2 * Copyright (c) 2007, Cameron Rich
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * The testing of the crypto and ssl stuff goes here. Keeps the individual code
33 * modules from being uncluttered with test code.
35 * This is test code - I make no apologies for the quality!
52 #define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer"
53 #define DEFAULT_KEY "../ssl/test/axTLS.key_512"
54 //#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
55 #define DEFAULT_SVR_OPTION 0
56 #define DEFAULT_CLNT_OPTION 0
57 //#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
59 static int g_port
= 19001;
61 /**************************************************************************
64 * Run through a couple of the RFC3602 tests to verify that AES is correct.
65 **************************************************************************/
69 static int AES_test(BI_CTX
*bi_ctx
)
73 uint8_t key
[TEST1_SIZE
];
74 uint8_t iv
[TEST1_SIZE
];
78 Case #1: Encrypting 16 bytes (1 block) using AES-CBC
79 Key : 0x06a9214036b8a15b512e03d534120006
80 IV : 0x3dafba429d9eb430b422da802c9fac41
81 Plaintext : "Single block msg"
82 Ciphertext: 0xe353779c1079aeb82708942dbe77181a
85 char *in_str
= "Single block msg";
86 uint8_t ct
[TEST1_SIZE
];
87 uint8_t enc_data
[TEST1_SIZE
];
88 uint8_t dec_data
[TEST1_SIZE
];
90 bigint
*key_bi
= bi_str_import(
91 bi_ctx
, "06A9214036B8A15B512E03D534120006");
92 bigint
*iv_bi
= bi_str_import(
93 bi_ctx
, "3DAFBA429D9EB430B422DA802C9FAC41");
94 bigint
*ct_bi
= bi_str_import(
95 bi_ctx
, "E353779C1079AEB82708942DBE77181A");
96 bi_export(bi_ctx
, key_bi
, key
, TEST1_SIZE
);
97 bi_export(bi_ctx
, iv_bi
, iv
, TEST1_SIZE
);
98 bi_export(bi_ctx
, ct_bi
, ct
, TEST1_SIZE
);
100 AES_set_key(&aes_key
, key
, iv
, AES_MODE_128
);
101 AES_cbc_encrypt(&aes_key
, (const uint8_t *)in_str
,
102 enc_data
, sizeof(enc_data
));
103 if (memcmp(enc_data
, ct
, sizeof(ct
)))
105 printf("Error: AES ENCRYPT #1 failed\n");
109 AES_set_key(&aes_key
, key
, iv
, AES_MODE_128
);
110 AES_convert_key(&aes_key
);
111 AES_cbc_decrypt(&aes_key
, enc_data
, dec_data
, sizeof(enc_data
));
113 if (memcmp(dec_data
, in_str
, sizeof(dec_data
)))
115 printf("Error: AES DECRYPT #1 failed\n");
122 Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC
123 Key : 0xc286696d887c9aa0611bbb3e2025a45a
124 IV : 0x562e17996d093d28ddb3ba695a2e6f58
125 Plaintext : 0x000102030405060708090a0b0c0d0e0f
126 101112131415161718191a1b1c1d1e1f
127 Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
128 7586602d253cfff91b8266bea6d61ab1
130 uint8_t in_data
[TEST2_SIZE
];
131 uint8_t ct
[TEST2_SIZE
];
132 uint8_t enc_data
[TEST2_SIZE
];
133 uint8_t dec_data
[TEST2_SIZE
];
135 bigint
*in_bi
= bi_str_import(bi_ctx
,
136 "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
137 bigint
*key_bi
= bi_str_import(
138 bi_ctx
, "C286696D887C9AA0611BBB3E2025A45A");
139 bigint
*iv_bi
= bi_str_import(
140 bi_ctx
, "562E17996D093D28DDB3BA695A2E6F58");
141 bigint
*ct_bi
= bi_str_import(bi_ctx
,
142 "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
143 bi_export(bi_ctx
, in_bi
, in_data
, TEST2_SIZE
);
144 bi_export(bi_ctx
, key_bi
, key
, TEST1_SIZE
);
145 bi_export(bi_ctx
, iv_bi
, iv
, TEST1_SIZE
);
146 bi_export(bi_ctx
, ct_bi
, ct
, TEST2_SIZE
);
148 AES_set_key(&aes_key
, key
, iv
, AES_MODE_128
);
149 AES_cbc_encrypt(&aes_key
, (const uint8_t *)in_data
,
150 enc_data
, sizeof(enc_data
));
152 if (memcmp(enc_data
, ct
, sizeof(ct
)))
154 printf("Error: ENCRYPT #2 failed\n");
158 AES_set_key(&aes_key
, key
, iv
, AES_MODE_128
);
159 AES_convert_key(&aes_key
);
160 AES_cbc_decrypt(&aes_key
, enc_data
, dec_data
, sizeof(enc_data
));
161 if (memcmp(dec_data
, in_data
, sizeof(dec_data
)))
163 printf("Error: DECRYPT #2 failed\n");
169 printf("All AES tests passed\n");
175 /**************************************************************************
178 * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
179 **************************************************************************/
180 static const uint8_t keys
[7][30]=
182 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
183 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
184 {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
185 {4,0xef,0x01,0x23,0x45},
186 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
187 {4,0xef,0x01,0x23,0x45},
190 static const uint8_t data_len
[7]={8,8,8,20,28,10};
191 static uint8_t data
[7][30]=
193 {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
194 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
195 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
196 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
197 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
198 0x00,0x00,0x00,0x00,0xff},
199 {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
200 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
201 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
202 0x12,0x34,0x56,0x78,0xff},
203 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
207 static const uint8_t output
[7][30]=
209 {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
210 {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
211 {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
212 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
