diff options
author | Daiki Ueno <ueno@gnu.org> | 2023-03-18 23:12:33 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2023-03-18 23:12:33 +0000 |
commit | 5005e0825a0dba81ed94bc262e11cc67b1d50beb (patch) | |
tree | ea08d26f464ec175b165af05a1e685bf38a12d1e | |
parent | 5334a7e413c678d10ffd62a3580537c7e2e6c541 (diff) | |
parent | 6839641ca23a38274c44947d0b438785611651ae (diff) | |
download | gnutls-5005e0825a0dba81ed94bc262e11cc67b1d50beb.tar.gz |
Merge branch 'tests-keys_limits_single' into 'master'
test:tls13/key_limits: rewrite key_limits testcase as single process
See merge request gnutls/gnutls!1728
-rw-r--r-- | tests/tls13/key_limits.c | 340 |
1 files changed, 94 insertions, 246 deletions
diff --git a/tests/tls13/key_limits.c b/tests/tls13/key_limits.c index 1799960ef7..3c5eda8fef 100644 --- a/tests/tls13/key_limits.c +++ b/tests/tls13/key_limits.c @@ -26,315 +26,163 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> -#if defined(_WIN32) +#include <gnutls/gnutls.h> +#include <assert.h> -int main(void) -{ - exit(77); -} - -#else - -# include <string.h> -# include <sys/types.h> -# include <netinet/in.h> -# include <sys/socket.h> -# include <sys/wait.h> -# include <arpa/inet.h> -# include <unistd.h> -# include <gnutls/gnutls.h> -# include <gnutls/dtls.h> -# include <assert.h> -# include <signal.h> - -# include "utils.h" -# include "cert-common.h" - -static void terminate(void); +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" /* This program tests whether re-key occurs at the expected * time. */ -static void server_log_func(int level, const char *str) -{ - fprintf(stderr, "server|<%d>| %s", level, str); -} +const char *testname = ""; + +const char *side = ""; -static void client_log_func(int level, const char *str) +static void tls_log_func(int level, const char *str) { - fprintf(stderr, "client|<%d>| %s", level, str); + fprintf(stderr, "%s|<%d>| %s", side, level, str); } -# define MAX_BUF 1024 +#define MAX_BUF 1024 -static void client(int fd, const char *prio, unsigned expect_update) +static void start(const char *name, const char *prio, unsigned exp_update) { - int ret; + int sret, cret; + gnutls_certificate_credentials_t scred, ccred; + gnutls_session_t server, client; + char buffer[MAX_BUF + 1]; - gnutls_certificate_credentials_t x509_cred; - gnutls_session_t session; unsigned char seq[8]; unsigned update_happened = 0; + unsigned i; + + testname = name; + success("== test %s ==\n", testname); global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); - if (debug) { - gnutls_global_set_log_function(client_log_func); - gnutls_global_set_log_level(7); - } + /* Init Server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); - gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_init(&server, GNUTLS_SERVER); - /* Initialize TLS session + /* avoid calling all the priority functions, since the defaults + * are adequate. */ - gnutls_init(&session, GNUTLS_CLIENT); - - /* Use default priorities */ - ret = gnutls_priority_set_direct(session, prio, NULL); - if (ret < 0) { + sret = gnutls_priority_set_direct(server, prio, NULL); + if (sret < 0) { fail("error in priority '%s': %s\n", prio, - gnutls_strerror(ret)); - exit(1); - } - - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - - gnutls_transport_set_int(session, fd); - - /* Perform the TLS handshake - */ - do { - ret = gnutls_handshake(session); - } - while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - - if (ret < 0) { - fail("client: Handshake failed\n"); - gnutls_perror(ret); - exit(1); - } else { - if (debug) - success("client: Handshake was completed\n"); - } - - if (debug) - success("client: TLS version is: %s\n", - gnutls_protocol_get_name - (gnutls_protocol_get_version(session))); - - /* make sure we are not blocked forever */ - gnutls_record_set_timeout(session, 10000); - - assert(gnutls_record_get_state(session, 1, NULL, NULL, NULL, seq) >= 0); - assert(gnutls_record_set_state - (session, 1, (void *)"\x00\x00\x00\x00\x00\xff\xff\xfa") >= 0); - - do { - do { - ret = - gnutls_record_recv_seq(session, buffer, MAX_BUF, - seq); - } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - - if (memcmp(seq, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) { - update_happened = 1; - } - } while (ret > 0); - - if (ret == 0 || ret == GNUTLS_E_TIMEDOUT) { - if (debug) - success("client: Peer has closed the TLS connection\n"); - goto end; - } else if (ret < 0) { - if (ret != 0) { - fail("client: Error: %s\n", gnutls_strerror(ret)); - exit(1); - } - } - - gnutls_bye(session, GNUTLS_SHUT_WR); - - end: - - close(fd); - - gnutls_deinit(session); - - gnutls_certificate_free_credentials(x509_cred); - - gnutls_global_deinit(); - - if (expect_update && update_happened == 0) { - fail("no update occurred!\n"); - exit(1); - } else if (!expect_update && update_happened) { - fail("update occurred unexpectedly!\n"); - exit(1); - } else { - if (debug) - success("detected update!