search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix for GTK-DOC parse breakage.
[gnutls.git] / src / tests.c
blob915dce2a1b566545563622d24d34d81a7a2fb2a3
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2006, 2007, 2008, 2009,
3 * 2010 Free Software Foundation, Inc.
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see
19 * <http://www.gnu.org/licenses/>.
20 */
21
22 #include <config.h>
23 #include <gnutls/gnutls.h>
24 #include <gnutls/extra.h>
25 #include <gnutls/x509.h>
26
27 #ifndef _WIN32
28 # include <unistd.h>
29 # include <signal.h>
30 #else
31 # include <errno.h>
32 #endif
33
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <common.h>
38 #include <tests.h>
39
40 extern gnutls_srp_client_credentials_t srp_cred;
41 extern gnutls_anon_client_credentials_t anon_cred;
42 extern gnutls_certificate_credentials_t xcred;
43
44 extern int verbose;
45
46 int tls1_ok = 0;
47 int ssl3_ok = 0;
48 int tls1_1_ok = 0;
49
50 /* keep session info */
51 static char *session_data = NULL;
52 static char session_id[32];
53 static size_t session_data_size = 0, session_id_size = 0;
54 static int sfree = 0;
55 static int handshake_output = 0;
56
57 static int
58 do_handshake (gnutls_session_t session)
59 {
60 int ret, alert;
61
62 do
63 {
64 ret = gnutls_handshake (session);
65 }
66 while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
67
68 handshake_output = ret;
69
70 if (ret < 0 && verbose > 1)
71 {
72 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
73 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
74 {
75 alert = gnutls_alert_get (session);
76 printf ("\n");
77 printf ("*** Received alert [%d]: %s\n",
78 alert, gnutls_alert_get_name (alert));
79 }
80 }
81
82 if (ret < 0)
83 return TEST_FAILED;
84
85 gnutls_session_get_data (session, NULL, &session_data_size);
86
87 if (sfree != 0)
88 {
89 free (session_data);
90 sfree = 0;
91 }
92 session_data = malloc (session_data_size);
93 sfree = 1;
94 if (session_data == NULL)
95 {
96 fprintf (stderr, "Memory error\n");
97 exit (1);
98 }
99 gnutls_session_get_data (session, session_data, &session_data_size);
100
101 session_id_size = sizeof (session_id);
102 gnutls_session_get_id (session, session_id, &session_id_size);
103
104 return TEST_SUCCEED;
105 }
106
107 static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
108
109 static const int kx_priority[16] =
110 { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
111 GNUTLS_KX_ANON_DH,
112 GNUTLS_KX_RSA_EXPORT, 0
113 };
114
115 static const int cipher_priority[16] =
116 { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
117 GNUTLS_CIPHER_ARCFOUR_40, 0
118 };
119 static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
120 static const int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
121 static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 };
122
123 #define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority)
124 #define ADD_ALL_COMP(session) gnutls_compression_set_priority(session, comp_priority)
125 #define ADD_ALL_MACS(session) gnutls_mac_set_priority(session, mac_priority)
126 #define ADD_ALL_KX(session) gnutls_kx_set_priority(session, kx_priority)
127 #define ADD_ALL_PROTOCOLS(session) gnutls_protocol_set_priority(session, protocol_priority)
128 #define ADD_ALL_CERTTYPES(session) gnutls_certificate_type_set_priority(session, cert_type_priority)
129
130 static void
131 ADD_KX (gnutls_session_t session, int kx)
132 {
133 static int _kx_priority[] = { 0, 0 };
134 _kx_priority[0] = kx;
135
136 gnutls_kx_set_priority (session, _kx_priority);
137 }
138
139 static void
140 ADD_KX2 (gnutls_session_t session, int kx1, int kx2)
141 {
142 static int _kx_priority[] = { 0, 0, 0 };
143 _kx_priority[0] = kx1;
144 _kx_priority[1] = kx2;
145
146 gnutls_kx_set_priority (session, _kx_priority);
