tests/mini-dtls-lowmtu.c

   1 /*
   2  * Copyright (C) 2014 Red Hat
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * GnuTLS is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * GnuTLS is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with GnuTLS; if not, write to the Free Software Foundation,
  20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  21  */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29
  30 /* This tests the behavior of server in a low-mtu case scenario */
  31
  32 #if defined(_WIN32)
  33
  34 int main()
  35 {
  36         exit(77);
  37 }
  38
  39 #else
  40
  41 #include <string.h>
  42 #include <sys/types.h>
  43 #include <netinet/in.h>
  44 #include <sys/socket.h>
  45 #include <sys/wait.h>
  46 #include <arpa/inet.h>
  47 #include <unistd.h>
  48 #include <gnutls/gnutls.h>
  49 #include <gnutls/dtls.h>
  50 #include <signal.h>
  51
  52 #include "utils.h"
  53
  54 static void terminate(void);
  55
  56 /* This program tests the robustness of record
  57  * decoding.
  58  */
  59
  60 static void server_log_func(int level, const char *str)
  61 {
  62         fprintf(stderr, "server|<%d>| %s", level, str);
  63 }
  64
  65 static void client_log_func(int level, const char *str)
  66 {
  67         fprintf(stderr, "client|<%d>| %s", level, str);
  68 }
  69
  70 static unsigned char server_cert_pem[] =
  71   "-----BEGIN CERTIFICATE-----\n"
  72   "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n"
  73   "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n"
  74   "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n"
  75   "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n"
  76   "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n"
  77   "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n"
  78   "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n"
  79   "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n"
  80   "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n"
  81   "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n"
  82   "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n"
  83   "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n"
  84   "-----END CERTIFICATE-----\n";
  85
  86 const gnutls_datum_t server_cert = { server_cert_pem,
  87         sizeof(server_cert_pem)
  88 };
  89
  90 static unsigned char server_key_pem[] =
  91   "-----BEGIN EC PRIVATE KEY-----\n"
  92   "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n"
  93   "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n"
  94   "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n"
  95   "-----END EC PRIVATE KEY-----\n";
  96
  97 const gnutls_datum_t server_key = { server_key_pem,
  98         sizeof(server_key_pem)
  99 };
 100
 101
 102 /* A very basic TLS client, with anonymous authentication.
 103  */
 104
 105 #define MAX_BUF 1024
 106
 107 static int mtu = 0;
 108
 109 static void client(int fd, const char *prio)
 110 {
 111         int ret;
 112         char buffer[MAX_BUF + 1];
 113         gnutls_anon_client_credentials_t anoncred;
 114         gnutls_certificate_credentials_t x509_cred;
 115         gnutls_session_t session;
 116         /* Need to enable anonymous KX specifically. */
 117
 118         global_init();
 119
 120         if (debug) {
 121                 gnutls_global_set_log_function(client_log_func);
 122                 gnutls_global_set_log_level(6);
 123         }
 124
 125         gnutls_anon_allocate_client_credentials(&anoncred);
 126         gnutls_certificate_allocate_credentials(&x509_cred);
 127
 128         /* Initialize TLS session
 129          */
 130         gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
 131 //      gnutls_dtls_set_mtu(session, 104);
 132
 133         /* Use default priorities */
 134         gnutls_priority_set_direct(session, prio, NULL);
 135
 136         /* put the anonymous credentials to the current session
 137          */
 138         gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
 139         gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
 140
 141         gnutls_transport_set_int(session, fd);
 142
 143         /* Perform the TLS handshake
 144          */
 145         do {
 146                 ret = gnutls_handshake(session);
 147         }
 148         while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 149
 150         if (ret < 0) {
 151                 fail("client: Handshake failed: %s (%d)\n", gnutls_strerror(ret), ret);
 152                 exit(1);
 153         } else {
 154                 if (debug)
 155                         success("client: Handshake was completed\n");
 156         }
 157
 158         if (debug)
 159                 success("client: TLS version is: %s\n",
 160                         gnutls_protocol_get_name
 161                         (gnutls_protocol_get_version(session)));
 162
 163         do {
 164                 do {
 165                         ret = gnutls_record_recv(session, buffer, MAX_BUF);
 166                 } while (ret == GNUTLS_E_AGAIN
 167                          || ret == GNUTLS_E_INTERRUPTED);
 168         } while (ret > 0);
 169
 170         if (ret == 0) {
 171                 if (debug)
 172                         success
 173                             ("client: Peer has closed the TLS connection\n");
 174                 goto end;
 175         } else if (ret < 0) {
 176                 if (ret != 0) {
