search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
digest: add support for OpenSSL 1.1.0
[siplcs.git] / src / core / sipe-tls-tester.c
blobf84767efb52d4373fbdd44dcdd34d68716ed6a8e
1 /**
2 * @file sipe-tls-tester.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2011-2016 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * TLS handshake implementation (sipe-tls.c) tester
25 *
26 * Example test setup using OpenSSL:
27 *
28 * - Setting up the server certificate:
29 *
30 * $ openssl req -new -keyout server.pem -out server.req
31 * $ openssl x509 -req -in server.req -signkey server.pem -out server.cert
32 *
33 * - Running the test server in one shell with same parameters used by Lync:
34 *
35 * $ openssl s_server -accept 8443 -debug -msg \
36 * -cert server.cert -key server.pem \
37 * -tls1 -verify 0 [ -cipher <c1>[:<c2>...] ]
38 *
39 * ciphers: RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA
40 *
41 * - Running the test program in another shell:
42 *
43 * $ sipe_tls_tester
44 *
45 * You can add <host>[:<port>] to connect to a server on another machine
46 */
47
48 #include <stdlib.h>
49 #include <string.h>
50 #include <stdio.h>
51 #include <stdarg.h>
52 #include <time.h>
53 #include <unistd.h>
54 #include <errno.h>
55 #include <sys/types.h>
56 #include <sys/socket.h>
57 #include <netdb.h>
58 #include <poll.h>
59
60 #include <glib.h>
61
62 #include "sipe-common.h" /* coverity[hfa: FALSE] */
63 #include "sipe-backend.h"
64 #include "sipe-cert-crypto.h"
65 #include "sipe-crypt.h"
66 #include "sipe-tls.h"
67
68 /*
69 * Stubs
70 */
71 gboolean sipe_backend_debug_enabled(void)
72 {
73 return(TRUE);
74 }
75
76 void sipe_backend_debug_literal(sipe_debug_level level,
77 const gchar *msg)
78 {
79 printf("DEBUG(%d): %s\n", level, msg);
80 }
81
82 void sipe_backend_debug(sipe_debug_level level,
83 const gchar *format,
84 ...)
85 {
86 va_list ap;
87 gchar *newformat = g_strdup_printf("DEBUG(%d): %s\n", level, format);
88
89 va_start(ap, format);
90 vprintf(newformat, ap);
91 va_end(ap);
92
93 g_free(newformat);
94 }
95
96 /* needed when linking against NSS */
97 void md4sum(const guchar *data, gsize length, guchar *digest);
98 void md4sum(SIPE_UNUSED_PARAMETER const guchar *data,
99 SIPE_UNUSED_PARAMETER gsize length,
100 SIPE_UNUSED_PARAMETER guchar *digest)
101 {
102 }
103
104 /*
105 * Tester code
106 */
107 struct record {
108 gsize length;
109 guchar *msg;
110 };
111
112 static guchar *read_tls_record(int fd,
113 gsize *in_length)
114 {
115 GSList *fragments = NULL;
116 guchar *merged = NULL;
117 gsize length = 0;
118 static gchar buffer[10000];
119
120 while (1) {
121 struct pollfd fds[] = {
122 { fd, POLLIN, 0 }
123 };
124 int result;
125 struct record *record;
126
127 /* Read one chunk */
128 result = poll(fds, 1, 500 /* [milliseconds] */);
129 if (result < 0) {
130 printf("poll failed: %s\n", strerror(errno));
131 break;
132 }
133 if (result == 0) {
134 if (!fragments) {
135 printf("timeout.\n");
136 continue;
137 } else {
138 printf("reading done.\n");
139 break;
140 }
141 }
142
143 result = read(fd, buffer, sizeof(buffer));
144 if (result < 0) {
145 printf("read failed: %s\n", strerror(errno));
146 break;
147 }
148 if (result == 0) {
149 printf("server closed connection: %s\n",
150 strerror(errno));
151 break;
152 }
153
154 printf("received %d bytes from server\n", result);
155 record = g_new0(struct record, 1);
156 record->length = result;
157 record->msg = g_memdup(buffer, result);
158 length += result;
159 fragments = g_slist_append(fragments, record);
160 }
161
162 if (fragments) {
163 GSList *elem = fragments;
164 guchar *p;
165
166 printf("received a total of %" G_GSIZE_FORMAT " bytes.\n",
167 length);
168
169 p = merged = g_malloc(length);
170 if (merged) {
171 while (elem) {
172 struct record *record = elem->data;
173
