Mercurial > hg > freeDiameter-dtls

comparison tests/testcnx.c @ 1181:22de21feec64

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Preparing for DTLS support
author Sebastien Decugis <sdecugis@freediameter.net>
date Wed, 05 Jun 2013 19:22:26 +0800
parents 1af09cc156d6
children 56c36d1007b4
comparison
equal deleted inserted replaced
1180:773498f59520 1181:22de21feec64
546 546
547 /* Parameters to the handshake thread */ 547 /* Parameters to the handshake thread */
548 struct handshake_flags { 548 struct handshake_flags {
549 struct cnxctx * cnx; 549 struct cnxctx * cnx;
550 gnutls_certificate_credentials_t creds; 550 gnutls_certificate_credentials_t creds;
551 int algo;
551 int ret; 552 int ret;
552 }; 553 };
553 554
554 /* Handshake the client's side */ 555 /* Handshake the client's side */
555 static void * handshake_thr(void * arg) 556 static void * handshake_thr(void * arg)
556 { 557 {
557 struct handshake_flags * hf = arg; 558 struct handshake_flags * hf = arg;
558 fd_log_threadname ( "testcnx:handshake" ); 559 fd_log_threadname ( "testcnx:handshake" );
559 hf->ret = fd_cnx_handshake(hf->cnx, GNUTLS_CLIENT, NULL, hf->creds); 560 hf->ret = fd_cnx_handshake(hf->cnx, GNUTLS_CLIENT, hf->algo, NULL, hf->creds);
560 return NULL; 561 return NULL;
561 } 562 }
562 563
563 /* Terminate the client's connection side */ 564 /* Terminate the client's connection side */
564 static void * destroy_thr(void * arg) 565 static void * destroy_thr(void * arg)
861 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); 862 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
862 free(rcv_buf); 863 free(rcv_buf);
863 864
864 /* At this point in legacy Diameter we start the handshake */ 865 /* At this point in legacy Diameter we start the handshake */
865 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 866 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
866 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 867 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT /* No impact on TCP */, NULL, NULL) );
867 CHECK( 0, pthread_join(thr, NULL) ); 868 CHECK( 0, pthread_join(thr, NULL) );
868 CHECK( 0, hf.ret ); 869 CHECK( 0, hf.ret );
869 870
870 /* Send a few TLS protected message, and replies */ 871 /* Send a few TLS protected message, and replies */
871 for (i = 0; i < 2 * NB_STREAMS; i++) { 872 for (i = 0; i < 2 * NB_STREAMS; i++) {
902 903
903 memset(&cf, 0, sizeof(cf)); 904 memset(&cf, 0, sizeof(cf));
904 cf.proto = IPPROTO_SCTP; 905 cf.proto = IPPROTO_SCTP;
905 906
906 memset(&hf, 0, sizeof(hf)); 907 memset(&hf, 0, sizeof(hf));
908 hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */
907 909
908 /* Initialize remote certificate */ 910 /* Initialize remote certificate */
909 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); 911 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
910 CHECK( GNUTLS_E_SUCCESS, ret ); 912 CHECK( GNUTLS_E_SUCCESS, ret );
911 /* Set the CA */ 913 /* Set the CA */
946 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); 948 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
947 free(rcv_buf); 949 free(rcv_buf);
948 950
949 /* At this point in legacy Diameter we start the handshake */ 951 /* At this point in legacy Diameter we start the handshake */
950 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 952 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
951 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 953 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
952 CHECK( 0, pthread_join(thr, NULL) ); 954 CHECK( 0, pthread_join(thr, NULL) );
953 CHECK( 0, hf.ret ); 955 CHECK( 0, hf.ret );
954 956
955 /* Send a few TLS protected message, and replies */ 957 /* Send a few TLS protected message, and replies */
956 for (i = 0; i < 2 * NB_STREAMS; i++) { 958 for (i = 0; i < 2 * NB_STREAMS; i++) {
1012 CHECK( 1, client_side ? 1 : 0 ); 1014 CHECK( 1, client_side ? 1 : 0 );
1013 hf.cnx = client_side; 1015 hf.cnx = client_side;
1014 1016
1015 /* Start the handshake directly */ 1017 /* Start the handshake directly */
