2 * Copyright (C) 2004, 2006, 2007, 2008 Free Software Foundation
3 * Copyright (C) 2000,2001,2002,2003 Nikos Mavrogiannopoulos
5 * This file is part of GNUTLS.
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include <gnutls/gnutls.h>
23 #include <gnutls/extra.h>
24 #include <gnutls/x509.h>
39 extern gnutls_srp_client_credentials_t srp_cred
;
40 extern gnutls_anon_client_credentials_t anon_cred
;
41 extern gnutls_certificate_credentials_t xcred
;
49 /* keep session info */
50 static char *session_data
= NULL
;
51 static char session_id
[32];
52 static size_t session_data_size
= 0, session_id_size
= 0;
54 static int handshake_output
= 0;
57 do_handshake (gnutls_session_t session
)
63 ret
= gnutls_handshake (session
);
65 while (ret
== GNUTLS_E_INTERRUPTED
|| ret
== GNUTLS_E_AGAIN
);
67 handshake_output
= ret
;
69 if (ret
< 0 && verbose
> 1)
71 if (ret
== GNUTLS_E_WARNING_ALERT_RECEIVED
72 || ret
== GNUTLS_E_FATAL_ALERT_RECEIVED
)
74 alert
= gnutls_alert_get (session
);
76 printf ("*** Received alert [%d]: %s\n",
77 alert
, gnutls_alert_get_name (alert
));
84 gnutls_session_get_data (session
, NULL
, &session_data_size
);
91 session_data
= malloc (session_data_size
);
93 if (session_data
== NULL
)
95 fprintf (stderr
, "Memory error\n");
98 gnutls_session_get_data (session
, session_data
, &session_data_size
);
100 session_id_size
= sizeof (session_id
);
101 gnutls_session_get_id (session
, session_id
, &session_id_size
);
106 static int protocol_priority
[16] = { GNUTLS_TLS1
, GNUTLS_SSL3
, 0 };
107 static const int kx_priority
[16] =
108 { GNUTLS_KX_RSA
, GNUTLS_KX_DHE_DSS
, GNUTLS_KX_DHE_RSA
,
110 GNUTLS_KX_RSA_EXPORT
, 0
112 static const int cipher_priority
[16] =
113 { GNUTLS_CIPHER_3DES_CBC
, GNUTLS_CIPHER_ARCFOUR_128
,
114 GNUTLS_CIPHER_ARCFOUR_40
, 0
116 static const int comp_priority
[16] = { GNUTLS_COMP_NULL
, 0 };
117 static const int mac_priority
[16] = { GNUTLS_MAC_SHA1
, GNUTLS_MAC_MD5
, 0 };
118 static const int cert_type_priority
[16] = { GNUTLS_CRT_X509
, 0 };
120 #define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority)
121 #define ADD_ALL_COMP(session) gnutls_compression_set_priority(session, comp_priority)
122 #define ADD_ALL_MACS(session) gnutls_mac_set_priority(session, mac_priority)
123 #define ADD_ALL_KX(session) gnutls_kx_set_priority(session, kx_priority)
124 #define ADD_ALL_PROTOCOLS(session) gnutls_protocol_set_priority(session, protocol_priority)
125 #define ADD_ALL_CERTTYPES(session) gnutls_certificate_type_set_priority(session, cert_type_priority)
128 ADD_KX (gnutls_session_t session
, int kx
)
130 static int _kx_priority
[] = { 0, 0 };
131 _kx_priority
[0] = kx
;
133 gnutls_kx_set_priority (session
, _kx_priority
);
137 ADD_KX2 (gnutls_session_t session
, int kx1
, int kx2
)
139 static int _kx_priority
[] = { 0, 0, 0 };
140 _kx_priority
[0] = kx1
;
141 _kx_priority
[1] = kx2
;
143 gnutls_kx_set_priority (session
, _kx_priority
);
147 ADD_CIPHER (gnutls_session_t session
, int cipher
)
149 static int _cipher_priority
[] = { 0, 0 };
150 _cipher_priority
[0] = cipher
;
152 gnutls_cipher_set_priority (session
, _cipher_priority
);
156 ADD_CIPHER4 (gnutls_session_t session
, int cipher1
, int cipher2
, int cipher3
,
159 static int _cipher_priority
[] = { 0, 0, 0, 0, 0 };
