From d4486260ba7c9e68461d20a0e1f45f5c62a2632a Mon Sep 17 00:00:00 2001 From: Oleksii Beketov Date: Mon, 10 Oct 2016 17:15:26 +0300 Subject: [PATCH] Unit tests for SSL adapter (ca_adapter_net_ssl.c) Change-Id: Ia9bb81012159df0f1b5f87d80e821610aeaa44c1 Signed-off-by: Oleksii Beketov Reviewed-on: https://gerrit.iotivity.org/gerrit/12349 Tested-by: jenkins-iotivity Reviewed-by: Randeep Singh --- .../src/adapter_util/ca_adapter_net_ssl.c | 2 +- resource/csdk/connectivity/test/SConscript | 35 +- .../csdk/connectivity/test/ssladapter_test.cpp | 2239 ++++++++++++++++++++ 3 files changed, 2256 insertions(+), 20 deletions(-) create mode 100644 resource/csdk/connectivity/test/ssladapter_test.cpp diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c index 48dbb6d..b88e2a0 100644 --- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c +++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c @@ -313,7 +313,7 @@ static void * memmem(const void *l, size_t lLen, const void *s, size_t sLen) } if (sLen == 1) { - return memchr(l, (int)*cs, lLen); + return (void *)memchr(l, (int)*cs, lLen); } last = (char *)cl + lLen - sLen; diff --git a/resource/csdk/connectivity/test/SConscript b/resource/csdk/connectivity/test/SConscript index f274721..2289c8b 100644 --- a/resource/csdk/connectivity/test/SConscript +++ b/resource/csdk/connectivity/test/SConscript @@ -68,27 +68,24 @@ else: # Source files and Targets ###################################################################### +tests_src = [ + 'catests.cpp', + 'caprotocolmessagetest.cpp', + 'ca_api_unittest.cpp', + 'camutex_tests.cpp', + 'uarraylist_test.cpp', + 'ulinklist_test.cpp', + 'uqueue_test.cpp' +] + if (('IP' in target_transport) or ('ALL' in target_transport)): if target_os != 'arduino': - catests = catest_env.Program('catests', ['catests.cpp', - 'caprotocolmessagetest.cpp', - 'cablocktransfertest.cpp', - 'ca_api_unittest.cpp', - 'camutex_tests.cpp', - 'uarraylist_test.cpp', - 'ulinklist_test.cpp', - 'uqueue_test.cpp' - ]) -else: - # Include all unit test files - catests = catest_env.Program('catests', ['catests.cpp', - 'caprotocolmessagetest.cpp', - 'ca_api_unittest.cpp', - 'camutex_tests.cpp', - 'uarraylist_test.cpp', - 'ulinklist_test.cpp', - 'uqueue_test.cpp' - ]) + tests_src = tests_src + ['cablocktransfertest.cpp'] + +if catest_env.get('SECURED') == '1': + tests_src = tests_src + ['ssladapter_test.cpp'] + +catests = catest_env.Program('catests', tests_src) Alias("test", [catests]) diff --git a/resource/csdk/connectivity/test/ssladapter_test.cpp b/resource/csdk/connectivity/test/ssladapter_test.cpp new file mode 100644 index 0000000..970aa89 --- /dev/null +++ b/resource/csdk/connectivity/test/ssladapter_test.cpp @@ -0,0 +1,2239 @@ +//****************************************************************** +// +// Copyright 2016 Samsung Electronics All Rights Reserved. +// +//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +#include "gtest/gtest.h" +#include "time.h" + +#define CAcloseSslConnection CAcloseSslConnectionTest +#define CAdecryptSsl CAdecryptSslTest +#define CAdeinitSslAdapter CAdeinitSslAdapterTest +#define CAencryptSsl CAencryptSslTest +#define CAinitSslAdapter CAinitSslAdapterTest +#define CAinitiateSslHandshake CAinitiateSslHandshakeTest +#define CAsetCredentialTypesCallback CAsetCredentialTypesCallbackTest +#define CAsetSslAdapterCallbacks CAsetSslAdapterCallbacksTest +#define CAsetSslHandshakeCallback CAsetSslHandshakeCallbackTest +#define CAsetTlsCipherSuite CAsetTlsCipherSuiteTest +#define CAsslGenerateOwnerPsk CAsslGenerateOwnerPskTest + +#include "../src/adapter_util/ca_adapter_net_ssl.c" + +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_PTHREAD_H +#include +#endif +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#if defined(_WIN32) +#include "../../../../c_common/windows/include/pthread_create.h" +#endif +#ifdef HAVE_WINDOWS_H +#include +/** @todo stop-gap for naming issue. Windows.h does not like us to use ERROR */ +#ifdef ERROR +#undef ERROR +#endif //ERROR +#endif //HAVE_WINDOWS_H +#include "platform_features.h" +#include "logger.h" + +#define MBED_TLS_DEBUG_LEVEL (4) // Verbose + +#define SEED "PREDICTED_SEED" +#define dummyHandler 0xF123 + +#define SERVER_PORT 4433 +#define SERVER_NAME "localhost" +#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" + +/* ************************** + * + * + * Common routines + * + * + * *************************/ + +unsigned char serverCert[] = { + 0x30, 0x82, 0x02, 0x39, 0x30, 0x82, 0x01, 0xdf, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x09, 0x53, 0x6f, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61, + 0x72, 0x74, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31, + 0x14, 0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05, + 0x6f, 0x62, 0x40, 0x62, 0x62, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x35, 0x31, + 0x33, 0x31, 0x31, 0x31, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x35, 0x31, 0x32, 0x31, 0x33, + 0x31, 0x31, 0x31, 0x37, 0x5a, 0x30, 0x81, 0xd4, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x41, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x03, + 0x41, 0x73, 0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x06, 0x47, 0x6f, + 0x74, 0x68, 0x61, 0x6d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x5a, + 0x5a, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x08, 0x42, 0x65, 0x61, 0x6d, + 0x54, 0x65, 0x61, 0x6d, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x0d, 0x72, 0x61, 0x69, 0x6c, 0x40, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x29, 0x75, 0x75, 0x69, + 0x64, 0x3a, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x2d, + 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x2d, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, + 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x31, 0x34, 0x30, 0x32, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x0c, + 0x2b, 0x75, 0x73, 0x65, 0x72, 0x69, 0x64, 0x3a, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, + 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d, 0x36, 0x37, 0x36, 0x37, 0x2d, + 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x36, 0x37, 0x30, 0x59, 0x30, 0x13, + 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xf7, 0x13, 0x5c, 0x73, 0x72, 0xce, 0x10, 0xe5, 0x09, + 0x97, 0x9a, 0xf8, 0xf2, 0x70, 0xa6, 0x3d, 0x89, 0xf5, 0xc5, 0xe4, 0x44, 0xe2, 0x4a, 0xb6, 0x61, + 0xa8, 0x12, 0x8d, 0xb4, 0xdc, 0x2b, 0x47, 0x84, 0x60, 0x0c, 0x25, 0x66, 0xe9, 0xe0, 0xe5, 0xac, + 0x22, 0xbf, 0x15, 0xdc, 0x71, 0xb1, 0x88, 0x4f, 0x16, 0xbf, 0xc2, 0x77, 0x37, 0x76, 0x3f, 0xe0, + 0x67, 0xc6, 0x1d, 0x23, 0xfe, 0x7c, 0x8b, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x47, 0xcc, 0x41, 0x8a, 0x27, 0xc7, + 0xd0, 0xaa, 0xb4, 0xab, 0x85, 0xbf, 0x09, 0x4d, 0x06, 0xd7, 0x7e, 0x0d, 0x39, 0xf9, 0x36, 0xa1, + 0x3d, 0x96, 0x23, 0xe2, 0x24, 0x64, 0x98, 0x63, 0x21, 0xba, 0x02, 0x21, 0x00, 0xe5, 0x8f, 0x7f, + 0xf1, 0xa6, 0x82, 0x03, 0x6a, 0x18, 0x7a, 0x54, 0xe7, 0x0e, 0x25, 0x77, 0xd8, 0x46, 0xfa, 0x96, + 0x8a, 0x7e, 0x14, 0xc4, 0xcb, 0x21, 0x32, 0x3e, 0x89, 0xd9, 0xba, 0x8c, 0x3f +}; +int serverCertLen = sizeof(serverCert); + +unsigned char serverPrivateKey[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x02, 0x51, 0xb5, 0x97, 0xb9, 0xe9, 0xd8, 0x8d, 0x66, + 0x2b, 0x8a, 0xb3, 0x9c, 0x6a, 0xd2, 0xca, 0x18, 0x21, 0xb9, 0x87, 0x3d, 0xf5, 0x8e, 0xa2, 0x8d, + 0x38, 0xf6, 0xb7, 0xd2, 0x76, 0x74, 0x99, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xf7, 0x13, 0x5c, 0x73, 0x72, 0xce, 0x10, + 0xe5, 0x09, 0x97, 0x9a, 0xf8, 0xf2, 0x70, 0xa6, 0x3d, 0x89, 0xf5, 0xc5, 0xe4, 0x44, 