Mercurial > hg > freeDiameter-dtls
comparison tests/testcnx.c @ 1181:22de21feec64
Preparing for DTLS support
author | Sebastien Decugis <sdecugis@freediameter.net> |
---|---|
date | Wed, 05 Jun 2013 19:22:26 +0800 |
parents | 1af09cc156d6 |
children | 56c36d1007b4 |
comparison
equal
deleted
inserted
replaced
1180:773498f59520 | 1181:22de21feec64 |
---|---|
546 | 546 |
547 /* Parameters to the handshake thread */ | 547 /* Parameters to the handshake thread */ |
548 struct handshake_flags { | 548 struct handshake_flags { |
549 struct cnxctx * cnx; | 549 struct cnxctx * cnx; |
550 gnutls_certificate_credentials_t creds; | 550 gnutls_certificate_credentials_t creds; |
551 int algo; | |
551 int ret; | 552 int ret; |
552 }; | 553 }; |
553 | 554 |
554 /* Handshake the client's side */ | 555 /* Handshake the client's side */ |
555 static void * handshake_thr(void * arg) | 556 static void * handshake_thr(void * arg) |
556 { | 557 { |
557 struct handshake_flags * hf = arg; | 558 struct handshake_flags * hf = arg; |
558 fd_log_threadname ( "testcnx:handshake" ); | 559 fd_log_threadname ( "testcnx:handshake" ); |
559 hf->ret = fd_cnx_handshake(hf->cnx, GNUTLS_CLIENT, NULL, hf->creds); | 560 hf->ret = fd_cnx_handshake(hf->cnx, GNUTLS_CLIENT, hf->algo, NULL, hf->creds); |
560 return NULL; | 561 return NULL; |
561 } | 562 } |
562 | 563 |
563 /* Terminate the client's connection side */ | 564 /* Terminate the client's connection side */ |
564 static void * destroy_thr(void * arg) | 565 static void * destroy_thr(void * arg) |
861 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | 862 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); |
862 free(rcv_buf); | 863 free(rcv_buf); |
863 | 864 |
864 /* At this point in legacy Diameter we start the handshake */ | 865 /* At this point in legacy Diameter we start the handshake */ |
865 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 866 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
866 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 867 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT /* No impact on TCP */, NULL, NULL) ); |
867 CHECK( 0, pthread_join(thr, NULL) ); | 868 CHECK( 0, pthread_join(thr, NULL) ); |
868 CHECK( 0, hf.ret ); | 869 CHECK( 0, hf.ret ); |
869 | 870 |
870 /* Send a few TLS protected message, and replies */ | 871 /* Send a few TLS protected message, and replies */ |
871 for (i = 0; i < 2 * NB_STREAMS; i++) { | 872 for (i = 0; i < 2 * NB_STREAMS; i++) { |
902 | 903 |
903 memset(&cf, 0, sizeof(cf)); | 904 memset(&cf, 0, sizeof(cf)); |
904 cf.proto = IPPROTO_SCTP; | 905 cf.proto = IPPROTO_SCTP; |
905 | 906 |
906 memset(&hf, 0, sizeof(hf)); | 907 memset(&hf, 0, sizeof(hf)); |
908 hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */ | |
907 | 909 |
908 /* Initialize remote certificate */ | 910 /* Initialize remote certificate */ |
909 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); | 911 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); |
910 CHECK( GNUTLS_E_SUCCESS, ret ); | 912 CHECK( GNUTLS_E_SUCCESS, ret ); |
911 /* Set the CA */ | 913 /* Set the CA */ |
946 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | 948 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); |
947 free(rcv_buf); | 949 free(rcv_buf); |
948 | 950 |
949 /* At this point in legacy Diameter we start the handshake */ | 951 /* At this point in legacy Diameter we start the handshake */ |
950 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 952 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
951 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 953 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); |
952 CHECK( 0, pthread_join(thr, NULL) ); | 954 CHECK( 0, pthread_join(thr, NULL) ); |
953 CHECK( 0, hf.ret ); | 955 CHECK( 0, hf.ret ); |
954 | 956 |
955 /* Send a few TLS protected message, and replies */ | 957 /* Send a few TLS protected message, and replies */ |
