1: /*
2: * Copyright (c) 2007, Cameron Rich
3: *
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions are met:
8: *
9: * * Redistributions of source code must retain the above copyright notice,
10: * this list of conditions and the following disclaimer.
11: * * Redistributions in binary form must reproduce the above copyright notice,
12: * this list of conditions and the following disclaimer in the documentation
13: * and/or other materials provided with the distribution.
14: * * Neither the name of the axTLS project nor the names of its contributors
15: * may be used to endorse or promote products derived from this software
16: * without specific prior written permission.
17: *
18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29: */
30:
31: /*
32: * The testing of the crypto and ssl stuff goes here. Keeps the individual code
33: * modules from being uncluttered with test code.
34: *
35: * This is test code - I make no apologies for the quality!
36: */
37:
38: #include <stdio.h>
39: #include <stdlib.h>
40: #include <signal.h>
41: #include <string.h>
42: #include <errno.h>
43: #include <sys/stat.h>
44: #include <fcntl.h>
45:
46: #ifndef WIN32
47: #include <pthread.h>
48: #endif
49:
50: #include "os_port.h"
51: #include "ssl.h"
52:
53: #define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer"
54: #define DEFAULT_KEY "../ssl/test/axTLS.key_512"
55: //#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
56: #define DEFAULT_SVR_OPTION 0
57: //#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
58: #define DEFAULT_CLNT_OPTION 0
59:
60: static int g_port = 19001;
61:
62: /**************************************************************************
63: * AES tests
64: *
65: * Run through a couple of the RFC3602 tests to verify that AES is correct.
66: **************************************************************************/
67: #define TEST1_SIZE 16
68: #define TEST2_SIZE 32
69:
70: static int AES_test(BI_CTX *bi_ctx)
71: {
72: AES_CTX aes_key;
73: int res = 1;
74: uint8_t key[TEST1_SIZE];
75: uint8_t iv[TEST1_SIZE];
76:
77: {
78: /*
79: Case #1: Encrypting 16 bytes (1 block) using AES-CBC
80: Key : 0x06a9214036b8a15b512e03d534120006
81: IV : 0x3dafba429d9eb430b422da802c9fac41
82: Plaintext : "Single block msg"
83: Ciphertext: 0xe353779c1079aeb82708942dbe77181a
84:
85: */
86: char *in_str = "Single block msg";
87: uint8_t ct[TEST1_SIZE];
88: uint8_t enc_data[TEST1_SIZE];
89: uint8_t dec_data[TEST1_SIZE];
90:
91: bigint *key_bi = bi_str_import(
92: bi_ctx, "06A9214036B8A15B512E03D534120006");
93: bigint *iv_bi = bi_str_import(
94: bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
95: bigint *ct_bi = bi_str_import(
96: bi_ctx, "E353779C1079AEB82708942DBE77181A");
97: bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
98: bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
99: bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
100:
101: AES_set_key(&aes_key, key, iv, AES_MODE_128);
102: AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str,
103: enc_data, sizeof(enc_data));
104: if (memcmp(enc_data, ct, sizeof(ct)))
105: {
106: printf("Error: AES ENCRYPT #1 failed\n");
107: goto end;
108: }
109:
110: AES_set_key(&aes_key, key, iv, AES_MODE_128);
111: AES_convert_key(&aes_key);
112: AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
113:
114: if (memcmp(dec_data, in_str, sizeof(dec_data)))
115: {
116: printf("Error: AES DECRYPT #1 failed\n");
117: goto end;
118: }
119: }
120:
121: {
122: /*
123: Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC
124: Key : 0xc286696d887c9aa0611bbb3e2025a45a
125: IV : 0x562e17996d093d28ddb3ba695a2e6f58
126: Plaintext : 0x000102030405060708090a0b0c0d0e0f
127: 101112131415161718191a1b1c1d1e1f
128: Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
129: 7586602d253cfff91b8266bea6d61ab1
130: */
131: uint8_t in_data[TEST2_SIZE];
132: uint8_t ct[TEST2_SIZE];
133: uint8_t enc_data[TEST2_SIZE];
134: uint8_t dec_data[TEST2_SIZE];
135:
136: bigint *in_bi = bi_str_import(bi_ctx,
137: "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
138: bigint *key_bi = bi_str_import(
139: bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
140: bigint *iv_bi = bi_str_import(
141: bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
142: bigint *ct_bi = bi_str_import(bi_ctx,
143: "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
144: bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
145: bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
146: bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
147: bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
148:
149: AES_set_key(&aes_key, key, iv, AES_MODE_128);
150: AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data,
151: enc_data, sizeof(enc_data));
152:
153: if (memcmp(enc_data, ct, sizeof(ct)))
154: {
155: printf("Error: ENCRYPT #2 failed\n");
156: goto end;
157: }
158:
159: AES_set_key(&aes_key, key, iv, AES_MODE_128);
160: AES_convert_key(&aes_key);
161: AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
162: if (memcmp(dec_data, in_data, sizeof(dec_data)))
163: {
164: printf("Error: DECRYPT #2 failed\n");
165: goto end;
166: }
167: }
168:
169: res = 0;
170: printf("All AES tests passed\n");
171:
172: end:
173: return res;
174: }
175:
176: /**************************************************************************
177: * RC4 tests
178: *
179: * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
180: **************************************************************************/
181: static const uint8_t keys[7][30]=
182: {
183: {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
184: {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
185: {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
186: {4,0xef,0x01,0x23,0x45},
187: {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
188: {4,0xef,0x01,0x23,0x45},
189: };
190:
191: static const uint8_t data_len[7]={8,8,8,20,28,10};
192: static uint8_t data[7][30]=
193: {
194: {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
195: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
196: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
197: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
198: 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
199: 0x00,0x00,0x00,0x00,0xff},
200: {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
201: 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
202: 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
203: 0x12,0x34,0x56,0x78,0xff},
204: {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
205: {0},
206: };
207:
208: static const uint8_t output[7][30]=
209: {
210: {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
211: {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
212: {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
213: {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
214: 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
215: 0x36,0xb6,0x78,0x58,0x00},
216: {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
217: 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
218: 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
219: 0x40,0x01,0x1e,0xcf,0x00},
220: {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
221: {0},
222: };
223:
224: static int RC4_test(BI_CTX *bi_ctx)
225: {
226: int i, res = 1;
227: RC4_CTX s;
228:
229: for (i = 0; i < 6; i++)
230: {
231: RC4_setup(&s, &keys[i][1], keys[i][0]);
232: RC4_crypt(&s, data[i], data[i], data_len[i]);
233:
234: if (memcmp(data[i], output[i], data_len[i]))
235: {
236: printf("Error: RC4 CRYPT #%d failed\n", i);
237: goto end;
238: }
239: }
240:
241: res = 0;
242: printf("All RC4 tests passed\n");
243:
244: end:
245: return res;
246: }
247:
248: /**************************************************************************
249: * SHA1 tests
250: *
251: * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
252: **************************************************************************/
253: static int SHA1_test(BI_CTX *bi_ctx)
254: {
255: SHA1_CTX ctx;
256: uint8_t ct[SHA1_SIZE];
257: uint8_t digest[SHA1_SIZE];
258: int res = 1;
259:
260: {
261: const char *in_str = "abc";
262: bigint *ct_bi = bi_str_import(bi_ctx,
263: "A9993E364706816ABA3E25717850C26C9CD0D89D");
264: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
265:
266: SHA1_Init(&ctx);
267: SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
268: SHA1_Final(digest, &ctx);
269:
270: if (memcmp(digest, ct, sizeof(ct)))
271: {
272: printf("Error: SHA1 #1 failed\n");
273: goto end;
274: }
275: }
276:
277: {
278: const char *in_str =
279: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
280: bigint *ct_bi = bi_str_import(bi_ctx,
281: "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
282: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
283:
284: SHA1_Init(&ctx);
285: SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
286: SHA1_Final(digest, &ctx);
287:
288: if (memcmp(digest, ct, sizeof(ct)))
289: {
290: printf("Error: SHA1 #2 failed\n");
291: goto end;
292: }
293: }
294:
295: res = 0;
296: printf("All SHA1 tests passed\n");
297:
298: end:
299: return res;
300: }
301:
302: /**************************************************************************
303: * MD5 tests
304: *
305: * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
306: **************************************************************************/
307: static int MD5_test(BI_CTX *bi_ctx)
308: {
309: MD5_CTX ctx;
310: uint8_t ct[MD5_SIZE];
311: uint8_t digest[MD5_SIZE];
312: int res = 1;
313:
314: {
315: const char *in_str = "abc";
316: bigint *ct_bi = bi_str_import(bi_ctx,
317: "900150983CD24FB0D6963F7D28E17F72");
318: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
319:
320: MD5_Init(&ctx);
321: MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
322: MD5_Final(digest, &ctx);
323:
324: if (memcmp(digest, ct, sizeof(ct)))
325: {
326: printf("Error: MD5 #1 failed\n");
327: goto end;
328: }
329: }
330:
331: {
332: const char *in_str =
333: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
334: bigint *ct_bi = bi_str_import(
335: bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
336: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
337:
338: MD5_Init(&ctx);
339: MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
340: MD5_Final(digest, &ctx);
341:
342: if (memcmp(digest, ct, sizeof(ct)))
343: {
344: printf("Error: MD5 #2 failed\n");
345: goto end;
346: }
347: }
348: res = 0;
349: printf("All MD5 tests passed\n");
350:
351: end:
352: return res;
353: }
354:
355: /**************************************************************************
356: * HMAC tests
357: *
358: * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
359: **************************************************************************/
360: static int HMAC_test(BI_CTX *bi_ctx)
361: {
362: uint8_t key[SHA1_SIZE];
363: uint8_t ct[SHA1_SIZE];
364: uint8_t dgst[SHA1_SIZE];
365: int res = 1;
366: const char *key_str;
367:
368: const char *data_str = "Hi There";
369: bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
370: bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
371: bi_export(bi_ctx, key_bi, key, MD5_SIZE);
372: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
373: hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
374: if (memcmp(dgst, ct, MD5_SIZE))
375: {
376: printf("HMAC MD5 #1 failed\n");
377: goto end;
378: }
379:
380: data_str = "what do ya want for nothing?";
381: key_str = "Jefe";
382: ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
383: bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
384: hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
385: if (memcmp(dgst, ct, MD5_SIZE))
386: {
387: printf("HMAC MD5 #2 failed\n");
388: goto end;
389: }
390:
391: data_str = "Hi There";
392: key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
393: bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
394: ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
395: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
396:
397: hmac_sha1((const uint8_t *)data_str, 8,
398: (const uint8_t *)key, SHA1_SIZE, dgst);
399: if (memcmp(dgst, ct, SHA1_SIZE))
400: {
401: printf("HMAC SHA1 #1 failed\n");
402: goto end;
403: }
404:
405: data_str = "what do ya want for nothing?";
406: key_str = "Jefe";
407: ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
408: bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
409:
410: hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
411: if (memcmp(dgst, ct, SHA1_SIZE))
412: {
413: printf("HMAC SHA1 failed\n");
414: exit(1);
415: }
416:
417: res = 0;
418: printf("All HMAC tests passed\n");
419:
420: end:
421: return res;
422: }
423:
424: /**************************************************************************
425: * BIGINT tests
426: *
427: **************************************************************************/
428: static int BIGINT_test(BI_CTX *ctx)
429: {
430: int res = 1;
431:
432: #ifndef CONFIG_INTEGER_8BIT
433: #ifndef CONFIG_INTEGER_16BIT
434: bigint *bi_data, *bi_exp, *bi_res;
435: const char *expnt, *plaintext, *mod;
436: uint8_t compare[MAX_KEY_BYTE_SIZE];
437: /**
438: * 512 bit key
439: */
440: plaintext = /* 64 byte number */
441: "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
442:
443: mod = "C30773C8ABE09FCC279EE0E5343370DE"
444: "8B2FFDB6059271E3005A7CEEF0D35E0A"
445: "1F9915D95E63560836CC2EB2C289270D"
446: "BCAE8CAF6F5E907FC2759EE220071E1B";
447:
448: expnt = "A1E556CD1738E10DF539E35101334E97"
449: "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
450: "F3140F5091CC535CBAA47CEC4159EE1F"
451: "B6A3661AFF1AB758426EAB158452A9B9";
452:
453: bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
454: bi_exp = int_to_bi(ctx, 0x10001);
455: bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
456: bi_res = bi_mod_power(ctx, bi_data, bi_exp);
457:
458: bi_data = bi_res; /* resuse again - see if we get the original */
459:
460: bi_exp = bi_str_import(ctx, expnt);
461: bi_res = bi_mod_power(ctx, bi_data, bi_exp);
462: bi_free_mod(ctx, 0);
463:
464: bi_export(ctx, bi_res, compare, 64);
465: if (memcmp(plaintext, compare, 64) != 0)
466: goto end;
467: #endif
468: #endif
469:
470: /*
471: * Multiply with psssible carry issue (8 bit)
472: */
473: {
474: bigint *bi_x = bi_str_import(ctx,
475: "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
476: bigint *arg2 = bi_clone(ctx, bi_x);
477: bigint *arg3 = bi_clone(ctx, bi_x);
478: bigint *sqr_result = bi_square(ctx, bi_x);
479: bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
480:
481: if (bi_compare(sqr_result, mlt_result) != 0)
482: {
483: bi_print("SQR_RESULT", sqr_result);
484: bi_print("MLT_RESULT", mlt_result);
485: bi_free(ctx, sqr_result);
486: bi_free(ctx, mlt_result);
487: goto end;
488: }
489:
490: bi_free(ctx, sqr_result);
491: bi_free(ctx, mlt_result);
492: }
493:
494: printf("All BIGINT tests passed\n");
495: res = 0;
496:
497: end:
498: return res;
499: }
500:
501: /**************************************************************************
502: * RSA tests
503: *
504: * Use the results from openssl to verify PKCS1 etc
505: **************************************************************************/
506: static int RSA_test(void)
507: {
