diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-17 09:24:29 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-18 11:21:25 +0200 |
commit | d821485782334c01a956ac9f5b1da97d4df4c573 (patch) | |
tree | 565b0b6021b87e0be542a263d460ed801c3a7693 | |
parent | b7829c954784e389e22f96a4f4715c0744cc7381 (diff) | |
download | gnutls-d821485782334c01a956ac9f5b1da97d4df4c573.tar.gz |
tests: eagain: moved to cmocka and enhanced for TLS1.3
That also makes macros from eagain-common.h functioning under cmocka.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/Makefile.am | 7 | ||||
-rw-r--r-- | tests/cmocka-common.h | 7 | ||||
-rw-r--r-- | tests/eagain-common.h | 81 | ||||
-rw-r--r-- | tests/eagain.c | 169 | ||||
-rw-r--r-- | tests/mini-eagain.c | 127 |
5 files changed, 222 insertions, 169 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 2536d3b8f1..60cebadaec 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -32,7 +32,7 @@ SUBDIRS += suite endif EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ - ocsp-common.h \ + ocsp-common.h cmocka-common.h \ certs/ca-cert-ecc.pem certs/cert-ecc256.pem certs/cert-ecc521.pem \ certs/cert-rsa-2432.pem certs/ecc384.pem certs/ecc.pem hex.h \ certs/ca-ecc.pem certs/cert-ecc384.pem certs/cert-ecc.pem certs/ecc256.pem \ @@ -130,7 +130,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei crq_key_id x509sign-verify sign-verify cve-2009-1415 cve-2009-1416 \ tls10-server-kx-neg tls11-server-kx-neg tls12-server-kx-neg ssl30-server-kx-neg \ tls12-cipher-neg tls11-cipher-neg tls10-cipher-neg ssl30-cipher-neg \ - crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain tls12-rehandshake-cert-3 \ + crq_apis init_roundtrip pkcs12_s2k_pem dn2 tls12-rehandshake-cert-3 \ nul-in-x509-names x509_altname pkcs12_encode mini-x509 \ tls12-rehandshake-cert rng-fork mini-eagain-dtls resume-dtls \ tls13-rehandshake-cert gnutls_ext_raw_parse \ @@ -201,7 +201,7 @@ endif if HAVE_CMOCKA CMOCKA_LDADD = $(COMMON_LDADD) $(CMOCKA_LIBS) ctests += dtls-sliding-window ip-utils name-constraints-ip conv-utf8 str-unicode str-idna \ - tls10-prf tls12-prf gnutls_record_overhead + tls10-prf tls12-prf gnutls_record_overhead eagain gnutls_record_overhead_LDADD = $(CMOCKA_LDADD) dtls_sliding_window_LDADD = $(CMOCKA_LDADD) @@ -212,6 +212,7 @@ str_unicode_LDADD = $(CMOCKA_LDADD) str_idna_LDADD = $(CMOCKA_LDADD) tls10_prf_LDADD = $(CMOCKA_LDADD) tls12_prf_LDADD = $(CMOCKA_LDADD) +eagain_LDADD = $(CMOCKA_LDADD) gnutls_record_overhead_CPPFLAGS = $(AM_CPPFLAGS) \ -I$(top_srcdir)/gl \ diff --git a/tests/cmocka-common.h b/tests/cmocka-common.h new file mode 100644 index 0000000000..2ac0dfbf9c --- /dev/null +++ b/tests/cmocka-common.h @@ -0,0 +1,7 @@ +#include <stddef.h> +#include <setjmp.h> +#include <cmocka.h> +#include <errno.h> + +#define USE_CMOCKA +#include "eagain-common.h" diff --git a/tests/eagain-common.h b/tests/eagain-common.h index 80a1fda2ff..19084050b7 100644 --- a/tests/eagain-common.h +++ b/tests/eagain-common.h @@ -1,22 +1,36 @@ #include <errno.h> +#include <time.h> +#include <stdio.h> #define min(x,y) ((x)<(y)?