956 for (i = 0; i < 2 * NB_STREAMS; i++) { | 958 for (i = 0; i < 2 * NB_STREAMS; i++) { |
1012 CHECK( 1, client_side ? 1 : 0 ); | 1014 CHECK( 1, client_side ? 1 : 0 ); |
1013 hf.cnx = client_side; | 1015 hf.cnx = client_side; |
1014 | 1016 |
1015 /* Start the handshake directly */ | 1017 /* Start the handshake directly */ |
1016 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1018 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1017 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1019 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1018 CHECK( 0, pthread_join(thr, NULL) ); | 1020 CHECK( 0, pthread_join(thr, NULL) ); |
1019 CHECK( 0, hf.ret ); | 1021 CHECK( 0, hf.ret ); |
1020 | 1022 |
1021 /* Send a few TLS protected message, and replies */ | 1023 /* Send a few TLS protected message, and replies */ |
1022 for (i = 0; i < 2 * NB_STREAMS; i++) { | 1024 for (i = 0; i < 2 * NB_STREAMS; i++) { |
1043 gnutls_certificate_free_cas(hf.creds); | 1045 gnutls_certificate_free_cas(hf.creds); |
1044 gnutls_certificate_free_credentials(hf.creds); | 1046 gnutls_certificate_free_credentials(hf.creds); |
1045 } | 1047 } |
1046 | 1048 |
1047 #ifndef DISABLE_SCTP | 1049 #ifndef DISABLE_SCTP |
1048 /* SCTP Client / server emulating new Diameter behavior (handshake at connection directly) */ | 1050 |
1051 | |
1052 /* SCTP Client / server emulating new Diameter behavior (DTLS handshake at connection directly) */ | |
1053 TODO("Enabled after DTLS implementation"); | |
1054 if (0) | |
1049 { | 1055 { |
1050 struct connect_flags cf; | 1056 struct connect_flags cf; |
1051 struct handshake_flags hf; | 1057 struct handshake_flags hf; |
1052 | 1058 |
1053 memset(&cf, 0, sizeof(cf)); | 1059 memset(&cf, 0, sizeof(cf)); |
1077 CHECK( 1, client_side ? 1 : 0 ); | 1083 CHECK( 1, client_side ? 1 : 0 ); |
1078 hf.cnx = client_side; | 1084 hf.cnx = client_side; |
1079 | 1085 |
1080 /* Start the handshake directly */ | 1086 /* Start the handshake directly */ |
1081 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1087 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1082 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1088 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1083 CHECK( 0, pthread_join(thr, NULL) ); | 1089 CHECK( 0, pthread_join(thr, NULL) ); |
1084 CHECK( 0, hf.ret ); | 1090 CHECK( 0, hf.ret ); |
1085 | 1091 |
1086 /* Send a few TLS protected messages, and replies */ | 1092 /* Send a few TLS protected messages, and replies */ |
1087 for (i = 0; i < 2 * NB_STREAMS; i++) { | 1093 for (i = 0; i < 2 * NB_STREAMS; i++) { |
1107 /* Free the credentials */ | 1113 /* Free the credentials */ |
1108 gnutls_certificate_free_keys(hf.creds); | 1114 gnutls_certificate_free_keys(hf.creds); |
1109 gnutls_certificate_free_cas(hf.creds); | 1115 gnutls_certificate_free_cas(hf.creds); |
1110 gnutls_certificate_free_credentials(hf.creds); | 1116 gnutls_certificate_free_credentials(hf.creds); |
1111 } | 1117 } |
1112 #endif /* DISABLE_SCTP */ | 1118 |
1113 | 1119 /* SCTP Client / server emulating old intermediary Diameter behavior (TLS handshake at connection directly) */ |
1114 /* Test with different number of streams between server and client */ | |
1115 #ifndef DISABLE_SCTP | |
1116 { | 1120 { |
1117 struct connect_flags cf; | 1121 struct connect_flags cf; |
1118 struct handshake_flags hf; | 1122 struct handshake_flags hf; |
1119 | 1123 |
1120 memset(&cf, 0, sizeof(cf)); | 1124 memset(&cf, 0, sizeof(cf)); |
1121 cf.proto = IPPROTO_SCTP; | 1125 cf.proto = IPPROTO_SCTP; |
1122 | 1126 |
1123 memset(&hf, 0, sizeof(hf)); | 1127 memset(&hf, 0, sizeof(hf)); |
1128 hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */ | |
1124 | 1129 |
1125 /* Initialize remote certificate */ | 1130 /* Initialize remote certificate */ |
1126 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); | 1131 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); |