213 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
214 0x36,0xb6,0x78,0x58,0x00},
215 {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
216 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
217 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
218 0x40,0x01,0x1e,0xcf,0x00},
219 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
223 static int RC4_test(BI_CTX
*bi_ctx
)
228 for (i
= 0; i
< 6; i
++)
230 RC4_setup(&s
, &keys
[i
][1], keys
[i
][0]);
231 RC4_crypt(&s
, data
[i
], data
[i
], data_len
[i
]);
233 if (memcmp(data
[i
], output
[i
], data_len
[i
]))
235 printf("Error: RC4 CRYPT #%d failed\n", i
);
241 printf("All RC4 tests passed\n");
247 /**************************************************************************
250 * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
251 **************************************************************************/
252 static int SHA1_test(BI_CTX
*bi_ctx
)
255 uint8_t ct
[SHA1_SIZE
];
256 uint8_t digest
[SHA1_SIZE
];
260 const char *in_str
= "abc";
261 bigint
*ct_bi
= bi_str_import(bi_ctx
,
262 "A9993E364706816ABA3E25717850C26C9CD0D89D");
263 bi_export(bi_ctx
, ct_bi
, ct
, SHA1_SIZE
);
266 SHA1_Update(&ctx
, (const uint8_t *)in_str
, strlen(in_str
));
267 SHA1_Final(digest
, &ctx
);
269 if (memcmp(digest
, ct
, sizeof(ct
)))
271 printf("Error: SHA1 #1 failed\n");
278 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
279 bigint
*ct_bi
= bi_str_import(bi_ctx
,
280 "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
281 bi_export(bi_ctx
, ct_bi
, ct
, SHA1_SIZE
);
284 SHA1_Update(&ctx
, (const uint8_t *)in_str
, strlen(in_str
));
285 SHA1_Final(digest
, &ctx
);
287 if (memcmp(digest
, ct
, sizeof(ct
)))
289 printf("Error: SHA1 #2 failed\n");
295 printf("All SHA1 tests passed\n");
301 /**************************************************************************
304 * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
305 **************************************************************************/
306 static int MD5_test(BI_CTX
*bi_ctx
)
309 uint8_t ct
[MD5_SIZE
];
310 uint8_t digest
[MD5_SIZE
];
314 const char *in_str
= "abc";
315 bigint
*ct_bi
= bi_str_import(bi_ctx
,
316 "900150983CD24FB0D6963F7D28E17F72");
317 bi_export(bi_ctx
, ct_bi
, ct
, MD5_SIZE
);
320 MD5_Update(&ctx
, (const uint8_t *)in_str
, strlen(in_str
));
321 MD5_Final(digest
, &ctx
);
323 if (memcmp(digest
, ct
, sizeof(ct
)))
325 printf("Error: MD5 #1 failed\n");
332 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
333 bigint
*ct_bi
= bi_str_import(
334 bi_ctx
, "D174AB98D277D9F5A5611C2C9F419D9F");
335 bi_export(bi_ctx
, ct_bi
, ct
, MD5_SIZE
);
338 MD5_Update(&ctx
, (const uint8_t *)in_str
, strlen(in_str
));
339 MD5_Final(digest
, &ctx
);
341 if (memcmp(digest
, ct
, sizeof(ct
)))
343 printf("Error: MD5 #2 failed\n");
348 printf("All MD5 tests passed\n");
354 /**************************************************************************
357 * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
358 **************************************************************************/
359 static int HMAC_test(BI_CTX
*bi_ctx
)
361 uint8_t key
[SHA1_SIZE
];
362 uint8_t ct
[SHA1_SIZE
];
363 uint8_t dgst
[SHA1_SIZE
];
367 const char *data_str
= "Hi There";
368 bigint
*key_bi
= bi_str_import(bi_ctx
, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
369 bigint
*ct_bi
= bi_str_import(bi_ctx
, "9294727A3638BB1C13F48EF8158BFC9D");
370 bi_export(bi_ctx
, key_bi
, key
, MD5_SIZE
);
371 bi_export(bi_ctx
, ct_bi
, ct
, MD5_SIZE
);
372 hmac_md5((const uint8_t *)data_str
, 8, key
, MD5_SIZE
, dgst
);
373 if (memcmp(dgst
, ct
, MD5_SIZE
))
375 printf("HMAC MD5 #1 failed\n");
379 data_str
= "what do ya want for nothing?";
381 ct_bi
= bi_str_import(bi_ctx
, "750C783E6AB0B503EAA86E310A5DB738");
382 bi_export(bi_ctx
, ct_bi
, ct
, MD5_SIZE
);
383 hmac_md5((const uint8_t *)data_str
, 28, (const uint8_t *)key_str
, 4, dgst
);
384 if (memcmp(dgst
, ct
, MD5_SIZE
))
386 printf("HMAC MD5 #2 failed\n");
390 data_str
= "Hi There";
391 key_bi
= bi_str_import(bi_ctx
, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
392 bi_export(bi_ctx
, key_bi
, key
, SHA1_SIZE
);
393 ct_bi
= bi_str_import(bi_ctx
, "B617318655057264E28BC0B6FB378C8EF146BE00");
394 bi_export(bi_ctx
, ct_bi
, ct
, SHA1_SIZE
);
396 hmac_sha1((const uint8_t *)data_str
, 8,
397 (const uint8_t *)key
, SHA1_SIZE
, dgst
);
398 if (memcmp(dgst
, ct
, SHA1_SIZE
))
400 printf("HMAC SHA1 #1 failed\n");
404 data_str
= "what do ya want for nothing?";
406 ct_bi
= bi_str_import(bi_ctx
, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
407 bi_export(bi_ctx
, ct_bi
, ct
, SHA1_SIZE
);
409 hmac_sha1((const uint8_t *)data_str
, 28, (const uint8_t *)key_str
, 5, dgst
);
410 if (memcmp(dgst
, ct
, SHA1_SIZE
))
412 printf("HMAC SHA1 failed\n");
417 printf("All HMAC tests passed\n");
423 /**************************************************************************
426 **************************************************************************/
427 static int BIGINT_test(BI_CTX
*ctx
)
430 bigint
*bi_data
, *bi_exp
, *bi_res
;
431 const char *expnt
, *plaintext
, *mod
;
432 uint8_t compare
[MAX_KEY_BYTE_SIZE
];
437 plaintext
= /* 64 byte number */
438 "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
440 mod
= "C30773C8ABE09FCC279EE0E5343370DE"
441 "8B2FFDB6059271E3005A7CEEF0D35E0A"
