diff options
Diffstat (limited to 'tests/common-cert-key-exchange.c')
-rw-r--r-- | tests/common-cert-key-exchange.c | 143 |
1 files changed, 117 insertions, 26 deletions
diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c index 468475f846..de4b57ac4c 100644 --- a/tests/common-cert-key-exchange.c +++ b/tests/common-cert-key-exchange.c @@ -74,7 +74,7 @@ void try_with_key_fail(const char *name, const char *client_prio, reset_buffers(); /* Init server */ - gnutls_certificate_allocate_credentials(&serverx509cred); + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); ret = gnutls_certificate_set_x509_key_mem(serverx509cred, serv_cert, serv_key, @@ -82,16 +82,15 @@ void try_with_key_fail(const char *name, const char *client_prio, if (ret < 0) fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); - gnutls_init(&server, GNUTLS_SERVER); - gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); - - + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); if (server_priority) assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); else assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred)>=0); + gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -112,11 +111,98 @@ void try_with_key_fail(const char *name, const char *client_prio, if (ret < 0) exit(1); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); if (ret < 0) exit(1); + success("negotiating %s\n", name); + HANDSHAKE_EXPECT(client, server, client_err, server_err); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void try_with_rawpk_key_fail(const char *name, const char *client_prio, + int server_err, int client_err, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + unsigned server_ku, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_ku) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t server_cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t client_cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&server_cred); + + ret = gnutls_certificate_set_rawpk_key_mem(server_cred, + serv_cert, serv_key, GNUTLS_X509_FMT_PEM, NULL, server_ku, + NULL, 0, 0); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + + assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK) >= 0); + if (server_priority) + assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); + else + assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_cred); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&client_cred); + if (ret < 0) + exit(1); + + if (cli_cert) { + ret = gnutls_certificate_set_rawpk_key_mem(client_cred, + cli_cert, cli_key, GNUTLS_X509_FMT_PEM, NULL, client_ku, + NULL, 0, 0); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_RAWPK); + if (ret < 0) + exit(1); + gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); @@ -127,14 +213,20 @@ void try_with_key_fail(const char *name, const char *client_prio, fprintf(stderr, "Error in %s\n", err); exit(1); } + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + client_cred); + if (ret < 0) + exit(1); + success("negotiating %s\n", name); HANDSHAKE_EXPECT(client, server, client_err, server_err); gnutls_deinit(client); gnutls_deinit(server); - gnutls_certificate_free_credentials(serverx509cred); - gnutls_certificate_free_credentials(clientx509cred); + gnutls_certificate_free_credentials(server_cred); + gnutls_certificate_free_credentials(client_cred); } void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, @@ -173,8 +265,8 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori reset_buffers(); /* Init server */ - gnutls_anon_allocate_server_credentials(&s_anoncred); - gnutls_certificate_allocate_credentials(&server_cred); + assert(gnutls_anon_allocate_server_credentials(&s_anoncred)>=0); + assert(gnutls_certificate_allocate_credentials(&server_cred)>=0); // Set server crt creds based on ctype switch (server_ctype) { @@ -201,11 +293,10 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori gnutls_certificate_set_dh_params(server_cred, dh_params); gnutls_anon_set_server_dh_params(s_anoncred, dh_params); - gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK); - gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - server_cred); - gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); - + assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_cred)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred)>=0); if (server_priority) assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); @@ -254,8 +345,8 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori exit(1); - gnutls_anon_allocate_client_credentials(&c_anoncred); - gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + assert(gnutls_anon_allocate_client_credentials(&c_anoncred)>=0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred)>=0); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, client_cred); if (ret < 0) @@ -397,14 +488,14 @@ void dtls_try_with_key_mtu(const char *name, const char *client_prio, gnutls_kx_ gnutls_certificate_set_dh_params(serverx509cred, dh_params); gnutls_anon_set_server_dh_params(s_anoncred, dh_params); - gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK); - gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); - gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + assert(gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred)>=0); - gnutls_priority_set_direct(server, - "NORMAL:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519", - NULL); + assert(gnutls_priority_set_direct(server, + "NORMAL:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519", + NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_pull_timeout_function(server, server_pull_timeout_func); @@ -440,8 +531,8 @@ void dtls_try_with_key_mtu(const char *name, const char *client_prio, gnutls_kx_ if (ret < 0) exit(1); - gnutls_anon_allocate_client_credentials(&c_anoncred); - gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + assert(gnutls_anon_allocate_client_credentials(&c_anoncred)>=0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred)>=0); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); if (ret < 0) |