1127 CHECK( GNUTLS_E_SUCCESS, ret ); | 1132 CHECK( GNUTLS_E_SUCCESS, ret ); |
1128 /* Set the CA */ | 1133 /* Set the CA */ |
1130 CHECK( 1, ret ); | 1135 CHECK( 1, ret ); |
1131 /* Set the key */ | 1136 /* Set the key */ |
1132 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); | 1137 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); |
1133 CHECK( GNUTLS_E_SUCCESS, ret ); | 1138 CHECK( GNUTLS_E_SUCCESS, ret ); |
1134 | 1139 |
1135 /* Start the client thread with more streams than the server */ | 1140 /* Start the client thread */ |
1136 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS; | |
1137 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); | 1141 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); |
1138 | 1142 |
1139 /* Accept the connection of the client */ | 1143 /* Accept the connection of the client */ |
1140 server_side = fd_cnx_serv_accept(listener_sctp); | 1144 server_side = fd_cnx_serv_accept(listener_sctp); |
1141 CHECK( 1, server_side ? 1 : 0 ); | 1145 CHECK( 1, server_side ? 1 : 0 ); |
1145 CHECK( 1, client_side ? 1 : 0 ); | 1149 CHECK( 1, client_side ? 1 : 0 ); |
1146 hf.cnx = client_side; | 1150 hf.cnx = client_side; |
1147 | 1151 |
1148 /* Start the handshake directly */ | 1152 /* Start the handshake directly */ |
1149 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1153 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1150 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1154 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); |
1155 CHECK( 0, pthread_join(thr, NULL) ); | |
1156 CHECK( 0, hf.ret ); | |
1157 | |
1158 /* Send a few TLS protected messages, and replies */ | |
1159 for (i = 0; i < 2 * NB_STREAMS; i++) { | |
1160 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); | |
1161 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); | |
1162 CHECK( cer_sz, rcv_sz ); | |
1163 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | |
1164 free(rcv_buf); | |
1165 | |
1166 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); | |
1167 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); | |
1168 CHECK( cer_sz, rcv_sz ); | |
1169 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | |
1170 free(rcv_buf); | |
1171 } | |
1172 | |
1173 | |
1174 /* Now close the connection */ | |
1175 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | |
1176 fd_cnx_destroy(server_side); | |
1177 CHECK( 0, pthread_join(thr, NULL) ); | |
1178 | |
1179 /* Free the credentials */ | |
1180 gnutls_certificate_free_keys(hf.creds); | |
1181 gnutls_certificate_free_cas(hf.creds); | |
1182 gnutls_certificate_free_credentials(hf.creds); | |
1183 } | |
1184 #endif /* DISABLE_SCTP */ | |
1185 | |
1186 /* Test with different number of streams between server and client */ | |
1187 #ifndef DISABLE_SCTP | |
1188 /* DTLS / SCTP style */ | |
1189 TODO("Enabled after DTLS implementation"); | |
1190 if (0) | |
1191 { | |
1192 struct connect_flags cf; | |
1193 struct handshake_flags hf; | |
1194 | |
1195 memset(&cf, 0, sizeof(cf)); | |
1196 cf.proto = IPPROTO_SCTP; | |
1197 | |
1198 memset(&hf, 0, sizeof(hf)); | |
1199 | |
1200 /* Initialize remote certificate */ | |
1201 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); | |
1202 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1203 /* Set the CA */ | |
1204 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); | |
1205 CHECK( 1, ret ); | |
1206 /* Set the key */ | |
1207 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); | |
1208 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1209 | |
1210 /* Start the client thread with more streams than the server */ | |
1211 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS; | |
1212 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); | |
1213 | |
1214 /* Accept the connection of the client */ | |
