search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix dangling/unused bindings in `(gnutls)'.
[gnutls.git] / src / tests.c
blob130b5e16e080ca8a391aa235bf6de11c08a60bf7
1 /*
2 * Copyright (C) 2004, 2006, 2007 Free Software Foundation
3 * Copyright (C) 2000,2001,2002,2003 Nikos Mavrogiannopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <gnutls/gnutls.h>
23 #include <gnutls/extra.h>
24 #include <gnutls/x509.h>
25
26 #ifndef _WIN32
27 # include <unistd.h>
28 # include <signal.h>
29 #else
30 # include <errno.h>
31 #endif
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <common.h>
37 #include <tests.h>
38
39 extern gnutls_srp_client_credentials_t srp_cred;
40 extern gnutls_anon_client_credentials_t anon_cred;
41 extern gnutls_certificate_credentials_t xcred;
42
43 extern int verbose;
44
45 int tls1_ok = 0;
46 int ssl3_ok = 0;
47 int tls1_1_ok = 0;
48
49 /* keep session info */
50 static char *session_data = NULL;
51 static char session_id[32];
52 static size_t session_data_size = 0, session_id_size = 0;
53 static int sfree = 0;
54 static int handshake_output = 0;
55
56 int
57 do_handshake (gnutls_session_t session)
58 {
59 int ret, alert;
60
61 do
62 {
63 ret = gnutls_handshake (session);
64 }
65 while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
66
67 handshake_output = ret;
68
69 if (ret < 0 && verbose > 1)
70 {
71 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
72 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
73 {
74 alert = gnutls_alert_get (session);
75 printf ("\n");
76 printf ("*** Received alert [%d]: %s\n",
77 alert, gnutls_alert_get_name (alert));
78 }
79 }
80
81 if (ret < 0)
82 return TEST_FAILED;
83
84 gnutls_session_get_data (session, NULL, &session_data_size);
85
86 if (sfree != 0)
87 {
88 free (session_data);
89 sfree = 0;
90 }
91 session_data = malloc (session_data_size);
92 sfree = 1;
93 if (session_data == NULL)
94 {
95 fprintf (stderr, "Memory error\n");
96 exit (1);
97 }
98 gnutls_session_get_data (session, session_data, &session_data_size);
99
100 session_id_size = sizeof (session_id);
101 gnutls_session_get_id (session, session_id, &session_id_size);
102
103 return TEST_SUCCEED;
104 }
105
106 static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
107 static const int kx_priority[16] =
108 { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
109 GNUTLS_KX_ANON_DH,
110 GNUTLS_KX_RSA_EXPORT, 0
111 };
112 static const int cipher_priority[16] =
113 { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
114 GNUTLS_CIPHER_ARCFOUR_40, 0
115 };
116 static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
117 static const int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
118 static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 };
119
120 #define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority)
121 #define ADD_ALL_COMP(session) gnutls_compression_set_priority(session, comp_priority)
122 #define ADD_ALL_MACS(session) gnutls_mac_set_priority(session, mac_priority)
123 #define ADD_ALL_KX(session) gnutls_kx_set_priority(session, kx_priority)
124 #define ADD_ALL_PROTOCOLS(session) gnutls_protocol_set_priority(session, protocol_priority)
125 #define ADD_ALL_CERTTYPES(session) gnutls_certificate_type_set_priority(session, cert_type_priority)
126
127 static void
128 ADD_KX (gnutls_session_t session, int kx)
129 {
130 static int _kx_priority[] = { 0, 0 };
131 _kx_priority[0] = kx;
132
133 gnutls_kx_set_priority (session, _kx_priority);
134 }
135
136 static void
137 ADD_KX2 (gnutls_session_t session, int kx1, int kx2)
138 {
139 static int _kx_priority[] = { 0, 0, 0 };
140 _kx_priority[0] = kx1;
141 _kx_priority[1] = kx2;
142
143 gnutls_kx_set_priority (session, _kx_priority);
144 }
145
146 static void
