMAC tests
! 357: *
! 358: * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
! 359: **************************************************************************/
! 360: static int HMAC_test(BI_CTX *bi_ctx)
! 361: {
! 362: uint8_t key[SHA1_SIZE];
! 363: uint8_t ct[SHA1_SIZE];
! 364: uint8_t dgst[SHA1_SIZE];
! 365: int res = 1;
! 366: const char *key_str;
! 367:
! 368: const char *data_str = "Hi There";
! 369: bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
! 370: bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
! 371: bi_export(bi_ctx, key_bi, key, MD5_SIZE);
! 372: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
! 373: hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
! 374: if (memcmp(dgst, ct, MD5_SIZE))
! 375: {
! 376: printf("HMAC MD5 #1 failed\n");
! 377: goto end;
! 378: }
! 379:
! 380: data_str = "what do ya want for nothing?";
! 381: key_str = "Jefe";
! 382: ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
! 383: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
! 384: hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
! 385: if (memcmp(dgst, ct, MD5_SIZE))
! 386: {
! 387: printf("HMAC MD5 #2 failed\n");
! 388: goto end;
! 389: }
! 390:
! 391: data_str = "Hi There";
! 392: key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
! 393: bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
! 394: ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
! 395: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
! 396:
! 397: hmac_sha1((const uint8_t *)data_str, 8,
! 398: (const uint8_t *)key, SHA1_SIZE, dgst);
! 399: if (memcmp(dgst, ct, SHA1_SIZE))
! 400: {
! 401: printf("HMAC SHA1 #1 failed\n");
! 402: goto end;
! 403: }
! 404:
! 405: data_str = "what do ya want for nothing?";
! 406: key_str = "Jefe";
! 407: ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
! 408: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
! 409:
! 410: hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
! 411: if (memcmp(dgst, ct, SHA1_SIZE))
! 412: {
! 413: printf("HMAC SHA1 failed\n");
! 414: exit(1);
! 415: }
! 416:
! 417: res = 0;
! 418: printf("All HMAC tests passed\n");
! 419:
! 420: end:
! 421: return res;
! 422: }
! 423:
! 424: /**************************************************************************
! 425: * BIGINT tests
! 426: *
! 427: **************************************************************************/
! 428: static int BIGINT_test(BI_CTX *ctx)
! 429: {
! 430: int res = 1;
! 431:
! 432: #ifndef CONFIG_INTEGER_8BIT
! 433: #ifndef CONFIG_INTEGER_16BIT
! 434: bigint *bi_data, *bi_exp, *bi_res;
! 435: const char *expnt, *plaintext, *mod;
! 436: uint8_t compare[MAX_KEY_BYTE_SIZE];
! 437: /**
! 438: * 512 bit key
! 439: */
! 440: plaintext = /* 64 byte number */
! 441: "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
! 442:
! 443: mod = "C30773C8ABE09FCC279EE0E5343370DE"
! 444: "8B2FFDB6059271E3005A7CEEF0D35E0A"
! 445: "1F9915D95E63560836CC2EB2C289270D"
! 446: "BCAE8CAF6F5E907FC2759EE220071E1B";
! 447:
! 448: expnt = "A1E556CD1738E10DF539E35101334E97"
! 449: "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
! 450: "F3140F5091CC535CBAA47CEC4159EE1F"
! 451: "B6A3661AFF1AB758426EAB158452A9B9";
! 452:
! 453: bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
! 454: bi_exp = int_to_bi(ctx, 0x10001);
! 455: bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
! 456: bi_res = bi_mod_power(ctx, bi_data, bi_exp);
! 457:
! 458: bi_data = bi_res; /* resuse again - see if we get the original */
! 459:
! 460: bi_exp = bi_str_import(ctx, expnt);
! 461: bi_res = bi_mod_power(ctx, bi_data, bi_exp);
! 462: bi_free_mod(ctx, 0);
! 463:
! 464: bi_export(ctx, bi_res, compare, 64);
! 465: if (memcmp(plaintext, compare, 64) != 0)
! 466: goto end;
! 467: #endif
! 468: #endif
! 469:
! 470: /*
! 471: * Multiply with psssible carry issue (8 bit)
! 472: */
! 473: {
! 474: bigint *bi_x = bi_str_import(ctx,
! 475: "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
! 476: bigint *arg2 = bi_clone(ctx, bi_x);
! 477: bigint *arg3 = bi_clone(ctx, bi_x);
! 478: bigint *sqr_result = bi_square(ctx, bi_x);
! 479: bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
! 480:
! 481: if (bi_compare(sqr_result, mlt_result) != 0)
! 482: {
! 483: bi_print("SQR_RESULT", sqr_result);
! 484: bi_print("MLT_RESULT", mlt_result);
! 485: bi_free(ctx, sqr_result);
! 486: bi_free(ctx, mlt_result);
! 487: goto end;
! 488: }
! 489:
! 490: bi_free(ctx, sqr_result);
! 491: bi_free(ctx, mlt_result);
! 492: }
! 493:
! 494: printf("All BIGINT tests passed\n");
! 495: res = 0;
! 496:
! 497: end:
! 498: return res;
! 499: }
! 500:
! 501: /**************************************************************************
! 502: * RSA tests
! 503: *
! 504: * Use the results from openssl to verify PKCS1 etc
! 505: **************************************************************************/
! 506: static int RSA_test(void)
! 507: {
! 508: int res = 1;
! 509: const char *plaintext = /* 128 byte hex number */
! 510: "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
! 511: "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
! 512: uint8_t enc_data[128], dec_data[128];
! 513: RSA_CTX *rsa_ctx = NULL;
! 514: BI_CTX *bi_ctx;
! 515: bigint *plaintext_bi;
! 516: bigint *enc_data_bi, *dec_data_bi;
! 517: uint8_t enc_data2[128], dec_data2[128];
! 518: int len;
! 519: uint8_t *buf;
! 520:
! 521: /* extract the private key elements */
! 522: len = get_file("../ssl/test/axTLS.key_1024", &buf);
! 523: if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
! 524: {
! 525: goto end;
! 526: }
! 527:
! 528: free(buf);
! 529: bi_ctx = rsa_ctx->bi_ctx;
! 530: plaintext_bi = bi_import(bi_ctx,
! 531: (const uint8_t *)plaintext, strlen(plaintext));
! 532:
! 533: /* basic rsa encrypt */
! 534: enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
! 535: bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
! 536:
! 537: /* basic rsa decrypt */
! 538: dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
! 539: bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
! 540:
! 541: if (memcmp(dec_data, plaintext, strlen(plaintext)))
! 542: {
! 543: printf("Error: DECRYPT #1 failed\n");
! 544: goto end;
! 545: }
! 546:
! 547: RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
! 548: RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
! 549: if (memcmp("abc", dec_data2, 3))
! 550: {
! 551: printf("Error: ENCRYPT/DECRYPT #2 failed\n");
! 552: goto end;
! 553: }
! 554:
! 555: RSA_free(rsa_ctx);
! 556: res = 0;
! 557: printf("All RSA tests passed\n");
! 558:
! 559: end:
! 560: return res;
! 561: }
! 562:
! 563: /**************************************************************************
! 564: * Cert Testing
! 565: *
! 566: **************************************************************************/
! 567: static int cert_tests(void)
! 568: {
! 569: int res = -1, len;
! 570: X509_CTX *x509_ctx;
! 571: SSL_CTX *ssl_ctx;
! 572: uint8_t *buf;
! 573:
! 574: /* check a bunch of 3rd party certificates */
! 575: ssl_ctx = ssl_ctx_new(0, 0);
