tests/mini-dtls-pthread.c

   1 /*
   2  * Copyright (C) 2015 Red Hat, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * GnuTLS is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * GnuTLS is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with GnuTLS; if not, write to the Free Software Foundation,
  20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  21  */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29 #include <stdint.h>
  30 #include <string.h>
  31 #include <errno.h>
  32 #include <gnutls/gnutls.h>
  33 #include <gnutls/dtls.h>
  34 #include <signal.h>
  35 #include <unistd.h>
  36 #ifndef _WIN32
  37 # include <netinet/in.h>
  38 # include <sys/types.h>
  39 # include <sys/socket.h>
  40 # include <sys/wait.h>
  41 # include <pthread.h>
  42 #endif
  43 #include "utils.h"
  44
  45 #ifdef _WIN32
  46
  47 void doit(void)
  48 {
  49         exit(77);
  50 }
  51
  52 #else
  53
  54 /* These are global */
  55 pid_t child;
  56
  57 static void terminate(void)
  58 {
  59         int status;
  60
  61         kill(child, SIGTERM);
  62         wait(&status);
  63         exit(1);
  64 }
  65
  66 /* Tests whether we can send and receive from different threads
  67  * using DTLS, either as server or client. DTLS is a superset of
  68  * TLS, so correct behavior under fork means TLS would operate too.
  69  */
  70
  71 const char *side = "";
  72
  73 static void tls_log_func(int level, const char *str)
  74 {
  75         fprintf(stderr, "%s|<%d>| %s", side, level, str);
  76 }
  77
  78 static unsigned char server_cert_pem[] =
  79   "-----BEGIN CERTIFICATE-----\n"
  80   "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n"
  81   "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n"
  82   "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n"
  83   "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n"
  84   "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n"
  85   "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n"
  86   "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n"
  87   "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n"
  88   "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n"
  89   "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n"
  90   "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n"
  91   "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n"
  92   "-----END CERTIFICATE-----\n";
  93
  94 const gnutls_datum_t server_cert = { server_cert_pem,
  95         sizeof(server_cert_pem)
  96 };
  97
  98 static unsigned char server_key_pem[] =
  99   "-----BEGIN EC PRIVATE KEY-----\n"
 100   "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n"
 101   "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n"
 102   "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n"
 103   "-----END EC PRIVATE KEY-----\n";
 104
 105 const gnutls_datum_t server_key = { server_key_pem,
 106         sizeof(server_key_pem)
 107 };
 108
 109 #define MSG "hello1111"
 110 #define MSG2 "xxxxxxxxxxxx"
 111
 112 static void *start_thread(void *arg)
 113 {
 114         gnutls_session_t session = arg;
 115         int ret;
 116         char buf[64];
 117
 118         if (debug)
 119                 success("client: TLS version is: %s\n",
 120                         gnutls_protocol_get_name
 121                         (gnutls_protocol_get_version(session)));
 122         sec_sleep(1);
 123         /* the server should reflect our messages */
 124         ret = gnutls_record_recv(session, buf, sizeof(buf));
 125         if (ret != sizeof(MSG)-1 || memcmp(buf, MSG, sizeof(MSG)-1) != 0) {
 126                 fail("client: recv failed: %s\n", gnutls_strerror(ret));
 127                 exit(1);
 128         }
 129
 130         if (debug) {
 131                 fprintf(stderr, "client received: %.*s\n", ret, buf);
 132         }
 133
 134         ret = gnutls_record_recv(session, buf, sizeof(buf));
 135         if (ret != sizeof(MSG2)-1 || memcmp(buf, MSG2, sizeof(MSG2)-1) != 0) {
 136                 fail("client: recv2 failed: %s\n", gnutls_strerror(ret));
 137                 exit(1);
 138         }
 139
 140         if (debug) {
 141                 fprintf(stderr, "client received: %.*s\n", ret, buf);
 142         }
 143
 144         ret = gnutls_record_recv(session, buf, sizeof(buf));
 145         if (ret != 0) {
 146                 fail("client: recv3 failed: %s\n", gnutls_strerror(ret));
 147                 exit(1);
 148         }
 149
 150         pthread_exit(0);
 151 }
 152
 153 static
 154 void do_thread_stuff(gnutls_session_t session)
 155 {
 156         int ret;
 157         pthread_t id;
 158
 159         /* separate sending from receiving */
 160         ret = pthread_create(&id, NULL, start_thread, session);
 161         if (ret != 0) {
 162                 exit(1);
 163         }
 164
 165         ret = gnutls_record_send(session, MSG, sizeof(MSG)-1);
 166         if (ret != sizeof(MSG)-1) {
 167                 fail("client: send failed: %s\n", gnutls_strerror(ret));
 168                 exit(1);
 169         }
 170
 171         ret = gnutls_record_send(session, MSG2, sizeof(MSG2)-1);
 172         if (ret != sizeof(MSG2)-1) {
 173                 fail("client: send2 failed: %s\n", gnutls_strerror(ret));
 174                 exit(1);
 175         }
 176         sec_sleep(2);
 177         gnutls_bye(session, GNUTLS_SHUT_WR);
 178 }
 179
 180 static void do_reflect_stuff(gnutls_session_t session)
 181 {
 182         char buf[64];
 183         unsigned buf_size;
 184         int ret;
 185
 186         do {
 187                 ret = gnutls_record_recv(session, buf, sizeof(buf));
 188                 if (ret < 0) {
 189                         fail("server: recv failed: %s\n", gnutls_strerror(ret));
 190                         terminate();
 191                 }
 192
 193                 if (ret == 0)
 194                         break;
 195
 196                 buf_size = ret;
 197                 if (debug) {
 198                         fprintf(stderr, "server received: %.*s\n", buf_size, buf);
 199                 }
 200
 201                 ret = gnutls_record_send(session, buf, buf_size);
 202                 if (ret < 0) {
 203                         fail("server: send failed: %s\n", gnutls_strerror(ret));
 204                         terminate();
 205                 }
 206         } while(1);
 207
 208         /* do not wait for the peer to close the connection.
