search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update `NEWS'.
[gnutls.git] / src / tests.c
blobbc9bc11be9ad400a5efcd57694b3575c5c6d739d
1 /*
2 * Copyright (C) 2004, 2006, 2007 Free Software Foundation
3 * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22 #include <config.h>
23 #include <gnutls/gnutls.h>
24 #include <gnutls/extra.h>
25 #include <gnutls/x509.h>
26
27 #ifndef _WIN32
28 # include <unistd.h>
29 # include <signal.h>
30 #else
31 # include <errno.h>
32 #endif
33
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <common.h>
38 #include <tests.h>
39
40 extern gnutls_srp_client_credentials_t srp_cred;
41 extern gnutls_anon_client_credentials_t anon_cred;
42 extern gnutls_certificate_credentials_t xcred;
43
44 extern int verbose;
45
46 int tls1_ok = 0;
47 int ssl3_ok = 0;
48 int tls1_1_ok = 0;
49
50 /* keep session info */
51 static char *session_data = NULL;
52 static char session_id[32];
53 static int session_data_size = 0, session_id_size = 0;
54 static int sfree = 0;
55 static int handshake_output = 0;
56
57 int
58 do_handshake (gnutls_session_t session)
59 {
60 int ret, alert;
61
62 do
63 {
64 ret = gnutls_handshake (session);
65 }
66 while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
67
68 handshake_output = ret;
69
70 if (ret < 0 && verbose > 1)
71 {
72 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
73 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
74 {
75 alert = gnutls_alert_get (session);
76 printf ("\n");
77 printf ("*** Received alert [%d]: %s\n",
78 alert, gnutls_alert_get_name (alert));
79 }
80 }
81
82 if (ret < 0)
83 return TEST_FAILED;
84
85 gnutls_session_get_data (session, NULL, &session_data_size);
86
87 if (sfree != 0)
88 {
89 free (session_data);
90 sfree = 0;
91 }
92 session_data = malloc (session_data_size);
93 sfree = 1;
94 if (session_data == NULL)
95 {
96 fprintf (stderr, "Memory error\n");
97 exit (1);
98 }
99 gnutls_session_get_data (session, session_data, &session_data_size);
100
101 session_id_size = sizeof (session_id);
102 gnutls_session_get_id (session, session_id, &session_id_size);
103
104 return TEST_SUCCEED;
105 }
106
107 static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
108 static const int kx_priority[16] =
109 { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
110 GNUTLS_KX_ANON_DH,
111 GNUTLS_KX_RSA_EXPORT, 0
112 };
113 static const int cipher_priority[16] =
114 { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
115 GNUTLS_CIPHER_ARCFOUR_40, 0
116 };
117 static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
118 static const int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
119 static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 };
120
121 #define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority)
122 #define ADD_ALL_COMP(session) gnutls_compression_set_priority(session, comp_priority)
123 #define ADD_ALL_MACS(session) gnutls_mac_set_priority(session, mac_priority)
124 #define ADD_ALL_KX(session) gnutls_kx_set_priority(session, kx_priority)
125 #define ADD_ALL_PROTOCOLS(session) gnutls_protocol_set_priority(session, protocol_priority)
126 #define ADD_ALL_CERTTYPES(session) gnutls_certificate_type_set_priority(session, cert_type_priority)
127
128 static void
129 ADD_KX (gnutls_session_t session, int kx)
130 {
131 static int _kx_priority[] = { 0, 0 };
132 _kx_priority[0] = kx;
133
134 gnutls_kx_set_priority (session, _kx_priority);
135 }
136
137 static void
138 ADD_KX2 (gnutls_session_t session, int kx1, int kx2)
139 {
140 static int _kx_priority[] = { 0, 0, 0 };
141 _kx_priority[0] = kx1;
142 _kx_priority[1] = kx2;
143
144 gnutls_kx_set_priority (session, _kx_priority);
145 }
146
147 static void
148 ADD_CIPHER (gnutls_session_t session, int cipher)
149 {