! 576: len = get_file("../ssl/test/microsoft.x509_ca", &buf);
! 577: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
! 578: {
! 579: printf("Cert #1\n");
! 580: ssl_display_error(res);
! 581: goto bad_cert;
! 582: }
! 583:
! 584: ssl_ctx_free(ssl_ctx);
! 585: free(buf);
! 586:
! 587: ssl_ctx = ssl_ctx_new(0, 0);
! 588: len = get_file("../ssl/test/thawte.x509_ca", &buf);
! 589: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
! 590: {
! 591: printf("Cert #2\n");
! 592: ssl_display_error(res);
! 593: goto bad_cert;
! 594: }
! 595:
! 596: ssl_ctx_free(ssl_ctx);
! 597: free(buf);
! 598:
! 599: ssl_ctx = ssl_ctx_new(0, 0);
! 600: len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
! 601: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
! 602: {
! 603: printf("Cert #3\n");
! 604: ssl_display_error(res);
! 605: goto bad_cert;
! 606: }
! 607:
! 608: ssl_ctx_free(ssl_ctx);
! 609: free(buf);
! 610:
! 611: ssl_ctx = ssl_ctx_new(0, 0);
! 612: len = get_file("../ssl/test/equifax.x509_ca", &buf);
! 613: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
! 614: {
! 615: printf("Cert #4\n");
! 616: ssl_display_error(res);
! 617: goto bad_cert;
! 618: }
! 619:
! 620: ssl_ctx_free(ssl_ctx);
! 621: free(buf);
! 622:
! 623: ssl_ctx = ssl_ctx_new(0, 0);
! 624: len = get_file("../ssl/test/gnutls.cer", &buf);
! 625: if ((res = add_cert(ssl_ctx, buf, len)) < 0)
! 626: {
! 627: printf("Cert #5\n");
! 628: ssl_display_error(res);
! 629: goto bad_cert;
! 630: }
! 631:
! 632: ssl_ctx_free(ssl_ctx);
! 633: free(buf);
! 634:
! 635: ssl_ctx = ssl_ctx_new(0, 0);
! 636: len = get_file("../ssl/test/socgen.cer", &buf);
! 637: if ((res = add_cert(ssl_ctx, buf, len)) < 0)
! 638: {
! 639: printf("Cert #6\n");
! 640: ssl_display_error(res);
! 641: goto bad_cert;
! 642: }
! 643:
! 644: ssl_ctx_free(ssl_ctx);
! 645: free(buf);
! 646:
! 647: ssl_ctx = ssl_ctx_new(0, 0);
! 648: len = get_file("../ssl/test/verisign.x509_ca", &buf);
! 649: if ((res = add_cert_auth(ssl_ctx, buf, len)) <0)
! 650: {
! 651: printf("Cert #7\n");
! 652: ssl_display_error(res);
! 653: goto bad_cert;
! 654: }
! 655:
! 656: ssl_ctx_free(ssl_ctx);
! 657: free(buf);
! 658:
! 659: if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
! 660: x509_new(buf, &len, &x509_ctx))
! 661: {
! 662: printf("Cert #8\n");
! 663: ssl_display_error(res);
! 664: goto bad_cert;
! 665: }
! 666:
! 667: x509_free(x509_ctx);
! 668: free(buf);
! 669:
! 670: ssl_ctx = ssl_ctx_new(0, 0);
! 671: if ((res = ssl_obj_load(ssl_ctx,
! 672: SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
! 673: {
! 674: ssl_display_error(res);
! 675: goto bad_cert;
! 676: }
! 677:
! 678: ssl_ctx_free(ssl_ctx);
! 679:
! 680: if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
! 681: x509_new(buf, &len, &x509_ctx))
! 682: {
! 683: printf("Cert #9\n");
! 684: res = -1;
! 685: goto bad_cert;
! 686: }
! 687:
! 688: if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
! 689: {
! 690: printf("Cert #9 (2)\n");
! 691: res = -1;
! 692: goto bad_cert;
! 693: }
! 694: x509_free(x509_ctx);
! 695: free(buf);
! 696:
! 697: ssl_ctx = ssl_ctx_new(0, 0);
! 698: if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
! 699: "../ssl/test/ca-bundle.crt", NULL))
! 700: {
! 701: printf("Cert #10\n");
! 702: goto bad_cert;
! 703: }
! 704:
! 705: ssl_ctx_free(ssl_ctx);
! 706: res = 0; /* all ok */
! 707: printf("All Certificate tests passed\n");
! 708:
! 709: bad_cert:
! 710: if (res)
! 711: printf("Error: A certificate test failed\n");
! 712:
! 713: return res;
! 714: }
! 715:
! 716: /**
! 717: * init a server socket.
! 718: */
! 719: static int server_socket_init(int *port)
! 720: {
! 721: struct sockaddr_in serv_addr;
! 722: int server_fd;
! 723: char yes = 1;
! 724:
! 725: /* Create socket for incoming connections */
! 726: if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
! 727: {
! 728: return -1;
! 729: }
! 730:
! 731: setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
! 732:
! 733: go_again:
! 734: /* Construct local address structure */
! 735: memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */
! 736: serv_addr.sin_family = AF_INET; /* Internet address family */
! 737: serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
! 738: serv_addr.sin_port = htons(*port); /* Local port */
! 739:
! 740: /* Bind to the local address */
! 741: if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
! 742: {
! 743: (*port)++;
! 744: goto go_again;
! 745: }
! 746: /* Mark the socket so it will listen for incoming connections */
! 747: if (listen(server_fd, 3000) < 0)
! 748: {
! 749: return -1;
! 750: }
! 751:
! 752: return server_fd;
! 753: }
! 754:
! 755: /**
! 756: * init a client socket.
! 757: */
! 758: static int client_socket_init(uint16_t port)
! 759: {
! 760: struct sockaddr_in address;
! 761: int client_fd;
! 762:
! 763: address.sin_family = AF_INET;
! 764: address.sin_port = htons(port);
! 765: address.sin_addr.s_addr = inet_addr("127.0.0.1");
! 766: client_fd = socket(AF_INET, SOCK_STREAM, 0);
! 767: if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
! 768: {
! 769: perror("socket");
! 770: SOCKET_CLOSE(client_fd);
! 771: client_fd = -1;
! 772: }
! 773:
! 774: return client_fd;
! 775: }
! 776:
! 777: /**************************************************************************
! 778: * SSL Server Testing
! 779: *
! 780: **************************************************************************/
! 781: typedef struct
! 782: {
! 783: /* not used as yet */
! 784: int dummy;
! 785: } SVR_CTX;
! 786:
! 787: typedef struct
! 788: {
! 789: const char *testname;
! 790: const char *openssl_option;
! 791: } client_t;
! 792:
! 793: static void do_client(client_t *clnt)
! 794: {
! 795: char openssl_buf[2048];
! 796: usleep(200000); /* allow server to start */
! 797:
! 798: /* show the session ids in the reconnect test */
! 799: if (strcmp(clnt->testname, "Session Reuse") == 0)
! 800: {
! 801: sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
! 802: "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"",
! 803: g_port, clnt->openssl_option);
! 804: }
! 805: else if (strstr(clnt->testname, "GNUTLS") == NULL)
! 806: {
! 807: sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
! 808: #ifdef WIN32
! 809: "-connect localhost:%d -quiet %s",
! 810: #else
! 811: "-connect localhost:%d -quiet %s > /dev/null 2>&1",
! 812: #endif
! 813: g_port, clnt->openssl_option);
! 814: }
! 815: else /* gnutls */
! 816: {
! 817: sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
! 818: #ifdef WIN32
! 819: "-p %d %s 127.0.0.1",
! 820: #else
! 821: "-p %d %s 127.0.0.1 > /dev/null 2>&1",
! 822: #endif
! 823: g_port, clnt->openssl_option);
! 824: }
! 825:
! 826: system(openssl_buf);
! 827: }
! 828:
! 829: static int SSL_server_test(
! 830: const char *testname,
! 831: const char *openssl_option,
! 832: const char *device_cert,
! 833: const char *product_cert,
! 834: const char *private_key,
! 835: const char *ca_cert,
! 836: const char *password,
! 837: int axtls_option)
! 838: {