147 }
148
149 static void
150 ADD_CIPHER (gnutls_session_t session, int cipher)
151 {
152 static int _cipher_priority[] = { 0, 0 };
153 _cipher_priority[0] = cipher;
154
155 gnutls_cipher_set_priority (session, _cipher_priority);
156 }
157
158 static void
159 ADD_CIPHER4 (gnutls_session_t session, int cipher1, int cipher2, int cipher3,
160 int cipher4)
161 {
162 static int _cipher_priority[] = { 0, 0, 0, 0, 0 };
163 _cipher_priority[0] = cipher1;
164 _cipher_priority[1] = cipher2;
165 _cipher_priority[2] = cipher3;
166 _cipher_priority[3] = cipher4;
167
168 gnutls_cipher_set_priority (session, _cipher_priority);
169 }
170
171 static void
172 ADD_MAC (gnutls_session_t session, int mac)
173 {
174 static int _mac_priority[] = { 0, 0 };
175 _mac_priority[0] = mac;
176
177 gnutls_mac_set_priority (session, _mac_priority);
178 }
179
180 static void
181 ADD_COMP (gnutls_session_t session, int c)
182 {
183 static int _comp_priority[] = { 0, 0 };
184 _comp_priority[0] = c;
185
186 gnutls_compression_set_priority (session, _comp_priority);
187 }
188
189 static void
190 ADD_CERTTYPE (gnutls_session_t session, int ctype)
191 {
192 static int _ct_priority[] = { 0, 0 };
193 _ct_priority[0] = ctype;
194
195 gnutls_certificate_type_set_priority (session, _ct_priority);
196 }
197
198 static void
199 ADD_PROTOCOL (gnutls_session_t session, int protocol)
200 {
201 static int _proto_priority[] = { 0, 0 };
202 _proto_priority[0] = protocol;
203
204 gnutls_protocol_set_priority (session, _proto_priority);
205 }
206
207 static void
208 ADD_PROTOCOL3 (gnutls_session_t session, int p1, int p2, int p3)
209 {
210 static int _proto_priority[] = { 0, 0, 0, 0 };
211 _proto_priority[0] = p1;
212 _proto_priority[1] = p2;
213 _proto_priority[2] = p3;
214
215 gnutls_protocol_set_priority (session, _proto_priority);
216 }
217
218 #ifdef ENABLE_SRP
219 static int srp_detected;
220
221 int
222 _test_srp_username_callback (gnutls_session_t session,
223 char **username, char **password)
224 {
225 srp_detected = 1;
226
227 return -1;
228 }
229
230 test_code_t
231 test_srp (gnutls_session_t session)
232 {
233 int ret;
234
235 ADD_ALL_CIPHERS (session);
236 ADD_ALL_COMP (session);
237 ADD_ALL_CERTTYPES (session);
238 ADD_ALL_PROTOCOLS (session);
239 ADD_ALL_MACS (session);
240
241 ADD_KX (session, GNUTLS_KX_SRP);
242 srp_detected = 0;
243
244 gnutls_srp_set_client_credentials_function (srp_cred,
245 _test_srp_username_callback);
246
247 gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
248
249 ret = do_handshake (session);
250
251 gnutls_srp_set_client_credentials_function (srp_cred, NULL);
252
253 if (srp_detected != 0)
254 return TEST_SUCCEED;
255 else
256 return TEST_FAILED;
257 }
258 #endif
259
260 test_code_t
261 test_server (gnutls_session_t session)
262 {
263 int ret, i = 0;
264 char buf[5 * 1024];
265 char *p;
266 const char snd_buf[] = "GET / HTTP/1.0\n\n";
267
268 if (verbose == 0)
269 return TEST_UNSURE;
270
271 buf[sizeof (buf) - 1] = 0;
272
273 ADD_ALL_CIPHERS (session);
274 ADD_ALL_COMP (session);
275 ADD_ALL_CERTTYPES (session);
276 ADD_ALL_PROTOCOLS (session);
277 ADD_ALL_MACS (session);
278 ADD_ALL_KX (session);
279
280 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
281
282 ret = do_handshake (session);
283 if (ret != TEST_SUCCEED)
284 return TEST_FAILED;
285
286 gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1);
287 ret = gnutls_record_recv (session, buf, sizeof (buf) - 1);
288 if (ret < 0)
289 return TEST_FAILED;
290
291 p = strstr (buf, "Server:");
292 if (p != NULL)
293 p = strchr (p, ':');
294 if (p != NULL)
295 {
296 p++;
297 while (*p != 0 && *p != '\r' && *p != '\n')
298 {
299 putc (*p, stdout);
300 p++;
301 i++;
302 if (i > 128)
303 break;
304 }
305 }
306
307 return TEST_SUCCEED;
308 }
309
