search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add `gnutls/dtls.h' to the distribution.
[gnutls.git] / tests / resume.c
blobf016c9a50c6325b3f54a2bbcfe79dd03e9fb476d
1 /*
2 * Copyright (C) 2004, 2005, 2007, 2008, 2009, 2010 Free Software
3 * Foundation, Inc.
4 *
5 * Author: Simon Josefsson
6 *
7 * This file is part of GnuTLS.
8 *
9 * GnuTLS is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * GnuTLS is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with GnuTLS; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
22 */
23
24 /* Parts copied from GnuTLS example programs. */
25
26 #ifdef HAVE_CONFIG_H
27 #include <config.h>
28 #endif
29
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <sys/wait.h>
36 #include <netinet/in.h>
37 #include <arpa/inet.h>
38 #include <unistd.h>
39 #include <gnutls/gnutls.h>
40
41 #include "tcp.c"
42
43 #include "utils.h"
44
45 static void wrap_db_init (void);
46 static void wrap_db_deinit (void);
47 static int wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data);
48 static gnutls_datum_t wrap_db_fetch (void *dbf, gnutls_datum_t key);
49 static int wrap_db_delete (void *dbf, gnutls_datum_t key);
50
51 #define TLS_SESSION_CACHE 50
52
53 struct params_res
54 {
55 const char *desc;
56 int enable_db;
57 int enable_session_ticket_server;
58 int enable_session_ticket_client;
59 int expect_resume;
60 };
61
62 pid_t child;
63
64 struct params_res resume_tests[] = {
65 {"try to resume from db", 50, 0, 0, 1},
66 #ifdef ENABLE_SESSION_TICKET
67 {"try to resume from session ticket", 0, 1, 1, 1},
68 {"try to resume from session ticket (server only)", 0, 1, 0, 0},
69 {"try to resume from session ticket (client only)", 0, 0, 1, 0},
70 #endif
71 {NULL, -1}
72 };
73
74 /* A very basic TLS client, with anonymous authentication.
75 */
76
77 #define MAX_BUF 1024
78 #define MSG "Hello TLS"
79
80 static void
81 tls_log_func (int level, const char *str)
82 {
83 fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
84 }
85
86 static void
87 client (struct params_res *params)
88 {
89 int ret, sd, ii;
90 gnutls_session_t session;
91 char buffer[MAX_BUF + 1];
92 gnutls_anon_client_credentials_t anoncred;
93 /* Need to enable anonymous KX specifically. */
94
95 /* variables used in session resuming
96 */
97 int t;
98 gnutls_datum_t session_data;
99
100 if (debug)
101 {
102 gnutls_global_set_log_function (tls_log_func);
103 gnutls_global_set_log_level (2);
104 }
105 gnutls_global_init ();
106
107 gnutls_anon_allocate_client_credentials (&anoncred);
108
109 for (t = 0; t < 2; t++)
110 { /* connect 2 times to the server */
111 /* connect to the peer
112 */
113 sd = tcp_connect ();
114
115 /* Initialize TLS session
116 */
117 gnutls_init (&session, GNUTLS_CLIENT);
118
119 /* Use default priorities */
120 gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
121
122 /* put the anonymous credentials to the current session
123 */
124 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
125
126 #ifdef ENABLE_SESSION_TICKET
127 if (params->enable_session_ticket_client)
128 gnutls_session_ticket_enable_client (session);
129 #endif
130
131 if (t > 0)
132 {
133 /* if this is not the first time we connect */
134 gnutls_session_set_data (session, session_data.data,
135 session_data.size);
136 gnutls_free (session_data.data);
137 }
138
139 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
140
141 /* Perform the TLS handshake
142 */
143 ret = gnutls_handshake (session);
144
145 if (ret < 0)
146 {
147 fail ("client: Handshake failed\n");
148 gnutls_perror (ret);
149 goto end;
150 }
151 else
152 {
153 if (debug)
154 success ("client: Handshake was completed\n");
155 }
156
157 if (t == 0)
158 { /* the first time we connect */
159 /* get the session data size */
160 ret = gnutls_session_get_data2 (session, &session_data);
161 if (ret < 0)
162 fail ("Getting resume data failed\n");
163 }
164 else
165 { /* the second time we connect */
166
167 /* check if we actually resumed the previous session */
168 if (gnutls_session_is_resumed (session) != 0)
169 {
170 if (params->expect_resume)
171 {
172 if (debug)
173 success ("- Previous session was resumed\n");
174 }
175 else
176 fail ("- Previous session was resumed\n");
177 }
178 else
