src/tls_test.c

   1 /*
   2  *      Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
   3  *
   4  * This file is part of GNUTLS.
   5  *
   6  * GNUTLS is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GNUTLS is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  19  */
  20
  21 #include <stdio.h>
  22 #include <errno.h>
  23 #include <stdlib.h>
  24 #include <sys/types.h>
  25 #include <sys/socket.h>
  26 #include <netinet/in.h>
  27 #include <arpa/inet.h>
  28 #include <string.h>
  29 #include <unistd.h>
  30 #include "../lib/gnutls.h"
  31 #include <sys/time.h>
  32 #include <signal.h>
  33 #include <netdb.h>
  34 #include <tests.h>
  35 #include <tls_test-gaa.h>
  36
  37 #ifndef SHUT_WR
  38 # define SHUT_WR 1
  39 #endif
  40
  41 #ifndef SHUT_RDWR
  42 # define SHUT_RDWR 2
  43 #endif
  44
  45 #define SA struct sockaddr
  46 #define ERR(err,s) if (err==-1) {perror(s);return(1);}
  47 #define MAX_BUF 4096
  48
  49 /* global stuff here */
  50 int resume;
  51 char *hostname=NULL;
  52 int port;
  53 int record_max_size;
  54 int fingerprint;
  55
  56 GNUTLS_SRP_CLIENT_CREDENTIALS srp_cred;
  57 GNUTLS_ANON_CLIENT_CREDENTIALS anon_cred;
  58 GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS xcred;
  59
  60 /* end of global stuff */
  61
  62
  63 int more_info = 0;
  64
  65 int tls1_ok = 0;
  66 int ssl3_ok = 0;
  67
  68 typedef int (*TEST_FUNC)( GNUTLS_STATE);
  69
  70 typedef struct {
  71         char* test_name;
  72         TEST_FUNC func;
  73         char* suc_str;
  74         char* fail_str;
  75         char* unsure_str;
  76 } TLS_TEST;
  77
  78 static const TLS_TEST tls_tests[] = {
  79         { "for TLS 1.0 support", test_tls1, "yes", "no", "dunno" },
  80         { "for SSL 3.0 support", test_ssl3, "yes", "no", "dunno" },
  81         { "for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", "dunno" },
  82         { "for version rollback bug in Client Hello", test_version_rollback, "no", "yes", "dunno" },
  83         /* this test will disable TLS 1.0 if the server is
  84          * buggy */
  85         { "whether we need to disable TLS 1.0", test_tls1_2, "no", "yes", "dunno" },
  86         { "whether the server can accept Hello Extensions", test_hello_extension, "yes", "no", "dunno"},
  87         { "whether the server can accept cipher suites not in SSL 3.0 spec", test_unknown_ciphersuites, "yes", "no", "dunno"},
  88         { "whether the server understands TLS closure alerts", test_bye, "yes", "no", "partially"},
  89         { "whether the server supports session resumption", test_session_resume2, "yes", "no", "dunno"},
  90         { "for anonymous authentication support", test_anonymous, "yes", "no", "dunno"},
  91         { "for ephemeral Diffie Hellman support", test_dhe, "yes", "no", "dunno" },
  92         { "for AES cipher support", test_aes, "yes", "no", "dunno"},
  93         { "for 3DES cipher support", test_3des, "yes", "no", "dunno"},
  94         { "for ARCFOUR cipher support", test_arcfour, "yes", "no", "dunno"},
  95         { "for MD5 MAC support", test_md5, "yes", "no", "dunno"},
  96         { "for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
  97         { "for max record size TLS extension", test_max_record_size, "yes", "no", "dunno" },
  98         { "for SRP authentication support (gnutls extension)", test_srp, "yes", "no", "dunno" },
  99         { "for OpenPGP authentication support (gnutls extension)", test_openpgp1, "yes", "no", "dunno" },
 100         { NULL }
 101 };
 102
 103 static int tt = 0;
 104
 105 #define CONNECT() \
 106                 sd = socket(AF_INET, SOCK_STREAM, 0); \
 107                 ERR(sd, "socket"); \