! 839: int server_fd, ret = 0;
! 840: SSL_CTX *ssl_ctx = NULL;
! 841: struct sockaddr_in client_addr;
! 842: uint8_t *read_buf;
! 843: socklen_t clnt_len = sizeof(client_addr);
! 844: client_t client_data;
! 845: #ifndef WIN32
! 846: pthread_t thread;
! 847: #endif
! 848: g_port++;
! 849:
! 850: client_data.testname = testname;
! 851: client_data.openssl_option = openssl_option;
! 852:
! 853: if ((server_fd = server_socket_init(&g_port)) < 0)
! 854: goto error;
! 855:
! 856: if (private_key)
! 857: {
! 858: axtls_option |= SSL_NO_DEFAULT_KEY;
! 859: }
! 860:
! 861: if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
! 862: {
! 863: ret = SSL_ERROR_INVALID_KEY;
! 864: goto error;
! 865: }
! 866:
! 867: if (private_key)
! 868: {
! 869: int obj_type = SSL_OBJ_RSA_KEY;
! 870:
! 871: if (strstr(private_key, ".p8"))
! 872: obj_type = SSL_OBJ_PKCS8;
! 873: else if (strstr(private_key, ".p12"))
! 874: obj_type = SSL_OBJ_PKCS12;
! 875:
! 876: if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
! 877: {
! 878: ret = SSL_ERROR_INVALID_KEY;
! 879: goto error;
! 880: }
! 881: }
! 882:
! 883: if (device_cert) /* test chaining */
! 884: {
! 885: if ((ret = ssl_obj_load(ssl_ctx,
! 886: SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
! 887: goto error;
! 888: }
! 889:
! 890: if (product_cert) /* test chaining */
! 891: {
! 892: if ((ret = ssl_obj_load(ssl_ctx,
! 893: SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
! 894: goto error;
! 895: }
! 896:
! 897: if (ca_cert) /* test adding certificate authorities */
! 898: {
! 899: if ((ret = ssl_obj_load(ssl_ctx,
! 900: SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
! 901: goto error;
! 902: }
! 903:
! 904: #ifndef WIN32
! 905: pthread_create(&thread, NULL,
! 906: (void *(*)(void *))do_client, (void *)&client_data);
! 907: pthread_detach(thread);
! 908: #else
! 909: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client,
! 910: (LPVOID)&client_data, 0, NULL);
! 911: #endif
! 912:
! 913: for (;;)
! 914: {
! 915: int client_fd, size = 0;
! 916: SSL *ssl;
! 917:
! 918: /* Wait for a client to connect */
! 919: if ((client_fd = accept(server_fd,
! 920: (struct sockaddr *)&client_addr, &clnt_len)) < 0)
! 921: {
! 922: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
! 923: goto error;
! 924: }
! 925:
! 926: /* we are ready to go */
! 927: ssl = ssl_server_new(ssl_ctx, client_fd);
! 928: while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
! 929: SOCKET_CLOSE(client_fd);
! 930:
! 931: if (size == SSL_CLOSE_NOTIFY)
! 932: {
! 933: /* do nothing */
! 934: }
! 935: else if (size < SSL_OK) /* got some alert or something nasty */
! 936: {
! 937: ret = size;
! 938:
! 939: if (ret == SSL_ERROR_CONN_LOST)
! 940: continue;
! 941:
! 942: break; /* we've got a problem */
! 943: }
! 944: else /* looks more promising */
! 945: {
! 946: if (strstr("hello client", (char *)read_buf) == NULL)
! 947: {
! 948: printf("SSL server test \"%s\" passed\n", testname);
! 949: TTY_FLUSH();
! 950: ret = 0;
! 951: break;
! 952: }
! 953: }
! 954:
! 955: ssl_free(ssl);
! 956: }
! 957:
! 958: SOCKET_CLOSE(server_fd);
! 959:
! 960: error:
! 961: ssl_ctx_free(ssl_ctx);
! 962: return ret;
! 963: }
! 964:
! 965: int SSL_server_tests(void)
! 966: {
! 967: int ret = -1;
! 968: struct stat stat_buf;
! 969: SVR_CTX svr_test_ctx;
! 970: memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
! 971:
! 972: printf("### starting server tests\n"); TTY_FLUSH();
! 973:
! 974: /* Go through the algorithms */
! 975:
! 976: /*
! 977: * TLS1 client hello
! 978: */
! 979: if ((ret = SSL_server_test("TLSv1", "-cipher RC4-SHA -tls1",
! 980: NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION)))
! 981: goto cleanup;
! 982:
! 983: /*
! 984: * AES128-SHA
! 985: */
! 986: if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
! 987: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
! 988: DEFAULT_SVR_OPTION)))
! 989: goto cleanup;
! 990:
! 991: /*
! 992: * AES256-SHA
! 993: */
! 994: if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
! 995: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
! 996: DEFAULT_SVR_OPTION)))
! 997: goto cleanup;
! 998:
! 999: /*
! 1000: * RC4-SHA
! 1001: */
! 1002: if ((ret = SSL_server_test("RC4-SHA", "-cipher RC4-SHA",
! 1003: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
! 1004: DEFAULT_SVR_OPTION)))
! 1005: goto cleanup;
! 1006:
! 1007: /*
! 1008: * RC4-MD5
! 1009: */
! 1010: if ((ret = SSL_server_test("RC4-MD5", "-cipher RC4-MD5",
! 1011: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
! 1012: DEFAULT_SVR_OPTION)))
! 1013: goto cleanup;
! 1014:
! 1015: /*
! 1016: * Session Reuse
! 1017: * all the session id's should match for session resumption.
! 1018: */
! 1019: if ((ret = SSL_server_test("Session Reuse",
! 1020: "-cipher RC4-SHA -reconnect",
! 1021: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
! 1022: DEFAULT_SVR_OPTION)))
! 1023: goto cleanup;
! 1024:
! 1025: /*
! 1026: * 512 bit RSA key
! 1027: */
! 1028: if ((ret = SSL_server_test("512 bit key",
! 1029: "-cipher RC4-SHA",
! 1030: "../ssl/test/axTLS.x509_512.cer", NULL,
! 1031: "../ssl/test/axTLS.key_512",
! 1032: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1033: goto cleanup;
! 1034:
! 1035: /*
! 1036: * 1024 bit RSA key (check certificate chaining)
! 1037: */
! 1038: if ((ret = SSL_server_test("1024 bit key",
! 1039: "-cipher RC4-SHA",
! 1040: "../ssl/test/axTLS.x509_1024.cer", NULL,
! 1041: "../ssl/test/axTLS.key_1024",
! 1042: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1043: goto cleanup;
! 1044:
! 1045: /*
! 1046: * 1042 bit RSA key (check certificate chaining)
! 1047: */
! 1048: if ((ret = SSL_server_test("1042 bit key",
! 1049: "-cipher RC4-SHA",
! 1050: "../ssl/test/axTLS.x509_1042.cer", NULL,
! 1051: "../ssl/test/axTLS.key_1042",
! 1052: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1053: goto cleanup;
! 1054: /*
! 1055: * 2048 bit RSA key
! 1056: */
! 1057: if ((ret = SSL_server_test("2048 bit key",
! 1058: "-cipher RC4-SHA",
! 1059: "../ssl/test/axTLS.x509_2048.cer", NULL,
! 1060: "../ssl/test/axTLS.key_2048",
! 1061: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1062: goto cleanup;
! 1063:
! 1064: /*
! 1065: * 4096 bit RSA key
! 1066: */
! 1067: if ((ret = SSL_server_test("4096 bit key",
! 1068: "-cipher RC4-SHA",
! 1069: "../ssl/test/axTLS.x509_4096.cer", NULL,
! 1070: "../ssl/test/axTLS.key_4096",
! 1071: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1072: goto cleanup;
! 1073:
! 1074: /*
! 1075: * Client Verification
! 1076: */
! 1077: if ((ret = SSL_server_test("Client Verification",
! 1078: "-cipher RC4-SHA -tls1 "
! 1079: "-cert ../ssl/test/axTLS.x509_2048.pem "
! 1080: "-key ../ssl/test/axTLS.key_2048.pem ",
! 1081: NULL, NULL, NULL,
! 1082: "../ssl/test/axTLS.ca_x509.cer", NULL,
! 1083: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
! 1084: goto cleanup;
! 1085:
! 1086: /* this test should fail */
! 1087: if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
! 1088: {
! 1089: if ((ret = SSL_server_test("Error: Bad Before Cert",
