Annotation of embedaddon/strongswan/scripts/tls_test.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2010 Martin Willi
! 3: * Copyright (C) 2010 revosec AG
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include <unistd.h>
! 17: #include <stdio.h>
! 18: #include <sys/types.h>
! 19: #include <sys/socket.h>
! 20: #include <getopt.h>
! 21: #include <errno.h>
! 22: #include <string.h>
! 23:
! 24: #include <library.h>
! 25: #include <utils/debug.h>
! 26: #include <tls_socket.h>
! 27: #include <networking/host.h>
! 28: #include <credentials/sets/mem_cred.h>
! 29:
! 30: /**
! 31: * Print usage information
! 32: */
! 33: static void usage(FILE *out, char *cmd)
! 34: {
! 35: fprintf(out, "usage:\n");
! 36: fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>]+ [--times <n>]\n", cmd);
! 37: fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd);
! 38: }
! 39:
! 40: /**
! 41: * Check, as client, if we have a client certificate with private key
! 42: */
! 43: static identification_t *find_client_id()
! 44: {
! 45: identification_t *client = NULL, *keyid;
! 46: enumerator_t *enumerator;
! 47: certificate_t *cert;
! 48: public_key_t *pubkey;
! 49: private_key_t *privkey;
! 50: chunk_t chunk;
! 51:
! 52: enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
! 53: CERT_X509, KEY_ANY, NULL, FALSE);
! 54: while (enumerator->enumerate(enumerator, &cert))
! 55: {
! 56: pubkey = cert->get_public_key(cert);
! 57: if (pubkey)
! 58: {
! 59: if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &chunk))
! 60: {
! 61: keyid = identification_create_from_encoding(ID_KEY_ID, chunk);
! 62: privkey = lib->credmgr->get_private(lib->credmgr,
! 63: pubkey->get_type(pubkey), keyid, NULL);
! 64: keyid->destroy(keyid);
! 65: if (privkey)
! 66: {
! 67: client = cert->get_subject(cert);
! 68: client = client->clone(client);
! 69: privkey->destroy(privkey);
! 70: }
! 71: }
! 72: pubkey->destroy(pubkey);
! 73: }
! 74: if (client)
! 75: {
! 76: break;
! 77: }
! 78: }
! 79: enumerator->destroy(enumerator);
! 80:
! 81: return client;
! 82: }
! 83:
! 84: /**
! 85: * Client routine
! 86: */
! 87: static int run_client(host_t *host, identification_t *server,
! 88: identification_t *client, int times, tls_cache_t *cache)
! 89: {
! 90: tls_socket_t *tls;
! 91: int fd, res;
! 92:
! 93: while (times == -1 || times-- > 0)
! 94: {
! 95: fd = socket(AF_INET, SOCK_STREAM, 0);
! 96: if (fd == -1)
! 97: {
! 98: DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
! 99: return 1;
! 100: }
! 101: if (connect(fd, host->get_sockaddr(host),
! 102: *host->get_sockaddr_len(host)) == -1)
! 103: {
! 104: DBG1(DBG_TLS, "connecting to %#H failed: %s", host, strerror(errno));
! 105: close(fd);
! 106: return 1;
! 107: }
! 108: tls = tls_socket_create(FALSE, server, client, fd, cache, TLS_1_2, TRUE);
! 109: if (!tls)
! 110: {
! 111: close(fd);
! 112: return 1;
! 113: }
! 114: res = tls->splice(tls, 0, 1) ? 0 : 1;
! 115: tls->destroy(tls);
! 116: close(fd);
! 117: if (res)
! 118: {
! 119: break;
! 120: }
! 121: }
! 122: return res;
! 123: }
! 124:
! 125: /**
! 126: * Server routine
! 127: */
! 128: static int serve(host_t *host, identification_t *server,
! 129: int times, tls_cache_t *cache)
! 130: {
! 131: tls_socket_t *tls;
! 132: int fd, cfd;
! 133:
! 134: fd = socket(AF_INET, SOCK_STREAM, 0);
! 135: if (fd == -1)
! 136: {
! 137: DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
! 138: return 1;
! 139: }
! 140: if (bind(fd, host->get_sockaddr(host),
! 141: *host->get_sockaddr_len(host)) == -1)
! 142: {
! 143: DBG1(DBG_TLS, "binding to %#H failed: %s", host, strerror(errno));
! 144: close(fd);
! 145: return 1;
! 146: }
! 147: if (listen(fd, 1) == -1)
! 148: {
! 149: DBG1(DBG_TLS, "listen to %#H failed: %m", host, strerror(errno));
! 150: close(fd);
! 151: return 1;
! 152: }
! 153:
! 154: while (times == -1 || times-- > 0)
! 155: {
! 156: cfd = accept(fd, host->get_sockaddr(host), host->get_sockaddr_len(host));
! 157: if (cfd == -1)
! 158: {
! 159: DBG1(DBG_TLS, "accept failed: %s", strerror(errno));
! 160: close(fd);
! 161: return 1;
! 162: }
! 163: DBG1(DBG_TLS, "%#H connected", host);
! 164:
! 165: tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TLS_1_2, TRUE);
! 166: if (!tls)
! 167: {
! 168: close(fd);
! 169: return 1;
! 170: }
! 171: tls->splice(tls, 0, 1);
! 172: DBG1(DBG_TLS, "%#H disconnected", host);
! 173: tls->destroy(tls);
! 174: }
! 175: close(fd);
! 176:
! 177: return 0;
! 178: }
! 179:
! 180: /**
! 181: * In-Memory credential set
! 182: */
! 183: static mem_cred_t *creds;
! 184:
! 185: /**
! 186: * Load certificate from file
! 187: */
! 188: static bool load_certificate(char *filename)
! 189: {
! 190: certificate_t *cert;
! 191:
! 192: cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
! 193: BUILD_FROM_FILE, filename, BUILD_END);
! 194: if (!cert)
! 195: {
! 196: DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
! 197: return FALSE;
! 198: }
! 199: creds->add_cert(creds, TRUE, cert);
! 200: return TRUE;
! 201: }
! 202:
! 203: /**
! 204: * Load private key from file
! 205: */
! 206: static bool load_key(char *filename)
! 207: {
! 208: private_key_t *key;
! 209:
! 210: key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
! 211: BUILD_FROM_FILE, filename, BUILD_END);
! 212: if (!key)
! 213: {
! 214: DBG1(DBG_TLS, "loading key from '%s' failed", filename);
! 215: return FALSE;
! 216: }
! 217: creds->add_key(creds, key);
! 218: return TRUE;
! 219: }
! 220:
! 221: /**
! 222: * TLS debug level
! 223: */
! 224: static level_t tls_level = 1;
! 225:
! 226: static void dbg_tls(debug_t group, level_t level, char *fmt, ...)