160 _cipher_priority
[0] = cipher1
;
161 _cipher_priority
[1] = cipher2
;
162 _cipher_priority
[2] = cipher3
;
163 _cipher_priority
[3] = cipher4
;
165 gnutls_cipher_set_priority (session
, _cipher_priority
);
169 ADD_MAC (gnutls_session_t session
, int mac
)
171 static int _mac_priority
[] = { 0, 0 };
172 _mac_priority
[0] = mac
;
174 gnutls_mac_set_priority (session
, _mac_priority
);
178 ADD_COMP (gnutls_session_t session
, int c
)
180 static int _comp_priority
[] = { 0, 0 };
181 _comp_priority
[0] = c
;
183 gnutls_compression_set_priority (session
, _comp_priority
);
187 ADD_CERTTYPE (gnutls_session_t session
, int ctype
)
189 static int _ct_priority
[] = { 0, 0 };
190 _ct_priority
[0] = ctype
;
192 gnutls_certificate_type_set_priority (session
, _ct_priority
);
196 ADD_PROTOCOL (gnutls_session_t session
, int protocol
)
198 static int _proto_priority
[] = { 0, 0 };
199 _proto_priority
[0] = protocol
;
201 gnutls_protocol_set_priority (session
, _proto_priority
);
205 ADD_PROTOCOL3 (gnutls_session_t session
, int p1
, int p2
, int p3
)
207 static int _proto_priority
[] = { 0, 0, 0, 0 };
208 _proto_priority
[0] = p1
;
209 _proto_priority
[1] = p2
;
210 _proto_priority
[2] = p3
;
212 gnutls_protocol_set_priority (session
, _proto_priority
);
216 static int srp_detected
;
219 _test_srp_username_callback (gnutls_session_t session
,
220 char **username
, char **password
)
228 test_srp (gnutls_session_t session
)
232 ADD_ALL_CIPHERS (session
);
233 ADD_ALL_COMP (session
);
234 ADD_ALL_CERTTYPES (session
);
235 ADD_ALL_PROTOCOLS (session
);
236 ADD_ALL_MACS (session
);
238 ADD_KX (session
, GNUTLS_KX_SRP
);
241 gnutls_srp_set_client_credentials_function (srp_cred
,
242 _test_srp_username_callback
);
244 gnutls_credentials_set (session
, GNUTLS_CRD_SRP
, srp_cred
);
246 ret
= do_handshake (session
);
248 gnutls_srp_set_client_credentials_function (srp_cred
, NULL
);
250 if (srp_detected
!= 0)
258 test_server (gnutls_session_t session
)
263 const char snd_buf
[] = "GET / HTTP/1.0\n\n";
268 buf
[sizeof (buf
) - 1] = 0;
270 ADD_ALL_CIPHERS (session
);
271 ADD_ALL_COMP (session
);
272 ADD_ALL_CERTTYPES (session
);
273 ADD_ALL_PROTOCOLS (session
);
274 ADD_ALL_MACS (session
);
275 ADD_ALL_KX (session
);
277 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
279 ret
= do_handshake (session
);
280 if (ret
!= TEST_SUCCEED
)
283 gnutls_record_send (session
, snd_buf
, sizeof (snd_buf
) - 1);
284 ret
= gnutls_record_recv (session
, buf
, sizeof (buf
) - 1);
288 p
= strstr (buf
, "Server:");
294 while (*p
!= 0 && *p
!= '\r' && *p
!= '\n')
308 static int export_true
= 0;
309 static gnutls_datum_t exp
= { NULL
, 0 }, mod
=
315 test_export (gnutls_session_t session
)
319 ADD_ALL_COMP (session
);
320 ADD_ALL_CERTTYPES (session
);
321 ADD_ALL_PROTOCOLS (session
);
322 ADD_ALL_MACS (session
);
324 ADD_KX (session
, GNUTLS_KX_RSA_EXPORT
);
325 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_40
);
326 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
328 ret
= do_handshake (session
);
330 if (ret
== TEST_SUCCEED
)
333 gnutls_rsa_export_get_pubkey (session
, &exp
, &mod
);
340 test_export_info (gnutls_session_t session
)
343 gnutls_datum_t exp2
, mod2
;
346 if (verbose
== 0 || export_true
== 0)
349 ADD_ALL_COMP (session
);