! 1090: "-cipher RC4-SHA -tls1 "
! 1091: "-cert ../ssl/test/axTLS.x509_bad_before.pem "
! 1092: "-key ../ssl/test/axTLS.key_512.pem ",
! 1093: NULL, NULL, NULL,
! 1094: "../ssl/test/axTLS.ca_x509.cer", NULL,
! 1095: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
! 1096: SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
! 1097: goto cleanup;
! 1098:
! 1099: printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
! 1100: TTY_FLUSH();
! 1101: }
! 1102:
! 1103: /* this test should fail */
! 1104: if ((ret = SSL_server_test("Error: Bad After Cert",
! 1105: "-cipher RC4-SHA -tls1 "
! 1106: "-cert ../ssl/test/axTLS.x509_bad_after.pem "
! 1107: "-key ../ssl/test/axTLS.key_512.pem ",
! 1108: NULL, NULL, NULL,
! 1109: "../ssl/test/axTLS.ca_x509.cer", NULL,
! 1110: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
! 1111: SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
! 1112: goto cleanup;
! 1113:
! 1114: printf("SSL server test \"%s\" passed\n", "Bad After Cert");
! 1115: TTY_FLUSH();
! 1116:
! 1117: /*
! 1118: * No trusted cert
! 1119: */
! 1120: if ((ret = SSL_server_test("Error: No trusted certificate",
! 1121: "-cipher RC4-SHA -tls1 "
! 1122: "-cert ../ssl/test/axTLS.x509_512.pem "
! 1123: "-key ../ssl/test/axTLS.key_512.pem ",
! 1124: NULL, NULL, NULL,
! 1125: NULL, NULL,
! 1126: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
! 1127: SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
! 1128: goto cleanup;
! 1129:
! 1130: printf("SSL server test \"%s\" passed\n", "No trusted certificate");
! 1131: TTY_FLUSH();
! 1132:
! 1133: /*
! 1134: * Self-signed (from the server)
! 1135: */
! 1136: if ((ret = SSL_server_test("Error: Self-signed certificate (from server)",
! 1137: "-cipher RC4-SHA -tls1 "
! 1138: "-cert ../ssl/test/axTLS.x509_512.pem "
! 1139: "-key ../ssl/test/axTLS.key_512.pem "
! 1140: "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
! 1141: NULL, NULL, NULL,
! 1142: NULL, NULL,
! 1143: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
! 1144: SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
! 1145: goto cleanup;
! 1146:
! 1147: printf("SSL server test \"%s\" passed\n",
! 1148: "Self-signed certificate (from server)");
! 1149: TTY_FLUSH();
! 1150:
! 1151: /*
! 1152: * Self-signed (from the client)
! 1153: */
! 1154: if ((ret = SSL_server_test("Self-signed certificate (from client)",
! 1155: "-cipher RC4-SHA -tls1 "
! 1156: "-cert ../ssl/test/axTLS.x509_512.pem "
! 1157: "-key ../ssl/test/axTLS.key_512.pem ",
! 1158: NULL, NULL, NULL,
! 1159: "../ssl/test/axTLS.ca_x509.cer",
! 1160: NULL,
! 1161: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
! 1162: goto cleanup;
! 1163:
! 1164: /*
! 1165: * Key in PEM format
! 1166: */
! 1167: if ((ret = SSL_server_test("Key in PEM format",
! 1168: "-cipher RC4-SHA",
! 1169: "../ssl/test/axTLS.x509_512.cer", NULL,
! 1170: "../ssl/test/axTLS.key_512.pem", NULL,
! 1171: NULL, DEFAULT_SVR_OPTION)))
! 1172: goto cleanup;
! 1173:
! 1174: /*
! 1175: * Cert in PEM format
! 1176: */
! 1177: if ((ret = SSL_server_test("Cert in PEM format",
! 1178: "-cipher RC4-SHA",
! 1179: "../ssl/test/axTLS.x509_512.pem", NULL,
! 1180: "../ssl/test/axTLS.key_512.pem", NULL,
! 1181: NULL, DEFAULT_SVR_OPTION)))
! 1182: goto cleanup;
! 1183:
! 1184: /*
! 1185: * Cert chain in PEM format
! 1186: */
! 1187: if ((ret = SSL_server_test("Cert chain in PEM format",
! 1188: "-cipher RC4-SHA",
! 1189: "../ssl/test/axTLS.x509_device.pem",
! 1190: NULL, "../ssl/test/axTLS.device_key.pem",
! 1191: "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
! 1192: goto cleanup;
! 1193:
! 1194: /*
! 1195: * AES128 Encrypted key
! 1196: */
! 1197: if ((ret = SSL_server_test("AES128 encrypted key",
! 1198: "-cipher RC4-SHA",
! 1199: "../ssl/test/axTLS.x509_aes128.pem", NULL,
! 1200: "../ssl/test/axTLS.key_aes128.pem",
! 1201: NULL, "abcd", DEFAULT_SVR_OPTION)))
! 1202: goto cleanup;
! 1203:
! 1204: /*
! 1205: * AES256 Encrypted key
! 1206: */
! 1207: if ((ret = SSL_server_test("AES256 encrypted key",
! 1208: "-cipher RC4-SHA",
! 1209: "../ssl/test/axTLS.x509_aes256.pem", NULL,
! 1210: "../ssl/test/axTLS.key_aes256.pem",
! 1211: NULL, "abcd", DEFAULT_SVR_OPTION)))
! 1212: goto cleanup;
! 1213:
! 1214: /*
! 1215: * AES128 Encrypted invalid key
! 1216: */
! 1217: if ((ret = SSL_server_test("AES128 encrypted invalid key",
! 1218: "-cipher RC4-SHA",
! 1219: "../ssl/test/axTLS.x509_aes128.pem", NULL,
! 1220: "../ssl/test/axTLS.key_aes128.pem",
! 1221: NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
! 1222: goto cleanup;
! 1223:
! 1224: printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
! 1225: TTY_FLUSH();
! 1226:
! 1227: /*
! 1228: * PKCS#8 key (encrypted)
! 1229: */
! 1230: if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher RC4-SHA",
! 1231: DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8",
! 1232: NULL, "abcd", DEFAULT_SVR_OPTION)))
! 1233: goto cleanup;
! 1234:
! 1235: /*
! 1236: * PKCS#8 key (unencrypted DER format)
! 1237: */
! 1238: if ((ret = SSL_server_test("pkcs#8 DER unencrypted", "-cipher RC4-SHA",
! 1239: DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8",
! 1240: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1241: goto cleanup;
! 1242:
! 1243: /*
! 1244: * PKCS#8 key (unencrypted PEM format)
! 1245: */
! 1246: if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", "-cipher RC4-SHA",
! 1247: DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8",
! 1248: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1249: goto cleanup;
! 1250:
! 1251: /*
! 1252: * PKCS#12 key/certificate
! 1253: */
! 1254: if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher RC4-SHA",
! 1255: NULL, NULL, "../ssl/test/axTLS.withCA.p12",
! 1256: NULL, "abcd", DEFAULT_SVR_OPTION)))
! 1257: goto cleanup;
! 1258:
! 1259: if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher RC4-SHA",
! 1260: DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12",
! 1261: NULL, "abcd", DEFAULT_SVR_OPTION)))
! 1262: goto cleanup;
! 1263:
! 1264: /*
! 1265: * GNUTLS
! 1266: */
! 1267: if ((ret = SSL_server_test("GNUTLS client",
! 1268: "",
! 1269: "../ssl/test/axTLS.x509_1024.cer", NULL,
! 1270: "../ssl/test/axTLS.key_1024",
! 1271: NULL, NULL, DEFAULT_SVR_OPTION)))
! 1272: goto cleanup;
! 1273: ret = 0;
! 1274:
! 1275: cleanup:
! 1276: if (ret)
! 1277: {
! 1278: printf("Error: A server test failed\n");
! 1279: ssl_display_error(ret);
! 1280: exit(1);
! 1281: }
! 1282: else
! 1283: {
! 1284: printf("All server tests passed\n"); TTY_FLUSH();
! 1285: }
! 1286:
! 1287: return ret;
! 1288: }
! 1289:
! 1290: /**************************************************************************
! 1291: * SSL Client Testing
! 1292: *
! 1293: **************************************************************************/
! 1294: typedef struct
! 1295: {
! 1296: uint8_t session_id[SSL_SESSION_ID_SIZE];
! 1297: #ifndef WIN32
! 1298: pthread_t server_thread;
! 1299: #endif
! 1300: int start_server;
! 1301: int stop_server;
! 1302: int do_reneg;