147 ADD_CIPHER (gnutls_session_t session, int cipher)
148 {
149 static int _cipher_priority[] = { 0, 0 };
150 _cipher_priority[0] = cipher;
151
152 gnutls_cipher_set_priority (session, _cipher_priority);
153 }
154
155 static void
156 ADD_CIPHER4 (gnutls_session_t session, int cipher1, int cipher2, int cipher3,
157 int cipher4)
158 {
159 static int _cipher_priority[] = { 0, 0, 0, 0, 0 };
160 _cipher_priority[0] = cipher1;
161 _cipher_priority[1] = cipher2;
162 _cipher_priority[2] = cipher3;
163 _cipher_priority[3] = cipher4;
164
165 gnutls_cipher_set_priority (session, _cipher_priority);
166 }
167
168 static void
169 ADD_MAC (gnutls_session_t session, int mac)
170 {
171 static int _mac_priority[] = { 0, 0 };
172 _mac_priority[0] = mac;
173
174 gnutls_mac_set_priority (session, _mac_priority);
175 }
176
177 static void
178 ADD_COMP (gnutls_session_t session, int c)
179 {
180 static int _comp_priority[] = { 0, 0 };
181 _comp_priority[0] = c;
182
183 gnutls_compression_set_priority (session, _comp_priority);
184 }
185
186 static void
187 ADD_CERTTYPE (gnutls_session_t session, int ctype)
188 {
189 static int _ct_priority[] = { 0, 0 };
190 _ct_priority[0] = ctype;
191
192 gnutls_certificate_type_set_priority (session, _ct_priority);
193 }
194
195 static void
196 ADD_PROTOCOL (gnutls_session_t session, int protocol)
197 {
198 static int _proto_priority[] = { 0, 0 };
199 _proto_priority[0] = protocol;
200
201 gnutls_protocol_set_priority (session, _proto_priority);
202 }
203
204 static void
205 ADD_PROTOCOL3 (gnutls_session_t session, int p1, int p2, int p3)
206 {
207 static int _proto_priority[] = { 0, 0, 0, 0 };
208 _proto_priority[0] = p1;
209 _proto_priority[1] = p2;
210 _proto_priority[2] = p3;
211
212 gnutls_protocol_set_priority (session, _proto_priority);
213 }
214
215 #ifdef ENABLE_SRP
216 static int srp_detected;
217
218 int
219 _test_srp_username_callback (gnutls_session_t session,
220 char **username, char **password)
221 {
222 srp_detected = 1;
223
224 return -1;
225 }
226
227 test_code_t
228 test_srp (gnutls_session_t session)
229 {
230 int ret;
231
232 ADD_ALL_CIPHERS (session);
233 ADD_ALL_COMP (session);
234 ADD_ALL_CERTTYPES (session);
235 ADD_ALL_PROTOCOLS (session);
236 ADD_ALL_MACS (session);
237
238 ADD_KX (session, GNUTLS_KX_SRP);
239 srp_detected = 0;
240
241 gnutls_srp_set_client_credentials_function (srp_cred,
242 _test_srp_username_callback);
243
244 gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
245
246 ret = do_handshake (session);
247
248 gnutls_srp_set_client_credentials_function (srp_cred, NULL);
249
250 if (srp_detected != 0)
251 return TEST_SUCCEED;
252 else
253 return TEST_FAILED;
254 }
255 #endif
256
257 test_code_t
258 test_server (gnutls_session_t session)
259 {
260 int ret, i = 0;
261 char buf[5 * 1024];
262 char *p;
263 const char snd_buf[] = "GET / HTTP/1.0\n\n";
264
265 if (verbose == 0)
266 return TEST_UNSURE;
267
268 buf[sizeof (buf) - 1] = 0;
269
270 ADD_ALL_CIPHERS (session);
271 ADD_ALL_COMP (session);
272 ADD_ALL_CERTTYPES (session);
273 ADD_ALL_PROTOCOLS (session);
274 ADD_ALL_MACS (session);
275 ADD_ALL_KX (session);
276
277 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
278
279 ret = do_handshake (session);
280 if (ret != TEST_SUCCEED)
281 return TEST_FAILED;
282
283 gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1);
284 ret = gnutls_record_recv (session, buf, sizeof (buf) - 1);
285 if (ret < 0)
286 return TEST_FAILED;
287
288 p = strstr (buf, "Server:");
289 if (p != NULL)
290 p = strchr (p, ':');
291 if (p != NULL)
292 {
293 p++;
294 while (*p != 0 && *p != '\r' && *p != '\n')
295 {
296 putc (*p, stdout);
297 p++;
298 i++;
299 if (i > 128)
300 break;
301 }
302 }
303
304 return TEST_SUCCEED;
305 }
306
307
308 static int export_true = 0;