310
311 static int export_true = 0;
312 static gnutls_datum_t exp = { NULL, 0 }, mod =
313
314 {
315 NULL, 0};
316
317 test_code_t
318 test_export (gnutls_session_t session)
319 {
320 int ret;
321
322 ADD_ALL_COMP (session);
323 ADD_ALL_CERTTYPES (session);
324 ADD_ALL_PROTOCOLS (session);
325 ADD_ALL_MACS (session);
326
327 ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
328 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
329 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
330
331 ret = do_handshake (session);
332
333 if (ret == TEST_SUCCEED)
334 {
335 export_true = 1;
336 gnutls_rsa_export_get_pubkey (session, &exp, &mod);
337 }
338
339 return ret;
340 }
341
342 test_code_t
343 test_export_info (gnutls_session_t session)
344 {
345 int ret2, ret;
346 gnutls_datum_t exp2, mod2;
347 const char *print;
348
349 if (verbose == 0 || export_true == 0)
350 return TEST_IGNORE;
351
352 ADD_ALL_COMP (session);
353 ADD_ALL_CERTTYPES (session);
354 ADD_ALL_PROTOCOLS (session);
355 ADD_ALL_MACS (session);
356
357 ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
358 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
359 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
360
361 ret = do_handshake (session);
362
363 if (ret == TEST_SUCCEED)
364 {
365 ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2);
366 if (ret2 >= 0)
367 {
368 printf ("\n");
369
370 print = raw_to_string (exp2.data, exp2.size);
371 if (print)
372 printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
373
374 print = raw_to_string (mod2.data, mod2.size);
375 if (print)
376 printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
377
378 if (mod2.size != mod.size || exp2.size != exp.size ||
379 memcmp (mod2.data, mod.data, mod.size) != 0 ||
380 memcmp (exp2.data, exp.data, exp.size) != 0)
381 {
382 printf
383 (" (server uses different public keys per connection)\n");
384 }
385 }
386 }
387
388 return ret;
389
390 }
391
392 static gnutls_datum_t pubkey = { NULL, 0 };
393
394 test_code_t
395 test_dhe (gnutls_session_t session)
396 {
397 int ret;
398
399 ADD_ALL_CIPHERS (session);
400 ADD_ALL_COMP (session);
401 ADD_ALL_CERTTYPES (session);
402 ADD_ALL_PROTOCOLS (session);
403 ADD_ALL_MACS (session);
404
405 ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
406 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
407
408 ret = do_handshake (session);
409
410 gnutls_dh_get_pubkey (session, &pubkey);
411
412 return ret;
413 }
414
415 test_code_t
416 test_dhe_group (gnutls_session_t session)
417 {
418 int ret, ret2;
419 gnutls_datum_t gen, prime, pubkey2;
420 const char *print;
421
422 if (verbose == 0 || pubkey.data == NULL)
423 return TEST_IGNORE;
424
425 ADD_ALL_CIPHERS (session);
426 ADD_ALL_COMP (session);
427 ADD_ALL_CERTTYPES (session);
428 ADD_ALL_PROTOCOLS (session);
429 ADD_ALL_MACS (session);
430
431 ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
432 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
433
434 ret = do_handshake (session);
435
436 ret2 = gnutls_dh_get_group (session, &gen, &prime);
437 if (ret2 >= 0)
438 {
439 printf ("\n");
440
441 print = raw_to_string (gen.data, gen.size);
442 if (print)
443 printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
444
445 print = raw_to_string (prime.data, prime.size);
446 if (print)
447 printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
448
449 gnutls_dh_get_pubkey (session, &pubkey2);
450 print = raw_to_string (pubkey2.data, pubkey2.size);
451 if (print)
452 printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
453
454 if (pubkey2.data && pubkey2.size == pubkey.size &&
455 memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
456 {
457 printf (" (public key seems to be static among sessions)\n");
458 }
459 }
460 return ret;
461 }