1215 server_side = fd_cnx_serv_accept(listener_sctp); | |
1216 CHECK( 1, server_side ? 1 : 0 ); | |
1217 | |
1218 /* Retrieve the client connection object */ | |
1219 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); | |
1220 CHECK( 1, client_side ? 1 : 0 ); | |
1221 hf.cnx = client_side; | |
1222 | |
1223 /* Start the handshake directly */ | |
1224 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | |
1225 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); | |
1151 CHECK( 0, pthread_join(thr, NULL) ); | 1226 CHECK( 0, pthread_join(thr, NULL) ); |
1152 CHECK( 0, hf.ret ); | 1227 CHECK( 0, hf.ret ); |
1153 | 1228 |
1154 /* Send a few TLS protected message, and replies */ | 1229 /* Send a few TLS protected message, and replies */ |
1155 for (i = 0; i < 4 * NB_STREAMS; i++) { | 1230 for (i = 0; i < 4 * NB_STREAMS; i++) { |
1184 CHECK( 1, client_side ? 1 : 0 ); | 1259 CHECK( 1, client_side ? 1 : 0 ); |
1185 hf.cnx = client_side; | 1260 hf.cnx = client_side; |
1186 | 1261 |
1187 /* Start the handshake directly */ | 1262 /* Start the handshake directly */ |
1188 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1263 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1189 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1264 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1190 CHECK( 0, pthread_join(thr, NULL) ); | 1265 CHECK( 0, pthread_join(thr, NULL) ); |
1191 CHECK( 0, hf.ret ); | 1266 CHECK( 0, hf.ret ); |
1192 | 1267 |
1193 /* Send a few TLS protected message, and replies */ | 1268 /* Send a few TLS protected message, and replies */ |
1194 for (i = 0; i < 2 * NB_STREAMS; i++) { | 1269 for (i = 0; i < 2 * NB_STREAMS; i++) { |
1214 /* Free the credentials */ | 1289 /* Free the credentials */ |
1215 gnutls_certificate_free_keys(hf.creds); | 1290 gnutls_certificate_free_keys(hf.creds); |
1216 gnutls_certificate_free_cas(hf.creds); | 1291 gnutls_certificate_free_cas(hf.creds); |
1217 gnutls_certificate_free_credentials(hf.creds); | 1292 gnutls_certificate_free_credentials(hf.creds); |
1218 } | 1293 } |
1294 | |
1295 /* TLS / SCTP style */ | |
1296 { | |
1297 struct connect_flags cf; | |
1298 struct handshake_flags hf; | |
1299 | |
1300 memset(&cf, 0, sizeof(cf)); | |
1301 cf.proto = IPPROTO_SCTP; | |
1302 | |
1303 memset(&hf, 0, sizeof(hf)); | |
1304 hf.algo = ALGO_HANDSHAKE_3436; | |
1305 | |
1306 /* Initialize remote certificate */ | |
1307 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); | |
1308 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1309 /* Set the CA */ | |
1310 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); | |
1311 CHECK( 1, ret ); | |
1312 /* Set the key */ | |
1313 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); | |
1314 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1315 | |
1316 /* Start the client thread with more streams than the server */ | |
1317 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS; | |
1318 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); | |
1319 | |
1320 /* Accept the connection of the client */ | |
1321 server_side = fd_cnx_serv_accept(listener_sctp); | |
1322 CHECK( 1, server_side ? 1 : 0 ); | |
1323 | |
1324 /* Retrieve the client connection object */ | |
1325 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); | |
1326 CHECK( 1, client_side ? 1 : 0 ); | |
1327 hf.cnx = client_side; | |
1328 | |
1329 /* Start the handshake directly */ | |
1330 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | |
1331 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); | |
1332 CHECK( 0, pthread_join(thr, NULL) ); | |
1333 CHECK( 0, hf.ret ); | |
1334 | |
1335 /* Send a few TLS protected message, and replies */ | |
1336 for (i = 0; i < 4 * NB_STREAMS; i++) { | |
1337 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); | |
1338 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); | |
1339 CHECK( cer_sz, rcv_sz ); | |