179 {
180 if (params->expect_resume)
181 fail ("*** Previous session was NOT resumed\n");
182 else
183 {
184 if (debug)
185 success
186 ("*** Previous session was NOT resumed (expected)\n");
187 }
188 }
189 }
190
191 gnutls_record_send (session, MSG, strlen (MSG));
192
193 ret = gnutls_record_recv (session, buffer, MAX_BUF);
194 if (ret == 0)
195 {
196 if (debug)
197 success ("client: Peer has closed the TLS connection\n");
198 goto end;
199 }
200 else if (ret < 0)
201 {
202 fail ("client: Error: %s\n", gnutls_strerror (ret));
203 goto end;
204 }
205
206 if (debug)
207 {
208 printf ("- Received %d bytes: ", ret);
209 for (ii = 0; ii < ret; ii++)
210 {
211 fputc (buffer[ii], stdout);
212 }
213 fputs ("\n", stdout);
214 }
215
216 gnutls_bye (session, GNUTLS_SHUT_RDWR);
217
218
219 tcp_close (sd);
220
221 gnutls_deinit (session);
222 }
223
224 end:
225 gnutls_anon_free_client_credentials (anoncred);
226 }
227
228 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
229 */
230
231 #define SA struct sockaddr
232 #define MAX_BUF 1024
233 #define PORT 5556 /* listen to 5556 port */
234 #define DH_BITS 1024
235
236 /* These are global */
237 gnutls_anon_server_credentials_t anoncred;
238 gnutls_datum_t session_ticket_key = { NULL, 0 };
239
240 static gnutls_session_t
241 initialize_tls_session (struct params_res *params)
242 {
243 gnutls_session_t session;
244
245 gnutls_init (&session, GNUTLS_SERVER);
246
247 /* avoid calling all the priority functions, since the defaults
248 * are adequate.
249 */
250 gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
251
252 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
253
254 gnutls_dh_set_prime_bits (session, DH_BITS);
255
256 if (params->enable_db)
257 {
258 gnutls_db_set_retrieve_function (session, wrap_db_fetch);
259 gnutls_db_set_remove_function (session, wrap_db_delete);
260 gnutls_db_set_store_function (session, wrap_db_store);
261 gnutls_db_set_ptr (session, NULL);
262 }
263 #ifdef ENABLE_SESSION_TICKET
264 if (params->enable_session_ticket_server)
265 gnutls_session_ticket_enable_server (session, &session_ticket_key);
266 #endif
267
268 return session;
269 }
270
271 static gnutls_dh_params_t dh_params;
272
273 static int
274 generate_dh_params (void)
275 {
276 const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
277 /* Generate Diffie-Hellman parameters - for use with DHE
278 * kx algorithms. These should be discarded and regenerated
279 * once a day, once a week or once a month. Depending on the
280 * security requirements.
281 */
282 gnutls_dh_params_init (&dh_params);
283 return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
284 }
285
286 int err, listen_sd, i;
287 int sd, ret;
288 struct sockaddr_in sa_serv;
289 struct sockaddr_in sa_cli;
290 int client_len;
291 char topbuf[512];
292 gnutls_session_t session;
293 char buffer[MAX_BUF + 1];
294 int optval = 1;
295
296 static void
297 global_start (void)
298 {
299 /* Socket operations
300 */
301 listen_sd = socket (AF_INET, SOCK_STREAM, 0);
302 if (err == -1)
303 {
304 perror ("socket");
305 fail ("server: socket failed\n");
306 return;
307 }
308
309 memset (&sa_serv, '\0', sizeof (sa_serv));
310 sa_serv.sin_family = AF_INET;
311 sa_serv.sin_addr.s_addr = INADDR_ANY;
312 sa_serv.sin_port = htons (PORT); /* Server Port number */
313
314 setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
315 sizeof (int));
316
317 err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
318 if (err == -1)
319 {
320 perror ("bind");
321 fail ("server: bind failed\n");
322 return;
323 }
324
325 err = listen (listen_sd, 1024);
326 if (err == -1)
327 {
328 perror ("listen");
329 fail ("server: listen failed\n");
330 return;
331 }
332
333 if (debug)
334 success ("server: ready. Listening to port '%d'.\n", PORT);
335 }
336
337 static void
338 global_stop (void)
339 {
340 if (debug)
341 success ("global stop\n");
342
343 gnutls_anon_free_server_credentials (anoncred);
344
345 gnutls_dh_params_deinit (dh_params);
346
347 gnutls_global_deinit ();
348
349 shutdown (listen_sd, SHUT_RDWR);
350 }
351
352 static void
353 server (struct params_res *params)
354 {
355 size_t t;
356
357 /* this must be called once in the program, it is mostly for the server.