! 1303: } CLNT_SESSION_RESUME_CTX;
! 1304:
! 1305: typedef struct
! 1306: {
! 1307: const char *testname;
! 1308: const char *openssl_option;
! 1309: int do_gnutls;
! 1310: } server_t;
! 1311:
! 1312: static void do_server(server_t *svr)
! 1313: {
! 1314: char openssl_buf[2048];
! 1315: #ifndef WIN32
! 1316: pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
! 1317: #endif
! 1318: if (svr->do_gnutls)
! 1319: {
! 1320: sprintf(openssl_buf, "gnutls-serv "
! 1321: "-p %d --quiet %s ", g_port, svr->openssl_option);
! 1322: }
! 1323: else
! 1324: {
! 1325: sprintf(openssl_buf, "openssl s_server -tls1 "
! 1326: "-accept %d -quiet %s ", g_port, svr->openssl_option);
! 1327: }
! 1328:
! 1329: system(openssl_buf);
! 1330: }
! 1331:
! 1332: static int SSL_client_test(
! 1333: const char *test,
! 1334: SSL_CTX **ssl_ctx,
! 1335: const char *openssl_option,
! 1336: CLNT_SESSION_RESUME_CTX *sess_resume,
! 1337: uint32_t client_options,
! 1338: const char *private_key,
! 1339: const char *password,
! 1340: const char *cert)
! 1341: {
! 1342: server_t server_data;
! 1343: SSL *ssl = NULL;
! 1344: int client_fd = -1;
! 1345: uint8_t *session_id = NULL;
! 1346: int ret = 1;
! 1347: #ifndef WIN32
! 1348: pthread_t thread;
! 1349: #endif
! 1350:
! 1351: server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
! 1352:
! 1353: if (sess_resume == NULL || sess_resume->start_server)
! 1354: {
! 1355: g_port++;
! 1356: server_data.openssl_option = openssl_option;
! 1357:
! 1358: #ifndef WIN32
! 1359: pthread_create(&thread, NULL,
! 1360: (void *(*)(void *))do_server, (void *)&server_data);
! 1361: pthread_detach(thread);
! 1362: #else
! 1363: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server,
! 1364: (LPVOID)&server_data, 0, NULL);
! 1365: #endif
! 1366: }
! 1367:
! 1368: usleep(200000); /* allow server to start */
! 1369:
! 1370: if (*ssl_ctx == NULL)
! 1371: {
! 1372: if (private_key)
! 1373: {
! 1374: client_options |= SSL_NO_DEFAULT_KEY;
! 1375: }
! 1376:
! 1377: if ((*ssl_ctx = ssl_ctx_new(
! 1378: client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
! 1379: {
! 1380: ret = SSL_ERROR_INVALID_KEY;
! 1381: goto client_test_exit;
! 1382: }
! 1383:
! 1384: if (private_key)
! 1385: {
! 1386: int obj_type = SSL_OBJ_RSA_KEY;
! 1387:
! 1388: if (strstr(private_key, ".p8"))
! 1389: obj_type = SSL_OBJ_PKCS8;
! 1390: else if (strstr(private_key, ".p12"))
! 1391: obj_type = SSL_OBJ_PKCS12;
! 1392:
! 1393: if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
! 1394: {
! 1395: ret = SSL_ERROR_INVALID_KEY;
! 1396: goto client_test_exit;
! 1397: }
! 1398: }
! 1399:
! 1400: if (cert)
! 1401: {
! 1402: if ((ret = ssl_obj_load(*ssl_ctx,
! 1403: SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
! 1404: {
! 1405: printf("could not add cert %s (%d)\n", cert, ret);
! 1406: TTY_FLUSH();
! 1407: goto client_test_exit;
! 1408: }
! 1409: }
! 1410:
! 1411: if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT,
! 1412: "../ssl/test/axTLS.ca_x509.cer", NULL))
! 1413: {
! 1414: printf("could not add cert auth\n"); TTY_FLUSH();
! 1415: goto client_test_exit;
! 1416: }
! 1417: }
! 1418:
! 1419: if (sess_resume && !sess_resume->start_server)
! 1420: {
! 1421: session_id = sess_resume->session_id;
! 1422: }
! 1423:
! 1424: if ((client_fd = client_socket_init(g_port)) < 0)
! 1425: {
! 1426: printf("could not start socket on %d\n", g_port); TTY_FLUSH();
! 1427: goto client_test_exit;
! 1428: }
! 1429:
! 1430: ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
! 1431:
! 1432: /* check the return status */
! 1433: if ((ret = ssl_handshake_status(ssl)))
! 1434: goto client_test_exit;
! 1435:
! 1436: /* renegotiate client */
! 1437: if (sess_resume && sess_resume->do_reneg)
! 1438: {
! 1439: if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION)
! 1440: ret = 0;
! 1441: else
! 1442: ret = -SSL_ALERT_NO_RENEGOTIATION;
! 1443:
! 1444: goto client_test_exit;
! 1445: }
! 1446:
! 1447: if (sess_resume)
! 1448: {
! 1449: memcpy(sess_resume->session_id,
! 1450: ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
! 1451: }
! 1452:
! 1453: if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) &&
! 1454: (ret = ssl_verify_cert(ssl)))
! 1455: {
! 1456: goto client_test_exit;
! 1457: }
! 1458:
! 1459: ssl_write(ssl, (uint8_t *)"hello world\n", 13);
! 1460: if (sess_resume)
! 1461: {
! 1462: const uint8_t *sess_id = ssl_get_session_id(ssl);
! 1463: int i;
! 1464:
! 1465: printf(" Session-ID: ");
! 1466: for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
! 1467: {
! 1468: printf("%02X", sess_id[i]);
! 1469: }
! 1470: printf("\n");
! 1471: TTY_FLUSH();
! 1472: }
! 1473:
! 1474: ret = 0;
! 1475:
! 1476: client_test_exit:
! 1477: ssl_free(ssl);
! 1478: SOCKET_CLOSE(client_fd);
! 1479: usleep(200000); /* allow openssl to say something */
! 1480:
! 1481: if (sess_resume)
! 1482: {
! 1483: if (sess_resume->stop_server)
! 1484: {
! 1485: ssl_ctx_free(*ssl_ctx);
! 1486: *ssl_ctx = NULL;
! 1487: }
! 1488: else if (sess_resume->start_server)
! 1489: {
! 1490: #ifndef WIN32
! 1491: sess_resume->server_thread = thread;
! 1492: #endif
! 1493: }
! 1494: }
! 1495: else
! 1496: {
! 1497: ssl_ctx_free(*ssl_ctx);
! 1498: *ssl_ctx = NULL;
! 1499: }
! 1500:
! 1501: if (ret == 0)
! 1502: {
! 1503: printf("SSL client test \"%s\" passed\n", test);
! 1504: TTY_FLUSH();
! 1505: }
! 1506:
! 1507: return ret;
! 1508: }
! 1509:
! 1510: int SSL_client_tests(void)
! 1511: {
! 1512: int ret = -1;
! 1513: SSL_CTX *ssl_ctx = NULL;
! 1514: CLNT_SESSION_RESUME_CTX sess_resume;
! 1515: memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
! 1516:
! 1517: sess_resume.start_server = 1;
! 1518: printf("### starting client tests\n");
! 1519:
! 1520: if ((ret = SSL_client_test("512 bit key",
! 1521: &ssl_ctx,
! 1522: "-cert ../ssl/test/axTLS.x509_512.pem "
! 1523: "-key ../ssl/test/axTLS.key_512.pem", &sess_resume,
! 1524: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1525: goto cleanup;
! 1526:
! 1527: /* all the session id's should match for session resumption */
! 1528: sess_resume.start_server = 0;
! 1529: if ((ret = SSL_client_test("Client session resumption #1",
! 1530: &ssl_ctx, NULL, &sess_resume,
! 1531: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1532: goto cleanup;
! 1533:
! 1534: // no client renegotiation
! 1535: sess_resume.do_reneg = 1;
! 1536: // test relies on openssl killing the call
! 1537: if ((ret = SSL_client_test("Client renegotiation",
! 1538: &ssl_ctx, NULL, &sess_resume,
! 1539: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1540: goto cleanup;
! 1541: sess_resume.do_reneg = 0;
! 1542:
! 1543: sess_resume.stop_server = 1;
! 1544: if ((ret = SSL_client_test("Client session resumption #2",
! 1545: &ssl_ctx, NULL, &sess_resume,
! 1546: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1547: goto cleanup;
! 1548:
! 1549: if ((ret = SSL_client_test("1024 bit key",
! 1550: &ssl_ctx,
! 1551: "-cert ../ssl/test/axTLS.x509_1024.pem "
! 1552: "-key ../ssl/test/axTLS.key_1024.pem", NULL,
