1 /*
2 * Copyright (C) 2008-2012 Free Software Foundation, Inc.
3 *
4 * Author: Simon Josefsson
5 *
6 * This file is part of GnuTLS.
7 *
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>
20 */
21
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <gnutls/gnutls.h>
31 #include "utils.h"
32 #include "eagain-common.h"
33 #include "cert-common.h"
34
35 /* This program tests server initiated rehandshake under TLS 1.3.
36 * Although rehandshake doesn't happen under TLS1.3 this tests
37 * whether the old APIs would still work.
38 */
39
40 const char *side = "";
41
tls_log_func(int level,const char * str)42 static void tls_log_func(int level, const char *str)
43 {
44 fprintf(stderr, "%s|<%d>| %s", side, level, str);
45 }
46
47 static
server_initiated_handshake(void)48 void server_initiated_handshake(void)
49 {
50 /* Server stuff. */
51 gnutls_certificate_credentials_t serverx509cred;
52 gnutls_session_t server;
53 int sret = GNUTLS_E_AGAIN;
54 /* Client stuff. */
55 gnutls_certificate_credentials_t clientx509cred;
56 gnutls_session_t client;
57 unsigned char buffer[64];
58 int cret = GNUTLS_E_AGAIN;
59 size_t transferred = 0;
60
61 success("testing server initiated re-handshake\n");
62
63 /* General init. */
64 global_init();
65 gnutls_global_set_log_function(tls_log_func);
66 if (debug)
67 gnutls_global_set_log_level(2);
68
69 /* Init server */
70 gnutls_certificate_allocate_credentials(&serverx509cred);
71 gnutls_certificate_set_x509_key_mem(serverx509cred,
72 &server_cert, &server_key,
73 GNUTLS_X509_FMT_PEM);
74 gnutls_init(&server, GNUTLS_SERVER);
75 gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
76 serverx509cred);
77 gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", NULL);
78 gnutls_transport_set_push_function(server, server_push);
79 gnutls_transport_set_pull_function(server, server_pull);
80 gnutls_transport_set_ptr(server, server);
81
82 /* Init client */
83 gnutls_certificate_allocate_credentials(&clientx509cred);
84 gnutls_init(&client, GNUTLS_CLIENT);
85 gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
86 clientx509cred);
87 gnutls_priority_set_direct(client, "NORMAL:+VERS-TLS1.3", NULL);
88 gnutls_transport_set_push_function(client, client_push);
89 gnutls_transport_set_pull_function(client, client_pull);
90 gnutls_transport_set_ptr(client, client);
91
92 HANDSHAKE(client, server);
93
94 if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3)
95 fail("TLS1.3 was not negotiated\n");
96
97 sret = gnutls_rehandshake(server);
98 if (debug) {
99 tls_log_func(0, "gnutls_rehandshake (server)...\n");
100 tls_log_func(0, gnutls_strerror(sret));
101 tls_log_func(0, "\n");
102 }
103
104 {
105 ssize_t n;
106 char b[1];
107 n = gnutls_record_recv(client, b, 1);
108 /* in TLS1.2 we get REHANDSHAKE error, here nothing */
109 if (n != GNUTLS_E_AGAIN) {
110 fail("error msg: %s\n", gnutls_strerror(n));
111 }
112 }
113
114 TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer));
115
116 gnutls_bye(client, GNUTLS_SHUT_RDWR);
117 gnutls_bye(server, GNUTLS_SHUT_RDWR);
118
119 gnutls_deinit(client);
120 gnutls_deinit(server);
121
122 gnutls_certificate_free_credentials(serverx509cred);
123 gnutls_certificate_free_credentials(clientx509cred);
124
125 gnutls_global_deinit();
126
127 reset_buffers();
128 }
129
130 static
client_initiated_handshake(void)131 void client_initiated_handshake(void)
132 {
133 /* Server stuff. */
134 gnutls_certificate_credentials_t serverx509cred;
135 gnutls_session_t server;
136 int sret = GNUTLS_E_AGAIN;
137 /* Client stuff. */
138 gnutls_certificate_credentials_t clientx509cred;
139 gnutls_session_t client;
140 unsigned char buffer[64];
141 int cret = GNUTLS_E_AGAIN;
142 size_t transferred = 0;
143
144 success("testing client initiated re-handshake\n");
145
146 /* General init. */
147 global_init();
148 gnutls_global_set_log_function(tls_log_func);
149 if (debug)
150 gnutls_global_set_log_level(2);
151
152 /* Init server */
153 gnutls_certificate_allocate_credentials(&serverx509cred);
154 gnutls_certificate_set_x509_key_mem(serverx509cred,
155 &server_cert, &server_key,
156 GNUTLS_X509_FMT_PEM);
157 gnutls_init(&server, GNUTLS_SERVER);
158 gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
159 serverx509cred);
160 gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", NULL);
161 gnutls_transport_set_push_function(server, server_push);
162 gnutls_transport_set_pull_function(server, server_pull);
163 gnutls_transport_set_ptr(server, server);
164
165 /* Init client */
166 gnutls_certificate_allocate_credentials(&clientx509cred);
167 gnutls_init(&client, GNUTLS_CLIENT);
168 gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
169 clientx509cred);
170 gnutls_priority_set_direct(client, "NORMAL:+VERS-TLS1.3", NULL);
171 gnutls_transport_set_push_function(client, client_push);
172 gnutls_transport_set_pull_function(client, client_pull);
173 gnutls_transport_set_ptr(client, client);
174
175 HANDSHAKE(client, server);
176
177 if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3)
178 fail("TLS1.3 was not negotiated\n");
179
180 HANDSHAKE(client, server);
181
182 TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer));
183
184 gnutls_bye(client, GNUTLS_SHUT_RDWR);
185 gnutls_bye(server, GNUTLS_SHUT_RDWR);
186
187 gnutls_deinit(client);
188 gnutls_deinit(server);
189
190 gnutls_certificate_free_credentials(serverx509cred);
191 gnutls_certificate_free_credentials(clientx509cred);
192
193 gnutls_global_deinit();
194
195 reset_buffers();
196 }
197
doit(void)198 void doit(void)
199 {
200 server_initiated_handshake();
201 client_initiated_handshake();
202 }
203