309 static gnutls_datum_t exp = { NULL, 0 }, mod =
310
311 {
312 NULL, 0};
313
314 test_code_t
315 test_export (gnutls_session_t session)
316 {
317 int ret;
318
319 ADD_ALL_COMP (session);
320 ADD_ALL_CERTTYPES (session);
321 ADD_ALL_PROTOCOLS (session);
322 ADD_ALL_MACS (session);
323
324 ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
325 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
326 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
327
328 ret = do_handshake (session);
329
330 if (ret == TEST_SUCCEED)
331 {
332 export_true = 1;
333 gnutls_rsa_export_get_pubkey (session, &exp, &mod);
334 }
335
336 return ret;
337 }
338
339 test_code_t
340 test_export_info (gnutls_session_t session)
341 {
342 int ret2, ret;
343 gnutls_datum_t exp2, mod2;
344 const char *print;
345
346 if (verbose == 0 || export_true == 0)
347 return TEST_IGNORE;
348
349 ADD_ALL_COMP (session);
350 ADD_ALL_CERTTYPES (session);
351 ADD_ALL_PROTOCOLS (session);
352 ADD_ALL_MACS (session);
353
354 ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
355 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
356 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
357
358 ret = do_handshake (session);
359
360 if (ret == TEST_SUCCEED)
361 {
362 ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2);
363 if (ret2 >= 0)
364 {
365 printf ("\n");
366
367 print = raw_to_string (exp2.data, exp2.size);
368 if (print)
369 printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
370
371 print = raw_to_string (mod2.data, mod2.size);
372 if (print)
373 printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
374
375 if (mod2.size != mod.size || exp2.size != exp.size ||
376 memcmp (mod2.data, mod.data, mod.size) != 0 ||
377 memcmp (exp2.data, exp.data, exp.size) != 0)
378 {
379 printf
380 (" (server uses different public keys per connection)\n");
381 }
382 }
383 }
384
385 return ret;
386
387 }
388
389 static gnutls_datum_t pubkey = { NULL, 0 };
390
391 test_code_t
392 test_dhe (gnutls_session_t session)
393 {
394 int ret;
395
396 ADD_ALL_CIPHERS (session);
397 ADD_ALL_COMP (session);
398 ADD_ALL_CERTTYPES (session);
399 ADD_ALL_PROTOCOLS (session);
400 ADD_ALL_MACS (session);
401
402 ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
403 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
404
405 ret = do_handshake (session);
406
407 gnutls_dh_get_pubkey (session, &pubkey);
408
409 return ret;
410 }
411
412 test_code_t
413 test_dhe_group (gnutls_session_t session)
414 {
415 int ret, ret2;
416 gnutls_datum_t gen, prime, pubkey2;
417 const char *print;
418
419 if (verbose == 0 || pubkey.data == NULL)
420 return TEST_IGNORE;
421
422 ADD_ALL_CIPHERS (session);
423 ADD_ALL_COMP (session);
424 ADD_ALL_CERTTYPES (session);
425 ADD_ALL_PROTOCOLS (session);
426 ADD_ALL_MACS (session);
427
428 ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
429 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
430
431 ret = do_handshake (session);
432
433 ret2 = gnutls_dh_get_group (session, &gen, &prime);
434 if (ret2 >= 0)
435 {
436 printf ("\n");
437
438 print = raw_to_string (gen.data, gen.size);
439 if (print)
440 printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
441
442 print = raw_to_string (prime.data, prime.size);
443 if (print)
444 printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
445
446 gnutls_dh_get_pubkey (session, &pubkey2);
447 print = raw_to_string (pubkey2.data, pubkey2.size);
448 if (print)
449 printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
450
451 if (pubkey2.data && pubkey2.size == pubkey.size &&
452 memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
453 {
454 printf (" (public key seems to be static among sessions)\n");
455 }
456 }
457 return ret;
458 }
459
460 test_code_t