0xe2, 0x4a, + 0xb6, 0x61, 0xa8, 0x12, 0x8d, 0xb4, 0xdc, 0x2b, 0x47, 0x84, 0x60, 0x0c, 0x25, 0x66, 0xe9, 0xe0, + 0xe5, 0xac, 0x22, 0xbf, 0x15, 0xdc, 0x71, 0xb1, 0x88, 0x4f, 0x16, 0xbf, 0xc2, 0x77, 0x37, 0x76, + 0x3f, 0xe0, 0x67, 0xc6, 0x1d, 0x23, 0xfe, 0x7c, 0x8b +}; + +int serverPrivateKeyLen = sizeof(serverPrivateKey); + +unsigned char caCert[] = { + 0x30, 0x82, 0x02, 0x3e, 0x30, 0x82, 0x01, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0x87, 0xa7, 0x68, 0x01, 0x7c, 0xe9, 0xf8, 0xf0, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x53, 0x6f, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x08, 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0d, 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61, 0x72, 0x74, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05, 0x6f, 0x62, 0x40, + 0x62, 0x62, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x37, 0x32, 0x35, 0x31, 0x31, 0x31, 0x36, + 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x35, 0x31, 0x35, 0x31, 0x31, 0x31, 0x36, 0x31, + 0x31, 0x5a, 0x30, 0x7c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x53, 0x6f, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, + 0x53, 0x6f, 0x6d, 0x65, 0x63, 0x69, 0x74, 0x79, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x0c, 0x02, 0x42, 0x42, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0d, + 0x53, 0x65, 0x71, 0x75, 0x72, 0x69, 0x74, 0x79, 0x20, 0x50, 0x61, 0x72, 0x74, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x6f, 0x62, 0x31, 0x14, 0x30, 0x12, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x05, 0x6f, 0x62, 0x40, 0x62, 0x62, + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x2e, 0xcf, 0xc3, 0xfa, 0x2e, + 0x04, 0x11, 0x62, 0x34, 0x63, 0x6f, 0xdf, 0xb6, 0x67, 0xfb, 0x5a, 0x50, 0x8c, 0x15, 0x73, 0xc9, + 0xc1, 0x57, 0x3a, 0x9e, 0xf8, 0xf4, 0xa8, 0x0c, 0x1a, 0xe9, 0x91, 0x51, 0x9d, 0x03, 0x26, 0x48, + 0xaa, 0x46, 0x84, 0x12, 0x06, 0x2d, 0xfc, 0x66, 0xbe, 0x41, 0xed, 0xfd, 0xcd, 0x32, 0xa3, 0x9b, + 0x34, 0xf2, 0xaa, 0x95, 0x1f, 0x8e, 0x5d, 0x49, 0x77, 0x80, 0xc2, 0xa3, 0x50, 0x30, 0x4e, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1e, 0x81, 0xc3, 0x62, 0xff, 0x8c, + 0x5a, 0x98, 0x90, 0xac, 0x2c, 0xc3, 0x65, 0xb9, 0x3f, 0x8f, 0x04, 0x55, 0xfa, 0x7c, 0x30, 0x1f, + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x81, 0xc3, 0x62, 0xff, + 0x8c, 0x5a, 0x98, 0x90, 0xac, 0x2c, 0xc3, 0x65, 0xb9, 0x3f, 0x8f, 0x04, 0x55, 0xfa, 0x7c, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0a, 0x06, + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, + 0x1c, 0xa1, 0x55, 0xa8, 0x04, 0xbc, 0x5b, 0x00, 0xa8, 0xac, 0x2f, 0xe6, 0xb7, 0x3c, 0x7c, 0xf3, + 0x7e, 0x93, 0xce, 0xe0, 0xdf, 0x6e, 0x36, 0xe4, 0x36, 0x20, 0xcb, 0x36, 0x9c, 0x13, 0x3b, 0xc4, + 0x02, 0x20, 0x7f, 0x18, 0x13, 0x7d, 0x1b, 0x8c, 0xe3, 0x5b, 0xd9, 0xac, 0x74, 0x8c, 0xc0, 0xe9, + 0xbf, 0x1b, 0x48, 0x6f, 0xb6, 0x6a, 0x45, 0x03, 0xa6, 0x5d, 0x4d, 0x65, 0xf7, 0x96, 0xa0, 0x08, + 0x83, 0x7c +}; +int caCertLen = sizeof(caCert); + +unsigned char control_server_message[] = { + 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b, 0x0d, + 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x74, + 0x65, 0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x0d, 0x0a, 0x0d, 0x0a, 0x3c, 0x68, 0x32, 0x3e, + 0x6d, 0x62, 0x65, 0x64, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x3c, 0x2f, 0x68, 0x32, 0x3e, 0x0d, 0x0a, 0x54, 0x45, 0x53, 0x54, 0x20, + 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x0d, 0x0a, 0x3c, 0x70, 0x3e, 0x53, 0x75, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x20, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x75, 0x73, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x54, 0x4c, 0x53, 0x2d, 0x45, 0x43, 0x44, + 0x48, 0x45, 0x2d, 0x45, 0x43, 0x44, 0x53, 0x41, 0x2d, 0x57, 0x49, 0x54, 0x48, 0x2d, 0x41, 0x45, + 0x53, 0x2d, 0x31, 0x32, 0x38, 0x2d, 0x43, 0x43, 0x4d, 0x2d, 0x38, 0x3c, 0x2f, 0x70, 0x3e, 0x0d, + 0x0a +}; +int control_server_message_len = sizeof(control_server_message); + +unsigned char control_client_message[] = { + 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x0d, 0x0a, + 0x0d, 0x0a +}; +int control_client_message_len = sizeof(control_client_message); + +unsigned char caTrustedCrl[] = { + 0x30, 0x82, 0x03, 0x11, 0x30, 0x82, 0x01, 0xf9, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x49, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x0a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x25, + 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x20, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x20, 0x47, 0x32, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x32, 0x35, 0x30, 0x31, 0x30, + 0x30, 0x30, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x39, 0x30, 0x34, 0x30, 0x31, 0x30, 0x30, + 0x30, 0x33, 0x5a, 0x30, 0x82, 0x01, 0x48, 0x30, 0x27, 0x02, 0x08, 0x40, 0x3a, 0x89, 0xa6, 0xdf, + 0x4c, 0xfc, 0xab, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x30, 0x37, 0x34, + 0x37, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x03, + 0x30, 0x27, 0x02, 0x08, 0x37, 0x7a, 0xe3, 0xb0, 0x9d, 0x40, 0xe5, 0x42, 0x17, 0x0d, 0x31, 0x35, + 0x31, 0x30, 0x30, 0x32, 0x31, 0x30, 0x32, 0x33, 0x32, 0x32, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, + 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x01, 0x30, 0x27, 0x02, 0x08, 0x59, 0x14, 0xab, + 0x0a, 0x4c, 0xf7, 0xa1, 0xff, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x36, 0x32, 0x31, 0x34, + 0x34, 0x31, 0x32, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, + 0x01, 0x01, 0x30, 0x27, 0x02, 0x08, 0x6e, 0x8f, 0xb3, 0x78, 0x8f, 0x54, 0x15, 0xbb, 0x17, 0x0d, + 0x31, 0x36, 0x30, 0x38, 0x31, 0x36, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x5a, 0x30, 0x0c, 0x30, + 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x01, 0x30, 0x27, 0x02, 0x08, 0x23, + 0x8a, 0x26, 0xd7, 0x52, 0xe4, 0xc2, 0x59, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x34, 0x31, 0x35, 0x31, + 0x35, 0x30, 0x30, 0x32, 0x31, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, + 0x03, 0x0a, 0x01, 0x03, 0x30, 0x27, 0x02, 0x08, 0x75, 0xdd, 0xb5, 0xf7, 0x03, 0x75, 0x0e, 0x96, + 0x17, 0x0d, 0x31, 0x36, 0x30, 0x36, 0x30, 0x38, 0x30, 0x39, 0x35, 0x32, 0x34, 0x37, 0x5a, 0x30, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x05, 0x30, 0x27, 0x02, + 0x08, 0x79, 0x61, 0xde, 0x97, 0x96, 0x20, 0x31, 0x87, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x36, 0x31, + 0x35, 0x31, 0x33, 0x33, 0x34, 0x31, 0x36, 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, + 0x15, 0x04, 0x03, 0x0a, 0x01, 0x05, 0x30, 0x27, 0x02, 0x08, 0x01, 0x48, 0x71, 0x3e, 0xaf, 0xd9, + 0x26, 0x62, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x34, 0x31, 0x35, 0x31, 0x35, 0x30, 0x34, 0x34, 0x34, + 0x5a, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x15, 0x04, 0x03, 0x0a, 0x01, 0x03, 0xa0, + 0x30, 0x30, 0x2e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, + 0x4a, 0xdd, 0x06, 0x16, 0x1b, 0xbc, 0xf6, 0x68, 0xb5, 0x76, 0xf5, 0x81, 0xb6, 0xbb, 0x62, 0x1a, + 0xba, 0x5a, 0x81, 0x2f, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x14, 0x04, 0x04, 0x02, 0x02, 0x04, + 0xd1, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x49, 0x3d, 0xd3, 0xc0, 0x71, 0x14, 0xf8, 0x55, 0xec, 0x53, 0xeb, + 0xd9, 0xcd, 0x92, 0xe9, 0x87, 0xd9, 0x85, 0x6f, 0x67, 0x33, 0x8f, 0x72, 0x5f, 0x98, 0x46, 0x6d, + 0x84, 0xb5, 0x4f, 0xc0, 0x85, 0x11, 0x48, 0xb0, 0x11, 0x46, 0x27, 0xb7, 0x4c, 0x7a, 0x4c, 0xf2, + 0x6e, 0x24, 0x99, 0xa7, 0xe1, 0xb1, 0x48, 0x86, 0x84, 0x5d, 0xab, 0x27, 0x3a, 0xc4, 0xc3, 0xe5, + 0x41, 0xa9, 0x4c, 0x30, 0x96, 0x74, 0x8b, 0xca, 0x79, 0x69, 