150 static int _cipher_priority[] = { 0, 0 };
151 _cipher_priority[0] = cipher;
152
153 gnutls_cipher_set_priority (session, _cipher_priority);
154 }
155
156 static void
157 ADD_CIPHER4 (gnutls_session_t session, int cipher1, int cipher2, int cipher3,
158 int cipher4)
159 {
160 static int _cipher_priority[] = { 0, 0, 0, 0, 0 };
161 _cipher_priority[0] = cipher1;
162 _cipher_priority[1] = cipher2;
163 _cipher_priority[2] = cipher3;
164 _cipher_priority[3] = cipher4;
165
166 gnutls_cipher_set_priority (session, _cipher_priority);
167 }
168
169 static void
170 ADD_MAC (gnutls_session_t session, int mac)
171 {
172 static int _mac_priority[] = { 0, 0 };
173 _mac_priority[0] = mac;
174
175 gnutls_mac_set_priority (session, _mac_priority);
176 }
177
178 static void
179 ADD_COMP (gnutls_session_t session, int c)
180 {
181 static int _comp_priority[] = { 0, 0 };
182 _comp_priority[0] = c;
183
184 gnutls_compression_set_priority (session, _comp_priority);
185 }
186
187 static void
188 ADD_CERTTYPE (gnutls_session_t session, int ctype)
189 {
190 static int _ct_priority[] = { 0, 0 };
191 _ct_priority[0] = ctype;
192
193 gnutls_certificate_type_set_priority (session, _ct_priority);
194 }
195
196 static void
197 ADD_PROTOCOL (gnutls_session_t session, int protocol)
198 {
199 static int _proto_priority[] = { 0, 0 };
200 _proto_priority[0] = protocol;
201
202 gnutls_protocol_set_priority (session, _proto_priority);
203 }
204
205 static void
206 ADD_PROTOCOL3 (gnutls_session_t session, int p1, int p2, int p3)
207 {
208 static int _proto_priority[] = { 0, 0, 0, 0 };
209 _proto_priority[0] = p1;
210 _proto_priority[1] = p2;
211 _proto_priority[2] = p3;
212
213 gnutls_protocol_set_priority (session, _proto_priority);
214 }
215
216 #ifdef ENABLE_SRP
217 static int srp_detected;
218
219 int
220 _test_srp_username_callback (gnutls_session_t session, unsigned int times,
221 char **username, char **password)
222 {
223 if (times == 1)
224 {
225 srp_detected = 1;
226 }
227
228 return -1;
229 }
230
231 test_code_t
232 test_srp (gnutls_session_t session)
233 {
234 int ret;
235
236 ADD_ALL_CIPHERS (session);
237 ADD_ALL_COMP (session);
238 ADD_ALL_CERTTYPES (session);
239 ADD_ALL_PROTOCOLS (session);
240 ADD_ALL_MACS (session);
241
242 ADD_KX (session, GNUTLS_KX_SRP);
243 srp_detected = 0;
244
245 gnutls_srp_set_client_credentials_function (srp_cred,
246 _test_srp_username_callback);
247
248 gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
249
250 ret = do_handshake (session);
251
252 gnutls_srp_set_client_credentials_function (srp_cred, NULL);
253
254 if (srp_detected != 0)
255 return TEST_SUCCEED;
256 else
257 return TEST_FAILED;
258 }
259 #endif
260
261 test_code_t
262 test_server (gnutls_session_t session)
263 {
264 int ret, i = 0;
265 char buf[5 * 1024];
266 char *p;
267 const char snd_buf[] = "GET / HTTP/1.0\n\n";
268
269 if (verbose == 0)
270 return TEST_UNSURE;
271
272 buf[sizeof (buf) - 1] = 0;
273
274 ADD_ALL_CIPHERS (session);
275 ADD_ALL_COMP (session);
276 ADD_ALL_CERTTYPES (session);
277 ADD_ALL_PROTOCOLS (session);
278 ADD_ALL_MACS (session);
279 ADD_ALL_KX (session);
280
281 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
282
283 ret = do_handshake (session);
284 if (ret != TEST_SUCCEED)
285 return TEST_FAILED;
286
287 gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1);
288 ret = gnutls_record_recv (session, buf, sizeof (buf) - 1);
289 if (ret < 0)
290 return TEST_FAILED;
291
292 p = strstr (buf, "Server:");
293 if (p != NULL)
294 p = strchr (p, ':');
295 if (p != NULL)
296 {
297 p++;
298 while (*p != 0 && *p != '\r' && *p != '\n')
299 {
300 putc (*p, stdout);
301 p++;
302 i++;
303 if (i > 128)
304 break;
305 }
306 }
307
308 return TEST_SUCCEED;
309 }
310
311
312 static int export_true = 0;