442 "1F9915D95E63560836CC2EB2C289270D"
443 "BCAE8CAF6F5E907FC2759EE220071E1B";
445 expnt
= "A1E556CD1738E10DF539E35101334E97"
446 "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
447 "F3140F5091CC535CBAA47CEC4159EE1F"
448 "B6A3661AFF1AB758426EAB158452A9B9";
450 bi_data
= bi_import(ctx
, (uint8_t *)plaintext
, strlen(plaintext
));
451 bi_exp
= int_to_bi(ctx
, 0x10001);
452 bi_set_mod(ctx
, bi_str_import(ctx
, mod
), 0);
453 bi_res
= bi_mod_power(ctx
, bi_data
, bi_exp
);
455 bi_data
= bi_res
; /* resuse again - see if we get the original */
457 bi_exp
= bi_str_import(ctx
, expnt
);
458 bi_res
= bi_mod_power(ctx
, bi_data
, bi_exp
);
461 bi_export(ctx
, bi_res
, compare
, 64);
462 if (memcmp(plaintext
, compare
, 64) != 0)
465 printf("All BIGINT tests passed\n");
472 /**************************************************************************
475 * Use the results from openssl to verify PKCS1 etc
476 **************************************************************************/
477 static int RSA_test(void)
480 const char *plaintext
= /* 128 byte hex number */
481 "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
482 "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
483 uint8_t enc_data
[128], dec_data
[128];
484 RSA_CTX
*rsa_ctx
= NULL
;
486 bigint
*plaintext_bi
;
487 bigint
*enc_data_bi
, *dec_data_bi
;
488 uint8_t enc_data2
[128], dec_data2
[128];
493 /* extract the private key elements */
494 len
= get_file("../ssl/test/axTLS.key_1024", &buf
);
495 if (asn1_get_private_key(buf
, len
, &rsa_ctx
) < 0)
501 bi_ctx
= rsa_ctx
->bi_ctx
;
502 plaintext_bi
= bi_import(bi_ctx
,
503 (const uint8_t *)plaintext
, strlen(plaintext
));
505 /* basic rsa encrypt */
506 enc_data_bi
= RSA_public(rsa_ctx
, plaintext_bi
);
507 bi_export(bi_ctx
, bi_copy(enc_data_bi
), enc_data
, sizeof(enc_data
));
509 /* basic rsa decrypt */
510 dec_data_bi
= RSA_private(rsa_ctx
, enc_data_bi
);
511 bi_export(bi_ctx
, dec_data_bi
, dec_data
, sizeof(dec_data
));
513 if (memcmp(dec_data
, plaintext
, strlen(plaintext
)))
515 printf("Error: DECRYPT #1 failed\n");
519 RSA_encrypt(rsa_ctx
, (const uint8_t *)"abc", 3, enc_data2
, 0);
520 size
= RSA_decrypt(rsa_ctx
, enc_data2
, dec_data2
, 1);
521 if (memcmp("abc", dec_data2
, 3))
523 printf("Error: ENCRYPT/DECRYPT #2 failed\n");
529 printf("All RSA tests passed\n");
535 /**************************************************************************
538 **************************************************************************/
539 static int cert_tests(void)
546 /* check a bunch of 3rd party certificates */
547 ssl_ctx
= ssl_ctx_new(0, 0);
548 len
= get_file("../ssl/test/microsoft.x509_ca", &buf
);
549 if ((res
= add_cert_auth(ssl_ctx
, buf
, len
)) < 0)
552 ssl_display_error(res
);
556 ssl_ctx_free(ssl_ctx
);
559 ssl_ctx
= ssl_ctx_new(0, 0);
560 len
= get_file("../ssl/test/thawte.x509_ca", &buf
);
561 if ((res
= add_cert_auth(ssl_ctx
, buf
, len
)) < 0)
564 ssl_display_error(res
);
568 ssl_ctx_free(ssl_ctx
);
571 ssl_ctx
= ssl_ctx_new(0, 0);
572 len
= get_file("../ssl/test/deutsche_telecom.x509_ca", &buf
);
573 if ((res
= add_cert_auth(ssl_ctx
, buf
, len
)) < 0)
576 ssl_display_error(res
);
580 ssl_ctx_free(ssl_ctx
);
583 ssl_ctx
= ssl_ctx_new(0, 0);
584 len
= get_file("../ssl/test/equifax.x509_ca", &buf
);
585 if ((res
= add_cert_auth(ssl_ctx
, buf
, len
)) < 0)
588 ssl_display_error(res
);
592 ssl_ctx_free(ssl_ctx
);
595 ssl_ctx
= ssl_ctx_new(0, 0);
596 len
= get_file("../ssl/test/gnutls.cer", &buf
);
597 if ((res
= add_cert(ssl_ctx
, buf
, len
)) < 0)
600 ssl_display_error(res
);
604 ssl_ctx_free(ssl_ctx
);
607 ssl_ctx
= ssl_ctx_new(0, 0);
608 len
= get_file("../ssl/test/socgen.cer", &buf
);
609 if ((res
= add_cert(ssl_ctx
, buf
, len
)) < 0)
612 ssl_display_error(res
);
616 ssl_ctx_free(ssl_ctx
);
619 ssl_ctx
= ssl_ctx_new(0, 0);
620 len
= get_file("../ssl/test/verisign.x509_ca", &buf
);
621 if ((res
= add_cert_auth(ssl_ctx
, buf
, len
)) <0)
624 ssl_display_error(res
);
628 ssl_ctx_free(ssl_ctx
);
631 if (get_file("../ssl/test/verisign.x509_my_cert", &buf
) < 0 ||
632 x509_new(buf
, &len
, &x509_ctx
))
635 ssl_display_error(res
);
642 ssl_ctx
= ssl_ctx_new(0, 0);
643 if ((res
= ssl_obj_load(ssl_ctx
,
644 SSL_OBJ_X509_CERT
, "../ssl/test/ms_iis.cer", NULL
)) != SSL_OK
)
646 ssl_display_error(res
);
650 ssl_ctx_free(ssl_ctx
);
651 res
= 0; /* all ok */
652 printf("All Certificate tests passed\n");
656 printf("Error: A certificate test failed\n");
661 * init a server socket.
663 static int server_socket_init(int *port
)
665 struct sockaddr_in serv_addr
;
669 /* Create socket for incoming connections */
670 if ((server_fd
= socket(AF_INET
, SOCK_STREAM
, 0)) < 0)
675 setsockopt(server_fd
, SOL_SOCKET
, SO_REUSEADDR
, &yes
, sizeof(yes
));
678 /* Construct local address structure */
679 memset(&serv_addr
, 0, sizeof(serv_addr
)); /* Zero out structure */
680 serv_addr
.sin_family
= AF_INET
; /* Internet address family */
681 serv_addr
.sin_addr
.s_addr
= htonl(INADDR_ANY
); /* Any incoming interface */
682 serv_addr
.sin_port
= htons(*port
); /* Local port */
684 /* Bind to the local address */
685 if (bind(server_fd
, (struct sockaddr
*) &serv_addr
, sizeof(serv_addr
)) < 0)
690 /* Mark the socket so it will listen for incoming connections */
691 if (listen(server_fd
, 3000) < 0)
700 * init a client socket.
