src/tls_test.c

   1 /*
   2  *      Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
   3  *
   4  * This file is part of GNUTLS.
   5  *
   6  * GNUTLS is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GNUTLS is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  19  */
  20
  21 #include <stdio.h>
  22 #include <errno.h>
  23 #include <stdlib.h>
  24 #include <sys/types.h>
  25 #include <sys/socket.h>
  26 #include <netinet/in.h>
  27 #include <arpa/inet.h>
  28 #include <string.h>
  29 #include <unistd.h>
  30 #include "../lib/gnutls.h"
  31 #include "../libextra/gnutls-extra.h"
  32 #include <sys/time.h>
  33 #include <signal.h>
  34 #include <netdb.h>
  35 #include <tests.h>
  36 #include <tls_test-gaa.h>
  37
  38 #ifndef SHUT_WR
  39 # define SHUT_WR 1
  40 #endif
  41
  42 #ifndef SHUT_RDWR
  43 # define SHUT_RDWR 2
  44 #endif
  45
  46 #define SA struct sockaddr
  47 #define ERR(err,s) if (err==-1) {perror(s);return(1);}
  48 #define MAX_BUF 4096
  49
  50 /* global stuff here */
  51 int resume;
  52 char *hostname=NULL;
  53 int port;
  54 int record_max_size;
  55 int fingerprint;
  56
  57 GNUTLS_SRP_CLIENT_CREDENTIALS srp_cred;
  58 GNUTLS_ANON_CLIENT_CREDENTIALS anon_cred;
  59 GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS xcred;
  60
  61 /* end of global stuff */
  62
  63
  64 int more_info = 0;
  65
  66 int tls1_ok = 0;
  67 int ssl3_ok = 0;
  68
  69 typedef int (*TEST_FUNC)( GNUTLS_STATE);
  70
  71 typedef struct {
  72         char* test_name;
  73         TEST_FUNC func;
  74         char* suc_str;
  75         char* fail_str;
  76         char* unsure_str;
  77 } TLS_TEST;
  78
  79 static const TLS_TEST tls_tests[] = {
  80         { "for TLS 1.0 support", test_tls1, "yes", "no", "dunno" },
  81         { "for SSL 3.0 support", test_ssl3, "yes", "no", "dunno" },
  82         { "for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", "dunno" },
  83         { "for version rollback bug in Client Hello", test_version_rollback, "no", "yes", "dunno" },
  84         /* this test will disable TLS 1.0 if the server is
  85          * buggy */
  86         { "whether we need to disable TLS 1.0", test_tls1_2, "no", "yes", "dunno" },
  87         { "whether the server can accept Hello Extensions", test_hello_extension, "yes", "no", "dunno"},
  88         { "whether the server can accept cipher suites not in SSL 3.0 spec", test_unknown_ciphersuites, "yes", "no", "dunno"},
  89         { "whether the server understands TLS closure alerts", test_bye, "yes", "no", "partially"},
  90         { "whether the server supports session resumption", test_session_resume2, "yes", "no", "dunno"},
  91         { "for anonymous authentication support", test_anonymous, "yes", "no", "dunno"},
  92         { "for ephemeral Diffie Hellman support", test_dhe, "yes", "no", "dunno" },
  93         { "for AES cipher support", test_aes, "yes", "no", "dunno"},
  94         { "for 3DES cipher support", test_3des, "yes", "no", "dunno"},
  95         { "for ARCFOUR cipher support", test_arcfour, "yes", "no", "dunno"},
  96         { "for MD5 MAC support", test_md5, "yes", "no", "dunno"},
  97         { "for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
  98         { "for max record size TLS extension", test_max_record_size, "yes", "no", "dunno" },
  99         { "for SRP authentication support (gnutls extension)", test_srp, "yes", "no", "dunno" },
 100         { "for OpenPGP authentication support (gnutls extension)", test_openpgp1, "yes", "no", "dunno" },
 101         { NULL }
 102 };
 103
 104 static int tt = 0;
 105
 106 #define CONNECT() \
 107                 sd = socket(AF_INET, SOCK_STREAM, 0); \
