search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
purple: rename Iface -> Interface in 3.x.x API
[siplcs.git] / src / core / sipe-tls-tester.c
blobe80d715423426b474770f4b1e619eac85864a583
1 /**
2 * @file sipe-tls-tester.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2011-2019 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * TLS handshake implementation (sipe-tls.c) tester
25 *
26 * Example test setup using OpenSSL:
27 *
28 * - Setting up the server certificate:
29 *
30 * $ openssl req -new -keyout server.pem -out server.req
31 * $ openssl x509 -req -in server.req -signkey server.pem -out server.cert
32 *
33 * - Running the test server in one shell with same parameters used by Lync:
34 *
35 * $ openssl s_server -accept 8443 -debug -msg \
36 * -cert server.cert -key server.pem \
37 * -tls1 -verify 0 [ -cipher <c1>[:<c2>...] ]
38 *
39 * ciphers: RC4-MD5, RC4-SHA, AES128-SHA, AES256-SHA
40 *
41 * - Running the test program in another shell:
42 *
43 * $ sipe_tls_tester
44 *
45 * You can add <host>[:<port>] to connect to a server on another machine
46 */
47
48 #include <stdlib.h>
49 #include <string.h>
50 #include <stdio.h>
51 #include <stdarg.h>
52 #include <stdint.h>
53 #include <time.h>
54 #include <unistd.h>
55 #include <errno.h>
56 #include <sys/types.h>
57 #include <sys/socket.h>
58 #include <netdb.h>
59 #include <poll.h>
60
61 #include <glib.h>
62
63 #include "sipe-common.h" /* coverity[hfa: FALSE] */
64 #include "sipe-backend.h"
65 #include "sipe-cert-crypto.h"
66 #include "sipe-crypt.h"
67 #include "sipe-tls.h"
68
69 /*
70 * Stubs
71 */
72 gboolean sipe_backend_debug_enabled(void)
73 {
74 return(TRUE);
75 }
76
77 void sipe_backend_debug_literal(sipe_debug_level level,
78 const gchar *msg)
79 {
80 printf("DEBUG(%d): %s\n", level, msg);
81 }
82
83 void sipe_backend_debug(sipe_debug_level level,
84 const gchar *format,
85 ...)
86 {
87 va_list ap;
88 gchar *newformat = g_strdup_printf("DEBUG(%d): %s\n", level, format);
89
90 va_start(ap, format);
91 vprintf(newformat, ap);
92 va_end(ap);
93
94 g_free(newformat);
95 }
96
97 /* needed when linking against NSS */
98 void md4sum(const uint8_t *data, uint32_t length, uint8_t *digest);
99 void md4sum(SIPE_UNUSED_PARAMETER const uint8_t *data,
100 SIPE_UNUSED_PARAMETER uint32_t length,
101 SIPE_UNUSED_PARAMETER uint8_t *digest)
102 {
103 }
104
105 /*
106 * Tester code
107 */
108 struct record {
109 gsize length;
110 guchar *msg;
111 };
112
113 static guchar *read_tls_record(int fd,
114 gsize *in_length)
115 {
116 GSList *fragments = NULL;
117 guchar *merged = NULL;
118 gsize length = 0;
119 static gchar buffer[10000];
120
121 while (1) {
122 struct pollfd fds[] = {
123 { fd, POLLIN, 0 }
124 };
125 int result;
126 struct record *record;
127
128 /* Read one chunk */
129 result = poll(fds, 1, 500 /* [milliseconds] */);
130 if (result < 0) {
131 printf("poll failed: %s\n", strerror(errno));
132 break;
133 }
134 if (result == 0) {
135 if (!fragments) {
136 printf("timeout.\n");
137 continue;
138 } else {
139 printf("reading done.\n");
140 break;
141 }
142 }
143
144 result = read(fd, buffer, sizeof(buffer));
145 if (result < 0) {
146 printf("read failed: %s\n", strerror(errno));
147 break;
148 }
149 if (result == 0) {
150 printf("server closed connection: %s\n",
151 strerror(errno));
152 break;
153 }
154
155 printf("received %d bytes from server\n", result);
156 record = g_new0(struct record, 1);
157 record->length = result;
158 record->msg = g_memdup(buffer, result);
159 length += result;
160 fragments = g_slist_append(fragments, record);
161 }
162
163 if (fragments) {
164 GSList *elem = fragments;
165 guchar *p;
166
167 printf("received a total of %" G_GSIZE_FORMAT " bytes.\n",
168 length);
169
170 p = merged = g_malloc(length);
171 if (merged) {
172 while (elem) {
173 struct record *record = elem->data;
