tests/mini-dtls-srtp.c

   1 /*
   2  * Copyright (C) 2012 Free Software Foundation, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * GnuTLS is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * GnuTLS is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with GnuTLS; if not, write to the Free Software Foundation,
  20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  21  */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29
  30 #if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
  31
  32 int main(int argc, char **argv)
  33 {
  34         exit(77);
  35 }
  36
  37 #else
  38
  39 #include <string.h>
  40 #include <sys/types.h>
  41 #include <netinet/in.h>
  42 #include <sys/socket.h>
  43 #include <sys/wait.h>
  44 #include <arpa/inet.h>
  45 #include <unistd.h>
  46 #include <gnutls/gnutls.h>
  47 #include <gnutls/dtls.h>
  48
  49 #include "utils.h"
  50
  51 static void terminate(void);
  52
  53 /* This program tests the rehandshake in DTLS
  54  */
  55
  56 static void server_log_func(int level, const char *str)
  57 {
  58         fprintf(stderr, "server|<%d>| %s", level, str);
  59 }
  60
  61 static void client_log_func(int level, const char *str)
  62 {
  63         fprintf(stderr, "client|<%d>| %s", level, str);
  64 }
  65
  66 /* These are global */
  67 static pid_t child;
  68
  69 #define MAX_KEY_MATERIAL 64*4
  70 /* A very basic DTLS client, with anonymous authentication, that negotiates SRTP
  71  */
  72
  73 static void client(int fd, int profile)
  74 {
  75         gnutls_session_t session;
  76         int ret;
  77         gnutls_anon_client_credentials_t anoncred;
  78         uint8_t km[MAX_KEY_MATERIAL];
  79         char buf[2 * MAX_KEY_MATERIAL];
  80         gnutls_datum_t cli_key, cli_salt, server_key, server_salt;
  81         /* Need to enable anonymous KX specifically. */
  82
  83         global_init();
  84
  85         if (debug) {
  86                 gnutls_global_set_log_function(client_log_func);
  87                 gnutls_global_set_log_level(4711);
  88         }
  89
  90         gnutls_anon_allocate_client_credentials(&anoncred);
  91
  92         /* Initialize TLS session
  93          */
  94         gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
  95         gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
  96         gnutls_dtls_set_mtu(session, 1500);
  97
  98         /* Use default priorities */
  99         gnutls_priority_set_direct(session,
 100                                    "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
 101                                    NULL);
 102         if (profile)
 103                 ret =
 104                     gnutls_srtp_set_profile_direct(session,
 105                                                    "SRTP_AES128_CM_HMAC_SHA1_80",
 106                                                    NULL);
 107         else
 108                 ret =
 109                     gnutls_srtp_set_profile_direct(session,
 110                                                    "SRTP_NULL_HMAC_SHA1_80",
 111                                                    NULL);
 112         if (ret < 0) {
 113                 gnutls_perror(ret);
 114                 exit(1);
 115         }
 116
 117
 118         /* put the anonymous credentials to the current session
 119          */
 120         gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
 121
 122         gnutls_transport_set_int(session, fd);
 123
 124         /* Perform the TLS handshake
 125          */
 126         do {
 127                 ret = gnutls_handshake(session);
 128         }
 129         while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 130
 131         if (ret < 0) {
 132                 fail("client: Handshake failed\n");
 133                 gnutls_perror(ret);
 134                 exit(1);
 135         } else {
 136                 if (debug)
 137                         success("client: Handshake was completed\n");
 138         }
 139
 140         if (debug)
 141                 success("client: DTLS version is: %s\n",
 142                         gnutls_protocol_get_name
 143                         (gnutls_protocol_get_version(session)));
 144
 145         ret =
 146             gnutls_srtp_get_keys(session, km, sizeof(km), &cli_key,
 147                                  &cli_salt, &server_key, &server_salt);
 148         if (ret < 0) {
 149                 gnutls_perror(ret);
 150                 exit(1);
 151         }
 152
 153         if (debug) {
 154                 size_t size = sizeof(buf);
 155                 gnutls_hex_encode(&cli_key, buf, &size);
 156                 success("Client key: %s\n", buf);
 157
 158                 size = sizeof(buf);
 159                 gnutls_hex_encode(&cli_salt, buf, &size);
 160                 success("Client salt: %s\n", buf);
 161
 162                 size = sizeof(buf);
 163                 gnutls_hex_encode(&server_key, buf, &size);
 164                 success("Server key: %s\n", buf);
 165
 166                 size = sizeof(buf);
 167                 gnutls_hex_encode(&server_salt, buf, &size);
 168                 success("Server salt: %s\n", buf);
 169         }
 170
 171
 172         gnutls_bye(session, GNUTLS_SHUT_WR);
 173
 174         close(fd);
 175
 176         gnutls_deinit(session);
 177
 178         gnutls_anon_free_client_credentials(anoncred);
 179
 180         gnutls_global_deinit();
 181 }
 182
 183 static void terminate(void)
 184 {
 185         int status;
 186
 187         kill(child, SIGTERM);
 188         wait(&status);
 189         exit(1);
 190 }
 191
 192 static void server(int fd, int profile)
 193 {
 194         int ret;
 195         gnutls_session_t session;
 196         gnutls_anon_server_credentials_t anoncred;
 197         uint8_t km[MAX_KEY_MATERIAL];
 198         char buf[2 * MAX_KEY_MATERIAL];
 199         gnutls_datum_t cli_key, cli_salt, server_key, server_salt;
 200
 201         /* this must be called once in the program
 202          */
 203         global_init();
 204
 205         if (debug) {
 206                 gnutls_global_set_log_function(server_log_func);
 207                 gnutls_global_set_log_level(4711);
 208         }
 209
 210         gnutls_anon_allocate_server_credentials(&anoncred);
 211
 212         gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
 213         gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
 214         gnutls_dtls_set_mtu(session, 1500);
 215
 216         /* avoid calling all the priority functions, since the defaults
 217          * are adequate.