\n"); + gnutls_strerror(sret)); } -} -/* These are global */ -pid_t child; + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); -static void terminate(void) -{ - assert(child); - kill(child, SIGTERM); - exit(1); -} + /* Init client */ + gnutls_certificate_allocate_credentials(&ccred); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); -static void server(int fd, const char *prio) -{ - int ret; - char buffer[MAX_BUF + 1]; - gnutls_session_t session; - gnutls_certificate_credentials_t x509_cred; - unsigned i; - unsigned char seq[8]; + gnutls_init(&client, GNUTLS_CLIENT); - /* this must be called once in the program - */ - global_init(); - memset(buffer, 0, sizeof(buffer)); + cret = gnutls_priority_set_direct(client, prio, NULL); + if (cret < 0) + fail("cannot set TLS 1.3 priorities\n"); - if (debug) { - gnutls_global_set_log_function(server_log_func); - gnutls_global_set_log_level(4711); - } + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); - gnutls_certificate_allocate_credentials(&x509_cred); - gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, - &server_key, GNUTLS_X509_FMT_PEM); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); - gnutls_init(&session, GNUTLS_SERVER); - - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - ret = gnutls_priority_set_direct(session, prio, NULL); - if (ret < 0) { - fail("error in priority '%s': %s\n", prio, - gnutls_strerror(ret)); - exit(1); - } - - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - - gnutls_transport_set_int(session, fd); - - do { - ret = gnutls_handshake(session); - } - while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - if (ret < 0) { - close(fd); - gnutls_deinit(session); - fail("server: Handshake has failed (%s)\n\n", - gnutls_strerror(ret)); - terminate(); - } + /* Perform handshake */ + HANDSHAKE(client, server); if (debug) - success("server: Handshake was completed\n"); + success("Handshake established\n"); - if (debug) - success("server: TLS version is: %s\n", - gnutls_protocol_get_name - (gnutls_protocol_get_version(session))); + assert(gnutls_record_get_state(server, 0, NULL, NULL, NULL, seq) >= 0); + assert(gnutls_record_set_state + (server, 0, (void *)"\x00\x00\x00\x00\x00\xff\xff\xfa") >= 0); - assert(gnutls_record_get_state(session, 0, NULL, NULL, NULL, seq) >= 0); + assert(gnutls_record_get_state(client, 1, NULL, NULL, NULL, seq) >= 0); assert(gnutls_record_set_state - (session, 0, (void *)"\x00\x00\x00\x00\x00\xff\xff\xfa") >= 0); + (client, 1, (void *)"\x00\x00\x00\x00\x00\xff\xff\xfa") >= 0); memset(buffer, 1, sizeof(buffer)); + for (i = 0; i < 32; i++) { usleep(10000); /* some systems like FreeBSD have their buffers full during this send */ do { - ret = - gnutls_record_send(session, buffer, sizeof(buffer)); - } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + sret = + gnutls_record_send(server, buffer, sizeof(buffer)); + } while (sret == GNUTLS_E_AGAIN + || sret == GNUTLS_E_INTERRUPTED); - if (ret < 0) { + if (sret < 0) { fail("Error sending %d byte packet: %s\n", - (int)sizeof(buffer), gnutls_strerror(ret)); - terminate(); + (int)sizeof(buffer), gnutls_strerror(sret)); } - if (ret != sizeof(buffer)) { + if (sret != sizeof(buffer)) { fail("Error sending %d byte packet: sent: %d\n", - (int)sizeof(buffer), ret); - terminate(); + (int)sizeof(buffer), sret); + } + do { + cret = + gnutls_record_recv_seq(client, buffer, MAX_BUF, + seq); + } while (cret == GNUTLS_E_AGAIN + || cret == GNUTLS_E_INTERRUPTED); + + if (memcmp(seq, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) { + update_happened = 1; } } - /* wait for the peer to close the connection. - */ - gnutls_bye(session, GNUTLS_SHUT_WR); + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); - close(fd); - gnutls_deinit(session); + gnutls_deinit(client); + gnutls_deinit(server); - gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); gnutls_global_deinit(); + reset_buffers(); - if (debug) - success("server: finished\n"); -} - -static void start(const char *name, const char *prio, unsigned exp_update) -{ - int fd[2]; - int ret, status = 0; - - ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); - if (ret < 0) { - perror("socketpair"); - exit(1); - } - - child = fork(); - if (child < 0) { - perror("fork"); - fail("fork"); - exit(1); - } - - if (child) { - /* parent */ - success("trying: %s\n", name); - close(fd[0]); - server(fd[1], prio); - wait(&status); - check_wait_status(status); + if (exp_update && update_happened == 0) { + fail("no update occurred!\n"); + } else if (!exp_update && update_happened) { + fail("update occurred unexpectedly!\n"); } else { - close(fd[1]); - client(fd[0], prio, exp_update); - exit(0); + if (debug) + success("detected update!\n"); } } -# define AES_GCM "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM" -# define CHACHA_POLY1305 "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305" - -static void ch_handler(int sig) -{ - return; -} +#define AES_GCM "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM" +#define CHACHA_POLY1305 "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305" void doit(void) { - signal(SIGCHLD, ch_handler); - signal(SIGPIPE, SIG_IGN); start("aes-gcm", AES_GCM, 1); if (!gnutls_fips140_mode_enabled()) { start("chacha20", CHACHA_POLY1305, 0); } } - -#endif /* _WIN32 */ |