0x8d, 0x9d, 0x9b, 0xea, 0xe3, 0x0e, + 0x1a, 0x8c, 0xa2, 0x85, 0x1c, 0x87, 0x5d, 0x3b, 0x59, 0x93, 0x54, 0x3b, 0xba, 0x9b, 0x73, 0x91, + 0x20, 0x72, 0xa6, 0x82, 0x72, 0x0a, 0xb2, 0xe1, 0xc8, 0xfe, 0xcd, 0x18, 0x38, 0x51, 0x36, 0xcf, + 0x92, 0x0d, 0x35, 0x3d, 0x53, 0xfb, 0xed, 0x0d, 0x53, 0x1d, 0xa3, 0xa1, 0xe8, 0x49, 0x3c, 0x00, + 0x62, 0xf9, 0xa7, 0x5b, 0x8b, 0x2f, 0x19, 0x84, 0x9d, 0x58, 0x96, 0x69, 0x3b, 0xd5, 0x1c, 0x14, + 0x15, 0xb3, 0x2f, 0xb0, 0x4e, 0xb6, 0x81, 0xe9, 0x89, 0x15, 0xbf, 0xac, 0xca, 0xc6, 0xf7, 0x53, + 0xfd, 0x3e, 0xde, 0x83, 0xb8, 0x3f, 0x66, 0xb2, 0x59, 0xaa, 0x20, 0x6b, 0x3c, 0xb0, 0x22, 0x05, + 0x90, 0x30, 0xdc, 0x59, 0x81, 0x60, 0xbf, 0xd4, 0x77, 0xf4, 0xd7, 0xb6, 0xb4, 0xe5, 0x4c, 0xcf, + 0xb9, 0x27, 0x9d, 0xe0, 0xd1, 0x5c, 0xea, 0x31, 0xc1, 0x54, 0x42, 0x4a, 0xab, 0xff, 0x33, 0xc6, + 0x9a, 0xfb, 0xac, 0x47, 0x92, 0xe3, 0xfe, 0x35, 0xaa, 0xbc, 0xa6, 0x2f, 0x6c, 0xd3, 0xf0, 0xe7, + 0xc4, 0x02, 0x1e, 0x67, 0x94, 0x47, 0x27, 0x8e, 0xbb, 0x91, 0xb7, 0xab, 0x95, 0x04, 0xdd, 0x89, + 0x41, 0x4e, 0x87, 0xfd, 0xf5, 0x8a, 0x1b, 0x24, 0xf4, 0x3c, 0x41, 0xa2, 0xb0, 0xda, 0x27, 0xbb, + 0x8b, 0x5b, 0xd2, 0xf9, 0x6a +}; + +static void error(const char *msg) +{ + perror(msg); + exit(0); +} + +static int sockfd, newsockfd; + +static void socketConnect() +{ + int portno; + struct sockaddr_in serv_addr; + struct hostent *server; + + portno = SERVER_PORT; + sockfd = socket(AF_INET, SOCK_STREAM, 0); + if (sockfd < 0) + error("ERROR opening socket"); + server = gethostbyname(SERVER_NAME); + if (server == NULL) { + fprintf(stderr,"ERROR, no such host\n"); + exit(0); + } + //memset((char *) &serv_addr, sizeof(serv_addr)); + memset((void*)&serv_addr, 0, sizeof(serv_addr)); + serv_addr.sin_family = AF_INET; + memcpy((char *)server->h_addr, + (char *)&serv_addr.sin_addr.s_addr, + server->h_length); + serv_addr.sin_port = htons(portno); + if (connect(sockfd,(struct sockaddr *) &serv_addr,sizeof(serv_addr)) < 0) + error("ERROR connecting"); +} + +static void CATCPPacketSendCB(CAEndpoint_t *, const void *buf, uint32_t buflen) +{ + int n; + n = write(sockfd, buf, buflen); + if (n < 0) + error("ERROR writing to socket"); +} + +char msg[256] = {0}; int msglen = 0; +static void CATCPPacketReceivedCB(const CASecureEndpoint_t *, const void *data, uint32_t dataLength) +{ + memcpy(msg, data, dataLength); + msglen = dataLength; +} + +static void PacketReceive(unsigned char *data, int * datalen) +{ + int n; + char buffer[2048] = {'\0'}; + n = read(sockfd, buffer, 5); + if ((buffer[0] == 0x16 || buffer[0] == 0x14 || buffer[0] == 0x17 || buffer[0] == 0x15) + && buffer[1] == 0x03 && buffer[2] == 0x03) + { + int tlslen = (unsigned char)buffer[3] * 0x100 + (unsigned char)buffer[4]; + n = read(sockfd, buffer + 5, tlslen); + } + + if (n < 0) + error("ERROR reading from socket"); + + *datalen = n + 5; + memcpy(data, buffer, *datalen); +} + +static void socketClose() +{ + close(sockfd); +} + +static void infoCallback_that_loads_x509(PkiInfo_t * inf) +{ + inf->crt.data = (uint8_t*)serverCert; + inf->crt.len = sizeof(serverCert); + inf->key.data = (uint8_t*)serverPrivateKey; + inf->key.len = sizeof(serverPrivateKey); + inf->ca.data = (uint8_t*)caCert; + inf->ca.len = sizeof(caCert); + inf->crl.data = (uint8_t*)caTrustedCrl; + inf->crl.len = sizeof(caTrustedCrl); +} + +static void socketOpen_server() +{ + int portno; + struct sockaddr_in serv_addr, cli_addr; + socklen_t clilen; + + portno = SERVER_PORT; + sockfd = socket(AF_INET, SOCK_STREAM, 0); + if (sockfd < 0) + error("\nERROR opening socket"); + //bzero((char *) &serv_addr, sizeof(serv_addr)); + memset((void*)&serv_addr, 0, sizeof(serv_addr)); + serv_addr.sin_family = AF_INET; + serv_addr.sin_addr.s_addr = INADDR_ANY; + serv_addr.sin_port = htons(portno); + if (bind(sockfd, (struct sockaddr *) &serv_addr, + sizeof(serv_addr)) < 0) + error("\nERROR on binding"); + listen(sockfd,5); + clilen = sizeof(cli_addr); + newsockfd = accept(sockfd, + (struct sockaddr *) &cli_addr, + &clilen); + if (newsockfd < 0) + error("\nERROR on accept"); +} + +static void CATCPPacketSendCB_server(CAEndpoint_t *, const void *buf, uint32_t buflen) +{ + int n; + n = write(newsockfd,buf,buflen); + if (n < 0) + error("ERROR writing to socket"); +} + +static void CATCPPacketReceivedCB_server(const CASecureEndpoint_t *, const void *data, uint32_t dataLength) +{ + memcpy(msg, data, dataLength); + msglen = dataLength; +} +static void PacketReceive_server(unsigned char *data, int * datalen) +{ + int n; + char buffer[2048] = {'\0'}; + n = read(newsockfd, buffer, 5); + + if (buffer[0] == 0x16 || buffer[0] == 0x14 || buffer[0] == 0x17 || buffer[0] == 0x15) + { + int tlslen = (unsigned char)buffer[3] * 0x100 + (unsigned char)buffer[4]; + n = read(newsockfd, buffer + 5, tlslen); + } + + if (n < 0) + error("\nERROR reading from socket"); + + *datalen = n + 5; + memcpy(data, buffer, *datalen); +} + +static void socketClose_server() +{ + close(newsockfd); + close(sockfd); +} + +static void clutch(bool * list) +{ + list[1] = true; +} + +const unsigned char IDENTITY[] = ("6767676767676767"); +const unsigned char RS_CLIENT_PSK[] = ("AAAAAAAAAAAAAAAA"); +static int32_t GetDtlsPskCredentials( CADtlsPskCredType_t, + const unsigned char *, size_t, + unsigned char *result, size_t) +{ + int32_t ret = -1; + + if (NULL == result) + { + return ret; + } + memcpy(result, IDENTITY, sizeof(IDENTITY)); + ret = sizeof(IDENTITY); + + return ret; +} + +/* ************************** + * + * + * MbedTLS client routine + * + * + * *************************/ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#endif + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ + !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ + !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) +static int client( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " + "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " + "not defined.\n"); + return( 0 ); +} +#else + +#include "mbedtls/net.h" +#include "mbedtls/debug.h" +#include "mbedtls/ssl.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/error.h" +#include "mbedtls/certs.h" + +#include + +#define DEBUG_LEVEL (0) + +static void my_debug_client( void *ctx, int level, + const char *file, int line, + const char *str ) +{ + ((void) level); + + mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str ); + fflush( (FILE *) ctx ); +} + +static void * client(void *) +{ + int ret, len; + mbedtls_net_context server_fd; + uint32_t flags; + unsigned char buf[1024]; + const char *pers = "ssl_client1"; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_x509_crt cacert; + mbedtls_x509_crt owncert; + mbedtls_pk_context pkey; + + /* + * 0. Initialize the RNG and the session data + */ + mbedtls_net_init( &server_fd ); + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); + mbedtls_x509_crt_init( &cacert ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_pk_init( &pkey ); + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 0. Initialize certificates + */ + mbedtls_printf( " . Loading the CA root certificate ..." ); + fflush( stdout ); + ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) caCert, caCertLen ); + if( ret < 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse caCert returned -0x%x\n\n", -ret ); + goto exit; + } + ret = mbedtls_x509_crt_parse( &owncert, (const unsigned char *) serverCert, serverCertLen ); + if( ret < 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse serverCert returned -0x%x\n\n", -ret ); + goto exit; + } + ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) serverPrivateKey, + serverPrivateKeyLen, NULL, 0 ); + if( ret < 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret ); + goto exit; + } + + mbedtls_printf( " ok (%d skipped)\n", ret ); + + /* + * 1. Start the connection + */ + mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, "SERVER_PORT" ); + fflush( stdout ); + + if( ( ret = mbedtls_net_connect( &server_fd, "127.0.0.1", + "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 2. Setup stuff + */ + mbedtls_printf( " . Setting up the SSL/TLS structure..