313 static gnutls_datum_t exp = { NULL, 0 }, mod =
314
315 {
316 NULL, 0};
317
318 test_code_t
319 test_export (gnutls_session_t session)
320 {
321 int ret;
322
323 ADD_ALL_COMP (session);
324 ADD_ALL_CERTTYPES (session);
325 ADD_ALL_PROTOCOLS (session);
326 ADD_ALL_MACS (session);
327
328 ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
329 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
330 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
331
332 ret = do_handshake (session);
333
334 if (ret == TEST_SUCCEED)
335 {
336 export_true = 1;
337 gnutls_rsa_export_get_pubkey (session, &exp, &mod);
338 }
339
340 return ret;
341 }
342
343 test_code_t
344 test_export_info (gnutls_session_t session)
345 {
346 int ret2, ret;
347 gnutls_datum_t exp2, mod2;
348 const char *print;
349
350 if (verbose == 0 || export_true == 0)
351 return TEST_IGNORE;
352
353 ADD_ALL_COMP (session);
354 ADD_ALL_CERTTYPES (session);
355 ADD_ALL_PROTOCOLS (session);
356 ADD_ALL_MACS (session);
357
358 ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
359 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
360 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
361
362 ret = do_handshake (session);
363
364 if (ret == TEST_SUCCEED)
365 {
366 ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2);
367 if (ret2 >= 0)
368 {
369 printf ("\n");
370
371 print = raw_to_string (exp2.data, exp2.size);
372 if (print)
373 printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
374
375 print = raw_to_string (mod2.data, mod2.size);
376 if (print)
377 printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
378
379 if (mod2.size != mod.size || exp2.size != exp.size ||
380 memcmp (mod2.data, mod.data, mod.size) != 0 ||
381 memcmp (exp2.data, exp.data, exp.size) != 0)
382 {
383 printf
384 (" (server uses different public keys per connection)\n");
385 }
386 }
387 }
388
389 return ret;
390
391 }
392
393 static gnutls_datum_t pubkey = { NULL, 0 };
394
395 test_code_t
396 test_dhe (gnutls_session_t session)
397 {
398 int ret;
399
400 ADD_ALL_CIPHERS (session);
401 ADD_ALL_COMP (session);
402 ADD_ALL_CERTTYPES (session);
403 ADD_ALL_PROTOCOLS (session);
404 ADD_ALL_MACS (session);
405
406 ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
407 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
408
409 ret = do_handshake (session);
410
411 gnutls_dh_get_pubkey (session, &pubkey);
412
413 return ret;
414 }
415
416 test_code_t
417 test_dhe_group (gnutls_session_t session)
418 {
419 int ret, ret2;
420 gnutls_datum_t gen, prime, pubkey2;
421 const char *print;
422
423 if (verbose == 0 || pubkey.data == NULL)
424 return TEST_IGNORE;
425
426 ADD_ALL_CIPHERS (session);
427 ADD_ALL_COMP (session);
428 ADD_ALL_CERTTYPES (session);
429 ADD_ALL_PROTOCOLS (session);
430 ADD_ALL_MACS (session);
431
432 ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
433 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
434
435 ret = do_handshake (session);
436
437 ret2 = gnutls_dh_get_group (session, &gen, &prime);
438 if (ret2 >= 0)
439 {
440 printf ("\n");
441
442 print = raw_to_string (gen.data, gen.size);
443 if (print)
444 printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
445
446 print = raw_to_string (prime.data, prime.size);
447 if (print)
448 printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
449
450 gnutls_dh_get_pubkey (session, &pubkey2);
451 print = raw_to_string (pubkey2.data, pubkey2.size);
452 if (print)
453 printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
454
455 if (pubkey2.data && pubkey2.size == pubkey.size &&
456 memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
457 {
458 printf (" (public key seems to be static among sessions)\n");
459 }
460 }
461 return ret;
462 }
463
464 test_code_t