1340 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | |
1341 free(rcv_buf); | |
1342 | |
1343 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); | |
1344 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); | |
1345 CHECK( cer_sz, rcv_sz ); | |
1346 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | |
1347 free(rcv_buf); | |
1348 } | |
1349 | |
1350 /* Now close the connection */ | |
1351 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | |
1352 fd_cnx_destroy(server_side); | |
1353 CHECK( 0, pthread_join(thr, NULL) ); | |
1354 | |
1355 /* Do the same test but with more streams on the server this time */ | |
1356 fd_g_config->cnf_sctp_str = NB_STREAMS / 2; | |
1357 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); | |
1358 | |
1359 /* Accept the connection of the client */ | |
1360 server_side = fd_cnx_serv_accept(listener_sctp); | |
1361 CHECK( 1, server_side ? 1 : 0 ); | |
1362 | |
1363 /* Retrieve the client connection object */ | |
1364 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); | |
1365 CHECK( 1, client_side ? 1 : 0 ); | |
1366 hf.cnx = client_side; | |
1367 | |
1368 /* Start the handshake directly */ | |
1369 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | |
1370 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); | |
1371 CHECK( 0, pthread_join(thr, NULL) ); | |
1372 CHECK( 0, hf.ret ); | |
1373 | |
1374 /* Send a few TLS protected message, and replies */ | |
1375 for (i = 0; i < 2 * NB_STREAMS; i++) { | |
1376 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); | |
1377 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); | |
1378 CHECK( cer_sz, rcv_sz ); | |
1379 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | |
1380 free(rcv_buf); | |
1381 | |
1382 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); | |
1383 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); | |
1384 CHECK( cer_sz, rcv_sz ); | |
1385 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); | |
1386 free(rcv_buf); | |
1387 } | |
1388 | |
1389 /* Now close the connection */ | |
1390 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | |
1391 fd_cnx_destroy(server_side); | |
1392 CHECK( 0, pthread_join(thr, NULL) ); | |
1393 | |
1394 | |
1395 /* Free the credentials */ | |
1396 gnutls_certificate_free_keys(hf.creds); | |
1397 gnutls_certificate_free_cas(hf.creds); | |
1398 gnutls_certificate_free_credentials(hf.creds); | |
1399 } | |
1400 | |
1219 #endif /* DISABLE_SCTP */ | 1401 #endif /* DISABLE_SCTP */ |
1220 | 1402 |
1221 | 1403 |
1222 /* Basic operation tested successfully, now test we detect error conditions */ | 1404 /* Basic operation tested successfully, now test we detect error conditions */ |
1223 | 1405 |
1254 CHECK( 1, client_side ? 1 : 0 ); | 1436 CHECK( 1, client_side ? 1 : 0 ); |
1255 hf.cnx = client_side; | 1437 hf.cnx = client_side; |
1256 | 1438 |
1257 /* Start the handshake directly */ | 1439 /* Start the handshake directly */ |
1258 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1440 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1259 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1441 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1260 fd_cnx_destroy(server_side); | 1442 fd_cnx_destroy(server_side); |
1261 | 1443 |
1262 CHECK( 0, pthread_join(thr, NULL) ); | 1444 CHECK( 0, pthread_join(thr, NULL) ); |
1263 | 1445 |
1264 /* Now close the connection */ | 1446 /* Now close the connection */ |
1271 gnutls_certificate_free_credentials(hf.creds); | 1453 gnutls_certificate_free_credentials(hf.creds); |
1272 } | 1454 } |
1273 | 1455 |
1274 /* Same in SCTP */ | 1456 /* Same in SCTP */ |
1275 #ifndef DISABLE_SCTP | 1457 #ifndef DISABLE_SCTP |
1458 /* DTLS */ | |
1459 TODO("Enabled after DTLS implementation"); | |
1460 if (0) | |
1276 { | 1461 { |
1277 struct connect_flags cf; | 1462 struct connect_flags cf; |
1278 struct handshake_flags hf; | 1463 struct handshake_flags hf; |