702 static int client_socket_init(uint16_t port
)
704 struct sockaddr_in address
;
707 address
.sin_family
= AF_INET
;
708 address
.sin_port
= htons(port
);
709 address
.sin_addr
.s_addr
= inet_addr("127.0.0.1");
710 client_fd
= socket(AF_INET
, SOCK_STREAM
, 0);
711 if (connect(client_fd
, (struct sockaddr
*)&address
, sizeof(address
)) < 0)
714 SOCKET_CLOSE(client_fd
);
721 /**************************************************************************
724 **************************************************************************/
727 /* not used as yet */
733 const char *testname
;
734 const char *openssl_option
;
737 static void do_client(client_t
*clnt
)
739 char openssl_buf
[2048];
741 /* make sure the main thread goes first */
744 /* show the session ids in the reconnect test */
745 if (strcmp(clnt
->testname
, "Session Reuse") == 0)
747 sprintf(openssl_buf
, "echo \"hello client\" | openssl s_client "
748 "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"",
749 g_port
, clnt
->openssl_option
);
753 sprintf(openssl_buf
, "echo \"hello client\" | openssl s_client "
755 "-connect localhost:%d -quiet %s",
757 "-connect localhost:%d -quiet %s > /dev/null 2>&1",
759 g_port
, clnt
->openssl_option
);
765 static int SSL_server_test(
766 const char *testname
,
767 const char *openssl_option
,
768 const char *device_cert
,
769 const char *product_cert
,
770 const char *private_key
,
772 const char *password
,
775 int server_fd
, ret
= 0;
776 SSL_CTX
*ssl_ctx
= NULL
;
777 struct sockaddr_in client_addr
;
779 socklen_t clnt_len
= sizeof(client_addr
);
780 client_t client_data
;
786 client_data
.testname
= testname
;
787 client_data
.openssl_option
= openssl_option
;
789 if ((server_fd
= server_socket_init(&g_port
)) < 0)
794 axtls_option
|= SSL_NO_DEFAULT_KEY
;
797 if ((ssl_ctx
= ssl_ctx_new(axtls_option
, SSL_DEFAULT_SVR_SESS
)) == NULL
)
799 ret
= SSL_ERROR_INVALID_KEY
;
805 int obj_type
= SSL_OBJ_RSA_KEY
;
807 if (strstr(private_key
, ".p8"))
808 obj_type
= SSL_OBJ_PKCS8
;
809 else if (strstr(private_key
, ".p12"))
810 obj_type
= SSL_OBJ_PKCS12
;
812 if (ssl_obj_load(ssl_ctx
, obj_type
, private_key
, password
))
814 ret
= SSL_ERROR_INVALID_KEY
;
819 if (device_cert
) /* test chaining */
821 if ((ret
= ssl_obj_load(ssl_ctx
,
822 SSL_OBJ_X509_CERT
, device_cert
, NULL
)) != SSL_OK
)
826 if (product_cert
) /* test chaining */
828 if ((ret
= ssl_obj_load(ssl_ctx
,
829 SSL_OBJ_X509_CERT
, product_cert
, NULL
)) != SSL_OK
)
833 if (ca_cert
) /* test adding certificate authorities */
835 if ((ret
= ssl_obj_load(ssl_ctx
,
836 SSL_OBJ_X509_CACERT
, ca_cert
, NULL
)) != SSL_OK
)
841 pthread_create(&thread
, NULL
,
842 (void *(*)(void *))do_client
, (void *)&client_data
);
843 pthread_detach(thread
);
845 CreateThread(NULL
, 1024, (LPTHREAD_START_ROUTINE
)do_client
,
846 (LPVOID
)&client_data
, 0, NULL
);
851 int client_fd
, size
= 0;
854 /* Wait for a client to connect */
855 if ((client_fd
= accept(server_fd
,
856 (struct sockaddr
*)&client_addr
, &clnt_len
)) < 0)
858 ret
= SSL_ERROR_SOCK_SETUP_FAILURE
;
862 /* we are ready to go */
863 ssl
= ssl_server_new(ssl_ctx
, client_fd
);
864 while ((size
= ssl_read(ssl
, &read_buf
)) == SSL_OK
);
865 SOCKET_CLOSE(client_fd
);
867 if (size
< SSL_OK
) /* got some alert or something nasty */
871 if (ret
== SSL_ERROR_CONN_LOST
)
877 break; /* we've got a problem */
879 else /* looks more promising */
881 if (strstr("hello client", (char *)read_buf
) == NULL
)
883 printf("SSL server test \"%s\" passed\n", testname
);
893 SOCKET_CLOSE(server_fd
);
896 ssl_ctx_free(ssl_ctx
);
900 int SSL_server_tests(void)
903 struct stat stat_buf
;
904 SVR_CTX svr_test_ctx
;
905 memset(&svr_test_ctx
, 0, sizeof(SVR_CTX
));
907 printf("### starting server tests\n"); TTY_FLUSH();
909 /* Go through the algorithms */
914 if ((ret
= SSL_server_test("TLSv1", "-cipher RC4-SHA -tls1",
915 NULL
, NULL
, NULL
, NULL
, NULL
, DEFAULT_SVR_OPTION
)))
921 if ((ret
= SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
922 DEFAULT_CERT
, NULL
, DEFAULT_KEY
, NULL
, NULL
,
923 DEFAULT_SVR_OPTION
)))
929 if ((ret
= SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
930 DEFAULT_CERT
, NULL
, DEFAULT_KEY
, NULL
, NULL
,
931 DEFAULT_SVR_OPTION
)))
937 if ((ret
= SSL_server_test("RC4-SHA", "-cipher RC4-SHA",
938 DEFAULT_CERT
, NULL
, DEFAULT_KEY
, NULL
, NULL
,
939 DEFAULT_SVR_OPTION
)))
945 if ((ret
= SSL_server_test("RC4-MD5", "-cipher RC4-MD5",
946 DEFAULT_CERT
, NULL
, DEFAULT_KEY
, NULL
, NULL
,
947 DEFAULT_SVR_OPTION
)))
952 * all the session id's should match for session resumption.
