embedaddon/strongswan/scripts/tls_test.c - diff

Return to tls_test.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / scripts

Diff for /embedaddon/strongswan/scripts/tls_test.c between versions 1.1 and 1.1.1.2

version 1.1, 2020/06/03 09:46:49	version 1.1.1.2, 2021/03/17 00:20:15
Line 1	Line 1
/*	/*
	* Copyright (C) 2020 Pascal Knecht
	* Copyright (C) 2020 Tobias Brunner
	* HSR Hochschule fuer Technik Rapperswil
	*
* Copyright (C) 2010 Martin Willi	* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG	* Copyright (C) 2010 revosec AG
*	*
Line 33	Line 37
static void usage(FILE out, char cmd)	static void usage(FILE out, char cmd)
{	{
fprintf(out, "usage:\n");	fprintf(out, "usage:\n");
fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>]+ [--times <n>]\n", cmd);	fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>] [--cacert <file>]+ [--times <n>]\n", cmd);
fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd);	fprintf(out, " %s --listen <address> --port <port> --key <key> --cert <file> [--cacert <file>]+ [--auth-optional] [--times <n>]\n", cmd);
	fprintf(out, "\n");
	fprintf(out, "options:\n");
	fprintf(out, " --help print help and exit\n");
	fprintf(out, " --connect <address> connect to a server on dns name or ip address\n");
	fprintf(out, " --listen <address> listen on dns name or ip address\n");
	fprintf(out, " --port <port> specify the port to use\n");
	fprintf(out, " --cert <file> certificate to authenticate itself\n");
	fprintf(out, " --key <file> private key to authenticate itself\n");
	fprintf(out, " --cacert <file> certificate to verify other peer\n");
	fprintf(out, " --auth-optional don't enforce client authentication\n");
	fprintf(out, " --times <n> specify the amount of repeated connection establishments\n");
	fprintf(out, " --ipv4 use IPv4\n");
	fprintf(out, " --ipv6 use IPv6\n");
	fprintf(out, " --min-version <version> specify the minimum TLS version, supported versions:\n");
	fprintf(out, " 1.0 (default), 1.1, 1.2 and 1.3\n");
	fprintf(out, " --max-version <version> specify the maximum TLS version, supported versions:\n");
	fprintf(out, " 1.0, 1.1, 1.2 and 1.3 (default)\n");
	fprintf(out, " --version <version> set one specific TLS version to use, supported versions:\n");
	fprintf(out, " 1.0, 1.1, 1.2 and 1.3\n");
	fprintf(out, " --debug <debug level> set debug level, default is 1\n");
}	}

/**	/**
Line 85 static identification_t *find_client_id()	Line 109 static identification_t *find_client_id()
* Client routine	* Client routine
*/	*/
static int run_client(host_t host, identification_t server,	static int run_client(host_t host, identification_t server,
identification_t client, int times, tls_cache_t cache)	identification_t client, int times, tls_cache_t cache,
	tls_version_t min_version, tls_version_t max_version,
	tls_flag_t flags)
{	{
tls_socket_t *tls;	tls_socket_t *tls;
int fd, res;	int fd, res;

while (times == -1 \|\| times-- > 0)	while (times == -1 \|\| times-- > 0)
{	{
fd = socket(AF_INET, SOCK_STREAM, 0);	DBG2(DBG_TLS, "connecting to %#H", host);
	fd = socket(host->get_family(host), SOCK_STREAM, 0);
if (fd == -1)	if (fd == -1)
{	{
DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));	DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
Line 105 static int run_client(host_t host, identification_t	Line 132 static int run_client(host_t host, identification_t
close(fd);	close(fd);
return 1;	return 1;
}	}
tls = tls_socket_create(FALSE, server, client, fd, cache, TLS_1_2, TRUE);	tls = tls_socket_create(FALSE, server, client, fd, cache, min_version,
	max_version, flags);
if (!tls)	if (!tls)
{	{
close(fd);	close(fd);
Line 125 static int run_client(host_t host, identification_t	Line 153 static int run_client(host_t host, identification_t
/**	/**
* Server routine	* Server routine
*/	*/
static int serve(host_t host, identification_t server,	static int serve(host_t host, identification_t server, identification_t *client,
int times, tls_cache_t *cache)	int times, tls_cache_t *cache, tls_version_t min_version,
	tls_version_t max_version, tls_flag_t flags)
{	{
tls_socket_t *tls;	tls_socket_t *tls;
int fd, cfd;	int fd, cfd;
Line 162 static int serve(host_t host, identification_t serve	Line 191 static int serve(host_t host, identification_t serve
}	}
DBG1(DBG_TLS, "%#H connected", host);	DBG1(DBG_TLS, "%#H connected", host);

tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TLS_1_2, TRUE);	tls = tls_socket_create(TRUE, server, client, cfd, cache, min_version,
	max_version, flags);
if (!tls)	if (!tls)
{	{
close(fd);	close(fd);
Line 207 static bool load_key(char *filename)	Line 237 static bool load_key(char *filename)
{	{
private_key_t *key;	private_key_t *key;

key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,	key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
BUILD_FROM_FILE, filename, BUILD_END);	BUILD_FROM_FILE, filename, BUILD_END);
if (!key)	if (!key)
{	{
DBG1(DBG_TLS, "loading key from '%s' failed", filename);	DBG1(DBG_TLS, "loading key from '%s' failed", filename);
Line 251 static void cleanup()	Line 281 static void cleanup()
*/	*/
static void init()	static void init()
{	{
	char *plugins;

library_init(NULL, "tls_test");	library_init(NULL, "tls_test");