465 test_ssl3 (gnutls_session_t session)
466 {
467 int ret;
468 ADD_ALL_CIPHERS (session);
469 ADD_ALL_COMP (session);
470 ADD_ALL_CERTTYPES (session);
471 ADD_PROTOCOL (session, GNUTLS_SSL3);
472 ADD_ALL_MACS (session);
473 ADD_ALL_KX (session);
474 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
475
476 ret = do_handshake (session);
477 if (ret == TEST_SUCCEED)
478 ssl3_ok = 1;
479
480 return ret;
481 }
482
483 static int alrm = 0;
484 void
485 got_alarm (int k)
486 {
487 alrm = 1;
488 }
489
490 test_code_t
491 test_bye (gnutls_session_t session)
492 {
493 int ret;
494 char data[20];
495 int old, secs = 6;
496
497 #ifndef _WIN32
498 signal (SIGALRM, got_alarm);
499 #endif
500
501 ADD_ALL_CIPHERS (session);
502 ADD_ALL_COMP (session);
503 ADD_ALL_CERTTYPES (session);
504 ADD_ALL_PROTOCOLS (session);
505 ADD_ALL_MACS (session);
506 ADD_ALL_KX (session);
507 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
508
509 ret = do_handshake (session);
510 if (ret == TEST_FAILED)
511 return ret;
512
513 ret = gnutls_bye (session, GNUTLS_SHUT_WR);
514 if (ret < 0)
515 return TEST_FAILED;
516
517 #ifndef _WIN32
518 old = siginterrupt (SIGALRM, 1);
519 alarm (secs);
520 #else
521 setsockopt (gnutls_transport_get_ptr (session), SOL_SOCKET, SO_RCVTIMEO,
522 (char *) &secs, sizeof (int));
523 #endif
524
525 do
526 {
527 ret = gnutls_record_recv (session, data, sizeof (data));
528 }
529 while (ret > 0);
530
531 #ifndef _WIN32
532 siginterrupt (SIGALRM, old);
533 #else
534 if (WSAGetLastError () == WSAETIMEDOUT ||
535 WSAGetLastError () == WSAECONNABORTED)
536 alrm = 1;
537 #endif
538 if (ret == 0)
539 return TEST_SUCCEED;
540
541 if (alrm == 0)
542 return TEST_UNSURE;
543
544 return TEST_FAILED;
545 }
546
547
548
549 test_code_t
550 test_aes (gnutls_session_t session)
551 {
552 int ret;
553 ADD_CIPHER (session, GNUTLS_CIPHER_AES_128_CBC);
554 ADD_ALL_COMP (session);
555 ADD_ALL_CERTTYPES (session);
556 ADD_ALL_PROTOCOLS (session);
557 ADD_ALL_MACS (session);
558 ADD_ALL_KX (session);
559 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
560
561 ret = do_handshake (session);
562 return ret;
563 }
564
565 #ifdef ENABLE_CAMELLIA
566 test_code_t
567 test_camellia (gnutls_session_t session)
568 {
569 int ret;
570 ADD_CIPHER (session, GNUTLS_CIPHER_CAMELLIA_128_CBC);
571 ADD_ALL_COMP (session);
572 ADD_ALL_CERTTYPES (session);
573 ADD_ALL_PROTOCOLS (session);
574 ADD_ALL_MACS (session);
575 ADD_ALL_KX (session);
576 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
577
578 ret = do_handshake (session);
579 return ret;
580 }
581 #endif
582
583 test_code_t
584 test_openpgp1 (gnutls_session_t session)
585 {
586 int ret;
587 ADD_ALL_CIPHERS (session);
588 ADD_ALL_COMP (session);
589 ADD_CERTTYPE (session, GNUTLS_CRT_OPENPGP);
590 ADD_ALL_PROTOCOLS (session);
591 ADD_ALL_MACS (session);
592 ADD_ALL_KX (session);
593 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
594
595 ret = do_handshake (session);
596 if (ret == TEST_FAILED)
597 return ret;
598
599 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_OPENPGP)
600 return TEST_SUCCEED;
601
602 return TEST_FAILED;
603 }
604
605 test_code_t
606 test_unknown_ciphersuites (gnutls_session_t session)
607 {
608 int ret;
609 #ifdef ENABLE_CAMELLIA
610 ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
611 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_ARCFOUR_128);
612 #else
613 ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
614 GNUTLS_CIPHER_ARCFOUR_128, 0);
615 #endif
616 ADD_ALL_COMP (session);
617 ADD_ALL_CERTTYPES (session);
618 ADD_ALL_PROTOCOLS (session);
619 ADD_ALL_MACS (session);
620 ADD_ALL_KX (session);
621 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
622
623 ret = do_handshake (session);
624 return ret;
625 }
626
627 test_code_t