461 test_ssl3 (gnutls_session_t session)
462 {
463 int ret;
464 ADD_ALL_CIPHERS (session);
465 ADD_ALL_COMP (session);
466 ADD_ALL_CERTTYPES (session);
467 ADD_PROTOCOL (session, GNUTLS_SSL3);
468 ADD_ALL_MACS (session);
469 ADD_ALL_KX (session);
470 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
471
472 ret = do_handshake (session);
473 if (ret == TEST_SUCCEED)
474 ssl3_ok = 1;
475
476 return ret;
477 }
478
479 static int alrm = 0;
480 void
481 got_alarm (int k)
482 {
483 alrm = 1;
484 }
485
486 test_code_t
487 test_bye (gnutls_session_t session)
488 {
489 int ret;
490 char data[20];
491 int old, secs = 6;
492
493 #ifndef _WIN32
494 signal (SIGALRM, got_alarm);
495 #endif
496
497 ADD_ALL_CIPHERS (session);
498 ADD_ALL_COMP (session);
499 ADD_ALL_CERTTYPES (session);
500 ADD_ALL_PROTOCOLS (session);
501 ADD_ALL_MACS (session);
502 ADD_ALL_KX (session);
503 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
504
505 ret = do_handshake (session);
506 if (ret == TEST_FAILED)
507 return ret;
508
509 ret = gnutls_bye (session, GNUTLS_SHUT_WR);
510 if (ret < 0)
511 return TEST_FAILED;
512
513 #ifndef _WIN32
514 old = siginterrupt (SIGALRM, 1);
515 alarm (secs);
516 #else
517 setsockopt (gnutls_transport_get_ptr (session), SOL_SOCKET, SO_RCVTIMEO,
518 (char *) &secs, sizeof (int));
519 #endif
520
521 do
522 {
523 ret = gnutls_record_recv (session, data, sizeof (data));
524 }
525 while (ret > 0);
526
527 #ifndef _WIN32
528 siginterrupt (SIGALRM, old);
529 #else
530 if (WSAGetLastError () == WSAETIMEDOUT ||
531 WSAGetLastError () == WSAECONNABORTED)
532 alrm = 1;
533 #endif
534 if (ret == 0)
535 return TEST_SUCCEED;
536
537 if (alrm == 0)
538 return TEST_UNSURE;
539
540 return TEST_FAILED;
541 }
542
543
544
545 test_code_t
546 test_aes (gnutls_session_t session)
547 {
548 int ret;
549 ADD_CIPHER (session, GNUTLS_CIPHER_AES_128_CBC);
550 ADD_ALL_COMP (session);
551 ADD_ALL_CERTTYPES (session);
552 ADD_ALL_PROTOCOLS (session);
553 ADD_ALL_MACS (session);
554 ADD_ALL_KX (session);
555 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
556
557 ret = do_handshake (session);
558 return ret;
559 }
560
561 #ifdef ENABLE_CAMELLIA
562 test_code_t
563 test_camellia (gnutls_session_t session)
564 {
565 int ret;
566 ADD_CIPHER (session, GNUTLS_CIPHER_CAMELLIA_128_CBC);
567 ADD_ALL_COMP (session);
568 ADD_ALL_CERTTYPES (session);
569 ADD_ALL_PROTOCOLS (session);
570 ADD_ALL_MACS (session);
571 ADD_ALL_KX (session);
572 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
573
574 ret = do_handshake (session);
575 return ret;
576 }
577 #endif
578
579 test_code_t
580 test_openpgp1 (gnutls_session_t session)
581 {
582 int ret;
583 ADD_ALL_CIPHERS (session);
584 ADD_ALL_COMP (session);
585 ADD_CERTTYPE (session, GNUTLS_CRT_OPENPGP);
586 ADD_ALL_PROTOCOLS (session);
587 ADD_ALL_MACS (session);
588 ADD_ALL_KX (session);
589 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
590
591 ret = do_handshake (session);
592 if (ret == TEST_FAILED)
593 return ret;
594
595 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_OPENPGP)
596 return TEST_SUCCEED;
597
598 return TEST_FAILED;
599 }
600
601 test_code_t
602 test_unknown_ciphersuites (gnutls_session_t session)
603 {
604 int ret;
605 #ifdef ENABLE_CAMELLIA
606 ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
607 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_ARCFOUR_128);
608 #else
609 ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
610 GNUTLS_CIPHER_ARCFOUR_128, 0);
611 #endif
612 ADD_ALL_COMP (session);
613 ADD_ALL_CERTTYPES (session);
614 ADD_ALL_PROTOCOLS (session);
615 ADD_ALL_MACS (session);
616 ADD_ALL_KX (session);
617 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
618
619 ret = do_handshake (session);
620 return ret;
621 }
622
623 test_code_t