1016 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1018 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1017 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1019 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1018 CHECK( 0, pthread_join(thr, NULL) ); 1020 CHECK( 0, pthread_join(thr, NULL) );
1019 CHECK( 0, hf.ret ); 1021 CHECK( 0, hf.ret );
1020 1022
1021 /* Send a few TLS protected message, and replies */ 1023 /* Send a few TLS protected message, and replies */
1022 for (i = 0; i < 2 * NB_STREAMS; i++) { 1024 for (i = 0; i < 2 * NB_STREAMS; i++) {
1043 gnutls_certificate_free_cas(hf.creds); 1045 gnutls_certificate_free_cas(hf.creds);
1044 gnutls_certificate_free_credentials(hf.creds); 1046 gnutls_certificate_free_credentials(hf.creds);
1045 } 1047 }
1046 1048
1047 #ifndef DISABLE_SCTP 1049 #ifndef DISABLE_SCTP
1048 /* SCTP Client / server emulating new Diameter behavior (handshake at connection directly) */ 1050
1051
1052 /* SCTP Client / server emulating new Diameter behavior (DTLS handshake at connection directly) */
1053 TODO("Enabled after DTLS implementation");
1054 if (0)
1049 { 1055 {
1050 struct connect_flags cf; 1056 struct connect_flags cf;
1051 struct handshake_flags hf; 1057 struct handshake_flags hf;
1052 1058
1053 memset(&cf, 0, sizeof(cf)); 1059 memset(&cf, 0, sizeof(cf));
1077 CHECK( 1, client_side ? 1 : 0 ); 1083 CHECK( 1, client_side ? 1 : 0 );
1078 hf.cnx = client_side; 1084 hf.cnx = client_side;
1079 1085
1080 /* Start the handshake directly */ 1086 /* Start the handshake directly */
1081 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1087 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1082 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1088 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1083 CHECK( 0, pthread_join(thr, NULL) ); 1089 CHECK( 0, pthread_join(thr, NULL) );
1084 CHECK( 0, hf.ret ); 1090 CHECK( 0, hf.ret );
1085 1091
1086 /* Send a few TLS protected messages, and replies */ 1092 /* Send a few TLS protected messages, and replies */
1087 for (i = 0; i < 2 * NB_STREAMS; i++) { 1093 for (i = 0; i < 2 * NB_STREAMS; i++) {
1107 /* Free the credentials */ 1113 /* Free the credentials */
1108 gnutls_certificate_free_keys(hf.creds); 1114 gnutls_certificate_free_keys(hf.creds);
1109 gnutls_certificate_free_cas(hf.creds); 1115 gnutls_certificate_free_cas(hf.creds);
1110 gnutls_certificate_free_credentials(hf.creds); 1116 gnutls_certificate_free_credentials(hf.creds);
1111 } 1117 }
1112 #endif /* DISABLE_SCTP */ 1118
1113 1119 /* SCTP Client / server emulating old intermediary Diameter behavior (TLS handshake at connection directly) */
1114 /* Test with different number of streams between server and client */
1115 #ifndef DISABLE_SCTP
1116 { 1120 {
1117 struct connect_flags cf; 1121 struct connect_flags cf;
1118 struct handshake_flags hf; 1122 struct handshake_flags hf;
1119 1123
1120 memset(&cf, 0, sizeof(cf)); 1124 memset(&cf, 0, sizeof(cf));
1121 cf.proto = IPPROTO_SCTP; 1125 cf.proto = IPPROTO_SCTP;
1122 1126
1123 memset(&hf, 0, sizeof(hf)); 1127 memset(&hf, 0, sizeof(hf));
1128 hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */
1124 1129
1125 /* Initialize remote certificate */ 1130 /* Initialize remote certificate */
1126 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); 1131 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1127 CHECK( GNUTLS_E_SUCCESS, ret ); 1132 CHECK( GNUTLS_E_SUCCESS, ret );
1128 /* Set the CA */ 1133 /* Set the CA */
1130 CHECK( 1, ret ); 1135 CHECK( 1, ret );
1131 /* Set the key */ 1136 /* Set the key */
1132 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); 1137 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1133 CHECK( GNUTLS_E_SUCCESS, ret ); 1138 CHECK( GNUTLS_E_SUCCESS, ret );
1134 1139
1135 /* Start the client thread with more streams than the server */ 1140 /* Start the client thread */
1136 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS;
1137 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); 1141 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1138 1142
1139 /* Accept the connection of the client */ 1143 /* Accept the connection of the client */