628 test_md5 (gnutls_session_t session)
629 {
630 int ret;
631 ADD_ALL_CIPHERS (session);
632 ADD_ALL_COMP (session);
633 ADD_ALL_CERTTYPES (session);
634 ADD_ALL_PROTOCOLS (session);
635 ADD_MAC (session, GNUTLS_MAC_MD5);
636 ADD_ALL_KX (session);
637 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
638
639 ret = do_handshake (session);
640 return ret;
641 }
642
643 #ifdef HAVE_LIBZ
644 test_code_t
645 test_zlib (gnutls_session_t session)
646 {
647 int ret;
648 ADD_ALL_CIPHERS (session);
649 ADD_COMP (session, GNUTLS_COMP_ZLIB);
650 ADD_ALL_CERTTYPES (session);
651 ADD_ALL_PROTOCOLS (session);
652 ADD_ALL_MACS (session);
653 ADD_ALL_KX (session);
654 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
655
656 ret = do_handshake (session);
657 return ret;
658 }
659 #endif
660
661 test_code_t
662 test_lzo (gnutls_session_t session)
663 {
664 int ret;
665 gnutls_handshake_set_private_extensions (session, 1);
666
667 ADD_ALL_CIPHERS (session);
668 ADD_COMP (session, GNUTLS_COMP_LZO);
669 ADD_ALL_CERTTYPES (session);
670 ADD_ALL_PROTOCOLS (session);
671 ADD_ALL_MACS (session);
672 ADD_ALL_KX (session);
673 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
674
675 ret = do_handshake (session);
676
677 return ret;
678 }
679
680 test_code_t
681 test_sha (gnutls_session_t session)
682 {
683 int ret;
684 ADD_ALL_CIPHERS (session);
685 ADD_ALL_COMP (session);
686 ADD_ALL_CERTTYPES (session);
687 ADD_ALL_PROTOCOLS (session);
688 ADD_MAC (session, GNUTLS_MAC_SHA1);
689 ADD_ALL_KX (session);
690 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
691
692 ret = do_handshake (session);
693 return ret;
694 }
695
696 test_code_t
697 test_3des (gnutls_session_t session)
698 {
699 int ret;
700 ADD_CIPHER (session, GNUTLS_CIPHER_3DES_CBC);
701 ADD_ALL_COMP (session);
702 ADD_ALL_CERTTYPES (session);
703 ADD_ALL_PROTOCOLS (session);
704 ADD_ALL_MACS (session);
705 ADD_ALL_KX (session);
706 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
707
708 ret = do_handshake (session);
709 return ret;
710 }
711
712 test_code_t
713 test_arcfour (gnutls_session_t session)
714 {
715 int ret;
716 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_128);
717 ADD_ALL_COMP (session);
718 ADD_ALL_CERTTYPES (session);
719 ADD_ALL_PROTOCOLS (session);
720 ADD_ALL_MACS (session);
721 ADD_ALL_KX (session);
722 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
723
724 ret = do_handshake (session);
725 return ret;
726 }
727
728 test_code_t
729 test_arcfour_40 (gnutls_session_t session)
730 {
731 int ret;
732 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
733 ADD_ALL_COMP (session);
734 ADD_ALL_CERTTYPES (session);
735 ADD_ALL_PROTOCOLS (session);
736 ADD_ALL_MACS (session);
737 ADD_ALL_KX (session);
738 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
739
740 ret = do_handshake (session);
741 return ret;
742 }
743
744 test_code_t
745 test_tls1 (gnutls_session_t session)
746 {
747 int ret;
748 ADD_ALL_CIPHERS (session);
749 ADD_ALL_COMP (session);
750 ADD_ALL_CERTTYPES (session);
751 ADD_PROTOCOL (session, GNUTLS_TLS1);
752 ADD_ALL_MACS (session);
753 ADD_ALL_KX (session);
754 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
755
756 ret = do_handshake (session);
757 if (ret == TEST_SUCCEED)
758 tls1_ok = 1;
759
760 return ret;
761
762 }
763
764 test_code_t
765 test_tls1_1 (gnutls_session_t session)
766 {
767 int ret;
768 ADD_ALL_CIPHERS (session);
769 ADD_ALL_COMP (session);
770 ADD_ALL_CERTTYPES (session);
771 ADD_PROTOCOL (session, GNUTLS_TLS1_1);
772 ADD_ALL_MACS (session);
773 ADD_ALL_KX (session);
774 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
775
776 ret = do_handshake (session);
777 if (ret == TEST_SUCCEED)
778 tls1_1_ok = 1;
779
780 return ret;
781
782 }
783
784 test_code_t