508: int res = 1;
509: const char *plaintext = /* 128 byte hex number */
510: "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
511: "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
512: uint8_t enc_data[128], dec_data[128];
513: RSA_CTX *rsa_ctx = NULL;
514: BI_CTX *bi_ctx;
515: bigint *plaintext_bi;
516: bigint *enc_data_bi, *dec_data_bi;
517: uint8_t enc_data2[128], dec_data2[128];
518: int len;
519: uint8_t *buf;
520:
521: /* extract the private key elements */
522: len = get_file("../ssl/test/axTLS.key_1024", &buf);
523: if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
524: {
525: goto end;
526: }
527:
528: free(buf);
529: bi_ctx = rsa_ctx->bi_ctx;
530: plaintext_bi = bi_import(bi_ctx,
531: (const uint8_t *)plaintext, strlen(plaintext));
532:
533: /* basic rsa encrypt */
534: enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
535: bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
536:
537: /* basic rsa decrypt */
538: dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
539: bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
540:
541: if (memcmp(dec_data, plaintext, strlen(plaintext)))
542: {
543: printf("Error: DECRYPT #1 failed\n");
544: goto end;
545: }
546:
547: RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
548: RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
549: if (memcmp("abc", dec_data2, 3))
550: {
551: printf("Error: ENCRYPT/DECRYPT #2 failed\n");
552: goto end;
553: }
554:
555: RSA_free(rsa_ctx);
556: res = 0;
557: printf("All RSA tests passed\n");
558:
559: end:
560: return res;
561: }
562:
563: /**************************************************************************
564: * Cert Testing
565: *
566: **************************************************************************/
567: static int cert_tests(void)
568: {
569: int res = -1, len;
570: X509_CTX *x509_ctx;
571: SSL_CTX *ssl_ctx;
572: uint8_t *buf;
573:
574: /* check a bunch of 3rd party certificates */
575: ssl_ctx = ssl_ctx_new(0, 0);
576: len = get_file("../ssl/test/microsoft.x509_ca", &buf);
577: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
578: {
579: printf("Cert #1\n");
580: ssl_display_error(res);
581: goto bad_cert;
582: }
583:
584: ssl_ctx_free(ssl_ctx);
585: free(buf);
586:
587: ssl_ctx = ssl_ctx_new(0, 0);
588: len = get_file("../ssl/test/thawte.x509_ca", &buf);
589: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
590: {
591: printf("Cert #2\n");
592: ssl_display_error(res);
593: goto bad_cert;
594: }
595:
596: ssl_ctx_free(ssl_ctx);
597: free(buf);
598:
599: ssl_ctx = ssl_ctx_new(0, 0);
600: len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
601: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
602: {
603: printf("Cert #3\n");
604: ssl_display_error(res);
605: goto bad_cert;
606: }
607:
608: ssl_ctx_free(ssl_ctx);
609: free(buf);
610:
611: ssl_ctx = ssl_ctx_new(0, 0);
612: len = get_file("../ssl/test/equifax.x509_ca", &buf);
613: if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
614: {
615: printf("Cert #4\n");
616: ssl_display_error(res);
617: goto bad_cert;
618: }
619:
620: ssl_ctx_free(ssl_ctx);
621: free(buf);
622:
623: ssl_ctx = ssl_ctx_new(0, 0);
624: len = get_file("../ssl/test/gnutls.cer", &buf);
625: if ((res = add_cert(ssl_ctx, buf, len)) < 0)
626: {
627: printf("Cert #5\n");
628: ssl_display_error(res);
629: goto bad_cert;
630: }
631:
632: ssl_ctx_free(ssl_ctx);
633: free(buf);
634:
635: ssl_ctx = ssl_ctx_new(0, 0);
636: len = get_file("../ssl/test/socgen.cer", &buf);
637: if ((res = add_cert(ssl_ctx, buf, len)) < 0)
638: {
639: printf("Cert #6\n");
640: ssl_display_error(res);
641: goto bad_cert;
642: }
643:
644: ssl_ctx_free(ssl_ctx);
645: free(buf);
646:
647: ssl_ctx = ssl_ctx_new(0, 0);
648: len = get_file("../ssl/test/verisign.x509_ca", &buf);
649: if ((res = add_cert_auth(ssl_ctx, buf, len)) <0)
650: {
651: printf("Cert #7\n");
652: ssl_display_error(res);
653: goto bad_cert;
654: }
655:
656: ssl_ctx_free(ssl_ctx);
657: free(buf);
658:
659: if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
660: x509_new(buf, &len, &x509_ctx))
661: {
662: printf("Cert #8\n");
663: ssl_display_error(res);
664: goto bad_cert;
665: }
666:
667: x509_free(x509_ctx);
668: free(buf);
669:
670: ssl_ctx = ssl_ctx_new(0, 0);
671: if ((res = ssl_obj_load(ssl_ctx,
672: SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
673: {
674: ssl_display_error(res);
675: goto bad_cert;
676: }
677:
678: ssl_ctx_free(ssl_ctx);
679:
680: if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
681: x509_new(buf, &len, &x509_ctx))
682: {
683: printf("Cert #9\n");
684: res = -1;
685: goto bad_cert;
686: }
687:
688: if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
689: {
690: printf("Cert #9 (2)\n");
691: res = -1;
692: goto bad_cert;
693: }
694: x509_free(x509_ctx);
695: free(buf);
696:
697: ssl_ctx = ssl_ctx_new(0, 0);
698: if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
699: "../ssl/test/ca-bundle.crt", NULL))
700: {
701: printf("Cert #10\n");
702: goto bad_cert;
703: }
704:
705: ssl_ctx_free(ssl_ctx);
706: res = 0; /* all ok */
707: printf("All Certificate tests passed\n");
708:
709: bad_cert:
710: if (res)
711: printf("Error: A certificate test failed\n");
712:
713: return res;
714: }
715:
716: /**
717: * init a server socket.
718: */
719: static int server_socket_init(int *port)
720: {
721: struct sockaddr_in serv_addr;
722: int server_fd;
723: char yes = 1;
724:
725: /* Create socket for incoming connections */
726: if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
727: {
728: return -1;
729: }
730:
731: setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
732:
733: go_again:
734: /* Construct local address structure */
735: memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */
736: serv_addr.sin_family = AF_INET; /* Internet address family */
737: serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
738: serv_addr.sin_port = htons(*port); /* Local port */
739:
740: /* Bind to the local address */
741: if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
742: {
743: (*port)++;
744: goto go_again;
745: }
746: /* Mark the socket so it will listen for incoming connections */
747: if (listen(server_fd, 3000) < 0)
748: {
749: return -1;
750: }
751:
752: return server_fd;
753: }
754:
755: /**
756: * init a client socket.
757: */
758: static int client_socket_init(uint16_t port)
759: {
760: struct sockaddr_in address;
761: int client_fd;
762:
763: address.sin_family = AF_INET;
764: address.sin_port = htons(port);
765: address.sin_addr.s_addr = inet_addr("127.0.0.1");
766: client_fd = socket(AF_INET, SOCK_STREAM, 0);
767: if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
768: {
769: perror("socket");
770: SOCKET_CLOSE(client_fd);
771: client_fd = -1;
772: }
773:
774: return client_fd;
775: }
776:
777: /**************************************************************************
778: * SSL Server Testing
779: *
780: **************************************************************************/
781: typedef struct
782: {
783: /* not used as yet */
784: int dummy;
785: } SVR_CTX;
786:
787: typedef struct
788: {
789: const char *testname;
790: const char *openssl_option;
791: } client_t;
792:
793: static void do_client(client_t *clnt)
794: {
795: char openssl_buf[2048];
796: usleep(200000); /* allow server to start */
797:
798: /* show the session ids in the reconnect test */
799: if (strcmp(clnt->testname, "Session Reuse") == 0)
800: {
801: sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
802: "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"",
803: g_port, clnt->openssl_option);
804: }
