diff options
Diffstat (limited to 'tests/tls12-rehandshake-cert.c')
-rw-r--r-- | tests/tls12-rehandshake-cert.c | 138 |
1 files changed, 102 insertions, 36 deletions
diff --git a/tests/tls12-rehandshake-cert.c b/tests/tls12-rehandshake-cert.c index 998d997363..226ee6e1f3 100644 --- a/tests/tls12-rehandshake-cert.c +++ b/tests/tls12-rehandshake-cert.c @@ -1,7 +1,8 @@ /* * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. * - * Author: Simon Josefsson + * Author: Simon Josefsson, Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * @@ -15,9 +16,8 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> */ #ifdef HAVE_CONFIG_H @@ -29,22 +29,20 @@ #include <string.h> #include <errno.h> #include <gnutls/gnutls.h> -#include "utils.h" -#include "eagain-common.h" + #include "cert-common.h" +#include "cmocka-common.h" /* This program tests server initiated rehandshake */ -const char *side = ""; - static void tls_log_func(int level, const char *str) { - fprintf(stderr, "%s|<%d>| %s", side, level, str); + fprintf(stderr, "<%d>| %s", level, str); } #define MAX_REHANDSHAKES 16 -void doit(void) +static void test_rehandshake(void **glob_state, unsigned appdata) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; @@ -54,53 +52,102 @@ void doit(void) gnutls_certificate_credentials_t clientx509cred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN; + char buffer[64]; + int ret; unsigned i; /* General init. */ - global_init(); + reset_buffers(); + ret = gnutls_global_init(); + assert_return_code(ret, 0); + gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(6); /* Init server */ - gnutls_certificate_allocate_credentials(&serverx509cred); - gnutls_certificate_set_x509_key_mem(serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); - gnutls_init(&server, GNUTLS_SERVER); - gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); - gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + ret = gnutls_certificate_allocate_credentials(&serverx509cred); + assert_return_code(ret, 0); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + assert_return_code(ret, 0); + + ret = gnutls_init(&server, GNUTLS_SERVER); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert_return_code(ret, 0); + + ret = gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + assert_return_code(ret, 0); + gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); /* Init client */ - gnutls_certificate_allocate_credentials(&clientx509cred); - gnutls_init(&client, GNUTLS_CLIENT); - gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); - gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + assert_return_code(ret, 0); + gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); HANDSHAKE(client, server); - for (i=0;i<MAX_REHANDSHAKES;i++) { - sret = gnutls_rehandshake(server); - if (debug) - success("gnutls_rehandshake %d (server)...\n", i); + if (appdata) { + /* send application data prior to handshake */ + ssize_t n; + char b[1]; - { - ssize_t n; - char b[1]; + do { + sret = gnutls_rehandshake(server); + } while (sret == GNUTLS_E_AGAIN); + + do { n = gnutls_record_recv(client, b, 1); - if (n != GNUTLS_E_REHANDSHAKE) - fail("client did not receive the expected rehandshake error code\n"); - } + } while(n == GNUTLS_E_AGAIN); + + assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + + /* client sends app data and the server ignores them */ + do { + cret = gnutls_record_send(client, "x", 1); + } while (cret == GNUTLS_E_AGAIN); + + do { + sret = gnutls_handshake(server); + } while (sret == GNUTLS_E_AGAIN); + assert_int_equal(sret, GNUTLS_E_GOT_APPLICATION_DATA); + + do { + n = gnutls_record_recv(server, buffer, sizeof(buffer)); + } while(n == GNUTLS_E_AGAIN); HANDSHAKE(client, server); + } else { + ssize_t n; + char b[1]; + + for (i=0;i<MAX_REHANDSHAKES;i++) { + sret = gnutls_rehandshake(server); + + n = gnutls_record_recv(client, b, 1); + assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + + HANDSHAKE(client, server); + } } gnutls_bye(client, GNUTLS_SHUT_RDWR); @@ -114,3 +161,22 @@ void doit(void) gnutls_global_deinit(); } + +static void tls12_rehandshake_server(void **glob_state) +{ + test_rehandshake(glob_state, 0); +} + +static void tls12_rehandshake_server_appdata(void **glob_state) +{ + test_rehandshake(glob_state, 1); +} + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(tls12_rehandshake_server), + cmocka_unit_test(tls12_rehandshake_server_appdata), + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} |