462
463 test_code_t
464 test_ssl3 (gnutls_session_t session)
465 {
466 int ret;
467 ADD_ALL_CIPHERS (session);
468 ADD_ALL_COMP (session);
469 ADD_ALL_CERTTYPES (session);
470 ADD_PROTOCOL (session, GNUTLS_SSL3);
471 ADD_ALL_MACS (session);
472 ADD_ALL_KX (session);
473 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
474
475 ret = do_handshake (session);
476 if (ret == TEST_SUCCEED)
477 ssl3_ok = 1;
478
479 return ret;
480 }
481
482 static int alrm = 0;
483 static void
484 got_alarm (int k)
485 {
486 alrm = 1;
487 }
488
489 test_code_t
490 test_bye (gnutls_session_t session)
491 {
492 int ret;
493 char data[20];
494 int old, secs = 6;
495
496 #ifndef _WIN32
497 signal (SIGALRM, got_alarm);
498 #endif
499
500 ADD_ALL_CIPHERS (session);
501 ADD_ALL_COMP (session);
502 ADD_ALL_CERTTYPES (session);
503 ADD_ALL_PROTOCOLS (session);
504 ADD_ALL_MACS (session);
505 ADD_ALL_KX (session);
506 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
507
508 ret = do_handshake (session);
509 if (ret == TEST_FAILED)
510 return ret;
511
512 ret = gnutls_bye (session, GNUTLS_SHUT_WR);
513 if (ret < 0)
514 return TEST_FAILED;
515
516 #ifndef _WIN32
517 old = siginterrupt (SIGALRM, 1);
518 alarm (secs);
519 #else
520 setsockopt ((int) gnutls_transport_get_ptr (session), SOL_SOCKET,
521 SO_RCVTIMEO, (char *) &secs, sizeof (int));
522 #endif
523
524 do
525 {
526 ret = gnutls_record_recv (session, data, sizeof (data));
527 }
528 while (ret > 0);
529
530 #ifndef _WIN32
531 siginterrupt (SIGALRM, old);
532 #else
533 if (WSAGetLastError () == WSAETIMEDOUT ||
534 WSAGetLastError () == WSAECONNABORTED)
535 alrm = 1;
536 #endif
537 if (ret == 0)
538 return TEST_SUCCEED;
539
540 if (alrm == 0)
541 return TEST_UNSURE;
542
543 return TEST_FAILED;
544 }
545
546
547
548 test_code_t
549 test_aes (gnutls_session_t session)
550 {
551 int ret;
552 ADD_CIPHER (session, GNUTLS_CIPHER_AES_128_CBC);
553 ADD_ALL_COMP (session);
554 ADD_ALL_CERTTYPES (session);
555 ADD_ALL_PROTOCOLS (session);
556 ADD_ALL_MACS (session);
557 ADD_ALL_KX (session);
558 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
559
560 ret = do_handshake (session);
561 return ret;
562 }
563
564 #ifdef ENABLE_CAMELLIA
565 test_code_t
566 test_camellia (gnutls_session_t session)
567 {
568 int ret;
569 ADD_CIPHER (session, GNUTLS_CIPHER_CAMELLIA_128_CBC);
570 ADD_ALL_COMP (session);
571 ADD_ALL_CERTTYPES (session);
572 ADD_ALL_PROTOCOLS (session);
573 ADD_ALL_MACS (session);
574 ADD_ALL_KX (session);
575 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
576
577 ret = do_handshake (session);
578 return ret;
579 }
580 #endif
581
582 test_code_t
583 test_openpgp1 (gnutls_session_t session)
584 {
585 int ret;
586 ADD_ALL_CIPHERS (session);
587 ADD_ALL_COMP (session);
588 ADD_CERTTYPE (session, GNUTLS_CRT_OPENPGP);
589 ADD_ALL_PROTOCOLS (session);
590 ADD_ALL_MACS (session);
591 ADD_ALL_KX (session);
592 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
593
594 ret = do_handshake (session);
595 if (ret == TEST_FAILED)
596 return ret;
597
598 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_OPENPGP)
599 return TEST_SUCCEED;
600
601 return TEST_FAILED;
602 }
603
604 test_code_t
605 test_unknown_ciphersuites (gnutls_session_t session)
606 {
607 int ret;
608 #ifdef ENABLE_CAMELLIA
609 ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
610 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_ARCFOUR_128);
611 #else
612 ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
613 GNUTLS_CIPHER_ARCFOUR_128, 0);
614 #endif
615 ADD_ALL_COMP (session);
616 ADD_ALL_CERTTYPES (session);
617 ADD_ALL_PROTOCOLS (session);
618 ADD_ALL_MACS (session);
619 ADD_ALL_KX (session);
620 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
621
622 ret = do_handshake (session);
623 return ret;