! 1553: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1554: goto cleanup;
! 1555:
! 1556: if ((ret = SSL_client_test("2048 bit key",
! 1557: &ssl_ctx,
! 1558: "-cert ../ssl/test/axTLS.x509_2048.pem "
! 1559: "-key ../ssl/test/axTLS.key_2048.pem", NULL,
! 1560: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1561: goto cleanup;
! 1562:
! 1563: if ((ret = SSL_client_test("4096 bit key",
! 1564: &ssl_ctx,
! 1565: "-cert ../ssl/test/axTLS.x509_4096.pem "
! 1566: "-key ../ssl/test/axTLS.key_4096.pem", NULL,
! 1567: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1568: goto cleanup;
! 1569:
! 1570: if ((ret = SSL_client_test("Server cert chaining",
! 1571: &ssl_ctx,
! 1572: "-cert ../ssl/test/axTLS.x509_device.pem "
! 1573: "-key ../ssl/test/axTLS.device_key.pem "
! 1574: "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL,
! 1575: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1576: goto cleanup;
! 1577:
! 1578: /* Check the server can verify the client */
! 1579: if ((ret = SSL_client_test("Client peer authentication",
! 1580: &ssl_ctx,
! 1581: "-cert ../ssl/test/axTLS.x509_2048.pem "
! 1582: "-key ../ssl/test/axTLS.key_2048.pem "
! 1583: "-CAfile ../ssl/test/axTLS.ca_x509.pem "
! 1584: "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
! 1585: "../ssl/test/axTLS.key_1024", NULL,
! 1586: "../ssl/test/axTLS.x509_1024.cer")))
! 1587: goto cleanup;
! 1588:
! 1589: /* Should get an "ERROR" from openssl (as the handshake fails as soon as
! 1590: * the certificate verification fails) */
! 1591: if ((ret = SSL_client_test("Error: Expired cert (verify now)",
! 1592: &ssl_ctx,
! 1593: "-cert ../ssl/test/axTLS.x509_bad_after.pem "
! 1594: "-key ../ssl/test/axTLS.key_512.pem", NULL,
! 1595: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
! 1596: SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
! 1597: {
! 1598: printf("*** Error: %d\n", ret);
! 1599: goto cleanup;
! 1600: }
! 1601:
! 1602: printf("SSL client test \"Expired cert (verify now)\" passed\n");
! 1603:
! 1604: /* There is no "ERROR" from openssl */
! 1605: if ((ret = SSL_client_test("Error: Expired cert (verify later)",
! 1606: &ssl_ctx,
! 1607: "-cert ../ssl/test/axTLS.x509_bad_after.pem "
! 1608: "-key ../ssl/test/axTLS.key_512.pem", NULL,
! 1609: DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL,
! 1610: NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
! 1611: {
! 1612: printf("*** Error: %d\n", ret); TTY_FLUSH();
! 1613: goto cleanup;
! 1614: }
! 1615:
! 1616: printf("SSL client test \"Expired cert (verify later)\" passed\n");
! 1617:
! 1618: /* invalid cert type */
! 1619: if ((ret = SSL_client_test("Error: Invalid certificate type",
! 1620: &ssl_ctx,
! 1621: "-cert ../ssl/test/axTLS.x509_2048.pem "
! 1622: "-key ../ssl/test/axTLS.key_2048.pem "
! 1623: "-CAfile ../ssl/test/axTLS.ca_x509.pem "
! 1624: "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
! 1625: "../ssl/test/axTLS.x509_1024.cer", NULL,
! 1626: "../ssl/test/axTLS.x509_1024.cer"))
! 1627: != SSL_ERROR_INVALID_KEY)
! 1628: {
! 1629: printf("*** Error: %d\n", ret); TTY_FLUSH();
! 1630: goto cleanup;
! 1631: }
! 1632:
! 1633: printf("SSL client test \"Invalid certificate type\" passed\n");
! 1634:
! 1635: if ((ret = SSL_client_test("GNUTLS client",
! 1636: &ssl_ctx,
! 1637: "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
! 1638: "--x509keyfile ../ssl/test/axTLS.key_1024.pem -q", NULL,
! 1639: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
! 1640: goto cleanup;
! 1641:
! 1642: ret = 0;
! 1643:
! 1644: cleanup:
! 1645: if (ret)
! 1646: {
! 1647: ssl_display_error(ret);
! 1648: printf("Error: A client test failed\n");
! 1649: system("sh ../ssl/test/killopenssl.sh");
! 1650: system("sh ../ssl/test/killgnutls.sh");
! 1651: exit(1);
! 1652: }
! 1653: else
! 1654: {
! 1655: printf("All client tests passed\n"); TTY_FLUSH();
! 1656: }
! 1657:
! 1658: ssl_ctx_free(ssl_ctx);
! 1659: return ret;
! 1660: }
! 1661:
! 1662: /**************************************************************************
! 1663: * SSL Basic Testing (test a big packet handshake)
! 1664: *
! 1665: **************************************************************************/
! 1666: static uint8_t basic_buf[256*1024];
! 1667:
! 1668: static void do_basic(void)
! 1669: {
! 1670: int client_fd;
! 1671: SSL *ssl_clnt;
! 1672: SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
! 1673: DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
! 1674: usleep(200000); /* allow server to start */
! 1675:
! 1676: if ((client_fd = client_socket_init(g_port)) < 0)
! 1677: goto error;
! 1678:
! 1679: if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
! 1680: "../ssl/test/axTLS.ca_x509.cer", NULL))
! 1681: goto error;
! 1682:
! 1683: ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
! 1684:
! 1685: /* check the return status */
! 1686: if (ssl_handshake_status(ssl_clnt) < 0)
! 1687: {
! 1688: ssl_display_error(ssl_handshake_status(ssl_clnt));
! 1689: goto error;
! 1690: }
! 1691:
! 1692: ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
! 1693: ssl_free(ssl_clnt);
! 1694:
! 1695: error:
! 1696: ssl_ctx_free(ssl_clnt_ctx);
! 1697: SOCKET_CLOSE(client_fd);
! 1698:
! 1699: /* exit this thread */
! 1700: }
! 1701:
! 1702: static int SSL_basic_test(void)
! 1703: {
! 1704: int server_fd, client_fd, ret = 0, size = 0, offset = 0;
! 1705: SSL_CTX *ssl_svr_ctx = NULL;
! 1706: struct sockaddr_in client_addr;
! 1707: uint8_t *read_buf;
! 1708: socklen_t clnt_len = sizeof(client_addr);
! 1709: SSL *ssl_svr;
! 1710: #ifndef WIN32
! 1711: pthread_t thread;
! 1712: #endif
! 1713: memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
! 1714: memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
! 1715:
! 1716: if ((server_fd = server_socket_init(&g_port)) < 0)
! 1717: goto error;
! 1718:
! 1719: ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
! 1720:
! 1721: #ifndef WIN32
! 1722: pthread_create(&thread, NULL,
! 1723: (void *(*)(void *))do_basic, NULL);
! 1724: pthread_detach(thread);
! 1725: #else
! 1726: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
! 1727: #endif
! 1728:
! 1729: /* Wait for a client to connect */
! 1730: if ((client_fd = accept(server_fd,
! 1731: (struct sockaddr *) &client_addr, &clnt_len)) < 0)
! 1732: {
! 1733: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
! 1734: goto error;
! 1735: }
! 1736:
! 1737: /* we are ready to go */
! 1738: ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
! 1739:
! 1740: do
! 1741: {
! 1742: while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
! 1743:
! 1744: if (size < SSL_OK) /* got some alert or something nasty */
! 1745: {
! 1746: ssl_display_error(size);
! 1747: ret = size;
! 1748: break;
! 1749: }
! 1750: else /* looks more promising */
! 1751: {
! 1752: if (memcmp(read_buf, &basic_buf[offset], size) != 0)
! 1753: {
! 1754: ret = SSL_NOT_OK;
! 1755: break;
! 1756: }
! 1757: }
! 1758:
! 1759: offset += size;
! 1760: } while (offset < sizeof(basic_buf));
! 1761:
! 1762: printf(ret == SSL_OK && offset == sizeof(basic_buf) ?