954 if ((ret
= SSL_server_test("Session Reuse",
955 "-cipher RC4-SHA -reconnect",
956 DEFAULT_CERT
, NULL
, DEFAULT_KEY
, NULL
, NULL
,
957 DEFAULT_SVR_OPTION
)))
963 if ((ret
= SSL_server_test("512 bit key", "-cipher RC4-SHA",
964 "../ssl/test/axTLS.x509_512.cer", NULL
,
965 "../ssl/test/axTLS.key_512",
966 NULL
, NULL
, DEFAULT_SVR_OPTION
)))
970 * 1024 bit RSA key (check certificate chaining)
972 if ((ret
= SSL_server_test("1024 bit key",
974 "../ssl/test/axTLS.x509_device.cer",
975 "../ssl/test/axTLS.x509_512.cer",
976 "../ssl/test/axTLS.device_key",
977 NULL
, NULL
, DEFAULT_SVR_OPTION
)))
983 if ((ret
= SSL_server_test("2048 bit key",
985 "../ssl/test/axTLS.x509_2048.cer", NULL
,
986 "../ssl/test/axTLS.key_2048",
987 NULL
, NULL
, DEFAULT_SVR_OPTION
)))
993 if ((ret
= SSL_server_test("4096 bit key",
995 "../ssl/test/axTLS.x509_4096.cer", NULL
,
996 "../ssl/test/axTLS.key_4096",
997 NULL
, NULL
, DEFAULT_SVR_OPTION
)))
1001 * Client Verification
1003 if ((ret
= SSL_server_test("Client Verification",
1004 "-cipher RC4-SHA -tls1 "
1005 "-cert ../ssl/test/axTLS.x509_2048.pem "
1006 "-key ../ssl/test/axTLS.key_2048.pem ",
1008 "../ssl/test/axTLS.ca_x509.cer", NULL
,
1009 DEFAULT_SVR_OPTION
|SSL_CLIENT_AUTHENTICATION
)))
1012 /* this test should fail */
1013 if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf
) >= 0)
1015 if ((ret
= SSL_server_test("Error: Bad Before Cert",
1016 "-cipher RC4-SHA -tls1 "
1017 "-cert ../ssl/test/axTLS.x509_bad_before.pem "
1018 "-key ../ssl/test/axTLS.key_512.pem ",
1020 "../ssl/test/axTLS.ca_x509.cer", NULL
,
1021 DEFAULT_SVR_OPTION
|SSL_CLIENT_AUTHENTICATION
)) !=
1022 SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID
))
1025 printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
1027 ret
= 0; /* is ok */
1030 /* this test should fail */
1031 if ((ret
= SSL_server_test("Error: Bad After Cert",
1032 "-cipher RC4-SHA -tls1 "
1033 "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1034 "-key ../ssl/test/axTLS.key_512.pem ",
1036 "../ssl/test/axTLS.ca_x509.cer", NULL
,
1037 DEFAULT_SVR_OPTION
|SSL_CLIENT_AUTHENTICATION
)) !=
1038 SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED
))
1041 printf("SSL server test \"%s\" passed\n", "Bad After Cert");
1047 if ((ret
= SSL_server_test("Error: No trusted certificate",
1048 "-cipher RC4-SHA -tls1 "
1049 "-cert ../ssl/test/axTLS.x509_512.pem "
1050 "-key ../ssl/test/axTLS.key_512.pem ",
1053 DEFAULT_SVR_OPTION
|SSL_CLIENT_AUTHENTICATION
)) !=
1054 SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT
))
1057 printf("SSL server test \"%s\" passed\n", "No trusted certificate");
1061 * Self-signed (from the server)
1063 if ((ret
= SSL_server_test("Error: Self-signed certificate (from server)",
1064 "-cipher RC4-SHA -tls1 "
1065 "-cert ../ssl/test/axTLS.x509_512.pem "
1066 "-key ../ssl/test/axTLS.key_512.pem "
1067 "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
1070 DEFAULT_SVR_OPTION
|SSL_CLIENT_AUTHENTICATION
)) !=
1071 SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED
))
1074 printf("SSL server test \"%s\" passed\n",
1075 "Self-signed certificate (from server)");
1079 * Self-signed (from the client)
1081 if ((ret
= SSL_server_test("Self-signed certificate (from client)",
1082 "-cipher RC4-SHA -tls1 "
1083 "-cert ../ssl/test/axTLS.x509_512.pem "
1084 "-key ../ssl/test/axTLS.key_512.pem ",
1086 "../ssl/test/axTLS.ca_x509.cer",
1088 DEFAULT_SVR_OPTION
|SSL_CLIENT_AUTHENTICATION
)))
1094 if ((ret
= SSL_server_test("Key in PEM format",
1096 "../ssl/test/axTLS.x509_512.cer", NULL
,
1097 "../ssl/test/axTLS.key_512.pem", NULL
,
1098 NULL
, DEFAULT_SVR_OPTION
)))
1102 * Cert in PEM format
1104 if ((ret
= SSL_server_test("Cert in PEM format",
1106 "../ssl/test/axTLS.x509_512.pem", NULL
,
1107 "../ssl/test/axTLS.key_512.pem", NULL
,
1108 NULL
, DEFAULT_SVR_OPTION
)))
1112 * Cert chain in PEM format
1114 if ((ret
= SSL_server_test("Cert chain in PEM format",
1116 "../ssl/test/axTLS.x509_device.pem",
1117 NULL
, "../ssl/test/axTLS.device_key.pem",
1118 "../ssl/test/axTLS.ca_x509.pem", NULL
, DEFAULT_SVR_OPTION
)))
1122 * AES128 Encrypted key
1124 if ((ret
= SSL_server_test("AES128 encrypted key",
1126 "../ssl/test/axTLS.x509_aes128.pem", NULL
,
1127 "../ssl/test/axTLS.key_aes128.pem",
1128 NULL
, "abcd", DEFAULT_SVR_OPTION
)))
1132 * AES256 Encrypted key
1134 if ((ret
= SSL_server_test("AES256 encrypted key",
1136 "../ssl/test/axTLS.x509_aes256.pem", NULL
,
1137 "../ssl/test/axTLS.key_aes256.pem",
1138 NULL
, "abcd", DEFAULT_SVR_OPTION
)))
1142 * AES128 Encrypted invalid key
1144 if ((ret
= SSL_server_test("AES128 encrypted invalid key",
1146 "../ssl/test/axTLS.x509_aes128.pem", NULL
,
1147 "../ssl/test/axTLS.key_aes128.pem",
1148 NULL
, "xyz", DEFAULT_SVR_OPTION
)) != SSL_ERROR_INVALID_KEY
)
1151 printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
1155 * PKCS#8 key (encrypted)
1157 if ((ret
= SSL_server_test("pkcs#8 encrypted", "-cipher RC4-SHA",
1158 DEFAULT_CERT
, NULL
, "../ssl/test/axTLS.encrypted.p8",
1159 NULL
, "abcd", DEFAULT_SVR_OPTION
)))
1163 * PKCS#8 key (unencrypted)