1140 server_side = fd_cnx_serv_accept(listener_sctp); 1144 server_side = fd_cnx_serv_accept(listener_sctp);
1141 CHECK( 1, server_side ? 1 : 0 ); 1145 CHECK( 1, server_side ? 1 : 0 );
1145 CHECK( 1, client_side ? 1 : 0 ); 1149 CHECK( 1, client_side ? 1 : 0 );
1146 hf.cnx = client_side; 1150 hf.cnx = client_side;
1147 1151
1148 /* Start the handshake directly */ 1152 /* Start the handshake directly */
1149 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1153 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1150 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1154 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1155 CHECK( 0, pthread_join(thr, NULL) );
1156 CHECK( 0, hf.ret );
1157
1158 /* Send a few TLS protected messages, and replies */
1159 for (i = 0; i < 2 * NB_STREAMS; i++) {
1160 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0));
1161 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1162 CHECK( cer_sz, rcv_sz );
1163 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1164 free(rcv_buf);
1165
1166 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0));
1167 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1168 CHECK( cer_sz, rcv_sz );
1169 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1170 free(rcv_buf);
1171 }
1172
1173
1174 /* Now close the connection */
1175 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1176 fd_cnx_destroy(server_side);
1177 CHECK( 0, pthread_join(thr, NULL) );
1178
1179 /* Free the credentials */
1180 gnutls_certificate_free_keys(hf.creds);
1181 gnutls_certificate_free_cas(hf.creds);
1182 gnutls_certificate_free_credentials(hf.creds);
1183 }
1184 #endif /* DISABLE_SCTP */
1185
1186 /* Test with different number of streams between server and client */
1187 #ifndef DISABLE_SCTP
1188 /* DTLS / SCTP style */
1189 TODO("Enabled after DTLS implementation");
1190 if (0)
1191 {
1192 struct connect_flags cf;
1193 struct handshake_flags hf;
1194
1195 memset(&cf, 0, sizeof(cf));
1196 cf.proto = IPPROTO_SCTP;
1197
1198 memset(&hf, 0, sizeof(hf));
1199
1200 /* Initialize remote certificate */
1201 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1202 CHECK( GNUTLS_E_SUCCESS, ret );
1203 /* Set the CA */
1204 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1205 CHECK( 1, ret );
1206 /* Set the key */
1207 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1208 CHECK( GNUTLS_E_SUCCESS, ret );
1209
1210 /* Start the client thread with more streams than the server */
1211 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS;
1212 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1213
1214 /* Accept the connection of the client */
1215 server_side = fd_cnx_serv_accept(listener_sctp);
1216 CHECK( 1, server_side ? 1 : 0 );
1217
1218 /* Retrieve the client connection object */
1219 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1220 CHECK( 1, client_side ? 1 : 0 );
1221 hf.cnx = client_side;
1222
1223 /* Start the handshake directly */
1224 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1225 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1151 CHECK( 0, pthread_join(thr, NULL) ); 1226 CHECK( 0, pthread_join(thr, NULL) );
1152 CHECK( 0, hf.ret ); 1227 CHECK( 0, hf.ret );
1153 1228
1154 /* Send a few TLS protected message, and replies */ 1229 /* Send a few TLS protected message, and replies */
1155 for (i = 0; i < 4 * NB_STREAMS; i++) { 1230 for (i = 0; i < 4 * NB_STREAMS; i++) {
1184 CHECK( 1, client_side ? 1 : 0 ); 1259 CHECK( 1, client_side ? 1 : 0 );
1185 hf.cnx = client_side; 1260 hf.cnx = client_side;
1186 1261
1187 /* Start the handshake directly */ 1262 /* Start the handshake directly */
1188 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1263 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1189 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1264 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1190 CHECK( 0, pthread_join(thr, NULL) ); 1265 CHECK( 0, pthread_join(thr, NULL) );
1191 CHECK( 0, hf.ret ); 1266 CHECK( 0, hf.ret );
1192 1267
1193 /* Send a few TLS protected message, and replies */ 1268 /* Send a few TLS protected message, and replies */
