123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468 |
- /* suites.c
- *
- * Copyright (C) 2006-2014 wolfSSL Inc.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <cyassl/ctaocrypt/settings.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
- #include <cyassl/ssl.h>
- #include <tests/unit.h>
- #define MAX_ARGS 40
- #define MAX_COMMAND_SZ 240
- #define MAX_SUITE_SZ 80
- #define NOT_BUILT_IN -123
- #ifdef NO_OLD_TLS
- #define VERSION_TOO_OLD -124
- #endif
- #include "examples/client/client.h"
- #include "examples/server/server.h"
- static CYASSL_CTX* cipherSuiteCtx = NULL;
- static char nonblockFlag[] = "-N";
- static char noVerifyFlag[] = "-d";
- static char portFlag[] = "-p";
- static char flagSep[] = " ";
- static char svrPort[] = "0";
- #ifdef NO_OLD_TLS
- /* if the protocol version is less than tls 1.2 return 1, else 0 */
- static int IsOldTlsVersion(const char* line)
- {
- const char* find = "-v ";
- char* begin = strstr(line, find);
- if (begin) {
- int version = -1;
- begin += 3;
- version = atoi(begin);
- if (version < 3)
- return 1;
- }
- return 0;
- }
- #endif /* NO_OLD_TLS */
- /* if the cipher suite on line is valid store in suite and return 1, else 0 */
- static int IsValidCipherSuite(const char* line, char* suite)
- {
- int found = 0;
- int valid = 0;
- const char* find = "-l ";
- const char* begin = strstr(line, find);
- const char* end;
- suite[0] = '\0';
- if (begin) {
- begin += 3;
- end = strstr(begin, " ");
- if (end) {
- long len = end - begin;
- if (len > MAX_SUITE_SZ) {
- printf("suite too long!\n");
- return 0;
- }
- memcpy(suite, begin, len);
- suite[len] = '\0';
- }
- else
- strncpy(suite, begin, MAX_SUITE_SZ);
- suite[MAX_SUITE_SZ] = '\0';
- found = 1;
- }
- if (found) {
- if (CyaSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
- valid = 1;
- }
- return valid;
- }
- static int execute_test_case(int svr_argc, char** svr_argv,
- int cli_argc, char** cli_argv,
- int addNoVerify, int addNonBlocking)
- {
- #ifdef CYASSL_TIRTOS
- func_args cliArgs = {0};
- func_args svrArgs = {0};
- cliArgs.argc = cli_argc;
- cliArgs.argv = cli_argv;
- svrArgs.argc = svr_argc;
- svrArgs.argv = svr_argv;
- #else
- func_args cliArgs = {cli_argc, cli_argv, 0, NULL, NULL};
- func_args svrArgs = {svr_argc, svr_argv, 0, NULL, NULL};
- #endif
- tcp_ready ready;
- THREAD_TYPE serverThread;
- char commandLine[MAX_COMMAND_SZ];
- char cipherSuite[MAX_SUITE_SZ+1];
- int i;
- size_t added = 0;
- static int tests = 1;
- commandLine[0] = '\0';
- for (i = 0; i < svr_argc; i++) {
- added += strlen(svr_argv[i]) + 2;
- if (added >= MAX_COMMAND_SZ) {
- printf("server command line too long\n");
- break;
- }
- strcat(commandLine, svr_argv[i]);
- strcat(commandLine, flagSep);
- }
- if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
- #ifdef DEBUG_SUITE_TESTS
- printf("cipher suite %s not supported in build\n", cipherSuite);
- #endif
- return NOT_BUILT_IN;
- }
- #ifdef NO_OLD_TLS
- if (IsOldTlsVersion(commandLine) == 1) {
- #ifdef DEBUG_SUITE_TESTS
- printf("protocol version on line %s is too old\n", commandLine);
- #endif
- return VERSION_TOO_OLD;
- }
- #endif
- if (addNoVerify) {
- printf("repeating test with client cert request off\n");
- added += 4; /* -d plus space plus terminator */
- if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
- printf("server command line too long\n");
- else {