1165 if ((ret
= SSL_server_test("pkcs#8 unencrypted", "-cipher RC4-SHA",
1166 DEFAULT_CERT
, NULL
, "../ssl/test/axTLS.unencrypted.p8",
1167 NULL
, NULL
, DEFAULT_SVR_OPTION
)))
1171 * PKCS#12 key/certificate
1173 if ((ret
= SSL_server_test("pkcs#12 with CA", "-cipher RC4-SHA",
1174 NULL
, NULL
, "../ssl/test/axTLS.withCA.p12",
1175 NULL
, "abcd", DEFAULT_SVR_OPTION
)))
1178 if ((ret
= SSL_server_test("pkcs#12 no CA", "-cipher RC4-SHA",
1179 DEFAULT_CERT
, NULL
, "../ssl/test/axTLS.withoutCA.p12",
1180 NULL
, "abcd", DEFAULT_SVR_OPTION
)))
1188 printf("Error: A server test failed\n");
1189 ssl_display_error(ret
);
1194 printf("All server tests passed\n"); TTY_FLUSH();
1200 /**************************************************************************
1201 * SSL Client Testing
1203 **************************************************************************/
1206 uint8_t session_id
[SSL_SESSION_ID_SIZE
];
1208 pthread_t server_thread
;
1213 } CLNT_SESSION_RESUME_CTX
;
1217 const char *testname
;
1218 const char *openssl_option
;
1221 static void do_server(server_t
*svr
)
1223 char openssl_buf
[2048];
1225 pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS
, NULL
);
1227 sprintf(openssl_buf
, "openssl s_server -tls1 "
1228 "-accept %d -quiet %s ", g_port
, svr
->openssl_option
);
1229 system(openssl_buf
);
1232 static int SSL_client_test(
1235 const char *openssl_option
,
1236 CLNT_SESSION_RESUME_CTX
*sess_resume
,
1237 uint32_t client_options
,
1238 const char *private_key
,
1239 const char *password
,
1242 server_t server_data
;
1245 uint8_t *session_id
= NULL
;
1251 if (sess_resume
== NULL
|| sess_resume
->start_server
)
1254 server_data
.openssl_option
= openssl_option
;
1257 pthread_create(&thread
, NULL
,
1258 (void *(*)(void *))do_server
, (void *)&server_data
);
1259 pthread_detach(thread
);
1261 CreateThread(NULL
, 1024, (LPTHREAD_START_ROUTINE
)do_server
,
1262 (LPVOID
)&server_data
, 0, NULL
);
1266 usleep(200000); /* allow server to start */
1268 if (*ssl_ctx
== NULL
)
1272 client_options
|= SSL_NO_DEFAULT_KEY
;
1275 if ((*ssl_ctx
= ssl_ctx_new(
1276 client_options
, SSL_DEFAULT_CLNT_SESS
)) == NULL
)
1278 ret
= SSL_ERROR_INVALID_KEY
;
1279 goto client_test_exit
;
1284 int obj_type
= SSL_OBJ_RSA_KEY
;
1286 if (strstr(private_key
, ".p8"))
1287 obj_type
= SSL_OBJ_PKCS8
;
1288 else if (strstr(private_key
, ".p12"))
1289 obj_type
= SSL_OBJ_PKCS12
;
1291 if (ssl_obj_load(*ssl_ctx
, obj_type
, private_key
, password
))
1293 ret
= SSL_ERROR_INVALID_KEY
;
1294 goto client_test_exit
;
1300 if ((ret
= ssl_obj_load(*ssl_ctx
,
1301 SSL_OBJ_X509_CERT
, cert
, NULL
)) != SSL_OK
)
1303 printf("could not add cert %s (%d)\n", cert
, ret
);
1305 goto client_test_exit
;
1309 if (ssl_obj_load(*ssl_ctx
, SSL_OBJ_X509_CACERT
,
1310 "../ssl/test/axTLS.ca_x509.cer", NULL
))
1312 printf("could not add cert auth\n"); TTY_FLUSH();
1313 goto client_test_exit
;
1317 if (sess_resume
&& !sess_resume
->start_server
)
1319 session_id
= sess_resume
->session_id
;
1322 if ((client_fd
= client_socket_init(g_port
)) < 0)
1324 printf("could not start socket on %d\n", g_port
); TTY_FLUSH();
1325 goto client_test_exit
;
1328 ssl
= ssl_client_new(*ssl_ctx
, client_fd
, session_id
, sizeof(session_id
));
1330 /* check the return status */
1331 if ((ret
= ssl_handshake_status(ssl
)))
1332 goto client_test_exit
;
1334 /* renegotiate client */
1335 if (sess_resume
&& sess_resume
->do_reneg
)
1337 if (ssl_renegotiate(ssl
) < 0)
1338 goto client_test_exit
;
1343 memcpy(sess_resume
->session_id
,
1344 ssl_get_session_id(ssl
), SSL_SESSION_ID_SIZE
);
1347 if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER
) &&
1348 (ret
= ssl_verify_cert(ssl
)))
1350 goto client_test_exit
;
1353 ssl_write(ssl
, (uint8_t *)"hello world\n", 13);
1356 const uint8_t *sess_id
= ssl_get_session_id(ssl
);
1359 printf(" Session-ID: ");
1360 for (i
= 0; i
< SSL_SESSION_ID_SIZE
; i
++)
1362 printf("%02X", sess_id
[i
]);
1372 SOCKET_CLOSE(client_fd
);
1373 usleep(200000); /* allow openssl to say something */
1377 if (sess_resume
->stop_server
)
1379 ssl_ctx_free(*ssl_ctx
);
1382 pthread_cancel(sess_resume
->server_thread
);
1385 else if (sess_resume
->start_server
)
1388 sess_resume
->server_thread
= thread
;
1394 ssl_ctx_free(*ssl_ctx
);
1397 pthread_cancel(thread
);
1403 printf("SSL client test \"%s\" passed\n", test
);
1410 int SSL_client_tests(void)
1413 SSL_CTX
*ssl_ctx
= NULL
;
1414 CLNT_SESSION_RESUME_CTX sess_resume
;
1415 memset(&sess_resume
, 0, sizeof(CLNT_SESSION_RESUME_CTX
));
1417 sess_resume
.start_server
= 1;
1418 printf("### starting client tests\n");
1420 if ((ret
= SSL_client_test("512 bit key",
1422 "-cert ../ssl/test/axTLS.x509_512.pem "
1423 "-key ../ssl/test/axTLS.key_512.pem", &sess_resume
,
1424 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1427 /* all the session id's should match for session resumption */
1428 sess_resume
.start_server
= 0;
1429 if ((ret
= SSL_client_test("Client session resumption #1",
1430 &ssl_ctx
, NULL
, &sess_resume
,
1431 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1434 sess_resume