(x):(y)) extern const char *side; +#ifdef USE_CMOCKA +# define failure() fail() +# define client_transfer_failure(r) {fprintf(stderr, "client transfer failure: %s\n", gnutls_strerror(r)); fail();} +# define server_transfer_failure(r) {fprintf(stderr, "server transfer failure: %s\n", gnutls_strerror(r)); fail();} +# define switch_side(str) +#else +# define failure() fail("Handshake failed\n") +# define client_transfer_failure(r) fail("client transfer failure: %s\n", gnutls_strerror(r)) +# define server_transfer_failure(r) fail("client transfer failure: %s\n", gnutls_strerror(r)) +# define switch_side(str) side = str +#endif + #define HANDSHAKE_EXPECT(c, s, clierr, serverr) \ sret = cret = GNUTLS_E_AGAIN; \ do \ { \ if (cret == GNUTLS_E_AGAIN) \ { \ - side = "client"; \ + switch_side("client"); \ cret = gnutls_handshake (c); \ if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \ } \ if (sret == GNUTLS_E_AGAIN) \ { \ - side = "server"; \ + switch_side("server"); \ sret = gnutls_handshake (s); \ if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \ } \ @@ -26,8 +40,7 @@ extern const char *side; { \ fprintf(stderr, "client[%d]: %s\n", cret, gnutls_strerror(cret)); \ fprintf(stderr, "server[%d]: %s\n", sret, gnutls_strerror(sret)); \ - fail("Handshake failed\n"); \ - exit(1); \ + failure(); \ } #define HANDSHAKE(c, s) \ @@ -44,7 +57,7 @@ extern const char *side; } \ if (cret < 0 && gnutls_error_is_fatal(cret) == 0) \ { \ - side = "client"; \ + switch_side("client"); \ cret = gnutls_handshake (c); \ } \ if (sret == GNUTLS_E_LARGE_PACKET) \ @@ -54,7 +67,7 @@ extern const char *side; } \ if (sret < 0 && gnutls_error_is_fatal(sret) == 0) \ { \ - side = "server"; \ + switch_side("server"); \ sret = gnutls_handshake (s); \ } \ } \ @@ -63,8 +76,7 @@ extern const char *side; { \ fprintf(stderr, "client: %s\n", gnutls_strerror(cret)); \ fprintf(stderr, "server: %s\n", gnutls_strerror(sret)); \ - fail("%s:%d: Handshake failed\n", __func__, __LINE__); \ - exit(1); \ + failure(); \ } #define HANDSHAKE_DTLS(c, s) \ @@ -75,61 +87,51 @@ extern const char *side; #define TRANSFER2(c, s, msg, msglen, buf, buflen, retry_send_with_null) { \ int _ret; \ - side = "client"; \ + switch_side("client"); \ _ret = record_send_loop (c, msg, msglen, retry_send_with_null); \ \ - if (_ret < 0) fail ("client send error: %s\n", gnutls_strerror (_ret)); \ + if (_ret < 0) client_transfer_failure(_ret); \ \ do \ { \ do \ { \ - side = "server"; \ + switch_side("server"); \ _ret = gnutls_record_recv (s, buf, buflen); \ } \ while(_ret == GNUTLS_E_AGAIN); \ - if (_ret == 0) \ - fail ("server: didn't receive any data\n"); \ - else if (_ret < 0) \ + if (_ret <= 0) \ { \ - fail ("server: error: %s\n", gnutls_strerror (_ret)); \ + server_transfer_failure(_ret); \ } \ else \ { \ transferred += _ret; \ } \ - side = "server"; \ + switch_side("server"); \ _ret = record_send_loop (server, msg, msglen, retry_send_with_null); \ - if (_ret < 0) fail ("server send error: %s\n", gnutls_strerror (_ret)); \ + if (_ret < 0) server_transfer_failure(_ret); \ do \ { \ - side = "client"; \ + switch_side("client"); \ _ret = gnutls_record_recv (client, buf, buflen); \ } \ while(_ret == GNUTLS_E_AGAIN); \ - if (_ret == 0) \ + if (_ret <= 0) \ { \ - fail ("client: Peer has closed the TLS connection\n"); \ - } \ - else if (_ret < 0) \ - { \ - if (debug) \ - fputs ("!", stdout); \ - fail ("client: Error: %s\n", gnutls_strerror (_ret)); \ + client_transfer_failure(_ret); \ } \ else \ { \ if (msglen != _ret || memcmp (buf, msg, msglen) != 0) \ { \ - fail ("client: Transmitted data do not match\n"); \ + failure(); \ } \ /* echo back */ \ - side = "client"; \ + switch_side("client"); \ _ret = record_send_loop (client, buf, msglen, retry_send_with_null); \ - if (_ret < 0) fail ("client send error: %s\n", gnutls_strerror (_ret)); \ + if (_ret < 0) client_transfer_failure(_ret); \ transferred += _ret; \ - if (debug) \ - fputs (".", stdout); \ } \ } \ while (transferred < 70000); \ @@ -137,25 +139,25 @@ extern const char *side; #define EMPTY_BUF(s, c, buf, buflen) \ { \ - side = "client"; int _ret = 0; \ + switch_side("client"); int _ret = 0; \ while((_ret == GNUTLS_E_AGAIN && to_server_len > 0) || to_server_len > 0) \ { \ - side = "server"; \ + switch_side("server"); \ _ret = gnutls_record_recv (s, buf, buflen); \ } \ if (_ret < 0 && _ret !=GNUTLS_E_AGAIN) \ { \ - fail ("server: error: %s\n", gnutls_strerror (_ret)); \ + server_transfer_failure(_ret); \ } \ - side = "server"; _ret = 0; \ + switch_side("server"); _ret = 0; \ while((to_client_len > 0 && _ret == GNUTLS_E_AGAIN) || to_client_len > 0) \ { \ - side = "client"; \ + switch_side("client"); \ _ret = gnutls_record_recv (client, buf, buflen); \ } \ if (_ret < 0 && _ret !=GNUTLS_E_AGAIN) \ { \ - fail ("client: Error: %s\n", gnutls_strerror (_ret)); \ + client_transfer_failure(_ret); \ } \ } @@ -169,10 +171,11 @@ static size_t to_server_len = 0; static char to_client[64 * 1024]; static size_t to_client_len = 0; + #ifdef RANDOMIZE #define RETURN_RND_EAGAIN(session) \ - static unsigned char rnd = 0; \ - if (rnd++ % 2 == 0) \ + unsigned int rnd = time(0); \ + if (rnd++ % 3 == 0) \ { \ gnutls_transport_set_errno (session, EAGAIN); \ return -1; \ diff --git a/tests/eagain.c b/tests/eagain.c new file mode 100644 index 0000000000..968f99b839 --- /dev/null +++ b/tests/eagain.c @@ -0,0 +1,169 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> + +#define RANDOMIZE +#include "cert-common.h" +#include "cmocka-common.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +static void async_handshake(void **glob_state, const char *prio, unsigned rehsk) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret, cret; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + /* Need to enable anonymous KX specifically. */ + char buffer[MAX_BUF + 1]; + int ret, transferred = 0, msglen; + + /* General init. */ + reset_buffers(); + gnutls_global_init(); + gnutls_global_set_log_function(tls_log_func); + + /* Init server */ + assert_return_code(gnutls_certificate_allocate_credentials(&serverx509cred), 0); + assert_return_code(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM), 0); + ret = gnutls_init(&server, GNUTLS_SERVER); + assert_return_code(ret, 0); + + ret = + gnutls_priority_set_direct(server, + prio, + NULL); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + ret = + gnutls_priority_set_direct(client, + prio, + NULL); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (rehsk == 1) { + ssize_t n; + char b[1]; + + do { + sret = gnutls_rehandshake(server); + } while (sret == GNUTLS_E_AGAIN); + + do { + n = gnutls_record_recv(client, b, 1); + } while(n == GNUTLS_E_AGAIN); + + assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + + HANDSHAKE(client, server); + } else if (rehsk == 2) { + HANDSHAKE(client, server); + } + + msglen = strlen(MSG); + TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF); + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void tls12_async_handshake(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); +} + +static void tls12_async_rehandshake_client(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 1); +} + +static