805: else if (strstr(clnt->testname, "GNUTLS") == NULL)
806: {
807: sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
808: #ifdef WIN32
809: "-connect localhost:%d -quiet %s",
810: #else
811: "-connect localhost:%d -quiet %s > /dev/null 2>&1",
812: #endif
813: g_port, clnt->openssl_option);
814: }
815: else /* gnutls */
816: {
817: sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
818: #ifdef WIN32
819: "-p %d %s 127.0.0.1",
820: #else
821: "-p %d %s 127.0.0.1 > /dev/null 2>&1",
822: #endif
823: g_port, clnt->openssl_option);
824: }
825:
826: system(openssl_buf);
827: }
828:
829: static int SSL_server_test(
830: const char *testname,
831: const char *openssl_option,
832: const char *device_cert,
833: const char *product_cert,
834: const char *private_key,
835: const char *ca_cert,
836: const char *password,
837: int axtls_option)
838: {
839: int server_fd, ret = 0;
840: SSL_CTX *ssl_ctx = NULL;
841: struct sockaddr_in client_addr;
842: uint8_t *read_buf;
843: socklen_t clnt_len = sizeof(client_addr);
844: client_t client_data;
845: #ifndef WIN32
846: pthread_t thread;
847: #endif
848: g_port++;
849:
850: client_data.testname = testname;
851: client_data.openssl_option = openssl_option;
852:
853: if ((server_fd = server_socket_init(&g_port)) < 0)
854: goto error;
855:
856: if (private_key)
857: {
858: axtls_option |= SSL_NO_DEFAULT_KEY;
859: }
860:
861: if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
862: {
863: ret = SSL_ERROR_INVALID_KEY;
864: goto error;
865: }
866:
867: if (private_key)
868: {
869: int obj_type = SSL_OBJ_RSA_KEY;
870:
871: if (strstr(private_key, ".p8"))
872: obj_type = SSL_OBJ_PKCS8;
873: else if (strstr(private_key, ".p12"))
874: obj_type = SSL_OBJ_PKCS12;
875:
876: if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
877: {
878: ret = SSL_ERROR_INVALID_KEY;
879: goto error;
880: }
881: }
882:
883: if (device_cert) /* test chaining */
884: {
885: if ((ret = ssl_obj_load(ssl_ctx,
886: SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
887: goto error;
888: }
889:
890: if (product_cert) /* test chaining */
891: {
892: if ((ret = ssl_obj_load(ssl_ctx,
893: SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
894: goto error;
895: }
896:
897: if (ca_cert) /* test adding certificate authorities */
898: {
899: if ((ret = ssl_obj_load(ssl_ctx,
900: SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
901: goto error;
902: }
903:
904: #ifndef WIN32
905: pthread_create(&thread, NULL,
906: (void *(*)(void *))do_client, (void *)&client_data);
907: pthread_detach(thread);
908: #else
909: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client,
910: (LPVOID)&client_data, 0, NULL);
911: #endif
912:
913: for (;;)
914: {
915: int client_fd, size = 0;
916: SSL *ssl;
917:
918: /* Wait for a client to connect */
919: if ((client_fd = accept(server_fd,
920: (struct sockaddr *)&client_addr, &clnt_len)) < 0)
921: {
922: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
923: goto error;
924: }
925:
926: /* we are ready to go */
927: ssl = ssl_server_new(ssl_ctx, client_fd);
928: while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
929: SOCKET_CLOSE(client_fd);
930:
931: if (size == SSL_CLOSE_NOTIFY)
932: {
933: /* do nothing */
934: }
935: else if (size < SSL_OK) /* got some alert or something nasty */
936: {
937: ret = size;
938:
939: if (ret == SSL_ERROR_CONN_LOST)
940: continue;
941:
942: break; /* we've got a problem */
943: }
944: else /* looks more promising */
945: {
946: if (strstr("hello client", (char *)read_buf) == NULL)
947: {
948: printf("SSL server test \"%s\" passed\n", testname);
949: TTY_FLUSH();
950: ret = 0;
951: break;
952: }
953: }
954:
955: ssl_free(ssl);
956: }
957:
958: SOCKET_CLOSE(server_fd);
959:
960: error:
961: ssl_ctx_free(ssl_ctx);
962: return ret;
963: }
964:
965: int SSL_server_tests(void)
966: {
967: int ret = -1;
968: struct stat stat_buf;
969: SVR_CTX svr_test_ctx;
970: memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
971:
972: printf("### starting server tests\n"); TTY_FLUSH();
973:
974: /* Go through the algorithms */
975:
976: /*
977: * TLS1 client hello
978: */
979: if ((ret = SSL_server_test("TLSv1", "-cipher RC4-SHA -tls1",
980: NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION)))
981: goto cleanup;
982:
983: /*
984: * AES128-SHA
985: */
986: if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
987: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
988: DEFAULT_SVR_OPTION)))
989: goto cleanup;
990:
991: /*
992: * AES256-SHA
993: */
994: if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
995: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
996: DEFAULT_SVR_OPTION)))
997: goto cleanup;
998:
999: /*
1000: * RC4-SHA
1001: */
1002: if ((ret = SSL_server_test("RC4-SHA", "-cipher RC4-SHA",
1003: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1004: DEFAULT_SVR_OPTION)))
1005: goto cleanup;
1006:
1007: /*
1008: * RC4-MD5
1009: */
1010: if ((ret = SSL_server_test("RC4-MD5", "-cipher RC4-MD5",
1011: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1012: DEFAULT_SVR_OPTION)))
1013: goto cleanup;
1014:
1015: /*
1016: * Session Reuse
1017: * all the session id's should match for session resumption.
1018: */
1019: if ((ret = SSL_server_test("Session Reuse",
1020: "-cipher RC4-SHA -reconnect",
1021: DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1022: DEFAULT_SVR_OPTION)))
1023: goto cleanup;
1024:
1025: /*
1026: * 512 bit RSA key
1027: */
1028: if ((ret = SSL_server_test("512 bit key",
1029: "-cipher RC4-SHA",
1030: "../ssl/test/axTLS.x509_512.cer", NULL,
1031: "../ssl/test/axTLS.key_512",
1032: NULL, NULL, DEFAULT_SVR_OPTION)))
1033: goto cleanup;
1034:
1035: /*
1036: * 1024 bit RSA key (check certificate chaining)
1037: */
1038: if ((ret = SSL_server_test("1024 bit key",
1039: "-cipher RC4-SHA",
1040: "../ssl/test/axTLS.x509_1024.cer", NULL,
1041: "../ssl/test/axTLS.key_1024",
1042: NULL, NULL, DEFAULT_SVR_OPTION)))
1043: goto cleanup;
1044:
1045: /*
1046: * 1042 bit RSA key (check certificate chaining)
1047: */
1048: if ((ret = SSL_server_test("1042 bit key",
1049: "-cipher RC4-SHA",
1050: "../ssl/test/axTLS.x509_1042.cer", NULL,
1051: "../ssl/test/axTLS.key_1042",
1052: NULL, NULL, DEFAULT_SVR_OPTION)))
1053: goto cleanup;
1054: /*
1055: * 2048 bit RSA key
1056: */
1057: if ((ret = SSL_server_test("2048 bit key",
1058: "-cipher RC4-SHA",
1059: "../ssl/test/axTLS.x509_2048.cer", NULL,
1060: "../ssl/test/axTLS.key_2048",
1061: NULL, NULL, DEFAULT_SVR_OPTION)))
1062: goto cleanup;
1063:
1064: /*
1065: * 4096 bit RSA key
1066: */
1067: if ((ret = SSL_server_test("4096 bit key",
1068: "-cipher RC4-SHA",
1069: "../ssl/test/axTLS.x509_4096.cer", NULL,
1070: "../ssl/test/axTLS.key_4096",
1071: NULL, NULL, DEFAULT_SVR_OPTION)))
1072: goto cleanup;
1073:
1074: /*
1075: * Client Verification
1076: */
1077: if ((ret = SSL_server_test("Client Verification",
1078: "-cipher RC4-SHA -tls1 "
1079: "-cert ../ssl/test/axTLS.x509_2048.pem "
1080: "-key ../ssl/test/axTLS.key_2048.pem ",
1081: NULL, NULL, NULL,
1082: "../ssl/test/axTLS.ca_x509.cer", NULL,
1083: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
1084: goto cleanup;
1085:
1086: /* this test should fail */
1087: if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
1088: {
1089: if ((ret = SSL_server_test("Error: Bad Before Cert",
1090: "-cipher RC4-SHA -tls1 "
1091: "-cert ../ssl/test/axTLS.x509_bad_before.pem "
1092: "-key ../ssl/test/axTLS.key_512.pem ",
1093: NULL, NULL, NULL,
1094: "../ssl/test/axTLS.ca_x509.cer", NULL,
1095: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1096: SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