624 }
625
626 test_code_t
627 test_md5 (gnutls_session_t session)
628 {
629 int ret;
630 ADD_ALL_CIPHERS (session);
631 ADD_ALL_COMP (session);
632 ADD_ALL_CERTTYPES (session);
633 ADD_ALL_PROTOCOLS (session);
634 ADD_MAC (session, GNUTLS_MAC_MD5);
635 ADD_ALL_KX (session);
636 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
637
638 ret = do_handshake (session);
639 return ret;
640 }
641
642 #ifdef HAVE_LIBZ
643 test_code_t
644 test_zlib (gnutls_session_t session)
645 {
646 int ret;
647 ADD_ALL_CIPHERS (session);
648 ADD_COMP (session, GNUTLS_COMP_ZLIB);
649 ADD_ALL_CERTTYPES (session);
650 ADD_ALL_PROTOCOLS (session);
651 ADD_ALL_MACS (session);
652 ADD_ALL_KX (session);
653 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
654
655 ret = do_handshake (session);
656 return ret;
657 }
658 #endif
659
660 test_code_t
661 test_lzo (gnutls_session_t session)
662 {
663 int ret;
664 gnutls_handshake_set_private_extensions (session, 1);
665
666 ADD_ALL_CIPHERS (session);
667 ADD_COMP (session, GNUTLS_COMP_LZO);
668 ADD_ALL_CERTTYPES (session);
669 ADD_ALL_PROTOCOLS (session);
670 ADD_ALL_MACS (session);
671 ADD_ALL_KX (session);
672 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
673
674 ret = do_handshake (session);
675
676 return ret;
677 }
678
679 test_code_t
680 test_sha (gnutls_session_t session)
681 {
682 int ret;
683 ADD_ALL_CIPHERS (session);
684 ADD_ALL_COMP (session);
685 ADD_ALL_CERTTYPES (session);
686 ADD_ALL_PROTOCOLS (session);
687 ADD_MAC (session, GNUTLS_MAC_SHA1);
688 ADD_ALL_KX (session);
689 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
690
691 ret = do_handshake (session);
692 return ret;
693 }
694
695 test_code_t
696 test_3des (gnutls_session_t session)
697 {
698 int ret;
699 ADD_CIPHER (session, GNUTLS_CIPHER_3DES_CBC);
700 ADD_ALL_COMP (session);
701 ADD_ALL_CERTTYPES (session);
702 ADD_ALL_PROTOCOLS (session);
703 ADD_ALL_MACS (session);
704 ADD_ALL_KX (session);
705 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
706
707 ret = do_handshake (session);
708 return ret;
709 }
710
711 test_code_t
712 test_arcfour (gnutls_session_t session)
713 {
714 int ret;
715 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_128);
716 ADD_ALL_COMP (session);
717 ADD_ALL_CERTTYPES (session);
718 ADD_ALL_PROTOCOLS (session);
719 ADD_ALL_MACS (session);
720 ADD_ALL_KX (session);
721 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
722
723 ret = do_handshake (session);
724 return ret;
725 }
726
727 test_code_t
728 test_arcfour_40 (gnutls_session_t session)
729 {
730 int ret;
731 ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
732 ADD_ALL_COMP (session);
733 ADD_ALL_CERTTYPES (session);
734 ADD_ALL_PROTOCOLS (session);
735 ADD_ALL_MACS (session);
736 ADD_ALL_KX (session);
737 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
738
739 ret = do_handshake (session);
740 return ret;
741 }
742
743 test_code_t
744 test_tls1 (gnutls_session_t session)
745 {
746 int ret;
747 ADD_ALL_CIPHERS (session);
748 ADD_ALL_COMP (session);
749 ADD_ALL_CERTTYPES (session);
750 ADD_PROTOCOL (session, GNUTLS_TLS1);
751 ADD_ALL_MACS (session);
752 ADD_ALL_KX (session);
753 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
754
755 ret = do_handshake (session);
756 if (ret == TEST_SUCCEED)
757 tls1_ok = 1;
758
759 return ret;
760
761 }
762
763 test_code_t
764 test_tls1_1 (gnutls_session_t session)
765 {
766 int ret;
767 ADD_ALL_CIPHERS (session);
768 ADD_ALL_COMP (session);
769 ADD_ALL_CERTTYPES (session);
770 ADD_PROTOCOL (session, GNUTLS_TLS1_1);
771 ADD_ALL_MACS (session);
772 ADD_ALL_KX (session);
773 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
774
775 ret = do_handshake (session);
776 if (ret == TEST_SUCCEED)
777 tls1_1_ok = 1;
778
779 return ret;
780
781 }
782
783 test_code_t
