2 * Copyright (C) 2015 Red Hat, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with GnuTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
32 #include <gnutls/gnutls.h>
33 #include <gnutls/dtls.h>
37 # include <netinet/in.h>
38 # include <sys/types.h>
39 # include <sys/socket.h>
40 # include <sys/wait.h>
54 /* These are global */
57 static void terminate(void)
66 /* Tests whether we can send and receive from different threads
67 * using DTLS, either as server or client. DTLS is a superset of
68 * TLS, so correct behavior under fork means TLS would operate too.
71 const char *side = "";
73 static void tls_log_func(int level, const char *str)
75 fprintf(stderr, "%s|<%d>| %s", side, level, str);
78 static unsigned char server_cert_pem[] =
79 "-----BEGIN CERTIFICATE-----\n"
80 "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n"
81 "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n"
82 "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n"
83 "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n"
84 "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n"
85 "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n"
86 "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n"
87 "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n"
88 "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n"
89 "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n"
90 "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n"
91 "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n"
92 "-----END CERTIFICATE-----\n";
94 const gnutls_datum_t server_cert = { server_cert_pem,
95 sizeof(server_cert_pem)
98 static unsigned char server_key_pem[] =
99 "-----BEGIN EC PRIVATE KEY-----\n"
100 "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n"
101 "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n"
102 "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n"
103 "-----END EC PRIVATE KEY-----\n";
105 const gnutls_datum_t server_key = { server_key_pem,
106 sizeof(server_key_pem)
109 #define MSG "hello1111"
110 #define MSG2 "xxxxxxxxxxxx"
112 static void *start_thread(void *arg)
114 gnutls_session_t session = arg;
119 success("client: TLS version is: %s\n",
120 gnutls_protocol_get_name
121 (gnutls_protocol_get_version(session)));
123 /* the server should reflect our messages */
124 ret = gnutls_record_recv(session, buf, sizeof(buf));
125 if (ret != sizeof(MSG)-1 || memcmp(buf, MSG, sizeof(MSG)-1) != 0) {
126 fail("client: recv failed: %s\n", gnutls_strerror(ret));
131 fprintf(stderr, "client received: %.*s\n", ret, buf);
134 ret = gnutls_record_recv(session, buf, sizeof(buf));
135 if (ret != sizeof(MSG2)-1 || memcmp(buf, MSG2, sizeof(MSG2)-1) != 0) {
136 fail("client: recv2 failed: %s\n", gnutls_strerror(ret));
141 fprintf(stderr, "client received: %.*s\n", ret, buf);
144 ret = gnutls_record_recv(session, buf, sizeof(buf));
146 fail("client: recv3 failed: %s\n", gnutls_strerror(ret));
154 void do_thread_stuff(gnutls_session_t session)
159 /* separate sending from receiving */
160 ret = pthread_create(&id, NULL, start_thread, session);
165 ret = gnutls_record_send(session, MSG, sizeof(MSG)-1);
166 if (ret != sizeof(MSG)-1) {
167 fail("client: send failed: %s\n", gnutls_strerror(ret));
171 ret = gnutls_record_send(session, MSG2, sizeof(MSG2)-1);
172 if (ret != sizeof(MSG2)-1) {
173 fail("client: send2 failed: %s\n", gnutls_strerror(ret));
177 gnutls_bye(session, GNUTLS_SHUT_WR);
180 static void do_reflect_stuff(gnutls_session_t session)
187 ret = gnutls_record_recv(session, buf, sizeof(buf));
189 fail("server: recv failed: %s\n", gnutls_strerror(ret));
198 fprintf(stderr, "server received: %.*s\n", buf_size, buf);
201 ret = gnutls_record_send(session, buf, buf_size);
203 fail("server: send failed: %s\n", gnutls_strerror(ret));
208 /* do not wait for the peer to close the connection.
210 gnutls_bye(session, GNUTLS_SHUT_WR);
213 static void client(int fd, unsigned do_thread)
216 gnutls_certificate_credentials_t x509_cred;
217 gnutls_session_t session;
218 /* Need to enable anonymous KX specifically. */
224 gnutls_global_set_log_function(tls_log_func);
225 gnutls_global_set_log_level(4711);
228 gnutls_certificate_allocate_credentials(&x509_cred);
230 /* Initialize TLS session
232 gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
233 gnutls_dtls_set_mtu(session, 1500);
234 gnutls_dtls_set_timeouts(session, 6 * 1000, 60 * 1000);
235 //gnutls_transport_set_push_function(session, push);
237 /* Use default priorities */
238 gnutls_priority_set_direct(session,
239 "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",
242 /* put the anonymous credentials to the current session
244 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
246 gnutls_transport_set_int(session, fd);
248 /* Perform the TLS handshake
251 ret = gnutls_handshake(session);
253 while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
256 fail("client: Handshake failed\n");
261 success("client: Handshake was completed\n");
265 do_thread_stuff(session);
267 do_reflect_stuff(session);
271 gnutls_deinit(session);
273 gnutls_certificate_free_credentials(x509_cred);
275 gnutls_global_deinit();
280 static void server(int fd, unsigned do_thread)
283 gnutls_certificate_credentials_t x509_cred;
284 gnutls_session_t session;
286 /* this must be called once in the program
293 gnutls_global_set_log_function(tls_log_func);
294 gnutls_global_set_log_level(4711);
298 gnutls_certificate_allocate_credentials(&x509_cred);
299 gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
301 GNUTLS_X509_FMT_PEM);
303 gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
304 gnutls_dtls_set_timeouts(session, 5 * 1000, 60 * 1000);
305 gnutls_dtls_set_mtu(session, 400);
307 /* avoid calling all the priority functions, since the defaults
310 gnutls_priority_set_direct(session,
311 "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL",
314 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
316 gnutls_transport_set_int(session, fd);
319 ret = gnutls_handshake(session);
320 } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
323 gnutls_deinit(session);
324 fail("server: Handshake has failed (%s)\n\n",
325 gnutls_strerror(ret));
329 success("server: Handshake was completed\n");
332 success("server: TLS version is: %s\n",
333 gnutls_protocol_get_name
334 (gnutls_protocol_get_version(session)));
337 do_thread_stuff(session);
339 do_reflect_stuff(session);
343 gnutls_deinit(session);
345 gnutls_certificate_free_credentials(x509_cred);
347 gnutls_global_deinit();
350 success("server: finished\n");
354 void run(unsigned do_thread)
359 ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
361 perror("socketpair");
377 client(fd[0], do_thread);
379 if (WEXITSTATUS(status) != 0)
380 fail("Child died with status %d\n",
381 WEXITSTATUS(status));
384 server(fd[1], 1-do_thread);
391 signal(SIGPIPE, SIG_IGN);