1194 for (i = 0; i < 2 * NB_STREAMS; i++) { 1269 for (i = 0; i < 2 * NB_STREAMS; i++) {
1214 /* Free the credentials */ 1289 /* Free the credentials */
1215 gnutls_certificate_free_keys(hf.creds); 1290 gnutls_certificate_free_keys(hf.creds);
1216 gnutls_certificate_free_cas(hf.creds); 1291 gnutls_certificate_free_cas(hf.creds);
1217 gnutls_certificate_free_credentials(hf.creds); 1292 gnutls_certificate_free_credentials(hf.creds);
1218 } 1293 }
1294
1295 /* TLS / SCTP style */
1296 {
1297 struct connect_flags cf;
1298 struct handshake_flags hf;
1299
1300 memset(&cf, 0, sizeof(cf));
1301 cf.proto = IPPROTO_SCTP;
1302
1303 memset(&hf, 0, sizeof(hf));
1304 hf.algo = ALGO_HANDSHAKE_3436;
1305
1306 /* Initialize remote certificate */
1307 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1308 CHECK( GNUTLS_E_SUCCESS, ret );
1309 /* Set the CA */
1310 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1311 CHECK( 1, ret );
1312 /* Set the key */
1313 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1314 CHECK( GNUTLS_E_SUCCESS, ret );
1315
1316 /* Start the client thread with more streams than the server */
1317 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS;
1318 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1319
1320 /* Accept the connection of the client */
1321 server_side = fd_cnx_serv_accept(listener_sctp);
1322 CHECK( 1, server_side ? 1 : 0 );
1323
1324 /* Retrieve the client connection object */
1325 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1326 CHECK( 1, client_side ? 1 : 0 );
1327 hf.cnx = client_side;
1328
1329 /* Start the handshake directly */
1330 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1331 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1332 CHECK( 0, pthread_join(thr, NULL) );
1333 CHECK( 0, hf.ret );
1334
1335 /* Send a few TLS protected message, and replies */
1336 for (i = 0; i < 4 * NB_STREAMS; i++) {
1337 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0));
1338 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1339 CHECK( cer_sz, rcv_sz );
1340 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1341 free(rcv_buf);
1342
1343 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0));
1344 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1345 CHECK( cer_sz, rcv_sz );
1346 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1347 free(rcv_buf);
1348 }
1349
1350 /* Now close the connection */
1351 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1352 fd_cnx_destroy(server_side);
1353 CHECK( 0, pthread_join(thr, NULL) );
1354
1355 /* Do the same test but with more streams on the server this time */
1356 fd_g_config->cnf_sctp_str = NB_STREAMS / 2;
1357 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1358
1359 /* Accept the connection of the client */
1360 server_side = fd_cnx_serv_accept(listener_sctp);
1361 CHECK( 1, server_side ? 1 : 0 );
1362
1363 /* Retrieve the client connection object */
1364 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1365 CHECK( 1, client_side ? 1 : 0 );
1366 hf.cnx = client_side;
1367
1368 /* Start the handshake directly */
1369 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1370 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1371 CHECK( 0, pthread_join(thr, NULL) );
1372 CHECK( 0, hf.ret );
1373
1374 /* Send a few TLS protected message, and replies */
1375 for (i = 0; i < 2 * NB_STREAMS; i++) {
1376 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0));
1377 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1378 CHECK( cer_sz, rcv_sz );
1379 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1380 free(rcv_buf);
1381
1382 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0));
1383 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1384 CHECK( cer_sz, rcv_sz );
1385 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1386 free(rcv_buf);
1387 }
1388
1389 /* Now close the connection */
1390 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1391 fd_cnx_destroy(server_side);
1392 CHECK( 0, pthread_join(thr, NULL) );
1393
1394
1395 /* Free the credentials */
1396 gnutls_certificate_free_keys(hf.creds);
