2 * Copyright (C) 2015 Red Hat, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with GnuTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
32 #include <gnutls/gnutls.h>
33 #include <gnutls/dtls.h>
37 # include <netinet/in.h>
38 # include <sys/types.h>
39 # include <sys/socket.h>
40 # include <sys/wait.h>
53 /* These are global */
56 static void terminate(void)
65 /* Tests whether we can send and receive from different processes
66 * using DTLS, either as server or client. DTLS is a superset of
67 * TLS, so correct behavior under fork means TLS would operate too.
70 const char *side = "";
72 static void tls_log_func(int level, const char *str)
74 fprintf(stderr, "%s|<%d>| %s", side, level, str);
77 static unsigned char server_cert_pem[] =
78 "-----BEGIN CERTIFICATE-----\n"
79 "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n"
80 "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n"
81 "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n"
82 "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n"
83 "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n"
84 "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n"
85 "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n"
86 "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n"
87 "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n"
88 "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n"
89 "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n"
90 "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n"
91 "-----END CERTIFICATE-----\n";
93 const gnutls_datum_t server_cert = { server_cert_pem,
94 sizeof(server_cert_pem)
97 static unsigned char server_key_pem[] =
98 "-----BEGIN EC PRIVATE KEY-----\n"
99 "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n"
100 "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n"
101 "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n"
102 "-----END EC PRIVATE KEY-----\n";
104 const gnutls_datum_t server_key = { server_key_pem,
105 sizeof(server_key_pem)
108 #define MSG "hello1111"
109 #define MSG2 "xxxxxxxxxxxx"
112 void do_fork_stuff(gnutls_session_t session)
118 /* separate sending from receiving */
122 } else if (pid != 0) {
124 success("client: TLS version is: %s\n",
125 gnutls_protocol_get_name
126 (gnutls_protocol_get_version(session)));
128 /* the server should reflect our messages */
129 ret = gnutls_record_recv(session, buf, sizeof(buf));
130 if (ret != sizeof(MSG)-1 || memcmp(buf, MSG, sizeof(MSG)-1) != 0) {
131 fail("client: recv failed: %s\n", gnutls_strerror(ret));
136 fprintf(stderr, "client received: %.*s\n", ret, buf);
139 ret = gnutls_record_recv(session, buf, sizeof(buf));
140 if (ret != sizeof(MSG2)-1 || memcmp(buf, MSG2, sizeof(MSG2)-1) != 0) {
141 fail("client: recv2 failed: %s\n", gnutls_strerror(ret));
146 fprintf(stderr, "client received: %.*s\n", ret, buf);
149 ret = gnutls_record_recv(session, buf, sizeof(buf));
151 fail("client: recv3 failed: %s\n", gnutls_strerror(ret));
154 } else if (pid == 0) { /* child */
155 ret = gnutls_record_send(session, MSG, sizeof(MSG)-1);
156 if (ret != sizeof(MSG)-1) {
157 fail("client: send failed: %s\n", gnutls_strerror(ret));
161 ret = gnutls_record_send(session, MSG2, sizeof(MSG2)-1);
162 if (ret != sizeof(MSG2)-1) {
163 fail("client: send2 failed: %s\n", gnutls_strerror(ret));
167 gnutls_bye(session, GNUTLS_SHUT_WR);
171 static void do_reflect_stuff(gnutls_session_t session)
178 ret = gnutls_record_recv(session, buf, sizeof(buf));
180 fail("server: recv failed: %s\n", gnutls_strerror(ret));
189 fprintf(stderr, "server received: %.*s\n", buf_size, buf);
192 ret = gnutls_record_send(session, buf, buf_size);
194 fail("server: send failed: %s\n", gnutls_strerror(ret));
199 /* do not wait for the peer to close the connection.
201 gnutls_bye(session, GNUTLS_SHUT_WR);
204 static void client(int fd, unsigned do_fork)
207 gnutls_certificate_credentials_t x509_cred;
208 gnutls_session_t session;
209 /* Need to enable anonymous KX specifically. */
215 gnutls_global_set_log_function(tls_log_func);
216 gnutls_global_set_log_level(4711);
219 gnutls_certificate_allocate_credentials(&x509_cred);
221 /* Initialize TLS session
223 gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
224 gnutls_dtls_set_mtu(session, 1500);
225 gnutls_dtls_set_timeouts(session, 6 * 1000, 60 * 1000);
226 //gnutls_transport_set_push_function(session, push);
228 /* Use default priorities */
229 gnutls_priority_set_direct(session,
230 "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",
233 /* put the anonymous credentials to the current session
235 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
237 gnutls_transport_set_int(session, fd);
239 /* Perform the TLS handshake
242 ret = gnutls_handshake(session);
244 while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
247 fail("client: Handshake failed\n");
252 success("client: Handshake was completed\n");
256 do_fork_stuff(session);
258 do_reflect_stuff(session);
262 gnutls_deinit(session);
264 gnutls_certificate_free_credentials(x509_cred);
266 gnutls_global_deinit();
271 static void server(int fd, unsigned do_fork)
274 gnutls_certificate_credentials_t x509_cred;
275 gnutls_session_t session;
277 /* this must be called once in the program
284 gnutls_global_set_log_function(tls_log_func);
285 gnutls_global_set_log_level(4711);
289 gnutls_certificate_allocate_credentials(&x509_cred);
290 gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
292 GNUTLS_X509_FMT_PEM);
294 gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
295 gnutls_dtls_set_timeouts(session, 5 * 1000, 60 * 1000);
296 gnutls_dtls_set_mtu(session, 400);
298 /* avoid calling all the priority functions, since the defaults
301 gnutls_priority_set_direct(session,
302 "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",
305 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
307 gnutls_transport_set_int(session, fd);
310 ret = gnutls_handshake(session);
311 } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
314 gnutls_deinit(session);
315 fail("server: Handshake has failed (%s)\n\n",
316 gnutls_strerror(ret));
320 success("server: Handshake was completed\n");
323 success("server: TLS version is: %s\n",
324 gnutls_protocol_get_name
325 (gnutls_protocol_get_version(session)));
328 do_fork_stuff(session);
330 do_reflect_stuff(session);
334 gnutls_deinit(session);
336 gnutls_certificate_free_credentials(x509_cred);
338 gnutls_global_deinit();
341 success("server: finished\n");
345 void run(unsigned do_fork)
350 ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
352 perror("socketpair");
368 client(fd[0], do_fork);
370 if (WEXITSTATUS(status) != 0)
371 fail("Child died with status %d\n",
372 WEXITSTATUS(status));
375 server(fd[1], 1-do_fork);
382 signal(SIGPIPE, SIG_IGN);