350 ADD_ALL_CERTTYPES (session
);
351 ADD_ALL_PROTOCOLS (session
);
352 ADD_ALL_MACS (session
);
354 ADD_KX (session
, GNUTLS_KX_RSA_EXPORT
);
355 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_40
);
356 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
358 ret
= do_handshake (session
);
360 if (ret
== TEST_SUCCEED
)
362 ret2
= gnutls_rsa_export_get_pubkey (session
, &exp2
, &mod2
);
367 print
= raw_to_string (exp2
.data
, exp2
.size
);
369 printf (" Exponent [%d bits]: %s\n", exp2
.size
* 8, print
);
371 print
= raw_to_string (mod2
.data
, mod2
.size
);
373 printf (" Modulus [%d bits]: %s\n", mod2
.size
* 8, print
);
375 if (mod2
.size
!= mod
.size
|| exp2
.size
!= exp
.size
||
376 memcmp (mod2
.data
, mod
.data
, mod
.size
) != 0 ||
377 memcmp (exp2
.data
, exp
.data
, exp
.size
) != 0)
380 (" (server uses different public keys per connection)\n");
389 static gnutls_datum_t pubkey
= { NULL
, 0 };
392 test_dhe (gnutls_session_t session
)
396 ADD_ALL_CIPHERS (session
);
397 ADD_ALL_COMP (session
);
398 ADD_ALL_CERTTYPES (session
);
399 ADD_ALL_PROTOCOLS (session
);
400 ADD_ALL_MACS (session
);
402 ADD_KX2 (session
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_DHE_DSS
);
403 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
405 ret
= do_handshake (session
);
407 gnutls_dh_get_pubkey (session
, &pubkey
);
413 test_dhe_group (gnutls_session_t session
)
416 gnutls_datum_t gen
, prime
, pubkey2
;
419 if (verbose
== 0 || pubkey
.data
== NULL
)
422 ADD_ALL_CIPHERS (session
);
423 ADD_ALL_COMP (session
);
424 ADD_ALL_CERTTYPES (session
);
425 ADD_ALL_PROTOCOLS (session
);
426 ADD_ALL_MACS (session
);
428 ADD_KX2 (session
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_DHE_DSS
);
429 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
431 ret
= do_handshake (session
);
433 ret2
= gnutls_dh_get_group (session
, &gen
, &prime
);
438 print
= raw_to_string (gen
.data
, gen
.size
);
440 printf (" Generator [%d bits]: %s\n", gen
.size
* 8, print
);
442 print
= raw_to_string (prime
.data
, prime
.size
);
444 printf (" Prime [%d bits]: %s\n", prime
.size
* 8, print
);
446 gnutls_dh_get_pubkey (session
, &pubkey2
);
447 print
= raw_to_string (pubkey2
.data
, pubkey2
.size
);
449 printf (" Pubkey [%d bits]: %s\n", pubkey2
.size
* 8, print
);
451 if (pubkey2
.data
&& pubkey2
.size
== pubkey
.size
&&
452 memcmp (pubkey
.data
, pubkey2
.data
, pubkey
.size
) == 0)
454 printf (" (public key seems to be static among sessions)\n");
461 test_ssl3 (gnutls_session_t session
)
464 ADD_ALL_CIPHERS (session
);
465 ADD_ALL_COMP (session
);
466 ADD_ALL_CERTTYPES (session
);
467 ADD_PROTOCOL (session
, GNUTLS_SSL3
);
468 ADD_ALL_MACS (session
);
469 ADD_ALL_KX (session
);
470 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
472 ret
= do_handshake (session
);
473 if (ret
== TEST_SUCCEED
)
487 test_bye (gnutls_session_t session
)
494 signal (SIGALRM
, got_alarm
);
497 ADD_ALL_CIPHERS (session
);
498 ADD_ALL_COMP (session
);
499 ADD_ALL_CERTTYPES (session
);
500 ADD_ALL_PROTOCOLS (session
);
501 ADD_ALL_MACS (session
);
502 ADD_ALL_KX (session
);
503 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
505 ret
= do_handshake (session
);
506 if (ret
== TEST_FAILED
)
509 ret
= gnutls_bye (session
, GNUTLS_SHUT_WR
);
514 old