784 test_tls1_1_fallback (gnutls_session_t session)
785 {
786 int ret;
787 if (tls1_1_ok)
788 return TEST_IGNORE;
789
790 ADD_ALL_CIPHERS (session);
791 ADD_ALL_COMP (session);
792 ADD_ALL_CERTTYPES (session);
793 ADD_PROTOCOL3 (session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3);
794 ADD_ALL_MACS (session);
795 ADD_ALL_KX (session);
796 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
797
798 ret = do_handshake (session);
799 if (ret != TEST_SUCCEED)
800 return TEST_FAILED;
801
802 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
803 return TEST_SUCCEED;
804 else if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
805 return TEST_UNSURE;
806
807 return TEST_FAILED;
808
809 }
810
811 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
812 * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
813 */
814 test_code_t
815 test_tls_disable (gnutls_session_t session)
816 {
817 int ret;
818 if (tls1_ok != 0)
819 return TEST_IGNORE;
820
821 ADD_ALL_CIPHERS (session);
822 ADD_ALL_COMP (session);
823 ADD_ALL_CERTTYPES (session);
824 ADD_ALL_PROTOCOLS (session);
825 ADD_ALL_MACS (session);
826 ADD_ALL_KX (session);
827 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
828
829 ret = do_handshake (session);
830 if (ret == TEST_FAILED)
831 {
832 /* disable TLS 1.0 */
833 if (ssl3_ok != 0)
834 {
835 protocol_priority[0] = GNUTLS_SSL3;
836 protocol_priority[1] = 0;
837 }
838 }
839 return ret;
840
841 }
842
843 test_code_t
844 test_rsa_pms (gnutls_session_t session)
845 {
846 int ret;
847
848 /* here we enable both SSL 3.0 and TLS 1.0
849 * and try to connect and use rsa authentication.
850 * If the server is old, buggy and only supports
851 * SSL 3.0 then the handshake will fail.
852 */
853 ADD_ALL_CIPHERS (session);
854 ADD_ALL_COMP (session);
855 ADD_ALL_CERTTYPES (session);
856 ADD_ALL_PROTOCOLS (session);
857 ADD_ALL_MACS (session);
858 ADD_KX (session, GNUTLS_KX_RSA);
859 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
860
861 ret = do_handshake (session);
862 if (ret == TEST_FAILED)
863 return TEST_FAILED;
864
865 if (gnutls_protocol_get_version (session) == GNUTLS_TLS1)
866 return TEST_SUCCEED;
867 return TEST_UNSURE;
868 }
869
870 test_code_t
871 test_max_record_size (gnutls_session_t session)
872 {
873 int ret;
874 ADD_ALL_CIPHERS (session);
875 ADD_ALL_COMP (session);
876 ADD_ALL_CERTTYPES (session);
877 ADD_ALL_PROTOCOLS (session);
878 ADD_ALL_MACS (session);
879 ADD_ALL_KX (session);
880 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
881 gnutls_record_set_max_size (session, 512);
882
883 ret = do_handshake (session);
884 if (ret == TEST_FAILED)
885 return ret;
886
887 ret = gnutls_record_get_max_size (session);
888 if (ret == 512)
889 return TEST_SUCCEED;
890
891 return TEST_FAILED;
892 }
893
894 test_code_t
895 test_hello_extension (gnutls_session_t session)
896 {
897 int ret;
898 ADD_ALL_CIPHERS (session);
899 ADD_ALL_COMP (session);
900 ADD_ALL_CERTTYPES (session);
901 ADD_ALL_PROTOCOLS (session);
902 ADD_ALL_MACS (session);
903 ADD_ALL_KX (session);
904 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
905 gnutls_record_set_max_size (session, 512);
906
907 ret = do_handshake (session);
908 return ret;
909 }
910
911 void _gnutls_record_set_default_version (gnutls_session_t session,
912 unsigned char major,
913 unsigned char minor);
914
915 test_code_t
916 test_version_rollback (gnutls_session_t session)
917 {
918 int ret;
919 if (tls1_ok == 0)
920 return TEST_IGNORE;
921
922 /* here we enable both SSL 3.0 and TLS 1.0
923 * and we connect using a 3.1 client hello version,
924 * and a 3.0 record version. Some implementations
925 * are buggy (and vulnerable to man in the middle
926 * attacks which allow a version downgrade) and this
927 * connection will fail.