.do_reneg
= 1;
1435 if ((ret
= SSL_client_test("Client renegotiation",
1436 &ssl_ctx
, NULL
, &sess_resume
,
1437 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1439 sess_resume
.do_reneg
= 0;
1441 sess_resume
.stop_server
= 1;
1442 if ((ret
= SSL_client_test("Client session resumption #2",
1443 &ssl_ctx
, NULL
, &sess_resume
,
1444 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1447 if ((ret
= SSL_client_test("1024 bit key",
1449 "-cert ../ssl/test/axTLS.x509_1024.pem "
1450 "-key ../ssl/test/axTLS.key_1024.pem", NULL
,
1451 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1454 if ((ret
= SSL_client_test("2048 bit key",
1456 "-cert ../ssl/test/axTLS.x509_2048.pem "
1457 "-key ../ssl/test/axTLS.key_2048.pem", NULL
,
1458 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1461 if ((ret
= SSL_client_test("4096 bit key",
1463 "-cert ../ssl/test/axTLS.x509_4096.pem "
1464 "-key ../ssl/test/axTLS.key_4096.pem", NULL
,
1465 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1468 if ((ret
= SSL_client_test("Server cert chaining",
1470 "-cert ../ssl/test/axTLS.x509_device.pem "
1471 "-key ../ssl/test/axTLS.device_key.pem "
1472 "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL
,
1473 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)))
1476 /* Check the server can verify the client */
1477 if ((ret
= SSL_client_test("Client peer authentication",
1479 "-cert ../ssl/test/axTLS.x509_2048.pem "
1480 "-key ../ssl/test/axTLS.key_2048.pem "
1481 "-CAfile ../ssl/test/axTLS.ca_x509.pem "
1482 "-verify 1 ", NULL
, DEFAULT_CLNT_OPTION
,
1483 "../ssl/test/axTLS.key_1024", NULL
,
1484 "../ssl/test/axTLS.x509_1024.cer")))
1487 /* Should get an "ERROR" from openssl (as the handshake fails as soon as
1488 * the certificate verification fails) */
1489 if ((ret
= SSL_client_test("Error: Expired cert (verify now)",
1491 "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1492 "-key ../ssl/test/axTLS.key_512.pem", NULL
,
1493 DEFAULT_CLNT_OPTION
, NULL
, NULL
, NULL
)) !=
1494 SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED
))
1496 printf("*** Error: %d\n", ret
);
1500 printf("SSL client test \"Expired cert (verify now)\" passed\n");
1502 /* There is no "ERROR" from openssl */
1503 if ((ret
= SSL_client_test("Error: Expired cert (verify later)",
1505 "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1506 "-key ../ssl/test/axTLS.key_512.pem", NULL
,
1507 DEFAULT_CLNT_OPTION
|SSL_SERVER_VERIFY_LATER
, NULL
,
1508 NULL
, NULL
)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED
))
1510 printf("*** Error: %d\n", ret
);
1514 printf("SSL client test \"Expired cert (verify later)\" passed\n");
1520 ssl_display_error(ret
);
1521 printf("Error: A client test failed\n");
1526 printf("All client tests passed\n"); TTY_FLUSH();
1532 /**************************************************************************
1533 * SSL Basic Testing (test a big packet handshake)
1535 **************************************************************************/
1536 static uint8_t basic_buf
[256*1024];
1538 static void do_basic(void)
1542 SSL_CTX
*ssl_clnt_ctx
= ssl_ctx_new(
1543 DEFAULT_CLNT_OPTION
, SSL_DEFAULT_CLNT_SESS
);
1544 usleep(200000); /* allow server to start */
1546 if ((client_fd
= client_socket_init(g_port
)) < 0)
1549 if (ssl_obj_load(ssl_clnt_ctx
, SSL_OBJ_X509_CACERT
,
1550 "../ssl/test/axTLS.ca_x509.cer", NULL
))
1553 ssl_clnt
= ssl_client_new(ssl_clnt_ctx
, client_fd
, NULL
, 0);
1555 /* check the return status */
1556 if (ssl_handshake_status(ssl_clnt
) < 0)
1559 ssl_display_error(ssl_handshake_status(ssl_clnt
));
1563 ssl_write(ssl_clnt
, basic_buf
, sizeof(basic_buf
));
1567 ssl_ctx_free(ssl_clnt_ctx
);
1568 SOCKET_CLOSE(client_fd
);
1570 /* exit this thread */
1573 static int SSL_basic_test(void)
1575 int server_fd
, client_fd
, ret
= 0, size
= 0, offset
= 0;
1576 SSL_CTX
*ssl_svr_ctx
= NULL
;
1577 struct sockaddr_in client_addr
;
1579 socklen_t clnt_len
= sizeof(client_addr
);
1584 memset(basic_buf
, 0xA5, sizeof(basic_buf
)/2);
1585 memset(&basic_buf
[sizeof(basic_buf
)/2], 0x5A, sizeof(basic_buf
)/2);
1587 if ((server_fd
= server_socket_init(&g_port
)) < 0)
1590 ssl_svr_ctx
= ssl_ctx_new(DEFAULT_SVR_OPTION
, SSL_DEFAULT_SVR_SESS
);
1593 pthread_create(&thread
, NULL
,
1594 (void *(*)(void *))do_basic
, NULL
);
1595 pthread_detach(thread
);
1597 CreateThread(NULL
, 1024, (LPTHREAD_START_ROUTINE
)do_basic
, NULL
, 0, NULL
);
1600 /* Wait for a client to connect */
1601 if ((client_fd
= accept(server_fd
,
1602 (struct sockaddr
*) &client_addr
, &clnt_len
)) < 0)
1604 ret
= SSL_ERROR_SOCK_SETUP_FAILURE
;
1608 /* we are ready to go */
1609 ssl_svr
= ssl_server_new(ssl_svr_ctx
, client_fd
);
1613 while ((size
= ssl_read(ssl_svr
, &read_buf
)) == SSL_OK
);
1615 if (size
< SSL_OK
) /* got some alert or something nasty */
1618 ssl_display_error(size
);
1622 else /* looks more promising */
1624 if (memcmp(read_buf
, &basic_buf
[offset
], size
) != 0)
1632 } while (offset
< sizeof(basic_buf
));
1634 printf(ret
== SSL_OK
&& offset
== sizeof(basic_buf
) ?