174 memcpy(p, record->msg, record->length);
175 p += record->length;
176 g_free(record->msg);
177 g_free(record);
178
179 elem = elem->next;
180 }
181 } else {
182 printf("can't allocate %" G_GSIZE_FORMAT " bytes.\n",
183 length);
184 }
185
186 g_slist_free(fragments);
187 }
188
189 *in_length = length;
190 return(merged);
191 }
192
193 static void tls_handshake(struct sipe_tls_state *state,
194 int fd)
195 {
196 gboolean success = FALSE;
197
198 printf("TLS handshake starting...\n");
199
200 /* generate next handshake message */
201 while (sipe_tls_next(state)) {
202 int sent;
203
204 /* handshake completed? */
205 if (!state->out_buffer) {
206 success = TRUE;
207 break;
208 }
209
210 /* send buffer to server */
211 sent = write(fd, state->out_buffer, state->out_length);
212 if (sent < 0) {
213 printf("write to server failed: %s\n",
214 strerror(errno));
215 break;
216 } else if ((unsigned int) sent < state->out_length) {
217 printf("could only write %d bytes, out of %" G_GSIZE_FORMAT "\n",
218 sent, state->out_length);
219 break;
220 }
221
222 /* message sent, drop buffer */
223 g_free(state->out_buffer);
224 state->out_buffer = NULL;
225
226 state->in_buffer = read_tls_record(fd, &state->in_length);
227 if (!state->in_buffer) {
228 printf("end of data.\n");
229 break;
230 }
231 }
232
233 printf("TLS handshake %s.\n", success ? "SUCCESSFUL" : "FAILED");
234 }
235
236
237 static int tls_connect(const gchar *param)
238 {
239 gchar **parts = g_strsplit(param, ":", 2);
240 int fd = -1;
241
242 if (parts[0]) {
243 const gchar *host = parts[0];
244 const gchar *port = parts[1] ? parts[1] : "443";
245 struct addrinfo hints;
246 struct addrinfo *result;
247 int status;
248
249 printf("TLS connect to host '%s', port %s...\n",
250 host, port);
251
252 memset(&hints, 0, sizeof(struct addrinfo));
253 hints.ai_family = AF_UNSPEC;
254 hints.ai_socktype = SOCK_STREAM;
255 hints.ai_flags = 0;
256 hints.ai_protocol = 0;
257 status = getaddrinfo(host, port, &hints, &result);
258
259 if (status == 0) {
260 struct addrinfo *rp;
261
262 for (rp = result; rp != NULL; rp = rp->ai_next) {
263 int sock = socket(rp->ai_family,
264 rp->ai_socktype,
265 rp->ai_protocol);
266
267 if (sock < 0) continue;
268
269 if (connect(sock,
270 rp->ai_addr,
271 rp->ai_addrlen) >= 0) {
272 /* connected */
273 printf("connected to host '%s', port %s.\n",
274 host, port);
275 fd = sock;
276 break;
277 }
278 fprintf(stderr, "failed to connect: %s\n",
279 strerror(errno));
280
281 close(sock);
282 }
283 freeaddrinfo(result);
284
285 if (rp == NULL) {
286 fprintf(stderr, "couldn't connect to host '%s'!\n",
287 host);
288 }
289 } else {
290 fprintf(stderr, "couldn't find host '%s': %s\n",
291 host, gai_strerror(status));
292 }
293 } else {
294 fprintf(stderr, "corrupted host[:port] '%s'!\n", param);
295 }
296 g_strfreev(parts);
297
298 return(fd);
299 }
300
301 int main(int argc, char *argv[])
302 {
303 struct sipe_cert_crypto *scc;
304
305 sipe_crypto_init(FALSE);
306 srand(time(NULL));
307
308 scc = sipe_cert_crypto_init();
309 if (scc) {
310 gpointer certificate;
311 struct sipe_tls_state *state;
312
313 printf("SIPE cert crypto backend initialized.\n");
314
315 certificate = sipe_cert_crypto_test_certificate(scc);
316 state = sipe_tls_start(certificate);
317 if (state) {
318 int fd;
319
320 printf("SIPE TLS initialized.\n");
321
322 fd = tls_connect((argc > 1) ? argv[1] : "localhost:8443");
323 if (fd >= 0) {
324 tls_handshake(state, fd);
325 close(fd);
326 }
327
328 sipe_tls_free(state);
329 }
330
331 sipe_cert_crypto_destroy(certificate);
332 sipe_cert_crypto_free(scc);
333 }
334 sipe_crypto_shutdown();
335
336 return(0);
337 }
338
339 /*
340 Local Variables:
341 mode: c
342 c-file-style: "bsd"
343 indent-tabs-mode: t
344 tab-width: 8
345 End:
346 */
A third-party Pidgin plugin for Microsoft LCS/OCS