358 */
359 if (debug)
360 {
361 gnutls_global_set_log_function (tls_log_func);
362 gnutls_global_set_log_level (2);
363 }
364
365 gnutls_global_init ();
366 gnutls_anon_allocate_server_credentials (&anoncred);
367
368 if (debug)
369 success ("Launched, generating DH parameters...\n");
370
371 generate_dh_params ();
372
373 gnutls_anon_set_server_dh_params (anoncred, dh_params);
374
375 if (params->enable_db)
376 {
377 wrap_db_init ();
378 }
379 #ifdef ENABLE_SESSION_TICKET
380 if (params->enable_session_ticket_server)
381 gnutls_session_ticket_key_generate (&session_ticket_key);
382 #endif
383
384 for (t = 0; t < 2; t++)
385 {
386 client_len = sizeof (sa_cli);
387
388 session = initialize_tls_session (params);
389
390 sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
391
392 if (debug)
393 success ("server: connection from %s, port %d\n",
394 inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
395 sizeof (topbuf)), ntohs (sa_cli.sin_port));
396
397 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
398 ret = gnutls_handshake (session);
399 if (ret < 0)
400 {
401 close (sd);
402 gnutls_deinit (session);
403 fail ("server: Handshake has failed (%s)\n\n",
404 gnutls_strerror (ret));
405 return;
406 }
407 if (debug)
408 success ("server: Handshake was completed\n");
409
410 /* see the Getting peer's information example */
411 /* print_info(session); */
412
413 i = 0;
414 for (;;)
415 {
416 memset (buffer, 0, MAX_BUF + 1);
417 ret = gnutls_record_recv (session, buffer, MAX_BUF);
418
419 if (ret == 0)
420 {
421 if (debug)
422 success ("server: Peer has closed the GnuTLS connection\n");
423 break;
424 }
425 else if (ret < 0)
426 {
427 fail ("server: Received corrupted data(%d). Closing...\n", ret);
428 break;
429 }
430 else if (ret > 0)
431 {
432 /* echo data back to the client
433 */
434 gnutls_record_send (session, buffer, strlen (buffer));
435 }
436 }
437 /* do not wait for the peer to close the connection.
438 */
439 gnutls_bye (session, GNUTLS_SHUT_WR);
440
441 close (sd);
442
443 gnutls_deinit (session);
444 }
445
446 close (listen_sd);
447
448 if (params->enable_db)
449 {
450 wrap_db_deinit ();
451 }
452
453 gnutls_free (session_ticket_key.data);
454 session_ticket_key.data = NULL;
455
456 if (debug)
457 success ("server: finished\n");
458 }
459
460 void
461 doit (void)
462 {
463 int i;
464
465 for (i = 0; resume_tests[i].desc; i++)
466 {
467 if (debug)
468 printf ("%s\n", resume_tests[i].desc);
469
470 global_start ();
471 if (error_count)
472 return;
473
474 child = fork ();
475 if (child < 0)
476 {
477 perror ("fork");
478 fail ("fork");
479 return;
480 }
481
482 if (child)
483 {
484 int status;
485 /* parent */
486 server (&resume_tests[i]);
487 wait (&status);
488 global_stop ();
489 }
490 else
491 {
492 client (&resume_tests[i]);
493 gnutls_global_deinit ();
494 exit (0);
495 }
496 }
497 }
498
499 /* Functions and other stuff needed for session resuming.
500 * This is done using a very simple list which holds session ids
501 * and session data.