= siginterrupt (SIGALRM
, 1);
517 setsockopt ((int)gnutls_transport_get_ptr (session
), SOL_SOCKET
, SO_RCVTIMEO
,
518 (char *) &secs
, sizeof (int));
523 ret
= gnutls_record_recv (session
, data
, sizeof (data
));
528 siginterrupt (SIGALRM
, old
);
530 if (WSAGetLastError () == WSAETIMEDOUT
||
531 WSAGetLastError () == WSAECONNABORTED
)
546 test_aes (gnutls_session_t session
)
549 ADD_CIPHER (session
, GNUTLS_CIPHER_AES_128_CBC
);
550 ADD_ALL_COMP (session
);
551 ADD_ALL_CERTTYPES (session
);
552 ADD_ALL_PROTOCOLS (session
);
553 ADD_ALL_MACS (session
);
554 ADD_ALL_KX (session
);
555 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
557 ret
= do_handshake (session
);
561 #ifdef ENABLE_CAMELLIA
563 test_camellia (gnutls_session_t session
)
566 ADD_CIPHER (session
, GNUTLS_CIPHER_CAMELLIA_128_CBC
);
567 ADD_ALL_COMP (session
);
568 ADD_ALL_CERTTYPES (session
);
569 ADD_ALL_PROTOCOLS (session
);
570 ADD_ALL_MACS (session
);
571 ADD_ALL_KX (session
);
572 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
574 ret
= do_handshake (session
);
580 test_openpgp1 (gnutls_session_t session
)
583 ADD_ALL_CIPHERS (session
);
584 ADD_ALL_COMP (session
);
585 ADD_CERTTYPE (session
, GNUTLS_CRT_OPENPGP
);
586 ADD_ALL_PROTOCOLS (session
);
587 ADD_ALL_MACS (session
);
588 ADD_ALL_KX (session
);
589 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
591 ret
= do_handshake (session
);
592 if (ret
== TEST_FAILED
)
595 if (gnutls_certificate_type_get (session
) == GNUTLS_CRT_OPENPGP
)
602 test_unknown_ciphersuites (gnutls_session_t session
)
605 #ifdef ENABLE_CAMELLIA
606 ADD_CIPHER4 (session
, GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_CIPHER_3DES_CBC
,
607 GNUTLS_CIPHER_CAMELLIA_128_CBC
, GNUTLS_CIPHER_ARCFOUR_128
);
609 ADD_CIPHER4 (session
, GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_CIPHER_3DES_CBC
,
610 GNUTLS_CIPHER_ARCFOUR_128
, 0);
612 ADD_ALL_COMP (session
);
613 ADD_ALL_CERTTYPES (session
);
614 ADD_ALL_PROTOCOLS (session
);
615 ADD_ALL_MACS (session
);
616 ADD_ALL_KX (session
);
617 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
619 ret
= do_handshake (session
);
624 test_md5 (gnutls_session_t session
)
627 ADD_ALL_CIPHERS (session
);
628 ADD_ALL_COMP (session
);
629 ADD_ALL_CERTTYPES (session
);
630 ADD_ALL_PROTOCOLS (session
);
631 ADD_MAC (session
, GNUTLS_MAC_MD5
);
632 ADD_ALL_KX (session
);
633 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
635 ret
= do_handshake (session
);
641 test_zlib (gnutls_session_t session
)
644 ADD_ALL_CIPHERS (session
);
645 ADD_COMP (session
, GNUTLS_COMP_ZLIB
);
646 ADD_ALL_CERTTYPES (session
);
647 ADD_ALL_PROTOCOLS (session
);
648 ADD_ALL_MACS (session
);
649 ADD_ALL_KX (session
);
650 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
652 ret
= do_handshake (session
);
658 test_lzo (gnutls_session_t session
)
661 gnutls_handshake_set_private_extensions (session
, 1);
663 ADD_ALL_CIPHERS (session
);
664 ADD_COMP (session
, GNUTLS_COMP_LZO
);
665 ADD_ALL_CERTTYPES (session
);
666 ADD_ALL_PROTOCOLS (session
);
667 ADD_ALL_MACS (session
);
668 ADD_ALL_KX (session
);
669 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
671 ret
= do_handshake (session
);
677 test_sha (gnutls_session_t session
)
680 ADD_ALL_CIPHERS (session
);