dbg = dbg_tls;	dbg = dbg_tls;

lib->plugins->load(lib->plugins, PLUGINS);	plugins = getenv("PLUGINS") ?: PLUGINS;
	lib->plugins->load(lib->plugins, plugins);

creds = mem_cred_create();	creds = mem_cred_create();
lib->credmgr->add_set(lib->credmgr, &creds->set);	lib->credmgr->add_set(lib->credmgr, &creds->set);
Line 267 int main(int argc, char *argv[])	Line 300 int main(int argc, char *argv[])
{	{
char *address = NULL;	char *address = NULL;
bool listen = FALSE;	bool listen = FALSE;
int port = 0, times = -1, res;	int port = 0, times = -1, res, family = AF_UNSPEC;
identification_t server, client;	identification_t server, client = NULL;
	tls_version_t min_version = TLS_SUPPORTED_MIN, max_version = TLS_SUPPORTED_MAX;
	tls_flag_t flags = TLS_FLAG_ENCRYPTION_OPTIONAL;
tls_cache_t *cache;	tls_cache_t *cache;
host_t *host;	host_t *host;

Line 277 int main(int argc, char *argv[])	Line 312 int main(int argc, char *argv[])
while (TRUE)	while (TRUE)
{	{
struct option long_opts[] = {	struct option long_opts[] = {
{"help", no_argument, NULL, 'h' },	{"help", no_argument, NULL, 'h' },
{"connect", required_argument, NULL, 'c' },	{"connect", required_argument, NULL, 'c' },
{"listen", required_argument, NULL, 'l' },	{"listen", required_argument, NULL, 'l' },
{"port", required_argument, NULL, 'p' },	{"port", required_argument, NULL, 'p' },
{"cert", required_argument, NULL, 'x' },	{"cert", required_argument, NULL, 'x' },
{"key", required_argument, NULL, 'k' },	{"key", required_argument, NULL, 'k' },
{"times", required_argument, NULL, 't' },	{"cacert", required_argument, NULL, 'f' },
{"debug", required_argument, NULL, 'd' },	{"times", required_argument, NULL, 't' },
	{"ipv4", no_argument, NULL, '4' },
	{"ipv6", no_argument, NULL, '6' },
	{"min-version", required_argument, NULL, 'm' },
	{"max-version", required_argument, NULL, 'M' },
	{"version", required_argument, NULL, 'v' },
	{"auth-optional", no_argument, NULL, 'n' },
	{"debug", required_argument, NULL, 'd' },
{0,0,0,0 }	{0,0,0,0 }
};	};
switch (getopt_long(argc, argv, "", long_opts, NULL))	switch (getopt_long(argc, argv, "", long_opts, NULL))
Line 306 int main(int argc, char *argv[])	Line 348 int main(int argc, char *argv[])
return 1;	return 1;
}	}
continue;	continue;
	case 'f':
	if (!load_certificate(optarg))
	{
	return 1;
	}
	client = identification_create_from_encoding(ID_ANY, chunk_empty);
	continue;
case 'l':	case 'l':
listen = TRUE;	listen = TRUE;
/* fall */	/* fall */
Line 326 int main(int argc, char *argv[])	Line 375 int main(int argc, char *argv[])
case 'd':	case 'd':
tls_level = atoi(optarg);	tls_level = atoi(optarg);
continue;	continue;
	case '4':
	family = AF_INET;
	continue;
	case '6':
	family = AF_INET6;
	continue;
	case 'm':
	if (!enum_from_name(tls_numeric_version_names, optarg,
	&min_version))
	{
	fprintf(stderr, "unknown minimum TLS version: %s\n", optarg);
	return 1;
	}
	continue;
	case 'M':
	if (!enum_from_name(tls_numeric_version_names, optarg,
	&max_version))
	{
	fprintf(stderr, "unknown maximum TLS version: %s\n", optarg);
	return 1;
	}
	continue;
	case 'v':
	if (!enum_from_name(tls_numeric_version_names, optarg,
	&min_version))
	{
	fprintf(stderr, "unknown TLS version: %s\n", optarg);
	return 1;
	}
	max_version = min_version;
	continue;
	case 'n':
	flags \|= TLS_FLAG_CLIENT_AUTH_OPTIONAL;
	continue;
default:	default:
usage(stderr, argv[0]);	usage(stderr, argv[0]);
return 1;	return 1;
Line 337 int main(int argc, char *argv[])	Line 420 int main(int argc, char *argv[])
usage(stderr, argv[0]);	usage(stderr, argv[0]);
return 1;	return 1;
}	}
host = host_create_from_dns(address, 0, port);	host = host_create_from_dns(address, family, port);
if (!host)	if (!host)
{	{
DBG1(DBG_TLS, "resolving hostname %s failed", address);	DBG1(DBG_TLS, "resolving hostname %s failed", address);
Line 347 int main(int argc, char *argv[])	Line 430 int main(int argc, char *argv[])
cache = tls_cache_create(100, 30);	cache = tls_cache_create(100, 30);
if (listen)	if (listen)
{	{
res = serve(host, server, times, cache);	res = serve(host, server, client, times, cache, min_version,
	max_version, flags);
}	}
else	else
{	{
	DESTROY_IF(client);
client = find_client_id();	client = find_client_id();
res = run_client(host, server, client, times, cache);	res = run_client(host, server, client, times, cache, min_version,
	max_version, flags);
DESTROY_IF(client);	DESTROY_IF(client);
}	}
cache->destroy(cache);	cache->destroy(cache);

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1
changed lines
	Added in v.1.1.1.2