! 227: {
! 228: if ((group == DBG_TLS && level <= tls_level) || level <= 1)
! 229: {
! 230: va_list args;
! 231:
! 232: va_start(args, fmt);
! 233: vfprintf(stderr, fmt, args);
! 234: fprintf(stderr, "\n");
! 235: va_end(args);
! 236: }
! 237: }
! 238:
! 239: /**
! 240: * Cleanup
! 241: */
! 242: static void cleanup()
! 243: {
! 244: lib->credmgr->remove_set(lib->credmgr, &creds->set);
! 245: creds->destroy(creds);
! 246: library_deinit();
! 247: }
! 248:
! 249: /**
! 250: * Initialize library
! 251: */
! 252: static void init()
! 253: {
! 254: library_init(NULL, "tls_test");
! 255:
! 256: dbg = dbg_tls;
! 257:
! 258: lib->plugins->load(lib->plugins, PLUGINS);
! 259:
! 260: creds = mem_cred_create();
! 261: lib->credmgr->add_set(lib->credmgr, &creds->set);
! 262:
! 263: atexit(cleanup);
! 264: }
! 265:
! 266: int main(int argc, char *argv[])
! 267: {
! 268: char *address = NULL;
! 269: bool listen = FALSE;
! 270: int port = 0, times = -1, res;
! 271: identification_t *server, *client;
! 272: tls_cache_t *cache;
! 273: host_t *host;
! 274:
! 275: init();
! 276:
! 277: while (TRUE)
! 278: {
! 279: struct option long_opts[] = {
! 280: {"help", no_argument, NULL, 'h' },
! 281: {"connect", required_argument, NULL, 'c' },
! 282: {"listen", required_argument, NULL, 'l' },
! 283: {"port", required_argument, NULL, 'p' },
! 284: {"cert", required_argument, NULL, 'x' },
! 285: {"key", required_argument, NULL, 'k' },
! 286: {"times", required_argument, NULL, 't' },
! 287: {"debug", required_argument, NULL, 'd' },
! 288: {0,0,0,0 }
! 289: };
! 290: switch (getopt_long(argc, argv, "", long_opts, NULL))
! 291: {
! 292: case EOF:
! 293: break;
! 294: case 'h':
! 295: usage(stdout, argv[0]);
! 296: return 0;
! 297: case 'x':
! 298: if (!load_certificate(optarg))
! 299: {
! 300: return 1;
! 301: }
! 302: continue;
! 303: case 'k':
! 304: if (!load_key(optarg))
! 305: {
! 306: return 1;
! 307: }
! 308: continue;
! 309: case 'l':
! 310: listen = TRUE;
! 311: /* fall */
! 312: case 'c':
! 313: if (address)
! 314: {
! 315: usage(stderr, argv[0]);
! 316: return 1;
! 317: }
! 318: address = optarg;
! 319: continue;
! 320: case 'p':
! 321: port = atoi(optarg);
! 322: continue;
! 323: case 't':
! 324: times = atoi(optarg);
! 325: continue;
! 326: case 'd':
! 327: tls_level = atoi(optarg);
! 328: continue;
! 329: default:
! 330: usage(stderr, argv[0]);
! 331: return 1;
! 332: }
! 333: break;
! 334: }
! 335: if (!port || !address)
! 336: {
! 337: usage(stderr, argv[0]);
! 338: return 1;
! 339: }
! 340: host = host_create_from_dns(address, 0, port);
! 341: if (!host)
! 342: {
! 343: DBG1(DBG_TLS, "resolving hostname %s failed", address);
! 344: return 1;
! 345: }
! 346: server = identification_create_from_string(address);
! 347: cache = tls_cache_create(100, 30);
! 348: if (listen)
! 349: {
! 350: res = serve(host, server, times, cache);
! 351: }
! 352: else
! 353: {
! 354: client = find_client_id();
! 355: res = run_client(host, server, client, times, cache);
! 356: DESTROY_IF(client);
! 357: }
! 358: cache->destroy(cache);
! 359: host->destroy(host);
! 360: server->destroy(server);
! 361: return res;
! 362: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>