1 /*
2 * Copyright (C) 2016 Red Hat, Inc
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with GnuTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <stdio.h>
28 #include <stdlib.h>
29
30 #if defined(_WIN32)
31
main()32 int main()
33 {
34 exit(77);
35 }
36
37 #else
38
39 #include <string.h>
40 #include <sys/types.h>
41 #include <netinet/in.h>
42 #include <sys/socket.h>
43 #include <sys/wait.h>
44 #include <arpa/inet.h>
45 #include <unistd.h>
46 #include <gnutls/gnutls.h>
47 #include <gnutls/dtls.h>
48 #include <signal.h>
49 #include <assert.h>
50
51 #include "cert-common.h"
52 #include "utils.h"
53
54 static void terminate(void);
55
56 /* This program tests that handshakes include a session ticket.
57 */
58
server_log_func(int level,const char * str)59 static void server_log_func(int level, const char *str)
60 {
61 fprintf(stderr, "server|<%d>| %s", level, str);
62 }
63
client_log_func(int level,const char * str)64 static void client_log_func(int level, const char *str)
65 {
66 fprintf(stderr, "client|<%d>| %s", level, str);
67 }
68
69 static int sent = 0;
70
handshake_callback(gnutls_session_t session,unsigned int htype,unsigned post,unsigned int incoming,const gnutls_datum_t * msg)71 static int handshake_callback(gnutls_session_t session, unsigned int htype,
72 unsigned post, unsigned int incoming, const gnutls_datum_t *msg)
73 {
74 if (htype != GNUTLS_HANDSHAKE_NEW_SESSION_TICKET)
75 return 0;
76
77 if (debug)
78 success("sent session ticket\n");
79 sent = 1;
80 return 0;
81 }
82
83 #define MAX_BUF 1024
84
client(int fd,const char * prio)85 static void client(int fd, const char *prio)
86 {
87 int ret;
88 gnutls_certificate_credentials_t x509_cred;
89 gnutls_session_t session;
90
91 global_init();
92
93 if (debug) {
94 gnutls_global_set_log_function(client_log_func);
95 gnutls_global_set_log_level(7);
96 }
97
98 gnutls_certificate_allocate_credentials(&x509_cred);
99
100 assert(gnutls_init(&session, GNUTLS_CLIENT)>=0);
101
102 assert(gnutls_priority_set_direct(session, prio, NULL)>=0);
103
104 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
105
106 gnutls_transport_set_int(session, fd);
107
108 do {
109 ret = gnutls_handshake(session);
110 }
111 while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
112
113 if (ret < 0) {
114 fail("client: Handshake failed: %s\n", gnutls_strerror(ret));
115 terminate();
116 } else {
117 if (debug)
118 success("client: Handshake was completed\n");
119 }
120
121 if (debug)
122 success("client: TLS version is: %s\n",
123 gnutls_protocol_get_name
124 (gnutls_protocol_get_version(session)));
125
126 gnutls_bye(session, GNUTLS_SHUT_WR);
127
128 close(fd);
129
130 gnutls_deinit(session);
131
132 gnutls_certificate_free_credentials(x509_cred);
133
134 gnutls_global_deinit();
135 }
136
137
138 /* These are global */
139 pid_t child;
140
terminate(void)141 static void terminate(void)
142 {
143 kill(child, SIGTERM);
144 exit(1);
145 }
146
server(int fd,const char * prio)147 static void server(int fd, const char *prio)
148 {
149 int ret;
150 char buffer[MAX_BUF + 1];
151 gnutls_session_t session;
152 gnutls_certificate_credentials_t x509_cred;
153 gnutls_datum_t skey;
154
155 /* this must be called once in the program
156 */
157 global_init();
158 memset(buffer, 0, sizeof(buffer));
159
160 if (debug) {
161 gnutls_global_set_log_function(server_log_func);
162 gnutls_global_set_log_level(4711);
163 }
164
165 assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0);
166 assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
167 &server_key,
168 GNUTLS_X509_FMT_PEM)>=0);
169
170 assert(gnutls_init(&session, GNUTLS_SERVER)>=0);
171
172 assert(gnutls_session_ticket_key_generate(&skey)>=0);
173 assert(gnutls_session_ticket_enable_server(session, &skey) >= 0);
174
175 gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
176 GNUTLS_HOOK_POST,
177 handshake_callback);
178
179 /* avoid calling all the priority functions, since the defaults
180 * are adequate.
181 */
182 assert(gnutls_priority_set_direct(session, prio, NULL)>=0);
183
184 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
185
186 gnutls_transport_set_int(session, fd);
187
188 do {
189 ret = gnutls_handshake(session);
190 } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
191 if (ret < 0) {
192 /* failure is expected here */
193 goto end;
194 }
195
196 if (debug) {
197 success("server: Handshake was completed\n");
198 }
199
200 if (debug)
201 success("server: TLS version is: %s\n",
202 gnutls_protocol_get_name
203 (gnutls_protocol_get_version(session)));
204
205 if (sent == 0) {
206 fail("client: didn't send new sessiont ticket\n");
207 terminate();
208 }
209
210 /* do not wait for the peer to close the connection.
211 */
212 gnutls_bye(session, GNUTLS_SHUT_WR);
213
214 end:
215 close(fd);
216 gnutls_deinit(session);
217 gnutls_free(skey.data);
218
219 gnutls_certificate_free_credentials(x509_cred);
220
221 gnutls_global_deinit();
222
223 if (debug)
224 success("server: finished\n");
225 }
226
ch_handler(int sig)227 static void ch_handler(int sig)
228 {
229 return;
230 }
231
232 static
start(const char * prio)233 void start(const char *prio)
234 {
235 int fd[2];
236 int ret, status = 0;
237
238 sent = 0;
239 success("trying %s\n", prio);
240 signal(SIGCHLD, ch_handler);
241 signal(SIGPIPE, SIG_IGN);
242
243 ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
244 if (ret < 0) {
245 perror("socketpair");
246 exit(1);
247 }
248
249 child = fork();
250 if (child < 0) {
251 perror("fork");
252 fail("fork");
253 exit(1);
254 }
255
256 if (child) {
257 /* parent */
258 close(fd[1]);
259 server(fd[0], prio);
260 waitpid(child, &status, 0);
261 check_wait_status(status);
262 } else {
263 close(fd[0]);
264 client(fd[1], prio);
265 exit(0);
266 }
267
268 return;
269 }
270
doit(void)271 void doit(void)
272 {
273 start("NORMAL:-VERS-ALL:+VERS-TLS1.2");
274 start("NORMAL:-VERS-ALL:+VERS-TLS1.3");
275 start("NORMAL");
276 }
277
278 #endif /* _WIN32 */
279