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ssl_config_defaults( &conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* OPTIONAL is not optimal for security, + * but makes interop easier in this simplified example */ + mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); + mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); + mbedtls_ssl_conf_own_cert( &conf, &owncert, &pkey ); + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_conf_dbg( &conf, my_debug_client, stdout ); + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); + goto exit; + } + + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + + /* + * 4. Handshake + */ + mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + fflush( stdout ); + + while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) + { + if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); + goto exit; + } + } + + mbedtls_printf( " ok\n" ); + + /* + * 5. Verify the server certificate + */ + mbedtls_printf( " . Verifying peer X.509 certificate..." ); + + /* In real life, we probably want to bail out when ret != 0 */ + if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) + { + char vrfy_buf[512]; + + mbedtls_printf( " failed\n" ); + + mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); + + mbedtls_printf( "%s\n", vrfy_buf ); + } + else + mbedtls_printf( " ok\n" ); + + /* + * 3. Write the GET request + */ + mbedtls_printf( " > Write to server:" ); + fflush( stdout ); + + len = sprintf( (char *) buf, GET_REQUEST ); + + while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 ) + { + if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); + goto exit; + } + } + + len = ret; + mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf ); + + /* + * 7. Read the HTTP response + */ + mbedtls_printf( " < Read from server:" ); + fflush( stdout ); + + do + { + len = sizeof( buf ) - 1; + memset( buf, 0, sizeof( buf ) ); + ret = mbedtls_ssl_read( &ssl, buf, len ); + + if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) + continue; + + if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ) + break; + + if( ret < 0 ) + { + mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret ); + break; + } + + if( ret == 0 ) + { + mbedtls_printf( "\n\nEOF\n\n" ); + break; + } + + len = ret; + mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); + } + while( 1 ); + + mbedtls_ssl_close_notify( &ssl ); + +exit: + +#ifdef MBEDTLS_ERROR_C + if( ret != 0 ) + { + char error_buf[100]; + mbedtls_strerror( ret, error_buf, 100 ); + mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); + } +#endif + + mbedtls_net_free( &server_fd ); + + mbedtls_x509_crt_free( &cacert ); + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + + return NULL; +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && + MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && + MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && + MBEDTLS_X509_CRT_PARSE_C */ + +/* ************************** + * + * + * MbedTLS server routine + * + * + * *************************/ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#endif + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \ + !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_PEM_PARSE_C) +/* int */void * server( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C " + "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " + "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " + "and/or MBEDTLS_PEM_PARSE_C not defined.\n"); + return(/* 0 */); +} +#else + +#include +#include + +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/certs.h" +#include "mbedtls/x509.h" +#include "mbedtls/ssl.h" +#include "mbedtls/net.h" +#include "mbedtls/error.h" +#include "mbedtls/debug.h" + +#if defined(MBEDTLS_SSL_CACHE_C) +#include "mbedtls/ssl_cache.h" +#endif + +#define HTTP_RESPONSE \ + "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ + "

mbed TLS Test Server

\r\n" \ + "TEST MESSAGE\r\n" \ + "

Successful connection using: %s

\r\n" + +#define DEBUG_LEVEL (0) + +static int mbedtls_entropy_func_clutch(void *, unsigned char *output, size_t len) +{ + for (uint32_t i = 0; i < len; i++) output[i] = 0x11; + return 0; +} + +static void my_debug( void *ctx, int level, + const char *file, int line, + const char *str ) +{ + ((void) level); + + mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); + fflush( (FILE *) ctx ); +} + +static void * server(void *) +{ + int ret, len; + mbedtls_net_context listen_fd, client_fd; + unsigned char buf[1024]; + const char *pers = "ssl_server"; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_x509_crt srvcert; + mbedtls_pk_context pkey; +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_context cache; +#endif + + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_init( &cache ); +#endif + mbedtls_x509_crt_init( &srvcert ); + mbedtls_pk_init( &pkey ); + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold( DEBUG_LEVEL ); +#endif + + /* + * 1. Load the certificates and private RSA key + */ + mbedtls_printf( "\n . Loading the server cert. and key..." ); + fflush( stdout ); + + /* + * This demonstration program uses embedded test certificates. + * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the + * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). + */ + ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) serverCert, serverCertLen ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); + goto exit; + } + + ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) caCert, caCertLen ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); + goto exit; + } + + ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) serverPrivateKey, + serverPrivateKeyLen, NULL, 0 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 2. Setup the listening TCP socket + */ + mbedtls_printf( " . Bind on https://localhost:4433/ ..." ); + fflush( stdout ); + + if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 3. Seed the RNG + */ + mbedtls_printf( " . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func_clutch, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + } + + mbedtls_printf( " ok\n" ); + + /* + * 4. Setup stuff + */ + mbedtls_printf( " . Setting up the SSL data...." ); + fflush( stdout ); + + if( ( ret = mbedtls_ssl_config_defaults( &conf, + MBEDTLS_SSL_IS_SERVER, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); + +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_conf_session_cache( &conf, &cache, + mbedtls_ssl_cache_get, + mbedtls_ssl_cache_set ); +#endif + + mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); + if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + +reset: +#ifdef MBEDTLS_ERROR_C + if( ret != 0 ) + { + char error_buf[100]; + mbedtls_strerror( ret, error_buf, 100 ); + mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); + } +#endif + + mbedtls_net_free( &client_fd ); + + mbedtls_ssl_session_reset( &ssl ); + + /* + * 3. Wait until a client connects + */ + mbedtls_printf( " . Waiting for a remote connection ..." ); + fflush( stdout ); + + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, + NULL, 0, NULL ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); + goto exit; + } + + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + + mbedtls_printf( " ok\n" ); + + /* + * 5. Handshake + */ + mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + fflush( stdout ); + + while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) + { + if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret ); + goto exit; + } + } + + mbedtls_printf( " ok\n" ); + + /* + * 6. Read the HTTP Request + */ + mbedtls_printf( " < Read from client:" ); + fflush( stdout ); + + do + { + len = sizeof( buf ) - 1; + memset( buf, 0, sizeof( buf ) ); + ret = mbedtls_ssl_read( &ssl, buf, len ); + + if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) + continue; + + if( ret <= 0 ) + { + switch( ret ) + { + case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: + mbedtls_printf( " connection was closed gracefully\n" ); + break; + + case MBEDTLS_ERR_NET_CONN_RESET: + mbedtls_printf( " connection was reset by peer\n" ); + break; + + default: + mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); + break; + } + + break; + } + + len = ret; + mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); + + if( ret > 0 ) + break; + } + while( 1 ); + + /* + * 7. Write the 200 Response + */ + mbedtls_printf( " > Write to client:" ); + + fflush( stdout ); + + len = sprintf( (char *) buf, HTTP_RESPONSE, + mbedtls_ssl_get_ciphersuite( &ssl ) ); + + while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 ) + { + if( ret == MBEDTLS_ERR_NET_CONN_RESET ) + { + mbedtls_printf( " failed\n ! peer closed the connection\n\n" ); + goto reset; + } + + if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); + goto exit; + } + } + + len = ret; + mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf ); + + mbedtls_printf( " . Closing the connection..." ); + + while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 ) + { + if( ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret ); + goto exit; + } + } + + mbedtls_printf( " ok\n" ); + + ret = 0; + goto exit; + +exit: + +#ifdef MBEDTLS_ERROR_C + if( ret != 0 ) + { + char error_buf[100]; + mbedtls_strerror( ret, error_buf, 100 ); + mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); + } +#endif + + mbedtls_net_free( &client_fd ); + mbedtls_net_free( &listen_fd ); + + mbedtls_x509_crt_free( &srvcert ); + mbedtls_pk_free( &pkey ); + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_free( &cache ); +#endif + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); +#endif + + return NULL; +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && + MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && + MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C + && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */ + +/* ************************** + * + * + * CAinitSslAdapter test + * + * + * *************************/ + +static int testCAinitSslAdapter() +{ + int ret = 0; + + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_IP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + ret = CAinitSslAdapter(); + if (ret != 0 || + &g_caSslContext == NULL || + &g_caSslContext->crt == NULL || + &g_caSslContext->pkey == NULL || + &g_caSslContext->clientTlsConf == NULL || + &g_caSslContext->serverTlsConf == NULL || + &g_caSslContext->rnd == NULL || + &g_caSslContext->entropy == NULL) + { + ret = 1; + } + + // CAdeinitSslAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + return ret; +} + +// CAinitTlsAdapter() +TEST(TLSAdaper, Test_1) +{ + int ret = 0xFF; + ret = testCAinitSslAdapter(); + EXPECT_EQ(0, ret); +} + +/* ************************** + * + * + * CAsetSslAdapterCallbacks test + * + * + * *************************/ + +static int testCAsetSslAdapterCallbacks() +{ + int ret = 0xFF; + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_IP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + // CAinitSslAdapter + g_sslContextMutex = ca_mutex_new(); + ca_mutex_lock(g_sslContextMutex); + g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t)); + g_caSslContext->peerList = u_arraylist_create(); + mbedtls_entropy_init(&g_caSslContext->entropy); + mbedtls_ctr_drbg_init(&g_caSslContext->rnd); + unsigned char * seed = (unsigned char*) SEED; + mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch, + &g_caSslContext->entropy, seed, sizeof(SEED)); + mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL); + mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random, + &g_caSslContext->rnd); + mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]); + mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_1); + mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED); + mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED); + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256); + mbedtls_x509_crt_init(&g_caSslContext->ca); + mbedtls_x509_crt_init(&g_caSslContext->crt); + mbedtls_pk_init(&g_caSslContext->pkey); + mbedtls_x509_crl_init(&g_caSslContext->crl); + ca_mutex_unlock(g_sslContextMutex); + + CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, (CATransportAdapter_t)0); + if (g_caSslContext->adapterCallbacks[0].recvCallback == NULL && + g_caSslContext->adapterCallbacks[0].sendCallback == NULL && + g_caSslContext->adapterCallbacks[1].recvCallback == NULL && + g_caSslContext->adapterCallbacks[1].sendCallback == NULL) + { + ret = 0; + } + else + { + ret = 1; + } + CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_IP); + CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP); + if (g_caSslContext->adapterCallbacks[0].recvCallback == CATCPPacketReceivedCB && + g_caSslContext->adapterCallbacks[0].sendCallback == CATCPPacketSendCB && + g_caSslContext->adapterCallbacks[1].recvCallback == CATCPPacketReceivedCB && + g_caSslContext->adapterCallbacks[1].sendCallback == CATCPPacketSendCB) + { + ret += 0; + } + else + { + ret += 1; + } + + // CAdeinitSslAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + return ret; +} + +// CAsetSslAdapterCallbacks() +TEST(TLSAdaper, Test_2) +{ + int ret = 0xFF; + ret = testCAsetSslAdapterCallbacks(); + EXPECT_EQ(0, ret); +} + +/* ************************** + * + * + * CAinitiateSslHandshake test + * + * + * *************************/ + +unsigned char predictedClientHello[] = { + 0x16, 0x03, 0x01, 0x00, 0x63, 0x01, 0x00, 0x00, 0x5f, 0x03, 0x03, 0x57, 0xf2, 0x5f, 0x21, 0x04, + 0xb1, 0x3b, 0xda, 0x55, 0xa4, 0x8e, 0xcc, 0x3f, 0xe9, 0x45, 0x5c, 0xaf, 0xcb, 0x19, 0x2e, 0x1f, + 0x4b, 0xd5, 0x84, 0x5c, 0x4b, 0xd7, 0x7d, 0x38, 0xa2, 0xfa, 0x3d, 0x00, 0x00, 0x06, 0xc0, 0xae, + 0xc0, 0xae, 0x00, 0xff, 0x01, 0x00, 0x00, 0x30, 0x00, 0x0d, 0x00, 0x16, 0x00, 0x14, 0x06, 0x03, + 0x06, 0x01, 0x05, 0x03, 0x05, 0x01, 0x04, 0x03, 0x04, 0x01, 0x03, 0x03, 0x03, 0x01, 0x02, 0x03, + 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x17, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x16, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00 +}; +static unsigned char controlBuf[sizeof(predictedClientHello)]; +static char controlBufLen = 0; +static void CATCPPacketSendCB_forInitHsTest(CAEndpoint_t *, const void * buf, uint32_t buflen) +{ + int n; + n = write(sockfd, buf, buflen); + if (n < 0) + error("ERROR writing to socket"); + + memset(controlBuf, 0, sizeof(predictedClientHello)); + memcpy(controlBuf, buf, buflen); + controlBufLen = buflen; +} + +static void * test0CAinitiateSslHandshake(void * arg) +{ + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_TCP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + // CAinitSslAdapter + g_sslContextMutex = ca_mutex_new(); + ca_mutex_lock(g_sslContextMutex); + g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t)); + g_caSslContext->peerList = u_arraylist_create(); + mbedtls_entropy_init(&g_caSslContext->entropy); + mbedtls_ctr_drbg_init(&g_caSslContext->rnd); + unsigned char * seed = (unsigned char*) SEED; + mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch, + &g_caSslContext->entropy, seed, sizeof(SEED)); + mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL); + mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random, + &g_caSslContext->rnd); + mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]); + mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_1); + mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED); + mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED); + mbedtls_x509_crt_init(&g_caSslContext->ca); + mbedtls_x509_crt_init(&g_caSslContext->crt); + mbedtls_pk_init(&g_caSslContext->pkey); + mbedtls_x509_crl_init(&g_caSslContext->crl); + ca_mutex_unlock(g_sslContextMutex); + + // CAsetSslAdapterCallbacks + g_caSslContext->adapterCallbacks[1].recvCallback = CATCPPacketReceivedCB; + g_caSslContext->adapterCallbacks[1].sendCallback = CATCPPacketSendCB_forInitHsTest; + + // CAsetPkixInfoCallback + g_getPkixInfoCallback = infoCallback_that_loads_x509; + + // CAsetCredentialTypesCallback + g_getCredentialTypesCallback = clutch; + + // CAsetTlsCipherSuite + mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf, + tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]); + mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf, + tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]); + g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; + + CAsetPskCredentialsCallback(GetDtlsPskCredentials); + + socketConnect(); + + unsigned int unixTime = (unsigned)time(NULL); + CAinitiateSslHandshake(&serverAddr); + predictedClientHello[11] = unixTime >> 24; + predictedClientHello[12] = (unixTime << 8) >> 24; + predictedClientHello[13] = (unixTime << 16) >> 24; + predictedClientHello[14] = (unixTime << 24) >> 24; + + // CAcloseTlsConnection + ca_mutex_lock(g_sslContextMutex); + SslEndPoint_t * tep = GetSslPeer(&serverAddr); + mbedtls_ssl_close_notify(&tep->ssl); + RemovePeerFromList(&tep->sep.endpoint); + ca_mutex_unlock(g_sslContextMutex); + + // CAdeinitTlsAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + socketClose(); + + if (controlBufLen == sizeof(predictedClientHello) && + memcmp(predictedClientHello, controlBuf, sizeof(predictedClientHello)) == 0) + { + *((int*)arg) = 0; + return NULL; + } + else + { + *((int*)arg) = 0xFF; + return (void *) 0xFF; + } +} + +static int test1CAinitiateSslHandshake() +{ + int ret = 0xff; + ret = CAinitiateSslHandshake(NULL); + if (CA_STATUS_INVALID_PARAM == ret) + { + ret = 0; + } + else + { + ret = 1; + } + return ret; +} + +// CAinitiateSslHandshake() +TEST(TLSAdaper, Test_3_0) +{ + pthread_t thread1, thread2; + int ret = 0; + int arg = 1; + + ret = pthread_create( &thread1, NULL, server, (void*) NULL); + if(ret) + { + fprintf(stderr, "Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + ret = pthread_create( &thread2, NULL, test0CAinitiateSslHandshake, &arg); + if(ret) + { + fprintf(stderr, "Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + EXPECT_EQ(0, arg); +} + +TEST(TLSAdaper, Test_3_1) +{ + int ret = 0xFF; + ret = test1CAinitiateSslHandshake(); + EXPECT_EQ(0, ret); +} + +/* ************************** + * + * + * CAencryptSsl test + * + * + * *************************/ + +static void * testCAencryptSsl(void * arg) +{ + int ret = 0; + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_TCP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + // CAinitTlsAdapter + g_sslContextMutex = ca_mutex_new(); + ca_mutex_lock(g_sslContextMutex); + g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t)); + g_caSslContext->peerList = u_arraylist_create(); + mbedtls_entropy_init(&g_caSslContext->entropy); + mbedtls_ctr_drbg_init(&g_caSslContext->rnd); + unsigned char * seed = (unsigned char*) SEED; + mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch, + &g_caSslContext->entropy, seed, sizeof(SEED)); + mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL); + mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random, + &g_caSslContext->rnd); + mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]); + mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_1); + mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED); + mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED); + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256); + mbedtls_x509_crt_init(&g_caSslContext->ca); + mbedtls_x509_crt_init(&g_caSslContext->crt); + mbedtls_pk_init(&g_caSslContext->pkey); + mbedtls_x509_crl_init(&g_caSslContext->crl); + ca_mutex_unlock(g_sslContextMutex); + + CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP); + + CAsetPkixInfoCallback(infoCallback_that_loads_x509); + + // CAsetCredentialTypesCallback + g_getCredentialTypesCallback = clutch; + + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); + CAsetPskCredentialsCallback(GetDtlsPskCredentials); + + socketConnect(); + + // CAinitiateSslHandshake + ca_mutex_lock(g_sslContextMutex); + InitiateTlsHandshake(&serverAddr); + ca_mutex_unlock(g_sslContextMutex); + + unsigned char buffer[2048] = {'\0'}; + int buflen = 0; + CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t)); + sep->endpoint = serverAddr; + + for (int i = 0; i < 6; i++) + { + PacketReceive(buffer, &buflen); + CAdecryptSsl(sep, (uint8_t *)buffer, buflen); + } + + ret = sprintf( (char*)buffer, GET_REQUEST ); + + CAencryptSsl(&serverAddr, buffer, ret); + + PacketReceive(buffer, &buflen); + CAdecryptSsl(sep, (uint8_t *)buffer, buflen); + + CAcloseSslConnection(&serverAddr); + + // CAdeinitSslAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + socketClose(); + + if (control_server_message_len == msglen && memcmp(msg, control_server_message, control_server_message_len) == 0) + { + *((int*)arg) = 0; + return NULL; + } + else + { + *((int*)arg) = 0xFF; + return (void *) 0xFF; + } +} + +// CAencryptSsl() +TEST(TLSAdaper, Test_4) +{ + pthread_t thread1, thread2; + int ret = 0; + int arg = 1; + + ret = pthread_create( &thread1, NULL, server, (void*) NULL); + if(ret) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + ret = pthread_create( &thread2, NULL, testCAencryptSsl, &arg); + if(ret) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + EXPECT_EQ(0, arg); +} + +/* ************************** + * + * + * CAdecryptSsl test + * + * + * *************************/ + +static void * testCAdecryptSsl(void * arg) +{ + int ret = 0; + unsigned char buffer[2048] = {'\0'}; + int buflen = 0; + + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_TCP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + // CAinitTlsAdapter + g_sslContextMutex = ca_mutex_new(); + ca_mutex_lock(g_sslContextMutex); + g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t)); + g_caSslContext->peerList = u_arraylist_create(); + mbedtls_entropy_init(&g_caSslContext->entropy); + mbedtls_ctr_drbg_init(&g_caSslContext->rnd); + unsigned char * seed = (unsigned char*) SEED; + mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch, + &g_caSslContext->entropy, seed, sizeof(SEED)); + mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL); + mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random, + &g_caSslContext->rnd); + mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]); + mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_1); + mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED); + mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED); + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256); + mbedtls_x509_crt_init(&g_caSslContext->ca); + mbedtls_x509_crt_init(&g_caSslContext->crt); + mbedtls_pk_init(&g_caSslContext->pkey); + mbedtls_x509_crl_init(&g_caSslContext->crl); + ca_mutex_unlock(g_sslContextMutex); + + // CAsetTlsAdapterCallbacks + CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP); + + // CAsetPkixInfoCallback + CAsetPkixInfoCallback(infoCallback_that_loads_x509); + + // CAsetCredentialTypesCallback + g_getCredentialTypesCallback = clutch; + + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); + + CAsetPskCredentialsCallback(GetDtlsPskCredentials); + + socketConnect(); + + // CAinitiateSslHandshake + ca_mutex_lock(g_sslContextMutex); + InitiateTlsHandshake(&serverAddr); + ca_mutex_unlock(g_sslContextMutex); + + CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t)); + sep->endpoint = serverAddr; + + for (int i = 0; i < 6; i++) + { + PacketReceive(buffer, &buflen); + CAdecryptSsl(sep, (uint8_t *)buffer, buflen); + } + + ret = sprintf((char*)buffer, GET_REQUEST); + + CAencryptSsl(&serverAddr, buffer, ret); + + PacketReceive(buffer, &buflen); + CAdecryptSsl(sep, (uint8_t *)buffer, buflen); + + CAcloseSslConnection(&serverAddr); + + // CAdeinitSslAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + socketClose(); + + if (control_server_message_len == msglen && memcmp(msg, control_server_message, + control_server_message_len) == 0) + { + *((int*)arg) = 0; + return NULL; + } + else + { + *((int*)arg) = 0xFF; + return (void *) 0xFF; + } +} + +// CAdecryptTls() +TEST(TLSAdaper, Test_5) +{ + pthread_t thread1, thread2; + int ret = 0; + int arg = 1; + + ret = pthread_create( &thread1, NULL, server, (void*) NULL); + if(ret) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + ret = pthread_create( &thread2, NULL, testCAdecryptSsl, &arg); + if(ret) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + EXPECT_EQ(0, arg); +} + +/* ************************** + * + * + * CAdeinitSslAdapter test + * + * + * *************************/ + +static int testCAdeinitSslAdapter() +{ + int ret = 0; + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_IP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + // CAinitTlsAdapter + g_sslContextMutex = ca_mutex_new(); + ca_mutex_lock(g_sslContextMutex); + g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t)); + g_caSslContext->peerList = u_arraylist_create(); + mbedtls_entropy_init(&g_caSslContext->entropy); + mbedtls_ctr_drbg_init(&g_caSslContext->rnd); + unsigned char * seed = (unsigned char*) SEED; + mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func, + &g_caSslContext->entropy, seed, sizeof(SEED)); + mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL); + mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random, + &g_caSslContext->rnd); + mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]); + mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_1); + mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED); + mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED); + mbedtls_x509_crt_init(&g_caSslContext->ca); + mbedtls_x509_crt_init(&g_caSslContext->crt); + mbedtls_pk_init(&g_caSslContext->pkey); + mbedtls_x509_crl_init(&g_caSslContext->crl); + ca_mutex_unlock(g_sslContextMutex); + + // CAsetTlsAdapterCallbacks + g_caSslContext->adapterCallbacks[1].recvCallback = CATCPPacketReceivedCB; + g_caSslContext->adapterCallbacks[1].sendCallback = CATCPPacketSendCB; + + // CAsetPkixInfoCallback + g_getPkixInfoCallback = infoCallback_that_loads_x509; + + // CAsetTlsCipherSuite + mbedtls_ssl_conf_ciphersuites(&g_caSslContext->clientTlsConf, + tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]); + mbedtls_ssl_conf_ciphersuites(&g_caSslContext->serverTlsConf, + tlsCipher[ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8]); + g_caSslContext->cipher = ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; + + CAdeinitSslAdapter(); + + if (g_caSslContext != NULL || + g_sslContextMutex != NULL) + { + ret = 1; + } + else + { + ret = 0; + } + return ret; +} + +// CAdeinitSslAdapter() +TEST(TLSAdaper, Test_6) +{ + int ret = 0xFF; + ret = testCAdeinitSslAdapter(); + EXPECT_EQ(0, ret); +} + +/* ************************** + * + * + * Server side test + * + * + * *************************/ + +static void * testServer(void * arg) +{ + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_TCP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4432; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + unsigned char buffer[2048] = {'\0'}; + int buflen = 0; + + CAinitSslAdapter(); + + CAsetSslAdapterCallbacks(CATCPPacketReceivedCB_server, CATCPPacketSendCB_server, CA_ADAPTER_TCP); + CAsetPkixInfoCallback(infoCallback_that_loads_x509); + + // CAsetCredentialTypesCallback + g_getCredentialTypesCallback = clutch; + + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); + + CAsetPskCredentialsCallback(GetDtlsPskCredentials); + + socketOpen_server(); + + CASecureEndpoint_t * sep = (CASecureEndpoint_t *) malloc (sizeof(CASecureEndpoint_t)); + sep->endpoint = serverAddr; + + for (int i = 0; i < 7; i++) + { + PacketReceive_server(buffer, &buflen); + CAdecryptSsl(sep, (uint8_t *)buffer, buflen); + } + + CAcloseSslConnection(&serverAddr); + + // CAdeinitSslAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + socketClose_server(); + + if (control_client_message_len == msglen && memcmp(msg, control_client_message, + control_client_message_len) == 0) + { + *((int*)arg) = 0; + return NULL; + } + else + { + *((int*)arg) = 0xFF; + return (void *) 0xFF; + } +} + +TEST(TLSAdaper, Test_7) +{ + pthread_t thread1, thread2; + int ret = 0; + int arg = 1; + + ret = pthread_create( &thread1, NULL, testServer, &arg); + if (ret) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + ret = pthread_create( &thread2, NULL, client, (void*) NULL); + if (ret) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + EXPECT_EQ(NULL, arg); +} + +/* ************************** + * + * CAsetPskCredentialsCallback test + * CAsetPkixInfoCallback test + * CAsetCredentialTypesCallback test + * + * *************************/ + +static int testCAsetPskCredentialsCallback() +{ + static CAgetPskCredentialsHandler credCallback = (CAgetPskCredentialsHandler)dummyHandler; + CAsetPskCredentialsCallback(credCallback); + if (g_getCredentialsCallback == (CAgetPskCredentialsHandler)dummyHandler) + { + return 0; + } + else + { + return 1; + } +} + +static int testCAsetPkixInfoCallback() +{ + static CAgetPkixInfoHandler infoCallback = (CAgetPkixInfoHandler)dummyHandler; + CAsetPkixInfoCallback(infoCallback); + if (g_getPkixInfoCallback == (CAgetPkixInfoHandler)dummyHandler) + { + return 0; + } + else + { + return 1; + } +} + +static int testCAsetCredentialTypesCallback() +{ + static CAgetCredentialTypesHandler credTypesCallback = (CAgetCredentialTypesHandler)dummyHandler; + CAsetCredentialTypesCallback(credTypesCallback); + if (g_getCredentialTypesCallback == (CAgetCredentialTypesHandler)dummyHandler) + { + return 0; + } + else + { + return 1; + } +} + +// CAsetPskCredentialsCallback() +TEST(TLSAdaper, Test_9_0) +{ + int ret = 0xFF; + ret = testCAsetPskCredentialsCallback(); + EXPECT_EQ(0, ret); +} +// CAsetPkixInfoCallback() +TEST(TLSAdaper, Test_9_1) +{ + int ret = 0xFF; + ret = testCAsetPkixInfoCallback(); + EXPECT_EQ(0, ret); +} +// CAsetCredentialTypesCallback() +TEST(TLSAdaper, Test_9_2) +{ + int ret = 0xFF; + ret = testCAsetCredentialTypesCallback(); + EXPECT_EQ(0, ret); +} + +/* ************************** + * + * + * CAsetTlsCipherSuite