1097: goto cleanup;
1098:
1099: printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
1100: TTY_FLUSH();
1101: }
1102:
1103: /* this test should fail */
1104: if ((ret = SSL_server_test("Error: Bad After Cert",
1105: "-cipher RC4-SHA -tls1 "
1106: "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1107: "-key ../ssl/test/axTLS.key_512.pem ",
1108: NULL, NULL, NULL,
1109: "../ssl/test/axTLS.ca_x509.cer", NULL,
1110: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1111: SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
1112: goto cleanup;
1113:
1114: printf("SSL server test \"%s\" passed\n", "Bad After Cert");
1115: TTY_FLUSH();
1116:
1117: /*
1118: * No trusted cert
1119: */
1120: if ((ret = SSL_server_test("Error: No trusted certificate",
1121: "-cipher RC4-SHA -tls1 "
1122: "-cert ../ssl/test/axTLS.x509_512.pem "
1123: "-key ../ssl/test/axTLS.key_512.pem ",
1124: NULL, NULL, NULL,
1125: NULL, NULL,
1126: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1127: SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
1128: goto cleanup;
1129:
1130: printf("SSL server test \"%s\" passed\n", "No trusted certificate");
1131: TTY_FLUSH();
1132:
1133: /*
1134: * Self-signed (from the server)
1135: */
1136: if ((ret = SSL_server_test("Error: Self-signed certificate (from server)",
1137: "-cipher RC4-SHA -tls1 "
1138: "-cert ../ssl/test/axTLS.x509_512.pem "
1139: "-key ../ssl/test/axTLS.key_512.pem "
1140: "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
1141: NULL, NULL, NULL,
1142: NULL, NULL,
1143: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1144: SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
1145: goto cleanup;
1146:
1147: printf("SSL server test \"%s\" passed\n",
1148: "Self-signed certificate (from server)");
1149: TTY_FLUSH();
1150:
1151: /*
1152: * Self-signed (from the client)
1153: */
1154: if ((ret = SSL_server_test("Self-signed certificate (from client)",
1155: "-cipher RC4-SHA -tls1 "
1156: "-cert ../ssl/test/axTLS.x509_512.pem "
1157: "-key ../ssl/test/axTLS.key_512.pem ",
1158: NULL, NULL, NULL,
1159: "../ssl/test/axTLS.ca_x509.cer",
1160: NULL,
1161: DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
1162: goto cleanup;
1163:
1164: /*
1165: * Key in PEM format
1166: */
1167: if ((ret = SSL_server_test("Key in PEM format",
1168: "-cipher RC4-SHA",
1169: "../ssl/test/axTLS.x509_512.cer", NULL,
1170: "../ssl/test/axTLS.key_512.pem", NULL,
1171: NULL, DEFAULT_SVR_OPTION)))
1172: goto cleanup;
1173:
1174: /*
1175: * Cert in PEM format
1176: */
1177: if ((ret = SSL_server_test("Cert in PEM format",
1178: "-cipher RC4-SHA",
1179: "../ssl/test/axTLS.x509_512.pem", NULL,
1180: "../ssl/test/axTLS.key_512.pem", NULL,
1181: NULL, DEFAULT_SVR_OPTION)))
1182: goto cleanup;
1183:
1184: /*
1185: * Cert chain in PEM format
1186: */
1187: if ((ret = SSL_server_test("Cert chain in PEM format",
1188: "-cipher RC4-SHA",
1189: "../ssl/test/axTLS.x509_device.pem",
1190: NULL, "../ssl/test/axTLS.device_key.pem",
1191: "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
1192: goto cleanup;
1193:
1194: /*
1195: * AES128 Encrypted key
1196: */
1197: if ((ret = SSL_server_test("AES128 encrypted key",
1198: "-cipher RC4-SHA",
1199: "../ssl/test/axTLS.x509_aes128.pem", NULL,
1200: "../ssl/test/axTLS.key_aes128.pem",
1201: NULL, "abcd", DEFAULT_SVR_OPTION)))
1202: goto cleanup;
1203:
1204: /*
1205: * AES256 Encrypted key
1206: */
1207: if ((ret = SSL_server_test("AES256 encrypted key",
1208: "-cipher RC4-SHA",
1209: "../ssl/test/axTLS.x509_aes256.pem", NULL,
1210: "../ssl/test/axTLS.key_aes256.pem",
1211: NULL, "abcd", DEFAULT_SVR_OPTION)))
1212: goto cleanup;
1213:
1214: /*
1215: * AES128 Encrypted invalid key
1216: */
1217: if ((ret = SSL_server_test("AES128 encrypted invalid key",
1218: "-cipher RC4-SHA",
1219: "../ssl/test/axTLS.x509_aes128.pem", NULL,
1220: "../ssl/test/axTLS.key_aes128.pem",
1221: NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
1222: goto cleanup;
1223:
1224: printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
1225: TTY_FLUSH();
1226:
1227: /*
1228: * PKCS#8 key (encrypted)
1229: */
1230: if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher RC4-SHA",
1231: DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8",
1232: NULL, "abcd", DEFAULT_SVR_OPTION)))
1233: goto cleanup;
1234:
1235: /*
1236: * PKCS#8 key (unencrypted DER format)
1237: */
1238: if ((ret = SSL_server_test("pkcs#8 DER unencrypted", "-cipher RC4-SHA",
1239: DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8",
1240: NULL, NULL, DEFAULT_SVR_OPTION)))
1241: goto cleanup;
1242:
1243: /*
1244: * PKCS#8 key (unencrypted PEM format)
1245: */
1246: if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", "-cipher RC4-SHA",
1247: DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8",
1248: NULL, NULL, DEFAULT_SVR_OPTION)))
1249: goto cleanup;
1250:
1251: /*
1252: * PKCS#12 key/certificate
1253: */
1254: if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher RC4-SHA",
1255: NULL, NULL, "../ssl/test/axTLS.withCA.p12",
1256: NULL, "abcd", DEFAULT_SVR_OPTION)))
1257: goto cleanup;
1258:
1259: if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher RC4-SHA",
1260: DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12",
1261: NULL, "abcd", DEFAULT_SVR_OPTION)))
1262: goto cleanup;
1263:
1264: /*
1265: * GNUTLS
1266: */
1267: if ((ret = SSL_server_test("GNUTLS client",
1268: "",
1269: "../ssl/test/axTLS.x509_1024.cer", NULL,
1270: "../ssl/test/axTLS.key_1024",
1271: NULL, NULL, DEFAULT_SVR_OPTION)))
1272: goto cleanup;
1273: ret = 0;
1274:
1275: cleanup:
1276: if (ret)
1277: {
1278: printf("Error: A server test failed\n");
1279: ssl_display_error(ret);
1280: exit(1);
1281: }
1282: else
1283: {
1284: printf("All server tests passed\n"); TTY_FLUSH();
1285: }
1286:
1287: return ret;
1288: }
1289:
1290: /**************************************************************************
1291: * SSL Client Testing
1292: *
1293: **************************************************************************/
1294: typedef struct
1295: {
1296: uint8_t session_id[SSL_SESSION_ID_SIZE];
1297: #ifndef WIN32
1298: pthread_t server_thread;
1299: #endif
1300: int start_server;
1301: int stop_server;
1302: int do_reneg;
1303: } CLNT_SESSION_RESUME_CTX;
1304:
1305: typedef struct
1306: {
1307: const char *testname;
1308: const char *openssl_option;
1309: int do_gnutls;
1310: } server_t;
1311:
1312: static void do_server(server_t *svr)
1313: {
1314: char openssl_buf[2048];
1315: #ifndef WIN32
1316: pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
1317: #endif
1318: if (svr->do_gnutls)
1319: {
1320: sprintf(openssl_buf, "gnutls-serv "
1321: "-p %d --quiet %s ", g_port, svr->openssl_option);
1322: }
1323: else
1324: {
1325: sprintf(openssl_buf, "openssl s_server -tls1 "
1326: "-accept %d -quiet %s ", g_port, svr->openssl_option);
1327: }
1328:
1329: system(openssl_buf);
1330: }
1331:
1332: static int SSL_client_test(
1333: const char *test,
1334: SSL_CTX **ssl_ctx,
1335: const char *openssl_option,
1336: CLNT_SESSION_RESUME_CTX *sess_resume,
1337: uint32_t client_options,
1338: const char *private_key,
1339: const char *password,
1340: const char *cert)
1341: {
1342: server_t server_data;
1343: SSL *ssl = NULL;
1344: int client_fd = -1;
1345: uint8_t *session_id = NULL;
1346: int ret = 1;
1347: #ifndef WIN32
1348: pthread_t thread;
1349: #endif
1350:
1351: server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
1352:
1353: if (sess_resume == NULL || sess_resume->start_server)
1354: {
1355: g_port++;
1356: server_data.openssl_option = openssl_option;
