diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-08-04 12:21:48 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-08-04 12:21:48 +0000 |
commit | c4f1d5308f3c14f5a82dd1debf5dc0806f361399 (patch) | |
tree | 3624f6cfb64144b40dc482b47f9864ea2689e197 | |
parent | 22c87f2e262160428c26007ef8f5a84fe5900c45 (diff) | |
parent | 754098302c07b262d50b9aa70174edc74bc9e547 (diff) | |
download | gnutls-c4f1d5308f3c14f5a82dd1debf5dc0806f361399.tar.gz |
Merge branch 'wip/dueno/test-key-share-single' into 'master'
tests: tls13/key_share: rewrite as single process
See merge request gnutls/gnutls!1457
-rw-r--r-- | tests/tls13/key_share.c | 216 |
1 files changed, 57 insertions, 159 deletions
diff --git a/tests/tls13/key_share.c b/tests/tls13/key_share.c index 816a7d9b58..fa785a5d18 100644 --- a/tests/tls13/key_share.c +++ b/tests/tls13/key_share.c @@ -24,31 +24,15 @@ #endif #include <stdio.h> +#include <stdint.h> #include <stdlib.h> - -#if defined(_WIN32) - -int main() -{ - exit(77); -} - -#else - #include <string.h> -#include <sys/types.h> -#include <netinet/in.h> -#include <sys/socket.h> -#include <sys/wait.h> -#include <arpa/inet.h> -#include <unistd.h> #include <gnutls/gnutls.h> -#include <gnutls/dtls.h> -#include <signal.h> #include "cert-common.h" #include "utils.h" #include "tls13/ext-parse.h" +#include "eagain-common.h" /* This program tests the Key Share behavior in Client Hello, * and whether the flags to gnutls_init for key share are followed. @@ -59,65 +43,11 @@ const char *testname = ""; #define myfail(fmt, ...) \ fail("%s: "fmt, testname, ##__VA_ARGS__) -static void server_log_func(int level, const char *str) -{ - fprintf(stderr, "server|<%d>| %s", level, str); -} +const char *side = ""; -static void client_log_func(int level, const char *str) +static void tls_log_func(int level, const char *str) { - fprintf(stderr, "client|<%d>| %s", level, str); -} - - - -#define MAX_BUF 1024 - -static void client(int fd, unsigned flag, const char *prio) -{ - int ret; - gnutls_certificate_credentials_t x509_cred; - gnutls_session_t session; - - global_init(); - - if (debug) { - gnutls_global_set_log_function(client_log_func); - gnutls_global_set_log_level(7); - } - - gnutls_certificate_allocate_credentials(&x509_cred); - - /* Initialize TLS session - */ - gnutls_init(&session, GNUTLS_CLIENT|flag); - - gnutls_handshake_set_timeout(session, get_timeout()); - - ret = gnutls_priority_set_direct(session, prio, NULL); - if (ret < 0) - myfail("cannot set TLS 1.3 priorities\n"); - - /* put the anonymous credentials to the current session - */ - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - - gnutls_transport_set_int(session, fd); - - /* Perform the TLS handshake - */ - do { - ret = gnutls_handshake(session); - } - while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - - close(fd); - - gnutls_deinit(session); - - gnutls_certificate_free_credentials(x509_cred); - - gnutls_global_deinit(); + fprintf(stderr, "%s|<%d>| %s", side, level, str); } unsigned int tls_id_to_group[] = { @@ -191,115 +121,85 @@ static int client_hello_callback(gnutls_session_t session, unsigned int htype, return 0; } -static void server(int fd, gnutls_group_t exp_group, unsigned ngroups) +static void start(const char *name, const char *prio, unsigned flag, + gnutls_group_t group, unsigned ngroups) { - int ret; - char buffer[MAX_BUF + 1]; - gnutls_session_t session; - gnutls_certificate_credentials_t x509_cred; + int sret, cret; + gnutls_certificate_credentials_t scred, ccred; + gnutls_session_t server, client; ctx_st ctx; - /* this must be called once in the program - */ - global_init(); - memset(buffer, 0, sizeof(buffer)); + testname = name; + success("== test %s ==\n", testname); - if (debug) { - gnutls_global_set_log_function(server_log_func); - gnutls_global_set_log_level(4711); - } + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); - gnutls_certificate_allocate_credentials(&x509_cred); - gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, - &server_key, - GNUTLS_X509_FMT_PEM); + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); - gnutls_init(&session, GNUTLS_SERVER); + gnutls_init(&server, GNUTLS_SERVER); - gnutls_handshake_set_timeout(session, get_timeout()); - gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_BOTH, client_hello_callback); - ctx.group = exp_group; + ctx.group = group; ctx.ngroups = ngroups; - gnutls_session_set_ptr(session, &ctx); + gnutls_session_set_ptr(server, &ctx); /* avoid calling all the priority functions, since the defaults * are adequate. */ - gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); - - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_priority_set_direct(server, "NORMAL:+VERS-TLS1.3", NULL); - gnutls_transport_set_int(session, fd); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); - do { - ret = gnutls_handshake(session); - if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ - break; - } - } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - - if (ret < 0) - myfail("handshake error: %s\n", gnutls_strerror(ret)); + /* Init client */ + gnutls_certificate_allocate_credentials(&ccred); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); - if (gnutls_group_get(session) != exp_group) - myfail("group doesn't match the expected: %s\n", gnutls_group_get_name(gnutls_group_get(session))); + gnutls_init(&client, GNUTLS_CLIENT|flag); - close(fd); - gnutls_deinit(session); + cret = gnutls_priority_set_direct(client, prio, NULL); + if (cret < 0) + myfail("cannot set TLS 1.3 priorities\n"); - gnutls_certificate_free_credentials(x509_cred); + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); - gnutls_global_deinit(); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + HANDSHAKE(client, server); if (debug) - success("server: client/server hello were verified\n"); -} + success("Handshake established\n"); -static void ch_handler(int sig) -{ - int status = 0; - wait(&status); - check_wait_status(status); - return; -} + if (gnutls_group_get(server) != group) + myfail("group doesn't match the expected: %s\n", gnutls_group_get_name(gnutls_group_get(server))); -static void start(const char *name, const char *prio, unsigned flag, gnutls_group_t group, unsigned ngroups) -{ - int fd[2]; - int ret; - pid_t child; + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); - signal(SIGCHLD, ch_handler); - signal(SIGPIPE, SIG_IGN); + gnutls_deinit(client); + gnutls_deinit(server); - testname = name; - success("== test %s ==\n", testname); + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); - ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); - if (ret < 0) { - perror("socketpair"); - exit(1); - } - - child = fork(); - if (child < 0) { - perror("fork"); - fail("fork"); - exit(1); - } - - if (child) { - /* parent */ - close(fd[1]); - server(fd[0], group, ngroups); - kill(child, SIGTERM); - } else { - close(fd[0]); - client(fd[1], flag, prio); - exit(0); - } + gnutls_global_deinit(); + reset_buffers(); } void doit(void) @@ -331,5 +231,3 @@ void doit(void) start("default groups(2): x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", 0, GNUTLS_GROUP_X25519, 2); start("default groups(2): ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", 0, GNUTLS_GROUP_FFDHE2048, 2); } - -#endif /* _WIN32 */ |