624 test_md5 (gnutls_session_t session)
625 {
626 int ret;
627 ADD_ALL_CIPHERS (session);
628 ADD_ALL_COMP (session);
629 ADD_ALL_CERTTYPES (session);
630 ADD_ALL_PROTOCOLS (session);
631 ADD_MAC (session, GNUTLS_MAC_MD5);
632 ADD_ALL_KX (session);
633 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
634
635 ret = do_handshake (session);
636 return ret;
637 }
638
639 #ifdef HAVE_LIBZ
640 test_code_t
641 test_zlib (gnutls_session_t session)
642 {
643 int ret;
644 ADD_ALL_CIPHERS (session);
645 ADD_COMP (session, GNUTLS_COMP_ZLIB);
646 ADD_ALL_CERTTYPES (session);
647 ADD_ALL_PROTOCOLS (session);
648 ADD_ALL_MACS (session);
649 ADD_ALL_KX (session);
650 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
651
652 ret = do_handshake (session);
653 return ret;
654 }
655 #endif
656
657 test_code_t
658 test_lzo (gnutls_session_t session)
659 {
660 int ret;
661 gnutls_handshake_set_private_extensions (session, 1);
662
663 ADD_ALL_CIPHERS (session);
664 ADD_COMP (session, GNUTLS_COMP_LZO);
665 ADD_ALL_CERTTYPES (session);
666 ADD_ALL_PROTOCOLS (session);
667 ADD_ALL_MACS (session);
668 ADD_ALL_KX (session);
669 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
670
671 ret = do_handshake (session);
672
673 return ret;
674 }
675
676 test_code_t
677 test_sha (gnutls_session_t session)
678 {
679 int ret;
680 ADD_ALL_CIPHERS (session);
681 ADD_ALL_COMP (session);
682 ADD_ALL_CERTTYPES (session);
683 ADD_ALL_PROTOCOLS (session);
684 ADD_MAC (session, GNUTLS_MAC_SHA1);
685 ADD_ALL_KX (session);
686 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
687
688 ret = do_handshake (session);
689 return ret;
690 }
691
692 test_code_t
693 test_3des (gnutls_session_t session)
694 {
695 int ret;
696 ADD_CIPHER (session, GNUTLS_CIPHER_3DES_CBC);
697 ADD_ALL_COMP (session);
698 ADD_ALL_CERTTYPES (session);
699 ADD_ALL_PROTOCOLS (session);
700 ADD_ALL_MACS (session);
701 ADD_ALL_KX (session);
702 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
703
704 ret = do_handshake (session);
705 return ret;
706 }
707
708 test_code_t
709 test_arcfour (gnutls_session_t session)
710 {
711 int ret;
712 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_128);
713 ADD_ALL_COMP (session);
714 ADD_ALL_CERTTYPES (session);
715 ADD_ALL_PROTOCOLS (session);
716 ADD_ALL_MACS (session);
717 ADD_ALL_KX (session);
718 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
719
720 ret = do_handshake (session);
721 return ret;
722 }
723
724 test_code_t
725 test_arcfour_40 (gnutls_session_t session)
726 {
727 int ret;
728 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
729 ADD_ALL_COMP (session);
730 ADD_ALL_CERTTYPES (session);
731 ADD_ALL_PROTOCOLS (session);
732 ADD_ALL_MACS (session);
733 ADD_ALL_KX (session);
734 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
735
736 ret = do_handshake (session);
737 return ret;
738 }
739
740 test_code_t
741 test_tls1 (gnutls_session_t session)
742 {
743 int ret;
744 ADD_ALL_CIPHERS (session);
745 ADD_ALL_COMP (session);
746 ADD_ALL_CERTTYPES (session);
747 ADD_PROTOCOL (session, GNUTLS_TLS1);
748 ADD_ALL_MACS (session);
749 ADD_ALL_KX (session);
750 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
751
752 ret = do_handshake (session);
753 if (ret == TEST_SUCCEED)
754 tls1_ok = 1;
755
756 return ret;
757
758 }
759
760 test_code_t
761 test_tls1_1 (gnutls_session_t session)
762 {
763 int ret;
764 ADD_ALL_CIPHERS (session);
765 ADD_ALL_COMP (session);
766 ADD_ALL_CERTTYPES (session);
767 ADD_PROTOCOL (session, GNUTLS_TLS1_1);
768 ADD_ALL_MACS (session);
769 ADD_ALL_KX (session);
770 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
771
772 ret = do_handshake (session);
773 if (ret == TEST_SUCCEED)
774 tls1_1_ok = 1;
775
776 return ret;
777
778 }
779
780 test_code_t