1357:
1358: #ifndef WIN32
1359: pthread_create(&thread, NULL,
1360: (void *(*)(void *))do_server, (void *)&server_data);
1361: pthread_detach(thread);
1362: #else
1363: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server,
1364: (LPVOID)&server_data, 0, NULL);
1365: #endif
1366: }
1367:
1368: usleep(200000); /* allow server to start */
1369:
1370: if (*ssl_ctx == NULL)
1371: {
1372: if (private_key)
1373: {
1374: client_options |= SSL_NO_DEFAULT_KEY;
1375: }
1376:
1377: if ((*ssl_ctx = ssl_ctx_new(
1378: client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
1379: {
1380: ret = SSL_ERROR_INVALID_KEY;
1381: goto client_test_exit;
1382: }
1383:
1384: if (private_key)
1385: {
1386: int obj_type = SSL_OBJ_RSA_KEY;
1387:
1388: if (strstr(private_key, ".p8"))
1389: obj_type = SSL_OBJ_PKCS8;
1390: else if (strstr(private_key, ".p12"))
1391: obj_type = SSL_OBJ_PKCS12;
1392:
1393: if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
1394: {
1395: ret = SSL_ERROR_INVALID_KEY;
1396: goto client_test_exit;
1397: }
1398: }
1399:
1400: if (cert)
1401: {
1402: if ((ret = ssl_obj_load(*ssl_ctx,
1403: SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
1404: {
1405: printf("could not add cert %s (%d)\n", cert, ret);
1406: TTY_FLUSH();
1407: goto client_test_exit;
1408: }
1409: }
1410:
1411: if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT,
1412: "../ssl/test/axTLS.ca_x509.cer", NULL))
1413: {
1414: printf("could not add cert auth\n"); TTY_FLUSH();
1415: goto client_test_exit;
1416: }
1417: }
1418:
1419: if (sess_resume && !sess_resume->start_server)
1420: {
1421: session_id = sess_resume->session_id;
1422: }
1423:
1424: if ((client_fd = client_socket_init(g_port)) < 0)
1425: {
1426: printf("could not start socket on %d\n", g_port); TTY_FLUSH();
1427: goto client_test_exit;
1428: }
1429:
1430: ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
1431:
1432: /* check the return status */
1433: if ((ret = ssl_handshake_status(ssl)))
1434: goto client_test_exit;
1435:
1436: /* renegotiate client */
1437: if (sess_resume && sess_resume->do_reneg)
1438: {
1439: if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION)
1440: ret = 0;
1441: else
1442: ret = -SSL_ALERT_NO_RENEGOTIATION;
1443:
1444: goto client_test_exit;
1445: }
1446:
1447: if (sess_resume)
1448: {
1449: memcpy(sess_resume->session_id,
1450: ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
1451: }
1452:
1453: if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) &&
1454: (ret = ssl_verify_cert(ssl)))
1455: {
1456: goto client_test_exit;
1457: }
1458:
1459: ssl_write(ssl, (uint8_t *)"hello world\n", 13);
1460: if (sess_resume)
1461: {
1462: const uint8_t *sess_id = ssl_get_session_id(ssl);
1463: int i;
1464:
1465: printf(" Session-ID: ");
1466: for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
1467: {
1468: printf("%02X", sess_id[i]);
1469: }
1470: printf("\n");
1471: TTY_FLUSH();
1472: }
1473:
1474: ret = 0;
1475:
1476: client_test_exit:
1477: ssl_free(ssl);
1478: SOCKET_CLOSE(client_fd);
1479: usleep(200000); /* allow openssl to say something */
1480:
1481: if (sess_resume)
1482: {
1483: if (sess_resume->stop_server)
1484: {
1485: ssl_ctx_free(*ssl_ctx);
1486: *ssl_ctx = NULL;
1487: }
1488: else if (sess_resume->start_server)
1489: {
1490: #ifndef WIN32
1491: sess_resume->server_thread = thread;
1492: #endif
1493: }
1494: }
1495: else
1496: {
1497: ssl_ctx_free(*ssl_ctx);
1498: *ssl_ctx = NULL;
1499: }
1500:
1501: if (ret == 0)
1502: {
1503: printf("SSL client test \"%s\" passed\n", test);
1504: TTY_FLUSH();
1505: }
1506:
1507: return ret;
1508: }
1509:
1510: int SSL_client_tests(void)
1511: {
1512: int ret = -1;
1513: SSL_CTX *ssl_ctx = NULL;
1514: CLNT_SESSION_RESUME_CTX sess_resume;
1515: memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
1516:
1517: sess_resume.start_server = 1;
1518: printf("### starting client tests\n");
1519:
1520: if ((ret = SSL_client_test("512 bit key",
1521: &ssl_ctx,
1522: "-cert ../ssl/test/axTLS.x509_512.pem "
1523: "-key ../ssl/test/axTLS.key_512.pem", &sess_resume,
1524: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1525: goto cleanup;
1526:
1527: /* all the session id's should match for session resumption */
1528: sess_resume.start_server = 0;
1529: if ((ret = SSL_client_test("Client session resumption #1",
1530: &ssl_ctx, NULL, &sess_resume,
1531: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1532: goto cleanup;
1533:
1534: // no client renegotiation
1535: sess_resume.do_reneg = 1;
1536: // test relies on openssl killing the call
1537: if ((ret = SSL_client_test("Client renegotiation",
1538: &ssl_ctx, NULL, &sess_resume,
1539: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1540: goto cleanup;
1541: sess_resume.do_reneg = 0;
1542:
1543: sess_resume.stop_server = 1;
1544: if ((ret = SSL_client_test("Client session resumption #2",
1545: &ssl_ctx, NULL, &sess_resume,
1546: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1547: goto cleanup;
1548:
1549: if ((ret = SSL_client_test("1024 bit key",
1550: &ssl_ctx,
1551: "-cert ../ssl/test/axTLS.x509_1024.pem "
1552: "-key ../ssl/test/axTLS.key_1024.pem", NULL,
1553: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1554: goto cleanup;
1555:
1556: if ((ret = SSL_client_test("2048 bit key",
1557: &ssl_ctx,
1558: "-cert ../ssl/test/axTLS.x509_2048.pem "
1559: "-key ../ssl/test/axTLS.key_2048.pem", NULL,
1560: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1561: goto cleanup;
1562:
1563: if ((ret = SSL_client_test("4096 bit key",
1564: &ssl_ctx,
1565: "-cert ../ssl/test/axTLS.x509_4096.pem "
1566: "-key ../ssl/test/axTLS.key_4096.pem", NULL,
1567: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1568: goto cleanup;
1569:
1570: if ((ret = SSL_client_test("Server cert chaining",
1571: &ssl_ctx,
1572: "-cert ../ssl/test/axTLS.x509_device.pem "
1573: "-key ../ssl/test/axTLS.device_key.pem "
1574: "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL,
1575: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1576: goto cleanup;
1577:
1578: /* Check the server can verify the client */
1579: if ((ret = SSL_client_test("Client peer authentication",
1580: &ssl_ctx,
1581: "-cert ../ssl/test/axTLS.x509_2048.pem "
1582: "-key ../ssl/test/axTLS.key_2048.pem "
1583: "-CAfile ../ssl/test/axTLS.ca_x509.pem "
1584: "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
1585: "../ssl/test/axTLS.key_1024", NULL,
1586: "../ssl/test/axTLS.x509_1024.cer")))
1587: goto cleanup;
1588:
1589: /* Should get an "ERROR" from openssl (as the handshake fails as soon as
1590: * the certificate verification fails) */
1591: if ((ret = SSL_client_test("Error: Expired cert (verify now)",
1592: &ssl_ctx,
1593: "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1594: "-key ../ssl/test/axTLS.key_512.pem", NULL,
1595: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
1596: SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
1597: {
1598: printf("*** Error: %d\n", ret);
1599: goto cleanup;
1600: }
1601:
1602: printf("SSL client test \"Expired cert (verify now)\" passed\n");
1603:
1604: /* There is no "ERROR" from openssl */
1605: if ((ret = SSL_client_test("Error: Expired cert (verify later)",
1606: &ssl_ctx,
1607: "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1608: "-key ../ssl/test/axTLS.key_512.pem", NULL,
1609: DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL,
1610: NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
1611: {
1612: printf("*** Error: %d\n", ret); TTY_FLUSH();
1613: goto cleanup;
1614: }
1615:
1616: printf("SSL client test \"Expired cert (verify later)\" passed\n");
1617:
1618: /* invalid cert type */
1619: if ((ret = SSL_client_test("Error: Invalid certificate type",
1620: &ssl_ctx,
1621: "-cert ../ssl/test/axTLS.x509_2048.pem "
1622: "-key ../ssl/test/axTLS.key_2048.pem "
1623: "-CAfile ../ssl/test/axTLS.ca_x509.pem "
1624: "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
1625: "../ssl/test/axTLS.x509_1024.cer", NULL,
1626: "../ssl/test/axTLS.x509_1024.cer"))
1627: != SSL_ERROR_INVALID_KEY)
1628: {
1629: printf("*** Error: %d\n", ret); TTY_FLUSH();
1630: goto cleanup;
1631: }
1632:
1633: printf("SSL client test \"Invalid certificate type\" passed\n");
1634:
1635: if ((ret = SSL_client_test("GNUTLS client",
1636: &ssl_ctx,
1637: "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
1638: "--x509keyfile ../ssl/test/axTLS.key_1024.pem -q", NULL,
1639: DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1640: goto cleanup;
1641:
1642: ret = 0;
1643:
1644: cleanup:
1645: if (ret)
1646: {
1647: ssl_display_error(ret);
1648: printf("Error: A client test failed\n");
1649: system("sh ../ssl/test/killopenssl.sh");
1650: system("sh ../ssl/test/killgnutls.sh");
1651: exit(1);
1652: }
1653: else
1654: {
1655: printf("All client tests passed\n"); TTY_FLUSH();
1656: }
1657:
1658: ssl_ctx_free(ssl_ctx);
1659: return ret;
1660: }
1661:
1662: /**************************************************************************
1663: * SSL Basic Testing (test a big packet handshake)
1664: *
1665: **************************************************************************/
1666: static uint8_t basic_buf[256*1024];
1667:
1668: static void do_basic(void)
1669: {
1670: int client_fd;
1671: SSL *ssl_clnt;
1672: SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
1673: DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
1674: usleep(200000); /* allow server to start */
1675:
1676: if ((client_fd = client_socket_init(g_port)) < 0)
1677: goto error;
1678:
1679: if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
1680: "../ssl/test/axTLS.ca_x509.cer", NULL))
1681: goto error;
1682:
1683: ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
1684:
1685: /* check the return status */
1686: if (ssl_handshake_status(ssl_clnt) < 0)
1687: {
1688: ssl_display_error(ssl_handshake_status(ssl_clnt));
1689: goto error;
1690: }
1691:
1692: ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
1693: ssl_free(ssl_clnt);
1694:
1695: error:
1696: ssl_ctx_free(ssl_clnt_ctx);
1697: SOCKET_CLOSE(client_fd);
1698:
1699: /* exit this thread */
1700: }
1701:
1702: static int SSL_basic_test(void)
1703: {
1704: int server_fd, client_fd, ret = 0, size = 0, offset = 0;
1705: SSL_CTX *ssl_svr_ctx = NULL;
1706: struct sockaddr_in client_addr;
1707: uint8_t *read_buf;
1708: socklen_t clnt_len = sizeof(client_addr);
1709: SSL *ssl_svr;
1710: #ifndef WIN32
1711: pthread_t thread;
1712: #endif
1713: memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
1714: memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
1715:
1716: if ((server_fd = server_socket_init(&g_port)) < 0)
1717: goto error;
1718:
1719: ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
1720:
1721: #ifndef WIN32
1722: pthread_create(&thread, NULL,
1723: (void *(*)(void *))do_basic, NULL);
1724: pthread_detach(thread);
1725: #else
1726: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
1727: #endif
1728:
1729: /* Wait for a client to connect */
1730: if ((client_fd = accept(server_fd,
1731: (struct sockaddr *) &client_addr, &clnt_len)) < 0)
1732: {
1733: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
1734: goto error;
1735: }
1736:
1737: /* we are ready to go */
1738: ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
1739:
1740: do
1741: {
1742: while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
1743:
1744: if (size < SSL_OK) /* got some alert or something nasty */
1745: {
1746: ssl_display_error(size);
1747: ret = size;
1748: break;
1749: }
1750: else /* looks more promising */
1751: {
1752: if (memcmp(read_buf, &basic_buf[offset], size) != 0)
1753: {
1754: ret = SSL_NOT_OK;
1755: break;
1756: }
1757: }
1758:
1759: offset += size;
1760: } while (offset < sizeof(basic_buf));
1761:
1762: printf(ret == SSL_OK && offset == sizeof(basic_buf) ?
1763: "SSL basic test passed\n" :
1764: "SSL basic test failed\n");
1765: TTY_FLUSH();
1766:
1767: ssl_free(ssl_svr);
1768: SOCKET_CLOSE(server_fd);
1769: SOCKET_CLOSE(client_fd);
1770:
1771: error:
1772: ssl_ctx_free(ssl_svr_ctx);
1773: return ret;
1774: }
1775:
1776: /**************************************************************************
1777: * SSL unblocked case
1778: *
1779: **************************************************************************/
1780: static void do_unblocked(void)
1781: {
1782: int client_fd;
1783: SSL *ssl_clnt;
1784: SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
1785: DEFAULT_CLNT_OPTION,
1786: SSL_DEFAULT_CLNT_SESS |
1787: SSL_CONNECT_IN_PARTS);
1788: usleep(200000); /* allow server to start */
1789:
1790: if ((client_fd = client_socket_init(g_port)) < 0)
1791: goto error;
1792:
1793: {
1794: #ifdef WIN32
1795: u_long argp = 1;
1796: ioctlsocket(client_fd, FIONBIO, &argp);
1797: #else
1798: int flags = fcntl(client_fd, F_GETFL, NULL);
1799: fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
1800: #endif
1801: }
1802:
1803: if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
1804: "../ssl/test/axTLS.ca_x509.cer", NULL))
1805: goto error;
1806:
1807: ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
1808:
1809: while (ssl_handshake_status(ssl_clnt) != SSL_OK)
1810: {
1811: if (ssl_read(ssl_clnt, NULL) < 0)
1812: {
1813: ssl_display_error(ssl_handshake_status(ssl_clnt));
1814: goto error;
1815: }
1816: }
1817:
1818: ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
1819: ssl_free(ssl_clnt);
1820:
1821: error:
1822: ssl_ctx_free(ssl_clnt_ctx);
1823: SOCKET_CLOSE(client_fd);
1824:
1825: /* exit this thread */
1826: }
1827:
1828: static int SSL_unblocked_test(void)
1829: {
1830: int server_fd, client_fd, ret = 0, size = 0, offset = 0;
1831: SSL_CTX *ssl_svr_ctx = NULL;
1832: struct sockaddr_in client_addr;
1833: uint8_t *read_buf;
1834: socklen_t clnt_len = sizeof(client_addr);
1835: SSL *ssl_svr;
1836: #ifndef WIN32
1837: pthread_t thread;
1838: #endif
1839: memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
1840: memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
1841:
1842: if ((server_fd = server_socket_init(&g_port)) < 0)
1843: goto error;
1844:
1845: ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
1846:
1847: #ifndef WIN32
1848: pthread_create(&thread, NULL,
1849: (void *(*)(void *))do_unblocked, NULL);
1850: pthread_detach(thread);
1851: #else
1852: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked,
1853: NULL, 0, NULL);
1854: #endif
1855:
1856: /* Wait for a client to connect */
1857: if ((client_fd = accept(server_fd,
1858: (struct sockaddr *) &client_addr, &clnt_len)) < 0)
1859: {
1860: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
1861: goto error;
1862: }
1863:
1864: /* we are ready to go */
1865: ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
1866:
1867: do
1868: {
1869: while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
1870:
1871: if (size < SSL_OK) /* got some alert or something nasty */
1872: {
1873: ssl_display_error(size);
1874: ret = size;
1875: break;
1876: }
1877: else /* looks more promising */
1878: {
1879: if (memcmp(read_buf, &basic_buf[offset], size) != 0)
1880: {
1881: ret = SSL_NOT_OK;
1882: break;
1883: }
1884: }
1885:
1886: offset += size;
1887: } while (offset < sizeof(basic_buf));
1888:
1889: printf(ret == SSL_OK && offset == sizeof(basic_buf) ?