1397 gnutls_certificate_free_cas(hf.creds);
1398 gnutls_certificate_free_credentials(hf.creds);
1399 }
1400
1219 #endif /* DISABLE_SCTP */ 1401 #endif /* DISABLE_SCTP */
1220 1402
1221 1403
1222 /* Basic operation tested successfully, now test we detect error conditions */ 1404 /* Basic operation tested successfully, now test we detect error conditions */
1223 1405
1254 CHECK( 1, client_side ? 1 : 0 ); 1436 CHECK( 1, client_side ? 1 : 0 );
1255 hf.cnx = client_side; 1437 hf.cnx = client_side;
1256 1438
1257 /* Start the handshake directly */ 1439 /* Start the handshake directly */
1258 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1440 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1259 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1441 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1260 fd_cnx_destroy(server_side); 1442 fd_cnx_destroy(server_side);
1261 1443
1262 CHECK( 0, pthread_join(thr, NULL) ); 1444 CHECK( 0, pthread_join(thr, NULL) );
1263 1445
1264 /* Now close the connection */ 1446 /* Now close the connection */
1271 gnutls_certificate_free_credentials(hf.creds); 1453 gnutls_certificate_free_credentials(hf.creds);
1272 } 1454 }
1273 1455
1274 /* Same in SCTP */ 1456 /* Same in SCTP */
1275 #ifndef DISABLE_SCTP 1457 #ifndef DISABLE_SCTP
1458 /* DTLS */
1459 TODO("Enabled after DTLS implementation");
1460 if (0)
1276 { 1461 {
1277 struct connect_flags cf; 1462 struct connect_flags cf;
1278 struct handshake_flags hf; 1463 struct handshake_flags hf;
1279 1464
1280 memset(&cf, 0, sizeof(cf)); 1465 memset(&cf, 0, sizeof(cf));
1305 CHECK( 1, client_side ? 1 : 0 ); 1490 CHECK( 1, client_side ? 1 : 0 );
1306 hf.cnx = client_side; 1491 hf.cnx = client_side;
1307 1492
1308 /* Start the handshake directly */ 1493 /* Start the handshake directly */
1309 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1494 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1310 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1495 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1496 fd_cnx_destroy(server_side);
1497 CHECK( 0, pthread_join(thr, NULL) );
1498
1499 /* Now close the connection */
1500 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1501 CHECK( 0, pthread_join(thr, NULL) );
1502
1503 /* Free the credentials */
1504 gnutls_certificate_free_keys(hf.creds);
1505 gnutls_certificate_free_cas(hf.creds);
1506 gnutls_certificate_free_credentials(hf.creds);
1507 }
1508
1509 /* TLS */
1510 {
1511 struct connect_flags cf;
1512 struct handshake_flags hf;
1513
1514 memset(&cf, 0, sizeof(cf));
1515 cf.proto = IPPROTO_SCTP;
1516
1517 memset(&hf, 0, sizeof(hf));
1518 hf.algo = ALGO_HANDSHAKE_3436;
1519
1520 /* Initialize remote certificate */
1521 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1522 CHECK( GNUTLS_E_SUCCESS, ret );
1523 /* Set the CA */
1524 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &notrust_ca, GNUTLS_X509_FMT_PEM), );
1525 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1526 CHECK( 1, ret );
1527 /* Set the key */
1528 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &notrust_cert, &notrust_priv, GNUTLS_X509_FMT_PEM), );
1529 CHECK( GNUTLS_E_SUCCESS, ret );
1530
1531 /* Start the client thread */
1532 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1533
1534 /* Accept the connection of the client */
1535 server_side = fd_cnx_serv_accept(listener_sctp);
1536 CHECK( 1, server_side ? 1 : 0 );
1537
1538 /* Retrieve the client connection object */
1539 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1540 CHECK( 1, client_side ? 1 : 0 );
1541 hf.cnx = client_side;
1542
1543 /* Start the handshake directly */
1544 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1545 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1311 fd_cnx_destroy(server_side); 1546 fd_cnx_destroy(server_side);
1312 CHECK( 0, pthread_join(thr, NULL) ); 1547 CHECK( 0, pthread_join(thr, NULL) );
1313 1548
1314 /* Now close the connection */ 1549 /* Now close the connection */
1315 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); 1550 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1354 CHECK( 1, client_side ? 1 : 0 ); 1589 CHECK( 1, client_side ? 1 : 0 );