781 test_tls1_1_fallback (gnutls_session_t session)
782 {
783 int ret;
784 if (tls1_1_ok)
785 return TEST_IGNORE;
786
787 ADD_ALL_CIPHERS (session);
788 ADD_ALL_COMP (session);
789 ADD_ALL_CERTTYPES (session);
790 ADD_PROTOCOL3 (session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3);
791 ADD_ALL_MACS (session);
792 ADD_ALL_KX (session);
793 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
794
795 ret = do_handshake (session);
796 if (ret != TEST_SUCCEED)
797 return TEST_FAILED;
798
799 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
800 return TEST_SUCCEED;
801 else if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
802 return TEST_UNSURE;
803
804 return TEST_FAILED;
805
806 }
807
808 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
809 * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
810 */
811 test_code_t
812 test_tls_disable (gnutls_session_t session)
813 {
814 int ret;
815 if (tls1_ok != 0)
816 return TEST_IGNORE;
817
818 ADD_ALL_CIPHERS (session);
819 ADD_ALL_COMP (session);
820 ADD_ALL_CERTTYPES (session);
821 ADD_ALL_PROTOCOLS (session);
822 ADD_ALL_MACS (session);
823 ADD_ALL_KX (session);
824 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
825
826 ret = do_handshake (session);
827 if (ret == TEST_FAILED)
828 {
829 /* disable TLS 1.0 */
830 if (ssl3_ok != 0)
831 {
832 protocol_priority[0] = GNUTLS_SSL3;
833 protocol_priority[1] = 0;
834 }
835 }
836 return ret;
837
838 }
839
840 test_code_t
841 test_rsa_pms (gnutls_session_t session)
842 {
843 int ret;
844
845 /* here we enable both SSL 3.0 and TLS 1.0
846 * and try to connect and use rsa authentication.
847 * If the server is old, buggy and only supports
848 * SSL 3.0 then the handshake will fail.
849 */
850 ADD_ALL_CIPHERS (session);
851 ADD_ALL_COMP (session);
852 ADD_ALL_CERTTYPES (session);
853 ADD_ALL_PROTOCOLS (session);
854 ADD_ALL_MACS (session);
855 ADD_KX (session, GNUTLS_KX_RSA);
856 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
857
858 ret = do_handshake (session);
859 if (ret == TEST_FAILED)
860 return TEST_FAILED;
861
862 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
863 return TEST_SUCCEED;
864 return TEST_UNSURE;
865 }
866
867 test_code_t
868 test_max_record_size (gnutls_session_t session)
869 {
870 int ret;
871 ADD_ALL_CIPHERS (session);
872 ADD_ALL_COMP (session);
873 ADD_ALL_CERTTYPES (session);
874 ADD_ALL_PROTOCOLS (session);
875 ADD_ALL_MACS (session);
876 ADD_ALL_KX (session);
877 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
878 gnutls_record_set_max_size (session, 512);
879
880 ret = do_handshake (session);
881 if (ret == TEST_FAILED)
882 return ret;
883
884 ret = gnutls_record_get_max_size (session);
885 if (ret == 512)
886 return TEST_SUCCEED;
887
888 return TEST_FAILED;
889 }
890
891 test_code_t
892 test_hello_extension (gnutls_session_t session)
893 {
894 int ret;
895 ADD_ALL_CIPHERS (session);
896 ADD_ALL_COMP (session);
897 ADD_ALL_CERTTYPES (session);
898 ADD_ALL_PROTOCOLS (session);
899 ADD_ALL_MACS (session);
900 ADD_ALL_KX (session);
901 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
902 gnutls_record_set_max_size (session, 512);
903
904 ret = do_handshake (session);
905 return ret;
906 }
907
908 void _gnutls_record_set_default_version (gnutls_session_t session,
909 unsigned char major,
910 unsigned char minor);
911
912 test_code_t
913 test_version_rollback (gnutls_session_t session)
914 {
915 int ret;
916 if (tls1_ok == 0)
917 return TEST_IGNORE;
918
919 /* here we enable both SSL 3.0 and TLS 1.0
920 * and we connect using a 3.1 client hello version,
921 * and a 3.0 record version. Some implementations
922 * are buggy (and vulnerable to man in the middle
923 * attacks which allow a version downgrade) and this
924 * connection will fail.