681 ADD_ALL_COMP (session
);
682 ADD_ALL_CERTTYPES (session
);
683 ADD_ALL_PROTOCOLS (session
);
684 ADD_MAC (session
, GNUTLS_MAC_SHA1
);
685 ADD_ALL_KX (session
);
686 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
688 ret
= do_handshake (session
);
693 test_3des (gnutls_session_t session
)
696 ADD_CIPHER (session
, GNUTLS_CIPHER_3DES_CBC
);
697 ADD_ALL_COMP (session
);
698 ADD_ALL_CERTTYPES (session
);
699 ADD_ALL_PROTOCOLS (session
);
700 ADD_ALL_MACS (session
);
701 ADD_ALL_KX (session
);
702 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
704 ret
= do_handshake (session
);
709 test_arcfour (gnutls_session_t session
)
712 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_128
);
713 ADD_ALL_COMP (session
);
714 ADD_ALL_CERTTYPES (session
);
715 ADD_ALL_PROTOCOLS (session
);
716 ADD_ALL_MACS (session
);
717 ADD_ALL_KX (session
);
718 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
720 ret
= do_handshake (session
);
725 test_arcfour_40 (gnutls_session_t session
)
728 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_40
);
729 ADD_ALL_COMP (session
);
730 ADD_ALL_CERTTYPES (session
);
731 ADD_ALL_PROTOCOLS (session
);
732 ADD_ALL_MACS (session
);
733 ADD_ALL_KX (session
);
734 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
736 ret
= do_handshake (session
);
741 test_tls1 (gnutls_session_t session
)
744 ADD_ALL_CIPHERS (session
);
745 ADD_ALL_COMP (session
);
746 ADD_ALL_CERTTYPES (session
);
747 ADD_PROTOCOL (session
, GNUTLS_TLS1
);
748 ADD_ALL_MACS (session
);
749 ADD_ALL_KX (session
);
750 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
752 ret
= do_handshake (session
);
753 if (ret
== TEST_SUCCEED
)
761 test_tls1_1 (gnutls_session_t session
)
764 ADD_ALL_CIPHERS (session
);
765 ADD_ALL_COMP (session
);
766 ADD_ALL_CERTTYPES (session
);
767 ADD_PROTOCOL (session
, GNUTLS_TLS1_1
);
768 ADD_ALL_MACS (session
);
769 ADD_ALL_KX (session
);
770 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
772 ret
= do_handshake (session
);
773 if (ret
== TEST_SUCCEED
)
781 test_tls1_1_fallback (gnutls_session_t session
)
787 ADD_ALL_CIPHERS (session
);
788 ADD_ALL_COMP (session
);
789 ADD_ALL_CERTTYPES (session
);
790 ADD_PROTOCOL3 (session
, GNUTLS_TLS1_1
, GNUTLS_TLS1
, GNUTLS_SSL3
);
791 ADD_ALL_MACS (session
);
792 ADD_ALL_KX (session
);
793 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
795 ret
= do_handshake (session
);
796 if (ret
!= TEST_SUCCEED
)
799 if (gnutls_protocol_get_version (session
) == GNUTLS_TLS1
)
801 else if (gnutls_protocol_get_version (session
) == GNUTLS_SSL3
)
808 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
809 * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
812 test_tls_disable (gnutls_session_t session
)
818 ADD_ALL_CIPHERS (session
);
819 ADD_ALL_COMP (session
);
820 ADD_ALL_CERTTYPES (session
);
821 ADD_ALL_PROTOCOLS (session
);
822 ADD_ALL_MACS (session
);
823 ADD_ALL_KX (session
);
824 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
826 ret
= do_handshake (session
);
827 if (ret
== TEST_FAILED
)
829 /* disable TLS 1.0 */
832 protocol_priority
[0] = GNUTLS_SSL3
;
833 protocol_priority
[1] = 0;
841 test_rsa_pms (gnutls_session_t session
)
845 /* here we enable both SSL 3.0 and TLS 1.0
846 * and try to connect and use rsa authentication.