 218          */
 219         gnutls_priority_set_direct(session,
 220                                    "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
 221                                    NULL);
 222
 223         if (profile)
 224                 ret =
 225                     gnutls_srtp_set_profile_direct(session,
 226                                                    "SRTP_AES128_CM_HMAC_SHA1_80",
 227                                                    NULL);
 228         else
 229                 ret =
 230                     gnutls_srtp_set_profile_direct(session,
 231                                                    "SRTP_NULL_HMAC_SHA1_80",
 232                                                    NULL);
 233         if (ret < 0) {
 234                 gnutls_perror(ret);
 235                 exit(1);
 236         }
 237
 238         gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
 239
 240         gnutls_transport_set_int(session, fd);
 241
 242         do {
 243                 ret = gnutls_handshake(session);
 244         }
 245         while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 246         if (ret < 0) {
 247                 close(fd);
 248                 gnutls_deinit(session);
 249                 fail("server: Handshake has failed (%s)\n\n",
 250                      gnutls_strerror(ret));
 251                 terminate();
 252         }
 253         if (debug)
 254                 success("server: Handshake was completed\n");
 255
 256         if (debug)
 257                 success("server: TLS version is: %s\n",
 258                         gnutls_protocol_get_name
 259                         (gnutls_protocol_get_version(session)));
 260
 261         ret =
 262             gnutls_srtp_get_keys(session, km, sizeof(km), &cli_key,
 263                                  &cli_salt, &server_key, &server_salt);
 264         if (ret < 0) {
 265                 gnutls_perror(ret);
 266                 exit(1);
 267         }
 268
 269         if (debug) {
 270                 size_t size = sizeof(buf);
 271                 gnutls_hex_encode(&cli_key, buf, &size);
 272                 success("Client key: %s\n", buf);
 273
 274                 size = sizeof(buf);
 275                 gnutls_hex_encode(&cli_salt, buf, &size);
 276                 success("Client salt: %s\n", buf);
 277
 278                 size = sizeof(buf);
 279                 gnutls_hex_encode(&server_key, buf, &size);
 280                 success("Server key: %s\n", buf);
 281
 282                 size = sizeof(buf);
 283                 gnutls_hex_encode(&server_salt, buf, &size);
 284                 success("Server salt: %s\n", buf);
 285         }
 286
 287         /* do not wait for the peer to close the connection.
 288          */
 289         gnutls_bye(session, GNUTLS_SHUT_WR);
 290
 291         close(fd);
 292         gnutls_deinit(session);
 293
 294         gnutls_anon_free_server_credentials(anoncred);
 295
 296         gnutls_global_deinit();
 297
 298         if (debug)
 299                 success("server: finished\n");
 300 }
 301
 302 static void start(int profile)
 303 {
 304         int fd[2];
 305         int ret;
 306
 307         ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 308         if (ret < 0) {
 309                 perror("socketpair");
 310                 exit(1);
 311         }
 312
 313         child = fork();
 314         if (child < 0) {
 315                 perror("fork");
 316                 fail("fork");
 317                 exit(1);
 318         }
 319
 320         if (child) {
 321                 int status;
 322                 /* parent */
 323
 324                 server(fd[0], profile);
 325                 wait(&status);
 326                 if (WEXITSTATUS(status) != 0)
 327                         fail("Child died with status %d\n",
 328                              WEXITSTATUS(status));
 329         } else {
 330                 close(fd[0]);
 331                 client(fd[1], profile);
 332                 exit(0);
 333         }
 334 }
 335
 336 void doit(void)
 337 {
 338         start(0);
 339         start(1);
 340 }
 341
 342 #endif                          /* _WIN32 */