test + * + * + * *************************/ + +static int testCAsetTlsCipherSuite() +{ + int ret = 0, status = 0; + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_TCP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + CAinitSslAdapter(); + + // CAsetCredentialTypesCallback + g_getCredentialTypesCallback = clutch; + + status = CAsetTlsCipherSuite(MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA); + if (ADAPTER_TLS_RSA_WITH_AES_256_CBC_SHA != g_caSslContext->cipher || status != CA_STATUS_OK) + { + ret += 1; + } + + status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); + if (ADAPTER_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 != g_caSslContext->cipher || status != CA_STATUS_OK) + { + ret += 1; + } + + status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256); + if (ADAPTER_TLS_ECDH_ANON_WITH_AES_128_CBC_SHA_256 != g_caSslContext->cipher || status != CA_STATUS_OK) + { + ret += 1; + } + + status = CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256); + if (ADAPTER_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 != g_caSslContext->cipher || status != CA_STATUS_OK) + { + ret += 1; + } + + status = CAsetTlsCipherSuite(dummyHandler); + if (CA_STATUS_FAILED != status) + { + ret += 1; + } + + // CAdeinitSslAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + return ret; +} + +// CAinitTlsAdapter() +TEST(TLSAdaper, Test_10) +{ + int ret = 0xff; + ret = testCAsetTlsCipherSuite(); + EXPECT_EQ(0, ret); +} + +static void * testCAsslGenerateOwnerPsk(void * arg) +{ + int ret = 0; + CAEndpoint_t serverAddr; + serverAddr.adapter = CA_ADAPTER_TCP; + serverAddr.flags = CA_SECURE; + serverAddr.port = 4433; + char addr[] = {0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x00}; // 127.0.0.1 + memcpy(serverAddr.addr, addr, sizeof(addr)); + serverAddr.ifindex = 0; + + uint8_t label[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A}; + uint8_t rsrcServerDeviceId[] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A}; + uint8_t provServerDeviceId[] = {0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A}; + uint8_t ownerPsk[0x100] = {0x00}; + uint8_t predictedPSK[] = { + 0xba, 0x72, 0x16, 0xbc, 0x7f, 0x8c, 0xfe, 0xfc, 0xd0, 0xac, 0x1a, 0x37, 0xad, 0x60, 0xe8, 0x9e, + 0xb3, 0x31, 0xa2, 0x30, 0xaf, 0x68, 0xc9, 0xa6, 0x89, 0x8a, 0x04, 0x21, 0x6c, 0xbd, 0x04, 0x08, + 0x68, 0x11, 0x54, 0x9e, 0x2a, 0x10, 0x91, 0x94, 0x3c, 0x44, 0x52, 0xc7, 0xfa, 0x78, 0x44, 0x87, + 0xea, 0x30, 0x08, 0x5f, 0xc1, 0x64, 0xaa, 0x0d, 0xfd, 0x84, 0x16, 0x83, 0x20, 0xc9, 0x08, 0x65, + 0xd2, 0x4a, 0x55, 0x9e, 0x8f, 0x88, 0x3c, 0x57, 0x10, 0xbd, 0x5a, 0x30, 0x01, 0xb4, 0x59, 0x63, + 0x64, 0x19, 0x8d, 0xfa, 0x5c, 0x86, 0x92, 0xf7, 0x60, 0x99, 0xdb, 0xae, 0x0e, 0xad, 0x80, 0xf1, + 0x82, 0xaf, 0x1b, 0x14, 0x0c, 0x99, 0x13, 0x53, 0x54, 0x33, 0x6a, 0x17, 0x24, 0x5c, 0x9d, 0xdb, + 0x5a, 0xfb, 0x73, 0x2f, 0x41, 0xe8, 0xeb, 0x2e, 0x68, 0xfe, 0xee, 0x0b, 0xdc, 0x54, 0x50, 0xf1, + 0x1e, 0x16, 0x19, 0x2c, 0x4e, 0xb6, 0x97, 0x9f, 0x9c, 0x32, 0x9c, 0x0e, 0xe0, 0xe1, 0x32, 0x64, + 0x16, 0x34, 0x53, 0x8e, 0xc5, 0xe3, 0xe5, 0xbc, 0x2c, 0x10, 0xae, 0x81, 0x2c, 0x1a, 0xb2, 0xb7, + 0xa3, 0xbe, 0x0f, 0xab, 0xfd, 0xf7, 0x87, 0x53, 0xcd, 0x3e, 0x31, 0xfb, 0x2d, 0x69, 0x6a, 0xd5, + 0xc3, 0x27, 0x04, 0x2b, 0x37, 0x02, 0x91, 0x05, 0x0c, 0x4e, 0x2a, 0xfc, 0x6c, 0x42, 0xe8, 0x37, + 0x23, 0x2f, 0x60, 0x6e, 0x0c, 0xed, 0x7c, 0xe0, 0x5f, 0x47, 0xb3, 0x51, 0x86, 0x5b, 0x26, 0x08, + 0x2a, 0x05, 0x89, 0xb0, 0xdd, 0x6f, 0xc6, 0x76, 0xc5, 0x2a, 0x60, 0x07, 0x0e, 0xb1, 0x71, 0x67, + 0x21, 0x11, 0xf8, 0xb5, 0x52, 0xa3, 0xf3, 0xf0, 0xd4, 0x5f, 0xdf, 0x44, 0x66, 0x23, 0xd8, 0x4e, + 0xbd, 0x64, 0x39, 0x43, 0x03, 0x37, 0xaa, 0xd7, 0xea, 0xb3, 0x6d, 0x2f, 0x84, 0x9c, 0x02, 0x49 + }; + + // CAinitTlsAdapter + g_sslContextMutex = ca_mutex_new(); + ca_mutex_lock(g_sslContextMutex); + g_caSslContext = (SslContext_t *)OICCalloc(1, sizeof(SslContext_t)); + g_caSslContext->peerList = u_arraylist_create(); + mbedtls_entropy_init(&g_caSslContext->entropy); + mbedtls_ctr_drbg_init(&g_caSslContext->rnd); + unsigned char * seed = (unsigned char*) SEED; + mbedtls_ctr_drbg_seed(&g_caSslContext->rnd, mbedtls_entropy_func_clutch, + &g_caSslContext->entropy, seed, sizeof(SEED)); + mbedtls_ctr_drbg_set_prediction_resistance(&g_caSslContext->rnd, MBEDTLS_CTR_DRBG_PR_OFF); + mbedtls_ssl_config_init(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_defaults(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); + mbedtls_ssl_conf_psk_cb(&g_caSslContext->clientTlsConf, GetPskCredentialsCallback, NULL); + mbedtls_ssl_conf_rng( &g_caSslContext->clientTlsConf, mbedtls_ctr_drbg_random, + &g_caSslContext->rnd); + mbedtls_ssl_conf_curves(&g_caSslContext->clientTlsConf, curve[ADAPTER_CURVE_SECP256R1]); + mbedtls_ssl_conf_min_version(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_1); + mbedtls_ssl_conf_renegotiation(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_RENEGOTIATION_DISABLED); + mbedtls_ssl_conf_authmode(&g_caSslContext->clientTlsConf, MBEDTLS_SSL_VERIFY_REQUIRED); + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256); + mbedtls_x509_crt_init(&g_caSslContext->ca); + mbedtls_x509_crt_init(&g_caSslContext->crt); + mbedtls_pk_init(&g_caSslContext->pkey); + mbedtls_x509_crl_init(&g_caSslContext->crl); + ca_mutex_unlock(g_sslContextMutex); + + // CAsetTlsAdapterCallbacks + CAsetSslAdapterCallbacks(CATCPPacketReceivedCB, CATCPPacketSendCB, CA_ADAPTER_TCP); + + // CAsetPkixInfoCallback + CAsetPkixInfoCallback(infoCallback_that_loads_x509); + + // CAsetCredentialTypesCallback + g_getCredentialTypesCallback = clutch; + + CAsetTlsCipherSuite(MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8); + + CAsetPskCredentialsCallback(GetDtlsPskCredentials); + + socketConnect(); + + // CAinitiateSslHandshake + ca_mutex_lock(g_sslContextMutex); + InitiateTlsHandshake(&serverAddr); + ca_mutex_unlock(g_sslContextMutex); + + ret = CAsslGenerateOwnerPsk(&serverAddr, + label, sizeof(label), + rsrcServerDeviceId, sizeof(rsrcServerDeviceId), + provServerDeviceId, sizeof(provServerDeviceId), + ownerPsk, 0x100); + + // CAcloseTlsConnection + ca_mutex_lock(g_sslContextMutex); + SslEndPoint_t * tep = GetSslPeer(&serverAddr); + mbedtls_ssl_close_notify(&tep->ssl); + RemovePeerFromList(&tep->sep.endpoint); + ca_mutex_unlock(g_sslContextMutex); + + // CAdeinitTlsAdapter + ca_mutex_lock(g_sslContextMutex); + DeletePeerList(); + mbedtls_x509_crt_free(&g_caSslContext->crt); + mbedtls_pk_free(&g_caSslContext->pkey); + mbedtls_ssl_config_free(&g_caSslContext->clientTlsConf); + mbedtls_ssl_config_free(&g_caSslContext->serverTlsConf); + mbedtls_ctr_drbg_free(&g_caSslContext->rnd); + mbedtls_entropy_free(&g_caSslContext->entropy); + OICFree(g_caSslContext); + g_caSslContext = NULL; + ca_mutex_unlock(g_sslContextMutex); + ca_mutex_free(g_sslContextMutex); + g_sslContextMutex = NULL; + + socketClose(); + + if (ret == 0 && memcmp(predictedPSK, ownerPsk, sizeof(predictedPSK)) == 0) + { + *((int*)arg) = 0; + return NULL; + } + else + { + *((int*)arg) = 0xFF; + return (void *) 0xFF; + } +} + +TEST(TLSAdaper, Test_11) +{ + pthread_t thread1, thread2; + int ret = 0; + int arg = 1; + + ret = pthread_create( &thread1, NULL, server, (void*) NULL); + if(ret) + { + fprintf(stderr, "Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + ret = pthread_create( &thread2, NULL, testCAsslGenerateOwnerPsk, &arg); + if(ret) + { + fprintf(stderr, "Error - pthread_create() return code: %d\n", ret); + exit(EXIT_FAILURE); + } + + sleep(1); + + EXPECT_EQ(0, arg); +} -- 2.7.4