847 * If the server is old, buggy and only supports
848 * SSL 3.0 then the handshake will fail.
850 ADD_ALL_CIPHERS (session
);
851 ADD_ALL_COMP (session
);
852 ADD_ALL_CERTTYPES (session
);
853 ADD_ALL_PROTOCOLS (session
);
854 ADD_ALL_MACS (session
);
855 ADD_KX (session
, GNUTLS_KX_RSA
);
856 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
858 ret
= do_handshake (session
);
859 if (ret
== TEST_FAILED
)
862 if (gnutls_protocol_get_version (session
) == GNUTLS_TLS1
)
868 test_max_record_size (gnutls_session_t session
)
871 ADD_ALL_CIPHERS (session
);
872 ADD_ALL_COMP (session
);
873 ADD_ALL_CERTTYPES (session
);
874 ADD_ALL_PROTOCOLS (session
);
875 ADD_ALL_MACS (session
);
876 ADD_ALL_KX (session
);
877 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
878 gnutls_record_set_max_size (session
, 512);
880 ret
= do_handshake (session
);
881 if (ret
== TEST_FAILED
)
884 ret
= gnutls_record_get_max_size (session
);
892 test_hello_extension (gnutls_session_t session
)
895 ADD_ALL_CIPHERS (session
);
896 ADD_ALL_COMP (session
);
897 ADD_ALL_CERTTYPES (session
);
898 ADD_ALL_PROTOCOLS (session
);
899 ADD_ALL_MACS (session
);
900 ADD_ALL_KX (session
);
901 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
902 gnutls_record_set_max_size (session
, 512);
904 ret
= do_handshake (session
);
908 void _gnutls_record_set_default_version (gnutls_session_t session
,
910 unsigned char minor
);
913 test_version_rollback (gnutls_session_t session
)
919 /* here we enable both SSL 3.0 and TLS 1.0
920 * and we connect using a 3.1 client hello version,
921 * and a 3.0 record version. Some implementations
922 * are buggy (and vulnerable to man in the middle
923 * attacks which allow a version downgrade) and this
924 * connection will fail.
926 ADD_ALL_CIPHERS (session
);
927 ADD_ALL_COMP (session
);
928 ADD_ALL_CERTTYPES (session
);
929 ADD_ALL_PROTOCOLS (session
);
930 ADD_ALL_MACS (session
);
931 ADD_ALL_KX (session
);
932 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
933 _gnutls_record_set_default_version (session
, 3, 0);
935 ret
= do_handshake (session
);
936 if (ret
!= TEST_SUCCEED
)
939 if (tls1_ok
!= 0 && gnutls_protocol_get_version (session
) == GNUTLS_SSL3
)
945 /* See if the server tolerates out of bounds
946 * record layer versions in the first client hello
950 test_version_oob (gnutls_session_t session
)
953 /* here we enable both SSL 3.0 and TLS 1.0
954 * and we connect using a 5.5 record version.
956 ADD_ALL_CIPHERS (session
);
957 ADD_ALL_COMP (session
);
958 ADD_ALL_CERTTYPES (session
);
959 ADD_ALL_PROTOCOLS (session
);
960 ADD_ALL_MACS (session
);
961 ADD_ALL_KX (session
);
962 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
963 _gnutls_record_set_default_version (session
, 5, 5);
965 ret
= do_handshake (session
);
969 void _gnutls_rsa_pms_set_version (gnutls_session_t session
,
970 unsigned char major
, unsigned char minor
);
973 test_rsa_pms_version_check (gnutls_session_t session
)
976 /* here we use an arbitary version in the RSA PMS
977 * to see whether to server will check this version.
979 * A normal server would abort this handshake.