1279 | 1464 |
1280 memset(&cf, 0, sizeof(cf)); | 1465 memset(&cf, 0, sizeof(cf)); |
1305 CHECK( 1, client_side ? 1 : 0 ); | 1490 CHECK( 1, client_side ? 1 : 0 ); |
1306 hf.cnx = client_side; | 1491 hf.cnx = client_side; |
1307 | 1492 |
1308 /* Start the handshake directly */ | 1493 /* Start the handshake directly */ |
1309 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1494 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1310 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1495 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1496 fd_cnx_destroy(server_side); | |
1497 CHECK( 0, pthread_join(thr, NULL) ); | |
1498 | |
1499 /* Now close the connection */ | |
1500 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | |
1501 CHECK( 0, pthread_join(thr, NULL) ); | |
1502 | |
1503 /* Free the credentials */ | |
1504 gnutls_certificate_free_keys(hf.creds); | |
1505 gnutls_certificate_free_cas(hf.creds); | |
1506 gnutls_certificate_free_credentials(hf.creds); | |
1507 } | |
1508 | |
1509 /* TLS */ | |
1510 { | |
1511 struct connect_flags cf; | |
1512 struct handshake_flags hf; | |
1513 | |
1514 memset(&cf, 0, sizeof(cf)); | |
1515 cf.proto = IPPROTO_SCTP; | |
1516 | |
1517 memset(&hf, 0, sizeof(hf)); | |
1518 hf.algo = ALGO_HANDSHAKE_3436; | |
1519 | |
1520 /* Initialize remote certificate */ | |
1521 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); | |
1522 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1523 /* Set the CA */ | |
1524 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); | |
1525 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); | |
1526 CHECK( 1, ret ); | |
1527 /* Set the key */ | |
1528 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); | |
1529 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1530 | |
1531 /* Start the client thread */ | |
1532 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); | |
1533 | |
1534 /* Accept the connection of the client */ | |
1535 server_side = fd_cnx_serv_accept(listener_sctp); | |
1536 CHECK( 1, server_side ? 1 : 0 ); | |
1537 | |
1538 /* Retrieve the client connection object */ | |
1539 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); | |
1540 CHECK( 1, client_side ? 1 : 0 ); | |
1541 hf.cnx = client_side; | |
1542 | |
1543 /* Start the handshake directly */ | |
1544 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | |
1545 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); | |
1311 fd_cnx_destroy(server_side); | 1546 fd_cnx_destroy(server_side); |
1312 CHECK( 0, pthread_join(thr, NULL) ); | 1547 CHECK( 0, pthread_join(thr, NULL) ); |
1313 | 1548 |
1314 /* Now close the connection */ | 1549 /* Now close the connection */ |
1315 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | 1550 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); |
1354 CHECK( 1, client_side ? 1 : 0 ); | 1589 CHECK( 1, client_side ? 1 : 0 ); |
1355 hf.cnx = client_side; | 1590 hf.cnx = client_side; |
1356 | 1591 |
1357 /* Start the handshake directly */ | 1592 /* Start the handshake directly */ |
1358 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1593 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1359 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1594 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1360 fd_cnx_destroy(server_side); | 1595 fd_cnx_destroy(server_side); |
1361 CHECK( 0, pthread_join(thr, NULL) ); | 1596 CHECK( 0, pthread_join(thr, NULL) ); |
1362 | 1597 |
1363 /* Now close the connection */ | 1598 /* Now close the connection */ |
1364 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | 1599 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); |
1406 /* Set the correct hostname we expect from the client (in the server) */ | 1641 /* Set the correct hostname we expect from the client (in the server) */ |