785 test_tls1_1_fallback (gnutls_session_t session)
786 {
787 int ret;
788 if (tls1_1_ok)
789 return TEST_IGNORE;
790
791 ADD_ALL_CIPHERS (session);
792 ADD_ALL_COMP (session);
793 ADD_ALL_CERTTYPES (session);
794 ADD_PROTOCOL3 (session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3);
795 ADD_ALL_MACS (session);
796 ADD_ALL_KX (session);
797 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
798
799 ret = do_handshake (session);
800 if (ret != TEST_SUCCEED)
801 return TEST_FAILED;
802
803 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
804 return TEST_SUCCEED;
805 else if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
806 return TEST_UNSURE;
807
808 return TEST_FAILED;
809
810 }
811
812 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
813 * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
814 */
815 test_code_t
816 test_tls_disable (gnutls_session_t session)
817 {
818 int ret;
819 if (tls1_ok != 0)
820 return TEST_IGNORE;
821
822 ADD_ALL_CIPHERS (session);
823 ADD_ALL_COMP (session);
824 ADD_ALL_CERTTYPES (session);
825 ADD_ALL_PROTOCOLS (session);
826 ADD_ALL_MACS (session);
827 ADD_ALL_KX (session);
828 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
829
830 ret = do_handshake (session);
831 if (ret == TEST_FAILED)
832 {
833 /* disable TLS 1.0 */
834 if (ssl3_ok != 0)
835 {
836 protocol_priority[0] = GNUTLS_SSL3;
837 protocol_priority[1] = 0;
838 }
839 }
840 return ret;
841
842 }
843
844 test_code_t
845 test_rsa_pms (gnutls_session_t session)
846 {
847 int ret;
848
849 /* here we enable both SSL 3.0 and TLS 1.0
850 * and try to connect and use rsa authentication.
851 * If the server is old, buggy and only supports
852 * SSL 3.0 then the handshake will fail.
853 */
854 ADD_ALL_CIPHERS (session);
855 ADD_ALL_COMP (session);
856 ADD_ALL_CERTTYPES (session);
857 ADD_ALL_PROTOCOLS (session);
858 ADD_ALL_MACS (session);
859 ADD_KX (session, GNUTLS_KX_RSA);
860 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
861
862 ret = do_handshake (session);
863 if (ret == TEST_FAILED)
864 return TEST_FAILED;
865
866 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
867 return TEST_SUCCEED;
868 return TEST_UNSURE;
869 }
870
871 test_code_t
872 test_max_record_size (gnutls_session_t session)
873 {
874 int ret;
875 ADD_ALL_CIPHERS (session);
876 ADD_ALL_COMP (session);
877 ADD_ALL_CERTTYPES (session);
878 ADD_ALL_PROTOCOLS (session);
879 ADD_ALL_MACS (session);
880 ADD_ALL_KX (session);
881 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
882 gnutls_record_set_max_size (session, 512);
883
884 ret = do_handshake (session);
885 if (ret == TEST_FAILED)
886 return ret;
887
888 ret = gnutls_record_get_max_size (session);
889 if (ret == 512)
890 return TEST_SUCCEED;
891
892 return TEST_FAILED;
893 }
894
895 test_code_t
896 test_hello_extension (gnutls_session_t session)
897 {
898 int ret;
899 ADD_ALL_CIPHERS (session);
900 ADD_ALL_COMP (session);
901 ADD_ALL_CERTTYPES (session);
902 ADD_ALL_PROTOCOLS (session);
903 ADD_ALL_MACS (session);
904 ADD_ALL_KX (session);
905 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
906 gnutls_record_set_max_size (session, 512);
907
908 ret = do_handshake (session);
909 return ret;
910 }
911
912 void _gnutls_record_set_default_version (gnutls_session_t session,
913 unsigned char major,
914 unsigned char minor);
915
916 test_code_t
917 test_version_rollback (gnutls_session_t session)
918 {
919 int ret;
920 if (tls1_ok == 0)
921 return TEST_IGNORE;
922
923 /* here we enable both SSL 3.0 and TLS 1.0
924 * and we connect using a 3.1 client hello version,
925 * and a 3.0 record version. Some implementations
926 * are buggy (and vulnerable to man in the middle
927 * attacks which allow a version downgrade) and this
928 * connection will fail.