925 */
926 ADD_ALL_CIPHERS (session);
927 ADD_ALL_COMP (session);
928 ADD_ALL_CERTTYPES (session);
929 ADD_ALL_PROTOCOLS (session);
930 ADD_ALL_MACS (session);
931 ADD_ALL_KX (session);
932 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
933 _gnutls_record_set_default_version (session, 3, 0);
934
935 ret = do_handshake (session);
936 if (ret != TEST_SUCCEED)
937 return ret;
938
939 if (tls1_ok != 0 && gnutls_protocol_get_version (session) == GNUTLS_SSL3)
940 return TEST_FAILED;
941
942 return TEST_SUCCEED;
943 }
944
945 /* See if the server tolerates out of bounds
946 * record layer versions in the first client hello
947 * message.
948 */
949 test_code_t
950 test_version_oob (gnutls_session_t session)
951 {
952 int ret;
953 /* here we enable both SSL 3.0 and TLS 1.0
954 * and we connect using a 5.5 record version.
955 */
956 ADD_ALL_CIPHERS (session);
957 ADD_ALL_COMP (session);
958 ADD_ALL_CERTTYPES (session);
959 ADD_ALL_PROTOCOLS (session);
960 ADD_ALL_MACS (session);
961 ADD_ALL_KX (session);
962 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
963 _gnutls_record_set_default_version (session, 5, 5);
964
965 ret = do_handshake (session);
966 return ret;
967 }
968
969 void _gnutls_rsa_pms_set_version (gnutls_session_t session,
970 unsigned char major, unsigned char minor);
971
972 test_code_t
973 test_rsa_pms_version_check (gnutls_session_t session)
974 {
975 int ret;
976 /* here we use an arbitary version in the RSA PMS
977 * to see whether to server will check this version.
978 *
979 * A normal server would abort this handshake.
980 */
981 ADD_ALL_CIPHERS (session);
982 ADD_ALL_COMP (session);
983 ADD_ALL_CERTTYPES (session);
984 ADD_ALL_PROTOCOLS (session);
985 ADD_ALL_MACS (session);
986 ADD_ALL_KX (session);
987 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
988 _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
989
990 ret = do_handshake (session);
991 return ret;
992
993 }
994
995 #ifdef ENABLE_ANON
996 test_code_t
997 test_anonymous (gnutls_session_t session)
998 {
999 int ret;
1000
1001 ADD_ALL_CIPHERS (session);
1002 ADD_ALL_COMP (session);
1003 ADD_ALL_CERTTYPES (session);
1004 ADD_ALL_PROTOCOLS (session);
1005 ADD_ALL_MACS (session);
1006 ADD_KX (session, GNUTLS_KX_ANON_DH);
1007 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1008
1009 ret = do_handshake (session);
1010
1011 if (ret == TEST_SUCCEED)
1012 gnutls_dh_get_pubkey (session, &pubkey);
1013
1014 return ret;
1015 }
1016 #endif
1017
1018 test_code_t
1019 test_session_resume2 (gnutls_session_t session)
1020 {
1021 int ret;
1022 char tmp_session_id[32];
1023 int tmp_session_id_size;
1024
1025 if (session == NULL)
1026 return TEST_IGNORE;
1027
1028 ADD_ALL_CIPHERS (session);
1029 ADD_ALL_COMP (session);
1030 ADD_ALL_CERTTYPES (session);
1031 ADD_ALL_PROTOCOLS (session);
1032 ADD_ALL_MACS (session);
1033 ADD_ALL_KX (session);
1034
1035 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1036 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1037
1038 gnutls_session_set_data (session, session_data, session_data_size);