! 1763: "SSL basic test passed\n" :
! 1764: "SSL basic test failed\n");
! 1765: TTY_FLUSH();
! 1766:
! 1767: ssl_free(ssl_svr);
! 1768: SOCKET_CLOSE(server_fd);
! 1769: SOCKET_CLOSE(client_fd);
! 1770:
! 1771: error:
! 1772: ssl_ctx_free(ssl_svr_ctx);
! 1773: return ret;
! 1774: }
! 1775:
! 1776: /**************************************************************************
! 1777: * SSL unblocked case
! 1778: *
! 1779: **************************************************************************/
! 1780: static void do_unblocked(void)
! 1781: {
! 1782: int client_fd;
! 1783: SSL *ssl_clnt;
! 1784: SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
! 1785: DEFAULT_CLNT_OPTION,
! 1786: SSL_DEFAULT_CLNT_SESS |
! 1787: SSL_CONNECT_IN_PARTS);
! 1788: usleep(200000); /* allow server to start */
! 1789:
! 1790: if ((client_fd = client_socket_init(g_port)) < 0)
! 1791: goto error;
! 1792:
! 1793: {
! 1794: #ifdef WIN32
! 1795: u_long argp = 1;
! 1796: ioctlsocket(client_fd, FIONBIO, &argp);
! 1797: #else
! 1798: int flags = fcntl(client_fd, F_GETFL, NULL);
! 1799: fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
! 1800: #endif
! 1801: }
! 1802:
! 1803: if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
! 1804: "../ssl/test/axTLS.ca_x509.cer", NULL))
! 1805: goto error;
! 1806:
! 1807: ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
! 1808:
! 1809: while (ssl_handshake_status(ssl_clnt) != SSL_OK)
! 1810: {
! 1811: if (ssl_read(ssl_clnt, NULL) < 0)
! 1812: {
! 1813: ssl_display_error(ssl_handshake_status(ssl_clnt));
! 1814: goto error;
! 1815: }
! 1816: }
! 1817:
! 1818: ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
! 1819: ssl_free(ssl_clnt);
! 1820:
! 1821: error:
! 1822: ssl_ctx_free(ssl_clnt_ctx);
! 1823: SOCKET_CLOSE(client_fd);
! 1824:
! 1825: /* exit this thread */
! 1826: }
! 1827:
! 1828: static int SSL_unblocked_test(void)
! 1829: {
! 1830: int server_fd, client_fd, ret = 0, size = 0, offset = 0;
! 1831: SSL_CTX *ssl_svr_ctx = NULL;
! 1832: struct sockaddr_in client_addr;
! 1833: uint8_t *read_buf;
! 1834: socklen_t clnt_len = sizeof(client_addr);
! 1835: SSL *ssl_svr;
! 1836: #ifndef WIN32
! 1837: pthread_t thread;
! 1838: #endif
! 1839: memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
! 1840: memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
! 1841:
! 1842: if ((server_fd = server_socket_init(&g_port)) < 0)
! 1843: goto error;
! 1844:
! 1845: ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
! 1846:
! 1847: #ifndef WIN32
! 1848: pthread_create(&thread, NULL,
! 1849: (void *(*)(void *))do_unblocked, NULL);
! 1850: pthread_detach(thread);
! 1851: #else
! 1852: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked,
! 1853: NULL, 0, NULL);
! 1854: #endif
! 1855:
! 1856: /* Wait for a client to connect */
! 1857: if ((client_fd = accept(server_fd,
! 1858: (struct sockaddr *) &client_addr, &clnt_len)) < 0)
! 1859: {
! 1860: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
! 1861: goto error;
! 1862: }
! 1863:
! 1864: /* we are ready to go */
! 1865: ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
! 1866:
! 1867: do
! 1868: {
! 1869: while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
! 1870:
! 1871: if (size < SSL_OK) /* got some alert or something nasty */
! 1872: {
! 1873: ssl_display_error(size);
! 1874: ret = size;
! 1875: break;
! 1876: }
! 1877: else /* looks more promising */
! 1878: {
! 1879: if (memcmp(read_buf, &basic_buf[offset], size) != 0)
! 1880: {
! 1881: ret = SSL_NOT_OK;
! 1882: break;
! 1883: }
! 1884: }
! 1885:
! 1886: offset += size;
! 1887: } while (offset < sizeof(basic_buf));
! 1888:
! 1889: printf(ret == SSL_OK && offset == sizeof(basic_buf) ?
! 1890: "SSL unblocked test passed\n" :
! 1891: "SSL unblocked test failed\n");
! 1892: TTY_FLUSH();
! 1893:
! 1894: ssl_free(ssl_svr);
! 1895: SOCKET_CLOSE(server_fd);
! 1896: SOCKET_CLOSE(client_fd);
! 1897:
! 1898: error:
! 1899: ssl_ctx_free(ssl_svr_ctx);
! 1900: return ret;
! 1901: }
! 1902:
! 1903: #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
! 1904: /**************************************************************************
! 1905: * Multi-Threading Tests
! 1906: *
! 1907: **************************************************************************/
! 1908: #define NUM_THREADS 100
! 1909:
! 1910: typedef struct
! 1911: {
! 1912: SSL_CTX *ssl_clnt_ctx;
! 1913: int port;
! 1914: int thread_id;
! 1915: } multi_t;
! 1916:
! 1917: void do_multi_clnt(multi_t *multi_data)
! 1918: {
! 1919: int res = 1, client_fd, i;
! 1920: SSL *ssl = NULL;
! 1921: char tmp[5];
! 1922:
! 1923: if ((client_fd = client_socket_init(multi_data->port)) < 0)
! 1924: goto client_test_exit;
! 1925:
! 1926: usleep(200000);
! 1927: ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
! 1928:
! 1929: if ((res = ssl_handshake_status(ssl)))
! 1930: {
! 1931: printf("Client ");
! 1932: ssl_display_error(res);
! 1933: goto client_test_exit;
! 1934: }
! 1935:
! 1936: sprintf(tmp, "%d\n", multi_data->thread_id);
! 1937: for (i = 0; i < 10; i++)
! 1938: ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
! 1939:
! 1940: client_test_exit:
! 1941: ssl_free(ssl);
! 1942: SOCKET_CLOSE(client_fd);
! 1943: free(multi_data);
! 1944: }
! 1945:
! 1946: void do_multi_svr(SSL *ssl)
! 1947: {
! 1948: uint8_t *read_buf;
! 1949: int *res_ptr = malloc(sizeof(int));
! 1950: int res;
! 1951:
! 1952: for (;;)
! 1953: {
! 1954: res = ssl_read(ssl, &read_buf);
! 1955:
! 1956: /* kill the client */
! 1957: if (res != SSL_OK)
! 1958: {
! 1959: if (res == SSL_ERROR_CONN_LOST)
! 1960: {
! 1961: SOCKET_CLOSE(ssl->client_fd);
! 1962: ssl_free(ssl);
! 1963: break;
! 1964: }
! 1965: else if (res > 0)
! 1966: {
! 1967: /* do nothing */
! 1968: }
! 1969: else /* some problem */
! 1970: {
! 1971: printf("Server ");
! 1972: ssl_display_error(res);
! 1973: goto error;
! 1974: }
! 1975: }
! 1976: }
! 1977:
! 1978: res = SSL_OK;
! 1979: error:
! 1980: *res_ptr = res;
! 1981: pthread_exit(res_ptr);
! 1982: }
! 1983:
! 1984: int multi_thread_test(void)
! 1985: {
! 1986: int server_fd = -1;
! 1987: SSL_CTX *ssl_server_ctx;
! 1988: SSL_CTX *ssl_clnt_ctx;
! 1989: pthread_t clnt_threads[NUM_THREADS];
! 1990: pthread_t svr_threads[NUM_THREADS];
! 1991: int i, res = 0;
! 1992: struct sockaddr_in client_addr;
! 1993: socklen_t clnt_len = sizeof(client_addr);
! 1994:
! 1995: printf("Do multi-threading test (takes a minute)\n");
! 1996:
! 1997: ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
! 1998: ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
! 1999:
! 2000: if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
! 2001: "../ssl/test/axTLS.ca_x509.cer", NULL))
! 2002: goto error;