1407 fd_cnx_sethostname(server_side, "client.test"); | 1642 fd_cnx_sethostname(server_side, "client.test"); |
1408 | 1643 |
1409 /* Start the handshake, check it is successful */ | 1644 /* Start the handshake, check it is successful */ |
1410 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1645 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1411 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1646 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1412 CHECK( 0, pthread_join(thr, NULL) ); | 1647 CHECK( 0, pthread_join(thr, NULL) ); |
1413 CHECK( 0, hf.ret ); | 1648 CHECK( 0, hf.ret ); |
1414 | 1649 |
1415 /* Now close the connection */ | 1650 /* Now close the connection */ |
1416 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | 1651 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); |
1432 /* Set the correct hostname we expect from the client (in the server) */ | 1667 /* Set the correct hostname we expect from the client (in the server) */ |
1433 fd_cnx_sethostname(server_side, "nomatch.test"); | 1668 fd_cnx_sethostname(server_side, "nomatch.test"); |
1434 | 1669 |
1435 /* Start the handshake, check it is successful */ | 1670 /* Start the handshake, check it is successful */ |
1436 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1671 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1437 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1672 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1438 fd_cnx_destroy(server_side); | 1673 fd_cnx_destroy(server_side); |
1439 CHECK( 0, pthread_join(thr, NULL) ); | 1674 CHECK( 0, pthread_join(thr, NULL) ); |
1440 | 1675 |
1441 /* Now close the connection */ | 1676 /* Now close the connection */ |
1442 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | 1677 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); |
1486 CHECK( 1, client_side ? 1 : 0 ); | 1721 CHECK( 1, client_side ? 1 : 0 ); |
1487 hf.cnx = client_side; | 1722 hf.cnx = client_side; |
1488 | 1723 |
1489 /* Start the handshake */ | 1724 /* Start the handshake */ |
1490 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1725 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1491 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1726 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1492 CHECK( 0, pthread_join(thr, NULL) ); | 1727 CHECK( 0, pthread_join(thr, NULL) ); |
1493 CHECK( 0, hf.ret ); | 1728 CHECK( 0, hf.ret ); |
1494 | 1729 |
1495 /* Test some simple functions */ | 1730 /* Test some simple functions */ |
1496 | 1731 |
1540 gnutls_certificate_free_credentials(hf.creds); | 1775 gnutls_certificate_free_credentials(hf.creds); |
1541 } | 1776 } |
1542 | 1777 |
1543 #ifndef DISABLE_SCTP | 1778 #ifndef DISABLE_SCTP |
1544 /* And re-test with a SCTP connection */ | 1779 /* And re-test with a SCTP connection */ |
1780 TODO("Enabled after DTLS implementation"); | |
1781 if (0) | |
1545 { | 1782 { |
1546 struct connect_flags cf; | 1783 struct connect_flags cf; |
1547 struct handshake_flags hf; | 1784 struct handshake_flags hf; |
1548 char * str; | 1785 char * str; |
1549 const gnutls_datum_t *cert_list; | 1786 const gnutls_datum_t *cert_list; |
1579 CHECK( 1, client_side ? 1 : 0 ); | 1816 CHECK( 1, client_side ? 1 : 0 ); |
1580 hf.cnx = client_side; | 1817 hf.cnx = client_side; |
1581 | 1818 |
1582 /* Start the handshake */ | 1819 /* Start the handshake */ |
1583 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | 1820 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); |
1584 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); | 1821 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); |
1585 CHECK( 0, pthread_join(thr, NULL) ); | 1822 CHECK( 0, pthread_join(thr, NULL) ); |
1586 CHECK( 0, hf.ret ); | 1823 CHECK( 0, hf.ret ); |
1587 | 1824 |
1588 /* Test some simple functions */ | 1825 /* Test some simple functions */ |
1589 | 1826 |
1630 /* Free the credentials */ | 1867 /* Free the credentials */ |