 177                         fail("client: Error: %s\n", gnutls_strerror(ret));
 178                         exit(1);
 179                 }
 180         }
 181
 182         gnutls_bye(session, GNUTLS_SHUT_WR);
 183
 184       end:
 185
 186         close(fd);
 187
 188         gnutls_deinit(session);
 189
 190         gnutls_anon_free_client_credentials(anoncred);
 191         gnutls_certificate_free_credentials(x509_cred);
 192
 193         gnutls_global_deinit();
 194 }
 195
 196
 197 /* These are global */
 198 pid_t child;
 199
 200 static void terminate(void)
 201 {
 202         kill(child, SIGTERM);
 203         exit(1);
 204 }
 205
 206 static void server(int fd, const char *prio)
 207 {
 208         int ret;
 209         char buffer[MAX_BUF + 1];
 210         gnutls_session_t session;
 211         gnutls_anon_server_credentials_t anoncred;
 212         gnutls_certificate_credentials_t x509_cred;
 213
 214         /* this must be called once in the program
 215          */
 216         global_init();
 217         memset(buffer, 0, sizeof(buffer));
 218
 219         if (debug) {
 220                 gnutls_global_set_log_function(server_log_func);
 221                 gnutls_global_set_log_level(6);
 222         }
 223
 224         gnutls_certificate_allocate_credentials(&x509_cred);
 225         gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
 226                                             &server_key,
 227                                             GNUTLS_X509_FMT_PEM);
 228
 229         gnutls_anon_allocate_server_credentials(&anoncred);
 230
 231         gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
 232         gnutls_dtls_set_mtu(session, 104);
 233
 234         /* avoid calling all the priority functions, since the defaults
 235          * are adequate.
 236          */
 237         gnutls_priority_set_direct(session, prio, NULL);
 238
 239         gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
 240         gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
 241
 242         gnutls_transport_set_int(session, fd);
 243
 244         do {
 245                 ret = gnutls_handshake(session);
 246         }
 247         while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 248         if (ret < 0) {
 249                 close(fd);
 250                 gnutls_deinit(session);
 251                 fail("server: Handshake has failed (%s)\n\n",
 252                      gnutls_strerror(ret));
 253                 terminate();
 254         }
 255         if (debug)
 256                 success("server: Handshake was completed\n");
 257
 258         if (debug)
 259                 success("server: TLS version is: %s\n",
 260                         gnutls_protocol_get_name
 261                         (gnutls_protocol_get_version(session)));
 262         mtu = gnutls_dtls_get_mtu(session);
 263
 264         do {
 265                 ret =
 266                     gnutls_record_send(session, buffer,
 267                                        gnutls_dtls_get_data_mtu(session));
 268         } while (ret == GNUTLS_E_AGAIN
 269                  || ret == GNUTLS_E_INTERRUPTED);
 270         if (ret < 0) {
 271                 fail("Error sending packet: %s\n",
 272                      gnutls_strerror(ret));
 273                 terminate();
 274         }
 275
 276         /* do not wait for the peer to close the connection.
 277          */
 278         gnutls_bye(session, GNUTLS_SHUT_WR);
 279
 280         close(fd);
 281         gnutls_deinit(session);
 282
 283         gnutls_anon_free_server_credentials(anoncred);
 284         gnutls_certificate_free_credentials(x509_cred);
 285
 286         gnutls_global_deinit();
 287
 288         if (debug)
 289                 success("server: finished\n");
 290 }
 291
 292 static void start(const char *prio)
 293 {
 294         int fd[2];
 295         int ret;
 296
 297         ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 298         if (ret < 0) {
 299                 perror("socketpair");
 300                 exit(1);
 301         }
 302
 303         child = fork();
 304         if (child < 0) {
 305                 perror("fork");
 306                 fail("fork");
 307                 exit(1);
 308         }
 309
 310         if (child) {
 311                 /* parent */
 312                 close(fd[1]);
 313                 server(fd[0], prio);
 314                 kill(child, SIGTERM);
 315         } else {
 316                 close(fd[0]);
 317                 client(fd[1], prio);
 318                 exit(0);
 319         }
 320 }
 321
 322 #define AES_GCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+ECDHE-ECDSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 323
 324 static void ch_handler(int sig)
 325 {
 326         int status;
 327         wait(&status);
 328         if (WEXITSTATUS(status) != 0 ||
 329             (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
 330                 if (WIFSIGNALED(status))
 331                         fail("Child died with sigsegv\n");
 332                 else
 333                         fail("Child died with status %d\n",
 334                              WEXITSTATUS(status));
 335                 terminate();
 336         }
 337         return;
 338 }
 339
 340 void doit(void)
 341 {
 342         signal(SIGCHLD, ch_handler);
 343
 344         start(AES_GCM);
 345 }
 346
 347 #endif                          /* _WIN32 */