! 2003:
! 2004: if ((server_fd = server_socket_init(&g_port)) < 0)
! 2005: goto error;
! 2006:
! 2007: for (i = 0; i < NUM_THREADS; i++)
! 2008: {
! 2009: multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
! 2010: multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
! 2011: multi_data->port = g_port;
! 2012: multi_data->thread_id = i+1;
! 2013: pthread_create(&clnt_threads[i], NULL,
! 2014: (void *(*)(void *))do_multi_clnt, (void *)multi_data);
! 2015: pthread_detach(clnt_threads[i]);
! 2016: }
! 2017:
! 2018: for (i = 0; i < NUM_THREADS; i++)
! 2019: {
! 2020: SSL *ssl_svr;
! 2021: int client_fd = accept(server_fd,
! 2022: (struct sockaddr *)&client_addr, &clnt_len);
! 2023:
! 2024: if (client_fd < 0)
! 2025: goto error;
! 2026:
! 2027: ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
! 2028:
! 2029: pthread_create(&svr_threads[i], NULL,
! 2030: (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
! 2031: }
! 2032:
! 2033: /* make sure we've run all of the threads */
! 2034: for (i = 0; i < NUM_THREADS; i++)
! 2035: {
! 2036: void *thread_res;
! 2037: pthread_join(svr_threads[i], &thread_res);
! 2038:
! 2039: if (*((int *)thread_res) != 0)
! 2040: res = 1;
! 2041:
! 2042: free(thread_res);
! 2043: }
! 2044:
! 2045: if (res)
! 2046: goto error;
! 2047:
! 2048: printf("Multi-thread test passed (%d)\n", NUM_THREADS);
! 2049: error:
! 2050: ssl_ctx_free(ssl_server_ctx);
! 2051: ssl_ctx_free(ssl_clnt_ctx);
! 2052: SOCKET_CLOSE(server_fd);
! 2053: return res;
! 2054: }
! 2055: #endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */
! 2056:
! 2057: /**************************************************************************
! 2058: * Header issue
! 2059: *
! 2060: **************************************************************************/
! 2061: static void do_header_issue(void)
! 2062: {
! 2063: char axtls_buf[2048];
! 2064: #ifndef WIN32
! 2065: pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
! 2066: #endif
! 2067: sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
! 2068: system(axtls_buf);
! 2069: }
! 2070:
! 2071: static int header_issue(void)
! 2072: {
! 2073: FILE *f = fopen("../ssl/test/header_issue.dat", "r");
! 2074: int server_fd = -1, client_fd = -1, ret = 1;
! 2075: uint8_t buf[2048];
! 2076: int size = 0;
! 2077: struct sockaddr_in client_addr;
! 2078: socklen_t clnt_len = sizeof(client_addr);
! 2079: #ifndef WIN32
! 2080: pthread_t thread;
! 2081: #endif
! 2082:
! 2083: if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
! 2084: goto error;
! 2085:
! 2086: #ifndef WIN32
! 2087: pthread_create(&thread, NULL,
! 2088: (void *(*)(void *))do_header_issue, NULL);
! 2089: pthread_detach(thread);
! 2090: #else
! 2091: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue,
! 2092: NULL, 0, NULL);
! 2093: #endif
! 2094: if ((client_fd = accept(server_fd,
! 2095: (struct sockaddr *) &client_addr, &clnt_len)) < 0)
! 2096: {
! 2097: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
! 2098: goto error;
! 2099: }
! 2100:
! 2101: size = fread(buf, 1, sizeof(buf), f);
! 2102: SOCKET_WRITE(client_fd, buf, size);
! 2103: usleep(200000);
! 2104:
! 2105: ret = 0;
! 2106: error:
! 2107: fclose(f);
! 2108: SOCKET_CLOSE(client_fd);
! 2109: SOCKET_CLOSE(server_fd);
! 2110: TTY_FLUSH();
! 2111: system("killall axssl");
! 2112: return ret;
! 2113: }
! 2114:
! 2115: /**************************************************************************
! 2116: * main()
! 2117: *
! 2118: **************************************************************************/
! 2119: int main(int argc, char *argv[])
! 2120: {
! 2121: int ret = 1;
! 2122: BI_CTX *bi_ctx;
! 2123: int fd;
! 2124:
! 2125: #ifdef WIN32
! 2126: WSADATA wsaData;
! 2127: WORD wVersionRequested = MAKEWORD(2, 2);
! 2128: WSAStartup(wVersionRequested, &wsaData);
! 2129: fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
! 2130: dup2(fd, 2); /* write stderr to this file */
! 2131: #else
! 2132: fd = open("/dev/null", O_WRONLY); /* write stderr to /dev/null */
! 2133: signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */
! 2134: dup2(fd, 2);
! 2135: #endif
! 2136:
! 2137: /* can't do testing in this mode */
! 2138: #if defined CONFIG_SSL_GENERATE_X509_CERT
! 2139: printf("Error: Must compile with default key/certificates\n");
! 2140: exit(1);
! 2141: #endif
! 2142:
! 2143: bi_ctx = bi_initialize();
! 2144:
! 2145: if (AES_test(bi_ctx))
! 2146: {
! 2147: printf("AES tests failed\n");
! 2148: goto cleanup;
! 2149: }
! 2150: TTY_FLUSH();
! 2151:
! 2152: if (RC4_test(bi_ctx))
! 2153: {
! 2154: printf("RC4 tests failed\n");
! 2155: goto cleanup;
! 2156: }
! 2157: TTY_FLUSH();
! 2158:
! 2159: if (MD5_test(bi_ctx))
! 2160: {
! 2161: printf("MD5 tests failed\n");
! 2162: goto cleanup;
! 2163: }
! 2164: TTY_FLUSH();
! 2165:
! 2166: if (SHA1_test(bi_ctx))
! 2167: {
! 2168: printf("SHA1 tests failed\n");
! 2169: goto cleanup;
! 2170: }
! 2171: TTY_FLUSH();
! 2172:
! 2173: if (HMAC_test(bi_ctx))
! 2174: {
! 2175: printf("HMAC tests failed\n");
! 2176: goto cleanup;
! 2177: }
! 2178: TTY_FLUSH();
! 2179:
! 2180: if (BIGINT_test(bi_ctx))
! 2181: {
! 2182: printf("BigInt tests failed!\n");
! 2183: goto cleanup;
! 2184: }
! 2185: TTY_FLUSH();
! 2186:
! 2187: bi_terminate(bi_ctx);
! 2188:
! 2189: if (RSA_test())
! 2190: {
! 2191: printf("RSA tests failed\n");
! 2192: goto cleanup;
! 2193: }
! 2194: TTY_FLUSH();
! 2195:
! 2196: if (cert_tests())
! 2197: {
! 2198: printf("CERT tests failed\n");
! 2199: goto cleanup;
! 2200: }
! 2201: TTY_FLUSH();
! 2202:
! 2203: #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
! 2204: if (multi_thread_test())
! 2205: goto cleanup;
! 2206: #endif
! 2207:
! 2208: if (SSL_basic_test())
! 2209: goto cleanup;
! 2210:
! 2211: system("sh ../ssl/test/killopenssl.sh");
! 2212:
! 2213: if (SSL_unblocked_test())
! 2214: goto cleanup;
! 2215:
! 2216: system("sh ../ssl/test/killopenssl.sh");
! 2217:
! 2218: if (SSL_client_tests())
! 2219: goto cleanup;
! 2220:
! 2221: system("sh ../ssl/test/killopenssl.sh");
! 2222: system("sh ../ssl/test/killgnutls.sh");
! 2223:
! 2224: if (SSL_server_tests())
! 2225: goto cleanup;
! 2226:
! 2227: system("sh ../ssl/test/killopenssl.sh");
! 2228:
! 2229: if (header_issue())
! 2230: {
! 2231: printf("Header tests failed\n"); TTY_FLUSH();
! 2232: goto cleanup;
! 2233: }
! 2234:
! 2235: ret = 0; /* all ok */
! 2236: printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
! 2237: cleanup:
! 2238:
! 2239: if (ret)
! 2240: printf("Error: Some tests failed!\n");
! 2241:
! 2242: close(fd);
! 2243: return ret;
! 2244: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ssltest.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / ssl / test