1355 hf.cnx = client_side; 1590 hf.cnx = client_side;
1356 1591
1357 /* Start the handshake directly */ 1592 /* Start the handshake directly */
1358 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1593 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1359 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1594 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1360 fd_cnx_destroy(server_side); 1595 fd_cnx_destroy(server_side);
1361 CHECK( 0, pthread_join(thr, NULL) ); 1596 CHECK( 0, pthread_join(thr, NULL) );
1362 1597
1363 /* Now close the connection */ 1598 /* Now close the connection */
1364 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); 1599 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1406 /* Set the correct hostname we expect from the client (in the server) */ 1641 /* Set the correct hostname we expect from the client (in the server) */
1407 fd_cnx_sethostname(server_side, "client.test"); 1642 fd_cnx_sethostname(server_side, "client.test");
1408 1643
1409 /* Start the handshake, check it is successful */ 1644 /* Start the handshake, check it is successful */
1410 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1645 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1411 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1646 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1412 CHECK( 0, pthread_join(thr, NULL) ); 1647 CHECK( 0, pthread_join(thr, NULL) );
1413 CHECK( 0, hf.ret ); 1648 CHECK( 0, hf.ret );
1414 1649
1415 /* Now close the connection */ 1650 /* Now close the connection */
1416 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); 1651 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1432 /* Set the correct hostname we expect from the client (in the server) */ 1667 /* Set the correct hostname we expect from the client (in the server) */
1433 fd_cnx_sethostname(server_side, "nomatch.test"); 1668 fd_cnx_sethostname(server_side, "nomatch.test");
1434 1669
1435 /* Start the handshake, check it is successful */ 1670 /* Start the handshake, check it is successful */
1436 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1671 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1437 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1672 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1438 fd_cnx_destroy(server_side); 1673 fd_cnx_destroy(server_side);
1439 CHECK( 0, pthread_join(thr, NULL) ); 1674 CHECK( 0, pthread_join(thr, NULL) );
1440 1675
1441 /* Now close the connection */ 1676 /* Now close the connection */
1442 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); 1677 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1486 CHECK( 1, client_side ? 1 : 0 ); 1721 CHECK( 1, client_side ? 1 : 0 );
1487 hf.cnx = client_side; 1722 hf.cnx = client_side;
1488 1723
1489 /* Start the handshake */ 1724 /* Start the handshake */
1490 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1725 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1491 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1726 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1492 CHECK( 0, pthread_join(thr, NULL) ); 1727 CHECK( 0, pthread_join(thr, NULL) );
1493 CHECK( 0, hf.ret ); 1728 CHECK( 0, hf.ret );
1494 1729
1495 /* Test some simple functions */ 1730 /* Test some simple functions */
1496 1731
1540 gnutls_certificate_free_credentials(hf.creds); 1775 gnutls_certificate_free_credentials(hf.creds);
1541 } 1776 }
1542 1777
1543 #ifndef DISABLE_SCTP 1778 #ifndef DISABLE_SCTP
1544 /* And re-test with a SCTP connection */ 1779 /* And re-test with a SCTP connection */
1780 TODO("Enabled after DTLS implementation");
1781 if (0)
1545 { 1782 {
1546 struct connect_flags cf; 1783 struct connect_flags cf;
1547 struct handshake_flags hf; 1784 struct handshake_flags hf;
1548 char * str; 1785 char * str;
1549 const gnutls_datum_t *cert_list; 1786 const gnutls_datum_t *cert_list;
1579 CHECK( 1, client_side ? 1 : 0 ); 1816 CHECK( 1, client_side ? 1 : 0 );
1580 hf.cnx = client_side; 1817 hf.cnx = client_side;