 108                 ERR(sd, "socket"); \
 109                 memset(&sa, '\0', sizeof(sa)); \
 110                 sa.sin_family = AF_INET; \
 111                 sa.sin_port = htons(port); \
 112                 sa.sin_addr.s_addr = *((unsigned int *) server_host->h_addr); \
 113                 inet_ntop(AF_INET, &sa.sin_addr, buffer, MAX_BUF); \
 114                 if (tt++ == 0) fprintf(stderr, "Connecting to '%s:%d'...\n", buffer, port); \
 115                 err = connect(sd, (SA *) & sa, sizeof(sa)); \
 116                 ERR(err, "connect")
 117
 118 static void gaa_parser(int argc, char **argv);
 119
 120 int main(int argc, char **argv)
 121 {
 122         int err, ret;
 123         int sd, i;
 124         struct sockaddr_in sa;
 125         GNUTLS_STATE state;
 126         char buffer[MAX_BUF + 1];
 127         struct hostent *server_host;
 128
 129         gaa_parser(argc, argv);
 130
 131         signal(SIGPIPE, SIG_IGN);
 132
 133         if (gnutls_global_init() < 0) {
 134                 fprintf(stderr, "global state initialization error\n");
 135                 exit(1);
 136         }
 137
 138         printf("Resolving '%s'...\n", hostname);
 139         /* get server name */
 140         server_host = gethostbyname(hostname);
 141         if (server_host == NULL) {
 142                 fprintf(stderr, "Cannot resolve %s\n", hostname);
 143                 exit(1);
 144         }
 145
 146         /* X509 stuff */
 147         if (gnutls_certificate_allocate_sc(&xcred) < 0) {       /* space for 2 certificates */
 148                 fprintf(stderr, "memory error\n");
 149                 exit(1);
 150         }
 151
 152         /* SRP stuff */
 153         if (gnutls_srp_allocate_client_sc(&srp_cred) < 0) {
 154                 fprintf(stderr, "memory error\n");
 155                 exit(1);
 156         }
 157         gnutls_srp_set_client_cred( srp_cred, "test", "test");
 158
 159         /* ANON stuff */
 160         if (gnutls_anon_allocate_client_sc(&anon_cred) < 0) {
 161                 fprintf(stderr, "memory error\n");
 162                 exit(1);
 163         }
 164
 165
 166         i = 0;
 167
 168         do {
 169
 170                 if (tls_tests[i].test_name==NULL) break; /* finished */
 171
 172                 CONNECT();
 173                 gnutls_init(&state, GNUTLS_CLIENT);
 174                 gnutls_transport_set_ptr(state, sd);
 175
 176                 printf("Checking %s...", tls_tests[i].test_name);
 177
 178                 if ((ret=tls_tests[i].func( state)) == SUCCEED)
 179                         printf(" %s\n", tls_tests[i].suc_str);
 180                 else if (ret==FAILED)
 181                         printf(" %s\n", tls_tests[i].fail_str);
 182                 else printf(" %s\n", tls_tests[i].unsure_str);
 183
 184                 gnutls_deinit(state);
 185
 186                 shutdown(sd, SHUT_RDWR);        /* no more receptions */
 187                 close(sd);
 188
 189                 i++;
 190         } while(1);
 191
 192         gnutls_srp_free_client_sc(srp_cred);
 193         gnutls_certificate_free_sc(xcred);
 194         gnutls_anon_free_client_sc(anon_cred);
 195
 196         gnutls_global_deinit();
 197
 198         return 0;
 199 }
 200
 201 static gaainfo info;
 202 void gaa_parser(int argc, char **argv)
 203 {
 204         if (gaa(argc, argv, &info) != -1) {
 205                 fprintf(stderr, "Error in the arguments. Use the -h or --help parameters to get more info.\n");
 206                 exit(1);
 207         }
 208
 209         port = info.pp;
 210         if (info.nrest_args==0) hostname="localhost";
 211         else hostname = info.rest_args[0];
 212
 213 }
 214