- svr_argv[svr_argc++] = noVerifyFlag;
- svrArgs.argc = svr_argc;
- strcat(commandLine, noVerifyFlag);
- strcat(commandLine, flagSep);
- }
- }
- if (addNonBlocking) {
- printf("repeating test with non blocking on\n");
- added += 4; /* -N plus terminator */
- if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
- printf("server command line too long\n");
- else {
- svr_argv[svr_argc++] = nonblockFlag;
- svrArgs.argc = svr_argc;
- strcat(commandLine, nonblockFlag);
- strcat(commandLine, flagSep);
- }
- }
- #if !defined(USE_WINDOWS_API) && !defined(CYASSL_TIRTOS)
- /* add port 0 */
- if (svr_argc + 2 > MAX_ARGS)
- printf("cannot add the magic port number flag to server\n");
- else
- {
- svr_argv[svr_argc++] = portFlag;
- svr_argv[svr_argc++] = svrPort;
- svrArgs.argc = svr_argc;
- }
- #endif
- printf("trying server command line[%d]: %s\n", tests, commandLine);
- commandLine[0] = '\0';
- added = 0;
- for (i = 0; i < cli_argc; i++) {
- added += strlen(cli_argv[i]) + 2;
- if (added >= MAX_COMMAND_SZ) {
- printf("client command line too long\n");
- break;
- }
- strcat(commandLine, cli_argv[i]);
- strcat(commandLine, flagSep);
- }
- if (addNonBlocking) {
- added += 4; /* -N plus space plus terminator */
- if (added >= MAX_COMMAND_SZ)
- printf("client command line too long\n");
- else {
- cli_argv[cli_argc++] = nonblockFlag;
- strcat(commandLine, nonblockFlag);
- strcat(commandLine, flagSep);
- cliArgs.argc = cli_argc;
- }
- }
- printf("trying client command line[%d]: %s\n", tests++, commandLine);
- InitTcpReady(&ready);
- #ifdef CYASSL_TIRTOS
- fdOpenSession(Task_self());
- #endif
- /* start server */
- svrArgs.signal = &ready;
- start_thread(server_test, &svrArgs, &serverThread);
- wait_tcp_ready(&svrArgs);
- #if !defined(USE_WINDOWS_API) && !defined(CYASSL_TIRTOS)
- if (ready.port != 0)
- {
- if (cli_argc + 2 > MAX_ARGS)
- printf("cannot add the magic port number flag to client\n");
- else {
- char portNumber[8];
- snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
- cli_argv[cli_argc++] = portFlag;
- cli_argv[cli_argc++] = portNumber;
- cliArgs.argc = cli_argc;
- }
- }
- #endif
- /* start client */
- client_test(&cliArgs);
- /* verify results */
- if (cliArgs.return_code != 0) {
- printf("client_test failed\n");
- exit(EXIT_FAILURE);
- }
- join_thread(serverThread);
- if (svrArgs.return_code != 0) {
- printf("server_test failed\n");
- exit(EXIT_FAILURE);
- }
- #ifdef CYASSL_TIRTOS
- fdCloseSession(Task_self());
- #endif
- FreeTcpReady(&ready);
-
- return 0;
- }
- static void test_harness(void* vargs)
- {
- func_args* args = (func_args*)vargs;
- char* script;
- long sz, len;
- int cliMode = 0; /* server or client command flag, server first */
- int ret;
- FILE* file;
- char* svrArgs[MAX_ARGS];
- int svrArgsSz;
- char* cliArgs[MAX_ARGS];
- int cliArgsSz;
- char* cursor;
- char* comment;
- const char* fname = "tests/test.conf";
- if (args->argc == 1) {
- printf("notice: using default file %s\n", fname);
- }
- else if(args->argc != 2) {
- printf("usage: harness [FILE]\n");
- args->return_code = 1;
- return;
- }
- else {
- fname = args->argv[1];
- }
- file = fopen(fname, "r");
- if (file == NULL) {
- fprintf(stderr, "unable to open %s\n", fname);
- args->return_code = 1;
- return;
- }
- fseek(file, 0, SEEK_END);
- sz = ftell(file);
- rewind(file);
- if (sz <= 0) {
- fprintf(stderr, "%s is empty\n", fname);
- fclose(file);