1890: "SSL unblocked test passed\n" :
1891: "SSL unblocked test failed\n");
1892: TTY_FLUSH();
1893:
1894: ssl_free(ssl_svr);
1895: SOCKET_CLOSE(server_fd);
1896: SOCKET_CLOSE(client_fd);
1897:
1898: error:
1899: ssl_ctx_free(ssl_svr_ctx);
1900: return ret;
1901: }
1902:
1903: #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
1904: /**************************************************************************
1905: * Multi-Threading Tests
1906: *
1907: **************************************************************************/
1908: #define NUM_THREADS 100
1909:
1910: typedef struct
1911: {
1912: SSL_CTX *ssl_clnt_ctx;
1913: int port;
1914: int thread_id;
1915: } multi_t;
1916:
1917: void do_multi_clnt(multi_t *multi_data)
1918: {
1919: int res = 1, client_fd, i;
1920: SSL *ssl = NULL;
1921: char tmp[5];
1922:
1923: if ((client_fd = client_socket_init(multi_data->port)) < 0)
1924: goto client_test_exit;
1925:
1926: usleep(200000);
1927: ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
1928:
1929: if ((res = ssl_handshake_status(ssl)))
1930: {
1931: printf("Client ");
1932: ssl_display_error(res);
1933: goto client_test_exit;
1934: }
1935:
1936: sprintf(tmp, "%d\n", multi_data->thread_id);
1937: for (i = 0; i < 10; i++)
1938: ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
1939:
1940: client_test_exit:
1941: ssl_free(ssl);
1942: SOCKET_CLOSE(client_fd);
1943: free(multi_data);
1944: }
1945:
1946: void do_multi_svr(SSL *ssl)
1947: {
1948: uint8_t *read_buf;
1949: int *res_ptr = malloc(sizeof(int));
1950: int res;
1951:
1952: for (;;)
1953: {
1954: res = ssl_read(ssl, &read_buf);
1955:
1956: /* kill the client */
1957: if (res != SSL_OK)
1958: {
1959: if (res == SSL_ERROR_CONN_LOST)
1960: {
1961: SOCKET_CLOSE(ssl->client_fd);
1962: ssl_free(ssl);
1963: break;
1964: }
1965: else if (res > 0)
1966: {
1967: /* do nothing */
1968: }
1969: else /* some problem */
1970: {
1971: printf("Server ");
1972: ssl_display_error(res);
1973: goto error;
1974: }
1975: }
1976: }
1977:
1978: res = SSL_OK;
1979: error:
1980: *res_ptr = res;
1981: pthread_exit(res_ptr);
1982: }
1983:
1984: int multi_thread_test(void)
1985: {
1986: int server_fd = -1;
1987: SSL_CTX *ssl_server_ctx;
1988: SSL_CTX *ssl_clnt_ctx;
1989: pthread_t clnt_threads[NUM_THREADS];
1990: pthread_t svr_threads[NUM_THREADS];
1991: int i, res = 0;
1992: struct sockaddr_in client_addr;
1993: socklen_t clnt_len = sizeof(client_addr);
1994:
1995: printf("Do multi-threading test (takes a minute)\n");
1996:
1997: ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
1998: ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
1999:
2000: if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
2001: "../ssl/test/axTLS.ca_x509.cer", NULL))
2002: goto error;
2003:
2004: if ((server_fd = server_socket_init(&g_port)) < 0)
2005: goto error;
2006:
2007: for (i = 0; i < NUM_THREADS; i++)
2008: {
2009: multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
2010: multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
2011: multi_data->port = g_port;
2012: multi_data->thread_id = i+1;
2013: pthread_create(&clnt_threads[i], NULL,
2014: (void *(*)(void *))do_multi_clnt, (void *)multi_data);
2015: pthread_detach(clnt_threads[i]);
2016: }
2017:
2018: for (i = 0; i < NUM_THREADS; i++)
2019: {
2020: SSL *ssl_svr;
2021: int client_fd = accept(server_fd,
2022: (struct sockaddr *)&client_addr, &clnt_len);
2023:
2024: if (client_fd < 0)
2025: goto error;
2026:
2027: ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
2028:
2029: pthread_create(&svr_threads[i], NULL,
2030: (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
2031: }
2032:
2033: /* make sure we've run all of the threads */
2034: for (i = 0; i < NUM_THREADS; i++)
2035: {
2036: void *thread_res;
2037: pthread_join(svr_threads[i], &thread_res);
2038:
2039: if (*((int *)thread_res) != 0)
2040: res = 1;
2041:
2042: free(thread_res);
2043: }
2044:
2045: if (res)
2046: goto error;
2047:
2048: printf("Multi-thread test passed (%d)\n", NUM_THREADS);
2049: error:
2050: ssl_ctx_free(ssl_server_ctx);
2051: ssl_ctx_free(ssl_clnt_ctx);
2052: SOCKET_CLOSE(server_fd);
2053: return res;
2054: }
2055: #endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */
2056:
2057: /**************************************************************************
2058: * Header issue
2059: *
2060: **************************************************************************/
2061: static void do_header_issue(void)
2062: {
2063: char axtls_buf[2048];
2064: #ifndef WIN32
2065: pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
2066: #endif
2067: sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
2068: system(axtls_buf);
2069: }
2070:
2071: static int header_issue(void)
2072: {
2073: FILE *f = fopen("../ssl/test/header_issue.dat", "r");
2074: int server_fd = -1, client_fd = -1, ret = 1;
2075: uint8_t buf[2048];
2076: int size = 0;
2077: struct sockaddr_in client_addr;
2078: socklen_t clnt_len = sizeof(client_addr);
2079: #ifndef WIN32
2080: pthread_t thread;
2081: #endif
2082:
2083: if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
2084: goto error;
2085:
2086: #ifndef WIN32
2087: pthread_create(&thread, NULL,
2088: (void *(*)(void *))do_header_issue, NULL);
2089: pthread_detach(thread);
2090: #else
2091: CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue,
2092: NULL, 0, NULL);
2093: #endif
2094: if ((client_fd = accept(server_fd,
2095: (struct sockaddr *) &client_addr, &clnt_len)) < 0)
2096: {
2097: ret = SSL_ERROR_SOCK_SETUP_FAILURE;
2098: goto error;
2099: }
2100:
2101: size = fread(buf, 1, sizeof(buf), f);
2102: SOCKET_WRITE(client_fd, buf, size);
2103: usleep(200000);
2104:
2105: ret = 0;
2106: error:
2107: fclose(f);
2108: SOCKET_CLOSE(client_fd);
2109: SOCKET_CLOSE(server_fd);
2110: TTY_FLUSH();
2111: system("killall axssl");
2112: return ret;
2113: }
2114:
2115: /**************************************************************************
2116: * main()
2117: *
2118: **************************************************************************/
2119: int main(int argc, char *argv[])
2120: {
2121: int ret = 1;
2122: BI_CTX *bi_ctx;
2123: int fd;
2124:
2125: #ifdef WIN32
2126: WSADATA wsaData;
2127: WORD wVersionRequested = MAKEWORD(2, 2);
2128: WSAStartup(wVersionRequested, &wsaData);
2129: fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
2130: dup2(fd, 2); /* write stderr to this file */
2131: #else
2132: fd = open("/dev/null", O_WRONLY); /* write stderr to /dev/null */
2133: signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */
2134: dup2(fd, 2);
2135: #endif
2136:
2137: /* can't do testing in this mode */
2138: #if defined CONFIG_SSL_GENERATE_X509_CERT
2139: printf("Error: Must compile with default key/certificates\n");
2140: exit(1);
2141: #endif
2142:
2143: bi_ctx = bi_initialize();
2144:
2145: if (AES_test(bi_ctx))
2146: {
2147: printf("AES tests failed\n");
2148: goto cleanup;
2149: }
2150: TTY_FLUSH();
2151:
2152: if (RC4_test(bi_ctx))
2153: {
2154: printf("RC4 tests failed\n");
2155: goto cleanup;
2156: }
2157: TTY_FLUSH();
2158:
2159: if (MD5_test(bi_ctx))
2160: {
2161: printf("MD5 tests failed\n");
2162: goto cleanup;
2163: }
2164: TTY_FLUSH();
2165:
2166: if (SHA1_test(bi_ctx))
2167: {
2168: printf("SHA1 tests failed\n");
2169: goto cleanup;
2170: }
2171: TTY_FLUSH();
2172:
2173: if (HMAC_test(bi_ctx))
2174: {
2175: printf("HMAC tests failed\n");
2176: goto cleanup;
2177: }
2178: TTY_FLUSH();
2179:
2180: if (BIGINT_test(bi_ctx))
2181: {
2182: printf("BigInt tests failed!\n");
2183: goto cleanup;
2184: }
2185: TTY_FLUSH();
2186:
2187: bi_terminate(bi_ctx);
2188:
2189: if (RSA_test())
2190: {
2191: printf("RSA tests failed\n");
2192: goto cleanup;
2193: }
2194: TTY_FLUSH();
2195:
2196: if (cert_tests())
2197: {
2198: printf("CERT tests failed\n");
2199: goto cleanup;
2200: }
2201: TTY_FLUSH();
2202:
2203: #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
2204: if (multi_thread_test())
2205: goto cleanup;
2206: #endif
2207:
2208: if (SSL_basic_test())
2209: goto cleanup;
2210:
2211: system("sh ../ssl/test/killopenssl.sh");
2212:
2213: if (SSL_unblocked_test())
2214: goto cleanup;
2215:
2216: system("sh ../ssl/test/killopenssl.sh");
2217:
2218: if (SSL_client_tests())
2219: goto cleanup;
2220:
2221: system("sh ../ssl/test/killopenssl.sh");
2222: system("sh ../ssl/test/killgnutls.sh");
2223:
2224: if (SSL_server_tests())
2225: goto cleanup;
2226:
2227: system("sh ../ssl/test/killopenssl.sh");
2228:
2229: if (header_issue())
2230: {
2231: printf("Header tests failed\n"); TTY_FLUSH();
2232: goto cleanup;
2233: }
2234:
2235: ret = 0; /* all ok */
2236: printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
2237: cleanup:
2238:
2239: if (ret)
2240: printf("Error: Some tests failed!\n");
2241:
2242: close(fd);
2243: return ret;
2244: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ssltest.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / ssl / test