502 */
503
504 #define MAX_SESSION_ID_SIZE 32
505 #define MAX_SESSION_DATA_SIZE 512
506
507 typedef struct
508 {
509 unsigned char session_id[MAX_SESSION_ID_SIZE];
510 unsigned int session_id_size;
511
512 char session_data[MAX_SESSION_DATA_SIZE];
513 int session_data_size;
514 } CACHE;
515
516 static CACHE *cache_db;
517 static int cache_db_ptr = 0;
518
519 static void
520 wrap_db_init (void)
521 {
522
523 /* allocate cache_db */
524 cache_db = calloc (1, TLS_SESSION_CACHE * sizeof (CACHE));
525 }
526
527 static void
528 wrap_db_deinit (void)
529 {
530 free (cache_db);
531 cache_db = NULL;
532 return;
533 }
534
535 static int
536 wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data)
537 {
538 if (debug)
539 success ("resume db storing... (%d-%d)\n", key.size, data.size);
540
541 if (debug)
542 {
543 unsigned int i;
544 printf ("key:\n");
545 for (i = 0; i < key.size; i++)
546 {
547 printf ("%02x ", key.data[i] & 0xFF);
548 if ((i + 1) % 16 == 0)
549 printf ("\n");
550 }
551 printf ("\n");
552 printf ("data:\n");
553 for (i = 0; i < data.size; i++)
554 {
555 printf ("%02x ", data.data[i] & 0xFF);
556 if ((i + 1) % 16 == 0)
557 printf ("\n");
558 }
559 printf ("\n");
560 }
561
562 if (cache_db == NULL)
563 return -1;
564
565 if (key.size > MAX_SESSION_ID_SIZE)
566 return -1;
567 if (data.size > MAX_SESSION_DATA_SIZE)
568 return -1;
569
570 memcpy (cache_db[cache_db_ptr].session_id, key.data, key.size);
571 cache_db[cache_db_ptr].session_id_size = key.size;
572
573 memcpy (cache_db[cache_db_ptr].session_data, data.data, data.size);
574 cache_db[cache_db_ptr].session_data_size = data.size;
575
576 cache_db_ptr++;
577 cache_db_ptr %= TLS_SESSION_CACHE;
578
579 return 0;
580 }
581
582 static gnutls_datum_t
583 wrap_db_fetch (void *dbf, gnutls_datum_t key)
584 {
585 gnutls_datum_t res = { NULL, 0 };
586 int i;
587
588 if (debug)
589 success ("resume db fetch... (%d)\n", key.size);
590 if (debug)
591 {
592 unsigned int i;
593 printf ("key:\n");
594 for (i = 0; i < key.size; i++)
595 {
596 printf ("%02x ", key.data[i] & 0xFF);
597 if ((i + 1) % 16 == 0)
598 printf ("\n");
599 }
600 printf ("\n");
601 }
602
603 if (cache_db == NULL)
604 return res;
605
606 for (i = 0; i < TLS_SESSION_CACHE; i++)
607 {
608 if (key.size == cache_db[i].session_id_size &&
609 memcmp (key.data, cache_db[i].session_id, key.size) == 0)
610 {
611 if (debug)
612 success ("resume db fetch... return info\n");
613
614 res.size = cache_db[i].session_data_size;
615
616 res.data = gnutls_malloc (res.size);
617 if (res.data == NULL)
618 return res;
619
620 memcpy (res.data, cache_db[i].session_data, res.size);
621
622 if (debug)
623 {
624 unsigned int i;
625 printf ("data:\n");
626 for (i = 0; i < res.size; i++)
627 {
628 printf ("%02x ", res.data[i] & 0xFF);
629 if ((i + 1) % 16 == 0)
630 printf ("\n");
631 }
632 printf ("\n");
633 }
634
635 return res;
636 }
637 }
638 return res;
639 }
640
641 static int
642 wrap_db_delete (void *dbf, gnutls_datum_t key)
643 {
644 int i;
645
646 if (cache_db == NULL)
647 return -1;
648
649 for (i = 0; i < TLS_SESSION_CACHE; i++)
650 {
651 if (key.size == cache_db[i].session_id_size &&
652 memcmp (key.data, cache_db[i].session_id, key.size) == 0)
653 {
654
655 cache_db[i].session_id_size = 0;
656 cache_db[i].session_data_size = 0;
657
658 return 0;
659 }
660 }
661
662 return -1;
663
664 }
Implementation of the SSL/TLS protocol