929 */
930 ADD_ALL_CIPHERS (session);
931 ADD_ALL_COMP (session);
932 ADD_ALL_CERTTYPES (session);
933 ADD_ALL_PROTOCOLS (session);
934 ADD_ALL_MACS (session);
935 ADD_ALL_KX (session);
936 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
937 _gnutls_record_set_default_version (session, 3, 0);
938
939 ret = do_handshake (session);
940 if (ret != TEST_SUCCEED)
941 return ret;
942
943 if (tls1_ok != 0 && gnutls_protocol_get_version (session) == GNUTLS_SSL3)
944 return TEST_FAILED;
945
946 return TEST_SUCCEED;
947 }
948
949 /* See if the server tolerates out of bounds
950 * record layer versions in the first client hello
951 * message.
952 */
953 test_code_t
954 test_version_oob (gnutls_session_t session)
955 {
956 int ret;
957 /* here we enable both SSL 3.0 and TLS 1.0
958 * and we connect using a 5.5 record version.
959 */
960 ADD_ALL_CIPHERS (session);
961 ADD_ALL_COMP (session);
962 ADD_ALL_CERTTYPES (session);
963 ADD_ALL_PROTOCOLS (session);
964 ADD_ALL_MACS (session);
965 ADD_ALL_KX (session);
966 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
967 _gnutls_record_set_default_version (session, 5, 5);
968
969 ret = do_handshake (session);
970 return ret;
971 }
972
973 void _gnutls_rsa_pms_set_version (gnutls_session_t session,
974 unsigned char major, unsigned char minor);
975
976 test_code_t
977 test_rsa_pms_version_check (gnutls_session_t session)
978 {
979 int ret;
980 /* here we use an arbitary version in the RSA PMS
981 * to see whether to server will check this version.
982 *
983 * A normal server would abort this handshake.
984 */
985 ADD_ALL_CIPHERS (session);
986 ADD_ALL_COMP (session);
987 ADD_ALL_CERTTYPES (session);
988 ADD_ALL_PROTOCOLS (session);
989 ADD_ALL_MACS (session);
990 ADD_ALL_KX (session);
991 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
992 _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
993
994 ret = do_handshake (session);
995 return ret;
996
997 }
998
999 #ifdef ENABLE_ANON
1000 test_code_t
1001 test_anonymous (gnutls_session_t session)
1002 {
1003 int ret;
1004
1005 ADD_ALL_CIPHERS (session);
1006 ADD_ALL_COMP (session);
1007 ADD_ALL_CERTTYPES (session);
1008 ADD_ALL_PROTOCOLS (session);
1009 ADD_ALL_MACS (session);
1010 ADD_KX (session, GNUTLS_KX_ANON_DH);
1011 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1012
1013 ret = do_handshake (session);
1014
1015 if (ret == TEST_SUCCEED)
1016 gnutls_dh_get_pubkey (session, &pubkey);
1017
1018 return ret;
1019 }
1020 #endif
1021
1022 test_code_t
1023 test_session_resume2 (gnutls_session_t session)
1024 {
1025 int ret;
1026 char tmp_session_id[32];
1027 int tmp_session_id_size;
1028
1029 if (session == NULL)
1030 return TEST_IGNORE;
1031
1032 ADD_ALL_CIPHERS (session);
1033 ADD_ALL_COMP (session);
1034 ADD_ALL_CERTTYPES (session);
1035 ADD_ALL_PROTOCOLS (session);
1036 ADD_ALL_MACS (session);
1037 ADD_ALL_KX (session);
1038
1039 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1040 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1041
1042 gnutls_session_set_data (session, session_data, session_data_size);