- args->return_code = 1;
- return;
- }
- script = (char*)malloc(sz+1);
- if (script == 0) {
- fprintf(stderr, "unable to allocte script buffer\n");
- fclose(file);
- args->return_code = 1;
- return;
- }
- len = fread(script, 1, sz, file);
- if (len != sz) {
- fprintf(stderr, "read error\n");
- fclose(file);
- free(script);
- args->return_code = 1;
- return;
- }
-
- fclose(file);
- script[sz] = 0;
- cursor = script;
- svrArgsSz = 1;
- svrArgs[0] = args->argv[0];
- cliArgsSz = 1;
- cliArgs[0] = args->argv[0];
- while (*cursor != 0) {
- int do_it = 0;
- switch (*cursor) {
- case '\n':
- /* A blank line triggers test case execution or switches
- to client mode if we don't have the client command yet */
- if (cliMode == 0)
- cliMode = 1; /* switch to client mode processing */
- else
- do_it = 1; /* Do It, we have server and client */
- cursor++;
- break;
- case '#':
- /* Ignore lines that start with a #. */
- comment = strsep(&cursor, "\n");
- #ifdef DEBUG_SUITE_TESTS
- printf("%s\n", comment);
- #else
- (void)comment;
- #endif
- break;
- case '-':
- /* Parameters start with a -. They end in either a newline
- * or a space. Capture until either, save in Args list. */
- if (cliMode)
- cliArgs[cliArgsSz++] = strsep(&cursor, " \n");
- else
- svrArgs[svrArgsSz++] = strsep(&cursor, " \n");
- break;
- default:
- /* Anything from cursor until end of line that isn't the above
- * is data for a paramter. Just up until the next newline in
- * the Args list. */
- if (cliMode)
- cliArgs[cliArgsSz++] = strsep(&cursor, "\n");
- else
- svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
- if (*cursor == 0) /* eof */
- do_it = 1;
- }
- if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
- fprintf(stderr, "too many arguments, forcing test run\n");
- do_it = 1;
- }
- if (do_it) {
- ret = execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs,0,0);
- /* don't repeat if not supported in build */
- if (ret == 0) {
- execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 0, 1);
- execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 0);
- execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs, 1, 1);
- }
- svrArgsSz = 1;
- cliArgsSz = 1;
- cliMode = 0;
- }
- }
- free(script);
- args->return_code = 0;
- }
- int SuiteTest(void)
- {
- func_args args;
- char argv0[2][80];
- char* myArgv[2];
- printf(" Begin Cipher Suite Tests\n");
- /* setup */
- myArgv[0] = argv0[0];
- myArgv[1] = argv0[1];
- args.argv = myArgv;
- strcpy(argv0[0], "SuiteTest");
- (void)test_harness;
- cipherSuiteCtx = CyaSSL_CTX_new(CyaTLSv1_2_client_method());
- if (cipherSuiteCtx == NULL) {
- printf("can't get cipher suite ctx\n");
- exit(EXIT_FAILURE);
- }
- /* default case */
- args.argc = 1;
- printf("starting default cipher suite tests\n");
- test_harness(&args);
- if (args.return_code != 0) {
- printf("error from script %d\n", args.return_code);
- exit(EXIT_FAILURE);
- }
- /* any extra cases will need another argument */
- args.argc = 2;
- #ifdef CYASSL_DTLS
- /* add dtls extra suites */
- strcpy(argv0[1], "tests/test-dtls.conf");
- printf("starting dtls extra cipher suite tests\n");
- test_harness(&args);
- if (args.return_code != 0) {
- printf("error from script %d\n", args.return_code);
- exit(EXIT_FAILURE);
- }
- #endif
- printf(" End Cipher Suite Tests\n");
- CyaSSL_CTX_free(cipherSuiteCtx);
- CyaSSL_Cleanup();
- return args.return_code;
- }
|