928 */
929 ADD_ALL_CIPHERS (session);
930 ADD_ALL_COMP (session);
931 ADD_ALL_CERTTYPES (session);
932 ADD_ALL_PROTOCOLS (session);
933 ADD_ALL_MACS (session);
934 ADD_ALL_KX (session);
935 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
936 _gnutls_record_set_default_version (session, 3, 0);
937
938 ret = do_handshake (session);
939 if (ret != TEST_SUCCEED)
940 return ret;
941
942 if (tls1_ok != 0 && gnutls_protocol_get_version (session) == GNUTLS_SSL3)
943 return TEST_FAILED;
944
945 return TEST_SUCCEED;
946 }
947
948 /* See if the server tolerates out of bounds
949 * record layer versions in the first client hello
950 * message.
951 */
952 test_code_t
953 test_version_oob (gnutls_session_t session)
954 {
955 int ret;
956 /* here we enable both SSL 3.0 and TLS 1.0
957 * and we connect using a 5.5 record version.
958 */
959 ADD_ALL_CIPHERS (session);
960 ADD_ALL_COMP (session);
961 ADD_ALL_CERTTYPES (session);
962 ADD_ALL_PROTOCOLS (session);
963 ADD_ALL_MACS (session);
964 ADD_ALL_KX (session);
965 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
966 _gnutls_record_set_default_version (session, 5, 5);
967
968 ret = do_handshake (session);
969 return ret;
970 }
971
972 void _gnutls_rsa_pms_set_version (gnutls_session_t session,
973 unsigned char major, unsigned char minor);
974
975 test_code_t
976 test_rsa_pms_version_check (gnutls_session_t session)
977 {
978 int ret;
979 /* here we use an arbitary version in the RSA PMS
980 * to see whether to server will check this version.
981 *
982 * A normal server would abort this handshake.
983 */
984 ADD_ALL_CIPHERS (session);
985 ADD_ALL_COMP (session);
986 ADD_ALL_CERTTYPES (session);
987 ADD_ALL_PROTOCOLS (session);
988 ADD_ALL_MACS (session);
989 ADD_ALL_KX (session);
990 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
991 _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
992
993 ret = do_handshake (session);
994 return ret;
995
996 }
997
998 #ifdef ENABLE_ANON
999 test_code_t
1000 test_anonymous (gnutls_session_t session)
1001 {
1002 int ret;
1003
1004 ADD_ALL_CIPHERS (session);
1005 ADD_ALL_COMP (session);
1006 ADD_ALL_CERTTYPES (session);
1007 ADD_ALL_PROTOCOLS (session);
1008 ADD_ALL_MACS (session);
1009 ADD_KX (session, GNUTLS_KX_ANON_DH);
1010 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1011
1012 ret = do_handshake (session);
1013
1014 if (ret == TEST_SUCCEED)
1015 gnutls_dh_get_pubkey (session, &pubkey);
1016
1017 return ret;
1018 }
1019 #endif
1020
1021 test_code_t
1022 test_session_resume2 (gnutls_session_t session)
1023 {
1024 int ret;
1025 char tmp_session_id[32];
1026 size_t tmp_session_id_size;
1027
1028 if (session == NULL)
1029 return TEST_IGNORE;
1030
1031 ADD_ALL_CIPHERS (session);
1032 ADD_ALL_COMP (session);
1033 ADD_ALL_CERTTYPES (session);
1034 ADD_ALL_PROTOCOLS (session);
1035 ADD_ALL_MACS (session);
1036 ADD_ALL_KX (session);
1037
1038 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1039 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
1040
1041 gnutls_session_set_data (session, session_data, session_data_size);