 209          */
 210         gnutls_bye(session, GNUTLS_SHUT_WR);
 211 }
 212
 213 static void client(int fd, unsigned do_thread)
 214 {
 215         int ret;
 216         gnutls_certificate_credentials_t x509_cred;
 217         gnutls_session_t session;
 218         /* Need to enable anonymous KX specifically. */
 219
 220         global_init();
 221
 222         if (debug) {
 223                 side = "client";
 224                 gnutls_global_set_log_function(tls_log_func);
 225                 gnutls_global_set_log_level(4711);
 226         }
 227
 228         gnutls_certificate_allocate_credentials(&x509_cred);
 229
 230         /* Initialize TLS session
 231          */
 232         gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
 233         gnutls_dtls_set_mtu(session, 1500);
 234         gnutls_dtls_set_timeouts(session, 6 * 1000, 60 * 1000);
 235         //gnutls_transport_set_push_function(session, push);
 236
 237         /* Use default priorities */
 238         gnutls_priority_set_direct(session,
 239                                    "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",
 240                                    NULL);
 241
 242         /* put the anonymous credentials to the current session
 243          */
 244         gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
 245
 246         gnutls_transport_set_int(session, fd);
 247
 248         /* Perform the TLS handshake
 249          */
 250         do {
 251                 ret = gnutls_handshake(session);
 252         }
 253         while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 254
 255         if (ret < 0) {
 256                 fail("client: Handshake failed\n");
 257                 gnutls_perror(ret);
 258                 exit(1);
 259         } else {
 260                 if (debug)
 261                         success("client: Handshake was completed\n");
 262         }
 263
 264         if (do_thread)
 265                 do_thread_stuff(session);
 266         else
 267                 do_reflect_stuff(session);
 268
 269         close(fd);
 270
 271         gnutls_deinit(session);
 272
 273         gnutls_certificate_free_credentials(x509_cred);
 274
 275         gnutls_global_deinit();
 276         exit(0);
 277 }
 278
 279
 280 static void server(int fd, unsigned do_thread)
 281 {
 282         int ret;
 283         gnutls_certificate_credentials_t x509_cred;
 284         gnutls_session_t session;
 285
 286         /* this must be called once in the program
 287          */
 288         global_init();
 289
 290 #if 0
 291         if (debug) {
 292                 side = "server";
 293                 gnutls_global_set_log_function(tls_log_func);
 294                 gnutls_global_set_log_level(4711);
 295         }
 296 #endif
 297
 298         gnutls_certificate_allocate_credentials(&x509_cred);
 299         gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
 300                                             &server_key,
 301                                             GNUTLS_X509_FMT_PEM);
 302
 303         gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
 304         gnutls_dtls_set_timeouts(session, 5 * 1000, 60 * 1000);
 305         gnutls_dtls_set_mtu(session, 400);
 306
 307         /* avoid calling all the priority functions, since the defaults
 308          * are adequate.
 309          */
 310         gnutls_priority_set_direct(session,
 311                                    "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",
 312                                    NULL);
 313
 314         gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
 315
 316         gnutls_transport_set_int(session, fd);
 317
 318         do {
 319                 ret = gnutls_handshake(session);
 320         } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 321         if (ret < 0) {
 322                 close(fd);
 323                 gnutls_deinit(session);
 324                 fail("server: Handshake has failed (%s)\n\n",
 325                      gnutls_strerror(ret));
 326                 terminate();
 327         }
 328         if (debug)
 329                 success("server: Handshake was completed\n");
 330
 331         if (debug)
 332                 success("server: TLS version is: %s\n",
 333                         gnutls_protocol_get_name
 334                         (gnutls_protocol_get_version(session)));
 335
 336         if (do_thread)
 337                 do_thread_stuff(session);
 338         else
 339                 do_reflect_stuff(session);
 340
 341
 342         close(fd);
 343         gnutls_deinit(session);
 344
 345         gnutls_certificate_free_credentials(x509_cred);
 346
 347         gnutls_global_deinit();
 348
 349         if (debug)
 350                 success("server: finished\n");
 351 }
 352
 353 static
 354 void run(unsigned do_thread)
 355 {
 356         int fd[2];
 357         int ret;
 358
 359         ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 360         if (ret < 0) {
 361                 perror("socketpair");
 362                 exit(1);
 363         }
 364
 365         child = fork();
 366         if (child < 0) {
 367                 perror("fork");
 368                 fail("fork");
 369                 exit(1);
 370         }
 371
 372         if (child) {
 373                 int status;
 374                 /* parent */
 375
 376                 close(fd[1]);
 377                 client(fd[0], do_thread);
 378                 wait(&status);
 379                 if (WEXITSTATUS(status) != 0)
 380                         fail("Child died with status %d\n",
 381                              WEXITSTATUS(status));
 382         } else {
 383                 close(fd[0]);
 384                 server(fd[1], 1-do_thread);
 385                 exit(0);
 386         }
 387 }
 388
 389 void doit(void)
 390 {
 391         signal(SIGPIPE, SIG_IGN);
 392         run(0);
 393         run(1);
 394 }
 395 #endif                          /* _WIN32 */