 108                 memset(&sa, '\0', sizeof(sa)); \
 109                 sa.sin_family = AF_INET; \
 110                 sa.sin_port = htons(port); \
 111                 sa.sin_addr.s_addr = *((unsigned int *) server_host->h_addr); \
 112                 inet_ntop(AF_INET, &sa.sin_addr, buffer, MAX_BUF); \
 113                 if (tt++ == 0) fprintf(stderr, "Connecting to '%s:%d'...\n", buffer, port); \
 114                 err = connect(sd, (SA *) & sa, sizeof(sa)); \
 115                 ERR(err, "connect")
 116
 117 static void gaa_parser(int argc, char **argv);
 118
 119 int main(int argc, char **argv)
 120 {
 121         int err, ret;
 122         int sd, i;
 123         struct sockaddr_in sa;
 124         GNUTLS_STATE state;
 125         char buffer[MAX_BUF + 1];
 126         struct hostent *server_host;
 127
 128         gaa_parser(argc, argv);
 129
 130         signal(SIGPIPE, SIG_IGN);
 131
 132         if (gnutls_global_init() < 0) {
 133                 fprintf(stderr, "global state initialization error\n");
 134                 exit(1);
 135         }
 136
 137         printf("Resolving '%s'...\n", hostname);
 138         /* get server name */
 139         server_host = gethostbyname(hostname);
 140         if (server_host == NULL) {
 141                 fprintf(stderr, "Cannot resolve %s\n", hostname);
 142                 exit(1);
 143         }
 144
 145         /* X509 stuff */
 146         if (gnutls_certificate_allocate_sc(&xcred) < 0) {       /* space for 2 certificates */
 147                 fprintf(stderr, "memory error\n");
 148                 exit(1);
 149         }
 150
 151         /* SRP stuff */
 152         if (gnutls_srp_allocate_client_sc(&srp_cred) < 0) {
 153                 fprintf(stderr, "memory error\n");
 154                 exit(1);
 155         }
 156         gnutls_srp_set_client_cred( srp_cred, "test", "test");
 157
 158         /* ANON stuff */
 159         if (gnutls_anon_allocate_client_sc(&anon_cred) < 0) {
 160                 fprintf(stderr, "memory error\n");
 161                 exit(1);
 162         }
 163
 164
 165         i = 0;
 166
 167         do {
 168
 169                 if (tls_tests[i].test_name==NULL) break; /* finished */
 170
 171                 CONNECT();
 172                 gnutls_init(&state, GNUTLS_CLIENT);
 173                 gnutls_transport_set_ptr(state, sd);
 174
 175                 printf("Checking %s...", tls_tests[i].test_name);
 176
 177                 if ((ret=tls_tests[i].func( state)) == SUCCEED)
 178                         printf(" %s\n", tls_tests[i].suc_str);
 179                 else if (ret==FAILED)
 180                         printf(" %s\n", tls_tests[i].fail_str);
 181                 else printf(" %s\n", tls_tests[i].unsure_str);
 182
 183                 gnutls_deinit(state);
 184
 185                 shutdown(sd, SHUT_RDWR);        /* no more receptions */
 186                 close(sd);
 187
 188                 i++;
 189         } while(1);
 190
 191         gnutls_srp_free_client_sc(srp_cred);
 192         gnutls_certificate_free_sc(xcred);
 193         gnutls_anon_free_client_sc(anon_cred);
 194
 195         gnutls_global_deinit();
 196
 197         return 0;
 198 }
 199
 200 static gaainfo info;
 201 void gaa_parser(int argc, char **argv)
 202 {
 203         if (gaa(argc, argv, &info) != -1) {
 204                 fprintf(stderr, "Error in the arguments. Use the -h or --help parameters to get more info.\n");
 205                 exit(1);
 206         }
 207
 208         port = info.pp;
 209         if (info.nrest_args==0) hostname="localhost";
 210         else hostname = info.rest_args[0];
 211
 212 }
 213