1039
1040 memcpy (tmp_session_id, session_id, session_id_size);
1041 tmp_session_id_size = session_id_size;
1042
1043 ret = do_handshake (session);
1044 if (ret == TEST_FAILED)
1045 return ret;
1046
1047 /* check if we actually resumed the previous session */
1048
1049 session_id_size = sizeof (session_id);
1050 gnutls_session_get_id (session, session_id, &session_id_size);
1051
1052 if (session_id_size == 0)
1053 return TEST_FAILED;
1054
1055 if (gnutls_session_is_resumed (session))
1056 return TEST_SUCCEED;
1057
1058 if (tmp_session_id_size == session_id_size &&
1059 memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0)
1060 return TEST_SUCCEED;
1061 else
1062 return TEST_FAILED;
1063 }
1064
1065 extern char *hostname;
1066
1067 test_code_t
1068 test_certificate (gnutls_session_t session)
1069 {
1070 int ret;
1071
1072 if (verbose == 0)
1073 return TEST_IGNORE;
1074
1075 ADD_ALL_CIPHERS (session);
1076 ADD_ALL_COMP (session);
1077 ADD_ALL_CERTTYPES (session);
1078 ADD_ALL_PROTOCOLS (session);
1079 ADD_ALL_MACS (session);
1080 ADD_ALL_KX (session);
1081
1082 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1083
1084 ret = do_handshake (session);
1085 if (ret == TEST_FAILED)
1086 return ret;
1087
1088 printf ("\n");
1089 print_cert_info (session, hostname);
1090
1091 return TEST_SUCCEED;
1092 }
1093
1094 /* A callback function to be used at the certificate selection time.
1095 */
1096 static int
1097 cert_callback (gnutls_session_t session,
1098 const gnutls_datum_t * req_ca_rdn, int nreqs,
1099 const gnutls_pk_algorithm_t * sign_algos,
1100 int sign_algos_length, gnutls_retr_st * st)
1101 {
1102 char issuer_dn[256];
1103 int i, ret;
1104 size_t len;
1105
1106 if (verbose == 0)
1107 return -1;
1108
1109 /* Print the server's trusted CAs
1110 */
1111 printf ("\n");
1112 if (nreqs > 0)
1113 printf ("- Server's trusted authorities:\n");
1114 else
1115 printf ("- Server did not send us any trusted authorities names.\n");
1116
1117 /* print the names (if any) */
1118 for (i = 0; i < nreqs; i++)
1119 {
1120 len = sizeof (issuer_dn);
1121 ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
1122 if (ret >= 0)
1123 {
1124 printf (" [%d]: ", i);
1125 printf ("%s\n", issuer_dn);
1126 }
1127 }
1128
1129 return -1;
1130
1131 }
1132
1133 /* Prints the trusted server's CAs. This is only
1134 * if the server sends a certificate request packet.
1135 */
1136 test_code_t
1137 test_server_cas (gnutls_session_t session)
1138 {
1139 int ret;
1140
1141 if (verbose == 0)
1142 return TEST_IGNORE;
1143
1144 ADD_ALL_CIPHERS (session);
1145 ADD_ALL_COMP (session);
1146 ADD_ALL_CERTTYPES (session);
1147 ADD_ALL_PROTOCOLS (session);
1148 ADD_ALL_MACS (session);
1149 ADD_ALL_KX (session);
1150
1151 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1152 gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
1153
1154 ret = do_handshake (session);
1155 gnutls_certificate_client_set_retrieve_function (xcred, NULL);
1156
1157 if (ret == TEST_FAILED)
1158 return ret;
1159 return TEST_SUCCEED;
1160 }
Implementation of the SSL/TLS protocol