1043
1044 memcpy (tmp_session_id, session_id, session_id_size);
1045 tmp_session_id_size = session_id_size;
1046
1047 ret = do_handshake (session);
1048 if (ret == TEST_FAILED)
1049 return ret;
1050
1051 /* check if we actually resumed the previous session */
1052
1053 session_id_size = sizeof (session_id);
1054 gnutls_session_get_id (session, session_id, &session_id_size);
1055
1056 if (session_id_size == 0)
1057 return TEST_FAILED;
1058
1059 if (gnutls_session_is_resumed (session))
1060 return TEST_SUCCEED;
1061
1062 if (tmp_session_id_size == session_id_size &&
1063 memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0)
1064 return TEST_SUCCEED;
1065 else
1066 return TEST_FAILED;
1067 }
1068
1069 extern char *hostname;
1070
1071 test_code_t
1072 test_certificate (gnutls_session_t session)
1073 {
1074 int ret;
1075
1076 if (verbose == 0)
1077 return TEST_IGNORE;
1078
1079 ADD_ALL_CIPHERS (session);
1080 ADD_ALL_COMP (session);
1081 ADD_ALL_CERTTYPES (session);
1082 ADD_ALL_PROTOCOLS (session);
1083 ADD_ALL_MACS (session);
1084 ADD_ALL_KX (session);
1085
1086 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1087
1088 ret = do_handshake (session);
1089 if (ret == TEST_FAILED)
1090 return ret;
1091
1092 printf ("\n");
1093 print_cert_info (session, hostname);
1094
1095 return TEST_SUCCEED;
1096 }
1097
1098 /* A callback function to be used at the certificate selection time.
1099 */
1100 static int
1101 cert_callback (gnutls_session_t session,
1102 const gnutls_datum_t * req_ca_rdn, int nreqs,
1103 const gnutls_pk_algorithm_t * sign_algos,
1104 int sign_algos_length, gnutls_retr_st * st)
1105 {
1106 char issuer_dn[256];
1107 int i, ret;
1108 size_t len;
1109
1110 if (verbose == 0)
1111 return -1;
1112
1113 /* Print the server's trusted CAs
1114 */
1115 printf ("\n");
1116 if (nreqs > 0)
1117 printf ("- Server's trusted authorities:\n");
1118 else
1119 printf ("- Server did not send us any trusted authorities names.\n");
1120
1121 /* print the names (if any) */
1122 for (i = 0; i < nreqs; i++)
1123 {
1124 len = sizeof (issuer_dn);
1125 ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
1126 if (ret >= 0)
1127 {
1128 printf (" [%d]: ", i);
1129 printf ("%s\n", issuer_dn);
1130 }
1131 }
1132
1133 return -1;
1134
1135 }
1136
1137 /* Prints the trusted server's CAs. This is only
1138 * if the server sends a certificate request packet.
1139 */
1140 test_code_t
1141 test_server_cas (gnutls_session_t session)
1142 {
1143 int ret;
1144
1145 if (verbose == 0)
1146 return TEST_IGNORE;
1147
1148 ADD_ALL_CIPHERS (session);
1149 ADD_ALL_COMP (session);
1150 ADD_ALL_CERTTYPES (session);
1151 ADD_ALL_PROTOCOLS (session);
1152 ADD_ALL_MACS (session);
1153 ADD_ALL_KX (session);
1154
1155 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1156 gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
1157
1158 ret = do_handshake (session);
1159 gnutls_certificate_client_set_retrieve_function (xcred, NULL);
1160
1161 if (ret == TEST_FAILED)
1162 return ret;
1163 return TEST_SUCCEED;
1164 }
Implementation of the SSL/TLS protocol