1581 1818
1582 /* Start the handshake */ 1819 /* Start the handshake */
1583 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); 1820 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1584 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1821 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1585 CHECK( 0, pthread_join(thr, NULL) ); 1822 CHECK( 0, pthread_join(thr, NULL) );
1586 CHECK( 0, hf.ret ); 1823 CHECK( 0, hf.ret );
1587 1824
1588 /* Test some simple functions */ 1825 /* Test some simple functions */
1589 1826
1630 /* Free the credentials */ 1867 /* Free the credentials */
1631 gnutls_certificate_free_keys(hf.creds); 1868 gnutls_certificate_free_keys(hf.creds);
1632 gnutls_certificate_free_cas(hf.creds); 1869 gnutls_certificate_free_cas(hf.creds);
1633 gnutls_certificate_free_credentials(hf.creds); 1870 gnutls_certificate_free_credentials(hf.creds);
1634 } 1871 }
1872
1873 /* TLS */
1874 {
1875 struct connect_flags cf;
1876 struct handshake_flags hf;
1877 char * str;
1878 const gnutls_datum_t *cert_list;
1879 unsigned int cert_list_size;
1880 struct fifo * myfifo = NULL;
1881 struct timespec now;
1882 int ev_code;
1883
1884 memset(&cf, 0, sizeof(cf));
1885 cf.proto = IPPROTO_SCTP;
1886
1887 memset(&hf, 0, sizeof(hf));
1888 hf.algo = ALGO_HANDSHAKE_3436;
1889
1890 /* Initialize remote certificate */
1891 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1892 CHECK( GNUTLS_E_SUCCESS, ret );
1893 /* Set the CA */
1894 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1895 CHECK( 1, ret );
1896 /* Set the key */
1897 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1898 CHECK( GNUTLS_E_SUCCESS, ret );
1899
1900 /* Start the client thread */
1901 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1902
1903 /* Accept the connection of the client */
1904 server_side = fd_cnx_serv_accept(listener_sctp);
1905 CHECK( 1, server_side ? 1 : 0 );
1906
1907 /* Retrieve the client connection object */
1908 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1909 CHECK( 1, client_side ? 1 : 0 );
1910 hf.cnx = client_side;
1911
1912 /* Start the handshake */
1913 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1914 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1915 CHECK( 0, pthread_join(thr, NULL) );
1916 CHECK( 0, hf.ret );
1917
1918 /* Test some simple functions */
1919
1920 /* fd_cnx_getid */
1921 str = fd_cnx_getid(server_side);
1922 CHECK( 1, str ? 1 : 0 );
1923 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1924
1925 /* fd_cnx_getproto */
1926 i = fd_cnx_getproto(server_side);
1927 CHECK( IPPROTO_SCTP, i);
1928
1929 /* fd_cnx_getTLS */
1930 i = fd_cnx_getTLS(server_side);
1931 CHECK( 1, i ? 1 : 0 );
1932
1933 /* fd_cnx_getcred */
1934 CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) );
1935 CHECK( 1, (cert_list_size > 0) ? 1 : 0 );
1936 /* We could also verify that the cert_list really contains the client_cert and ca certificates */
1937
1938 /* fd_cnx_getremoteid */
1939 str = fd_cnx_getremoteid(server_side);
1940 CHECK( 1, str ? 1 : 0 );
1941 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1942
1943 /* fd_cnx_recv_setaltfifo */
1944 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0));
1945 CHECK( 0, fd_fifo_new(&myfifo, 0) );
1946 CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) );
1947 CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) );
1948 do {
1949 CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) );
1950 free(rcv_buf);
1951 } while (ev_code != FDEVP_CNX_MSG_RECV);
1952
1953 /* Now close the connection */
1954 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1955 fd_cnx_destroy(server_side);
1956 CHECK( 0, pthread_join(thr, NULL) );
1957
1958 fd_event_destroy(&myfifo, free);
1959
1960 /* Free the credentials */
1961 gnutls_certificate_free_keys(hf.creds);
1962 gnutls_certificate_free_cas(hf.creds);
1963 gnutls_certificate_free_credentials(hf.creds);
1964 }
1635 #endif /* DISABLE_SCTP */ 1965 #endif /* DISABLE_SCTP */
1636 1966
1637 1967
1638 /* Destroy the servers */ 1968 /* Destroy the servers */
1639 { 1969 {
"Welcome to our mercurial repository"