1635 "SSL basic test passed\n" :
1636 "SSL basic test failed\n");
1640 SOCKET_CLOSE(server_fd
);
1641 SOCKET_CLOSE(client_fd
);
1644 ssl_ctx_free(ssl_svr_ctx
);
1648 #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
1649 /**************************************************************************
1650 * Multi-Threading Tests
1652 **************************************************************************/
1653 #define NUM_THREADS 100
1657 SSL_CTX
*ssl_clnt_ctx
;
1662 void do_multi_clnt(multi_t
*multi_data
)
1664 int res
= 1, client_fd
, i
;
1668 if ((client_fd
= client_socket_init(multi_data
->port
)) < 0)
1669 goto client_test_exit
;
1672 ssl
= ssl_client_new(multi_data
->ssl_clnt_ctx
, client_fd
, NULL
, 0);
1674 if ((res
= ssl_handshake_status(ssl
)))
1677 ssl_display_error(res
);
1678 goto client_test_exit
;
1681 sprintf(tmp
, "%d\n", multi_data
->thread_id
);
1682 for (i
= 0; i
< 10; i
++)
1683 ssl_write(ssl
, (uint8_t *)tmp
, strlen(tmp
)+1);
1687 SOCKET_CLOSE(client_fd
);
1691 void do_multi_svr(SSL
*ssl
)
1694 int *res_ptr
= malloc(sizeof(int));
1699 res
= ssl_read(ssl
, &read_buf
);
1701 /* kill the client */
1704 if (res
== SSL_ERROR_CONN_LOST
)
1706 SOCKET_CLOSE(ssl
->client_fd
);
1714 else /* some problem */
1717 ssl_display_error(res
);
1726 pthread_exit(res_ptr
);
1729 int multi_thread_test(void)
1732 SSL_CTX
*ssl_server_ctx
;
1733 SSL_CTX
*ssl_clnt_ctx
;
1734 pthread_t clnt_threads
[NUM_THREADS
];
1735 pthread_t svr_threads
[NUM_THREADS
];
1737 struct sockaddr_in client_addr
;
1738 socklen_t clnt_len
= sizeof(client_addr
);
1740 printf("Do multi-threading test (takes a minute)\n");
1742 ssl_server_ctx
= ssl_ctx_new(DEFAULT_SVR_OPTION
, SSL_DEFAULT_SVR_SESS
);
1743 ssl_clnt_ctx
= ssl_ctx_new(DEFAULT_CLNT_OPTION
, SSL_DEFAULT_CLNT_SESS
);
1745 if (ssl_obj_load(ssl_clnt_ctx
, SSL_OBJ_X509_CACERT
,
1746 "../ssl/test/axTLS.ca_x509.cer", NULL
))
1749 if ((server_fd
= server_socket_init(&g_port
)) < 0)
1752 for (i
= 0; i
< NUM_THREADS
; i
++)
1754 multi_t
*multi_data
= (multi_t
*)malloc(sizeof(multi_t
));
1755 multi_data
->ssl_clnt_ctx
= ssl_clnt_ctx
;
1756 multi_data
->port
= g_port
;
1757 multi_data
->thread_id
= i
+1;
1758 pthread_create(&clnt_threads
[i
], NULL
,
1759 (void *(*)(void *))do_multi_clnt
, (void *)multi_data
);
1760 pthread_detach(clnt_threads
[i
]);
1763 for (i
= 0; i
< NUM_THREADS
; i
++)
1766 int client_fd
= accept(server_fd
,
1767 (struct sockaddr
*)&client_addr
, &clnt_len
);
1772 ssl_svr
= ssl_server_new(ssl_server_ctx
, client_fd
);
1774 pthread_create(&svr_threads
[i
], NULL
,
1775 (void *(*)(void *))do_multi_svr
, (void *)ssl_svr
);
1778 /* make sure we've run all of the threads */
1779 for (i
= 0; i
< NUM_THREADS
; i
++)
1782 pthread_join(svr_threads
[i
], &thread_res
);
1784 if (*((int *)thread_res
) != 0)
1793 printf("Multi-thread test passed (%d)\n", NUM_THREADS
);
1795 ssl_ctx_free(ssl_server_ctx
);
1796 ssl_ctx_free(ssl_clnt_ctx
);
1797 SOCKET_CLOSE(server_fd
);
1800 #endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */
1802 /**************************************************************************
1805 **************************************************************************/
1806 static void do_header_issue(void)
1808 char axtls_buf
[2048];
1810 pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS
, NULL
);
1812 sprintf(axtls_buf
, "./axssl s_client -connect localhost:%d", g_port
);
1816 static int header_issue(void)
1818 FILE *f
= fopen("../ssl/test/header_issue.dat", "r");
1819 int server_fd
= -1, client_fd
= -1, ret
= 1;
1822 struct sockaddr_in client_addr
;
1823 socklen_t clnt_len
= sizeof(client_addr
);
1828 if (f
== NULL
|| (server_fd
= server_socket_init(&g_port
)) < 0)
1832 pthread_create(&thread
, NULL
,
1833 (void *(*)(void *))do_header_issue
, NULL
);
1834 pthread_detach(thread
);
1836 CreateThread(NULL
, 1024, (LPTHREAD_START_ROUTINE
)do_header_issue
,
1839 if ((client_fd
= accept(server_fd
,
1840 (struct sockaddr
*) &client_addr
, &clnt_len
)) < 0)
1842 ret
= SSL_ERROR_SOCK_SETUP_FAILURE
;
1846 size
= fread(buf
, 1, sizeof(buf
), f
);
1847 SOCKET_WRITE(client_fd
, buf
, size
);
1853 SOCKET_CLOSE(client_fd
);
1854 SOCKET_CLOSE(server_fd
);
1856 system("killall axssl");
1860 /**************************************************************************
1863 **************************************************************************/
1864 int main(int argc
, char *argv
[])
1872 WORD wVersionRequested
= MAKEWORD(2, 2);
1873 WSAStartup(wVersionRequested
, &wsaData
);
1874 fd
= _open("test_result.txt", O_WRONLY
|O_TEMPORARY
|O_CREAT
, _S_IWRITE
);
1875 dup2(fd
, 2); /* write stderr to this file */
1877 fd
= open("/dev/null", O_WRONLY
); /* write stderr to /dev/null */
1878 signal(SIGPIPE
, SIG_IGN
); /* ignore pipe errors */
1882 /* can't do testing in this mode */
1883 #if defined CONFIG_SSL_GENERATE_X509_CERT
1884 printf("Error: Must compile with default key/certificates\n");
1888 bi_ctx
= bi_initialize();
1890 if (AES_test(bi_ctx
))
1892 printf("AES tests failed\n");
1897 if (RC4_test(bi_ctx
))
1899 printf("RC4 tests failed\n");
1904 if (MD5_test(bi_ctx
))
1906 printf("MD5 tests failed\n");
1911 if (SHA1_test(bi_ctx
))
1913 printf("SHA1 tests failed\n");
1918 if (HMAC_test(bi_ctx
))
1920 printf("HMAC tests failed\n");
1925 if (BIGINT_test(bi_ctx
))
1927 printf("BigInt tests failed!\n");
1932 bi_terminate(bi_ctx
);
1936 printf("RSA tests failed\n");
1943 printf("CERT tests failed\n");
1948 #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
1949 if (multi_thread_test())
1953 if (SSL_basic_test())
1956 system("sh ../ssl/test/killopenssl.sh");
1958 if (SSL_client_tests())
1961 system("sh ../ssl/test/killopenssl.sh");
1963 if (SSL_server_tests())
1966 system("sh ../ssl/test/killopenssl.sh");
1970 printf("Header tests failed\n"); TTY_FLUSH();
1974 ret
= 0; /* all ok */
1975 printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
1979 printf("Error: Some tests failed!\n");