1631 gnutls_certificate_free_keys(hf.creds); | 1868 gnutls_certificate_free_keys(hf.creds); |
1632 gnutls_certificate_free_cas(hf.creds); | 1869 gnutls_certificate_free_cas(hf.creds); |
1633 gnutls_certificate_free_credentials(hf.creds); | 1870 gnutls_certificate_free_credentials(hf.creds); |
1634 } | 1871 } |
1872 | |
1873 /* TLS */ | |
1874 { | |
1875 struct connect_flags cf; | |
1876 struct handshake_flags hf; | |
1877 char * str; | |
1878 const gnutls_datum_t *cert_list; | |
1879 unsigned int cert_list_size; | |
1880 struct fifo * myfifo = NULL; | |
1881 struct timespec now; | |
1882 int ev_code; | |
1883 | |
1884 memset(&cf, 0, sizeof(cf)); | |
1885 cf.proto = IPPROTO_SCTP; | |
1886 | |
1887 memset(&hf, 0, sizeof(hf)); | |
1888 hf.algo = ALGO_HANDSHAKE_3436; | |
1889 | |
1890 /* Initialize remote certificate */ | |
1891 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); | |
1892 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1893 /* Set the CA */ | |
1894 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); | |
1895 CHECK( 1, ret ); | |
1896 /* Set the key */ | |
1897 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); | |
1898 CHECK( GNUTLS_E_SUCCESS, ret ); | |
1899 | |
1900 /* Start the client thread */ | |
1901 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); | |
1902 | |
1903 /* Accept the connection of the client */ | |
1904 server_side = fd_cnx_serv_accept(listener_sctp); | |
1905 CHECK( 1, server_side ? 1 : 0 ); | |
1906 | |
1907 /* Retrieve the client connection object */ | |
1908 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); | |
1909 CHECK( 1, client_side ? 1 : 0 ); | |
1910 hf.cnx = client_side; | |
1911 | |
1912 /* Start the handshake */ | |
1913 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); | |
1914 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); | |
1915 CHECK( 0, pthread_join(thr, NULL) ); | |
1916 CHECK( 0, hf.ret ); | |
1917 | |
1918 /* Test some simple functions */ | |
1919 | |
1920 /* fd_cnx_getid */ | |
1921 str = fd_cnx_getid(server_side); | |
1922 CHECK( 1, str ? 1 : 0 ); | |
1923 CHECK( 1, (str[0] != '\0') ? 1 : 0 ); | |
1924 | |
1925 /* fd_cnx_getproto */ | |
1926 i = fd_cnx_getproto(server_side); | |
1927 CHECK( IPPROTO_SCTP, i); | |
1928 | |
1929 /* fd_cnx_getTLS */ | |
1930 i = fd_cnx_getTLS(server_side); | |
1931 CHECK( 1, i ? 1 : 0 ); | |
1932 | |
1933 /* fd_cnx_getcred */ | |
1934 CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) ); | |
1935 CHECK( 1, (cert_list_size > 0) ? 1 : 0 ); | |
1936 /* We could also verify that the cert_list really contains the client_cert and ca certificates */ | |
1937 | |
1938 /* fd_cnx_getremoteid */ | |
1939 str = fd_cnx_getremoteid(server_side); | |
1940 CHECK( 1, str ? 1 : 0 ); | |
1941 CHECK( 1, (str[0] != '\0') ? 1 : 0 ); | |
1942 | |
1943 /* fd_cnx_recv_setaltfifo */ | |
1944 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); | |
1945 CHECK( 0, fd_fifo_new(&myfifo, 0) ); | |
1946 CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) ); | |
1947 CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) ); | |
1948 do { | |
1949 CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) ); | |
1950 free(rcv_buf); | |
1951 } while (ev_code != FDEVP_CNX_MSG_RECV); | |
1952 | |
1953 /* Now close the connection */ | |
1954 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); | |
1955 fd_cnx_destroy(server_side); | |
1956 CHECK( 0, pthread_join(thr, NULL) ); | |
1957 | |
1958 fd_event_destroy(&myfifo, free); | |
1959 | |
1960 /* Free the credentials */ | |
1961 gnutls_certificate_free_keys(hf.creds); | |
1962 gnutls_certificate_free_cas(hf.creds); | |
1963 gnutls_certificate_free_credentials(hf.creds); | |
1964 } | |
1635 #endif /* DISABLE_SCTP */ | 1965 #endif /* DISABLE_SCTP */ |
1636 | 1966 |
1637 | 1967 |
1638 /* Destroy the servers */ | 1968 /* Destroy the servers */ |
1639 { | 1969 { |