174
175 memcpy(p, record->msg, record->length);
176 p += record->length;
177 g_free(record->msg);
178 g_free(record);
179
180 elem = elem->next;
181 }
182 } else {
183 printf("can't allocate %" G_GSIZE_FORMAT " bytes.\n",
184 length);
185 }
186
187 g_slist_free(fragments);
188 }
189
190 *in_length = length;
191 return(merged);
192 }
193
194 static void tls_handshake(struct sipe_tls_state *state,
195 int fd)
196 {
197 gboolean success = FALSE;
198
199 printf("TLS handshake starting...\n");
200
201 /* generate next handshake message */
202 while (sipe_tls_next(state)) {
203 int sent;
204
205 /* handshake completed? */
206 if (!state->out_buffer) {
207 success = TRUE;
208 break;
209 }
210
211 /* send buffer to server */
212 sent = write(fd, state->out_buffer, state->out_length);
213 if (sent < 0) {
214 printf("write to server failed: %s\n",
215 strerror(errno));
216 break;
217 } else if ((unsigned int) sent < state->out_length) {
218 printf("could only write %d bytes, out of %" G_GSIZE_FORMAT "\n",
219 sent, state->out_length);
220 break;
221 }
222
223 /* message sent, drop buffer */
224 g_free(state->out_buffer);
225 state->out_buffer = NULL;
226
227 state->in_buffer = read_tls_record(fd, &state->in_length);
228 if (!state->in_buffer) {
229 printf("end of data.\n");
230 break;
231 }
232 }
233
234 printf("TLS handshake %s.\n", success ? "SUCCESSFUL" : "FAILED");
235 }
236
237
238 static int tls_connect(const gchar *param)
239 {
240 gchar **parts = g_strsplit(param, ":", 2);
241 int fd = -1;
242
243 if (parts[0]) {
244 const gchar *host = parts[0];
245 const gchar *port = parts[1] ? parts[1] : "443";
246 struct addrinfo hints;
247 struct addrinfo *result;
248 int status;
249
250 printf("TLS connect to host '%s', port %s...\n",
251 host, port);
252
253 memset(&hints, 0, sizeof(struct addrinfo));
254 hints.ai_family = AF_UNSPEC;
255 hints.ai_socktype = SOCK_STREAM;
256 hints.ai_flags = 0;
257 hints.ai_protocol = 0;
258 status = getaddrinfo(host, port, &hints, &result);
259
260 if (status == 0) {
261 struct addrinfo *rp;
262
263 for (rp = result; rp != NULL; rp = rp->ai_next) {
264 int sock = socket(rp->ai_family,
265 rp->ai_socktype,
266 rp->ai_protocol);
267
268 if (sock < 0) continue;
269
270 if (connect(sock,
271 rp->ai_addr,
272 rp->ai_addrlen) >= 0) {
273 /* connected */
274 printf("connected to host '%s', port %s.\n",
275 host, port);
276 fd = sock;
277 break;
278 }
279 fprintf(stderr, "failed to connect: %s\n",
280 strerror(errno));
281
282 close(sock);
283 }
284 freeaddrinfo(result);
285
286 if (rp == NULL) {
287 fprintf(stderr, "couldn't connect to host '%s'!\n",
288 host);
289 }
290 } else {
291 fprintf(stderr, "couldn't find host '%s': %s\n",
292 host, gai_strerror(status));
293 }
294 } else {
295 fprintf(stderr, "corrupted host[:port] '%s'!\n", param);
296 }
297 g_strfreev(parts);
298
299 return(fd);
300 }
301
302 int main(int argc, char *argv[])
303 {
304 struct sipe_cert_crypto *scc;
305
306 sipe_crypto_init(FALSE);
307 srand(time(NULL));
308
309 scc = sipe_cert_crypto_init();
310 if (scc) {
311 gpointer certificate;
312 struct sipe_tls_state *state;
313
314 printf("SIPE cert crypto backend initialized.\n");
315
316 certificate = sipe_cert_crypto_test_certificate(scc);
317 state = sipe_tls_start(certificate);
318 if (state) {
319 int fd;
320
321 printf("SIPE TLS initialized.\n");
322
323 fd = tls_connect((argc > 1) ? argv[1] : "localhost:8443");
324 if (fd >= 0) {
325 tls_handshake(state, fd);
326 close(fd);
327 }
328
329 sipe_tls_free(state);
330 }
331
332 sipe_cert_crypto_destroy(certificate);
333 sipe_cert_crypto_free(scc);
334 }
335 sipe_crypto_shutdown();
336
337 return(0);
338 }
339
340 /*
341 Local Variables:
342 mode: c
343 c-file-style: "bsd"
344 indent-tabs-mode: t
345 tab-width: 8
346 End:
347 */
A third-party Pidgin plugin for Microsoft LCS/OCS