1042
1043 memcpy (tmp_session_id, session_id, session_id_size);
1044 tmp_session_id_size = session_id_size;
1045
1046 ret = do_handshake (session);
1047 if (ret == TEST_FAILED)
1048 return ret;
1049
1050 /* check if we actually resumed the previous session */
1051
1052 session_id_size = sizeof (session_id);
1053 gnutls_session_get_id (session, session_id, &session_id_size);
1054
1055 if (session_id_size == 0)
1056 return TEST_FAILED;
1057
1058 if (gnutls_session_is_resumed (session))
1059 return TEST_SUCCEED;
1060
1061 if (tmp_session_id_size == session_id_size &&
1062 memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0)
1063 return TEST_SUCCEED;
1064 else
1065 return TEST_FAILED;
1066 }
1067
1068 extern char *hostname;
1069
1070 test_code_t
1071 test_certificate (gnutls_session_t session)
1072 {
1073 int ret;
1074
1075 if (verbose == 0)
1076 return TEST_IGNORE;
1077
1078 ADD_ALL_CIPHERS (session);
1079 ADD_ALL_COMP (session);
1080 ADD_ALL_CERTTYPES (session);
1081 ADD_ALL_PROTOCOLS (session);
1082 ADD_ALL_MACS (session);
1083 ADD_ALL_KX (session);
1084
1085 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1086
1087 ret = do_handshake (session);
1088 if (ret == TEST_FAILED)
1089 return ret;
1090
1091 printf ("\n");
1092 print_cert_info (session, hostname, 1);
1093
1094 return TEST_SUCCEED;
1095 }
1096
1097 /* A callback function to be used at the certificate selection time.
1098 */
1099 static int
1100 cert_callback (gnutls_session_t session,
1101 const gnutls_datum_t * req_ca_rdn, int nreqs,
1102 const gnutls_pk_algorithm_t * sign_algos,
1103 int sign_algos_length, gnutls_retr_st * st)
1104 {
1105 char issuer_dn[256];
1106 int i, ret;
1107 size_t len;
1108
1109 if (verbose == 0)
1110 return -1;
1111
1112 /* Print the server's trusted CAs
1113 */
1114 printf ("\n");
1115 if (nreqs > 0)
1116 printf ("- Server's trusted authorities:\n");
1117 else
1118 printf ("- Server did not send us any trusted authorities names.\n");
1119
1120 /* print the names (if any) */
1121 for (i = 0; i < nreqs; i++)
1122 {
1123 len = sizeof (issuer_dn);
1124 ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
1125 if (ret >= 0)
1126 {
1127 printf (" [%d]: ", i);
1128 printf ("%s\n", issuer_dn);
1129 }
1130 }
1131
1132 return -1;
1133
1134 }
1135
1136 /* Prints the trusted server's CAs. This is only
1137 * if the server sends a certificate request packet.
1138 */
1139 test_code_t
1140 test_server_cas (gnutls_session_t session)
1141 {
1142 int ret;
1143
1144 if (verbose == 0)
1145 return TEST_IGNORE;
1146
1147 ADD_ALL_CIPHERS (session);
1148 ADD_ALL_COMP (session);
1149 ADD_ALL_CERTTYPES (session);
1150 ADD_ALL_PROTOCOLS (session);
1151 ADD_ALL_MACS (session);
1152 ADD_ALL_KX (session);
1153
1154 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
1155 gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
1156
1157 ret = do_handshake (session);
1158 gnutls_certificate_client_set_retrieve_function (xcred, NULL);
1159
1160 if (ret == TEST_FAILED)
1161 return ret;
1162 return TEST_SUCCEED;
1163 }
Implementation of the SSL/TLS protocol