981 ADD_ALL_CIPHERS (session
);
982 ADD_ALL_COMP (session
);
983 ADD_ALL_CERTTYPES (session
);
984 ADD_ALL_PROTOCOLS (session
);
985 ADD_ALL_MACS (session
);
986 ADD_ALL_KX (session
);
987 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
988 _gnutls_rsa_pms_set_version (session
, 5, 5); /* use SSL 5.5 version */
990 ret
= do_handshake (session
);
997 test_anonymous (gnutls_session_t session
)
1001 ADD_ALL_CIPHERS (session
);
1002 ADD_ALL_COMP (session
);
1003 ADD_ALL_CERTTYPES (session
);
1004 ADD_ALL_PROTOCOLS (session
);
1005 ADD_ALL_MACS (session
);
1006 ADD_KX (session
, GNUTLS_KX_ANON_DH
);
1007 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anon_cred
);
1009 ret
= do_handshake (session
);
1011 if (ret
== TEST_SUCCEED
)
1012 gnutls_dh_get_pubkey (session
, &pubkey
);
1019 test_session_resume2 (gnutls_session_t session
)
1022 char tmp_session_id
[32];
1023 int tmp_session_id_size
;
1025 if (session
== NULL
)
1028 ADD_ALL_CIPHERS (session
);
1029 ADD_ALL_COMP (session
);
1030 ADD_ALL_CERTTYPES (session
);
1031 ADD_ALL_PROTOCOLS (session
);
1032 ADD_ALL_MACS (session
);
1033 ADD_ALL_KX (session
);
1035 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1036 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anon_cred
);
1038 gnutls_session_set_data (session
, session_data
, session_data_size
);
1040 memcpy (tmp_session_id
, session_id
, session_id_size
);
1041 tmp_session_id_size
= session_id_size
;
1043 ret
= do_handshake (session
);
1044 if (ret
== TEST_FAILED
)
1047 /* check if we actually resumed the previous session */
1049 session_id_size
= sizeof (session_id
);
1050 gnutls_session_get_id (session
, session_id
, &session_id_size
);
1052 if (session_id_size
== 0)
1055 if (gnutls_session_is_resumed (session
))
1056 return TEST_SUCCEED
;
1058 if (tmp_session_id_size
== session_id_size
&&
1059 memcmp (tmp_session_id
, session_id
, tmp_session_id_size
) == 0)
1060 return TEST_SUCCEED
;
1065 extern char *hostname
;
1068 test_certificate (gnutls_session_t session
)
1075 ADD_ALL_CIPHERS (session
);
1076 ADD_ALL_COMP (session
);
1077 ADD_ALL_CERTTYPES (session
);
1078 ADD_ALL_PROTOCOLS (session
);
1079 ADD_ALL_MACS (session
);
1080 ADD_ALL_KX (session
);
1082 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1084 ret
= do_handshake (session
);
1085 if (ret
== TEST_FAILED
)
1089 print_cert_info (session
, hostname
, 1);
1091 return TEST_SUCCEED
;
1094 /* A callback function to be used at the certificate selection time.
1097 cert_callback (gnutls_session_t session
,
1098 const gnutls_datum_t
* req_ca_rdn
, int nreqs
,
1099 const gnutls_pk_algorithm_t
* sign_algos
,
1100 int sign_algos_length
, gnutls_retr_st
* st
)
1102 char issuer_dn
[256];
1109 /* Print the server's trusted CAs
1113 printf ("- Server's trusted authorities:\n");
1115 printf ("- Server did not send us any trusted authorities names.\n");
1117 /* print the names (if any) */
1118 for (i
= 0; i
< nreqs
; i
++)
1120 len
= sizeof (issuer_dn
);
1121 ret
= gnutls_x509_rdn_get (&req_ca_rdn
[i
], issuer_dn
, &len
);
1124 printf (" [%d]: ", i
);
1125 printf ("%s\n", issuer_dn
);
1133 /* Prints the trusted server's CAs. This is only
1134 * if the server sends a certificate request packet.
1137 test_server_cas (gnutls_session_t session
)
1144 ADD_ALL_CIPHERS (session
);
1145 ADD_ALL_COMP (session
);
1146 ADD_ALL_CERTTYPES (session
);
1147 ADD_ALL_PROTOCOLS (session
);
1148 ADD_ALL_MACS (session
);
1149 ADD_ALL_KX (session
);
1151 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1152 gnutls_certificate_client_set_retrieve_function (xcred
, cert_callback
);
1154 ret
= do_handshake (session
);
1155 gnutls_certificate_client_set_retrieve_function (xcred
, NULL
);
1157 if (ret
== TEST_FAILED
)
1159 return TEST_SUCCEED
;