void tls12_async_rehandshake_server(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 2); +} + +static void tls13_async_handshake(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); +} + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(tls12_async_handshake), + cmocka_unit_test(tls12_async_rehandshake_client), + cmocka_unit_test(tls12_async_rehandshake_server), + cmocka_unit_test(tls13_async_handshake), + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c deleted file mode 100644 index d240ed6a01..0000000000 --- a/tests/mini-eagain.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (C) 2008-2012 Free Software Foundation, Inc. - * - * Author: Simon Josefsson, Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * GnuTLS is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <gnutls/gnutls.h> -#include <gnutls/crypto.h> - -#include "utils.h" -#define RANDOMIZE -#include "eagain-common.h" - -const char *side = ""; - -static void tls_log_func(int level, const char *str) -{ - fprintf(stderr, "%s|<%d>| %s", side, level, str); -} - -static int handshake = 0; - -#define MAX_BUF 1024 -#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." - -void doit(void) -{ - /* Server stuff. */ - gnutls_anon_server_credentials_t s_anoncred; - const gnutls_datum_t p3 = - { (unsigned char *) pkcs3, strlen(pkcs3) }; - static gnutls_dh_params_t dh_params; - gnutls_session_t server; - int sret, cret; - /* Client stuff. */ - gnutls_anon_client_credentials_t c_anoncred; - gnutls_session_t client; - /* Need to enable anonymous KX specifically. */ - char buffer[MAX_BUF + 1]; - int ret, transferred = 0, msglen; - - /* General init. */ - global_init(); - gnutls_global_set_log_function(tls_log_func); - if (debug) - gnutls_global_set_log_level(2); - - /* Init server */ - gnutls_anon_allocate_server_credentials(&s_anoncred); - gnutls_dh_params_init(&dh_params); - gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); - gnutls_anon_set_server_dh_params(s_anoncred, dh_params); - gnutls_init(&server, GNUTLS_SERVER); - ret = - gnutls_priority_set_direct(server, - "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); - if (ret < 0) - exit(1); - gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); - gnutls_transport_set_push_function(server, server_push); - gnutls_transport_set_pull_function(server, server_pull); - gnutls_transport_set_ptr(server, server); - - /* Init client */ - gnutls_anon_allocate_client_credentials(&c_anoncred); - gnutls_init(&client, GNUTLS_CLIENT); - ret = - gnutls_priority_set_direct(client, - "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", - NULL); - if (ret < 0) - exit(1); - gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); - gnutls_transport_set_push_function(client, client_push); - gnutls_transport_set_pull_function(client, client_pull); - gnutls_transport_set_ptr(client, client); - - handshake = 1; - HANDSHAKE(client, server); - - handshake = 0; - if (debug) - success("Handshake established\n"); - - msglen = strlen(MSG); - TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF); - if (debug) - fputs("\n", stdout); - - gnutls_bye(client, GNUTLS_SHUT_WR); - gnutls_bye(server, GNUTLS_SHUT_WR); - - gnutls_deinit(client); - gnutls_deinit(server); - - gnutls_anon_free_client_credentials(c_anoncred); - gnutls_anon_free_server_credentials(s_anoncred); - - gnutls_dh_params_deinit(dh_params); - - gnutls_global_deinit(); -} |